2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
24 #include <sys/types.h>
37 #include "qemu-common.h"
42 #if defined(CONFIG_USER_ONLY)
46 //#define DEBUG_TB_INVALIDATE
49 //#define DEBUG_UNASSIGNED
51 /* make various TB consistency checks */
52 //#define DEBUG_TB_CHECK
53 //#define DEBUG_TLB_CHECK
55 //#define DEBUG_IOPORT
56 //#define DEBUG_SUBPAGE
58 #if !defined(CONFIG_USER_ONLY)
59 /* TB consistency checks only implemented for usermode emulation. */
63 #define SMC_BITMAP_USE_THRESHOLD 10
65 #if defined(TARGET_SPARC64)
66 #define TARGET_PHYS_ADDR_SPACE_BITS 41
67 #elif defined(TARGET_SPARC)
68 #define TARGET_PHYS_ADDR_SPACE_BITS 36
69 #elif defined(TARGET_ALPHA)
70 #define TARGET_PHYS_ADDR_SPACE_BITS 42
71 #define TARGET_VIRT_ADDR_SPACE_BITS 42
72 #elif defined(TARGET_PPC64)
73 #define TARGET_PHYS_ADDR_SPACE_BITS 42
74 #elif defined(TARGET_X86_64) && !defined(CONFIG_KQEMU)
75 #define TARGET_PHYS_ADDR_SPACE_BITS 42
76 #elif defined(TARGET_I386) && !defined(CONFIG_KQEMU)
77 #define TARGET_PHYS_ADDR_SPACE_BITS 36
79 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
80 #define TARGET_PHYS_ADDR_SPACE_BITS 32
83 static TranslationBlock *tbs;
84 int code_gen_max_blocks;
85 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
87 /* any access to the tbs or the page table must use this lock */
88 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
90 #if defined(__arm__) || defined(__sparc_v9__)
91 /* The prologue must be reachable with a direct jump. ARM and Sparc64
92 have limited branch ranges (possibly also PPC) so place it in a
93 section close to code segment. */
94 #define code_gen_section \
95 __attribute__((__section__(".gen_code"))) \
96 __attribute__((aligned (32)))
98 #define code_gen_section \
99 __attribute__((aligned (32)))
102 uint8_t code_gen_prologue[1024] code_gen_section;
103 static uint8_t *code_gen_buffer;
104 static unsigned long code_gen_buffer_size;
105 /* threshold to flush the translated code buffer */
106 static unsigned long code_gen_buffer_max_size;
107 uint8_t *code_gen_ptr;
109 #if !defined(CONFIG_USER_ONLY)
111 uint8_t *phys_ram_dirty;
112 static int in_migration;
114 typedef struct RAMBlock {
118 struct RAMBlock *next;
121 static RAMBlock *ram_blocks;
122 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
123 then we can no longer assume contiguous ram offsets, and external uses
124 of this variable will break. */
125 ram_addr_t last_ram_offset;
129 /* current CPU in the current thread. It is only valid inside
131 CPUState *cpu_single_env;
132 /* 0 = Do not count executed instructions.
133 1 = Precise instruction counting.
134 2 = Adaptive rate instruction counting. */
136 /* Current instruction counter. While executing translated code this may
137 include some instructions that have not yet been executed. */
140 typedef struct PageDesc {
141 /* list of TBs intersecting this ram page */
142 TranslationBlock *first_tb;
143 /* in order to optimize self modifying code, we count the number
144 of lookups we do to a given page to use a bitmap */
145 unsigned int code_write_count;
146 uint8_t *code_bitmap;
147 #if defined(CONFIG_USER_ONLY)
152 typedef struct PhysPageDesc {
153 /* offset in host memory of the page + io_index in the low bits */
154 ram_addr_t phys_offset;
155 ram_addr_t region_offset;
159 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
160 /* XXX: this is a temporary hack for alpha target.
161 * In the future, this is to be replaced by a multi-level table
162 * to actually be able to handle the complete 64 bits address space.
164 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
166 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
169 #define L1_SIZE (1 << L1_BITS)
170 #define L2_SIZE (1 << L2_BITS)
172 unsigned long qemu_real_host_page_size;
173 unsigned long qemu_host_page_bits;
174 unsigned long qemu_host_page_size;
175 unsigned long qemu_host_page_mask;
177 /* XXX: for system emulation, it could just be an array */
178 static PageDesc *l1_map[L1_SIZE];
179 static PhysPageDesc **l1_phys_map;
181 #if !defined(CONFIG_USER_ONLY)
182 static void io_mem_init(void);
184 /* io memory support */
185 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
186 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
187 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
188 static char io_mem_used[IO_MEM_NB_ENTRIES];
189 static int io_mem_watch;
193 static const char *logfilename = "/tmp/qemu.log";
196 static int log_append = 0;
199 static int tlb_flush_count;
200 static int tb_flush_count;
201 static int tb_phys_invalidate_count;
203 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
204 typedef struct subpage_t {
205 target_phys_addr_t base;
206 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
207 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
208 void *opaque[TARGET_PAGE_SIZE][2][4];
209 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
213 static void map_exec(void *addr, long size)
216 VirtualProtect(addr, size,
217 PAGE_EXECUTE_READWRITE, &old_protect);
221 static void map_exec(void *addr, long size)
223 unsigned long start, end, page_size;
225 page_size = getpagesize();
226 start = (unsigned long)addr;
227 start &= ~(page_size - 1);
229 end = (unsigned long)addr + size;
230 end += page_size - 1;
231 end &= ~(page_size - 1);
233 mprotect((void *)start, end - start,
234 PROT_READ | PROT_WRITE | PROT_EXEC);
238 static void page_init(void)
240 /* NOTE: we can always suppose that qemu_host_page_size >=
244 SYSTEM_INFO system_info;
246 GetSystemInfo(&system_info);
247 qemu_real_host_page_size = system_info.dwPageSize;
250 qemu_real_host_page_size = getpagesize();
252 if (qemu_host_page_size == 0)
253 qemu_host_page_size = qemu_real_host_page_size;
254 if (qemu_host_page_size < TARGET_PAGE_SIZE)
255 qemu_host_page_size = TARGET_PAGE_SIZE;
256 qemu_host_page_bits = 0;
257 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
258 qemu_host_page_bits++;
259 qemu_host_page_mask = ~(qemu_host_page_size - 1);
260 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
261 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
263 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
265 long long startaddr, endaddr;
270 last_brk = (unsigned long)sbrk(0);
271 f = fopen("/proc/self/maps", "r");
274 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
276 startaddr = MIN(startaddr,
277 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
278 endaddr = MIN(endaddr,
279 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
280 page_set_flags(startaddr & TARGET_PAGE_MASK,
281 TARGET_PAGE_ALIGN(endaddr),
292 static inline PageDesc **page_l1_map(target_ulong index)
294 #if TARGET_LONG_BITS > 32
295 /* Host memory outside guest VM. For 32-bit targets we have already
296 excluded high addresses. */
297 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
300 return &l1_map[index >> L2_BITS];
303 static inline PageDesc *page_find_alloc(target_ulong index)
306 lp = page_l1_map(index);
312 /* allocate if not found */
313 #if defined(CONFIG_USER_ONLY)
314 size_t len = sizeof(PageDesc) * L2_SIZE;
315 /* Don't use qemu_malloc because it may recurse. */
316 p = mmap(0, len, PROT_READ | PROT_WRITE,
317 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
320 unsigned long addr = h2g(p);
321 page_set_flags(addr & TARGET_PAGE_MASK,
322 TARGET_PAGE_ALIGN(addr + len),
326 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
330 return p + (index & (L2_SIZE - 1));
333 static inline PageDesc *page_find(target_ulong index)
336 lp = page_l1_map(index);
343 return p + (index & (L2_SIZE - 1));
346 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
351 p = (void **)l1_phys_map;
352 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
354 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
355 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
357 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
360 /* allocate if not found */
363 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
364 memset(p, 0, sizeof(void *) * L1_SIZE);
368 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
372 /* allocate if not found */
375 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
377 for (i = 0; i < L2_SIZE; i++) {
378 pd[i].phys_offset = IO_MEM_UNASSIGNED;
379 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
382 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
385 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
387 return phys_page_find_alloc(index, 0);
390 #if !defined(CONFIG_USER_ONLY)
391 static void tlb_protect_code(ram_addr_t ram_addr);
392 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
394 #define mmap_lock() do { } while(0)
395 #define mmap_unlock() do { } while(0)
398 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
400 #if defined(CONFIG_USER_ONLY)
401 /* Currently it is not recommended to allocate big chunks of data in
402 user mode. It will change when a dedicated libc will be used */
403 #define USE_STATIC_CODE_GEN_BUFFER
406 #ifdef USE_STATIC_CODE_GEN_BUFFER
407 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
410 static void code_gen_alloc(unsigned long tb_size)
412 #ifdef USE_STATIC_CODE_GEN_BUFFER
413 code_gen_buffer = static_code_gen_buffer;
414 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
415 map_exec(code_gen_buffer, code_gen_buffer_size);
