exec.c revision 2afeb4c534203d6ab9ce2b003315ff8c25083a31
1/* 2 * virtual page mapping and translated block handling 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19#include "config.h" 20#ifdef _WIN32 21#define WIN32_LEAN_AND_MEAN 22#include <windows.h> 23#else 24#include <sys/types.h> 25#include <sys/mman.h> 26#endif 27#include <stdlib.h> 28#include <stdio.h> 29#include <stdarg.h> 30#include <string.h> 31#include <errno.h> 32#include <unistd.h> 33#include <inttypes.h> 34 35#include "cpu.h" 36#include "exec/exec-all.h" 37#include "qemu-common.h" 38#include "tcg.h" 39#include "hw/hw.h" 40#include "hw/qdev.h" 41#include "hw/xen/xen.h" 42#include "qemu/osdep.h" 43#include "sysemu/kvm.h" 44#include "exec/cputlb.h" 45#include "exec/hax.h" 46#include "qemu/timer.h" 47#if defined(CONFIG_USER_ONLY) 48#include <qemu.h> 49#endif 50#ifdef CONFIG_ANDROID_MEMCHECK 51#include "android/qemu/memcheck/memcheck_api.h" 52#endif // CONFIG_ANDROID_MEMCHECK 53 54//#define DEBUG_SUBPAGE 55 56#if !defined(CONFIG_USER_ONLY) 57int phys_ram_fd; 58static int in_migration; 59 60RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) }; 61#endif 62 63CPUArchState *first_cpu; 64/* current CPU in the current thread. It is only valid inside 65 cpu_exec() */ 66CPUArchState *cpu_single_env; 67/* 0 = Do not count executed instructions. 68 1 = Precise instruction counting. 69 2 = Adaptive rate instruction counting. */ 70int use_icount = 0; 71/* Current instruction counter. While executing translated code this may 72 include some instructions that have not yet been executed. */ 73int64_t qemu_icount; 74 75#if !defined(CONFIG_USER_ONLY) 76static void io_mem_init(void); 77 78/* io memory support */ 79CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4]; 80CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4]; 81void *io_mem_opaque[IO_MEM_NB_ENTRIES]; 82static char io_mem_used[IO_MEM_NB_ENTRIES]; 83int io_mem_watch; 84#endif 85 86/* log support */ 87#ifdef WIN32 88static const char *logfilename = "qemu.log"; 89#else 90static const char *logfilename = "/tmp/qemu.log"; 91#endif 92FILE *logfile; 93int loglevel; 94static int log_append = 0; 95 96#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK) 97typedef struct subpage_t { 98 hwaddr base; 99 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4]; 100 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4]; 101 void *opaque[TARGET_PAGE_SIZE][2][4]; 102 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4]; 103} subpage_t; 104 105/* Must be called before using the QEMU cpus. 'tb_size' is the size 106 (in bytes) allocated to the translation buffer. Zero means default 107 size. */ 108void cpu_exec_init_all(unsigned long tb_size) 109{ 110 //cpu_gen_init(); 111 //code_gen_alloc(tb_size); 112 //code_gen_ptr = code_gen_buffer; 113 //page_init(); 114 tcg_exec_init(tb_size); 115#if !defined(CONFIG_USER_ONLY) 116 qemu_mutex_init(&ram_list.mutex); 117 io_mem_init(); 118#endif 119} 120 121#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY) 122 123#define CPU_COMMON_SAVE_VERSION 1 124 125static void cpu_common_save(QEMUFile *f, void *opaque) 126{ 127 CPUOldState *env = opaque; 128 129 cpu_synchronize_state(env, 0); 130 131 qemu_put_be32s(f, &env->halted); 132 qemu_put_be32s(f, &env->interrupt_request); 133} 134 135static int cpu_common_load(QEMUFile *f, void *opaque, int version_id) 136{ 137 CPUOldState *env = opaque; 138 139 if (version_id != CPU_COMMON_SAVE_VERSION) 140 return -EINVAL; 141 142 qemu_get_be32s(f, &env->halted); 143 qemu_get_be32s(f, &env->interrupt_request); 144 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the 145 version_id is increased. */ 146 env->interrupt_request &= ~0x01; 147 tlb_flush(env, 1); 148 cpu_synchronize_state(env, 1); 149 150 return 0; 151} 152#endif 153 154CPUArchState *qemu_get_cpu(int cpu) 155{ 156 CPUArchState *env = first_cpu; 157 158 while (env) { 159 if (env->cpu_index == cpu) 160 break; 161 env = env->next_cpu; 162 } 163 164 return env; 165} 166 167void cpu_exec_init(CPUArchState *env) 168{ 169 CPUArchState **penv; 170 int cpu_index; 171 172#if defined(CONFIG_USER_ONLY) 173 cpu_list_lock(); 174#endif 175 env->next_cpu = NULL; 176 penv = &first_cpu; 177 cpu_index = 0; 178 while (*penv != NULL) { 179 penv = &(*penv)->next_cpu; 180 cpu_index++; 181 } 182 env->cpu_index = cpu_index; 183 env->numa_node = 0; 184 QTAILQ_INIT(&env->breakpoints); 185 QTAILQ_INIT(&env->watchpoints); 186 *penv = env; 187#if defined(CONFIG_USER_ONLY) 188 cpu_list_unlock(); 189#endif 190#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY) 191 register_savevm(NULL, 192 "cpu_common", 193 cpu_index, 194 CPU_COMMON_SAVE_VERSION, 195 cpu_common_save, 196 cpu_common_load, 197 env); 198 register_savevm(NULL, 199 "cpu", 200 cpu_index, 201 CPU_SAVE_VERSION, 202 cpu_save, 203 cpu_load, 204 env); 205#endif 206} 207 208#if defined(TARGET_HAS_ICE) 209static void breakpoint_invalidate(CPUArchState *env, target_ulong pc) 210{ 211 hwaddr addr; 212 target_ulong pd; 213 ram_addr_t ram_addr; 214 PhysPageDesc *p; 215 216 addr = cpu_get_phys_page_debug(env, pc); 217 p = phys_page_find(addr >> TARGET_PAGE_BITS); 218 if (!p) { 219 pd = IO_MEM_UNASSIGNED; 220 } else { 221 pd = p->phys_offset; 222 } 223 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK); 224 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0); 225} 226#endif 227 228#if defined(CONFIG_USER_ONLY) 229void cpu_watchpoint_remove_all(CPUArchState *env, int mask) 230 231{ 232} 233 234int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len, 235 int flags, CPUWatchpoint **watchpoint) 236{ 237 return -ENOSYS; 238} 239#else 240/* Add a watchpoint. */ 241int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len, 242 int flags, CPUWatchpoint **watchpoint) 243{ 244 target_ulong len_mask = ~(len - 1); 245 CPUWatchpoint *wp; 246 247 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */ 248 if ((len & (len - 1)) || (addr & ~len_mask) || 249 len == 0 || len > TARGET_PAGE_SIZE) { 250 fprintf(stderr, "qemu: tried to set invalid watchpoint at " 251 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len); 252 return -EINVAL; 253 } 254 wp = g_malloc(sizeof(*wp)); 255 256 wp->vaddr = addr; 257 wp->len_mask = len_mask; 258 wp->flags = flags; 259 260 /* keep all GDB-injected watchpoints in front */ 261 if (flags & BP_GDB) 262 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry); 263 else 264 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry); 265 266 tlb_flush_page(env, addr); 267 268 if (watchpoint) 269 *watchpoint = wp; 270 return 0; 271} 272 273/* Remove a specific watchpoint. */ 274int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len, 275 int flags) 276{ 277 target_ulong len_mask = ~(len - 1); 278 CPUWatchpoint *wp; 279 280 QTAILQ_FOREACH(wp, &env->watchpoints, entry) { 281 if (addr == wp->vaddr && len_mask == wp->len_mask 282 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) { 283 cpu_watchpoint_remove_by_ref(env, wp); 284 return 0; 285 } 286 } 287 return -ENOENT; 288} 289 290/* Remove a specific watchpoint by reference. */ 291void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint) 292{ 293 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry); 294 295 tlb_flush_page(env, watchpoint->vaddr); 296 297 g_free(watchpoint); 298} 299 300/* Remove all matching watchpoints. */ 301void cpu_watchpoint_remove_all(CPUArchState *env, int mask) 302{ 303 CPUWatchpoint *wp, *next; 304 305 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) { 306 if (wp->flags & mask) 307 cpu_watchpoint_remove_by_ref(env, wp); 308 } 309} 310#endif 311 312/* Add a breakpoint. */ 313int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags, 314 CPUBreakpoint **breakpoint) 315{ 316#if defined(TARGET_HAS_ICE) 317 CPUBreakpoint *bp; 318 319 bp = g_malloc(sizeof(*bp)); 320 321 bp->pc = pc; 322 bp->flags = flags; 323 324 /* keep all GDB-injected breakpoints in front */ 325 if (flags & BP_GDB) { 326 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry); 327 } else { 328 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry); 329 } 330 331 breakpoint_invalidate(env, pc); 332 333 if (breakpoint) { 334 *breakpoint = bp; 335 } 336 return 0; 337#else 338 return -ENOSYS; 339#endif 340} 341 342/* Remove a specific breakpoint. */ 343int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags) 344{ 345#if defined(TARGET_HAS_ICE) 346 CPUBreakpoint *bp; 347 348 QTAILQ_FOREACH(bp, &env->breakpoints, entry) { 349 if (bp->pc == pc && bp->flags == flags) { 350 cpu_breakpoint_remove_by_ref(env, bp); 351 return 0; 352 } 353 } 354 return -ENOENT; 355#else 356 return -ENOSYS; 357#endif 358} 359 360/* Remove a specific breakpoint by reference. */ 361void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint) 362{ 363#if defined(TARGET_HAS_ICE) 364 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry); 365 366 breakpoint_invalidate(env, breakpoint->pc); 367 368 g_free(breakpoint); 369#endif 370} 371 372/* Remove all matching breakpoints. */ 