Check privilege level for privileged instructions (DHI, DHU, DII, DIU, DIWB,
DIWBI, DPFL are privileged), memory accessibility for instructions that
reference memory (all DH* and DPFL) and windowed register validity for all
data cache instructions.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Several targets forgot to include softmmu_exec.h, which would
break them with a header cleanup to follow.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This is an autogenerated patch using scripts/switch-timer-api.
Switch the entire code base to using the new timer API.
Note this patch may introduce some line length issues.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This lowers time spent in helper_window_check as reported by perf top
from ~8% to ~0.15% accelerating register-intensive tests by ~20%.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
This fixes the following test failure caused by access to undefined SR:
qemu-system-xtensa -M sim -cpu dc232b -nographic -semihosting -kernel ./test_sr.tst
QEMU 1.4.50 monitor - type 'help' for more information
(qemu) QEMU 1.4.50 monitor - type 'help' for more information
(qemu) qemu-system-xtensa: tcg/tcg.c:1673: temp_save: Assertion `s->temps[temp].val_type == 2 || s->temps[temp].fixed_reg' failed.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
env->exception_taken is set every time an exception is taken. It is used
to allow single-stepping to stop at the first exception handler
instruction. This however must exclude debug exceptions, as otherwise
first step from the instruction where breakpoint was hit stops at that
same instruction.
Also don't check env->exception_taken directly from the
gen_intermediate_code_internal, instead allocate and use TB flag
XTENSA_TBFLAG_EXCEPTION.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Commit c643bed99 moved qemu_init_vcpu() calls to common CPUState code.
This causes x86 cpu-add to fail with "KVM: setting VAPIC address failed".
The reason for the failure is that CPUClass::kvm_fd is not yet
initialized in the following call graph:
->x86_cpu_realizefn
->x86_cpu_apic_realize
->qdev_init
->device_set_realized
->device_reset (hotplugged == 1)
->apic_reset_common
->vapic_base_update
->kvm_apic_vapic_base_update
This causes attempted KVM vCPU ioctls to fail.
By contrast, in the non-hotplug case the APIC is reset much later, when
the vCPU is already initialized.
As a quick and safe solution, move the qemu_init_vcpu() call back into
the targets' realize functions.
Reported-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Acked-by: Igor Mammedov <imammedo@redhat.com> (for i386)
Tested-by: Jia Liu <proljc@gmail.com> (for openrisc)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Completes migration of target-specific code to new target-*/gdbstub.c.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
This avoids polluting the global namespace with a non-prefixed macro and
makes it obvious in the call sites that we return.
Semi-automatic conversion using, e.g.,
sed -i 's/GET_REGL(/return gdb_get_regl(mem_buf, /g' target-*/gdbstub.c
followed by manual tweaking for sparc's GET_REGA() and Coding Style.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
CPUState::gdb_num_regs replaces num_g_regs.
CPUClass::gdb_num_core_regs replaces NUM_CORE_REGS.
Allows building gdb_register_coprocessor() for xtensa, too.
As a side effect this should fix coprocessor register numbering for SMP.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Register a CPU type per core registered. Save the XtensaConfig in
XtensaCPUClass and copy it from there to CPUXtensaState, to avoid
touching every env->config access for now.
Prepares for storing per-class GDB register count.
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Change breakpoint_invalidate() argument to CPUState alongside.
Since all targets now assign a softmmu-only field, we can drop helpers
cpu_class_set_{do_unassigned_access,vmsd}() and device_class_set_vmsd().
Prepares for changing cpu_memory_rw_debug() argument to CPUState.
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Prepares for changing cpu_single_step() argument to CPUState.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Where no extra implementation is needed, fall back to CPUClass::set_pc().
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Signed-off-by: Andreas Färber <afaerber@suse.de>
This moves setting the Program Counter from gdbstub into target code.
Use vaddr type as upper-bound replacement for target_ulong.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Also use bool type while at it.
Prepares for moving singlestep_enabled field to CPUState.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: qemu-stable@nongnu.org
Reported-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
A transition from CPUFooState to FooCPU can be considered safe,
just like FooCPU::env access in the opposite direction.
The only benefit of the FOO_CPU() casts would be protection against
bogus CPUFooState pointers, but then surrounding code would likely
break, too.
This should slightly improve interrupt etc. performance when going from
CPUFooState to FooCPU.
For any additional CPU() casts see 3556c233d9
(qom: allow turning cast debugging off).
Reported-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This allows to move the call into CPUState's realizefn.
Therefore move the stub into libqemustub.a.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Make cpustats monitor command available unconditionally.
Prepares for changing kvm_handle_internal_error() and kvm_cpu_exec()
arguments to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
This removes a global per-target function and thus takes us one step
closer to compiling multiple targets into one executable.
It will also allow to override the interrupt handling for certain CPU
families.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Both fields are used in VMState, thus need to be moved together.
Explicitly zero them on reset since they were located before
breakpoints.
Pass PowerPCCPU to kvmppc_handle_halt().
