Commit graph

835 commits

Author SHA1 Message Date
Peter Maydell bec50934ad
target/arm: Remove stale TODO comment
Remove a stale TODO comment -- we have now made the arm_ldl_ptw()
and arm_ldq_ptw() functions propagate physical memory read errors
out to their callers.

Backports commit 145772707fe80395b87c244ccf5699a756f1946b from qemu
2018-04-26 09:00:08 -04:00
Pavel Dovgalyuk fe353764e9
m68k: fix exception stack frame for 68000
68000 CPUs do not save format in the exception stack frame.
This patch adds feature checking to prevent format saving for 68000.
m68k_ret() already includes this modification, this patch fixes
the exception processing function too.

Backports commit 000761dc0c97d70e7314db3e8f52783880325a22 from qemu
2018-04-16 13:49:56 -04:00
Pavel Dovgalyuk b4bf3c776b
icount: fix cpu_restore_state_from_tb for non-tb-exit cases
In icount mode, instructions that access io memory spaces in the middle
of the translation block invoke TB recompilation. After recompilation,
such instructions become last in the TB and are allowed to access io
memory spaces.

When the code includes instruction like i386 'xchg eax, 0xffffd080'
which accesses APIC, QEMU goes into an infinite loop of the recompilation.

This instruction includes two memory accesses - one read and one write.
After the first access, APIC calls cpu_report_tpr_access, which restores
the CPU state to get the current eip. But cpu_restore_state_from_tb
resets the cpu->can_do_io flag which makes the second memory access invalid.
Therefore the second memory access causes a recompilation of the block.
Then these operations repeat again and again.

This patch moves resetting cpu->can_do_io flag from
cpu_restore_state_from_tb to cpu_loop_exit* functions.

It also adds a parameter for cpu_restore_state which controls restoring
icount. There is no need to restore icount when we only query CPU state
without breaking the TB. Restoring it in such cases leads to the
incorrect flow of the virtual time.

In most cases new parameter is true (icount should be recalculated).
But there are two cases in i386 and openrisc when the CPU state is only
queried without the need to break the TB. This patch fixes both of
these cases.

Backports commit afd46fcad2dceffda35c0586f5723c127b6e09d8 from qemu
2018-04-11 20:05:40 -04:00
Richard Henderson 49476ebf5e
tcg: Introduce tcg_set_insn_start_param
The parameters for tcg_gen_insn_start are target_ulong, which may be split
into two TCGArg parameters for storage in the opcode on 32-bit hosts.

Fixes the ARM target and its direct use of tcg_set_insn_param, which would
set the wrong argument in the 64-on-32 case.

Backports commit 9743cd5736263e90d312b2c33bd739ffe1eae70d from qemu
2018-04-11 19:34:18 -04:00
Peter Maydell 8f26d8e556
target/arm: Report unsupported MPU region sizes more clearly
Currently our PMSAv7 and ARMv7M MPU implementation cannot handle
MPU region sizes smaller than our TARGET_PAGE_SIZE. However we
report that in a slightly confusing way:

DRSR[3]: No support for MPU (sub)region alignment of 9 bits. Minimum is 10

The problem is not the alignment of the region, but its size;
tweak the error message to say so:
DRSR[3]: No support for MPU (sub)region size of 512 bytes. Minimum is 1024.

Backports commit 8aec759b45fa6986c0b159cb27353d6abb0d5d73 from qemu
2018-04-11 19:32:16 -04:00
Onur Sahin 18e6b1549f
target-arm: Check undefined opcodes for SWP in A32 decoder
Make sure we are not treating architecturally Undefined instructions
as a SWP, by verifying the opcodes as per section A8.8.229 of ARMv7-A
specification. Bits [21:20] must be zero for this to be a SWP or SWPB.
We also choose to UNDEF for the architecturally UNPREDICTABLE case of
bits [11:8] not being zero.

Backports commit c4869ca630a57f4269bb932ec7f719cef5bc79b8 from qemu
2018-04-11 19:30:50 -04:00
Eugene Minibaev 87180dd231
Add missing bit for SSE instr in VEX decoding
The 2-byte VEX prefix imples a leading 0Fh opcode byte.

Backports commit e0014d4b3a955cfd8d517674703bfa87f340290a from qemu
2018-04-10 08:49:15 -04:00
Alexandro Sanchez Bach 4a1de154ef
target/i386: Fix andn instruction
In commit 7073fbada733c8d10992f00772c9b9299d740e9b, the `andn` instruction
was implemented via `tcg_gen_andc` but passes the operands in the wrong
order:
- X86 defines `andn dest,src1,src2` as: dest = ~src1 & src2
- TCG defines `andc dest,src1,src2` as: dest = src1 & ~src2

The following simple test shows the issue:

int main(void) {
uint32_t ret = 0;
__asm (
"mov $0xFF00, %%ecx\n"
"mov $0x0F0F, %%eax\n"
"andn %%ecx, %%eax, %%ecx\n"
"mov %%ecx, %0\n"
: "=r" (ret));
printf("%08X\n", ret);
return 0;
}

This patch fixes the problem by simply swapping the order of the two last
arguments in `tcg_gen_andc_tl`.

