2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
24 #include <sys/types.h>
37 #include "qemu-common.h"
42 #if defined(CONFIG_USER_ONLY)
46 //#define DEBUG_TB_INVALIDATE
49 //#define DEBUG_UNASSIGNED
51 /* make various TB consistency checks */
52 //#define DEBUG_TB_CHECK
53 //#define DEBUG_TLB_CHECK
55 //#define DEBUG_IOPORT
56 //#define DEBUG_SUBPAGE
58 #if !defined(CONFIG_USER_ONLY)
59 /* TB consistency checks only implemented for usermode emulation. */
63 #define SMC_BITMAP_USE_THRESHOLD 10
65 #if defined(TARGET_SPARC64)
66 #define TARGET_PHYS_ADDR_SPACE_BITS 41
67 #elif defined(TARGET_SPARC)
68 #define TARGET_PHYS_ADDR_SPACE_BITS 36
69 #elif defined(TARGET_ALPHA)
70 #define TARGET_PHYS_ADDR_SPACE_BITS 42
71 #define TARGET_VIRT_ADDR_SPACE_BITS 42
72 #elif defined(TARGET_PPC64)
73 #define TARGET_PHYS_ADDR_SPACE_BITS 42
74 #elif defined(TARGET_X86_64) && !defined(CONFIG_KQEMU)
75 #define TARGET_PHYS_ADDR_SPACE_BITS 42
76 #elif defined(TARGET_I386) && !defined(CONFIG_KQEMU)
77 #define TARGET_PHYS_ADDR_SPACE_BITS 36
79 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
80 #define TARGET_PHYS_ADDR_SPACE_BITS 32
83 static TranslationBlock *tbs;
84 int code_gen_max_blocks;
85 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
87 /* any access to the tbs or the page table must use this lock */
88 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
90 #if defined(__arm__) || defined(__sparc_v9__)
91 /* The prologue must be reachable with a direct jump. ARM and Sparc64
92 have limited branch ranges (possibly also PPC) so place it in a
93 section close to code segment. */
94 #define code_gen_section \
95 __attribute__((__section__(".gen_code"))) \
96 __attribute__((aligned (32)))
98 #define code_gen_section \
99 __attribute__((aligned (32)))
102 uint8_t code_gen_prologue[1024] code_gen_section;
103 static uint8_t *code_gen_buffer;
104 static unsigned long code_gen_buffer_size;
105 /* threshold to flush the translated code buffer */
106 static unsigned long code_gen_buffer_max_size;
107 uint8_t *code_gen_ptr;
109 #if !defined(CONFIG_USER_ONLY)
111 uint8_t *phys_ram_dirty;
112 static int in_migration;
114 typedef struct RAMBlock {
118 struct RAMBlock *next;
121 static RAMBlock *ram_blocks;
122 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
123 then we can no longet assume contiguous ram offsets, and external uses
124 of this variable will break. */
125 ram_addr_t last_ram_offset;
129 /* current CPU in the current thread. It is only valid inside
131 CPUState *cpu_single_env;
132 /* 0 = Do not count executed instructions.
133 1 = Precise instruction counting.
134 2 = Adaptive rate instruction counting. */
136 /* Current instruction counter. While executing translated code this may
137 include some instructions that have not yet been executed. */
140 typedef struct PageDesc {
141 /* list of TBs intersecting this ram page */
142 TranslationBlock *first_tb;
143 /* in order to optimize self modifying code, we count the number
144 of lookups we do to a given page to use a bitmap */
145 unsigned int code_write_count;
146 uint8_t *code_bitmap;
147 #if defined(CONFIG_USER_ONLY)
152 typedef struct PhysPageDesc {
153 /* offset in host memory of the page + io_index in the low bits */
154 ram_addr_t phys_offset;
155 ram_addr_t region_offset;
159 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
160 /* XXX: this is a temporary hack for alpha target.
161 * In the future, this is to be replaced by a multi-level table
162 * to actually be able to handle the complete 64 bits address space.
164 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
166 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
169 #define L1_SIZE (1 << L1_BITS)
170 #define L2_SIZE (1 << L2_BITS)
172 unsigned long qemu_real_host_page_size;
173 unsigned long qemu_host_page_bits;
174 unsigned long qemu_host_page_size;
175 unsigned long qemu_host_page_mask;
177 /* XXX: for system emulation, it could just be an array */
178 static PageDesc *l1_map[L1_SIZE];
179 static PhysPageDesc **l1_phys_map;
181 #if !defined(CONFIG_USER_ONLY)
182 static void io_mem_init(void);
184 /* io memory support */
185 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
186 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
187 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
188 static char io_mem_used[IO_MEM_NB_ENTRIES];
189 static int io_mem_watch;
193 static const char *logfilename = "/tmp/qemu.log";
196 static int log_append = 0;
199 static int tlb_flush_count;
200 static int tb_flush_count;
201 static int tb_phys_invalidate_count;
203 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
204 typedef struct subpage_t {
205 target_phys_addr_t base;
206 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
207 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
208 void *opaque[TARGET_PAGE_SIZE][2][4];
209 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
213 static void map_exec(void *addr, long size)
216 VirtualProtect(addr, size,
217 PAGE_EXECUTE_READWRITE, &old_protect);
221 static void map_exec(void *addr, long size)
223 unsigned long start, end, page_size;
225 page_size = getpagesize();
226 start = (unsigned long)addr;
227 start &= ~(page_size - 1);
229 end = (unsigned long)addr + size;
230 end += page_size - 1;
231 end &= ~(page_size - 1);
233 mprotect((void *)start, end - start,
234 PROT_READ | PROT_WRITE | PROT_EXEC);
238 static void page_init(void)
240 /* NOTE: we can always suppose that qemu_host_page_size >=
244 SYSTEM_INFO system_info;
246 GetSystemInfo(&system_info);
247 qemu_real_host_page_size = system_info.dwPageSize;
250 qemu_real_host_page_size = getpagesize();
252 if (qemu_host_page_size == 0)
253 qemu_host_page_size = qemu_real_host_page_size;
254 if (qemu_host_page_size < TARGET_PAGE_SIZE)
255 qemu_host_page_size = TARGET_PAGE_SIZE;
256 qemu_host_page_bits = 0;
257 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
258 qemu_host_page_bits++;
259 qemu_host_page_mask = ~(qemu_host_page_size - 1);
260 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
261 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
263 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
265 long long startaddr, endaddr;
270 last_brk = (unsigned long)sbrk(0);
271 f = fopen("/proc/self/maps", "r");
274 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
276 startaddr = MIN(startaddr,
277 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
278 endaddr = MIN(endaddr,
279 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
280 page_set_flags(startaddr & TARGET_PAGE_MASK,
281 TARGET_PAGE_ALIGN(endaddr),
292 static inline PageDesc **page_l1_map(target_ulong index)
294 #if TARGET_LONG_BITS > 32
295 /* Host memory outside guest VM. For 32-bit targets we have already
296 excluded high addresses. */
297 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
300 return &l1_map[index >> L2_BITS];
303 static inline PageDesc *page_find_alloc(target_ulong index)
306 lp = page_l1_map(index);
312 /* allocate if not found */
313 #if defined(CONFIG_USER_ONLY)
314 size_t len = sizeof(PageDesc) * L2_SIZE;
315 /* Don't use qemu_malloc because it may recurse. */
316 p = mmap(0, len, PROT_READ | PROT_WRITE,
317 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
320 unsigned long addr = h2g(p);
321 page_set_flags(addr & TARGET_PAGE_MASK,
322 TARGET_PAGE_ALIGN(addr + len),
326 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
330 return p + (index & (L2_SIZE - 1));
333 static inline PageDesc *page_find(target_ulong index)
336 lp = page_l1_map(index);
343 return p + (index & (L2_SIZE - 1));
346 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
351 p = (void **)l1_phys_map;
352 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
354 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
355 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
357 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
360 /* allocate if not found */
363 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
364 memset(p, 0, sizeof(void *) * L1_SIZE);
368 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
372 /* allocate if not found */
375 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
377 for (i = 0; i < L2_SIZE; i++) {
378 pd[i].phys_offset = IO_MEM_UNASSIGNED;
379 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
382 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
385 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
387 return phys_page_find_alloc(index, 0);
390 #if !defined(CONFIG_USER_ONLY)
391 static void tlb_protect_code(ram_addr_t ram_addr);
392 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
394 #define mmap_lock() do { } while(0)
395 #define mmap_unlock() do { } while(0)
398 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
400 #if defined(CONFIG_USER_ONLY)
401 /* Currently it is not recommanded to allocate big chunks of data in
402 user mode. It will change when a dedicated libc will be used */
403 #define USE_STATIC_CODE_GEN_BUFFER
406 #ifdef USE_STATIC_CODE_GEN_BUFFER
407 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
410 static void code_gen_alloc(unsigned long tb_size)
412 #ifdef USE_STATIC_CODE_GEN_BUFFER
413 code_gen_buffer = static_code_gen_buffer;
414 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
415 map_exec(code_gen_buffer, code_gen_buffer_size);
