2 * virtual page mapping and translated block handling
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
22 #define WIN32_LEAN_AND_MEAN
25 #include <sys/types.h>
38 #include "qemu-common.h"
43 #if defined(CONFIG_USER_ONLY)
47 //#define DEBUG_TB_INVALIDATE
50 //#define DEBUG_UNASSIGNED
52 /* make various TB consistency checks */
53 //#define DEBUG_TB_CHECK
54 //#define DEBUG_TLB_CHECK
56 //#define DEBUG_IOPORT
57 //#define DEBUG_SUBPAGE
59 #if !defined(CONFIG_USER_ONLY)
60 /* TB consistency checks only implemented for usermode emulation. */
64 #define SMC_BITMAP_USE_THRESHOLD 10
66 #define MMAP_AREA_START 0x00000000
67 #define MMAP_AREA_END 0xa8000000
69 #if defined(TARGET_SPARC64)
70 #define TARGET_PHYS_ADDR_SPACE_BITS 41
71 #elif defined(TARGET_SPARC)
72 #define TARGET_PHYS_ADDR_SPACE_BITS 36
73 #elif defined(TARGET_ALPHA)
74 #define TARGET_PHYS_ADDR_SPACE_BITS 42
75 #define TARGET_VIRT_ADDR_SPACE_BITS 42
76 #elif defined(TARGET_PPC64)
77 #define TARGET_PHYS_ADDR_SPACE_BITS 42
78 #elif defined(TARGET_X86_64) && !defined(USE_KQEMU)
79 #define TARGET_PHYS_ADDR_SPACE_BITS 42
80 #elif defined(TARGET_I386) && !defined(USE_KQEMU)
81 #define TARGET_PHYS_ADDR_SPACE_BITS 36
83 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
84 #define TARGET_PHYS_ADDR_SPACE_BITS 32
87 static TranslationBlock *tbs;
88 int code_gen_max_blocks;
89 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
91 /* any access to the tbs or the page table must use this lock */
92 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
94 #if defined(__arm__) || defined(__sparc_v9__)
95 /* The prologue must be reachable with a direct jump. ARM and Sparc64
96 have limited branch ranges (possibly also PPC) so place it in a
97 section close to code segment. */
98 #define code_gen_section \
99 __attribute__((__section__(".gen_code"))) \
100 __attribute__((aligned (32)))
102 #define code_gen_section \
103 __attribute__((aligned (32)))
106 uint8_t code_gen_prologue[1024] code_gen_section;
107 static uint8_t *code_gen_buffer;
108 static unsigned long code_gen_buffer_size;
109 /* threshold to flush the translated code buffer */
110 static unsigned long code_gen_buffer_max_size;
111 uint8_t *code_gen_ptr;
113 #if !defined(CONFIG_USER_ONLY)
114 ram_addr_t phys_ram_size;
116 uint8_t *phys_ram_base;
117 uint8_t *phys_ram_dirty;
118 static int in_migration;
119 static ram_addr_t phys_ram_alloc_offset = 0;
123 /* current CPU in the current thread. It is only valid inside
125 CPUState *cpu_single_env;
126 /* 0 = Do not count executed instructions.
127 1 = Precise instruction counting.
128 2 = Adaptive rate instruction counting. */
130 /* Current instruction counter. While executing translated code this may
131 include some instructions that have not yet been executed. */
134 typedef struct PageDesc {
135 /* list of TBs intersecting this ram page */
136 TranslationBlock *first_tb;
137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141 #if defined(CONFIG_USER_ONLY)
146 typedef struct PhysPageDesc {
147 /* offset in host memory of the page + io_index in the low bits */
148 ram_addr_t phys_offset;
149 ram_addr_t region_offset;
153 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
154 /* XXX: this is a temporary hack for alpha target.
155 * In the future, this is to be replaced by a multi-level table
156 * to actually be able to handle the complete 64 bits address space.
158 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
160 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
163 #define L1_SIZE (1 << L1_BITS)
164 #define L2_SIZE (1 << L2_BITS)
166 unsigned long qemu_real_host_page_size;
167 unsigned long qemu_host_page_bits;
168 unsigned long qemu_host_page_size;
169 unsigned long qemu_host_page_mask;
171 /* XXX: for system emulation, it could just be an array */
172 static PageDesc *l1_map[L1_SIZE];
173 static PhysPageDesc **l1_phys_map;
175 #if !defined(CONFIG_USER_ONLY)
176 static void io_mem_init(void);
178 /* io memory support */
179 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
180 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
181 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
182 static char io_mem_used[IO_MEM_NB_ENTRIES];
183 static int io_mem_watch;
187 static const char *logfilename = "/tmp/qemu.log";
190 static int log_append = 0;
193 static int tlb_flush_count;
194 static int tb_flush_count;
195 static int tb_phys_invalidate_count;
197 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
198 typedef struct subpage_t {
199 target_phys_addr_t base;
200 CPUReadMemoryFunc **mem_read[TARGET_PAGE_SIZE][4];
201 CPUWriteMemoryFunc **mem_write[TARGET_PAGE_SIZE][4];
202 void *opaque[TARGET_PAGE_SIZE][2][4];
203 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
207 static void map_exec(void *addr, long size)
210 VirtualProtect(addr, size,
211 PAGE_EXECUTE_READWRITE, &old_protect);
215 static void map_exec(void *addr, long size)
217 unsigned long start, end, page_size;
219 page_size = getpagesize();
220 start = (unsigned long)addr;
221 start &= ~(page_size - 1);
223 end = (unsigned long)addr + size;
224 end += page_size - 1;
225 end &= ~(page_size - 1);
227 mprotect((void *)start, end - start,
228 PROT_READ | PROT_WRITE | PROT_EXEC);
232 static void page_init(void)
234 /* NOTE: we can always suppose that qemu_host_page_size >=
238 SYSTEM_INFO system_info;
240 GetSystemInfo(&system_info);
241 qemu_real_host_page_size = system_info.dwPageSize;
244 qemu_real_host_page_size = getpagesize();
246 if (qemu_host_page_size == 0)
247 qemu_host_page_size = qemu_real_host_page_size;
248 if (qemu_host_page_size < TARGET_PAGE_SIZE)
249 qemu_host_page_size = TARGET_PAGE_SIZE;
250 qemu_host_page_bits = 0;
251 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
252 qemu_host_page_bits++;
253 qemu_host_page_mask = ~(qemu_host_page_size - 1);
254 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
255 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
257 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
259 long long startaddr, endaddr;
264 last_brk = (unsigned long)sbrk(0);
265 f = fopen("/proc/self/maps", "r");
268 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
270 startaddr = MIN(startaddr,
271 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
272 endaddr = MIN(endaddr,
273 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
274 page_set_flags(startaddr & TARGET_PAGE_MASK,
275 TARGET_PAGE_ALIGN(endaddr),
286 static inline PageDesc **page_l1_map(target_ulong index)
288 #if TARGET_LONG_BITS > 32
289 /* Host memory outside guest VM. For 32-bit targets we have already
290 excluded high addresses. */
291 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
294 return &l1_map[index >> L2_BITS];
297 static inline PageDesc *page_find_alloc(target_ulong index)
300 lp = page_l1_map(index);
306 /* allocate if not found */
307 #if defined(CONFIG_USER_ONLY)
308 size_t len = sizeof(PageDesc) * L2_SIZE;
309 /* Don't use qemu_malloc because it may recurse. */
310 p = mmap(0, len, PROT_READ | PROT_WRITE,
311 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
314 unsigned long addr = h2g(p);
315 page_set_flags(addr & TARGET_PAGE_MASK,
316 TARGET_PAGE_ALIGN(addr + len),
320 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
324 return p + (index & (L2_SIZE - 1));
327 static inline PageDesc *page_find(target_ulong index)
330 lp = page_l1_map(index);
337 return p + (index & (L2_SIZE - 1));
340 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
345 p = (void **)l1_phys_map;
346 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
348 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
349 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
351 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
354 /* allocate if not found */
357 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
358 memset(p, 0, sizeof(void *) * L1_SIZE);
362 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
366 /* allocate if not found */
369 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
371 for (i = 0; i < L2_SIZE; i++) {
372 pd[i].phys_offset = IO_MEM_UNASSIGNED;
373 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
376 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
379 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
381 return phys_page_find_alloc(index, 0);
384 #if !defined(CONFIG_USER_ONLY)
385 static void tlb_protect_code(ram_addr_t ram_addr);
386 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
388 #define mmap_lock() do { } while(0)
389 #define mmap_unlock() do { } while(0)
392 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
394 #if defined(CONFIG_USER_ONLY)
395 /* Currently it is not recommanded to allocate big chunks of data in
396 user mode. It will change when a dedicated libc will be used */
397 #define USE_STATIC_CODE_GEN_BUFFER
400 #ifdef USE_STATIC_CODE_GEN_BUFFER
401 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
404 static void code_gen_alloc(unsigned long tb_size)
406 #ifdef USE_STATIC_CODE_GEN_BUFFER
407 code_gen_buffer = static_code_gen_buffer;
408 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
409 map_exec(code_gen_buffer, code_gen_buffer_size);
411 code_gen_buffer_size = tb_size;
412 if (code_gen_buffer_size == 0) {
413 #if defined(CONFIG_USER_ONLY)