Backports commit 5cd10051c2e02b7a86eae49919d6c65a87dbea46 from qemu
2018-04-10 08:48:05 -04:00
Peter Maydell 92b5817d92
target/arm: Always set FAR to a known unknown value for debug exceptions
For debug exceptions due to breakpoints or the BKPT instruction which
are taken to AArch32, the Fault Address Register is architecturally
UNKNOWN. We were using that as license to simply not set
env->exception.vaddress, but this isn't correct, because it will
expose to the guest whatever old value was in that field when
arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old
value might be a FAR for a previous guest EL2 or secure exception, in
which case we shouldn't show it to an EL1 or non-secure exception
handler. It might also be a non-deterministic value, which is bad
for record-and-replay.

Clear env->exception.vaddress before taking breakpoint debug
exceptions, to avoid this minor information leak.

Backports commit 548f514cf89dd9ab39c0cb4c063097bccf141fdd from qemu
2018-03-25 16:38:14 -04:00
Peter Maydell d6eafe5982
target/arm: Set FSR for BKPT, BRK when raising exception
Now that we have a helper function specifically for the BRK and
BKPT instructions, we can set the exception.fsr there rather
than in arm_cpu_do_interrupt_aarch32(). This allows us to
use our new arm_debug_exception_fsr() helper.

In particular this fixes a bug where we were hardcoding the
short-form IFSR value, which is wrong if the target exception
level has LPAE enabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1756927

Backports commit 62b94f31d0df75187bb00684fc29e8639eacc0c5 from qemu
2018-03-25 16:36:51 -04:00
Peter Maydell 16c0c2d253
target/arm: Factor out code to calculate FSR for debug exceptions
When a debug exception is taken to AArch32, it appears as a Prefetch
Abort, and the Instruction Fault Status Register (IFSR) must be set.
The IFSR has two possible formats, depending on whether LPAE is in
use. Factor out the code in arm_debug_excp_handler() which picks
an FSR value into its own utility function, update it to use
arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants,
and use the correct condition to select long or short format.

In particular this fixes a bug where we could select the short
format because we're at EL0 and the EL1 translation regime is
not using LPAE, but then route the debug exception to EL2 because
of MDCR_EL2.TDE and hand EL2 the wrong format FSR.

Backports commit 81621d9ab8a0f07956e67850b15eebf6d6992eec from qemu
2018-03-25 16:35:27 -04:00
Peter Maydell 7a3ee5fd95
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0. We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction. We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.

Backports commit c900a2e62dd6dde11c8f5249b638caad05bb15be from qemu
2018-03-25 16:33:04 -04:00
Victor Kamensky ecd2ecb590
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.

To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.

This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.

Backports commit a75a52d62418dafe462be4fe30485501d1010bb9 from qemu
2018-03-25 16:27:27 -04:00
Bharata B Rao e373c001fa
cpu: Add Error argument to cpu_exec_init()
Add an Error argument to cpu_exec_init() to let users collect the
error. This is in preparation to change the CPU enumeration logic
in cpu_exec_init(). With the new enumeration logic, cpu_exec_init()
can fail if cpu_index values corresponding to max_cpus have already
been handed out.

Since all current callers of cpu_exec_init() are from instance_init,
use error_abort Error argument to abort in case of an error.

Backports commit 5a790cc4b942e651fec7edc597c19b637fad5a76 from qemu
2018-03-21 07:50:33 -04:00
Laurent Vivier c133a7b306
target/m68k: add a mechanism to automatically free TCGv
SRC_EA() and gen_extend() can return either a temporary
TCGv or a memory allocated one. Mark them when they are
allocated, and free them automatically at end of the
instruction translation.

We want to free locally allocated TCGv to avoid
overflow in sequence like:

0xc00ae406: movel %fp@(-132),%fp@(-268)
0xc00ae40c: movel %fp@(-128),%fp@(-264)
0xc00ae412: movel %fp@(-20),%fp@(-212)
0xc00ae418: movel %fp@(-16),%fp@(-208)
0xc00ae41e: movel %fp@(-60),%fp@(-220)
0xc00ae424: movel %fp@(-56),%fp@(-216)
0xc00ae42a: movel %fp@(-124),%fp@(-252)
0xc00ae430: movel %fp@(-120),%fp@(-248)
0xc00ae436: movel %fp@(-12),%fp@(-260)
0xc00ae43c: movel %fp@(-8),%fp@(-256)
0xc00ae442: movel %fp@(-52),%fp@(-276)
0xc00ae448: movel %fp@(-48),%fp@(-272)
...

