1 /* 2 * Common CPU TLB handling 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qemu/main-loop.h" 22 #include "cpu.h" 23 #include "exec/exec-all.h" 24 #include "exec/memory.h" 25 #include "exec/address-spaces.h" 26 #include "exec/cpu_ldst.h" 27 #include "exec/cputlb.h" 28 #include "exec/memory-internal.h" 29 #include "exec/ram_addr.h" 30 #include "tcg/tcg.h" 31 #include "qemu/error-report.h" 32 #include "exec/log.h" 33 #include "exec/helper-proto.h" 34 #include "qemu/atomic.h" 35 #include "qemu/atomic128.h" 36 37 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */ 38 /* #define DEBUG_TLB */ 39 /* #define DEBUG_TLB_LOG */ 40 41 #ifdef DEBUG_TLB 42 # define DEBUG_TLB_GATE 1 43 # ifdef DEBUG_TLB_LOG 44 # define DEBUG_TLB_LOG_GATE 1 45 # else 46 # define DEBUG_TLB_LOG_GATE 0 47 # endif 48 #else 49 # define DEBUG_TLB_GATE 0 50 # define DEBUG_TLB_LOG_GATE 0 51 #endif 52 53 #define tlb_debug(fmt, ...) do { \ 54 if (DEBUG_TLB_LOG_GATE) { \ 55 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \ 56 ## __VA_ARGS__); \ 57 } else if (DEBUG_TLB_GATE) { \ 58 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \ 59 } \ 60 } while (0) 61 62 #define assert_cpu_is_self(cpu) do { \ 63 if (DEBUG_TLB_GATE) { \ 64 g_assert(!(cpu)->created || qemu_cpu_is_self(cpu)); \ 65 } \ 66 } while (0) 67 68 /* run_on_cpu_data.target_ptr should always be big enough for a 69 * target_ulong even on 32 bit builds */ 70 QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data)); 71 72 /* We currently can't handle more than 16 bits in the MMUIDX bitmask. 73 */ 74 QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16); 75 #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1) 76 77 static inline size_t sizeof_tlb(CPUArchState *env, uintptr_t mmu_idx) 78 { 79 return env->tlb_mask[mmu_idx] + (1 << CPU_TLB_ENTRY_BITS); 80 } 81 82 static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns, 83 size_t max_entries) 84 { 85 desc->window_begin_ns = ns; 86 desc->window_max_entries = max_entries; 87 } 88 89 static void tlb_dyn_init(CPUArchState *env) 90 { 91 int i; 92 93 for (i = 0; i < NB_MMU_MODES; i++) { 94 CPUTLBDesc *desc = &env->tlb_d[i]; 95 size_t n_entries = 1 << CPU_TLB_DYN_DEFAULT_BITS; 96 97 tlb_window_reset(desc, get_clock_realtime(), 0); 98 desc->n_used_entries = 0; 99 env->tlb_mask[i] = (n_entries - 1) << CPU_TLB_ENTRY_BITS; 100 env->tlb_table[i] = g_new(CPUTLBEntry, n_entries); 101 env->iotlb[i] = g_new(CPUIOTLBEntry, n_entries); 102 } 103 } 104 105 /** 106 * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary 107 * @env: CPU that owns the TLB 108 * @mmu_idx: MMU index of the TLB 109 * 110 * Called with tlb_lock_held. 111 * 112 * We have two main constraints when resizing a TLB: (1) we only resize it 113 * on a TLB flush (otherwise we'd have to take a perf hit by either rehashing 114 * the array or unnecessarily flushing it), which means we do not control how 115 * frequently the resizing can occur; (2) we don't have access to the guest's 116 * future scheduling decisions, and therefore have to decide the magnitude of 117 * the resize based on past observations. 118 * 119 * In general, a memory-hungry process can benefit greatly from an appropriately 120 * sized TLB, since a guest TLB miss is very expensive. This doesn't mean that 121 * we just have to make the TLB as large as possible; while an oversized TLB 122 * results in minimal TLB miss rates, it also takes longer to be flushed 123 * (flushes can be _very_ frequent), and the reduced locality can also hurt 124 * performance. 125 * 126 * To achieve near-optimal performance for all kinds of workloads, we: 127 * 128 * 1. Aggressively increase the size of the TLB when the use rate of the 129 * TLB being flushed is high, since it is likely that in the near future this 130 * memory-hungry process will execute again, and its memory hungriness will 131 * probably be similar. 132 * 133 * 2. Slowly reduce the size of the TLB as the use rate declines over a 134 * reasonably large time window. The rationale is that if in such a time window 135 * we have not observed a high TLB use rate, it is likely that we won't observe 136 * it in the near future. In that case, once a time window expires we downsize 137 * the TLB to match the maximum use rate observed in the window. 138 * 139 * 3. Try to keep the maximum use rate in a time window in the 30-70% range, 140 * since in that range performance is likely near-optimal. Recall that the TLB 141 * is direct mapped, so we want the use rate to be low (or at least not too 142 * high), since otherwise we are likely to have a significant amount of 143 * conflict misses. 144 */ 145 static void tlb_mmu_resize_locked(CPUArchState *env, int mmu_idx) 146 { 147 CPUTLBDesc *desc = &env->tlb_d[mmu_idx]; 148 size_t old_size = tlb_n_entries(env, mmu_idx); 149 size_t rate; 150 size_t new_size = old_size; 151 int64_t now = get_clock_realtime(); 152 int64_t window_len_ms = 100; 153 int64_t window_len_ns = window_len_ms * 1000 * 1000; 154 bool window_expired = now > desc->window_begin_ns + window_len_ns; 155 156 if (desc->n_used_entries > desc->window_max_entries) { 157 desc->window_max_entries = desc->n_used_entries; 158 } 159 rate = desc->window_max_entries * 100 / old_size; 160 161 if (rate > 70) { 162 new_size = MIN(old_size << 1, 1 << CPU_TLB_DYN_MAX_BITS); 163 } else if (rate < 30 && window_expired) { 164 size_t ceil = pow2ceil(desc->window_max_entries); 165 size_t expected_rate = desc->window_max_entries * 100 / ceil; 166 167 /* 168 * Avoid undersizing when the max number of entries seen is just below 169 * a pow2. For instance, if max_entries == 1025, the expected use rate 170 * would be 1025/2048==50%. However, if max_entries == 1023, we'd get 171 * 1023/1024==99.9% use rate, so we'd likely end up doubling the size 172 * later. Thus, make sure that the expected use rate remains below 70%. 173 * (and since we double the size, that means the lowest rate we'd 174 * expect to get is 35%, which is still in the 30-70% range where 175 * we consider that the size is appropriate.) 176 */ 177 if (expected_rate > 70) { 178 ceil *= 2; 179 } 180 new_size = MAX(ceil, 1 << CPU_TLB_DYN_MIN_BITS); 181 } 182 183 if (new_size == old_size) { 184 if (window_expired) { 185 tlb_window_reset(desc, now, desc->n_used_entries); 186 } 187 return; 188 } 189 190 g_free(env->tlb_table[mmu_idx]); 191 g_free(env->iotlb[mmu_idx]); 192 193 tlb_window_reset(desc, now, 0); 194 /* desc->n_used_entries is cleared by the caller */ 195 env->tlb_mask[mmu_idx] = (new_size - 1) << CPU_TLB_ENTRY_BITS; 196 env->tlb_table[mmu_idx] = g_try_new(CPUTLBEntry, new_size); 197 env->iotlb[mmu_idx] = g_try_new(CPUIOTLBEntry, new_size); 198 /* 199 * If the allocations fail, try smaller sizes. We just freed some 200 * memory, so going back to half of new_size has a good chance of working. 201 * Increased memory pressure elsewhere in the system might cause the 202 * allocations to fail though, so we progressively reduce the allocation 203 * size, aborting if we cannot even allocate the smallest TLB we support. 