414 /* in user mode, phys_ram_size is not meaningful */
415 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
417 /* XXX: needs ajustments */
418 code_gen_buffer_size = (unsigned long)(phys_ram_size / 4);
421 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
422 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
423 /* The code gen buffer location may have constraints depending on
424 the host cpu and OS */
425 #if defined(__linux__)
430 flags = MAP_PRIVATE | MAP_ANONYMOUS;
431 #if defined(__x86_64__)
433 /* Cannot map more than that */
434 if (code_gen_buffer_size > (800 * 1024 * 1024))
435 code_gen_buffer_size = (800 * 1024 * 1024);
436 #elif defined(__sparc_v9__)
437 // Map the buffer below 2G, so we can use direct calls and branches
439 start = (void *) 0x60000000UL;
440 if (code_gen_buffer_size > (512 * 1024 * 1024))
441 code_gen_buffer_size = (512 * 1024 * 1024);
442 #elif defined(__arm__)
443 /* Map the buffer below 32M, so we can use direct calls and branches */
445 start = (void *) 0x01000000UL;
446 if (code_gen_buffer_size > 16 * 1024 * 1024)
447 code_gen_buffer_size = 16 * 1024 * 1024;
449 code_gen_buffer = mmap(start, code_gen_buffer_size,
450 PROT_WRITE | PROT_READ | PROT_EXEC,
452 if (code_gen_buffer == MAP_FAILED) {
453 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
457 #elif defined(__FreeBSD__) || defined(__DragonFly__)
461 flags = MAP_PRIVATE | MAP_ANONYMOUS;
462 #if defined(__x86_64__)
463 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
464 * 0x40000000 is free */
466 addr = (void *)0x40000000;
467 /* Cannot map more than that */
468 if (code_gen_buffer_size > (800 * 1024 * 1024))
469 code_gen_buffer_size = (800 * 1024 * 1024);
471 code_gen_buffer = mmap(addr, code_gen_buffer_size,
472 PROT_WRITE | PROT_READ | PROT_EXEC,
474 if (code_gen_buffer == MAP_FAILED) {
475 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
480 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
481 map_exec(code_gen_buffer, code_gen_buffer_size);
483 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
484 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
485 code_gen_buffer_max_size = code_gen_buffer_size -
486 code_gen_max_block_size();
487 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
488 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
491 /* Must be called before using the QEMU cpus. 'tb_size' is the size
492 (in bytes) allocated to the translation buffer. Zero means default
494 void cpu_exec_init_all(unsigned long tb_size)
497 code_gen_alloc(tb_size);
498 code_gen_ptr = code_gen_buffer;
500 #if !defined(CONFIG_USER_ONLY)
505 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
507 #define CPU_COMMON_SAVE_VERSION 1
509 static void cpu_common_save(QEMUFile *f, void *opaque)
511 CPUState *env = opaque;
513 qemu_put_be32s(f, &env->halted);
514 qemu_put_be32s(f, &env->interrupt_request);
517 static int cpu_common_load(QEMUFile *f, void *opaque, int version_id)
519 CPUState *env = opaque;
521 if (version_id != CPU_COMMON_SAVE_VERSION)
524 qemu_get_be32s(f, &env->halted);
525 qemu_get_be32s(f, &env->interrupt_request);
526 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
527 version_id is increased. */
528 env->interrupt_request &= ~0x01;
535 void cpu_exec_init(CPUState *env)
540 #if defined(CONFIG_USER_ONLY)
543 env->next_cpu = NULL;
546 while (*penv != NULL) {
547 penv = (CPUState **)&(*penv)->next_cpu;
550 env->cpu_index = cpu_index;
551 TAILQ_INIT(&env->breakpoints);
552 TAILQ_INIT(&env->watchpoints);
554 #if defined(CONFIG_USER_ONLY)
557 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
558 register_savevm("cpu_common", cpu_index, CPU_COMMON_SAVE_VERSION,
559 cpu_common_save, cpu_common_load, env);
560 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
561 cpu_save, cpu_load, env);
565 static inline void invalidate_page_bitmap(PageDesc *p)
567 if (p->code_bitmap) {
568 qemu_free(p->code_bitmap);
569 p->code_bitmap = NULL;
571 p->code_write_count = 0;
574 /* set to NULL all the 'first_tb' fields in all PageDescs */
575 static void page_flush_tb(void)
580 for(i = 0; i < L1_SIZE; i++) {
583 for(j = 0; j < L2_SIZE; j++) {
585 invalidate_page_bitmap(p);
592 /* flush all the translation blocks */
593 /* XXX: tb_flush is currently not thread safe */
594 void tb_flush(CPUState *env1)
597 #if defined(DEBUG_FLUSH)
598 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
599 (unsigned long)(code_gen_ptr - code_gen_buffer),
601 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
603 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
604 cpu_abort(env1, "Internal error: code buffer overflow\n");
608 for(env = first_cpu; env != NULL; env = env->next_cpu) {
609 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
612 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
615 code_gen_ptr = code_gen_buffer;
616 /* XXX: flush processor icache at this point if cache flush is
621 #ifdef DEBUG_TB_CHECK
623 static void tb_invalidate_check(target_ulong address)
625 TranslationBlock *tb;
627 address &= TARGET_PAGE_MASK;
628 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
629 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
630 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
631 address >= tb->pc + tb->size)) {
632 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
633 address, (long)tb->pc, tb->size);
639 /* verify that all the pages have correct rights for code */
640 static void tb_page_check(void)
642 TranslationBlock *tb;
643 int i, flags1, flags2;
645 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
646 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
647 flags1 = page_get_flags(tb->pc);
648 flags2 = page_get_flags(tb->pc + tb->size - 1);
649 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
650 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
651 (long)tb->pc, tb->size, flags1, flags2);
657 static void tb_jmp_check(TranslationBlock *tb)
659 TranslationBlock *tb1;
662 /* suppress any remaining jumps to this TB */
666 tb1 = (TranslationBlock *)((long)tb1 & ~3);
669 tb1 = tb1->jmp_next[n1];
671 /* check end of list */
673 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
679 /* invalidate one TB */
680 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
683 TranslationBlock *tb1;
687 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
690 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
694 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
696 TranslationBlock *tb1;
702 tb1 = (TranslationBlock *)((long)tb1 & ~3);
704 *ptb = tb1->page_next[n1];
707 ptb = &tb1->page_next[n1];
711 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
713 TranslationBlock *tb1, **ptb;
716 ptb = &tb->jmp_next[n];
719 /* find tb(n) in circular list */
723 tb1 = (TranslationBlock *)((long)tb1 & ~3);
724 if (n1 == n && tb1 == tb)
727 ptb = &tb1->jmp_first;
729 ptb = &tb1->jmp_next[n1];
732 /* now we can suppress tb(n) from the list */
733 *ptb = tb->jmp_next[n];
735 tb->jmp_next[n] = NULL;
739 /* reset the jump entry 'n' of a TB so that it is not chained to
741 static inline void tb_reset_jump(TranslationBlock *tb, int n)
743 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
746 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
751 target_phys_addr_t phys_pc;
752 TranslationBlock *tb1, *tb2;
754 /* remove the TB from the hash list */
755 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
756 h = tb_phys_hash_func(phys_pc);
757 tb_remove(&tb_phys_hash[h], tb,
758 offsetof(TranslationBlock, phys_hash_next));
760 /* remove the TB from the page list */
761 if (tb->page_addr[0] != page_addr) {
762 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
763 tb_page_remove(&p->first_tb, tb);
764 invalidate_page_bitmap(p);
766 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
767 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
768 tb_page_remove(&p->first_tb, tb);
769 invalidate_page_bitmap(p);
772 tb_invalidated_flag = 1;
774 /* remove the TB from the hash list */
775 h = tb_jmp_cache_hash_func(tb->pc);
776 for(env = first_cpu; env != NULL; env = env->next_cpu) {
777 if (env->tb_jmp_cache[h] == tb)
778 env->tb_jmp_cache[h] = NULL;
781 /* suppress this TB from the two jump lists */
782 tb_jmp_remove(tb, 0);
783 tb_jmp_remove(tb, 1);
785 /* suppress any remaining jumps to this TB */
791 tb1 = (TranslationBlock *)((long)tb1 & ~3);
792 tb2 = tb1->jmp_next[n1];
793 tb_reset_jump(tb1, n1);
794 tb1->jmp_next[n1] = NULL;
797 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
799 tb_phys_invalidate_count++;
802 static inline void set_bits(uint8_t *tab, int start, int len)
808 mask = 0xff << (start & 7);
809 if ((start & ~7) == (end & ~7)) {
811 mask &= ~(0xff << (end & 7));
816 start = (start + 8) & ~7;
818 while (start < end1) {
823 mask = ~(0xff << (end & 7));
829 static void build_page_bitmap(PageDesc *p)
831 int n, tb_start, tb_end;
832 TranslationBlock *tb;
834 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
839 tb = (TranslationBlock *)((long)tb & ~3);
840 /* NOTE: this is subtle as a TB may span two physical pages */
842 /* NOTE: tb_end may be after the end of the page, but
843 it is not a problem */
844 tb_start = tb->pc & ~TARGET_PAGE_MASK;
845 tb_end = tb_start + tb->size;
