The memory API¶
The memory API models the memory and I/O buses and controllers of a QEMU machine. It attempts to allow modelling of:
- ordinary RAM
- memory-mapped I/O (MMIO)
- memory controllers that can dynamically reroute physical memory regions to different destinations
The memory model provides support for
- tracking RAM changes by the guest
- setting up coalesced memory for kvm
- setting up ioeventfd regions for kvm
Memory is modelled as an acyclic graph of MemoryRegion objects. Sinks (leaves) are RAM and MMIO regions, while other nodes represent buses, memory controllers, and memory regions that have been rerouted.
In addition to MemoryRegion objects, the memory API provides AddressSpace objects for every root and possibly for intermediate MemoryRegions too. These represent memory as seen from the CPU or a device’s viewpoint.
Types of regions¶
There are multiple types of memory regions (all represented by a single C type MemoryRegion):
RAM: a RAM region is simply a range of host memory that can be made available to the guest. You typically initialize these with memory_region_init_ram(). Some special purposes require the variants memory_region_init_resizeable_ram(), memory_region_init_ram_from_file(), or memory_region_init_ram_ptr().
MMIO: a range of guest memory that is implemented by host callbacks; each read or write causes a callback to be called on the host. You initialize these with memory_region_init_io(), passing it a MemoryRegionOps structure describing the callbacks.
ROM: a ROM memory region works like RAM for reads (directly accessing a region of host memory), and forbids writes. You initialize these with memory_region_init_rom().
ROM device: a ROM device memory region works like RAM for reads (directly accessing a region of host memory), but like MMIO for writes (invoking a callback). You initialize these with memory_region_init_rom_device().
IOMMU region: an IOMMU region translates addresses of accesses made to it and forwards them to some other target memory region. As the name suggests, these are only needed for modelling an IOMMU, not for simple devices. You initialize these with memory_region_init_iommu().
container: a container simply includes other memory regions, each at a different offset. Containers are useful for grouping several regions into one unit. For example, a PCI BAR may be composed of a RAM region and an MMIO region.
A container’s subregions are usually non-overlapping. In some cases it is useful to have overlapping regions; for example a memory controller that can overlay a subregion of RAM with MMIO or ROM, or a PCI controller that does not prevent card from claiming overlapping BARs.
You initialize a pure container with memory_region_init().
alias: a subsection of another region. Aliases allow a region to be split apart into discontiguous regions. Examples of uses are memory banks used when the guest address space is smaller than the amount of RAM addressed, or a memory controller that splits main memory to expose a “PCI hole”. Aliases may point to any type of region, including other aliases, but an alias may not point back to itself, directly or indirectly. You initialize these with memory_region_init_alias().
reservation region: a reservation region is primarily for debugging. It claims I/O space that is not supposed to be handled by QEMU itself. The typical use is to track parts of the address space which will be handled by the host kernel when KVM is enabled. You initialize these with memory_region_init_reservation(), or by passing a NULL callback parameter to memory_region_init_io().
It is valid to add subregions to a region which is not a pure container (that is, to an MMIO, RAM or ROM region). This means that the region will act like a container, except that any addresses within the container’s region which are not claimed by any subregion are handled by the container itself (ie by its MMIO callbacks or RAM backing). However it is generally possible to achieve the same effect with a pure container one of whose subregions is a low priority “background” region covering the whole address range; this is often clearer and is preferred. Subregions cannot be added to an alias region.
Region names¶
Regions are assigned names by the constructor. For most regions these are only used for debugging purposes, but RAM regions also use the name to identify live migration sections. This means that RAM region names need to have ABI stability.
Region lifecycle¶
A region is created by one of the memory_region_init*() functions and attached to an object, which acts as its owner or parent. QEMU ensures that the owner object remains alive as long as the region is visible to the guest, or as long as the region is in use by a virtual CPU or another device. For example, the owner object will not die between an address_space_map operation and the corresponding address_space_unmap.
After creation, a region can be added to an address space or a container with memory_region_add_subregion(), and removed using memory_region_del_subregion().
Various region attributes (read-only, dirty logging, coalesced mmio, ioeventfd) can be changed during the region lifecycle. They take effect as soon as the region is made visible. This can be immediately, later, or never.
Destruction of a memory region happens automatically when the owner object dies.
If however the memory region is part of a dynamically allocated data structure, you should call object_unparent() to destroy the memory region before the data structure is freed. For an example see VFIOMSIXInfo and VFIOQuirk in hw/vfio/pci.c.
You must not destroy a memory region as long as it may be in use by a device or CPU. In order to do this, as a general rule do not create or destroy memory regions dynamically during a device’s lifetime, and only call object_unparent() in the memory region owner’s instance_finalize callback. The dynamically allocated data structure that contains the memory region then should obviously be freed in the instance_finalize callback as well.
If you break this rule, the following situation can happen:
- the memory region’s owner had a reference taken via memory_region_ref (for example by address_space_map)
- the region is unparented, and has no owner anymore
- when address_space_unmap is called, the reference to the memory region’s owner is leaked.
There is an exception to the above rule: it is okay to call object_unparent at any time for an alias or a container region. It is therefore also okay to create or destroy alias and container regions dynamically during a device’s lifetime.
