VirtualBox

source: vbox/trunk/src/recompiler/exec.c@ 37689

最後變更 在這個檔案從37689是 37689,由 vboxsync 提交於 13 年 前

recompiler: Merged in changes from 0.13.0.

  • 屬性 svn:eol-style 設為 native
檔案大小: 132.5 KB
 
1/*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20/*
21 * Oracle LGPL Disclaimer: For the avoidance of doubt, except that if any license choice
22 * other than GPL or LGPL is available it will apply instead, Oracle elects to use only
23 * the Lesser General Public License version 2.1 (LGPLv2) at this time for any software where
24 * a choice of LGPL license versions is made available with the language indicating
25 * that LGPLv2 or any later version may be used, or where a choice of which version
26 * of the LGPL is applied is otherwise unspecified.
27 */
28
29#include "config.h"
30#ifndef VBOX
31#ifdef _WIN32
32#include <windows.h>
33#else
34#include <sys/types.h>
35#include <sys/mman.h>
36#endif
37#include <stdlib.h>
38#include <stdio.h>
39#include <stdarg.h>
40#include <string.h>
41#include <errno.h>
42#include <unistd.h>
43#include <inttypes.h>
44#else /* VBOX */
45# include <stdlib.h>
46# include <stdio.h>
47# include <iprt/alloc.h>
48# include <iprt/string.h>
49# include <iprt/param.h>
50# include <VBox/vmm/pgm.h> /* PGM_DYNAMIC_RAM_ALLOC */
51#endif /* VBOX */
52
53#include "cpu.h"
54#include "exec-all.h"
55#include "qemu-common.h"
56#include "tcg.h"
57#ifndef VBOX
58#include "hw/hw.h"
59#include "hw/qdev.h"
60#endif /* !VBOX */
61#include "osdep.h"
62#include "kvm.h"
63#include "qemu-timer.h"
64#if defined(CONFIG_USER_ONLY)
65#include <qemu.h>
66#include <signal.h>
67#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
68#include <sys/param.h>
69#if __FreeBSD_version >= 700104
70#define HAVE_KINFO_GETVMMAP
71#define sigqueue sigqueue_freebsd /* avoid redefinition */
72#include <sys/time.h>
73#include <sys/proc.h>
74#include <machine/profile.h>
75#define _KERNEL
76#include <sys/user.h>
77#undef _KERNEL
78#undef sigqueue
79#include <libutil.h>
80#endif
81#endif
82#endif
83
84//#define DEBUG_TB_INVALIDATE
85//#define DEBUG_FLUSH
86//#define DEBUG_TLB
87//#define DEBUG_UNASSIGNED
88
89/* make various TB consistency checks */
90//#define DEBUG_TB_CHECK
91//#define DEBUG_TLB_CHECK
92
93//#define DEBUG_IOPORT
94//#define DEBUG_SUBPAGE
95
96#if !defined(CONFIG_USER_ONLY)
97/* TB consistency checks only implemented for usermode emulation. */
98#undef DEBUG_TB_CHECK
99#endif
100
101#define SMC_BITMAP_USE_THRESHOLD 10
102
103static TranslationBlock *tbs;
104static int code_gen_max_blocks;
105TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
106static int nb_tbs;
107/* any access to the tbs or the page table must use this lock */
108spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
109
110#ifndef VBOX
111#if defined(__arm__) || defined(__sparc_v9__)
112/* The prologue must be reachable with a direct jump. ARM and Sparc64
113 have limited branch ranges (possibly also PPC) so place it in a
114 section close to code segment. */
115#define code_gen_section \
116 __attribute__((__section__(".gen_code"))) \
117 __attribute__((aligned (32)))
118#elif defined(_WIN32)
119/* Maximum alignment for Win32 is 16. */
120#define code_gen_section \
121 __attribute__((aligned (16)))
122#else
123#define code_gen_section \
124 __attribute__((aligned (32)))
125#endif
126
127uint8_t code_gen_prologue[1024] code_gen_section;
128#else /* VBOX */
129extern uint8_t *code_gen_prologue;
130#endif /* VBOX */
131static uint8_t *code_gen_buffer;
132static unsigned long code_gen_buffer_size;
133/* threshold to flush the translated code buffer */
134static unsigned long code_gen_buffer_max_size;
135static uint8_t *code_gen_ptr;
136
137#if !defined(CONFIG_USER_ONLY)
138# ifndef VBOX
139int phys_ram_fd;
140static int in_migration;
141# endif /* !VBOX */
142
143RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
144#endif
145
146CPUState *first_cpu;
147/* current CPU in the current thread. It is only valid inside
148 cpu_exec() */
149CPUState *cpu_single_env;
150/* 0 = Do not count executed instructions.
151 1 = Precise instruction counting.
152 2 = Adaptive rate instruction counting. */
153int use_icount = 0;
154/* Current instruction counter. While executing translated code this may
155 include some instructions that have not yet been executed. */
156int64_t qemu_icount;
157
158typedef struct PageDesc {
159 /* list of TBs intersecting this ram page */
160 TranslationBlock *first_tb;
161 /* in order to optimize self modifying code, we count the number
162 of lookups we do to a given page to use a bitmap */
163 unsigned int code_write_count;
164 uint8_t *code_bitmap;
165#if defined(CONFIG_USER_ONLY)
166 unsigned long flags;
167#endif
168} PageDesc;
169
170/* In system mode we want L1_MAP to be based on ram offsets,
171 while in user mode we want it to be based on virtual addresses. */
172#if !defined(CONFIG_USER_ONLY)
173#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
174# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
175#else
176# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
177#endif
178#else
179# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
180#endif
181
182/* Size of the L2 (and L3, etc) page tables. */
183#define L2_BITS 10
184#define L2_SIZE (1 << L2_BITS)
185
186/* The bits remaining after N lower levels of page tables. */
187#define P_L1_BITS_REM \
188 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
189#define V_L1_BITS_REM \
190 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
191
192/* Size of the L1 page table. Avoid silly small sizes. */
193#if P_L1_BITS_REM < 4
194#define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
195#else
196#define P_L1_BITS P_L1_BITS_REM
197#endif
198
199#if V_L1_BITS_REM < 4
200#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
201#else
202#define V_L1_BITS V_L1_BITS_REM
203#endif
204
205#define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
206#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
207
208#define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
209#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
210
211unsigned long qemu_real_host_page_size;
212unsigned long qemu_host_page_bits;
213unsigned long qemu_host_page_size;
214unsigned long qemu_host_page_mask;
215
216/* This is a multi-level map on the virtual address space.
217 The bottom level has pointers to PageDesc. */
218static void *l1_map[V_L1_SIZE];
219
220#if !defined(CONFIG_USER_ONLY)
221typedef struct PhysPageDesc {
222 /* offset in host memory of the page + io_index in the low bits */
223 ram_addr_t phys_offset;
224 ram_addr_t region_offset;
225} PhysPageDesc;
226
227/* This is a multi-level map on the physical address space.
228 The bottom level has pointers to PhysPageDesc. */
229static void *l1_phys_map[P_L1_SIZE];
230
231static void io_mem_init(void);
232
233/* io memory support */
234CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
235CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
236void *io_mem_opaque[IO_MEM_NB_ENTRIES];
237static char io_mem_used[IO_MEM_NB_ENTRIES];
238static int io_mem_watch;
239#endif
240
241#ifndef VBOX
242/* log support */
243#ifdef WIN32
244static const char *logfilename = "qemu.log";
245#else
246static const char *logfilename = "/tmp/qemu.log";
247#endif
248#endif /* !VBOX */
249FILE *logfile;
250int loglevel;
251#ifndef VBOX
252static int log_append = 0;
253#endif /* !VBOX */
254
255/* statistics */
256#ifndef VBOX
257#if !defined(CONFIG_USER_ONLY)
258static int tlb_flush_count;
259#endif
260static int tb_flush_count;
261static int tb_phys_invalidate_count;
262#else /* VBOX - Resettable U32 stats, see VBoxRecompiler.c. */
263uint32_t tlb_flush_count;
264uint32_t tb_flush_count;
265uint32_t tb_phys_invalidate_count;
266#endif /* VBOX */
267
268#ifndef VBOX
269#ifdef _WIN32
270static void map_exec(void *addr, long size)
271{
272 DWORD old_protect;
273 VirtualProtect(addr, size,
274 PAGE_EXECUTE_READWRITE, &old_protect);
275
276}
277#else
278static void map_exec(void *addr, long size)
279{
280 unsigned long start, end, page_size;
281
282 page_size = getpagesize();
283 start = (unsigned long)addr;
284 start &= ~(page_size - 1);
285
286 end = (unsigned long)addr + size;
287 end += page_size - 1;
288 end &= ~(page_size - 1);
289
290 mprotect((void *)start, end - start,
291 PROT_READ | PROT_WRITE | PROT_EXEC);
292}
293#endif
294#else /* VBOX */
295static void map_exec(void *addr, long size)
296{
297 RTMemProtect(addr, size,
298 RTMEM_PROT_EXEC | RTMEM_PROT_READ | RTMEM_PROT_WRITE);
299}
300#endif /* VBOX */
301
302static void page_init(void)
303{
304 /* NOTE: we can always suppose that qemu_host_page_size >=
305 TARGET_PAGE_SIZE */
306#ifdef VBOX
307 RTMemProtect(code_gen_buffer, sizeof(code_gen_buffer),
308 RTMEM_PROT_EXEC | RTMEM_PROT_READ | RTMEM_PROT_WRITE);
309 qemu_real_host_page_size = PAGE_SIZE;
310#else /* !VBOX */
311#ifdef _WIN32
312 {
313 SYSTEM_INFO system_info;
314
315 GetSystemInfo(&system_info);
316 qemu_real_host_page_size = system_info.dwPageSize;
317 }
318#else
319 qemu_real_host_page_size = getpagesize();
320#endif
321#endif /* !VBOX */
322 if (qemu_host_page_size == 0)
323 qemu_host_page_size = qemu_real_host_page_size;
324 if (qemu_host_page_size < TARGET_PAGE_SIZE)
325 qemu_host_page_size = TARGET_PAGE_SIZE;
326 qemu_host_page_bits = 0;
327 while ((1 << qemu_host_page_bits) < VBOX_ONLY((int))qemu_host_page_size)
328 qemu_host_page_bits++;
329 qemu_host_page_mask = ~(qemu_host_page_size - 1);
330
331#ifndef VBOX /* We use other means to set reserved bit on our pages */
332#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
333 {
334#ifdef HAVE_KINFO_GETVMMAP
335 struct kinfo_vmentry *freep;
336 int i, cnt;
337
338 freep = kinfo_getvmmap(getpid(), &cnt);
339 if (freep) {
340 mmap_lock();
341 for (i = 0; i < cnt; i++) {
342 unsigned long startaddr, endaddr;
343
344 startaddr = freep[i].kve_start;
345 endaddr = freep[i].kve_end;
346 if (h2g_valid(startaddr)) {
347 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
348
349 if (h2g_valid(endaddr)) {
350 endaddr = h2g(endaddr);
351 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
352 } else {
353#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
354 endaddr = ~0ul;
355 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
356#endif
357 }
358 }
359 }
360 free(freep);
361 mmap_unlock();
362 }
363#else
364 FILE *f;
365
366 last_brk = (unsigned long)sbrk(0);
367
368 f = fopen("/compat/linux/proc/self/maps", "r");
369 if (f) {
370 mmap_lock();
371
372 do {
373 unsigned long startaddr, endaddr;
374 int n;
375
376 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
377
378 if (n == 2 && h2g_valid(startaddr)) {
379 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
380
381 if (h2g_valid(endaddr)) {
382 endaddr = h2g(endaddr);
383 } else {
384 endaddr = ~0ul;
385 }
386 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
387 }
388 } while (!feof(f));
389
390 fclose(f);
391 mmap_unlock();
392 }
393#endif
394 }
395#endif
396#endif /* !VBOX */
397}
398
399static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
400{
401 PageDesc *pd;
402 void **lp;
403 int i;
404
405#if defined(CONFIG_USER_ONLY)
406 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
407# define ALLOC(P, SIZE) \
408 do { \
409 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
410 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
411 } while (0)
412#else
413# define ALLOC(P, SIZE) \
414 do { P = qemu_mallocz(SIZE); } while (0)
415#endif
416
417 /* Level 1. Always allocated. */
418 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
419
420 /* Level 2..N-1. */
421 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
422 void **p = *lp;
423
424 if (p == NULL) {
425 if (!alloc) {
426 return NULL;
427 }
428 ALLOC(p, sizeof(void *) * L2_SIZE);
429 *lp = p;
430 }
431
432 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
433 }
434
435 pd = *lp;
436 if (pd == NULL) {
437 if (!alloc) {
438 return NULL;
439 }
440 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
441 *lp = pd;
442 }
443
444#undef ALLOC
445
446 return pd + (index & (L2_SIZE - 1));
447}
448
449static inline PageDesc *page_find(tb_page_addr_t index)
450{
451 return page_find_alloc(index, 0);
452}
453
454#if !defined(CONFIG_USER_ONLY)
455static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
456{
457 PhysPageDesc *pd;
458 void **lp;
459 int i;
460
461 /* Level 1. Always allocated. */
462 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
463
464 /* Level 2..N-1. */
465 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
466 void **p = *lp;
467 if (p == NULL) {
468 if (!alloc) {
469 return NULL;
470 }
471 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
472 }
473 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
474 }
475
476 pd = *lp;
477 if (pd == NULL) {
478 int i;
479
480 if (!alloc) {
481 return NULL;
482 }
483
484 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
485
486 for (i = 0; i < L2_SIZE; i++) {
487 pd[i].phys_offset = IO_MEM_UNASSIGNED;
488 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
489 }
490 }
491
492 return pd + (index & (L2_SIZE - 1));
493}
494
495static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
496{
497 return phys_page_find_alloc(index, 0);
498}
499
500static void tlb_protect_code(ram_addr_t ram_addr);
501static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
502 target_ulong vaddr);
503#define mmap_lock() do { } while(0)
504#define mmap_unlock() do { } while(0)
505#endif
506
507#ifdef VBOX /* We don't need such huge codegen buffer size, as execute
508 most of the code in raw or hwacc mode. */
509#define DEFAULT_CODE_GEN_BUFFER_SIZE (8 * 1024 * 1024)
510#else /* !VBOX */
511#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
512#endif /* !VBOX */
513
514#if defined(CONFIG_USER_ONLY)
515/* Currently it is not recommended to allocate big chunks of data in
516 user mode. It will change when a dedicated libc will be used */
517#define USE_STATIC_CODE_GEN_BUFFER
518#endif
519
520#if defined(VBOX) && defined(USE_STATIC_CODE_GEN_BUFFER)
521# error "VBox allocates codegen buffer dynamically"
522#endif
523
524#ifdef USE_STATIC_CODE_GEN_BUFFER
525static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
526 __attribute__((aligned (CODE_GEN_ALIGN)));
527#endif
528
529static void code_gen_alloc(unsigned long tb_size)
530{
531#ifdef USE_STATIC_CODE_GEN_BUFFER
532 code_gen_buffer = static_code_gen_buffer;
533 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
534 map_exec(code_gen_buffer, code_gen_buffer_size);
535#else
536# ifdef VBOX
537 /* We cannot use phys_ram_size here, as it's 0 now,
538 * it only gets initialized once RAM registration callback
539 * (REMR3NotifyPhysRamRegister()) called.
