Commit graph

2496 commits

Author SHA1 Message Date
Pavel Dovgalyuk 342fa7135d
mips: set CP0 Debug DExcCode for SDBBP instruction
This patch fixes setting DExcCode field of CP0 Debug register
when SDBBP instruction is executed. According to EJTAG specification,
this field must be set to the value 9 (Bp).

Backports commit c6c2c0fc32362ba234ae3bdad1a55c2d6aefaa12 from qemu
2018-03-03 22:45:08 -05:00
Alex Bennée 0bd8dc4e0a
target/arm: use DISAS_EXIT for eret handling
Previously DISAS_JUMP did ensure this but with the optimisation of
8a6b28c7 (optimize indirect branches) we might not leave the loop.
This means if any pending interrupts are cleared by changing IRQ flags
we might never get around to servicing them. You usually notice this
by seeing the lookup_tb_ptr() helper gainfully chaining TBs together
while cpu->interrupt_request remains high and the exit_request has not
been set.

This breaks amongst other things the OPTEE test suite which executes
an eret from the secure world after a non-secure world IRQ has gone
pending which then never gets serviced.

Instead of using the previously implied semantics of DISAS_JUMP we use
DISAS_EXIT which will always exit the run-loop.

Backports commit b29fd33db578decacd14f34933b29aece3e7c25e from qemu
2018-03-03 22:43:16 -05:00
Alex Bennée 65356210a8
target/arm: use gen_goto_tb for ISB handling
While an ISB will ensure any raised IRQs happen on the next
instruction it doesn't cause any to get raised by itself. We can
therefore use a simple tb exit for ISB instructions and rely on the
exit_request check at the top of each TB to deal with exiting if
needed.

Backports commit 0b609cc128ba5ef16cc841bcade898d1898f1dc3 from qemu
2018-03-03 22:42:33 -05:00
Alex Bennée 0f8d216d67
target/arm/translate: ensure gen_goto_tb sets exit flags
As the gen_goto_tb function can do both static and dynamic jumps it
should also set the is_jmp field. This matches the behaviour of the
a64 code.

Backports commit 4cae8f56fbab2798586576a56cc669f0127d04fb from qemu
2018-03-03 22:38:12 -05:00
Alex Bennée bffa25cc07
target/arm/translate.h: expand comment on DISAS_EXIT
We already have an exit condition, DISAS_UPDATE which will exit the
run-loop. Expand on the difference with DISAS_EXIT in the comments

Backports commit abd1fb0ee2c58b99f4b2d15718f1825fe4984e12 from qemu
2018-03-03 22:38:11 -05:00
Alex Bennée 63d40e1a55
target/arm/translate: make DISAS_UPDATE match declared semantics
DISAS_UPDATE should be used when the wider CPU state other than just
the PC has been updated and we should therefore exit the TCG runtime
and return to the main execution loop rather assuming DISAS_JUMP would
do that.

Backports commit e8d5230221851e8933811f1579fd13371f576955 from qemu
2018-03-03 22:38:07 -05:00
Alex Bennée 7d02489baf
include/exec/exec-all: document common exit conditions
As a precursor to later patches attempt to come up with a more
concrete wording for what each of the common exit cases would be.

Backports commit df0311e634828fdc99ca59352aef68503d631aad from qemu
2018-03-03 22:31:28 -05:00
Peter Maydell e31653de84
target/arm: Make Cortex-M3 and M4 default to 8 PMSA regions
The Cortex-M3 and M4 CPUs always have 8 PMSA MPU regions (this isn't
a configurable option for the hardware). Make the default value of
the pmsav7-dregion property be set per-cpu, so we don't need to have
every user of these CPUs set it manually. (The existing default of
16 is correct for the other PMSAv7 core, the Cortex-R5.)

This fixes a bug where we were creating the M3 and M4 with
too many regions; most guest software would not notice or
care, though, since it would just not use the registers
associated with the unexpected extra regions.

Backports commit 8d92e26b452f8961ec90df3f93cf5f3b7a9d158f from qemu
2018-03-03 22:30:32 -05:00
Peter Maydell 3bd5694a0a
memory: Rename memory_region_init_rom() and _rom_device() to _nomigrate()
Rename memory_region_init_rom() to memory_region_init_rom_nomigrate()
and memory_region_init_rom_device() to
memory_region_init_rom_device_nomigrate().