417 code_gen_buffer_size = tb_size;
418 if (code_gen_buffer_size == 0) {
419 #if defined(CONFIG_USER_ONLY)
420 /* in user mode, phys_ram_size is not meaningful */
421 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
423 /* XXX: needs ajustments */
424 code_gen_buffer_size = (unsigned long)(ram_size / 4);
427 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
428 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
429 /* The code gen buffer location may have constraints depending on
430 the host cpu and OS */
431 #if defined(__linux__)
436 flags = MAP_PRIVATE | MAP_ANONYMOUS;
437 #if defined(__x86_64__)
439 /* Cannot map more than that */
440 if (code_gen_buffer_size > (800 * 1024 * 1024))
441 code_gen_buffer_size = (800 * 1024 * 1024);
442 #elif defined(__sparc_v9__)
443 // Map the buffer below 2G, so we can use direct calls and branches
445 start = (void *) 0x60000000UL;
446 if (code_gen_buffer_size > (512 * 1024 * 1024))
447 code_gen_buffer_size = (512 * 1024 * 1024);
448 #elif defined(__arm__)
449 /* Map the buffer below 32M, so we can use direct calls and branches */
451 start = (void *) 0x01000000UL;
452 if (code_gen_buffer_size > 16 * 1024 * 1024)
453 code_gen_buffer_size = 16 * 1024 * 1024;
455 code_gen_buffer = mmap(start, code_gen_buffer_size,
456 PROT_WRITE | PROT_READ | PROT_EXEC,
458 if (code_gen_buffer == MAP_FAILED) {
459 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
463 #elif defined(__FreeBSD__) || defined(__DragonFly__)
467 flags = MAP_PRIVATE | MAP_ANONYMOUS;
468 #if defined(__x86_64__)
469 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
470 * 0x40000000 is free */
472 addr = (void *)0x40000000;
473 /* Cannot map more than that */
474 if (code_gen_buffer_size > (800 * 1024 * 1024))
475 code_gen_buffer_size = (800 * 1024 * 1024);
477 code_gen_buffer = mmap(addr, code_gen_buffer_size,
478 PROT_WRITE | PROT_READ | PROT_EXEC,
480 if (code_gen_buffer == MAP_FAILED) {
481 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
486 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
487 map_exec(code_gen_buffer, code_gen_buffer_size);
489 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
490 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
491 code_gen_buffer_max_size = code_gen_buffer_size -
492 code_gen_max_block_size();
493 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
494 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
497 /* Must be called before using the QEMU cpus. 'tb_size' is the size
498 (in bytes) allocated to the translation buffer. Zero means default
500 void cpu_exec_init_all(unsigned long tb_size)
503 code_gen_alloc(tb_size);
504 code_gen_ptr = code_gen_buffer;
506 #if !defined(CONFIG_USER_ONLY)
511 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
513 #define CPU_COMMON_SAVE_VERSION 1
515 static void cpu_common_save(QEMUFile *f, void *opaque)
517 CPUState *env = opaque;
519 qemu_put_be32s(f, &env->halted);
520 qemu_put_be32s(f, &env->interrupt_request);
523 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
525 CPUState *env = opaque;
527 if (version_id != CPU_COMMON_SAVE_VERSION)
530 qemu_get_be32s(f, &env->halted);
531 qemu_get_be32s(f, &env->interrupt_request);
532 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
533 version_id is increased. */
534 env->interrupt_request &= ~0x01;
541 void cpu_exec_init(CPUState *env)
546 #if defined(CONFIG_USER_ONLY)
549 env->next_cpu = NULL;
552 while (*penv != NULL) {
553 penv = (CPUState **)&(*penv)->next_cpu;
556 env->cpu_index = cpu_index;
558 TAILQ_INIT(&env->breakpoints);
559 TAILQ_INIT(&env->watchpoints);
561 #if defined(CONFIG_USER_ONLY)
564 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
565 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
566 cpu_common_save, cpu_common_load, env);
567 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
568 cpu_save, cpu_load, env);
572 static inline void invalidate_page_bitmap(PageDesc *p)
574 if (p->code_bitmap) {
575 qemu_free(p->code_bitmap);
576 p->code_bitmap = NULL;
578 p->code_write_count = 0;
581 /* set to NULL all the 'first_tb' fields in all PageDescs */
582 static void page_flush_tb(void)
587 for(i = 0; i < L1_SIZE; i++) {
590 for(j = 0; j < L2_SIZE; j++) {
592 invalidate_page_bitmap(p);
599 /* flush all the translation blocks */
600 /* XXX: tb_flush is currently not thread safe */
601 void tb_flush(CPUState *env1)
604 #if defined(DEBUG_FLUSH)
605 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
606 (unsigned long)(code_gen_ptr - code_gen_buffer),
608 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
610 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
611 cpu_abort(env1, "Internal error: code buffer overflow\n");
615 for(env = first_cpu; env != NULL; env = env->next_cpu) {
616 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
619 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
622 code_gen_ptr = code_gen_buffer;
623 /* XXX: flush processor icache at this point if cache flush is
628 #ifdef DEBUG_TB_CHECK
630 static void tb_invalidate_check(target_ulong address)
632 TranslationBlock *tb;
634 address &= TARGET_PAGE_MASK;
635 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
636 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
637 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
638 address >= tb->pc + tb->size)) {
639 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
640 address, (long)tb->pc, tb->size);
646 /* verify that all the pages have correct rights for code */
647 static void tb_page_check(void)
649 TranslationBlock *tb;
650 int i, flags1, flags2;
652 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
653 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
654 flags1 = page_get_flags(tb->pc);
655 flags2 = page_get_flags(tb->pc + tb->size - 1);
656 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
657 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
658 (long)tb->pc, tb->size, flags1, flags2);
664 static void tb_jmp_check(TranslationBlock *tb)
666 TranslationBlock *tb1;
669 /* suppress any remaining jumps to this TB */
673 tb1 = (TranslationBlock *)((long)tb1 & ~3);
676 tb1 = tb1->jmp_next[n1];
678 /* check end of list */
680 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
686 /* invalidate one TB */
687 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
690 TranslationBlock *tb1;
694 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
697 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
701 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
703 TranslationBlock *tb1;
709 tb1 = (TranslationBlock *)((long)tb1 & ~3);
711 *ptb = tb1->page_next[n1];
714 ptb = &tb1->page_next[n1];
718 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
720 TranslationBlock *tb1, **ptb;
723 ptb = &tb->jmp_next[n];
726 /* find tb(n) in circular list */
730 tb1 = (TranslationBlock *)((long)tb1 & ~3);
731 if (n1 == n && tb1 == tb)
734 ptb = &tb1->jmp_first;
736 ptb = &tb1->jmp_next[n1];
739 /* now we can suppress tb(n) from the list */
740 *ptb = tb->jmp_next[n];
742 tb->jmp_next[n] = NULL;
746 /* reset the jump entry 'n' of a TB so that it is not chained to
748 static inline void tb_reset_jump(TranslationBlock *tb, int n)
750 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
753 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
758 target_phys_addr_t phys_pc;
759 TranslationBlock *tb1, *tb2;
761 /* remove the TB from the hash list */
762 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
763 h = tb_phys_hash_func(phys_pc);
764 tb_remove(&tb_phys_hash[h], tb,
765 offsetof(TranslationBlock, phys_hash_next));
767 /* remove the TB from the page list */
768 if (tb->page_addr[0] != page_addr) {
769 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
770 tb_page_remove(&p->first_tb, tb);
771 invalidate_page_bitmap(p);
773 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
774 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
775 tb_page_remove(&p->first_tb, tb);
776 invalidate_page_bitmap(p);
779 tb_invalidated_flag = 1;
781 /* remove the TB from the hash list */
782 h = tb_jmp_cache_hash_func(tb->pc);
783 for(env = first_cpu; env != NULL; env = env->next_cpu) {
784 if (env->tb_jmp_cache[h] == tb)
785 env->tb_jmp_cache[h] = NULL;
788 /* suppress this TB from the two jump lists */
789 tb_jmp_remove(tb, 0);
790 tb_jmp_remove(tb, 1);
792 /* suppress any remaining jumps to this TB */
798 tb1 = (TranslationBlock *)((long)tb1 & ~3);
799 tb2 = tb1->jmp_next[n1];
800 tb_reset_jump(tb1, n1);
801 tb1->jmp_next[n1] = NULL;
804 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
806 tb_phys_invalidate_count++;
809 static inline void set_bits(uint8_t *tab, int start, int len)
815 mask = 0xff << (start & 7);
816 if ((start & ~7) == (end & ~7)) {
818 mask &= ~(0xff << (end & 7));
823 start = (start + 8) & ~7;
825 while (start < end1) {
830 mask = ~(0xff << (end & 7));
836 static void build_page_bitmap(PageDesc *p)
838 int n, tb_start, tb_end;
839 TranslationBlock *tb;
841 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
846 tb = (TranslationBlock *)((long)tb & ~3);
847 /* NOTE: this is subtle as a TB may span two physical pages */
849 /* NOTE: tb_end may be after the end of the page, but
850 it is not a problem */
851 tb_start = tb->pc & ~TARGET_PAGE_MASK;
852 tb_end = tb_start + tb->size;