540 */
541 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
542# else /* !VBOX */
543 code_gen_buffer_size = tb_size;
544 if (code_gen_buffer_size == 0) {
545#if defined(CONFIG_USER_ONLY)
546 /* in user mode, phys_ram_size is not meaningful */
547 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
548#else
549 /* XXX: needs adjustments */
550 code_gen_buffer_size = (unsigned long)(ram_size / 4);
551#endif
552 }
553 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
554 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
555# endif /* !VBOX */
556 /* The code gen buffer location may have constraints depending on
557 the host cpu and OS */
558# ifdef VBOX
559 code_gen_buffer = RTMemExecAlloc(code_gen_buffer_size);
560
561 if (!code_gen_buffer) {
562 LogRel(("REM: failed allocate codegen buffer %lld\n",
563 code_gen_buffer_size));
564 return;
565 }
566# else /* !VBOX */
567#if defined(__linux__)
568 {
569 int flags;
570 void *start = NULL;
571
572 flags = MAP_PRIVATE | MAP_ANONYMOUS;
573#if defined(__x86_64__)
574 flags |= MAP_32BIT;
575 /* Cannot map more than that */
576 if (code_gen_buffer_size > (800 * 1024 * 1024))
577 code_gen_buffer_size = (800 * 1024 * 1024);
578#elif defined(__sparc_v9__)
579 // Map the buffer below 2G, so we can use direct calls and branches
580 flags |= MAP_FIXED;
581 start = (void *) 0x60000000UL;
582 if (code_gen_buffer_size > (512 * 1024 * 1024))
583 code_gen_buffer_size = (512 * 1024 * 1024);
584#elif defined(__arm__)
585 /* Map the buffer below 32M, so we can use direct calls and branches */
586 flags |= MAP_FIXED;
587 start = (void *) 0x01000000UL;
588 if (code_gen_buffer_size > 16 * 1024 * 1024)
589 code_gen_buffer_size = 16 * 1024 * 1024;
590#elif defined(__s390x__)
591 /* Map the buffer so that we can use direct calls and branches. */
592 /* We have a +- 4GB range on the branches; leave some slop. */
593 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
594 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
595 }
596 start = (void *)0x90000000UL;
597#endif
598 code_gen_buffer = mmap(start, code_gen_buffer_size,
599 PROT_WRITE | PROT_READ | PROT_EXEC,
600 flags, -1, 0);
601 if (code_gen_buffer == MAP_FAILED) {
602 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
603 exit(1);
604 }
605 }
606#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
607 {
608 int flags;
609 void *addr = NULL;
610 flags = MAP_PRIVATE | MAP_ANONYMOUS;
611#if defined(__x86_64__)
612 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
613 * 0x40000000 is free */
614 flags |= MAP_FIXED;
615 addr = (void *)0x40000000;
616 /* Cannot map more than that */
617 if (code_gen_buffer_size > (800 * 1024 * 1024))
618 code_gen_buffer_size = (800 * 1024 * 1024);
619#endif
620 code_gen_buffer = mmap(addr, code_gen_buffer_size,
621 PROT_WRITE | PROT_READ | PROT_EXEC,
622 flags, -1, 0);
623 if (code_gen_buffer == MAP_FAILED) {
624 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
625 exit(1);
626 }
627 }
628#else
629 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
630 map_exec(code_gen_buffer, code_gen_buffer_size);
631#endif
632# endif /* !VBOX */
633#endif /* !USE_STATIC_CODE_GEN_BUFFER */
634#ifndef VBOX /** @todo r=bird: why are we different? */
635 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
636#else
637 map_exec(code_gen_prologue, _1K);
638#endif
639 code_gen_buffer_max_size = code_gen_buffer_size -
640 (TCG_MAX_OP_SIZE * OPC_MAX_SIZE);
641 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
642 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
643}
644
645/* Must be called before using the QEMU cpus. 'tb_size' is the size
646 (in bytes) allocated to the translation buffer. Zero means default
647 size. */
648void cpu_exec_init_all(unsigned long tb_size)
649{
650 cpu_gen_init();
651 code_gen_alloc(tb_size);
652 code_gen_ptr = code_gen_buffer;
653 page_init();
654#if !defined(CONFIG_USER_ONLY)
655 io_mem_init();
656#endif
657#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
658 /* There's no guest base to take into account, so go ahead and
659 initialize the prologue now. */
660 tcg_prologue_init(&tcg_ctx);
661#endif
662}
663
664#ifndef VBOX
665#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
666
667static int cpu_common_post_load(void *opaque, int version_id)
668{
669 CPUState *env = opaque;
670
671 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
672 version_id is increased. */
673 env->interrupt_request &= ~0x01;
674 tlb_flush(env, 1);
675
676 return 0;
677}
678
679static const VMStateDescription vmstate_cpu_common = {
680 .name = "cpu_common",
681 .version_id = 1,
682 .minimum_version_id = 1,
683 .minimum_version_id_old = 1,
684 .post_load = cpu_common_post_load,
685 .fields = (VMStateField []) {
686 VMSTATE_UINT32(halted, CPUState),
687 VMSTATE_UINT32(interrupt_request, CPUState),
688 VMSTATE_END_OF_LIST()
689 }
690};
691#endif
692
693CPUState *qemu_get_cpu(int cpu)
694{
695 CPUState *env = first_cpu;
696
697 while (env) {
698 if (env->cpu_index == cpu)
699 break;
700 env = env->next_cpu;
701 }
702
703 return env;
704}
705
706#endif /* !VBOX */
707
708void cpu_exec_init(CPUState *env)
709{
710 CPUState **penv;
711 int cpu_index;
712
713#if defined(CONFIG_USER_ONLY)
714 cpu_list_lock();
715#endif
716 env->next_cpu = NULL;
717 penv = &first_cpu;
718 cpu_index = 0;
719 while (*penv != NULL) {
720 penv = &(*penv)->next_cpu;
721 cpu_index++;
722 }
723 env->cpu_index = cpu_index;
724 env->numa_node = 0;
725 QTAILQ_INIT(&env->breakpoints);
726 QTAILQ_INIT(&env->watchpoints);
727 *penv = env;
728#ifndef VBOX
729#if defined(CONFIG_USER_ONLY)
730 cpu_list_unlock();
731#endif
732#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
733 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
734 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
735 cpu_save, cpu_load, env);
736#endif
737#endif /* !VBOX */
738}
739
740static inline void invalidate_page_bitmap(PageDesc *p)
741{
742 if (p->code_bitmap) {
743 qemu_free(p->code_bitmap);
744 p->code_bitmap = NULL;
745 }
746 p->code_write_count = 0;
747}
748
749/* Set to NULL all the 'first_tb' fields in all PageDescs. */
750
751static void page_flush_tb_1 (int level, void **lp)
752{
753 int i;
754
755 if (*lp == NULL) {
756 return;
757 }
758 if (level == 0) {
759 PageDesc *pd = *lp;
760 for (i = 0; i < L2_SIZE; ++i) {
761 pd[i].first_tb = NULL;
762 invalidate_page_bitmap(pd + i);
763 }
764 } else {
765 void **pp = *lp;
766 for (i = 0; i < L2_SIZE; ++i) {
767 page_flush_tb_1 (level - 1, pp + i);
768 }
769 }
770}
771
772static void page_flush_tb(void)
773{
774 int i;
775 for (i = 0; i < V_L1_SIZE; i++) {
776 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
777 }
778}
779
780/* flush all the translation blocks */
781/* XXX: tb_flush is currently not thread safe */
782void tb_flush(CPUState *env1)
783{
784 CPUState *env;
785#ifdef VBOX
786 STAM_PROFILE_START(&env1->StatTbFlush, a);
787#endif
788#if defined(DEBUG_FLUSH)
789 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
790 (unsigned long)(code_gen_ptr - code_gen_buffer),
791 nb_tbs, nb_tbs > 0 ?
792 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
793#endif
794 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
795 cpu_abort(env1, "Internal error: code buffer overflow\n");
796
797 nb_tbs = 0;
798
799 for(env = first_cpu; env != NULL; env = env->next_cpu) {
800 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
801 }
802
803 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
804 page_flush_tb();
805
806 code_gen_ptr = code_gen_buffer;
807 /* XXX: flush processor icache at this point if cache flush is
808 expensive */
809 tb_flush_count++;
810#ifdef VBOX
811 STAM_PROFILE_STOP(&env1->StatTbFlush, a);
812#endif
813}
814
815#ifdef DEBUG_TB_CHECK
816
817static void tb_invalidate_check(target_ulong address)
818{
819 TranslationBlock *tb;
820 int i;
821 address &= TARGET_PAGE_MASK;
822 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
823 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
824 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
825 address >= tb->pc + tb->size)) {
826 printf("ERROR invalidate: address=" TARGET_FMT_lx
827 " PC=%08lx size=%04x\n",
828 address, (long)tb->pc, tb->size);
829 }
830 }
831 }
832}
833
834/* verify that all the pages have correct rights for code */
835static void tb_page_check(void)
836{
837 TranslationBlock *tb;
838 int i, flags1, flags2;
839
840 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
841 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
842 flags1 = page_get_flags(tb->pc);
843 flags2 = page_get_flags(tb->pc + tb->size - 1);
844 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
845 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
846 (long)tb->pc, tb->size, flags1, flags2);
847 }
848 }
849 }
850}
851
852#endif
853
854/* invalidate one TB */
855static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
856 int next_offset)
857{
858 TranslationBlock *tb1;
859 for(;;) {
860 tb1 = *ptb;
861 if (tb1 == tb) {
862 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
863 break;
864 }
865 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
866 }
867}
868
869static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
870{
871 TranslationBlock *tb1;
872 unsigned int n1;
873
874 for(;;) {
875 tb1 = *ptb;
876 n1 = (long)tb1 & 3;
877 tb1 = (TranslationBlock *)((long)tb1 & ~3);
878 if (tb1 == tb) {
879 *ptb = tb1->page_next[n1];
880 break;
881 }
882 ptb = &tb1->page_next[n1];
883 }
884}
885
886static inline void tb_jmp_remove(TranslationBlock *tb, int n)
887{
888 TranslationBlock *tb1, **ptb;
889 unsigned int n1;
890
891 ptb = &tb->jmp_next[n];
892 tb1 = *ptb;
893 if (tb1) {
894 /* find tb(n) in circular list */
895 for(;;) {
896 tb1 = *ptb;
897 n1 = (long)tb1 & 3;
898 tb1 = (TranslationBlock *)((long)tb1 & ~3);
899 if (n1 == n && tb1 == tb)
900 break;
901 if (n1 == 2) {
902 ptb = &tb1->jmp_first;
903 } else {
904 ptb = &tb1->jmp_next[n1];
905 }
906 }
907 /* now we can suppress tb(n) from the list */
908 *ptb = tb->jmp_next[n];
909
910 tb->jmp_next[n] = NULL;
911 }
912}
913
914/* reset the jump entry 'n' of a TB so that it is not chained to
915 another TB */
916static inline void tb_reset_jump(TranslationBlock *tb, int n)
917{
918 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
919}
920
921void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
922{
923 CPUState *env;
924 PageDesc *p;
925 unsigned int h, n1;
926 tb_page_addr_t phys_pc;
927 TranslationBlock *tb1, *tb2;
928
929 /* remove the TB from the hash list */
930 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
931 h = tb_phys_hash_func(phys_pc);
932 tb_remove(&tb_phys_hash[h], tb,
933 offsetof(TranslationBlock, phys_hash_next));
934
935 /* remove the TB from the page list */
936 if (tb->page_addr[0] != page_addr) {
937 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
938 tb_page_remove(&p->first_tb, tb);
939 invalidate_page_bitmap(p);
940 }
941 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
942 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
943 tb_page_remove(&p->first_tb, tb);
944 invalidate_page_bitmap(p);
945 }
946
947 tb_invalidated_flag = 1;
948
949 /* remove the TB from the hash list */
950 h = tb_jmp_cache_hash_func(tb->pc);
951 for(env = first_cpu; env != NULL; env = env->next_cpu) {
952 if (env->tb_jmp_cache[h] == tb)
953 env->tb_jmp_cache[h] = NULL;
954 }
955
956 /* suppress this TB from the two jump lists */
957 tb_jmp_remove(tb, 0);
958 tb_jmp_remove(tb, 1);
959
960 /* suppress any remaining jumps to this TB */
961 tb1 = tb->jmp_first;
962 for(;;) {
963 n1 = (long)tb1 & 3;
964 if (n1 == 2)
965 break;
966 tb1 = (TranslationBlock *)((long)tb1 & ~3);
967 tb2 = tb1->jmp_next[n1];
968 tb_reset_jump(tb1, n1);
969 tb1->jmp_next[n1] = NULL;
970 tb1 = tb2;
971 }
972 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
973
974 tb_phys_invalidate_count++;
975}
976
977#ifdef VBOX
978
979void tb_invalidate_virt(CPUState *env, uint32_t eip)
980{
981# if 1
982 tb_flush(env);
983# else
984 uint8_t *cs_base, *pc;
985 unsigned int flags, h, phys_pc;
986 TranslationBlock *tb, **ptb;
987
988 flags = env->hflags;
989 flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
990 cs_base = env->segs[R_CS].base;
991 pc = cs_base + eip;
992
993 tb = tb_find(&ptb, (unsigned long)pc, (unsigned long)cs_base,
994 flags);
995
996 if(tb)
997 {
998# ifdef DEBUG
999 printf("invalidating TB (%08X) at %08X\n", tb, eip);
1000# endif
1001 tb_invalidate(tb);
1002 //Note: this will leak TBs, but the whole cache will be flushed
1003 // when it happens too often
1004 tb->pc = 0;
1005 tb->cs_base = 0;
1006 tb->flags = 0;
1007 }
1008# endif
1009}
1010
1011# ifdef VBOX_STRICT
1012/**
1013 * Gets the page offset.
