1 /* 2 * Host code generation 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 #ifdef _WIN32 20 #include <windows.h> 21 #endif 22 #include "qemu/osdep.h" 23 24 25 #include "qemu-common.h" 26 #define NO_CPU_IO_DEFS 27 #include "cpu.h" 28 #include "trace.h" 29 #include "disas/disas.h" 30 #include "exec/exec-all.h" 31 #include "tcg.h" 32 #if defined(CONFIG_USER_ONLY) 33 #include "qemu.h" 34 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 35 #include <sys/param.h> 36 #if __FreeBSD_version >= 700104 37 #define HAVE_KINFO_GETVMMAP 38 #define sigqueue sigqueue_freebsd /* avoid redefinition */ 39 #include <sys/proc.h> 40 #include <machine/profile.h> 41 #define _KERNEL 42 #include <sys/user.h> 43 #undef _KERNEL 44 #undef sigqueue 45 #include <libutil.h> 46 #endif 47 #endif 48 #else 49 #include "exec/address-spaces.h" 50 #endif 51 52 #include "exec/cputlb.h" 53 #include "exec/tb-hash.h" 54 #include "translate-all.h" 55 #include "qemu/bitmap.h" 56 #include "qemu/error-report.h" 57 #include "qemu/timer.h" 58 #include "qemu/main-loop.h" 59 #include "exec/log.h" 60 #include "sysemu/cpus.h" 61 62 /* #define DEBUG_TB_INVALIDATE */ 63 /* #define DEBUG_TB_FLUSH */ 64 /* make various TB consistency checks */ 65 /* #define DEBUG_TB_CHECK */ 66 67 #ifdef DEBUG_TB_INVALIDATE 68 #define DEBUG_TB_INVALIDATE_GATE 1 69 #else 70 #define DEBUG_TB_INVALIDATE_GATE 0 71 #endif 72 73 #ifdef DEBUG_TB_FLUSH 74 #define DEBUG_TB_FLUSH_GATE 1 75 #else 76 #define DEBUG_TB_FLUSH_GATE 0 77 #endif 78 79 #if !defined(CONFIG_USER_ONLY) 80 /* TB consistency checks only implemented for usermode emulation. */ 81 #undef DEBUG_TB_CHECK 82 #endif 83 84 #ifdef DEBUG_TB_CHECK 85 #define DEBUG_TB_CHECK_GATE 1 86 #else 87 #define DEBUG_TB_CHECK_GATE 0 88 #endif 89 90 /* Access to the various translations structures need to be serialised via locks 91 * for consistency. This is automatic for SoftMMU based system 92 * emulation due to its single threaded nature. In user-mode emulation 93 * access to the memory related structures are protected with the 94 * mmap_lock. 95 */ 96 #ifdef CONFIG_SOFTMMU 97 #define assert_memory_lock() tcg_debug_assert(have_tb_lock) 98 #else 99 #define assert_memory_lock() tcg_debug_assert(have_mmap_lock()) 100 #endif 101 102 #define SMC_BITMAP_USE_THRESHOLD 10 103 104 typedef struct PageDesc { 105 /* list of TBs intersecting this ram page */ 106 uintptr_t first_tb; 107 #ifdef CONFIG_SOFTMMU 108 /* in order to optimize self modifying code, we count the number 109 of lookups we do to a given page to use a bitmap */ 110 unsigned long *code_bitmap; 111 unsigned int code_write_count; 112 #else 113 unsigned long flags; 114 #endif 115 #ifndef CONFIG_USER_ONLY 116 QemuSpin lock; 117 #endif 118 } PageDesc; 119 120 /** 121 * struct page_entry - page descriptor entry 122 * @pd: pointer to the &struct PageDesc of the page this entry represents 123 * @index: page index of the page 124 * @locked: whether the page is locked 125 * 126 * This struct helps us keep track of the locked state of a page, without 127 * bloating &struct PageDesc. 128 * 129 * A page lock protects accesses to all fields of &struct PageDesc. 130 * 131 * See also: &struct page_collection. 132 */ 133 struct page_entry { 134 PageDesc *pd; 135 tb_page_addr_t index; 136 bool locked; 137 }; 138 139 /** 140 * struct page_collection - tracks a set of pages (i.e. &struct page_entry's) 141 * @tree: Binary search tree (BST) of the pages, with key == page index 142 * @max: Pointer to the page in @tree with the highest page index 143 * 144 * To avoid deadlock we lock pages in ascending order of page index. 145 * When operating on a set of pages, we need to keep track of them so that 146 * we can lock them in order and also unlock them later. For this we collect 147 * pages (i.e. &struct page_entry's) in a binary search @tree. Given that the 148 * @tree implementation we use does not provide an O(1) operation to obtain the 149 * highest-ranked element, we use @max to keep track of the inserted page 150 * with the highest index. This is valuable because if a page is not in 151 * the tree and its index is higher than @max's, then we can lock it 152 * without breaking the locking order rule. 153 * 154 * Note on naming: 'struct page_set' would be shorter, but we already have a few 155 * page_set_*() helpers, so page_collection is used instead to avoid confusion. 156 * 157 * See also: page_collection_lock(). 158 */ 159 struct page_collection { 160 GTree *tree; 161 struct page_entry *max; 162 }; 163 164 /* list iterators for lists of tagged pointers in TranslationBlock */ 165 #define TB_FOR_EACH_TAGGED(head, tb, n, field) \ 166 for (n = (head) & 1, tb = (TranslationBlock *)((head) & ~1); \ 167 tb; tb = (TranslationBlock *)tb->field[n], n = (uintptr_t)tb & 1, \ 168 tb = (TranslationBlock *)((uintptr_t)tb & ~1)) 169 170 #define PAGE_FOR_EACH_TB(pagedesc, tb, n) \ 171 TB_FOR_EACH_TAGGED((pagedesc)->first_tb, tb, n, page_next) 172 173 /* In system mode we want L1_MAP to be based on ram offsets, 174 while in user mode we want it to be based on virtual addresses. */ 175 #if !defined(CONFIG_USER_ONLY) 176 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS 177 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS 178 #else 179 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS 180 #endif 181 #else 182 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS 183 #endif 184 185 /* Size of the L2 (and L3, etc) page tables. */ 186 #define V_L2_BITS 10 187 #define V_L2_SIZE (1 << V_L2_BITS) 188 189 /* Make sure all possible CPU event bits fit in tb->trace_vcpu_dstate */ 190 QEMU_BUILD_BUG_ON(CPU_TRACE_DSTATE_MAX_EVENTS > 191 sizeof(((TranslationBlock *)0)->trace_vcpu_dstate) 192 * BITS_PER_BYTE); 193 194 /* 195 * L1 Mapping properties 196 */ 197 static int v_l1_size; 198 static int v_l1_shift; 199 static int v_l2_levels; 200 201 /* The bottom level has pointers to PageDesc, and is indexed by 202 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size. 203 */ 204 #define V_L1_MIN_BITS 4 205 #define V_L1_MAX_BITS (V_L2_BITS + 3) 206 #define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS) 207 208 static void *l1_map[V_L1_MAX_SIZE]; 209 210 /* code generation context */ 211 TCGContext tcg_init_ctx; 212 __thread TCGContext *tcg_ctx; 213 TBContext tb_ctx; 214 bool parallel_cpus; 215 216 /* translation block context */ 217 static __thread int have_tb_lock; 218 219 static void page_table_config_init(void) 220 { 221 uint32_t v_l1_bits; 222 223 assert(TARGET_PAGE_BITS); 224 /* The bits remaining after N lower levels of page tables. */ 225 v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS; 226 if (v_l1_bits < V_L1_MIN_BITS) { 227 v_l1_bits += V_L2_BITS; 228 } 229 230 v_l1_size = 1 << v_l1_bits; 231 v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits; 232 v_l2_levels = v_l1_shift / V_L2_BITS - 1; 233 234 assert(v_l1_bits <= V_L1_MAX_BITS); 235 assert(v_l1_shift % V_L2_BITS == 0); 236 assert(v_l2_levels >= 0); 237 } 238 239 #define assert_tb_locked() tcg_debug_assert(have_tb_lock) 240 #define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock) 241 242 void tb_lock(void) 243 { 244 assert_tb_unlocked(); 245 qemu_mutex_lock(&tb_ctx.tb_lock); 246 have_tb_lock++; 247 } 248 249 void tb_unlock(void) 250 { 251 assert_tb_locked(); 252 have_tb_lock--; 253 qemu_mutex_unlock(&tb_ctx.tb_lock); 254 } 255 256 void tb_lock_reset(void) 257 { 258 if (have_tb_lock) { 259 qemu_mutex_unlock(&tb_ctx.tb_lock); 260 have_tb_lock = 0; 261 } 262 } 263 264 void cpu_gen_init(void) 265 { 266 tcg_context_init(&tcg_init_ctx); 267 } 268 269 /* Encode VAL as a signed leb128 sequence at P. 270 Return P incremented past the encoded value. */ 271 static uint8_t *encode_sleb128(uint8_t *p, target_long val) 272 { 273 int more, byte; 274 275 do { 276 byte = val & 0x7f; 277 val >>= 7; 278 more = !((val == 0 && (byte & 0x40) == 0) 279 || (val == -1 && (byte & 0x40) != 0)); 280 if (more) { 281 byte |= 0x80; 282 } 283 *p++ = byte; 284 } while (more); 285 286 return p; 287 } 288 289 /* Decode a signed leb128 sequence at *PP; increment *PP past the 290 decoded value. Return the decoded value. */ 291 static target_long decode_sleb128(uint8_t **pp) 292 { 293 uint8_t *p = *pp; 294 target_long val = 0; 295 int byte, shift = 0; 296 297 do { 298 byte = *p++; 299 val |= (target_ulong)(byte & 0x7f) << shift; 300 shift += 7; 301 } while (byte & 0x80); 302 if (shift < TARGET_LONG_BITS && (byte & 0x40)) { 303 val |= -(target_ulong)1 << shift; 304 } 305 306 *pp = p; 307 return val; 308 } 309 310 /* Encode the data collected about the instructions while compiling TB. 311 Place the data at BLOCK, and return the number of bytes consumed. 312 313 The logical table consists of TARGET_INSN_START_WORDS target_ulong's, 314 which come from the target's insn_start data, followed by a uintptr_t 315 which comes from the host pc of the end of the code implementing the insn. 316 317 Each line of the table is encoded as sleb128 deltas from the previous 318 line. The seed for the first line is { tb->pc, 0..., tb->tc.ptr }. 319 That is, the first column is seeded with the guest pc, the last column 320 with the host pc, and the middle columns with zeros. */ 321 322 static int encode_search(TranslationBlock *tb, uint8_t *block) 323 { 324 uint8_t *highwater = tcg_ctx->code_gen_highwater; 325 uint8_t *p = block; 326 int i, j, n; 327 328 for (i = 0, n = tb->icount; i < n; ++i) { 329 target_ulong prev; 330 331 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) { 332 if (i == 0) { 333 prev = (j == 0 ? tb->pc : 0); 334 } else { 335 prev = tcg_ctx->gen_insn_data[i - 1][j]; 336 } 337 p = encode_sleb128(p, tcg_ctx->gen_insn_data[i][j] - prev); 338 } 339 prev = (i == 0 ? 