1 /* 2 * Physical memory management API 3 * 4 * Copyright 2011 Red Hat, Inc. and/or its affiliates 5 * 6 * Authors: 7 * Avi Kivity <avi@redhat.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2. See 10 * the COPYING file in the top-level directory. 11 * 12 */ 13 14 #ifndef MEMORY_H 15 #define MEMORY_H 16 17 #ifndef CONFIG_USER_ONLY 18 19 #include "exec/cpu-common.h" 20 #ifndef CONFIG_USER_ONLY 21 #include "exec/hwaddr.h" 22 #endif 23 #include "exec/memattrs.h" 24 #include "exec/ramlist.h" 25 #include "qemu/queue.h" 26 #include "qemu/int128.h" 27 #include "qemu/notify.h" 28 #include "qom/object.h" 29 #include "qemu/rcu.h" 30 31 #define RAM_ADDR_INVALID (~(ram_addr_t)0) 32 33 #define MAX_PHYS_ADDR_SPACE_BITS 62 34 #define MAX_PHYS_ADDR (((hwaddr)1 << MAX_PHYS_ADDR_SPACE_BITS) - 1) 35 36 #define TYPE_MEMORY_REGION "qemu:memory-region" 37 #define MEMORY_REGION(obj) \ 38 OBJECT_CHECK(MemoryRegion, (obj), TYPE_MEMORY_REGION) 39 40 typedef struct MemoryRegionOps MemoryRegionOps; 41 typedef struct MemoryRegionMmio MemoryRegionMmio; 42 43 struct MemoryRegionMmio { 44 CPUReadMemoryFunc *read[3]; 45 CPUWriteMemoryFunc *write[3]; 46 }; 47 48 typedef struct IOMMUTLBEntry IOMMUTLBEntry; 49 50 /* See address_space_translate: bit 0 is read, bit 1 is write. */ 51 typedef enum { 52 IOMMU_NONE = 0, 53 IOMMU_RO = 1, 54 IOMMU_WO = 2, 55 IOMMU_RW = 3, 56 } IOMMUAccessFlags; 57 58 struct IOMMUTLBEntry { 59 AddressSpace *target_as; 60 hwaddr iova; 61 hwaddr translated_addr; 62 hwaddr addr_mask; /* 0xfff = 4k translation */ 63 IOMMUAccessFlags perm; 64 }; 65 66 /* 67 * Bitmap for different IOMMUNotifier capabilities. Each notifier can 68 * register with one or multiple IOMMU Notifier capability bit(s). 69 */ 70 typedef enum { 71 IOMMU_NOTIFIER_NONE = 0, 72 /* Notify cache invalidations */ 73 IOMMU_NOTIFIER_UNMAP = 0x1, 74 /* Notify entry changes (newly created entries) */ 75 IOMMU_NOTIFIER_MAP = 0x2, 76 } IOMMUNotifierFlag; 77 78 #define IOMMU_NOTIFIER_ALL (IOMMU_NOTIFIER_MAP | IOMMU_NOTIFIER_UNMAP) 79 80 struct IOMMUNotifier { 81 void (*notify)(struct IOMMUNotifier *notifier, IOMMUTLBEntry *data); 82 IOMMUNotifierFlag notifier_flags; 83 QLIST_ENTRY(IOMMUNotifier) node; 84 }; 85 typedef struct IOMMUNotifier IOMMUNotifier; 86 87 /* New-style MMIO accessors can indicate that the transaction failed. 88 * A zero (MEMTX_OK) response means success; anything else is a failure 89 * of some kind. The memory subsystem will bitwise-OR together results 90 * if it is synthesizing an operation from multiple smaller accesses. 91 */ 92 #define MEMTX_OK 0 93 #define MEMTX_ERROR (1U << 0) /* device returned an error */ 94 #define MEMTX_DECODE_ERROR (1U << 1) /* nothing at that address */ 95 typedef uint32_t MemTxResult; 96 97 /* 98 * Memory region callbacks 99 */ 100 struct MemoryRegionOps { 101 /* Read from the memory region. @addr is relative to @mr; @size is 102 * in bytes. */ 103 uint64_t (*read)(void *opaque, 104 hwaddr addr, 105 unsigned size); 106 /* Write to the memory region. @addr is relative to @mr; @size is 107 * in bytes. */ 108 void (*write)(void *opaque, 109 hwaddr addr, 110 uint64_t data, 111 unsigned size); 112 113 MemTxResult (*read_with_attrs)(void *opaque, 114 hwaddr addr, 115 uint64_t *data, 116 unsigned size, 117 MemTxAttrs attrs); 118 MemTxResult (*write_with_attrs)(void *opaque, 119 hwaddr addr, 120 uint64_t data, 121 unsigned size, 122 MemTxAttrs attrs); 123 124 enum device_endian endianness; 125 /* Guest-visible constraints: */ 126 struct { 127 /* If nonzero, specify bounds on access sizes beyond which a machine 128 * check is thrown. 129 */ 130 unsigned min_access_size; 131 unsigned max_access_size; 132 /* If true, unaligned accesses are supported. Otherwise unaligned 133 * accesses throw machine checks. 134 */ 135 bool unaligned; 136 /* 137 * If present, and returns #false, the transaction is not accepted 138 * by the device (and results in machine dependent behaviour such 139 * as a machine check exception). 140 */ 141 bool (*accepts)(void *opaque, hwaddr addr, 142 unsigned size, bool is_write); 143 } valid; 144 /* Internal implementation constraints: */ 145 struct { 146 /* If nonzero, specifies the minimum size implemented. Smaller sizes 147 * will be rounded upwards and a partial result will be returned. 148 */ 149 unsigned min_access_size; 150 /* If nonzero, specifies the maximum size implemented. Larger sizes 151 * will be done as a series of accesses with smaller sizes. 152 */ 153 unsigned max_access_size; 154 /* If true, unaligned accesses are supported. Otherwise all accesses 155 * are converted to (possibly multiple) naturally aligned accesses. 156 */ 157 bool unaligned; 158 } impl; 159 160 /* If .read and .write are not present, old_mmio may be used for 161 * backwards compatibility with old mmio registration 162 */ 163 const MemoryRegionMmio old_mmio; 164 }; 165 166 typedef struct MemoryRegionIOMMUOps MemoryRegionIOMMUOps; 167 168 struct MemoryRegionIOMMUOps { 169 /* Return a TLB entry that contains a given address. */ 170 IOMMUTLBEntry (*translate)(MemoryRegion *iommu, hwaddr addr, bool is_write); 171 /* Returns minimum supported page size */ 172 uint64_t (*get_min_page_size)(MemoryRegion *iommu); 173 /* Called when IOMMU Notifier flag changed */ 174 void (*notify_flag_changed)(MemoryRegion *iommu, 175 IOMMUNotifierFlag old_flags, 176 IOMMUNotifierFlag new_flags); 177 }; 178 179 typedef struct CoalescedMemoryRange CoalescedMemoryRange; 180 typedef struct MemoryRegionIoeventfd MemoryRegionIoeventfd; 181 182 struct MemoryRegion { 183 Object parent_obj; 184 185 /* All fields are private - violators will be prosecuted */ 186 187 /* The following fields should fit in a cache line */ 188 bool romd_mode; 189 bool ram; 190 bool subpage; 191 bool readonly; /* For RAM regions */ 192 bool rom_device; 193 bool flush_coalesced_mmio; 194 bool global_locking; 195 uint8_t dirty_log_mask; 196 RAMBlock *ram_block; 197 Object *owner; 198 const MemoryRegionIOMMUOps *iommu_ops; 199 200 const MemoryRegionOps *ops; 201 void *opaque; 202 MemoryRegion *container; 203 Int128 size; 204 hwaddr addr; 205 void (*destructor)(MemoryRegion *mr); 206 uint64_t align; 207 bool terminates; 208 bool ram_device; 209 bool enabled; 210 bool warning_printed; /* For reservations */ 211 uint8_t vga_logging_count; 212 MemoryRegion *alias; 213 hwaddr alias_offset; 214 int32_t priority; 215 QTAILQ_HEAD(subregions, MemoryRegion) subregions; 216 QTAILQ_ENTRY(MemoryRegion) subregions_link; 217 QTAILQ_HEAD(coalesced_ranges, CoalescedMemoryRange) coalesced; 218 const char *name; 219 unsigned ioeventfd_nb; 220 MemoryRegionIoeventfd *ioeventfds; 221 QLIST_HEAD(, IOMMUNotifier) iommu_notify; 222 IOMMUNotifierFlag iommu_notify_flags; 223 }; 224 225 /** 226 * MemoryListener: callbacks structure for updates to the physical memory map 227 * 228 * Allows a component to adjust to changes in the guest-visible memory map. 229 * Use with memory_listener_register() and memory_listener_unregister(). 