2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
24 #include <sys/types.h>
37 #include "qemu-common.h"
42 #if defined(CONFIG_USER_ONLY)
46 //#define DEBUG_TB_INVALIDATE
49 //#define DEBUG_UNASSIGNED
51 /* make various TB consistency checks */
52 //#define DEBUG_TB_CHECK
53 //#define DEBUG_TLB_CHECK
55 //#define DEBUG_IOPORT
56 //#define DEBUG_SUBPAGE
58 #if !defined(CONFIG_USER_ONLY)
59 /* TB consistency checks only implemented for usermode emulation. */
63 #define SMC_BITMAP_USE_THRESHOLD 10
65 #if defined(TARGET_SPARC64)
66 #define TARGET_PHYS_ADDR_SPACE_BITS 41
67 #elif defined(TARGET_SPARC)
68 #define TARGET_PHYS_ADDR_SPACE_BITS 36
69 #elif defined(TARGET_ALPHA)
70 #define TARGET_PHYS_ADDR_SPACE_BITS 42
71 #define TARGET_VIRT_ADDR_SPACE_BITS 42
72 #elif defined(TARGET_PPC64)
73 #define TARGET_PHYS_ADDR_SPACE_BITS 42
74 #elif defined(TARGET_X86_64) && !defined(CONFIG_KQEMU)
75 #define TARGET_PHYS_ADDR_SPACE_BITS 42
76 #elif defined(TARGET_I386) && !defined(CONFIG_KQEMU)
77 #define TARGET_PHYS_ADDR_SPACE_BITS 36
79 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
80 #define TARGET_PHYS_ADDR_SPACE_BITS 32
83 static TranslationBlock *tbs;
84 int code_gen_max_blocks;
85 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
87 /* any access to the tbs or the page table must use this lock */
88 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
90 #if defined(__arm__) || defined(__sparc_v9__)
91 /* The prologue must be reachable with a direct jump. ARM and Sparc64
92 have limited branch ranges (possibly also PPC) so place it in a
93 section close to code segment. */
94 #define code_gen_section \
95 __attribute__((__section__(".gen_code"))) \
96 __attribute__((aligned (32)))
98 #define code_gen_section \
99 __attribute__((aligned (32)))
102 uint8_t code_gen_prologue[1024] code_gen_section;
103 static uint8_t *code_gen_buffer;
104 static unsigned long code_gen_buffer_size;
105 /* threshold to flush the translated code buffer */
106 static unsigned long code_gen_buffer_max_size;
107 uint8_t *code_gen_ptr;
109 #if !defined(CONFIG_USER_ONLY)
111 uint8_t *phys_ram_dirty;
112 static int in_migration;
114 typedef struct RAMBlock {
118 struct RAMBlock *next;
121 static RAMBlock *ram_blocks;
122 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
123 then we can no longet assume contiguous ram offsets, and external uses
124 of this variable will break. */
125 ram_addr_t last_ram_offset;
129 /* current CPU in the current thread. It is only valid inside
131 CPUState *cpu_single_env;
132 /* 0 = Do not count executed instructions.
133 1 = Precise instruction counting.
134 2 = Adaptive rate instruction counting. */
136 /* Current instruction counter. While executing translated code this may
137 include some instructions that have not yet been executed. */
140 typedef struct PageDesc {
141 /* list of TBs intersecting this ram page */
142 TranslationBlock *first_tb;
143 /* in order to optimize self modifying code, we count the number
144 of lookups we do to a given page to use a bitmap */
145 unsigned int code_write_count;
146 uint8_t *code_bitmap;
147 #if defined(CONFIG_USER_ONLY)
152 typedef struct PhysPageDesc {
153 /* offset in host memory of the page + io_index in the low bits */
154 ram_addr_t phys_offset;
155 ram_addr_t region_offset;
159 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
160 /* XXX: this is a temporary hack for alpha target.
161 * In the future, this is to be replaced by a multi-level table
162 * to actually be able to handle the complete 64 bits address space.
164 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
166 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
169 #define L1_SIZE (1 << L1_BITS)
170 #define L2_SIZE (1 << L2_BITS)
172 unsigned long qemu_real_host_page_size;
173 unsigned long qemu_host_page_bits;
174 unsigned long qemu_host_page_size;
175 unsigned long qemu_host_page_mask;
177 /* XXX: for system emulation, it could just be an array */
178 static PageDesc *l1_map[L1_SIZE];
179 static PhysPageDesc **l1_phys_map;
181 #if !defined(CONFIG_USER_ONLY)
182 static void io_mem_init(void);
184 /* io memory support */
185 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
186 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
187 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
188 static char io_mem_used[IO_MEM_NB_ENTRIES];
189 static int io_mem_watch;
193 static const char *logfilename = "/tmp/qemu.log";
196 static int log_append = 0;
199 static int tlb_flush_count;
200 static int tb_flush_count;
201 static int tb_phys_invalidate_count;
203 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
204 typedef struct subpage_t {
205 target_phys_addr_t base;
206 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
207 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
208 void *opaque[TARGET_PAGE_SIZE][2][4];
209 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
213 static void map_exec(void *addr, long size)
216 VirtualProtect(addr, size,
217 PAGE_EXECUTE_READWRITE, &old_protect);
221 static void map_exec(void *addr, long size)
223 unsigned long start, end, page_size;
225 page_size = getpagesize();
226 start = (unsigned long)addr;
227 start &= ~(page_size - 1);
229 end = (unsigned long)addr + size;
230 end += page_size - 1;
231 end &= ~(page_size - 1);
233 mprotect((void *)start, end - start,
234 PROT_READ | PROT_WRITE | PROT_EXEC);
238 static void page_init(void)
240 /* NOTE: we can always suppose that qemu_host_page_size >=
244 SYSTEM_INFO system_info;
246 GetSystemInfo(&system_info);
247 qemu_real_host_page_size = system_info.dwPageSize;
250 qemu_real_host_page_size = getpagesize();
252 if (qemu_host_page_size == 0)
253 qemu_host_page_size = qemu_real_host_page_size;
254 if (qemu_host_page_size < TARGET_PAGE_SIZE)
255 qemu_host_page_size = TARGET_PAGE_SIZE;
256 qemu_host_page_bits = 0;
257 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
258 qemu_host_page_bits++;
259 qemu_host_page_mask = ~(qemu_host_page_size - 1);
260 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
261 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
263 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
265 long long startaddr, endaddr;
270 last_brk = (unsigned long)sbrk(0);
271 f = fopen("/proc/self/maps", "r");
274 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
276 startaddr = MIN(startaddr,
277 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
278 endaddr = MIN(endaddr,
279 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
280 page_set_flags(startaddr & TARGET_PAGE_MASK,
281 TARGET_PAGE_ALIGN(endaddr),
292 static inline PageDesc **page_l1_map(target_ulong index)
294 #if TARGET_LONG_BITS > 32
295 /* Host memory outside guest VM. For 32-bit targets we have already
296 excluded high addresses. */
297 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
300 return &l1_map[index >> L2_BITS];
303 static inline PageDesc *page_find_alloc(target_ulong index)
306 lp = page_l1_map(index);
312 /* allocate if not found */
313 #if defined(CONFIG_USER_ONLY)
314 size_t len = sizeof(PageDesc) * L2_SIZE;
315 /* Don't use qemu_malloc because it may recurse. */
316 p = mmap(0, len, PROT_READ | PROT_WRITE,
317 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
320 unsigned long addr = h2g(p);
321 page_set_flags(addr & TARGET_PAGE_MASK,
322 TARGET_PAGE_ALIGN(addr + len),
326 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
330 return p + (index & (L2_SIZE - 1));
333 static inline PageDesc *page_find(target_ulong index)
336 lp = page_l1_map(index);
343 return p + (index & (L2_SIZE - 1));
346 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
351 p = (void **)l1_phys_map;
352 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
354 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
355 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
357 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
360 /* allocate if not found */
363 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
364 memset(p, 0, sizeof(void *) * L1_SIZE);
368 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
372 /* allocate if not found */
375 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
377 for (i = 0; i < L2_SIZE; i++) {
378 pd[i].phys_offset = IO_MEM_UNASSIGNED;
379 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
382 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
385 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
387 return phys_page_find_alloc(index, 0);
390 #if !defined(CONFIG_USER_ONLY)
391 static void tlb_protect_code(ram_addr_t ram_addr);
392 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
394 #define mmap_lock() do { } while(0)
395 #define mmap_unlock() do { } while(0)
398 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
400 #if defined(CONFIG_USER_ONLY)
401 /* Currently it is not recommanded to allocate big chunks of data in
402 user mode. It will change when a dedicated libc will be used */
403 #define USE_STATIC_CODE_GEN_BUFFER
406 #ifdef USE_STATIC_CODE_GEN_BUFFER
407 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
410 static void code_gen_alloc(unsigned long tb_size)
412 #ifdef USE_STATIC_CODE_GEN_BUFFER
413 code_gen_buffer = static_code_gen_buffer;
414 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