204 */ 205 while (env->tlb_table[mmu_idx] == NULL || env->iotlb[mmu_idx] == NULL) { 206 if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) { 207 error_report("%s: %s", __func__, strerror(errno)); 208 abort(); 209 } 210 new_size = MAX(new_size >> 1, 1 << CPU_TLB_DYN_MIN_BITS); 211 env->tlb_mask[mmu_idx] = (new_size - 1) << CPU_TLB_ENTRY_BITS; 212 213 g_free(env->tlb_table[mmu_idx]); 214 g_free(env->iotlb[mmu_idx]); 215 env->tlb_table[mmu_idx] = g_try_new(CPUTLBEntry, new_size); 216 env->iotlb[mmu_idx] = g_try_new(CPUIOTLBEntry, new_size); 217 } 218 } 219 220 static inline void tlb_table_flush_by_mmuidx(CPUArchState *env, int mmu_idx) 221 { 222 tlb_mmu_resize_locked(env, mmu_idx); 223 memset(env->tlb_table[mmu_idx], -1, sizeof_tlb(env, mmu_idx)); 224 env->tlb_d[mmu_idx].n_used_entries = 0; 225 } 226 227 static inline void tlb_n_used_entries_inc(CPUArchState *env, uintptr_t mmu_idx) 228 { 229 env->tlb_d[mmu_idx].n_used_entries++; 230 } 231 232 static inline void tlb_n_used_entries_dec(CPUArchState *env, uintptr_t mmu_idx) 233 { 234 env->tlb_d[mmu_idx].n_used_entries--; 235 } 236 237 void tlb_init(CPUState *cpu) 238 { 239 CPUArchState *env = cpu->env_ptr; 240 241 qemu_spin_init(&env->tlb_c.lock); 242 243 /* Ensure that cpu_reset performs a full flush. */ 244 env->tlb_c.dirty = ALL_MMUIDX_BITS; 245 246 tlb_dyn_init(env); 247 } 248 249 /* flush_all_helper: run fn across all cpus 250 * 251 * If the wait flag is set then the src cpu's helper will be queued as 252 * "safe" work and the loop exited creating a synchronisation point 253 * where all queued work will be finished before execution starts 254 * again. 255 */ 256 static void flush_all_helper(CPUState *src, run_on_cpu_func fn, 257 run_on_cpu_data d) 258 { 259 CPUState *cpu; 260 261 CPU_FOREACH(cpu) { 262 if (cpu != src) { 263 async_run_on_cpu(cpu, fn, d); 264 } 265 } 266 } 267 268 void tlb_flush_counts(size_t *pfull, size_t *ppart, size_t *pelide) 269 { 270 CPUState *cpu; 271 size_t full = 0, part = 0, elide = 0; 272 273 CPU_FOREACH(cpu) { 274 CPUArchState *env = cpu->env_ptr; 275 276 full += atomic_read(&env->tlb_c.full_flush_count); 277 part += atomic_read(&env->tlb_c.part_flush_count); 278 elide += atomic_read(&env->tlb_c.elide_flush_count); 279 } 280 *pfull = full; 281 *ppart = part; 282 *pelide = elide; 283 } 284 285 static void tlb_flush_one_mmuidx_locked(CPUArchState *env, int mmu_idx) 286 { 287 tlb_table_flush_by_mmuidx(env, mmu_idx); 288 memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0])); 289 env->tlb_d[mmu_idx].large_page_addr = -1; 290 env->tlb_d[mmu_idx].large_page_mask = -1; 291 env->tlb_d[mmu_idx].vindex = 0; 292 } 293 294 static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data) 295 { 296 CPUArchState *env = cpu->env_ptr; 297 uint16_t asked = data.host_int; 298 uint16_t all_dirty, work, to_clean; 299 300 assert_cpu_is_self(cpu); 301 302 tlb_debug("mmu_idx:0x%04" PRIx16 "\n", asked); 303 304 qemu_spin_lock(&env->tlb_c.lock); 305 306 all_dirty = env->tlb_c.dirty; 307 to_clean = asked & all_dirty; 308 all_dirty &= ~to_clean; 309 env->tlb_c.dirty = all_dirty; 310 311 for (work = to_clean; work != 0; work &= work - 1) { 312 int mmu_idx = ctz32(work); 313 tlb_flush_one_mmuidx_locked(env, mmu_idx); 314 } 315 316 qemu_spin_unlock(&env->tlb_c.lock); 317 318 cpu_tb_jmp_cache_clear(cpu); 319 320 if (to_clean == ALL_MMUIDX_BITS) { 321 atomic_set(&env->tlb_c.full_flush_count, 322 env->tlb_c.full_flush_count + 1); 323 } else { 324 atomic_set(&env->tlb_c.part_flush_count, 325 env->tlb_c.part_flush_count + ctpop16(to_clean)); 326 if (to_clean != asked) { 327 atomic_set(&env->tlb_c.elide_flush_count, 328 env->tlb_c.elide_flush_count + 329 ctpop16(asked & ~to_clean)); 330 } 331 } 332 } 333 334 void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap) 335 { 336 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap); 337 338 if (cpu->created && !qemu_cpu_is_self(cpu)) { 339 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work, 340 RUN_ON_CPU_HOST_INT(idxmap)); 341 } else { 342 tlb_flush_by_mmuidx_async_work(cpu, RUN_ON_CPU_HOST_INT(idxmap)); 343 } 344 } 345 346 void tlb_flush(CPUState *cpu) 347 { 348 tlb_flush_by_mmuidx(cpu, ALL_MMUIDX_BITS); 349 } 350 351 void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap) 352 { 353 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work; 354 355 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap); 356 357 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap)); 358 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap)); 359 } 360 361 void tlb_flush_all_cpus(CPUState *src_cpu) 362 { 363 tlb_flush_by_mmuidx_all_cpus(src_cpu, ALL_MMUIDX_BITS); 364 } 365 366 void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu, uint16_t idxmap) 367 { 368 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work; 369 370 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap); 371 372 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap)); 373 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap)); 374 } 375 376 void tlb_flush_all_cpus_synced(CPUState *src_cpu) 377 { 378 tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, ALL_MMUIDX_BITS); 379 } 380 381 static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry, 382 target_ulong page) 383 { 384 return tlb_hit_page(tlb_entry->addr_read, page) || 385 tlb_hit_page(tlb_addr_write(tlb_entry), page) || 386 tlb_hit_page(tlb_entry->addr_code, page); 387 } 388 389 /** 390 * tlb_entry_is_empty - return true if the entry is not in use 391 * @te: pointer to CPUTLBEntry 392 */ 393 static inline bool tlb_entry_is_empty(const CPUTLBEntry *te) 394 { 395 return te->addr_read == -1 && te->addr_write == -1 && te->addr_code == -1; 396 } 397 398 /* Called with tlb_c.lock held */ 399 static inline bool tlb_flush_entry_locked(CPUTLBEntry *tlb_entry, 400 target_ulong page) 401 { 402 if (tlb_hit_page_anyprot(tlb_entry, page)) { 403 memset(tlb_entry, -1, sizeof(*tlb_entry)); 404 return true; 405 } 406 return false; 407 } 408 409 /* Called with tlb_c.lock held */ 410 static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx, 411 target_ulong page) 412 { 413 int k; 414 415 assert_cpu_is_self(ENV_GET_CPU(env)); 416 for (k = 0; k < CPU_VTLB_SIZE; k++) { 417 if (tlb_flush_entry_locked(&env->tlb_v_table[mmu_idx][k], page)) { 418 tlb_n_used_entries_dec(env, mmu_idx); 419 } 420 } 421 } 422 423 static void tlb_flush_page_locked(CPUArchState *env, int midx, 424 target_ulong page) 425 { 426 target_ulong lp_addr = env->tlb_d[midx].large_page_addr; 427 target_ulong lp_mask = env->tlb_d[midx].large_page_mask; 428 429 /* Check if we need to flush due to large pages. */ 430 if ((page & lp_mask) == lp_addr) { 431 tlb_debug("forcing full flush midx %d (" 432 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n", 433 midx, lp_addr, lp_mask); 434 tlb_flush_one_mmuidx_locked(env, midx); 435 } else { 436 if (tlb_flush_entry_locked(tlb_entry(env, midx, page), page)) { 437 tlb_n_used_entries_dec(env, midx); 438 } 439 tlb_flush_vtlb_page_locked(env, midx, page); 440 } 441 } 442 443 /* As we are going to hijack the bottom bits of the page address for a 444 * mmuidx bit mask we need to fail to build if we can't do that 445 */ 446 QEMU_BUILD_BUG_ON(NB_MMU_MODES > TARGET_PAGE_BITS_MIN); 447 448 static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu, 449 run_on_cpu_data data) 450 { 451 CPUArchState *env = cpu->env_ptr; 452 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr; 453 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK; 454 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS; 455 int mmu_idx; 456 457 assert_cpu_is_self(cpu); 458 459 tlb_debug("page addr:" TARGET_FMT_lx " mmu_map:0x%lx\n", 460 addr, mmu_idx_bitmap); 461 462 qemu_spin_lock(&env->tlb_c.lock); 463 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { 464 if (test_bit(mmu_idx, &mmu_idx_bitmap)) { 465 tlb_flush_page_locked(env, mmu_idx, addr); 466 } 467 } 468 qemu_spin_unlock(&env->tlb_c.lock); 469 470 tb_flush_jmp_cache(cpu, addr); 471 } 472 473 void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap) 474 { 475 target_ulong addr_and_mmu_idx; 476 477 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap); 478 479 /* This should already be page aligned */ 480 addr_and_mmu_idx = addr & TARGET_PAGE_MASK; 481 addr_and_mmu_idx |= idxmap; 482 483 if (!qemu_cpu_is_self(cpu)) { 484 async_run_on_cpu(cpu, tlb_flush_page_by_mmuidx_async_work, 485 RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx)); 486 } else { 487 tlb_flush_page_by_mmuidx_async_work( 488 cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx)); 489 } 490 } 491 492 void tlb_flush_page(CPUState *cpu, target_ulong addr) 493 { 494 tlb_flush_page_by_mmuidx(cpu, addr, ALL_MMUIDX_BITS); 495 } 496 497 void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr, 498 uint16_t idxmap) 499 { 500 const run_on_cpu_func fn = tlb_flush_page_by_mmuidx_async_work; 501 target_ulong addr_and_mmu_idx; 502 503 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap); 504 505 /* This should already be page aligned */ 506 addr_and_mmu_idx = addr & TARGET_PAGE_MASK; 507 addr_and_mmu_idx |= idxmap; 508 509 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx)); 510 fn(src_cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx)); 511 } 512 513 void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr) 514 { 515 tlb_flush_page_by_mmuidx_all_cpus(src, addr, ALL_MMUIDX_BITS); 516 } 517 518 void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu, 519 target_ulong addr, 520 uint16_t idxmap) 521 { 522 const run_on_cpu_func fn = tlb_flush_page_by_mmuidx_async_work; 523 target_ulong addr_and_mmu_idx; 524 525 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap); 526 527 /* This should already be page aligned */ 528 addr_and_mmu_idx = addr & TARGET_PAGE_MASK; 529 addr_and_mmu_idx |= idxmap; 530 531 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx)); 532 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx)); 533 } 534 535 void tlb_flush_page_all_cpus_synced(CPUState *src, target_ulong addr) 536 { 537 tlb_flush_page_by_mmuidx_all_cpus_synced(src, addr, ALL_MMUIDX_BITS); 538 } 539 540 /* update the TLBs so that writes to code in the virtual page 'addr' 541 can be detected */ 542 void tlb_protect_code(ram_addr_t ram_addr) 543 { 544 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE, 545 DIRTY_MEMORY_CODE); 546 } 547 548 /* update the TLB so that writes in physical page 'phys_addr' are no longer 549 tested for self modifying code */ 550 void tlb_unprotect_code(ram_addr_t ram_addr) 551 { 552 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE); 553 } 554 555 556 /* 557 * Dirty write flag handling 558 * 559 * When the TCG code writes to a location it looks up the address in 560 * the TLB and uses that data to compute the final address. If any of 561 * the lower bits of the address are set then the slow path is forced. 562 * There are a number of reasons to do this but for normal RAM the 563 * most usual is detecting writes to code regions which may invalidate 564 * generated code. 565 * 566 * Other vCPUs might be reading their TLBs during guest execution, so we update 567 * te->addr_write with atomic_set. We don't need to worry about this for 568 * oversized guests as MTTCG is disabled for them. 569 * 570 * Called with tlb_c.lock held. 571 */ 572 static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry, 573 uintptr_t start, uintptr_t length) 574 { 575 uintptr_t addr = tlb_entry->addr_write; 576 577 if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) { 578 addr &= TARGET_PAGE_MASK; 579 addr += tlb_entry->addend; 580 if ((addr - start) < length) { 581 #if TCG_OVERSIZED_GUEST 582 tlb_entry->addr_write |= TLB_NOTDIRTY; 583 #else 584 atomic_set(&tlb_entry->addr_write, 585 tlb_entry->addr_write | TLB_NOTDIRTY); 586 #endif 587 } 588 } 589 } 590 591 /* 592 * Called with tlb_c.lock held. 593 * Called only from the vCPU context, i.e. the TLB's owner thread. 594 */ 595 static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s) 596 { 597 *d = *s; 598 } 599 600 /* This is a cross vCPU call (i.e. another vCPU resetting the flags of 601 * the target vCPU). 602 * We must take tlb_c.lock to avoid racing with another vCPU update. The only 603 * thing actually updated is the target TLB entry ->addr_write flags. 604 */ 605 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length) 606 { 607 CPUArchState *env; 608 609 int mmu_idx; 610 611 env = cpu->env_ptr; 612 qemu_spin_lock(&env->tlb_c.lock); 613 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { 614 unsigned int i; 615 unsigned int n = tlb_n_entries(env, mmu_idx); 616 617 for (i = 0; i < n; i++) { 618 tlb_reset_dirty_range_locked(&env->tlb_table[mmu_idx][i], start1, 619 length); 620 } 621 622 for (i = 0; i < CPU_VTLB_SIZE; i++) { 623 tlb_reset_dirty_range_locked(&env->tlb_v_table[mmu_idx][i], start1, 624 length); 625 } 626 } 627 qemu_spin_unlock(&env->tlb_c.lock); 628 } 629 630 /* Called with tlb_c.lock held */ 631 static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry, 632 target_ulong vaddr) 633 { 634 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) { 635 tlb_entry->addr_write = vaddr; 636 } 637 } 638 639 /* update the TLB corresponding to virtual page vaddr 640 so that it is no longer dirty */ 641 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr) 642 { 643 CPUArchState *env = cpu->env_ptr; 644 int mmu_idx; 645 646 assert_cpu_is_self(cpu); 647 648 vaddr &= TARGET_PAGE_MASK; 649 qemu_spin_lock(&env->tlb_c.lock); 650 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { 651 tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr); 652 } 653 654 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { 655 int k; 656 for (k = 0; k < CPU_VTLB_SIZE; k++) { 657 tlb_set_dirty1_locked(&env->tlb_v_table[mmu_idx][k], vaddr); 658 } 659 } 660 qemu_spin_unlock(&env->tlb_c.lock); 661 } 662 663 /* Our TLB does not support large pages, so remember the area covered by 664 large pages and trigger a full TLB flush if these are invalidated. */ 665 static void tlb_add_large_page(CPUArchState *env, int mmu_idx, 666 target_ulong vaddr, target_ulong size) 667 { 668 target_ulong lp_addr = env->tlb_d[mmu_idx].large_page_addr; 669 target_ulong lp_mask = ~(size - 1); 670 671 if (lp_addr == (target_ulong)-1) { 672 /* No previous large page. */ 673 lp_addr = vaddr; 674 } else { 675 /* Extend the existing region to include the new page. 676 This is a compromise between unnecessary flushes and 677 the cost of maintaining a full variable size TLB. */ 678 lp_mask &= env->tlb_d[mmu_idx].large_page_mask; 679 while (((lp_addr ^ vaddr) & lp_mask) != 0) { 680 lp_mask <<= 1; 681 } 682 } 683 env->tlb_d[mmu_idx].large_page_addr = lp_addr & lp_mask; 684 env->tlb_d[mmu_idx].large_page_mask = lp_mask; 685 } 686 687 /* Add a new TLB entry. At most one entry for a given virtual address 688 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the 689 * supplied size is only used by tlb_flush_page. 690 * 691 * Called from TCG-generated code, which is under an RCU read-side 692 * critical section. 