1014 */
1015unsigned long get_phys_page_offset(target_ulong addr)
1016{
1017 PhysPageDesc *p = phys_page_find(addr >> TARGET_PAGE_BITS);
1018 return p ? p->phys_offset : 0;
1019}
1020# endif /* VBOX_STRICT */
1021
1022#endif /* VBOX */
1023
1024static inline void set_bits(uint8_t *tab, int start, int len)
1025{
1026 int end, mask, end1;
1027
1028 end = start + len;
1029 tab += start >> 3;
1030 mask = 0xff << (start & 7);
1031 if ((start & ~7) == (end & ~7)) {
1032 if (start < end) {
1033 mask &= ~(0xff << (end & 7));
1034 *tab |= mask;
1035 }
1036 } else {
1037 *tab++ |= mask;
1038 start = (start + 8) & ~7;
1039 end1 = end & ~7;
1040 while (start < end1) {
1041 *tab++ = 0xff;
1042 start += 8;
1043 }
1044 if (start < end) {
1045 mask = ~(0xff << (end & 7));
1046 *tab |= mask;
1047 }
1048 }
1049}
1050
1051static void build_page_bitmap(PageDesc *p)
1052{
1053 int n, tb_start, tb_end;
1054 TranslationBlock *tb;
1055
1056 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
1057
1058 tb = p->first_tb;
1059 while (tb != NULL) {
1060 n = (long)tb & 3;
1061 tb = (TranslationBlock *)((long)tb & ~3);
1062 /* NOTE: this is subtle as a TB may span two physical pages */
1063 if (n == 0) {
1064 /* NOTE: tb_end may be after the end of the page, but
1065 it is not a problem */
1066 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1067 tb_end = tb_start + tb->size;
1068 if (tb_end > TARGET_PAGE_SIZE)
1069 tb_end = TARGET_PAGE_SIZE;
1070 } else {
1071 tb_start = 0;
1072 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1073 }
1074 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1075 tb = tb->page_next[n];
1076 }
1077}
1078
1079TranslationBlock *tb_gen_code(CPUState *env,
1080 target_ulong pc, target_ulong cs_base,
1081 int flags, int cflags)
1082{
1083 TranslationBlock *tb;
1084 uint8_t *tc_ptr;
1085 tb_page_addr_t phys_pc, phys_page2;
1086 target_ulong virt_page2;
1087 int code_gen_size;
1088
1089 phys_pc = get_page_addr_code(env, pc);
1090 tb = tb_alloc(pc);
1091 if (!tb) {
1092 /* flush must be done */
1093 tb_flush(env);
1094 /* cannot fail at this point */
1095 tb = tb_alloc(pc);
1096 /* Don't forget to invalidate previous TB info. */
1097 tb_invalidated_flag = 1;
1098 }
1099 tc_ptr = code_gen_ptr;
1100 tb->tc_ptr = tc_ptr;
1101 tb->cs_base = cs_base;
1102 tb->flags = flags;
1103 tb->cflags = cflags;
1104 cpu_gen_code(env, tb, &code_gen_size);
1105 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1106
1107 /* check next page if needed */
1108 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1109 phys_page2 = -1;
1110 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1111 phys_page2 = get_page_addr_code(env, virt_page2);
1112 }
1113 tb_link_page(tb, phys_pc, phys_page2);
1114 return tb;
1115}
1116
1117/* invalidate all TBs which intersect with the target physical page
1118 starting in range [start;end[. NOTE: start and end must refer to
1119 the same physical page. 'is_cpu_write_access' should be true if called
1120 from a real cpu write access: the virtual CPU will exit the current
1121 TB if code is modified inside this TB. */
1122void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1123 int is_cpu_write_access)
1124{
1125 TranslationBlock *tb, *tb_next, *saved_tb;
1126 CPUState *env = cpu_single_env;
1127 tb_page_addr_t tb_start, tb_end;
1128 PageDesc *p;
1129 int n;
1130#ifdef TARGET_HAS_PRECISE_SMC
1131 int current_tb_not_found = is_cpu_write_access;
1132 TranslationBlock *current_tb = NULL;
1133 int current_tb_modified = 0;
1134 target_ulong current_pc = 0;
1135 target_ulong current_cs_base = 0;
1136 int current_flags = 0;
1137#endif /* TARGET_HAS_PRECISE_SMC */
1138
1139 p = page_find(start >> TARGET_PAGE_BITS);
1140 if (!p)
1141 return;
1142 if (!p->code_bitmap &&
1143 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1144 is_cpu_write_access) {
1145 /* build code bitmap */
1146 build_page_bitmap(p);
1147 }
1148
1149 /* we remove all the TBs in the range [start, end[ */
1150 /* XXX: see if in some cases it could be faster to invalidate all the code */
1151 tb = p->first_tb;
1152 while (tb != NULL) {
1153 n = (long)tb & 3;
1154 tb = (TranslationBlock *)((long)tb & ~3);
1155 tb_next = tb->page_next[n];
1156 /* NOTE: this is subtle as a TB may span two physical pages */
1157 if (n == 0) {
1158 /* NOTE: tb_end may be after the end of the page, but
1159 it is not a problem */
1160 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1161 tb_end = tb_start + tb->size;
1162 } else {
1163 tb_start = tb->page_addr[1];
1164 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1165 }
1166 if (!(tb_end <= start || tb_start >= end)) {
1167#ifdef TARGET_HAS_PRECISE_SMC
1168 if (current_tb_not_found) {
1169 current_tb_not_found = 0;
1170 current_tb = NULL;
1171 if (env->mem_io_pc) {
1172 /* now we have a real cpu fault */
1173 current_tb = tb_find_pc(env->mem_io_pc);
1174 }
1175 }
1176 if (current_tb == tb &&
1177 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1178 /* If we are modifying the current TB, we must stop
1179 its execution. We could be more precise by checking
1180 that the modification is after the current PC, but it
1181 would require a specialized function to partially
1182 restore the CPU state */
1183
1184 current_tb_modified = 1;
1185 cpu_restore_state(current_tb, env,
1186 env->mem_io_pc, NULL);
1187 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1188 &current_flags);
1189 }
1190#endif /* TARGET_HAS_PRECISE_SMC */
1191 /* we need to do that to handle the case where a signal
1192 occurs while doing tb_phys_invalidate() */
1193 saved_tb = NULL;
1194 if (env) {
1195 saved_tb = env->current_tb;
1196 env->current_tb = NULL;
1197 }
1198 tb_phys_invalidate(tb, -1);
1199 if (env) {
1200 env->current_tb = saved_tb;
1201 if (env->interrupt_request && env->current_tb)
1202 cpu_interrupt(env, env->interrupt_request);
1203 }
1204 }
1205 tb = tb_next;
1206 }
1207#if !defined(CONFIG_USER_ONLY)
1208 /* if no code remaining, no need to continue to use slow writes */
1209 if (!p->first_tb) {
1210 invalidate_page_bitmap(p);
1211 if (is_cpu_write_access) {
1212 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1213 }
1214 }
1215#endif
1216#ifdef TARGET_HAS_PRECISE_SMC
1217 if (current_tb_modified) {
1218 /* we generate a block containing just the instruction
1219 modifying the memory. It will ensure that it cannot modify
1220 itself */
1221 env->current_tb = NULL;
1222 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1223 cpu_resume_from_signal(env, NULL);
1224 }
1225#endif
1226}
1227
1228/* len must be <= 8 and start must be a multiple of len */
1229static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1230{
1231 PageDesc *p;
1232 int offset, b;
1233#if 0
1234 if (1) {
1235 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1236 cpu_single_env->mem_io_vaddr, len,
1237 cpu_single_env->eip,
1238 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1239 }
1240#endif
1241 p = page_find(start >> TARGET_PAGE_BITS);
1242 if (!p)
1243 return;
1244 if (p->code_bitmap) {
1245 offset = start & ~TARGET_PAGE_MASK;
1246 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1247 if (b & ((1 << len) - 1))
1248 goto do_invalidate;
1249 } else {
1250 do_invalidate:
1251 tb_invalidate_phys_page_range(start, start + len, 1);
1252 }
1253}
1254
1255#if !defined(CONFIG_SOFTMMU)
1256static void tb_invalidate_phys_page(tb_page_addr_t addr,
1257 unsigned long pc, void *puc)
1258{
1259 TranslationBlock *tb;
1260 PageDesc *p;
1261 int n;
1262#ifdef TARGET_HAS_PRECISE_SMC
1263 TranslationBlock *current_tb = NULL;
1264 CPUState *env = cpu_single_env;
1265 int current_tb_modified = 0;
1266 target_ulong current_pc = 0;
1267 target_ulong current_cs_base = 0;
1268 int current_flags = 0;
1269#endif
1270
1271 addr &= TARGET_PAGE_MASK;
1272 p = page_find(addr >> TARGET_PAGE_BITS);
1273 if (!p)
1274 return;
1275 tb = p->first_tb;
1276#ifdef TARGET_HAS_PRECISE_SMC
1277 if (tb && pc != 0) {
1278 current_tb = tb_find_pc(pc);
1279 }
1280#endif
1281 while (tb != NULL) {
1282 n = (long)tb & 3;
1283 tb = (TranslationBlock *)((long)tb & ~3);
1284#ifdef TARGET_HAS_PRECISE_SMC
1285 if (current_tb == tb &&
1286 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1287 /* If we are modifying the current TB, we must stop
1288 its execution. We could be more precise by checking
1289 that the modification is after the current PC, but it
1290 would require a specialized function to partially
1291 restore the CPU state */
1292
1293 current_tb_modified = 1;
1294 cpu_restore_state(current_tb, env, pc, puc);
1295 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1296 &current_flags);
1297 }
1298#endif /* TARGET_HAS_PRECISE_SMC */
1299 tb_phys_invalidate(tb, addr);
1300 tb = tb->page_next[n];
1301 }
1302 p->first_tb = NULL;
1303#ifdef TARGET_HAS_PRECISE_SMC
1304 if (current_tb_modified) {
1305 /* we generate a block containing just the instruction
1306 modifying the memory. It will ensure that it cannot modify
1307 itself */
1308 env->current_tb = NULL;
1309 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1310 cpu_resume_from_signal(env, puc);
1311 }
1312#endif
1313}
1314#endif
1315
1316/* add the tb in the target page and protect it if necessary */
1317static inline void tb_alloc_page(TranslationBlock *tb,
1318 unsigned int n, tb_page_addr_t page_addr)
1319{
1320 PageDesc *p;
1321 TranslationBlock *last_first_tb;
1322
1323 tb->page_addr[n] = page_addr;
1324 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1325 tb->page_next[n] = p->first_tb;
1326 last_first_tb = p->first_tb;
1327 p->first_tb = (TranslationBlock *)((long)tb | n);
1328 invalidate_page_bitmap(p);
1329
1330#if defined(TARGET_HAS_SMC) || 1
1331
1332#if defined(CONFIG_USER_ONLY)
1333 if (p->flags & PAGE_WRITE) {
1334 target_ulong addr;
1335 PageDesc *p2;
1336 int prot;
1337
1338 /* force the host page as non writable (writes will have a
1339 page fault + mprotect overhead) */
1340 page_addr &= qemu_host_page_mask;
1341 prot = 0;
1342 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1343 addr += TARGET_PAGE_SIZE) {
1344
1345 p2 = page_find (addr >> TARGET_PAGE_BITS);
1346 if (!p2)
1347 continue;
1348 prot |= p2->flags;
1349 p2->flags &= ~PAGE_WRITE;
1350 }
1351 mprotect(g2h(page_addr), qemu_host_page_size,
1352 (prot & PAGE_BITS) & ~PAGE_WRITE);
1353#ifdef DEBUG_TB_INVALIDATE
1354 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1355 page_addr);
1356#endif
1357 }
1358#else
1359 /* if some code is already present, then the pages are already
1360 protected. So we handle the case where only the first TB is
1361 allocated in a physical page */
1362 if (!last_first_tb) {
1363 tlb_protect_code(page_addr);
1364 }
1365#endif
1366
1367#endif /* TARGET_HAS_SMC */
1368}
1369
1370/* Allocate a new translation block. Flush the translation buffer if
1371 too many translation blocks or too much generated code. */
1372TranslationBlock *tb_alloc(target_ulong pc)
1373{
1374 TranslationBlock *tb;
1375
1376 if (nb_tbs >= code_gen_max_blocks ||
1377 (code_gen_ptr - code_gen_buffer) >= VBOX_ONLY((unsigned long))code_gen_buffer_max_size)
1378 return NULL;
1379 tb = &tbs[nb_tbs++];
1380 tb->pc = pc;
1381 tb->cflags = 0;
1382 return tb;
1383}
1384
1385void tb_free(TranslationBlock *tb)
1386{
1387 /* In practice this is mostly used for single use temporary TB
1388 Ignore the hard cases and just back up if this TB happens to
1389 be the last one generated. */
1390 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1391 code_gen_ptr = tb->tc_ptr;
1392 nb_tbs--;
1393 }
1394}
1395
1396/* add a new TB and link it to the physical page tables. phys_page2 is
1397 (-1) to indicate that only one page contains the TB. */
1398void tb_link_page(TranslationBlock *tb,
1399 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1400{
1401 unsigned int h;
1402 TranslationBlock **ptb;
1403
1404 /* Grab the mmap lock to stop another thread invalidating this TB
1405 before we are done. */
1406 mmap_lock();
1407 /* add in the physical hash table */
1408 h = tb_phys_hash_func(phys_pc);
1409 ptb = &tb_phys_hash[h];
1410 tb->phys_hash_next = *ptb;
1411 *ptb = tb;
1412
1413 /* add in the page list */
1414 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1415 if (phys_page2 != -1)
1416 tb_alloc_page(tb, 1, phys_page2);
1417 else
1418 tb->page_addr[1] = -1;
1419
1420 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1421 tb->jmp_next[0] = NULL;
1422 tb->jmp_next[1] = NULL;
1423
1424 /* init original jump addresses */
1425 if (tb->tb_next_offset[0] != 0xffff)
1426 tb_reset_jump(tb, 0);
1427 if (tb->tb_next_offset[1] != 0xffff)
1428 tb_reset_jump(tb, 1);
1429
1430#ifdef DEBUG_TB_CHECK
1431 tb_page_check();
1432#endif
1433 mmap_unlock();
1434}
1435
1436/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1437 tb[1].tc_ptr. Return NULL if not found */
1438TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1439{
1440 int m_min, m_max, m;
1441 unsigned long v;
1442 TranslationBlock *tb;
1443
1444 if (nb_tbs <= 0)
1445 return NULL;
1446 if (tc_ptr < (unsigned long)code_gen_buffer ||
1447 tc_ptr >= (unsigned long)code_gen_ptr)
1448 return NULL;
1449 /* binary search (cf Knuth) */
1450 m_min = 0;
1451 m_max = nb_tbs - 1;
1452 while (m_min <= m_max) {
1453 m = (m_min + m_max) >> 1;
1454 tb = &tbs[m];
1455 v = (unsigned long)tb->tc_ptr;
1456 if (v == tc_ptr)
1457 return tb;
1458 else if (tc_ptr < v) {
1459 m_max = m - 1;
1460 } else {
1461 m_min = m + 1;
1462 }
1463 }
1464 return &tbs[m_max];
1465}
1466
1467static void tb_reset_jump_recursive(TranslationBlock *tb);
1468
1469static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1470{
1471 TranslationBlock *tb1, *tb_next, **ptb;
1472 unsigned int n1;
1473
1474 tb1 = tb->jmp_next[n];
1475 if (tb1 != NULL) {
1476 /* find head of list */
1477 for(;;) {
1478 n1 = (long)tb1 & 3;
1479 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1480 if (n1 == 2)
1481 break;
1482 tb1 = tb1->jmp_next[n1];
1483 }
1484 /* we are now sure now that tb jumps to tb1 */
1485 tb_next = tb1;
1486
1487 /* remove tb from the jmp_first list */
1488 ptb = &tb_next->jmp_first;
1489 for(;;) {
1490 tb1 = *ptb;
1491 n1 = (long)tb1 & 3;
1492 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1493 if (n1 == n && tb1 == tb)
1494 break;
1495 ptb = &tb1->jmp_next[n1];
1496 }
1497 *ptb = tb->jmp_next[n];
1498 tb->jmp_next[n] = NULL;
1499
1500 /* suppress the jump to next tb in generated code */
1501 tb_reset_jump(tb, n);
1502
1503 /* suppress jumps in the tb on which we could have jumped */
1504 tb_reset_jump_recursive(tb_next);
1505 }
1506}
1507
1508static void tb_reset_jump_recursive(TranslationBlock *tb)
1509{
1510 tb_reset_jump_recursive2(tb, 0);
1511 tb_reset_jump_recursive2(tb, 1);
1512}
1513
1514#if defined(TARGET_HAS_ICE)
1515#if defined(CONFIG_USER_ONLY)
1516static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1517{
1518 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1519}
1520#else
1521static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1522{
1523 target_phys_addr_t addr;
1524 target_ulong pd;
1525 ram_addr_t ram_addr;
1526 PhysPageDesc *p;
1527
1528 addr = cpu_get_phys_page_debug(env, pc);
1529 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1530 if (!p) {
1531 pd = IO_MEM_UNASSIGNED;
1532 } else {
1533 pd = p->phys_offset;
1534 }
1535 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1536 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1537}
1538#endif
1539#endif /* TARGET_HAS_ICE */
1540
1541#if defined(CONFIG_USER_ONLY)
1542void cpu_watchpoint_remove_all(CPUState *env, int mask)
1543
1544{
1545}
1546
1547int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1548 int flags, CPUWatchpoint **watchpoint)
1549{
1550 return -ENOSYS;
1551}
1552#else
1553/* Add a watchpoint. */
1554int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1555 int flags, CPUWatchpoint **watchpoint)
1556{
1557 target_ulong len_mask = ~(len - 1);
1558 CPUWatchpoint *wp;
1559
1560 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1561 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1562 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1563 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1564#ifndef VBOX
1565 return -EINVAL;
1566#else
1567 return VERR_INVALID_PARAMETER;
1568#endif
1569 }
1570 wp = qemu_malloc(sizeof(*wp));
1571
1572 wp->vaddr = addr;
1573 wp->len_mask = len_mask;
1574 wp->flags = flags;
1575
1576 /* keep all GDB-injected watchpoints in front */
1577 if (flags & BP_GDB)
1578 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1579 else
1580 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1581
1582 tlb_flush_page(env, addr);
1583
1584 if (watchpoint)
1585 *watchpoint = wp;
1586 return 0;
1587}
1588
1589/* Remove a specific watchpoint. */
1590int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1591 int flags)
1592{
1593 target_ulong len_mask = ~(len - 1);
1594 CPUWatchpoint *wp;
1595
1596 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1597 if (addr == wp->vaddr && len_mask == wp->len_mask
1598 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1599 cpu_watchpoint_remove_by_ref(env, wp);
1600 return 0;
1601 }
1602 }
1603#ifndef VBOX
1604 return -ENOENT;
1605#else
1606 return VERR_NOT_FOUND;
1607#endif
1608}
1609
1610/* Remove a specific watchpoint by reference. */
1611void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1612{
1613 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1614
1615 tlb_flush_page(env, watchpoint->vaddr);
1616
1617 qemu_free(watchpoint);
1618}
1619
1620/* Remove all matching watchpoints. */
1621void cpu_watchpoint_remove_all(CPUState *env, int mask)
1622{
1623 CPUWatchpoint *wp, *next;
1624
1625 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1626 if (wp->flags & mask)
1627 cpu_watchpoint_remove_by_ref(env, wp);
1628 }
1629}
1630#endif
1631
1632/* Add a breakpoint. */
1633int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1634 CPUBreakpoint **breakpoint)
1635{
1636#if defined(TARGET_HAS_ICE)
1637 CPUBreakpoint *bp;
1638
1639 bp = qemu_malloc(sizeof(*bp));
1640
1641 bp->pc = pc;
1642 bp->flags = flags;
1643
1644 /* keep all GDB-injected breakpoints in front */
1645 if (flags & BP_GDB)
1646 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1647 else
1648 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1649
1650 breakpoint_invalidate(env, pc);
1651
1652 if (breakpoint)
1653 *breakpoint = bp;
1654 return 0;
1655#else
1656 return -ENOSYS;
1657#endif
1658}
1659
1660/* Remove a specific breakpoint. */
1661int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1662{
1663#if defined(TARGET_HAS_ICE)
1664 CPUBreakpoint *bp;
1665
1666 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1667 if (bp->pc == pc && bp->flags == flags) {
1668 cpu_breakpoint_remove_by_ref(env, bp);
1669 return 0;
1670 }
1671 }
1672# ifndef VBOX
1673 return -ENOENT;
1674# else
1675 return VERR_NOT_FOUND;
1676# endif
1677#else
1678 return -ENOSYS;
1679#endif
1680}
1681
1682/* Remove a specific breakpoint by reference. */
1683void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1684{
1685#if defined(TARGET_HAS_ICE)
1686 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1687
1688 breakpoint_invalidate(env, breakpoint->pc);
1689
1690 qemu_free(breakpoint);
1691#endif
1692}
1693
1694/* Remove all matching breakpoints. */
1695void cpu_breakpoint_remove_all(CPUState *env, int mask)
1696{
1697#if defined(TARGET_HAS_ICE)
1698 CPUBreakpoint *bp, *next;
1699
1700 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1701 if (bp->flags & mask)
1702 cpu_breakpoint_remove_by_ref(env, bp);
1703 }
1704#endif
1705}
1706
1707/* enable or disable single step mode. EXCP_DEBUG is returned by the
1708 CPU loop after each instruction */
1709void cpu_single_step(CPUState *env, int enabled)
1710{
1711#if defined(TARGET_HAS_ICE)
1712 if (env->singlestep_enabled != enabled) {
1713 env->singlestep_enabled = enabled;
1714 if (kvm_enabled())
1715 kvm_update_guest_debug(env, 0);
1716 else {
1717 /* must flush all the translated code to avoid inconsistencies */
1718 /* XXX: only flush what is necessary */
1719 tb_flush(env);
1720 }
1721 }
1722#endif
1723}
1724
1725#ifndef VBOX
1726
1727/* enable or disable low levels log */
1728void cpu_set_log(int log_flags)
1729{
1730 loglevel = log_flags;
1731 if (loglevel && !logfile) {
1732 logfile = fopen(logfilename, log_append ? "a" : "w");
1733 if (!logfile) {
1734 perror(logfilename);
1735 _exit(1);
1736 }
1737#if !defined(CONFIG_SOFTMMU)
1738 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1739 {
1740 static char logfile_buf[4096];
1741 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1742 }
1743#elif !defined(_WIN32)
1744 /* Win32 doesn't support line-buffering and requires size >= 2 */
1745 setvbuf(logfile, NULL, _IOLBF, 0);
1746#endif
1747 log_append = 1;
1748 }
1749 if (!loglevel && logfile) {
1750 fclose(logfile);
1751 logfile = NULL;
1752 }
1753}
1754
1755void cpu_set_log_filename(const char *filename)
1756{
1757 logfilename = strdup(filename);
1758 if (logfile) {
1759 fclose(logfile);
1760 logfile = NULL;
1761 }
1762 cpu_set_log(loglevel);
1763}
1764
1765#endif /* !VBOX */
1766
1767static void cpu_unlink_tb(CPUState *env)
1768{
1769 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1770 problem and hope the cpu will stop of its own accord. For userspace
1771 emulation this often isn't actually as bad as it sounds. Often
1772 signals are used primarily to interrupt blocking syscalls. */
1773 TranslationBlock *tb;
1774 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1775
1776 spin_lock(&interrupt_lock);
1777 tb = env->current_tb;
1778 /* if the cpu is currently executing code, we must unlink it and
1779 all the potentially executing TB */
1780 if (tb) {
1781 env->current_tb = NULL;
1782 tb_reset_jump_recursive(tb);
1783 }
1784 spin_unlock(&interrupt_lock);
1785}
1786
1787/* mask must never be zero, except for A20 change call */
1788void cpu_interrupt(CPUState *env, int mask)
1789{
1790 int old_mask;
1791
1792 old_mask = env->interrupt_request;
1793#ifndef VBOX
1794 env->interrupt_request |= mask;
1795#else /* VBOX */
1796 VM_ASSERT_EMT(env->pVM);
1797 ASMAtomicOrS32((int32_t volatile *)&env->interrupt_request, mask);
1798#endif /* VBOX */
1799
1800#ifndef VBOX
1801#ifndef CONFIG_USER_ONLY
1802 /*
1803 * If called from iothread context, wake the target cpu in
1804 * case its halted.