417 code_gen_buffer_size = tb_size;
418 if (code_gen_buffer_size == 0) {
419 #if defined(CONFIG_USER_ONLY)
420 /* in user mode, phys_ram_size is not meaningful */
421 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
423 /* XXX: needs adjustments */
424 code_gen_buffer_size = (unsigned long)(ram_size / 4);
427 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
428 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
429 /* The code gen buffer location may have constraints depending on
430 the host cpu and OS */
431 #if defined(__linux__)
436 flags = MAP_PRIVATE | MAP_ANONYMOUS;
437 #if defined(__x86_64__)
439 /* Cannot map more than that */
440 if (code_gen_buffer_size > (800 * 1024 * 1024))
441 code_gen_buffer_size = (800 * 1024 * 1024);
442 #elif defined(__sparc_v9__)
443 // Map the buffer below 2G, so we can use direct calls and branches
445 start = (void *) 0x60000000UL;
446 if (code_gen_buffer_size > (512 * 1024 * 1024))
447 code_gen_buffer_size = (512 * 1024 * 1024);
448 #elif defined(__arm__)
449 /* Map the buffer below 32M, so we can use direct calls and branches */
451 start = (void *) 0x01000000UL;
452 if (code_gen_buffer_size > 16 * 1024 * 1024)
453 code_gen_buffer_size = 16 * 1024 * 1024;
455 code_gen_buffer = mmap(start, code_gen_buffer_size,
456 PROT_WRITE | PROT_READ | PROT_EXEC,
458 if (code_gen_buffer == MAP_FAILED) {
459 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
463 #elif defined(__FreeBSD__) || defined(__DragonFly__)
467 flags = MAP_PRIVATE | MAP_ANONYMOUS;
468 #if defined(__x86_64__)
469 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
470 * 0x40000000 is free */
472 addr = (void *)0x40000000;
473 /* Cannot map more than that */
474 if (code_gen_buffer_size > (800 * 1024 * 1024))
475 code_gen_buffer_size = (800 * 1024 * 1024);
477 code_gen_buffer = mmap(addr, code_gen_buffer_size,
478 PROT_WRITE | PROT_READ | PROT_EXEC,
480 if (code_gen_buffer == MAP_FAILED) {
481 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
486 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
487 map_exec(code_gen_buffer, code_gen_buffer_size);
489 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
490 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
491 code_gen_buffer_max_size = code_gen_buffer_size -
492 code_gen_max_block_size();
493 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
494 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
497 /* Must be called before using the QEMU cpus. 'tb_size' is the size
498 (in bytes) allocated to the translation buffer. Zero means default
500 void cpu_exec_init_all(unsigned long tb_size)
503 code_gen_alloc(tb_size);
504 code_gen_ptr = code_gen_buffer;
506 #if !defined(CONFIG_USER_ONLY)
511 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
513 #define CPU_COMMON_SAVE_VERSION 1
515 static void cpu_common_save(QEMUFile *f, void *opaque)
517 CPUState *env = opaque;
519 cpu_synchronize_state(env, 0);
521 qemu_put_be32s(f, &env->halted);
522 qemu_put_be32s(f, &env->interrupt_request);
525 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
527 CPUState *env = opaque;
529 if (version_id != CPU_COMMON_SAVE_VERSION)
532 qemu_get_be32s(f, &env->halted);
533 qemu_get_be32s(f, &env->interrupt_request);
534 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
535 version_id is increased. */
536 env->interrupt_request &= ~0x01;
538 cpu_synchronize_state(env, 1);
544 void cpu_exec_init(CPUState *env)
549 #if defined(CONFIG_USER_ONLY)
552 env->next_cpu = NULL;
555 while (*penv != NULL) {
556 penv = &(*penv)->next_cpu;
559 env->cpu_index = cpu_index;
561 TAILQ_INIT(&env->breakpoints);
562 TAILQ_INIT(&env->watchpoints);
564 #if defined(CONFIG_USER_ONLY)
567 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
568 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
569 cpu_common_save, cpu_common_load, env);
570 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
571 cpu_save, cpu_load, env);
575 static inline void invalidate_page_bitmap(PageDesc *p)
577 if (p->code_bitmap) {
578 qemu_free(p->code_bitmap);
579 p->code_bitmap = NULL;
581 p->code_write_count = 0;
584 /* set to NULL all the 'first_tb' fields in all PageDescs */
585 static void page_flush_tb(void)
590 for(i = 0; i < L1_SIZE; i++) {
593 for(j = 0; j < L2_SIZE; j++) {
595 invalidate_page_bitmap(p);
602 /* flush all the translation blocks */
603 /* XXX: tb_flush is currently not thread safe */
604 void tb_flush(CPUState *env1)
607 #if defined(DEBUG_FLUSH)
608 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
609 (unsigned long)(code_gen_ptr - code_gen_buffer),
611 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
613 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
614 cpu_abort(env1, "Internal error: code buffer overflow\n");
618 for(env = first_cpu; env != NULL; env = env->next_cpu) {
619 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
622 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
625 code_gen_ptr = code_gen_buffer;
626 /* XXX: flush processor icache at this point if cache flush is
631 #ifdef DEBUG_TB_CHECK
633 static void tb_invalidate_check(target_ulong address)
635 TranslationBlock *tb;
637 address &= TARGET_PAGE_MASK;
638 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
639 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
640 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
641 address >= tb->pc + tb->size)) {
642 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
643 address, (long)tb->pc, tb->size);
649 /* verify that all the pages have correct rights for code */
650 static void tb_page_check(void)
652 TranslationBlock *tb;
653 int i, flags1, flags2;
655 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
656 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
657 flags1 = page_get_flags(tb->pc);
658 flags2 = page_get_flags(tb->pc + tb->size - 1);
659 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
660 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
661 (long)tb->pc, tb->size, flags1, flags2);
667 static void tb_jmp_check(TranslationBlock *tb)
669 TranslationBlock *tb1;
672 /* suppress any remaining jumps to this TB */
676 tb1 = (TranslationBlock *)((long)tb1 & ~3);
679 tb1 = tb1->jmp_next[n1];
681 /* check end of list */
683 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
689 /* invalidate one TB */
690 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
693 TranslationBlock *tb1;
697 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
700 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
704 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
706 TranslationBlock *tb1;
712 tb1 = (TranslationBlock *)((long)tb1 & ~3);
714 *ptb = tb1->page_next[n1];
717 ptb = &tb1->page_next[n1];
721 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
723 TranslationBlock *tb1, **ptb;
726 ptb = &tb->jmp_next[n];
729 /* find tb(n) in circular list */
733 tb1 = (TranslationBlock *)((long)tb1 & ~3);
734 if (n1 == n && tb1 == tb)
737 ptb = &tb1->jmp_first;
739 ptb = &tb1->jmp_next[n1];
742 /* now we can suppress tb(n) from the list */
743 *ptb = tb->jmp_next[n];
745 tb->jmp_next[n] = NULL;
749 /* reset the jump entry 'n' of a TB so that it is not chained to
751 static inline void tb_reset_jump(TranslationBlock *tb, int n)
753 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
756 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
761 target_phys_addr_t phys_pc;
762 TranslationBlock *tb1, *tb2;
764 /* remove the TB from the hash list */
765 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
766 h = tb_phys_hash_func(phys_pc);
767 tb_remove(&tb_phys_hash[h], tb,
768 offsetof(TranslationBlock, phys_hash_next));
770 /* remove the TB from the page list */
771 if (tb->page_addr[0] != page_addr) {
772 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
773 tb_page_remove(&p->first_tb, tb);
774 invalidate_page_bitmap(p);
776 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
777 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
778 tb_page_remove(&p->first_tb, tb);
779 invalidate_page_bitmap(p);
782 tb_invalidated_flag = 1;
784 /* remove the TB from the hash list */
785 h = tb_jmp_cache_hash_func(tb->pc);
786 for(env = first_cpu; env != NULL; env = env->next_cpu) {
787 if (env->tb_jmp_cache[h] == tb)
788 env->tb_jmp_cache[h] = NULL;
791 /* suppress this TB from the two jump lists */
792 tb_jmp_remove(tb, 0);
793 tb_jmp_remove(tb, 1);
795 /* suppress any remaining jumps to this TB */
801 tb1 = (TranslationBlock *)((long)tb1 & ~3);
802 tb2 = tb1->jmp_next[n1];
803 tb_reset_jump(tb1, n1);
804 tb1->jmp_next[n1] = NULL;
807 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
809 tb_phys_invalidate_count++;
812 static inline void set_bits(uint8_t *tab, int start, int len)
818 mask = 0xff << (start & 7);
819 if ((start & ~7) == (end & ~7)) {
821 mask &= ~(0xff << (end & 7));
826 start = (start + 8) & ~7;
828 while (start < end1) {
833 mask = ~(0xff << (end & 7));
839 static void build_page_bitmap(PageDesc *p)
841 int n, tb_start, tb_end;
842 TranslationBlock *tb;
844 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
849 tb = (TranslationBlock *)((long)tb & ~3);
850 /* NOTE: this is subtle as a TB may span two physical pages */
852 /* NOTE: tb_end may be after the end of the page, but
853 it is not a problem */
854 tb_start = tb->pc & ~TARGET_PAGE_MASK;
