dma-helpers.c - qemu-android - Git at Google

 /*
  * DMA helper functions
  *
  * Copyright (c) 2009 Red Hat
  *
  * This work is licensed under the terms of the GNU General Public License
  * (GNU GPL), version 2 or later.
  */

 #include "sysemu/dma.h"
 #include "trace.h"
 #include "qemu/range.h"
 #include "qemu/thread.h"

 /* #define DEBUG_IOMMU */

 static void do_dma_memory_set(AddressSpace *as,
                               dma_addr_t addr, uint8_t c, dma_addr_t len)
 {
 #define FILLBUF_SIZE 512
     uint8_t fillbuf[FILLBUF_SIZE];
     int l;

     memset(fillbuf, c, FILLBUF_SIZE);
     while (len > 0) {
         l = len < FILLBUF_SIZE ? len : FILLBUF_SIZE;
         address_space_rw(as, addr, fillbuf, l, true);
         len -= l;
         addr += l;
     }
 }

 int dma_memory_set(DMAContext *dma, dma_addr_t addr, uint8_t c, dma_addr_t len)
 {
     dma_barrier(dma, DMA_DIRECTION_FROM_DEVICE);

     if (dma_has_iommu(dma)) {
         return iommu_dma_memory_set(dma, addr, c, len);
     }
     do_dma_memory_set(dma->as, addr, c, len);

     return 0;
 }

 void qemu_sglist_init(QEMUSGList *qsg, int alloc_hint, DMAContext *dma)
 {
     qsg->sg = g_malloc(alloc_hint * sizeof(ScatterGatherEntry));
     qsg->nsg = 0;
     qsg->nalloc = alloc_hint;
     qsg->size = 0;
     qsg->dma = dma;
 }

 void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
 {
     if (qsg->nsg == qsg->nalloc) {
         qsg->nalloc = 2 * qsg->nalloc + 1;
         qsg->sg = g_realloc(qsg->sg, qsg->nalloc * sizeof(ScatterGatherEntry));
     }
     qsg->sg[qsg->nsg].base = base;
     qsg->sg[qsg->nsg].len = len;
     qsg->size += len;
     ++qsg->nsg;
 }

 void qemu_sglist_destroy(QEMUSGList *qsg)
 {
     g_free(qsg->sg);
     memset(qsg, 0, sizeof(*qsg));
 }

 typedef struct {
     BlockDriverAIOCB common;
     BlockDriverState *bs;
     BlockDriverAIOCB *acb;
     QEMUSGList *sg;
     uint64_t sector_num;
     DMADirection dir;
     bool in_cancel;
     int sg_cur_index;
     dma_addr_t sg_cur_byte;
     QEMUIOVector iov;
     QEMUBH *bh;
     DMAIOFunc *io_func;
 } DMAAIOCB;

 static void dma_bdrv_cb(void *opaque, int ret);

 static void reschedule_dma(void *opaque)
 {
     DMAAIOCB *dbs = (DMAAIOCB *)opaque;

     qemu_bh_delete(dbs->bh);
     dbs->bh = NULL;
     dma_bdrv_cb(dbs, 0);
 }

 static void continue_after_map_failure(void *opaque)
 {
     DMAAIOCB *dbs = (DMAAIOCB *)opaque;

     dbs->bh = qemu_bh_new(reschedule_dma, dbs);
     qemu_bh_schedule(dbs->bh);
 }

 static void dma_bdrv_unmap(DMAAIOCB *dbs)
 {
     int i;

     for (i = 0; i < dbs->iov.niov; ++i) {
         dma_memory_unmap(dbs->sg->dma, dbs->iov.iov[i].iov_base,
                          dbs->iov.iov[i].iov_len, dbs->dir,
                          dbs->iov.iov[i].iov_len);
     }
     qemu_iovec_reset(&dbs->iov);
 }

 static void dma_complete(DMAAIOCB *dbs, int ret)
 {
     trace_dma_complete(dbs, ret, dbs->common.cb);