373void cpu_breakpoint_remove_all(CPUArchState *env, int mask) 374{ 375#if defined(TARGET_HAS_ICE) 376 CPUBreakpoint *bp, *next; 377 378 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) { 379 if (bp->flags & mask) 380 cpu_breakpoint_remove_by_ref(env, bp); 381 } 382#endif 383} 384 385/* enable or disable single step mode. EXCP_DEBUG is returned by the 386 CPU loop after each instruction */ 387void cpu_single_step(CPUOldState *env, int enabled) 388{ 389#if defined(TARGET_HAS_ICE) 390 if (env->singlestep_enabled != enabled) { 391 env->singlestep_enabled = enabled; 392 if (kvm_enabled()) { 393 kvm_update_guest_debug(env, 0); 394 } else { 395 /* must flush all the translated code to avoid inconsistencies */ 396 /* XXX: only flush what is necessary */ 397 tb_flush(env); 398 } 399 } 400#endif 401} 402 403/* enable or disable low levels log */ 404void cpu_set_log(int log_flags) 405{ 406 loglevel = log_flags; 407 if (loglevel && !logfile) { 408 logfile = fopen(logfilename, log_append ? "a" : "w"); 409 if (!logfile) { 410 perror(logfilename); 411 exit(1); 412 } 413#if !defined(CONFIG_SOFTMMU) 414 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */ 415 { 416 static char logfile_buf[4096]; 417 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf)); 418 } 419#elif !defined(_WIN32) 420 /* Win32 doesn't support line-buffering and requires size >= 2 */ 421 setvbuf(logfile, NULL, _IOLBF, 0); 422#endif 423 log_append = 1; 424 } 425 if (!loglevel && logfile) { 426 fclose(logfile); 427 logfile = NULL; 428 } 429} 430 431void cpu_set_log_filename(const char *filename) 432{ 433 logfilename = strdup(filename); 434 if (logfile) { 435 fclose(logfile); 436 logfile = NULL; 437 } 438 cpu_set_log(loglevel); 439} 440 441void cpu_unlink_tb(CPUOldState *env) 442{ 443 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the 444 problem and hope the cpu will stop of its own accord. For userspace 445 emulation this often isn't actually as bad as it sounds. Often 446 signals are used primarily to interrupt blocking syscalls. */ 447 TranslationBlock *tb; 448 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED; 449 450 spin_lock(&interrupt_lock); 451 tb = env->current_tb; 452 /* if the cpu is currently executing code, we must unlink it and 453 all the potentially executing TB */ 454 if (tb) { 455 env->current_tb = NULL; 456 tb_reset_jump_recursive(tb); 457 } 458 spin_unlock(&interrupt_lock); 459} 460 461void cpu_reset_interrupt(CPUOldState *env, int mask) 462{ 463 env->interrupt_request &= ~mask; 464} 465 466void cpu_exit(CPUOldState *env) 467{ 468 env->exit_request = 1; 469 cpu_unlink_tb(env); 470} 471 472void cpu_abort(CPUArchState *env, const char *fmt, ...) 473{ 474 va_list ap; 475 va_list ap2; 476 477 va_start(ap, fmt); 478 va_copy(ap2, ap); 479 fprintf(stderr, "qemu: fatal: "); 480 vfprintf(stderr, fmt, ap); 481 fprintf(stderr, "\n"); 482#ifdef TARGET_I386 483 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP); 484#else 485 cpu_dump_state(env, stderr, fprintf, 0); 486#endif 487 if (qemu_log_enabled()) { 488 qemu_log("qemu: fatal: "); 489 qemu_log_vprintf(fmt, ap2); 490 qemu_log("\n"); 491#ifdef TARGET_I386 492 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP); 493#else 494 log_cpu_state(env, 0); 495#endif 496 qemu_log_flush(); 497 qemu_log_close(); 498 } 499 va_end(ap2); 500 va_end(ap); 501#if defined(CONFIG_USER_ONLY) 502 { 503 struct sigaction act; 504 sigfillset(&act.sa_mask); 505 act.sa_handler = SIG_DFL; 506 sigaction(SIGABRT, &act, NULL); 507 } 508#endif 509 abort(); 510} 511 512#if !defined(CONFIG_USER_ONLY) 513static RAMBlock *qemu_get_ram_block(ram_addr_t addr) 514{ 515 RAMBlock *block; 516 517 /* The list is protected by the iothread lock here. */ 518 block = ram_list.mru_block; 519 if (block && addr - block->offset < block->length) { 520 goto found; 521 } 522 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 523 if (addr - block->offset < block->length) { 524 goto found; 525 } 526 } 527 528 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr); 529 abort(); 530 531found: 532 ram_list.mru_block = block; 533 return block; 534} 535 536/* Note: start and end must be within the same ram block. */ 537void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end, 538 int dirty_flags) 539{ 540 CPUOldState *env; 541 unsigned long length, start1; 542 int i; 543 544 start &= TARGET_PAGE_MASK; 545 end = TARGET_PAGE_ALIGN(end); 546 547 length = end - start; 548 if (length == 0) 549 return; 550 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags); 551 552 /* we modify the TLB cache so that the dirty bit will be set again 553 when accessing the range */ 554 start1 = (unsigned long)qemu_safe_ram_ptr(start); 555 /* Chek that we don't span multiple blocks - this breaks the 556 address comparisons below. */ 557 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1 558 != (end - 1) - start) { 559 abort(); 560 } 561 562 for(env = first_cpu; env != NULL; env = env->next_cpu) { 563 int mmu_idx; 564 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { 565 for(i = 0; i < CPU_TLB_SIZE; i++) 566 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i], 567 start1, length); 568 } 569 } 570} 571 572int cpu_physical_memory_set_dirty_tracking(int enable) 573{ 574 in_migration = enable; 575 if (kvm_enabled()) { 576 return kvm_set_migration_log(enable); 577 } 578 return 0; 579} 580 581int cpu_physical_memory_get_dirty_tracking(void) 582{ 583 return in_migration; 584} 585 586int cpu_physical_sync_dirty_bitmap(hwaddr start_addr, 587 hwaddr end_addr) 588{ 589 int ret = 0; 590 591 if (kvm_enabled()) 592 ret = kvm_physical_sync_dirty_bitmap(start_addr, end_addr); 593 return ret; 594} 595 596static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry) 597{ 598 ram_addr_t ram_addr; 599 void *p; 600 601 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) { 602 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK) 603 + tlb_entry->addend); 604 ram_addr = qemu_ram_addr_from_host_nofail(p); 605 if (!cpu_physical_memory_is_dirty(ram_addr)) { 606 tlb_entry->addr_write |= TLB_NOTDIRTY; 607 } 608 } 609} 610 611/* update the TLB according to the current state of the dirty bits */ 612void cpu_tlb_update_dirty(CPUArchState *env) 613{ 614 int i; 615 int mmu_idx; 616 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { 617 for(i = 0; i < CPU_TLB_SIZE; i++) 618 tlb_update_dirty(&env->tlb_table[mmu_idx][i]); 619 } 620} 621 622 623#else 624 625void tlb_flush(CPUArchState *env, int flush_global) 626{ 627} 628 629void tlb_flush_page(CPUArchState *env, target_ulong addr) 630{ 631} 632 633int tlb_set_page_exec(CPUArchState *env, target_ulong vaddr, 634 hwaddr paddr, int prot, 635 int mmu_idx, int is_softmmu) 636{ 637 return 0; 638} 639 640static inline void tlb_set_dirty(CPUOldState *env, 641 unsigned long addr, target_ulong vaddr) 642{ 643} 644#endif /* defined(CONFIG_USER_ONLY) */ 645 646#if !defined(CONFIG_USER_ONLY) 647 648static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end, 649 ram_addr_t memory, ram_addr_t region_offset); 650static void *subpage_init (hwaddr base, ram_addr_t *phys, 651 ram_addr_t orig_memory, ram_addr_t region_offset); 652 653static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc; 654 655/* 656 * Set a custom physical guest memory alloator. 657 * Accelerators with unusual needs may need this. Hopefully, we can 658 * get rid of it eventually. 659 */ 660void phys_mem_set_alloc(void *(*alloc)(size_t)) 661{ 662 phys_mem_alloc = alloc; 663} 664 665#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \ 666 need_subpage) \ 667 do { \ 668 if (addr > start_addr) \ 669 start_addr2 = 0; \ 670 else { \ 671 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \ 672 if (start_addr2 > 0) \ 673 need_subpage = 1; \ 674 } \ 675 \ 676 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \ 677 end_addr2 = TARGET_PAGE_SIZE - 1; \ 678 else { \ 679 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \ 680 if (end_addr2 < TARGET_PAGE_SIZE - 1) \ 681 need_subpage = 1; \ 682 } \ 683 } while (0) 684 685/* register physical memory. 686 For RAM, 'size' must be a multiple of the target page size. 687 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an 688 io memory page. The address used when calling the IO function is 689 the offset from the start of the region, plus region_offset. Both 690 start_addr and region_offset are rounded down to a page boundary 691 before calculating this offset. This should not be a problem unless 692 the low bits of start_addr and region_offset differ. */ 693void cpu_register_physical_memory_log(hwaddr start_addr, 694 ram_addr_t size, 695 ram_addr_t phys_offset, 696 ram_addr_t region_offset, 697 bool log_dirty) 698{ 699 hwaddr addr, end_addr; 700 PhysPageDesc *p; 701 CPUOldState *env; 702 ram_addr_t orig_size = size; 703 subpage_t *subpage; 704 705 if (kvm_enabled()) 706 kvm_set_phys_mem(start_addr, size, phys_offset); 707#ifdef CONFIG_HAX 708 if (hax_enabled()) 709 hax_set_phys_mem(start_addr, size, phys_offset); 710#endif 711 712 if (phys_offset == IO_MEM_UNASSIGNED) { 713 region_offset = start_addr; 714 } 715 region_offset &= TARGET_PAGE_MASK; 716 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK; 717 end_addr = start_addr + (hwaddr)size; 718 719 addr = start_addr; 720 do { 721 p = phys_page_find(addr >> TARGET_PAGE_BITS); 722 if (p && p->phys_offset != IO_MEM_UNASSIGNED) { 723 ram_addr_t orig_memory = p->phys_offset; 724 hwaddr start_addr2, end_addr2; 725 int need_subpage = 0; 726 727 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, 728 need_subpage); 729 if (need_subpage) { 730 if (!