846 if (tb_end > TARGET_PAGE_SIZE)
847 tb_end = TARGET_PAGE_SIZE;
850 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
852 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
853 tb = tb->page_next[n];
857 TranslationBlock *tb_gen_code(CPUState *env,
858 target_ulong pc, target_ulong cs_base,
859 int flags, int cflags)
861 TranslationBlock *tb;
863 target_ulong phys_pc, phys_page2, virt_page2;
866 phys_pc = get_phys_addr_code(env, pc);
869 /* flush must be done */
871 /* cannot fail at this point */
873 /* Don't forget to invalidate previous TB info. */
874 tb_invalidated_flag = 1;
876 tc_ptr = code_gen_ptr;
878 tb->cs_base = cs_base;
881 cpu_gen_code(env, tb, &code_gen_size);
882 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
884 /* check next page if needed */
885 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
887 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
888 phys_page2 = get_phys_addr_code(env, virt_page2);
890 tb_link_phys(tb, phys_pc, phys_page2);
894 /* invalidate all TBs which intersect with the target physical page
895 starting in range [start;end[. NOTE: start and end must refer to
896 the same physical page. 'is_cpu_write_access' should be true if called
897 from a real cpu write access: the virtual CPU will exit the current
898 TB if code is modified inside this TB. */
899 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
900 int is_cpu_write_access)
902 TranslationBlock *tb, *tb_next, *saved_tb;
903 CPUState *env = cpu_single_env;
904 target_ulong tb_start, tb_end;
907 #ifdef TARGET_HAS_PRECISE_SMC
908 int current_tb_not_found = is_cpu_write_access;
909 TranslationBlock *current_tb = NULL;
910 int current_tb_modified = 0;
911 target_ulong current_pc = 0;
912 target_ulong current_cs_base = 0;
913 int current_flags = 0;
914 #endif /* TARGET_HAS_PRECISE_SMC */
916 p = page_find(start >> TARGET_PAGE_BITS);
919 if (!p->code_bitmap &&
920 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
921 is_cpu_write_access) {
922 /* build code bitmap */
923 build_page_bitmap(p);
926 /* we remove all the TBs in the range [start, end[ */
927 /* XXX: see if in some cases it could be faster to invalidate all the code */
931 tb = (TranslationBlock *)((long)tb & ~3);
932 tb_next = tb->page_next[n];
933 /* NOTE: this is subtle as a TB may span two physical pages */
935 /* NOTE: tb_end may be after the end of the page, but
936 it is not a problem */
937 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
938 tb_end = tb_start + tb->size;
940 tb_start = tb->page_addr[1];
941 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
943 if (!(tb_end <= start || tb_start >= end)) {
944 #ifdef TARGET_HAS_PRECISE_SMC
945 if (current_tb_not_found) {
946 current_tb_not_found = 0;
948 if (env->mem_io_pc) {
949 /* now we have a real cpu fault */
950 current_tb = tb_find_pc(env->mem_io_pc);
953 if (current_tb == tb &&
954 (current_tb->cflags & CF_COUNT_MASK) != 1) {
955 /* If we are modifying the current TB, we must stop
956 its execution. We could be more precise by checking
957 that the modification is after the current PC, but it
958 would require a specialized function to partially
959 restore the CPU state */
961 current_tb_modified = 1;
962 cpu_restore_state(current_tb, env,
963 env->mem_io_pc, NULL);
964 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
967 #endif /* TARGET_HAS_PRECISE_SMC */
968 /* we need to do that to handle the case where a signal
969 occurs while doing tb_phys_invalidate() */
972 saved_tb = env->current_tb;
973 env->current_tb = NULL;
975 tb_phys_invalidate(tb, -1);
977 env->current_tb = saved_tb;
978 if (env->interrupt_request && env->current_tb)
979 cpu_interrupt(env, env->interrupt_request);
984 #if !defined(CONFIG_USER_ONLY)
985 /* if no code remaining, no need to continue to use slow writes */
987 invalidate_page_bitmap(p);
988 if (is_cpu_write_access) {
989 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
993 #ifdef TARGET_HAS_PRECISE_SMC
994 if (current_tb_modified) {
995 /* we generate a block containing just the instruction
996 modifying the memory. It will ensure that it cannot modify
998 env->current_tb = NULL;
999 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1000 cpu_resume_from_signal(env, NULL);
1005 /* len must be <= 8 and start must be a multiple of len */
1006 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
1012 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1013 cpu_single_env->mem_io_vaddr, len,
1014 cpu_single_env->eip,
1015 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1018 p = page_find(start >> TARGET_PAGE_BITS);
1021 if (p->code_bitmap) {
1022 offset = start & ~TARGET_PAGE_MASK;
1023 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1024 if (b & ((1 << len) - 1))
1028 tb_invalidate_phys_page_range(start, start + len, 1);
1032 #if !defined(CONFIG_SOFTMMU)
1033 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1034 unsigned long pc, void *puc)
1036 TranslationBlock *tb;
1039 #ifdef TARGET_HAS_PRECISE_SMC
1040 TranslationBlock *current_tb = NULL;
1041 CPUState *env = cpu_single_env;
1042 int current_tb_modified = 0;
1043 target_ulong current_pc = 0;
1044 target_ulong current_cs_base = 0;
1045 int current_flags = 0;
1048 addr &= TARGET_PAGE_MASK;
1049 p = page_find(addr >> TARGET_PAGE_BITS);
1053 #ifdef TARGET_HAS_PRECISE_SMC
1054 if (tb && pc != 0) {
1055 current_tb = tb_find_pc(pc);
1058 while (tb != NULL) {
1060 tb = (TranslationBlock *)((long)tb & ~3);
1061 #ifdef TARGET_HAS_PRECISE_SMC
1062 if (current_tb == tb &&
1063 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1064 /* If we are modifying the current TB, we must stop
1065 its execution. We could be more precise by checking
1066 that the modification is after the current PC, but it
1067 would require a specialized function to partially
1068 restore the CPU state */
1070 current_tb_modified = 1;
1071 cpu_restore_state(current_tb, env, pc, puc);
1072 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base,
1075 #endif /* TARGET_HAS_PRECISE_SMC */
1076 tb_phys_invalidate(tb, addr);
1077 tb = tb->page_next[n];
1080 #ifdef TARGET_HAS_PRECISE_SMC
1081 if (current_tb_modified) {
1082 /* we generate a block containing just the instruction
1083 modifying the memory. It will ensure that it cannot modify
1085 env->current_tb = NULL;
1086 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1087 cpu_resume_from_signal(env, puc);
1093 /* add the tb in the target page and protect it if necessary */
1094 static inline void tb_alloc_page(TranslationBlock *tb,
1095 unsigned int n, target_ulong page_addr)
1098 TranslationBlock *last_first_tb;
1100 tb->page_addr[n] = page_addr;
1101 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1102 tb->page_next[n] = p->first_tb;
1103 last_first_tb = p->first_tb;
1104 p->first_tb = (TranslationBlock *)((long)tb | n);
1105 invalidate_page_bitmap(p);
1107 #if defined(TARGET_HAS_SMC) || 1
1109 #if defined(CONFIG_USER_ONLY)
1110 if (p->flags & PAGE_WRITE) {
1115 /* force the host page as non writable (writes will have a
1116 page fault + mprotect overhead) */
1117 page_addr &= qemu_host_page_mask;
1119 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1120 addr += TARGET_PAGE_SIZE) {
1122 p2 = page_find (addr >> TARGET_PAGE_BITS);
1126 p2->flags &= ~PAGE_WRITE;
1127 page_get_flags(addr);
1129 mprotect(g2h(page_addr), qemu_host_page_size,
1130 (prot & PAGE_BITS) & ~PAGE_WRITE);
1131 #ifdef DEBUG_TB_INVALIDATE
1132 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1137 /* if some code is already present, then the pages are already
1138 protected. So we handle the case where only the first TB is
1139 allocated in a physical page */
1140 if (!last_first_tb) {
1141 tlb_protect_code(page_addr);
1145 #endif /* TARGET_HAS_SMC */
1148 /* Allocate a new translation block. Flush the translation buffer if
1149 too many translation blocks or too much generated code. */
1150 TranslationBlock *tb_alloc(target_ulong pc)
1152 TranslationBlock *tb;
1154 if (nb_tbs >= code_gen_max_blocks ||
1155 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1157 tb = &tbs[nb_tbs++];
1163 void tb_free(TranslationBlock *tb)
1165 /* In practice this is mostly used for single use temporary TB
1166 Ignore the hard cases and just back up if this TB happens to
1167 be the last one generated. */
1168 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1169 code_gen_ptr = tb->tc_ptr;
1174 /* add a new TB and link it to the physical page tables. phys_page2 is
1175 (-1) to indicate that only one page contains the TB. */
1176 void tb_link_phys(TranslationBlock *tb,
1177 target_ulong phys_pc, target_ulong phys_page2)
1180 TranslationBlock **ptb;
1182 /* Grab the mmap lock to stop another thread invalidating this TB
1183 before we are done. */
1185 /* add in the physical hash table */
1186 h = tb_phys_hash_func(phys_pc);
1187 ptb = &tb_phys_hash[h];
1188 tb->phys_hash_next = *ptb;
1191 /* add in the page list */
1192 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1193 if (phys_page2 != -1)
1194 tb_alloc_page(tb, 1, phys_page2);
1196 tb->page_addr[1] = -1;
1198 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1199 tb->jmp_next[0] = NULL;
1200 tb->jmp_next[1] = NULL;
1202 /* init original jump addresses */
1203 if (tb->tb_next_offset[0] != 0xffff)