853 if (tb_end > TARGET_PAGE_SIZE)
854 tb_end = TARGET_PAGE_SIZE;
857 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
859 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
860 tb = tb->page_next[n];
864 TranslationBlock *tb_gen_code(CPUState *env,
865 target_ulong pc, target_ulong cs_base,
866 int flags, int cflags)
868 TranslationBlock *tb;
870 target_ulong phys_pc, phys_page2, virt_page2;
873 phys_pc = get_phys_addr_code(env, pc);
876 /* flush must be done */
878 /* cannot fail at this point */
880 /* Don't forget to invalidate previous TB info. */
881 tb_invalidated_flag = 1;
883 tc_ptr = code_gen_ptr;
885 tb->cs_base = cs_base;
888 cpu_gen_code(env, tb, &code_gen_size);
889 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
891 /* check next page if needed */
892 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
894 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
895 phys_page2 = get_phys_addr_code(env, virt_page2);
897 tb_link_phys(tb, phys_pc, phys_page2);
901 /* invalidate all TBs which intersect with the target physical page
902 starting in range [start;end[. NOTE: start and end must refer to
903 the same physical page. 'is_cpu_write_access' should be true if called
904 from a real cpu write access: the virtual CPU will exit the current
905 TB if code is modified inside this TB. */
906 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
907 int is_cpu_write_access)
909 TranslationBlock *tb, *tb_next, *saved_tb;
910 CPUState *env = cpu_single_env;
911 target_ulong tb_start, tb_end;
914 #ifdef TARGET_HAS_PRECISE_SMC
915 int current_tb_not_found = is_cpu_write_access;
916 TranslationBlock *current_tb = NULL;
917 int current_tb_modified = 0;
918 target_ulong current_pc = 0;
919 target_ulong current_cs_base = 0;
920 int current_flags = 0;
921 #endif /* TARGET_HAS_PRECISE_SMC */
923 p = page_find(start >> TARGET_PAGE_BITS);
926 if (!p->code_bitmap &&
927 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
928 is_cpu_write_access) {
929 /* build code bitmap */
930 build_page_bitmap(p);
933 /* we remove all the TBs in the range [start, end[ */
934 /* XXX: see if in some cases it could be faster to invalidate all the code */
938 tb = (TranslationBlock *)((long)tb & ~3);
939 tb_next = tb->page_next[n];
940 /* NOTE: this is subtle as a TB may span two physical pages */
942 /* NOTE: tb_end may be after the end of the page, but
943 it is not a problem */
944 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
945 tb_end = tb_start + tb->size;
947 tb_start = tb->page_addr[1];
948 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
950 if (!(tb_end <= start || tb_start >= end)) {
951 #ifdef TARGET_HAS_PRECISE_SMC
952 if (current_tb_not_found) {
953 current_tb_not_found = 0;
955 if (env->mem_io_pc) {
956 /* now we have a real cpu fault */
957 current_tb = tb_find_pc(env->mem_io_pc);
960 if (current_tb == tb &&
961 (current_tb->cflags & CF_COUNT_MASK) != 1) {
962 /* If we are modifying the current TB, we must stop
963 its execution. We could be more precise by checking
964 that the modification is after the current PC, but it
965 would require a specialized function to partially
966 restore the CPU state */
968 current_tb_modified = 1;
969 cpu_restore_state(current_tb, env,
970 env->mem_io_pc, NULL);
971 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
974 #endif /* TARGET_HAS_PRECISE_SMC */
975 /* we need to do that to handle the case where a signal
976 occurs while doing tb_phys_invalidate() */
979 saved_tb = env->current_tb;
980 env->current_tb = NULL;
982 tb_phys_invalidate(tb, -1);
984 env->current_tb = saved_tb;
985 if (env->interrupt_request && env->current_tb)
986 cpu_interrupt(env, env->interrupt_request);
991 #if !defined(CONFIG_USER_ONLY)
992 /* if no code remaining, no need to continue to use slow writes */
994 invalidate_page_bitmap(p);
995 if (is_cpu_write_access) {
996 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1000 #ifdef TARGET_HAS_PRECISE_SMC
1001 if (current_tb_modified) {
1002 /* we generate a block containing just the instruction
1003 modifying the memory. It will ensure that it cannot modify
1005 env->current_tb = NULL;
1006 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1007 cpu_resume_from_signal(env, NULL);
1012 /* len must be <= 8 and start must be a multiple of len */
1013 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1019 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1020 cpu_single_env->mem_io_vaddr, len,
1021 cpu_single_env->eip,
1022 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1025 p = page_find(start >> TARGET_PAGE_BITS);
1028 if (p->code_bitmap) {
1029 offset = start & ~TARGET_PAGE_MASK;
1030 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1031 if (b & ((1 << len) - 1))
1035 tb_invalidate_phys_page_range(start, start + len, 1);
1039 #if !defined(CONFIG_SOFTMMU)
1040 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1041 unsigned long pc, void *puc)
1043 TranslationBlock *tb;
1046 #ifdef TARGET_HAS_PRECISE_SMC
1047 TranslationBlock *current_tb = NULL;
1048 CPUState *env = cpu_single_env;
1049 int current_tb_modified = 0;
1050 target_ulong current_pc = 0;
1051 target_ulong current_cs_base = 0;
1052 int current_flags = 0;
1055 addr &= TARGET_PAGE_MASK;
1056 p = page_find(addr >> TARGET_PAGE_BITS);
1060 #ifdef TARGET_HAS_PRECISE_SMC
1061 if (tb && pc != 0) {
1062 current_tb = tb_find_pc(pc);
1065 while (tb != NULL) {
1067 tb = (TranslationBlock *)((long)tb & ~3);
1068 #ifdef TARGET_HAS_PRECISE_SMC
1069 if (current_tb == tb &&
1070 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1071 /* If we are modifying the current TB, we must stop
1072 its execution. We could be more precise by checking
1073 that the modification is after the current PC, but it
1074 would require a specialized function to partially
1075 restore the CPU state */
1077 current_tb_modified = 1;
1078 cpu_restore_state(current_tb, env, pc, puc);
1079 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1082 #endif /* TARGET_HAS_PRECISE_SMC */
1083 tb_phys_invalidate(tb, addr);
1084 tb = tb->page_next[n];
1087 #ifdef TARGET_HAS_PRECISE_SMC
1088 if (current_tb_modified) {
1089 /* we generate a block containing just the instruction
1090 modifying the memory. It will ensure that it cannot modify
1092 env->current_tb = NULL;
1093 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1094 cpu_resume_from_signal(env, puc);
1100 /* add the tb in the target page and protect it if necessary */
1101 static inline void tb_alloc_page(TranslationBlock *tb,
1102 unsigned int n, target_ulong page_addr)
1105 TranslationBlock *last_first_tb;
1107 tb->page_addr[n] = page_addr;
1108 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1109 tb->page_next[n] = p->first_tb;
1110 last_first_tb = p->first_tb;
1111 p->first_tb = (TranslationBlock *)((long)tb | n);
1112 invalidate_page_bitmap(p);
1114 #if defined(TARGET_HAS_SMC) || 1
1116 #if defined(CONFIG_USER_ONLY)
1117 if (p->flags & PAGE_WRITE) {
1122 /* force the host page as non writable (writes will have a
1123 page fault + mprotect overhead) */
1124 page_addr &= qemu_host_page_mask;
1126 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1127 addr += TARGET_PAGE_SIZE) {
1129 p2 = page_find (addr >> TARGET_PAGE_BITS);
1133 p2->flags &= ~PAGE_WRITE;
1134 page_get_flags(addr);
1136 mprotect(g2h(page_addr), qemu_host_page_size,
1137 (prot & PAGE_BITS) & ~PAGE_WRITE);
1138 #ifdef DEBUG_TB_INVALIDATE
1139 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1144 /* if some code is already present, then the pages are already
1145 protected. So we handle the case where only the first TB is
1146 allocated in a physical page */
1147 if (!last_first_tb) {
1148 tlb_protect_code(page_addr);
1152 #endif /* TARGET_HAS_SMC */
1155 /* Allocate a new translation block. Flush the translation buffer if
1156 too many translation blocks or too much generated code. */
1157 TranslationBlock *tb_alloc(target_ulong pc)
1159 TranslationBlock *tb;
1161 if (nb_tbs >= code_gen_max_blocks ||
1162 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1164 tb = &tbs[nb_tbs++];
1170 void tb_free(TranslationBlock *tb)
1172 /* In practice this is mostly used for single use temporary TB
1173 Ignore the hard cases and just back up if this TB happens to
1174 be the last one generated. */
1175 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1176 code_gen_ptr = tb->tc_ptr;
1181 /* add a new TB and link it to the physical page tables. phys_page2 is
1182 (-1) to indicate that only one page contains the TB. */
1183 void tb_link_phys(TranslationBlock *tb,
1184 target_ulong phys_pc, target_ulong phys_page2)
1187 TranslationBlock **ptb;
1189 /* Grab the mmap lock to stop another thread invalidating this TB
1190 before we are done. */
1192 /* add in the physical hash table */
1193 h = tb_phys_hash_func(phys_pc);
1194 ptb = &tb_phys_hash[h];
1195 tb->phys_hash_next = *ptb;
1198 /* add in the page list */
1199 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1200 if (phys_page2 != -1)
1201 tb_alloc_page(tb, 1, phys_page2);
1203 tb->page_addr[1] = -1;
1205 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1206 tb->jmp_next[0] = NULL;
1207 tb->jmp_next[1] = NULL;
1209 /* init original jump addresses */
1210 if (tb->tb_next_offset[0] != 0xffff)
1211 tb_reset_jump(tb, 0);
1212 if (tb->tb_next_offset[1] != 0xffff)