693 */ 694 void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, 695 hwaddr paddr, MemTxAttrs attrs, int prot, 696 int mmu_idx, target_ulong size) 697 { 698 CPUArchState *env = cpu->env_ptr; 699 MemoryRegionSection *section; 700 unsigned int index; 701 target_ulong address; 702 target_ulong code_address; 703 uintptr_t addend; 704 CPUTLBEntry *te, tn; 705 hwaddr iotlb, xlat, sz, paddr_page; 706 target_ulong vaddr_page; 707 int asidx = cpu_asidx_from_attrs(cpu, attrs); 708 709 assert_cpu_is_self(cpu); 710 711 if (size <= TARGET_PAGE_SIZE) { 712 sz = TARGET_PAGE_SIZE; 713 } else { 714 tlb_add_large_page(env, mmu_idx, vaddr, size); 715 sz = size; 716 } 717 vaddr_page = vaddr & TARGET_PAGE_MASK; 718 paddr_page = paddr & TARGET_PAGE_MASK; 719 720 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page, 721 &xlat, &sz, attrs, &prot); 722 assert(sz >= TARGET_PAGE_SIZE); 723 724 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx 725 " prot=%x idx=%d\n", 726 vaddr, paddr, prot, mmu_idx); 727 728 address = vaddr_page; 729 if (size < TARGET_PAGE_SIZE) { 730 /* 731 * Slow-path the TLB entries; we will repeat the MMU check and TLB 732 * fill on every access. 733 */ 734 address |= TLB_RECHECK; 735 } 736 if (!memory_region_is_ram(section->mr) && 737 !memory_region_is_romd(section->mr)) { 738 /* IO memory case */ 739 address |= TLB_MMIO; 740 addend = 0; 741 } else { 742 /* TLB_MMIO for rom/romd handled below */ 743 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat; 744 } 745 746 code_address = address; 747 iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page, 748 paddr_page, xlat, prot, &address); 749 750 index = tlb_index(env, mmu_idx, vaddr_page); 751 te = tlb_entry(env, mmu_idx, vaddr_page); 752 753 /* 754 * Hold the TLB lock for the rest of the function. We could acquire/release 755 * the lock several times in the function, but it is faster to amortize the 756 * acquisition cost by acquiring it just once. Note that this leads to 757 * a longer critical section, but this is not a concern since the TLB lock 758 * is unlikely to be contended. 759 */ 760 qemu_spin_lock(&env->tlb_c.lock); 761 762 /* Note that the tlb is no longer clean. */ 763 env->tlb_c.dirty |= 1 << mmu_idx; 764 765 /* Make sure there's no cached translation for the new page. */ 766 tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page); 767 768 /* 769 * Only evict the old entry to the victim tlb if it's for a 770 * different page; otherwise just overwrite the stale data. 771 */ 772 if (!tlb_hit_page_anyprot(te, vaddr_page) && !tlb_entry_is_empty(te)) { 773 unsigned vidx = env->tlb_d[mmu_idx].vindex++ % CPU_VTLB_SIZE; 774 CPUTLBEntry *tv = &env->tlb_v_table[mmu_idx][vidx]; 775 776 /* Evict the old entry into the victim tlb. */ 777 copy_tlb_helper_locked(tv, te); 778 env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index]; 779 tlb_n_used_entries_dec(env, mmu_idx); 780 } 781 782 /* refill the tlb */ 783 /* 784 * At this point iotlb contains a physical section number in the lower 785 * TARGET_PAGE_BITS, and either 786 * + the ram_addr_t of the page base of the target RAM (if NOTDIRTY or ROM) 787 * + the offset within section->mr of the page base (otherwise) 788 * We subtract the vaddr_page (which is page aligned and thus won't 789 * disturb the low bits) to give an offset which can be added to the 790 * (non-page-aligned) vaddr of the eventual memory access to get 791 * the MemoryRegion offset for the access. Note that the vaddr we 792 * subtract here is that of the page base, and not the same as the 793 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code(). 794 */ 795 env->iotlb[mmu_idx][index].addr = iotlb - vaddr_page; 796 env->iotlb[mmu_idx][index].attrs = attrs; 797 798 /* Now calculate the new entry */ 799 tn.addend = addend - vaddr_page; 800 if (prot & PAGE_READ) { 801 tn.addr_read = address; 802 } else { 803 tn.addr_read = -1; 804 } 805 806 if (prot & PAGE_EXEC) { 807 tn.addr_code = code_address; 808 } else { 809 tn.addr_code = -1; 810 } 811 812 tn.addr_write = -1; 813 if (prot & PAGE_WRITE) { 814 if ((memory_region_is_ram(section->mr) && section->readonly) 815 || memory_region_is_romd(section->mr)) { 816 /* Write access calls the I/O callback. */ 817 tn.addr_write = address | TLB_MMIO; 818 } else if (memory_region_is_ram(section->mr) 819 && cpu_physical_memory_is_clean( 820 memory_region_get_ram_addr(section->mr) + xlat)) { 821 tn.addr_write = address | TLB_NOTDIRTY; 822 } else { 823 tn.addr_write = address; 824 } 825 if (prot & PAGE_WRITE_INV) { 826 tn.addr_write |= TLB_INVALID_MASK; 827 } 828 } 829 830 copy_tlb_helper_locked(te, &tn); 831 tlb_n_used_entries_inc(env, mmu_idx); 832 qemu_spin_unlock(&env->tlb_c.lock); 833 } 834 835 /* Add a new TLB entry, but without specifying the memory 836 * transaction attributes to be used. 837 */ 838 void tlb_set_page(CPUState *cpu, target_ulong vaddr, 839 hwaddr paddr, int prot, 840 int mmu_idx, target_ulong size) 841 { 842 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED, 843 prot, mmu_idx, size); 844 } 845 846 static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr) 847 { 848 ram_addr_t ram_addr; 849 850 ram_addr = qemu_ram_addr_from_host(ptr); 851 if (ram_addr == RAM_ADDR_INVALID) { 852 error_report("Bad ram pointer %p", ptr); 853 abort(); 854 } 855 return ram_addr; 856 } 857 858 /* 859 * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the 860 * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must 861 * be discarded and looked up again (e.g. via tlb_entry()). 