(orig_memory & IO_MEM_SUBPAGE)) { 731 subpage = subpage_init((addr & TARGET_PAGE_MASK), 732 &p->phys_offset, orig_memory, 733 p->region_offset); 734 } else { 735 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK) 736 >> IO_MEM_SHIFT]; 737 } 738 subpage_register(subpage, start_addr2, end_addr2, phys_offset, 739 region_offset); 740 p->region_offset = 0; 741 } else { 742 p->phys_offset = phys_offset; 743 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM || 744 (phys_offset & IO_MEM_ROMD)) 745 phys_offset += TARGET_PAGE_SIZE; 746 } 747 } else { 748 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1); 749 p->phys_offset = phys_offset; 750 p->region_offset = region_offset; 751 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM || 752 (phys_offset & IO_MEM_ROMD)) { 753 phys_offset += TARGET_PAGE_SIZE; 754 } else { 755 hwaddr start_addr2, end_addr2; 756 int need_subpage = 0; 757 758 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, 759 end_addr2, need_subpage); 760 761 if (need_subpage) { 762 subpage = subpage_init((addr & TARGET_PAGE_MASK), 763 &p->phys_offset, IO_MEM_UNASSIGNED, 764 addr & TARGET_PAGE_MASK); 765 subpage_register(subpage, start_addr2, end_addr2, 766 phys_offset, region_offset); 767 p->region_offset = 0; 768 } 769 } 770 } 771 region_offset += TARGET_PAGE_SIZE; 772 addr += TARGET_PAGE_SIZE; 773 } while (addr != end_addr); 774 775 /* since each CPU stores ram addresses in its TLB cache, we must 776 reset the modified entries */ 777 /* XXX: slow ! */ 778 for(env = first_cpu; env != NULL; env = env->next_cpu) { 779 tlb_flush(env, 1); 780 } 781} 782 783/* XXX: temporary until new memory mapping API */ 784ram_addr_t cpu_get_physical_page_desc(hwaddr addr) 785{ 786 PhysPageDesc *p; 787 788 p = phys_page_find(addr >> TARGET_PAGE_BITS); 789 if (!p) 790 return IO_MEM_UNASSIGNED; 791 return p->phys_offset; 792} 793 794void qemu_register_coalesced_mmio(hwaddr addr, ram_addr_t size) 795{ 796 if (kvm_enabled()) 797 kvm_coalesce_mmio_region(addr, size); 798} 799 800void qemu_unregister_coalesced_mmio(hwaddr addr, ram_addr_t size) 801{ 802 if (kvm_enabled()) 803 kvm_uncoalesce_mmio_region(addr, size); 804} 805 806void qemu_mutex_lock_ramlist(void) 807{ 808 qemu_mutex_lock(&ram_list.mutex); 809} 810 811void qemu_mutex_unlock_ramlist(void) 812{ 813 qemu_mutex_unlock(&ram_list.mutex); 814} 815 816#if defined(__linux__) && !defined(CONFIG_ANDROID) 817 818#include <sys/vfs.h> 819 820#define HUGETLBFS_MAGIC 0x958458f6 821 822static long gethugepagesize(const char *path) 823{ 824 struct statfs fs; 825 int ret; 826 827 do { 828 ret = statfs(path, &fs); 829 } while (ret != 0 && errno == EINTR); 830 831 if (ret != 0) { 832 perror(path); 833 return 0; 834 } 835 836 if (fs.f_type != HUGETLBFS_MAGIC) 837 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path); 838 839 return fs.f_bsize; 840} 841 842static sigjmp_buf sigjump; 843 844static void sigbus_handler(int signal) 845{ 846 siglongjmp(sigjump, 1); 847} 848 849static void *file_ram_alloc(RAMBlock *block, 850 ram_addr_t memory, 851 const char *path) 852{ 853 char *filename; 854 char *sanitized_name; 855 char *c; 856 void *area; 857 int fd; 858 unsigned long hpagesize; 859 860 hpagesize = gethugepagesize(path); 861 if (!hpagesize) { 862 return NULL; 863 } 864 865 if (memory < hpagesize) { 866 return NULL; 867 } 868 869 if (kvm_enabled() && !kvm_has_sync_mmu()) { 870 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n"); 871 return NULL; 872 } 873 874 /* Make name safe to use with mkstemp by replacing '/' with '_'. */ 875 sanitized_name = g_strdup(block->mr->name); 876 for (c = sanitized_name; *c != '\0'; c++) { 877 if (*c == '/') 878 *c = '_'; 879 } 880 881 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path, 882 sanitized_name); 883 g_free(sanitized_name); 884 885 fd = mkstemp(filename); 886 if (fd < 0) { 887 perror("unable to create backing store for hugepages"); 888 g_free(filename); 889 return NULL; 890 } 891 unlink(filename); 892 g_free(filename); 893 894 memory = (memory+hpagesize-1) & ~(hpagesize-1); 895 896 /* 897 * ftruncate is not supported by hugetlbfs in older 898 * hosts, so don't bother bailing out on errors. 899 * If anything goes wrong with it under other filesystems, 900 * mmap will fail. 901 */ 902 if (ftruncate(fd, memory)) 903 perror("ftruncate"); 904 905 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); 906 if (area == MAP_FAILED) { 907 perror("file_ram_alloc: can't mmap RAM pages"); 908 close(fd); 909 return (NULL); 910 } 911 912 if (mem_prealloc) { 913 int ret, i; 914 struct sigaction act, oldact; 915 sigset_t set, oldset; 916 917 memset(&act, 0, sizeof(act)); 918 act.sa_handler = &sigbus_handler; 919 act.sa_flags = 0; 920 921 ret = sigaction(SIGBUS, &act, &oldact); 922 if (ret) { 923 perror("file_ram_alloc: failed to install signal handler"); 924 exit(1); 925 } 926 927 /* unblock SIGBUS */ 928 sigemptyset(&set); 929 sigaddset(&set, SIGBUS); 930 pthread_sigmask(SIG_UNBLOCK, &set, &oldset); 931 932 if (sigsetjmp(sigjump, 1)) { 933 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n"); 934 exit(1); 935 } 936 937 /* MAP_POPULATE silently ignores failures */ 938 for (i = 0; i < (memory/hpagesize)-1; i++) { 939 memset(area + (hpagesize*i), 0, 1); 940 } 941 942 ret = sigaction(SIGBUS, &oldact, NULL); 943 if (ret) { 944 perror("file_ram_alloc: failed to reinstall signal handler"); 945 exit(1); 946 } 947 948 pthread_sigmask(SIG_SETMASK, &oldset, NULL); 949 } 950 951 block->fd = fd; 952 return area; 953} 954#else 955static void *file_ram_alloc(RAMBlock *block, 956 ram_addr_t memory, 957 const char *path) 958{ 959 fprintf(stderr, "-mem-path not supported on this host\n"); 960 exit(1); 961} 962#endif 963 964static ram_addr_t find_ram_offset(ram_addr_t size) 965{ 966 RAMBlock *block, *next_block; 967 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX; 968 969 assert(size != 0); /* it would hand out same offset multiple times */ 970 971 if (QTAILQ_EMPTY(&ram_list.blocks)) 972 return 0; 973 974 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 975 ram_addr_t end, next = RAM_ADDR_MAX; 976 977 end = block->offset + block->length; 978 979 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) { 980 if (next_block->offset >= end) { 981 next = MIN(next, next_block->offset); 982 } 983 } 984 if (next - end >= size && next - end < mingap) { 985 offset = end; 986 mingap = next - end; 987 } 988 } 989 990 if (offset == RAM_ADDR_MAX) { 991 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n", 992 (uint64_t)size); 993 abort(); 994 } 995 996 return offset; 997} 998 999ram_addr_t last_ram_offset(void) 1000{ 1001 RAMBlock *block; 1002 ram_addr_t last = 0; 1003 1004 QTAILQ_FOREACH(block, &ram_list.blocks, next) 1005 last = MAX(last, block->offset + block->length); 1006 1007 return last; 1008} 1009 1010static void qemu_ram_setup_dump(void *addr, ram_addr_t size) 1011{ 1012#ifndef CONFIG_ANDROID 1013 int ret; 1014 1015 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */ 1016 if (!qemu_opt_get_bool(qemu_get_machine_opts(), 1017 "dump-guest-core", true)) { 1018 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP); 1019 if (ret) { 1020 perror("qemu_madvise"); 1021 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, " 1022 "but dump_guest_core=off specified\n"); 1023 } 1024 } 1025#endif // !CONFIG_ANDROID 1026} 1027 1028void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev) 1029{ 1030 RAMBlock *new_block, *block; 1031 1032 new_block = NULL; 1033 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1034 if (block->offset == addr) { 1035 new_block = block; 1036 break; 1037 } 1038 } 1039 assert(new_block); 1040 assert(!new_block->idstr[0]); 1041 1042 if (dev) { 1043 char *id = qdev_get_dev_path(dev); 1044 if (id) { 1045 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id); 1046 g_free(id); 1047 } 1048 } 1049 pstrcat(new_block->idstr, sizeof(new_block->idstr), name); 1050 1051 /* This assumes the iothread lock is taken here too. */ 1052 qemu_mutex_lock_ramlist(); 1053 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1054 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) { 1055 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n", 1056 new_block->idstr); 1057 abort(); 1058 } 1059 } 1060 qemu_mutex_unlock_ramlist(); 1061} 1062 1063static int memory_try_enable_merging(void *addr, size_t len) 1064{ 1065#ifndef CONFIG_ANDROID 1066 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) { 1067 /* disabled by the user */ 1068 return 0; 1069 } 1070 1071 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE); 1072#else // CONFIG_ANDROID 1073 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE); 1074#endif // CONFIG_ANDROID 1075} 1076 1077ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name, 1078 ram_addr_t size, void *host) 1079{ 1080 RAMBlock *block, *new_block; 1081 1082 size = TARGET_PAGE_ALIGN(size); 1083 new_block = g_malloc0(sizeof(*new_block)); 1084 new_block->fd = -1; 1085 1086 /* This assumes the iothread lock is taken here too. */ 1087 qemu_mutex_lock_ramlist(); 1088 //new_block->mr = mr; 1089 new_block->offset = find_ram_offset(size); 1090 if (host) { 1091 new_block->host = host; 1092 new_block->flags |= RAM_PREALLOC_MASK; 1093 } else if (xen_enabled()) { 1094 if (mem_path) { 1095 fprintf(stderr, "-mem-path not supported with Xen\n"); 1096 exit(1); 1097 } 1098 //xen_ram_alloc(new_block->offset, size, mr); 1099 } else { 1100 if (mem_path) { 1101 if (phys_mem_alloc != qemu_anon_ram_alloc) { 1102 /* 1103 * file_ram_alloc() needs to allocate just like 1104 * phys_mem_alloc, but we haven't bothered to provide 1105 * a hook there. 