Add support for saving and restoring VFP register state from the
kernel. This includes a check that the KVM-created CPU has full
VFP support (as the TCG Cortex-A15 model always does), since for
the moment ARM QEMU doesn't have any way to tweak optional features
on created CPUs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Add basic support for KVM on ARM architecture.
Signed-off-by: Christoffer Dall <cdall@cs.columbia.edu>
[PMM: Minor tweaks and code cleanup, switch to ONE_REG]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Drop the CPUARMState* argument from bank_number(), since we only
use it for passing to cpu_abort(). Use hw_error() instead.
This avoids propagating further interfaces using env pointers.
In the long term this function's callers need auditing to fix
problems where badly behaved guests can pass invalid bank numbers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
M profile cores do not have the RFE or SRS instructions, so
correctly UNDEF these insn patterns on those cores.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Factor out the handling of the SRS instruction rather than
duplicating it between the Thumb and ARM decoders. This in
passing fixes two bugs in the Thumb decoder's SRS handling
which didn't exist in the ARM decoder:
* (LP:1079080) storing CPSR rather than SPSR (fixed in the
ARM decoder in commit c67b6b71 in 2009)
* failing to free the 'addr' TCG temp in the writeback case
Reported-by: Cesson Vincent <vcesson@stmi.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The gen_icount_start/end functions are now somewhat misnamed since they
are useful for generic "start/end of TB" code, used for more than just
icount. Rename them to gen_tb_start/end.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Introduce ENV_OFFSET macros which can be used in non-target-specific
code that needs to generate TCG instructions which reference CPUState
fields given the cpu_env register that TCG targets set up with a
pointer to the CPUArchState struct.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
While T0+~T1+CF = T0-T1+CF-1 is true for the low 32-bits,
it does not produce the correct carry-out to bit 33. Do
exactly what the manual says.
Using the ~T1 makes the add and subtract code paths nearly
identical, so have sbc_CC use adc_CC.
Cc: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
commits 49b4c31efc and
2de68a4900 reworked the implementation of adc_CC
and sub_CC. The new implementations (on the TCG_TARGET_HAS_add2_i32 code path)
are incorrect. The new logic is:
CF:NF = 0:A +/- 0:CF
CF:NF = CF:A +/- 0:B
The lower 32 bits of the intermediate result stored in NF needs to be passes
into the second addition in place of A (s/CF:A/CF:NF):
CF:NF = 0:A +/- 0:CF
CF:NF = CF:NF +/- 0:B
This patch fixes the issue.
Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use sub2 if available, otherwise use 64-bit arithmetic.
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use add2 if available, otherwise use 64-bit arithmetic.
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The target-specific ENV_GET_CPU() macros have allowed us to navigate
from CPUArchState to CPUState. The reverse direction was not supported.
Avoid introducing CPU_GET_ENV() macros by initializing an untyped
pointer that is initialized in derived instance_init functions.
The field may not be called "env" due to it being poisoned.
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Turn arm_cpu_realize() into a QOM realize function, no longer called
via cpu.h prototype. To maintain the semantics of cpu_init(), set
realized = true explicitly in cpu_arm_init().
Move GDB coprocessor registration, CPU reset and vCPU initialization
into the realizefn.
Signed-off-by: Andreas Färber <afaerber@suse.de>
In the initial conversion of CPU models to QOM types, model names were
mapped 1:1 to type names. As a side effect this gained us a type "any",
which is now a device.
To avoid "-device any" silliness and to pave the way for compiling
multiple targets into one executable, adopt a <name>-<arch>-cpu scheme.
This leads to names like arm926-arm-cpu but is easiest to handle.
No functional changes for -cpu arguments or -cpu ? output.
Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix a leak of a TCG temporary in code paths for VFP system register
writes for cases which UNDEF or are write-ignored.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This fixes -cpu arm-cpu asserting.
Cc: qemu-stable@nongnu.org
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Consolidate model checking into a new arm_cpu_class_by_name().