0 : tcg_ctx->gen_insn_end_off[i - 1]); 340 p = encode_sleb128(p, tcg_ctx->gen_insn_end_off[i] - prev); 341 342 /* Test for (pending) buffer overflow. The assumption is that any 343 one row beginning below the high water mark cannot overrun 344 the buffer completely. Thus we can test for overflow after 345 encoding a row without having to check during encoding. */ 346 if (unlikely(p > highwater)) { 347 return -1; 348 } 349 } 350 351 return p - block; 352 } 353 354 /* The cpu state corresponding to 'searched_pc' is restored. 355 * Called with tb_lock held. 356 * When reset_icount is true, current TB will be interrupted and 357 * icount should be recalculated. 358 */ 359 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb, 360 uintptr_t searched_pc, bool reset_icount) 361 { 362 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc }; 363 uintptr_t host_pc = (uintptr_t)tb->tc.ptr; 364 CPUArchState *env = cpu->env_ptr; 365 uint8_t *p = tb->tc.ptr + tb->tc.size; 366 int i, j, num_insns = tb->icount; 367 #ifdef CONFIG_PROFILER 368 TCGProfile *prof = &tcg_ctx->prof; 369 int64_t ti = profile_getclock(); 370 #endif 371 372 searched_pc -= GETPC_ADJ; 373 374 if (searched_pc < host_pc) { 375 return -1; 376 } 377 378 /* Reconstruct the stored insn data while looking for the point at 379 which the end of the insn exceeds the searched_pc. */ 380 for (i = 0; i < num_insns; ++i) { 381 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) { 382 data[j] += decode_sleb128(&p); 383 } 384 host_pc += decode_sleb128(&p); 385 if (host_pc > searched_pc) { 386 goto found; 387 } 388 } 389 return -1; 390 391 found: 392 if (reset_icount && (tb->cflags & CF_USE_ICOUNT)) { 393 assert(use_icount); 394 /* Reset the cycle counter to the start of the block 395 and shift if to the number of actually executed instructions */ 396 cpu->icount_decr.u16.low += num_insns - i; 397 } 398 restore_state_to_opc(env, tb, data); 399 400 #ifdef CONFIG_PROFILER 401 atomic_set(&prof->restore_time, 402 prof->restore_time + profile_getclock() - ti); 403 atomic_set(&prof->restore_count, prof->restore_count + 1); 404 #endif 405 return 0; 406 } 407 408 bool cpu_restore_state(CPUState *cpu, uintptr_t host_pc, bool will_exit) 409 { 410 TranslationBlock *tb; 411 bool r = false; 412 uintptr_t check_offset; 413 414 /* The host_pc has to be in the region of current code buffer. If 415 * it is not we will not be able to resolve it here. The two cases 416 * where host_pc will not be correct are: 417 * 418 * - fault during translation (instruction fetch) 419 * - fault from helper (not using GETPC() macro) 420 * 421 * Either way we need return early to avoid blowing up on a 422 * recursive tb_lock() as we can't resolve it here. 423 * 424 * We are using unsigned arithmetic so if host_pc < 425 * tcg_init_ctx.code_gen_buffer check_offset will wrap to way 426 * above the code_gen_buffer_size 427 */ 428 check_offset = host_pc - (uintptr_t) tcg_init_ctx.code_gen_buffer; 429 430 if (check_offset < tcg_init_ctx.code_gen_buffer_size) { 431 tb_lock(); 432 tb = tcg_tb_lookup(host_pc); 433 if (tb) { 434 cpu_restore_state_from_tb(cpu, tb, host_pc, will_exit); 435 if (tb->cflags & CF_NOCACHE) { 436 /* one-shot translation, invalidate it immediately */ 437 tb_phys_invalidate(tb, -1); 438 tcg_tb_remove(tb); 439 } 440 r = true; 441 } 442 tb_unlock(); 443 } 444 445 return r; 446 } 447 448 static void page_init(void) 449 { 450 page_size_init(); 451 page_table_config_init(); 452 453 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY) 454 { 455 #ifdef HAVE_KINFO_GETVMMAP 456 struct kinfo_vmentry *freep; 457 int i, cnt; 458 459 freep = kinfo_getvmmap(getpid(), &cnt); 460 if (freep) { 461 mmap_lock(); 462 for (i = 0; i < cnt; i++) { 463 unsigned long startaddr, endaddr; 464 465 startaddr = freep[i].kve_start; 466 endaddr = freep[i].kve_end; 467 if (h2g_valid(startaddr)) { 468 startaddr = h2g(startaddr) & TARGET_PAGE_MASK; 469 470 if (h2g_valid(endaddr)) { 471 endaddr = h2g(endaddr); 472 page_set_flags(startaddr, endaddr, PAGE_RESERVED); 473 } else { 474 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS 475 endaddr = ~0ul; 476 page_set_flags(startaddr, endaddr, PAGE_RESERVED); 477 #endif 478 } 479 } 480 } 481 free(freep); 482 mmap_unlock(); 483 } 484 #else 485 FILE *f; 486 487 last_brk = (unsigned long)sbrk(0); 488 489 f = fopen("/compat/linux/proc/self/maps", "r"); 490 if (f) { 491 mmap_lock(); 492 493 do { 494 unsigned long startaddr, endaddr; 495 int n; 496 497 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr); 498 499 if (n == 2 && h2g_valid(startaddr)) { 500 startaddr = h2g(startaddr) & TARGET_PAGE_MASK; 501 502 if (h2g_valid(endaddr)) { 503 endaddr = h2g(endaddr); 504 } else { 505 endaddr = ~0ul; 506 } 507 page_set_flags(startaddr, endaddr, PAGE_RESERVED); 508 } 509 } while (!feof(f)); 510 511 fclose(f); 512 mmap_unlock(); 513 } 514 #endif 515 } 516 #endif 517 } 518 519 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) 520 { 521 PageDesc *pd; 522 void **lp; 523 int i; 524 525 /* Level 1. Always allocated. */ 526 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1)); 527 528 /* Level 2..N-1. */ 529 for (i = v_l2_levels; i > 0; i--) { 530 void **p = atomic_rcu_read(lp); 531 532 if (p == NULL) { 533 void *existing; 534 535 if (!alloc) { 536 return NULL; 537 } 538 p = g_new0(void *, V_L2_SIZE); 539 existing = atomic_cmpxchg(lp, NULL, p); 540 if (unlikely(existing)) { 541 g_free(p); 542 p = existing; 543 } 544 } 545 546 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1)); 547 } 548 549 pd = atomic_rcu_read(lp); 550 if (pd == NULL) { 551 void *existing; 552 553 if (!alloc) { 554 return NULL; 555 } 556 pd = g_new0(PageDesc, V_L2_SIZE); 557 #ifndef CONFIG_USER_ONLY 558 { 559 int i; 560 561 for (i = 0; i < V_L2_SIZE; i++) { 562 qemu_spin_init(&pd[i].lock); 563 } 564 } 565 #endif 566 existing = atomic_cmpxchg(lp, NULL, pd); 567 if (unlikely(existing)) { 568 g_free(pd); 569 pd = existing; 570 } 571 } 572 573 return pd + (index & (V_L2_SIZE - 1)); 574 } 575 576 static inline PageDesc *page_find(tb_page_addr_t index) 577 { 578 return page_find_alloc(index, 0); 579 } 580 581 static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1, 582 PageDesc **ret_p2, tb_page_addr_t phys2, int alloc); 583 584 /* In user-mode page locks aren't used; mmap_lock is enough */ 585 #ifdef CONFIG_USER_ONLY 586 587 #define assert_page_locked(pd) tcg_debug_assert(have_mmap_lock()) 588 589 static inline void page_lock(PageDesc *pd) 590 { } 591 592 static inline void page_unlock(PageDesc *pd) 593 { } 594 595 static inline void page_lock_tb(const TranslationBlock *tb) 596 { } 597 598 static inline void page_unlock_tb(const TranslationBlock *tb) 599 { } 600 601 struct page_collection * 602 page_collection_lock(tb_page_addr_t start, tb_page_addr_t end) 603 { 604 return NULL; 605 } 606 607 void page_collection_unlock(struct page_collection *set) 608 { } 609 #else /* !CONFIG_USER_ONLY */ 610 611 #ifdef CONFIG_DEBUG_TCG 612 613 static __thread GHashTable *ht_pages_locked_debug; 614 615 static void ht_pages_locked_debug_init(void) 616 { 617 if (ht_pages_locked_debug) { 618 return; 619 } 620 ht_pages_locked_debug = g_hash_table_new(NULL, NULL); 621 } 622 623 static bool page_is_locked(const PageDesc *pd) 624 { 625 PageDesc *found; 626 627 ht_pages_locked_debug_init(); 628 found = g_hash_table_lookup(ht_pages_locked_debug, pd); 629 return !!found; 630 } 631 632 static void page_lock__debug(PageDesc *pd) 633 { 634 ht_pages_locked_debug_init(); 635 g_assert(!page_is_locked(pd)); 636 g_hash_table_insert(ht_pages_locked_debug, pd, pd); 637 } 638 639 static void page_unlock__debug(const PageDesc *pd) 640 { 641 bool removed; 642 643 ht_pages_locked_debug_init(); 644 g_assert(page_is_locked(pd)); 645 removed = g_hash_table_remove(ht_pages_locked_debug, pd); 646 g_assert(removed); 647 } 648 649 static void 650 do_assert_page_locked(const PageDesc *pd, const char *file, int line) 651 { 652 if (unlikely(!page_is_locked(pd))) { 653 error_report("assert_page_lock: PageDesc %p not locked @ %s:%d", 654 pd, file, line); 655 abort(); 656 } 657 } 658 659 #define assert_page_locked(pd) do_assert_page_locked(pd, __FILE__, __LINE__) 660 661 #else /* !CONFIG_DEBUG_TCG */ 662 663 #define assert_page_locked(pd) 664 665 static inline void page_lock__debug(const PageDesc *pd) 666 { 667 } 668 669 static inline void page_unlock__debug(const PageDesc *pd) 670 { 671 } 672 673 #endif /* CONFIG_DEBUG_TCG */ 674 675 static inline void page_lock(PageDesc *pd) 676 { 677 page_lock__debug(pd); 678 qemu_spin_lock(&pd->lock); 679 } 680 681 static inline void page_unlock(PageDesc *pd) 682 { 683 qemu_spin_unlock(&pd->lock); 684 page_unlock__debug(pd); 685 } 686 687 /* lock the page(s) of a TB in the correct acquisition order */ 688 static inline void page_lock_tb(const TranslationBlock *tb) 689 { 690 page_lock_pair(NULL, tb->page_addr[0], NULL, tb->page_addr[1], 0); 691 } 692 693 static inline void page_unlock_tb(const TranslationBlock *tb) 694 { 695 page_unlock(page_find(tb->page_addr[0] >> TARGET_PAGE_BITS)); 696 if (unlikely(tb->page_addr[1] != -1)) { 697 page_unlock(page_find(tb->page_addr[1] >> TARGET_PAGE_BITS)); 698 } 699 } 700 701 static inline struct page_entry * 702 page_entry_new(PageDesc *pd, tb_page_addr_t index) 703 { 704 struct page_entry *pe = g_malloc(sizeof(*pe)); 705 706 pe->index = index; 707 pe->pd = pd; 708 pe->locked = false; 709 return pe; 710 } 711 712 static void page_entry_destroy(gpointer p) 713 { 714 struct page_entry *pe = p; 715 716 g_assert(pe->locked); 717 page_unlock(pe->pd); 718 g_free(pe); 719 } 720 721 /* returns false on success */ 722 static bool page_entry_trylock(struct page_entry *pe) 723 { 724 bool busy; 725 726 busy = qemu_spin_trylock(&pe->pd->lock); 727 if (!busy) { 728 g_assert(!pe->locked); 729 pe->locked = true; 730 page_lock__debug(pe->pd); 731 } 732 return busy; 733 } 734 735 static void do_page_entry_lock(struct page_entry *pe) 736 { 737 page_lock(pe->pd); 738 g_assert(!pe->locked); 739 pe->locked = true; 740 } 741 742 static gboolean page_entry_lock(gpointer key, gpointer value, gpointer data) 743 { 744 struct page_entry *pe = value; 745 746 do_page_entry_lock(pe); 747 return FALSE; 748 } 749 750 static gboolean page_entry_unlock(gpointer key, gpointer value, gpointer data) 751 { 752 struct page_entry *pe = value; 753 754 if (pe->locked) { 755 pe->locked = false; 756 page_unlock(pe->pd); 757 } 758 return FALSE; 759 } 760 761 /* 762 * Trylock a page, and if successful, add the page to a collection. 