1213 tb_reset_jump(tb, 1);
1215 #ifdef DEBUG_TB_CHECK
1221 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1222 tb[1].tc_ptr. Return NULL if not found */
1223 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1225 int m_min, m_max, m;
1227 TranslationBlock *tb;
1231 if (tc_ptr < (unsigned long)code_gen_buffer ||
1232 tc_ptr >= (unsigned long)code_gen_ptr)
1234 /* binary search (cf Knuth) */
1237 while (m_min <= m_max) {
1238 m = (m_min + m_max) >> 1;
1240 v = (unsigned long)tb->tc_ptr;
1243 else if (tc_ptr < v) {
1252 static void tb_reset_jump_recursive(TranslationBlock *tb);
1254 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1256 TranslationBlock *tb1, *tb_next, **ptb;
1259 tb1 = tb->jmp_next[n];
1261 /* find head of list */
1264 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1267 tb1 = tb1->jmp_next[n1];
1269 /* we are now sure now that tb jumps to tb1 */
1272 /* remove tb from the jmp_first list */
1273 ptb = &tb_next->jmp_first;
1277 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1278 if (n1 == n && tb1 == tb)
1280 ptb = &tb1->jmp_next[n1];
1282 *ptb = tb->jmp_next[n];
1283 tb->jmp_next[n] = NULL;
1285 /* suppress the jump to next tb in generated code */
1286 tb_reset_jump(tb, n);
1288 /* suppress jumps in the tb on which we could have jumped */
1289 tb_reset_jump_recursive(tb_next);
1293 static void tb_reset_jump_recursive(TranslationBlock *tb)
1295 tb_reset_jump_recursive2(tb, 0);
1296 tb_reset_jump_recursive2(tb, 1);
1299 #if defined(TARGET_HAS_ICE)
1300 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1302 target_phys_addr_t addr;
1304 ram_addr_t ram_addr;
1307 addr = cpu_get_phys_page_debug(env, pc);
1308 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1310 pd = IO_MEM_UNASSIGNED;
1312 pd = p->phys_offset;
1314 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1315 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1319 /* Add a watchpoint. */
1320 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1321 int flags, CPUWatchpoint **watchpoint)
1323 target_ulong len_mask = ~(len - 1);
1326 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1327 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1328 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1329 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1332 wp = qemu_malloc(sizeof(*wp));
1335 wp->len_mask = len_mask;
1338 /* keep all GDB-injected watchpoints in front */
1340 TAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1342 TAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1344 tlb_flush_page(env, addr);
1351 /* Remove a specific watchpoint. */
1352 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1355 target_ulong len_mask = ~(len - 1);
1358 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1359 if (addr == wp->vaddr && len_mask == wp->len_mask
1360 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1361 cpu_watchpoint_remove_by_ref(env, wp);
1368 /* Remove a specific watchpoint by reference. */
1369 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1371 TAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1373 tlb_flush_page(env, watchpoint->vaddr);
1375 qemu_free(watchpoint);
1378 /* Remove all matching watchpoints. */
1379 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1381 CPUWatchpoint *wp, *next;
1383 TAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1384 if (wp->flags & mask)
1385 cpu_watchpoint_remove_by_ref(env, wp);
1389 /* Add a breakpoint. */
1390 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1391 CPUBreakpoint **breakpoint)
1393 #if defined(TARGET_HAS_ICE)
1396 bp = qemu_malloc(sizeof(*bp));
1401 /* keep all GDB-injected breakpoints in front */
1403 TAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1405 TAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1407 breakpoint_invalidate(env, pc);
1417 /* Remove a specific breakpoint. */
1418 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1420 #if defined(TARGET_HAS_ICE)
1423 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1424 if (bp->pc == pc && bp->flags == flags) {
1425 cpu_breakpoint_remove_by_ref(env, bp);
1435 /* Remove a specific breakpoint by reference. */
1436 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1438 #if defined(TARGET_HAS_ICE)
1439 TAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1441 breakpoint_invalidate(env, breakpoint->pc);
1443 qemu_free(breakpoint);
1447 /* Remove all matching breakpoints. */
1448 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1450 #if defined(TARGET_HAS_ICE)
1451 CPUBreakpoint *bp, *next;
1453 TAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1454 if (bp->flags & mask)
1455 cpu_breakpoint_remove_by_ref(env, bp);
1460 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1461 CPU loop after each instruction */
1462 void cpu_single_step(CPUState *env, int enabled)
1464 #if defined(TARGET_HAS_ICE)
1465 if (env->singlestep_enabled != enabled) {
1466 env->singlestep_enabled = enabled;
1468 kvm_update_guest_debug(env, 0);
1470 /* must flush all the translated code to avoid inconsistancies */
1471 /* XXX: only flush what is necessary */
1478 /* enable or disable low levels log */
1479 void cpu_set_log(int log_flags)
1481 loglevel = log_flags;
1482 if (loglevel && !logfile) {
1483 logfile = fopen(logfilename, log_append ? "a" : "w");
1485 perror(logfilename);
1488 #if !defined(CONFIG_SOFTMMU)
1489 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1491 static char logfile_buf[4096];
1492 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1495 setvbuf(logfile, NULL, _IOLBF, 0);
1499 if (!loglevel && logfile) {
1505 void cpu_set_log_filename(const char *filename)
1507 logfilename = strdup(filename);
1512 cpu_set_log(loglevel);
1515 static void cpu_unlink_tb(CPUState *env)
1517 #if defined(USE_NPTL)
1518 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1519 problem and hope the cpu will stop of its own accord. For userspace
1520 emulation this often isn't actually as bad as it sounds. Often
1521 signals are used primarily to interrupt blocking syscalls. */
1523 TranslationBlock *tb;
1524 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1526 tb = env->current_tb;
1527 /* if the cpu is currently executing code, we must unlink it and
1528 all the potentially executing TB */
1529 if (tb && !testandset(&interrupt_lock)) {
1530 env->current_tb = NULL;
1531 tb_reset_jump_recursive(tb);
1532 resetlock(&interrupt_lock);
1537 /* mask must never be zero, except for A20 change call */
1538 void cpu_interrupt(CPUState *env, int mask)
1542 old_mask = env->interrupt_request;
1543 env->interrupt_request |= mask;
1545 #ifndef CONFIG_USER_ONLY
1547 * If called from iothread context, wake the target cpu in
1550 if (!qemu_cpu_self(env)) {
1557 env->icount_decr.u16.high = 0xffff;
1558 #ifndef CONFIG_USER_ONLY
1560 && (mask & ~old_mask) != 0) {
1561 cpu_abort(env, "Raised interrupt while not in I/O function");
1569 void cpu_reset_interrupt(CPUState *env, int mask)
1571 env->interrupt_request &= ~mask;
1574 void cpu_exit(CPUState *env)
1576 env->exit_request = 1;
1580 const CPULogItem cpu_log_items[] = {
1581 { CPU_LOG_TB_OUT_ASM, "out_asm",
1582 "show generated host assembly code for each compiled TB" },
1583 { CPU_LOG_TB_IN_ASM, "in_asm",
1584 "show target assembly code for each compiled TB" },
1585 { CPU_LOG_TB_OP, "op",
1586 "show micro ops for each compiled TB" },
1587 { CPU_LOG_TB_OP_OPT, "op_opt",
1590 "before eflags optimization and "
1592 "after liveness analysis" },
1593 { CPU_LOG_INT, "int",
1594 "show interrupts/exceptions in short format" },
1595 { CPU_LOG_EXEC, "exec",
1596 "show trace before each executed TB (lots of logs)" },
1597 { CPU_LOG_TB_CPU, "cpu",
1598 "show CPU state before block translation" },
1600 { CPU_LOG_PCALL, "pcall",
1601 "show protected mode far calls/returns/exceptions" },
1602 { CPU_LOG_RESET, "cpu_reset",
1603 "show CPU state before CPU resets" },
1606 { CPU_LOG_IOPORT, "ioport",
1607 "show all i/o ports accesses" },
1612 static int cmp1(const char *s1, int n, const char *s2)
1614 if (strlen(s2) != n)
1616 return memcmp(s1, s2, n) == 0;
1619 /* takes a comma separated list of log masks. Return 0 if error. */
1620 int cpu_str_to_log_mask(const char *str)
1622 const CPULogItem *item;
1629 p1 = strchr(p, ',');
1632 if(cmp1(p,p1-p,"all")) {
1633 for(item = cpu_log_items; item->mask != 0; item++) {
1637 for(item = cpu_log_items; item->mask != 0; item++) {
1638 if (cmp1(p, p1 - p, item->name))
1652 void cpu_abort(CPUState *env, const char *fmt, ...)
1659 fprintf(stderr, "qemu: fatal: ");
1660 vfprintf(stderr, fmt, ap);
1661 fprintf(stderr, "\n");
1663 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1665 cpu_dump_state(env, stderr, fprintf, 0);
1667 if (qemu_log_enabled()) {
1668 qemu_log("qemu: fatal: ");
1669 qemu_log_vprintf(fmt, ap2);
1672 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1674 log_cpu_state(env, 0);
1684 CPUState *cpu_copy(CPUState *env)
1686 CPUState *new_env = cpu_init(env->cpu_model_str);
1687 CPUState *next_cpu = new_env->next_cpu;
1688 int cpu_index = new_env->cpu_index;
1689 #if defined(TARGET_HAS_ICE)
1694 memcpy(new_env, env, sizeof(CPUState));
1696 /* Preserve chaining and index. */
1697 new_env->next_cpu = next_cpu;
1698 new_env->cpu_index = cpu_index;
1700 /* Clone all break/watchpoints.