1805 */
1806 if (!qemu_cpu_self(env)) {
1807 qemu_cpu_kick(env);
1808 return;
1809 }
1810#endif
1811#endif /* !VBOX */
1812
1813 if (use_icount) {
1814 env->icount_decr.u16.high = 0xffff;
1815#ifndef CONFIG_USER_ONLY
1816 if (!can_do_io(env)
1817 && (mask & ~old_mask) != 0) {
1818 cpu_abort(env, "Raised interrupt while not in I/O function");
1819 }
1820#endif
1821 } else {
1822 cpu_unlink_tb(env);
1823 }
1824}
1825
1826void cpu_reset_interrupt(CPUState *env, int mask)
1827{
1828#ifdef VBOX
1829 /*
1830 * Note: the current implementation can be executed by another thread without problems; make sure this remains true
1831 * for future changes!
1832 */
1833 ASMAtomicAndS32((int32_t volatile *)&env->interrupt_request, ~mask);
1834#else /* !VBOX */
1835 env->interrupt_request &= ~mask;
1836#endif /* !VBOX */
1837}
1838
1839void cpu_exit(CPUState *env)
1840{
1841 env->exit_request = 1;
1842 cpu_unlink_tb(env);
1843}
1844
1845#ifndef VBOX
1846const CPULogItem cpu_log_items[] = {
1847 { CPU_LOG_TB_OUT_ASM, "out_asm",
1848 "show generated host assembly code for each compiled TB" },
1849 { CPU_LOG_TB_IN_ASM, "in_asm",
1850 "show target assembly code for each compiled TB" },
1851 { CPU_LOG_TB_OP, "op",
1852 "show micro ops for each compiled TB" },
1853 { CPU_LOG_TB_OP_OPT, "op_opt",
1854 "show micro ops "
1855#ifdef TARGET_I386
1856 "before eflags optimization and "
1857#endif
1858 "after liveness analysis" },
1859 { CPU_LOG_INT, "int",
1860 "show interrupts/exceptions in short format" },
1861 { CPU_LOG_EXEC, "exec",
1862 "show trace before each executed TB (lots of logs)" },
1863 { CPU_LOG_TB_CPU, "cpu",
1864 "show CPU state before block translation" },
1865#ifdef TARGET_I386
1866 { CPU_LOG_PCALL, "pcall",
1867 "show protected mode far calls/returns/exceptions" },
1868 { CPU_LOG_RESET, "cpu_reset",
1869 "show CPU state before CPU resets" },
1870#endif
1871#ifdef DEBUG_IOPORT
1872 { CPU_LOG_IOPORT, "ioport",
1873 "show all i/o ports accesses" },
1874#endif
1875 { 0, NULL, NULL },
1876};
1877
1878#ifndef CONFIG_USER_ONLY
1879static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1880 = QLIST_HEAD_INITIALIZER(memory_client_list);
1881
1882static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1883 ram_addr_t size,
1884 ram_addr_t phys_offset)
1885{
1886 CPUPhysMemoryClient *client;
1887 QLIST_FOREACH(client, &memory_client_list, list) {
1888 client->set_memory(client, start_addr, size, phys_offset);
1889 }
1890}
1891
1892static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1893 target_phys_addr_t end)
1894{
1895 CPUPhysMemoryClient *client;
1896 QLIST_FOREACH(client, &memory_client_list, list) {
1897 int r = client->sync_dirty_bitmap(client, start, end);
1898 if (r < 0)
1899 return r;
1900 }
1901 return 0;
1902}
1903
1904static int cpu_notify_migration_log(int enable)
1905{
1906 CPUPhysMemoryClient *client;
1907 QLIST_FOREACH(client, &memory_client_list, list) {
1908 int r = client->migration_log(client, enable);
1909 if (r < 0)
1910 return r;
1911 }
1912 return 0;
1913}
1914
1915static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1916 int level, void **lp)
1917{
1918 int i;
1919
1920 if (*lp == NULL) {
1921 return;
1922 }
1923 if (level == 0) {
1924 PhysPageDesc *pd = *lp;
1925 for (i = 0; i < L2_SIZE; ++i) {
1926 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1927 client->set_memory(client, pd[i].region_offset,
1928 TARGET_PAGE_SIZE, pd[i].phys_offset);
1929 }
1930 }
1931 } else {
1932 void **pp = *lp;
1933 for (i = 0; i < L2_SIZE; ++i) {
1934 phys_page_for_each_1(client, level - 1, pp + i);
1935 }
1936 }
1937}
1938
1939static void phys_page_for_each(CPUPhysMemoryClient *client)
1940{
1941 int i;
1942 for (i = 0; i < P_L1_SIZE; ++i) {
1943 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1944 l1_phys_map + 1);
1945 }
1946}
1947
1948void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1949{
1950 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1951 phys_page_for_each(client);
1952}
1953
1954void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1955{
1956 QLIST_REMOVE(client, list);
1957}
1958#endif
1959
1960static int cmp1(const char *s1, int n, const char *s2)
1961{
1962 if (strlen(s2) != n)
1963 return 0;
1964 return memcmp(s1, s2, n) == 0;
1965}
1966
1967/* takes a comma separated list of log masks. Return 0 if error. */
1968int cpu_str_to_log_mask(const char *str)
1969{
1970 const CPULogItem *item;
1971 int mask;
1972 const char *p, *p1;
1973
1974 p = str;
1975 mask = 0;
1976 for(;;) {
1977 p1 = strchr(p, ',');
1978 if (!p1)
1979 p1 = p + strlen(p);
1980 if(cmp1(p,p1-p,"all")) {
1981 for(item = cpu_log_items; item->mask != 0; item++) {
1982 mask |= item->mask;
1983 }
1984 } else {
1985 for(item = cpu_log_items; item->mask != 0; item++) {
1986 if (cmp1(p, p1 - p, item->name))
1987 goto found;
1988 }
1989 return 0;
1990 }
1991 found:
1992 mask |= item->mask;
1993 if (*p1 != ',')
1994 break;
1995 p = p1 + 1;
1996 }
1997 return mask;
1998}
1999
2000void cpu_abort(CPUState *env, const char *fmt, ...)
2001{
2002 va_list ap;
2003 va_list ap2;
2004
2005 va_start(ap, fmt);
2006 va_copy(ap2, ap);
2007 fprintf(stderr, "qemu: fatal: ");
2008 vfprintf(stderr, fmt, ap);
2009 fprintf(stderr, "\n");
2010#ifdef TARGET_I386
2011 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
2012#else
2013 cpu_dump_state(env, stderr, fprintf, 0);
2014#endif
2015 if (qemu_log_enabled()) {
2016 qemu_log("qemu: fatal: ");
2017 qemu_log_vprintf(fmt, ap2);
2018 qemu_log("\n");
2019#ifdef TARGET_I386
2020 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
2021#else
2022 log_cpu_state(env, 0);
2023#endif
2024 qemu_log_flush();
2025 qemu_log_close();
2026 }
2027 va_end(ap2);
2028 va_end(ap);
2029#if defined(CONFIG_USER_ONLY)
2030 {
2031 struct sigaction act;
2032 sigfillset(&act.sa_mask);
2033 act.sa_handler = SIG_DFL;
2034 sigaction(SIGABRT, &act, NULL);
2035 }
2036#endif
2037 abort();
2038}
2039
2040CPUState *cpu_copy(CPUState *env)
2041{
2042 CPUState *new_env = cpu_init(env->cpu_model_str);
2043 CPUState *next_cpu = new_env->next_cpu;
2044 int cpu_index = new_env->cpu_index;
2045#if defined(TARGET_HAS_ICE)
2046 CPUBreakpoint *bp;
2047 CPUWatchpoint *wp;
2048#endif
2049
2050 memcpy(new_env, env, sizeof(CPUState));
2051
2052 /* Preserve chaining and index. */
2053 new_env->next_cpu = next_cpu;
2054 new_env->cpu_index = cpu_index;
2055
2056 /* Clone all break/watchpoints.