That can fill a lot of TCGv entries in a sequence,
especially since 15fa08f845 ("tcg: Dynamically allocate TCGOps")
we have no limit to fill the TCGOps cache and we can fill
the entire TCG variables array and overflow it.

Backports commit ecc207d2fc1d45fabb16c38742a6675a7ba56cbc from qemu
2018-03-20 14:32:04 -04:00
Luwei Kang 30d878a0ef
i386: Disable Intel PT if packets IP payloads have LIP values
Intel processor trace should be disabled when
CPUID.(EAX=14H,ECX=0H).ECX.[bit31] is set.
Generated packets which contain IP payloads will have LIP
values when this bit is set, or IP payloads will have RIP
values.
Currently, The information of CPUID 14H is constant to make
live migration safty and this bit is always 0 in guest even
if host support LIP values.
Guest sees the bit is 0 will expect IP payloads with RIP
values, but the host CPU will generate IP payloads with
LIP values if this bit is set in HW.
To make sure the value of IP payloads correctly, Intel PT
should be disabled when bit[31] is set.

Backports relevant parts of commit c078ca968c6c7cb62781c1843d840cb0f5c72781 from qemu
2018-03-20 14:25:40 -04:00
Igor Mammedov cd27da0d88
cpu: get rid of unused cpu_init() defines
cpu_init(cpu_model) were replaced by cpu_create(cpu_type) so
no users are left, remove it.

Backports commit 3f71e724e283233753f1b5b3d6a30948d3084636 from qemu
2018-03-20 14:21:45 -04:00
Igor Mammedov f8eeacb280
Use cpu_create(type) instead of cpu_init(cpu_model)
With all targets defining CPU_RESOLVING_TYPE, refactor
cpu_parse_cpu_model(type, cpu_model) to parse_cpu_model(cpu_model)
so that callers won't have to know internal resolving cpu
type. Place it in exec.c so it could be called from both
target independed vl.c and *-user/main.c.

That allows us to stop abusing cpu type from
MachineClass::default_cpu_type
as resolver class in vl.c which were confusing part of
cpu_parse_cpu_model().

Also with new parse_cpu_model(), the last users of cpu_init()
in null-machine.c and bsd/linux-user targets could be switched
to cpu_create() API and cpu_init() API will be removed by
follow up patch.

With no longer users left remove MachineState::cpu_model field,
new code should use MachineState::cpu_type instead and
leave cpu_model parsing to generic code in vl.c.

Backports commit 2278b93941d42c30e2950d4b8dff4943d064e7de from qemu
2018-03-20 14:20:30 -04:00
Igor Mammedov 20f67e8f9a
pc: use generic cpu_model parsing
define default CPU type in generic way in pc_machine_class_init()
and let common machine code to handle cpu_model parsing

Patch also introduces TARGET_DEFAULT_CPU_TYPE define for 2 purposes:
* make foo_machine_class_init() look uniform on every target
* use define in [bsd|linux]-user targets to pick default
cpu type

Backports commit 311ca98d16bbb6a2a38b38ba898baa4a4d4ab9a7 from qemu
2018-03-20 13:22:05 -04:00
Igor Mammedov 9c5153270f
i386: keep cpu_model field in MachineState uptodate
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Backports commit 6aff24c6a61c6fec31e555c7748ba6085b7b2c06 from qemu
2018-03-20 12:40:35 -04:00
Igor Mammedov 8344a5a63c
pc: Parse CPU features only once
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Backports commit 6aff24c6a61c6fec31e555c7748ba6085b7b2c06 from qemu
2018-03-20 12:27:44 -04:00
Igor Mammedov 87db6e033b
cpu: Use CPUClass->parse_features() as convertor to global properties
Currently CPUClass->parse_features() is used to parse -cpu
features string and set properties on created CPU instances.

But considering that features specified by -cpu apply to every
created CPU instance, it doesn't make sense to parse the same
features string for every CPU created. It also makes every target
that cares about parsing features string explicitly call
CPUClass->parse_features() parser, which gets in a way if we
consider using generic device_add for CPU hotplug as device_add
has not a clue about CPU specific hooks.

Turns out we can use global properties mechanism to set
properties on every created CPU instance for a given type. That
way it's possible to convert CPU features into a set of global
properties for CPU type specified by -cpu cpu_model and common
Device.device_post_init() will apply them to CPU of given type
automatically regardless whether it's manually created CPU or CPU
created with help of device_add.