763 * Returns true ("busy") if the page could not be locked; false otherwise. 764 */ 765 static bool page_trylock_add(struct page_collection *set, tb_page_addr_t addr) 766 { 767 tb_page_addr_t index = addr >> TARGET_PAGE_BITS; 768 struct page_entry *pe; 769 PageDesc *pd; 770 771 pe = g_tree_lookup(set->tree, &index); 772 if (pe) { 773 return false; 774 } 775 776 pd = page_find(index); 777 if (pd == NULL) { 778 return false; 779 } 780 781 pe = page_entry_new(pd, index); 782 g_tree_insert(set->tree, &pe->index, pe); 783 784 /* 785 * If this is either (1) the first insertion or (2) a page whose index 786 * is higher than any other so far, just lock the page and move on. 787 */ 788 if (set->max == NULL || pe->index > set->max->index) { 789 set->max = pe; 790 do_page_entry_lock(pe); 791 return false; 792 } 793 /* 794 * Try to acquire out-of-order lock; if busy, return busy so that we acquire 795 * locks in order. 796 */ 797 return page_entry_trylock(pe); 798 } 799 800 static gint tb_page_addr_cmp(gconstpointer ap, gconstpointer bp, gpointer udata) 801 { 802 tb_page_addr_t a = *(const tb_page_addr_t *)ap; 803 tb_page_addr_t b = *(const tb_page_addr_t *)bp; 804 805 if (a == b) { 806 return 0; 807 } else if (a < b) { 808 return -1; 809 } 810 return 1; 811 } 812 813 /* 814 * Lock a range of pages ([@start,@end[) as well as the pages of all 815 * intersecting TBs. 816 * Locking order: acquire locks in ascending order of page index. 817 */ 818 struct page_collection * 819 page_collection_lock(tb_page_addr_t start, tb_page_addr_t end) 820 { 821 struct page_collection *set = g_malloc(sizeof(*set)); 822 tb_page_addr_t index; 823 PageDesc *pd; 824 825 start >>= TARGET_PAGE_BITS; 826 end >>= TARGET_PAGE_BITS; 827 g_assert(start <= end); 828 829 set->tree = g_tree_new_full(tb_page_addr_cmp, NULL, NULL, 830 page_entry_destroy); 831 set->max = NULL; 832 833 retry: 834 g_tree_foreach(set->tree, page_entry_lock, NULL); 835 836 for (index = start; index <= end; index++) { 837 TranslationBlock *tb; 838 int n; 839 840 pd = page_find(index); 841 if (pd == NULL) { 842 continue; 843 } 844 if (page_trylock_add(set, index << TARGET_PAGE_BITS)) { 845 g_tree_foreach(set->tree, page_entry_unlock, NULL); 846 goto retry; 847 } 848 assert_page_locked(pd); 849 PAGE_FOR_EACH_TB(pd, tb, n) { 850 if (page_trylock_add(set, tb->page_addr[0]) || 851 (tb->page_addr[1] != -1 && 852 page_trylock_add(set, tb->page_addr[1]))) { 853 /* drop all locks, and reacquire in order */ 854 g_tree_foreach(set->tree, page_entry_unlock, NULL); 855 goto retry; 856 } 857 } 858 } 859 return set; 860 } 861 862 void page_collection_unlock(struct page_collection *set) 863 { 864 /* entries are unlocked and freed via page_entry_destroy */ 865 g_tree_destroy(set->tree); 866 g_free(set); 867 } 868 869 #endif /* !CONFIG_USER_ONLY */ 870 871 static void page_lock_pair(PageDesc **ret_p1, tb_page_addr_t phys1, 872 PageDesc **ret_p2, tb_page_addr_t phys2, int alloc) 873 { 874 PageDesc *p1, *p2; 875 876 assert_memory_lock(); 877 g_assert(phys1 != -1 && phys1 != phys2); 878 p1 = page_find_alloc(phys1 >> TARGET_PAGE_BITS, alloc); 879 if (ret_p1) { 880 *ret_p1 = p1; 881 } 882 if (likely(phys2 == -1)) { 883 page_lock(p1); 884 return; 885 } 886 p2 = page_find_alloc(phys2 >> TARGET_PAGE_BITS, alloc); 887 if (ret_p2) { 888 *ret_p2 = p2; 889 } 890 if (phys1 < phys2) { 891 page_lock(p1); 892 page_lock(p2); 893 } else { 894 page_lock(p2); 895 page_lock(p1); 896 } 897 } 898 899 #if defined(CONFIG_USER_ONLY) 900 /* Currently it is not recommended to allocate big chunks of data in 901 user mode. It will change when a dedicated libc will be used. */ 902 /* ??? 64-bit hosts ought to have no problem mmaping data outside the 903 region in which the guest needs to run. Revisit this. */ 904 #define USE_STATIC_CODE_GEN_BUFFER 905 #endif 906 907 /* Minimum size of the code gen buffer. This number is randomly chosen, 908 but not so small that we can't have a fair number of TB's live. */ 909 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024) 910 911 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise 912 indicated, this is constrained by the range of direct branches on the 913 host cpu, as used by the TCG implementation of goto_tb. */ 914 #if defined(__x86_64__) 915 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) 916 #elif defined(__sparc__) 917 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) 918 #elif defined(__powerpc64__) 919 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) 920 #elif defined(__powerpc__) 921 # define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024) 922 #elif defined(__aarch64__) 923 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024) 924 #elif defined(__s390x__) 925 /* We have a +- 4GB range on the branches; leave some slop. */ 926 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024) 927 #elif defined(__mips__) 928 /* We have a 256MB branch region, but leave room to make sure the 929 main executable is also within that region. */ 930 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024) 931 #else 932 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1) 933 #endif 934 935 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024) 936 937 #define DEFAULT_CODE_GEN_BUFFER_SIZE \ 938 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \ 939 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE) 940 941 static inline size_t size_code_gen_buffer(size_t tb_size) 942 { 943 /* Size the buffer. */ 944 if (tb_size == 0) { 945 #ifdef USE_STATIC_CODE_GEN_BUFFER 946 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE; 947 #else 948 /* ??? Needs adjustments. */ 949 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the 950 static buffer, we could size this on RESERVED_VA, on the text 951 segment size of the executable, or continue to use the default. */ 952 tb_size = (unsigned long)(ram_size / 4); 953 #endif 954 } 955 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) { 956 tb_size = MIN_CODE_GEN_BUFFER_SIZE; 957 } 958 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) { 959 tb_size = MAX_CODE_GEN_BUFFER_SIZE; 960 } 961 return tb_size; 962 } 963 964 #ifdef __mips__ 965 /* In order to use J and JAL within the code_gen_buffer, we require 966 that the buffer not cross a 256MB boundary. */ 967 static inline bool cross_256mb(void *addr, size_t size) 968 { 969 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful; 970 } 971 972 /* We weren't able to allocate a buffer without crossing that boundary, 973 so make do with the larger portion of the buffer that doesn't cross. 974 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */ 975 static inline void *split_cross_256mb(void *buf1, size_t size1) 976 { 977 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful); 978 size_t size2 = buf1 + size1 - buf2; 979 980 size1 = buf2 - buf1; 981 if (size1 < size2) { 982 size1 = size2; 983 buf1 = buf2; 984 } 985 986 tcg_ctx->code_gen_buffer_size = size1; 987 return buf1; 988 } 989 #endif 990 991 #ifdef USE_STATIC_CODE_GEN_BUFFER 992 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE] 993 __attribute__((aligned(CODE_GEN_ALIGN))); 994 995 static inline void *alloc_code_gen_buffer(void) 996 { 997 void *buf = static_code_gen_buffer; 998 void *end = static_code_gen_buffer + sizeof(static_code_gen_buffer); 999 size_t size; 1000 1001 /* page-align the beginning and end of the buffer */ 1002 buf = QEMU_ALIGN_PTR_UP(buf, qemu_real_host_page_size); 1003 end = QEMU_ALIGN_PTR_DOWN(end, qemu_real_host_page_size); 1004 1005 size = end - buf; 1006 1007 /* Honor a command-line option limiting the size of the buffer. */ 1008 if (size > tcg_ctx->code_gen_buffer_size) { 1009 size = QEMU_ALIGN_DOWN(tcg_ctx->code_gen_buffer_size, 1010 qemu_real_host_page_size); 1011 } 1012 tcg_ctx->code_gen_buffer_size = size; 1013 1014 #ifdef __mips__ 1015 if (cross_256mb(buf, size)) { 1016 buf = split_cross_256mb(buf, size); 1017 size = tcg_ctx->code_gen_buffer_size; 1018 } 1019 #endif 1020 1021 if (qemu_mprotect_rwx(buf, size)) { 1022 abort(); 1023 } 1024 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE); 1025 1026 return buf; 1027 } 1028 #elif defined(_WIN32) 1029 static inline void *alloc_code_gen_buffer(void) 1030 { 1031 size_t size = tcg_ctx->code_gen_buffer_size; 1032 return VirtualAlloc(NULL, size, MEM_RESERVE | MEM_COMMIT, 1033 PAGE_EXECUTE_READWRITE); 1034 } 1035 #else 1036 static inline void *alloc_code_gen_buffer(void) 1037 { 1038 int prot = PROT_WRITE | PROT_READ | PROT_EXEC; 1039 int flags = MAP_PRIVATE | MAP_ANONYMOUS; 1040 uintptr_t start = 0; 1041 size_t size = tcg_ctx->code_gen_buffer_size; 1042 void *buf; 1043 1044 /* Constrain the position of the buffer based on the host cpu. 1045 Note that these addresses are chosen in concert with the 1046 addresses assigned in the relevant linker script file. */ 1047 # if defined(__PIE__) || defined(__PIC__) 1048 /* Don't bother setting a preferred location if we're building 1049 a position-independent executable. We're more likely to get 1050 an address near the main executable if we let the kernel 1051 choose the address. */ 1052 # elif defined(__x86_64__) && defined(MAP_32BIT) 1053 /* Force the memory down into low memory with the executable. 