Backports commit b59821a95bd1d7cb4697fd7748725c910582e0e7 from qemu
2018-03-03 22:29:01 -05:00
Peter Maydell 7b0027a828
memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate()
Rename memory_region_init_ram() to memory_region_init_ram_nomigrate().
This leaves the way clear for us to provide a memory_region_init_ram()
which does handle migration.

Backports commit 1cfe48c1ce219b60a9096312f7a61806fae64ab3 from qemu
2018-03-03 22:25:39 -05:00
Peter Maydell 152c56f6a9
memory: Document that the RAM MR initializers do not handle migration
The various functions for initializing RAM MemoryRegions do not do
anything to cause the data in the MemoryRegion to be migrated.
Note in their documentation comments that this is the responsibility
of the caller.

(We will shortly add a new function that *does* do this for you.)

Backports commit a5c0234bb2754f5248e67929a34c843dbe039da5 from qemu
2018-03-03 22:20:32 -05:00
Peter Maydell 3c2d3d8363
include/hw/boards.h: Document memory_region_allocate_system_memory()
Add a documentation comment for memory_region_allocate_system_memory().

In particular, the reason for this function's existence and the
requirement on board code to call it exactly once are non-obvious.

Backports commit 09ad643823dcda0a86eddce1291c28d0ccb09a3b from qemu
2018-03-03 22:18:49 -05:00
Igor Mammedov fe4152c6a5
qom: enforce readonly nature of link's check callback
link's check callback is supposed to verify/permit setting it,
however currently nothing restricts it from misusing it
and modifying target object from within.
Make sure that readonly semantics are checked by compiler
to prevent callback's misuse.

Backports commit 8f5d58ef2c92d7b82d9a6eeefd7c8854a183ba4a from qemu
2018-03-03 22:17:20 -05:00
Pranith Kumar d0a70720a3
Revert "exec.c: Fix breakpoint invalidation race"
Now that we have proper locking after MTTCG patches have landed, we
can revert the commit. This reverts commit

a9353fe897ca2687e5b3385ed39e3db3927a90e0.

Backports commit 406bc339b0505fcfc2ffcbca1f05a3756e338a65 from qemu
2018-03-03 22:14:35 -05:00
Paolo Bonzini 7b337b9c07
build: add -Wexpansion-to-defined
This warning is included in -Wall by clang, but not by GCC (which only
enables it for -Wextra). Include it in the list of warnings we enable
to minimize the differences between the compilers:

Backports commit b98fcfd8840f290c406c32301340e96f00238a93 from qemu
2018-03-03 22:12:31 -05:00
Marc-André Lureau 9926281c05
scripts: use build_ prefix for string not piped through cgen()
The gen_ prefix is awkward. Generated C should go through cgen()
exactly once (see commit 1f9a7a1). The common way to get this wrong is
passing a foo=gen_foo() keyword argument to mcgen(). I'd like us to
adopt a naming convention where gen_ means "something that's been piped
through cgen(), and thus must not be passed to cgen() or mcgen()".
Requires renaming gen_params(), gen_marshal_proto() and
gen_event_send_proto().

Backports commit 086ee7a6200fa5ad795b12110b5b3d5a93dcac3e from qemu
2018-03-03 22:11:28 -05:00
Miodrag Dinic 8daabd339e
target/mips: fix msa copy_[s|u]_df rd = 0 corner case
This patch fixes the msa copy_[s|u]_df instruction emulation when
the destination register rd is zero. Without this patch the zero
register would get clobbered, which should never happen because it
is supposed to be hardwired to 0.

Fix this corner case by explicitly checking rd = 0 and effectively
making these instructions emulation no-op in that case.

Backports commit cab4888136a92250fdd401402622824994f7ce0b from qemu
2018-03-03 22:08:12 -05:00
Jiang Biao 60703a4f57
tcg/mips: Bugfix for crash when running program with qemu-i386.
When running a helloworld program with qemu-i386 in linux-user
mode on Loongson 3A3000, it will crash. This patch fix the bug.

Backports commit 8b8d768f19037a825a0bc81654492caa7c8fab8b from qemu
2018-03-03 22:06:26 -05:00
Pranith Kumar 2141c777f1
util/cacheinfo: Fix warning generated by clang
Clang generates the following warning on aarch64 host:

CC util/cacheinfo.o
/home/pranith/qemu/util/cacheinfo.c:121:48: warning: value size does not match register size specified by the constraint and modifier [-Wasm-operand-widths]
asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
^
/home/pranith/qemu/util/cacheinfo.c:121:28: note: use constraint modifier "w"
asm volatile("mrs\t%0, ctr_el0" : "=r"(ctr));
^~
%w0

Constraint modifier 'w' is not (yet?) accepted by gcc. Fix this by increasing the ctr size.