1204 tb_reset_jump(tb, 0);
1205 if (tb->tb_next_offset[1] != 0xffff)
1206 tb_reset_jump(tb, 1);
1208 #ifdef DEBUG_TB_CHECK
1214 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1215 tb[1].tc_ptr. Return NULL if not found */
1216 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1218 int m_min, m_max, m;
1220 TranslationBlock *tb;
1224 if (tc_ptr < (unsigned long)code_gen_buffer ||
1225 tc_ptr >= (unsigned long)code_gen_ptr)
1227 /* binary search (cf Knuth) */
1230 while (m_min <= m_max) {
1231 m = (m_min + m_max) >> 1;
1233 v = (unsigned long)tb->tc_ptr;
1236 else if (tc_ptr < v) {
1245 static void tb_reset_jump_recursive(TranslationBlock *tb);
1247 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1249 TranslationBlock *tb1, *tb_next, **ptb;
1252 tb1 = tb->jmp_next[n];
1254 /* find head of list */
1257 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1260 tb1 = tb1->jmp_next[n1];
1262 /* we are now sure now that tb jumps to tb1 */
1265 /* remove tb from the jmp_first list */
1266 ptb = &tb_next->jmp_first;
1270 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1271 if (n1 == n && tb1 == tb)
1273 ptb = &tb1->jmp_next[n1];
1275 *ptb = tb->jmp_next[n];
1276 tb->jmp_next[n] = NULL;
1278 /* suppress the jump to next tb in generated code */
1279 tb_reset_jump(tb, n);
1281 /* suppress jumps in the tb on which we could have jumped */
1282 tb_reset_jump_recursive(tb_next);
1286 static void tb_reset_jump_recursive(TranslationBlock *tb)
1288 tb_reset_jump_recursive2(tb, 0);
1289 tb_reset_jump_recursive2(tb, 1);
1292 #if defined(TARGET_HAS_ICE)
1293 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1295 target_phys_addr_t addr;
1297 ram_addr_t ram_addr;
1300 addr = cpu_get_phys_page_debug(env, pc);
1301 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1303 pd = IO_MEM_UNASSIGNED;
1305 pd = p->phys_offset;
1307 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1308 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1312 /* Add a watchpoint. */
1313 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1314 int flags, CPUWatchpoint **watchpoint)
1316 target_ulong len_mask = ~(len - 1);
1319 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1320 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1321 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1322 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1325 wp = qemu_malloc(sizeof(*wp));
1328 wp->len_mask = len_mask;
1331 /* keep all GDB-injected watchpoints in front */
1333 TAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1335 TAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1337 tlb_flush_page(env, addr);
1344 /* Remove a specific watchpoint. */
1345 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1348 target_ulong len_mask = ~(len - 1);
1351 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1352 if (addr == wp->vaddr && len_mask == wp->len_mask
1353 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1354 cpu_watchpoint_remove_by_ref(env, wp);
1361 /* Remove a specific watchpoint by reference. */
1362 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1364 TAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1366 tlb_flush_page(env, watchpoint->vaddr);
1368 qemu_free(watchpoint);
1371 /* Remove all matching watchpoints. */
1372 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1374 CPUWatchpoint *wp, *next;
1376 TAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1377 if (wp->flags & mask)
1378 cpu_watchpoint_remove_by_ref(env, wp);
1382 /* Add a breakpoint. */
1383 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1384 CPUBreakpoint **breakpoint)
1386 #if defined(TARGET_HAS_ICE)
1389 bp = qemu_malloc(sizeof(*bp));
1394 /* keep all GDB-injected breakpoints in front */
1396 TAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1398 TAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1400 breakpoint_invalidate(env, pc);
1410 /* Remove a specific breakpoint. */
1411 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1413 #if defined(TARGET_HAS_ICE)
1416 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1417 if (bp->pc == pc && bp->flags == flags) {
1418 cpu_breakpoint_remove_by_ref(env, bp);
1428 /* Remove a specific breakpoint by reference. */
1429 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1431 #if defined(TARGET_HAS_ICE)
1432 TAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1434 breakpoint_invalidate(env, breakpoint->pc);
1436 qemu_free(breakpoint);
1440 /* Remove all matching breakpoints. */
1441 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1443 #if defined(TARGET_HAS_ICE)
1444 CPUBreakpoint *bp, *next;
1446 TAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1447 if (bp->flags & mask)
1448 cpu_breakpoint_remove_by_ref(env, bp);
1453 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1454 CPU loop after each instruction */
1455 void cpu_single_step(CPUState *env, int enabled)
1457 #if defined(TARGET_HAS_ICE)
1458 if (env->singlestep_enabled != enabled) {
1459 env->singlestep_enabled = enabled;
1461 kvm_update_guest_debug(env, 0);
1463 /* must flush all the translated code to avoid inconsistancies */
1464 /* XXX: only flush what is necessary */
1471 /* enable or disable low levels log */
1472 void cpu_set_log(int log_flags)
1474 loglevel = log_flags;
1475 if (loglevel && !logfile) {
1476 logfile = fopen(logfilename, log_append ? "a" : "w");
1478 perror(logfilename);
1481 #if !defined(CONFIG_SOFTMMU)
1482 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1484 static char logfile_buf[4096];
1485 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1488 setvbuf(logfile, NULL, _IOLBF, 0);
1492 if (!loglevel && logfile) {
1498 void cpu_set_log_filename(const char *filename)
1500 logfilename = strdup(filename);
1505 cpu_set_log(loglevel);
1508 static void cpu_unlink_tb(CPUState *env)
1510 #if defined(USE_NPTL)
1511 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1512 problem and hope the cpu will stop of its own accord. For userspace
1513 emulation this often isn't actually as bad as it sounds. Often
1514 signals are used primarily to interrupt blocking syscalls. */
1516 TranslationBlock *tb;
1517 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1519 tb = env->current_tb;
1520 /* if the cpu is currently executing code, we must unlink it and
1521 all the potentially executing TB */
1522 if (tb && !testandset(&interrupt_lock)) {
1523 env->current_tb = NULL;
1524 tb_reset_jump_recursive(tb);
1525 resetlock(&interrupt_lock);
1530 /* mask must never be zero, except for A20 change call */
1531 void cpu_interrupt(CPUState *env, int mask)
1535 old_mask = env->interrupt_request;
1536 env->interrupt_request |= mask;
1539 env->icount_decr.u16.high = 0xffff;
1540 #ifndef CONFIG_USER_ONLY
1542 && (mask & ~old_mask) != 0) {
1543 cpu_abort(env, "Raised interrupt while not in I/O function");
1551 void cpu_reset_interrupt(CPUState *env, int mask)
1553 env->interrupt_request &= ~mask;
1556 void cpu_exit(CPUState *env)
1558 env->exit_request = 1;
1562 const CPULogItem cpu_log_items[] = {
1563 { CPU_LOG_TB_OUT_ASM, "out_asm",
1564 "show generated host assembly code for each compiled TB" },
1565 { CPU_LOG_TB_IN_ASM, "in_asm",
1566 "show target assembly code for each compiled TB" },
1567 { CPU_LOG_TB_OP, "op",
1568 "show micro ops for each compiled TB" },
1569 { CPU_LOG_TB_OP_OPT, "op_opt",
1572 "before eflags optimization and "
1574 "after liveness analysis" },
1575 { CPU_LOG_INT, "int",
1576 "show interrupts/exceptions in short format" },
1577 { CPU_LOG_EXEC, "exec",
1578 "show trace before each executed TB (lots of logs)" },
1579 { CPU_LOG_TB_CPU, "cpu",
1580 "show CPU state before block translation" },
1582 { CPU_LOG_PCALL, "pcall",
1583 "show protected mode far calls/returns/exceptions" },
1584 { CPU_LOG_RESET, "cpu_reset",
1585 "show CPU state before CPU resets" },
1588 { CPU_LOG_IOPORT, "ioport",
1589 "show all i/o ports accesses" },
1594 static int cmp1(const char *s1, int n, const char *s2)
1596 if (strlen(s2) != n)
1598 return memcmp(s1, s2, n) == 0;
1601 /* takes a comma separated list of log masks. Return 0 if error. */
1602 int cpu_str_to_log_mask(const char *str)
1604 const CPULogItem *item;
1611 p1 = strchr(p, ',');
1614 if(cmp1(p,p1-p,"all")) {
1615 for(item = cpu_log_items; item->mask != 0; item++) {
1619 for(item = cpu_log_items; item->mask != 0; item++) {
1620 if (cmp1(p, p1 - p, item->name))
1634 void cpu_abort(CPUState *env, const char *fmt, ...)
1641 fprintf(stderr, "qemu: fatal: ");
1642 vfprintf(stderr, fmt, ap);
1643 fprintf(stderr, "\n");
1645 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1647 cpu_dump_state(env, stderr, fprintf, 0);
1649 if (qemu_log_enabled()) {
1650 qemu_log("qemu: fatal: ");
1651 qemu_log_vprintf(fmt, ap2);
1654 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1656 log_cpu_state(env, 0);
1666 CPUState *cpu_copy(CPUState *env)
1668 CPUState *new_env = cpu_init(env->cpu_model_str);
1669 CPUState *next_cpu = new_env->next_cpu;
1670 int cpu_index = new_env->cpu_index;
1671 #if defined(TARGET_HAS_ICE)
1676 memcpy(new_env, env, sizeof(CPUState));
1678 /* Preserve chaining and index. */
1679 new_env->next_cpu = next_cpu;
1680 new_env->cpu_index = cpu_index;
1682 /* Clone all break/watchpoints.