This exceptional usage is valid because aliases and containers only help QEMU building the guest’s memory map; they are never accessed directly. memory_region_ref and memory_region_unref are never called on aliases or containers, and the above situation then cannot happen. Exploiting this exception is rarely necessary, and therefore it is discouraged, but nevertheless it is used in a few places.
For regions that “have no owner” (NULL is passed at creation time), the machine object is actually used as the owner. Since instance_finalize is never called for the machine object, you must never call object_unparent on regions that have no owner, unless they are aliases or containers.
Overlapping regions and priority¶
Usually, regions may not overlap each other; a memory address decodes into exactly one target. In some cases it is useful to allow regions to overlap, and sometimes to control which of an overlapping regions is visible to the guest. This is done with memory_region_add_subregion_overlap(), which allows the region to overlap any other region in the same container, and specifies a priority that allows the core to decide which of two regions at the same address are visible (highest wins). Priority values are signed, and the default value is zero. This means that you can use memory_region_add_subregion_overlap() both to specify a region that must sit ‘above’ any others (with a positive priority) and also a background region that sits ‘below’ others (with a negative priority).
If the higher priority region in an overlap is a container or alias, then the lower priority region will appear in any “holes” that the higher priority region has left by not mapping subregions to that area of its address range. (This applies recursively – if the subregions are themselves containers or aliases that leave holes then the lower priority region will appear in these holes too.)
For example, suppose we have a container A of size 0x8000 with two subregions B and C. B is a container mapped at 0x2000, size 0x4000, priority 2; C is an MMIO region mapped at 0x0, size 0x6000, priority 1. B currently has two of its own subregions: D of size 0x1000 at offset 0 and E of size 0x1000 at offset 0x2000. As a diagram:
0 1000 2000 3000 4000 5000 6000 7000 8000
|------|------|------|------|------|------|------|------|
A: [ ]
C: [CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC]
B: [ ]
D: [DDDDD]
E: [EEEEE]
The regions that will be seen within this address range then are:
[CCCCCCCCCCCC][DDDDD][CCCCC][EEEEE][CCCCC]
Since B has higher priority than C, its subregions appear in the flat map even where they overlap with C. In ranges where B has not mapped anything C’s region appears.
If B had provided its own MMIO operations (ie it was not a pure container) then these would be used for any addresses in its range not handled by D or E, and the result would be:
[CCCCCCCCCCCC][DDDDD][BBBBB][EEEEE][BBBBB]
Priority values are local to a container, because the priorities of two regions are only compared when they are both children of the same container. This means that the device in charge of the container (typically modelling a bus or a memory controller) can use them to manage the interaction of its child regions without any side effects on other parts of the system. In the example above, the priorities of D and E are unimportant because they do not overlap each other. It is the relative priority of B and C that causes D and E to appear on top of C: D and E’s priorities are never compared against the priority of C.
Visibility¶
The memory core uses the following rules to select a memory region when the guest accesses an address:
- all direct subregions of the root region are matched against the address, in
descending priority order
- if the address lies outside the region offset/size, the subregion is discarded
- if the subregion is a leaf (RAM or MMIO), the search terminates, returning this leaf region
- if the subregion is a container, the same algorithm is used within the subregion (after the address is adjusted by the subregion offset)
- if the subregion is an alias, the search is continued at the alias target (after the address is adjusted by the subregion offset and alias offset)
- if a recursive search within a container or alias subregion does not find a match (because of a “hole” in the container’s coverage of its address range), then if this is a container with its own MMIO or RAM backing the search terminates, returning the container itself. Otherwise we continue with the next subregion in priority order
- if none of the subregions match the address then the search terminates with no match found
Example memory map¶
system_memory: container@0-2^48-1
|
+---- lomem: alias@0-0xdfffffff ---> #ram (0-0xdfffffff)
|
+---- himem: alias@0x100000000-0x11fffffff ---> #ram (0xe0000000-0xffffffff)
|
+---- vga-window: alias@0xa0000-0xbffff ---> #pci (0xa0000-0xbffff)
| (prio 1)
|
+---- pci-hole: alias@0xe0000000-0xffffffff ---> #pci (0xe0000000-0xffffffff)
pci (0-2^32-1)
|
+--- vga-area: container@0xa0000-0xbffff
| |
| +--- alias@0x00000-0x7fff ---> #vram (0x010000-0x017fff)
| |
| +--- alias@0x08000-0xffff ---> #vram (0x020000-0x027fff)
|
+---- vram: ram@0xe1000000-0xe1ffffff
|
+---- vga-mmio: mmio@0xe2000000-0xe200ffff
ram: ram@0x00000000-0xffffffff
This is a (simplified) PC memory map. The 4GB RAM block is mapped into the system address space via two aliases: “lomem” is a 1:1 mapping of the first 3.5GB; “himem” maps the last 0.5GB at address 4GB. This leaves 0.5GB for the so-called PCI hole, that allows a 32-bit PCI bus to exist in a system with 4GB of memory.
The memory controller diverts addresses in the range 640K-768K to the PCI address space. This is modelled using the “vga-window” alias, mapped at a higher priority so it obscures the RAM at the same addresses. The vga window can be removed by programming the memory controller; this is modelled by removing the alias and exposing the RAM underneath.