     dma_bdrv_unmap(dbs);
     if (dbs->common.cb) {
         dbs->common.cb(dbs->common.opaque, ret);
     }
     qemu_iovec_destroy(&dbs->iov);
     if (dbs->bh) {
         qemu_bh_delete(dbs->bh);
         dbs->bh = NULL;
     }
     if (!dbs->in_cancel) {
         /* Requests may complete while dma_aio_cancel is in progress.  In
          * this case, the AIOCB should not be released because it is still
          * referenced by dma_aio_cancel.  */
         qemu_aio_release(dbs);
     }
 }

 static void dma_bdrv_cb(void *opaque, int ret)
 {
     DMAAIOCB *dbs = (DMAAIOCB *)opaque;
     dma_addr_t cur_addr, cur_len;
     void *mem;

     trace_dma_bdrv_cb(dbs, ret);

     dbs->acb = NULL;
     dbs->sector_num += dbs->iov.size / 512;
     dma_bdrv_unmap(dbs);

     if (dbs->sg_cur_index == dbs->sg->nsg || ret < 0) {
         dma_complete(dbs, ret);
         return;
     }

     while (dbs->sg_cur_index < dbs->sg->nsg) {
         cur_addr = dbs->sg->sg[dbs->sg_cur_index].base + dbs->sg_cur_byte;
         cur_len = dbs->sg->sg[dbs->sg_cur_index].len - dbs->sg_cur_byte;
         mem = dma_memory_map(dbs->sg->dma, cur_addr, &cur_len, dbs->dir);
         if (!mem)
             break;
         qemu_iovec_add(&dbs->iov, mem, cur_len);
         dbs->sg_cur_byte += cur_len;
         if (dbs->sg_cur_byte == dbs->sg->sg[dbs->sg_cur_index].len) {
             dbs->sg_cur_byte = 0;
             ++dbs->sg_cur_index;
         }
     }

     if (dbs->iov.size == 0) {
         trace_dma_map_wait(dbs);
         cpu_register_map_client(dbs, continue_after_map_failure);
         return;
     }

     dbs->acb = dbs->io_func(dbs->bs, dbs->sector_num, &dbs->iov,
                             dbs->iov.size / 512, dma_bdrv_cb, dbs);
     assert(dbs->acb);
 }

 static void dma_aio_cancel(BlockDriverAIOCB *acb)
 {
     DMAAIOCB *dbs = container_of(acb, DMAAIOCB, common);

     trace_dma_aio_cancel(dbs);

     if (dbs->acb) {
         BlockDriverAIOCB *acb = dbs->acb;
         dbs->acb = NULL;
         dbs->in_cancel = true;
         bdrv_aio_cancel(acb);
         dbs->in_cancel = false;
     }
     dbs->common.cb = NULL;
     dma_complete(dbs, 0);
 }

 static const AIOCBInfo dma_aiocb_info = {
     .aiocb_size         = sizeof(DMAAIOCB),
     .cancel             = dma_aio_cancel,
 };

 BlockDriverAIOCB *dma_bdrv_io(
     BlockDriverState *bs, QEMUSGList *sg, uint64_t sector_num,
     DMAIOFunc *io_func, BlockDriverCompletionFunc *cb,
     void *opaque, DMADirection dir)
 {
     DMAAIOCB *dbs = qemu_aio_get(&dma_aiocb_info, bs, cb, opaque);

     trace_dma_bdrv_io(dbs, bs, sector_num, (dir == DMA_DIRECTION_TO_DEVICE));

     dbs->acb = NULL;
     dbs->bs = bs;
     dbs->sg = sg;
     dbs->sector_num = sector_num;
     dbs->sg_cur_index = 0;
     dbs->sg_cur_byte = 0;
     dbs->dir = dir;
     dbs->io_func = io_func;
     dbs->bh = NULL;
     qemu_iovec_init(&dbs->iov, sg->nsg);
     dma_bdrv_cb(dbs, 0);
     return &dbs->common;
 }