855 tb_end = tb_start + tb->size;
856 if (tb_end > TARGET_PAGE_SIZE)
857 tb_end = TARGET_PAGE_SIZE;
860 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
862 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
863 tb = tb->page_next[n];
867 TranslationBlock *tb_gen_code(CPUState *env,
868 target_ulong pc, target_ulong cs_base,
869 int flags, int cflags)
871 TranslationBlock *tb;
873 target_ulong phys_pc, phys_page2, virt_page2;
876 phys_pc = get_phys_addr_code(env, pc);
879 /* flush must be done */
881 /* cannot fail at this point */
883 /* Don't forget to invalidate previous TB info. */
884 tb_invalidated_flag = 1;
886 tc_ptr = code_gen_ptr;
888 tb->cs_base = cs_base;
891 cpu_gen_code(env, tb, &code_gen_size);
892 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
894 /* check next page if needed */
895 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
897 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
898 phys_page2 = get_phys_addr_code(env, virt_page2);
900 tb_link_phys(tb, phys_pc, phys_page2);
904 /* invalidate all TBs which intersect with the target physical page
905 starting in range [start;end[. NOTE: start and end must refer to
906 the same physical page. 'is_cpu_write_access' should be true if called
907 from a real cpu write access: the virtual CPU will exit the current
908 TB if code is modified inside this TB. */
909 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
910 int is_cpu_write_access)
912 TranslationBlock *tb, *tb_next, *saved_tb;
913 CPUState *env = cpu_single_env;
914 target_ulong tb_start, tb_end;
917 #ifdef TARGET_HAS_PRECISE_SMC
918 int current_tb_not_found = is_cpu_write_access;
919 TranslationBlock *current_tb = NULL;
920 int current_tb_modified = 0;
921 target_ulong current_pc = 0;
922 target_ulong current_cs_base = 0;
923 int current_flags = 0;
924 #endif /* TARGET_HAS_PRECISE_SMC */
926 p = page_find(start >> TARGET_PAGE_BITS);
929 if (!p->code_bitmap &&
930 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
931 is_cpu_write_access) {
932 /* build code bitmap */
933 build_page_bitmap(p);
936 /* we remove all the TBs in the range [start, end[ */
937 /* XXX: see if in some cases it could be faster to invalidate all the code */
941 tb = (TranslationBlock *)((long)tb & ~3);
942 tb_next = tb->page_next[n];
943 /* NOTE: this is subtle as a TB may span two physical pages */
945 /* NOTE: tb_end may be after the end of the page, but
946 it is not a problem */
947 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
948 tb_end = tb_start + tb->size;
950 tb_start = tb->page_addr[1];
951 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
953 if (!(tb_end <= start || tb_start >= end)) {
954 #ifdef TARGET_HAS_PRECISE_SMC
955 if (current_tb_not_found) {
956 current_tb_not_found = 0;
958 if (env->mem_io_pc) {
959 /* now we have a real cpu fault */
960 current_tb = tb_find_pc(env->mem_io_pc);
963 if (current_tb == tb &&
964 (current_tb->cflags & CF_COUNT_MASK) != 1) {
965 /* If we are modifying the current TB, we must stop
966 its execution. We could be more precise by checking
967 that the modification is after the current PC, but it
968 would require a specialized function to partially
969 restore the CPU state */
971 current_tb_modified = 1;
972 cpu_restore_state(current_tb, env,
973 env->mem_io_pc, NULL);
974 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
977 #endif /* TARGET_HAS_PRECISE_SMC */
978 /* we need to do that to handle the case where a signal
979 occurs while doing tb_phys_invalidate() */
982 saved_tb = env->current_tb;
983 env->current_tb = NULL;
985 tb_phys_invalidate(tb, -1);
987 env->current_tb = saved_tb;
988 if (env->interrupt_request && env->current_tb)
989 cpu_interrupt(env, env->interrupt_request);
994 #if !defined(CONFIG_USER_ONLY)
995 /* if no code remaining, no need to continue to use slow writes */
997 invalidate_page_bitmap(p);
998 if (is_cpu_write_access) {
999 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1003 #ifdef TARGET_HAS_PRECISE_SMC
1004 if (current_tb_modified) {
1005 /* we generate a block containing just the instruction
1006 modifying the memory. It will ensure that it cannot modify
1008 env->current_tb = NULL;
1009 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1010 cpu_resume_from_signal(env, NULL);
1015 /* len must be <= 8 and start must be a multiple of len */
1016 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1022 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1023 cpu_single_env->mem_io_vaddr, len,
1024 cpu_single_env->eip,
1025 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1028 p = page_find(start >> TARGET_PAGE_BITS);
1031 if (p->code_bitmap) {
1032 offset = start & ~TARGET_PAGE_MASK;
1033 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1034 if (b & ((1 << len) - 1))
1038 tb_invalidate_phys_page_range(start, start + len, 1);
1042 #if !defined(CONFIG_SOFTMMU)
1043 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1044 unsigned long pc, void *puc)
1046 TranslationBlock *tb;
1049 #ifdef TARGET_HAS_PRECISE_SMC
1050 TranslationBlock *current_tb = NULL;
1051 CPUState *env = cpu_single_env;
1052 int current_tb_modified = 0;
1053 target_ulong current_pc = 0;
1054 target_ulong current_cs_base = 0;
1055 int current_flags = 0;
1058 addr &= TARGET_PAGE_MASK;
1059 p = page_find(addr >> TARGET_PAGE_BITS);
1063 #ifdef TARGET_HAS_PRECISE_SMC
1064 if (tb && pc != 0) {
1065 current_tb = tb_find_pc(pc);
1068 while (tb != NULL) {
1070 tb = (TranslationBlock *)((long)tb & ~3);
1071 #ifdef TARGET_HAS_PRECISE_SMC
1072 if (current_tb == tb &&
1073 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1074 /* If we are modifying the current TB, we must stop
1075 its execution. We could be more precise by checking
1076 that the modification is after the current PC, but it
1077 would require a specialized function to partially
1078 restore the CPU state */
1080 current_tb_modified = 1;
1081 cpu_restore_state(current_tb, env, pc, puc);
1082 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1085 #endif /* TARGET_HAS_PRECISE_SMC */
1086 tb_phys_invalidate(tb, addr);
1087 tb = tb->page_next[n];
1090 #ifdef TARGET_HAS_PRECISE_SMC
1091 if (current_tb_modified) {
1092 /* we generate a block containing just the instruction
1093 modifying the memory. It will ensure that it cannot modify
1095 env->current_tb = NULL;
1096 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1097 cpu_resume_from_signal(env, puc);
1103 /* add the tb in the target page and protect it if necessary */
1104 static inline void tb_alloc_page(TranslationBlock *tb,
1105 unsigned int n, target_ulong page_addr)
1108 TranslationBlock *last_first_tb;
1110 tb->page_addr[n] = page_addr;
1111 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1112 tb->page_next[n] = p->first_tb;
1113 last_first_tb = p->first_tb;
1114 p->first_tb = (TranslationBlock *)((long)tb | n);
1115 invalidate_page_bitmap(p);
1117 #if defined(TARGET_HAS_SMC) || 1
1119 #if defined(CONFIG_USER_ONLY)
1120 if (p->flags & PAGE_WRITE) {
1125 /* force the host page as non writable (writes will have a
1126 page fault + mprotect overhead) */
1127 page_addr &= qemu_host_page_mask;
1129 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1130 addr += TARGET_PAGE_SIZE) {
1132 p2 = page_find (addr >> TARGET_PAGE_BITS);
1136 p2->flags &= ~PAGE_WRITE;
1137 page_get_flags(addr);
1139 mprotect(g2h(page_addr), qemu_host_page_size,
1140 (prot & PAGE_BITS) & ~PAGE_WRITE);
1141 #ifdef DEBUG_TB_INVALIDATE
1142 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1147 /* if some code is already present, then the pages are already
1148 protected. So we handle the case where only the first TB is
1149 allocated in a physical page */
1150 if (!last_first_tb) {
1151 tlb_protect_code(page_addr);
1155 #endif /* TARGET_HAS_SMC */
1158 /* Allocate a new translation block. Flush the translation buffer if
1159 too many translation blocks or too much generated code. */
1160 TranslationBlock *tb_alloc(target_ulong pc)
1162 TranslationBlock *tb;
1164 if (nb_tbs >= code_gen_max_blocks ||
1165 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1167 tb = &tbs[nb_tbs++];
1173 void tb_free(TranslationBlock *tb)
1175 /* In practice this is mostly used for single use temporary TB
1176 Ignore the hard cases and just back up if this TB happens to
1177 be the last one generated. */
1178 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1179 code_gen_ptr = tb->tc_ptr;
1184 /* add a new TB and link it to the physical page tables. phys_page2 is
1185 (-1) to indicate that only one page contains the TB. */
1186 void tb_link_phys(TranslationBlock *tb,
1187 target_ulong phys_pc, target_ulong phys_page2)
1190 TranslationBlock **ptb;
1192 /* Grab the mmap lock to stop another thread invalidating this TB
1193 before we are done. */
1195 /* add in the physical hash table */
1196 h = tb_phys_hash_func(phys_pc);
1197 ptb = &tb_phys_hash[h];
1198 tb->phys_hash_next = *ptb;
1201 /* add in the page list */
1202 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1203 if (phys_page2 != -1)
1204 tb_alloc_page(tb, 1, phys_page2);
1206 tb->page_addr[1] = -1;
1208 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1209 tb->jmp_next[0] = NULL;
1210 tb->jmp_next[1] = NULL;
1212 /* init original jump addresses */
1213 if (tb->tb_next_offset[0] != 0xffff)
1214 tb_reset_jump(tb, 0);