862 */ 863 static void tlb_fill(CPUState *cpu, target_ulong addr, int size, 864 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) 865 { 866 CPUClass *cc = CPU_GET_CLASS(cpu); 867 bool ok; 868 869 /* 870 * This is not a probe, so only valid return is success; failure 871 * should result in exception + longjmp to the cpu loop. 872 */ 873 ok = cc->tlb_fill(cpu, addr, size, access_type, mmu_idx, false, retaddr); 874 assert(ok); 875 } 876 877 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry, 878 int mmu_idx, target_ulong addr, uintptr_t retaddr, 879 MMUAccessType access_type, int size) 880 { 881 CPUState *cpu = ENV_GET_CPU(env); 882 hwaddr mr_offset; 883 MemoryRegionSection *section; 884 MemoryRegion *mr; 885 uint64_t val; 886 bool locked = false; 887 MemTxResult r; 888 889 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs); 890 mr = section->mr; 891 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr; 892 cpu->mem_io_pc = retaddr; 893 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) { 894 cpu_io_recompile(cpu, retaddr); 895 } 896 897 cpu->mem_io_vaddr = addr; 898 cpu->mem_io_access_type = access_type; 899 900 if (mr->global_locking && !qemu_mutex_iothread_locked()) { 901 qemu_mutex_lock_iothread(); 902 locked = true; 903 } 904 r = memory_region_dispatch_read(mr, mr_offset, 905 &val, size, iotlbentry->attrs); 906 if (r != MEMTX_OK) { 907 hwaddr physaddr = mr_offset + 908 section->offset_within_address_space - 909 section->offset_within_region; 910 911 cpu_transaction_failed(cpu, physaddr, addr, size, access_type, 912 mmu_idx, iotlbentry->attrs, r, retaddr); 913 } 914 if (locked) { 915 qemu_mutex_unlock_iothread(); 916 } 917 918 return val; 919 } 920 921 static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry, 922 int mmu_idx, uint64_t val, target_ulong addr, 923 uintptr_t retaddr, int size) 924 { 925 CPUState *cpu = ENV_GET_CPU(env); 926 hwaddr mr_offset; 927 MemoryRegionSection *section; 928 MemoryRegion *mr; 929 bool locked = false; 930 MemTxResult r; 931 932 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs); 933 mr = section->mr; 934 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr; 935 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) { 936 cpu_io_recompile(cpu, retaddr); 937 } 938 cpu->mem_io_vaddr = addr; 939 cpu->mem_io_pc = retaddr; 940 941 if (mr->global_locking && !qemu_mutex_iothread_locked()) { 942 qemu_mutex_lock_iothread(); 943 locked = true; 944 } 945 r = memory_region_dispatch_write(mr, mr_offset, 946 val, size, iotlbentry->attrs); 947 if (r != MEMTX_OK) { 948 hwaddr physaddr = mr_offset + 949 section->offset_within_address_space - 950 section->offset_within_region; 951 952 cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_STORE, 953 mmu_idx, iotlbentry->attrs, r, retaddr); 954 } 955 if (locked) { 956 qemu_mutex_unlock_iothread(); 957 } 958 } 959 960 static inline target_ulong tlb_read_ofs(CPUTLBEntry *entry, size_t ofs) 961 { 962 #if TCG_OVERSIZED_GUEST 963 return *(target_ulong *)((uintptr_t)entry + ofs); 964 #else 965 /* ofs might correspond to .addr_write, so use atomic_read */ 966 return atomic_read((target_ulong *)((uintptr_t)entry + ofs)); 967 #endif 968 } 969 970 /* Return true if ADDR is present in the victim tlb, and has been copied 971 back to the main tlb. */ 972 static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index, 973 size_t elt_ofs, target_ulong page) 974 { 975 size_t vidx; 976 977 assert_cpu_is_self(ENV_GET_CPU(env)); 978 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) { 979 CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx]; 980 target_ulong cmp = tlb_read_ofs(vtlb, elt_ofs); 981 982 if (cmp == page) { 983 /* Found entry in victim tlb, swap tlb and iotlb. */ 984 CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index]; 985 986 qemu_spin_lock(&env->tlb_c.lock); 987 copy_tlb_helper_locked(&tmptlb, tlb); 988 copy_tlb_helper_locked(tlb, vtlb); 989 copy_tlb_helper_locked(vtlb, &tmptlb); 990 qemu_spin_unlock(&env->tlb_c.lock); 991 992 CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index]; 993 CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx]; 994 tmpio = *io; *io = *vio; *vio = tmpio; 995 return true; 996 } 997 } 998 return false; 999 } 1000 1001 /* Macro to call the above, with local variables from the use context. */ 1002 #define VICTIM_TLB_HIT(TY, ADDR) \ 1003 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \ 1004 (ADDR) & TARGET_PAGE_MASK) 1005 1006 /* NOTE: this function can trigger an exception */ 1007 /* NOTE2: the returned address is not exactly the physical address: it 1008 * is actually a ram_addr_t (in system mode; the user mode emulation 1009 * version of this function returns a guest virtual address). 1010 */ 1011 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) 1012 { 1013 uintptr_t mmu_idx = cpu_mmu_index(env, true); 1014 uintptr_t index = tlb_index(env, mmu_idx, addr); 1015 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); 1016 void *p; 1017 1018 if (unlikely(!tlb_hit(entry->addr_code, addr))) { 1019 if (!VICTIM_TLB_HIT(addr_code, addr)) { 1020 tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0); 1021 index = tlb_index(env, mmu_idx, addr); 1022 entry = tlb_entry(env, mmu_idx, addr); 1023 } 1024 assert(tlb_hit(entry->addr_code, addr)); 1025 } 1026 1027 if (unlikely(entry->addr_code & (TLB_RECHECK | TLB_MMIO))) { 1028 /* 1029 * Return -1 if we can't translate and execute from an entire 1030 * page of RAM here, which will cause us to execute by loading 1031 * and translating one insn at a time, without caching: 1032 * - TLB_RECHECK: means the MMU protection covers a smaller range 1033 * than a target page, so we must redo the MMU check every insn 1034 * - TLB_MMIO: region is not backed by RAM 1035 */ 1036 return -1; 1037 } 1038 1039 p = (void *)((uintptr_t)addr + entry->addend); 1040 return qemu_ram_addr_from_host_nofail(p); 1041 } 1042 1043 /* Probe for whether the specified guest write access is permitted. 1044 * If it is not permitted then an exception will be taken in the same 1045 * way as if this were a real write access (and we will not return). 1046 * Otherwise the function will return, and there will be a valid 1047 * entry in the TLB for this access. 1048 */ 1049 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx, 1050 uintptr_t retaddr) 1051 { 1052 uintptr_t index = tlb_index(env, mmu_idx, addr); 1053 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); 1054 1055 if (!tlb_hit(tlb_addr_write(entry), addr)) { 1056 /* TLB entry is for a different page */ 1057 if (!VICTIM_TLB_HIT(addr_write, addr)) { 1058 tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE, 1059 mmu_idx, retaddr); 1060 } 1061 } 1062 } 1063 1064 void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr, 1065 MMUAccessType access_type, int mmu_idx) 1066 { 1067 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); 1068 uintptr_t tlb_addr, page; 1069 size_t elt_ofs; 1070 1071 switch (access_type) { 1072 case MMU_DATA_LOAD: 1073 elt_ofs = offsetof(CPUTLBEntry, addr_read); 1074 break; 1075 case MMU_DATA_STORE: 1076 elt_ofs = offsetof(CPUTLBEntry, addr_write); 1077 break; 1078 case MMU_INST_FETCH: 1079 elt_ofs = offsetof(CPUTLBEntry, addr_code); 1080 break; 1081 default: 1082 g_assert_not_reached(); 1083 } 1084 1085 page = addr & TARGET_PAGE_MASK; 1086 tlb_addr = tlb_read_ofs(entry, elt_ofs); 1087 1088 if (!tlb_hit_page(tlb_addr, page)) { 1089 uintptr_t index = tlb_index(env, mmu_idx, addr); 1090 1091 if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page)) { 1092 CPUState *cs = ENV_GET_CPU(env); 1093 CPUClass *cc = CPU_GET_CLASS(cs); 1094 1095 if (!cc->tlb_fill(cs, addr, 0, access_type, mmu_idx, true, 0)) { 1096 /* Non-faulting page table read failed. */ 1097 return NULL; 1098 } 1099 1100 /* TLB resize via tlb_fill may have moved the entry. */ 1101 entry = tlb_entry(env, mmu_idx, addr); 1102 } 1103 tlb_addr = tlb_read_ofs(entry, elt_ofs); 1104 } 1105 1106 if (tlb_addr & ~TARGET_PAGE_MASK) { 1107 /* IO access */ 1108 return NULL; 1109 } 1110 1111 return (void *)((uintptr_t)addr + entry->addend); 1112 } 1113 1114 /* Probe for a read-modify-write atomic operation. Do not allow unaligned 1115 * operations, or io operations to proceed. Return the host address. */ 1116 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr, 1117 TCGMemOpIdx oi, uintptr_t retaddr, 1118 NotDirtyInfo *ndi) 1119 { 1120 size_t mmu_idx = get_mmuidx(oi); 1121 uintptr_t index = tlb_index(env, mmu_idx, addr); 1122 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr); 1123 target_ulong tlb_addr = tlb_addr_write(tlbe); 1124 TCGMemOp mop = get_memop(oi); 1125 int a_bits = get_alignment_bits(mop); 1126 int s_bits = mop & MO_SIZE; 1127 void *hostaddr; 1128 1129 /* Adjust the given return address. */ 1130 retaddr -= GETPC_ADJ; 1131 1132 /* Enforce guest required alignment. */ 1133 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) { 1134 /* ??? Maybe indicate atomic op to cpu_unaligned_access */ 1135 cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE, 1136 mmu_idx, retaddr); 1137 } 1138 1139 /* Enforce qemu required alignment. */ 1140 if (unlikely(addr & ((1 << s_bits) - 1))) { 1141 /* We get here if guest alignment was not requested, 1142 or was not enforced by cpu_unaligned_access above. 1143 We might widen the access and emulate, but for now 1144 mark an exception and exit the cpu loop. */ 1145 goto stop_the_world; 1146 } 1147 1148 /* Check TLB entry and enforce page permissions. */ 1149 if (!tlb_hit(tlb_addr, addr)) { 1150 if (!VICTIM_TLB_HIT(addr_write, addr)) { 1151 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE, 1152 mmu_idx, retaddr); 1153 index = tlb_index(env, mmu_idx, addr); 1154 tlbe = tlb_entry(env, mmu_idx, addr); 1155 } 1156 tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK; 1157 } 1158 1159 /* Notice an IO access or a needs-MMU-lookup access */ 1160 if (unlikely(tlb_addr & (TLB_MMIO | TLB_RECHECK))) { 1161 /* There's really nothing that can be done to 1162 support this apart from stop-the-world. */ 1163 goto stop_the_world; 1164 } 1165 1166 /* Let the guest notice RMW on a write-only page. */ 1167 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) { 1168 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_LOAD, 1169 mmu_idx, retaddr); 1170 /* Since we don't support reads and writes to different addresses, 1171 and we do have the proper page loaded for write, this shouldn't 1172 ever return. But just in case, handle via stop-the-world. */ 1173 goto stop_the_world; 1174 } 1175 1176 hostaddr = (void *)((uintptr_t)addr + tlbe->addend); 1177 1178 ndi->active = false; 1179 if (unlikely(tlb_addr & TLB_NOTDIRTY)) { 1180 ndi->active = true; 1181 memory_notdirty_write_prepare(ndi, ENV_GET_CPU(env), addr, 1182 qemu_ram_addr_from_host_nofail(hostaddr), 1183 1 << s_bits); 1184 } 1185 1186 return hostaddr; 1187 1188 stop_the_world: 1189 cpu_loop_exit_atomic(ENV_GET_CPU(env), retaddr); 1190 } 1191 1192 #ifdef TARGET_WORDS_BIGENDIAN 1193 #define NEED_BE_BSWAP 0 1194 #define NEED_LE_BSWAP 1 1195 #else 1196 #define NEED_BE_BSWAP 1 1197 #define NEED_LE_BSWAP 0 1198 #endif 1199 1200 /* 1201 * Byte Swap Helper 1202 * 1203 * This should all dead code away depending on the build host and 1204 * access type. 1205 */ 1206 1207 static inline uint64_t handle_bswap(uint64_t val, int size, bool big_endian) 1208 { 1209 if ((big_endian && NEED_BE_BSWAP) || (!big_endian && NEED_LE_BSWAP)) { 1210 switch (size) { 1211 case 1: return val; 1212 case 2: return bswap16(val); 1213 case 4: return bswap32(val); 1214 case 8: return bswap64(val); 1215 default: 1216 g_assert_not_reached(); 1217 } 1218 } else { 1219 return val; 1220 } 1221 } 1222 1223 /* 1224 * Load Helpers 1225 * 1226 * We support two different access types. SOFTMMU_CODE_ACCESS is 1227 * specifically for reading instructions from system memory. It is 1228 * called by the translation loop and in some helpers where the code 1229 * is disassembled. It shouldn't be called directly by guest code. 1230 */ 1231 1232 typedef uint64_t FullLoadHelper(CPUArchState *env, target_ulong addr, 1233 TCGMemOpIdx oi, uintptr_t retaddr); 1234 1235 static inline uint64_t __attribute__((always_inline)) 1236 load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi, 1237 uintptr_t retaddr, size_t size, bool big_endian, bool code_read, 1238 FullLoadHelper *full_load) 1239 { 1240 uintptr_t mmu_idx = get_mmuidx(oi); 1241 uintptr_t index = tlb_index(env, mmu_idx, addr); 1242 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); 1243 target_ulong tlb_addr = code_read ? entry->addr_code : entry->addr_read; 1244 const size_t tlb_off = code_read ? 1245 offsetof(CPUTLBEntry, addr_code) : offsetof(CPUTLBEntry, addr_read); 1246 const MMUAccessType access_type = 1247 code_read ? MMU_INST_FETCH : MMU_DATA_LOAD; 1248 unsigned a_bits = get_alignment_bits(get_memop(oi)); 1249 void *haddr; 1250 uint64_t res; 1251 1252 /* Handle CPU specific unaligned behaviour */ 1253 if (addr & ((1 << a_bits) - 1)) { 1254 cpu_unaligned_access(ENV_GET_CPU(env), addr, access_type, 1255 mmu_idx, retaddr); 1256 } 1257 1258 /* If the TLB entry is for a different page, reload and try again. */ 1259 if (!tlb_hit(tlb_addr, addr)) { 1260 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off, 1261 addr & TARGET_PAGE_MASK)) { 1262 tlb_fill(ENV_GET_CPU(env), addr, size, 1263 access_type, mmu_idx, retaddr); 1264 index = tlb_index(env, mmu_idx, addr); 1265 entry = tlb_entry(env, mmu_idx, addr); 1266 } 1267 tlb_addr = code_read ? entry->addr_code : entry->addr_read; 1268 } 1269 1270 /* Handle an IO access. */ 1271 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) { 1272 if ((addr & (size - 1)) != 0) { 1273 goto do_unaligned_access; 1274 } 1275 1276 if (tlb_addr & TLB_RECHECK) { 1277 /* 1278 * This is a TLB_RECHECK access, where the MMU protection 1279 * covers a smaller range than a target page, and we must 1280 * repeat the MMU check here. This tlb_fill() call might 1281 * longjump out if this access should cause a guest exception. 1282 */ 1283 tlb_fill(ENV_GET_CPU(env), addr, size, 1284 access_type, mmu_idx, retaddr); 1285 index = tlb_index(env, mmu_idx, addr); 1286 entry = tlb_entry(env, mmu_idx, addr); 1287 1288 tlb_addr = code_read ? entry->addr_code : entry->addr_read; 1289 tlb_addr &= ~TLB_RECHECK; 1290 if (!