 BlockDriverAIOCB *dma_bdrv_read(BlockDriverState *bs,
                                 QEMUSGList *sg, uint64_t sector,
                                 void (*cb)(void *opaque, int ret), void *opaque)
 {
     return dma_bdrv_io(bs, sg, sector, bdrv_aio_readv, cb, opaque,
                        DMA_DIRECTION_FROM_DEVICE);
 }

 BlockDriverAIOCB *dma_bdrv_write(BlockDriverState *bs,
                                  QEMUSGList *sg, uint64_t sector,
                                  void (*cb)(void *opaque, int ret), void *opaque)
 {
     return dma_bdrv_io(bs, sg, sector, bdrv_aio_writev, cb, opaque,
                        DMA_DIRECTION_TO_DEVICE);
 }


 static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg,
                            DMADirection dir)
 {
     uint64_t resid;
     int sg_cur_index;

     resid = sg->size;
     sg_cur_index = 0;
     len = MIN(len, resid);
     while (len > 0) {
         ScatterGatherEntry entry = sg->sg[sg_cur_index++];
         int32_t xfer = MIN(len, entry.len);
         dma_memory_rw(sg->dma, entry.base, ptr, xfer, dir);
         ptr += xfer;
         len -= xfer;
         resid -= xfer;
     }

     return resid;
 }

 uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg)
 {
     return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_FROM_DEVICE);
 }

 uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg)
 {
     return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_TO_DEVICE);
 }

 void dma_acct_start(BlockDriverState *bs, BlockAcctCookie *cookie,
                     QEMUSGList *sg, enum BlockAcctType type)
 {
     bdrv_acct_start(bs, cookie, sg->size, type);
 }

 bool iommu_dma_memory_valid(DMAContext *dma, dma_addr_t addr, dma_addr_t len,
                             DMADirection dir)
 {
     hwaddr paddr, plen;

 #ifdef DEBUG_IOMMU
     fprintf(stderr, "dma_memory_check context=%p addr=0x" DMA_ADDR_FMT
             " len=0x" DMA_ADDR_FMT " dir=%d\n", dma, addr, len, dir);
 #endif

     while (len) {
         if (dma->translate(dma, addr, &paddr, &plen, dir) != 0) {
             return false;
         }

         /* The translation might be valid for larger regions. */
         if (plen > len) {
             plen = len;
         }

         len -= plen;
         addr += plen;
     }

     return true;
 }

 int iommu_dma_memory_rw(DMAContext *dma, dma_addr_t addr,
                         void *buf, dma_addr_t len, DMADirection dir)
 {
     hwaddr paddr, plen;
     int err;

 #ifdef DEBUG_IOMMU
     fprintf(stderr, "dma_memory_rw context=%p addr=0x" DMA_ADDR_FMT " len=0x"
             DMA_ADDR_FMT " dir=%d\n", dma, addr, len, dir);
 #endif

     while (len) {
         err = dma->translate(dma, addr, &paddr, &plen, dir);
         if (err) {
 	    /*
              * In case of failure on reads from the guest, we clean the
              * destination buffer so that a device that doesn't test
              * for errors will not expose qemu internal memory.
 	     */
 	    memset(buf, 0, len);
             return -1;
         }

         /* The translation might be valid for larger regions. */
         if (plen > len) {
             plen = len;
         }

         address_space_rw(dma->as, paddr, buf, plen, dir == DMA_DIRECTION_FROM_DEVICE);

         len -= plen;
         addr += plen;
         buf += plen;
     }

     return 0;
 }

 int iommu_dma_memory_set(DMAContext *dma, dma_addr_t addr, uint8_t c,
                          dma_addr_t len)
 {
     hwaddr paddr, plen;
     int err;

 #ifdef DEBUG_IOMMU
     fprintf(stderr, "dma_memory_set context=%p addr=0x" DMA_ADDR_FMT
             " len=0x" DMA_ADDR_FMT "\n", dma, addr, len);
 #endif

     while (len) {
         err = dma->translate(dma, addr, &paddr, &plen,
                              DMA_DIRECTION_FROM_DEVICE);
         if (err) {
             return err;
         }