1106 */ 1107 fprintf(stderr, 1108 "-mem-path not supported with this accelerator\n"); 1109 exit(1); 1110 } 1111 new_block->host = file_ram_alloc(new_block, size, mem_path); 1112 } 1113 if (!new_block->host) { 1114 new_block->host = phys_mem_alloc(size); 1115 if (!new_block->host) { 1116 fprintf(stderr, "Cannot set up guest memory '%s': %s\n", 1117 name, strerror(errno)); 1118 exit(1); 1119 } 1120#ifdef CONFIG_HAX 1121 if (hax_enabled()) { 1122 /* 1123 * In HAX, qemu allocates the virtual address, and HAX kernel 1124 * module populates the region with physical memory. Currently 1125 * we don’t populate guest memory on demand, thus we should 1126 * make sure that sufficient amount of memory is available in 1127 * advance. 1128 */ 1129 int ret = hax_populate_ram( 1130 (uint64_t)(uintptr_t)new_block->host, 1131 (uint32_t)size); 1132 if (ret < 0) { 1133 fprintf(stderr, "Hax failed to populate ram\n"); 1134 exit(-1); 1135 } 1136 } 1137#endif // CONFIG_HAX 1138 memory_try_enable_merging(new_block->host, size); 1139 } 1140 } 1141 new_block->length = size; 1142 1143 /* Keep the list sorted from biggest to smallest block. */ 1144 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1145 if (block->length < new_block->length) { 1146 break; 1147 } 1148 } 1149 if (block) { 1150 QTAILQ_INSERT_BEFORE(block, new_block, next); 1151 } else { 1152 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next); 1153 } 1154 ram_list.mru_block = NULL; 1155 1156 ram_list.version++; 1157 qemu_mutex_unlock_ramlist(); 1158 1159 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty, 1160 last_ram_offset() >> TARGET_PAGE_BITS); 1161 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS), 1162 0xff, size >> TARGET_PAGE_BITS); 1163 //cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff); 1164 1165 //qemu_ram_setup_dump(new_block->host, size); 1166 //qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE); 1167 //qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK); 1168 1169 if (kvm_enabled()) 1170 kvm_setup_guest_memory(new_block->host, size); 1171 1172 return new_block->offset; 1173} 1174 1175ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size) 1176{ 1177 return qemu_ram_alloc_from_ptr(dev, name, size, NULL); 1178} 1179 1180void qemu_ram_free_from_ptr(ram_addr_t addr) 1181{ 1182 RAMBlock *block; 1183 1184 /* This assumes the iothread lock is taken here too. */ 1185 qemu_mutex_lock_ramlist(); 1186 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1187 if (addr == block->offset) { 1188 QTAILQ_REMOVE(&ram_list.blocks, block, next); 1189 ram_list.mru_block = NULL; 1190 ram_list.version++; 1191 g_free(block); 1192 break; 1193 } 1194 } 1195 qemu_mutex_unlock_ramlist(); 1196} 1197 1198void qemu_ram_free(ram_addr_t addr) 1199{ 1200 RAMBlock *block; 1201 1202 /* This assumes the iothread lock is taken here too. */ 1203 qemu_mutex_lock_ramlist(); 1204 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1205 if (addr == block->offset) { 1206 QTAILQ_REMOVE(&ram_list.blocks, block, next); 1207 ram_list.mru_block = NULL; 1208 ram_list.version++; 1209 if (block->flags & RAM_PREALLOC_MASK) { 1210 ; 1211 } else if (xen_enabled()) { 1212 //xen_invalidate_map_cache_entry(block->host); 1213#ifndef _WIN32 1214 } else if (block->fd >= 0) { 1215 munmap(block->host, block->length); 1216 close(block->fd); 1217#endif 1218 } else { 1219 qemu_anon_ram_free(block->host, block->length); 1220 } 1221 g_free(block); 1222 break; 1223 } 1224 } 1225 qemu_mutex_unlock_ramlist(); 1226 1227} 1228 1229#ifndef _WIN32 1230void qemu_ram_remap(ram_addr_t addr, ram_addr_t length) 1231{ 1232 RAMBlock *block; 1233 ram_addr_t offset; 1234 int flags; 1235 void *area, *vaddr; 1236 1237 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1238 offset = addr - block->offset; 1239 if (offset < block->length) { 1240 vaddr = block->host + offset; 1241 if (block->flags & RAM_PREALLOC_MASK) { 1242 ; 1243 } else if (xen_enabled()) { 1244 abort(); 1245 } else { 1246 flags = MAP_FIXED; 1247 munmap(vaddr, length); 1248 if (block->fd >= 0) { 1249#ifdef MAP_POPULATE 1250 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED : 1251 MAP_PRIVATE; 1252#else 1253 flags |= MAP_PRIVATE; 1254#endif 1255 area = mmap(vaddr, length, PROT_READ | PROT_WRITE, 1256 flags, block->fd, offset); 1257 } else { 1258 /* 1259 * Remap needs to match alloc. Accelerators that 1260 * set phys_mem_alloc never remap. If they did, 1261 * we'd need a remap hook here. 1262 */ 1263 assert(phys_mem_alloc == qemu_anon_ram_alloc); 1264 1265 flags |= MAP_PRIVATE | MAP_ANONYMOUS; 1266 area = mmap(vaddr, length, PROT_READ | PROT_WRITE, 1267 flags, -1, 0); 1268 } 1269 if (area != vaddr) { 1270 fprintf(stderr, "Could not remap addr: " 1271 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n", 1272 length, addr); 1273 exit(1); 1274 } 1275 memory_try_enable_merging(vaddr, length); 1276 qemu_ram_setup_dump(vaddr, length); 1277 } 1278 return; 1279 } 1280 } 1281} 1282#endif /* !_WIN32 */ 1283 1284/* Return a host pointer to ram allocated with qemu_ram_alloc. 1285 With the exception of the softmmu code in this file, this should 1286 only be used for local memory (e.g. video ram) that the device owns, 1287 and knows it isn't going to access beyond the end of the block. 1288 1289 It should not be used for general purpose DMA. 1290 Use cpu_physical_memory_map/cpu_physical_memory_rw instead. 1291 */ 1292void *qemu_get_ram_ptr(ram_addr_t addr) 1293{ 1294 RAMBlock *block = qemu_get_ram_block(addr); 1295#if 0 1296 if (xen_enabled()) { 1297 /* We need to check if the requested address is in the RAM 1298 * because we don't want to map the entire memory in QEMU. 1299 * In that case just map until the end of the page. 1300 */ 1301 if (block->offset == 0) { 1302 return xen_map_cache(addr, 0, 0); 1303 } else if (block->host == NULL) { 1304 block->host = 1305 xen_map_cache(block->offset, block->length, 1); 1306 } 1307 } 1308#endif 1309 return block->host + (addr - block->offset); 1310} 1311 1312/* Return a host pointer to ram allocated with qemu_ram_alloc. 1313 * Same as qemu_get_ram_ptr but avoid reordering ramblocks. 1314 */ 1315void *qemu_safe_ram_ptr(ram_addr_t addr) 1316{ 1317 RAMBlock *block; 1318 1319 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1320 if (addr - block->offset < block->length) { 1321 return block->host + (addr - block->offset); 1322 } 1323 } 1324 1325 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr); 1326 abort(); 1327 1328 return NULL; 1329} 1330 1331/* Some of the softmmu routines need to translate from a host pointer 1332 (typically a TLB entry) back to a ram offset. */ 1333int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr) 1334{ 1335 RAMBlock *block; 1336 uint8_t *host = ptr; 1337#if 0 1338 if (xen_enabled()) { 1339 *ram_addr = xen_ram_addr_from_mapcache(ptr); 1340 return qemu_get_ram_block(*ram_addr)->mr; 1341 } 1342#endif 1343 block = ram_list.mru_block; 1344 if (block && block->host && host - block->host < block->length) { 1345 goto found; 1346 } 1347 1348 QTAILQ_FOREACH(block, &ram_list.blocks, next) { 1349 /* This case append when the block is not mapped. */ 1350 if (block->host == NULL) { 1351 continue; 1352 } 1353 if (host - block->host < block->length) { 1354 goto found; 1355 } 1356 } 1357 1358 return -1; 1359 1360found: 1361 *ram_addr = block->offset + (host - block->host); 1362 return 0; 1363} 1364 1365/* Some of the softmmu routines need to translate from a host pointer 1366 (typically a TLB entry) back to a ram offset. */ 1367ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr) 1368{ 1369 ram_addr_t ram_addr; 1370 1371 if (qemu_ram_addr_from_host(ptr, &ram_addr)) { 1372 fprintf(stderr, "Bad ram pointer %p\n", ptr); 