(tlb_addr & ~TARGET_PAGE_MASK)) { 1291 /* RAM access */ 1292 goto do_aligned_access; 1293 } 1294 } 1295 1296 res = io_readx(env, &env->iotlb[mmu_idx][index], mmu_idx, addr, 1297 retaddr, access_type, size); 1298 return handle_bswap(res, size, big_endian); 1299 } 1300 1301 /* Handle slow unaligned access (it spans two pages or IO). */ 1302 if (size > 1 1303 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1 1304 >= TARGET_PAGE_SIZE)) { 1305 target_ulong addr1, addr2; 1306 tcg_target_ulong r1, r2; 1307 unsigned shift; 1308 do_unaligned_access: 1309 addr1 = addr & ~(size - 1); 1310 addr2 = addr1 + size; 1311 r1 = full_load(env, addr1, oi, retaddr); 1312 r2 = full_load(env, addr2, oi, retaddr); 1313 shift = (addr & (size - 1)) * 8; 1314 1315 if (big_endian) { 1316 /* Big-endian combine. */ 1317 res = (r1 << shift) | (r2 >> ((size * 8) - shift)); 1318 } else { 1319 /* Little-endian combine. */ 1320 res = (r1 >> shift) | (r2 << ((size * 8) - shift)); 1321 } 1322 return res & MAKE_64BIT_MASK(0, size * 8); 1323 } 1324 1325 do_aligned_access: 1326 haddr = (void *)((uintptr_t)addr + entry->addend); 1327 switch (size) { 1328 case 1: 1329 res = ldub_p(haddr); 1330 break; 1331 case 2: 1332 if (big_endian) { 1333 res = lduw_be_p(haddr); 1334 } else { 1335 res = lduw_le_p(haddr); 1336 } 1337 break; 1338 case 4: 1339 if (big_endian) { 1340 res = (uint32_t)ldl_be_p(haddr); 1341 } else { 1342 res = (uint32_t)ldl_le_p(haddr); 1343 } 1344 break; 1345 case 8: 1346 if (big_endian) { 1347 res = ldq_be_p(haddr); 1348 } else { 1349 res = ldq_le_p(haddr); 1350 } 1351 break; 1352 default: 1353 g_assert_not_reached(); 1354 } 1355 1356 return res; 1357 } 1358 1359 /* 1360 * For the benefit of TCG generated code, we want to avoid the 1361 * complication of ABI-specific return type promotion and always 1362 * return a value extended to the register size of the host. This is 1363 * tcg_target_long, except in the case of a 32-bit host and 64-bit 1364 * data, and for that we always have uint64_t. 1365 * 1366 * We don't bother with this widened value for SOFTMMU_CODE_ACCESS. 1367 */ 1368 1369 static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr, 1370 TCGMemOpIdx oi, uintptr_t retaddr) 1371 { 1372 return load_helper(env, addr, oi, retaddr, 1, false, false, 1373 full_ldub_mmu); 1374 } 1375 1376 tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr, 1377 TCGMemOpIdx oi, uintptr_t retaddr) 1378 { 1379 return full_ldub_mmu(env, addr, oi, retaddr); 1380 } 1381 1382 static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr, 1383 TCGMemOpIdx oi, uintptr_t retaddr) 1384 { 1385 return load_helper(env, addr, oi, retaddr, 2, false, false, 1386 full_le_lduw_mmu); 1387 } 1388 1389 tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr, 1390 TCGMemOpIdx oi, uintptr_t retaddr) 1391 { 1392 return full_le_lduw_mmu(env, addr, oi, retaddr); 1393 } 1394 1395 static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr, 1396 TCGMemOpIdx oi, uintptr_t retaddr) 1397 { 1398 return load_helper(env, addr, oi, retaddr, 2, true, false, 1399 full_be_lduw_mmu); 1400 } 1401 1402 tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr, 1403 TCGMemOpIdx oi, uintptr_t retaddr) 1404 { 1405 return full_be_lduw_mmu(env, addr, oi, retaddr); 1406 } 1407 1408 static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr, 1409 TCGMemOpIdx oi, uintptr_t retaddr) 1410 { 1411 return load_helper(env, addr, oi, retaddr, 4, false, false, 1412 full_le_ldul_mmu); 1413 } 1414 1415 tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr, 1416 TCGMemOpIdx oi, uintptr_t retaddr) 1417 { 1418 return full_le_ldul_mmu(env, addr, oi, retaddr); 1419 } 1420 1421 static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr, 1422 TCGMemOpIdx oi, uintptr_t retaddr) 1423 { 1424 return load_helper(env, addr, oi, retaddr, 4, true, false, 1425 full_be_ldul_mmu); 1426 } 1427 1428 tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr, 1429 TCGMemOpIdx oi, uintptr_t retaddr) 1430 { 1431 return full_be_ldul_mmu(env, addr, oi, retaddr); 1432 } 1433 1434 uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr, 1435 TCGMemOpIdx oi, uintptr_t retaddr) 1436 { 1437 return load_helper(env, addr, oi, retaddr, 8, false, false, 1438 helper_le_ldq_mmu); 1439 } 1440 1441 uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr, 1442 TCGMemOpIdx oi, uintptr_t retaddr) 1443 { 1444 return load_helper(env, addr, oi, retaddr, 8, true, false, 1445 helper_be_ldq_mmu); 1446 } 1447 1448 /* 1449 * Provide signed versions of the load routines as well. We can of course 1450 * avoid this for 64-bit data, or for 32-bit data on 32-bit host. 1451 */ 1452 1453 1454 tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr, 1455 TCGMemOpIdx oi, uintptr_t retaddr) 1456 { 1457 return (int8_t)helper_ret_ldub_mmu(env, addr, oi, retaddr); 1458 } 1459 1460 tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr, 1461 TCGMemOpIdx oi, uintptr_t retaddr) 1462 { 1463 return (int16_t)helper_le_lduw_mmu(env, addr, oi, retaddr); 1464 } 1465 1466 tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr, 1467 TCGMemOpIdx oi, uintptr_t retaddr) 1468 { 1469 return (int16_t)helper_be_lduw_mmu(env, addr, oi, retaddr); 1470 } 1471 1472 tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr, 1473 TCGMemOpIdx oi, uintptr_t retaddr) 1474 { 1475 return (int32_t)helper_le_ldul_mmu(env, addr, oi, retaddr); 1476 } 1477 1478 tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr, 1479 TCGMemOpIdx oi, uintptr_t retaddr) 1480 { 1481 return (int32_t)helper_be_ldul_mmu(env, addr, oi, retaddr); 1482 } 1483 1484 /* 1485 * Store Helpers 1486 */ 1487 1488 static inline void __attribute__((always_inline)) 1489 store_helper(CPUArchState *env, target_ulong addr, uint64_t val, 1490 TCGMemOpIdx oi, uintptr_t retaddr, size_t size, bool big_endian) 1491 { 1492 uintptr_t mmu_idx = get_mmuidx(oi); 1493 uintptr_t index = tlb_index(env, mmu_idx, addr); 1494 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); 1495 target_ulong tlb_addr = tlb_addr_write(entry); 1496 const size_t tlb_off = offsetof(CPUTLBEntry, addr_write); 1497 unsigned a_bits = get_alignment_bits(get_memop(oi)); 1498 void *haddr; 1499 1500 /* Handle CPU specific unaligned behaviour */ 1501 if (addr & ((1 << a_bits) - 1)) { 1502 cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE, 1503 mmu_idx, retaddr); 1504 } 1505 1506 /* If the TLB entry is for a different page, reload and try again. */ 1507 if (!tlb_hit(tlb_addr, addr)) { 1508 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off, 1509 addr & TARGET_PAGE_MASK)) { 1510 tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE, 1511 mmu_idx, retaddr); 1512 index = tlb_index(env, mmu_idx, addr); 1513 entry = tlb_entry(env, mmu_idx, addr); 1514 } 1515 tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK; 1516 } 1517 1518 /* Handle an IO access. */ 1519 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) { 1520 if ((addr & (size - 1)) != 0) { 1521 goto do_unaligned_access; 1522 } 1523 1524 if (tlb_addr & TLB_RECHECK) { 1525 /* 1526 * This is a TLB_RECHECK access, where the MMU protection 1527 * covers a smaller range than a target page, and we must 1528 * repeat the MMU check here. This tlb_fill() call might 1529 * longjump out if this access should cause a guest exception. 1530 */ 1531 tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE, 1532 mmu_idx, retaddr); 1533 index = tlb_index(env, mmu_idx, addr); 1534 entry = tlb_entry(env, mmu_idx, addr); 1535 1536 tlb_addr = tlb_addr_write(entry); 1537 tlb_addr &= ~TLB_RECHECK; 1538 if (!(tlb_addr & ~TARGET_PAGE_MASK)) { 1539 /* RAM access */ 1540 goto do_aligned_access; 1541 } 1542 } 1543 1544 io_writex(env, &env->iotlb[mmu_idx][index], mmu_idx, 1545 handle_bswap(val, size, big_endian), 1546 addr, retaddr, size); 1547 return; 1548 } 1549 1550 /* Handle slow unaligned access (it spans two pages or IO). */ 1551 if (size > 1 1552 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1 1553 >= TARGET_PAGE_SIZE)) { 1554 int i; 1555 uintptr_t index2; 1556 CPUTLBEntry *entry2; 1557 target_ulong page2, tlb_addr2; 1558 do_unaligned_access: 1559 /* 1560 * Ensure the second page is in the TLB. Note that the first page 1561 * is already guaranteed to be filled, and that the second page 1562 * cannot evict the first. 