230 */ 231 struct MemoryListener { 232 void (*begin)(MemoryListener *listener); 233 void (*commit)(MemoryListener *listener); 234 void (*region_add)(MemoryListener *listener, MemoryRegionSection *section); 235 void (*region_del)(MemoryListener *listener, MemoryRegionSection *section); 236 void (*region_nop)(MemoryListener *listener, MemoryRegionSection *section); 237 void (*log_start)(MemoryListener *listener, MemoryRegionSection *section, 238 int old, int new); 239 void (*log_stop)(MemoryListener *listener, MemoryRegionSection *section, 240 int old, int new); 241 void (*log_sync)(MemoryListener *listener, MemoryRegionSection *section); 242 void (*log_global_start)(MemoryListener *listener); 243 void (*log_global_stop)(MemoryListener *listener); 244 void (*eventfd_add)(MemoryListener *listener, MemoryRegionSection *section, 245 bool match_data, uint64_t data, EventNotifier *e); 246 void (*eventfd_del)(MemoryListener *listener, MemoryRegionSection *section, 247 bool match_data, uint64_t data, EventNotifier *e); 248 void (*coalesced_mmio_add)(MemoryListener *listener, MemoryRegionSection *section, 249 hwaddr addr, hwaddr len); 250 void (*coalesced_mmio_del)(MemoryListener *listener, MemoryRegionSection *section, 251 hwaddr addr, hwaddr len); 252 /* Lower = earlier (during add), later (during del) */ 253 unsigned priority; 254 AddressSpace *address_space; 255 QTAILQ_ENTRY(MemoryListener) link; 256 QTAILQ_ENTRY(MemoryListener) link_as; 257 }; 258 259 /** 260 * AddressSpace: describes a mapping of addresses to #MemoryRegion objects 261 */ 262 struct AddressSpace { 263 /* All fields are private. */ 264 struct rcu_head rcu; 265 char *name; 266 MemoryRegion *root; 267 int ref_count; 268 bool malloced; 269 270 /* Accessed via RCU. */ 271 struct FlatView *current_map; 272 273 int ioeventfd_nb; 274 struct MemoryRegionIoeventfd *ioeventfds; 275 struct AddressSpaceDispatch *dispatch; 276 struct AddressSpaceDispatch *next_dispatch; 277 MemoryListener dispatch_listener; 278 QTAILQ_HEAD(memory_listeners_as, MemoryListener) listeners; 279 QTAILQ_ENTRY(AddressSpace) address_spaces_link; 280 }; 281 282 /** 283 * MemoryRegionSection: describes a fragment of a #MemoryRegion 284 * 285 * @mr: the region, or %NULL if empty 286 * @address_space: the address space the region is mapped in 287 * @offset_within_region: the beginning of the section, relative to @mr's start 288 * @size: the size of the section; will not exceed @mr's boundaries 289 * @offset_within_address_space: the address of the first byte of the section 290 * relative to the region's address space 291 * @readonly: writes to this section are ignored 292 */ 293 struct MemoryRegionSection { 294 MemoryRegion *mr; 295 AddressSpace *address_space; 296 hwaddr offset_within_region; 297 Int128 size; 298 hwaddr offset_within_address_space; 299 bool readonly; 300 }; 301 302 /** 303 * memory_region_init: Initialize a memory region 304 * 305 * The region typically acts as a container for other memory regions. Use 306 * memory_region_add_subregion() to add subregions. 307 * 308 * @mr: the #MemoryRegion to be initialized 309 * @owner: the object that tracks the region's reference count 310 * @name: used for debugging; not visible to the user or ABI 311 * @size: size of the region; any subregions beyond this size will be clipped 312 */ 313 void memory_region_init(MemoryRegion *mr, 314 struct Object *owner, 315 const char *name, 316 uint64_t size); 317 318 /** 319 * memory_region_ref: Add 1 to a memory region's reference count 320 * 321 * Whenever memory regions are accessed outside the BQL, they need to be 322 * preserved against hot-unplug. MemoryRegions actually do not have their 323 * own reference count; they piggyback on a QOM object, their "owner". 324 * This function adds a reference to the owner. 325 * 326 * All MemoryRegions must have an owner if they can disappear, even if the 327 * device they belong to operates exclusively under the BQL. This is because 328 * the region could be returned at any time by memory_region_find, and this 329 * is usually under guest control. 330 * 331 * @mr: the #MemoryRegion 332 */ 333 void memory_region_ref(MemoryRegion *mr); 334 335 /** 336 * memory_region_unref: Remove 1 to a memory region's reference count 337 * 338 * Whenever memory regions are accessed outside the BQL, they need to be 339 * preserved against hot-unplug. MemoryRegions actually do not have their 340 * own reference count; they piggyback on a QOM object, their "owner". 341 * This function removes a reference to the owner and possibly destroys it. 342 * 343 * @mr: the #MemoryRegion 344 */ 345 void memory_region_unref(MemoryRegion *mr); 346 347 /** 348 * memory_region_init_io: Initialize an I/O memory region. 349 * 350 * Accesses into the region will cause the callbacks in @ops to be called. 351 * if @size is nonzero, subregions will be clipped to @size. 352 * 353 * @mr: the #MemoryRegion to be initialized. 354 * @owner: the object that tracks the region's reference count 355 * @ops: a structure containing read and write callbacks to be used when 356 * I/O is performed on the region. 357 * @opaque: passed to the read and write callbacks of the @ops structure. 358 * @name: used for debugging; not visible to the user or ABI 359 * @size: size of the region. 360 */ 361 void memory_region_init_io(MemoryRegion *mr, 362 struct Object *owner, 363 const MemoryRegionOps *ops, 364 void *opaque, 365 const char *name, 366 uint64_t size); 367 368 /** 369 * memory_region_init_ram: Initialize RAM memory region. Accesses into the 370 * region will modify memory directly. 371 * 372 * @mr: the #MemoryRegion to be initialized. 373 * @owner: the object that tracks the region's reference count 374 * @name: Region name, becomes part of RAMBlock name used in migration stream 375 * must be unique within any device 376 * @size: size of the region. 377 * @errp: pointer to Error*, to store an error if it happens. 378 */ 379 void memory_region_init_ram(MemoryRegion *mr, 380 struct Object *owner, 381 const char *name, 382 uint64_t size, 383 Error **errp); 384 385 /** 386 * memory_region_init_resizeable_ram: Initialize memory region with resizeable 387 * RAM. Accesses into the region will 388 * modify memory directly. Only an initial 389 * portion of this RAM is actually used. 390 * The used size can change across reboots. 391 * 392 * @mr: the #MemoryRegion to be initialized. 393 * @owner: the object that tracks the region's reference count 394 * @name: Region name, becomes part of RAMBlock name used in migration stream 395 * must be unique within any device 396 * @size: used size of the region. 397 * @max_size: max size of the region. 398 * @resized: callback to notify owner about used size change. 399 * @errp: pointer to Error*, to store an error if it happens. 400 */ 401 void memory_region_init_resizeable_ram(MemoryRegion *mr, 402 struct Object *owner, 403 const char *name, 404 uint64_t size, 405 uint64_t max_size, 406 void (*resized)(const char*, 407 uint64_t length, 408 void *host), 409 Error **errp); 410 #ifdef __linux__ 411 /** 412 * memory_region_init_ram_from_file: Initialize RAM memory region with a 413 * mmap-ed backend. 414 * 415 * @mr: the #MemoryRegion to be initialized. 416 * @owner: the object that tracks the region's reference count 417 * @name: Region name, becomes part of RAMBlock name used in migration stream 418 * must be unique within any device 419 * @size: size of the region. 420 * @share: %true if memory must be mmaped with the MAP_SHARED flag 421 * @path: the path in which to allocate the RAM. 422 * @errp: pointer to Error*, to store an error if it happens. 423 */ 424 void memory_region_init_ram_from_file(MemoryRegion *mr, 425 struct Object *owner, 426 const char *name, 427 uint64_t size, 428 bool share, 429 const char *path, 430 Error **errp); 431 #endif 432 433 /** 434 * memory_region_init_ram_ptr: Initialize RAM memory region from a 435 * user-provided pointer. Accesses into the 436 * region will modify memory directly. 437 * 438 * @mr: the #MemoryRegion to be initialized. 439 * @owner: the object that tracks the region's reference count 440 * @name: Region name, becomes part of RAMBlock name used in migration stream 441 * must be unique within any device 442 * @size: size of the region. 443 * @ptr: memory to be mapped; must contain at least @size bytes. 444 */ 445 void memory_region_init_ram_ptr(MemoryRegion *mr, 446 struct Object *owner, 447 const char *name, 448 uint64_t size, 449 void *ptr); 450 451 /** 452 * memory_region_init_ram_device_ptr: Initialize RAM device memory region from 453 * a user-provided pointer. 454 * 455 * A RAM device represents a mapping to a physical device, such as to a PCI 456 * MMIO BAR of an vfio-pci assigned device. The memory region may be mapped 457 * into the VM address space and access to the region will modify memory 458 * directly. However, the memory region should not be included in a memory 459 * dump (device may not be enabled/mapped at the time of the dump), and 460 * operations incompatible with manipulating MMIO should be avoided. Replaces 461 * skip_dump flag. 462 * 463 * @mr: the #MemoryRegion to be initialized. 