         /* The translation might be valid for larger regions. */
         if (plen > len) {
             plen = len;
         }

         do_dma_memory_set(dma->as, paddr, c, plen);

         len -= plen;
         addr += plen;
     }

     return 0;
 }

 void dma_context_init(DMAContext *dma, AddressSpace *as, DMATranslateFunc translate,
                       DMAMapFunc map, DMAUnmapFunc unmap)
 {
 #ifdef DEBUG_IOMMU
     fprintf(stderr, "dma_context_init(%p, %p, %p, %p)\n",
             dma, translate, map, unmap);
 #endif
     dma->as = as;
     dma->translate = translate;
     dma->map = map;
     dma->unmap = unmap;
 }

 void *iommu_dma_memory_map(DMAContext *dma, dma_addr_t addr, dma_addr_t *len,
                            DMADirection dir)
 {
     int err;
     hwaddr paddr, plen;
     void *buf;

     if (dma->map) {
         return dma->map(dma, addr, len, dir);
     }

     plen = *len;
     err = dma->translate(dma, addr, &paddr, &plen, dir);
     if (err) {
         return NULL;
     }

     /*
      * If this is true, the virtual region is contiguous,
      * but the translated physical region isn't. We just
      * clamp *len, much like address_space_map() does.
      */
     if (plen < *len) {
         *len = plen;
     }

     buf = address_space_map(dma->as, paddr, &plen, dir == DMA_DIRECTION_FROM_DEVICE);
     *len = plen;

     return buf;
 }

 void iommu_dma_memory_unmap(DMAContext *dma, void *buffer, dma_addr_t len,
                             DMADirection dir, dma_addr_t access_len)
 {
     if (dma->unmap) {
         dma->unmap(dma, buffer, len, dir, access_len);
         return;
     }

     address_space_unmap(dma->as, buffer, len, dir == DMA_DIRECTION_FROM_DEVICE,
                         access_len);

 }
	/*
	* DMA helper functions
	*
	* Copyright (c) 2009 Red Hat
	*
	* This work is licensed under the terms of the GNU General Public License
	* (GNU GPL), version 2 or later.
	*/

	#include "sysemu/dma.h"
	#include "trace.h"
	#include "qemu/range.h"
	#include "qemu/thread.h"

	/* #define DEBUG_IOMMU */

	static void do_dma_memory_set(AddressSpace *as,
	dma_addr_t addr, uint8_t c, dma_addr_t len)
	{
	#define FILLBUF_SIZE 512
	uint8_t fillbuf[FILLBUF_SIZE];
	int l;

	memset(fillbuf, c, FILLBUF_SIZE);
	while (len > 0) {
	l = len < FILLBUF_SIZE ? len : FILLBUF_SIZE;
	address_space_rw(as, addr, fillbuf, l, true);
	len -= l;
	addr += l;
	}
	}

	int dma_memory_set(DMAContext *dma, dma_addr_t addr, uint8_t c, dma_addr_t len)
	{
	dma_barrier(dma, DMA_DIRECTION_FROM_DEVICE);

	if (dma_has_iommu(dma)) {
	return iommu_dma_memory_set(dma, addr, c, len);
	}
	do_dma_memory_set(dma->as, addr, c, len);

	return 0;
	}

	void qemu_sglist_init(QEMUSGList qsg, int alloc_hint, DMAContext dma)
	{
	qsg->sg = g_malloc(alloc_hint * sizeof(ScatterGatherEntry));
	qsg->nsg = 0;
	qsg->nalloc = alloc_hint;
	qsg->size = 0;
	qsg->dma = dma;
	}

	void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
	{
	if (qsg->nsg == qsg->nalloc) {
	qsg->nalloc = 2 * qsg->nalloc + 1;
	qsg->sg = g_realloc(qsg->sg, qsg->nalloc * sizeof(ScatterGatherEntry));
	}
	qsg->sg[qsg->nsg].base = base;
	qsg->sg[qsg->nsg].len = len;
	qsg->size += len;
	++qsg->nsg;
	}