1563 */ 1564 page2 = (addr + size) & TARGET_PAGE_MASK; 1565 index2 = tlb_index(env, mmu_idx, page2); 1566 entry2 = tlb_entry(env, mmu_idx, page2); 1567 tlb_addr2 = tlb_addr_write(entry2); 1568 if (!tlb_hit_page(tlb_addr2, page2) 1569 && !victim_tlb_hit(env, mmu_idx, index2, tlb_off, 1570 page2 & TARGET_PAGE_MASK)) { 1571 tlb_fill(ENV_GET_CPU(env), page2, size, MMU_DATA_STORE, 1572 mmu_idx, retaddr); 1573 } 1574 1575 /* 1576 * XXX: not efficient, but simple. 1577 * This loop must go in the forward direction to avoid issues 1578 * with self-modifying code in Windows 64-bit. 1579 */ 1580 for (i = 0; i < size; ++i) { 1581 uint8_t val8; 1582 if (big_endian) { 1583 /* Big-endian extract. */ 1584 val8 = val >> (((size - 1) * 8) - (i * 8)); 1585 } else { 1586 /* Little-endian extract. */ 1587 val8 = val >> (i * 8); 1588 } 1589 helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr); 1590 } 1591 return; 1592 } 1593 1594 do_aligned_access: 1595 haddr = (void *)((uintptr_t)addr + entry->addend); 1596 switch (size) { 1597 case 1: 1598 stb_p(haddr, val); 1599 break; 1600 case 2: 1601 if (big_endian) { 1602 stw_be_p(haddr, val); 1603 } else { 1604 stw_le_p(haddr, val); 1605 } 1606 break; 1607 case 4: 1608 if (big_endian) { 1609 stl_be_p(haddr, val); 1610 } else { 1611 stl_le_p(haddr, val); 1612 } 1613 break; 1614 case 8: 1615 if (big_endian) { 1616 stq_be_p(haddr, val); 1617 } else { 1618 stq_le_p(haddr, val); 1619 } 1620 break; 1621 default: 1622 g_assert_not_reached(); 1623 break; 1624 } 1625 } 1626 1627 void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val, 1628 TCGMemOpIdx oi, uintptr_t retaddr) 1629 { 1630 store_helper(env, addr, val, oi, retaddr, 1, false); 1631 } 1632 1633 void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val, 1634 TCGMemOpIdx oi, uintptr_t retaddr) 1635 { 1636 store_helper(env, addr, val, oi, retaddr, 2, false); 1637 } 1638 1639 void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val, 1640 TCGMemOpIdx oi, uintptr_t retaddr) 1641 { 1642 store_helper(env, addr, val, oi, retaddr, 2, true); 1643 } 1644 1645 void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val, 1646 TCGMemOpIdx oi, uintptr_t retaddr) 1647 { 1648 store_helper(env, addr, val, oi, retaddr, 4, false); 1649 } 1650 1651 void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val, 1652 TCGMemOpIdx oi, uintptr_t retaddr) 1653 { 1654 store_helper(env, addr, val, oi, retaddr, 4, true); 1655 } 1656 1657 void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val, 1658 TCGMemOpIdx oi, uintptr_t retaddr) 1659 { 1660 store_helper(env, addr, val, oi, retaddr, 8, false); 1661 } 1662 1663 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val, 1664 TCGMemOpIdx oi, uintptr_t retaddr) 1665 { 1666 store_helper(env, addr, val, oi, retaddr, 8, true); 1667 } 1668 1669 /* First set of helpers allows passing in of OI and RETADDR. This makes 1670 them callable from other helpers. */ 1671 1672 #define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr 1673 #define ATOMIC_NAME(X) \ 1674 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu)) 1675 #define ATOMIC_MMU_DECLS NotDirtyInfo ndi 1676 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr, &ndi) 1677 #define ATOMIC_MMU_CLEANUP \ 1678 do { \ 1679 if (unlikely(ndi.active)) { \ 1680 memory_notdirty_write_complete(&ndi); \ 1681 } \ 1682 } while (0) 1683 1684 #define DATA_SIZE 1 1685 #include "atomic_template.h" 1686 1687 #define DATA_SIZE 2 1688 #include "atomic_template.h" 1689 1690 #define DATA_SIZE 4 1691 #include "atomic_template.h" 1692 1693 #ifdef CONFIG_ATOMIC64 1694 #define DATA_SIZE 8 1695 #include "atomic_template.h" 1696 #endif 1697 1698 #if HAVE_CMPXCHG128 || HAVE_ATOMIC128 1699 #define DATA_SIZE 16 1700 #include "atomic_template.h" 1701 #endif 1702 1703 /* Second set of helpers are directly callable from TCG as helpers. */ 1704 1705 #undef EXTRA_ARGS 1706 #undef ATOMIC_NAME 1707 #undef ATOMIC_MMU_LOOKUP 1708 #define EXTRA_ARGS , TCGMemOpIdx oi 1709 #define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END)) 1710 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC(), &ndi) 1711 1712 #define DATA_SIZE 1 1713 #include "atomic_template.h" 1714 1715 #define DATA_SIZE 2 1716 #include "atomic_template.h" 1717 1718 #define DATA_SIZE 4 1719 #include "atomic_template.h" 1720 1721 #ifdef CONFIG_ATOMIC64 1722 #define DATA_SIZE 8 1723 #include "atomic_template.h" 1724 #endif 1725 1726 /* Code access functions. */ 1727 1728 static uint64_t full_ldub_cmmu(CPUArchState *env, target_ulong addr, 1729 TCGMemOpIdx oi, uintptr_t retaddr) 1730 { 1731 return load_helper(env, addr, oi, retaddr, 1, false, true, 1732 full_ldub_cmmu); 1733 } 1734 1735 uint8_t helper_ret_ldb_cmmu(CPUArchState *env, target_ulong addr, 1736 TCGMemOpIdx oi, uintptr_t retaddr) 1737 { 1738 return full_ldub_cmmu(env, addr, oi, retaddr); 1739 } 1740 1741 static uint64_t full_le_lduw_cmmu(CPUArchState *env, target_ulong addr, 1742 TCGMemOpIdx oi, uintptr_t retaddr) 1743 { 1744 return load_helper(env, addr, oi, retaddr, 2, false, true, 1745 full_le_lduw_cmmu); 1746 } 1747 1748 uint16_t helper_le_ldw_cmmu(CPUArchState *env, target_ulong addr, 1749 TCGMemOpIdx oi, uintptr_t retaddr) 1750 { 1751 return full_le_lduw_cmmu(env, addr, oi, retaddr); 1752 } 1753 1754 static uint64_t full_be_lduw_cmmu(CPUArchState *env, target_ulong addr, 1755 TCGMemOpIdx oi, uintptr_t retaddr) 1756 { 1757 return load_helper(env, addr, oi, retaddr, 2, true, true, 1758 full_be_lduw_cmmu); 1759 } 1760 1761 uint16_t helper_be_ldw_cmmu(CPUArchState *env, target_ulong addr, 1762 TCGMemOpIdx oi, uintptr_t retaddr) 1763 { 1764 return full_be_lduw_cmmu(env, addr, oi, retaddr); 1765 } 1766 1767 static uint64_t full_le_ldul_cmmu(CPUArchState *env, target_ulong addr, 1768 TCGMemOpIdx oi, uintptr_t retaddr) 1769 { 1770 return load_helper(env, addr, oi, retaddr, 4, false, true, 1771 full_le_ldul_cmmu); 1772 } 1773 1774 uint32_t helper_le_ldl_cmmu(CPUArchState *env, target_ulong addr, 1775 TCGMemOpIdx oi, uintptr_t retaddr) 1776 { 1777 return full_le_ldul_cmmu(env, addr, oi, retaddr); 1778 } 1779 1780 static uint64_t full_be_ldul_cmmu(CPUArchState *env, target_ulong addr, 1781 TCGMemOpIdx oi, uintptr_t retaddr) 1782 { 1783 return load_helper(env, addr, oi, retaddr, 4, true, true, 1784 full_be_ldul_cmmu); 1785 } 1786 1787 uint32_t helper_be_ldl_cmmu(CPUArchState *env, target_ulong addr, 1788 TCGMemOpIdx oi, uintptr_t retaddr) 1789 { 1790 return full_be_ldul_cmmu(env, addr, oi, retaddr); 1791 } 1792 1793 uint64_t helper_le_ldq_cmmu(CPUArchState *env, target_ulong addr, 1794 TCGMemOpIdx oi, uintptr_t retaddr) 1795 { 1796 return load_helper(env, addr, oi, retaddr, 8, false, true, 1797 helper_le_ldq_cmmu); 1798 } 1799 1800 uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr, 1801 TCGMemOpIdx oi, uintptr_t retaddr) 1802 { 1803 return load_helper(env, addr, oi, retaddr, 8, true, true, 1804 helper_be_ldq_cmmu); 1805 } 1806