If the name matches an existing type, also check whether that type is
actually (a sub-type of) TYPE_ARM_CPU.
This fixes, e.g., -cpu tmp105 asserting.
Cc: qemu-stable <qemu-stable@nongnu.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Note that target-alpha accesses this field from TCG, now using a
negative offset. Therefore the field is placed last in CPUState.
Pass PowerPCCPU to [kvm]ppc_fixup_cpu() to facilitate this change.
Move common parts of mips cpu_state_reset() to mips_cpu_reset().
Acked-by: Richard Henderson <rth@twiddle.net> (for alpha)
[AF: Rebased onto ppc CPU subclasses and openpic changes]
Signed-off-by: Andreas Färber <afaerber@suse.de>
When do_interrupt_v7m is called with EXCP_SWI, the PC already
points to the next instruction. Don't modify it here.
Signed-off-by: Alex Rozenman <Alex_Rozenman@mentor.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The type_register_static() interface is documented as:
type_register_static:
@info: The #TypeInfo of the new type.
@info and all of the strings it points to should exist for the life
time that the type is registered.
But cpu_register() uses a stack variable for the 'info' argument, so it
has to use type_register() instead of type_register_static().
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This generalizes {ARM,M68k,Alpha}CPUListState to avoid declaring it for
each target. Place it in cpu-common.h to avoid circular dependencies.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Refactor common code around calls to cpu_restore_state().
tb_find_pc() has now no external users, make it static.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Pass around CPUArchState instead of using global cpu_single_env.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
For target-mips also change the return type to bool.
Make include paths for cpu-qom.h consistent for alpha and unicore32.
Signed-off-by: Andreas Färber <afaerber@suse.de>
[AF: Updated new target-openrisc function accordingly]
Acked-by: Richard Henderson <rth@twiddle.net> (for alpha)
Rename helper flags to the new ones. This is purely a mechanical change,
it's possible to use better flags by looking at the helpers.
Cc: Paul Brook <paul@codesourcery.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Remove an out of date FIXME regarding the saturating arithmetic helpers:
we now do pass a pointer to CPUARMState to these helpers, and since
the AREG0 changes went in there is no difference between helper.c
and op_helper.c and therefore no point in moving the functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement abs_i32 inline (with movcond) rather than using a helper
function.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use the TCG operation to do Neon 64 bit negations rather than calling
a helper routine for it.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rework the handling of arguments to ARM semihosting calls so that we
handle a possible failure return from get_user_ual() or put_user_ual().
(This incidentally silences a lot of warnings from clang about
"expression result unused").
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are
reserved) and its purpose doesn't match the name (most target_phys_addr_t
addresses are not target specific). Replace it with a finger-friendly,
standards conformant hwaddr.
Outstanding patchsets can be fixed up with the command
git rebase -i --exec 'find -name "*.[ch]"
| xargs s/target_phys_addr_t/hwaddr/g' origin
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 33ebc29 fixed the bugs in the implementation of VQRSHL,
but forgot to remove the FIXME comment...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instructions that both use the RRX second operand and update CS were
incorrect, as the Carry flag was updated too early. An example of such an
instruction would be:
ands r12,r13,RRX
Ands, because of the "s" flag will update the carry flag. But the RRX second
operand rotates through the C flag which should happen before the update.
Fixed the ordering of the two, the old carry is read by "r13,RRX" before being
updated.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reported-by: Vinesh Peringat <vineshp@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Use the deposit op instead of and hardcoded bit field insertion. It
allows the host to emit the corresponding instruction if available.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that the movcond TCG op is available, it's possible to replace
shl and shr helpers by TCG code. The code generated by TCG is slightly
longer than the code generated by GCC for the helper but is still worth
it as this avoid all the consequences of using an helper: globals saved
back to memory, no possible optimization, call overhead, etc.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that the setcond TCG op is available, it's possible to replace
add_cc and sub_cc helpers by TCG code. The code generated by TCG is
actually very close to the one generated by GCC for the helper, and
this avoid all the consequences of using an helper: globals saved back
to memory, no possible optimization, call overhead, etc.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use globals for CC flags instead of loading/storing them each they are
accessed. This allows some optimizations to be performed by the TCG
optimization passes.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reinstate the display of VFP registers in cpu_dump_state(), if
the CPU has them (this code had been #if 0'd out a for a long time).