464 * @owner: the object that tracks the region's reference count 465 * @name: the name of the region. 466 * @size: size of the region. 467 * @ptr: memory to be mapped; must contain at least @size bytes. 468 */ 469 void memory_region_init_ram_device_ptr(MemoryRegion *mr, 470 struct Object *owner, 471 const char *name, 472 uint64_t size, 473 void *ptr); 474 475 /** 476 * memory_region_init_alias: Initialize a memory region that aliases all or a 477 * part of another memory region. 478 * 479 * @mr: the #MemoryRegion to be initialized. 480 * @owner: the object that tracks the region's reference count 481 * @name: used for debugging; not visible to the user or ABI 482 * @orig: the region to be referenced; @mr will be equivalent to 483 * @orig between @offset and @offset + @size - 1. 484 * @offset: start of the section in @orig to be referenced. 485 * @size: size of the region. 486 */ 487 void memory_region_init_alias(MemoryRegion *mr, 488 struct Object *owner, 489 const char *name, 490 MemoryRegion *orig, 491 hwaddr offset, 492 uint64_t size); 493 494 /** 495 * memory_region_init_rom: Initialize a ROM memory region. 496 * 497 * This has the same effect as calling memory_region_init_ram() 498 * and then marking the resulting region read-only with 499 * memory_region_set_readonly(). 500 * 501 * @mr: the #MemoryRegion to be initialized. 502 * @owner: the object that tracks the region's reference count 503 * @name: Region name, becomes part of RAMBlock name used in migration stream 504 * must be unique within any device 505 * @size: size of the region. 506 * @errp: pointer to Error*, to store an error if it happens. 507 */ 508 void memory_region_init_rom(MemoryRegion *mr, 509 struct Object *owner, 510 const char *name, 511 uint64_t size, 512 Error **errp); 513 514 /** 515 * memory_region_init_rom_device: Initialize a ROM memory region. Writes are 516 * handled via callbacks. 517 * 518 * @mr: the #MemoryRegion to be initialized. 519 * @owner: the object that tracks the region's reference count 520 * @ops: callbacks for write access handling (must not be NULL). 521 * @name: Region name, becomes part of RAMBlock name used in migration stream 522 * must be unique within any device 523 * @size: size of the region. 524 * @errp: pointer to Error*, to store an error if it happens. 525 */ 526 void memory_region_init_rom_device(MemoryRegion *mr, 527 struct Object *owner, 528 const MemoryRegionOps *ops, 529 void *opaque, 530 const char *name, 531 uint64_t size, 532 Error **errp); 533 534 /** 535 * memory_region_init_reservation: Initialize a memory region that reserves 536 * I/O space. 537 * 538 * A reservation region primariy serves debugging purposes. It claims I/O 539 * space that is not supposed to be handled by QEMU itself. Any access via 540 * the memory API will cause an abort(). 541 * This function is deprecated. Use memory_region_init_io() with NULL 542 * callbacks instead. 543 * 544 * @mr: the #MemoryRegion to be initialized 545 * @owner: the object that tracks the region's reference count 546 * @name: used for debugging; not visible to the user or ABI 547 * @size: size of the region. 548 */ 549 static inline void memory_region_init_reservation(MemoryRegion *mr, 550 Object *owner, 551 const char *name, 552 uint64_t size) 553 { 554 memory_region_init_io(mr, owner, NULL, mr, name, size); 555 } 556 557 /** 558 * memory_region_init_iommu: Initialize a memory region that translates 559 * addresses 560 * 561 * An IOMMU region translates addresses and forwards accesses to a target 562 * memory region. 563 * 564 * @mr: the #MemoryRegion to be initialized 565 * @owner: the object that tracks the region's reference count 566 * @ops: a function that translates addresses into the @target region 567 * @name: used for debugging; not visible to the user or ABI 568 * @size: size of the region. 569 */ 570 void memory_region_init_iommu(MemoryRegion *mr, 571 struct Object *owner, 572 const MemoryRegionIOMMUOps *ops, 573 const char *name, 574 uint64_t size); 575 576 /** 577 * memory_region_owner: get a memory region's owner. 578 * 579 * @mr: the memory region being queried. 580 */ 581 struct Object *memory_region_owner(MemoryRegion *mr); 582 583 /** 584 * memory_region_size: get a memory region's size. 585 * 586 * @mr: the memory region being queried. 587 */ 588 uint64_t memory_region_size(MemoryRegion *mr); 589 590 /** 591 * memory_region_is_ram: check whether a memory region is random access 592 * 593 * Returns %true is a memory region is random access. 594 * 595 * @mr: the memory region being queried 596 */ 597 static inline bool memory_region_is_ram(MemoryRegion *mr) 598 { 599 return mr->ram; 600 } 601 602 /** 603 * memory_region_is_ram_device: check whether a memory region is a ram device 604 * 605 * Returns %true is a memory region is a device backed ram region 606 * 607 * @mr: the memory region being queried 608 */ 609 bool memory_region_is_ram_device(MemoryRegion *mr); 610 611 /** 612 * memory_region_is_romd: check whether a memory region is in ROMD mode 613 * 614 * Returns %true if a memory region is a ROM device and currently set to allow 615 * direct reads. 616 * 617 * @mr: the memory region being queried 618 */ 619 static inline bool memory_region_is_romd(MemoryRegion *mr) 620 { 621 return mr->rom_device && mr->romd_mode; 622 } 623 624 /** 625 * memory_region_is_iommu: check whether a memory region is an iommu 626 * 627 * Returns %true is a memory region is an iommu. 628 * 629 * @mr: the memory region being queried 630 */ 631 static inline bool memory_region_is_iommu(MemoryRegion *mr) 632 { 633 if (mr->alias) { 634 return memory_region_is_iommu(mr->alias); 635 } 636 return mr->iommu_ops; 637 } 638 639 640 /** 641 * memory_region_iommu_get_min_page_size: get minimum supported page size 642 * for an iommu 643 * 644 * Returns minimum supported page size for an iommu. 645 * 646 * @mr: the memory region being queried 647 */ 648 uint64_t memory_region_iommu_get_min_page_size(MemoryRegion *mr); 649 650 /** 651 * memory_region_notify_iommu: notify a change in an IOMMU translation entry. 652 * 653 * The notification type will be decided by entry.perm bits: 654 * 655 * - For UNMAP (cache invalidation) notifies: set entry.perm to IOMMU_NONE. 656 * - For MAP (newly added entry) notifies: set entry.perm to the 657 * permission of the page (which is definitely !IOMMU_NONE). 658 * 659 * Note: for any IOMMU implementation, an in-place mapping change 660 * should be notified with an UNMAP followed by a MAP. 661 * 662 * @mr: the memory region that was changed 663 * @entry: the new entry in the IOMMU translation table. The entry 664 * replaces all old entries for the same virtual I/O address range. 665 * Deleted entries have .@perm == 0. 666 */ 667 void memory_region_notify_iommu(MemoryRegion *mr, 668 IOMMUTLBEntry entry); 669 670 /** 671 * memory_region_register_iommu_notifier: register a notifier for changes to 672 * IOMMU translation entries. 673 * 674 * @mr: the memory region to observe 675 * @n: the IOMMUNotifier to be added; the notify callback receives a 676 * pointer to an #IOMMUTLBEntry as the opaque value; the pointer 677 * ceases to be valid on exit from the notifier. 678 */ 679 void memory_region_register_iommu_notifier(MemoryRegion *mr, 680 IOMMUNotifier *n); 681 682 /** 683 * memory_region_iommu_replay: replay existing IOMMU translations to 684 * a notifier with the minimum page granularity returned by 685 * mr->iommu_ops->get_page_size(). 686 * 687 * @mr: the memory region to observe 688 * @n: the notifier to which to replay iommu mappings 689 * @is_write: Whether to treat the replay as a translate "write" 690 * through the iommu 691 */ 692 void memory_region_iommu_replay(MemoryRegion *mr, IOMMUNotifier *n, 693 bool is_write); 694 695 /** 696 * memory_region_unregister_iommu_notifier: unregister a notifier for 697 * changes to IOMMU translation entries. 698 * 699 * @mr: the memory region which was observed and for which notity_stopped() 700 * needs to be called 701 * @n: the notifier to be removed. 