1683 Note: Once we support ptrace with hw-debug register access, make sure
1684 BP_CPU break/watchpoints are handled correctly on clone. */
1685 TAILQ_INIT(&env->breakpoints);
1686 TAILQ_INIT(&env->watchpoints);
1687 #if defined(TARGET_HAS_ICE)
1688 TAILQ_FOREACH(bp, &env->breakpoints, entry) {
1689 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1691 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
1692 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1700 #if !defined(CONFIG_USER_ONLY)
1702 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1706 /* Discard jump cache entries for any tb which might potentially
1707 overlap the flushed page. */
1708 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1709 memset (&env->tb_jmp_cache[i], 0,
1710 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1712 i = tb_jmp_cache_hash_page(addr);
1713 memset (&env->tb_jmp_cache[i], 0,
1714 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1717 /* NOTE: if flush_global is true, also flush global entries (not
1719 void tlb_flush(CPUState *env, int flush_global)
1723 #if defined(DEBUG_TLB)
1724 printf("tlb_flush:\n");
1726 /* must reset current TB so that interrupts cannot modify the
1727 links while we are modifying them */
1728 env->current_tb = NULL;
1730 for(i = 0; i < CPU_TLB_SIZE; i++) {
1731 env->tlb_table[0][i].addr_read = -1;
1732 env->tlb_table[0][i].addr_write = -1;
1733 env->tlb_table[0][i].addr_code = -1;
1734 env->tlb_table[1][i].addr_read = -1;
1735 env->tlb_table[1][i].addr_write = -1;
1736 env->tlb_table[1][i].addr_code = -1;
1737 #if (NB_MMU_MODES >= 3)
1738 env->tlb_table[2][i].addr_read = -1;
1739 env->tlb_table[2][i].addr_write = -1;
1740 env->tlb_table[2][i].addr_code = -1;
1741 #if (NB_MMU_MODES == 4)
1742 env->tlb_table[3][i].addr_read = -1;
1743 env->tlb_table[3][i].addr_write = -1;
1744 env->tlb_table[3][i].addr_code = -1;
1749 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1752 if (env->kqemu_enabled) {
1753 kqemu_flush(env, flush_global);
1759 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1761 if (addr == (tlb_entry->addr_read &
1762 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1763 addr == (tlb_entry->addr_write &
1764 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1765 addr == (tlb_entry->addr_code &
1766 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1767 tlb_entry->addr_read = -1;
1768 tlb_entry->addr_write = -1;
1769 tlb_entry->addr_code = -1;
1773 void tlb_flush_page(CPUState *env, target_ulong addr)
1777 #if defined(DEBUG_TLB)
1778 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1780 /* must reset current TB so that interrupts cannot modify the
1781 links while we are modifying them */
1782 env->current_tb = NULL;
1784 addr &= TARGET_PAGE_MASK;
1785 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1786 tlb_flush_entry(&env->tlb_table[0][i], addr);
1787 tlb_flush_entry(&env->tlb_table[1][i], addr);
1788 #if (NB_MMU_MODES >= 3)
1789 tlb_flush_entry(&env->tlb_table[2][i], addr);
1790 #if (NB_MMU_MODES == 4)
1791 tlb_flush_entry(&env->tlb_table[3][i], addr);
1795 tlb_flush_jmp_cache(env, addr);
1798 if (env->kqemu_enabled) {
1799 kqemu_flush_page(env, addr);
1804 /* update the TLBs so that writes to code in the virtual page 'addr'
1806 static void tlb_protect_code(ram_addr_t ram_addr)
1808 cpu_physical_memory_reset_dirty(ram_addr,
1809 ram_addr + TARGET_PAGE_SIZE,
1813 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1814 tested for self modifying code */
1815 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1818 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1821 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1822 unsigned long start, unsigned long length)
1825 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1826 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1827 if ((addr - start) < length) {
1828 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1833 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1837 unsigned long length, start1;
1841 start &= TARGET_PAGE_MASK;
1842 end = TARGET_PAGE_ALIGN(end);
1844 length = end - start;
1847 len = length >> TARGET_PAGE_BITS;
1849 /* XXX: should not depend on cpu context */
1851 if (env->kqemu_enabled) {
1854 for(i = 0; i < len; i++) {
1855 kqemu_set_notdirty(env, addr);
1856 addr += TARGET_PAGE_SIZE;
1860 mask = ~dirty_flags;
1861 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1862 for(i = 0; i < len; i++)
1865 /* we modify the TLB cache so that the dirty bit will be set again
1866 when accessing the range */
1867 start1 = start + (unsigned long)phys_ram_base;
1868 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1869 for(i = 0; i < CPU_TLB_SIZE; i++)
1870 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1871 for(i = 0; i < CPU_TLB_SIZE; i++)
1872 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1873 #if (NB_MMU_MODES >= 3)
1874 for(i = 0; i < CPU_TLB_SIZE; i++)
1875 tlb_reset_dirty_range(&env->tlb_table[2][i], start1, length);
1876 #if (NB_MMU_MODES == 4)
1877 for(i = 0; i < CPU_TLB_SIZE; i++)
1878 tlb_reset_dirty_range(&env->tlb_table[3][i], start1, length);
1884 int cpu_physical_memory_set_dirty_tracking(int enable)
1886 in_migration = enable;
1890 int cpu_physical_memory_get_dirty_tracking(void)
1892 return in_migration;
1895 void cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr, target_phys_addr_t end_addr)
1898 kvm_physical_sync_dirty_bitmap(start_addr, end_addr);
1901 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1903 ram_addr_t ram_addr;
1905 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1906 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
1907 tlb_entry->addend - (unsigned long)phys_ram_base;
1908 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1909 tlb_entry->addr_write |= TLB_NOTDIRTY;
1914 /* update the TLB according to the current state of the dirty bits */
1915 void cpu_tlb_update_dirty(CPUState *env)
1918 for(i = 0; i < CPU_TLB_SIZE; i++)
1919 tlb_update_dirty(&env->tlb_table[0][i]);
1920 for(i = 0; i < CPU_TLB_SIZE; i++)
1921 tlb_update_dirty(&env->tlb_table[1][i]);
1922 #if (NB_MMU_MODES >= 3)
1923 for(i = 0; i < CPU_TLB_SIZE; i++)
1924 tlb_update_dirty(&env->tlb_table[2][i]);
1925 #if (NB_MMU_MODES == 4)
1926 for(i = 0; i < CPU_TLB_SIZE; i++)
1927 tlb_update_dirty(&env->tlb_table[3][i]);
1932 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1934 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
1935 tlb_entry->addr_write = vaddr;
1938 /* update the TLB corresponding to virtual page vaddr
1939 so that it is no longer dirty */
1940 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1944 vaddr &= TARGET_PAGE_MASK;
1945 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1946 tlb_set_dirty1(&env->tlb_table[0][i], vaddr);
1947 tlb_set_dirty1(&env->tlb_table[1][i], vaddr);
1948 #if (NB_MMU_MODES >= 3)
1949 tlb_set_dirty1(&env->tlb_table[2][i], vaddr);
1950 #if (NB_MMU_MODES == 4)
1951 tlb_set_dirty1(&env->tlb_table[3][i], vaddr);
1956 /* add a new TLB entry. At most one entry for a given virtual address
1957 is permitted. Return 0 if OK or 2 if the page could not be mapped
1958 (can only happen in non SOFTMMU mode for I/O pages or pages
1959 conflicting with the host address space). */
1960 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1961 target_phys_addr_t paddr, int prot,
1962 int mmu_idx, int is_softmmu)
1967 target_ulong address;
1968 target_ulong code_address;
1969 target_phys_addr_t addend;
1973 target_phys_addr_t iotlb;
1975 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1977 pd = IO_MEM_UNASSIGNED;
1979 pd = p->phys_offset;
1981 #if defined(DEBUG_TLB)
1982 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
1983 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
1988 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
1989 /* IO memory case (romd handled later) */
1990 address |= TLB_MMIO;
1992 addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
1993 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
1995 iotlb = pd & TARGET_PAGE_MASK;
1996 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
1997 iotlb |= IO_MEM_NOTDIRTY;
1999 iotlb |= IO_MEM_ROM;
2001 /* IO handlers are currently passed a phsical address.
2002 It would be nice to pass an offset from the base address
2003 of that region. This would avoid having to special case RAM,
2004 and avoid full address decoding in every device.