The pci address space is not a direct child of the system address space, since we only want parts of it to be visible (we accomplish this using aliases). It has two subregions: vga-area models the legacy vga window and is occupied by two 32K memory banks pointing at two sections of the framebuffer. In addition the vram is mapped as a BAR at address e1000000, and an additional BAR containing MMIO registers is mapped after it.
Note that if the guest maps a BAR outside the PCI hole, it would not be visible as the pci-hole alias clips it to a 0.5GB range.
MMIO Operations¶
MMIO regions are provided with ->read() and ->write() callbacks; in addition various constraints can be supplied to control how these callbacks are called:
- .valid.min_access_size, .valid.max_access_size define the access sizes (in bytes) which the device accepts; accesses outside this range will have device and bus specific behaviour (ignored, or machine check)
- .valid.unaligned specifies that the device being modelled supports unaligned accesses; if false, unaligned accesses will invoke the appropriate bus or CPU specific behaviour.
- .impl.min_access_size, .impl.max_access_size define the access sizes (in bytes) supported by the implementation; other access sizes will be emulated using the ones available. For example a 4-byte write will be emulated using four 1-byte writes, if .impl.max_access_size = 1.
- .impl.unaligned specifies that the implementation supports unaligned accesses; if false, unaligned accesses will be emulated by two aligned accesses.
- .old_mmio eases the porting of code that was formerly using cpu_register_io_memory(). It should not be used in new code.
Detailed API documentation¶
-
struct
MemoryListener
¶ callbacks structure for updates to the physical memory map
Definition
struct MemoryListener {
};
Members
Description
Allows a component to adjust to changes in the guest-visible memory map.
Use with memory_listener_register()
and memory_listener_unregister()
.
-
struct
AddressSpace
¶ describes a mapping of addresses to
MemoryRegion
objects
Definition
struct AddressSpace {
};
Members
-
struct
MemoryRegionSection
¶ describes a fragment of a
MemoryRegion
Definition
struct MemoryRegionSection {
MemoryRegion * mr;
AddressSpace * address_space;
hwaddr offset_within_region;
Int128 size;
hwaddr offset_within_address_space;
bool readonly;
};
Members
mr
- the region, or
NULL
if empty address_space
- the address space the region is mapped in
offset_within_region
- the beginning of the section, relative to mr‘s start
size
- the size of the section; will not exceed mr‘s boundaries
offset_within_address_space
- the address of the first byte of the section relative to the region’s address space
readonly
- writes to this section are ignored
-
void
memory_region_init
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size)¶ Initialize a memory region
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized struct Object * owner
- the object that tracks the region’s reference count
const char * name
- used for debugging; not visible to the user or ABI
uint64_t size
- size of the region; any subregions beyond this size will be clipped
Description
The region typically acts as a container for other memory regions. Use
memory_region_add_subregion()
to add subregions.
-
void
memory_region_ref
(MemoryRegion * mr)¶ Add 1 to a memory region’s reference count
Parameters
MemoryRegion * mr
- the
MemoryRegion
Description
Whenever memory regions are accessed outside the BQL, they need to be preserved against hot-unplug. MemoryRegions actually do not have their own reference count; they piggyback on a QOM object, their “owner”. This function adds a reference to the owner.
All MemoryRegions must have an owner if they can disappear, even if the device they belong to operates exclusively under the BQL. This is because the region could be returned at any time by memory_region_find, and this is usually under guest control.
-
void
memory_region_unref
(MemoryRegion * mr)¶ Remove 1 to a memory region’s reference count
Parameters
MemoryRegion * mr
- the
MemoryRegion
Description
Whenever memory regions are accessed outside the BQL, they need to be preserved against hot-unplug. MemoryRegions actually do not have their own reference count; they piggyback on a QOM object, their “owner”. This function removes a reference to the owner and possibly destroys it.
-
void
memory_region_init_io
(MemoryRegion * mr, struct Object * owner, const MemoryRegionOps * ops, void * opaque, const char * name, uint64_t size)¶ Initialize an I/O memory region.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const MemoryRegionOps * ops
- a structure containing read and write callbacks to be used when I/O is performed on the region.
void * opaque
- passed to the read and write callbacks of the ops structure.
const char * name
- used for debugging; not visible to the user or ABI
uint64_t size
- size of the region.
Description
Accesses into the region will cause the callbacks in ops to be called. if size is nonzero, subregions will be clipped to size.
-
void
memory_region_init_ram
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, Error ** errp)¶ Initialize RAM memory region. Accesses into the region will modify memory directly.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- the name of the region.
uint64_t size
- size of the region.
Error ** errp
- pointer to Error*, to store an error if it happens.
-
void
memory_region_init_resizeable_ram
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, uint64_t max_size, void (*resized) (const char*, uint64_t length, void *host, Error ** errp)¶ Initialize memory region with resizeable RAM. Accesses into the region will modify memory directly. Only an initial portion of this RAM is actually used. The used size can change across reboots.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- the name of the region.
uint64_t size
- used size of the region.
uint64_t max_size
- max size of the region.
void (*)(const char*, uint64_t length, void *host) resized
- callback to notify owner about used size change.
Error ** errp
- pointer to Error*, to store an error if it happens.
-
void
memory_region_init_ram_from_file
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, bool share, const char * path, Error ** errp)¶ Initialize RAM memory region with a mmap-ed backend.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- the name of the region.
uint64_t size
- size of the region.
bool share
true
if memory must be mmaped with the MAP_SHARED flagconst char * path
- the path in which to allocate the RAM.