Backports commit 2ae96c157ab3155baf6595c08cf5d3fe3c023a60 from qemu
2018-03-03 22:04:12 -05:00
Pranith Kumar 57f8eec080
tcg/aarch64: Enable indirect jump path using LDR (literal)
This patch enables the indirect jump path using an LDR (literal)
instruction. It will be interesting to test and see which performs
better among the two paths.

Backports commit 2acee8b2b5e6bba2935bb6ce5be92d0f0f9799cb from qemu
2018-03-03 22:03:39 -05:00
Pranith Kumar 5e9e39cafd
tcg/aarch64: Use ADRP+ADD to compute target address
We use ADRP+ADD to compute the target address for goto_tb. This patch
introduces the NOP instruction which is used to align the above
instruction pair so that we can use one atomic instruction to patch
the destination offsets.

Backports commit b68686bd4bfeb70040b4099df993dfa0b4f37b03 from qemu
2018-03-03 22:01:38 -05:00
Pranith Kumar 0998ba8259
tcg/aarch64: Introduce and use long branch to register
We can use a branch to register instruction for exit_tb for offsets
greater than 128MB.

Backports commit 23b7aa1d2af04ba57cc94f74d9f0ab25dce72fa0 from qemu
2018-03-03 21:59:58 -05:00
Yang Zhong 1e0745b31a
target/i386: add the CONFIG_TCG into Makefiles
Add the CONFIG_TCG for frontend and backend's files in the related
Makefiles.

Backports commit 44eff673411381062b826d048ba9d6630d2b2bdb from qemu
2018-03-03 21:57:22 -05:00
Yang Zhong a16bcbdac0
target/i386: add the tcg_enabled() in target/i386/
Add the tcg_enabled() where the x86 target needs to disable
TCG-specific code.

Backports commit 79c664f62d75cfba89a5bbe998622c8d5fdf833b from qemu
2018-03-03 21:56:31 -05:00
Yang Zhong 0c739344d3
target/i386: split cpu_set_mxcsr() and make cpu_set_fpuc() inline
Split the cpu_set_mxcsr() and make cpu_set_fpuc() inline with specific
tcg code.

Backports commit 1d8ad165b688759bbf00e40431ee9fde8817d190 from qemu
2018-03-03 21:52:29 -05:00
Yang Zhong 24225cb6fa
target/i386: make cpu_get_fp80()/cpu_set_fp80() static
Move cpu_get_fp80()/cpu_set_fp80() from fpu_helper.c to
machine.c because fpu_helper.c will be disabled if tcg is
disabled in the build.

Backports commit db573d2cf7ae6b5a4fc324be6f55e078fc218464 from qemu.
In unicorn's case, they can be moved into unicorn.c
2018-03-03 21:44:09 -05:00
Yang Zhong 35e0595d1c
target/i386: move cpu_sync_bndcs_hflags() function
Move cpu_sync_bndcs_hflags() function from mpx_helper.c
to helper.c because mpx_helper.c need be disabled when
tcg is disabled.

Backports commit ab0a19d4f08d924e052eb369420d264240872f8a from qemu
2018-03-03 21:41:26 -05:00
Yang Zhong 7e32537efa
tcg: add the CONFIG_TCG into Makefiles
Add the CONFIG_TCG for frontend and backend's files in the related
Makefiles.

Backports commit e4b4b6428ca45cb1374dab98ab1d23a213a5db9a from qemu
2018-03-03 21:39:30 -05:00
Yang Zhong 1135db176f
tcg: add CONFIG_TCG guards in headers
Add CONFIG_TCG around TLB-related functions and structure declarations.
Some of these functions are defined in ./accel/tcg/cputlb.c, which will
not be linked in if TCG is disabled, and have no stubs; therefore, their
callers will also be compiled out for --disable-tcg.

Backports commit b11ec7f2e44b285a3967d629b55d1a6970b06787 from qemu
2018-03-03 21:37:52 -05:00
Lioncash 0f4ebf07d8
qom/cpu: Silence an unused variable warning 2018-03-03 21:37:04 -05:00
Paolo Bonzini 4964bdcc29
configure: add --disable-tcg configure option
This lets you build without TCG (hardware accelerationor qtest only). When
this flag is passed to configure, it will automatically filter out the target
list to only those that support KVM or Xen or HAX.