2005 We can't use the high bits of pd for this because
2006 IO_MEM_ROMD uses these as a ram address. */
2007 iotlb = (pd & ~TARGET_PAGE_MASK);
2009 iotlb += p->region_offset;
2015 code_address = address;
2016 /* Make accesses to pages with watchpoints go via the
2017 watchpoint trap routines. */
2018 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2019 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2020 iotlb = io_mem_watch + paddr;
2021 /* TODO: The memory case can be optimized by not trapping
2022 reads of pages with a write breakpoint. */
2023 address |= TLB_MMIO;
2027 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2028 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2029 te = &env->tlb_table[mmu_idx][index];
2030 te->addend = addend - vaddr;
2031 if (prot & PAGE_READ) {
2032 te->addr_read = address;
2037 if (prot & PAGE_EXEC) {
2038 te->addr_code = code_address;
2042 if (prot & PAGE_WRITE) {
2043 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2044 (pd & IO_MEM_ROMD)) {
2045 /* Write access calls the I/O callback. */
2046 te->addr_write = address | TLB_MMIO;
2047 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2048 !cpu_physical_memory_is_dirty(pd)) {
2049 te->addr_write = address | TLB_NOTDIRTY;
2051 te->addr_write = address;
2054 te->addr_write = -1;
2061 void tlb_flush(CPUState *env, int flush_global)
2065 void tlb_flush_page(CPUState *env, target_ulong addr)
2069 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2070 target_phys_addr_t paddr, int prot,
2071 int mmu_idx, int is_softmmu)
2076 /* dump memory mappings */
2077 void page_dump(FILE *f)
2079 unsigned long start, end;
2080 int i, j, prot, prot1;
2083 fprintf(f, "%-8s %-8s %-8s %s\n",
2084 "start", "end", "size", "prot");
2088 for(i = 0; i <= L1_SIZE; i++) {
2093 for(j = 0;j < L2_SIZE; j++) {
2098 if (prot1 != prot) {
2099 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2101 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2102 start, end, end - start,
2103 prot & PAGE_READ ? 'r' : '-',
2104 prot & PAGE_WRITE ? 'w' : '-',
2105 prot & PAGE_EXEC ? 'x' : '-');
2119 int page_get_flags(target_ulong address)
2123 p = page_find(address >> TARGET_PAGE_BITS);
2129 /* modify the flags of a page and invalidate the code if
2130 necessary. The flag PAGE_WRITE_ORG is positionned automatically
2131 depending on PAGE_WRITE */
2132 void page_set_flags(target_ulong start, target_ulong end, int flags)
2137 /* mmap_lock should already be held. */
2138 start = start & TARGET_PAGE_MASK;
2139 end = TARGET_PAGE_ALIGN(end);
2140 if (flags & PAGE_WRITE)
2141 flags |= PAGE_WRITE_ORG;
2142 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2143 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2144 /* We may be called for host regions that are outside guest
2148 /* if the write protection is set, then we invalidate the code
2150 if (!(p->flags & PAGE_WRITE) &&
2151 (flags & PAGE_WRITE) &&
2153 tb_invalidate_phys_page(addr, 0, NULL);
2159 int page_check_range(target_ulong start, target_ulong len, int flags)
2165 if (start + len < start)
2166 /* we've wrapped around */
2169 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2170 start = start & TARGET_PAGE_MASK;
2172 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2173 p = page_find(addr >> TARGET_PAGE_BITS);
2176 if( !(p->flags & PAGE_VALID) )
2179 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2181 if (flags & PAGE_WRITE) {
2182 if (!(p->flags & PAGE_WRITE_ORG))
2184 /* unprotect the page if it was put read-only because it
2185 contains translated code */
2186 if (!(p->flags & PAGE_WRITE)) {
2187 if (!page_unprotect(addr, 0, NULL))
2196 /* called from signal handler: invalidate the code and unprotect the
2197 page. Return TRUE if the fault was succesfully handled. */
2198 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2200 unsigned int page_index, prot, pindex;
2202 target_ulong host_start, host_end, addr;
2204 /* Technically this isn't safe inside a signal handler. However we
2205 know this only ever happens in a synchronous SEGV handler, so in
2206 practice it seems to be ok. */
2209 host_start = address & qemu_host_page_mask;
2210 page_index = host_start >> TARGET_PAGE_BITS;
2211 p1 = page_find(page_index);
2216 host_end = host_start + qemu_host_page_size;
2219 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2223 /* if the page was really writable, then we change its
2224 protection back to writable */
2225 if (prot & PAGE_WRITE_ORG) {
2226 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2227 if (!(p1[pindex].flags & PAGE_WRITE)) {
2228 mprotect((void *)g2h(host_start), qemu_host_page_size,
2229 (prot & PAGE_BITS) | PAGE_WRITE);
2230 p1[pindex].flags |= PAGE_WRITE;
2231 /* and since the content will be modified, we must invalidate
2232 the corresponding translated code. */
2233 tb_invalidate_phys_page(address, pc, puc);
2234 #ifdef DEBUG_TB_CHECK
2235 tb_invalidate_check(address);
2245 static inline void tlb_set_dirty(CPUState *env,
2246 unsigned long addr, target_ulong vaddr)
2249 #endif /* defined(CONFIG_USER_ONLY) */
2251 #if !defined(CONFIG_USER_ONLY)
2253 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2254 ram_addr_t memory, ram_addr_t region_offset);
2255 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2256 ram_addr_t orig_memory, ram_addr_t region_offset);
2257 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2260 if (addr > start_addr) \
2263 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2264 if (start_addr2 > 0) \
2268 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2269 end_addr2 = TARGET_PAGE_SIZE - 1; \
2271 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2272 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2277 /* register physical memory. 'size' must be a multiple of the target
2278 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2279 io memory page. The address used when calling the IO function is
2280 the offset from the start of the region, plus region_offset. Both
2281 start_region and regon_offset are rounded down to a page boundary
2282 before calculating this offset. This should not be a problem unless
2283 the low bits of start_addr and region_offset differ. */
2284 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2286 ram_addr_t phys_offset,
2287 ram_addr_t region_offset)
2289 target_phys_addr_t addr, end_addr;
2292 ram_addr_t orig_size = size;
2296 /* XXX: should not depend on cpu context */
2298 if (env->kqemu_enabled) {
2299 kqemu_set_phys_mem(start_addr, size, phys_offset);
2303 kvm_set_phys_mem(start_addr, size, phys_offset);
2305 if (phys_offset == IO_MEM_UNASSIGNED) {
2306 region_offset = start_addr;
2308 region_offset &= TARGET_PAGE_MASK;
2309 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2310 end_addr = start_addr + (target_phys_addr_t)size;
2311 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2312 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2313 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2314 ram_addr_t orig_memory = p->phys_offset;
2315 target_phys_addr_t start_addr2, end_addr2;
2316 int need_subpage = 0;
2318 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2320 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2321 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2322 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2323 &p->phys_offset, orig_memory,
2326 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2329 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2331 p->region_offset = 0;
2333 p->phys_offset = phys_offset;
2334 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2335 (phys_offset & IO_MEM_ROMD))
2336 phys_offset += TARGET_PAGE_SIZE;
2339 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2340 p->phys_offset = phys_offset;
2341 p->region_offset = region_offset;
2342 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2343 (phys_offset & IO_MEM_ROMD)) {
2344 phys_offset += TARGET_PAGE_SIZE;
2346 target_phys_addr_t start_addr2, end_addr2;
2347 int need_subpage = 0;
2349 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2350 end_addr2, need_subpage);
2352 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2353 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2354 &p->phys_offset, IO_MEM_UNASSIGNED,
2355 addr & TARGET_PAGE_MASK);
2356 subpage_register(subpage, start_addr2, end_addr2,
2357 phys_offset, region_offset);
2358 p->region_offset = 0;
2362 region_offset += TARGET_PAGE_SIZE;
2365 /* since each CPU stores ram addresses in its TLB cache, we must
2366 reset the modified entries */
2368 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2373 /* XXX: temporary until new memory mapping API */
2374 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2378 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2380 return IO_MEM_UNASSIGNED;
2381 return p->phys_offset;
2384 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2387 kvm_coalesce_mmio_region(addr, size);
2390 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2393 kvm_uncoalesce_mmio_region(addr, size);
2396 /* XXX: better than nothing */
2397 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2400 if ((phys_ram_alloc_offset + size) > phys_ram_size) {
2401 fprintf(stderr, "Not enough memory (requested_size = %" PRIu64 ", max memory = %" PRIu64 ")\n",
2402 (uint64_t)size, (uint64_t)phys_ram_size);
2405 addr = phys_ram_alloc_offset;
2406 phys_ram_alloc_offset = TARGET_PAGE_ALIGN(phys_ram_alloc_offset + size);
2410 void qemu_ram_free(ram_addr_t addr)
2414 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2416 #ifdef DEBUG_UNASSIGNED
2417 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2419 #if defined(TARGET_SPARC)
2420 do_unassigned_access(addr, 0, 0, 0, 1);
2425 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2427 #ifdef DEBUG_UNASSIGNED
2428 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2430 #if defined(TARGET_SPARC)
2431 do_unassigned_access(addr, 0, 0, 0, 2);
2436 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2438 #ifdef DEBUG_UNASSIGNED
2439 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2441 #if defined(TARGET_SPARC)
2442 do_unassigned_access(addr, 0, 0, 0, 4);
2447 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2449 #ifdef DEBUG_UNASSIGNED
2450 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2452 #if defined(TARGET_SPARC)
2453 do_unassigned_access(addr, 1, 0, 0, 1);
2457 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2459 #ifdef DEBUG_UNASSIGNED
2460 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2462 #if defined(TARGET_SPARC)
2463 do_unassigned_access(addr, 1, 0, 0, 2);
2467 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2469 #ifdef DEBUG_UNASSIGNED
2470 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2472 #if defined(TARGET_SPARC)
2473 do_unassigned_access(addr, 1, 0, 0, 4);
2477 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
2478 unassigned_mem_readb,
2479 unassigned_mem_readw,
2480 unassigned_mem_readl,
2483 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
2484 unassigned_mem_writeb,
2485 unassigned_mem_writew,
2486 unassigned_mem_writel,
2489 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2493 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2494 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2495 #if !defined(CONFIG_USER_ONLY)
2496 tb_invalidate_phys_page_fast(ram_addr, 1);
2497 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2500 stb_p(phys_ram_base + ram_addr, val);
2502 if (cpu_single_env->kqemu_enabled &&
2503 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2504 kqemu_modify_page(cpu_single_env, ram_addr);
2506 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2507 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2508 /* we remove the notdirty callback only if the code has been
2510 if (dirty_flags == 0xff)
2511 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2514 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2518 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2519 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2520 #if !defined(CONFIG_USER_ONLY)
2521 tb_invalidate_phys_page_fast(ram_addr, 2);
2522 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2525 stw_p(phys_ram_base + ram_addr, val);
2527 if (cpu_single_env->kqemu_enabled &&
2528 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2529 kqemu_modify_page(cpu_single_env, ram_addr);
2531 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2532 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2533 /* we remove the notdirty callback only if the code has been
2535 if (dirty_flags == 0xff)
2536 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2539 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2543 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2544 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2545 #if !defined(CONFIG_USER_ONLY)
2546 tb_invalidate_phys_page_fast(ram_addr, 4);
2547 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2550 stl_p(phys_ram_base + ram_addr, val);
2552 if (cpu_single_env->kqemu_enabled &&