Signed-off-by: Andreas Färber <afaerber@suse.de>
The gen_icount_start/end functions are now somewhat misnamed since they
are useful for generic "start/end of TB" code, used for more than just
icount. Rename them to gen_tb_start/end.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Introduce ENV_OFFSET macros which can be used in non-target-specific
code that needs to generate TCG instructions which reference CPUState
fields given the cpu_env register that TCG targets set up with a
pointer to the CPUArchState struct.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The target-specific ENV_GET_CPU() macros have allowed us to navigate
from CPUArchState to CPUState. The reverse direction was not supported.
Avoid introducing CPU_GET_ENV() macros by initializing an untyped
pointer that is initialized in derived instance_init functions.
The field may not be called "env" due to it being poisoned.
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Combine this with breakpoint handler registration, guarding both with
tcg_enabled() to suppress also TCG init for qtest. Rename the handler to
xtensa_breakpoint_handler() since it needs to become global.
Signed-off-by: Andreas Färber <afaerber@suse.de>
There was no CPU_SAVE_VERSION defined, so neither "cpu_common" VMState
nor cpu_{save,load}() were registered. Their implementation was no-op.
Therefore there is no backwards compatibility to keep, so mark XtensaCPU
as unmigratable at device level.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Zero out tcg_ctx.gen_opc_instr_start for instructions representing the
last guest opcode in the TB.
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Refactor common code around calls to cpu_restore_state().
tb_find_pc() has now no external users, make it static.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is
only used for code access, DTLB is only for data. However TLB entries in
both TLBs have attribute field controlling write and exec access. These
bits need to be properly masked off depending on TLB type before being
used as tlb_set_page prot argument. Otherwise the following happens:
(1) ITLB entry for some PFN gets invalidated
(2) DTLB entry for the same PFN gets updated, attributes allow code
execution
(3) code at the page with that PFN is executed (possible due to step 2),
entry for the TB is written into the jump cache
(4) QEMU TLB entry for the PFN gets replaced with an entry for some
other PFN
(5) code in the TB from step 3 is executed (possible due to jump cache)
and it accesses data, for which there's no DTLB entry, causing DTLB
miss exception
(6) re-translation of the TB from step 5 is attempted, but there's no
QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB
miss exception at the TB start address
(7) ITLB miss exception is handled by the guest, but execution is
resumed from the beginning of the faulting TB (the point where ITLB
miss occured), not from the point where DTLB miss occured, which is
wrong.
With that fix the above scenario causes ITLB miss exception (that used
to be step 7) at step 3, right at the beginning of the TB.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use movcond for all sorts of conditional moves, ABS, CLAMPS, MIN/MAX
opcodes.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The Miscellaneous Special Registers Option provides zero to four scratch
registers within the processor readable and writable by RSR, WSR, and
XSR. These registers are privileged. They may be useful for some
application-specific exception and interrupt processing tasks in the
kernel. The MISC registers are undefined after reset.
See ISA, 4.7.3 for details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
There are read-only (DEBUGCAUSE, PRID) and write-only (INTCLEAR) SRs,
and INTERRUPT/INTSET SR allows rsr/wsr, but not xsr. Raise illeagal
opcode exception on illegal access to these SRs.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Beginning with the RA-2004.1 release, SR access instructions (rsr, wsr,
xsr) are associated with their corresponding SR and raise illegal opcode
exception in case the register is not configured for the core.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
In XEA1, the Options for Memory Protection and Translation and the
corresponding TLB management instructions are not available. Instead,
functionality similar to the Region Protection Option is available
through the cache attribute register. See ISA, A.2.14 for details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
ATOMCTL SR controls s32c1i opcode behavior depending on targeted memory
type. See ISA, 4.3.12.4 for details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Pass around CPUArchState instead of using global cpu_single_env.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
For target-mips also change the return type to bool.
Make include paths for cpu-qom.h consistent for alpha and unicore32.
Signed-off-by: Andreas Färber <afaerber@suse.de>
[AF: Updated new target-openrisc function accordingly]
Acked-by: Richard Henderson <rth@twiddle.net> (for alpha)
Rename helper flags to the new ones. This is purely a mechanical change,
it's possible to use better flags by looking at the helpers.
Cc: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are
reserved) and its purpose doesn't match the name (most target_phys_addr_t
addresses are not target specific). Replace it with a finger-friendly,
standards conformant hwaddr.
Outstanding patchsets can be fixed up with the command
git rebase -i --exec 'find -name "*.[ch]"
| xargs s/target_phys_addr_t/hwaddr/g' origin
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now that "and" with 0xff, 0xffff and 0xffffffff and "shr" with 0 shift
are optimized in tcg/tcg-op.h there is no need to do it in
target-xtensa/translate.c.
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
For all targets that currently call tcg_gen_debug_insn_start,
add CPU_LOG_TB_OP_OPT to the condition that gates it.