1054 Leave the choice of exact location with the kernel. */ 1055 flags |= MAP_32BIT; 1056 /* Cannot expect to map more than 800MB in low memory. */ 1057 if (size > 800u * 1024 * 1024) { 1058 tcg_ctx->code_gen_buffer_size = size = 800u * 1024 * 1024; 1059 } 1060 # elif defined(__sparc__) 1061 start = 0x40000000ul; 1062 # elif defined(__s390x__) 1063 start = 0x90000000ul; 1064 # elif defined(__mips__) 1065 # if _MIPS_SIM == _ABI64 1066 start = 0x128000000ul; 1067 # else 1068 start = 0x08000000ul; 1069 # endif 1070 # endif 1071 1072 buf = mmap((void *)start, size, prot, flags, -1, 0); 1073 if (buf == MAP_FAILED) { 1074 return NULL; 1075 } 1076 1077 #ifdef __mips__ 1078 if (cross_256mb(buf, size)) { 1079 /* Try again, with the original still mapped, to avoid re-acquiring 1080 that 256mb crossing. This time don't specify an address. */ 1081 size_t size2; 1082 void *buf2 = mmap(NULL, size, prot, flags, -1, 0); 1083 switch ((int)(buf2 != MAP_FAILED)) { 1084 case 1: 1085 if (!cross_256mb(buf2, size)) { 1086 /* Success! Use the new buffer. */ 1087 munmap(buf, size); 1088 break; 1089 } 1090 /* Failure. Work with what we had. */ 1091 munmap(buf2, size); 1092 /* fallthru */ 1093 default: 1094 /* Split the original buffer. Free the smaller half. */ 1095 buf2 = split_cross_256mb(buf, size); 1096 size2 = tcg_ctx->code_gen_buffer_size; 1097 if (buf == buf2) { 1098 munmap(buf + size2, size - size2); 1099 } else { 1100 munmap(buf, size - size2); 1101 } 1102 size = size2; 1103 break; 1104 } 1105 buf = buf2; 1106 } 1107 #endif 1108 1109 /* Request large pages for the buffer. */ 1110 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE); 1111 1112 return buf; 1113 } 1114 #endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */ 1115 1116 static inline void code_gen_alloc(size_t tb_size) 1117 { 1118 tcg_ctx->code_gen_buffer_size = size_code_gen_buffer(tb_size); 1119 tcg_ctx->code_gen_buffer = alloc_code_gen_buffer(); 1120 if (tcg_ctx->code_gen_buffer == NULL) { 1121 fprintf(stderr, "Could not allocate dynamic translator buffer\n"); 1122 exit(1); 1123 } 1124 qemu_mutex_init(&tb_ctx.tb_lock); 1125 } 1126 1127 static bool tb_cmp(const void *ap, const void *bp) 1128 { 1129 const TranslationBlock *a = ap; 1130 const TranslationBlock *b = bp; 1131 1132 return a->pc == b->pc && 1133 a->cs_base == b->cs_base && 1134 a->flags == b->flags && 1135 (tb_cflags(a) & CF_HASH_MASK) == (tb_cflags(b) & CF_HASH_MASK) && 1136 a->trace_vcpu_dstate == b->trace_vcpu_dstate && 1137 a->page_addr[0] == b->page_addr[0] && 1138 a->page_addr[1] == b->page_addr[1]; 1139 } 1140 1141 static void tb_htable_init(void) 1142 { 1143 unsigned int mode = QHT_MODE_AUTO_RESIZE; 1144 1145 qht_init(&tb_ctx.htable, tb_cmp, CODE_GEN_HTABLE_SIZE, mode); 1146 } 1147 1148 /* Must be called before using the QEMU cpus. 'tb_size' is the size 1149 (in bytes) allocated to the translation buffer. Zero means default 1150 size. */ 1151 void tcg_exec_init(unsigned long tb_size) 1152 { 1153 tcg_allowed = true; 1154 cpu_gen_init(); 1155 page_init(); 1156 tb_htable_init(); 1157 code_gen_alloc(tb_size); 1158 #if defined(CONFIG_SOFTMMU) 1159 /* There's no guest base to take into account, so go ahead and 1160 initialize the prologue now. */ 1161 tcg_prologue_init(tcg_ctx); 1162 #endif 1163 } 1164 1165 /* 1166 * Allocate a new translation block. Flush the translation buffer if 1167 * too many translation blocks or too much generated code. 1168 * 1169 * Called with tb_lock held. 1170 */ 1171 static TranslationBlock *tb_alloc(target_ulong pc) 1172 { 1173 TranslationBlock *tb; 1174 1175 assert_tb_locked(); 1176 1177 tb = tcg_tb_alloc(tcg_ctx); 1178 if (unlikely(tb == NULL)) { 1179 return NULL; 1180 } 1181 return tb; 1182 } 1183 1184 /* call with @p->lock held */ 1185 static inline void invalidate_page_bitmap(PageDesc *p) 1186 { 1187 assert_page_locked(p); 1188 #ifdef CONFIG_SOFTMMU 1189 g_free(p->code_bitmap); 1190 p->code_bitmap = NULL; 1191 p->code_write_count = 0; 1192 #endif 1193 } 1194 1195 /* Set to NULL all the 'first_tb' fields in all PageDescs. */ 1196 static void page_flush_tb_1(int level, void **lp) 1197 { 1198 int i; 1199 1200 if (*lp == NULL) { 1201 return; 1202 } 1203 if (level == 0) { 1204 PageDesc *pd = *lp; 1205 1206 for (i = 0; i < V_L2_SIZE; ++i) { 1207 page_lock(&pd[i]); 1208 pd[i].first_tb = (uintptr_t)NULL; 1209 invalidate_page_bitmap(pd + i); 1210 page_unlock(&pd[i]); 1211 } 1212 } else { 1213 void **pp = *lp; 1214 1215 for (i = 0; i < V_L2_SIZE; ++i) { 1216 page_flush_tb_1(level - 1, pp + i); 1217 } 1218 } 1219 } 1220 1221 static void page_flush_tb(void) 1222 { 1223 int i, l1_sz = v_l1_size; 1224 1225 for (i = 0; i < l1_sz; i++) { 1226 page_flush_tb_1(v_l2_levels, l1_map + i); 1227 } 1228 } 1229 1230 static gboolean tb_host_size_iter(gpointer key, gpointer value, gpointer data) 1231 { 1232 const TranslationBlock *tb = value; 1233 size_t *size = data; 1234 1235 *size += tb->tc.size; 1236 return false; 1237 } 1238 1239 /* flush all the translation blocks */ 1240 static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count) 1241 { 1242 tb_lock(); 1243 1244 /* If it is already been done on request of another CPU, 1245 * just retry. 1246 */ 1247 if (tb_ctx.tb_flush_count != tb_flush_count.host_int) { 1248 goto done; 1249 } 1250 1251 if (DEBUG_TB_FLUSH_GATE) { 1252 size_t nb_tbs = tcg_nb_tbs(); 1253 size_t host_size = 0; 1254 1255 tcg_tb_foreach(tb_host_size_iter, &host_size); 1256 printf("qemu: flush code_size=%zu nb_tbs=%zu avg_tb_size=%zu\n", 1257 tcg_code_size(), nb_tbs, nb_tbs > 0 ? host_size / nb_tbs : 0); 1258 } 1259 1260 CPU_FOREACH(cpu) { 1261 cpu_tb_jmp_cache_clear(cpu); 1262 } 1263 1264 qht_reset_size(&tb_ctx.htable, CODE_GEN_HTABLE_SIZE); 1265 page_flush_tb(); 1266 1267 tcg_region_reset_all(); 1268 /* XXX: flush processor icache at this point if cache flush is 1269 expensive */ 1270 atomic_mb_set(&tb_ctx.tb_flush_count, tb_ctx.tb_flush_count + 1); 1271 1272 done: 1273 tb_unlock(); 1274 } 1275 1276 void tb_flush(CPUState *cpu) 1277 { 1278 if (tcg_enabled()) { 1279 unsigned tb_flush_count = atomic_mb_read(&tb_ctx.tb_flush_count); 1280 async_safe_run_on_cpu(cpu, do_tb_flush, 1281 RUN_ON_CPU_HOST_INT(tb_flush_count)); 1282 } 1283 } 1284 1285 /* 1286 * Formerly ifdef DEBUG_TB_CHECK. These debug functions are user-mode-only, 1287 * so in order to prevent bit rot we compile them unconditionally in user-mode, 1288 * and let the optimizer get rid of them by wrapping their user-only callers 1289 * with if (DEBUG_TB_CHECK_GATE). 1290 */ 1291 #ifdef CONFIG_USER_ONLY 1292 1293 static void 1294 do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp) 1295 { 1296 TranslationBlock *tb = p; 1297 target_ulong addr = *(target_ulong *)userp; 1298 1299 if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) { 1300 printf("ERROR invalidate: address=" TARGET_FMT_lx 1301 " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size); 1302 } 1303 } 1304 1305 /* verify that all the pages have correct rights for code 1306 * 1307 * Called with tb_lock held. 1308 */ 1309 static void tb_invalidate_check(target_ulong address) 1310 { 1311 address &= TARGET_PAGE_MASK; 1312 qht_iter(&tb_ctx.htable, do_tb_invalidate_check, &address); 1313 } 1314 1315 static void 1316 do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp) 1317 { 1318 TranslationBlock *tb = p; 1319 int flags1, flags2; 1320 1321 flags1 = page_get_flags(tb->pc); 1322 flags2 = page_get_flags(tb->pc + tb->size - 1); 1323 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) { 1324 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n", 1325 (long)tb->pc, tb->size, flags1, flags2); 1326 } 1327 } 1328 1329 /* verify that all the pages have correct rights for code */ 1330 static void tb_page_check(void) 1331 { 1332 qht_iter(&tb_ctx.htable, do_tb_page_check, NULL); 1333 } 1334 1335 #endif /* CONFIG_USER_ONLY */ 1336 1337 /* call with @pd->lock held */ 1338 static inline void tb_page_remove(PageDesc *pd, TranslationBlock *tb) 1339 { 1340 TranslationBlock *tb1; 1341 uintptr_t *pprev; 1342 unsigned int n1; 1343 1344 assert_page_locked(pd); 1345 pprev = &pd->first_tb; 1346 PAGE_FOR_EACH_TB(pd, tb1, n1) { 1347 if (tb1 == tb) { 1348 *pprev = tb1->page_next[n1]; 1349 return; 1350 } 1351 pprev = &tb1->page_next[n1]; 1352 } 1353 g_assert_not_reached(); 1354 } 1355 1356 /* remove the TB from a list of TBs jumping to the n-th jump target of the TB */ 1357 static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n) 1358 { 1359 TranslationBlock *tb1; 1360 uintptr_t *ptb, ntb; 1361 unsigned int n1; 1362 1363 ptb = &tb->jmp_list_next[n]; 