2057 Note: Once we support ptrace with hw-debug register access, make sure
2058 BP_CPU break/watchpoints are handled correctly on clone. */
2059 QTAILQ_INIT(&env->breakpoints);
2060 QTAILQ_INIT(&env->watchpoints);
2061#if defined(TARGET_HAS_ICE)
2062 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
2063 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
2064 }
2065 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2066 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
2067 wp->flags, NULL);
2068 }
2069#endif
2070
2071 return new_env;
2072}
2073
2074#endif /* !VBOX */
2075#if !defined(CONFIG_USER_ONLY)
2076
2077static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
2078{
2079 unsigned int i;
2080
2081 /* Discard jump cache entries for any tb which might potentially
2082 overlap the flushed page. */
2083 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
2084 memset (&env->tb_jmp_cache[i], 0,
2085 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
2086
2087 i = tb_jmp_cache_hash_page(addr);
2088 memset (&env->tb_jmp_cache[i], 0,
2089 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
2090#ifdef VBOX
2091
2092 /* inform raw mode about TLB page flush */
2093 remR3FlushPage(env, addr);
2094#endif /* VBOX */
2095}
2096
2097static CPUTLBEntry s_cputlb_empty_entry = {
2098 .addr_read = -1,
2099 .addr_write = -1,
2100 .addr_code = -1,
2101 .addend = -1,
2102};
2103
2104/* NOTE: if flush_global is true, also flush global entries (not
2105 implemented yet) */
2106void tlb_flush(CPUState *env, int flush_global)
2107{
2108 int i;
2109
2110#if defined(DEBUG_TLB)
2111 printf("tlb_flush:\n");
2112#endif
2113 /* must reset current TB so that interrupts cannot modify the
2114 links while we are modifying them */
2115 env->current_tb = NULL;
2116
2117 for(i = 0; i < CPU_TLB_SIZE; i++) {
2118 int mmu_idx;
2119 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2120 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
2121 }
2122 }
2123
2124 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
2125
2126 env->tlb_flush_addr = -1;
2127 env->tlb_flush_mask = 0;
2128 tlb_flush_count++;
2129#ifdef VBOX
2130
2131 /* inform raw mode about TLB flush */
2132 remR3FlushTLB(env, flush_global);
2133#endif /* VBOX */
2134}
2135
2136static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
2137{
2138 if (addr == (tlb_entry->addr_read &
2139 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
2140 addr == (tlb_entry->addr_write &
2141 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
2142 addr == (tlb_entry->addr_code &
2143 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
2144 *tlb_entry = s_cputlb_empty_entry;
2145 }
2146}
2147
2148void tlb_flush_page(CPUState *env, target_ulong addr)
2149{
2150 int i;
2151 int mmu_idx;
2152
2153#if defined(DEBUG_TLB)
2154 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
2155#endif
2156 /* Check if we need to flush due to large pages. */
2157 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
2158#if defined(DEBUG_TLB)
2159 printf("tlb_flush_page: forced full flush ("
2160 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2161 env->tlb_flush_addr, env->tlb_flush_mask);
2162#endif
2163 tlb_flush(env, 1);
2164 return;
2165 }
2166 /* must reset current TB so that interrupts cannot modify the
2167 links while we are modifying them */
2168 env->current_tb = NULL;
2169
2170 addr &= TARGET_PAGE_MASK;
2171 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2172 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2173 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
2174
2175 tlb_flush_jmp_cache(env, addr);
2176}
2177
2178/* update the TLBs so that writes to code in the virtual page 'addr'
2179 can be detected */
2180static void tlb_protect_code(ram_addr_t ram_addr)
2181{
2182 cpu_physical_memory_reset_dirty(ram_addr,
2183 ram_addr + TARGET_PAGE_SIZE,
2184 CODE_DIRTY_FLAG);
2185#if defined(VBOX) && defined(REM_MONITOR_CODE_PAGES)
2186 /** @todo Retest this? This function has changed... */
2187 remR3ProtectCode(cpu_single_env, ram_addr);
2188#endif /* VBOX */
2189}
2190
2191/* update the TLB so that writes in physical page 'phys_addr' are no longer
2192 tested for self modifying code */
2193static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2194 target_ulong vaddr)
2195{
2196 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2197}
2198
2199static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2200 unsigned long start, unsigned long length)
2201{
2202 unsigned long addr;
2203#ifdef VBOX
2204
2205 if (start & 3)
2206 return;
2207#endif /* VBOX */
2208 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2209 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2210 if ((addr - start) < length) {
2211 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2212 }
2213 }
2214}
2215
2216/* Note: start and end must be within the same ram block. */
2217void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2218 int dirty_flags)
2219{
2220 CPUState *env;
2221 unsigned long length, start1;
2222 int i;
2223
2224 start &= TARGET_PAGE_MASK;
2225 end = TARGET_PAGE_ALIGN(end);
2226
2227 length = end - start;
2228 if (length == 0)
2229 return;
2230 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2231
2232 /* we modify the TLB cache so that the dirty bit will be set again
2233 when accessing the range */
2234#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
2235 start1 = start;
2236#elif !defined(VBOX)
2237 start1 = (unsigned long)qemu_get_ram_ptr(start);
2238 /* Chek that we don't span multiple blocks - this breaks the
2239 address comparisons below. */
2240 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2241 != (end - 1) - start) {
2242 abort();
2243 }
2244#else
2245 start1 = (unsigned long)remR3TlbGCPhys2Ptr(first_cpu, start, 1 /*fWritable*/); /** @todo page replacing (sharing or read only) may cause trouble, fix interface/whatever. */
2246#endif
2247
2248 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2249 int mmu_idx;
2250 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2251 for(i = 0; i < CPU_TLB_SIZE; i++)
2252 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2253 start1, length);
2254 }
2255 }
2256}
2257
2258#ifndef VBOX
2259
2260int cpu_physical_memory_set_dirty_tracking(int enable)
2261{
2262 int ret = 0;
2263 in_migration = enable;
2264 ret = cpu_notify_migration_log(!!enable);
2265 return ret;
2266}
2267
2268int cpu_physical_memory_get_dirty_tracking(void)
2269{
2270 return in_migration;
2271}
2272
2273#endif /* !VBOX */
2274
2275int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2276 target_phys_addr_t end_addr)
2277{
2278#ifndef VBOX
2279 int ret;
2280
2281 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2282 return ret;
2283#else /* VBOX */
2284 return 0;
2285#endif /* VBOX */
2286}
2287
2288#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
2289DECLINLINE(void) tlb_update_dirty(CPUTLBEntry *tlb_entry, target_phys_addr_t phys_addend)
2290#else
2291static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2292#endif
2293{
2294 ram_addr_t ram_addr;
2295 void *p;
2296
2297 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2298#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
2299 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2300#elif !defined(VBOX)
2301 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2302 + tlb_entry->addend);
2303 ram_addr = qemu_ram_addr_from_host(p);
2304#else
2305 Assert(phys_addend != -1);
2306 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + phys_addend;
2307#endif
2308 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2309 tlb_entry->addr_write |= TLB_NOTDIRTY;
2310 }
2311 }
2312}
2313
2314/* update the TLB according to the current state of the dirty bits */
2315void cpu_tlb_update_dirty(CPUState *env)
2316{
2317 int i;
2318 int mmu_idx;
2319 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2320 for(i = 0; i < CPU_TLB_SIZE; i++)
2321#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
2322 tlb_update_dirty(&env->tlb_table[mmu_idx][i], env->phys_addends[mmu_idx][i]);
2323#else
2324 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2325#endif
2326 }
2327}
2328
2329static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2330{
2331 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2332 tlb_entry->addr_write = vaddr;
2333}
2334
2335/* update the TLB corresponding to virtual page vaddr
2336 so that it is no longer dirty */
2337static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2338{
2339 int i;
2340 int mmu_idx;
2341
2342 vaddr &= TARGET_PAGE_MASK;
2343 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2344 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2345 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2346}
2347
2348/* Our TLB does not support large pages, so remember the area covered by
2349 large pages and trigger a full TLB flush if these are invalidated. */
2350static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2351 target_ulong size)
2352{
2353 target_ulong mask = ~(size - 1);
2354
2355 if (env->tlb_flush_addr == (target_ulong)-1) {
2356 env->tlb_flush_addr = vaddr & mask;
2357 env->tlb_flush_mask = mask;
2358 return;
2359 }
2360 /* Extend the existing region to include the new page.
2361 This is a compromise between unnecessary flushes and the cost
2362 of maintaining a full variable size TLB. */
2363 mask &= env->tlb_flush_mask;
2364 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2365 mask <<= 1;
2366 }
2367 env->tlb_flush_addr &= mask;
2368 env->tlb_flush_mask = mask;
2369}
2370
2371/* Add a new TLB entry. At most one entry for a given virtual address
2372 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2373 supplied size is only used by tlb_flush_page. */
2374void tlb_set_page(CPUState *env, target_ulong vaddr,
2375 target_phys_addr_t paddr, int prot,
2376 int mmu_idx, target_ulong size)
2377{
2378 PhysPageDesc *p;
2379 unsigned long pd;
2380 unsigned int index;
2381 target_ulong address;
2382 target_ulong code_address;
2383 unsigned long addend;
2384 CPUTLBEntry *te;
2385 CPUWatchpoint *wp;
2386 target_phys_addr_t iotlb;
2387#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
2388 int read_mods = 0, write_mods = 0, code_mods = 0;
2389#endif
2390
2391 assert(size >= TARGET_PAGE_SIZE);
2392 if (size != TARGET_PAGE_SIZE) {
2393 tlb_add_large_page(env, vaddr, size);
2394 }
2395 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2396 if (!p) {
2397 pd = IO_MEM_UNASSIGNED;
2398 } else {
2399 pd = p->phys_offset;
2400 }
2401#if defined(DEBUG_TLB)
2402 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2403 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2404#endif
2405
2406 address = vaddr;
2407 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2408 /* IO memory case (romd handled later) */
2409 address |= TLB_MMIO;
2410 }
2411#if defined(VBOX) && defined(REM_PHYS_ADDR_IN_TLB)
2412 addend = pd & TARGET_PAGE_MASK;
2413#elif !defined(VBOX)
2414 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2415#else
2416 /** @todo this is racing the phys_page_find call above since it may register
2417 * a new chunk of memory... */
2418 addend = (unsigned long)remR3TlbGCPhys2Ptr(env, pd & TARGET_PAGE_MASK, !!(prot & PAGE_WRITE));
2419#endif
2420
2421 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2422 /* Normal RAM. */
2423 iotlb = pd & TARGET_PAGE_MASK;
2424 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2425 iotlb |= IO_MEM_NOTDIRTY;
2426 else
2427 iotlb |= IO_MEM_ROM;
2428 } else {
2429 /* IO handlers are currently passed a physical address.
2430 It would be nice to pass an offset from the base address
2431 of that region. This would avoid having to special case RAM,
2432 and avoid full address decoding in every device.
2433 We can't use the high bits of pd for this because
2434 IO_MEM_ROMD uses these as a ram address. */
2435 iotlb = (pd & ~TARGET_PAGE_MASK);
2436 if (p) {
2437 iotlb += p->region_offset;
2438 } else {
2439 iotlb += paddr;
2440 }
2441 }
2442
2443 code_address = address;
2444#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
2445
2446 if (addend & 0x3)
2447 {
2448 if (addend & 0x2)
2449 {
2450 /* catch write */
2451 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM)
2452 write_mods |= TLB_MMIO;
2453 }
2454 else if (addend & 0x1)
2455 {
2456 /* catch all */
2457 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM)
2458 {
2459 read_mods |= TLB_MMIO;
2460 write_mods |= TLB_MMIO;
2461 code_mods |= TLB_MMIO;
2462 }
2463 }
2464 if ((iotlb & ~TARGET_PAGE_MASK) == 0)
2465 iotlb = env->pVM->rem.s.iHandlerMemType + paddr;
2466 addend &= ~(target_ulong)0x3;
2467 }
2468
2469#endif
2470 /* Make accesses to pages with watchpoints go via the
2471 watchpoint trap routines. */
2472 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2473 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2474 /* Avoid trapping reads of pages with a write breakpoint. */
2475 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2476 iotlb = io_mem_watch + paddr;
2477 address |= TLB_MMIO;
2478 break;
2479 }
2480 }
2481 }
2482
2483 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2484 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2485 te = &env->tlb_table[mmu_idx][index];
2486 te->addend = addend - vaddr;
2487 if (prot & PAGE_READ) {
2488 te->addr_read = address;
2489 } else {
2490 te->addr_read = -1;
2491 }
2492
2493 if (prot & PAGE_EXEC) {
2494 te->addr_code = code_address;
2495 } else {
2496 te->addr_code = -1;
2497 }
2498 if (prot & PAGE_WRITE) {
2499 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2500 (pd & IO_MEM_ROMD)) {
2501 /* Write access calls the I/O callback. */
2502 te->addr_write = address | TLB_MMIO;
2503 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2504 !cpu_physical_memory_is_dirty(pd)) {
2505 te->addr_write = address | TLB_NOTDIRTY;
2506 } else {
2507 te->addr_write = address;
2508 }
2509 } else {
2510 te->addr_write = -1;
2511 }
2512
2513#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
2514 if (prot & PAGE_READ)
2515 te->addr_read |= read_mods;
2516 if (prot & PAGE_EXEC)
2517 te->addr_code |= code_mods;
2518 if (prot & PAGE_WRITE)
2519 te->addr_write |= write_mods;
2520
2521 env->phys_addends[mmu_idx][index] = (pd & TARGET_PAGE_MASK)- vaddr;
2522#endif
2523
2524#ifdef VBOX
2525 /* inform raw mode about TLB page change */
2526 remR3FlushPage(env, vaddr);
2527#endif
2528}
2529
2530#else
2531
2532void tlb_flush(CPUState *env, int flush_global)
2533{
2534}
2535
2536void tlb_flush_page(CPUState *env, target_ulong addr)
2537{
2538}
2539
2540/*
2541 * Walks guest process memory "regions" one by one
2542 * and calls callback function 'fn' for each region.
2543 */
2544
2545struct walk_memory_regions_data
2546{
2547 walk_memory_regions_fn fn;
2548 void *priv;
2549 unsigned long start;
2550 int prot;
2551};
2552
2553static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2554 abi_ulong end, int new_prot)
2555{
2556 if (data->start != -1ul) {
2557 int rc = data->fn(data->priv, data->start, end, data->prot);
2558 if (rc != 0) {
2559 return rc;
2560 }
2561 }
2562
2563 data->start = (new_prot ? end : -1ul);
2564 data->prot = new_prot;
2565
2566 return 0;
2567}
2568
2569static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2570 abi_ulong base, int level, void **lp)
2571{
2572 abi_ulong pa;
2573 int i, rc;
2574
2575 if (*lp == NULL) {
2576 return walk_memory_regions_end(data, base, 0);
2577 }
2578
2579 if (level == 0) {
2580 PageDesc *pd = *lp;
2581 for (i = 0; i < L2_SIZE; ++i) {
2582 int prot = pd[i].flags;
2583
2584 pa = base | (i << TARGET_PAGE_BITS);
2585 if (prot != data->prot) {
2586 rc = walk_memory_regions_end(data, pa, prot);
2587 if (rc != 0) {
2588 return rc;
2589 }
2590 }
2591 }
2592 } else {
2593 void **pp = *lp;
2594 for (i = 0; i < L2_SIZE; ++i) {
2595 pa = base | ((abi_ulong)i <<
2596 (TARGET_PAGE_BITS + L2_BITS * level));
2597 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2598 if (rc != 0) {
2599 return rc;
2600 }
2601 }
2602 }
2603
2604 return 0;
2605}
2606
2607int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2608{
2609 struct walk_memory_regions_data data;
2610 unsigned long i;
2611
2612 data.fn = fn;
2613 data.priv = priv;
2614 data.start = -1ul;
2615 data.prot = 0;
2616
2617 for (i = 0; i < V_L1_SIZE; i++) {
2618 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2619 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2620 if (rc != 0) {
2621 return rc;
2622 }
2623 }
2624
2625 return walk_memory_regions_end(&data, 0, 0);
2626}
2627
2628static int dump_region(void *priv, abi_ulong start,
2629 abi_ulong end, unsigned long prot)
2630{
2631 FILE *f = (FILE *)priv;
2632
2633 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2634 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2635 start, end, end - start,
2636 ((prot & PAGE_READ) ? 'r' : '-'),
2637 ((prot & PAGE_WRITE) ? 'w' : '-'),
2638 ((prot & PAGE_EXEC) ? 'x' : '-'));
2639
2640 return (0);
2641}
2642
2643/* dump memory mappings */
2644void page_dump(FILE *f)
2645{
2646 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2647 "start", "end", "size", "prot");
2648 walk_memory_regions(f, dump_region);
2649}
2650
2651int page_get_flags(target_ulong address)
2652{
2653 PageDesc *p;
2654
2655 p = page_find(address >> TARGET_PAGE_BITS);
2656 if (!p)
2657 return 0;
2658 return p->flags;
2659}
2660
2661/* Modify the flags of a page and invalidate the code if necessary.
2662 The flag PAGE_WRITE_ORG is positioned automatically depending
2663 on PAGE_WRITE. The mmap_lock should already be held. */
2664void page_set_flags(target_ulong start, target_ulong end, int flags)
2665{
2666 target_ulong addr, len;
2667
2668 /* This function should never be called with addresses outside the
2669 guest address space. If this assert fires, it probably indicates
2670 a missing call to h2g_valid. */
2671#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2672 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2673#endif
2674 assert(start < end);
2675
2676 start = start & TARGET_PAGE_MASK;
2677 end = TARGET_PAGE_ALIGN(end);
2678
2679 if (flags & PAGE_WRITE) {
2680 flags |= PAGE_WRITE_ORG;
2681 }
2682
2683#ifdef VBOX
2684 AssertMsgFailed(("We shouldn't be here, and if we should, we must have an env to do the proper locking!\n"));
2685#endif
2686 for (addr = start, len = end - start;
2687 len != 0;
2688 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2689 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2690
2691 /* If the write protection bit is set, then we invalidate
2692 the code inside. */
2693 if (!(p->flags & PAGE_WRITE) &&
2694 (flags & PAGE_WRITE) &&
2695 p->first_tb) {
2696 tb_invalidate_phys_page(addr, 0, NULL);
2697 }
2698 p->flags = flags;
2699 }
2700}
2701
2702int page_check_range(target_ulong start, target_ulong len, int flags)
2703{
2704 PageDesc *p;
2705 target_ulong end;
2706 target_ulong addr;
2707
2708 /* This function should never be called with addresses outside the
2709 guest address space. If this assert fires, it probably indicates
2710 a missing call to h2g_valid. */
2711#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2712 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2713#endif
2714
2715 if (len == 0) {
2716 return 0;
2717 }
2718 if (start + len - 1 < start) {
2719 /* We've wrapped around. */
2720 return -1;
2721 }
2722
2723 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2724 start = start & TARGET_PAGE_MASK;
2725
2726 for (addr = start, len = end - start;
2727 len != 0;
2728 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2729 p = page_find(addr >> TARGET_PAGE_BITS);
2730 if( !p )
2731 return -1;
2732 if( !(p->flags & PAGE_VALID) )
2733 return -1;
2734
2735 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2736 return -1;
2737 if (flags & PAGE_WRITE) {
2738 if (!(p->flags & PAGE_WRITE_ORG))
2739 return -1;
2740 /* unprotect the page if it was put read-only because it
2741 contains translated code */
2742 if (!(p->flags & PAGE_WRITE)) {
2743 if (!page_unprotect(addr, 0, NULL))
2744 return -1;
2745 }
2746 return 0;
2747 }
2748 }
2749 return 0;
2750}
2751
2752/* called from signal handler: invalidate the code and unprotect the
2753 page. Return TRUE if the fault was successfully handled. */
2754int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2755{
2756 unsigned int prot;
2757 PageDesc *p;
2758 target_ulong host_start, host_end, addr;
2759
2760 /* Technically this isn't safe inside a signal handler. However we
2761 know this only ever happens in a synchronous SEGV handler, so in
2762 practice it seems to be ok. */
2763 mmap_lock();
2764
2765 p = page_find(address >> TARGET_PAGE_BITS);
2766 if (!p) {
2767 mmap_unlock();
2768 return 0;
2769 }
2770
2771 /* if the page was really writable, then we change its
2772 protection back to writable */
2773 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2774 host_start = address & qemu_host_page_mask;
2775 host_end = host_start + qemu_host_page_size;
2776
2777 prot = 0;
2778 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2779 p = page_find(addr >> TARGET_PAGE_BITS);
2780 p->flags |= PAGE_WRITE;
2781 prot |= p->flags;
2782
2783 /* and since the content will be modified, we must invalidate
2784 the corresponding translated code. */
2785 tb_invalidate_phys_page(addr, pc, puc);
2786#ifdef DEBUG_TB_CHECK
2787 tb_invalidate_check(addr);
2788#endif
2789 }
2790 mprotect((void *)g2h(host_start), qemu_host_page_size,
2791 prot & PAGE_BITS);
2792
2793 mmap_unlock();
2794 return 1;
2795 }
2796 mmap_unlock();
2797 return 0;
2798}
2799
2800static inline void tlb_set_dirty(CPUState *env,
2801 unsigned long addr, target_ulong vaddr)
2802{
2803}
2804#endif /* defined(CONFIG_USER_ONLY) */
2805
2806#if !defined(CONFIG_USER_ONLY)
2807
2808#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2809typedef struct subpage_t {
2810 target_phys_addr_t base;
2811 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2812 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2813} subpage_t;
2814
2815static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2816 ram_addr_t memory, ram_addr_t region_offset);
2817static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2818 ram_addr_t orig_memory,
2819 ram_addr_t region_offset);
2820#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2821 need_subpage) \
2822 do { \
2823 if (addr > start_addr) \
2824 start_addr2 = 0; \
2825 else { \
2826 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2827 if (start_addr2 > 0) \
2828 need_subpage = 1; \
2829 } \
2830 \
2831 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2832 end_addr2 = TARGET_PAGE_SIZE - 1; \
2833 else { \
2834 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2835 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2836 need_subpage = 1; \
2837 } \
2838 } while (0)
2839
2840/* register physical memory.