415 map_exec(code_gen_buffer, code_gen_buffer_size);
417 code_gen_buffer_size = tb_size;
418 if (code_gen_buffer_size == 0) {
419 #if defined(CONFIG_USER_ONLY)
420 /* in user mode, phys_ram_size is not meaningful */
421 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
423 /* XXX: needs ajustments */
424 code_gen_buffer_size = (unsigned long)(ram_size / 4);
427 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
428 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
429 /* The code gen buffer location may have constraints depending on
430 the host cpu and OS */
431 #if defined(__linux__)
436 flags = MAP_PRIVATE | MAP_ANONYMOUS;
437 #if defined(__x86_64__)
439 /* Cannot map more than that */
440 if (code_gen_buffer_size > (800 * 1024 * 1024))
441 code_gen_buffer_size = (800 * 1024 * 1024);
442 #elif defined(__sparc_v9__)
443 // Map the buffer below 2G, so we can use direct calls and branches
445 start = (void *) 0x60000000UL;
446 if (code_gen_buffer_size > (512 * 1024 * 1024))
447 code_gen_buffer_size = (512 * 1024 * 1024);
448 #elif defined(__arm__)
449 /* Map the buffer below 32M, so we can use direct calls and branches */
451 start = (void *) 0x01000000UL;
452 if (code_gen_buffer_size > 16 * 1024 * 1024)
453 code_gen_buffer_size = 16 * 1024 * 1024;
455 code_gen_buffer = mmap(start, code_gen_buffer_size,
456 PROT_WRITE | PROT_READ | PROT_EXEC,
458 if (code_gen_buffer == MAP_FAILED) {
459 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
463 #elif defined(__FreeBSD__) || defined(__DragonFly__)
467 flags = MAP_PRIVATE | MAP_ANONYMOUS;
468 #if defined(__x86_64__)
469 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
470 * 0x40000000 is free */
472 addr = (void *)0x40000000;
473 /* Cannot map more than that */
474 if (code_gen_buffer_size > (800 * 1024 * 1024))
475 code_gen_buffer_size = (800 * 1024 * 1024);
477 code_gen_buffer = mmap(addr, code_gen_buffer_size,
478 PROT_WRITE | PROT_READ | PROT_EXEC,
480 if (code_gen_buffer == MAP_FAILED) {
481 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
486 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
487 map_exec(code_gen_buffer, code_gen_buffer_size);
489 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
490 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
491 code_gen_buffer_max_size = code_gen_buffer_size -
492 code_gen_max_block_size();
493 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
494 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
497 /* Must be called before using the QEMU cpus. 'tb_size' is the size
498 (in bytes) allocated to the translation buffer. Zero means default
500 void cpu_exec_init_all(unsigned long tb_size)
503 code_gen_alloc(tb_size);
504 code_gen_ptr = code_gen_buffer;
506 #if !defined(CONFIG_USER_ONLY)
511 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
513 #define CPU_COMMON_SAVE_VERSION 1
515 static void cpu_common_save(QEMUFile *f, void *opaque)
517 CPUState *env = opaque;
519 qemu_put_be32s(f, &env->halted);
520 qemu_put_be32s(f, &env->interrupt_request);
523 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
525 CPUState *env = opaque;
527 if (version_id != CPU_COMMON_SAVE_VERSION)
530 qemu_get_be32s(f, &env->halted);
531 qemu_get_be32s(f, &env->interrupt_request);
532 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
533 version_id is increased. */
534 env->interrupt_request &= ~0x01;
541 void cpu_exec_init(CPUState *env)
546 #if defined(CONFIG_USER_ONLY)
549 env->next_cpu = NULL;
552 while (*penv != NULL) {
553 penv = (CPUState **)&(*penv)->next_cpu;
556 env->cpu_index = cpu_index;
557 TAILQ_INIT(&env->breakpoints);
558 TAILQ_INIT(&env->watchpoints);
560 #if defined(CONFIG_USER_ONLY)
563 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
564 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
565 cpu_common_save, cpu_common_load, env);
566 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
567 cpu_save, cpu_load, env);
571 static inline void invalidate_page_bitmap(PageDesc *p)
573 if (p->code_bitmap) {
574 qemu_free(p->code_bitmap);
575 p->code_bitmap = NULL;
577 p->code_write_count = 0;
580 /* set to NULL all the 'first_tb' fields in all PageDescs */
581 static void page_flush_tb(void)
586 for(i = 0; i < L1_SIZE; i++) {
589 for(j = 0; j < L2_SIZE; j++) {
591 invalidate_page_bitmap(p);
598 /* flush all the translation blocks */
599 /* XXX: tb_flush is currently not thread safe */
600 void tb_flush(CPUState *env1)
603 #if defined(DEBUG_FLUSH)
604 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
605 (unsigned long)(code_gen_ptr - code_gen_buffer),
607 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
609 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
610 cpu_abort(env1, "Internal error: code buffer overflow\n");
614 for(env = first_cpu; env != NULL; env = env->next_cpu) {
615 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
618 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
621 code_gen_ptr = code_gen_buffer;
622 /* XXX: flush processor icache at this point if cache flush is
627 #ifdef DEBUG_TB_CHECK
629 static void tb_invalidate_check(target_ulong address)
631 TranslationBlock *tb;
633 address &= TARGET_PAGE_MASK;
634 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
635 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
636 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
637 address >= tb->pc + tb->size)) {
638 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
639 address, (long)tb->pc, tb->size);
645 /* verify that all the pages have correct rights for code */
646 static void tb_page_check(void)
648 TranslationBlock *tb;
649 int i, flags1, flags2;
651 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
652 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
653 flags1 = page_get_flags(tb->pc);
654 flags2 = page_get_flags(tb->pc + tb->size - 1);
655 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
656 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
657 (long)tb->pc, tb->size, flags1, flags2);
663 static void tb_jmp_check(TranslationBlock *tb)
665 TranslationBlock *tb1;
668 /* suppress any remaining jumps to this TB */
672 tb1 = (TranslationBlock *)((long)tb1 & ~3);
675 tb1 = tb1->jmp_next[n1];
677 /* check end of list */
679 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
685 /* invalidate one TB */
686 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
689 TranslationBlock *tb1;
693 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
696 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
700 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
702 TranslationBlock *tb1;
708 tb1 = (TranslationBlock *)((long)tb1 & ~3);
710 *ptb = tb1->page_next[n1];
713 ptb = &tb1->page_next[n1];
717 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
719 TranslationBlock *tb1, **ptb;
722 ptb = &tb->jmp_next[n];
725 /* find tb(n) in circular list */
729 tb1 = (TranslationBlock *)((long)tb1 & ~3);
730 if (n1 == n && tb1 == tb)
733 ptb = &tb1->jmp_first;
735 ptb = &tb1->jmp_next[n1];
738 /* now we can suppress tb(n) from the list */
739 *ptb = tb->jmp_next[n];
741 tb->jmp_next[n] = NULL;
745 /* reset the jump entry 'n' of a TB so that it is not chained to
747 static inline void tb_reset_jump(TranslationBlock *tb, int n)
749 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
752 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
757 target_phys_addr_t phys_pc;
758 TranslationBlock *tb1, *tb2;
760 /* remove the TB from the hash list */
761 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
762 h = tb_phys_hash_func(phys_pc);
763 tb_remove(&tb_phys_hash[h], tb,
764 offsetof(TranslationBlock, phys_hash_next));
766 /* remove the TB from the page list */
767 if (tb->page_addr[0] != page_addr) {
768 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
769 tb_page_remove(&p->first_tb, tb);
770 invalidate_page_bitmap(p);
772 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
773 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
774 tb_page_remove(&p->first_tb, tb);
775 invalidate_page_bitmap(p);
778 tb_invalidated_flag = 1;
780 /* remove the TB from the hash list */
781 h = tb_jmp_cache_hash_func(tb->pc);
782 for(env = first_cpu; env != NULL; env = env->next_cpu) {
783 if (env->tb_jmp_cache[h] == tb)
784 env->tb_jmp_cache[h] = NULL;
787 /* suppress this TB from the two jump lists */
788 tb_jmp_remove(tb, 0);
789 tb_jmp_remove(tb, 1);
791 /* suppress any remaining jumps to this TB */
797 tb1 = (TranslationBlock *)((long)tb1 & ~3);
798 tb2 = tb1->jmp_next[n1];
799 tb_reset_jump(tb1, n1);
800 tb1->jmp_next[n1] = NULL;
803 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
805 tb_phys_invalidate_count++;
808 static inline void set_bits(uint8_t *tab, int start, int len)
814 mask = 0xff << (start & 7);
815 if ((start & ~7) == (end & ~7)) {
817 mask &= ~(0xff << (end & 7));
822 start = (start + 8) & ~7;
824 while (start < end1) {
829 mask = ~(0xff << (end & 7));
835 static void build_page_bitmap(PageDesc *p)
837 int n, tb_start, tb_end;
838 TranslationBlock *tb;
840 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
845 tb = (TranslationBlock *)((long)tb & ~3);
846 /* NOTE: this is subtle as a TB may span two physical pages */
848 /* NOTE: tb_end may be after the end of the page, but
849 it is not a problem */
850 tb_start = tb->pc & ~TARGET_PAGE_MASK;