1215 if (tb->tb_next_offset[1] != 0xffff)
1216 tb_reset_jump(tb, 1);
1218 #ifdef DEBUG_TB_CHECK
1224 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1225 tb[1].tc_ptr. Return NULL if not found */
1226 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1228 int m_min, m_max, m;
1230 TranslationBlock *tb;
1234 if (tc_ptr < (unsigned long)code_gen_buffer ||
1235 tc_ptr >= (unsigned long)code_gen_ptr)
1237 /* binary search (cf Knuth) */
1240 while (m_min <= m_max) {
1241 m = (m_min + m_max) >> 1;
1243 v = (unsigned long)tb->tc_ptr;
1246 else if (tc_ptr < v) {
1255 static void tb_reset_jump_recursive(TranslationBlock *tb);
1257 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1259 TranslationBlock *tb1, *tb_next, **ptb;
1262 tb1 = tb->jmp_next[n];
1264 /* find head of list */
1267 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1270 tb1 = tb1->jmp_next[n1];
1272 /* we are now sure now that tb jumps to tb1 */
1275 /* remove tb from the jmp_first list */
1276 ptb = &tb_next->jmp_first;
1280 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1281 if (n1 == n && tb1 == tb)
1283 ptb = &tb1->jmp_next[n1];
1285 *ptb = tb->jmp_next[n];
1286 tb->jmp_next[n] = NULL;
1288 /* suppress the jump to next tb in generated code */
1289 tb_reset_jump(tb, n);
1291 /* suppress jumps in the tb on which we could have jumped */
1292 tb_reset_jump_recursive(tb_next);
1296 static void tb_reset_jump_recursive(TranslationBlock *tb)
1298 tb_reset_jump_recursive2(tb, 0);
1299 tb_reset_jump_recursive2(tb, 1);
1302 #if defined(TARGET_HAS_ICE)
1303 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1305 target_phys_addr_t addr;
1307 ram_addr_t ram_addr;
1310 addr = cpu_get_phys_page_debug(env, pc);
1311 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1313 pd = IO_MEM_UNASSIGNED;
1315 pd = p->phys_offset;
1317 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1318 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1322 /* Add a watchpoint. */
1323 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1324 int flags, CPUWatchpoint **watchpoint)
1326 target_ulong len_mask = ~(len - 1);
1329 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1330 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1331 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1332 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1335 wp = qemu_malloc(sizeof(*wp));
1338 wp->len_mask = len_mask;
1341 /* keep all GDB-injected watchpoints in front */
1343 TAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1345 TAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1347 tlb_flush_page(env, addr);
1354 /* Remove a specific watchpoint. */
1355 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1358 target_ulong len_mask = ~(len - 1);
1361 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1362 if (addr == wp->vaddr && len_mask == wp->len_mask
1363 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1364 cpu_watchpoint_remove_by_ref(env, wp);
1371 /* Remove a specific watchpoint by reference. */
1372 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1374 TAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1376 tlb_flush_page(env, watchpoint->vaddr);
1378 qemu_free(watchpoint);
1381 /* Remove all matching watchpoints. */
1382 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1384 CPUWatchpoint *wp, *next;
1386 TAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1387 if (wp->flags & mask)
1388 cpu_watchpoint_remove_by_ref(env, wp);
1392 /* Add a breakpoint. */
1393 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1394 CPUBreakpoint **breakpoint)
1396 #if defined(TARGET_HAS_ICE)
1399 bp = qemu_malloc(sizeof(*bp));
1404 /* keep all GDB-injected breakpoints in front */
1406 TAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1408 TAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1410 breakpoint_invalidate(env, pc);
1420 /* Remove a specific breakpoint. */
1421 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1423 #if defined(TARGET_HAS_ICE)
1426 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1427 if (bp->pc == pc && bp->flags == flags) {
1428 cpu_breakpoint_remove_by_ref(env, bp);
1438 /* Remove a specific breakpoint by reference. */
1439 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1441 #if defined(TARGET_HAS_ICE)
1442 TAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1444 breakpoint_invalidate(env, breakpoint->pc);
1446 qemu_free(breakpoint);
1450 /* Remove all matching breakpoints. */
1451 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1453 #if defined(TARGET_HAS_ICE)
1454 CPUBreakpoint *bp, *next;
1456 TAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1457 if (bp->flags & mask)
1458 cpu_breakpoint_remove_by_ref(env, bp);
1463 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1464 CPU loop after each instruction */
1465 void cpu_single_step(CPUState *env, int enabled)
1467 #if defined(TARGET_HAS_ICE)
1468 if (env->singlestep_enabled != enabled) {
1469 env->singlestep_enabled = enabled;
1471 kvm_update_guest_debug(env, 0);
1473 /* must flush all the translated code to avoid inconsistencies */
1474 /* XXX: only flush what is necessary */
1481 /* enable or disable low levels log */
1482 void cpu_set_log(int log_flags)
1484 loglevel = log_flags;
1485 if (loglevel && !logfile) {
1486 logfile = fopen(logfilename, log_append ? "a" : "w");
1488 perror(logfilename);
1491 #if !defined(CONFIG_SOFTMMU)
1492 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1494 static char logfile_buf[4096];
1495 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1498 setvbuf(logfile, NULL, _IOLBF, 0);
1502 if (!loglevel && logfile) {
1508 void cpu_set_log_filename(const char *filename)
1510 logfilename = strdup(filename);
1515 cpu_set_log(loglevel);
1518 static void cpu_unlink_tb(CPUState *env)
1520 #if defined(USE_NPTL)
1521 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1522 problem and hope the cpu will stop of its own accord. For userspace
1523 emulation this often isn't actually as bad as it sounds. Often
1524 signals are used primarily to interrupt blocking syscalls. */
1526 TranslationBlock *tb;
1527 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1529 tb = env->current_tb;
1530 /* if the cpu is currently executing code, we must unlink it and
1531 all the potentially executing TB */
1532 if (tb && !testandset(&interrupt_lock)) {
1533 env->current_tb = NULL;
1534 tb_reset_jump_recursive(tb);
1535 resetlock(&interrupt_lock);
1540 /* mask must never be zero, except for A20 change call */
1541 void cpu_interrupt(CPUState *env, int mask)
1545 old_mask = env->interrupt_request;
1546 env->interrupt_request |= mask;
1548 #ifndef CONFIG_USER_ONLY
1550 * If called from iothread context, wake the target cpu in
1553 if (!qemu_cpu_self(env)) {
1560 env->icount_decr.u16.high = 0xffff;
1561 #ifndef CONFIG_USER_ONLY
1563 && (mask & ~old_mask) != 0) {
1564 cpu_abort(env, "Raised interrupt while not in I/O function");
1572 void cpu_reset_interrupt(CPUState *env, int mask)
1574 env->interrupt_request &= ~mask;
1577 void cpu_exit(CPUState *env)
1579 env->exit_request = 1;
1583 const CPULogItem cpu_log_items[] = {
1584 { CPU_LOG_TB_OUT_ASM, "out_asm",
1585 "show generated host assembly code for each compiled TB" },
1586 { CPU_LOG_TB_IN_ASM, "in_asm",
1587 "show target assembly code for each compiled TB" },
1588 { CPU_LOG_TB_OP, "op",
1589 "show micro ops for each compiled TB" },
1590 { CPU_LOG_TB_OP_OPT, "op_opt",
1593 "before eflags optimization and "
1595 "after liveness analysis" },
1596 { CPU_LOG_INT, "int",
1597 "show interrupts/exceptions in short format" },
1598 { CPU_LOG_EXEC, "exec",
1599 "show trace before each executed TB (lots of logs)" },
1600 { CPU_LOG_TB_CPU, "cpu",
1601 "show CPU state before block translation" },
1603 { CPU_LOG_PCALL, "pcall",
1604 "show protected mode far calls/returns/exceptions" },
1605 { CPU_LOG_RESET, "cpu_reset",
1606 "show CPU state before CPU resets" },
1609 { CPU_LOG_IOPORT, "ioport",
1610 "show all i/o ports accesses" },
1615 static int cmp1(const char *s1, int n, const char *s2)
1617 if (strlen(s2) != n)
1619 return memcmp(s1, s2, n) == 0;
1622 /* takes a comma separated list of log masks. Return 0 if error. */
1623 int cpu_str_to_log_mask(const char *str)
1625 const CPULogItem *item;
1632 p1 = strchr(p, ',');
1635 if(cmp1(p,p1-p,"all")) {
1636 for(item = cpu_log_items; item->mask != 0; item++) {
1640 for(item = cpu_log_items; item->mask != 0; item++) {
1641 if (cmp1(p, p1 - p, item->name))
1655 void cpu_abort(CPUState *env, const char *fmt, ...)
1662 fprintf(stderr, "qemu: fatal: ");
1663 vfprintf(stderr, fmt, ap);
1664 fprintf(stderr, "\n");
1666 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1668 cpu_dump_state(env, stderr, fprintf, 0);
1670 if (qemu_log_enabled()) {
1671 qemu_log("qemu: fatal: ");
1672 qemu_log_vprintf(fmt, ap2);
1675 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1677 log_cpu_state(env, 0);
1687 CPUState *cpu_copy(CPUState *env)
1689 CPUState *new_env = cpu_init(env->cpu_model_str);
1690 CPUState *next_cpu = new_env->next_cpu;
1691 int cpu_index = new_env->cpu_index;
1692 #if defined(TARGET_HAS_ICE)
1697 memcpy(new_env, env, sizeof(CPUState));
1699 /* Preserve chaining and index. */
1700 new_env->next_cpu = next_cpu;
1701 new_env->cpu_index = cpu_index;
1703 /* Clone all break/watchpoints.