Error ** errp
- pointer to Error*, to store an error if it happens.
-
void
memory_region_init_ram_ptr
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, void * ptr)¶ Initialize RAM memory region from a user-provided pointer. Accesses into the region will modify memory directly.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- the name of the region.
uint64_t size
- size of the region.
void * ptr
- memory to be mapped; must contain at least size bytes.
-
void
memory_region_init_ram_device_ptr
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, void * ptr)¶ Initialize RAM device memory region from a user-provided pointer.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- the name of the region.
uint64_t size
- size of the region.
void * ptr
- memory to be mapped; must contain at least size bytes.
Description
A RAM device represents a mapping to a physical device, such as to a PCI MMIO BAR of an vfio-pci assigned device. The memory region may be mapped into the VM address space and access to the region will modify memory directly. However, the memory region should not be included in a memory dump (device may not be enabled/mapped at the time of the dump), and operations incompatible with manipulating MMIO should be avoided. Replaces skip_dump flag.
-
void
memory_region_init_alias
(MemoryRegion * mr, struct Object * owner, const char * name, MemoryRegion * orig, hwaddr offset, uint64_t size)¶ Initialize a memory region that aliases all or a part of another memory region.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- used for debugging; not visible to the user or ABI
MemoryRegion * orig
- the region to be referenced; mr will be equivalent to orig between offset and offset + size - 1.
hwaddr offset
- start of the section in orig to be referenced.
uint64_t size
- size of the region.
-
void
memory_region_init_rom
(MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, Error ** errp)¶ Initialize a ROM memory region.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const char * name
- the name of the region.
uint64_t size
- size of the region.
Error ** errp
- pointer to Error*, to store an error if it happens.
Description
This has the same effect as calling memory_region_init_ram()
and then marking the resulting region read-only with
memory_region_set_readonly()
.
-
void
memory_region_init_rom_device
(MemoryRegion * mr, struct Object * owner, const MemoryRegionOps * ops, void * opaque, const char * name, uint64_t size, Error ** errp)¶ Initialize a ROM memory region. Writes are handled via callbacks.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized. struct Object * owner
- the object that tracks the region’s reference count
const MemoryRegionOps * ops
- callbacks for write access handling (must not be NULL).
void * opaque
- passed to the read and write callbacks of the ops structure.
const char * name
- the name of the region.
uint64_t size
- size of the region.
Error ** errp
- pointer to Error*, to store an error if it happens.
-
void
memory_region_init_reservation
(MemoryRegion * mr, Object * owner, const char * name, uint64_t size)¶ Initialize a memory region that reserves I/O space.
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized Object * owner
- the object that tracks the region’s reference count
const char * name
- used for debugging; not visible to the user or ABI
uint64_t size
- size of the region.
Description
A reservation region primarily serves debugging purposes. It claims I/O
space that is not supposed to be handled by QEMU itself. Any access via
the memory API will cause an abort()
.
This function is deprecated. Use memory_region_init_io()
with NULL
callbacks instead.
-
void
memory_region_init_iommu
(MemoryRegion * mr, struct Object * owner, const MemoryRegionIOMMUOps * ops, const char * name, uint64_t size)¶ Initialize a memory region that translates addresses
Parameters
MemoryRegion * mr
- the
MemoryRegion
to be initialized struct Object * owner
- the object that tracks the region’s reference count
const MemoryRegionIOMMUOps * ops
- a function that translates addresses into the target region
const char * name
- used for debugging; not visible to the user or ABI
uint64_t size
- size of the region.
Description
An IOMMU region translates addresses and forwards accesses to a target memory region.
-
struct Object *
memory_region_owner
(MemoryRegion * mr)¶ get a memory region’s owner.
Parameters
MemoryRegion * mr
- the memory region being queried.
-
uint64_t
memory_region_size
(MemoryRegion * mr)¶ get a memory region’s size.
Parameters
MemoryRegion * mr
- the memory region being queried.
-
bool
memory_region_is_ram
(MemoryRegion * mr)¶ check whether a memory region is random access
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns true
if a memory region is random access.
-
bool
memory_region_is_ram_device
(MemoryRegion * mr)¶ check whether a memory region is a ram device
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns true
if a memory region is a device backed ram region
-
bool
memory_region_is_romd
(MemoryRegion * mr)¶ check whether a memory region is in ROMD mode
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns true
if a memory region is a ROM device and currently set to allow
direct reads.
-
bool
memory_region_is_iommu
(MemoryRegion * mr)¶ check whether a memory region is an iommu
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns true
if a memory region is an iommu.
-
uint64_t
memory_region_iommu_get_min_page_size
(MemoryRegion * mr)¶ get minimum supported page size for an iommu
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns minimum supported page size for an iommu.
-
void
memory_region_notify_iommu
(MemoryRegion * mr, IOMMUTLBEntry entry)¶ notify a change in an IOMMU translation entry.
Parameters
MemoryRegion * mr
- the memory region that was changed
IOMMUTLBEntry entry
- the new entry in the IOMMU translation table. The entry
replaces all old entries for the same virtual I/O address range.
Deleted entries have
entry.perm
== 0.
Description
The notification type will be decided by entry.perm bits:
- For UNMAP (cache invalidation) notifies: set entry.perm to IOMMU_NONE.