1364 if (*ptb) { 1365 /* find tb(n) in circular list */ 1366 for (;;) { 1367 ntb = *ptb; 1368 n1 = ntb & 3; 1369 tb1 = (TranslationBlock *)(ntb & ~3); 1370 if (n1 == n && tb1 == tb) { 1371 break; 1372 } 1373 if (n1 == 2) { 1374 ptb = &tb1->jmp_list_first; 1375 } else { 1376 ptb = &tb1->jmp_list_next[n1]; 1377 } 1378 } 1379 /* now we can suppress tb(n) from the list */ 1380 *ptb = tb->jmp_list_next[n]; 1381 1382 tb->jmp_list_next[n] = (uintptr_t)NULL; 1383 } 1384 } 1385 1386 /* reset the jump entry 'n' of a TB so that it is not chained to 1387 another TB */ 1388 static inline void tb_reset_jump(TranslationBlock *tb, int n) 1389 { 1390 uintptr_t addr = (uintptr_t)(tb->tc.ptr + tb->jmp_reset_offset[n]); 1391 tb_set_jmp_target(tb, n, addr); 1392 } 1393 1394 /* remove any jumps to the TB */ 1395 static inline void tb_jmp_unlink(TranslationBlock *tb) 1396 { 1397 TranslationBlock *tb1; 1398 uintptr_t *ptb, ntb; 1399 unsigned int n1; 1400 1401 ptb = &tb->jmp_list_first; 1402 for (;;) { 1403 ntb = *ptb; 1404 n1 = ntb & 3; 1405 tb1 = (TranslationBlock *)(ntb & ~3); 1406 if (n1 == 2) { 1407 break; 1408 } 1409 tb_reset_jump(tb1, n1); 1410 *ptb = tb1->jmp_list_next[n1]; 1411 tb1->jmp_list_next[n1] = (uintptr_t)NULL; 1412 } 1413 } 1414 1415 /* If @rm_from_page_list is set, call with the TB's pages' locks held */ 1416 static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list) 1417 { 1418 CPUState *cpu; 1419 PageDesc *p; 1420 uint32_t h; 1421 tb_page_addr_t phys_pc; 1422 1423 assert_tb_locked(); 1424 1425 atomic_set(&tb->cflags, tb->cflags | CF_INVALID); 1426 1427 /* remove the TB from the hash list */ 1428 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); 1429 h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags & CF_HASH_MASK, 1430 tb->trace_vcpu_dstate); 1431 if (!qht_remove(&tb_ctx.htable, tb, h)) { 1432 return; 1433 } 1434 1435 /* remove the TB from the page list */ 1436 if (rm_from_page_list) { 1437 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS); 1438 tb_page_remove(p, tb); 1439 invalidate_page_bitmap(p); 1440 if (tb->page_addr[1] != -1) { 1441 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS); 1442 tb_page_remove(p, tb); 1443 invalidate_page_bitmap(p); 1444 } 1445 } 1446 1447 /* remove the TB from the hash list */ 1448 h = tb_jmp_cache_hash_func(tb->pc); 1449 CPU_FOREACH(cpu) { 1450 if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) { 1451 atomic_set(&cpu->tb_jmp_cache[h], NULL); 1452 } 1453 } 1454 1455 /* suppress this TB from the two jump lists */ 1456 tb_remove_from_jmp_list(tb, 0); 1457 tb_remove_from_jmp_list(tb, 1); 1458 1459 /* suppress any remaining jumps to this TB */ 1460 tb_jmp_unlink(tb); 1461 1462 atomic_set(&tcg_ctx->tb_phys_invalidate_count, 1463 tcg_ctx->tb_phys_invalidate_count + 1); 1464 } 1465 1466 static void tb_phys_invalidate__locked(TranslationBlock *tb) 1467 { 1468 do_tb_phys_invalidate(tb, true); 1469 } 1470 1471 /* invalidate one TB 1472 * 1473 * Called with tb_lock held. 1474 */ 1475 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) 1476 { 1477 if (page_addr == -1) { 1478 page_lock_tb(tb); 1479 do_tb_phys_invalidate(tb, true); 1480 page_unlock_tb(tb); 1481 } else { 1482 do_tb_phys_invalidate(tb, false); 1483 } 1484 } 1485 1486 #ifdef CONFIG_SOFTMMU 1487 /* call with @p->lock held */ 1488 static void build_page_bitmap(PageDesc *p) 1489 { 1490 int n, tb_start, tb_end; 1491 TranslationBlock *tb; 1492 1493 assert_page_locked(p); 1494 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE); 1495 1496 PAGE_FOR_EACH_TB(p, tb, n) { 1497 /* NOTE: this is subtle as a TB may span two physical pages */ 1498 if (n == 0) { 1499 /* NOTE: tb_end may be after the end of the page, but 1500 it is not a problem */ 1501 tb_start = tb->pc & ~TARGET_PAGE_MASK; 1502 tb_end = tb_start + tb->size; 1503 if (tb_end > TARGET_PAGE_SIZE) { 1504 tb_end = TARGET_PAGE_SIZE; 1505 } 1506 } else { 1507 tb_start = 0; 1508 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); 1509 } 1510 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start); 1511 } 1512 } 1513 #endif 1514 1515 /* add the tb in the target page and protect it if necessary 1516 * 1517 * Called with mmap_lock held for user-mode emulation. 1518 * Called with @p->lock held. 1519 */ 1520 static inline void tb_page_add(PageDesc *p, TranslationBlock *tb, 1521 unsigned int n, tb_page_addr_t page_addr) 1522 { 1523 #ifndef CONFIG_USER_ONLY 1524 bool page_already_protected; 1525 #endif 1526 1527 assert_page_locked(p); 1528 1529 tb->page_addr[n] = page_addr; 1530 tb->page_next[n] = p->first_tb; 1531 #ifndef CONFIG_USER_ONLY 1532 page_already_protected = p->first_tb != (uintptr_t)NULL; 1533 #endif 1534 p->first_tb = (uintptr_t)tb | n; 1535 invalidate_page_bitmap(p); 1536 1537 #if defined(CONFIG_USER_ONLY) 1538 if (p->flags & PAGE_WRITE) { 1539 target_ulong addr; 1540 PageDesc *p2; 1541 int prot; 1542 1543 /* force the host page as non writable (writes will have a 1544 page fault + mprotect overhead) */ 1545 page_addr &= qemu_host_page_mask; 1546 prot = 0; 1547 for (addr = page_addr; addr < page_addr + qemu_host_page_size; 1548 addr += TARGET_PAGE_SIZE) { 1549 1550 p2 = page_find(addr >> TARGET_PAGE_BITS); 1551 if (!p2) { 1552 continue; 1553 } 1554 prot |= p2->flags; 1555 p2->flags &= ~PAGE_WRITE; 1556 } 1557 mprotect(g2h(page_addr), qemu_host_page_size, 1558 (prot & PAGE_BITS) & ~PAGE_WRITE); 1559 if (DEBUG_TB_INVALIDATE_GATE) { 1560 printf("protecting code page: 0x" TB_PAGE_ADDR_FMT "\n", page_addr); 1561 } 1562 } 1563 #else 1564 /* if some code is already present, then the pages are already 1565 protected. So we handle the case where only the first TB is 1566 allocated in a physical page */ 1567 if (!page_already_protected) { 1568 tlb_protect_code(page_addr); 1569 } 1570 #endif 1571 } 1572 1573 /* add a new TB and link it to the physical page tables. phys_page2 is 1574 * (-1) to indicate that only one page contains the TB. 1575 * 1576 * Called with mmap_lock held for user-mode emulation. 1577 */ 1578 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc, 1579 tb_page_addr_t phys_page2) 1580 { 1581 PageDesc *p; 1582 PageDesc *p2 = NULL; 1583 uint32_t h; 1584 1585 assert_memory_lock(); 1586 1587 /* 1588 * Add the TB to the page list, acquiring first the pages's locks. 1589 */ 1590 page_lock_pair(&p, phys_pc, &p2, phys_page2, 1); 1591 tb_page_add(p, tb, 0, phys_pc & TARGET_PAGE_MASK); 1592 if (p2) { 1593 tb_page_add(p2, tb, 1, phys_page2); 1594 } else { 1595 tb->page_addr[1] = -1; 1596 } 1597 1598 if (p2) { 1599 page_unlock(p2); 1600 } 1601 page_unlock(p); 1602 1603 /* add in the hash table */ 1604 h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags & CF_HASH_MASK, 1605 tb->trace_vcpu_dstate); 1606 qht_insert(&tb_ctx.htable, tb, h, NULL); 1607 1608 #ifdef CONFIG_USER_ONLY 1609 if (DEBUG_TB_CHECK_GATE) { 1610 tb_page_check(); 1611 } 1612 #endif 1613 } 1614 1615 /* Called with mmap_lock held for user mode emulation. */ 1616 TranslationBlock *tb_gen_code(CPUState *cpu, 1617 target_ulong pc, target_ulong cs_base, 1618 uint32_t flags, int cflags) 1619 { 1620 CPUArchState *env = cpu->env_ptr; 1621 TranslationBlock *tb; 1622 tb_page_addr_t phys_pc, phys_page2; 1623 target_ulong virt_page2; 1624 tcg_insn_unit *gen_code_buf; 1625 int gen_code_size, search_size; 1626 #ifdef CONFIG_PROFILER 1627 TCGProfile *prof = &tcg_ctx->prof; 1628 int64_t ti; 1629 #endif 1630 assert_memory_lock(); 1631 1632 phys_pc = get_page_addr_code(env, pc); 1633 1634 buffer_overflow: 1635 tb = tb_alloc(pc); 1636 if (unlikely(!tb)) { 1637 /* flush must be done */ 1638 tb_flush(cpu); 1639 mmap_unlock(); 1640 /* Make the execution loop process the flush as soon as possible. */ 1641 cpu->exception_index = EXCP_INTERRUPT; 1642 cpu_loop_exit(cpu); 1643 } 1644 1645 gen_code_buf = tcg_ctx->code_gen_ptr; 1646 tb->tc.ptr = gen_code_buf; 1647 tb->pc = pc; 1648 tb->cs_base = cs_base; 1649 tb->flags = flags; 1650 tb->cflags = cflags; 1651 tb->trace_vcpu_dstate = *cpu->trace_dstate; 1652 tcg_ctx->tb_cflags = cflags; 1653 1654 #ifdef CONFIG_PROFILER 1655 /* includes aborted translations because of exceptions */ 1656 atomic_set(&prof->tb_count1, prof->tb_count1 + 1); 1657 ti = profile_getclock(); 1658 #endif 1659 1660 tcg_func_start(tcg_ctx); 1661 1662 tcg_ctx->cpu = ENV_GET_CPU(env); 1663 gen_intermediate_code(cpu, tb); 1664 tcg_ctx->cpu = NULL; 1665 1666 trace_translate_block(tb, tb->pc, tb->tc.ptr); 1667 1668 /* generate machine code */ 1669 tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID; 1670 tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID; 1671 tcg_ctx->tb_jmp_reset_offset = tb->jmp_reset_offset; 1672 if (TCG_TARGET_HAS_direct_jump) { 1673 tcg_ctx->tb_jmp_insn_offset = tb->jmp_target_arg; 1674 tcg_ctx->tb_jmp_target_addr = NULL; 1675 } else { 1676 tcg_ctx->tb_jmp_insn_offset = NULL; 1677 tcg_ctx->tb_jmp_target_addr = tb->jmp_target_arg; 1678 } 1679 1680 #ifdef CONFIG_PROFILER 1681 atomic_set(&prof->tb_count, prof->tb_count + 1); 1682 atomic_set(&prof->interm_time, prof->interm_time + profile_getclock() - ti); 1683 ti = profile_getclock(); 1684 #endif 1685 1686 /* ??? Overflow could be handled better here. In particular, we 1687 don't need to re-do gen_intermediate_code, nor should we re-do 1688 the tcg optimization currently hidden inside tcg_gen_code. All 1689 that should be required is to flush the TBs, allocate a new TB, 1690 re-initialize it per above, and re-do the actual code generation. */ 1691 gen_code_size = tcg_gen_code(tcg_ctx, tb); 