1701 Note: Once we support ptrace with hw-debug register access, make sure
1702 BP_CPU break/watchpoints are handled correctly on clone. */
1703 TAILQ_INIT(&env->breakpoints);
1704 TAILQ_INIT(&env->watchpoints);
1705 #if defined(TARGET_HAS_ICE)
1706 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1707 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1709 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1710 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1718 #if !defined(CONFIG_USER_ONLY)
1720 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1724 /* Discard jump cache entries for any tb which might potentially
1725 overlap the flushed page. */
1726 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1727 memset (&env->tb_jmp_cache[i], 0,
1728 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1730 i = tb_jmp_cache_hash_page(addr);
1731 memset (&env->tb_jmp_cache[i], 0,
1732 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1735 /* NOTE: if flush_global is true, also flush global entries (not
1737 void tlb_flush(CPUState *env, int flush_global)
1741 #if defined(DEBUG_TLB)
1742 printf("tlb_flush:\n");
1744 /* must reset current TB so that interrupts cannot modify the
1745 links while we are modifying them */
1746 env->current_tb = NULL;
1748 for(i = 0; i < CPU_TLB_SIZE; i++) {
1749 env->tlb_table[0][i].addr_read = -1;
1750 env->tlb_table[0][i].addr_write = -1;
1751 env->tlb_table[0][i].addr_code = -1;
1752 env->tlb_table[1][i].addr_read = -1;
1753 env->tlb_table[1][i].addr_write = -1;
1754 env->tlb_table[1][i].addr_code = -1;
1755 #if (NB_MMU_MODES >= 3)
1756 env->tlb_table[2][i].addr_read = -1;
1757 env->tlb_table[2][i].addr_write = -1;
1758 env->tlb_table[2][i].addr_code = -1;
1760 #if (NB_MMU_MODES >= 4)
1761 env->tlb_table[3][i].addr_read = -1;
1762 env->tlb_table[3][i].addr_write = -1;
1763 env->tlb_table[3][i].addr_code = -1;
1765 #if (NB_MMU_MODES >= 5)
1766 env->tlb_table[4][i].addr_read = -1;
1767 env->tlb_table[4][i].addr_write = -1;
1768 env->tlb_table[4][i].addr_code = -1;
1773 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1776 if (env->kqemu_enabled) {
1777 kqemu_flush(env, flush_global);
1783 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1785 if (addr == (tlb_entry->addr_read &
1786 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1787 addr == (tlb_entry->addr_write &
1788 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1789 addr == (tlb_entry->addr_code &
1790 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1791 tlb_entry->addr_read = -1;
1792 tlb_entry->addr_write = -1;
1793 tlb_entry->addr_code = -1;
1797 void tlb_flush_page(CPUState *env, target_ulong addr)
1801 #if defined(DEBUG_TLB)
1802 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1804 /* must reset current TB so that interrupts cannot modify the
1805 links while we are modifying them */
1806 env->current_tb = NULL;
1808 addr &= TARGET_PAGE_MASK;
1809 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1810 tlb_flush_entry(&env->tlb_table[0][i], addr);
1811 tlb_flush_entry(&env->tlb_table[1][i], addr);
1812 #if (NB_MMU_MODES >= 3)
1813 tlb_flush_entry(&env->tlb_table[2][i], addr);
1815 #if (NB_MMU_MODES >= 4)
1816 tlb_flush_entry(&env->tlb_table[3][i], addr);
1818 #if (NB_MMU_MODES >= 5)
1819 tlb_flush_entry(&env->tlb_table[4][i], addr);
1822 tlb_flush_jmp_cache(env, addr);
1825 if (env->kqemu_enabled) {
1826 kqemu_flush_page(env, addr);
1831 /* update the TLBs so that writes to code in the virtual page 'addr'
1833 static void tlb_protect_code(ram_addr_t ram_addr)
1835 cpu_physical_memory_reset_dirty(ram_addr,
1836 ram_addr + TARGET_PAGE_SIZE,
1840 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1841 tested for self modifying code */
1842 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1845 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1848 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1849 unsigned long start, unsigned long length)
1852 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1853 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1854 if ((addr - start) < length) {
1855 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1860 /* Note: start and end must be within the same ram block. */
1861 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1865 unsigned long length, start1;
1869 start &= TARGET_PAGE_MASK;
1870 end = TARGET_PAGE_ALIGN(end);
1872 length = end - start;
1875 len = length >> TARGET_PAGE_BITS;
1877 /* XXX: should not depend on cpu context */
1879 if (env->kqemu_enabled) {
1882 for(i = 0; i < len; i++) {
1883 kqemu_set_notdirty(env, addr);
1884 addr += TARGET_PAGE_SIZE;
1888 mask = ~dirty_flags;
1889 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1890 for(i = 0; i < len; i++)
1893 /* we modify the TLB cache so that the dirty bit will be set again
1894 when accessing the range */
1895 start1 = (unsigned long)qemu_get_ram_ptr(start);
1896 /* Chek that we don't span multiple blocks - this breaks the
1897 address comparisons below. */
1898 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
1899 != (end - 1) - start) {
1903 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1904 for(i = 0; i < CPU_TLB_SIZE; i++)
1905 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1906 for(i = 0; i < CPU_TLB_SIZE; i++)
1907 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1908 #if (NB_MMU_MODES >= 3)
1909 for(i = 0; i < CPU_TLB_SIZE; i++)
1910 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1912 #if (NB_MMU_MODES >= 4)
1913 for(i = 0; i < CPU_TLB_SIZE; i++)
1914 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1916 #if (NB_MMU_MODES >= 5)
1917 for(i = 0; i < CPU_TLB_SIZE; i++)
1918 tlb_reset_dirty_range(&env->tlb_table[4][i], start1, length);
1923 int cpu_physical_memory_set_dirty_tracking(int enable)
1925 in_migration = enable;
1929 int cpu_physical_memory_get_dirty_tracking(void)
1931 return in_migration;
1934 void cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr, target_phys_addr_t end_addr)
1937 kvm_physical_sync_dirty_bitmap(start_addr, end_addr);
1940 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1942 ram_addr_t ram_addr;
1945 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1946 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
1947 + tlb_entry->addend);
1948 ram_addr = qemu_ram_addr_from_host(p);
1949 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1950 tlb_entry->addr_write |= TLB_NOTDIRTY;
1955 /* update the TLB according to the current state of the dirty bits */
1956 void cpu_tlb_update_dirty(CPUState *env)
1959 for(i = 0; i < CPU_TLB_SIZE; i++)
1960 tlb_update_dirty(&env->tlb_table[0][i]);
1961 for(i = 0; i < CPU_TLB_SIZE; i++)
1962 tlb_update_dirty(&env->tlb_table[1][i]);
1963 #if (NB_MMU_MODES >= 3)
1964 for(i = 0; i < CPU_TLB_SIZE; i++)
1965 tlb_update_dirty(&env->tlb_table[2][i]);
1967 #if (NB_MMU_MODES >= 4)
1968 for(i = 0; i < CPU_TLB_SIZE; i++)
1969 tlb_update_dirty(&env->tlb_table[3][i]);
1971 #if (NB_MMU_MODES >= 5)
1972 for(i = 0; i < CPU_TLB_SIZE; i++)
1973 tlb_update_dirty(&env->tlb_table[4][i]);
1977 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1979 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1980 tlb_entry->addr_write = vaddr;
1983 /* update the TLB corresponding to virtual page vaddr
1984 so that it is no longer dirty */
1985 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1989 vaddr &= TARGET_PAGE_MASK;
1990 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1991 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1992 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1993 #if (NB_MMU_MODES >= 3)
1994 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1996 #if (NB_MMU_MODES >= 4)
1997 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1999 #if (NB_MMU_MODES >= 5)
2000 tlb_set_dirty1(&env->tlb_table[4][i], vaddr);
2004 /* add a new TLB entry. At most one entry for a given virtual address
2005 is permitted. Return 0 if OK or 2 if the page could not be mapped
2006 (can only happen in non SOFTMMU mode for I/O pages or pages
2007 conflicting with the host address space). */
2008 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2009 target_phys_addr_t paddr, int prot,
2010 int mmu_idx, int is_softmmu)
2015 target_ulong address;
2016 target_ulong code_address;
2017 target_phys_addr_t addend;
2021 target_phys_addr_t iotlb;
2023 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2025 pd = IO_MEM_UNASSIGNED;
2027 pd = p->phys_offset;
2029 #if defined(DEBUG_TLB)
2030 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2031 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2036 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2037 /* IO memory case (romd handled later) */
2038 address |= TLB_MMIO;
2040 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2041 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2043 iotlb = pd & TARGET_PAGE_MASK;
2044 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2045 iotlb |= IO_MEM_NOTDIRTY;
2047 iotlb |= IO_MEM_ROM;
2049 /* IO handlers are currently passed a phsical address.
2050 It would be nice to pass an offset from the base address
2051 of that region. This would avoid having to special case RAM,
2052 and avoid full address decoding in every device.
2053 We can't use the high bits of pd for this because
2054 IO_MEM_ROMD uses these as a ram address. */
2055 iotlb = (pd & ~TARGET_PAGE_MASK);
2057 iotlb += p->region_offset;
2063 code_address = address;
2064 /* Make accesses to pages with watchpoints go via the
2065 watchpoint trap routines. */
2066 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2067 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2068 iotlb = io_mem_watch + paddr;
2069 /* TODO: The memory case can be optimized by not trapping
2070 reads of pages with a write breakpoint. */
2071 address |= TLB_MMIO;
2075 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2076 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2077 te = &env->tlb_table[mmu_idx][index];
2078 te->addend = addend - vaddr;
2079 if (prot & PAGE_READ) {
2080 te->addr_read = address;
2085 if (prot & PAGE_EXEC) {
2086 te->addr_code = code_address;
2090 if (prot & PAGE_WRITE) {
2091 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2092 (pd & IO_MEM_ROMD)) {
2093 /* Write access calls the I/O callback. */
2094 te->addr_write = address | TLB_MMIO;
2095 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2096 !cpu_physical_memory_is_dirty(pd)) {
2097 te->addr_write = address | TLB_NOTDIRTY;
2099 te->addr_write = address;
2102 te->addr_write = -1;
2109 void tlb_flush(CPUState *env, int flush_global)
2113 void tlb_flush_page(CPUState *env, target_ulong addr)
2117 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2118 target_phys_addr_t paddr, int prot,
2119 int mmu_idx, int is_softmmu)
2124 /* dump memory mappings */
2125 void page_dump(FILE *f)
2127 unsigned long start, end;
2128 int i, j, prot, prot1;
2131 fprintf(f, "%-8s %-8s %-8s %s\n",
2132 "start", "end", "size", "prot");
2136 for(i = 0; i <= L1_SIZE; i++) {
2141 for(j = 0;j < L2_SIZE; j++) {
2146 if (prot1 != prot) {
2147 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2149 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2150 start, end, end - start,
2151 prot & PAGE_READ ? 'r' : '-',
2152 prot & PAGE_WRITE ? 'w' : '-',
2153 prot & PAGE_EXEC ? 'x' : '-');
2167 int page_get_flags(target_ulong address)
2171 p = page_find(address >> TARGET_PAGE_BITS);
2177 /* modify the flags of a page and invalidate the code if
2178 necessary. The flag PAGE_WRITE_ORG is positionned automatically
2179 depending on PAGE_WRITE */
2180 void page_set_flags(target_ulong start, target_ulong end, int flags)
2185 /* mmap_lock should already be held. */
2186 start = start & TARGET_PAGE_MASK;
2187 end = TARGET_PAGE_ALIGN(end);
2188 if (flags & PAGE_WRITE)
2189 flags |= PAGE_WRITE_ORG;
2190 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2191 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2192 /* We may be called for host regions that are outside guest
2196 /* if the write protection is set, then we invalidate the code
2198 if (!(p->flags & PAGE_WRITE) &&
2199 (flags & PAGE_WRITE) &&
2201 tb_invalidate_phys_page(addr, 0, NULL);
2207 int page_check_range(target_ulong start, target_ulong len, int flags)
2213 if (start + len < start)
2214 /* we've wrapped around */
2217 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2218 start = start & TARGET_PAGE_MASK;
2220 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2221 p = page_find(addr >> TARGET_PAGE_BITS);