702 */ 703 void memory_region_unregister_iommu_notifier(MemoryRegion *mr, 704 IOMMUNotifier *n); 705 706 /** 707 * memory_region_name: get a memory region's name 708 * 709 * Returns the string that was used to initialize the memory region. 710 * 711 * @mr: the memory region being queried 712 */ 713 const char *memory_region_name(const MemoryRegion *mr); 714 715 /** 716 * memory_region_is_logging: return whether a memory region is logging writes 717 * 718 * Returns %true if the memory region is logging writes for the given client 719 * 720 * @mr: the memory region being queried 721 * @client: the client being queried 722 */ 723 bool memory_region_is_logging(MemoryRegion *mr, uint8_t client); 724 725 /** 726 * memory_region_get_dirty_log_mask: return the clients for which a 727 * memory region is logging writes. 728 * 729 * Returns a bitmap of clients, in which the DIRTY_MEMORY_* constants 730 * are the bit indices. 731 * 732 * @mr: the memory region being queried 733 */ 734 uint8_t memory_region_get_dirty_log_mask(MemoryRegion *mr); 735 736 /** 737 * memory_region_is_rom: check whether a memory region is ROM 738 * 739 * Returns %true is a memory region is read-only memory. 740 * 741 * @mr: the memory region being queried 742 */ 743 static inline bool memory_region_is_rom(MemoryRegion *mr) 744 { 745 return mr->ram && mr->readonly; 746 } 747 748 749 /** 750 * memory_region_get_fd: Get a file descriptor backing a RAM memory region. 751 * 752 * Returns a file descriptor backing a file-based RAM memory region, 753 * or -1 if the region is not a file-based RAM memory region. 754 * 755 * @mr: the RAM or alias memory region being queried. 756 */ 757 int memory_region_get_fd(MemoryRegion *mr); 758 759 /** 760 * memory_region_set_fd: Mark a RAM memory region as backed by a 761 * file descriptor. 762 * 763 * This function is typically used after memory_region_init_ram_ptr(). 764 * 765 * @mr: the memory region being queried. 766 * @fd: the file descriptor that backs @mr. 767 */ 768 void memory_region_set_fd(MemoryRegion *mr, int fd); 769 770 /** 771 * memory_region_from_host: Convert a pointer into a RAM memory region 772 * and an offset within it. 773 * 774 * Given a host pointer inside a RAM memory region (created with 775 * memory_region_init_ram() or memory_region_init_ram_ptr()), return 776 * the MemoryRegion and the offset within it. 777 * 778 * Use with care; by the time this function returns, the returned pointer is 779 * not protected by RCU anymore. If the caller is not within an RCU critical 780 * section and does not hold the iothread lock, it must have other means of 781 * protecting the pointer, such as a reference to the region that includes 782 * the incoming ram_addr_t. 783 * 784 * @mr: the memory region being queried. 785 */ 786 MemoryRegion *memory_region_from_host(void *ptr, ram_addr_t *offset); 787 788 /** 789 * memory_region_get_ram_ptr: Get a pointer into a RAM memory region. 790 * 791 * Returns a host pointer to a RAM memory region (created with 792 * memory_region_init_ram() or memory_region_init_ram_ptr()). 793 * 794 * Use with care; by the time this function returns, the returned pointer is 795 * not protected by RCU anymore. If the caller is not within an RCU critical 796 * section and does not hold the iothread lock, it must have other means of 797 * protecting the pointer, such as a reference to the region that includes 798 * the incoming ram_addr_t. 799 * 800 * @mr: the memory region being queried. 801 */ 802 void *memory_region_get_ram_ptr(MemoryRegion *mr); 803 804 /* memory_region_ram_resize: Resize a RAM region. 805 * 806 * Only legal before guest might have detected the memory size: e.g. on 807 * incoming migration, or right after reset. 808 * 809 * @mr: a memory region created with @memory_region_init_resizeable_ram. 810 * @newsize: the new size the region 811 * @errp: pointer to Error*, to store an error if it happens. 812 */ 813 void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, 814 Error **errp); 815 816 /** 817 * memory_region_set_log: Turn dirty logging on or off for a region. 818 * 819 * Turns dirty logging on or off for a specified client (display, migration). 820 * Only meaningful for RAM regions. 821 * 822 * @mr: the memory region being updated. 823 * @log: whether dirty logging is to be enabled or disabled. 824 * @client: the user of the logging information; %DIRTY_MEMORY_VGA only. 825 */ 826 void memory_region_set_log(MemoryRegion *mr, bool log, unsigned client); 827 828 /** 829 * memory_region_get_dirty: Check whether a range of bytes is dirty 830 * for a specified client. 831 * 832 * Checks whether a range of bytes has been written to since the last 833 * call to memory_region_reset_dirty() with the same @client. Dirty logging 834 * must be enabled. 835 * 836 * @mr: the memory region being queried. 837 * @addr: the address (relative to the start of the region) being queried. 838 * @size: the size of the range being queried. 839 * @client: the user of the logging information; %DIRTY_MEMORY_MIGRATION or 840 * %DIRTY_MEMORY_VGA. 841 */ 842 bool memory_region_get_dirty(MemoryRegion *mr, hwaddr addr, 843 hwaddr size, unsigned client); 844 845 /** 846 * memory_region_set_dirty: Mark a range of bytes as dirty in a memory region. 847 * 848 * Marks a range of bytes as dirty, after it has been dirtied outside 849 * guest code. 850 * 851 * @mr: the memory region being dirtied. 852 * @addr: the address (relative to the start of the region) being dirtied. 853 * @size: size of the range being dirtied. 854 */ 855 void memory_region_set_dirty(MemoryRegion *mr, hwaddr addr, 856 hwaddr size); 857 858 /** 859 * memory_region_test_and_clear_dirty: Check whether a range of bytes is dirty 860 * for a specified client. It clears them. 861 * 862 * Checks whether a range of bytes has been written to since the last 863 * call to memory_region_reset_dirty() with the same @client. Dirty logging 864 * must be enabled. 865 * 866 * @mr: the memory region being queried. 867 * @addr: the address (relative to the start of the region) being queried. 868 * @size: the size of the range being queried. 869 * @client: the user of the logging information; %DIRTY_MEMORY_MIGRATION or 870 * %DIRTY_MEMORY_VGA. 871 */ 872 bool memory_region_test_and_clear_dirty(MemoryRegion *mr, hwaddr addr, 873 hwaddr size, unsigned client); 874 /** 875 * memory_region_sync_dirty_bitmap: Synchronize a region's dirty bitmap with 876 * any external TLBs (e.g. kvm) 877 * 878 * Flushes dirty information from accelerators such as kvm and vhost-net 879 * and makes it available to users of the memory API. 880 * 881 * @mr: the region being flushed. 882 */ 883 void memory_region_sync_dirty_bitmap(MemoryRegion *mr); 884 885 /** 886 * memory_region_reset_dirty: Mark a range of pages as clean, for a specified 887 * client. 888 * 889 * Marks a range of pages as no longer dirty. 890 * 891 * @mr: the region being updated. 892 * @addr: the start of the subrange being cleaned. 893 * @size: the size of the subrange being cleaned. 894 * @client: the user of the logging information; %DIRTY_MEMORY_MIGRATION or 895 * %DIRTY_MEMORY_VGA. 896 */ 897 void memory_region_reset_dirty(MemoryRegion *mr, hwaddr addr, 898 hwaddr size, unsigned client); 899 900 /** 901 * memory_region_set_readonly: Turn a memory region read-only (or read-write) 902 * 903 * Allows a memory region to be marked as read-only (turning it into a ROM). 904 * only useful on RAM regions. 905 * 906 * @mr: the region being updated. 907 * @readonly: whether rhe region is to be ROM or RAM. 908 */ 909 void memory_region_set_readonly(MemoryRegion *mr, bool readonly); 910 911 /** 912 * memory_region_rom_device_set_romd: enable/disable ROMD mode 913 * 914 * Allows a ROM device (initialized with memory_region_init_rom_device() to 915 * set to ROMD mode (default) or MMIO mode. When it is in ROMD mode, the 916 * device is mapped to guest memory and satisfies read access directly. 917 * When in MMIO mode, reads are forwarded to the #MemoryRegion.read function. 