	void qemu_sglist_destroy(QEMUSGList *qsg)
	{
	g_free(qsg->sg);
	memset(qsg, 0, sizeof(*qsg));
	}

	typedef struct {
	BlockDriverAIOCB common;
	BlockDriverState *bs;
	BlockDriverAIOCB *acb;
	QEMUSGList *sg;
	uint64_t sector_num;
	DMADirection dir;
	bool in_cancel;
	int sg_cur_index;
	dma_addr_t sg_cur_byte;
	QEMUIOVector iov;
	QEMUBH *bh;
	DMAIOFunc *io_func;
	} DMAAIOCB;

	static void dma_bdrv_cb(void *opaque, int ret);

	static void reschedule_dma(void *opaque)
	{
	DMAAIOCB dbs = (DMAAIOCB )opaque;

	qemu_bh_delete(dbs->bh);
	dbs->bh = NULL;
	dma_bdrv_cb(dbs, 0);
	}

	static void continue_after_map_failure(void *opaque)
	{
	DMAAIOCB dbs = (DMAAIOCB )opaque;

	dbs->bh = qemu_bh_new(reschedule_dma, dbs);
	qemu_bh_schedule(dbs->bh);
	}

	static void dma_bdrv_unmap(DMAAIOCB *dbs)
	{
	int i;

	for (i = 0; i < dbs->iov.niov; ++i) {
	dma_memory_unmap(dbs->sg->dma, dbs->iov.iov[i].iov_base,
	dbs->iov.iov[i].iov_len, dbs->dir,
	dbs->iov.iov[i].iov_len);
	}
	qemu_iovec_reset(&dbs->iov);
	}

	static void dma_complete(DMAAIOCB *dbs, int ret)
	{
	trace_dma_complete(dbs, ret, dbs->common.cb);

	dma_bdrv_unmap(dbs);
	if (dbs->common.cb) {
	dbs->common.cb(dbs->common.opaque, ret);
	}
	qemu_iovec_destroy(&dbs->iov);
	if (dbs->bh) {
	qemu_bh_delete(dbs->bh);
	dbs->bh = NULL;
	}
	if (!dbs->in_cancel) {
	/* Requests may complete while dma_aio_cancel is in progress. In
	* this case, the AIOCB should not be released because it is still
	* referenced by dma_aio_cancel. */
	qemu_aio_release(dbs);
	}
	}

	static void dma_bdrv_cb(void *opaque, int ret)
	{
	DMAAIOCB dbs = (DMAAIOCB )opaque;
	dma_addr_t cur_addr, cur_len;
	void *mem;

	trace_dma_bdrv_cb(dbs, ret);

	dbs->acb = NULL;
	dbs->sector_num += dbs->iov.size / 512;
	dma_bdrv_unmap(dbs);

	if (dbs->sg_cur_index == dbs->sg->nsg \|\| ret < 0) {
	dma_complete(dbs, ret);
	return;
	}

	while (dbs->sg_cur_index < dbs->sg->nsg) {
	cur_addr = dbs->sg->sg[dbs->sg_cur_index].base + dbs->sg_cur_byte;
	cur_len = dbs->sg->sg[dbs->sg_cur_index].len - dbs->sg_cur_byte;
	mem = dma_memory_map(dbs->sg->dma, cur_addr, &cur_len, dbs->dir);
	if (!mem)
	break;
	qemu_iovec_add(&dbs->iov, mem, cur_len);
	dbs->sg_cur_byte += cur_len;
	if (dbs->sg_cur_byte == dbs->sg->sg[dbs->sg_cur_index].len) {
	dbs->sg_cur_byte = 0;
	++dbs->sg_cur_index;
	}
	}

	if (dbs->iov.size == 0) {
	trace_dma_map_wait(dbs);
	cpu_register_map_client(dbs, continue_after_map_failure);
	return;
	}