Backports commit b3f6ea7e55e8228d6f84d5cee7cb11cae917ba95 from qemu
2018-03-03 21:35:30 -05:00
Yang Zhong d70c141675
tcg: move page_size_init() function
translate-all.c will be disabled if tcg is disabled in the build,
so page_size_init() function and related variables will be moved
to exec.c file.

Backports commit a0be0c585f5dcc4d50a37f6a20d3d625c5ef3a2c from qemu
2018-03-03 21:30:08 -05:00
Thomas Huth cf5d583ef0
cpu: Introduce a wrapper for tlb_flush() that can be used in common code
Commit 1f5c00cfdb8114c ("qom/cpu: move tlb_flush to cpu_common_reset")
moved the call to tlb_flush() from the target-specific reset handlers
into the common code qom/cpu.c file, and protected the call with
"#ifdef CONFIG_SOFTMMU" to avoid that it is called for linux-user
only targets. But since qom/cpu.c is common code, CONFIG_SOFTMMU is
*never* defined here, so the tlb_flush() was simply never executed
anymore. Fix it by introducing a wrapper for tlb_flush() in a file
that is re-compiled for each target, i.e. in translate-all.c.

Backports commit 2cd53943115be5118b5b2d4b80ee0a39c94c4f73 from qemu
2018-03-03 21:24:55 -05:00
Paolo Bonzini f944cf4255
target/i386: simplify handling of conforming code segments on interrupt
Move the handling of conforming code segments before the handling
of stack switch.

Because dpl == cpl after the new "if", it's now unnecessary to check
the C bit when testing dpl < cpl. Furthermore, dpl > cpl is checked
slightly above the modified code, so the final "else" is unreachable
and we can remove it.

Backports commit 1110bfe6f5600017258fa6578f9c17ec25b32277 from qemu
2018-03-03 21:19:48 -05:00
Wu Xiang a8de2d4748
target/i386: fix interrupt CPL error when using ist in x86-64
In do_interrupt64(), when interrupt stack table(ist) is enabled
and the the target code segment is conforming(e2 & DESC_C_MASK), the
old implementation always set new CPL to 0, and SS.RPL to 0.

This is incorrect for when CPL3 code access a CPL0 conforming code
segment, the CPL should remain unchanged. Otherwise higher privileged
code can be compromised.

The patch fix this for always set dpl = cpl when the target code segment
is conforming, and modify the last parameter `flags`, which contains
correct new CPL, in cpu_x86_load_seg_cache().

Backports commit e95e9b88ba5f4a6c17f4d0c3a3a6bf3f648bb328 from qemu
2018-03-03 21:18:22 -05:00
Lioncash 0ef338aa71
Fix building for multi-arch targets 2018-03-03 21:14:08 -05:00
Emilio G. Cota f66e74d65b
tcg: consistently access cpu->tb_jmp_cache atomically
Some code paths can lead to atomic accesses racing with memset()
on cpu->tb_jmp_cache, which can result in torn reads/writes
and is undefined behaviour in C11.

These torn accesses are unlikely to show up as bugs, but from code
inspection they seem possible. For example, tb_phys_invalidate does:
/* remove the TB from the hash list */
h = tb_jmp_cache_hash_func(tb->pc);
CPU_FOREACH(cpu) {
if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) {
atomic_set(&cpu->tb_jmp_cache[h], NULL);
}
}
Here atomic_set might race with a concurrent memset (such as the
ones scheduled via "unsafe" async work, e.g. tlb_flush_page) and
therefore we might end up with a torn pointer (or who knows what,
because we are under undefined behaviour).

This patch converts parallel accesses to cpu->tb_jmp_cache to use
atomic primitives, thereby bringing these accesses back to defined
behaviour. The price to pay is to potentially execute more instructions
when clearing cpu->tb_jmp_cache, but given how infrequently they happen
and the small size of the cache, the performance impact I have measured
is within noise range when booting debian-arm.

Note that under "safe async" work (e.g. do_tb_flush) we could use memset
because no other vcpus are running. However I'm keeping these accesses
atomic as well to keep things simple and to avoid confusing analysis
tools such as ThreadSanitizer.