851 tb_end = tb_start + tb->size;
852 if (tb_end > TARGET_PAGE_SIZE)
853 tb_end = TARGET_PAGE_SIZE;
856 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
858 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
859 tb = tb->page_next[n];
863 TranslationBlock *tb_gen_code(CPUState *env,
864 target_ulong pc, target_ulong cs_base,
865 int flags, int cflags)
867 TranslationBlock *tb;
869 target_ulong phys_pc, phys_page2, virt_page2;
872 phys_pc = get_phys_addr_code(env, pc);
875 /* flush must be done */
877 /* cannot fail at this point */
879 /* Don't forget to invalidate previous TB info. */
880 tb_invalidated_flag = 1;
882 tc_ptr = code_gen_ptr;
884 tb->cs_base = cs_base;
887 cpu_gen_code(env, tb, &code_gen_size);
888 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
890 /* check next page if needed */
891 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
893 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
894 phys_page2 = get_phys_addr_code(env, virt_page2);
896 tb_link_phys(tb, phys_pc, phys_page2);
900 /* invalidate all TBs which intersect with the target physical page
901 starting in range [start;end[. NOTE: start and end must refer to
902 the same physical page. 'is_cpu_write_access' should be true if called
903 from a real cpu write access: the virtual CPU will exit the current
904 TB if code is modified inside this TB. */
905 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
906 int is_cpu_write_access)
908 TranslationBlock *tb, *tb_next, *saved_tb;
909 CPUState *env = cpu_single_env;
910 target_ulong tb_start, tb_end;
913 #ifdef TARGET_HAS_PRECISE_SMC
914 int current_tb_not_found = is_cpu_write_access;
915 TranslationBlock *current_tb = NULL;
916 int current_tb_modified = 0;
917 target_ulong current_pc = 0;
918 target_ulong current_cs_base = 0;
919 int current_flags = 0;
920 #endif /* TARGET_HAS_PRECISE_SMC */
922 p = page_find(start >> TARGET_PAGE_BITS);
925 if (!p->code_bitmap &&
926 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
927 is_cpu_write_access) {
928 /* build code bitmap */
929 build_page_bitmap(p);
932 /* we remove all the TBs in the range [start, end[ */
933 /* XXX: see if in some cases it could be faster to invalidate all the code */
937 tb = (TranslationBlock *)((long)tb & ~3);
938 tb_next = tb->page_next[n];
939 /* NOTE: this is subtle as a TB may span two physical pages */
941 /* NOTE: tb_end may be after the end of the page, but
942 it is not a problem */
943 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
944 tb_end = tb_start + tb->size;
946 tb_start = tb->page_addr[1];
947 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
949 if (!(tb_end <= start || tb_start >= end)) {
950 #ifdef TARGET_HAS_PRECISE_SMC
951 if (current_tb_not_found) {
952 current_tb_not_found = 0;
954 if (env->mem_io_pc) {
955 /* now we have a real cpu fault */
956 current_tb = tb_find_pc(env->mem_io_pc);
959 if (current_tb == tb &&
960 (current_tb->cflags & CF_COUNT_MASK) != 1) {
961 /* If we are modifying the current TB, we must stop
962 its execution. We could be more precise by checking
963 that the modification is after the current PC, but it
964 would require a specialized function to partially
965 restore the CPU state */
967 current_tb_modified = 1;
968 cpu_restore_state(current_tb, env,
969 env->mem_io_pc, NULL);
970 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
973 #endif /* TARGET_HAS_PRECISE_SMC */
974 /* we need to do that to handle the case where a signal
975 occurs while doing tb_phys_invalidate() */
978 saved_tb = env->current_tb;
979 env->current_tb = NULL;
981 tb_phys_invalidate(tb, -1);
983 env->current_tb = saved_tb;
984 if (env->interrupt_request && env->current_tb)
985 cpu_interrupt(env, env->interrupt_request);
990 #if !defined(CONFIG_USER_ONLY)
991 /* if no code remaining, no need to continue to use slow writes */
993 invalidate_page_bitmap(p);
994 if (is_cpu_write_access) {
995 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
999 #ifdef TARGET_HAS_PRECISE_SMC
1000 if (current_tb_modified) {
1001 /* we generate a block containing just the instruction
1002 modifying the memory. It will ensure that it cannot modify
1004 env->current_tb = NULL;
1005 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1006 cpu_resume_from_signal(env, NULL);
1011 /* len must be <= 8 and start must be a multiple of len */
1012 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1018 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1019 cpu_single_env->mem_io_vaddr, len,
1020 cpu_single_env->eip,
1021 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1024 p = page_find(start >> TARGET_PAGE_BITS);
1027 if (p->code_bitmap) {
1028 offset = start & ~TARGET_PAGE_MASK;
1029 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1030 if (b & ((1 << len) - 1))
1034 tb_invalidate_phys_page_range(start, start + len, 1);
1038 #if !defined(CONFIG_SOFTMMU)
1039 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1040 unsigned long pc, void *puc)
1042 TranslationBlock *tb;
1045 #ifdef TARGET_HAS_PRECISE_SMC
1046 TranslationBlock *current_tb = NULL;
1047 CPUState *env = cpu_single_env;
1048 int current_tb_modified = 0;
1049 target_ulong current_pc = 0;
1050 target_ulong current_cs_base = 0;
1051 int current_flags = 0;
1054 addr &= TARGET_PAGE_MASK;
1055 p = page_find(addr >> TARGET_PAGE_BITS);
1059 #ifdef TARGET_HAS_PRECISE_SMC
1060 if (tb && pc != 0) {
1061 current_tb = tb_find_pc(pc);
1064 while (tb != NULL) {
1066 tb = (TranslationBlock *)((long)tb & ~3);
1067 #ifdef TARGET_HAS_PRECISE_SMC
1068 if (current_tb == tb &&
1069 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1070 /* If we are modifying the current TB, we must stop
1071 its execution. We could be more precise by checking
1072 that the modification is after the current PC, but it
1073 would require a specialized function to partially
1074 restore the CPU state */
1076 current_tb_modified = 1;
1077 cpu_restore_state(current_tb, env, pc, puc);
1078 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1081 #endif /* TARGET_HAS_PRECISE_SMC */
1082 tb_phys_invalidate(tb, addr);
1083 tb = tb->page_next[n];
1086 #ifdef TARGET_HAS_PRECISE_SMC
1087 if (current_tb_modified) {
1088 /* we generate a block containing just the instruction
1089 modifying the memory. It will ensure that it cannot modify
1091 env->current_tb = NULL;
1092 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1093 cpu_resume_from_signal(env, puc);
1099 /* add the tb in the target page and protect it if necessary */
1100 static inline void tb_alloc_page(TranslationBlock *tb,
1101 unsigned int n, target_ulong page_addr)
1104 TranslationBlock *last_first_tb;
1106 tb->page_addr[n] = page_addr;
1107 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1108 tb->page_next[n] = p->first_tb;
1109 last_first_tb = p->first_tb;
1110 p->first_tb = (TranslationBlock *)((long)tb | n);
1111 invalidate_page_bitmap(p);
1113 #if defined(TARGET_HAS_SMC) || 1
1115 #if defined(CONFIG_USER_ONLY)
1116 if (p->flags & PAGE_WRITE) {
1121 /* force the host page as non writable (writes will have a
1122 page fault + mprotect overhead) */
1123 page_addr &= qemu_host_page_mask;
1125 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1126 addr += TARGET_PAGE_SIZE) {
1128 p2 = page_find (addr >> TARGET_PAGE_BITS);
1132 p2->flags &= ~PAGE_WRITE;
1133 page_get_flags(addr);
1135 mprotect(g2h(page_addr), qemu_host_page_size,
1136 (prot & PAGE_BITS) & ~PAGE_WRITE);
1137 #ifdef DEBUG_TB_INVALIDATE
1138 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1143 /* if some code is already present, then the pages are already
1144 protected. So we handle the case where only the first TB is
1145 allocated in a physical page */
1146 if (!last_first_tb) {
1147 tlb_protect_code(page_addr);
1151 #endif /* TARGET_HAS_SMC */
1154 /* Allocate a new translation block. Flush the translation buffer if
1155 too many translation blocks or too much generated code. */
1156 TranslationBlock *tb_alloc(target_ulong pc)
1158 TranslationBlock *tb;
1160 if (nb_tbs >= code_gen_max_blocks ||
1161 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1163 tb = &tbs[nb_tbs++];
1169 void tb_free(TranslationBlock *tb)
1171 /* In practice this is mostly used for single use temporary TB
1172 Ignore the hard cases and just back up if this TB happens to
1173 be the last one generated. */
1174 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1175 code_gen_ptr = tb->tc_ptr;
1180 /* add a new TB and link it to the physical page tables. phys_page2 is
1181 (-1) to indicate that only one page contains the TB. */
1182 void tb_link_phys(TranslationBlock *tb,
1183 target_ulong phys_pc, target_ulong phys_page2)
1186 TranslationBlock **ptb;
1188 /* Grab the mmap lock to stop another thread invalidating this TB
1189 before we are done. */
1191 /* add in the physical hash table */
1192 h = tb_phys_hash_func(phys_pc);
1193 ptb = &tb_phys_hash[h];
1194 tb->phys_hash_next = *ptb;
1197 /* add in the page list */
1198 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1199 if (phys_page2 != -1)
1200 tb_alloc_page(tb, 1, phys_page2);
1202 tb->page_addr[1] = -1;
1204 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1205 tb->jmp_next[0] = NULL;
1206 tb->jmp_next[1] = NULL;
1208 /* init original jump addresses */