	dbs->acb = dbs->io_func(dbs->bs, dbs->sector_num, &dbs->iov,
	dbs->iov.size / 512, dma_bdrv_cb, dbs);
	assert(dbs->acb);
	}

	static void dma_aio_cancel(BlockDriverAIOCB *acb)
	{
	DMAAIOCB *dbs = container_of(acb, DMAAIOCB, common);

	trace_dma_aio_cancel(dbs);

	if (dbs->acb) {
	BlockDriverAIOCB *acb = dbs->acb;
	dbs->acb = NULL;
	dbs->in_cancel = true;
	bdrv_aio_cancel(acb);
	dbs->in_cancel = false;
	}
	dbs->common.cb = NULL;
	dma_complete(dbs, 0);
	}

	static const AIOCBInfo dma_aiocb_info = {
	.aiocb_size = sizeof(DMAAIOCB),
	.cancel = dma_aio_cancel,
	};

	BlockDriverAIOCB *dma_bdrv_io(
	BlockDriverState bs, QEMUSGList sg, uint64_t sector_num,
	DMAIOFunc io_func, BlockDriverCompletionFunc cb,
	void *opaque, DMADirection dir)
	{
	DMAAIOCB *dbs = qemu_aio_get(&dma_aiocb_info, bs, cb, opaque);

	trace_dma_bdrv_io(dbs, bs, sector_num, (dir == DMA_DIRECTION_TO_DEVICE));

	dbs->acb = NULL;
	dbs->bs = bs;
	dbs->sg = sg;
	dbs->sector_num = sector_num;
	dbs->sg_cur_index = 0;
	dbs->sg_cur_byte = 0;
	dbs->dir = dir;
	dbs->io_func = io_func;
	dbs->bh = NULL;
	qemu_iovec_init(&dbs->iov, sg->nsg);
	dma_bdrv_cb(dbs, 0);
	return &dbs->common;
	}


	BlockDriverAIOCB dma_bdrv_read(BlockDriverState bs,
	QEMUSGList *sg, uint64_t sector,
	void (cb)(void opaque, int ret), void *opaque)
	{
	return dma_bdrv_io(bs, sg, sector, bdrv_aio_readv, cb, opaque,
	DMA_DIRECTION_FROM_DEVICE);
	}

	BlockDriverAIOCB dma_bdrv_write(BlockDriverState bs,
	QEMUSGList *sg, uint64_t sector,
	void (cb)(void opaque, int ret), void *opaque)
	{
	return dma_bdrv_io(bs, sg, sector, bdrv_aio_writev, cb, opaque,
	DMA_DIRECTION_TO_DEVICE);
	}


	static uint64_t dma_buf_rw(uint8_t ptr, int32_t len, QEMUSGList sg,
	DMADirection dir)
	{
	uint64_t resid;
	int sg_cur_index;

	resid = sg->size;
	sg_cur_index = 0;
	len = MIN(len, resid);
	while (len > 0) {
	ScatterGatherEntry entry = sg->sg[sg_cur_index++];
	int32_t xfer = MIN(len, entry.len);
	dma_memory_rw(sg->dma, entry.base, ptr, xfer, dir);
	ptr += xfer;
	len -= xfer;
	resid -= xfer;
	}

	return resid;
	}

	uint64_t dma_buf_read(uint8_t ptr, int32_t len, QEMUSGList sg)
	{
	return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_FROM_DEVICE);
	}

	uint64_t dma_buf_write(uint8_t ptr, int32_t len, QEMUSGList sg)
	{
	return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_TO_DEVICE);
	}

	void dma_acct_start(BlockDriverState bs, BlockAcctCookie cookie,
	QEMUSGList *sg, enum BlockAcctType type)
	{
	bdrv_acct_start(bs, cookie, sg->size, type);
	}

	bool iommu_dma_memory_valid(DMAContext *dma, dma_addr_t addr, dma_addr_t len,
	DMADirection dir)
	{
	hwaddr paddr, plen;