918 * Writes are always handled by the #MemoryRegion.write function. 919 * 920 * @mr: the memory region to be updated 921 * @romd_mode: %true to put the region into ROMD mode 922 */ 923 void memory_region_rom_device_set_romd(MemoryRegion *mr, bool romd_mode); 924 925 /** 926 * memory_region_set_coalescing: Enable memory coalescing for the region. 927 * 928 * Enabled writes to a region to be queued for later processing. MMIO ->write 929 * callbacks may be delayed until a non-coalesced MMIO is issued. 930 * Only useful for IO regions. Roughly similar to write-combining hardware. 931 * 932 * @mr: the memory region to be write coalesced 933 */ 934 void memory_region_set_coalescing(MemoryRegion *mr); 935 936 /** 937 * memory_region_add_coalescing: Enable memory coalescing for a sub-range of 938 * a region. 939 * 940 * Like memory_region_set_coalescing(), but works on a sub-range of a region. 941 * Multiple calls can be issued coalesced disjoint ranges. 942 * 943 * @mr: the memory region to be updated. 944 * @offset: the start of the range within the region to be coalesced. 945 * @size: the size of the subrange to be coalesced. 946 */ 947 void memory_region_add_coalescing(MemoryRegion *mr, 948 hwaddr offset, 949 uint64_t size); 950 951 /** 952 * memory_region_clear_coalescing: Disable MMIO coalescing for the region. 953 * 954 * Disables any coalescing caused by memory_region_set_coalescing() or 955 * memory_region_add_coalescing(). Roughly equivalent to uncacheble memory 956 * hardware. 957 * 958 * @mr: the memory region to be updated. 959 */ 960 void memory_region_clear_coalescing(MemoryRegion *mr); 961 962 /** 963 * memory_region_set_flush_coalesced: Enforce memory coalescing flush before 964 * accesses. 965 * 966 * Ensure that pending coalesced MMIO request are flushed before the memory 967 * region is accessed. This property is automatically enabled for all regions 968 * passed to memory_region_set_coalescing() and memory_region_add_coalescing(). 969 * 970 * @mr: the memory region to be updated. 971 */ 972 void memory_region_set_flush_coalesced(MemoryRegion *mr); 973 974 /** 975 * memory_region_clear_flush_coalesced: Disable memory coalescing flush before 976 * accesses. 977 * 978 * Clear the automatic coalesced MMIO flushing enabled via 979 * memory_region_set_flush_coalesced. Note that this service has no effect on 980 * memory regions that have MMIO coalescing enabled for themselves. For them, 981 * automatic flushing will stop once coalescing is disabled. 982 * 983 * @mr: the memory region to be updated. 984 */ 985 void memory_region_clear_flush_coalesced(MemoryRegion *mr); 986 987 /** 988 * memory_region_set_global_locking: Declares the access processing requires 989 * QEMU's global lock. 990 * 991 * When this is invoked, accesses to the memory region will be processed while 992 * holding the global lock of QEMU. This is the default behavior of memory 993 * regions. 994 * 995 * @mr: the memory region to be updated. 996 */ 997 void memory_region_set_global_locking(MemoryRegion *mr); 998 999 /** 1000 * memory_region_clear_global_locking: Declares that access processing does 1001 * not depend on the QEMU global lock. 1002 * 1003 * By clearing this property, accesses to the memory region will be processed 1004 * outside of QEMU's global lock (unless the lock is held on when issuing the 1005 * access request). In this case, the device model implementing the access 1006 * handlers is responsible for synchronization of concurrency. 1007 * 1008 * @mr: the memory region to be updated. 1009 */ 1010 void memory_region_clear_global_locking(MemoryRegion *mr); 1011 1012 /** 1013 * memory_region_add_eventfd: Request an eventfd to be triggered when a word 1014 * is written to a location. 1015 * 1016 * Marks a word in an IO region (initialized with memory_region_init_io()) 1017 * as a trigger for an eventfd event. The I/O callback will not be called. 1018 * The caller must be prepared to handle failure (that is, take the required 1019 * action if the callback _is_ called). 1020 * 1021 * @mr: the memory region being updated. 1022 * @addr: the address within @mr that is to be monitored 1023 * @size: the size of the access to trigger the eventfd 1024 * @match_data: whether to match against @data, instead of just @addr 1025 * @data: the data to match against the guest write 1026 * @fd: the eventfd to be triggered when @addr, @size, and @data all match. 1027 **/ 1028 void memory_region_add_eventfd(MemoryRegion *mr, 1029 hwaddr addr, 1030 unsigned size, 1031 bool match_data, 1032 uint64_t data, 1033 EventNotifier *e); 1034 1035 /** 1036 * memory_region_del_eventfd: Cancel an eventfd. 1037 * 1038 * Cancels an eventfd trigger requested by a previous 1039 * memory_region_add_eventfd() call. 1040 * 1041 * @mr: the memory region being updated. 1042 * @addr: the address within @mr that is to be monitored 1043 * @size: the size of the access to trigger the eventfd 1044 * @match_data: whether to match against @data, instead of just @addr 1045 * @data: the data to match against the guest write 1046 * @fd: the eventfd to be triggered when @addr, @size, and @data all match. 1047 */ 1048 void memory_region_del_eventfd(MemoryRegion *mr, 1049 hwaddr addr, 1050 unsigned size, 1051 bool match_data, 1052 uint64_t data, 1053 EventNotifier *e); 1054 1055 /** 1056 * memory_region_add_subregion: Add a subregion to a container. 1057 * 1058 * Adds a subregion at @offset. The subregion may not overlap with other 1059 * subregions (except for those explicitly marked as overlapping). A region 1060 * may only be added once as a subregion (unless removed with 1061 * memory_region_del_subregion()); use memory_region_init_alias() if you 1062 * want a region to be a subregion in multiple locations. 1063 * 1064 * @mr: the region to contain the new subregion; must be a container 1065 * initialized with memory_region_init(). 1066 * @offset: the offset relative to @mr where @subregion is added. 1067 * @subregion: the subregion to be added. 1068 */ 1069 void memory_region_add_subregion(MemoryRegion *mr, 1070 hwaddr offset, 1071 MemoryRegion *subregion); 1072 /** 1073 * memory_region_add_subregion_overlap: Add a subregion to a container 1074 * with overlap. 1075 * 1076 * Adds a subregion at @offset. The subregion may overlap with other 1077 * subregions. Conflicts are resolved by having a higher @priority hide a 1078 * lower @priority. Subregions without priority are taken as @priority 0. 1079 * A region may only be added once as a subregion (unless removed with 1080 * memory_region_del_subregion()); use memory_region_init_alias() if you 1081 * want a region to be a subregion in multiple locations. 1082 * 1083 * @mr: the region to contain the new subregion; must be a container 1084 * initialized with memory_region_init(). 1085 * @offset: the offset relative to @mr where @subregion is added. 1086 * @subregion: the subregion to be added. 1087 * @priority: used for resolving overlaps; highest priority wins. 1088 */ 1089 void memory_region_add_subregion_overlap(MemoryRegion *mr, 1090 hwaddr offset, 1091 MemoryRegion *subregion, 1092 int priority); 1093 1094 /** 1095 * memory_region_get_ram_addr: Get the ram address associated with a memory 1096 * region 1097 */ 1098 ram_addr_t memory_region_get_ram_addr(MemoryRegion *mr); 1099 1100 uint64_t memory_region_get_alignment(const MemoryRegion *mr); 1101 /** 1102 * memory_region_del_subregion: Remove a subregion. 1103 * 1104 * Removes a subregion from its container. 1105 * 1106 * @mr: the container to be updated. 1107 * @subregion: the region being removed; must be a current subregion of @mr. 1108 */ 1109 void memory_region_del_subregion(MemoryRegion *mr, 1110 MemoryRegion *subregion); 1111 1112 /* 1113 * memory_region_set_enabled: dynamically enable or disable a region 1114 * 1115 * Enables or disables a memory region. A disabled memory region 1116 * ignores all accesses to itself and its subregions. It does not 1117 * obscure sibling subregions with lower priority - it simply behaves as 1118 * if it was removed from the hierarchy. 