1704 Note: Once we support ptrace with hw-debug register access, make sure
1705 BP_CPU break/watchpoints are handled correctly on clone. */
1706 TAILQ_INIT(&env->breakpoints);
1707 TAILQ_INIT(&env->watchpoints);
1708 #if defined(TARGET_HAS_ICE)
1709 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1710 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1712 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1713 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1721 #if !defined(CONFIG_USER_ONLY)
1723 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1727 /* Discard jump cache entries for any tb which might potentially
1728 overlap the flushed page. */
1729 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1730 memset (&env->tb_jmp_cache[i], 0,
1731 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1733 i = tb_jmp_cache_hash_page(addr);
1734 memset (&env->tb_jmp_cache[i], 0,
1735 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1738 /* NOTE: if flush_global is true, also flush global entries (not
1740 void tlb_flush(CPUState *env, int flush_global)
1744 #if defined(DEBUG_TLB)
1745 printf("tlb_flush:\n");
1747 /* must reset current TB so that interrupts cannot modify the
1748 links while we are modifying them */
1749 env->current_tb = NULL;
1751 for(i = 0; i < CPU_TLB_SIZE; i++) {
1752 env->tlb_table[0][i].addr_read = -1;
1753 env->tlb_table[0][i].addr_write = -1;
1754 env->tlb_table[0][i].addr_code = -1;
1755 env->tlb_table[1][i].addr_read = -1;
1756 env->tlb_table[1][i].addr_write = -1;
1757 env->tlb_table[1][i].addr_code = -1;
1758 #if (NB_MMU_MODES >= 3)
1759 env->tlb_table[2][i].addr_read = -1;
1760 env->tlb_table[2][i].addr_write = -1;
1761 env->tlb_table[2][i].addr_code = -1;
1763 #if (NB_MMU_MODES >= 4)
1764 env->tlb_table[3][i].addr_read = -1;
1765 env->tlb_table[3][i].addr_write = -1;
1766 env->tlb_table[3][i].addr_code = -1;
1768 #if (NB_MMU_MODES >= 5)
1769 env->tlb_table[4][i].addr_read = -1;
1770 env->tlb_table[4][i].addr_write = -1;
1771 env->tlb_table[4][i].addr_code = -1;
1776 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1779 if (env->kqemu_enabled) {
1780 kqemu_flush(env, flush_global);
1786 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1788 if (addr == (tlb_entry->addr_read &
1789 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1790 addr == (tlb_entry->addr_write &
1791 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1792 addr == (tlb_entry->addr_code &
1793 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1794 tlb_entry->addr_read = -1;
1795 tlb_entry->addr_write = -1;
1796 tlb_entry->addr_code = -1;
1800 void tlb_flush_page(CPUState *env, target_ulong addr)
1804 #if defined(DEBUG_TLB)
1805 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1807 /* must reset current TB so that interrupts cannot modify the
1808 links while we are modifying them */
1809 env->current_tb = NULL;
1811 addr &= TARGET_PAGE_MASK;
1812 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1813 tlb_flush_entry(&env->tlb_table[0][i], addr);
1814 tlb_flush_entry(&env->tlb_table[1][i], addr);
1815 #if (NB_MMU_MODES >= 3)
1816 tlb_flush_entry(&env->tlb_table[2][i], addr);
1818 #if (NB_MMU_MODES >= 4)
1819 tlb_flush_entry(&env->tlb_table[3][i], addr);
1821 #if (NB_MMU_MODES >= 5)
1822 tlb_flush_entry(&env->tlb_table[4][i], addr);
1825 tlb_flush_jmp_cache(env, addr);
1828 if (env->kqemu_enabled) {
1829 kqemu_flush_page(env, addr);
1834 /* update the TLBs so that writes to code in the virtual page 'addr'
1836 static void tlb_protect_code(ram_addr_t ram_addr)
1838 cpu_physical_memory_reset_dirty(ram_addr,
1839 ram_addr + TARGET_PAGE_SIZE,
1843 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1844 tested for self modifying code */
1845 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1848 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1851 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1852 unsigned long start, unsigned long length)
1855 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1856 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1857 if ((addr - start) < length) {
1858 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1863 /* Note: start and end must be within the same ram block. */
1864 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1868 unsigned long length, start1;
1872 start &= TARGET_PAGE_MASK;
1873 end = TARGET_PAGE_ALIGN(end);
1875 length = end - start;
1878 len = length >> TARGET_PAGE_BITS;
1880 /* XXX: should not depend on cpu context */
1882 if (env->kqemu_enabled) {
1885 for(i = 0; i < len; i++) {
1886 kqemu_set_notdirty(env, addr);
1887 addr += TARGET_PAGE_SIZE;
1891 mask = ~dirty_flags;
1892 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1893 for(i = 0; i < len; i++)
1896 /* we modify the TLB cache so that the dirty bit will be set again
1897 when accessing the range */
1898 start1 = (unsigned long)qemu_get_ram_ptr(start);
1899 /* Chek that we don't span multiple blocks - this breaks the
1900 address comparisons below. */
1901 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
1902 != (end - 1) - start) {
1906 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1907 for(i = 0; i < CPU_TLB_SIZE; i++)
1908 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1909 for(i = 0; i < CPU_TLB_SIZE; i++)
1910 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1911 #if (NB_MMU_MODES >= 3)
1912 for(i = 0; i < CPU_TLB_SIZE; i++)
1913 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1915 #if (NB_MMU_MODES >= 4)
1916 for(i = 0; i < CPU_TLB_SIZE; i++)
1917 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1919 #if (NB_MMU_MODES >= 5)
1920 for(i = 0; i < CPU_TLB_SIZE; i++)
1921 tlb_reset_dirty_range(&env->tlb_table[4][i], start1, length);
1926 int cpu_physical_memory_set_dirty_tracking(int enable)
1928 in_migration = enable;
1929 if (kvm_enabled()) {
1930 return kvm_set_migration_log(enable);
1935 int cpu_physical_memory_get_dirty_tracking(void)
1937 return in_migration;
1940 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
1941 target_phys_addr_t end_addr)
1946 ret = kvm_physical_sync_dirty_bitmap(start_addr, end_addr);
1950 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1952 ram_addr_t ram_addr;
1955 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1956 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
1957 + tlb_entry->addend);
1958 ram_addr = qemu_ram_addr_from_host(p);
1959 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1960 tlb_entry->addr_write |= TLB_NOTDIRTY;
1965 /* update the TLB according to the current state of the dirty bits */
1966 void cpu_tlb_update_dirty(CPUState *env)
1969 for(i = 0; i < CPU_TLB_SIZE; i++)
1970 tlb_update_dirty(&env->tlb_table[0][i]);
1971 for(i = 0; i < CPU_TLB_SIZE; i++)
1972 tlb_update_dirty(&env->tlb_table[1][i]);
1973 #if (NB_MMU_MODES >= 3)
1974 for(i = 0; i < CPU_TLB_SIZE; i++)
1975 tlb_update_dirty(&env->tlb_table[2][i]);
1977 #if (NB_MMU_MODES >= 4)
1978 for(i = 0; i < CPU_TLB_SIZE; i++)
1979 tlb_update_dirty(&env->tlb_table[3][i]);
1981 #if (NB_MMU_MODES >= 5)
1982 for(i = 0; i < CPU_TLB_SIZE; i++)
1983 tlb_update_dirty(&env->tlb_table[4][i]);
1987 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1989 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1990 tlb_entry->addr_write = vaddr;
1993 /* update the TLB corresponding to virtual page vaddr
1994 so that it is no longer dirty */
1995 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1999 vaddr &= TARGET_PAGE_MASK;
2000 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2001 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
2002 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
2003 #if (NB_MMU_MODES >= 3)
2004 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
2006 #if (NB_MMU_MODES >= 4)
2007 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
2009 #if (NB_MMU_MODES >= 5)
2010 tlb_set_dirty1(&env->tlb_table[4][i], vaddr);
2014 /* add a new TLB entry. At most one entry for a given virtual address
2015 is permitted. Return 0 if OK or 2 if the page could not be mapped
2016 (can only happen in non SOFTMMU mode for I/O pages or pages
2017 conflicting with the host address space). */
2018 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2019 target_phys_addr_t paddr, int prot,
2020 int mmu_idx, int is_softmmu)
2025 target_ulong address;
2026 target_ulong code_address;
2027 target_phys_addr_t addend;
2031 target_phys_addr_t iotlb;
2033 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2035 pd = IO_MEM_UNASSIGNED;
2037 pd = p->phys_offset;
2039 #if defined(DEBUG_TLB)
2040 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2041 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2046 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2047 /* IO memory case (romd handled later) */
2048 address |= TLB_MMIO;
2050 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2051 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2053 iotlb = pd & TARGET_PAGE_MASK;
2054 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2055 iotlb |= IO_MEM_NOTDIRTY;
2057 iotlb |= IO_MEM_ROM;
2059 /* IO handlers are currently passed a physical address.
2060 It would be nice to pass an offset from the base address
2061 of that region. This would avoid having to special case RAM,
2062 and avoid full address decoding in every device.
2063 We can't use the high bits of pd for this because
2064 IO_MEM_ROMD uses these as a ram address. */
2065 iotlb = (pd & ~TARGET_PAGE_MASK);
2067 iotlb += p->region_offset;
2073 code_address = address;
2074 /* Make accesses to pages with watchpoints go via the
2075 watchpoint trap routines. */
2076 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2077 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2078 iotlb = io_mem_watch + paddr;
2079 /* TODO: The memory case can be optimized by not trapping
2080 reads of pages with a write breakpoint. */
2081 address |= TLB_MMIO;
2085 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2086 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2087 te = &env->tlb_table[mmu_idx][index];
2088 te->addend = addend - vaddr;
2089 if (prot & PAGE_READ) {
2090 te->addr_read = address;
2095 if (prot & PAGE_EXEC) {
2096 te->addr_code = code_address;
2100 if (prot & PAGE_WRITE) {
2101 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2102 (pd & IO_MEM_ROMD)) {
2103 /* Write access calls the I/O callback. */
2104 te->addr_write = address | TLB_MMIO;
2105 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2106 !cpu_physical_memory_is_dirty(pd)) {
2107 te->addr_write = address | TLB_NOTDIRTY;
2109 te->addr_write = address;
2112 te->addr_write = -1;
2119 void tlb_flush(CPUState *env, int flush_global)
2123 void tlb_flush_page(CPUState *env, target_ulong addr)
2127 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2128 target_phys_addr_t paddr, int prot,
2129 int mmu_idx, int is_softmmu)
2135 * Walks guest process memory "regions" one by one
2136 * and calls callback function 'fn' for each region.
2138 int walk_memory_regions(void *priv,
2139 int (*fn)(void *, unsigned long, unsigned long, unsigned long))
2141 unsigned long start, end;
2143 int i, j, prot, prot1;
2149 for (i = 0; i <= L1_SIZE; i++) {
2150 p = (i < L1_SIZE) ? l1_map[i] : NULL;
2151 for (j = 0; j < L2_SIZE; j++) {
2152 prot1 = (p == NULL) ? 0 : p[j].flags;
2154 * "region" is one continuous chunk of memory
2155 * that has same protection flags set.