1209 if (tb->tb_next_offset[0] != 0xffff)
1210 tb_reset_jump(tb, 0);
1211 if (tb->tb_next_offset[1] != 0xffff)
1212 tb_reset_jump(tb, 1);
1214 #ifdef DEBUG_TB_CHECK
1220 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1221 tb[1].tc_ptr. Return NULL if not found */
1222 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1224 int m_min, m_max, m;
1226 TranslationBlock *tb;
1230 if (tc_ptr < (unsigned long)code_gen_buffer ||
1231 tc_ptr >= (unsigned long)code_gen_ptr)
1233 /* binary search (cf Knuth) */
1236 while (m_min <= m_max) {
1237 m = (m_min + m_max) >> 1;
1239 v = (unsigned long)tb->tc_ptr;
1242 else if (tc_ptr < v) {
1251 static void tb_reset_jump_recursive(TranslationBlock *tb);
1253 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1255 TranslationBlock *tb1, *tb_next, **ptb;
1258 tb1 = tb->jmp_next[n];
1260 /* find head of list */
1263 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1266 tb1 = tb1->jmp_next[n1];
1268 /* we are now sure now that tb jumps to tb1 */
1271 /* remove tb from the jmp_first list */
1272 ptb = &tb_next->jmp_first;
1276 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1277 if (n1 == n && tb1 == tb)
1279 ptb = &tb1->jmp_next[n1];
1281 *ptb = tb->jmp_next[n];
1282 tb->jmp_next[n] = NULL;
1284 /* suppress the jump to next tb in generated code */
1285 tb_reset_jump(tb, n);
1287 /* suppress jumps in the tb on which we could have jumped */
1288 tb_reset_jump_recursive(tb_next);
1292 static void tb_reset_jump_recursive(TranslationBlock *tb)
1294 tb_reset_jump_recursive2(tb, 0);
1295 tb_reset_jump_recursive2(tb, 1);
1298 #if defined(TARGET_HAS_ICE)
1299 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1301 target_phys_addr_t addr;
1303 ram_addr_t ram_addr;
1306 addr = cpu_get_phys_page_debug(env, pc);
1307 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1309 pd = IO_MEM_UNASSIGNED;
1311 pd = p->phys_offset;
1313 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1314 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1318 /* Add a watchpoint. */
1319 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1320 int flags, CPUWatchpoint **watchpoint)
1322 target_ulong len_mask = ~(len - 1);
1325 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1326 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1327 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1328 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1331 wp = qemu_malloc(sizeof(*wp));
1334 wp->len_mask = len_mask;
1337 /* keep all GDB-injected watchpoints in front */
1339 TAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1341 TAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1343 tlb_flush_page(env, addr);
1350 /* Remove a specific watchpoint. */
1351 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1354 target_ulong len_mask = ~(len - 1);
1357 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1358 if (addr == wp->vaddr && len_mask == wp->len_mask
1359 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1360 cpu_watchpoint_remove_by_ref(env, wp);
1367 /* Remove a specific watchpoint by reference. */
1368 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1370 TAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1372 tlb_flush_page(env, watchpoint->vaddr);
1374 qemu_free(watchpoint);
1377 /* Remove all matching watchpoints. */
1378 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1380 CPUWatchpoint *wp, *next;
1382 TAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1383 if (wp->flags & mask)
1384 cpu_watchpoint_remove_by_ref(env, wp);
1388 /* Add a breakpoint. */
1389 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1390 CPUBreakpoint **breakpoint)
1392 #if defined(TARGET_HAS_ICE)
1395 bp = qemu_malloc(sizeof(*bp));
1400 /* keep all GDB-injected breakpoints in front */
1402 TAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1404 TAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1406 breakpoint_invalidate(env, pc);
1416 /* Remove a specific breakpoint. */
1417 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1419 #if defined(TARGET_HAS_ICE)
1422 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1423 if (bp->pc == pc && bp->flags == flags) {
1424 cpu_breakpoint_remove_by_ref(env, bp);
1434 /* Remove a specific breakpoint by reference. */
1435 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1437 #if defined(TARGET_HAS_ICE)
1438 TAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1440 breakpoint_invalidate(env, breakpoint->pc);
1442 qemu_free(breakpoint);
1446 /* Remove all matching breakpoints. */
1447 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1449 #if defined(TARGET_HAS_ICE)
1450 CPUBreakpoint *bp, *next;
1452 TAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1453 if (bp->flags & mask)
1454 cpu_breakpoint_remove_by_ref(env, bp);
1459 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1460 CPU loop after each instruction */
1461 void cpu_single_step(CPUState *env, int enabled)
1463 #if defined(TARGET_HAS_ICE)
1464 if (env->singlestep_enabled != enabled) {
1465 env->singlestep_enabled = enabled;
1467 kvm_update_guest_debug(env, 0);
1469 /* must flush all the translated code to avoid inconsistancies */
1470 /* XXX: only flush what is necessary */
1477 /* enable or disable low levels log */
1478 void cpu_set_log(int log_flags)
1480 loglevel = log_flags;
1481 if (loglevel && !logfile) {
1482 logfile = fopen(logfilename, log_append ? "a" : "w");
1484 perror(logfilename);
1487 #if !defined(CONFIG_SOFTMMU)
1488 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1490 static char logfile_buf[4096];
1491 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1494 setvbuf(logfile, NULL, _IOLBF, 0);
1498 if (!loglevel && logfile) {
1504 void cpu_set_log_filename(const char *filename)
1506 logfilename = strdup(filename);
1511 cpu_set_log(loglevel);
1514 static void cpu_unlink_tb(CPUState *env)
1516 #if defined(USE_NPTL)
1517 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1518 problem and hope the cpu will stop of its own accord. For userspace
1519 emulation this often isn't actually as bad as it sounds. Often
1520 signals are used primarily to interrupt blocking syscalls. */
1522 TranslationBlock *tb;
1523 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1525 tb = env->current_tb;
1526 /* if the cpu is currently executing code, we must unlink it and
1527 all the potentially executing TB */
1528 if (tb && !testandset(&interrupt_lock)) {
1529 env->current_tb = NULL;
1530 tb_reset_jump_recursive(tb);
1531 resetlock(&interrupt_lock);
1536 /* mask must never be zero, except for A20 change call */
1537 void cpu_interrupt(CPUState *env, int mask)
1541 old_mask = env->interrupt_request;
1542 env->interrupt_request |= mask;
1545 env->icount_decr.u16.high = 0xffff;
1546 #ifndef CONFIG_USER_ONLY
1548 && (mask & ~old_mask) != 0) {
1549 cpu_abort(env, "Raised interrupt while not in I/O function");
1557 void cpu_reset_interrupt(CPUState *env, int mask)
1559 env->interrupt_request &= ~mask;
1562 void cpu_exit(CPUState *env)
1564 env->exit_request = 1;
1568 const CPULogItem cpu_log_items[] = {
1569 { CPU_LOG_TB_OUT_ASM, "out_asm",
1570 "show generated host assembly code for each compiled TB" },
1571 { CPU_LOG_TB_IN_ASM, "in_asm",
1572 "show target assembly code for each compiled TB" },
1573 { CPU_LOG_TB_OP, "op",
1574 "show micro ops for each compiled TB" },
1575 { CPU_LOG_TB_OP_OPT, "op_opt",
1578 "before eflags optimization and "
1580 "after liveness analysis" },
1581 { CPU_LOG_INT, "int",
1582 "show interrupts/exceptions in short format" },
1583 { CPU_LOG_EXEC, "exec",
1584 "show trace before each executed TB (lots of logs)" },
1585 { CPU_LOG_TB_CPU, "cpu",
1586 "show CPU state before block translation" },
1588 { CPU_LOG_PCALL, "pcall",
1589 "show protected mode far calls/returns/exceptions" },
1590 { CPU_LOG_RESET, "cpu_reset",
1591 "show CPU state before CPU resets" },
1594 { CPU_LOG_IOPORT, "ioport",
1595 "show all i/o ports accesses" },
1600 static int cmp1(const char *s1, int n, const char *s2)
1602 if (strlen(s2) != n)
1604 return memcmp(s1, s2, n) == 0;
1607 /* takes a comma separated list of log masks. Return 0 if error. */
1608 int cpu_str_to_log_mask(const char *str)
1610 const CPULogItem *item;
1617 p1 = strchr(p, ',');
1620 if(cmp1(p,p1-p,"all")) {
1621 for(item = cpu_log_items; item->mask != 0; item++) {
1625 for(item = cpu_log_items; item->mask != 0; item++) {
1626 if (cmp1(p, p1 - p, item->name))
1640 void cpu_abort(CPUState *env, const char *fmt, ...)
1647 fprintf(stderr, "qemu: fatal: ");
1648 vfprintf(stderr, fmt, ap);
1649 fprintf(stderr, "\n");
1651 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1653 cpu_dump_state(env, stderr, fprintf, 0);
1655 if (qemu_log_enabled()) {
1656 qemu_log("qemu: fatal: ");
1657 qemu_log_vprintf(fmt, ap2);
1660 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1662 log_cpu_state(env, 0);
1672 CPUState *cpu_copy(CPUState *env)
1674 CPUState *new_env = cpu_init(env->cpu_model_str);
1675 CPUState *next_cpu = new_env->next_cpu;
1676 int cpu_index = new_env->cpu_index;
1677 #if defined(TARGET_HAS_ICE)
1682 memcpy(new_env, env, sizeof(CPUState));
1684 /* Preserve chaining and index. */
1685 new_env->next_cpu = next_cpu;
1686 new_env->cpu_index = cpu_index;
1688 /* Clone all break/watchpoints.