Backports commits 62a48a2a5798425997152dea3fc48708f9116c04 and
f313369fdb78f849ecbbd8e5d88f01ddf38786c8 from qemu
2018-03-20 12:00:27 -04:00
Igor Mammedov f86355f82c
cpu: add CPU_RESOLVING_TYPE macro
it will be used for providing to cpu name resolving class for
parsing cpu model for system and user emulation code.

Along with change add target to null-machine tests, so
that when switch to CPU_RESOLVING_TYPE happens,
it would ensure that null-machine usecase still works.

Backports commit 0dacec874fa3b3fd34b0d0670fa257efdcbbebd0 from qemu
2018-03-20 11:28:13 -04:00
Igor Mammedov c6dd0d3bef
m68k: cleanup cpu type name composition
use new M68K_CPU_TYPE_NAME to compose CPU type names
and get rid of intermediate M68kCPUInfo/register_cpu_type()
which is replaced by static TypeInfo array.

Backports commit f61797bd947cff86b12036917b35ebc38628e4df from qemu
2018-03-20 08:40:05 -04:00
Igor Mammedov 9e175711d6
sparc: cleanup cpu type name composition
introduce SPARC_CPU_TYPE_NAME macro and use it to
construct cpu type names.

Backports commit 1d4bfc5496387124e56df6fd49481e1821403456 from qemu
2018-03-20 08:26:21 -04:00
Eduardo Habkost 074865ff98
cpu: Generify CPU init functions
Backports commits 2994fd96d986578a342f2342501b4ad30f6d0a85,
701e3c78ce45fa630ffc6826c4b9a4218954bc7f, and
d1853231c60d16af78cf4d1608d043614bfbac0b from qemuu
2018-03-20 08:21:51 -04:00
Peter Crosthwaite ce1831bfb4
target-*: Don't redefine cpu_exec()
This function needs to be converted to QOM hook and virtualised for
multi-arch. This rename interferes, as cpu-qom will not have access
to the renaming causing name divergence. This rename doesn't really do
anything anyway so just delete it.

Backports commit 8642c1b81e0418df066a7960a7426d85a923a253 from qemu
2018-03-20 07:02:47 -04:00
Igor Mammedov 15eb359656
numa: move numa_node from CPUState into target specific classes
Move vcpu's associated numa_node field out of generic CPUState
into inherited classes that actually care about cpu<->numa mapping,
i.e: ARMCPU, PowerPCCPU, X86CPU.

Backports relevant parts of commit 15f8b14228b856850df3fa5ba999ad96521f2208 from qemu
2018-03-20 06:46:20 -04:00
Chao Peng a64b7f0d3f
i386: Add support to get/set/migrate Intel Processor Trace feature
Add Intel Processor Trace related definition. It also add
corresponding part to kvm_get/set_msr and vmstate.

Backports commit b77146e9a129bcdb60edc23639211679ae846a92 from qemu
2018-03-17 19:11:21 -04:00
Chao Peng da2d5108ee
i386: Add Intel Processor Trace feature support
Expose Intel Processor Trace feature to guest.

To make Intel PT live migration safe and get same CPUID information
with same CPU model on diffrent host. CPUID[14] is constant in this
patch. Intel PT use EPT is first supported in IceLake, the CPUID[14]
get on this machine as default value. Intel PT would be disabled
if any machine don't support this minial feature list.

Backports commit e37a5c7fa459558b5020588994707fe3fdd6616e from qemu
2018-03-17 19:10:30 -04:00
Wanpeng Li f0701e6dd5
target-i386: add KVM_HINTS_DEDICATED performance hint
Add KVM_HINTS_DEDICATED performance hint, guest checks this feature bit
to determine if they run on dedicated vCPUs, allowing optimizations such
as usage of qspinlocks.

Backports commit be7773268d98176489483a315d3e2323cb0615b9 from qemu
2018-03-17 19:07:19 -04:00
Liran Alon 9fbdd8d885
KVM: x86: Add support for save/load MSR_SMI_COUNT
This MSR returns the number of #SMIs that occurred on
CPU since boot.

KVM commit 52797bf9a875 ("KVM: x86: Add emulation of MSR_SMI_COUNT")
introduced support for emulating this MSR.

This commit adds support for QEMU to save/load this
MSR for migration purposes.

Backports relevant parts of commit e13713db5b609d9a83c9cfc8ba389d4215d4ba29 from qemu
2018-03-17 19:02:31 -04:00
Brijesh Singh 624391bdc8
cpu/i386: populate CPUID 0x8000_001F when SEV is active
When SEV is enabled, CPUID 0x8000_001F should provide additional
information regarding the feature (such as which page table bit is used
to mark the pages as encrypted etc).