1692 if (unlikely(gen_code_size < 0)) { 1693 goto buffer_overflow; 1694 } 1695 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size); 1696 if (unlikely(search_size < 0)) { 1697 goto buffer_overflow; 1698 } 1699 tb->tc.size = gen_code_size; 1700 1701 #ifdef CONFIG_PROFILER 1702 atomic_set(&prof->code_time, prof->code_time + profile_getclock() - ti); 1703 atomic_set(&prof->code_in_len, prof->code_in_len + tb->size); 1704 atomic_set(&prof->code_out_len, prof->code_out_len + gen_code_size); 1705 atomic_set(&prof->search_out_len, prof->search_out_len + search_size); 1706 #endif 1707 1708 #ifdef DEBUG_DISAS 1709 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) && 1710 qemu_log_in_addr_range(tb->pc)) { 1711 qemu_log_lock(); 1712 qemu_log("OUT: [size=%d]\n", gen_code_size); 1713 if (tcg_ctx->data_gen_ptr) { 1714 size_t code_size = tcg_ctx->data_gen_ptr - tb->tc.ptr; 1715 size_t data_size = gen_code_size - code_size; 1716 size_t i; 1717 1718 log_disas(tb->tc.ptr, code_size); 1719 1720 for (i = 0; i < data_size; i += sizeof(tcg_target_ulong)) { 1721 if (sizeof(tcg_target_ulong) == 8) { 1722 qemu_log("0x%08" PRIxPTR ": .quad 0x%016" PRIx64 "\n", 1723 (uintptr_t)tcg_ctx->data_gen_ptr + i, 1724 *(uint64_t *)(tcg_ctx->data_gen_ptr + i)); 1725 } else { 1726 qemu_log("0x%08" PRIxPTR ": .long 0x%08x\n", 1727 (uintptr_t)tcg_ctx->data_gen_ptr + i, 1728 *(uint32_t *)(tcg_ctx->data_gen_ptr + i)); 1729 } 1730 } 1731 } else { 1732 log_disas(tb->tc.ptr, gen_code_size); 1733 } 1734 qemu_log("\n"); 1735 qemu_log_flush(); 1736 qemu_log_unlock(); 1737 } 1738 #endif 1739 1740 atomic_set(&tcg_ctx->code_gen_ptr, (void *) 1741 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size, 1742 CODE_GEN_ALIGN)); 1743 1744 /* init jump list */ 1745 assert(((uintptr_t)tb & 3) == 0); 1746 tb->jmp_list_first = (uintptr_t)tb | 2; 1747 tb->jmp_list_next[0] = (uintptr_t)NULL; 1748 tb->jmp_list_next[1] = (uintptr_t)NULL; 1749 1750 /* init original jump addresses wich has been set during tcg_gen_code() */ 1751 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) { 1752 tb_reset_jump(tb, 0); 1753 } 1754 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) { 1755 tb_reset_jump(tb, 1); 1756 } 1757 1758 /* check next page if needed */ 1759 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK; 1760 phys_page2 = -1; 1761 if ((pc & TARGET_PAGE_MASK) != virt_page2) { 1762 phys_page2 = get_page_addr_code(env, virt_page2); 1763 } 1764 /* As long as consistency of the TB stuff is provided by tb_lock in user 1765 * mode and is implicit in single-threaded softmmu emulation, no explicit 1766 * memory barrier is required before tb_link_page() makes the TB visible 1767 * through the physical hash table and physical page list. 1768 */ 1769 tb_link_page(tb, phys_pc, phys_page2); 1770 tcg_tb_insert(tb); 1771 return tb; 1772 } 1773 1774 /* 1775 * Call with all @pages locked. 1776 * @p must be non-NULL. 1777 */ 1778 static void 1779 tb_invalidate_phys_page_range__locked(struct page_collection *pages, 1780 PageDesc *p, tb_page_addr_t start, 1781 tb_page_addr_t end, 1782 int is_cpu_write_access) 1783 { 1784 TranslationBlock *tb; 1785 tb_page_addr_t tb_start, tb_end; 1786 int n; 1787 #ifdef TARGET_HAS_PRECISE_SMC 1788 CPUState *cpu = current_cpu; 1789 CPUArchState *env = NULL; 1790 int current_tb_not_found = is_cpu_write_access; 1791 TranslationBlock *current_tb = NULL; 1792 int current_tb_modified = 0; 1793 target_ulong current_pc = 0; 1794 target_ulong current_cs_base = 0; 1795 uint32_t current_flags = 0; 1796 #endif /* TARGET_HAS_PRECISE_SMC */ 1797 1798 assert_page_locked(p); 1799 1800 #if defined(TARGET_HAS_PRECISE_SMC) 1801 if (cpu != NULL) { 1802 env = cpu->env_ptr; 1803 } 1804 #endif 1805 1806 /* we remove all the TBs in the range [start, end[ */ 1807 /* XXX: see if in some cases it could be faster to invalidate all 1808 the code */ 1809 PAGE_FOR_EACH_TB(p, tb, n) { 1810 assert_page_locked(p); 1811 /* NOTE: this is subtle as a TB may span two physical pages */ 1812 if (n == 0) { 1813 /* NOTE: tb_end may be after the end of the page, but 1814 it is not a problem */ 1815 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); 1816 tb_end = tb_start + tb->size; 1817 } else { 1818 tb_start = tb->page_addr[1]; 1819 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); 1820 } 1821 if (!(tb_end <= start || tb_start >= end)) { 1822 #ifdef TARGET_HAS_PRECISE_SMC 1823 if (current_tb_not_found) { 1824 current_tb_not_found = 0; 1825 current_tb = NULL; 1826 if (cpu->mem_io_pc) { 1827 /* now we have a real cpu fault */ 1828 current_tb = tcg_tb_lookup(cpu->mem_io_pc); 1829 } 1830 } 1831 if (current_tb == tb && 1832 (current_tb->cflags & CF_COUNT_MASK) != 1) { 1833 /* If we are modifying the current TB, we must stop 1834 its execution. We could be more precise by checking 1835 that the modification is after the current PC, but it 1836 would require a specialized function to partially 1837 restore the CPU state */ 1838 1839 current_tb_modified = 1; 1840 cpu_restore_state_from_tb(cpu, current_tb, 1841 cpu->mem_io_pc, true); 1842 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base, 1843 ¤t_flags); 1844 } 1845 #endif /* TARGET_HAS_PRECISE_SMC */ 1846 tb_phys_invalidate__locked(tb); 1847 } 1848 } 1849 #if !defined(CONFIG_USER_ONLY) 1850 /* if no code remaining, no need to continue to use slow writes */ 1851 if (!p->first_tb) { 1852 invalidate_page_bitmap(p); 1853 tlb_unprotect_code(start); 1854 } 1855 #endif 1856 #ifdef TARGET_HAS_PRECISE_SMC 1857 if (current_tb_modified) { 1858 page_collection_unlock(pages); 1859 /* Force execution of one insn next time. */ 1860 cpu->cflags_next_tb = 1 | curr_cflags(); 1861 cpu_loop_exit_noexc(cpu); 1862 } 1863 #endif 1864 } 1865 1866 /* 1867 * Invalidate all TBs which intersect with the target physical address range 1868 * [start;end[. NOTE: start and end must refer to the *same* physical page. 1869 * 'is_cpu_write_access' should be true if called from a real cpu write 1870 * access: the virtual CPU will exit the current TB if code is modified inside 1871 * this TB. 1872 * 1873 * Called with tb_lock/mmap_lock held for user-mode emulation 1874 * Called with tb_lock held for system-mode emulation 1875 */ 1876 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, 1877 int is_cpu_write_access) 1878 { 1879 struct page_collection *pages; 1880 PageDesc *p; 1881 1882 assert_memory_lock(); 1883 assert_tb_locked(); 1884 1885 p = page_find(start >> TARGET_PAGE_BITS); 1886 if (p == NULL) { 1887 return; 1888 } 1889 pages = page_collection_lock(start, end); 1890 tb_invalidate_phys_page_range__locked(pages, p, start, end, 1891 is_cpu_write_access); 1892 page_collection_unlock(pages); 1893 } 1894 1895 /* 1896 * Invalidate all TBs which intersect with the target physical address range 1897 * [start;end[. NOTE: start and end may refer to *different* physical pages. 1898 * 'is_cpu_write_access' should be true if called from a real cpu write 1899 * access: the virtual CPU will exit the current TB if code is modified inside 1900 * this TB. 1901 * 1902 * Called with mmap_lock held for user-mode emulation, grabs tb_lock 1903 * Called with tb_lock held for system-mode emulation 1904 */ 1905 static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end) 1906 { 1907 struct page_collection *pages; 1908 tb_page_addr_t next; 1909 1910 pages = page_collection_lock(start, end); 1911 for (next = (start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE; 1912 start < end; 1913 start = next, next += TARGET_PAGE_SIZE) { 1914 PageDesc *pd = page_find(start >> TARGET_PAGE_BITS); 1915 tb_page_addr_t bound = MIN(next, end); 1916 1917 if (pd == NULL) { 1918 continue; 1919 } 1920 tb_invalidate_phys_page_range__locked(pages, pd, start, bound, 0); 1921 } 1922 page_collection_unlock(pages); 1923 } 1924 1925 #ifdef CONFIG_SOFTMMU 1926 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end) 1927 { 1928 assert_tb_locked(); 1929 tb_invalidate_phys_range_1(start, end); 1930 } 1931 #else 1932 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end) 1933 { 1934 assert_memory_lock(); 1935 tb_lock(); 1936 tb_invalidate_phys_range_1(start, end); 1937 tb_unlock(); 1938 } 1939 #endif 1940 1941 #ifdef CONFIG_SOFTMMU 1942 /* len must be <= 8 and start must be a multiple of len. 1943 * Called via softmmu_template.h when code areas are written to with 1944 * iothread mutex not held. 1945 */ 1946 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len) 1947 { 1948 struct page_collection *pages; 1949 PageDesc *p; 1950 1951 #if 0 1952 if (1) { 1953 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n", 1954 cpu_single_env->mem_io_vaddr, len, 1955 cpu_single_env->eip, 1956 cpu_single_env->eip + 1957 (intptr_t)cpu_single_env->segs[R_CS].base); 1958 } 1959 #endif 1960 assert_memory_lock(); 1961 1962 p = page_find(start >> TARGET_PAGE_BITS); 1963 if (!p) { 1964 return; 1965 } 1966 1967 pages = page_collection_lock(start, start + len); 1968 assert_page_locked(p); 1969 if (!p->code_bitmap && 1970 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) { 1971 build_page_bitmap(p); 1972 } 1973 if (p->code_bitmap) { 1974 unsigned int nr; 1975 unsigned long b; 1976 1977 nr = start & ~TARGET_PAGE_MASK; 1978 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1)); 1979 if (b & ((1 << len) - 1)) { 1980 goto do_invalidate; 1981 } 1982 } else { 1983 do_invalidate: 1984 tb_invalidate_phys_page_range__locked(pages, p, start, start + len, 1); 1985 } 1986 page_collection_unlock(pages); 1987 } 1988 #else 1989 /* Called with mmap_lock held. If pc is not 0 then it indicates the 1990 * host PC of the faulting store instruction that caused this invalidate. 