1689 Note: Once we support ptrace with hw-debug register access, make sure
1690 BP_CPU break/watchpoints are handled correctly on clone. */
1691 TAILQ_INIT(&env->breakpoints);
1692 TAILQ_INIT(&env->watchpoints);
1693 #if defined(TARGET_HAS_ICE)
1694 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1695 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1697 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1698 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1706 #if !defined(CONFIG_USER_ONLY)
1708 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1712 /* Discard jump cache entries for any tb which might potentially
1713 overlap the flushed page. */
1714 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1715 memset (&env->tb_jmp_cache[i], 0,
1716 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1718 i = tb_jmp_cache_hash_page(addr);
1719 memset (&env->tb_jmp_cache[i], 0,
1720 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1723 /* NOTE: if flush_global is true, also flush global entries (not
1725 void tlb_flush(CPUState *env, int flush_global)
1729 #if defined(DEBUG_TLB)
1730 printf("tlb_flush:\n");
1732 /* must reset current TB so that interrupts cannot modify the
1733 links while we are modifying them */
1734 env->current_tb = NULL;
1736 for(i = 0; i < CPU_TLB_SIZE; i++) {
1737 env->tlb_table[0][i].addr_read = -1;
1738 env->tlb_table[0][i].addr_write = -1;
1739 env->tlb_table[0][i].addr_code = -1;
1740 env->tlb_table[1][i].addr_read = -1;
1741 env->tlb_table[1][i].addr_write = -1;
1742 env->tlb_table[1][i].addr_code = -1;
1743 #if (NB_MMU_MODES >= 3)
1744 env->tlb_table[2][i].addr_read = -1;
1745 env->tlb_table[2][i].addr_write = -1;
1746 env->tlb_table[2][i].addr_code = -1;
1748 #if (NB_MMU_MODES >= 4)
1749 env->tlb_table[3][i].addr_read = -1;
1750 env->tlb_table[3][i].addr_write = -1;
1751 env->tlb_table[3][i].addr_code = -1;
1753 #if (NB_MMU_MODES >= 5)
1754 env->tlb_table[4][i].addr_read = -1;
1755 env->tlb_table[4][i].addr_write = -1;
1756 env->tlb_table[4][i].addr_code = -1;
1761 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1764 if (env->kqemu_enabled) {
1765 kqemu_flush(env, flush_global);
1771 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1773 if (addr == (tlb_entry->addr_read &
1774 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1775 addr == (tlb_entry->addr_write &
1776 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1777 addr == (tlb_entry->addr_code &
1778 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1779 tlb_entry->addr_read = -1;
1780 tlb_entry->addr_write = -1;
1781 tlb_entry->addr_code = -1;
1785 void tlb_flush_page(CPUState *env, target_ulong addr)
1789 #if defined(DEBUG_TLB)
1790 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1792 /* must reset current TB so that interrupts cannot modify the
1793 links while we are modifying them */
1794 env->current_tb = NULL;
1796 addr &= TARGET_PAGE_MASK;
1797 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1798 tlb_flush_entry(&env->tlb_table[0][i], addr);
1799 tlb_flush_entry(&env->tlb_table[1][i], addr);
1800 #if (NB_MMU_MODES >= 3)
1801 tlb_flush_entry(&env->tlb_table[2][i], addr);
1803 #if (NB_MMU_MODES >= 4)
1804 tlb_flush_entry(&env->tlb_table[3][i], addr);
1806 #if (NB_MMU_MODES >= 5)
1807 tlb_flush_entry(&env->tlb_table[4][i], addr);
1810 tlb_flush_jmp_cache(env, addr);
1813 if (env->kqemu_enabled) {
1814 kqemu_flush_page(env, addr);
1819 /* update the TLBs so that writes to code in the virtual page 'addr'
1821 static void tlb_protect_code(ram_addr_t ram_addr)
1823 cpu_physical_memory_reset_dirty(ram_addr,
1824 ram_addr + TARGET_PAGE_SIZE,
1828 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1829 tested for self modifying code */
1830 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1833 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1836 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1837 unsigned long start, unsigned long length)
1840 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1841 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1842 if ((addr - start) < length) {
1843 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1848 /* Note: start and end must be within the same ram block. */
1849 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1853 unsigned long length, start1;
1857 start &= TARGET_PAGE_MASK;
1858 end = TARGET_PAGE_ALIGN(end);
1860 length = end - start;
1863 len = length >> TARGET_PAGE_BITS;
1865 /* XXX: should not depend on cpu context */
1867 if (env->kqemu_enabled) {
1870 for(i = 0; i < len; i++) {
1871 kqemu_set_notdirty(env, addr);
1872 addr += TARGET_PAGE_SIZE;
1876 mask = ~dirty_flags;
1877 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1878 for(i = 0; i < len; i++)
1881 /* we modify the TLB cache so that the dirty bit will be set again
1882 when accessing the range */
1883 start1 = (unsigned long)qemu_get_ram_ptr(start);
1884 /* Chek that we don't span multiple blocks - this breaks the
1885 address comparisons below. */
1886 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
1887 != (end - 1) - start) {
1891 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1892 for(i = 0; i < CPU_TLB_SIZE; i++)
1893 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1894 for(i = 0; i < CPU_TLB_SIZE; i++)
1895 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1896 #if (NB_MMU_MODES >= 3)
1897 for(i = 0; i < CPU_TLB_SIZE; i++)
1898 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1900 #if (NB_MMU_MODES >= 4)
1901 for(i = 0; i < CPU_TLB_SIZE; i++)
1902 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1904 #if (NB_MMU_MODES >= 5)
1905 for(i = 0; i < CPU_TLB_SIZE; i++)
1906 tlb_reset_dirty_range(&env->tlb_table[4][i], start1, length);
1911 int cpu_physical_memory_set_dirty_tracking(int enable)
1913 in_migration = enable;
1917 int cpu_physical_memory_get_dirty_tracking(void)
1919 return in_migration;
1922 void cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr, target_phys_addr_t end_addr)
1925 kvm_physical_sync_dirty_bitmap(start_addr, end_addr);
1928 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1930 ram_addr_t ram_addr;
1933 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1934 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
1935 + tlb_entry->addend);
1936 ram_addr = qemu_ram_addr_from_host(p);
1937 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1938 tlb_entry->addr_write |= TLB_NOTDIRTY;
1943 /* update the TLB according to the current state of the dirty bits */
1944 void cpu_tlb_update_dirty(CPUState *env)
1947 for(i = 0; i < CPU_TLB_SIZE; i++)
1948 tlb_update_dirty(&env->tlb_table[0][i]);
1949 for(i = 0; i < CPU_TLB_SIZE; i++)
1950 tlb_update_dirty(&env->tlb_table[1][i]);
1951 #if (NB_MMU_MODES >= 3)
1952 for(i = 0; i < CPU_TLB_SIZE; i++)
1953 tlb_update_dirty(&env->tlb_table[2][i]);
1955 #if (NB_MMU_MODES >= 4)
1956 for(i = 0; i < CPU_TLB_SIZE; i++)
1957 tlb_update_dirty(&env->tlb_table[3][i]);
1959 #if (NB_MMU_MODES >= 5)
1960 for(i = 0; i < CPU_TLB_SIZE; i++)
1961 tlb_update_dirty(&env->tlb_table[4][i]);
1965 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1967 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1968 tlb_entry->addr_write = vaddr;
1971 /* update the TLB corresponding to virtual page vaddr
1972 so that it is no longer dirty */
1973 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1977 vaddr &= TARGET_PAGE_MASK;
1978 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1979 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1980 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1981 #if (NB_MMU_MODES >= 3)
1982 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1984 #if (NB_MMU_MODES >= 4)
1985 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1987 #if (NB_MMU_MODES >= 5)
1988 tlb_set_dirty1(&env->tlb_table[4][i], vaddr);
1992 /* add a new TLB entry. At most one entry for a given virtual address
1993 is permitted. Return 0 if OK or 2 if the page could not be mapped
1994 (can only happen in non SOFTMMU mode for I/O pages or pages
1995 conflicting with the host address space). */
1996 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1997 target_phys_addr_t paddr, int prot,
1998 int mmu_idx, int is_softmmu)
2003 target_ulong address;
2004 target_ulong code_address;
2005 target_phys_addr_t addend;
2009 target_phys_addr_t iotlb;
2011 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2013 pd = IO_MEM_UNASSIGNED;
2015 pd = p->phys_offset;
2017 #if defined(DEBUG_TLB)
2018 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2019 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2024 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2025 /* IO memory case (romd handled later) */
2026 address |= TLB_MMIO;
2028 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2029 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2031 iotlb = pd & TARGET_PAGE_MASK;
2032 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2033 iotlb |= IO_MEM_NOTDIRTY;
2035 iotlb |= IO_MEM_ROM;
2037 /* IO handlers are currently passed a phsical address.
2038 It would be nice to pass an offset from the base address
2039 of that region. This would avoid having to special case RAM,
2040 and avoid full address decoding in every device.
2041 We can't use the high bits of pd for this because
2042 IO_MEM_ROMD uses these as a ram address. */
2043 iotlb = (pd & ~TARGET_PAGE_MASK);
2045 iotlb += p->region_offset;
2051 code_address = address;
2052 /* Make accesses to pages with watchpoints go via the
2053 watchpoint trap routines. */
2054 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2055 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2056 iotlb = io_mem_watch + paddr;
2057 /* TODO: The memory case can be optimized by not trapping
2058 reads of pages with a write breakpoint. */
2059 address |= TLB_MMIO;
2063 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2064 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2065 te = &env->tlb_table[mmu_idx][index];
2066 te->addend = addend - vaddr;
2067 if (prot & PAGE_READ) {
2068 te->addr_read = address;
2073 if (prot & PAGE_EXEC) {
2074 te->addr_code = code_address;
2078 if (prot & PAGE_WRITE) {
2079 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2080 (pd & IO_MEM_ROMD)) {
2081 /* Write access calls the I/O callback. */
2082 te->addr_write = address | TLB_MMIO;
2083 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2084 !cpu_physical_memory_is_dirty(pd)) {
2085 te->addr_write = address | TLB_NOTDIRTY;
2087 te->addr_write = address;
2090 te->addr_write = -1;
2097 void tlb_flush(CPUState *env, int flush_global)
2101 void tlb_flush_page(CPUState *env, target_ulong addr)
2105 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2106 target_phys_addr_t paddr, int prot,
2107 int mmu_idx, int is_softmmu)
2113 * Walks guest process memory "regions" one by one
2114 * and calls callback function 'fn' for each region.
2116 int walk_memory_regions(void *priv,
2117 int (*fn)(void *, unsigned long, unsigned long, unsigned long))
2119 unsigned long start, end;
2121 int i, j, prot, prot1;
2127 for (i = 0; i <= L1_SIZE; i++) {
2128 p = (i < L1_SIZE) ? l1_map[i] : NULL;
2129 for (j = 0; j < L2_SIZE; j++) {
2130 prot1 = (p == NULL) ? 0 : p[j].flags;
2132 * "region" is one continuous chunk of memory
2133 * that has same protection flags set.