2841 For RAM, 'size' must be a multiple of the target page size.
2842 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2843 io memory page. The address used when calling the IO function is
2844 the offset from the start of the region, plus region_offset. Both
2845 start_addr and region_offset are rounded down to a page boundary
2846 before calculating this offset. This should not be a problem unless
2847 the low bits of start_addr and region_offset differ. */
2848void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2849 ram_addr_t size,
2850 ram_addr_t phys_offset,
2851 ram_addr_t region_offset)
2852{
2853 target_phys_addr_t addr, end_addr;
2854 PhysPageDesc *p;
2855 CPUState *env;
2856 ram_addr_t orig_size = size;
2857 subpage_t *subpage;
2858
2859#ifndef VBOX
2860 cpu_notify_set_memory(start_addr, size, phys_offset);
2861#endif /* !VBOX */
2862
2863 if (phys_offset == IO_MEM_UNASSIGNED) {
2864 region_offset = start_addr;
2865 }
2866 region_offset &= TARGET_PAGE_MASK;
2867 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2868 end_addr = start_addr + (target_phys_addr_t)size;
2869 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2870 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2871 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2872 ram_addr_t orig_memory = p->phys_offset;
2873 target_phys_addr_t start_addr2, end_addr2;
2874 int need_subpage = 0;
2875
2876 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2877 need_subpage);
2878 if (need_subpage) {
2879 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2880 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2881 &p->phys_offset, orig_memory,
2882 p->region_offset);
2883 } else {
2884 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2885 >> IO_MEM_SHIFT];
2886 }
2887 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2888 region_offset);
2889 p->region_offset = 0;
2890 } else {
2891 p->phys_offset = phys_offset;
2892 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2893 (phys_offset & IO_MEM_ROMD))
2894 phys_offset += TARGET_PAGE_SIZE;
2895 }
2896 } else {
2897 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2898 p->phys_offset = phys_offset;
2899 p->region_offset = region_offset;
2900 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2901 (phys_offset & IO_MEM_ROMD)) {
2902 phys_offset += TARGET_PAGE_SIZE;
2903 } else {
2904 target_phys_addr_t start_addr2, end_addr2;
2905 int need_subpage = 0;
2906
2907 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2908 end_addr2, need_subpage);
2909
2910 if (need_subpage) {
2911 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2912 &p->phys_offset, IO_MEM_UNASSIGNED,
2913 addr & TARGET_PAGE_MASK);
2914 subpage_register(subpage, start_addr2, end_addr2,
2915 phys_offset, region_offset);
2916 p->region_offset = 0;
2917 }
2918 }
2919 }
2920 region_offset += TARGET_PAGE_SIZE;
2921 }
2922
2923 /* since each CPU stores ram addresses in its TLB cache, we must
2924 reset the modified entries */
2925 /* XXX: slow ! */
2926 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2927 tlb_flush(env, 1);
2928 }
2929}
2930
2931/* XXX: temporary until new memory mapping API */
2932ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2933{
2934 PhysPageDesc *p;
2935
2936 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2937 if (!p)
2938 return IO_MEM_UNASSIGNED;
2939 return p->phys_offset;
2940}
2941
2942#ifndef VBOX
2943
2944void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2945{
2946 if (kvm_enabled())
2947 kvm_coalesce_mmio_region(addr, size);
2948}
2949
2950void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2951{
2952 if (kvm_enabled())
2953 kvm_uncoalesce_mmio_region(addr, size);
2954}
2955
2956void qemu_flush_coalesced_mmio_buffer(void)
2957{
2958 if (kvm_enabled())
2959 kvm_flush_coalesced_mmio_buffer();
2960}
2961
2962#if defined(__linux__) && !defined(TARGET_S390X)
2963
2964#include <sys/vfs.h>
2965
2966#define HUGETLBFS_MAGIC 0x958458f6
2967
2968static long gethugepagesize(const char *path)
2969{
2970 struct statfs fs;
2971 int ret;
2972
2973 do {
2974 ret = statfs(path, &fs);
2975 } while (ret != 0 && errno == EINTR);
2976
2977 if (ret != 0) {
2978 perror(path);
2979 return 0;
2980 }
2981
2982 if (fs.f_type != HUGETLBFS_MAGIC)
2983 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2984
2985 return fs.f_bsize;
2986}
2987
2988static void *file_ram_alloc(RAMBlock *block,
2989 ram_addr_t memory,
2990 const char *path)
2991{
2992 char *filename;
2993 void *area;
2994 int fd;
2995#ifdef MAP_POPULATE
2996 int flags;
2997#endif
2998 unsigned long hpagesize;
2999
3000 hpagesize = gethugepagesize(path);
3001 if (!hpagesize) {
3002 return NULL;
3003 }
3004
3005 if (memory < hpagesize) {
3006 return NULL;
3007 }
3008
3009 if (kvm_enabled() && !kvm_has_sync_mmu()) {
3010 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
3011 return NULL;
3012 }
3013
3014 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
3015 return NULL;
3016 }
3017
3018 fd = mkstemp(filename);
3019 if (fd < 0) {
3020 perror("unable to create backing store for hugepages");
3021 free(filename);
3022 return NULL;
3023 }
3024 unlink(filename);
3025 free(filename);
3026
3027 memory = (memory+hpagesize-1) & ~(hpagesize-1);
3028
3029 /*
3030 * ftruncate is not supported by hugetlbfs in older
3031 * hosts, so don't bother bailing out on errors.
3032 * If anything goes wrong with it under other filesystems,
3033 * mmap will fail.
3034 */
3035 if (ftruncate(fd, memory))
3036 perror("ftruncate");
3037
3038#ifdef MAP_POPULATE
3039 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
3040 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
3041 * to sidestep this quirk.
3042 */
3043 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
3044 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
3045#else
3046 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
3047#endif
3048 if (area == MAP_FAILED) {
3049 perror("file_ram_alloc: can't mmap RAM pages");
3050 close(fd);
3051 return (NULL);
3052 }
3053 block->fd = fd;
3054 return area;
3055}
3056#endif
3057
3058static ram_addr_t find_ram_offset(ram_addr_t size)
3059{
3060 RAMBlock *block, *next_block;
3061 ram_addr_t offset = 0, mingap = ULONG_MAX;
3062
3063 if (QLIST_EMPTY(&ram_list.blocks))
3064 return 0;
3065
3066 QLIST_FOREACH(block, &ram_list.blocks, next) {
3067 ram_addr_t end, next = ULONG_MAX;
3068
3069 end = block->offset + block->length;
3070
3071 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
3072 if (next_block->offset >= end) {
3073 next = MIN(next, next_block->offset);
3074 }
3075 }
3076 if (next - end >= size && next - end < mingap) {
3077 offset = end;
3078 mingap = next - end;
3079 }
3080 }
3081 return offset;
3082}
3083
3084static ram_addr_t last_ram_offset(void)
3085{
3086 RAMBlock *block;
3087 ram_addr_t last = 0;
3088
3089 QLIST_FOREACH(block, &ram_list.blocks, next)
3090 last = MAX(last, block->offset + block->length);
3091
3092 return last;
3093}
3094
3095ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
3096 ram_addr_t size, void *host)
3097{
3098 RAMBlock *new_block, *block;
3099
3100 size = TARGET_PAGE_ALIGN(size);
3101 new_block = qemu_mallocz(sizeof(*new_block));
3102
3103 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
3104 char *id = dev->parent_bus->info->get_dev_path(dev);
3105 if (id) {
3106 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
3107 qemu_free(id);
3108 }
3109 }
3110 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
3111
3112 QLIST_FOREACH(block, &ram_list.blocks, next) {
3113 if (!strcmp(block->idstr, new_block->idstr)) {
3114 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
3115 new_block->idstr);
3116 abort();
3117 }
3118 }
3119
3120 new_block->host = host;
3121
3122 new_block->offset = find_ram_offset(size);
3123 new_block->length = size;
3124
3125 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
3126
3127 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
3128 last_ram_offset() >> TARGET_PAGE_BITS);
3129 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
3130 0xff, size >> TARGET_PAGE_BITS);
3131
3132 if (kvm_enabled())
3133 kvm_setup_guest_memory(new_block->host, size);
3134
3135 return new_block->offset;
3136}
3137
3138ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
3139{
3140 RAMBlock *new_block, *block;
3141
3142 size = TARGET_PAGE_ALIGN(size);
3143 new_block = qemu_mallocz(sizeof(*new_block));
3144
3145 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
3146 char *id = dev->parent_bus->info->get_dev_path(dev);
3147 if (id) {
3148 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
3149 qemu_free(id);
3150 }
3151 }
3152 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
3153
3154 QLIST_FOREACH(block, &ram_list.blocks, next) {
3155 if (!strcmp(block->idstr, new_block->idstr)) {
3156 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
3157 new_block->idstr);
3158 abort();
3159 }
3160 }
3161
3162 if (mem_path) {
3163#if defined (__linux__) && !defined(TARGET_S390X)
3164 new_block->host = file_ram_alloc(new_block, size, mem_path);
3165 if (!new_block->host) {
3166 new_block->host = qemu_vmalloc(size);
3167#ifdef MADV_MERGEABLE
3168 madvise(new_block->host, size, MADV_MERGEABLE);
3169#endif
3170 }
3171#else
3172 fprintf(stderr, "-mem-path option unsupported\n");
3173 exit(1);
3174#endif
3175 } else {
3176#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3177 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
3178 new_block->host = mmap((void*)0x1000000, size,
3179 PROT_EXEC|PROT_READ|PROT_WRITE,
3180 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
3181#else
3182 new_block->host = qemu_vmalloc(size);
3183#endif
3184#ifdef MADV_MERGEABLE
3185 madvise(new_block->host, size, MADV_MERGEABLE);
3186#endif
3187 }
3188 new_block->offset = find_ram_offset(size);
3189 new_block->length = size;
3190
3191 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
3192
3193 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
3194 last_ram_offset() >> TARGET_PAGE_BITS);
3195 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
3196 0xff, size >> TARGET_PAGE_BITS);
3197
3198 if (kvm_enabled())
3199 kvm_setup_guest_memory(new_block->host, size);
3200
3201 return new_block->offset;
3202}
3203
3204void qemu_ram_free(ram_addr_t addr)
3205{
3206 RAMBlock *block;
3207
3208 QLIST_FOREACH(block, &ram_list.blocks, next) {
3209 if (addr == block->offset) {
3210 QLIST_REMOVE(block, next);
3211 if (mem_path) {
3212#if defined (__linux__) && !defined(TARGET_S390X)
3213 if (block->fd) {
3214 munmap(block->host, block->length);
3215 close(block->fd);
3216 } else {
3217 qemu_vfree(block->host);
3218 }
3219#endif
3220 } else {
3221#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3222 munmap(block->host, block->length);
3223#else
3224 qemu_vfree(block->host);
3225#endif
3226 }
3227 qemu_free(block);
3228 return;
3229 }
3230 }
3231
3232}
3233
3234/* Return a host pointer to ram allocated with qemu_ram_alloc.
3235 With the exception of the softmmu code in this file, this should
3236 only be used for local memory (e.g. video ram) that the device owns,
3237 and knows it isn't going to access beyond the end of the block.