2157 if (prot1 != prot) {
2158 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2160 rc = (*fn)(priv, start, end, prot);
2161 /* callback can stop iteration by returning != 0 */
2178 static int dump_region(void *priv, unsigned long start,
2179 unsigned long end, unsigned long prot)
2181 FILE *f = (FILE *)priv;
2183 (void) fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2184 start, end, end - start,
2185 ((prot & PAGE_READ) ? 'r' : '-'),
2186 ((prot & PAGE_WRITE) ? 'w' : '-'),
2187 ((prot & PAGE_EXEC) ? 'x' : '-'));
2192 /* dump memory mappings */
2193 void page_dump(FILE *f)
2195 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2196 "start", "end", "size", "prot");
2197 walk_memory_regions(f, dump_region);
2200 int page_get_flags(target_ulong address)
2204 p = page_find(address >> TARGET_PAGE_BITS);
2210 /* modify the flags of a page and invalidate the code if
2211 necessary. The flag PAGE_WRITE_ORG is positioned automatically
2212 depending on PAGE_WRITE */
2213 void page_set_flags(target_ulong start, target_ulong end, int flags)
2218 /* mmap_lock should already be held. */
2219 start = start & TARGET_PAGE_MASK;
2220 end = TARGET_PAGE_ALIGN(end);
2221 if (flags & PAGE_WRITE)
2222 flags |= PAGE_WRITE_ORG;
2223 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2224 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2225 /* We may be called for host regions that are outside guest
2229 /* if the write protection is set, then we invalidate the code
2231 if (!(p->flags & PAGE_WRITE) &&
2232 (flags & PAGE_WRITE) &&
2234 tb_invalidate_phys_page(addr, 0, NULL);
2240 int page_check_range(target_ulong start, target_ulong len, int flags)
2246 if (start + len < start)
2247 /* we've wrapped around */
2250 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2251 start = start & TARGET_PAGE_MASK;
2253 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2254 p = page_find(addr >> TARGET_PAGE_BITS);
2257 if( !(p->flags & PAGE_VALID) )
2260 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2262 if (flags & PAGE_WRITE) {
2263 if (!(p->flags & PAGE_WRITE_ORG))
2265 /* unprotect the page if it was put read-only because it
2266 contains translated code */
2267 if (!(p->flags & PAGE_WRITE)) {
2268 if (!page_unprotect(addr, 0, NULL))
2277 /* called from signal handler: invalidate the code and unprotect the
2278 page. Return TRUE if the fault was successfully handled. */
2279 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2281 unsigned int page_index, prot, pindex;
2283 target_ulong host_start, host_end, addr;
2285 /* Technically this isn't safe inside a signal handler. However we
2286 know this only ever happens in a synchronous SEGV handler, so in
2287 practice it seems to be ok. */
2290 host_start = address & qemu_host_page_mask;
2291 page_index = host_start >> TARGET_PAGE_BITS;
2292 p1 = page_find(page_index);
2297 host_end = host_start + qemu_host_page_size;
2300 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2304 /* if the page was really writable, then we change its
2305 protection back to writable */
2306 if (prot & PAGE_WRITE_ORG) {
2307 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2308 if (!(p1[pindex].flags & PAGE_WRITE)) {
2309 mprotect((void *)g2h(host_start), qemu_host_page_size,
2310 (prot & PAGE_BITS) | PAGE_WRITE);
2311 p1[pindex].flags |= PAGE_WRITE;
2312 /* and since the content will be modified, we must invalidate
2313 the corresponding translated code. */
2314 tb_invalidate_phys_page(address, pc, puc);
2315 #ifdef DEBUG_TB_CHECK
2316 tb_invalidate_check(address);
2326 static inline void tlb_set_dirty(CPUState *env,
2327 unsigned long addr, target_ulong vaddr)
2330 #endif /* defined(CONFIG_USER_ONLY) */
2332 #if !defined(CONFIG_USER_ONLY)
2334 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2335 ram_addr_t memory, ram_addr_t region_offset);
2336 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2337 ram_addr_t orig_memory, ram_addr_t region_offset);
2338 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2341 if (addr > start_addr) \
2344 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2345 if (start_addr2 > 0) \
2349 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2350 end_addr2 = TARGET_PAGE_SIZE - 1; \
2352 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2353 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2358 /* register physical memory. 'size' must be a multiple of the target
2359 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2360 io memory page. The address used when calling the IO function is
2361 the offset from the start of the region, plus region_offset. Both
2362 start_addr and region_offset are rounded down to a page boundary
2363 before calculating this offset. This should not be a problem unless
2364 the low bits of start_addr and region_offset differ. */
2365 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2367 ram_addr_t phys_offset,
2368 ram_addr_t region_offset)
2370 target_phys_addr_t addr, end_addr;
2373 ram_addr_t orig_size = size;
2377 /* XXX: should not depend on cpu context */
2379 if (env->kqemu_enabled) {
2380 kqemu_set_phys_mem(start_addr, size, phys_offset);
2384 kvm_set_phys_mem(start_addr, size, phys_offset);
2386 if (phys_offset == IO_MEM_UNASSIGNED) {
2387 region_offset = start_addr;
2389 region_offset &= TARGET_PAGE_MASK;
2390 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2391 end_addr = start_addr + (target_phys_addr_t)size;
2392 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2393 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2394 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2395 ram_addr_t orig_memory = p->phys_offset;
2396 target_phys_addr_t start_addr2, end_addr2;
2397 int need_subpage = 0;
2399 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2401 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2402 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2403 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2404 &p->phys_offset, orig_memory,
2407 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2410 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2412 p->region_offset = 0;
2414 p->phys_offset = phys_offset;
2415 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2416 (phys_offset & IO_MEM_ROMD))
2417 phys_offset += TARGET_PAGE_SIZE;
2420 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2421 p->phys_offset = phys_offset;
2422 p->region_offset = region_offset;
2423 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2424 (phys_offset & IO_MEM_ROMD)) {
2425 phys_offset += TARGET_PAGE_SIZE;
2427 target_phys_addr_t start_addr2, end_addr2;
2428 int need_subpage = 0;
2430 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2431 end_addr2, need_subpage);
2433 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2434 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2435 &p->phys_offset, IO_MEM_UNASSIGNED,
2436 addr & TARGET_PAGE_MASK);
2437 subpage_register(subpage, start_addr2, end_addr2,
2438 phys_offset, region_offset);
2439 p->region_offset = 0;
2443 region_offset += TARGET_PAGE_SIZE;
2446 /* since each CPU stores ram addresses in its TLB cache, we must
2447 reset the modified entries */
2449 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2454 /* XXX: temporary until new memory mapping API */
2455 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2459 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2461 return IO_MEM_UNASSIGNED;
2462 return p->phys_offset;
2465 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2468 kvm_coalesce_mmio_region(addr, size);
2471 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2474 kvm_uncoalesce_mmio_region(addr, size);
2478 /* XXX: better than nothing */
2479 static ram_addr_t kqemu_ram_alloc(ram_addr_t size)
2482 if ((last_ram_offset + size) > kqemu_phys_ram_size) {
2483 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2484 (uint64_t)size, (uint64_t)kqemu_phys_ram_size);
2487 addr = last_ram_offset;
2488 last_ram_offset = TARGET_PAGE_ALIGN(last_ram_offset + size);
2493 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2495 RAMBlock *new_block;
2498 if (kqemu_phys_ram_base) {
2499 return kqemu_ram_alloc(size);
2503 size = TARGET_PAGE_ALIGN(size);
2504 new_block = qemu_malloc(sizeof(*new_block));
2506 new_block->host = qemu_vmalloc(size);
2507 new_block->offset = last_ram_offset;
2508 new_block->length = size;
2510 new_block->next = ram_blocks;
2511 ram_blocks = new_block;
2513 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2514 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2515 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2516 0xff, size >> TARGET_PAGE_BITS);
2518 last_ram_offset += size;
2521 kvm_setup_guest_memory(new_block->host, size);
2523 return new_block->offset;
2526 void qemu_ram_free(ram_addr_t addr)
2528 /* TODO: implement this. */
2531 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2532 With the exception of the softmmu code in this file, this should
2533 only be used for local memory (e.g. video ram) that the device owns,
2534 and knows it isn't going to access beyond the end of the block.
2536 It should not be used for general purpose DMA.
2537 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2539 void *qemu_get_ram_ptr(ram_addr_t addr)
2546 if (kqemu_phys_ram_base) {
2547 return kqemu_phys_ram_base + addr;
2552 prevp = &ram_blocks;
2554 while (block && (block->offset > addr
2555 || block->offset + block->length <= addr)) {
2557 prevp = &prev->next;
2559 block = block->next;
2562 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2565 /* Move this entry to to start of the list. */
2567 prev->next = block->next;
2568 block->next = *prevp;
2571 return block->host + (addr - block->offset);
2574 /* Some of the softmmu routines need to translate from a host pointer
2575 (typically a TLB entry) back to a ram offset. */
2576 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2581 uint8_t *host = ptr;
2584 if (kqemu_phys_ram_base) {
2585 return host - kqemu_phys_ram_base;
2590 prevp = &ram_blocks;
2592 while (block && (block->host > host
2593 || block->host + block->length <= host)) {
2595 prevp = &prev->next;
2597 block = block->next;
2600 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2603 return block->offset + (host - block->host);
2606 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2608 #ifdef DEBUG_UNASSIGNED
2609 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2611 #if defined(TARGET_SPARC)
2612 do_unassigned_access(addr, 0, 0, 0, 1);
2617 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2619 #ifdef DEBUG_UNASSIGNED
2620 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2622 #if defined(TARGET_SPARC)
2623 do_unassigned_access(addr, 0, 0, 0, 2);
2628 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2630 #ifdef DEBUG_UNASSIGNED
2631 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2633 #if defined(TARGET_SPARC)
2634 do_unassigned_access(addr, 0, 0, 0, 4);
2639 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2641 #ifdef DEBUG_UNASSIGNED
2642 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2644 #if defined(TARGET_SPARC)
2645 do_unassigned_access(addr, 1, 0, 0, 1);
2649 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2651 #ifdef DEBUG_UNASSIGNED
2652 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2654 #if defined(TARGET_SPARC)
2655 do_unassigned_access(addr, 1, 0, 0, 2);
2659 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2661 #ifdef DEBUG_UNASSIGNED
2662 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2664 #if defined(TARGET_SPARC)
2665 do_unassigned_access(addr, 1, 0, 0, 4);
2669 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2670 unassigned_mem_readb,
2671 unassigned_mem_readw,
2672 unassigned_mem_readl,
2675 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2676 unassigned_mem_writeb,
2677 unassigned_mem_writew,
2678 unassigned_mem_writel,
2681 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2685 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2686 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2687 #if !defined(CONFIG_USER_ONLY)
2688 tb_invalidate_phys_page_fast(ram_addr, 1);
2689 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2692 stb_p(qemu_get_ram_ptr(ram_addr), val);
2694 if (cpu_single_env->kqemu_enabled &&
2695 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2696 kqemu_modify_page(cpu_single_env, ram_addr);
2698 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2699 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2700 /* we remove the notdirty callback only if the code has been
2702 if (dirty_flags == 0xff)
2703 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2706 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2710 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2711 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2712 #if !defined(CONFIG_USER_ONLY)
2713 tb_invalidate_phys_page_fast(ram_addr, 2);
2714 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2717 stw_p(qemu_get_ram_ptr(ram_addr), val);
2719 if (cpu_single_env->kqemu_enabled &&
2720 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2721 kqemu_modify_page(cpu_single_env, ram_addr);
2723 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2724 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2725 /* we remove the notdirty callback only if the code has been