1119 * 1120 * Regions default to being enabled. 1121 * 1122 * @mr: the region to be updated 1123 * @enabled: whether to enable or disable the region 1124 */ 1125 void memory_region_set_enabled(MemoryRegion *mr, bool enabled); 1126 1127 /* 1128 * memory_region_set_address: dynamically update the address of a region 1129 * 1130 * Dynamically updates the address of a region, relative to its container. 1131 * May be used on regions are currently part of a memory hierarchy. 1132 * 1133 * @mr: the region to be updated 1134 * @addr: new address, relative to container region 1135 */ 1136 void memory_region_set_address(MemoryRegion *mr, hwaddr addr); 1137 1138 /* 1139 * memory_region_set_size: dynamically update the size of a region. 1140 * 1141 * Dynamically updates the size of a region. 1142 * 1143 * @mr: the region to be updated 1144 * @size: used size of the region. 1145 */ 1146 void memory_region_set_size(MemoryRegion *mr, uint64_t size); 1147 1148 /* 1149 * memory_region_set_alias_offset: dynamically update a memory alias's offset 1150 * 1151 * Dynamically updates the offset into the target region that an alias points 1152 * to, as if the fourth argument to memory_region_init_alias() has changed. 1153 * 1154 * @mr: the #MemoryRegion to be updated; should be an alias. 1155 * @offset: the new offset into the target memory region 1156 */ 1157 void memory_region_set_alias_offset(MemoryRegion *mr, 1158 hwaddr offset); 1159 1160 /** 1161 * memory_region_present: checks if an address relative to a @container 1162 * translates into #MemoryRegion within @container 1163 * 1164 * Answer whether a #MemoryRegion within @container covers the address 1165 * @addr. 1166 * 1167 * @container: a #MemoryRegion within which @addr is a relative address 1168 * @addr: the area within @container to be searched 1169 */ 1170 bool memory_region_present(MemoryRegion *container, hwaddr addr); 1171 1172 /** 1173 * memory_region_is_mapped: returns true if #MemoryRegion is mapped 1174 * into any address space. 1175 * 1176 * @mr: a #MemoryRegion which should be checked if it's mapped 1177 */ 1178 bool memory_region_is_mapped(MemoryRegion *mr); 1179 1180 /** 1181 * memory_region_find: translate an address/size relative to a 1182 * MemoryRegion into a #MemoryRegionSection. 1183 * 1184 * Locates the first #MemoryRegion within @mr that overlaps the range 1185 * given by @addr and @size. 1186 * 1187 * Returns a #MemoryRegionSection that describes a contiguous overlap. 1188 * It will have the following characteristics: 1189 * .@size = 0 iff no overlap was found 1190 * .@mr is non-%NULL iff an overlap was found 1191 * 1192 * Remember that in the return value the @offset_within_region is 1193 * relative to the returned region (in the .@mr field), not to the 1194 * @mr argument. 1195 * 1196 * Similarly, the .@offset_within_address_space is relative to the 1197 * address space that contains both regions, the passed and the 1198 * returned one. However, in the special case where the @mr argument 1199 * has no container (and thus is the root of the address space), the 1200 * following will hold: 1201 * .@offset_within_address_space >= @addr 1202 * .@offset_within_address_space + .@size <= @addr + @size 1203 * 1204 * @mr: a MemoryRegion within which @addr is a relative address 1205 * @addr: start of the area within @as to be searched 1206 * @size: size of the area to be searched 1207 */ 1208 MemoryRegionSection memory_region_find(MemoryRegion *mr, 1209 hwaddr addr, uint64_t size); 1210 1211 /** 1212 * memory_global_dirty_log_sync: synchronize the dirty log for all memory 1213 * 1214 * Synchronizes the dirty page log for all address spaces. 1215 */ 1216 void memory_global_dirty_log_sync(void); 1217 1218 /** 1219 * memory_region_transaction_begin: Start a transaction. 1220 * 1221 * During a transaction, changes will be accumulated and made visible 1222 * only when the transaction ends (is committed). 1223 */ 1224 void memory_region_transaction_begin(void); 1225 1226 /** 1227 * memory_region_transaction_commit: Commit a transaction and make changes 1228 * visible to the guest. 1229 */ 1230 void memory_region_transaction_commit(void); 1231 1232 /** 1233 * memory_listener_register: register callbacks to be called when memory 1234 * sections are mapped or unmapped into an address 1235 * space 1236 * 1237 * @listener: an object containing the callbacks to be called 1238 * @filter: if non-%NULL, only regions in this address space will be observed 1239 */ 1240 void memory_listener_register(MemoryListener *listener, AddressSpace *filter); 1241 1242 /** 1243 * memory_listener_unregister: undo the effect of memory_listener_register() 1244 * 1245 * @listener: an object containing the callbacks to be removed 1246 */ 1247 void memory_listener_unregister(MemoryListener *listener); 1248 1249 /** 1250 * memory_global_dirty_log_start: begin dirty logging for all regions 1251 */ 1252 void memory_global_dirty_log_start(void); 1253 1254 /** 1255 * memory_global_dirty_log_stop: end dirty logging for all regions 1256 */ 1257 void memory_global_dirty_log_stop(void); 1258 1259 void mtree_info(fprintf_function mon_printf, void *f, bool flatview); 1260 1261 /** 1262 * memory_region_dispatch_read: perform a read directly to the specified 1263 * MemoryRegion. 1264 * 1265 * @mr: #MemoryRegion to access 1266 * @addr: address within that region 1267 * @pval: pointer to uint64_t which the data is written to 1268 * @size: size of the access in bytes 1269 * @attrs: memory transaction attributes to use for the access 1270 */ 1271 MemTxResult memory_region_dispatch_read(MemoryRegion *mr, 1272 hwaddr addr, 1273 uint64_t *pval, 1274 unsigned size, 1275 MemTxAttrs attrs); 1276 /** 1277 * memory_region_dispatch_write: perform a write directly to the specified 1278 * MemoryRegion. 1279 * 1280 * @mr: #MemoryRegion to access 1281 * @addr: address within that region 1282 * @data: data to write 1283 * @size: size of the access in bytes 1284 * @attrs: memory transaction attributes to use for the access 1285 */ 1286 MemTxResult memory_region_dispatch_write(MemoryRegion *mr, 1287 hwaddr addr, 1288 uint64_t data, 1289 unsigned size, 1290 MemTxAttrs attrs); 1291 1292 /** 1293 * address_space_init: initializes an address space 1294 * 1295 * @as: an uninitialized #AddressSpace 1296 * @root: a #MemoryRegion that routes addresses for the address space 1297 * @name: an address space name. The name is only used for debugging 1298 * output. 1299 */ 1300 void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name); 1301 1302 /** 1303 * address_space_init_shareable: return an address space for a memory region, 1304 * creating it if it does not already exist 1305 * 1306 * @root: a #MemoryRegion that routes addresses for the address space 1307 * @name: an address space name. The name is only used for debugging 1308 * output. 1309 * 1310 * This function will return a pointer to an existing AddressSpace 1311 * which was initialized with the specified MemoryRegion, or it will 1312 * create and initialize one if it does not already exist. The ASes 1313 * are reference-counted, so the memory will be freed automatically 1314 * when the AddressSpace is destroyed via address_space_destroy. 1315 */ 1316 AddressSpace *address_space_init_shareable(MemoryRegion *root, 1317 const char *name); 1318 1319 /** 1320 * address_space_destroy: destroy an address space 1321 * 1322 * Releases all resources associated with an address space. After an address space 1323 * is destroyed, its root memory region (given by address_space_init()) may be destroyed 1324 * as well. 1325 * 1326 * @as: address space to be destroyed 1327 */ 1328 void address_space_destroy(AddressSpace *as); 1329 1330 /** 1331 * address_space_rw: read from or write to an address space. 1332 * 1333 * Return a MemTxResult indicating whether the operation succeeded 1334 * or failed (eg unassigned memory, device rejected the transaction, 1335 * IOMMU fault). 