1373 abort(); 1374 } 1375 return ram_addr; 1376} 1377 1378static uint32_t unassigned_mem_readb(void *opaque, hwaddr addr) 1379{ 1380#ifdef DEBUG_UNASSIGNED 1381 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr); 1382#endif 1383#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE) 1384 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 1); 1385#endif 1386 return 0; 1387} 1388 1389static uint32_t unassigned_mem_readw(void *opaque, hwaddr addr) 1390{ 1391#ifdef DEBUG_UNASSIGNED 1392 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr); 1393#endif 1394#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE) 1395 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 2); 1396#endif 1397 return 0; 1398} 1399 1400static uint32_t unassigned_mem_readl(void *opaque, hwaddr addr) 1401{ 1402#ifdef DEBUG_UNASSIGNED 1403 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr); 1404#endif 1405#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE) 1406 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 4); 1407#endif 1408 return 0; 1409} 1410 1411static void unassigned_mem_writeb(void *opaque, hwaddr addr, uint32_t val) 1412{ 1413#ifdef DEBUG_UNASSIGNED 1414 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val); 1415#endif 1416#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE) 1417 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 1); 1418#endif 1419} 1420 1421static void unassigned_mem_writew(void *opaque, hwaddr addr, uint32_t val) 1422{ 1423#ifdef DEBUG_UNASSIGNED 1424 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val); 1425#endif 1426#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE) 1427 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 2); 1428#endif 1429} 1430 1431static void unassigned_mem_writel(void *opaque, hwaddr addr, uint32_t val) 1432{ 1433#ifdef DEBUG_UNASSIGNED 1434 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val); 1435#endif 1436#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE) 1437 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 4); 1438#endif 1439} 1440 1441static CPUReadMemoryFunc * const unassigned_mem_read[3] = { 1442 unassigned_mem_readb, 1443 unassigned_mem_readw, 1444 unassigned_mem_readl, 1445}; 1446 1447static CPUWriteMemoryFunc * const unassigned_mem_write[3] = { 1448 unassigned_mem_writeb, 1449 unassigned_mem_writew, 1450 unassigned_mem_writel, 1451}; 1452 1453static void notdirty_mem_writeb(void *opaque, hwaddr ram_addr, 1454 uint32_t val) 1455{ 1456 int dirty_flags; 1457 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr); 1458 if (!(dirty_flags & CODE_DIRTY_FLAG)) { 1459#if !defined(CONFIG_USER_ONLY) 1460 tb_invalidate_phys_page_fast0(ram_addr, 1); 1461 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr); 1462#endif 1463 } 1464 stb_p(qemu_get_ram_ptr(ram_addr), val); 1465 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG); 1466 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags); 1467 /* we remove the notdirty callback only if the code has been 1468 flushed */ 1469 if (dirty_flags == 0xff) 1470 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr); 1471} 1472 1473static void notdirty_mem_writew(void *opaque, hwaddr ram_addr, 1474 uint32_t val) 1475{ 1476 int dirty_flags; 1477 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr); 1478 if (!(dirty_flags & CODE_DIRTY_FLAG)) { 1479#if !defined(CONFIG_USER_ONLY) 1480 tb_invalidate_phys_page_fast0(ram_addr, 2); 1481 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr); 1482#endif 1483 } 1484 stw_p(qemu_get_ram_ptr(ram_addr), val); 1485 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG); 1486 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags); 1487 /* we remove the notdirty callback only if the code has been 1488 flushed */ 1489 if (dirty_flags == 0xff) 1490 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr); 1491} 1492 1493static void notdirty_mem_writel(void *opaque, hwaddr ram_addr, 1494 uint32_t val) 1495{ 1496 int dirty_flags; 1497 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr); 1498 if (!(dirty_flags & CODE_DIRTY_FLAG)) { 1499#if !defined(CONFIG_USER_ONLY) 1500 tb_invalidate_phys_page_fast0(ram_addr, 4); 1501 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr); 1502#endif 1503 } 1504 stl_p(qemu_get_ram_ptr(ram_addr), val); 1505 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG); 1506 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags); 1507 /* we remove the notdirty callback only if the code has been 1508 flushed */ 1509 if (dirty_flags == 0xff) 1510 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr); 1511} 1512 1513static CPUReadMemoryFunc * const error_mem_read[3] = { 1514 NULL, /* never used */ 1515 NULL, /* never used */ 1516 NULL, /* never used */ 1517}; 1518 1519static CPUWriteMemoryFunc * const notdirty_mem_write[3] = { 1520 notdirty_mem_writeb, 1521 notdirty_mem_writew, 1522 notdirty_mem_writel, 1523}; 1524 1525static void tb_check_watchpoint(CPUArchState* env) 1526{ 1527 TranslationBlock *tb = tb_find_pc(env->mem_io_pc); 1528 if (!tb) { 1529 cpu_abort(env, "check_watchpoint: could not find TB for " 1530 "pc=%p", (void *)env->mem_io_pc); 1531 } 1532 cpu_restore_state(env, env->mem_io_pc); 1533 tb_phys_invalidate(tb, -1); 1534} 1535 1536/* Generate a debug exception if a watchpoint has been hit. */ 1537static void check_watchpoint(int offset, int len_mask, int flags) 1538{ 1539 CPUArchState *env = cpu_single_env; 1540 target_ulong pc, cs_base; 1541 target_ulong vaddr; 1542 CPUWatchpoint *wp; 1543 int cpu_flags; 1544 1545 if (env->watchpoint_hit) { 1546 /* We re-entered the check after replacing the TB. Now raise 1547 * the debug interrupt so that is will trigger after the 1548 * current instruction. */ 1549 cpu_interrupt(env, CPU_INTERRUPT_DEBUG); 1550 return; 1551 } 1552 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset; 1553 QTAILQ_FOREACH(wp, &env->watchpoints, entry) { 1554 if ((vaddr == (wp->vaddr & len_mask) || 1555 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) { 1556 wp->flags |= BP_WATCHPOINT_HIT; 1557 if (!env->watchpoint_hit) { 1558 env->watchpoint_hit = wp; 1559 tb_check_watchpoint(env); 1560 if (wp->flags & BP_STOP_BEFORE_ACCESS) { 1561 env->exception_index = EXCP_DEBUG; 1562 cpu_loop_exit(env); 1563 } else { 1564 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags); 1565 tb_gen_code(env, pc, cs_base, cpu_flags, 1); 1566 cpu_resume_from_signal(env, NULL); 1567 } 1568 } 1569 } else { 1570 wp->flags &= ~BP_WATCHPOINT_HIT; 1571 } 1572 } 1573} 1574 1575/* Watchpoint access routines. Watchpoints are inserted using TLB tricks, 1576 so these check for a hit then pass through to the normal out-of-line 1577 phys routines. */ 1578static uint32_t watch_mem_readb(void *opaque, hwaddr addr) 1579{ 1580 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ); 1581 return ldub_phys(addr); 1582} 1583 1584static uint32_t watch_mem_readw(void *opaque, hwaddr addr) 1585{ 1586 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ); 1587 return lduw_phys(addr); 1588} 1589 1590static uint32_t watch_mem_readl(void *opaque, hwaddr addr) 1591{ 1592 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ); 1593 return ldl_phys(addr); 1594} 1595 1596static void watch_mem_writeb(void *opaque, hwaddr addr, 1597 uint32_t val) 1598{ 1599 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE); 1600 stb_phys(addr, val); 1601} 1602 1603static void watch_mem_writew(void *opaque, hwaddr addr, 1604 uint32_t val) 1605{ 1606 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE); 1607 stw_phys(addr, val); 1608} 1609 1610static void watch_mem_writel(void *opaque, hwaddr addr, 1611 uint32_t val) 1612{ 1613 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE); 1614 stl_phys(addr, val); 1615} 1616 1617static CPUReadMemoryFunc * const watch_mem_read[3] = { 1618 watch_mem_readb, 1619 watch_mem_readw, 1620 watch_mem_readl, 1621}; 1622 1623static CPUWriteMemoryFunc * const watch_mem_write[3] = { 1624 watch_mem_writeb, 1625 watch_mem_writew, 1626 watch_mem_writel, 1627}; 1628 1629static inline uint32_t subpage_readlen (subpage_t *mmio, hwaddr addr, 1630 unsigned int len) 1631{ 1632 uint32_t ret; 1633 unsigned int idx; 1634 1635 idx = SUBPAGE_IDX(addr); 1636#if defined(DEBUG_SUBPAGE) 1637 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__, 1638 mmio, len, addr, idx); 1639#endif 1640 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len], 1641 addr + mmio->region_offset[idx][0][len]); 1642 1643 return ret; 1644} 1645 1646static inline void subpage_writelen (subpage_t *mmio, hwaddr addr, 1647 uint32_t value, unsigned int len) 1648{ 1649 unsigned int idx; 1650 1651 idx = SUBPAGE_IDX(addr); 1652#if defined(DEBUG_SUBPAGE) 1653 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__, 1654 mmio, len, addr, idx, value); 1655#endif 1656 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len], 1657 addr + mmio->region_offset[idx][1][len], 1658 value); 1659} 1660 1661static uint32_t subpage_readb (void *opaque, hwaddr addr) 1662{ 1663#if defined(DEBUG_SUBPAGE) 1664 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr); 1665#endif 1666 1667 return subpage_readlen(opaque, addr, 0); 1668} 1669 1670static void subpage_writeb (void *opaque, hwaddr addr, 1671 uint32_t value) 1672{ 1673#if defined(DEBUG_SUBPAGE) 1674 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value); 1675#endif 1676 subpage_writelen(opaque, addr, value, 0); 1677} 1678 1679static uint32_t subpage_readw (void *opaque, hwaddr addr) 1680{ 1681#if defined(DEBUG_SUBPAGE) 1682 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr); 1683#endif 1684 1685 return subpage_readlen(opaque, addr, 1); 1686} 1687 1688static void subpage_writew (void *opaque, hwaddr addr, 1689 uint32_t value) 1690{ 1691#if defined(DEBUG_SUBPAGE) 1692 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value); 1693#endif 1694 subpage_writelen(opaque, addr, value, 1); 1695} 1696 1697static uint32_t subpage_readl (void *opaque, hwaddr addr) 1698{ 1699#if defined(DEBUG_SUBPAGE) 1700 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr); 1701#endif 1702 1703 return subpage_readlen(opaque, addr, 2); 1704} 1705 1706static void subpage_writel (void *opaque, 1707 hwaddr addr, uint32_t value) 1708{ 1709#if defined(DEBUG_SUBPAGE) 1710 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value); 1711#endif 1712 subpage_writelen(opaque, addr, value, 2); 1713} 1714 1715static CPUReadMemoryFunc * const subpage_read[] = { 1716 &subpage_readb, 1717 &subpage_readw, 1718 &subpage_readl, 1719}; 1720 1721static CPUWriteMemoryFunc * const subpage_write[] = { 1722 &subpage_writeb, 1723 &subpage_writew, 1724 &subpage_writel, 1725}; 1726 1727static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end, 1728 ram_addr_t memory, ram_addr_t region_offset) 1729{ 1730 int idx, eidx; 1731 unsigned int i; 1732 1733 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE) 1734 return -1; 1735 idx = SUBPAGE_IDX(start); 1736 eidx = SUBPAGE_IDX(end); 1737#if defined(DEBUG_SUBPAGE) 1738 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__, 1739 mmio, start, end, idx, eidx, memory); 1740#endif 1741 memory >>= IO_MEM_SHIFT; 1742 for (; idx <= eidx; idx++) { 1743 for (i = 0; i < 4; i++) { 1744 if (io_mem_read[memory][i]) { 1745 mmio->mem_read[idx][i] = &io_mem_read[memory][i]; 1746 mmio->opaque[idx][0][i] = io_mem_opaque[memory]; 1747 mmio->region_offset[idx][0][i] = region_offset; 1748 } 1749 if (io_mem_write[memory][i]) { 1750 mmio->mem_write[idx][i] = &io_mem_write[memory][i]; 1751 mmio->opaque[idx][1][i] = io_mem_opaque[memory]; 1752 mmio->region_offset[idx][1][i] = region_offset; 1753 } 1754 } 1755 } 1756 1757 return 0; 1758} 1759 1760static void *subpage_init (hwaddr base, ram_addr_t *phys, 1761 ram_addr_t orig_memory, ram_addr_t region_offset) 1762{ 1763 subpage_t *mmio; 1764 int subpage_memory; 1765 1766 mmio = g_malloc0(sizeof(subpage_t)); 1767 1768 mmio->base = base; 1769 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio); 1770#if defined(DEBUG_SUBPAGE) 1771 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__, 1772 mmio, base, TARGET_PAGE_SIZE, subpage_memory); 1773#endif 1774 *phys = subpage_memory | IO_MEM_SUBPAGE; 1775 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory, 1776 region_offset); 1777 1778 return mmio; 1779} 1780 1781static int get_free_io_mem_idx(void) 1782{ 1783 int i; 1784 1785 for (i = 0; i<IO_MEM_NB_ENTRIES; i++) 1786 if (!io_mem_used[i]) { 1787 io_mem_used[i] = 1; 1788 return i; 1789 } 1790 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES); 1791 return -1; 1792} 1793 1794/* mem_read and mem_write are arrays of functions containing the 1795 function to access byte (index 0), word (index 1) and dword (index 1796 2). Functions can be omitted with a NULL function pointer. 1797 If io_index is non zero, the corresponding io zone is 1798 modified. If it is zero, a new io zone is allocated. The return 1799 value can be used with cpu_register_physical_memory(). (-1) is 1800 returned if error. */ 1801static int cpu_register_io_memory_fixed(int io_index, 1802 CPUReadMemoryFunc * const *mem_read, 1803 CPUWriteMemoryFunc * const *mem_write, 1804 void *opaque) 1805{ 1806 int i, subwidth = 0; 1807 1808 if (io_index <= 0) { 1809 io_index = get_free_io_mem_idx(); 1810 if (io_index == -1) 1811 return io_index; 1812 } else { 1813 io_index >>= IO_MEM_SHIFT; 1814 if (io_index >= IO_MEM_NB_ENTRIES) 1815 return -1; 1816 } 1817 1818 for(i = 0;i < 3; i++) { 1819 if (!mem_read[i] || !mem_write[i]) 1820 subwidth = IO_MEM_SUBWIDTH; 1821 io_mem_read[io_index][i] = mem_read[i]; 1822 io_mem_write[io_index][i] = mem_write[i]; 1823 } 1824 io_mem_opaque[io_index] = opaque; 1825 return (io_index << IO_MEM_SHIFT) | subwidth; 1826} 1827 1828int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read, 1829 CPUWriteMemoryFunc * const *mem_write, 1830 void *opaque) 1831{ 1832 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque); 1833} 1834 1835void cpu_unregister_io_memory(int io_table_address) 1836{ 1837 int i; 1838 int io_index = io_table_address >> IO_MEM_SHIFT; 1839 1840 for (i=0;i < 3; i++) { 1841 io_mem_read[io_index][i] = unassigned_mem_read[i]; 1842 io_mem_write[io_index][i] = unassigned_mem_write[i]; 1843 } 1844 io_mem_opaque[io_index] = NULL; 1845 io_mem_used[io_index] = 0; 1846} 1847 1848static void io_mem_init(void) 1849{ 1850 int i; 1851 1852 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL); 1853 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL); 1854 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL); 1855 for (i=0; i<5; i++) 1856 io_mem_used[i] = 1; 1857 1858 io_mem_watch = cpu_register_io_memory(watch_mem_read, 1859 watch_mem_write, NULL); 1860} 1861 1862#endif /* !defined(CONFIG_USER_ONLY) */ 1863 1864/* physical memory access (slow version, mainly for debug) */ 1865#if defined(CONFIG_USER_ONLY) 1866void cpu_physical_memory_rw(hwaddr addr, void *buf, 1867 int len, int is_write) 1868{ 1869 int l, flags; 1870 target_ulong page; 1871 void * p; 1872 1873 while (len > 0) { 1874 page = addr & TARGET_PAGE_MASK; 1875 l = (page + TARGET_PAGE_SIZE) - addr; 1876 if (l > len) 1877 l = len; 1878 flags = page_get_flags(page); 1879 if (!(flags & PAGE_VALID)) 1880 return; 1881 if (is_write) { 1882 if (!(flags & PAGE_WRITE)) 1883 return; 1884 /* XXX: this code should not depend on lock_user */ 1885 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0))) 1886 /* FIXME - should this return an error rather than just fail? */ 1887 return; 1888 memcpy(p, buf, l); 1889 unlock_user(p, addr, l); 1890 } else { 1891 if (!(flags & PAGE_READ)) 1892 return; 1893 /* XXX: this code should not depend on lock_user */ 1894 if (!(p = lock_user(VERIFY_READ, addr, l, 1))) 1895 /* FIXME - should this return an error rather than just fail? */ 1896 return; 1897 memcpy(buf, p, l); 1898 unlock_user(p, addr, 0); 1899 } 1900 len -= l; 1901 buf += l; 1902 addr += l; 1903 } 1904} 1905 1906#else 1907 1908static void invalidate_and_set_dirty(hwaddr addr, 1909 hwaddr length) 1910{ 1911 if (!cpu_physical_memory_is_dirty(addr)) { 1912 /* invalidate code */ 1913 tb_invalidate_phys_page_range(addr, addr + length, 0); 1914 /* set dirty bit */ 1915 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG)); 1916 } 1917} 1918 1919void cpu_physical_memory_rw(hwaddr addr, void *buf, 1920 int len, int is_write) 1921{ 1922 int l, io_index; 1923 uint8_t *ptr; 1924 uint32_t val; 1925 hwaddr page; 1926 unsigned long pd; 1927 uint8_t* buf8 = (uint8_t*)buf; 1928 PhysPageDesc *p; 1929 1930 while (len > 0) { 1931 page = addr & TARGET_PAGE_MASK; 1932 l = (page + TARGET_PAGE_SIZE) - addr; 1933 if (l > len) 1934 l = len; 1935 p = phys_page_find(page >> TARGET_PAGE_BITS); 1936 if (!p) { 1937 pd = IO_MEM_UNASSIGNED; 1938 } else { 1939 pd = p->phys_offset; 1940 } 1941 1942 if (is_write) { 1943 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) { 1944 hwaddr addr1 = addr; 1945 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 1946 if (p) 1947 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 1948 /* XXX: could force cpu_single_env to NULL to avoid 1949 potential bugs */ 1950 if (l >= 4 && ((addr1 & 3) == 0)) { 1951 /* 32 bit write access */ 1952 val = ldl_p(buf8); 1953 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val); 1954 l = 4; 1955 } else if (l >= 2 && ((addr1 & 1) == 0)) { 1956 /* 16 bit write access */ 1957 val = lduw_p(buf8); 1958 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val); 1959 l = 2; 1960 } else { 1961 /* 8 bit write access */ 1962 val = ldub_p(buf8); 1963 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val); 1964 l = 1; 1965 } 1966 } else { 1967 unsigned long addr1; 1968 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK); 1969 /* RAM case */ 1970 ptr = qemu_get_ram_ptr(addr1); 1971 memcpy(ptr, buf8, l); 1972 invalidate_and_set_dirty(addr1, l); 1973 } 1974 } else { 1975 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && 1976 !