3238
3239 It should not be used for general purpose DMA.
3240 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3241 */
3242void *qemu_get_ram_ptr(ram_addr_t addr)
3243{
3244 RAMBlock *block;
3245
3246 QLIST_FOREACH(block, &ram_list.blocks, next) {
3247 if (addr - block->offset < block->length) {
3248 QLIST_REMOVE(block, next);
3249 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3250 return block->host + (addr - block->offset);
3251 }
3252 }
3253
3254 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3255 abort();
3256
3257 return NULL;
3258}
3259
3260/* Some of the softmmu routines need to translate from a host pointer
3261 (typically a TLB entry) back to a ram offset. */
3262ram_addr_t qemu_ram_addr_from_host(void *ptr)
3263{
3264 RAMBlock *block;
3265 uint8_t *host = ptr;
3266
3267 QLIST_FOREACH(block, &ram_list.blocks, next) {
3268 if (host - block->host < block->length) {
3269 return block->offset + (host - block->host);
3270 }
3271 }
3272
3273 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3274 abort();
3275
3276 return 0;
3277}
3278
3279#endif /* !VBOX */
3280
3281static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
3282{
3283#ifdef DEBUG_UNASSIGNED
3284 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3285#endif
3286#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3287 do_unassigned_access(addr, 0, 0, 0, 1);
3288#endif
3289 return 0;
3290}
3291
3292static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
3293{
3294#ifdef DEBUG_UNASSIGNED
3295 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3296#endif
3297#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3298 do_unassigned_access(addr, 0, 0, 0, 2);
3299#endif
3300 return 0;
3301}
3302
3303static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
3304{
3305#ifdef DEBUG_UNASSIGNED
3306 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3307#endif
3308#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3309 do_unassigned_access(addr, 0, 0, 0, 4);
3310#endif
3311 return 0;
3312}
3313
3314static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3315{
3316#ifdef DEBUG_UNASSIGNED
3317 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3318#endif
3319#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3320 do_unassigned_access(addr, 1, 0, 0, 1);
3321#endif
3322}
3323
3324static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3325{
3326#ifdef DEBUG_UNASSIGNED
3327 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3328#endif
3329#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3330 do_unassigned_access(addr, 1, 0, 0, 2);
3331#endif
3332}
3333
3334static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3335{
3336#ifdef DEBUG_UNASSIGNED
3337 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3338#endif
3339#if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3340 do_unassigned_access(addr, 1, 0, 0, 4);
3341#endif
3342}
3343
3344static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3345 unassigned_mem_readb,
3346 unassigned_mem_readw,
3347 unassigned_mem_readl,
3348};
3349
3350static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3351 unassigned_mem_writeb,
3352 unassigned_mem_writew,
3353 unassigned_mem_writel,
3354};
3355
3356static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3357 uint32_t val)
3358{
3359 int dirty_flags;
3360 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3361 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3362#if !defined(CONFIG_USER_ONLY)
3363 tb_invalidate_phys_page_fast(ram_addr, 1);
3364 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3365#endif
3366 }
3367#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
3368 remR3PhysWriteU8(ram_addr, val);
3369#else
3370 stb_p(qemu_get_ram_ptr(ram_addr), val);
3371#endif
3372 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3373 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3374 /* we remove the notdirty callback only if the code has been
3375 flushed */
3376 if (dirty_flags == 0xff)
3377 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3378}
3379
3380static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3381 uint32_t val)
3382{
3383 int dirty_flags;
3384 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3385 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3386#if !defined(CONFIG_USER_ONLY)
3387 tb_invalidate_phys_page_fast(ram_addr, 2);
3388 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3389#endif
3390 }
3391#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
3392 remR3PhysWriteU16(ram_addr, val);
3393#else
3394 stw_p(qemu_get_ram_ptr(ram_addr), val);
3395#endif
3396 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3397 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3398 /* we remove the notdirty callback only if the code has been
3399 flushed */
3400 if (dirty_flags == 0xff)
3401 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3402}
3403
3404static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3405 uint32_t val)
3406{
3407 int dirty_flags;
3408 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3409 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3410#if !defined(CONFIG_USER_ONLY)
3411 tb_invalidate_phys_page_fast(ram_addr, 4);
3412 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3413#endif
3414 }
3415#if defined(VBOX) && !defined(REM_PHYS_ADDR_IN_TLB)
3416 remR3PhysWriteU32(ram_addr, val);
3417#else
3418 stl_p(qemu_get_ram_ptr(ram_addr), val);
3419#endif
3420 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3421 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3422 /* we remove the notdirty callback only if the code has been
3423 flushed */
3424 if (dirty_flags == 0xff)
3425 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3426}
3427
3428static CPUReadMemoryFunc * const error_mem_read[3] = {
3429 NULL, /* never used */
3430 NULL, /* never used */
3431 NULL, /* never used */
3432};
3433
3434static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3435 notdirty_mem_writeb,
3436 notdirty_mem_writew,
3437 notdirty_mem_writel,
3438};
3439
3440/* Generate a debug exception if a watchpoint has been hit. */
3441static void check_watchpoint(int offset, int len_mask, int flags)
3442{
3443 CPUState *env = cpu_single_env;
3444 target_ulong pc, cs_base;
3445 TranslationBlock *tb;
3446 target_ulong vaddr;
3447 CPUWatchpoint *wp;
3448 int cpu_flags;
3449
3450 if (env->watchpoint_hit) {
3451 /* We re-entered the check after replacing the TB. Now raise
3452 * the debug interrupt so that is will trigger after the
3453 * current instruction. */
3454 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3455 return;
3456 }
3457 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3458 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3459 if ((vaddr == (wp->vaddr & len_mask) ||
3460 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3461 wp->flags |= BP_WATCHPOINT_HIT;
3462 if (!env->watchpoint_hit) {
3463 env->watchpoint_hit = wp;
3464 tb = tb_find_pc(env->mem_io_pc);
3465 if (!tb) {
3466 cpu_abort(env, "check_watchpoint: could not find TB for "
3467 "pc=%p", (void *)env->mem_io_pc);
3468 }
3469 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3470 tb_phys_invalidate(tb, -1);
3471 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3472 env->exception_index = EXCP_DEBUG;
3473 } else {
3474 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3475 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3476 }
3477 cpu_resume_from_signal(env, NULL);
3478 }
3479 } else {
3480 wp->flags &= ~BP_WATCHPOINT_HIT;
3481 }
3482 }
3483}
3484
3485/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3486 so these check for a hit then pass through to the normal out-of-line
3487 phys routines. */
3488static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3489{
3490 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3491 return ldub_phys(addr);
3492}
3493
3494static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3495{
3496 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3497 return lduw_phys(addr);
3498}
3499
3500static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3501{
3502 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3503 return ldl_phys(addr);
3504}
3505
3506static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3507 uint32_t val)
3508{
3509 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3510 stb_phys(addr, val);
3511}
3512
3513static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3514 uint32_t val)
3515{
3516 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3517 stw_phys(addr, val);
3518}
3519
3520static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3521 uint32_t val)
3522{
3523 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3524 stl_phys(addr, val);
3525}
3526
3527static CPUReadMemoryFunc * const watch_mem_read[3] = {
3528 watch_mem_readb,
3529 watch_mem_readw,
3530 watch_mem_readl,
3531};
3532
3533static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3534 watch_mem_writeb,
3535 watch_mem_writew,
3536 watch_mem_writel,
3537};
3538
3539static inline uint32_t subpage_readlen (subpage_t *mmio,
3540 target_phys_addr_t addr,
3541 unsigned int len)
3542{
3543 unsigned int idx = SUBPAGE_IDX(addr);
3544#if defined(DEBUG_SUBPAGE)
3545 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3546 mmio, len, addr, idx);
3547#endif
3548
3549 addr += mmio->region_offset[idx];
3550 idx = mmio->sub_io_index[idx];
3551 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3552}
3553
3554static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3555 uint32_t value, unsigned int len)
3556{
3557 unsigned int idx = SUBPAGE_IDX(addr);
3558#if defined(DEBUG_SUBPAGE)
3559 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3560 __func__, mmio, len, addr, idx, value);
3561#endif
3562
3563 addr += mmio->region_offset[idx];
3564 idx = mmio->sub_io_index[idx];
3565 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3566}
3567
3568static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3569{
3570 return subpage_readlen(opaque, addr, 0);
3571}
3572
3573static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3574 uint32_t value)
3575{
3576 subpage_writelen(opaque, addr, value, 0);
3577}
3578
3579static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3580{
3581 return subpage_readlen(opaque, addr, 1);
3582}
3583
3584static void subpage_writew (void *opaque, target_phys_addr_t addr,
3585 uint32_t value)
3586{
3587 subpage_writelen(opaque, addr, value, 1);
3588}
3589
3590static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3591{
3592 return subpage_readlen(opaque, addr, 2);
3593}
3594
3595static void subpage_writel (void *opaque, target_phys_addr_t addr,
3596 uint32_t value)
3597{
3598 subpage_writelen(opaque, addr, value, 2);
3599}
3600
3601static CPUReadMemoryFunc * const subpage_read[] = {
3602 &subpage_readb,
3603 &subpage_readw,
3604 &subpage_readl,
3605};
3606
3607static CPUWriteMemoryFunc * const subpage_write[] = {
3608 &subpage_writeb,
3609 &subpage_writew,
3610 &subpage_writel,
3611};
3612
3613static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3614 ram_addr_t memory, ram_addr_t region_offset)
3615{
3616 int idx, eidx;
3617
3618 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3619 return -1;
3620 idx = SUBPAGE_IDX(start);
3621 eidx = SUBPAGE_IDX(end);
3622#if defined(DEBUG_SUBPAGE)
3623 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3624 mmio, start, end, idx, eidx, memory);
3625#endif
3626 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3627 for (; idx <= eidx; idx++) {
3628 mmio->sub_io_index[idx] = memory;
3629 mmio->region_offset[idx] = region_offset;
3630 }
3631
3632 return 0;
3633}
3634
3635static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3636 ram_addr_t orig_memory,
3637 ram_addr_t region_offset)
3638{
3639 subpage_t *mmio;
3640 int subpage_memory;
3641
3642 mmio = qemu_mallocz(sizeof(subpage_t));
3643
3644 mmio->base = base;
3645 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3646#if defined(DEBUG_SUBPAGE)
3647 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3648 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3649#endif
3650 *phys = subpage_memory | IO_MEM_SUBPAGE;
3651 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3652
3653 return mmio;
3654}
3655
3656static int get_free_io_mem_idx(void)
3657{
3658 int i;
3659
3660 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3661 if (!io_mem_used[i]) {
3662 io_mem_used[i] = 1;
3663 return i;
3664 }
3665 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3666 return -1;
3667}
3668
3669/* mem_read and mem_write are arrays of functions containing the
3670 function to access byte (index 0), word (index 1) and dword (index
3671 2). Functions can be omitted with a NULL function pointer.
3672 If io_index is non zero, the corresponding io zone is
3673 modified. If it is zero, a new io zone is allocated. The return
3674 value can be used with cpu_register_physical_memory(). (-1) is
3675 returned if error. */
3676static int cpu_register_io_memory_fixed(int io_index,
3677 CPUReadMemoryFunc * const *mem_read,
3678 CPUWriteMemoryFunc * const *mem_write,
3679 void *opaque)
3680{
3681 int i;
3682
3683 if (io_index <= 0) {
3684 io_index = get_free_io_mem_idx();
3685 if (io_index == -1)
3686 return io_index;
3687 } else {
3688 io_index >>= IO_MEM_SHIFT;
3689 if (io_index >= IO_MEM_NB_ENTRIES)
3690 return -1;
3691 }
3692
3693 for (i = 0; i < 3; ++i) {
3694 io_mem_read[io_index][i]
3695 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3696 }
3697 for (i = 0; i < 3; ++i) {
3698 io_mem_write[io_index][i]
3699 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3700 }
3701 io_mem_opaque[io_index] = opaque;
3702
3703 return (io_index << IO_MEM_SHIFT);
3704}
3705
3706int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3707 CPUWriteMemoryFunc * const *mem_write,
3708 void *opaque)
3709{
3710 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3711}
3712
3713void cpu_unregister_io_memory(int io_table_address)
3714{
3715 int i;
3716 int io_index = io_table_address >> IO_MEM_SHIFT;
3717
3718 for (i=0;i < 3; i++) {
3719 io_mem_read[io_index][i] = unassigned_mem_read[i];
3720 io_mem_write[io_index][i] = unassigned_mem_write[i];
3721 }
3722 io_mem_opaque[io_index] = NULL;
3723 io_mem_used[io_index] = 0;
3724}
3725
3726static void io_mem_init(void)
3727{
3728 int i;
3729
3730 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3731 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3732 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3733 for (i=0; i<5; i++)
3734 io_mem_used[i] = 1;
3735
3736 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3737 watch_mem_write, NULL);
3738}
3739
3740#endif /* !defined(CONFIG_USER_ONLY) */
3741
3742/* physical memory access (slow version, mainly for debug) */
3743#if defined(CONFIG_USER_ONLY)
3744int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3745 uint8_t *buf, int len, int is_write)
3746{
3747 int l, flags;
3748 target_ulong page;
3749 void * p;
3750
3751 while (len > 0) {
3752 page = addr & TARGET_PAGE_MASK;
3753 l = (page + TARGET_PAGE_SIZE) - addr;
3754 if (l > len)
3755 l = len;
3756 flags = page_get_flags(page);
3757 if (!(flags & PAGE_VALID))
3758 return -1;
3759 if (is_write) {
3760 if (!(flags & PAGE_WRITE))
3761 return -1;
3762 /* XXX: this code should not depend on lock_user */
3763 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3764 return -1;
3765 memcpy(p, buf, l);
3766 unlock_user(p, addr, l);
3767 } else {
3768 if (!(flags & PAGE_READ))
3769 return -1;
3770 /* XXX: this code should not depend on lock_user */
3771 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3772 return -1;
3773 memcpy(buf, p, l);
3774 unlock_user(p, addr, 0);
3775 }
3776 len -= l;
3777 buf += l;
3778 addr += l;
3779 }
3780 return 0;
3781}
3782
3783#else
3784void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3785 int len, int is_write)
3786{
3787 int l, io_index;
3788 uint8_t *ptr;
3789 uint32_t val;
3790 target_phys_addr_t page;
3791 unsigned long pd;
3792 PhysPageDesc *p;
3793
3794 while (len > 0) {
3795 page = addr & TARGET_PAGE_MASK;
3796 l = (page + TARGET_PAGE_SIZE) - addr;
3797 if (l > len)
3798 l = len;
3799 p = phys_page_find(page >> TARGET_PAGE_BITS);
3800 if (!p) {
3801 pd = IO_MEM_UNASSIGNED;
3802 } else {
3803 pd = p->phys_offset;
3804 }
3805
3806 if (is_write) {
3807 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3808 target_phys_addr_t addr1 = addr;
3809 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3810 if (p)
3811 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3812 /* XXX: could force cpu_single_env to NULL to avoid
3813 potential bugs */
3814 if (l >= 4 && ((addr1 & 3) == 0)) {
3815 /* 32 bit write access */
3816#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
3817 val = ldl_p(buf);
3818#else
3819 val = *(const uint32_t *)buf;
3820#endif
3821 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3822 l = 4;
3823 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3824 /* 16 bit write access */
3825#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
3826 val = lduw_p(buf);
3827#else
3828 val = *(const uint16_t *)buf;
3829#endif
3830 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3831 l = 2;
3832 } else {
3833 /* 8 bit write access */
3834#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
3835 val = ldub_p(buf);
3836#else
3837 val = *(const uint8_t *)buf;
3838#endif
3839 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3840 l = 1;
3841 }
3842 } else {
3843 unsigned long addr1;
3844 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3845 /* RAM case */
3846#ifdef VBOX
3847 remR3PhysWrite(addr1, buf, l); NOREF(ptr);
3848#else
3849 ptr = qemu_get_ram_ptr(addr1);
3850 memcpy(ptr, buf, l);
3851#endif
3852 if (!cpu_physical_memory_is_dirty(addr1)) {
3853 /* invalidate code */
3854 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3855 /* set dirty bit */
3856 cpu_physical_memory_set_dirty_flags(
3857 addr1, (0xff & ~CODE_DIRTY_FLAG));
3858 }
3859 }
3860 } else {
3861 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3862 !(pd & IO_MEM_ROMD)) {
3863 target_phys_addr_t addr1 = addr;
3864 /* I/O case */
3865 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3866 if (p)
3867 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3868 if (l >= 4 && ((addr1 & 3) == 0)) {
3869 /* 32 bit read access */
3870 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3871#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
3872 stl_p(buf, val);
3873#else
3874 *(uint32_t *)buf = val;
3875#endif
3876 l = 4;
3877 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3878 /* 16 bit read access */
3879 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3880#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
3881 stw_p(buf, val);
3882#else
3883 *(uint16_t *)buf = val;
3884#endif
3885 l = 2;
3886 } else {
3887 /* 8 bit read access */
3888 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3889#if !defined(VBOX) || !defined(REM_PHYS_ADDR_IN_TLB)
3890 stb_p(buf, val);
3891#else
3892 *(uint8_t *)buf = val;
3893#endif
3894 l = 1;
3895 }
3896 } else {
3897 /* RAM case */
3898#ifdef VBOX
3899 remR3PhysRead((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), buf, l); NOREF(ptr);
3900#else
3901 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3902 (addr & ~TARGET_PAGE_MASK);
3903 memcpy(buf, ptr, l);
3904#endif
3905 }
3906 }
3907 len -= l;
3908 buf += l;
3909 addr += l;
3910 }
3911}
3912
3913#ifndef VBOX
3914
3915/* used for ROM loading : can write in RAM and ROM */
3916void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3917 const uint8_t *buf, int len)
3918{
3919 int l;
3920 uint8_t *ptr;
3921 target_phys_addr_t page;
3922 unsigned long pd;
3923 PhysPageDesc *p;
3924
3925 while (len > 0) {
3926 page = addr & TARGET_PAGE_MASK;
3927 l = (page + TARGET_PAGE_SIZE) - addr;
3928 if (l > len)
3929 l = len;
3930 p = phys_page_find(page >> TARGET_PAGE_BITS);
3931 if (!p) {
3932 pd = IO_MEM_UNASSIGNED;
3933 } else {
3934 pd = p->phys_offset;
3935 }
3936
3937 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3938 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3939 !(pd & IO_MEM_ROMD)) {
3940 /* do nothing */
3941 } else {
3942 unsigned long addr1;
3943 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3944 /* ROM/RAM case */
3945 ptr = qemu_get_ram_ptr(addr1);
3946 memcpy(ptr, buf, l);
3947 }
3948 len -= l;
3949 buf += l;
3950 addr += l;
3951 }
3952}
3953
3954typedef struct {
3955 void *buffer;
3956 target_phys_addr_t addr;
3957 target_phys_addr_t len;
3958} BounceBuffer;
3959
3960static BounceBuffer bounce;
3961
3962typedef struct MapClient {
3963 void *opaque;
3964 void (*callback)(void *opaque);
3965 QLIST_ENTRY(MapClient) link;
3966} MapClient;
3967
3968static QLIST_HEAD(map_client_list, MapClient) map_client_list
3969 = QLIST_HEAD_INITIALIZER(map_client_list);
3970
3971void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3972{
3973 MapClient *client = qemu_malloc(sizeof(*client));
3974
3975 client->opaque = opaque;
3976 client->callback = callback;
3977 QLIST_INSERT_HEAD(&map_client_list, client, link);
3978 return client;
3979}
3980
3981void cpu_unregister_map_client(void *_client)
3982{
3983 MapClient *client = (MapClient *)_client;
3984
3985 QLIST_REMOVE(client, link);
3986 qemu_free(client);
3987}
3988
3989static void cpu_notify_map_clients(void)
3990{
3991 MapClient *client;
3992
3993 while (!QLIST_EMPTY(&map_client_list)) {
3994 client = QLIST_FIRST(&map_client_list);
3995 client->callback(client->opaque);
3996 cpu_unregister_map_client(client);
3997 }
3998}
3999
4000/* Map a physical memory region into a host virtual address.