We drop the attempt ot display the values as floating point, since
this makes assumptions about the host 'float' and 'double' formats
and is not done by eg the i386 cpu_dump_state().
This display is gated on the CPU_DUMP_FPU flag, as for x86.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For all targets that currently call tcg_gen_debug_insn_start,
add CPU_LOG_TB_OP_OPT to the condition that gates it.
This is useful for comparing optimization dumps, when the
pre-optimization dump is merely noise.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Convert code load functions and switch to AREG0 free mode.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Convert remaining helpers to AREG0 free mode: add an explicit
CPUState parameter instead of relying on AREG0.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Add an explicit CPUState parameter instead of relying on AREG0.
For easier review, convert only op helpers which don't return any value.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Report from smatch:
target-arm/helper.c:651 arm946_prbs_read(6) error:
buffer overflow 'env->cp15.c6_region' 8 <= 8
target-arm/helper.c:661 arm946_prbs_write(6) error:
buffer overflow 'env->cp15.c6_region' 8 <= 8
c7_region is an array with 8 elements, so the index must be less than 8.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix a variety of typos in comments in target-arm files.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Implement the changes to the TTBCR register required for LPAE:
* many fewer bits should be RAZ/WI
* since TTBCR changes can result in a change of ASID, we must
flush the TLB on writes to it
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the different format of the PAR when long descriptor
translation tables are in use. Note that we assume that
get_phys_addr() returns a long-descriptor format DFSR value on
failure if long descriptors are in use; this added subtlety tips
the balance and makes it worth adding a comment documenting the
API to get_phys_addr().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In the implementation of get_phys_addr(), consistently use
target_phys_addr_t to hold the physical address rather than
uint32_t.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Under LPAE, the cp15 registers PAR, TTBR0 and TTBR1 are extended
to 64 bits, with a 64 bit (MRRC/MCRR) access path to read the
full width of the register. Add the state fields for the top
half and the 64 bit access path. Actual use of the top half of
the register will come with the addition of the long-descriptor
translation table format support.
For the PAR we also need to correct the masking applied for
32 bit writes (there are no bits reserved if LPAE is implemented)
and clear the high half when doing a 32 bit result VA-to-PA
lookup.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
LPAE extends the DBGDRAR and DBGDSAR debug registers to 64 bits; we
only implement these as dummy RAZ versions; provide dummies for
the 64 bit accesses as well.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add implementations of the AMAIR0 and AMAIR1 LPAE
Auxiliary Memory Attribute Indirection Registers.
These are implementation defined and we choose to
implement them as RAZ/WI, matching the Cortex-A7
and Cortex-A15.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Extend feature flags to 64 bits, as we've just run out of space
in the 32 bit integer we were using for them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the privileged-execute-never (PXN) translation table bit.
It is implementation-defined whether this is implemented, so we give
it its own ARM_FEATURE_ flag. LPAE requires PXN, so add also an
LPAE feature flag and the implication logic, as a placeholder
for actually implementing LPAE at a later date.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make target_phys_addr_t 64 bits for ARM targets, and set
TARGET_PHYS_ADDR_SPACE_BITS to 40. This should have no effect for ARM
boards where physical addresses really are 32 bits (except perhaps a
slight performance hit on 32 bit hosts for system emulation) but allows
us to implement the Large Physical Address Extensions for Cortex-A15,
which mean 40 bit physical addresses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix errors in the TCG temp handling in the 64 bit coprocessor
write path: we were reusing a 32 bit temp after it had been
freed by store_reg(), and failing to free a 64 bit temp.