2224 if( !(p->flags & PAGE_VALID) )
2227 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2229 if (flags & PAGE_WRITE) {
2230 if (!(p->flags & PAGE_WRITE_ORG))
2232 /* unprotect the page if it was put read-only because it
2233 contains translated code */
2234 if (!(p->flags & PAGE_WRITE)) {
2235 if (!page_unprotect(addr, 0, NULL))
2244 /* called from signal handler: invalidate the code and unprotect the
2245 page. Return TRUE if the fault was succesfully handled. */
2246 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2248 unsigned int page_index, prot, pindex;
2250 target_ulong host_start, host_end, addr;
2252 /* Technically this isn't safe inside a signal handler. However we
2253 know this only ever happens in a synchronous SEGV handler, so in
2254 practice it seems to be ok. */
2257 host_start = address & qemu_host_page_mask;
2258 page_index = host_start >> TARGET_PAGE_BITS;
2259 p1 = page_find(page_index);
2264 host_end = host_start + qemu_host_page_size;
2267 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2271 /* if the page was really writable, then we change its
2272 protection back to writable */
2273 if (prot & PAGE_WRITE_ORG) {
2274 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2275 if (!(p1[pindex].flags & PAGE_WRITE)) {
2276 mprotect((void *)g2h(host_start), qemu_host_page_size,
2277 (prot & PAGE_BITS) | PAGE_WRITE);
2278 p1[pindex].flags |= PAGE_WRITE;
2279 /* and since the content will be modified, we must invalidate
2280 the corresponding translated code. */
2281 tb_invalidate_phys_page(address, pc, puc);
2282 #ifdef DEBUG_TB_CHECK
2283 tb_invalidate_check(address);
2293 static inline void tlb_set_dirty(CPUState *env,
2294 unsigned long addr, target_ulong vaddr)
2297 #endif /* defined(CONFIG_USER_ONLY) */
2299 #if !defined(CONFIG_USER_ONLY)
2301 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2302 ram_addr_t memory, ram_addr_t region_offset);
2303 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2304 ram_addr_t orig_memory, ram_addr_t region_offset);
2305 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2308 if (addr > start_addr) \
2311 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2312 if (start_addr2 > 0) \
2316 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2317 end_addr2 = TARGET_PAGE_SIZE - 1; \
2319 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2320 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2325 /* register physical memory. 'size' must be a multiple of the target
2326 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2327 io memory page. The address used when calling the IO function is
2328 the offset from the start of the region, plus region_offset. Both
2329 start_region and regon_offset are rounded down to a page boundary
2330 before calculating this offset. This should not be a problem unless
2331 the low bits of start_addr and region_offset differ. */
2332 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2334 ram_addr_t phys_offset,
2335 ram_addr_t region_offset)
2337 target_phys_addr_t addr, end_addr;
2340 ram_addr_t orig_size = size;
2344 /* XXX: should not depend on cpu context */
2346 if (env->kqemu_enabled) {
2347 kqemu_set_phys_mem(start_addr, size, phys_offset);
2351 kvm_set_phys_mem(start_addr, size, phys_offset);
2353 if (phys_offset == IO_MEM_UNASSIGNED) {
2354 region_offset = start_addr;
2356 region_offset &= TARGET_PAGE_MASK;
2357 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2358 end_addr = start_addr + (target_phys_addr_t)size;
2359 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2360 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2361 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2362 ram_addr_t orig_memory = p->phys_offset;
2363 target_phys_addr_t start_addr2, end_addr2;
2364 int need_subpage = 0;
2366 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2368 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2369 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2370 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2371 &p->phys_offset, orig_memory,
2374 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2377 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2379 p->region_offset = 0;
2381 p->phys_offset = phys_offset;
2382 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2383 (phys_offset & IO_MEM_ROMD))
2384 phys_offset += TARGET_PAGE_SIZE;
2387 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2388 p->phys_offset = phys_offset;
2389 p->region_offset = region_offset;
2390 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2391 (phys_offset & IO_MEM_ROMD)) {
2392 phys_offset += TARGET_PAGE_SIZE;
2394 target_phys_addr_t start_addr2, end_addr2;
2395 int need_subpage = 0;
2397 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2398 end_addr2, need_subpage);
2400 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2401 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2402 &p->phys_offset, IO_MEM_UNASSIGNED,
2403 addr & TARGET_PAGE_MASK);
2404 subpage_register(subpage, start_addr2, end_addr2,
2405 phys_offset, region_offset);
2406 p->region_offset = 0;
2410 region_offset += TARGET_PAGE_SIZE;
2413 /* since each CPU stores ram addresses in its TLB cache, we must
2414 reset the modified entries */
2416 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2421 /* XXX: temporary until new memory mapping API */
2422 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2426 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2428 return IO_MEM_UNASSIGNED;
2429 return p->phys_offset;
2432 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2435 kvm_coalesce_mmio_region(addr, size);
2438 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2441 kvm_uncoalesce_mmio_region(addr, size);
2445 /* XXX: better than nothing */
2446 static ram_addr_t kqemu_ram_alloc(ram_addr_t size)
2449 if ((last_ram_offset + size) > kqemu_phys_ram_size) {
2450 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2451 (uint64_t)size, (uint64_t)kqemu_phys_ram_size);
2454 addr = last_ram_offset;
2455 last_ram_offset = TARGET_PAGE_ALIGN(last_ram_offset + size);
2460 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2462 RAMBlock *new_block;
2465 if (kqemu_phys_ram_base) {
2466 return kqemu_ram_alloc(size);
2470 size = TARGET_PAGE_ALIGN(size);
2471 new_block = qemu_malloc(sizeof(*new_block));
2473 new_block->host = qemu_vmalloc(size);
2474 new_block->offset = last_ram_offset;
2475 new_block->length = size;
2477 new_block->next = ram_blocks;
2478 ram_blocks = new_block;
2480 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2481 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2482 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2483 0xff, size >> TARGET_PAGE_BITS);
2485 last_ram_offset += size;
2487 return new_block->offset;
2490 void qemu_ram_free(ram_addr_t addr)
2492 /* TODO: implement this. */
2495 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2496 With the exception of the softmmu code in this file, this should
2497 only be used for local memory (e.g. video ram) that the device owns,
2498 and knows it isn't going to access beyond the end of the block.
2500 It should not be used for general purpose DMA.
2501 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2503 void *qemu_get_ram_ptr(ram_addr_t addr)
2510 if (kqemu_phys_ram_base) {
2511 return kqemu_phys_ram_base + addr;
2516 prevp = &ram_blocks;
2518 while (block && (block->offset > addr
2519 || block->offset + block->length <= addr)) {
2521 prevp = &prev->next;
2523 block = block->next;
2526 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2529 /* Move this entry to to start of the list. */
2531 prev->next = block->next;
2532 block->next = *prevp;
2535 return block->host + (addr - block->offset);
2538 /* Some of the softmmu routines need to translate from a host pointer
2539 (typically a TLB entry) back to a ram offset. */
2540 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2545 uint8_t *host = ptr;
2548 if (kqemu_phys_ram_base) {
2549 return host - kqemu_phys_ram_base;
2554 prevp = &ram_blocks;
2556 while (block && (block->host > host
2557 || block->host + block->length <= host)) {
2559 prevp = &prev->next;
2561 block = block->next;
2564 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2567 return block->offset + (host - block->host);
2570 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2572 #ifdef DEBUG_UNASSIGNED
2573 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2575 #if defined(TARGET_SPARC)
2576 do_unassigned_access(addr, 0, 0, 0, 1);
2581 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2583 #ifdef DEBUG_UNASSIGNED
2584 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2586 #if defined(TARGET_SPARC)
2587 do_unassigned_access(addr, 0, 0, 0, 2);
2592 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2594 #ifdef DEBUG_UNASSIGNED
2595 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2597 #if defined(TARGET_SPARC)
2598 do_unassigned_access(addr, 0, 0, 0, 4);
2603 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2605 #ifdef DEBUG_UNASSIGNED
2606 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2608 #if defined(TARGET_SPARC)
2609 do_unassigned_access(addr, 1, 0, 0, 1);
2613 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2615 #ifdef DEBUG_UNASSIGNED
2616 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2618 #if defined(TARGET_SPARC)
2619 do_unassigned_access(addr, 1, 0, 0, 2);
2623 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2625 #ifdef DEBUG_UNASSIGNED
2626 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2628 #if defined(TARGET_SPARC)
2629 do_unassigned_access(addr, 1, 0, 0, 4);
2633 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2634 unassigned_mem_readb,
2635 unassigned_mem_readw,
2636 unassigned_mem_readl,
2639 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2640 unassigned_mem_writeb,
2641 unassigned_mem_writew,
2642 unassigned_mem_writel,
2645 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2649 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2650 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2651 #if !defined(CONFIG_USER_ONLY)
2652 tb_invalidate_phys_page_fast(ram_addr, 1);
2653 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2656 stb_p(qemu_get_ram_ptr(ram_addr), val);
2658 if (cpu_single_env->kqemu_enabled &&
2659 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2660 kqemu_modify_page(cpu_single_env, ram_addr);
2662 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2663 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2664 /* we remove the notdirty callback only if the code has been
2666 if (dirty_flags == 0xff)
2667 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2670 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2674 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2675 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2676 #if !defined(CONFIG_USER_ONLY)
2677 tb_invalidate_phys_page_fast(ram_addr, 2);
2678 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2681 stw_p(qemu_get_ram_ptr(ram_addr), val);
2683 if (cpu_single_env->kqemu_enabled &&
2684 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2685 kqemu_modify_page(cpu_single_env, ram_addr);
2687 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2688 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2689 /* we remove the notdirty callback only if the code has been
2691 if (dirty_flags == 0xff)
2692 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2695 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2699 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2700 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2701 #if !defined(CONFIG_USER_ONLY)
2702 tb_invalidate_phys_page_fast(ram_addr, 4);
2703 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2706 stl_p(qemu_get_ram_ptr(ram_addr), val);
2708 if (cpu_single_env->kqemu_enabled &&
2709 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2710 kqemu_modify_page(cpu_single_env, ram_addr);
2712 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2713 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2714 /* we remove the notdirty callback only if the code has been
2716 if (dirty_flags == 0xff)
2717 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2720 static CPUReadMemoryFunc *error_mem_read[3] = {
2721 NULL, /* never used */
2722 NULL, /* never used */
2723 NULL, /* never used */
2726 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2727 notdirty_mem_writeb,