	#ifdef DEBUG_IOMMU
	fprintf(stderr, "dma_memory_check context=%p addr=0x" DMA_ADDR_FMT
	" len=0x" DMA_ADDR_FMT " dir=%d\n", dma, addr, len, dir);
	#endif

	while (len) {
	if (dma->translate(dma, addr, &paddr, &plen, dir) != 0) {
	return false;
	}

	/* The translation might be valid for larger regions. */
	if (plen > len) {
	plen = len;
	}

	len -= plen;
	addr += plen;
	}

	return true;
	}

	int iommu_dma_memory_rw(DMAContext *dma, dma_addr_t addr,
	void *buf, dma_addr_t len, DMADirection dir)
	{
	hwaddr paddr, plen;
	int err;

	#ifdef DEBUG_IOMMU
	fprintf(stderr, "dma_memory_rw context=%p addr=0x" DMA_ADDR_FMT " len=0x"
	DMA_ADDR_FMT " dir=%d\n", dma, addr, len, dir);
	#endif

	while (len) {
	err = dma->translate(dma, addr, &paddr, &plen, dir);
	if (err) {
	/*
	* In case of failure on reads from the guest, we clean the
	* destination buffer so that a device that doesn't test
	* for errors will not expose qemu internal memory.
	*/
	memset(buf, 0, len);
	return -1;
	}

	/* The translation might be valid for larger regions. */
	if (plen > len) {
	plen = len;
	}

	address_space_rw(dma->as, paddr, buf, plen, dir == DMA_DIRECTION_FROM_DEVICE);

	len -= plen;
	addr += plen;
	buf += plen;
	}

	return 0;
	}

	int iommu_dma_memory_set(DMAContext *dma, dma_addr_t addr, uint8_t c,
	dma_addr_t len)
	{
	hwaddr paddr, plen;
	int err;

	#ifdef DEBUG_IOMMU
	fprintf(stderr, "dma_memory_set context=%p addr=0x" DMA_ADDR_FMT
	" len=0x" DMA_ADDR_FMT "\n", dma, addr, len);
	#endif

	while (len) {
	err = dma->translate(dma, addr, &paddr, &plen,
	DMA_DIRECTION_FROM_DEVICE);
	if (err) {
	return err;
	}

	/* The translation might be valid for larger regions. */
	if (plen > len) {
	plen = len;
	}

	do_dma_memory_set(dma->as, paddr, c, plen);

	len -= plen;
	addr += plen;
	}

	return 0;
	}

	void dma_context_init(DMAContext dma, AddressSpace as, DMATranslateFunc translate,
	DMAMapFunc map, DMAUnmapFunc unmap)
	{
	#ifdef DEBUG_IOMMU
	fprintf(stderr, "dma_context_init(%p, %p, %p, %p)\n",
	dma, translate, map, unmap);
	#endif
	dma->as = as;
	dma->translate = translate;
	dma->map = map;
	dma->unmap = unmap;
	}

	void iommu_dma_memory_map(DMAContext dma, dma_addr_t addr, dma_addr_t *len,
	DMADirection dir)
	{
	int err;
	hwaddr paddr, plen;
	void *buf;

	if (dma->map) {
	return dma->map(dma, addr, len, dir);
	}

	plen = *len;
	err = dma->translate(dma, addr, &paddr, &plen, dir);
	if (err) {
	return NULL;
	}

	/*
	* If this is true, the virtual region is contiguous,
	* but the translated physical region isn't. We just
	* clamp *len, much like address_space_map() does.
	*/
	if (plen < *len) {
	*len = plen;
	}

	buf = address_space_map(dma->as, paddr, &plen, dir == DMA_DIRECTION_FROM_DEVICE);
	*len = plen;

	return buf;
	}

	void iommu_dma_memory_unmap(DMAContext dma, void buffer, dma_addr_t len,
	DMADirection dir, dma_addr_t access_len)
	{
	if (dma->unmap) {
	dma->unmap(dma, buffer, len, dir, access_len);
	return;
	}

	address_space_unmap(dma->as, buffer, len, dir == DMA_DIRECTION_FROM_DEVICE,
	access_len);

	}