Commit graph

971 commits

Author SHA1 Message Date
Edgar E. Iglesias 4bdafaa2f8
target-arm: Add VTCR_EL2
Backports commit 68e9c2fe65bca7fc1bdc2411923333c3e87544a3 from qemu
2018-02-17 15:23:47 -05:00
Pavel Dovgalyuk 4a05c9ee28
cpu-exec: introduce loop exit with restore function
This patch introduces loop exit function, which also
restores guest CPU state according to the value of host
program counter.

Backports commit 1c3c8af1fb40a481c07749e0448644d9b7700415 from qemu
2018-02-17 15:23:38 -05:00
Pavel Dovgalyuk 28f154129b
softmmu: remove now unused functions
Now that the cpu_ld/st_* function directly call helper_ret_ld/st, we can
drop the old helper_ld/st functions.

Backports commit b8611499b940b1b4db67aa985e3a844437bcbf00 from qemu
2018-02-17 15:23:38 -05:00
Pavel Dovgalyuk 6cdaaf9b1b
softmmu: add helper function to pass through retaddr
This patch introduces several helpers to pass return address
which points to the TB. Correct return address allows correct
restoring of the guest PC and icount. These functions should be used when
helpers embedded into TB invoke memory operations.

Backports commit 282dffc8a4bfe8724548cabb8a26698bde0a6e18 from qemu
2018-02-17 15:23:38 -05:00
Benjamin Herrenschmidt 1722be3e73
tlb: Add ifetch argument to cpu_mmu_index()
This is set to true when the index is for an instruction fetch
translation.

The core get_page_addr_code() sets it, as do the SOFTMMU_CODE_ACCESS
acessors.

All targets ignore it for now, and all other callers pass "false".

This will allow targets who wish to split the mmu index between
instruction and data accesses to do so. A subsequent patch will
do just that for PowerPC.

Backports commit 97ed5ccdee95f0b98bedc601ff979e368583472c from qemu
2018-02-17 15:23:37 -05:00
Markus Armbruster 97ad660361
error: On abort, report where the error was created
This is particularly useful when we abort in error_propagate(),
because there the stack backtrace doesn't lead to where the error was
created. Looks like this:

Unexpected error in parse_block_error_action() at .../qemu/blockdev.c:322:
qemu-system-x86_64: -drive if=none,werror=foo: 'foo' invalid write error action
Aborted (core dumped)

Note: to get this example output, I monkey-patched drive_new() to pass
&error_abort to blockdev_init().

To keep the error handling boiler plate from growing even more, all
error_setFOO() become macros expanding into error_setFOO_internal()
with additional __FILE__, __LINE__, __func__ arguments. Not exactly
pretty, but it works.

The macro trickery breaks down when you take the address of an
error_setFOO(). Fortunately, we do that in just one place: qemu-ga's
Windows VSS provider and requester DLL wants to call
error_setg_win32() through a function pointer "to avoid linking glib
to the DLL". Use error_setg_win32_internal() there. The use of the
function pointer is already wrapped in a macro, so the churn isn't
bad.

Code size increases by some 35KiB for me (0.7%). Tolerable. Could be
less if we passed relative rather than absolute source file names to
the compiler, or forwent reporting __func__.

Backports commit 1e9b65bb1bad51735cab6c861c29b592dccabf0e from qemu
2018-02-17 15:23:37 -05:00
Markus Armbruster 46f398569f
error: Revamp interface documentation
Backports commit edf6f3b3358597d37da0cf636ce3ed8a546d0f26 from qemu
2018-02-17 15:23:37 -05:00
Markus Armbruster eebc32fd75
error: error_set_errno() is unused, drop
Backports commit 4463dcb85c9f992f0c4d93f2142c8d64dcc85c5c from qemu
2018-02-17 15:23:37 -05:00
Markus Armbruster 661e38e3ed
error: Make error_setg() a function
Saves a tiny amount of code at every call site.

Backports commit a9499ddd82a99c66cc72a08e72427c423acfea1c from qemu
2018-02-17 15:23:36 -05:00
Markus Armbruster c2a61848d6
error: De-duplicate code creating Error objects
Duplicated when commit 680d16d added error_set_errno(), and again when
commit 20840d4 added error_set_win32().

Make the original copy in error_set() reusable by factoring out
error_setv(), then rewrite error_set_errno() and error_set_win32() on
top of it.

Backports commit 552375088a832fd5945ede92d01f98977b4eca13 from qemu
2018-02-17 15:23:36 -05:00
Edgar E. Iglesias 191786d055
target-arm: Add AArch64 access to PAR_EL1
Backports commit c96fc9b52d0a318d8026a0bcaba204d319ad91e0 from qemu
2018-02-17 15:23:36 -05:00
Edgar E. Iglesias de83caf623
target-arm: Correct opc1 for AT_S12Exx
Backports commit 7a379c7e68f1b2286602b0beeeb58dcef7c9e760 from qemu
2018-02-17 15:23:36 -05:00
Edgar E. Iglesias fa908ea3d3
target-arm: Log the target EL when taking exceptions
Log the target EL when taking exceptions. This is useful when
debugging guest SW or QEMU itself while transitioning through
the various ELs.

Backports commit dbc29a868cf5b7e6fa7bb2e6c4f188b9470779c5 from qemu
2018-02-17 15:23:36 -05:00
Sergey Sorokin a883d349fe
target-arm: Fix default_exception_el() function for the case when EL3 is not supported
If EL3 is not supported in current configuration,
we should not try to get EL3 bitness.