2727 if (dirty_flags == 0xff)
2728 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2731 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2735 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2736 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2737 #if !defined(CONFIG_USER_ONLY)
2738 tb_invalidate_phys_page_fast(ram_addr, 4);
2739 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2742 stl_p(qemu_get_ram_ptr(ram_addr), val);
2744 if (cpu_single_env->kqemu_enabled &&
2745 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2746 kqemu_modify_page(cpu_single_env, ram_addr);
2748 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2749 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2750 /* we remove the notdirty callback only if the code has been
2752 if (dirty_flags == 0xff)
2753 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2756 static CPUReadMemoryFunc *error_mem_read[3] = {
2757 NULL, /* never used */
2758 NULL, /* never used */
2759 NULL, /* never used */
2762 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2763 notdirty_mem_writeb,
2764 notdirty_mem_writew,
2765 notdirty_mem_writel,
2768 /* Generate a debug exception if a watchpoint has been hit. */
2769 static void check_watchpoint(int offset, int len_mask, int flags)
2771 CPUState *env = cpu_single_env;
2772 target_ulong pc, cs_base;
2773 TranslationBlock *tb;
2778 if (env->watchpoint_hit) {
2779 /* We re-entered the check after replacing the TB. Now raise
2780 * the debug interrupt so that is will trigger after the
2781 * current instruction. */
2782 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2785 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2786 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2787 if ((vaddr == (wp->vaddr & len_mask) ||
2788 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2789 wp->flags |= BP_WATCHPOINT_HIT;
2790 if (!env->watchpoint_hit) {
2791 env->watchpoint_hit = wp;
2792 tb = tb_find_pc(env->mem_io_pc);
2794 cpu_abort(env, "check_watchpoint: could not find TB for "
2795 "pc=%p", (void *)env->mem_io_pc);
2797 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2798 tb_phys_invalidate(tb, -1);
2799 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2800 env->exception_index = EXCP_DEBUG;
2802 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2803 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2805 cpu_resume_from_signal(env, NULL);
2808 wp->flags &= ~BP_WATCHPOINT_HIT;
2813 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2814 so these check for a hit then pass through to the normal out-of-line
2816 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2818 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2819 return ldub_phys(addr);
2822 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2824 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2825 return lduw_phys(addr);
2828 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2830 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2831 return ldl_phys(addr);
2834 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2837 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2838 stb_phys(addr, val);
2841 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2844 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2845 stw_phys(addr, val);
2848 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2851 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2852 stl_phys(addr, val);
2855 static CPUReadMemoryFunc *watch_mem_read[3] = {
2861 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2867 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2873 idx = SUBPAGE_IDX(addr);
2874 #if defined(DEBUG_SUBPAGE)
2875 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2876 mmio, len, addr, idx);
2878 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2879 addr + mmio->region_offset[idx][0][len]);
2884 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2885 uint32_t value, unsigned int len)
2889 idx = SUBPAGE_IDX(addr);
2890 #if defined(DEBUG_SUBPAGE)
2891 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2892 mmio, len, addr, idx, value);
2894 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2895 addr + mmio->region_offset[idx][1][len],
2899 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2901 #if defined(DEBUG_SUBPAGE)
2902 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2905 return subpage_readlen(opaque, addr, 0);
2908 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2911 #if defined(DEBUG_SUBPAGE)
2912 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2914 subpage_writelen(opaque, addr, value, 0);
2917 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2919 #if defined(DEBUG_SUBPAGE)
2920 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2923 return subpage_readlen(opaque, addr, 1);
2926 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2929 #if defined(DEBUG_SUBPAGE)
2930 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2932 subpage_writelen(opaque, addr, value, 1);
2935 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2937 #if defined(DEBUG_SUBPAGE)
2938 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2941 return subpage_readlen(opaque, addr, 2);
2944 static void subpage_writel (void *opaque,
2945 target_phys_addr_t addr, uint32_t value)
2947 #if defined(DEBUG_SUBPAGE)
2948 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2950 subpage_writelen(opaque, addr, value, 2);
2953 static CPUReadMemoryFunc *subpage_read[] = {
2959 static CPUWriteMemoryFunc *subpage_write[] = {
2965 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2966 ram_addr_t memory, ram_addr_t region_offset)
2971 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2973 idx = SUBPAGE_IDX(start);
2974 eidx = SUBPAGE_IDX(end);
2975 #if defined(DEBUG_SUBPAGE)
2976 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2977 mmio, start, end, idx, eidx, memory);
2979 memory >>= IO_MEM_SHIFT;
2980 for (; idx <= eidx; idx++) {
2981 for (i = 0; i < 4; i++) {
2982 if (io_mem_read[memory][i]) {
2983 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2984 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2985 mmio->region_offset[idx][0][i] = region_offset;
2987 if (io_mem_write[memory][i]) {
2988 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2989 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2990 mmio->region_offset[idx][1][i] = region_offset;
2998 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2999 ram_addr_t orig_memory, ram_addr_t region_offset)
3004 mmio = qemu_mallocz(sizeof(subpage_t));
3007 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
3008 #if defined(DEBUG_SUBPAGE)
3009 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3010 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3012 *phys = subpage_memory | IO_MEM_SUBPAGE;
3013 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
3019 static int get_free_io_mem_idx(void)
3023 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3024 if (!io_mem_used[i]) {
3032 static void io_mem_init(void)
3036 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
3037 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
3038 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
3042 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
3043 watch_mem_write, NULL);
3045 if (kqemu_phys_ram_base) {
3046 /* alloc dirty bits array */
3047 phys_ram_dirty = qemu_vmalloc(kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3048 memset(phys_ram_dirty, 0xff, kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3053 /* mem_read and mem_write are arrays of functions containing the
3054 function to access byte (index 0), word (index 1) and dword (index
3055 2). Functions can be omitted with a NULL function pointer.
3056 If io_index is non zero, the corresponding io zone is
3057 modified. If it is zero, a new io zone is allocated. The return
3058 value can be used with cpu_register_physical_memory(). (-1) is
3059 returned if error. */
3060 int cpu_register_io_memory(int io_index,
3061 CPUReadMemoryFunc **mem_read,
3062 CPUWriteMemoryFunc **mem_write,
3065 int i, subwidth = 0;
3067 if (io_index <= 0) {
3068 io_index = get_free_io_mem_idx();
3072 if (io_index >= IO_MEM_NB_ENTRIES)
3076 for(i = 0;i < 3; i++) {
3077 if (!mem_read[i] || !mem_write[i])
3078 subwidth = IO_MEM_SUBWIDTH;
3079 io_mem_read[io_index][i] = mem_read[i];
3080 io_mem_write[io_index][i] = mem_write[i];
3082 io_mem_opaque[io_index] = opaque;
3083 return (io_index << IO_MEM_SHIFT) | subwidth;
3086 void cpu_unregister_io_memory(int io_table_address)
3089 int io_index = io_table_address >> IO_MEM_SHIFT;
3091 for (i=0;i < 3; i++) {
3092 io_mem_read[io_index][i] = unassigned_mem_read[i];
3093 io_mem_write[io_index][i] = unassigned_mem_write[i];
3095 io_mem_opaque[io_index] = NULL;
3096 io_mem_used[io_index] = 0;
3099 #endif /* !defined(CONFIG_USER_ONLY) */
3101 /* physical memory access (slow version, mainly for debug) */
3102 #if defined(CONFIG_USER_ONLY)
3103 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3104 int len, int is_write)
3111 page = addr & TARGET_PAGE_MASK;
3112 l = (page + TARGET_PAGE_SIZE) - addr;
3115 flags = page_get_flags(page);
3116 if (!(flags & PAGE_VALID))
3119 if (!(flags & PAGE_WRITE))
3121 /* XXX: this code should not depend on lock_user */
3122 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3123 /* FIXME - should this return an error rather than just fail? */
3126 unlock_user(p, addr, l);
3128 if (!(flags & PAGE_READ))
3130 /* XXX: this code should not depend on lock_user */
3131 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3132 /* FIXME - should this return an error rather than just fail? */
3135 unlock_user(p, addr, 0);
3144 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3145 int len, int is_write)
3150 target_phys_addr_t page;
3155 page = addr & TARGET_PAGE_MASK;
3156 l = (page + TARGET_PAGE_SIZE) - addr;
3159 p = phys_page_find(page >> TARGET_PAGE_BITS);
3161 pd = IO_MEM_UNASSIGNED;
3163 pd = p->phys_offset;
3167 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3168 target_phys_addr_t addr1 = addr;
3169 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3171 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3172 /* XXX: could force cpu_single_env to NULL to avoid
3174 if (l >= 4 && ((addr1 & 3) == 0)) {
3175 /* 32 bit write access */
3177 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3179 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3180 /* 16 bit write access */
3182 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3185 /* 8 bit write access */
3187 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3191 unsigned long addr1;
3192 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3194 ptr = qemu_get_ram_ptr(addr1);
3195 memcpy(ptr, buf, l);
3196 if (!cpu_physical_memory_is_dirty(addr1)) {
3197 /* invalidate code */
3198 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3200 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3201 (0xff & ~CODE_DIRTY_FLAG);
3205 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3206 !(pd & IO_MEM_ROMD)) {
3207 target_phys_addr_t addr1 = addr;
3209 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3211 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3212 if (l >= 4 && ((addr1 & 3) == 0)) {
3213 /* 32 bit read access */
3214 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3217 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3218 /* 16 bit read access */
3219 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3223 /* 8 bit read access */
3224 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3230 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3231 (addr & ~TARGET_PAGE_MASK);
3232 memcpy(buf, ptr, l);
3241 /* used for ROM loading : can write in RAM and ROM */
3242 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3243 const uint8_t *buf, int len)
3247 target_phys_addr_t page;
3252 page = addr & TARGET_PAGE_MASK;
3253 l = (page + TARGET_PAGE_SIZE) - addr;
3256 p = phys_page_find(page >> TARGET_PAGE_BITS);
3258 pd = IO_MEM_UNASSIGNED;
3260 pd = p->phys_offset;
3263 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3264 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3265 !(pd & IO_MEM_ROMD)) {
3268 unsigned long addr1;
3269 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3271 ptr = qemu_get_ram_ptr(addr1);
3272 memcpy(ptr, buf, l);
3282 target_phys_addr_t addr;
3283 target_phys_addr_t len;
3286 static BounceBuffer bounce;
3288 typedef struct MapClient {
3290 void (*callback)(void *opaque);
3291 LIST_ENTRY(MapClient) link;
3294 static LIST_HEAD(map_client_list, MapClient) map_client_list
3295 = LIST_HEAD_INITIALIZER(map_client_list);
3297 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3299 MapClient *client = qemu_malloc(sizeof(*client));
3301 client->opaque = opaque;
3302 client->callback = callback;
3303 LIST_INSERT_HEAD(&map_client_list, client, link);
3307 void cpu_unregister_map_client(void *_client)
3309 MapClient *client = (MapClient *)_client;
3311 LIST_REMOVE(client, link);
3314 static void cpu_notify_map_clients(void)
3318 while (!LIST_EMPTY(&map_client_list)) {
3319 client = LIST_FIRST(&map_client_list);
3320 client->callback(client->opaque);
3321 LIST_REMOVE(client, link);
3325 /* Map a physical memory region into a host virtual address.