- For MAP (newly added entry) notifies: set entry.perm to the permission of the page (which is definitely !IOMMU_NONE).
Note
For any IOMMU implementation, an in-place mapping change should be notified with an UNMAP followed by a MAP.
-
void
memory_region_register_iommu_notifier
(MemoryRegion * mr, IOMMUNotifier * n)¶ register a notifier for changes to IOMMU translation entries.
Parameters
MemoryRegion * mr
- the memory region to observe
IOMMUNotifier * n
- the IOMMUNotifier to be added; the notify callback receives a pointer to an #IOMMUTLBEntry as the opaque value; the pointer ceases to be valid on exit from the notifier.
-
void
memory_region_iommu_replay
(MemoryRegion * mr, IOMMUNotifier * n, bool is_write)¶ replay existing IOMMU translations to a notifier with the minimum page granularity returned by mr->iommu_ops->:c:func:get_page_size().
Parameters
MemoryRegion * mr
- the memory region to observe
IOMMUNotifier * n
- the notifier to which to replay iommu mappings
bool is_write
- Whether to treat the replay as a translate “write” through the iommu
-
void
memory_region_unregister_iommu_notifier
(MemoryRegion * mr, IOMMUNotifier * n)¶ unregister a notifier for changes to IOMMU translation entries.
Parameters
MemoryRegion * mr
- the memory region which was observed and for which
notity_stopped()
needs to be called IOMMUNotifier * n
- the notifier to be removed.
-
const char *
memory_region_name
(const MemoryRegion * mr)¶ get a memory region’s name
Parameters
const MemoryRegion * mr
- the memory region being queried
Description
Returns the string that was used to initialize the memory region.
-
bool
memory_region_is_logging
(MemoryRegion * mr, uint8_t client)¶ return whether a memory region is logging writes
Parameters
MemoryRegion * mr
- the memory region being queried
uint8_t client
- the client being queried
Description
Returns true
if the memory region is logging writes for the given client
-
uint8_t
memory_region_get_dirty_log_mask
(MemoryRegion * mr)¶ return the clients for which a memory region is logging writes.
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns a bitmap of clients, in which the DIRTY_MEMORY_* constants are the bit indices.
-
bool
memory_region_is_rom
(MemoryRegion * mr)¶ check whether a memory region is ROM
Parameters
MemoryRegion * mr
- the memory region being queried
Description
Returns true
is a memory region is read-only memory.
-
int
memory_region_get_fd
(MemoryRegion * mr)¶ Get a file descriptor backing a RAM memory region.
Parameters
MemoryRegion * mr
- the RAM or alias memory region being queried.
Description
Returns a file descriptor backing a file-based RAM memory region, or -1 if the region is not a file-based RAM memory region.
-
void
memory_region_set_fd
(MemoryRegion * mr, int fd)¶ Mark a RAM memory region as backed by a file descriptor.
Parameters
MemoryRegion * mr
- the memory region being queried.
int fd
- the file descriptor that backs mr.
Description
This function is typically used after memory_region_init_ram_ptr()
.
-
MemoryRegion *
memory_region_from_host
(void * ptr, ram_addr_t * offset)¶ Convert a pointer into a RAM memory region and an offset within it.
Parameters
void * ptr
- host pointer
ram_addr_t * offset
- updated with the offset within the returned MemoryRegion
Description
Given a host pointer inside a RAM memory region (created with
memory_region_init_ram()
or memory_region_init_ram_ptr()
), return
the MemoryRegion and the offset within it.
Use with care; by the time this function returns, the returned pointer is not protected by RCU anymore. If the caller is not within an RCU critical section and does not hold the iothread lock, it must have other means of protecting the pointer, such as a reference to the region that includes the incoming ram_addr_t.
-
void *
memory_region_get_ram_ptr
(MemoryRegion * mr)¶ Get a pointer into a RAM memory region.
Parameters
MemoryRegion * mr
- the memory region being queried.
Description
Returns a host pointer to a RAM memory region (created with
memory_region_init_ram()
or memory_region_init_ram_ptr()
).
Use with care; by the time this function returns, the returned pointer is not protected by RCU anymore. If the caller is not within an RCU critical section and does not hold the iothread lock, it must have other means of protecting the pointer, such as a reference to the region that includes the incoming ram_addr_t.
-
void
memory_region_set_log
(MemoryRegion * mr, bool log, unsigned client)¶ Turn dirty logging on or off for a region.
Parameters
MemoryRegion * mr
- the memory region being updated.
bool log
- whether dirty logging is to be enabled or disabled.
unsigned client
- the user of the logging information;
DIRTY_MEMORY_VGA
only.
Description
Turns dirty logging on or off for a specified client (display, migration). Only meaningful for RAM regions.
-
bool
memory_region_get_dirty
(MemoryRegion * mr, hwaddr addr, hwaddr size, unsigned client)¶ Check whether a range of bytes is dirty for a specified client.
Parameters
MemoryRegion * mr
- the memory region being queried.
hwaddr addr
- the address (relative to the start of the region) being queried.
hwaddr size
- the size of the range being queried.
unsigned client
- the user of the logging information;
DIRTY_MEMORY_MIGRATION
orDIRTY_MEMORY_VGA
.