Backports commit cef9ee706792b1e205fe472b67053a0e82cd058e from qemu
2018-02-17 15:23:36 -05:00
Peter Crosthwaite a249923d4d
qom: Add recursive version of object_child_for_each
Useful for iterating through an entire QOM subtree.

Backports commit d714b8de7747f20fe42e5716d1d44f91e2b891f4 from qemu
2018-02-17 15:23:35 -05:00
Peter Maydell e08c524068
Remove unused qemu_fls function
Nothing uses qemu_fls() any more, so delete it.

Backports commit 10944a19209bb520054569e0f156f50338901264 from qemu
2018-02-17 15:23:35 -05:00
Peter Maydell 400fd62ba7
exec.c: Use pow2floor() rather than hand-calculation
Use pow2floor() to round down to the nearest power of 2,
rather than an inline calculation.

Backports commit 6554f5c03793bb8a3d5dedcebf758a1694fa186c from qemu
2018-02-17 15:23:35 -05:00
Lioncash 9ce672c511
host-util: Add power calculation functions 2018-02-17 15:23:35 -05:00
Lioncash 2a6b6c1082
target-arm: Refactor CPU affinity handling
Introduces reusable definitions for CPU affinity masks/shifts and gets rid
of hardcoded magic numbers.

Backports commit 0f4a9e45ec35811ee250ac232d84d3c6d4fcd7fc from qemu
2018-02-17 15:23:34 -05:00
Sergey Sorokin 02ace69c9d
target-arm: Fix arm_excp_unmasked() function
There is an error in arm_excp_unmasked() function:
bitwise operator & is used with integer and bool operands
causing an incorrect zeroed result.
The patch fixes it.

Backports commit 771842585f3119f69641ed90a97d56eb9ed6f5ae from qemu
2018-02-17 15:23:34 -05:00
Sergey Sorokin 5b40cb8562
target-arm: Fix AArch32:AArch64 general-purpose register mapping
There is an error in functions aarch64_sync_32_to_64() and
aarch64_sync_64_to_32() with mapping of registers between AArch32 and
AArch64. This commit fixes the mapping to match the v8 ARM ARM
section D1.20.1 (table D1-77).

Backports commit 3a9148d0bdcee990fbe86759b9b1f5723c1d7fbc from qemu
2018-02-17 15:23:34 -05:00
Peter Crosthwaite 83aa10f77d
arm: Remove hw_error() usages.
All of these hw_errors are fatal and indicate something wrong with
QEMU implementation.

Convert to g_assert_not_reached.

Backports commit 8f6fd322f6e25995629a1a07b56bc5b91fb947ca from qemu
2018-02-17 15:23:34 -05:00
Peter Maydell 1b88e0e8c8
target-arm: Wire up HLT 0xf000 as the A64 semihosting instruction
For the A64 instruction set, the semihosting call instruction
is 'HLT 0xf000'. Wire this up to call do_arm_semihosting()
if semihosting is enabled.

Backports commit 8012c84ff92a36d05dfe61af9b24dd01a7ea25e4 from qemu
2018-02-17 15:23:34 -05:00
Lioncash f81894dddb
exec: Add semihosting stubs 2018-02-17 15:23:33 -05:00
Peter Maydell cdda3aec7f
target-arm/arm-semi.c: Support widening APIs to 64 bits
The 64-bit A64 semihosting API has some pervasive changes from
the 32-bit version:
* all parameter blocks are arrays of 64-bit values, not 32-bit
* the semihosting call number is passed in W0
* the return value is a 64-bit value in X0

Implement the necessary handling for this widening.

Backports relevant parts of commit faacc041619581c566c21ed87aa1933420731282 from qemu
2018-02-17 15:23:33 -05:00
Christopher Covington eabacd7daf
target-arm: Improve semihosting debug prints
Print semihosting debugging information before the
do_arm_semihosting() call so that angel_SWIreason_ReportException,
which causes the function to not return, gets the same debug prints as
other semihosting calls. Also print out the semihosting call number.

Backports commit 205ace55ffff77964e50af08c99639ec47db53f6 from qemu
2018-02-17 15:23:33 -05:00
Aurelien Jarno 11cfddad05
tcg/i386: use softmmu fast path for unaligned accesses
Softmmu unaligned load/stores currently goes through through the slow
path for two reasons:
  - to support unaligned access on host with strict alignement
  - to correctly handle accesses crossing pages

x86 is only concerned by the second reason. Unaligned accesses are
avoided by compilers, but are not uncommon. We therefore would like
to see them going through the fast path, if they don't cross pages.

For that we can use the fact that two adjacent TLB entries can't contain
the same page. Therefore accessing the TLB entry corresponding to the
first byte, but comparing its content to page address of the last byte
ensures that we don't cross pages. We can do this check without adding
more instructions in the TLB code (but increasing its length by one
byte) by using the LEA instruction to combine the existing move with the
size addition.

On an x86-64 host, this gives a 3% boot time improvement for a powerpc
guest and 4% for an x86-64 guest.

Backports commit 8cc580f6a0d8c0e2f590c1472cf5cd8e51761760 from qemu
2018-02-17 15:23:33 -05:00
Laurent Vivier ea2ee48d9c
s390: fix softmmu compilation
guest_base must be used only in linux-user mode.

Backports commit 090d0bfd948343d522cd20bc634105b5cfe2483b from qemu
2018-02-17 15:23:32 -05:00
Peter Maydell 4071f20ce2
target-arm: Implement AArch64 TLBI operations on IPAs
Implement the AArch64 TLBI operations which take an intermediate
physical address and invalidate stage 2 translations.

Backports commit cea66e91212164e02ad1d245c2371f7e8eb59e7f from qemu
2018-02-17 15:23:32 -05:00
Peter Maydell b318251716
target-arm: Implement missing EL3 TLB invalidate operations
Implement the remaining stage 1 TLB invalidate operations
visible from EL3.

Backports commit 43efaa33faa2bdaed789b9ddaa76b30880e57554 from qemu
2018-02-17 15:23:32 -05:00
Peter Maydell f29d67b43e
target-arm: Implement missing EL2 TLBI operations
Implement the missing TLBI operations that exist only
if EL2 is implemented.

Backports commit 2bfb9d75d37ceab6ef1674f54fca06c74f6978e7 from qemu
2018-02-17 15:23:32 -05:00
Peter Maydell f0ac6659d3
target-arm: Restrict AArch64 TLB flushes to the MMU indexes they must touch
Now we have the ability to flush the TLB only for specific MMU indexes,
update the AArch64 TLB maintenance instruction implementations to only
flush the parts of the TLB they need to, rather than doing full flushes.

We take the opportunity to remove some duplicate functions (the per-asid
tlb ops work like the non-per-asid ones because we don't support
flushing a TLB only by ASID) and to bring the function names in line
with the architectural TLBI operation names.

Backports commit fd3ed969227f54f08f87d9eb6de2d4e48e99279b from qemu
2018-02-17 15:23:32 -05:00
Peter Maydell 91262f721e
target-arm: Move TLBI ALLE1/ALLE1IS definitions into numeric order
Move the two regdefs for TLBI ALLE1 and TLBI ALLE1IS down so that the
whole set of AArch64 TLBI regdefs is arranged in numeric order.

Backports commit 83ddf975777cc23337b7ef92e83b1b9c949396f3 from qemu
2018-02-17 15:23:31 -05:00
Peter Maydell 6e94bda144
cputlb: Add functions for flushing TLB for a single MMU index
Guest CPU TLB maintenance operations may be sufficiently
specialized to only need to flush TLB entries corresponding
to a particular MMU index. Implement cputlb functions for
this, to avoid the inefficiency of flushing TLB entries
which we don't need to.

Backports commit d7a74a9d4a68e27b3a8ceda17bb95cb0a23d8e4d from qemu
2018-02-17 15:23:31 -05:00
Peter Maydell 86af3f249d
target-arm: Implement AArch32 ATS1H* operations
Implement the AArch32 ATS1H* operations which perform
Hyp mode stage 1 translations.

Backports commit 14db7fe09a2c8d561ff37f98b328409906a560d7 from qemu
2018-02-17 15:23:31 -05:00
Peter Maydell cf386519d2
target-arm: Enable the AArch32 ATS12NSO ops
Apply the correct conditions in the ats_access() function for
the ATS12NSO* address translation operations:
* succeed at EL2 or EL3
* normal UNDEF trap from NS EL1
* trap to EL3 from S EL1 (only possible if EL3 is AArch64)

(This change means they're now available in our EL3-supporting
CPUs when they would previously always UNDEF.)

Backports commit 87562e4f4a2bdd028eef3549ce9cb4e7c83cb0bf from qemu
2018-02-17 15:23:31 -05:00
Peter Maydell 2c4677ee5a
target-arm: Add CP_ACCESS_TRAP_UNCATEGORIZED_EL2, 3
Some coprocessor register access functions need to be able
to report "trap to EL3 with an 'uncategorized' syndrome";
add the necessary CPAccessResult enum and handling for it.

I don't currently know of any registers that need to trap
to EL2 with the 'uncategorized' syndrome, but adding the
_EL2 enum as well is trivial and fills in what would
otherwise be an odd gap in the handling.

Backports commit e76157264da20b85698b09fa5eb8e02e515e232c from qemu
2018-02-17 15:23:31 -05:00
Peter Maydell 355834e80a
target-arm: Wire up AArch64 EL2 and EL3 address translation ops
Wire up the AArch64 EL2 and EL3 address translation operations
(AT S12E1*, AT S12E0*, AT S1E2*, AT S1E3*), and correct some
errors in the ats_write64() function in previously unused code
that would have done the wrong kind of lookup for accesses from
EL3 when SCR.NS==0.

Backports commit 2a47df953202e1f226aa045ea974427c4540a167 from qemu
2018-02-17 15:23:30 -05:00
Peter Maydell f4608ebdd3
target-arm: there is no TTBR1 for 32-bit EL2 stage 1 translations
For EL2 stage 1 translations, there is no TTBR1. We were already
handling this for 64-bit EL2; add the code to take the 'no TTBR1'
code path for 64-bit EL2 as well.

Backports commit d0a2cbceb2aa20d64d53e1c20c7d26a78ade8382 from qemu
2018-02-17 15:23:30 -05:00
Peter Maydell 6681fea032
target-arm: Implement missing ACTLR registers
We already implemented ACTLR_EL1; add the missing ACTLR_EL2 and
ACTLR_EL3, for consistency.

Since we don't currently have any CPUs that need the EL2/EL3
versions to reset to non-zero values, implement as RAZ/WI.

Backports commit 834a6c6920316d39aaf0e68ac936c0a3ad164815 from qemu
2018-02-17 15:23:30 -05:00
Lioncash e621768c48
target-arm: Implement missing AFSR registers
The AFSR registers are implementation dependent auxiliary fault
status registers. We already implemented a RAZ/WI AFSR0_EL1 and
AFSR_EL1; add the missing AFSR{0,1}_EL{2,3} for consistency.

Backports commit 37cd6c2478196623ca28526627ca8c69afe0d654 from qemu
2018-02-17 15:23:30 -05:00
Peter Maydell f1011035f0
target-arm: Implement missing AMAIR registers
The AMAIR registers are for providing auxiliary implementation
defined memory attributes. We already implemented a RAZ/WI
AMAIR_EL1; add the EL2 and EL3 versions for consistency.

Backports commit 2179ef958c81480b841ffa0aab5e265688ffd2b0 from qemu
2018-02-17 15:23:30 -05:00
Peter Maydell 7d1422efc5
target-arm: Add missing MAIR_EL3 and TPIDR_EL3 registers
Add the AArch64 registers MAIR_EL3 and TPIDR_EL3, which are the only
two which we had implemented the 32-bit Secure equivalents of but
not the 64-bit Secure versions.

Backports commit 4cfb8ad896a6f85953038bd913ce3d82d347013d from qemu
2018-02-17 15:23:29 -05:00
Lioncash afaf2a99d3
apic_internal.h: Include cpu.h directly
apic_internal.h relies on cpu.h having been included (for the
X86CPU type); include it directly rather than relying on it
being pulled in via one of the other includes like timer.h.

Backports commit 20fbcfdd58ea47607a5755979d43f8c48ac93f08 from qemu
2018-02-17 15:23:29 -05:00
Peter Maydell d3a00d97bc
qemu-common.h: Move muldiv64() to host-utils.h
Move the muldiv64() function from qemu-common.h to host-utils.h.
This puts it together with all the other arithmetic functions
where we provide a version with __int128_t and a fallback
without, and allows headers which need muldiv64() to avoid
including qemu-common.h.

We don't include host-utils from qemu-common.h, to avoid dragging
more things into qemu-common.h than it already has; in practice
everywhere that needs muldiv64() can get it via qemu/timer.h.

Backports commit 49caffe0cc95a9d0dc344e3328be8197f3536cf8 from qemu
2018-02-17 15:23:29 -05:00
Peter Maydell fa87410077
osdep.h: Add header comment
Add a header comment to osdep.h, explaining what the header is for
and some rules to avoid circular-include difficulties.

Backports commit 03557b9abaee78e9d1ef5cd236d32a7b3e75e6f8 from qemu
2018-02-17 15:23:29 -05:00
Lioncash 9c63994b45
osdep.h: Move some OS header includes and fixups from qemu-common.h
qemu-common.h has some system header includes and fixups for
things that might be missing. This is really an OS dependency
and belongs in osdep.h, so move it across.

Backports commit bfe7e449f14313f646da621288ca2fd12223414f from qemu
2018-02-17 15:23:29 -05:00
Peter Maydell 19cd2a7ca4
qemu-common.h: Move Win32 fixups into os-win32.h
qemu-common.h includes some fixups for things the Win32
headers don't define or define weirdly. These really
belong in os-win32.h, so move them there.

Backports commit 1aad8104f3b69206da1f868639e1f69c26f6d482 from qemu
2018-02-17 15:23:29 -05:00
Peter Maydell d21aec2212
qemu-common.h: Document cutils.c string functions
Add documentation comments for various utility string functions
which we have implemented in util/cutils.c:
 pstrcpy()
 strpadcpy()
 pstrcat()
 strstart()
 stristart()
 qemu_strnlen()
 qemu_strsep()

Backports commit ab6036630865eff8bb12dd51dfa6921b4607fc81 from qemu
2018-02-17 15:23:28 -05:00
Lioncash cef0353be4
qemu-common: Add missing string util functions 2018-02-17 15:23:28 -05:00
Paolo Bonzini 542f162b35
cutils: add strpadcpy()
Backports commit 2a025ae454c361fb03aadf88e8a2f678b80b38e6 from qemu
2018-02-17 15:23:28 -05:00
Peter Maydell 7d5ef87f8c
compiler.h: Use glue() in QEMU_BUILD_BUG_ON define
Rather than rolling custom concatenate-strings macros for the
QEMU_BUILD_BUG_ON macro to use, use the glue() macro we already
have (since it's now available to us in this header).

Backports commit 24134c4e9126bf505b612e901c63a102fc471083 from qemu
2018-02-17 15:23:28 -05:00
Peter Maydell 29a7d89d19
osdep.h: Move some compiler-specific things to compiler.h
osdep.h has a few things which are really compiler specific;
move them to compiler.h, and include compiler.h from osdep.h.

Backports commit 4912086865083a008f4fb73173fd0ddf2206c4d9 from qemu
2018-02-17 15:23:28 -05:00
Peter Maydell c6a4c2fa17
osdep.h: Remove qemu_printf
qemu_printf is an ancient remnant which has been a simple #define to
printf for over a decade, and is used in only a few places. Expand
it out in those places and remove the #define.

Backports commit 71baf787d8fa2a5d186f22d8154069fd212be37f from qemu
2018-02-17 15:23:27 -05:00
Peter Crosthwaite 590c3dbb76
cpu_defs: Simplify CPUTLB padding logic
There was a complicated subtractive arithmetic for determining the
padding on the CPUTLBEntry structure. Simplify this with a union.

Backports commit b4a4b8d0e0767c85946fd8fc404643bf5766351a from qemu
2018-02-17 15:23:27 -05:00
Aurelien Jarno 88f7e01d44
target-mips: simplify LWL/LDL mask generation
The LWL/LDL instructions mask the GPR with a mask depending on the
address alignement. It is currently computed by doing:

mask = 0x7fffffffffffffffull >> (t1 ^ 63)

It's simpler to generate it by doing:

mask = ~(-1 << t1)

It uses one TCG instruction less, and it avoids a 32/64-bit constant
loading which can take a few instructions on RISC hosts.

Backports commit eb02cc3f89013612cb05df23b5441741e902bbd2 from qemu
2018-02-17 15:23:27 -05:00
Yongbok Kim 25a0776958
target-mips: update mips32r5-generic into P5600
As full specification of P5600 is available, mips32r5-generic should
be renamed to P5600 and corrected as its intention.
Correct PRid and detail of configuration.
Features which are not currently supported are described as FIXME.

Fix Config.MM bit location

Backports commit aff2bc6dc6d839caf6df0900437cc2cc9e180605 from qemu
2018-02-17 15:23:27 -05:00
Eduardo Habkost d5c7362e03
pc: Move PCMachineClass, PCMachineState to qemu/typedefs.h
They will be used inside hw/xen/xen.h, which doesn't include
hw/i386/pc.h.

Backports commit 8170dfa077761ed979b45f608cf706253a764f0d from qemu
2018-02-17 15:23:27 -05:00
Eduardo Habkost 952d0f522f
target-i386: Remove x86_cpu_compat_set_features()
The function is not used by PC code anymore and can be removed.

Backports commit e8963e5cecd4bb47ec3a7221ae591f278de6b5d0 from qemu
2018-02-17 15:23:26 -05:00
Peter Maydell 0c3e33ee11
target-arm: Add AArch32 banked register access to secure physical timer
If EL3 is AArch32, then the secure physical timer is accessed via
banking of the registers used for the non-secure physical timer.
Implement this banking.

Note that the access controls for the AArch32 banked registers
remain the same as the physical-timer checks; they are not the
same as the controls on the AArch64 secure timer registers.

Backports commit 9ff9dd3c875956523bb4c19ca712e5d05aab3c65 from qemu
2018-02-17 15:23:26 -05:00
Peter Maydell 6c24603b23
target-arm: Add the AArch64 view of the Secure physical timer
On CPUs with EL3, there are two physical timers, one for Secure and one
for Non-secure. Implement this extra timer and the AArch64 registers
which access it.

Backports commit b4d3978c2fdf944e428a46d2850dbd950b6fbe78 from qemu
2018-02-17 15:23:26 -05:00
Peter Maydell 7a482198b2
target-arm: Add debug check for mismatched cpreg resets
It's easy to accidentally define two cpregs which both try
to reset the same underlying state field (for instance a
clash between an AArch64 EL3 definition and an AArch32
banked register definition). if the two definitions disagree
about the reset value then the result is dependent on which
one happened to be reached last in the hashtable enumeration.

Add a consistency check to detect and assert in these cases:
after reset, we run a second pass where we check that the
reset operation doesn't change the value of the register.

Backports commit 49a661910c1374858602a3002b67115893673c25 from qemu
2018-02-17 15:23:25 -05:00
Lioncash d706680ad6
target-arm: Add the Hypervisor timer
Backports commit b0e66d95e4f587b5818d2760668301ee0871ba5e from qemu
2018-02-17 15:23:25 -05:00
Lioncash ba27ba76a4
target-arm: Pass timeridx as argument to various timer functions
Prepare for adding the Hypervisor timer, no functional change.

Backports commit 0e3eca4c26d6aa4f082db8e63fd81a16df061f3c from qemu
2018-02-17 15:23:25 -05:00
Edgar E. Iglesias 4cbd161ea8
target-arm: Rename and move gt_cnt_reset
Rename gt_cnt_reset to gt_timer_reset as the function really
resets the timers and not the counters. Move the registration
from counter regs to timer regs.

Backports commit d57b9ee84f6b2786f025712609edb259d0de086d from qemu
2018-02-17 15:23:25 -05:00
Edgar E. Iglesias 38639f678c
target-arm: Add CNTHCTL_EL2
Adds control for trapping selected timer and counter accesses to EL2.

Backports commit 0b6440afb807a80c6d64dcc987bcfed87e1ace17 from qemu
2018-02-17 15:23:24 -05:00
Edgar E. Iglesias 1abe79e7cf
target-arm: Add CNTVOFF_EL2
Adds support for the virtual timer offset controlled by EL2.

Backports commit edac4d8a168b9c0c4a765bbc5507e46fa5557b78 from qemu
2018-02-17 15:23:24 -05:00
Paolo Bonzini 208deb0387
memory: allow destroying a non-empty MemoryRegion
This is legal; the MemoryRegion will simply unreference all the
existing subregions and possibly bring them down with it as well.
However, it requires a bit of care to avoid an infinite loop.
Finalizing a memory region cannot trigger an address space update,
but memory_region_del_subregion errs on the side of caution and
might trigger a spurious update: avoid that by resetting mr->enabled
first.

Backports commit 91232d98da2bfe042d4c5744076b488880de3040 from qemu
2018-02-17 15:23:24 -05:00
James Hogan dba4828444
tcg/mips: Fix clobbering of qemu_ld inputs
The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0
register (base) as a temporary to load the upper half of the QEMU TLB
comparator (see line 5 below), however this happens before the input
address is used (line 8 to mask off the low bits for the TLB
comparison, and line 12 to add the host-guest offset). If the input
address (addrl) also happens to have been placed in v0 (as in the second
column below), it gets clobbered before it is used.

addrl in t2 addrl in v0

1 srl a0,t2,0x7 srl a0,v0,0x7
2 andi a0,a0,0x1fe0 andi a0,a0,0x1fe0
3 addu a0,a0,s0 addu a0,a0,s0
4 lw at,9136(a0) lw at,9136(a0) set TCG_TMP0 (at)
5 lw v0,9140(a0) lw v0,9140(a0) set base (v0)
6 li t9,-4093 li t9,-4093
7 lw a0,9160(a0) lw a0,9160(a0) set addend (a0)
8 and t9,t9,t2 and t9,t9,v0 use addrl
9 bne at,t9,0x836d8c8 bne at,t9,0x836d838 use TCG_TMP0
10 nop nop
11 bne v0,t8,0x836d8c8 bne v0,a1,0x836d838 use base
12 addu v0,a0,t2 addu v0,a0,v0 use addrl, addend
13 lw t0,0(v0) lw t0,0(v0)

Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base),
pushing the load on line 5 forward into the delay slot of the low
comparison (line 10). The early load of the addend on line 7 also needs
pushing even further for 64-bit targets, or it will clobber a0 before
we're done with it. The output for 32-bit targets is unaffected.

srl a0,v0,0x7
andi a0,a0,0x1fe0
addu a0,a0,s0
lw at,9136(a0)
-lw v0,9140(a0) load high comparator
li t9,-4093
-lw a0,9160(a0) load addend
and t9,t9,v0
bne at,t9,0x836d838
- nop
+ lw at,9140(a0) load high comparator
+lw a0,9160(a0) load addend
-bne v0,a1,0x836d838
+bne at,a1,0x836d838
addu v0,a0,v0
lw t0,0(v0)

Backports commit 33fca8589cf2aa7bf91564e6a8f26b3ba0910541 from qemu
2018-02-17 15:23:24 -05:00
Markus Armbruster 1b38f5208f
qom: Fix invalid error check in property_get_str()
When a function returns a null pointer on error and only on error, you
can do

if (!foo(foos, errp)) {
... handle error ...
}

instead of the more cumbersome

Error *err = NULL;

if (!foo(foos, &err)) {
error_propagate(errp, err);
... handle error ...
}

A StringProperty's getter, however, may return null on success! We
then fail to call visit_type_str().

Screwed up in 6a146eb, v1.1.

Fails tests/qom-test in my current, heavily hacked QAPI branch. No
reproducer for master known (but I didn't look hard).

Backports commit a479b21c111a87a50203a7413c4e5ec419fc88dd from qemu
2018-02-17 15:23:24 -05:00
Leon Alrae f0bf3c2e3b
target-mips: fix semihosting for microMIPS R6
In semihosting mode the SDBBP 1 instructions should trigger UHI syscall,
but in QEMU this does not happen for recently added microMIPS R6.
Consequently bare metal microMIPS R6 programs supporting UHI will not run.

Backports commit 060ebfef1a09b58fb219b3769b72efb407515bf1 from qemu
2018-02-17 15:23:24 -05:00
Aurelien Jarno 45927edecf
tcg/mips: fix add2
The add2 code in the tcg_out_addsub2 function doesn't take into account
the case where rl == al == bl. In that case we can't compute the carry
after the addition. As it corresponds to a multiplication by 2, the
carry bit is the bit 31.

While this is a corner case, this prevents x86-64 guests to boot on a
MIPS host.

Backports commit c99d69694af4ed15b33e3f7c2e3ef6972c14358d from qemu
2018-02-17 15:23:23 -05:00
Aurelien Jarno 4e68b4167d
tcg/s390x: Mask TCGMemOp appropriately for indexing
Commit 2b7ec66f fixed TCGMemOp masking following the MO_AMASK addition,
but two cases were forgotten in the TCG S390 backend.

Backports commit 3c8691f568f49bf623dcb2850464d4156d95e61b from qemu
2018-02-17 15:23:23 -05:00
Aurelien Jarno 096d1a975d
tcg/mips: Mask TCGMemOp appropriately for indexing
Commit 2b7ec66f fixed TCGMemOp masking following the MO_AMASK addition,
but two cases were forgotten in the TCG MIPS backend.

Backports commit 4214a8cb7c15ec43d4b2a43ebf248b273a0f4d45 from qemu
2018-02-17 15:23:23 -05:00
Aurelien Jarno 8396601082
tcg/mips: fix TLB loading for BE host with 32-bit guests
For 32-bit guest, we load a 32-bit address from the TLB, so there is no
need to compensate for the low or high part. This fixes 32-bit guests on
big-endian hosts.

Backports commit e72c4fb81db52be881c9356f1c60e0a7817d2d32 from qemu
2018-02-17 15:23:23 -05:00
Yongbok Kim 57cf90de18
target-mips: fix offset calculation for Interrupts
Correct computation of vector offsets for EXCP_EXT_INTERRUPT.
For instance, if Cause.IV is 0 the vector offset should be 0x180.

Simplify the finding vector number logic for the Vectored Interrupts.

Backports commit da52a4dfcc4864fd2260ec4eab331f75b1f0240b from qemu
2018-02-17 15:23:23 -05:00
Dmitry Poletaev 58fcf87a7b
target-i386/FPU: a misprint in helper_fistll_ST0
There is a cut-and-paste mistake in the patch
https://lists.gnu.org/archive/html/qemu-devel/2014-11/msg01657.html .
It cause errors in guest work. Here is the bugfix.

Backports commit 178846bdd93994c1acafe4423f99ead8bb24cf38 from qemu
2018-02-17 15:23:22 -05:00
Aurelien Jarno 3cc6b5251e
target-mips: fix page fault address for LWL/LWR/LDL/LDR
When a LWL, LWR, LDL or LDR instruction triggers a page fault, QEMU
currently reports the aligned address in CP0 BadVAddr, while the Windows
NT kernel expects the unaligned address.

This patch adds a byte access with the unaligned address at the
beginning of the LWL/LWR/LDL/LDR instructions to possibly trigger a page
fault and fill the QEMU TLB.

Backports commit 908680c6441ac468f4871d513f42be396ea0d264 from qemu
2018-02-17 15:23:22 -05:00
Leon Alrae b045c2c99a
target-mips: fix logically dead code reported by Coverity
Make use of CMPOP in floating-point compare instructions.

Backports commit 47ada0ad3431b39863918dc80386634693d317b5 from qemu
2018-02-17 15:23:22 -05:00
Leon Alrae 884fe72f54
target-mips: correct DERET instruction
Fix Debug Mode flag clearing, and when DERET is placed between LL and SC
do not make SC fail.

Backports commit fe87c2b36ae9c1c9a5279f3891f3bce1b573baa0 from qemu
2018-02-17 15:23:22 -05:00
Aurelien Jarno 5ee529edd3
target-mips: fix ASID synchronisation for MIPS MT
When syncing the task ASID with EntryHi, correctly or the value instead
of assigning it.

Backports commit 6a973e6b6584221bed89a01e755b88e58b496652 from qemu
2018-02-17 15:23:22 -05:00
Yongbok Kim 6fac3fee4e
target-mips: fix to clear MSACSR.Cause
MSACSR.Cause bits are needed to be cleared before a vector floating-point
instructions.
FEXDO.df, FEXUPL.df and FEXUPR.df were missed out.

Backports commit d4f4f0d5d9e74c19614479592c8bc865d92773d0 from qemu
2018-02-17 15:23:22 -05:00
Yongbok Kim 424b6eee4e
target-mips: fix MIPS64R6-generic configuration
Fix core configuration for MIPS64R6-generic to make it as close as
I6400.
I6400 core has 48-bit of Virtual Address available (SEGBITS).
MIPS SIMD Architecture is available.
Rearrange order of bits to match the specification.

Backports commit 4dc89b782095d7a0b919fafd7b1322b3cb1279f1 from qemu
2018-02-17 15:23:21 -05:00
Radim Krčmář f2d3607831
target-i386: emulate CPUID level of real hardware
W10 insider has a bug where it ignores CPUID level and interprets
CPUID.(EAX=07H, ECX=0H) incorrectly, because CPUID in fact returned
CPUID.(EAX=04H, ECX=0H); this resulted in execution of unsupported
instructions.

While it's a Windows bug, there is no reason to emulate incorrect level.

I used http://instlatx64.atw.hu/ as a source of CPUID and checked that
it matches Penryn Xeon X5472, Westmere Xeon W3520, SandyBridge i5-2540M,
and Haswell i5-4670T.

kvm64 and qemu64 were bumped to 0xD to allow all available features for
them (and to avoid the same Windows bug).

Backports commit 3046bb5debc8153a542acb1df93b2a1a85527a15 from qemu.
2018-02-17 15:23:21 -05:00
Eduardo Habkost 5d96fdb151
target-i386: Haswell-noTSX and Broadwell-noTSX
With the Intel microcode update that removed HLE and RTM, there will be
different kinds of Haswell and Broadwell CPUs out there: some that still
have the HLE and RTM features, and some that don't have the HLE and RTM
features. On both cases people may be willing to use the pc-*-2.3
machine-types.

So, to cover both cases, introduce Haswell-noTSX and Broadwell-noTSX CPU
models, for hosts that have Haswell and Broadwell CPUs without TSX support.

Backports commit a356850b80b3d13b2ef737dad2acb05e6da03753 from qemu
2018-02-17 15:23:21 -05:00
Jan Kiszka 16f8de7b4a
i386: Introduce ARAT CPU feature
ARAT signals that the APIC timer does not stop in power saving states.
As our APICs are emulated, it's fine to expose this feature to guests,
at least when asking for KVM host features or with CPU types that
include the flag. The exact model number that introduced the feature is
not known, but reports can be found that it's at least available since
Sandy Bridge.

Backports commit 28b8e4d0bf93ba176b4b7be819d537383c5a9060 from qemu
2018-02-17 15:23:21 -05:00
Paolo Bonzini d4b9f523d6
target-i386: add Ivy Bridge CPU model
Backports commit 2f9ac42acf4602453d5839221df6cc7cabc3355e from qemu
2018-02-17 15:23:21 -05:00
Paolo Bonzini a866ad9e15
target-i386: add f16c and rdrand to Haswell and Broadwell
Both were added in Ivy Bridge (for which we do not have a CPU model
yet!).

Backports commit 78a611f1936b3eac8ed78a2be2146a742a85212c from qemu
2018-02-17 15:23:21 -05:00
Paolo Bonzini 0a7a60b895
target-i386: add VME to all CPUs
vm86 mode extensions date back to the 486. All models should have
them.

Backports commit b3a4f0b1a072a467d003755ca0e55c5be38387cb from qemu
2018-02-17 15:23:20 -05:00
Pavel Dovgalyuk ee0d7ba219
i386: do not cross the pages boundaries in replay mode
This patch denies crossing the boundary of the pages in the replay mode,
because it can cause an exception. Do it only when boundary is
crossed by the first instruction in the block.
If current instruction already crossed the bound - it's ok,
because an exception hasn't stopped this code.

Backports commit 5b9efc39aee90bbd343793e942bf8f582a0c9e4f from qemu
2018-02-17 15:23:20 -05:00
Pavel Dovgalyuk e73fbde2ce
target-i386: fix icount processing for repz instructions
TCG generates optimized code for i386 repz instructions in single step mode.
It means that when ecx becomes 0, execution of the string instruction breaks
immediately without an additional iteration for ecx==0 (which will only check
ecx and set the flags). Omitting this iteration leads to different
instructions counting in singlestep mode and in normal execution.
This patch disables optimization of this last iteration for icount mode
which should be deterministic.

Backport commit c4d4525c38cd93cc5d1a743976eb25ac571d435f from qemu
2018-02-17 15:23:20 -05:00
Dmitry Poletaev fac60d226a
target-i386: fbld instruction doesn't set minus sign
Backports commit 18b41f95d20ac6dbf918c73e704d4ca1fbc1a62f from qemu
2018-02-17 15:23:20 -05:00
Dmitry Poletaev fff0c621da
target-i386: Wrong conversion infinity from float80 to int32/int64
Backports commit ea32aaf1a72af102b855317b47a22e75ac2965a9 from qemu
2018-02-17 15:23:20 -05:00
Aurelien Jarno a771209389
target-i386: simplify AES emulation
This patch simplifies the AES code, by directly accessing the newly added
S-Box, InvS-Box and InvMixColumns tables instead of recreating them by
using the AES_Te and AES_Td tables.

Backports commit 9551ea6991cfb7c777f7943ad69b30d0a4fadac3 from qemu
2018-02-17 15:23:19 -05:00
Paolo Bonzini 5e9ea14b7e
target-i386: add feature flags for CPUID[EAX=0xd,ECX=1]
These represent xsave-related capabilities of the processor, and KVM may
or may not support them.

Add feature bits so that they are considered by "-cpu ...,enforce", and use
the new feature work instead of calling kvm_arch_get_supported_cpuid.

Bit 3 (XSAVES) is not migratables because it requires saving MSR_IA32_XSS.
Neither KVM nor any commonly available hardware supports it anyway.

Backports commit 0bb0b2d2fe7f645ddaf1f0ff40ac669c9feb4aa1 from qemu

also backports 18cd2c17b5370369a886155c001da0a7f54bbcca
2018-02-17 15:23:19 -05:00
Eduardo Habkost a439a8c701
qom: strdup() target property name on object_property_add_alias()
With this, object_property_add_alias() callers can safely free the
target property name, like what already happens with the 'name' argument
to all object_property_add*() functions.

Backports commit 1590d266d96b3f9b42443d6388dfc38f527ac2d8 from qemu
2018-02-17 15:23:19 -05:00
Peter Maydell 484a9cc21b
target-arm: Fix broken SCTLR_EL3 reset
The SCTLR_EL3 cpreg definition was implicitly resetting the
register state to 0, which is both wrong and clashes with
the reset done via the SCTLR definition (since sctlr[3]
is unioned with sctlr_s). This went unnoticed until recently,
when an unrelated change (commit a903c449b41f105aa) happened to
perturb the order of enumeration through the cpregs hashtable for
reset such that the erroneous reset happened after the correct one
rather than before it. Fix this by marking SCTLR_EL3 as an alias,
so its reset is left up to the AArch32 view.

Backports commit e46e1a74ef482f1ef773e750df9654ef4442ca29 from qemu
2018-02-17 15:23:19 -05:00
Peter Crosthwaite 6279dfc113
cpu: Add wrapper for the set_pc() hook
Add a wrapper around the CPUClass::set_pc() hook.

Backports commit 2991b8904730d663f12ad42e35798ecc22fe151c from qemu
2018-02-17 15:23:19 -05:00
Peter Crosthwaite e51f8c9f6f
cpu-exec: Purge all uses of ENV_GET_CPU()
Remove un-needed usages of ENV_GET_CPU() by converting the APIs to use
CPUState pointers and retrieving the env_ptr as minimally needed.

Scripted conversion for target-* change:

for I in target-*/cpu.h; do
sed -i \
's/\(^int cpu_[^_]*_exec(\)[^ ][^ ]* \*s);$/\1CPUState *cpu);/' \
$I;
done

Backports commit ea3e9847408131abc840240bd61e892d28459452 from qemu
2018-02-17 15:23:18 -05:00
Peter Crosthwaite 9e23308b66
cpu: Change cpu_exec_init() arg to cpu, not env
The callers (most of them in target-foo/cpu.c) to this function all
have the cpu pointer handy. Just pass it to avoid an ENV_GET_CPU() from
core code (in exec.c).

Backports commit 4bad9e392e788a218967167a38ce2ae7a32a6231 from qemu
2018-02-17 15:23:18 -05:00