2135 if (prot1 != prot) {
2136 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2138 rc = (*fn)(priv, start, end, prot);
2139 /* callback can stop iteration by returning != 0 */
2156 static int dump_region(void *priv, unsigned long start,
2157 unsigned long end, unsigned long prot)
2159 FILE *f = (FILE *)priv;
2161 (void) fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2162 start, end, end - start,
2163 ((prot & PAGE_READ) ? 'r' : '-'),
2164 ((prot & PAGE_WRITE) ? 'w' : '-'),
2165 ((prot & PAGE_EXEC) ? 'x' : '-'));
2170 /* dump memory mappings */
2171 void page_dump(FILE *f)
2173 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2174 "start", "end", "size", "prot");
2175 walk_memory_regions(f, dump_region);
2178 int page_get_flags(target_ulong address)
2182 p = page_find(address >> TARGET_PAGE_BITS);
2188 /* modify the flags of a page and invalidate the code if
2189 necessary. The flag PAGE_WRITE_ORG is positionned automatically
2190 depending on PAGE_WRITE */
2191 void page_set_flags(target_ulong start, target_ulong end, int flags)
2196 /* mmap_lock should already be held. */
2197 start = start & TARGET_PAGE_MASK;
2198 end = TARGET_PAGE_ALIGN(end);
2199 if (flags & PAGE_WRITE)
2200 flags |= PAGE_WRITE_ORG;
2201 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2202 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2203 /* We may be called for host regions that are outside guest
2207 /* if the write protection is set, then we invalidate the code
2209 if (!(p->flags & PAGE_WRITE) &&
2210 (flags & PAGE_WRITE) &&
2212 tb_invalidate_phys_page(addr, 0, NULL);
2218 int page_check_range(target_ulong start, target_ulong len, int flags)
2224 if (start + len < start)
2225 /* we've wrapped around */
2228 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2229 start = start & TARGET_PAGE_MASK;
2231 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2232 p = page_find(addr >> TARGET_PAGE_BITS);
2235 if( !(p->flags & PAGE_VALID) )
2238 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2240 if (flags & PAGE_WRITE) {
2241 if (!(p->flags & PAGE_WRITE_ORG))
2243 /* unprotect the page if it was put read-only because it
2244 contains translated code */
2245 if (!(p->flags & PAGE_WRITE)) {
2246 if (!page_unprotect(addr, 0, NULL))
2255 /* called from signal handler: invalidate the code and unprotect the
2256 page. Return TRUE if the fault was succesfully handled. */
2257 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2259 unsigned int page_index, prot, pindex;
2261 target_ulong host_start, host_end, addr;
2263 /* Technically this isn't safe inside a signal handler. However we
2264 know this only ever happens in a synchronous SEGV handler, so in
2265 practice it seems to be ok. */
2268 host_start = address & qemu_host_page_mask;
2269 page_index = host_start >> TARGET_PAGE_BITS;
2270 p1 = page_find(page_index);
2275 host_end = host_start + qemu_host_page_size;
2278 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2282 /* if the page was really writable, then we change its
2283 protection back to writable */
2284 if (prot & PAGE_WRITE_ORG) {
2285 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2286 if (!(p1[pindex].flags & PAGE_WRITE)) {
2287 mprotect((void *)g2h(host_start), qemu_host_page_size,
2288 (prot & PAGE_BITS) | PAGE_WRITE);
2289 p1[pindex].flags |= PAGE_WRITE;
2290 /* and since the content will be modified, we must invalidate
2291 the corresponding translated code. */
2292 tb_invalidate_phys_page(address, pc, puc);
2293 #ifdef DEBUG_TB_CHECK
2294 tb_invalidate_check(address);
2304 static inline void tlb_set_dirty(CPUState *env,
2305 unsigned long addr, target_ulong vaddr)
2308 #endif /* defined(CONFIG_USER_ONLY) */
2310 #if !defined(CONFIG_USER_ONLY)
2312 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2313 ram_addr_t memory, ram_addr_t region_offset);
2314 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2315 ram_addr_t orig_memory, ram_addr_t region_offset);
2316 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2319 if (addr > start_addr) \
2322 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2323 if (start_addr2 > 0) \
2327 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2328 end_addr2 = TARGET_PAGE_SIZE - 1; \
2330 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2331 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2336 /* register physical memory. 'size' must be a multiple of the target
2337 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2338 io memory page. The address used when calling the IO function is
2339 the offset from the start of the region, plus region_offset. Both
2340 start_region and regon_offset are rounded down to a page boundary
2341 before calculating this offset. This should not be a problem unless
2342 the low bits of start_addr and region_offset differ. */
2343 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2345 ram_addr_t phys_offset,
2346 ram_addr_t region_offset)
2348 target_phys_addr_t addr, end_addr;
2351 ram_addr_t orig_size = size;
2355 /* XXX: should not depend on cpu context */
2357 if (env->kqemu_enabled) {
2358 kqemu_set_phys_mem(start_addr, size, phys_offset);
2362 kvm_set_phys_mem(start_addr, size, phys_offset);
2364 if (phys_offset == IO_MEM_UNASSIGNED) {
2365 region_offset = start_addr;
2367 region_offset &= TARGET_PAGE_MASK;
2368 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2369 end_addr = start_addr + (target_phys_addr_t)size;
2370 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2371 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2372 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2373 ram_addr_t orig_memory = p->phys_offset;
2374 target_phys_addr_t start_addr2, end_addr2;
2375 int need_subpage = 0;
2377 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2379 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2380 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2381 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2382 &p->phys_offset, orig_memory,
2385 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2388 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2390 p->region_offset = 0;
2392 p->phys_offset = phys_offset;
2393 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2394 (phys_offset & IO_MEM_ROMD))
2395 phys_offset += TARGET_PAGE_SIZE;
2398 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2399 p->phys_offset = phys_offset;
2400 p->region_offset = region_offset;
2401 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2402 (phys_offset & IO_MEM_ROMD)) {
2403 phys_offset += TARGET_PAGE_SIZE;
2405 target_phys_addr_t start_addr2, end_addr2;
2406 int need_subpage = 0;
2408 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2409 end_addr2, need_subpage);
2411 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2412 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2413 &p->phys_offset, IO_MEM_UNASSIGNED,
2414 addr & TARGET_PAGE_MASK);
2415 subpage_register(subpage, start_addr2, end_addr2,
2416 phys_offset, region_offset);
2417 p->region_offset = 0;
2421 region_offset += TARGET_PAGE_SIZE;
2424 /* since each CPU stores ram addresses in its TLB cache, we must
2425 reset the modified entries */
2427 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2432 /* XXX: temporary until new memory mapping API */
2433 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2437 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2439 return IO_MEM_UNASSIGNED;
2440 return p->phys_offset;
2443 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2446 kvm_coalesce_mmio_region(addr, size);
2449 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2452 kvm_uncoalesce_mmio_region(addr, size);
2456 /* XXX: better than nothing */
2457 static ram_addr_t kqemu_ram_alloc(ram_addr_t size)
2460 if ((last_ram_offset + size) > kqemu_phys_ram_size) {
2461 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2462 (uint64_t)size, (uint64_t)kqemu_phys_ram_size);
2465 addr = last_ram_offset;
2466 last_ram_offset = TARGET_PAGE_ALIGN(last_ram_offset + size);
2471 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2473 RAMBlock *new_block;
2476 if (kqemu_phys_ram_base) {
2477 return kqemu_ram_alloc(size);
2481 size = TARGET_PAGE_ALIGN(size);
2482 new_block = qemu_malloc(sizeof(*new_block));
2484 new_block->host = qemu_vmalloc(size);
2485 new_block->offset = last_ram_offset;
2486 new_block->length = size;
2488 new_block->next = ram_blocks;
2489 ram_blocks = new_block;
2491 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2492 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2493 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2494 0xff, size >> TARGET_PAGE_BITS);
2496 last_ram_offset += size;
2498 return new_block->offset;
2501 void qemu_ram_free(ram_addr_t addr)
2503 /* TODO: implement this. */
2506 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2507 With the exception of the softmmu code in this file, this should
2508 only be used for local memory (e.g. video ram) that the device owns,
2509 and knows it isn't going to access beyond the end of the block.
2511 It should not be used for general purpose DMA.
2512 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2514 void *qemu_get_ram_ptr(ram_addr_t addr)
2521 if (kqemu_phys_ram_base) {
2522 return kqemu_phys_ram_base + addr;
2527 prevp = &ram_blocks;
2529 while (block && (block->offset > addr
2530 || block->offset + block->length <= addr)) {
2532 prevp = &prev->next;
2534 block = block->next;
2537 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2540 /* Move this entry to to start of the list. */
2542 prev->next = block->next;
2543 block->next = *prevp;
2546 return block->host + (addr - block->offset);
2549 /* Some of the softmmu routines need to translate from a host pointer
2550 (typically a TLB entry) back to a ram offset. */
2551 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2556 uint8_t *host = ptr;
2559 if (kqemu_phys_ram_base) {
2560 return host - kqemu_phys_ram_base;
2565 prevp = &ram_blocks;
2567 while (block && (block->host > host
2568 || block->host + block->length <= host)) {
2570 prevp = &prev->next;
2572 block = block->next;
2575 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2578 return block->offset + (host - block->host);
2581 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2583 #ifdef DEBUG_UNASSIGNED
2584 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2586 #if defined(TARGET_SPARC)
2587 do_unassigned_access(addr, 0, 0, 0, 1);
2592 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2594 #ifdef DEBUG_UNASSIGNED
2595 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2597 #if defined(TARGET_SPARC)
2598 do_unassigned_access(addr, 0, 0, 0, 2);
2603 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2605 #ifdef DEBUG_UNASSIGNED
2606 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2608 #if defined(TARGET_SPARC)
2609 do_unassigned_access(addr, 0, 0, 0, 4);
2614 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2616 #ifdef DEBUG_UNASSIGNED
2617 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2619 #if defined(TARGET_SPARC)
2620 do_unassigned_access(addr, 1, 0, 0, 1);
2624 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2626 #ifdef DEBUG_UNASSIGNED
2627 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2629 #if defined(TARGET_SPARC)
2630 do_unassigned_access(addr, 1, 0, 0, 2);
2634 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2636 #ifdef DEBUG_UNASSIGNED
2637 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2639 #if defined(TARGET_SPARC)
2640 do_unassigned_access(addr, 1, 0, 0, 4);
2644 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2645 unassigned_mem_readb,
2646 unassigned_mem_readw,
2647 unassigned_mem_readl,
2650 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2651 unassigned_mem_writeb,
2652 unassigned_mem_writew,
2653 unassigned_mem_writel,
2656 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2660 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2661 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2662 #if !defined(CONFIG_USER_ONLY)
2663 tb_invalidate_phys_page_fast(ram_addr, 1);
2664 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2667 stb_p(qemu_get_ram_ptr(ram_addr), val);
2669 if (cpu_single_env->kqemu_enabled &&
2670 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2671 kqemu_modify_page(cpu_single_env, ram_addr);
2673 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2674 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2675 /* we remove the notdirty callback only if the code has been
2677 if (dirty_flags == 0xff)
2678 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2681 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2685 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2686 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2687 #if !defined(CONFIG_USER_ONLY)
2688 tb_invalidate_phys_page_fast(ram_addr, 2);
2689 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2692 stw_p(qemu_get_ram_ptr(ram_addr), val);
2694 if (cpu_single_env->kqemu_enabled &&
2695 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2696 kqemu_modify_page(cpu_single_env, ram_addr);
2698 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2699 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2700 /* we remove the notdirty callback only if the code has been
2702 if (dirty_flags == 0xff)