Description
Checks whether a range of bytes has been written to since the last
call to memory_region_reset_dirty()
with the same client. Dirty logging
must be enabled.
-
void
memory_region_set_dirty
(MemoryRegion * mr, hwaddr addr, hwaddr size)¶ Mark a range of bytes as dirty in a memory region.
Parameters
MemoryRegion * mr
- the memory region being dirtied.
hwaddr addr
- the address (relative to the start of the region) being dirtied.
hwaddr size
- size of the range being dirtied.
Description
Marks a range of bytes as dirty, after it has been dirtied outside guest code.
-
bool
memory_region_test_and_clear_dirty
(MemoryRegion * mr, hwaddr addr, hwaddr size, unsigned client)¶ Check whether a range of bytes is dirty for a specified client. It clears them.
Parameters
MemoryRegion * mr
- the memory region being queried.
hwaddr addr
- the address (relative to the start of the region) being queried.
hwaddr size
- the size of the range being queried.
unsigned client
- the user of the logging information;
DIRTY_MEMORY_MIGRATION
orDIRTY_MEMORY_VGA
.
Description
Checks whether a range of bytes has been written to since the last
call to memory_region_reset_dirty()
with the same client. Dirty logging
must be enabled.
-
void
memory_region_sync_dirty_bitmap
(MemoryRegion * mr)¶ Synchronize a region’s dirty bitmap with any external TLBs (e.g. kvm)
Parameters
MemoryRegion * mr
- the region being flushed.
Description
Flushes dirty information from accelerators such as kvm and vhost-net and makes it available to users of the memory API.
-
void
memory_region_reset_dirty
(MemoryRegion * mr, hwaddr addr, hwaddr size, unsigned client)¶ Mark a range of pages as clean, for a specified client.
Parameters
MemoryRegion * mr
- the region being updated.
hwaddr addr
- the start of the subrange being cleaned.
hwaddr size
- the size of the subrange being cleaned.
unsigned client
- the user of the logging information;
DIRTY_MEMORY_MIGRATION
orDIRTY_MEMORY_VGA
.
Description
Marks a range of pages as no longer dirty.
-
void
memory_region_set_readonly
(MemoryRegion * mr, bool readonly)¶ Turn a memory region read-only (or read-write)
Parameters
MemoryRegion * mr
- the region being updated.
bool readonly
- whether rhe region is to be ROM or RAM.
Description
Allows a memory region to be marked as read-only (turning it into a ROM). only useful on RAM regions.
-
void
memory_region_rom_device_set_romd
(MemoryRegion * mr, bool romd_mode)¶ enable/disable ROMD mode
Parameters
MemoryRegion * mr
- the memory region to be updated
bool romd_mode
true
to put the region into ROMD mode
Description
Allows a ROM device (initialized with memory_region_init_rom_device()
to
set to ROMD mode (default) or MMIO mode. When it is in ROMD mode, the
device is mapped to guest memory and satisfies read access directly.
When in MMIO mode, reads are forwarded to the MemoryRegion.read
function.
Writes are always handled by the MemoryRegion.write
function.
-
void
memory_region_set_coalescing
(MemoryRegion * mr)¶ Enable memory coalescing for the region.
Parameters
MemoryRegion * mr
- the memory region to be write coalesced
Description
Enabled writes to a region to be queued for later processing. MMIO ->write callbacks may be delayed until a non-coalesced MMIO is issued. Only useful for IO regions. Roughly similar to write-combining hardware.
-
void
memory_region_add_coalescing
(MemoryRegion * mr, hwaddr offset, uint64_t size)¶ Enable memory coalescing for a sub-range of a region.
Parameters
MemoryRegion * mr
- the memory region to be updated.
hwaddr offset
- the start of the range within the region to be coalesced.
uint64_t size
- the size of the subrange to be coalesced.
Description
Like memory_region_set_coalescing()
, but works on a sub-range of a region.
Multiple calls can be issued coalesced disjoint ranges.
-
void
memory_region_clear_coalescing
(MemoryRegion * mr)¶ Disable MMIO coalescing for the region.
Parameters
MemoryRegion * mr
- the memory region to be updated.
Description
Disables any coalescing caused by memory_region_set_coalescing()
or
memory_region_add_coalescing()
. Roughly equivalent to uncacheble memory
hardware.
-
void
memory_region_set_flush_coalesced
(MemoryRegion * mr)¶ Enforce memory coalescing flush before accesses.
Parameters
MemoryRegion * mr
- the memory region to be updated.
Description
Ensure that pending coalesced MMIO request are flushed before the memory
region is accessed. This property is automatically enabled for all regions
passed to memory_region_set_coalescing()
and memory_region_add_coalescing()
.
-
void
memory_region_clear_flush_coalesced
(MemoryRegion * mr)¶ Disable memory coalescing flush before accesses.
Parameters
MemoryRegion * mr
- the memory region to be updated.
Description
Clear the automatic coalesced MMIO flushing enabled via memory_region_set_flush_coalesced. Note that this service has no effect on memory regions that have MMIO coalescing enabled for themselves. For them, automatic flushing will stop once coalescing is disabled.
-
void
memory_region_set_global_locking
(MemoryRegion * mr)¶ Declares the access processing requires QEMU’s global lock.
Parameters
MemoryRegion * mr
- the memory region to be updated.