4001 * May map a subset of the requested range, given by and returned in *plen.
4002 * May return NULL if resources needed to perform the mapping are exhausted.
4003 * Use only for reads OR writes - not for read-modify-write operations.
4004 * Use cpu_register_map_client() to know when retrying the map operation is
4005 * likely to succeed.
4006 */
4007void *cpu_physical_memory_map(target_phys_addr_t addr,
4008 target_phys_addr_t *plen,
4009 int is_write)
4010{
4011 target_phys_addr_t len = *plen;
4012 target_phys_addr_t done = 0;
4013 int l;
4014 uint8_t *ret = NULL;
4015 uint8_t *ptr;
4016 target_phys_addr_t page;
4017 unsigned long pd;
4018 PhysPageDesc *p;
4019 unsigned long addr1;
4020
4021 while (len > 0) {
4022 page = addr & TARGET_PAGE_MASK;
4023 l = (page + TARGET_PAGE_SIZE) - addr;
4024 if (l > len)
4025 l = len;
4026 p = phys_page_find(page >> TARGET_PAGE_BITS);
4027 if (!p) {
4028 pd = IO_MEM_UNASSIGNED;
4029 } else {
4030 pd = p->phys_offset;
4031 }
4032
4033 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4034 if (done || bounce.buffer) {
4035 break;
4036 }
4037 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4038 bounce.addr = addr;
4039 bounce.len = l;
4040 if (!is_write) {
4041 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
4042 }
4043 ptr = bounce.buffer;
4044 } else {
4045 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4046 ptr = qemu_get_ram_ptr(addr1);
4047 }
4048 if (!done) {
4049 ret = ptr;
4050 } else if (ret + done != ptr) {
4051 break;
4052 }
4053
4054 len -= l;
4055 addr += l;
4056 done += l;
4057 }
4058 *plen = done;
4059 return ret;
4060}
4061
4062/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4063 * Will also mark the memory as dirty if is_write == 1. access_len gives
4064 * the amount of memory that was actually read or written by the caller.
4065 */
4066void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4067 int is_write, target_phys_addr_t access_len)
4068{
4069 if (buffer != bounce.buffer) {
4070 if (is_write) {
4071 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
4072 while (access_len) {
4073 unsigned l;
4074 l = TARGET_PAGE_SIZE;
4075 if (l > access_len)
4076 l = access_len;
4077 if (!cpu_physical_memory_is_dirty(addr1)) {
4078 /* invalidate code */
4079 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4080 /* set dirty bit */
4081 cpu_physical_memory_set_dirty_flags(
4082 addr1, (0xff & ~CODE_DIRTY_FLAG));
4083 }
4084 addr1 += l;
4085 access_len -= l;
4086 }
4087 }
4088 return;
4089 }
4090 if (is_write) {
4091 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4092 }
4093 qemu_vfree(bounce.buffer);
4094 bounce.buffer = NULL;
4095 cpu_notify_map_clients();
4096}
4097
4098#endif /* !VBOX */
4099
4100/* warning: addr must be aligned */
4101uint32_t ldl_phys(target_phys_addr_t addr)
4102{
4103 int io_index;
4104 uint8_t *ptr;
4105 uint32_t val;
4106 unsigned long pd;
4107 PhysPageDesc *p;
4108
4109 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4110 if (!p) {
4111 pd = IO_MEM_UNASSIGNED;
4112 } else {
4113 pd = p->phys_offset;
4114 }
4115
4116 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4117 !(pd & IO_MEM_ROMD)) {
4118 /* I/O case */
4119 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4120 if (p)
4121 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4122 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4123 } else {
4124 /* RAM case */
4125#ifndef VBOX
4126 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4127 (addr & ~TARGET_PAGE_MASK);
4128 val = ldl_p(ptr);
4129#else
4130 val = remR3PhysReadU32((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK)); NOREF(ptr);
4131#endif
4132 }
4133 return val;
4134}
4135
4136/* warning: addr must be aligned */
4137uint64_t ldq_phys(target_phys_addr_t addr)
4138{
4139 int io_index;
4140 uint8_t *ptr;
4141 uint64_t val;
4142 unsigned long pd;
4143 PhysPageDesc *p;
4144
4145 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4146 if (!p) {
4147 pd = IO_MEM_UNASSIGNED;
4148 } else {
4149 pd = p->phys_offset;
4150 }
4151
4152 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4153 !(pd & IO_MEM_ROMD)) {
4154 /* I/O case */
4155 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4156 if (p)
4157 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4158#ifdef TARGET_WORDS_BIGENDIAN
4159 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
4160 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
4161#else
4162 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4163 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
4164#endif
4165 } else {
4166 /* RAM case */
4167#ifndef VBOX
4168 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4169 (addr & ~TARGET_PAGE_MASK);
4170 val = ldq_p(ptr);
4171#else
4172 val = remR3PhysReadU64((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK)); NOREF(ptr);
4173#endif
4174 }
4175 return val;
4176}
4177
4178/* XXX: optimize */
4179uint32_t ldub_phys(target_phys_addr_t addr)
4180{
4181 uint8_t val;
4182 cpu_physical_memory_read(addr, &val, 1);
4183 return val;
4184}
4185
4186/* warning: addr must be aligned */
4187uint32_t lduw_phys(target_phys_addr_t addr)
4188{
4189 int io_index;
4190 uint8_t *ptr;
4191 uint64_t val;
4192 unsigned long pd;
4193 PhysPageDesc *p;
4194
4195 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4196 if (!p) {
4197 pd = IO_MEM_UNASSIGNED;
4198 } else {
4199 pd = p->phys_offset;
4200 }
4201
4202 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4203 !(pd & IO_MEM_ROMD)) {
4204 /* I/O case */
4205 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4206 if (p)
4207 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4208 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
4209 } else {
4210 /* RAM case */
4211#ifndef VBOX
4212 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4213 (addr & ~TARGET_PAGE_MASK);
4214 val = lduw_p(ptr);
4215#else
4216 val = remR3PhysReadU16((pd & TARGET_PAGE_MASK) | (addr & ~TARGET_PAGE_MASK));
4217#endif
4218 }
4219 return val;
4220}
4221
4222/* warning: addr must be aligned. The ram page is not masked as dirty
4223 and the code inside is not invalidated. It is useful if the dirty
4224 bits are used to track modified PTEs */
4225void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
4226{
4227 int io_index;
4228 uint8_t *ptr;
4229 unsigned long pd;
4230 PhysPageDesc *p;
4231
4232 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4233 if (!p) {
4234 pd = IO_MEM_UNASSIGNED;
4235 } else {
4236 pd = p->phys_offset;
4237 }
4238
4239 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4240 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4241 if (p)
4242 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4243 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4244 } else {
4245#ifndef VBOX
4246 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4247 ptr = qemu_get_ram_ptr(addr1);
4248 stl_p(ptr, val);
4249#else
4250 remR3PhysWriteU32((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), val); NOREF(ptr);
4251#endif
4252
4253#ifndef VBOX
4254 if (unlikely(in_migration)) {
4255 if (!cpu_physical_memory_is_dirty(addr1)) {
4256 /* invalidate code */
4257 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4258 /* set dirty bit */
4259 cpu_physical_memory_set_dirty_flags(
4260 addr1, (0xff & ~CODE_DIRTY_FLAG));
4261 }
4262 }
4263#endif /* !VBOX */
4264 }
4265}
4266
4267void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
4268{
4269 int io_index;
4270 uint8_t *ptr;
4271 unsigned long pd;
4272 PhysPageDesc *p;
4273
4274 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4275 if (!p) {
4276 pd = IO_MEM_UNASSIGNED;
4277 } else {
4278 pd = p->phys_offset;
4279 }
4280
4281 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4282 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4283 if (p)
4284 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4285#ifdef TARGET_WORDS_BIGENDIAN
4286 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
4287 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
4288#else
4289 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4290 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
4291#endif
4292 } else {
4293#ifndef VBOX
4294 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4295 (addr & ~TARGET_PAGE_MASK);
4296 stq_p(ptr, val);
4297#else
4298 remR3PhysWriteU64((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), val); NOREF(ptr);
4299#endif
4300 }
4301}
4302
4303/* warning: addr must be aligned */
4304void stl_phys(target_phys_addr_t addr, uint32_t val)
4305{
4306 int io_index;
4307 uint8_t *ptr;
4308 unsigned long pd;
4309 PhysPageDesc *p;
4310
4311 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4312 if (!p) {
4313 pd = IO_MEM_UNASSIGNED;
4314 } else {
4315 pd = p->phys_offset;
4316 }
4317
4318 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4319 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4320 if (p)
4321 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4322 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4323 } else {
4324 unsigned long addr1;
4325 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4326 /* RAM case */
4327#ifndef VBOX
4328 ptr = qemu_get_ram_ptr(addr1);
4329 stl_p(ptr, val);
4330#else
4331 remR3PhysWriteU32((pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK), val); NOREF(ptr);
4332#endif
4333 if (!cpu_physical_memory_is_dirty(addr1)) {
4334 /* invalidate code */
4335 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4336 /* set dirty bit */
4337 cpu_physical_memory_set_dirty_flags(addr1,
4338 (0xff & ~CODE_DIRTY_FLAG));
4339 }
4340 }
4341}
4342
4343/* XXX: optimize */
4344void stb_phys(target_phys_addr_t addr, uint32_t val)
4345{
4346 uint8_t v = val;
4347 cpu_physical_memory_write(addr, &v, 1);
4348}
4349
4350/* warning: addr must be aligned */
4351void stw_phys(target_phys_addr_t addr, uint32_t val)
4352{
4353 int io_index;
4354 uint8_t *ptr;
4355 unsigned long pd;
4356 PhysPageDesc *p;
4357
4358 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4359 if (!p) {
4360 pd = IO_MEM_UNASSIGNED;
4361 } else {
4362 pd = p->phys_offset;
4363 }
4364
4365 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4366 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4367 if (p)
4368 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4369 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4370 } else {
4371 unsigned long addr1;
4372 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4373 /* RAM case */
4374#ifndef VBOX
4375 ptr = qemu_get_ram_ptr(addr1);
4376 stw_p(ptr, val);
4377#else
4378 remR3PhysWriteU16(addr1, val); NOREF(ptr);
4379#endif
4380 if (!cpu_physical_memory_is_dirty(addr1)) {
4381 /* invalidate code */
4382 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4383 /* set dirty bit */
4384 cpu_physical_memory_set_dirty_flags(addr1,
4385 (0xff & ~CODE_DIRTY_FLAG));
4386 }
4387 }
4388}
4389
4390/* XXX: optimize */
4391void stq_phys(target_phys_addr_t addr, uint64_t val)
4392{
4393 val = tswap64(val);
4394 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
4395}
4396
4397#ifndef VBOX
4398/* virtual memory access for debug (includes writing to ROM) */
4399int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4400 uint8_t *buf, int len, int is_write)
4401{
4402 int l;
4403 target_phys_addr_t phys_addr;
4404 target_ulong page;
4405
4406 while (len > 0) {
4407 page = addr & TARGET_PAGE_MASK;
4408 phys_addr = cpu_get_phys_page_debug(env, page);
4409 /* if no physical page mapped, return an error */
4410 if (phys_addr == -1)
4411 return -1;
4412 l = (page + TARGET_PAGE_SIZE) - addr;
4413 if (l > len)
4414 l = len;
4415 phys_addr += (addr & ~TARGET_PAGE_MASK);
4416 if (is_write)
4417 cpu_physical_memory_write_rom(phys_addr, buf, l);
4418 else
4419 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4420 len -= l;
4421 buf += l;
4422 addr += l;
4423 }
4424 return 0;
4425}
4426#endif /* !VBOX */
4427#endif
4428
4429/* in deterministic execution mode, instructions doing device I/Os
4430 must be at the end of the TB */
4431void cpu_io_recompile(CPUState *env, void *retaddr)
4432{
4433 TranslationBlock *tb;
4434 uint32_t n, cflags;
4435 target_ulong pc, cs_base;
4436 uint64_t flags;
4437
4438 tb = tb_find_pc((unsigned long)retaddr);
4439 if (!tb) {
4440 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4441 retaddr);
4442 }
4443 n = env->icount_decr.u16.low + tb->icount;
4444 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
4445 /* Calculate how many instructions had been executed before the fault
4446 occurred. */
4447 n = n - env->icount_decr.u16.low;
4448 /* Generate a new TB ending on the I/O insn. */
4449 n++;
4450 /* On MIPS and SH, delay slot instructions can only be restarted if
4451 they were already the first instruction in the TB. If this is not
4452 the first instruction in a TB then re-execute the preceding
4453 branch. */
4454#if defined(TARGET_MIPS)
4455 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4456 env->active_tc.PC -= 4;
4457 env->icount_decr.u16.low++;
4458 env->hflags &= ~MIPS_HFLAG_BMASK;
4459 }
4460#elif defined(TARGET_SH4)
4461 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4462 && n > 1) {
4463 env->pc -= 2;
4464 env->icount_decr.u16.low++;
4465 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4466 }
4467#endif
4468 /* This should never happen. */
4469 if (n > CF_COUNT_MASK)
4470 cpu_abort(env, "TB too big during recompile");
4471
4472 cflags = n | CF_LAST_IO;
4473 pc = tb->pc;
4474 cs_base = tb->cs_base;
4475 flags = tb->flags;
4476 tb_phys_invalidate(tb, -1);
4477 /* FIXME: In theory this could raise an exception. In practice
4478 we have already translated the block once so it's probably ok. */
4479 tb_gen_code(env, pc, cs_base, flags, cflags);
4480 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4481 the first in the TB) then we end up generating a whole new TB and
4482 repeating the fault, which is horribly inefficient.
4483 Better would be to execute just this insn uncached, or generate a
4484 second new TB. */
4485 cpu_resume_from_signal(env, NULL);
4486}
4487
4488#if !defined(CONFIG_USER_ONLY)
4489
4490#ifndef VBOX
4491void dump_exec_info(FILE *f,
4492 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
4493{
4494 int i, target_code_size, max_target_code_size;
4495 int direct_jmp_count, direct_jmp2_count, cross_page;
4496 TranslationBlock *tb;
4497
4498 target_code_size = 0;
4499 max_target_code_size = 0;
4500 cross_page = 0;
4501 direct_jmp_count = 0;
4502 direct_jmp2_count = 0;
4503 for(i = 0; i < nb_tbs; i++) {
4504 tb = &tbs[i];
4505 target_code_size += tb->size;
4506 if (tb->size > max_target_code_size)
4507 max_target_code_size = tb->size;
4508 if (tb->page_addr[1] != -1)
4509 cross_page++;
4510 if (tb->tb_next_offset[0] != 0xffff) {
4511 direct_jmp_count++;
4512 if (tb->tb_next_offset[1] != 0xffff) {
4513 direct_jmp2_count++;
4514 }
4515 }
4516 }
4517 /* XXX: avoid using doubles ? */
4518 cpu_fprintf(f, "Translation buffer state:\n");
4519 cpu_fprintf(f, "gen code size %ld/%ld\n",
4520 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4521 cpu_fprintf(f, "TB count %d/%d\n",
4522 nb_tbs, code_gen_max_blocks);
4523 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4524 nb_tbs ? target_code_size / nb_tbs : 0,
4525 max_target_code_size);
4526 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4527 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4528 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4529 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4530 cross_page,
4531 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4532 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4533 direct_jmp_count,
4534 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4535 direct_jmp2_count,
4536 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4537 cpu_fprintf(f, "\nStatistics:\n");
4538 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4539 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4540 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4541 tcg_dump_info(f, cpu_fprintf);
4542}
4543#endif /* !VBOX */
4544
4545#define MMUSUFFIX _cmmu
4546#define GETPC() NULL
4547#define env cpu_single_env
4548#define SOFTMMU_CODE_ACCESS
4549
4550#define SHIFT 0
4551#include "softmmu_template.h"
4552
4553#define SHIFT 1
4554#include "softmmu_template.h"
4555
4556#define SHIFT 2
4557#include "softmmu_template.h"
4558
4559#define SHIFT 3
4560#include "softmmu_template.h"
4561
4562#undef env
4563
4564#endif
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette