By arranging for explicit writes to cpu_fsr after floating point
operations, we are able to mark the helpers as not writing to
tcg globals, which means that we don't need to invalidate the
integer register set across said calls.
Backports commit 7385aed20db5d83979f683b9d0048674411e963c from qemu
We've now implemented all fp asis inline, except for the no-fault
memory reads. The latter can be passed directly to helper_ld_asi.
Backports commit f2fe396f0fae6b389169f65abf294df9ae6cfee5 from qemu
Replace gen_get_asi, and use it for both 32-bit and 64-bit.
For v8, do supervisor and immediate checks here.
Also, move save_state and TB ending into the respective
subroutines, out of disas_sparc_insn.
Backports commit 7ec1e5ea4bd0700fa48da86bffa2fcc6146c410a from qemu
Knowing the value of %asi at translation time means that we
can handle the common settings without a function call.
The steady state appears to be %asi == ASI_P, so that sparcv9
code can use offset forms of lda/sta. The %asi register gets
pushed and popped on entry to certain functions, but it rarely
takes on values other than ASI_P or ASI_AIUP. Therefore we're
unlikely to be expanding the set of TBs created.
Backports commit a6d567e523ed7e928861f3caa5d49368af3f330d from qemu
We now have a single copy of gen_ld_asi, gen_st_asi,
gen_swap_asi, and everything uses gen_get_asi.
Backports commit 22e700607aeaff5f5e139d0fdc3d861e5502040c from qemu
Doing this instead of saving the raw PS_PRIV and TL. This means
that all nucleus mode TBs (TL > 0) can be shared. This fixes a
bug in that we didn't include HS_PRIV in the TB flags, and so could
produce incorrect TB matches for hypervisor state.
The LSU and DMMU states were unused by the translator. Including
them in TB flags meant unnecessary mismatches from tb_find_fast.
Backports commit 99a230638a3674e921224dbe628159c867d734b1 from qemu
The global is only ever read for one insn; we can just as well
use a load from env instead and generate the same code. This
also allows us to indicate the the associated helpers do not
touch TCG globals.
Backports commit e86ceb0d652baa5738e05a59ee0e7989dafbeaa1 from qemu
Header guard symbols should match their file name to make guard
collisions less likely. Offenders found with
scripts/clean-header-guards.pl -vn.
Cleaned up with scripts/clean-header-guards.pl, followed by some
renaming of new guard symbols picked by the script to better ones.
Backports commit 121d07125bb6d7079c7ebafdd3efe8c3a01cc440 from qemu
These use guard symbols like TCG_TARGET_$target.
scripts/clean-header-guards.pl doesn't like them because they don't
match their file name (they should, to make guard collisions less
likely).
Clean them up: use guard symbol $target_TCG_TARGET_H for
tcg/$target/tcg-target.h.
Backports commit 14e54f8ecfe9c5e17348f456781344737ed10b3b from qemu
Most of them use guard symbols like CPU_$target_H, but we also have
__MIPS_CPU_H__ and __TRICORE_CPU_H__. They all upset
scripts/clean-header-guards.pl.
The script dislikes CPU_$target_H because they don't match their file
name (they should, to make guard collisions less likely). The others
are reserved identifiers.
Clean them all up: use guard symbol $target_CPU_H for
target-$target/cpu.h.
Backports commit 07f5a258750b3b9a6e10fd5ec3e29c9a943b650e from qemu
Tracked down with an ugly, brittle and probably buggy Perl script.
Also move includes converted to <...> up so they get included before
ours where that's obviously okay.
Backports commit a9c94277f07d19d3eb14f199c3e93491aa3eae0e from qemu
Add a documentation comment describing the functions for
converting between the cpu and little or bigendian formats.
Backports commit 7d820b766a2049f33ca7e078aa51018f2335f8c5 from qemu
Now that all uses of cpu_to_*w() and *_to_cpup() have been replaced
with either ld*_p()/st*_p() or by doing direct dereferences and
using the cpu_to_*()/*_to_cpu() byteswap functions, we can remove
the unused implementations.
Backports commit f76bde702916d0230bf359d478bcac8d7f3b30ae from qemu
There are functions tlb_fill(), cpu_unaligned_access() and
do_unaligned_access() that are called with access type and mmu index
arguments. But these arguments are named 'is_write' and 'is_user' in their
declarations. The patches fix the arguments to avoid a confusion.
Backports commit b35399bb4e9968296a12303b00f9f2066470e987 from qemu
ASID currently has uint8_t type which is too small since some processors
support more than 8 bits ASID. Therefore change its type to uint16_t.
Backports commit 2d72e7b047d800c9f99262466f65a98684ecca14 from qemu
MIPS64R6-generic gradually gets closer to I6400 CPU, feature-wise. Rename
it to make it clear which MIPS processor it is supposed to emulate.
Backports commit 8f95ad1c79b4166350b982a6defe0e21faa04dac from qemu
Replace hardcoded 0xbfc00000 with exception_base which is initialized with
this default address so there is no functional change here.
However, it is now exposed and consequently it will be possible to modify
it from outside of the CPU.
Backports commit 89777fd10fc3dd573c3b4d1b2efdd10af823c001 from qemu
In user-mode emulation Translation Block can consist of 2 guest pages.
In that case QEMU also mprotects 2 host pages that are dedicated for
guest memory, containing instructions. QEMU detects self-modifying code
with SEGFAULT signal processing.
In case if instruction in 1st page is modifying memory of 2nd
page (or vice versa) QEMU will mark 2nd page with PAGE_WRITE,
invalidate TB, generate new TB contatining 1 guest instruction and
exit to CPU loop. QEMU won't call mprotect, and new TB will cause
same SEGFAULT. Page will have both PAGE_WRITE_ORG and PAGE_WRITE
flags, so QEMU will handle the signal as guest binary problem,
and exit with guest SEGFAULT.
Solution is to do following: In case if current TB was invalidated
continue to invalidate TBs from remaining guest pages and mark pages
as PAGE_WRITE. After that disable host page protection with mprotect.
If current tb was invalidated longjmp to main loop. That is more
efficient, since we won't get SEGFAULT when executing new TB.
Backports commit 7399a337e4126f7c8c8af3336726f001378c4798 from qemu
As it currently stands, QEMU does not properly handle self-modifying code
when the write is unaligned and crosses a page boundary. The procedure
for handling a write to the current translation block is to write-protect
the current translation block, catch the write, split up the translation
block into the current instruction (which remains write-protected so that
the current instruction is not modified) and the remaining instructions
in the translation block, and then restore the CPU state to before the
write occurred so the write will be retried and successfully executed.
However, since unaligned writes across pages are split into one-byte
writes for simplicity, writes to the second page (which is not the
current TB) may succeed before a write to the current TB is attempted,
and since these writes are not invalidated before resuming state after
splitting the TB, these writes will be performed a second time, thus
corrupting the second page. Credit goes to Patrick Hulin for
discovering this.
In recent 64-bit versions of Windows running in emulated mode, this
results in either being very unstable (a BSOD after a couple minutes of
uptime), or being entirely unable to boot. Windows performs one or more
8-byte unaligned self-modifying writes (xors) which intersect the end
of the current TB and the beginning of the next TB, which runs into the
aforementioned issue. This commit fixes that issue by making the
unaligned write loop perform the writes in forwards order, instead of
reverse order. This way, QEMU immediately tries to write to the current
TB, and splits the TB before any write to the second page is executed.
The write then proceeds as intended. With this patch applied, I am able
to boot and use Windows 7 64-bit and Windows 10 64-bit in QEMU without
KVM.
Per Richard Henderson's input, this patch also ensures the second page
is in the TLB before executing the write loop, to ensure the second
page is mapped.
The original discussion of the issue is located at
http://lists.nongnu.org/archive/html/qemu-devel/2014-08/msg02161.html.
Backports commit 81daabaf7a572f138a8b88ba6eea556bdb0cce46 from qemu
There are currently 22 invocations of this function,
and we're about to increase that number.
Backports commit 7e9a7c50d9a400ef51242d661a261123c2cc9485 from qemu
It's a prerequisite that certain bits of MSR_IA32_FEATURE_CONTROL should
be set before some features (e.g. VMX and LMCE) can be used, which is
usually done by the firmware. This patch adds a fw_cfg file
"etc/msr_feature_control" which contains the advised value of
MSR_IA32_FEATURE_CONTROL and can be used by guest firmware (e.g. SeaBIOS).
Backports commit 217f1b4a72153cf8d556e9d45919e9222c38d25e from qemu
This patch adds the support to inject SRAR and SRAO as LMCE, i.e. they
are injected to only one VCPU rather than broadcast to all VCPUs. As KVM
reports LMCE support on Intel platforms, this features is only available
on Intel platforms.
LMCE is disabled by default and can be enabled/disabled by cpu option
'lmce=on/off'.
Backports commit 87f8b626041ceaea9adcfdbd549359f0ca7b871d from qemu
This change adds hyperv feature words report through qom rpc.
When VM is configured with hyperv features enabled
libvirt will check that required feature words are set
in cpuid leaf 40000003 through qom request.
Currently qemu does not report hyperv feature words
which prevents windows guests from starting with libvirt.
To avoid conflicting with current hyperv properties all added feature
words cannot be set directly with -cpu +feature yet.
Backports commit c35bd19a5c9140bce8b913cc5cefe6f071135bdb from qemu
x86_cpu_parse_featurestr has a "val = num;" assignment just before num
goes out of scope. Push num up to fix the issue.
Backports commit cf2887c9738451eb989c6c102af070dee2dc172a from qemu
ERMS just says "rep movsb" and "rep stosb" are fast. It does not
imply any new instruction, so we can support it easily.
Backports commit 7eb24386dbfb0b66464c7f856c1074c606efccda from qemu
Make SPARC target use sparc_cpu_parse_features() directly
so it won't get in the way of switching other propertified
targets to handling features as global properties.
Backports commit fb02d56e96d553088c5b4267a3c954a3e952a50a from qemu
Some architectures (e.g. ARMv8) need the address which is aligned
to a size more than the size of the memory access.
To support such check it's enough the current costless alignment
check implementation in QEMU, but we need to support
an alignment size specifying.
Backports commit 1f00b27f17518a1bcb4cedca49eaec96a4d560bd from qemu
While we can store constants via constrants on INDEX_op_st_i32 et al,
we weren't able to spill constants to backing store.
Add a new backend interface, tcg_out_sti, which may store the constant
(and is allowed to fail). Rearrange the temp_* helpers so that we only
attempt to directly store a constant when the temp is becoming dead/free.
Backports commit 59d7c14eeff8d2ad7f61aed86ce5a176113bc153 from qemu
We have a couple places in the code base that want to deep-clone
one QAPI object into another, and they were resorting to serializing
the struct out to QObject then reparsing it. A much more efficient
version can be done by adding a new clone visitor.
Since cloning is still relatively uncommon, expose the use of the
new visitor via a QAPI_CLONE() macro that takes care of type-punning
the underlying function pointer, rather than generating lots of
unused functions for types that won't be cloned. And yes, we're
relying on the compiler treating all pointers equally, even though
a strict C program cannot portably do so - but we're not the first
one in the qemu code base to expect it to work (hello, glib!).
The choice of adding a fourth visitor type deserves some explanation.
On the surface, the clone visitor is mostly an input visitor (it
takes arbitrary input - in this case, another QAPI object - and
creates a new QAPI object during the course of the visit). But
ever since commit da72ab0 consolidated enum visits based on the
visitor type, using VISITOR_INPUT would cause us to run
visit_type_str(), even though for cloning there is nothing to do
(we just copy the enum value across, without regards to its mapping
to strings). Also, since our input happens to be a QAPI object,
we can also satisfy the internal checks for VISITOR_OUTPUT. So in
the end, I settled with a new VISITOR_CLONE, and chose its value
such that many internal checks can use 'v->type & mask', sticking
to 'v->type == value' where the difference matters.
Note that we can only clone objects (including alternates) and lists,
not built-ins or enums. The visitor core hides integer width from
the actual visitor (since commit 04e070d), and as long as that's the
case, we can't clone top-level integers. Then again, those can
always be cloned by direct copy, since they are not objects with
deep pointers, so it's no real loss. And restricting cloning to
just objects and lists is cleaner than restricting it to non-integers.
As such, I documented that the clone visitor is for direct use only
by code internal to QAPI, and should not be used on incomplete objects
(other than a hack to work around the fact that we allow NULL in place
of "" in visit_type_str() in other output visitors). Note that as
written, the clone visitor will never fail on a complete object.
Scalars (including enums) not at the root of the clone copy just fine
with no additional effort while visiting the scalar, by virtue of a
g_memdup() each time we push another struct onto the stack. Cloning
a string requires deduplication of a pointer, which means it can also
provide the guarantee of an input visitor of never producing NULL
even when still accepting NULL in place of "" the way the QMP output
visitor does.
Cloning an 'any' type could be possible by incrementing the QObject
refcnt, but it's not obvious whether that is better than implementing
a QObject deep clone. So for now, we document it as unsupported,
and intentionally omit the .type_any() callback to let a developer
know their usage needs implementation.
Add testsuite coverage for several different clone situations, to
ensure that the code is working. I also tested that valgrind was
happy with the test.
Backports commit a15fcc3cf69ee3d408f60d6cc316488d2b0249b4 from qemu