Description
When this is invoked, accesses to the memory region will be processed while holding the global lock of QEMU. This is the default behavior of memory regions.
-
void
memory_region_clear_global_locking
(MemoryRegion * mr)¶ Declares that access processing does not depend on the QEMU global lock.
Parameters
MemoryRegion * mr
- the memory region to be updated.
Description
By clearing this property, accesses to the memory region will be processed outside of QEMU’s global lock (unless the lock is held on when issuing the access request). In this case, the device model implementing the access handlers is responsible for synchronization of concurrency.
-
void
memory_region_add_eventfd
(MemoryRegion * mr, hwaddr addr, unsigned size, bool match_data, uint64_t data, EventNotifier * e)¶ Request an eventfd to be triggered when a word is written to a location.
Parameters
MemoryRegion * mr
- the memory region being updated.
hwaddr addr
- the address within mr that is to be monitored
unsigned size
- the size of the access to trigger the eventfd
bool match_data
- whether to match against data, instead of just addr
uint64_t data
- the data to match against the guest write
EventNotifier * e
- the event to be triggered when addr, size, and data all match.
Description
Marks a word in an IO region (initialized with memory_region_init_io()
)
as a trigger for an eventfd event. The I/O callback will not be called.
The caller must be prepared to handle failure (that is, take the required
action if the callback _is_ called).
-
void
memory_region_del_eventfd
(MemoryRegion * mr, hwaddr addr, unsigned size, bool match_data, uint64_t data, EventNotifier * e)¶ Cancel an eventfd.
Parameters
MemoryRegion * mr
- the memory region being updated.
hwaddr addr
- the address within mr that is to be monitored
unsigned size
- the size of the access to trigger the eventfd
bool match_data
- whether to match against data, instead of just addr
uint64_t data
- the data to match against the guest write
EventNotifier * e
- the event to be triggered when addr, size, and data all match.
Description
Cancels an eventfd trigger requested by a previous
memory_region_add_eventfd()
call.
-
void
memory_region_add_subregion
(MemoryRegion * mr, hwaddr offset, MemoryRegion * subregion)¶ Add a subregion to a container.
Parameters
MemoryRegion * mr
- the region to contain the new subregion; must be a container
initialized with
memory_region_init()
. hwaddr offset
- the offset relative to mr where subregion is added.
MemoryRegion * subregion
- the subregion to be added.
Description
Adds a subregion at offset. The subregion may not overlap with other
subregions (except for those explicitly marked as overlapping). A region
may only be added once as a subregion (unless removed with
memory_region_del_subregion()
); use memory_region_init_alias()
if you
want a region to be a subregion in multiple locations.
-
void
memory_region_add_subregion_overlap
(MemoryRegion * mr, hwaddr offset, MemoryRegion * subregion, int priority)¶ Add a subregion to a container with overlap.
Parameters
MemoryRegion * mr
- the region to contain the new subregion; must be a container
initialized with
memory_region_init()
. hwaddr offset
- the offset relative to mr where subregion is added.
MemoryRegion * subregion
- the subregion to be added.
int priority
- used for resolving overlaps; highest priority wins.
Description
Adds a subregion at offset. The subregion may overlap with other
subregions. Conflicts are resolved by having a higher priority hide a
lower priority. Subregions without priority are taken as priority 0.
A region may only be added once as a subregion (unless removed with
memory_region_del_subregion()
); use memory_region_init_alias()
if you
want a region to be a subregion in multiple locations.
-
ram_addr_t
memory_region_get_ram_addr
(MemoryRegion * mr)¶ Get the ram address associated with a memory region
Parameters
MemoryRegion * mr
- the region to get the ram address for
-
void
memory_region_del_subregion
(MemoryRegion * mr, MemoryRegion * subregion)¶ Remove a subregion.
Parameters
MemoryRegion * mr
- the container to be updated.
MemoryRegion * subregion
- the region being removed; must be a current subregion of mr.
Description
Removes a subregion from its container.
-
bool
memory_region_present
(MemoryRegion * container, hwaddr addr)¶ checks if an address relative to a container translates into
MemoryRegion
within container
Parameters
MemoryRegion * container
- a
MemoryRegion
within which addr is a relative address hwaddr addr
- the area within container to be searched
Description
Answer whether a MemoryRegion
within container covers the address
addr.
-
bool
memory_region_is_mapped
(MemoryRegion * mr)¶ returns true if
MemoryRegion
is mapped into any address space.
Parameters
MemoryRegion * mr
- a
MemoryRegion
which should be checked if it’s mapped
-
MemoryRegionSection
memory_region_find
(MemoryRegion * mr, hwaddr addr, uint64_t size)¶ translate an address/size relative to a MemoryRegion into a
MemoryRegionSection
.
Parameters
MemoryRegion * mr
- a MemoryRegion within which addr is a relative address
hwaddr addr
- start of the area within as to be searched
uint64_t size
- size of the area to be searched
Description
Locates the first MemoryRegion
within mr that overlaps the range
given by addr and size.
Returns a MemoryRegionSection
that describes a contiguous overlap.
It will have the following characteristics:
mrs.size
= 0 iff no overlap was foundmrs.mr
is non-NULL
iff an overlap was found
Remember that in the return value the offset_within_region is
relative to the returned region (in the mrs.mr
field), not to the
mr argument.
Similarly, the mrs.offset_within_address_space
is relative to the
address space that contains both regions, the passed and the
returned one. However, in the special case where the mr argument
has no container (and thus is the root of the address space), the
following will hold:
mrs.offset_within_address_space
>= addrmrs.offset_within_address_space
+mrs.size
<= addr + size
-
void
memory_global_dirty_log_sync
(void)¶ synchronize the dirty log for all memory
Parameters
void
- no arguments
Description
Synchronizes the dirty page log for all address spaces.
-
void
memory_region_transaction_begin
(void)¶ Start a transaction.
Parameters
void
- no arguments
Description
During a transaction, changes will be accumulated and made visible only when the transaction ends (is committed).
-
void
memory_region_transaction_commit
(void)¶ Commit a transaction and make changes visible to the guest.
Parameters
void
- no arguments
-
void
memory_listener_register
(MemoryListener * listener, AddressSpace * filter)¶ register callbacks to be called when memory sections are mapped or unmapped into an address space
Parameters
MemoryListener * listener
- an object containing the callbacks to be called
AddressSpace * filter
- if non-
NULL
, only regions in this address space will be observed
-
void
memory_listener_unregister
(MemoryListener * listener)¶ undo the effect of
memory_listener_register()
Parameters
MemoryListener * listener
- an object containing the callbacks to be removed
-
void
memory_global_dirty_log_start
(void)¶ begin dirty logging for all regions
Parameters
void
- no arguments
-
void
memory_global_dirty_log_stop
(void)¶ end dirty logging for all regions
Parameters
void
- no arguments
-
MemTxResult
memory_region_dispatch_read
(MemoryRegion * mr, hwaddr addr, uint64_t * pval, unsigned size, MemTxAttrs attrs)¶ perform a read directly to the specified MemoryRegion.
Parameters
MemoryRegion * mr
MemoryRegion
to accesshwaddr addr
- address within that region
uint64_t * pval
- pointer to uint64_t which the data is written to
unsigned size
- size of the access in bytes
MemTxAttrs attrs
- memory transaction attributes to use for the access
-
MemTxResult
memory_region_dispatch_write
(MemoryRegion * mr, hwaddr addr, uint64_t data, unsigned size, MemTxAttrs attrs)¶ perform a write directly to the specified MemoryRegion.
Parameters
MemoryRegion * mr
MemoryRegion
to accesshwaddr addr
- address within that region
uint64_t data
- data to write
unsigned size
- size of the access in bytes
MemTxAttrs attrs
- memory transaction attributes to use for the access
-
void
address_space_init
(AddressSpace * as, MemoryRegion * root, const char * name)¶ initializes an address space
Parameters
AddressSpace * as
- an uninitialized #AddressSpace
MemoryRegion * root
- a
MemoryRegion
that routes addresses for the address space const char * name
- an address space name. The name is only used for debugging output.
return an address space for a memory region, creating it if it does not already exist
Parameters
MemoryRegion * root
- a
MemoryRegion
that routes addresses for the address space const char * name
- an address space name. The name is only used for debugging output.
Description
This function will return a pointer to an existing AddressSpace which was initialized with the specified MemoryRegion, or it will create and initialize one if it does not already exist. The ASes are reference-counted, so the memory will be freed automatically when the AddressSpace is destroyed via address_space_destroy.
-
void
address_space_destroy
(AddressSpace * as)¶ destroy an address space
Parameters
AddressSpace * as
- address space to be destroyed
Description
Releases all resources associated with an address space. After an address space
is destroyed, its root memory region (given by address_space_init()
) may be destroyed
as well.
-
MemTxResult
address_space_rw
(AddressSpace * as, hwaddr addr, MemTxAttrs attrs, uint8_t * buf, int len, bool is_write)¶ read from or write to an address space.
Parameters
AddressSpace * as
- #AddressSpace to be accessed
hwaddr addr
- address within that address space
MemTxAttrs attrs
- memory transaction attributes
uint8_t * buf
- buffer with the data transferred
int len
- number of bytes to transfer
bool is_write
- indicates the transfer direction
Description
Return a MemTxResult indicating whether the operation succeeded or failed (eg unassigned memory, device rejected the transaction, IOMMU fault).
-
MemTxResult
address_space_write
(AddressSpace * as, hwaddr addr, MemTxAttrs attrs, const uint8_t * buf, int len)¶ write to address space.
Parameters
AddressSpace * as
- #AddressSpace to be accessed
hwaddr addr
- address within that address space
MemTxAttrs attrs
- memory transaction attributes
const uint8_t * buf
- buffer with the data transferred
int len
- number of bytes to transfer
Description
Return a MemTxResult indicating whether the operation succeeded or failed (eg unassigned memory, device rejected the transaction, IOMMU fault).
-
always_inline MemTxResult
address_space_read
(AddressSpace * as, hwaddr addr, MemTxAttrs attrs, uint8_t * buf, int len)¶ read from an address space.
Parameters
AddressSpace * as
- #AddressSpace to be accessed
hwaddr addr
- address within that address space
MemTxAttrs attrs
- memory transaction attributes
uint8_t * buf
- buffer with the data transferred
int len
- number of bytes of data to transfer
Description
Return a MemTxResult indicating whether the operation succeeded or failed (eg unassigned memory, device rejected the transaction, IOMMU fault).