2728 notdirty_mem_writew,
2729 notdirty_mem_writel,
2732 /* Generate a debug exception if a watchpoint has been hit. */
2733 static void check_watchpoint(int offset, int len_mask, int flags)
2735 CPUState *env = cpu_single_env;
2736 target_ulong pc, cs_base;
2737 TranslationBlock *tb;
2742 if (env->watchpoint_hit) {
2743 /* We re-entered the check after replacing the TB. Now raise
2744 * the debug interrupt so that is will trigger after the
2745 * current instruction. */
2746 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2749 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2750 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2751 if ((vaddr == (wp->vaddr & len_mask) ||
2752 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2753 wp->flags |= BP_WATCHPOINT_HIT;
2754 if (!env->watchpoint_hit) {
2755 env->watchpoint_hit = wp;
2756 tb = tb_find_pc(env->mem_io_pc);
2758 cpu_abort(env, "check_watchpoint: could not find TB for "
2759 "pc=%p", (void *)env->mem_io_pc);
2761 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2762 tb_phys_invalidate(tb, -1);
2763 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2764 env->exception_index = EXCP_DEBUG;
2766 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2767 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2769 cpu_resume_from_signal(env, NULL);
2772 wp->flags &= ~BP_WATCHPOINT_HIT;
2777 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2778 so these check for a hit then pass through to the normal out-of-line
2780 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2782 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2783 return ldub_phys(addr);
2786 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2788 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2789 return lduw_phys(addr);
2792 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2794 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2795 return ldl_phys(addr);
2798 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2801 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2802 stb_phys(addr, val);
2805 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2808 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2809 stw_phys(addr, val);
2812 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2815 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2816 stl_phys(addr, val);
2819 static CPUReadMemoryFunc *watch_mem_read[3] = {
2825 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2831 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2837 idx = SUBPAGE_IDX(addr);
2838 #if defined(DEBUG_SUBPAGE)
2839 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2840 mmio, len, addr, idx);
2842 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2843 addr + mmio->region_offset[idx][0][len]);
2848 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2849 uint32_t value, unsigned int len)
2853 idx = SUBPAGE_IDX(addr);
2854 #if defined(DEBUG_SUBPAGE)
2855 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2856 mmio, len, addr, idx, value);
2858 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2859 addr + mmio->region_offset[idx][1][len],
2863 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2865 #if defined(DEBUG_SUBPAGE)
2866 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2869 return subpage_readlen(opaque, addr, 0);
2872 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2875 #if defined(DEBUG_SUBPAGE)
2876 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2878 subpage_writelen(opaque, addr, value, 0);
2881 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2883 #if defined(DEBUG_SUBPAGE)
2884 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2887 return subpage_readlen(opaque, addr, 1);
2890 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2893 #if defined(DEBUG_SUBPAGE)
2894 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2896 subpage_writelen(opaque, addr, value, 1);
2899 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2901 #if defined(DEBUG_SUBPAGE)
2902 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2905 return subpage_readlen(opaque, addr, 2);
2908 static void subpage_writel (void *opaque,
2909 target_phys_addr_t addr, uint32_t value)
2911 #if defined(DEBUG_SUBPAGE)
2912 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2914 subpage_writelen(opaque, addr, value, 2);
2917 static CPUReadMemoryFunc *subpage_read[] = {
2923 static CPUWriteMemoryFunc *subpage_write[] = {
2929 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2930 ram_addr_t memory, ram_addr_t region_offset)
2935 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2937 idx = SUBPAGE_IDX(start);
2938 eidx = SUBPAGE_IDX(end);
2939 #if defined(DEBUG_SUBPAGE)
2940 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2941 mmio, start, end, idx, eidx, memory);
2943 memory >>= IO_MEM_SHIFT;
2944 for (; idx <= eidx; idx++) {
2945 for (i = 0; i < 4; i++) {
2946 if (io_mem_read[memory][i]) {
2947 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2948 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2949 mmio->region_offset[idx][0][i] = region_offset;
2951 if (io_mem_write[memory][i]) {
2952 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2953 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2954 mmio->region_offset[idx][1][i] = region_offset;
2962 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2963 ram_addr_t orig_memory, ram_addr_t region_offset)
2968 mmio = qemu_mallocz(sizeof(subpage_t));
2971 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2972 #if defined(DEBUG_SUBPAGE)
2973 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2974 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2976 *phys = subpage_memory | IO_MEM_SUBPAGE;
2977 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
2983 static int get_free_io_mem_idx(void)
2987 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
2988 if (!io_mem_used[i]) {
2996 static void io_mem_init(void)
3000 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
3001 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
3002 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
3006 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
3007 watch_mem_write, NULL);
3009 if (kqemu_phys_ram_base) {
3010 /* alloc dirty bits array */
3011 phys_ram_dirty = qemu_vmalloc(kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3012 memset(phys_ram_dirty, 0xff, kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3017 /* mem_read and mem_write are arrays of functions containing the
3018 function to access byte (index 0), word (index 1) and dword (index
3019 2). Functions can be omitted with a NULL function pointer. The
3020 registered functions may be modified dynamically later.
3021 If io_index is non zero, the corresponding io zone is
3022 modified. If it is zero, a new io zone is allocated. The return
3023 value can be used with cpu_register_physical_memory(). (-1) is
3024 returned if error. */
3025 int cpu_register_io_memory(int io_index,
3026 CPUReadMemoryFunc **mem_read,
3027 CPUWriteMemoryFunc **mem_write,
3030 int i, subwidth = 0;
3032 if (io_index <= 0) {
3033 io_index = get_free_io_mem_idx();
3037 if (io_index >= IO_MEM_NB_ENTRIES)
3041 for(i = 0;i < 3; i++) {
3042 if (!mem_read[i] || !mem_write[i])
3043 subwidth = IO_MEM_SUBWIDTH;
3044 io_mem_read[io_index][i] = mem_read[i];
3045 io_mem_write[io_index][i] = mem_write[i];
3047 io_mem_opaque[io_index] = opaque;
3048 return (io_index << IO_MEM_SHIFT) | subwidth;
3051 void cpu_unregister_io_memory(int io_table_address)
3054 int io_index = io_table_address >> IO_MEM_SHIFT;
3056 for (i=0;i < 3; i++) {
3057 io_mem_read[io_index][i] = unassigned_mem_read[i];
3058 io_mem_write[io_index][i] = unassigned_mem_write[i];
3060 io_mem_opaque[io_index] = NULL;
3061 io_mem_used[io_index] = 0;
3064 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
3066 return io_mem_write[io_index >> IO_MEM_SHIFT];
3069 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
3071 return io_mem_read[io_index >> IO_MEM_SHIFT];
3074 #endif /* !defined(CONFIG_USER_ONLY) */
3076 /* physical memory access (slow version, mainly for debug) */
3077 #if defined(CONFIG_USER_ONLY)
3078 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3079 int len, int is_write)
3086 page = addr & TARGET_PAGE_MASK;
3087 l = (page + TARGET_PAGE_SIZE) - addr;
3090 flags = page_get_flags(page);
3091 if (!(flags & PAGE_VALID))
3094 if (!(flags & PAGE_WRITE))
3096 /* XXX: this code should not depend on lock_user */
3097 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3098 /* FIXME - should this return an error rather than just fail? */
3101 unlock_user(p, addr, l);
3103 if (!(flags & PAGE_READ))
3105 /* XXX: this code should not depend on lock_user */
3106 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3107 /* FIXME - should this return an error rather than just fail? */
3110 unlock_user(p, addr, 0);
3119 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3120 int len, int is_write)
3125 target_phys_addr_t page;
3130 page = addr & TARGET_PAGE_MASK;
3131 l = (page + TARGET_PAGE_SIZE) - addr;
3134 p = phys_page_find(page >> TARGET_PAGE_BITS);
3136 pd = IO_MEM_UNASSIGNED;
3138 pd = p->phys_offset;
3142 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3143 target_phys_addr_t addr1 = addr;
3144 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3146 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3147 /* XXX: could force cpu_single_env to NULL to avoid
3149 if (l >= 4 && ((addr1 & 3) == 0)) {
3150 /* 32 bit write access */
3152 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3154 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3155 /* 16 bit write access */
3157 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3160 /* 8 bit write access */
3162 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3166 unsigned long addr1;
3167 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3169 ptr = qemu_get_ram_ptr(addr1);
3170 memcpy(ptr, buf, l);
3171 if (!cpu_physical_memory_is_dirty(addr1)) {
3172 /* invalidate code */
3173 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3175 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3176 (0xff & ~CODE_DIRTY_FLAG);
3180 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3181 !(pd & IO_MEM_ROMD)) {
3182 target_phys_addr_t addr1 = addr;
3184 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3186 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3187 if (l >= 4 && ((addr1 & 3) == 0)) {
3188 /* 32 bit read access */
3189 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3192 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3193 /* 16 bit read access */
3194 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3198 /* 8 bit read access */
3199 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3205 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3206 (addr & ~TARGET_PAGE_MASK);
3207 memcpy(buf, ptr, l);
3216 /* used for ROM loading : can write in RAM and ROM */
3217 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3218 const uint8_t *buf, int len)
3222 target_phys_addr_t page;
3227 page = addr & TARGET_PAGE_MASK;
3228 l = (page + TARGET_PAGE_SIZE) - addr;
3231 p = phys_page_find(page >> TARGET_PAGE_BITS);
3233 pd = IO_MEM_UNASSIGNED;
3235 pd = p->phys_offset;
3238 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3239 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3240 !(pd & IO_MEM_ROMD)) {
3243 unsigned long addr1;
3244 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3246 ptr = qemu_get_ram_ptr(addr1);
3247 memcpy(ptr, buf, l);
3257 target_phys_addr_t addr;
3258 target_phys_addr_t len;
3261 static BounceBuffer bounce;
3263 typedef struct MapClient {
3265 void (*callback)(void *opaque);
3266 LIST_ENTRY(MapClient) link;
3269 static LIST_HEAD(map_client_list, MapClient) map_client_list
3270 = LIST_HEAD_INITIALIZER(map_client_list);
3272 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3274 MapClient *client = qemu_malloc(sizeof(*client));
3276 client->opaque = opaque;
3277 client->callback = callback;
3278 LIST_INSERT_HEAD(&map_client_list, client, link);
3282 void cpu_unregister_map_client(void *_client)
3284 MapClient *client = (MapClient *)_client;
3286 LIST_REMOVE(client, link);
3289 static void cpu_notify_map_clients(void)
3293 while (!LIST_EMPTY(&map_client_list)) {
3294 client = LIST_FIRST(&map_client_list);
3295 client->callback(client->opaque);
3296 LIST_REMOVE(client, link);
3300 /* Map a physical memory region into a host virtual address.