3326 * May map a subset of the requested range, given by and returned in *plen.
3327 * May return NULL if resources needed to perform the mapping are exhausted.
3328 * Use only for reads OR writes - not for read-modify-write operations.
3329 * Use cpu_register_map_client() to know when retrying the map operation is
3330 * likely to succeed.
3332 void *cpu_physical_memory_map(target_phys_addr_t addr,
3333 target_phys_addr_t *plen,
3336 target_phys_addr_t len = *plen;
3337 target_phys_addr_t done = 0;
3339 uint8_t *ret = NULL;
3341 target_phys_addr_t page;
3344 unsigned long addr1;
3347 page = addr & TARGET_PAGE_MASK;
3348 l = (page + TARGET_PAGE_SIZE) - addr;
3351 p = phys_page_find(page >> TARGET_PAGE_BITS);
3353 pd = IO_MEM_UNASSIGNED;
3355 pd = p->phys_offset;
3358 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3359 if (done || bounce.buffer) {
3362 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3366 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3368 ptr = bounce.buffer;
3370 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3371 ptr = qemu_get_ram_ptr(addr1);
3375 } else if (ret + done != ptr) {
3387 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3388 * Will also mark the memory as dirty if is_write == 1. access_len gives
3389 * the amount of memory that was actually read or written by the caller.
3391 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3392 int is_write, target_phys_addr_t access_len)
3394 if (buffer != bounce.buffer) {
3396 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3397 while (access_len) {
3399 l = TARGET_PAGE_SIZE;
3402 if (!cpu_physical_memory_is_dirty(addr1)) {
3403 /* invalidate code */
3404 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3406 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3407 (0xff & ~CODE_DIRTY_FLAG);
3416 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3418 qemu_free(bounce.buffer);
3419 bounce.buffer = NULL;
3420 cpu_notify_map_clients();
3423 /* warning: addr must be aligned */
3424 uint32_t ldl_phys(target_phys_addr_t addr)
3432 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3434 pd = IO_MEM_UNASSIGNED;
3436 pd = p->phys_offset;
3439 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3440 !(pd & IO_MEM_ROMD)) {
3442 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3444 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3445 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3448 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3449 (addr & ~TARGET_PAGE_MASK);
3455 /* warning: addr must be aligned */
3456 uint64_t ldq_phys(target_phys_addr_t addr)
3464 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3466 pd = IO_MEM_UNASSIGNED;
3468 pd = p->phys_offset;
3471 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3472 !(pd & IO_MEM_ROMD)) {
3474 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3476 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3477 #ifdef TARGET_WORDS_BIGENDIAN
3478 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3479 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3481 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3482 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3486 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3487 (addr & ~TARGET_PAGE_MASK);
3494 uint32_t ldub_phys(target_phys_addr_t addr)
3497 cpu_physical_memory_read(addr, &val, 1);
3502 uint32_t lduw_phys(target_phys_addr_t addr)
3505 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3506 return tswap16(val);
3509 /* warning: addr must be aligned. The ram page is not masked as dirty
3510 and the code inside is not invalidated. It is useful if the dirty
3511 bits are used to track modified PTEs */
3512 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3519 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3521 pd = IO_MEM_UNASSIGNED;
3523 pd = p->phys_offset;
3526 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3527 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3529 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3530 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3532 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3533 ptr = qemu_get_ram_ptr(addr1);
3536 if (unlikely(in_migration)) {
3537 if (!cpu_physical_memory_is_dirty(addr1)) {
3538 /* invalidate code */
3539 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3541 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3542 (0xff & ~CODE_DIRTY_FLAG);
3548 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3555 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3557 pd = IO_MEM_UNASSIGNED;
3559 pd = p->phys_offset;
3562 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3563 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3565 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3566 #ifdef TARGET_WORDS_BIGENDIAN
3567 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3568 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3570 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3571 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3574 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3575 (addr & ~TARGET_PAGE_MASK);
3580 /* warning: addr must be aligned */
3581 void stl_phys(target_phys_addr_t addr, uint32_t val)
3588 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3590 pd = IO_MEM_UNASSIGNED;
3592 pd = p->phys_offset;
3595 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3596 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3598 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3599 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3601 unsigned long addr1;
3602 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3604 ptr = qemu_get_ram_ptr(addr1);
3606 if (!cpu_physical_memory_is_dirty(addr1)) {
3607 /* invalidate code */
3608 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3610 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3611 (0xff & ~CODE_DIRTY_FLAG);
3617 void stb_phys(target_phys_addr_t addr, uint32_t val)
3620 cpu_physical_memory_write(addr, &v, 1);
3624 void stw_phys(target_phys_addr_t addr, uint32_t val)
3626 uint16_t v = tswap16(val);
3627 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3631 void stq_phys(target_phys_addr_t addr, uint64_t val)
3634 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3639 /* virtual memory access for debug (includes writing to ROM) */
3640 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3641 uint8_t *buf, int len, int is_write)
3644 target_phys_addr_t phys_addr;
3648 page = addr & TARGET_PAGE_MASK;
3649 phys_addr = cpu_get_phys_page_debug(env, page);
3650 /* if no physical page mapped, return an error */
3651 if (phys_addr == -1)
3653 l = (page + TARGET_PAGE_SIZE) - addr;
3656 phys_addr += (addr & ~TARGET_PAGE_MASK);
3657 #if !defined(CONFIG_USER_ONLY)
3659 cpu_physical_memory_write_rom(phys_addr, buf, l);
3662 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3670 /* in deterministic execution mode, instructions doing device I/Os
3671 must be at the end of the TB */
3672 void cpu_io_recompile(CPUState *env, void *retaddr)
3674 TranslationBlock *tb;
3676 target_ulong pc, cs_base;
3679 tb = tb_find_pc((unsigned long)retaddr);
3681 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3684 n = env->icount_decr.u16.low + tb->icount;
3685 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3686 /* Calculate how many instructions had been executed before the fault
3688 n = n - env->icount_decr.u16.low;
3689 /* Generate a new TB ending on the I/O insn. */
3691 /* On MIPS and SH, delay slot instructions can only be restarted if
3692 they were already the first instruction in the TB. If this is not
3693 the first instruction in a TB then re-execute the preceding
3695 #if defined(TARGET_MIPS)
3696 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3697 env->active_tc.PC -= 4;
3698 env->icount_decr.u16.low++;
3699 env->hflags &= ~MIPS_HFLAG_BMASK;
3701 #elif defined(TARGET_SH4)
3702 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3705 env->icount_decr.u16.low++;
3706 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3709 /* This should never happen. */
3710 if (n > CF_COUNT_MASK)
3711 cpu_abort(env, "TB too big during recompile");
3713 cflags = n | CF_LAST_IO;
3715 cs_base = tb->cs_base;
3717 tb_phys_invalidate(tb, -1);
3718 /* FIXME: In theory this could raise an exception. In practice
3719 we have already translated the block once so it's probably ok. */
3720 tb_gen_code(env, pc, cs_base, flags, cflags);
3721 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3722 the first in the TB) then we end up generating a whole new TB and
3723 repeating the fault, which is horribly inefficient.
3724 Better would be to execute just this insn uncached, or generate a
3726 cpu_resume_from_signal(env, NULL);
3729 void dump_exec_info(FILE *f,
3730 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3732 int i, target_code_size, max_target_code_size;
3733 int direct_jmp_count, direct_jmp2_count, cross_page;
3734 TranslationBlock *tb;
3736 target_code_size = 0;
3737 max_target_code_size = 0;
3739 direct_jmp_count = 0;
3740 direct_jmp2_count = 0;
3741 for(i = 0; i < nb_tbs; i++) {
3743 target_code_size += tb->size;
3744 if (tb->size > max_target_code_size)
3745 max_target_code_size = tb->size;
3746 if (tb->page_addr[1] != -1)
3748 if (tb->tb_next_offset[0] != 0xffff) {
3750 if (tb->tb_next_offset[1] != 0xffff) {
3751 direct_jmp2_count++;
3755 /* XXX: avoid using doubles ? */
3756 cpu_fprintf(f, "Translation buffer state:\n");
3757 cpu_fprintf(f, "gen code size %ld/%ld\n",
3758 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3759 cpu_fprintf(f, "TB count %d/%d\n",
3760 nb_tbs, code_gen_max_blocks);
3761 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3762 nb_tbs ? target_code_size / nb_tbs : 0,
3763 max_target_code_size);
3764 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3765 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3766 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3767 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3769 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3770 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3772 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3774 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3775 cpu_fprintf(f, "\nStatistics:\n");
3776 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3777 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3778 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3779 tcg_dump_info(f, cpu_fprintf);
3782 #if !defined(CONFIG_USER_ONLY)
3784 #define MMUSUFFIX _cmmu
3785 #define GETPC() NULL
3786 #define env cpu_single_env
3787 #define SOFTMMU_CODE_ACCESS
3790 #include "softmmu_template.h"
3793 #include "softmmu_template.h"
3796 #include "softmmu_template.h"
3799 #include "softmmu_template.h"
projects / qemu / blob