2703 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2706 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2710 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2711 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2712 #if !defined(CONFIG_USER_ONLY)
2713 tb_invalidate_phys_page_fast(ram_addr, 4);
2714 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2717 stl_p(qemu_get_ram_ptr(ram_addr), val);
2719 if (cpu_single_env->kqemu_enabled &&
2720 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2721 kqemu_modify_page(cpu_single_env, ram_addr);
2723 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2724 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2725 /* we remove the notdirty callback only if the code has been
2727 if (dirty_flags == 0xff)
2728 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2731 static CPUReadMemoryFunc *error_mem_read[3] = {
2732 NULL, /* never used */
2733 NULL, /* never used */
2734 NULL, /* never used */
2737 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2738 notdirty_mem_writeb,
2739 notdirty_mem_writew,
2740 notdirty_mem_writel,
2743 /* Generate a debug exception if a watchpoint has been hit. */
2744 static void check_watchpoint(int offset, int len_mask, int flags)
2746 CPUState *env = cpu_single_env;
2747 target_ulong pc, cs_base;
2748 TranslationBlock *tb;
2753 if (env->watchpoint_hit) {
2754 /* We re-entered the check after replacing the TB. Now raise
2755 * the debug interrupt so that is will trigger after the
2756 * current instruction. */
2757 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2760 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2761 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2762 if ((vaddr == (wp->vaddr & len_mask) ||
2763 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2764 wp->flags |= BP_WATCHPOINT_HIT;
2765 if (!env->watchpoint_hit) {
2766 env->watchpoint_hit = wp;
2767 tb = tb_find_pc(env->mem_io_pc);
2769 cpu_abort(env, "check_watchpoint: could not find TB for "
2770 "pc=%p", (void *)env->mem_io_pc);
2772 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2773 tb_phys_invalidate(tb, -1);
2774 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2775 env->exception_index = EXCP_DEBUG;
2777 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2778 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2780 cpu_resume_from_signal(env, NULL);
2783 wp->flags &= ~BP_WATCHPOINT_HIT;
2788 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2789 so these check for a hit then pass through to the normal out-of-line
2791 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2793 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2794 return ldub_phys(addr);
2797 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2799 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2800 return lduw_phys(addr);
2803 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2805 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2806 return ldl_phys(addr);
2809 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2812 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2813 stb_phys(addr, val);
2816 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2819 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2820 stw_phys(addr, val);
2823 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2826 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2827 stl_phys(addr, val);
2830 static CPUReadMemoryFunc *watch_mem_read[3] = {
2836 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2842 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2848 idx = SUBPAGE_IDX(addr);
2849 #if defined(DEBUG_SUBPAGE)
2850 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2851 mmio, len, addr, idx);
2853 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2854 addr + mmio->region_offset[idx][0][len]);
2859 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2860 uint32_t value, unsigned int len)
2864 idx = SUBPAGE_IDX(addr);
2865 #if defined(DEBUG_SUBPAGE)
2866 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2867 mmio, len, addr, idx, value);
2869 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2870 addr + mmio->region_offset[idx][1][len],
2874 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2876 #if defined(DEBUG_SUBPAGE)
2877 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2880 return subpage_readlen(opaque, addr, 0);
2883 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2886 #if defined(DEBUG_SUBPAGE)
2887 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2889 subpage_writelen(opaque, addr, value, 0);
2892 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2894 #if defined(DEBUG_SUBPAGE)
2895 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2898 return subpage_readlen(opaque, addr, 1);
2901 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2904 #if defined(DEBUG_SUBPAGE)
2905 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2907 subpage_writelen(opaque, addr, value, 1);
2910 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2912 #if defined(DEBUG_SUBPAGE)
2913 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2916 return subpage_readlen(opaque, addr, 2);
2919 static void subpage_writel (void *opaque,
2920 target_phys_addr_t addr, uint32_t value)
2922 #if defined(DEBUG_SUBPAGE)
2923 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2925 subpage_writelen(opaque, addr, value, 2);
2928 static CPUReadMemoryFunc *subpage_read[] = {
2934 static CPUWriteMemoryFunc *subpage_write[] = {
2940 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2941 ram_addr_t memory, ram_addr_t region_offset)
2946 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2948 idx = SUBPAGE_IDX(start);
2949 eidx = SUBPAGE_IDX(end);
2950 #if defined(DEBUG_SUBPAGE)
2951 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2952 mmio, start, end, idx, eidx, memory);
2954 memory >>= IO_MEM_SHIFT;
2955 for (; idx <= eidx; idx++) {
2956 for (i = 0; i < 4; i++) {
2957 if (io_mem_read[memory][i]) {
2958 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2959 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2960 mmio->region_offset[idx][0][i] = region_offset;
2962 if (io_mem_write[memory][i]) {
2963 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2964 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2965 mmio->region_offset[idx][1][i] = region_offset;
2973 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2974 ram_addr_t orig_memory, ram_addr_t region_offset)
2979 mmio = qemu_mallocz(sizeof(subpage_t));
2982 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2983 #if defined(DEBUG_SUBPAGE)
2984 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2985 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2987 *phys = subpage_memory | IO_MEM_SUBPAGE;
2988 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
2994 static int get_free_io_mem_idx(void)
2998 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
2999 if (!io_mem_used[i]) {
3007 static void io_mem_init(void)
3011 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
3012 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
3013 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
3017 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
3018 watch_mem_write, NULL);
3020 if (kqemu_phys_ram_base) {
3021 /* alloc dirty bits array */
3022 phys_ram_dirty = qemu_vmalloc(kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3023 memset(phys_ram_dirty, 0xff, kqemu_phys_ram_size >> TARGET_PAGE_BITS);
3028 /* mem_read and mem_write are arrays of functions containing the
3029 function to access byte (index 0), word (index 1) and dword (index
3030 2). Functions can be omitted with a NULL function pointer. The
3031 registered functions may be modified dynamically later.
3032 If io_index is non zero, the corresponding io zone is
3033 modified. If it is zero, a new io zone is allocated. The return
3034 value can be used with cpu_register_physical_memory(). (-1) is
3035 returned if error. */
3036 int cpu_register_io_memory(int io_index,
3037 CPUReadMemoryFunc **mem_read,
3038 CPUWriteMemoryFunc **mem_write,
3041 int i, subwidth = 0;
3043 if (io_index <= 0) {
3044 io_index = get_free_io_mem_idx();
3048 if (io_index >= IO_MEM_NB_ENTRIES)
3052 for(i = 0;i < 3; i++) {
3053 if (!mem_read[i] || !mem_write[i])
3054 subwidth = IO_MEM_SUBWIDTH;
3055 io_mem_read[io_index][i] = mem_read[i];
3056 io_mem_write[io_index][i] = mem_write[i];
3058 io_mem_opaque[io_index] = opaque;
3059 return (io_index << IO_MEM_SHIFT) | subwidth;
3062 void cpu_unregister_io_memory(int io_table_address)
3065 int io_index = io_table_address >> IO_MEM_SHIFT;
3067 for (i=0;i < 3; i++) {
3068 io_mem_read[io_index][i] = unassigned_mem_read[i];
3069 io_mem_write[io_index][i] = unassigned_mem_write[i];
3071 io_mem_opaque[io_index] = NULL;
3072 io_mem_used[io_index] = 0;
3075 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
3077 return io_mem_write[io_index >> IO_MEM_SHIFT];
3080 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
3082 return io_mem_read[io_index >> IO_MEM_SHIFT];
3085 #endif /* !defined(CONFIG_USER_ONLY) */
3087 /* physical memory access (slow version, mainly for debug) */
3088 #if defined(CONFIG_USER_ONLY)
3089 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3090 int len, int is_write)
3097 page = addr & TARGET_PAGE_MASK;
3098 l = (page + TARGET_PAGE_SIZE) - addr;
3101 flags = page_get_flags(page);
3102 if (!(flags & PAGE_VALID))
3105 if (!(flags & PAGE_WRITE))
3107 /* XXX: this code should not depend on lock_user */
3108 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3109 /* FIXME - should this return an error rather than just fail? */
3112 unlock_user(p, addr, l);
3114 if (!(flags & PAGE_READ))
3116 /* XXX: this code should not depend on lock_user */
3117 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3118 /* FIXME - should this return an error rather than just fail? */
3121 unlock_user(p, addr, 0);
3130 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3131 int len, int is_write)
3136 target_phys_addr_t page;
3141 page = addr & TARGET_PAGE_MASK;
3142 l = (page + TARGET_PAGE_SIZE) - addr;
3145 p = phys_page_find(page >> TARGET_PAGE_BITS);
3147 pd = IO_MEM_UNASSIGNED;
3149 pd = p->phys_offset;
3153 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3154 target_phys_addr_t addr1 = addr;
3155 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3157 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3158 /* XXX: could force cpu_single_env to NULL to avoid
3160 if (l >= 4 && ((addr1 & 3) == 0)) {
3161 /* 32 bit write access */
3163 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3165 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3166 /* 16 bit write access */
3168 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3171 /* 8 bit write access */
3173 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3177 unsigned long addr1;
3178 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3180 ptr = qemu_get_ram_ptr(addr1);
3181 memcpy(ptr, buf, l);
3182 if (!cpu_physical_memory_is_dirty(addr1)) {
3183 /* invalidate code */
3184 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3186 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3187 (0xff & ~CODE_DIRTY_FLAG);
3191 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3192 !(pd & IO_MEM_ROMD)) {
3193 target_phys_addr_t addr1 = addr;
3195 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3197 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3198 if (l >= 4 && ((addr1 & 3) == 0)) {
3199 /* 32 bit read access */
3200 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3203 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3204 /* 16 bit read access */
3205 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3209 /* 8 bit read access */
3210 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3216 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3217 (addr & ~TARGET_PAGE_MASK);
3218 memcpy(buf, ptr, l);
3227 /* used for ROM loading : can write in RAM and ROM */
3228 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3229 const uint8_t *buf, int len)
3233 target_phys_addr_t page;
3238 page = addr & TARGET_PAGE_MASK;
3239 l = (page + TARGET_PAGE_SIZE) - addr;
3242 p = phys_page_find(page >> TARGET_PAGE_BITS);
3244 pd = IO_MEM_UNASSIGNED;
3246 pd = p->phys_offset;
3249 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3250 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3251 !(pd & IO_MEM_ROMD)) {
3254 unsigned long addr1;
3255 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3257 ptr = qemu_get_ram_ptr(addr1);
3258 memcpy(ptr, buf, l);
3268 target_phys_addr_t addr;
3269 target_phys_addr_t len;
3272 static BounceBuffer bounce;
3274 typedef struct MapClient {
3276 void (*callback)(void *opaque);
3277 LIST_ENTRY(MapClient) link;
3280 static LIST_HEAD(map_client_list, MapClient) map_client_list
3281 = LIST_HEAD_INITIALIZER(map_client_list);
3283 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3285 MapClient *client = qemu_malloc(sizeof(*client));
3287 client->opaque = opaque;
3288 client->callback = callback;
3289 LIST_INSERT_HEAD(&map_client_list, client, link);
3293 void cpu_unregister_map_client(void *_client)
3295 MapClient *client = (MapClient *)_client;
3297 LIST_REMOVE(client, link);
3300 static void cpu_notify_map_clients(void)
3304 while (!LIST_EMPTY(&map_client_list)) {
3305 client = LIST_FIRST(&map_client_list);
3306 client->callback(client->opaque);
3307 LIST_REMOVE(client, link);
3311 /* Map a physical memory region into a host virtual address.