1991 * Returns true if the caller needs to abort execution of the current 1992 * TB (because it was modified by this store and the guest CPU has 1993 * precise-SMC semantics). 1994 */ 1995 static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc) 1996 { 1997 TranslationBlock *tb; 1998 PageDesc *p; 1999 int n; 2000 #ifdef TARGET_HAS_PRECISE_SMC 2001 TranslationBlock *current_tb = NULL; 2002 CPUState *cpu = current_cpu; 2003 CPUArchState *env = NULL; 2004 int current_tb_modified = 0; 2005 target_ulong current_pc = 0; 2006 target_ulong current_cs_base = 0; 2007 uint32_t current_flags = 0; 2008 #endif 2009 2010 assert_memory_lock(); 2011 2012 addr &= TARGET_PAGE_MASK; 2013 p = page_find(addr >> TARGET_PAGE_BITS); 2014 if (!p) { 2015 return false; 2016 } 2017 2018 tb_lock(); 2019 #ifdef TARGET_HAS_PRECISE_SMC 2020 if (p->first_tb && pc != 0) { 2021 current_tb = tcg_tb_lookup(pc); 2022 } 2023 if (cpu != NULL) { 2024 env = cpu->env_ptr; 2025 } 2026 #endif 2027 assert_page_locked(p); 2028 PAGE_FOR_EACH_TB(p, tb, n) { 2029 #ifdef TARGET_HAS_PRECISE_SMC 2030 if (current_tb == tb && 2031 (current_tb->cflags & CF_COUNT_MASK) != 1) { 2032 /* If we are modifying the current TB, we must stop 2033 its execution. We could be more precise by checking 2034 that the modification is after the current PC, but it 2035 would require a specialized function to partially 2036 restore the CPU state */ 2037 2038 current_tb_modified = 1; 2039 cpu_restore_state_from_tb(cpu, current_tb, pc, true); 2040 cpu_get_tb_cpu_state(env, ¤t_pc, ¤t_cs_base, 2041 ¤t_flags); 2042 } 2043 #endif /* TARGET_HAS_PRECISE_SMC */ 2044 tb_phys_invalidate(tb, addr); 2045 } 2046 p->first_tb = (uintptr_t)NULL; 2047 #ifdef TARGET_HAS_PRECISE_SMC 2048 if (current_tb_modified) { 2049 /* Force execution of one insn next time. */ 2050 cpu->cflags_next_tb = 1 | curr_cflags(); 2051 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps 2052 * back into the cpu_exec loop. */ 2053 return true; 2054 } 2055 #endif 2056 tb_unlock(); 2057 2058 return false; 2059 } 2060 #endif 2061 2062 #if !defined(CONFIG_USER_ONLY) 2063 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs) 2064 { 2065 ram_addr_t ram_addr; 2066 MemoryRegion *mr; 2067 hwaddr l = 1; 2068 2069 rcu_read_lock(); 2070 mr = address_space_translate(as, addr, &addr, &l, false, attrs); 2071 if (!(memory_region_is_ram(mr) 2072 || memory_region_is_romd(mr))) { 2073 rcu_read_unlock(); 2074 return; 2075 } 2076 ram_addr = memory_region_get_ram_addr(mr) + addr; 2077 tb_lock(); 2078 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0); 2079 tb_unlock(); 2080 rcu_read_unlock(); 2081 } 2082 #endif /* !defined(CONFIG_USER_ONLY) */ 2083 2084 /* Called with tb_lock held. */ 2085 void tb_check_watchpoint(CPUState *cpu) 2086 { 2087 TranslationBlock *tb; 2088 2089 tb = tcg_tb_lookup(cpu->mem_io_pc); 2090 if (tb) { 2091 /* We can use retranslation to find the PC. */ 2092 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc, true); 2093 tb_phys_invalidate(tb, -1); 2094 } else { 2095 /* The exception probably happened in a helper. The CPU state should 2096 have been saved before calling it. Fetch the PC from there. */ 2097 CPUArchState *env = cpu->env_ptr; 2098 target_ulong pc, cs_base; 2099 tb_page_addr_t addr; 2100 uint32_t flags; 2101 2102 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); 2103 addr = get_page_addr_code(env, pc); 2104 tb_invalidate_phys_range(addr, addr + 1); 2105 } 2106 } 2107 2108 #ifndef CONFIG_USER_ONLY 2109 /* in deterministic execution mode, instructions doing device I/Os 2110 * must be at the end of the TB. 2111 * 2112 * Called by softmmu_template.h, with iothread mutex not held. 2113 */ 2114 void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) 2115 { 2116 #if defined(TARGET_MIPS) || defined(TARGET_SH4) 2117 CPUArchState *env = cpu->env_ptr; 2118 #endif 2119 TranslationBlock *tb; 2120 uint32_t n; 2121 2122 tb_lock(); 2123 tb = tcg_tb_lookup(retaddr); 2124 if (!tb) { 2125 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p", 2126 (void *)retaddr); 2127 } 2128 cpu_restore_state_from_tb(cpu, tb, retaddr, true); 2129 2130 /* On MIPS and SH, delay slot instructions can only be restarted if 2131 they were already the first instruction in the TB. If this is not 2132 the first instruction in a TB then re-execute the preceding 2133 branch. */ 2134 n = 1; 2135 #if defined(TARGET_MIPS) 2136 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 2137 && env->active_tc.PC != tb->pc) { 2138 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4); 2139 cpu->icount_decr.u16.low++; 2140 env->hflags &= ~MIPS_HFLAG_BMASK; 2141 n = 2; 2142 } 2143 #elif defined(TARGET_SH4) 2144 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0 2145 && env->pc != tb->pc) { 2146 env->pc -= 2; 2147 cpu->icount_decr.u16.low++; 2148 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL); 2149 n = 2; 2150 } 2151 #endif 2152 2153 /* Generate a new TB executing the I/O insn. */ 2154 cpu->cflags_next_tb = curr_cflags() | CF_LAST_IO | n; 2155 2156 if (tb->cflags & CF_NOCACHE) { 2157 if (tb->orig_tb) { 2158 /* Invalidate original TB if this TB was generated in 2159 * cpu_exec_nocache() */ 2160 tb_phys_invalidate(tb->orig_tb, -1); 2161 } 2162 tcg_tb_remove(tb); 2163 } 2164 2165 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not 2166 * the first in the TB) then we end up generating a whole new TB and 2167 * repeating the fault, which is horribly inefficient. 2168 * Better would be to execute just this insn uncached, or generate a 2169 * second new TB. 2170 * 2171 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the 2172 * tb_lock gets reset. 2173 */ 2174 cpu_loop_exit_noexc(cpu); 2175 } 2176 2177 static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr) 2178 { 2179 unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr); 2180 2181 for (i = 0; i < TB_JMP_PAGE_SIZE; i++) { 2182 atomic_set(&cpu->tb_jmp_cache[i0 + i], NULL); 2183 } 2184 } 2185 2186 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr) 2187 { 2188 /* Discard jump cache entries for any tb which might potentially 2189 overlap the flushed page. */ 2190 tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE); 2191 tb_jmp_cache_clear_page(cpu, addr); 2192 } 2193 2194 static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf, 2195 struct qht_stats hst) 2196 { 2197 uint32_t hgram_opts; 2198 size_t hgram_bins; 2199 char *hgram; 2200 2201 if (!hst.head_buckets) { 2202 return; 2203 } 2204 cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n", 2205 hst.used_head_buckets, hst.head_buckets, 2206 (double)hst.used_head_buckets / hst.head_buckets * 100); 2207 2208 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS; 2209 hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT; 2210 if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) { 2211 hgram_opts |= QDIST_PR_NODECIMAL; 2212 } 2213 hgram = qdist_pr(&hst.occupancy, 10, hgram_opts); 2214 cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n", 2215 qdist_avg(&hst.occupancy) * 100, hgram); 2216 g_free(hgram); 2217 2218 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS; 2219 hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain); 2220 if (hgram_bins > 10) { 2221 hgram_bins = 10; 2222 } else { 2223 hgram_bins = 0; 2224 hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE; 2225 } 2226 hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts); 2227 cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n", 2228 qdist_avg(&hst.chain), hgram); 2229 g_free(hgram); 2230 } 2231 2232 struct tb_tree_stats { 2233 size_t nb_tbs; 2234 size_t host_size; 2235 size_t target_size; 2236 size_t max_target_size; 2237 size_t direct_jmp_count; 2238 size_t direct_jmp2_count; 2239 size_t cross_page; 2240 }; 2241 2242 static gboolean tb_tree_stats_iter(gpointer key, gpointer value, gpointer data) 2243 { 2244 const TranslationBlock *tb = value; 2245 struct tb_tree_stats *tst = data; 2246 2247 tst->nb_tbs++; 2248 tst->host_size += tb->tc.size; 2249 tst->target_size += tb->size; 2250 if (tb->size > tst->max_target_size) { 2251 tst->max_target_size = tb->size; 2252 } 2253 if (tb->page_addr[1] != -1) { 2254 tst->cross_page++; 2255 } 2256 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) { 2257 tst->direct_jmp_count++; 2258 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) { 2259 tst->direct_jmp2_count++; 2260 } 2261 } 2262 return false; 2263 } 2264 2265 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) 2266 { 2267 struct tb_tree_stats tst = {}; 2268 struct qht_stats hst; 2269 size_t nb_tbs; 2270 2271 tcg_tb_foreach(tb_tree_stats_iter, &tst); 2272 nb_tbs = tst.nb_tbs; 2273 /* XXX: avoid using doubles ? */ 2274 cpu_fprintf(f, "Translation buffer state:\n"); 2275 /* 2276 * Report total code size including the padding and TB structs; 2277 * otherwise users might think "-tb-size" is not honoured. 2278 * For avg host size we use the precise numbers from tb_tree_stats though. 