(pd & IO_MEM_ROMD)) { 1977 hwaddr addr1 = addr; 1978 /* I/O case */ 1979 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 1980 if (p) 1981 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 1982 if (l >= 4 && ((addr1 & 3) == 0)) { 1983 /* 32 bit read access */ 1984 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1); 1985 stl_p(buf8, val); 1986 l = 4; 1987 } else if (l >= 2 && ((addr1 & 1) == 0)) { 1988 /* 16 bit read access */ 1989 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1); 1990 stw_p(buf8, val); 1991 l = 2; 1992 } else { 1993 /* 8 bit read access */ 1994 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1); 1995 stb_p(buf8, val); 1996 l = 1; 1997 } 1998 } else { 1999 /* RAM case */ 2000 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) + 2001 (addr & ~TARGET_PAGE_MASK); 2002 memcpy(buf8, ptr, l); 2003 } 2004 } 2005 len -= l; 2006 buf8 += l; 2007 addr += l; 2008 } 2009} 2010 2011/* used for ROM loading : can write in RAM and ROM */ 2012void cpu_physical_memory_write_rom(hwaddr addr, 2013 const void *buf, int len) 2014{ 2015 int l; 2016 uint8_t *ptr; 2017 hwaddr page; 2018 unsigned long pd; 2019 const uint8_t* buf8 = (const uint8_t*)buf; 2020 PhysPageDesc *p; 2021 2022 while (len > 0) { 2023 page = addr & TARGET_PAGE_MASK; 2024 l = (page + TARGET_PAGE_SIZE) - addr; 2025 if (l > len) 2026 l = len; 2027 p = phys_page_find(page >> TARGET_PAGE_BITS); 2028 if (!p) { 2029 pd = IO_MEM_UNASSIGNED; 2030 } else { 2031 pd = p->phys_offset; 2032 } 2033 2034 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM && 2035 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM && 2036 !(pd & IO_MEM_ROMD)) { 2037 /* do nothing */ 2038 } else { 2039 unsigned long addr1; 2040 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK); 2041 /* ROM/RAM case */ 2042 ptr = qemu_get_ram_ptr(addr1); 2043 memcpy(ptr, buf8, l); 2044 invalidate_and_set_dirty(addr1, l); 2045 } 2046 len -= l; 2047 buf8 += l; 2048 addr += l; 2049 } 2050} 2051 2052typedef struct { 2053 void *buffer; 2054 hwaddr addr; 2055 hwaddr len; 2056} BounceBuffer; 2057 2058static BounceBuffer bounce; 2059 2060typedef struct MapClient { 2061 void *opaque; 2062 void (*callback)(void *opaque); 2063 QLIST_ENTRY(MapClient) link; 2064} MapClient; 2065 2066static QLIST_HEAD(map_client_list, MapClient) map_client_list 2067 = QLIST_HEAD_INITIALIZER(map_client_list); 2068 2069void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque)) 2070{ 2071 MapClient *client = g_malloc(sizeof(*client)); 2072 2073 client->opaque = opaque; 2074 client->callback = callback; 2075 QLIST_INSERT_HEAD(&map_client_list, client, link); 2076 return client; 2077} 2078 2079static void cpu_unregister_map_client(void *_client) 2080{ 2081 MapClient *client = (MapClient *)_client; 2082 2083 QLIST_REMOVE(client, link); 2084 g_free(client); 2085} 2086 2087static void cpu_notify_map_clients(void) 2088{ 2089 MapClient *client; 2090 2091 while (!QLIST_EMPTY(&map_client_list)) { 2092 client = QLIST_FIRST(&map_client_list); 2093 client->callback(client->opaque); 2094 cpu_unregister_map_client(client); 2095 } 2096} 2097 2098/* Map a physical memory region into a host virtual address. 2099 * May map a subset of the requested range, given by and returned in *plen. 2100 * May return NULL if resources needed to perform the mapping are exhausted. 2101 * Use only for reads OR writes - not for read-modify-write operations. 2102 * Use cpu_register_map_client() to know when retrying the map operation is 2103 * likely to succeed. 2104 */ 2105void *cpu_physical_memory_map(hwaddr addr, 2106 hwaddr *plen, 2107 int is_write) 2108{ 2109 hwaddr len = *plen; 2110 hwaddr done = 0; 2111 int l; 2112 uint8_t *ret = NULL; 2113 uint8_t *ptr; 2114 hwaddr page; 2115 unsigned long pd; 2116 PhysPageDesc *p; 2117 unsigned long addr1; 2118 2119 while (len > 0) { 2120 page = addr & TARGET_PAGE_MASK; 2121 l = (page + TARGET_PAGE_SIZE) - addr; 2122 if (l > len) 2123 l = len; 2124 p = phys_page_find(page >> TARGET_PAGE_BITS); 2125 if (!p) { 2126 pd = IO_MEM_UNASSIGNED; 2127 } else { 2128 pd = p->phys_offset; 2129 } 2130 2131 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) { 2132 if (done || bounce.buffer) { 2133 break; 2134 } 2135 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE); 2136 bounce.addr = addr; 2137 bounce.len = l; 2138 if (!is_write) { 2139 cpu_physical_memory_read(addr, bounce.buffer, l); 2140 } 2141 ptr = bounce.buffer; 2142 } else { 2143 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK); 2144 ptr = qemu_get_ram_ptr(addr1); 2145 } 2146 if (!done) { 2147 ret = ptr; 2148 } else if (ret + done != ptr) { 2149 break; 2150 } 2151 2152 len -= l; 2153 addr += l; 2154 done += l; 2155 } 2156 *plen = done; 2157 return ret; 2158} 2159 2160/* Unmaps a memory region previously mapped by cpu_physical_memory_map(). 2161 * Will also mark the memory as dirty if is_write == 1. access_len gives 2162 * the amount of memory that was actually read or written by the caller. 2163 */ 2164void cpu_physical_memory_unmap(void *buffer, hwaddr len, 2165 int is_write, hwaddr access_len) 2166{ 2167 if (buffer != bounce.buffer) { 2168 if (is_write) { 2169 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer); 2170 while (access_len) { 2171 unsigned l; 2172 l = TARGET_PAGE_SIZE; 2173 if (l > access_len) 2174 l = access_len; 2175 invalidate_and_set_dirty(addr1, l); 2176 addr1 += l; 2177 access_len -= l; 2178 } 2179 } 2180 return; 2181 } 2182 if (is_write) { 2183 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len); 2184 } 2185 qemu_vfree(bounce.buffer); 2186 bounce.buffer = NULL; 2187 cpu_notify_map_clients(); 2188} 2189 2190/* warning: addr must be aligned */ 2191static inline uint32_t ldl_phys_internal(hwaddr addr, 2192 enum device_endian endian) 2193{ 2194 int io_index; 2195 uint8_t *ptr; 2196 uint32_t val; 2197 unsigned long pd; 2198 PhysPageDesc *p; 2199 2200 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2201 if (!p) { 2202 pd = IO_MEM_UNASSIGNED; 2203 } else { 2204 pd = p->phys_offset; 2205 } 2206 2207 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && 2208 !(pd & IO_MEM_ROMD)) { 2209 /* I/O case */ 2210 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2211 if (p) 2212 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2213 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr); 2214#if defined(TARGET_WORDS_BIGENDIAN) 2215 if (endian == DEVICE_LITTLE_ENDIAN) { 2216 val = bswap32(val); 2217 } 2218#else 2219 if (endian == DEVICE_BIG_ENDIAN) { 2220 val = bswap32(val); 2221 } 2222#endif 2223 } else { 2224 /* RAM case */ 2225 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) + 2226 (addr & ~TARGET_PAGE_MASK); 2227 switch (endian) { 2228 case DEVICE_LITTLE_ENDIAN: 2229 val = ldl_le_p(ptr); 2230 break; 2231 case DEVICE_BIG_ENDIAN: 2232 val = ldl_be_p(ptr); 2233 break; 2234 default: 2235 val = ldl_p(ptr); 2236 break; 2237 } 2238 } 2239 return val; 2240} 2241 2242uint32_t ldl_phys(hwaddr addr) 2243{ 2244 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN); 2245} 2246 2247uint32_t ldl_le_phys(hwaddr addr) 2248{ 2249 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN); 2250} 2251 2252uint32_t ldl_be_phys(hwaddr addr) 2253{ 2254 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN); 2255} 2256 2257/* warning: addr must be aligned */ 2258static inline uint64_t ldq_phys_internal(hwaddr addr, 2259 enum device_endian endian) 2260{ 2261 int io_index; 2262 uint8_t *ptr; 2263 uint64_t val; 2264 unsigned long pd; 2265 PhysPageDesc *p; 2266 2267 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2268 if (!p) { 2269 pd = IO_MEM_UNASSIGNED; 2270 } else { 2271 pd = p->phys_offset; 2272 } 2273 2274 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && 2275 !(pd & IO_MEM_ROMD)) { 2276 /* I/O case */ 2277 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2278 if (p) 2279 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2280 2281 /* XXX This is broken when device endian != cpu endian. 2282 Fix and add "endian" variable check */ 2283#ifdef TARGET_WORDS_BIGENDIAN 2284 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32; 2285 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4); 2286#else 2287 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr); 2288 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32; 2289#endif 2290 } else { 2291 /* RAM case */ 2292 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) + 2293 (addr & ~TARGET_PAGE_MASK); 2294 switch (endian) { 2295 case DEVICE_LITTLE_ENDIAN: 2296 val = ldq_le_p(ptr); 2297 break; 2298 case DEVICE_BIG_ENDIAN: 2299 val = ldq_be_p(ptr); 2300 break; 2301 default: 2302 val = ldq_p(ptr); 2303 break; 2304 } 2305 } 2306 return val; 2307} 2308 2309uint64_t ldq_phys(hwaddr addr) 2310{ 2311 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN); 2312} 2313 2314uint64_t ldq_le_phys(hwaddr addr) 2315{ 2316 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN); 2317} 2318 2319uint64_t ldq_be_phys(hwaddr addr) 2320{ 2321 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN); 2322} 2323 2324/* XXX: optimize */ 2325uint32_t ldub_phys(hwaddr addr) 2326{ 2327 uint8_t val; 2328 cpu_physical_memory_read(addr, &val, 1); 2329 return val; 2330} 2331 2332/* XXX: optimize */ 2333static inline uint32_t lduw_phys_internal(hwaddr addr, 2334 enum device_endian endian) 2335{ 2336 int io_index; 2337 uint8_t *ptr; 2338 uint64_t val; 2339 unsigned long pd; 2340 PhysPageDesc *p; 2341 2342 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2343 if (!p) { 2344 pd = IO_MEM_UNASSIGNED; 2345 } else { 2346 pd = p->phys_offset; 2347 } 2348 2349 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && 2350 !