1336 * 1337 * @as: #AddressSpace to be accessed 1338 * @addr: address within that address space 1339 * @attrs: memory transaction attributes 1340 * @buf: buffer with the data transferred 1341 * @is_write: indicates the transfer direction 1342 */ 1343 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, 1344 MemTxAttrs attrs, uint8_t *buf, 1345 int len, bool is_write); 1346 1347 /** 1348 * address_space_write: write to address space. 1349 * 1350 * Return a MemTxResult indicating whether the operation succeeded 1351 * or failed (eg unassigned memory, device rejected the transaction, 1352 * IOMMU fault). 1353 * 1354 * @as: #AddressSpace to be accessed 1355 * @addr: address within that address space 1356 * @attrs: memory transaction attributes 1357 * @buf: buffer with the data transferred 1358 */ 1359 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, 1360 MemTxAttrs attrs, 1361 const uint8_t *buf, int len); 1362 1363 /* address_space_ld*: load from an address space 1364 * address_space_st*: store to an address space 1365 * 1366 * These functions perform a load or store of the byte, word, 1367 * longword or quad to the specified address within the AddressSpace. 1368 * The _le suffixed functions treat the data as little endian; 1369 * _be indicates big endian; no suffix indicates "same endianness 1370 * as guest CPU". 1371 * 1372 * The "guest CPU endianness" accessors are deprecated for use outside 1373 * target-* code; devices should be CPU-agnostic and use either the LE 1374 * or the BE accessors. 1375 * 1376 * @as #AddressSpace to be accessed 1377 * @addr: address within that address space 1378 * @val: data value, for stores 1379 * @attrs: memory transaction attributes 1380 * @result: location to write the success/failure of the transaction; 1381 * if NULL, this information is discarded 1382 */ 1383 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr, 1384 MemTxAttrs attrs, MemTxResult *result); 1385 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr, 1386 MemTxAttrs attrs, MemTxResult *result); 1387 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr, 1388 MemTxAttrs attrs, MemTxResult *result); 1389 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr, 1390 MemTxAttrs attrs, MemTxResult *result); 1391 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr, 1392 MemTxAttrs attrs, MemTxResult *result); 1393 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr, 1394 MemTxAttrs attrs, MemTxResult *result); 1395 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr, 1396 MemTxAttrs attrs, MemTxResult *result); 1397 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val, 1398 MemTxAttrs attrs, MemTxResult *result); 1399 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val, 1400 MemTxAttrs attrs, MemTxResult *result); 1401 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val, 1402 MemTxAttrs attrs, MemTxResult *result); 1403 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val, 1404 MemTxAttrs attrs, MemTxResult *result); 1405 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val, 1406 MemTxAttrs attrs, MemTxResult *result); 1407 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val, 1408 MemTxAttrs attrs, MemTxResult *result); 1409 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val, 1410 MemTxAttrs attrs, MemTxResult *result); 1411 1412 uint32_t ldub_phys(AddressSpace *as, hwaddr addr); 1413 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr); 1414 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr); 1415 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr); 1416 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr); 1417 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr); 1418 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr); 1419 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val); 1420 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val); 1421 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val); 1422 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val); 1423 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val); 1424 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val); 1425 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val); 1426 1427 struct MemoryRegionCache { 1428 hwaddr xlat; 1429 void *ptr; 1430 hwaddr len; 1431 MemoryRegion *mr; 1432 bool is_write; 1433 }; 1434 1435 #define MEMORY_REGION_CACHE_INVALID ((MemoryRegionCache) { .mr = NULL }) 1436 1437 /* address_space_cache_init: prepare for repeated access to a physical 1438 * memory region 1439 * 1440 * @cache: #MemoryRegionCache to be filled 1441 * @as: #AddressSpace to be accessed 1442 * @addr: address within that address space 1443 * @len: length of buffer 1444 * @is_write: indicates the transfer direction 1445 * 1446 * Will only work with RAM, and may map a subset of the requested range by 1447 * returning a value that is less than @len. On failure, return a negative 1448 * errno value. 1449 * 1450 * Because it only works with RAM, this function can be used for 1451 * read-modify-write operations. In this case, is_write should be %true. 1452 * 1453 * Note that addresses passed to the address_space_*_cached functions 1454 * are relative to @addr. 1455 */ 1456 int64_t address_space_cache_init(MemoryRegionCache *cache, 1457 AddressSpace *as, 1458 hwaddr addr, 1459 hwaddr len, 1460 bool is_write); 1461 1462 /** 1463 * address_space_cache_invalidate: complete a write to a #MemoryRegionCache 1464 * 1465 * @cache: The #MemoryRegionCache to operate on. 1466 * @addr: The first physical address that was written, relative to the 1467 * address that was passed to @address_space_cache_init. 1468 * @access_len: The number of bytes that were written starting at @addr. 1469 */ 1470 void address_space_cache_invalidate(MemoryRegionCache *cache, 1471 hwaddr addr, 1472 hwaddr access_len); 1473 1474 /** 1475 * address_space_cache_destroy: free a #MemoryRegionCache 1476 * 1477 * @cache: The #MemoryRegionCache whose memory should be released. 1478 */ 1479 void address_space_cache_destroy(MemoryRegionCache *cache); 1480 1481 /* address_space_ld*_cached: load from a cached #MemoryRegion 1482 * address_space_st*_cached: store into a cached #MemoryRegion 1483 * 1484 * These functions perform a load or store of the byte, word, 1485 * longword or quad to the specified address. The address is 1486 * a physical address in the AddressSpace, but it must lie within 1487 * a #MemoryRegion that was mapped with address_space_cache_init. 1488 * 1489 * The _le suffixed functions treat the data as little endian; 1490 * _be indicates big endian; no suffix indicates "same endianness 1491 * as guest CPU". 1492 * 1493 * The "guest CPU endianness" accessors are deprecated for use outside 1494 * target-* code; devices should be CPU-agnostic and use either the LE 1495 * or the BE accessors. 1496 * 1497 * @cache: previously initialized #MemoryRegionCache to be accessed 1498 * @addr: address within the address space 1499 * @val: data value, for stores 1500 * @attrs: memory transaction attributes 1501 * @result: location to write the success/failure of the transaction; 1502 * if NULL, this information is discarded 1503 */ 1504 uint32_t address_space_ldub_cached(MemoryRegionCache *cache, hwaddr addr, 1505 MemTxAttrs attrs, MemTxResult *result); 1506 uint32_t address_space_lduw_le_cached(MemoryRegionCache *cache, hwaddr addr, 1507 MemTxAttrs attrs, MemTxResult *result); 1508 uint32_t address_space_lduw_be_cached(MemoryRegionCache *cache, hwaddr addr, 1509 MemTxAttrs attrs, MemTxResult *result); 1510 uint32_t address_space_ldl_le_cached(MemoryRegionCache *cache, hwaddr addr, 1511 MemTxAttrs attrs, MemTxResult *result); 1512 uint32_t address_space_ldl_be_cached(MemoryRegionCache *cache, hwaddr addr, 1513 MemTxAttrs attrs, MemTxResult *result); 1514 uint64_t address_space_ldq_le_cached(MemoryRegionCache *cache, hwaddr addr, 1515 MemTxAttrs attrs, MemTxResult *result); 1516 uint64_t address_space_ldq_be_cached(MemoryRegionCache *cache, hwaddr addr, 1517 MemTxAttrs attrs, MemTxResult *result); 1518 void address_space_stb_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val, 