2279 */ 2280 cpu_fprintf(f, "gen code size %zu/%zu\n", 2281 tcg_code_size(), tcg_code_capacity()); 2282 cpu_fprintf(f, "TB count %zu\n", nb_tbs); 2283 cpu_fprintf(f, "TB avg target size %zu max=%zu bytes\n", 2284 nb_tbs ? tst.target_size / nb_tbs : 0, 2285 tst.max_target_size); 2286 cpu_fprintf(f, "TB avg host size %zu bytes (expansion ratio: %0.1f)\n", 2287 nb_tbs ? tst.host_size / nb_tbs : 0, 2288 tst.target_size ? (double)tst.host_size / tst.target_size : 0); 2289 cpu_fprintf(f, "cross page TB count %zu (%zu%%)\n", tst.cross_page, 2290 nb_tbs ? (tst.cross_page * 100) / nb_tbs : 0); 2291 cpu_fprintf(f, "direct jump count %zu (%zu%%) (2 jumps=%zu %zu%%)\n", 2292 tst.direct_jmp_count, 2293 nb_tbs ? (tst.direct_jmp_count * 100) / nb_tbs : 0, 2294 tst.direct_jmp2_count, 2295 nb_tbs ? (tst.direct_jmp2_count * 100) / nb_tbs : 0); 2296 2297 qht_statistics_init(&tb_ctx.htable, &hst); 2298 print_qht_statistics(f, cpu_fprintf, hst); 2299 qht_statistics_destroy(&hst); 2300 2301 cpu_fprintf(f, "\nStatistics:\n"); 2302 cpu_fprintf(f, "TB flush count %u\n", 2303 atomic_read(&tb_ctx.tb_flush_count)); 2304 cpu_fprintf(f, "TB invalidate count %zu\n", tcg_tb_phys_invalidate_count()); 2305 cpu_fprintf(f, "TLB flush count %zu\n", tlb_flush_count()); 2306 tcg_dump_info(f, cpu_fprintf); 2307 } 2308 2309 void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf) 2310 { 2311 tcg_dump_op_count(f, cpu_fprintf); 2312 } 2313 2314 #else /* CONFIG_USER_ONLY */ 2315 2316 void cpu_interrupt(CPUState *cpu, int mask) 2317 { 2318 g_assert(qemu_mutex_iothread_locked()); 2319 cpu->interrupt_request |= mask; 2320 cpu->icount_decr.u16.high = -1; 2321 } 2322 2323 /* 2324 * Walks guest process memory "regions" one by one 2325 * and calls callback function 'fn' for each region. 2326 */ 2327 struct walk_memory_regions_data { 2328 walk_memory_regions_fn fn; 2329 void *priv; 2330 target_ulong start; 2331 int prot; 2332 }; 2333 2334 static int walk_memory_regions_end(struct walk_memory_regions_data *data, 2335 target_ulong end, int new_prot) 2336 { 2337 if (data->start != -1u) { 2338 int rc = data->fn(data->priv, data->start, end, data->prot); 2339 if (rc != 0) { 2340 return rc; 2341 } 2342 } 2343 2344 data->start = (new_prot ? end : -1u); 2345 data->prot = new_prot; 2346 2347 return 0; 2348 } 2349 2350 static int walk_memory_regions_1(struct walk_memory_regions_data *data, 2351 target_ulong base, int level, void **lp) 2352 { 2353 target_ulong pa; 2354 int i, rc; 2355 2356 if (*lp == NULL) { 2357 return walk_memory_regions_end(data, base, 0); 2358 } 2359 2360 if (level == 0) { 2361 PageDesc *pd = *lp; 2362 2363 for (i = 0; i < V_L2_SIZE; ++i) { 2364 int prot = pd[i].flags; 2365 2366 pa = base | (i << TARGET_PAGE_BITS); 2367 if (prot != data->prot) { 2368 rc = walk_memory_regions_end(data, pa, prot); 2369 if (rc != 0) { 2370 return rc; 2371 } 2372 } 2373 } 2374 } else { 2375 void **pp = *lp; 2376 2377 for (i = 0; i < V_L2_SIZE; ++i) { 2378 pa = base | ((target_ulong)i << 2379 (TARGET_PAGE_BITS + V_L2_BITS * level)); 2380 rc = walk_memory_regions_1(data, pa, level - 1, pp + i); 2381 if (rc != 0) { 2382 return rc; 2383 } 2384 } 2385 } 2386 2387 return 0; 2388 } 2389 2390 int walk_memory_regions(void *priv, walk_memory_regions_fn fn) 2391 { 2392 struct walk_memory_regions_data data; 2393 uintptr_t i, l1_sz = v_l1_size; 2394 2395 data.fn = fn; 2396 data.priv = priv; 2397 data.start = -1u; 2398 data.prot = 0; 2399 2400 for (i = 0; i < l1_sz; i++) { 2401 target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS); 2402 int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i); 2403 if (rc != 0) { 2404 return rc; 2405 } 2406 } 2407 2408 return walk_memory_regions_end(&data, 0, 0); 2409 } 2410 2411 static int dump_region(void *priv, target_ulong start, 2412 target_ulong end, unsigned long prot) 2413 { 2414 FILE *f = (FILE *)priv; 2415 2416 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx 2417 " "TARGET_FMT_lx" %c%c%c\n", 2418 start, end, end - start, 2419 ((prot & PAGE_READ) ? 'r' : '-'), 2420 ((prot & PAGE_WRITE) ? 'w' : '-'), 2421 ((prot & PAGE_EXEC) ? 'x' : '-')); 2422 2423 return 0; 2424 } 2425 2426 /* dump memory mappings */ 2427 void page_dump(FILE *f) 2428 { 2429 const int length = sizeof(target_ulong) * 2; 2430 (void) fprintf(f, "%-*s %-*s %-*s %s\n", 2431 length, "start", length, "end", length, "size", "prot"); 2432 walk_memory_regions(f, dump_region); 2433 } 2434 2435 int page_get_flags(target_ulong address) 2436 { 2437 PageDesc *p; 2438 2439 p = page_find(address >> TARGET_PAGE_BITS); 2440 if (!p) { 2441 return 0; 2442 } 2443 return p->flags; 2444 } 2445 2446 /* Modify the flags of a page and invalidate the code if necessary. 2447 The flag PAGE_WRITE_ORG is positioned automatically depending 2448 on PAGE_WRITE. The mmap_lock should already be held. */ 2449 void page_set_flags(target_ulong start, target_ulong end, int flags) 2450 { 2451 target_ulong addr, len; 2452 2453 /* This function should never be called with addresses outside the 2454 guest address space. If this assert fires, it probably indicates 2455 a missing call to h2g_valid. */ 2456 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS 2457 assert(end <= ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); 2458 #endif 2459 assert(start < end); 2460 assert_memory_lock(); 2461 2462 start = start & TARGET_PAGE_MASK; 2463 end = TARGET_PAGE_ALIGN(end); 2464 2465 if (flags & PAGE_WRITE) { 2466 flags |= PAGE_WRITE_ORG; 2467 } 2468 2469 for (addr = start, len = end - start; 2470 len != 0; 2471 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) { 2472 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1); 2473 2474 /* If the write protection bit is set, then we invalidate 2475 the code inside. */ 2476 if (!(p->flags & PAGE_WRITE) && 2477 (flags & PAGE_WRITE) && 2478 p->first_tb) { 2479 tb_invalidate_phys_page(addr, 0); 2480 } 2481 p->flags = flags; 2482 } 2483 } 2484 2485 int page_check_range(target_ulong start, target_ulong len, int flags) 2486 { 2487 PageDesc *p; 2488 target_ulong end; 2489 target_ulong addr; 2490 2491 /* This function should never be called with addresses outside the 2492 guest address space. If this assert fires, it probably indicates 2493 a missing call to h2g_valid. */ 2494 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS 2495 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)); 2496 #endif 2497 2498 if (len == 0) { 2499 return 0; 2500 } 2501 if (start + len - 1 < start) { 2502 /* We've wrapped around. */ 2503 return -1; 2504 } 2505 2506 /* must do before we loose bits in the next step */ 2507 end = TARGET_PAGE_ALIGN(start + len); 2508 start = start & TARGET_PAGE_MASK; 2509 2510 for (addr = start, len = end - start; 2511 len != 0; 2512 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) { 2513 p = page_find(addr >> TARGET_PAGE_BITS); 2514 if (!p) { 2515 return -1; 2516 } 2517 if (!(p->flags & PAGE_VALID)) { 2518 return -1; 2519 } 2520 2521 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) { 2522 return -1; 2523 } 2524 if (flags & PAGE_WRITE) { 2525 if (!(p->flags & PAGE_WRITE_ORG)) { 2526 return -1; 2527 } 2528 /* unprotect the page if it was put read-only because it 2529 contains translated code */ 2530 if (!(p->flags & PAGE_WRITE)) { 2531 if (!page_unprotect(addr, 0)) { 2532 return -1; 2533 } 2534 } 2535 } 2536 } 2537 return 0; 2538 } 2539 2540 /* called from signal handler: invalidate the code and unprotect the 2541 * page. Return 0 if the fault was not handled, 1 if it was handled, 2542 * and 2 if it was handled but the caller must cause the TB to be 2543 * immediately exited. (We can only return 2 if the 'pc' argument is 2544 * non-zero.) 2545 */ 2546 int page_unprotect(target_ulong address, uintptr_t pc) 2547 { 2548 unsigned int prot; 2549 bool current_tb_invalidated; 2550 PageDesc *p; 2551 target_ulong host_start, host_end, addr; 2552 2553 /* Technically this isn't safe inside a signal handler. However we 2554 know this only ever happens in a synchronous SEGV handler, so in 2555 practice it seems to be ok. */ 2556 mmap_lock(); 2557 2558 p = page_find(address >> TARGET_PAGE_BITS); 2559 if (!p) { 2560 mmap_unlock(); 2561 return 0; 2562 } 2563 2564 /* if the page was really writable, then we change its 2565 protection back to writable */ 2566 if (p->flags & PAGE_WRITE_ORG) { 2567 current_tb_invalidated = false; 2568 if (p->flags & PAGE_WRITE) { 2569 /* If the page is actually marked WRITE then assume this is because 2570 * this thread raced with another one which got here first and 2571 * set the page to PAGE_WRITE and did the TB invalidate for us. 2572 */ 2573 #ifdef TARGET_HAS_PRECISE_SMC 2574 TranslationBlock *current_tb = tcg_tb_lookup(pc); 2575 if (current_tb) { 2576 current_tb_invalidated = tb_cflags(current_tb) & CF_INVALID; 2577 } 2578 #endif 2579 } else { 2580 host_start = address & qemu_host_page_mask; 2581 host_end = host_start + qemu_host_page_size; 2582 2583 prot = 0; 2584 for (addr = host_start; addr < host_end; addr += TARGET_PAGE_SIZE) { 2585 p = page_find(addr >> TARGET_PAGE_BITS); 2586 p->flags |= PAGE_WRITE; 2587 prot |= p->flags; 2588 2589 /* and since the content will be modified, we must invalidate 2590 the corresponding translated code. */ 2591 current_tb_invalidated |= tb_invalidate_phys_page(addr, pc); 2592 #ifdef CONFIG_USER_ONLY 2593 if (DEBUG_TB_CHECK_GATE) { 2594 tb_invalidate_check(addr); 2595 } 2596 #endif 2597 } 2598 mprotect((void *)g2h(host_start), qemu_host_page_size, 2599 prot & PAGE_BITS); 2600 } 2601 mmap_unlock(); 2602 /* If current TB was invalidated return to main loop */ 2603 return current_tb_invalidated ? 2 : 1; 2604 } 2605 mmap_unlock(); 2606 return 0; 2607 } 2608 #endif /* CONFIG_USER_ONLY */ 2609 2610 /* This is a wrapper for common code that can not use CONFIG_SOFTMMU */ 2611 void tcg_flush_softmmu_tlb(CPUState *cs) 2612 { 2613 #ifdef CONFIG_SOFTMMU 2614 tlb_flush(cs); 2615 #endif 2616 } 2617