3312 * May map a subset of the requested range, given by and returned in *plen.
3313 * May return NULL if resources needed to perform the mapping are exhausted.
3314 * Use only for reads OR writes - not for read-modify-write operations.
3315 * Use cpu_register_map_client() to know when retrying the map operation is
3316 * likely to succeed.
3318 void *cpu_physical_memory_map(target_phys_addr_t addr,
3319 target_phys_addr_t *plen,
3322 target_phys_addr_t len = *plen;
3323 target_phys_addr_t done = 0;
3325 uint8_t *ret = NULL;
3327 target_phys_addr_t page;
3330 unsigned long addr1;
3333 page = addr & TARGET_PAGE_MASK;
3334 l = (page + TARGET_PAGE_SIZE) - addr;
3337 p = phys_page_find(page >> TARGET_PAGE_BITS);
3339 pd = IO_MEM_UNASSIGNED;
3341 pd = p->phys_offset;
3344 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3345 if (done || bounce.buffer) {
3348 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3352 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3354 ptr = bounce.buffer;
3356 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3357 ptr = qemu_get_ram_ptr(addr1);
3361 } else if (ret + done != ptr) {
3373 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3374 * Will also mark the memory as dirty if is_write == 1. access_len gives
3375 * the amount of memory that was actually read or written by the caller.
3377 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3378 int is_write, target_phys_addr_t access_len)
3380 if (buffer != bounce.buffer) {
3382 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3383 while (access_len) {
3385 l = TARGET_PAGE_SIZE;
3388 if (!cpu_physical_memory_is_dirty(addr1)) {
3389 /* invalidate code */
3390 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3392 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3393 (0xff & ~CODE_DIRTY_FLAG);
3402 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3404 qemu_free(bounce.buffer);
3405 bounce.buffer = NULL;
3406 cpu_notify_map_clients();
3409 /* warning: addr must be aligned */
3410 uint32_t ldl_phys(target_phys_addr_t addr)
3418 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3420 pd = IO_MEM_UNASSIGNED;
3422 pd = p->phys_offset;
3425 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3426 !(pd & IO_MEM_ROMD)) {
3428 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3430 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3431 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3434 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3435 (addr & ~TARGET_PAGE_MASK);
3441 /* warning: addr must be aligned */
3442 uint64_t ldq_phys(target_phys_addr_t addr)
3450 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3452 pd = IO_MEM_UNASSIGNED;
3454 pd = p->phys_offset;
3457 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3458 !(pd & IO_MEM_ROMD)) {
3460 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3462 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3463 #ifdef TARGET_WORDS_BIGENDIAN
3464 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3465 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3467 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3468 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3472 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3473 (addr & ~TARGET_PAGE_MASK);
3480 uint32_t ldub_phys(target_phys_addr_t addr)
3483 cpu_physical_memory_read(addr, &val, 1);
3488 uint32_t lduw_phys(target_phys_addr_t addr)
3491 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3492 return tswap16(val);
3495 /* warning: addr must be aligned. The ram page is not masked as dirty
3496 and the code inside is not invalidated. It is useful if the dirty
3497 bits are used to track modified PTEs */
3498 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3505 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3507 pd = IO_MEM_UNASSIGNED;
3509 pd = p->phys_offset;
3512 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3513 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3515 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3516 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3518 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3519 ptr = qemu_get_ram_ptr(addr1);
3522 if (unlikely(in_migration)) {
3523 if (!cpu_physical_memory_is_dirty(addr1)) {
3524 /* invalidate code */
3525 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3527 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3528 (0xff & ~CODE_DIRTY_FLAG);
3534 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3541 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3543 pd = IO_MEM_UNASSIGNED;
3545 pd = p->phys_offset;
3548 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3549 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3551 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3552 #ifdef TARGET_WORDS_BIGENDIAN
3553 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3554 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3556 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3557 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3560 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3561 (addr & ~TARGET_PAGE_MASK);
3566 /* warning: addr must be aligned */
3567 void stl_phys(target_phys_addr_t addr, uint32_t val)
3574 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3576 pd = IO_MEM_UNASSIGNED;
3578 pd = p->phys_offset;
3581 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3582 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3584 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3585 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3587 unsigned long addr1;
3588 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3590 ptr = qemu_get_ram_ptr(addr1);
3592 if (!cpu_physical_memory_is_dirty(addr1)) {
3593 /* invalidate code */
3594 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3596 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3597 (0xff & ~CODE_DIRTY_FLAG);
3603 void stb_phys(target_phys_addr_t addr, uint32_t val)
3606 cpu_physical_memory_write(addr, &v, 1);
3610 void stw_phys(target_phys_addr_t addr, uint32_t val)
3612 uint16_t v = tswap16(val);
3613 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3617 void stq_phys(target_phys_addr_t addr, uint64_t val)
3620 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3625 /* virtual memory access for debug (includes writing to ROM) */
3626 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3627 uint8_t *buf, int len, int is_write)
3630 target_phys_addr_t phys_addr;
3634 page = addr & TARGET_PAGE_MASK;
3635 phys_addr = cpu_get_phys_page_debug(env, page);
3636 /* if no physical page mapped, return an error */
3637 if (phys_addr == -1)
3639 l = (page + TARGET_PAGE_SIZE) - addr;
3642 phys_addr += (addr & ~TARGET_PAGE_MASK);
3643 #if !defined(CONFIG_USER_ONLY)
3645 cpu_physical_memory_write_rom(phys_addr, buf, l);
3648 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3656 /* in deterministic execution mode, instructions doing device I/Os
3657 must be at the end of the TB */
3658 void cpu_io_recompile(CPUState *env, void *retaddr)
3660 TranslationBlock *tb;
3662 target_ulong pc, cs_base;
3665 tb = tb_find_pc((unsigned long)retaddr);
3667 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3670 n = env->icount_decr.u16.low + tb->icount;
3671 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3672 /* Calculate how many instructions had been executed before the fault
3674 n = n - env->icount_decr.u16.low;
3675 /* Generate a new TB ending on the I/O insn. */
3677 /* On MIPS and SH, delay slot instructions can only be restarted if
3678 they were already the first instruction in the TB. If this is not
3679 the first instruction in a TB then re-execute the preceding
3681 #if defined(TARGET_MIPS)
3682 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3683 env->active_tc.PC -= 4;
3684 env->icount_decr.u16.low++;
3685 env->hflags &= ~MIPS_HFLAG_BMASK;
3687 #elif defined(TARGET_SH4)
3688 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3691 env->icount_decr.u16.low++;
3692 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3695 /* This should never happen. */
3696 if (n > CF_COUNT_MASK)
3697 cpu_abort(env, "TB too big during recompile");
3699 cflags = n | CF_LAST_IO;
3701 cs_base = tb->cs_base;
3703 tb_phys_invalidate(tb, -1);
3704 /* FIXME: In theory this could raise an exception. In practice
3705 we have already translated the block once so it's probably ok. */
3706 tb_gen_code(env, pc, cs_base, flags, cflags);
3707 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3708 the first in the TB) then we end up generating a whole new TB and
3709 repeating the fault, which is horribly inefficient.
3710 Better would be to execute just this insn uncached, or generate a
3712 cpu_resume_from_signal(env, NULL);
3715 void dump_exec_info(FILE *f,
3716 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3718 int i, target_code_size, max_target_code_size;
3719 int direct_jmp_count, direct_jmp2_count, cross_page;
3720 TranslationBlock *tb;
3722 target_code_size = 0;
3723 max_target_code_size = 0;
3725 direct_jmp_count = 0;
3726 direct_jmp2_count = 0;
3727 for(i = 0; i < nb_tbs; i++) {
3729 target_code_size += tb->size;
3730 if (tb->size > max_target_code_size)
3731 max_target_code_size = tb->size;
3732 if (tb->page_addr[1] != -1)
3734 if (tb->tb_next_offset[0] != 0xffff) {
3736 if (tb->tb_next_offset[1] != 0xffff) {
3737 direct_jmp2_count++;
3741 /* XXX: avoid using doubles ? */
3742 cpu_fprintf(f, "Translation buffer state:\n");
3743 cpu_fprintf(f, "gen code size %ld/%ld\n",
3744 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3745 cpu_fprintf(f, "TB count %d/%d\n",
3746 nb_tbs, code_gen_max_blocks);
3747 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3748 nb_tbs ? target_code_size / nb_tbs : 0,
3749 max_target_code_size);
3750 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3751 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3752 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3753 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3755 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3756 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3758 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3760 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3761 cpu_fprintf(f, "\nStatistics:\n");
3762 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3763 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3764 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3765 tcg_dump_info(f, cpu_fprintf);
3768 #if !defined(CONFIG_USER_ONLY)
3770 #define MMUSUFFIX _cmmu
3771 #define GETPC() NULL
3772 #define env cpu_single_env
3773 #define SOFTMMU_CODE_ACCESS
3776 #include "softmmu_template.h"
3779 #include "softmmu_template.h"
3782 #include "softmmu_template.h"
3785 #include "softmmu_template.h"
projects / qemu / blob