1519 MemTxAttrs attrs, MemTxResult *result); 1520 void address_space_stw_le_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val, 1521 MemTxAttrs attrs, MemTxResult *result); 1522 void address_space_stw_be_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val, 1523 MemTxAttrs attrs, MemTxResult *result); 1524 void address_space_stl_le_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val, 1525 MemTxAttrs attrs, MemTxResult *result); 1526 void address_space_stl_be_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val, 1527 MemTxAttrs attrs, MemTxResult *result); 1528 void address_space_stq_le_cached(MemoryRegionCache *cache, hwaddr addr, uint64_t val, 1529 MemTxAttrs attrs, MemTxResult *result); 1530 void address_space_stq_be_cached(MemoryRegionCache *cache, hwaddr addr, uint64_t val, 1531 MemTxAttrs attrs, MemTxResult *result); 1532 1533 uint32_t ldub_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1534 uint32_t lduw_le_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1535 uint32_t lduw_be_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1536 uint32_t ldl_le_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1537 uint32_t ldl_be_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1538 uint64_t ldq_le_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1539 uint64_t ldq_be_phys_cached(MemoryRegionCache *cache, hwaddr addr); 1540 void stb_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val); 1541 void stw_le_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val); 1542 void stw_be_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val); 1543 void stl_le_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val); 1544 void stl_be_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint32_t val); 1545 void stq_le_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint64_t val); 1546 void stq_be_phys_cached(MemoryRegionCache *cache, hwaddr addr, uint64_t val); 1547 /* address_space_get_iotlb_entry: translate an address into an IOTLB 1548 * entry. Should be called from an RCU critical section. 1549 */ 1550 IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace *as, hwaddr addr, 1551 bool is_write); 1552 1553 /* address_space_translate: translate an address range into an address space 1554 * into a MemoryRegion and an address range into that section. Should be 1555 * called from an RCU critical section, to avoid that the last reference 1556 * to the returned region disappears after address_space_translate returns. 1557 * 1558 * @as: #AddressSpace to be accessed 1559 * @addr: address within that address space 1560 * @xlat: pointer to address within the returned memory region section's 1561 * #MemoryRegion. 1562 * @len: pointer to length 1563 * @is_write: indicates the transfer direction 1564 */ 1565 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, 1566 hwaddr *xlat, hwaddr *len, 1567 bool is_write); 1568 1569 /* address_space_access_valid: check for validity of accessing an address 1570 * space range 1571 * 1572 * Check whether memory is assigned to the given address space range, and 1573 * access is permitted by any IOMMU regions that are active for the address 1574 * space. 1575 * 1576 * For now, addr and len should be aligned to a page size. This limitation 1577 * will be lifted in the future. 1578 * 1579 * @as: #AddressSpace to be accessed 1580 * @addr: address within that address space 1581 * @len: length of the area to be checked 1582 * @is_write: indicates the transfer direction 1583 */ 1584 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write); 1585 1586 /* address_space_map: map a physical memory region into a host virtual address 1587 * 1588 * May map a subset of the requested range, given by and returned in @plen. 1589 * May return %NULL if resources needed to perform the mapping are exhausted. 1590 * Use only for reads OR writes - not for read-modify-write operations. 1591 * Use cpu_register_map_client() to know when retrying the map operation is 1592 * likely to succeed. 1593 * 1594 * @as: #AddressSpace to be accessed 1595 * @addr: address within that address space 1596 * @plen: pointer to length of buffer; updated on return 1597 * @is_write: indicates the transfer direction 1598 */ 1599 void *address_space_map(AddressSpace *as, hwaddr addr, 1600 hwaddr *plen, bool is_write); 1601 1602 /* address_space_unmap: Unmaps a memory region previously mapped by address_space_map() 1603 * 1604 * Will also mark the memory as dirty if @is_write == %true. @access_len gives 1605 * the amount of memory that was actually read or written by the caller. 1606 * 1607 * @as: #AddressSpace used 1608 * @addr: address within that address space 1609 * @len: buffer length as returned by address_space_map() 1610 * @access_len: amount of data actually transferred 1611 * @is_write: indicates the transfer direction 1612 */ 1613 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len, 1614 int is_write, hwaddr access_len); 1615 1616 1617 /* Internal functions, part of the implementation of address_space_read. */ 1618 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, 1619 MemTxAttrs attrs, uint8_t *buf, 1620 int len, hwaddr addr1, hwaddr l, 1621 MemoryRegion *mr); 1622 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr, 1623 MemTxAttrs attrs, uint8_t *buf, int len); 1624 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr); 1625 1626 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write) 1627 { 1628 if (is_write) { 1629 return memory_region_is_ram(mr) && 1630 !mr->readonly && !memory_region_is_ram_device(mr); 1631 } else { 1632 return (memory_region_is_ram(mr) && !memory_region_is_ram_device(mr)) || 1633 memory_region_is_romd(mr); 1634 } 1635 } 1636 1637 /** 1638 * address_space_read: read from an address space. 1639 * 1640 * Return a MemTxResult indicating whether the operation succeeded 1641 * or failed (eg unassigned memory, device rejected the transaction, 1642 * IOMMU fault). 1643 * 1644 * @as: #AddressSpace to be accessed 1645 * @addr: address within that address space 1646 * @attrs: memory transaction attributes 1647 * @buf: buffer with the data transferred 1648 */ 1649 static inline __attribute__((__always_inline__)) 1650 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs, 1651 uint8_t *buf, int len) 1652 { 1653 MemTxResult result = MEMTX_OK; 1654 hwaddr l, addr1; 1655 void *ptr; 1656 MemoryRegion *mr; 1657 1658 if (__builtin_constant_p(len)) { 1659 if (len) { 1660 rcu_read_lock(); 1661 l = len; 1662 mr = address_space_translate(as, addr, &addr1, &l, false); 1663 if (len == l && memory_access_is_direct(mr, false)) { 1664 ptr = qemu_map_ram_ptr(mr->ram_block, addr1); 1665 memcpy(buf, ptr, len); 1666 } else { 1667 result = address_space_read_continue(as, addr, attrs, buf, len, 1668 addr1, l, mr); 1669 } 1670 rcu_read_unlock(); 1671 } 1672 } else { 1673 result = address_space_read_full(as, addr, attrs, buf, len); 1674 } 1675 return result; 1676 } 1677 1678 /** 1679 * address_space_read_cached: read from a cached RAM region 1680 * 1681 * @cache: Cached region to be addressed 1682 * @addr: address relative to the base of the RAM region 1683 * @buf: buffer with the data transferred 1684 * @len: length of the data transferred 1685 */ 1686 static inline void 1687 address_space_read_cached(MemoryRegionCache *cache, hwaddr addr, 1688 void *buf, int len) 1689 { 1690 assert(addr < cache->len && len <= cache->len - addr); 1691 memcpy(buf, cache->ptr + addr, len); 1692 } 1693 1694 /** 1695 * address_space_write_cached: write to a cached RAM region 1696 * 1697 * @cache: Cached region to be addressed 1698 * @addr: address relative to the base of the RAM region 1699 * @buf: buffer with the data transferred 1700 * @len: length of the data transferred 1701 */ 1702 static inline void 1703 address_space_write_cached(MemoryRegionCache *cache, hwaddr addr, 1704 void *buf, int len) 1705 { 1706 assert(addr < cache->len && len <= cache->len - addr); 1707 memcpy(cache->ptr + addr, buf, len); 1708 } 1709 1710 #endif 1711 1712 #endif 1713