3301 * May map a subset of the requested range, given by and returned in *plen.
3302 * May return NULL if resources needed to perform the mapping are exhausted.
3303 * Use only for reads OR writes - not for read-modify-write operations.
3304 * Use cpu_register_map_client() to know when retrying the map operation is
3305 * likely to succeed.
3307 void *cpu_physical_memory_map(target_phys_addr_t addr,
3308 target_phys_addr_t *plen,
3311 target_phys_addr_t len = *plen;
3312 target_phys_addr_t done = 0;
3314 uint8_t *ret = NULL;
3316 target_phys_addr_t page;
3319 unsigned long addr1;
3322 page = addr & TARGET_PAGE_MASK;
3323 l = (page + TARGET_PAGE_SIZE) - addr;
3326 p = phys_page_find(page >> TARGET_PAGE_BITS);
3328 pd = IO_MEM_UNASSIGNED;
3330 pd = p->phys_offset;
3333 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3334 if (done || bounce.buffer) {
3337 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3341 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3343 ptr = bounce.buffer;
3345 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3346 ptr = qemu_get_ram_ptr(addr1);
3350 } else if (ret + done != ptr) {
3362 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3363 * Will also mark the memory as dirty if is_write == 1. access_len gives
3364 * the amount of memory that was actually read or written by the caller.
3366 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3367 int is_write, target_phys_addr_t access_len)
3369 if (buffer != bounce.buffer) {
3371 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3372 while (access_len) {
3374 l = TARGET_PAGE_SIZE;
3377 if (!cpu_physical_memory_is_dirty(addr1)) {
3378 /* invalidate code */
3379 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3381 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3382 (0xff & ~CODE_DIRTY_FLAG);
3391 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3393 qemu_free(bounce.buffer);
3394 bounce.buffer = NULL;
3395 cpu_notify_map_clients();
3398 /* warning: addr must be aligned */
3399 uint32_t ldl_phys(target_phys_addr_t addr)
3407 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3409 pd = IO_MEM_UNASSIGNED;
3411 pd = p->phys_offset;
3414 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3415 !(pd & IO_MEM_ROMD)) {
3417 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3419 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3420 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3423 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3424 (addr & ~TARGET_PAGE_MASK);
3430 /* warning: addr must be aligned */
3431 uint64_t ldq_phys(target_phys_addr_t addr)
3439 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3441 pd = IO_MEM_UNASSIGNED;
3443 pd = p->phys_offset;
3446 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3447 !(pd & IO_MEM_ROMD)) {
3449 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3451 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3452 #ifdef TARGET_WORDS_BIGENDIAN
3453 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3454 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3456 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3457 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3461 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3462 (addr & ~TARGET_PAGE_MASK);
3469 uint32_t ldub_phys(target_phys_addr_t addr)
3472 cpu_physical_memory_read(addr, &val, 1);
3477 uint32_t lduw_phys(target_phys_addr_t addr)
3480 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3481 return tswap16(val);
3484 /* warning: addr must be aligned. The ram page is not masked as dirty
3485 and the code inside is not invalidated. It is useful if the dirty
3486 bits are used to track modified PTEs */
3487 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3494 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3496 pd = IO_MEM_UNASSIGNED;
3498 pd = p->phys_offset;
3501 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3502 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3504 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3505 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3507 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3508 ptr = qemu_get_ram_ptr(addr1);
3511 if (unlikely(in_migration)) {
3512 if (!cpu_physical_memory_is_dirty(addr1)) {
3513 /* invalidate code */
3514 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3516 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3517 (0xff & ~CODE_DIRTY_FLAG);
3523 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3530 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3532 pd = IO_MEM_UNASSIGNED;
3534 pd = p->phys_offset;
3537 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3538 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3540 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3541 #ifdef TARGET_WORDS_BIGENDIAN
3542 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3543 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3545 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3546 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3549 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3550 (addr & ~TARGET_PAGE_MASK);
3555 /* warning: addr must be aligned */
3556 void stl_phys(target_phys_addr_t addr, uint32_t val)
3563 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3565 pd = IO_MEM_UNASSIGNED;
3567 pd = p->phys_offset;
3570 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3571 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3573 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3574 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3576 unsigned long addr1;
3577 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3579 ptr = qemu_get_ram_ptr(addr1);
3581 if (!cpu_physical_memory_is_dirty(addr1)) {
3582 /* invalidate code */
3583 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3585 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3586 (0xff & ~CODE_DIRTY_FLAG);
3592 void stb_phys(target_phys_addr_t addr, uint32_t val)
3595 cpu_physical_memory_write(addr, &v, 1);
3599 void stw_phys(target_phys_addr_t addr, uint32_t val)
3601 uint16_t v = tswap16(val);
3602 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3606 void stq_phys(target_phys_addr_t addr, uint64_t val)
3609 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3614 /* virtual memory access for debug (includes writing to ROM) */
3615 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3616 uint8_t *buf, int len, int is_write)
3619 target_phys_addr_t phys_addr;
3623 page = addr & TARGET_PAGE_MASK;
3624 phys_addr = cpu_get_phys_page_debug(env, page);
3625 /* if no physical page mapped, return an error */
3626 if (phys_addr == -1)
3628 l = (page + TARGET_PAGE_SIZE) - addr;
3631 phys_addr += (addr & ~TARGET_PAGE_MASK);
3632 #if !defined(CONFIG_USER_ONLY)
3634 cpu_physical_memory_write_rom(phys_addr, buf, l);
3637 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3645 /* in deterministic execution mode, instructions doing device I/Os
3646 must be at the end of the TB */
3647 void cpu_io_recompile(CPUState *env, void *retaddr)
3649 TranslationBlock *tb;
3651 target_ulong pc, cs_base;
3654 tb = tb_find_pc((unsigned long)retaddr);
3656 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3659 n = env->icount_decr.u16.low + tb->icount;
3660 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3661 /* Calculate how many instructions had been executed before the fault
3663 n = n - env->icount_decr.u16.low;
3664 /* Generate a new TB ending on the I/O insn. */
3666 /* On MIPS and SH, delay slot instructions can only be restarted if
3667 they were already the first instruction in the TB. If this is not
3668 the first instruction in a TB then re-execute the preceding
3670 #if defined(TARGET_MIPS)
3671 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3672 env->active_tc.PC -= 4;
3673 env->icount_decr.u16.low++;
3674 env->hflags &= ~MIPS_HFLAG_BMASK;
3676 #elif defined(TARGET_SH4)
3677 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3680 env->icount_decr.u16.low++;
3681 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3684 /* This should never happen. */
3685 if (n > CF_COUNT_MASK)
3686 cpu_abort(env, "TB too big during recompile");
3688 cflags = n | CF_LAST_IO;
3690 cs_base = tb->cs_base;
3692 tb_phys_invalidate(tb, -1);
3693 /* FIXME: In theory this could raise an exception. In practice
3694 we have already translated the block once so it's probably ok. */
3695 tb_gen_code(env, pc, cs_base, flags, cflags);
3696 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3697 the first in the TB) then we end up generating a whole new TB and
3698 repeating the fault, which is horribly inefficient.
3699 Better would be to execute just this insn uncached, or generate a
3701 cpu_resume_from_signal(env, NULL);
3704 void dump_exec_info(FILE *f,
3705 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3707 int i, target_code_size, max_target_code_size;
3708 int direct_jmp_count, direct_jmp2_count, cross_page;
3709 TranslationBlock *tb;
3711 target_code_size = 0;
3712 max_target_code_size = 0;
3714 direct_jmp_count = 0;
3715 direct_jmp2_count = 0;
3716 for(i = 0; i < nb_tbs; i++) {
3718 target_code_size += tb->size;
3719 if (tb->size > max_target_code_size)
3720 max_target_code_size = tb->size;
3721 if (tb->page_addr[1] != -1)
3723 if (tb->tb_next_offset[0] != 0xffff) {
3725 if (tb->tb_next_offset[1] != 0xffff) {
3726 direct_jmp2_count++;
3730 /* XXX: avoid using doubles ? */
3731 cpu_fprintf(f, "Translation buffer state:\n");
3732 cpu_fprintf(f, "gen code size %ld/%ld\n",
3733 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3734 cpu_fprintf(f, "TB count %d/%d\n",
3735 nb_tbs, code_gen_max_blocks);
3736 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3737 nb_tbs ? target_code_size / nb_tbs : 0,
3738 max_target_code_size);
3739 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3740 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3741 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3742 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3744 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3745 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3747 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3749 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3750 cpu_fprintf(f, "\nStatistics:\n");
3751 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3752 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3753 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3754 tcg_dump_info(f, cpu_fprintf);
3757 #if !defined(CONFIG_USER_ONLY)
3759 #define MMUSUFFIX _cmmu
3760 #define GETPC() NULL
3761 #define env cpu_single_env
3762 #define SOFTMMU_CODE_ACCESS
3765 #include "softmmu_template.h"
3768 #include "softmmu_template.h"
3771 #include "softmmu_template.h"
3774 #include "softmmu_template.h"
projects / qemu / blob