This bug has no visible effect at this point because there
aren't any non-NOP 64 bit registers yet; it needs to be fixed
as a prerequisite for the 64 bit registers in LPAE support.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix a couple of cases where cp register names were copy-and-pasted.
These are harmless since we don't use the name for anything (except
debugging convenience) but could be confusing.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Fix a copy-and-paste error in the register description for TTBR1
that meant it was a duplicate of TTBR0 rather than affecting the
correct bit of CPU state.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The coprocessor register rework broke cp15 based WFI instructions.
We incorrectly fall through the normal register write case, which
incorrectly adds a forced block termination. We've already done
a special version of this (DISAS_WFI), so return immediately.
Signed-off-by: Paul Brook <paul@codesourcery.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
All the uses of ARM_CPUID() to vary behaviour have now been
removed, so we can delete the ARM_CPUID_* macros now.
The one exception is the TI915T/925T, because of its odd behaviour
where the MIDR value can be changed at runtime.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Move the v6 optional block cache ops to the new cp15 framework.
This includes only providing them on the CPUs which implemented
them, rather than the previous blunderbuss approach of making
all MCRR instructions on all CPUs act as NOPs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove the no-longer-used CPUARMState c0_cachetype field.
Although this was a constant register we had it in our
migration state. Drop this (with resulting version bump)
because for ARM currently we prefer cleaner migration
code and have not stabilised migration format yet.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the MPIDR to the new cp15 register scheme.
This includes giving it its own feature bit rather
than doing a CPUID value check.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert cp15 crn=9 registers (mostly cache lockdown) to the new scheme.
Note that this change makes OMAPCP cores RAZ/WI the whole c9 space. This is
a change from previous behaviour, but a return to the behaviour of commit
c3d2689d when OMAP1 support was first added -- subsequent commits have
clearly accidentally relegated the OMAPCP RAZ condition to only a subset of
the crn=9 space when adding support for other cores.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the cp15 crn=6 registers to the new scheme.
Note that this includes some minor tidyup: drop an unnecessary
underdecoding of op2 on OMAPCP cores, and only implement the
pre-v6 c6,c0,0,1 IFAR on the 1026 and not on the other ARMv5
cores, which didn't have it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the cp15 crn=7 registers to the new scheme.
Note that to do this we have to distinguish some registers
used on the ARM9 and ARM10 from some which are ARM1176
only. This is because the old code returned a value of 0
but always set the Z flag (by clearing env->ZF, since we
store the Z flag in CPUState inverted). This is inconsistent
with actual ARM CPU behaviour, which only sets flags for
reads to r15 and sets them based on the top bits of the result.
However it happened to work for the two common use cases for
cp15 crn=7 reads:
* On ARM9 and ARM10 the cache clean-and-test operations are
typically done with a destination of r15 so that you can do
a "loop: mrc ... ; bne loop" to keep cleaning until the cache
is finally clean; always setting the Z flag means this loop
terminates immediately
* on ARM1176 the Cache Dirty Status Register reads as zero
if the cache is dirty; returning 0 means this is correctly
implemented for QEMU
Since the new coprocessor register framework does the right
thing of always setting flags based on the returned result
for reads to r15, we need to split these up so that we can
return (1<<30) for the ARM9/ARM10 registers but 0 for the
ARM1176 one.
This allows us to remove the nasty hack which always sets Z.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We RAZ/WI the entire block of crn=10 registers. Note that this
actually covers not just the implementation-defined TLB
lockdown registers but also a number of v7 VMSA memory
attribute registers which we would need to implement to
support TEX remap. We retain the previous QEMU behaviour
in this conversion, though.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the cp15 crn=13 registers (FCSEIDR, CONTEXTIDR,
and the ARM946 Trace Process Identifier Register).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the cp15 crn=2 registers (MMU page table control,
MPU cache control) to the new scheme.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the cp15 c3 register (MMU domain access control
or MPU write buffer control). NB that this is horribly
underdecoded for modern cores (should be crn=3,crm=0,
opc1=0,opc2=0) but this change preserves the existing
QEMU behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