The details for memory encryption CPUID is available in AMD APM
(https://support.amd.com/TechDocs/24594.pdf) Section E.4.17

Backports relevant parts of commit 6cb8f2a663a47c6e0da17fc4fb9e06abfda2bd48 from qemu
2018-03-17 19:00:59 -04:00
Laurent Vivier 5ec082d17c
target/m68k: implement fcosh
Using a local m68k floatx80_cosh()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 02f9124ebe26c36f0f7ed58085bd963e4372b2cd from qemu
2018-03-17 18:58:57 -04:00
Laurent Vivier 7569530893
target/m68k: implement fsinh
Using a local m68k floatx80_sinh()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit eee6b892a6063c2807ecf33a2f62a8d7cca7652c from qemu
2018-03-17 18:57:16 -04:00
Laurent Vivier a2a662a901
target/m68k: implement ftanh
Using local m68k floatx80_tanh() and floatx80_etoxm1()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 9937b02965c2a7dbc4b21d98e29b082bab095aa5 from qemu
2018-03-17 18:55:33 -04:00
Laurent Vivier e031b14e4a
target/m68k: implement fatanh
Using a local m68k floatx80_atanh()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit e3655afa137b2e0999537eef273a2845ba21d68c from qemu
2018-03-17 18:54:24 -04:00
Laurent Vivier c900ad13f9
target/m68k: implement facos
Using a local m68k floatx80_acos()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit c84813b807fc82c68ff6d72387f95b15ad283bf6 from qemu
2018-03-17 18:52:27 -04:00
Laurent Vivier 542a863020
target/m68k: implement fasin
Using a local m68k floatx80_asin()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit bc20b34e03b51725d7f008551b5f56f1da07ab6a from qemu
2018-03-17 18:50:30 -04:00
Laurent Vivier 80a2ebf67b
target/m68k: implement fatan
Using a local m68k floatx80_atan()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 8c992abc892c90caf1d4dd5b4482cda052a280ba from qemu
2018-03-17 18:48:32 -04:00
Laurent Vivier 5630647279
target/m68k: implement fsincos
using floatx80_sin() and floatx80_cos()

Backports commit 47446c9ce34b6685ffe20e829ff6c9aaefd3af0a from qemu
2018-03-17 18:41:30 -04:00
Laurent Vivier 4177dd3ce8
target/m68k: implement fcos
Using a local m68k floatx80_cos()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 68d0ed37866de2c5cafc4e2589e263961b2e8cd6 from qemu
2018-03-17 18:39:05 -04:00
Laurent Vivier acc9bd1d21
target/m68k: implement fsin
Using a local m68k floatx80_sin()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 5add1ac42faffd3d3639101fa778dced693a65a3 from qemu
2018-03-17 18:37:01 -04:00
Laurent Vivier caf3cb0571
target/m68k: implement ftan
Using a local m68k floatx80_tan()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 273401809c8a8330e5430f2c958467efa7079b2c from qemu
2018-03-17 18:35:01 -04:00
Lioncash 1fe99928c8
target/m68k: Correct M68K_CPU macro parameters in m68k_cpu_handle_mmu_fault in helper.c 2018-03-17 18:31:06 -04:00
Lioncash c169f3dc5d
target/i386: Correct X86_CPU macro parameters in x86_cpu_handle_mmu_fault() in helper.c 2018-03-17 18:30:46 -04:00
Lioncash acb7231650
target/m68k: Correct duplicate conditions in gen_cc_cond 2018-03-17 18:30:33 -04:00
Lioncash 95d50a02a1
target/mips/translate: Perform comparison pass with qemu
Keeps code and formatting in sync
2018-03-12 17:52:56 -04:00
Lioncash 7db1bff993
target/mips/op_helper: Perform comparison pass with qemu
Keeps code and formatting in sync
2018-03-12 15:25:08 -04:00
Lioncash 48429b2bcb
target/mips/msa_helper: Perform comparison pass with qemu
Keeps code and formatting in sync
2018-03-12 15:15:42 -04:00
Lioncash 4e8a1f8d6b
target/mips/internal: Perform comparison pass with qemu
Keeps code and formatting in sync with qemu
2018-03-12 15:13:17 -04:00
Lioncash 05089ecb12
target/mips/helper: Perform comparison pass with qemu
Keeps code and formatting in sync with qemu
2018-03-12 15:11:52 -04:00
Lioncash e9d9ed5eaa
target/i386/bpt_helper: Perform comparison pass with qemu
Keep formatting and code in sync where applicable
2018-03-12 13:28:50 -04:00
Lioncash fc7eaf7f77
target/i386/svm_helper: Perform comparison pass with qemu
Keep code and formatting in sync where applicable
2018-03-12 13:27:03 -04:00
Lioncash 27c283bb3c
target/i386/smm_helper: Perform comparison pass with qemu
Ensure code and formatting stay in sync where relevant
2018-03-12 13:25:37 -04:00
Lioncash 73426a7e79
target/i386/seg_helper: Perform comparison pass against qemu
Ensure formatting and code stay in sync where relevant
2018-03-12 13:24:36 -04:00
Lioncash a1910954cd
target/i386/mem_helper: Perform comparison pass against qemu
Ensure formatting and relevant code are in order
2018-03-12 13:19:05 -04:00
Lioncash 995ae229a3
target/i386/excp_helper: remove unnecessary comment 2018-03-12 13:16:53 -04:00
Lioncash c1e72be68d
target/i386/fpu_helper: Perform comparison pass against qemu 2018-03-12 13:15:51 -04:00
Lioncash 0d0dd2ba98
target/i386/translate: Perform comparison pass against qemu
Ensure code and formatting match qemu where applicable
2018-03-12 13:12:01 -04:00
Lioncash 83b35aa797
target/sparc/win_helper: Perform comparison pass against qemu
Ensure code and formatting are consistent with qemu
2018-03-12 12:46:59 -04:00
Lioncash 0215431990
target/sparc/mmu_helper: Perform comparison pass against qemu
Ensure code and formatting match qemu
2018-03-12 12:45:18 -04:00
Lioncash 83c0769d90
target/sparc/ldst_helper: Perform comparison pass against qemu
Ensure code and formatting is consistent with qemu
2018-03-12 12:43:14 -04:00
Lioncash a228660860
target/sparc/fop_helper: Perform comparison pass against qemu
Ensure formatting and code is consistent from the backporting
2018-03-12 12:38:21 -04:00
Lioncash 2114d28f7e
target/sparc/cc_helper: Perform a comparison pass against qemu 2018-03-12 12:36:51 -04:00
Lioncash bcc8bc5c18
target/sparc/translate: Perform comparison pass againt main qemu repo
Ensure that formatting and relevant code is organized like qemu
2018-03-12 12:34:49 -04:00
Lioncash b92dd8d299
target/m68k/op_helper: Adjust formatting to be in sync with qemu 2018-03-12 12:26:53 -04:00
Lioncash 6e9ecb876e
target/m68k/translate: Perform pass over code relative to qemu
Catches a few things that got lost in the backporting process.
2018-03-12 12:22:57 -04:00
Lioncash 750d56421c
translate/arm/vec_helper: Align to qemu formatting 2018-03-12 11:59:14 -04:00
Lioncash bab31a2510
target/arm/cpu and crypto_helper: Correct bad merge and adjust to qemu code style 2018-03-12 11:57:24 -04:00
Lioncash 0751366e5c
target/arm/op_helper: Correct bad merge 2018-03-12 11:42:43 -04:00
Lioncash 9a0632bfcf
target/arm/helper64: Correct bad merge 2018-03-12 11:37:27 -04:00
Lioncash c93c3bd4b3
target/arm/helper: Correct bad merge 2018-03-12 11:33:45 -04:00
Lioncash 14c1fcd5bf
target/arm/translate: Correct bad merge 2018-03-12 11:17:37 -04:00
Lioncash 0dd13de42f
target/arm/translate-a64: Correct bad merge 2018-03-12 11:17:33 -04:00
Peter Maydell fabd6c7ae8
target/arm: Make 'any' CPU just an alias for 'max'
Now we have a working '-cpu max', the linux-user-only
'any' CPU is pretty much the same thing, so implement it
that way.

For the moment we don't add any of the extra feature bits
to the system-emulation "max", because we don't set the
ID register bits we would need to to advertise those
features as present.

Backports commit a0032cc5427d0d396aa0a9383ad9980533448ea4 from qemu
2018-03-12 10:11:49 -04:00
Peter Maydell 7388fff079
target/arm: Add "-cpu max" support
Add support for "-cpu max" for ARM guests. This CPU type behaves
like "-cpu host" when KVM is enabled, and like a system CPU with
the maximum possible feature set otherwise. (Note that this means
it won't be migratable across versions, as we will likely add
features to it in future.)

Backports commit bab52d4bba3f22921a690a887b4bd0342f2754cd from qemu
2018-03-12 10:11:49 -04:00
Alistair Francis 44d8c38138
target/arm: Add a core count property
The cortex A53 TRM specifies that bits 24 and 25 of the L2CTLR register
specify the number of cores in the processor, not the total number of
cores in the system. To report this correctly on machines with multiple
CPU clusters (ARM's big.LITTLE or Xilinx's ZynqMP) we need to allow
the machine to overwrite this value. To do this let's add an optional
property.

Backports commit f9a697112ee64180354f98309a5d6b691cc8699d from qemu
2018-03-12 10:11:48 -04:00
Laurent Vivier 418f96df9b
target/m68k: implement ftentox
Using a local m68k floatx80_tentox()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 6c25be6e30bda0e470f8f0b6b93d53a6efe469e8 from qemu
2018-03-12 10:11:48 -04:00
Laurent Vivier 61fa8cf539
target/m68k: implement ftwotox
Using a local m68k floatx80_twotox()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 068f161536d9a28a5bc482f3de9c387b2fe5908d from qemu
2018-03-12 10:11:48 -04:00
Laurent Vivier 5d508f45b6
target/m68k: implement fetox
Using a local m68k floatx80_etox()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 40ad087330bee5394c9e78c97f909f580be69b58 from qemu
2018-03-12 10:11:47 -04:00
Laurent Vivier 2b793fce0f
target/m68k: implement flog2
Using a local m68k floatx80_log2()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 67b453ed73fe65949c24e6ca2b43f6816a89a301 from qemu
2018-03-12 10:11:47 -04:00
Laurent Vivier a052fcb40b
target/m68k: implement flog10
Using a local m68k floatx80_log10()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 248efb66fb88bc17c04a0d0f09a3539a43c80769 from qemu
2018-03-12 10:11:47 -04:00
Laurent Vivier 9852c8c94a
target/m68k: implement flogn
Using a local m68k floatx80_logn()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 50067bd16fead5d78a283130efbf3e3b026de450 from qemu
2018-03-12 10:11:47 -04:00
Laurent Vivier 442aa7a87a
target/m68k: implement flognp1
Using a local m68k floatx80_lognp1()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 4b5c65b8f02a057bc1b77839b5012544f96fec80 from qemu
2018-03-12 10:11:47 -04:00
Laurent Vivier 5bc9cdb681
target/m68k: define floatx80_move()
This functions is needed by upcoming m68k softfloat functions.

Source code copied for WinUAE (tag 3500)
(The WinUAE file has been copied from QEMU and has
the QEMU licensing notice)

Backports commit 9a069775a8087cbd6fa8c479b69be8d37bd90351 from qemu
2018-03-12 10:11:46 -04:00
Lioncash 8e161bb723
target/arm: Use the any cpu model instead of cortex-a57
The Cortex-A57 doesn't allow use of v8.1+ architecture instructions
2018-03-12 03:42:57 -04:00
Andreas Färber 048aaf05ca
Revert use of DEFINE_MACHINE() for registrations of multiple machines
The script used for converting from QEMUMachine had used one
DEFINE_MACHINE() per machine registered. In cases where multiple
machines are registered from one source file, avoid the excessive
generation of module init functions by reverting this unrolling.

Backports commit 8a661aea0e7f6e776c6ebc9abe339a85b34fea1d from qemu
2018-03-11 15:17:17 -04:00
Eduardo Habkost a7f59d7771
Use DEFINE_MACHINE() to register all machines
Convert all machines to use DEFINE_MACHINE() instead of QEMUMachine
automatically using a script.

Backports commit e264d29de28c5b0be3d063307ce9fb613b427cc3 from qemu
2018-03-11 15:12:46 -04:00
Eduardo Habkost 12acb995fa
pc: Don't use QEMUMachine anymore
Now that we have a DEFINE_PC_MACHINE helper macro that just requires an
initialization function, it is trivial to convert them to register a QOM
machine class directly, instead of using QEMUMachine.

Backports commit 865906f7fdadd2732441ab158787f81f6a212bfe from qemu
2018-03-09 14:22:43 -05:00
Richard Henderson 7e327aaf84
util: Introduce include/qemu/cpuid.h
Clang 3.9 passes the CONFIG_AVX2_OPT configure test. However, the
supplied <cpuid.h> does not contain the bit_AVX2 define that we use
when detecting whether the routine can be enabled.

Introduce a qemu-specific header that uses the compiler's definition
of __cpuid et al, but supplies any missing bit_* definitions needed.
This avoids introducing any extra ifdefs to util/bufferiszero.c, and
allows quite a few to be removed from tcg/i386/tcg-target.inc.c.

Backports commit 5dd8990841a9e331d9d4838a116291698208cbb6 from qemu
2018-03-09 12:12:00 -05:00
KONRAD Frederic 4b9a1ceb4a
sparc: fix leon3 casa instruction when MMU is disabled
Since the commit af7a06bac7d3abb2da48ef3277d2a415772d2ae8:
`casa [..](10), .., ..` (and probably others alternate space instructions)
triggers a data access exception when the MMU is disabled.

When we enter get_asi(...) dc->mem_idx is set to MMU_PHYS_IDX when the MMU
is disabled. Just keep mem_idx unchanged in this case so we passthrough the
MMU when it is disabled.