This is useful for comparing optimization dumps, when the
pre-optimization dump is merely noise.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In case Coprocessor Context option is enabled CPENABLE SR bits control
whether access to coprocessors is allowed or would rise one of
CoprocessorXDisabled exceptions.
See ISA, 4.4.5 for more details.
FP is coprocessor 0.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
These are comparison and conditional move opcodes.
See ISA, 4.3.10 for more details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
These are FP to integer and integer to FP conversion opcodes.
See ISA, 4.3.10 for more details.
Note that ISA description for utrunc.s is currently incorrect and will
be fixed in future revisions.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
These are FP arithmetic opcodes.
See ISA, 4.3.10 for more details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
These are load/store instructions for FP registers with immediate or
register index and optional base post-update.
See ISA, 4.3.10 for more details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
There are 16 32-bit FP registers (f0 - f15), control and status user
registers (fcr, fsr).
See ISA, 4.3.10 for more details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Unconditional gen_check_loop_end at the end of disas_xtensa_insn
can emit tcg_gen_goto_tb with slot id already used in the TB (e.g. when
TB ends at LEND with a branch).
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: malc <av1474@comtv.ru>
Put the following errno value mappings under #ifdef:
xtensa-semi.c: In function 'errno_h2g':
xtensa-semi.c:113: error: 'ENOTBLK' undeclared (first use in this function)
xtensa-semi.c:113: error: (Each undeclared identifier is reported only once
xtensa-semi.c:113: error: for each function it appears in.)
xtensa-semi.c:113: error: array index in initializer not of integer type
xtensa-semi.c:113: error: (near initialization for 'guest_errno')
xtensa-semi.c:124: error: 'ETXTBSY' undeclared (first use in this function)
xtensa-semi.c:124: error: array index in initializer not of integer type
xtensa-semi.c:124: error: (near initialization for 'guest_errno')
xtensa-semi.c:134: error: 'ELOOP' undeclared (first use in this function)
xtensa-semi.c:134: error: array index in initializer not of integer type
xtensa-semi.c:134: error: (near initialization for 'guest_errno')
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Guest errno values are taken from the newlib. Convert only those errno
values that can be returned from used system calls.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This prevents guest from proceeding with uninitialised garbage returned
from unimplemented simcalls.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'x86cpu_qom_tcg_v2' of git://github.com/imammedo/qemu:
target-i386: move tcg initialization into x86_cpu_initfn()
cleanup cpu_set_debug_excp_handler
target-xtensa: drop usage of prev_debug_excp_handler
target-i386: drop usage of prev_debug_excp_handler
This makes usable default for -cpu option both for qemu-system-xtensa
and qemu-system-xtensaeb fixing the following error:
$ qemu-system-xtensaeb -M sim
Unable to find CPU definition
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Quote from ISA, 2.1:
For most Xtensa instructions, bit numbering is irrelevant; only the BBC
and BBS instructions assign bit numbers to values on which the processor
operates. The BBC/BBS instructions use big-endian bit ordering (0 is the
most-significant bit) on a big-endian processor configuration.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Chains of exception handlers are currently unused feature. Dropping it
to be consistent with target-i386 but it may simplify qom-ifying CPU
in future like for target-i386.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Add env parameter to every helper function that needs it, update
'configure' script.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Mark exception generating functions 'noreturn' and pure constant
functions as such.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Peter Portante <peter.portante@redhat.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Taken conditional branches fail to update CCOUNT register because
accumulated ccount_delta is reset during translation of non-taken
branch. To fix it only update CCOUNT once per conditional branch
instruction translation.
This fixes guest linux freeze on LTP waitpid06 test.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Hardware pagetable walking may not be nested. Stop guessing and pass
explicit flag to the get_physical_addr_mmu function that controls page
table lookup.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This is to avoid interference of internal QEMU helpers
(cpu_get_phys_page_debug, tb_invalidate_virtual_addr) with guest-visible
TLB state.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
According to ISA, 4.4.2.6, EXCVADDR may be changed by any TLB miss, even
if the miss is handled entirely by processor hardware.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Both old and new mappings need flushing because their VPN may be
different in MMU case.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
In commit 1bba0dc932 cpu_reset()
was renamed to cpu_state_reset(), to allow introducing a new cpu_reset()
that would operate on QOM objects.
All callers have been updated except for one in target-mips, so drop all
implementations except for the one in target-mips and move the
declaration there until MIPSCPU reset can be fully QOM'ified.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> (for mb + cris)
Acked-by: Alexander Graf <agraf@suse.de> (for ppc)
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Make the include paths for cpu-qom.h consistent to allow using XtensaCPU
in cpu.h.
Turn cpu_init macro into a static inline function returning
CPUXtensaState for backwards compatibility.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Translation of LOOP instructions used to call LEND SR write handler to
update LEND and invalidate relevant TBs. Now that LEND SR write handler
ends TB, LOOPNEZ and LOOPGTZ generate wrong code (same as for simple
LOOP). Fix it by calling wsr_lend helper directly.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This is Diamond 233L Standard Core Rev.C (LE), implemented through
linux/gdb overlay.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