(pd & IO_MEM_ROMD)) { 2351 /* I/O case */ 2352 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2353 if (p) 2354 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2355 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr); 2356#if defined(TARGET_WORDS_BIGENDIAN) 2357 if (endian == DEVICE_LITTLE_ENDIAN) { 2358 val = bswap16(val); 2359 } 2360#else 2361 if (endian == DEVICE_BIG_ENDIAN) { 2362 val = bswap16(val); 2363 } 2364#endif 2365 } else { 2366 /* RAM case */ 2367 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) + 2368 (addr & ~TARGET_PAGE_MASK); 2369 switch (endian) { 2370 case DEVICE_LITTLE_ENDIAN: 2371 val = lduw_le_p(ptr); 2372 break; 2373 case DEVICE_BIG_ENDIAN: 2374 val = lduw_be_p(ptr); 2375 break; 2376 default: 2377 val = lduw_p(ptr); 2378 break; 2379 } 2380 } 2381 return val; 2382} 2383 2384uint32_t lduw_phys(hwaddr addr) 2385{ 2386 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN); 2387} 2388 2389uint32_t lduw_le_phys(hwaddr addr) 2390{ 2391 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN); 2392} 2393 2394uint32_t lduw_be_phys(hwaddr addr) 2395{ 2396 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN); 2397} 2398 2399/* warning: addr must be aligned. The ram page is not masked as dirty 2400 and the code inside is not invalidated. It is useful if the dirty 2401 bits are used to track modified PTEs */ 2402void stl_phys_notdirty(hwaddr addr, uint32_t val) 2403{ 2404 int io_index; 2405 uint8_t *ptr; 2406 unsigned long pd; 2407 PhysPageDesc *p; 2408 2409 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2410 if (!p) { 2411 pd = IO_MEM_UNASSIGNED; 2412 } else { 2413 pd = p->phys_offset; 2414 } 2415 2416 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) { 2417 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2418 if (p) 2419 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2420 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val); 2421 } else { 2422 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK); 2423 ptr = qemu_get_ram_ptr(addr1); 2424 stl_p(ptr, val); 2425 2426 if (unlikely(in_migration)) { 2427 if (!cpu_physical_memory_is_dirty(addr1)) { 2428 /* invalidate code */ 2429 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0); 2430 /* set dirty bit */ 2431 cpu_physical_memory_set_dirty_flags( 2432 addr1, (0xff & ~CODE_DIRTY_FLAG)); 2433 } 2434 } 2435 } 2436} 2437 2438void stq_phys_notdirty(hwaddr addr, uint64_t val) 2439{ 2440 int io_index; 2441 uint8_t *ptr; 2442 unsigned long pd; 2443 PhysPageDesc *p; 2444 2445 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2446 if (!p) { 2447 pd = IO_MEM_UNASSIGNED; 2448 } else { 2449 pd = p->phys_offset; 2450 } 2451 2452 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) { 2453 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2454 if (p) 2455 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2456#ifdef TARGET_WORDS_BIGENDIAN 2457 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32); 2458 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val); 2459#else 2460 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val); 2461 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32); 2462#endif 2463 } else { 2464 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) + 2465 (addr & ~TARGET_PAGE_MASK); 2466 stq_p(ptr, val); 2467 } 2468} 2469 2470/* warning: addr must be aligned */ 2471static inline void stl_phys_internal(hwaddr addr, uint32_t val, 2472 enum device_endian endian) 2473{ 2474 int io_index; 2475 uint8_t *ptr; 2476 unsigned long pd; 2477 PhysPageDesc *p; 2478 2479 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2480 if (!p) { 2481 pd = IO_MEM_UNASSIGNED; 2482 } else { 2483 pd = p->phys_offset; 2484 } 2485 2486 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) { 2487 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2488 if (p) 2489 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2490#if defined(TARGET_WORDS_BIGENDIAN) 2491 if (endian == DEVICE_LITTLE_ENDIAN) { 2492 val = bswap32(val); 2493 } 2494#else 2495 if (endian == DEVICE_BIG_ENDIAN) { 2496 val = bswap32(val); 2497 } 2498#endif 2499 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val); 2500 } else { 2501 unsigned long addr1; 2502 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK); 2503 /* RAM case */ 2504 ptr = qemu_get_ram_ptr(addr1); 2505 switch (endian) { 2506 case DEVICE_LITTLE_ENDIAN: 2507 stl_le_p(ptr, val); 2508 break; 2509 case DEVICE_BIG_ENDIAN: 2510 stl_be_p(ptr, val); 2511 break; 2512 default: 2513 stl_p(ptr, val); 2514 break; 2515 } 2516 invalidate_and_set_dirty(addr1, 4); 2517 } 2518} 2519 2520void stl_phys(hwaddr addr, uint32_t val) 2521{ 2522 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN); 2523} 2524 2525void stl_le_phys(hwaddr addr, uint32_t val) 2526{ 2527 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN); 2528} 2529 2530void stl_be_phys(hwaddr addr, uint32_t val) 2531{ 2532 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN); 2533} 2534 2535/* XXX: optimize */ 2536void stb_phys(hwaddr addr, uint32_t val) 2537{ 2538 uint8_t v = val; 2539 cpu_physical_memory_write(addr, &v, 1); 2540} 2541 2542/* XXX: optimize */ 2543static inline void stw_phys_internal(hwaddr addr, uint32_t val, 2544 enum device_endian endian) 2545{ 2546 int io_index; 2547 uint8_t *ptr; 2548 unsigned long pd; 2549 PhysPageDesc *p; 2550 2551 p = phys_page_find(addr >> TARGET_PAGE_BITS); 2552 if (!p) { 2553 pd = IO_MEM_UNASSIGNED; 2554 } else { 2555 pd = p->phys_offset; 2556 } 2557 2558 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) { 2559 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); 2560 if (p) 2561 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset; 2562#if defined(TARGET_WORDS_BIGENDIAN) 2563 if (endian == DEVICE_LITTLE_ENDIAN) { 2564 val = bswap16(val); 2565 } 2566#else 2567 if (endian == DEVICE_BIG_ENDIAN) { 2568 val = bswap16(val); 2569 } 2570#endif 2571 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val); 2572 } else { 2573 unsigned long addr1; 2574 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK); 2575 /* RAM case */ 2576 ptr = qemu_get_ram_ptr(addr1); 2577 switch (endian) { 2578 case DEVICE_LITTLE_ENDIAN: 2579 stw_le_p(ptr, val); 2580 break; 2581 case DEVICE_BIG_ENDIAN: 2582 stw_be_p(ptr, val); 2583 break; 2584 default: 2585 stw_p(ptr, val); 2586 break; 2587 } 2588 if (!cpu_physical_memory_is_dirty(addr1)) { 2589 /* invalidate code */ 2590 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0); 2591 /* set dirty bit */ 2592 cpu_physical_memory_set_dirty_flags(addr1, 2593 (0xff & ~CODE_DIRTY_FLAG)); 2594 } 2595 } 2596} 2597 2598void stw_phys(hwaddr addr, uint32_t val) 2599{ 2600 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN); 2601} 2602 2603void stw_le_phys(hwaddr addr, uint32_t val) 2604{ 2605 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN); 2606} 2607 2608void stw_be_phys(hwaddr addr, uint32_t val) 2609{ 2610 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN); 2611} 2612 2613/* XXX: optimize */ 2614void stq_phys(hwaddr addr, uint64_t val) 2615{ 2616 val = tswap64(val); 2617 cpu_physical_memory_write(addr, &val, 8); 2618} 2619 2620 2621void stq_le_phys(hwaddr addr, uint64_t val) 2622{ 2623 val = cpu_to_le64(val); 2624 cpu_physical_memory_write(addr, &val, 8); 2625} 2626 2627void stq_be_phys(hwaddr addr, uint64_t val) 2628{ 2629 val = cpu_to_be64(val); 2630 cpu_physical_memory_write(addr, &val, 8); 2631} 2632 2633#endif 2634 2635/* virtual memory access for debug (includes writing to ROM) */ 2636int cpu_memory_rw_debug(CPUOldState *env, target_ulong addr, 2637 void *buf, int len, int is_write) 2638{ 2639 int l; 2640 hwaddr phys_addr; 2641 target_ulong page; 2642 uint8_t* buf8 = (uint8_t*)buf; 2643 2644 while (len > 0) { 2645 page = addr & TARGET_PAGE_MASK; 2646 phys_addr = cpu_get_phys_page_debug(env, page); 2647 /* if no physical page mapped, return an error */ 2648 if (phys_addr == -1) 2649 return -1; 2650 l = (page + TARGET_PAGE_SIZE) - addr; 2651 if (l > len) 2652 l = len; 2653 phys_addr += (addr & ~TARGET_PAGE_MASK); 2654#if !defined(CONFIG_USER_ONLY) 2655 if (is_write) 2656 cpu_physical_memory_write_rom(phys_addr, buf8, l); 2657 else 2658#endif 2659 cpu_physical_memory_rw(phys_addr, buf8, l, is_write); 2660 len -= l; 2661 buf8 += l; 2662 addr += l; 2663 } 2664 return 0; 2665} 2666