Backports commit f3ced3c59287dabc253f83f0c70aa4934470c15e from qemu
2018-03-03 21:12:36 -05:00
Emilio G. Cota 1a4e5da043
gen-icount: use tcg_ctx.tcg_env instead of cpu_env
We are relying on cpu_env being defined as a global, yet most
targets (i.e. all but arm/a64) have it defined as a local variable.
Luckily all of them use the same "cpu_env" name, but really
compilation shouldn't break if the name of that local variable
changed.

Fix it by using tcg_ctx.tcg_env, which all targets set in their
translate_init function. This change also helps paving the way
for the upcoming "translation loop common to all targets" work.

Backports commit 53f6672bcf57d82b794a2cc3a3469be7d35c8653 from qemu
2018-03-03 21:08:58 -05:00
Laurent Vivier 8a7f7242cc
target/m68k: add fmovem
Backports commit a1e58ddcb3eed7ec4a158512b9dae46f90492c1b from qemu
2018-03-03 21:05:56 -05:00
Laurent Vivier 50b639098c
target/m68k: add explicit single and double precision operations (part 2)
Add fsabs, fdabs, fsneg, fdneg, fsmove and fdmove.

The value is converted using the new floatx80_round() function.

Backports commit 77bdb2292492fafc4bc0fbb4d8c44fdd0ef1fa8e from qemu
2018-03-03 21:02:52 -05:00
Laurent Vivier 1d5e30f30c
target/m68k: add fsglmul and fsgldiv
fsglmul and fsgldiv truncate data to single precision before computing
results.

Backports commit 2f77995cebc8027851b8ea8f02c097fb8cdf668a from qemu
2018-03-03 20:59:20 -05:00
Laurent Vivier 4e8e8572c3
softfloat: define floatx80_round()
Add a function to round a floatx80 to the defined precision
(floatx80_rounding_precision)

Backports commit 0f72129281765ed64d26353284059f2bdcde7a23 from qemu
2018-03-03 20:57:27 -05:00
Laurent Vivier 20b610390d
target/m68k: add explicit single and double precision operations
Add fssqrt, fdsqrt, fsadd, fdadd, fssub, fdsub, fsmul, fdmul,
fsdiv, fddiv.

The precision is managed using set_floatx80_rounding_precision().

Backports commit a51b6bc38bb9b73a40e9486b52be12c810c6f2d9 from qemu
2018-03-03 20:55:41 -05:00
Laurent Vivier 0b62df7f30
target/m68k: add fmovecr
fmovecr moves a floating point constant from the
FPU ROM to a floating point register.

Backports commit 9d403660d91229922c2786e81c23cc9dd8e644f1 from qemu
2018-03-03 20:51:21 -05:00
Laurent Vivier ed3e8ab460
target/m68k: add fscc.
use DisasCompare with FPU conditions in fscc and fbcc.

Backports commit dd337bf86214e2436833d9442c995df95b136190 from qemu
2018-03-03 20:43:08 -05:00
Greg Kurz a125b35f1f
qapi: add explicit null to string input and output visitors
This may be used for deprecated object properties that are kept for
backwards compatibility.

Backports commit a733371214b68881d84725a3c71f60e2faf3b8e2 from qemu
2018-03-03 20:32:50 -05:00
KONRAD Frederic 18020c2c79
cputlb: cleanup get_page_addr_code to use VICTIM_TLB_HIT
This replaces env1 and page_index variables by env and index
so we can use VICTIM_TLB_HIT macro later.

Backports commit 3416343255cbe01fbe12e5e36cd4bb5042425b27 from qemu
2018-03-03 19:54:13 -05:00
Laurent Vivier f7ef6b49a8
target-m68k: add FPCR and FPSR
Backports commit ba62494483ab51ee31c70952b6ce5171a31860b1 from qemu
2018-03-03 19:51:31 -05:00
Laurent Vivier 1c6b1e2b9f
target-m68k: use floatx80 internally
Coldfire uses float64, but 680x0 use floatx80.
This patch introduces the use of floatx80 internally
and enables 680x0 80bits FPU.

Backports commit f83311e4764f1f25a8abdec2b32c64483be1759b from qemu
2018-03-03 19:35:17 -05:00
Laurent Vivier 92555a1134
target-m68k: initialize FPU registers
on reset, set FP registers to NaN and control registers to 0

Backports commit f4a6ce5155aab2a7ed7b9032a72187b37b3bfffe from qemu
2018-03-03 18:51:37 -05:00