2553 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
2554 kqemu_modify_page(cpu_single_env, ram_addr);
2556 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2557 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2558 /* we remove the notdirty callback only if the code has been
2560 if (dirty_flags == 0xff)
2561 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2564 static CPUReadMemoryFunc *error_mem_read[3] = {
2565 NULL, /* never used */
2566 NULL, /* never used */
2567 NULL, /* never used */
2570 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
2571 notdirty_mem_writeb,
2572 notdirty_mem_writew,
2573 notdirty_mem_writel,
2576 /* Generate a debug exception if a watchpoint has been hit. */
2577 static void check_watchpoint(int offset, int len_mask, int flags)
2579 CPUState *env = cpu_single_env;
2580 target_ulong pc, cs_base;
2581 TranslationBlock *tb;
2586 if (env->watchpoint_hit) {
2587 /* We re-entered the check after replacing the TB. Now raise
2588 * the debug interrupt so that is will trigger after the
2589 * current instruction. */
2590 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2593 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2594 TAILQ_FOREACH(wp, &env->watchpoints, entry) {
2595 if ((vaddr == (wp->vaddr & len_mask) ||
2596 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2597 wp->flags |= BP_WATCHPOINT_HIT;
2598 if (!env->watchpoint_hit) {
2599 env->watchpoint_hit = wp;
2600 tb = tb_find_pc(env->mem_io_pc);
2602 cpu_abort(env, "check_watchpoint: could not find TB for "
2603 "pc=%p", (void *)env->mem_io_pc);
2605 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2606 tb_phys_invalidate(tb, -1);
2607 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2608 env->exception_index = EXCP_DEBUG;
2610 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2611 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2613 cpu_resume_from_signal(env, NULL);
2616 wp->flags &= ~BP_WATCHPOINT_HIT;
2621 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2622 so these check for a hit then pass through to the normal out-of-line
2624 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2626 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2627 return ldub_phys(addr);
2630 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2632 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2633 return lduw_phys(addr);
2636 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2638 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2639 return ldl_phys(addr);
2642 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2645 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2646 stb_phys(addr, val);
2649 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2652 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2653 stw_phys(addr, val);
2656 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2659 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2660 stl_phys(addr, val);
2663 static CPUReadMemoryFunc *watch_mem_read[3] = {
2669 static CPUWriteMemoryFunc *watch_mem_write[3] = {
2675 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2681 idx = SUBPAGE_IDX(addr);
2682 #if defined(DEBUG_SUBPAGE)
2683 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2684 mmio, len, addr, idx);
2686 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2687 addr + mmio->region_offset[idx][0][len]);
2692 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2693 uint32_t value, unsigned int len)
2697 idx = SUBPAGE_IDX(addr);
2698 #if defined(DEBUG_SUBPAGE)
2699 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2700 mmio, len, addr, idx, value);
2702 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2703 addr + mmio->region_offset[idx][1][len],
2707 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2709 #if defined(DEBUG_SUBPAGE)
2710 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2713 return subpage_readlen(opaque, addr, 0);
2716 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2719 #if defined(DEBUG_SUBPAGE)
2720 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2722 subpage_writelen(opaque, addr, value, 0);
2725 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
2727 #if defined(DEBUG_SUBPAGE)
2728 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2731 return subpage_readlen(opaque, addr, 1);
2734 static void subpage_writew (void *opaque, target_phys_addr_t addr,
2737 #if defined(DEBUG_SUBPAGE)
2738 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2740 subpage_writelen(opaque, addr, value, 1);
2743 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
2745 #if defined(DEBUG_SUBPAGE)
2746 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2749 return subpage_readlen(opaque, addr, 2);
2752 static void subpage_writel (void *opaque,
2753 target_phys_addr_t addr, uint32_t value)
2755 #if defined(DEBUG_SUBPAGE)
2756 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2758 subpage_writelen(opaque, addr, value, 2);
2761 static CPUReadMemoryFunc *subpage_read[] = {
2767 static CPUWriteMemoryFunc *subpage_write[] = {
2773 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2774 ram_addr_t memory, ram_addr_t region_offset)
2779 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2781 idx = SUBPAGE_IDX(start);
2782 eidx = SUBPAGE_IDX(end);
2783 #if defined(DEBUG_SUBPAGE)
2784 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %d\n", __func__,
2785 mmio, start, end, idx, eidx, memory);
2787 memory >>= IO_MEM_SHIFT;
2788 for (; idx <= eidx; idx++) {
2789 for (i = 0; i < 4; i++) {
2790 if (io_mem_read[memory][i]) {
2791 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
2792 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
2793 mmio->region_offset[idx][0][i] = region_offset;
2795 if (io_mem_write[memory][i]) {
2796 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
2797 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
2798 mmio->region_offset[idx][1][i] = region_offset;
2806 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2807 ram_addr_t orig_memory, ram_addr_t region_offset)
2812 mmio = qemu_mallocz(sizeof(subpage_t));
2815 subpage_memory = cpu_register_io_memory(0, subpage_read, subpage_write, mmio);
2816 #if defined(DEBUG_SUBPAGE)
2817 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
2818 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
2820 *phys = subpage_memory | IO_MEM_SUBPAGE;
2821 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
2827 static int get_free_io_mem_idx(void)
2831 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
2832 if (!io_mem_used[i]) {
2840 static void io_mem_init(void)
2844 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
2845 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
2846 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
2850 io_mem_watch = cpu_register_io_memory(0, watch_mem_read,
2851 watch_mem_write, NULL);
2852 /* alloc dirty bits array */
2853 phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
2854 memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
2857 /* mem_read and mem_write are arrays of functions containing the
2858 function to access byte (index 0), word (index 1) and dword (index
2859 2). Functions can be omitted with a NULL function pointer. The
2860 registered functions may be modified dynamically later.
2861 If io_index is non zero, the corresponding io zone is
2862 modified. If it is zero, a new io zone is allocated. The return
2863 value can be used with cpu_register_physical_memory(). (-1) is
2864 returned if error. */
2865 int cpu_register_io_memory(int io_index,
2866 CPUReadMemoryFunc **mem_read,
2867 CPUWriteMemoryFunc **mem_write,
2870 int i, subwidth = 0;
2872 if (io_index <= 0) {
2873 io_index = get_free_io_mem_idx();
2877 if (io_index >= IO_MEM_NB_ENTRIES)
2881 for(i = 0;i < 3; i++) {
2882 if (!mem_read[i] || !mem_write[i])
2883 subwidth = IO_MEM_SUBWIDTH;
2884 io_mem_read[io_index][i] = mem_read[i];
2885 io_mem_write[io_index][i] = mem_write[i];
2887 io_mem_opaque[io_index] = opaque;
2888 return (io_index << IO_MEM_SHIFT) | subwidth;
2891 void cpu_unregister_io_memory(int io_table_address)
2894 int io_index = io_table_address >> IO_MEM_SHIFT;
2896 for (i=0;i < 3; i++) {
2897 io_mem_read[io_index][i] = unassigned_mem_read[i];
2898 io_mem_write[io_index][i] = unassigned_mem_write[i];
2900 io_mem_opaque[io_index] = NULL;
2901 io_mem_used[io_index] = 0;
2904 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
2906 return io_mem_write[io_index >> IO_MEM_SHIFT];
2909 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
2911 return io_mem_read[io_index >> IO_MEM_SHIFT];
2914 #endif /* !defined(CONFIG_USER_ONLY) */
2916 /* physical memory access (slow version, mainly for debug) */
2917 #if defined(CONFIG_USER_ONLY)
2918 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2919 int len, int is_write)
2926 page = addr & TARGET_PAGE_MASK;
2927 l = (page + TARGET_PAGE_SIZE) - addr;
2930 flags = page_get_flags(page);
2931 if (!(flags & PAGE_VALID))
2934 if (!(flags & PAGE_WRITE))
2936 /* XXX: this code should not depend on lock_user */
2937 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2938 /* FIXME - should this return an error rather than just fail? */
2941 unlock_user(p, addr, l);
2943 if (!(flags & PAGE_READ))
2945 /* XXX: this code should not depend on lock_user */
2946 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2947 /* FIXME - should this return an error rather than just fail? */
2950 unlock_user(p, addr, 0);
2959 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
2960 int len, int is_write)
2965 target_phys_addr_t page;
2970 page = addr & TARGET_PAGE_MASK;
2971 l = (page + TARGET_PAGE_SIZE) - addr;
2974 p = phys_page_find(page >> TARGET_PAGE_BITS);
2976 pd = IO_MEM_UNASSIGNED;
2978 pd = p->phys_offset;
2982 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2983 target_phys_addr_t addr1 = addr;
2984 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2986 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
2987 /* XXX: could force cpu_single_env to NULL to avoid
2989 if (l >= 4 && ((addr1 & 3) == 0)) {
2990 /* 32 bit write access */
2992 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
2994 } else if (l >= 2 && ((addr1 & 1) == 0)) {
2995 /* 16 bit write access */
2997 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3000 /* 8 bit write access */
3002 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3006 unsigned long addr1;
3007 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3009 ptr = phys_ram_base + addr1;
3010 memcpy(ptr, buf, l);
3011 if (!cpu_physical_memory_is_dirty(addr1)) {
3012 /* invalidate code */
3013 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3015 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3016 (0xff & ~CODE_DIRTY_FLAG);
3020 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3021 !(pd & IO_MEM_ROMD)) {
3022 target_phys_addr_t addr1 = addr;
3024 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3026 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3027 if (l >= 4 && ((addr1 & 3) == 0)) {
3028 /* 32 bit read access */
3029 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3032 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3033 /* 16 bit read access */
3034 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3038 /* 8 bit read access */
3039 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3045 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
3046 (addr & ~TARGET_PAGE_MASK);
3047 memcpy(buf, ptr, l);
3056 /* used for ROM loading : can write in RAM and ROM */
3057 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3058 const uint8_t *buf, int len)
3062 target_phys_addr_t page;
3067 page = addr & TARGET_PAGE_MASK;
3068 l = (page + TARGET_PAGE_SIZE) - addr;
3071 p = phys_page_find(page >> TARGET_PAGE_BITS);
3073 pd = IO_MEM_UNASSIGNED;
3075 pd = p->phys_offset;
3078 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3079 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3080 !(pd & IO_MEM_ROMD)) {
3083 unsigned long addr1;
3084 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3086 ptr = phys_ram_base + addr1;
3087 memcpy(ptr, buf, l);
3097 target_phys_addr_t addr;
3098 target_phys_addr_t len;
3101 static BounceBuffer bounce;
3103 typedef struct MapClient {
3105 void (*callback)(void *opaque);
3106 LIST_ENTRY(MapClient) link;
3109 static LIST_HEAD(map_client_list, MapClient) map_client_list
3110 = LIST_HEAD_INITIALIZER(map_client_list);
3112 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3114 MapClient *client = qemu_malloc(sizeof(*client));
3116 client->opaque = opaque;
3117 client->callback = callback;
3118 LIST_INSERT_HEAD(&map_client_list, client, link);
3122 void cpu_unregister_map_client(void *_client)
3124 MapClient *client = (MapClient *)_client;
3126 LIST_REMOVE(client, link);
3129 static void cpu_notify_map_clients(void)
3133 while (!LIST_EMPTY(&map_client_list)) {
3134 client = LIST_FIRST(&map_client_list);
3135 client->callback(client->opaque);
3136 LIST_REMOVE(client, link);
3140 /* Map a physical memory region into a host virtual address.
3141 * May map a subset of the requested range, given by and returned in *plen.
3142 * May return NULL if resources needed to perform the mapping are exhausted.
3143 * Use only for reads OR writes - not for read-modify-write operations.
3144 * Use cpu_register_map_client() to know when retrying the map operation is
3145 * likely to succeed.
3147 void *cpu_physical_memory_map(target_phys_addr_t addr,
3148 target_phys_addr_t *plen,
3151 target_phys_addr_t len = *plen;
3152 target_phys_addr_t done = 0;
3154 uint8_t *ret = NULL;
3156 target_phys_addr_t page;
3159 unsigned long addr1;
3162 page = addr & TARGET_PAGE_MASK;
3163 l = (page + TARGET_PAGE_SIZE) - addr;
3166 p = phys_page_find(page >> TARGET_PAGE_BITS);
3168 pd = IO_MEM_UNASSIGNED;
3170 pd = p->phys_offset;
3173 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3174 if (done || bounce.buffer) {
3177 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3181 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3183 ptr = bounce.buffer;
3185 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3186 ptr = phys_ram_base + addr1;
3190 } else if (ret + done != ptr) {
3202 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3203 * Will also mark the memory as dirty if is_write == 1. access_len gives
3204 * the amount of memory that was actually read or written by the caller.
3206 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3207 int is_write, target_phys_addr_t access_len)
3209 if (buffer != bounce.buffer) {
3211 unsigned long addr1 = (uint8_t *)buffer - phys_ram_base;
3212 while (access_len) {
3214 l = TARGET_PAGE_SIZE;
3217 if (!cpu_physical_memory_is_dirty(addr1)) {
3218 /* invalidate code */
3219 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3221 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3222 (0xff & ~CODE_DIRTY_FLAG);
3231 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3233 qemu_free(bounce.buffer);
3234 bounce.buffer = NULL;
3235 cpu_notify_map_clients();
3238 /* warning: addr must be aligned */
3239 uint32_t ldl_phys(target_phys_addr_t addr)
3247 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3249 pd = IO_MEM_UNASSIGNED;
3251 pd = p->phys_offset;
3254 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3255 !(pd & IO_MEM_ROMD)) {
3257 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3259 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3260 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3263 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
3264 (addr & ~TARGET_PAGE_MASK);
3270 /* warning: addr must be aligned */
3271 uint64_t ldq_phys(target_phys_addr_t addr)
3279 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3281 pd = IO_MEM_UNASSIGNED;
3283 pd = p->phys_offset;
3286 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3287 !(pd & IO_MEM_ROMD)) {
3289 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3291 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3292 #ifdef TARGET_WORDS_BIGENDIAN
3293 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3294 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3296 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3297 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3301 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
3302 (addr & ~TARGET_PAGE_MASK);
3309 uint32_t ldub_phys(target_phys_addr_t addr)
3312 cpu_physical_memory_read(addr, &val, 1);
3317 uint32_t lduw_phys(target_phys_addr_t addr)
3320 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3321 return tswap16(val);
3324 /* warning: addr must be aligned. The ram page is not masked as dirty
3325 and the code inside is not invalidated. It is useful if the dirty
3326 bits are used to track modified PTEs */
3327 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3334 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3336 pd = IO_MEM_UNASSIGNED;
3338 pd = p->phys_offset;
3341 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3342 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3344 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3345 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3347 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3348 ptr = phys_ram_base + addr1;
3351 if (unlikely(in_migration)) {
3352 if (!cpu_physical_memory_is_dirty(addr1)) {
3353 /* invalidate code */
3354 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3356 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3357 (0xff & ~CODE_DIRTY_FLAG);
3363 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3370 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3372 pd = IO_MEM_UNASSIGNED;
3374 pd = p->phys_offset;
3377 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3378 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3380 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3381 #ifdef TARGET_WORDS_BIGENDIAN
3382 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3383 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3385 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3386 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3389 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
3390 (addr & ~TARGET_PAGE_MASK);
3395 /* warning: addr must be aligned */
3396 void stl_phys(target_phys_addr_t addr, uint32_t val)
3403 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3405 pd = IO_MEM_UNASSIGNED;
3407 pd = p->phys_offset;
3410 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3411 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3413 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3414 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3416 unsigned long addr1;
3417 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3419 ptr = phys_ram_base + addr1;
3421 if (!cpu_physical_memory_is_dirty(addr1)) {
3422 /* invalidate code */
3423 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3425 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3426 (0xff & ~CODE_DIRTY_FLAG);
3432 void stb_phys(target_phys_addr_t addr, uint32_t val)
3435 cpu_physical_memory_write(addr, &v, 1);
3439 void stw_phys(target_phys_addr_t addr, uint32_t val)
3441 uint16_t v = tswap16(val);
3442 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3446 void stq_phys(target_phys_addr_t addr, uint64_t val)
3449 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3454 /* virtual memory access for debug */
3455 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3456 uint8_t *buf, int len, int is_write)
3459 target_phys_addr_t phys_addr;
3463 page = addr & TARGET_PAGE_MASK;
3464 phys_addr = cpu_get_phys_page_debug(env, page);
3465 /* if no physical page mapped, return an error */
3466 if (phys_addr == -1)
3468 l = (page + TARGET_PAGE_SIZE) - addr;
3471 cpu_physical_memory_rw(phys_addr + (addr & ~TARGET_PAGE_MASK),
3480 /* in deterministic execution mode, instructions doing device I/Os
3481 must be at the end of the TB */
3482 void cpu_io_recompile(CPUState *env, void *retaddr)
3484 TranslationBlock *tb;
3486 target_ulong pc, cs_base;
3489 tb = tb_find_pc((unsigned long)retaddr);
3491 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3494 n = env->icount_decr.u16.low + tb->icount;
3495 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3496 /* Calculate how many instructions had been executed before the fault
3498 n = n - env->icount_decr.u16.low;
3499 /* Generate a new TB ending on the I/O insn. */
3501 /* On MIPS and SH, delay slot instructions can only be restarted if
3502 they were already the first instruction in the TB. If this is not
3503 the first instruction in a TB then re-execute the preceding
3505 #if defined(TARGET_MIPS)
3506 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3507 env->active_tc.PC -= 4;
3508 env->icount_decr.u16.low++;
3509 env->hflags &= ~MIPS_HFLAG_BMASK;
3511 #elif defined(TARGET_SH4)
3512 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3515 env->icount_decr.u16.low++;
3516 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3519 /* This should never happen. */
3520 if (n > CF_COUNT_MASK)
3521 cpu_abort(env, "TB too big during recompile");
3523 cflags = n | CF_LAST_IO;
3525 cs_base = tb->cs_base;
3527 tb_phys_invalidate(tb, -1);
3528 /* FIXME: In theory this could raise an exception. In practice
3529 we have already translated the block once so it's probably ok. */
3530 tb_gen_code(env, pc, cs_base, flags, cflags);
3531 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3532 the first in the TB) then we end up generating a whole new TB and
3533 repeating the fault, which is horribly inefficient.
3534 Better would be to execute just this insn uncached, or generate a
3536 cpu_resume_from_signal(env, NULL);
3539 void dump_exec_info(FILE *f,
3540 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3542 int i, target_code_size, max_target_code_size;
3543 int direct_jmp_count, direct_jmp2_count, cross_page;
3544 TranslationBlock *tb;
3546 target_code_size = 0;
3547 max_target_code_size = 0;
3549 direct_jmp_count = 0;
3550 direct_jmp2_count = 0;
3551 for(i = 0; i < nb_tbs; i++) {
3553 target_code_size += tb->size;
3554 if (tb->size > max_target_code_size)
3555 max_target_code_size = tb->size;
3556 if (tb->page_addr[1] != -1)
3558 if (tb->tb_next_offset[0] != 0xffff) {
3560 if (tb->tb_next_offset[1] != 0xffff) {
3561 direct_jmp2_count++;
3565 /* XXX: avoid using doubles ? */
3566 cpu_fprintf(f, "Translation buffer state:\n");
3567 cpu_fprintf(f, "gen code size %ld/%ld\n",
3568 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3569 cpu_fprintf(f, "TB count %d/%d\n",
3570 nb_tbs, code_gen_max_blocks);
3571 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3572 nb_tbs ? target_code_size / nb_tbs : 0,
3573 max_target_code_size);
3574 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3575 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3576 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3577 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3579 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3580 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3582 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3584 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3585 cpu_fprintf(f, "\nStatistics:\n");
3586 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3587 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3588 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3589 tcg_dump_info(f, cpu_fprintf);
3592 #if !defined(CONFIG_USER_ONLY)
3594 #define MMUSUFFIX _cmmu
3595 #define GETPC() NULL
3596 #define env cpu_single_env
3597 #define SOFTMMU_CODE_ACCESS
3600 #include "softmmu_template.h"
3603 #include "softmmu_template.h"
3606 #include "softmmu_template.h"
3609 #include "softmmu_template.h"
projects / qemu / blob