Backports commit 6e10f37c86068e35151f982c976a85f1bec07ef2 from qemu
2018-03-09 01:39:53 -05:00
Laurent Vivier 9e72ef3b52
target/m68k: add fscale, fgetman and fgetexp
Using local m68k floatx80_getman(), floatx80_getexp(), floatx80_scale()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 0d379c1709aa6b2d09dd3b493bfdf3a5fe6debcd from qemu
2018-03-09 01:37:34 -05:00
Laurent Vivier 08c03a5de4
target/m68k: add fmod/frem
Using a local m68k floatx80_mod()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

The quotient byte of the FPSR is updated with
the result of the operation.

Backports commit 591596b77a1872d0652e666271ca055e57ea1e21 from qemu
2018-03-09 01:28:58 -05:00
Laurent Vivier c0ab026e78
target/m68k: TCGv returned by gen_load() must be freed
Backports commit 24989f0e21cc9cd90237d4836a456c3ffb824b3e from qemu
2018-03-09 01:16:01 -05:00
Richard Henderson 81ae246f07
target/arm: Enable ARM_FEATURE_V8_FCMA
Enable it for the "any" CPU used by *-linux-user.

Backports commit e66a67bf28e1b4fce2e3d72a2610dbd48d9d3078 from qemu
2018-03-09 01:12:19 -05:00
Richard Henderson 85cfb78ea2
target/arm: Decode t32 simd 3reg and 2reg_scalar extension
Happily, the bits are in the same places compared to a32.

Backports commit 0052087efb8a5c0e29ddc2f59f8476fcdc6495b2 from qemu
2018-03-09 01:11:14 -05:00
Richard Henderson e5da25aaf8
target/arm: Decode aa32 armv8.3 2-reg-index
Backports commit 638808ff8a0c0d62333822d3756e5d98f9f369c3 from qemu
2018-03-09 01:09:59 -05:00
Richard Henderson 69890ae145
target/arm: Decode aa32 armv8.3 3-same
Backports commit 8b7209fae730813d722b17a8a13b6a16c84616c8 from qemu
2018-03-09 01:08:26 -05:00
Richard Henderson abd86b2287
target/arm: Decode aa64 armv8.3 fcmla
Backports commit d17b7cdcf4ea3e858ceee8b86fc8544bb71561e6 from qemu

Also remember to commit vec_helper.
2018-03-09 01:05:02 -05:00
Richard Henderson 4b39a36416
target/arm: Decode aa64 armv8.3 fcadd
Backports commit 1695cd61b08d4376c11e0658836c4f08b4fc3aa1 from qemu
2018-03-09 00:58:37 -05:00
Richard Henderson 0b1ab3e745
target/arm: Add ARM_FEATURE_V8_FCMA
Not enabled anywhere yet.

Backports commit 0438f0372a7031debe796f4e3d30875d4d1e7899 from qemu
2018-03-09 00:28:37 -05:00
Richard Henderson fc74a022bf
target/arm: Enable ARM_FEATURE_V8_RDM
Enable it for the "any" CPU used by *-linux-user.

Backports commit f5dfc2ecdd48b71900bc50298ad2768d60356e44 from qemu
2018-03-09 00:27:34 -05:00
Richard Henderson 78b0b9c523
target/arm: Decode aa32 armv8.1 two reg and a scalar
Backports commit 61adacc8f589539ac6b25cfcbd6e099357188974 from qemu
2018-03-09 00:24:14 -05:00
Richard Henderson ca4ceb2dd7
target/arm: Decode aa32 armv8.1 three same
Backports commit 36a719348a9744d17c6ef6bac01bcb5fcd279753 from qemu
2018-03-09 00:18:31 -05:00
Richard Henderson 152c9484bd
target/arm: Decode aa64 armv8.1 scalar/vector x indexed element
Backports commit d345df7a3f1336ceb0537c1fa0a7261030426768 from qemu
2018-03-09 00:12:00 -05:00
Lioncash 12fd2cc113
target/arm: Decode aa64 armv8.1 three same extra 2018-03-09 00:10:09 -05:00
Richard Henderson 4f585f71fb
target/arm: Decode aa64 armv8.1 scalar three same extra
Backports commit d9061ec3d27eb940402a7eafee3fb77ce1146ad4 from qemu
2018-03-09 00:02:23 -05:00
Richard Henderson 774cbded7a
target/arm: Refactor disas_simd_indexed size checks
The integer size check was already outside of the opcode switch;
move the floating-point size check outside as well. Unify the
size vs index adjustment between fp and integer paths.

Backports commit 449f264b1749ac0e59c58bbc2eacdb3dc302c2bf from qemu
2018-03-08 23:53:39 -05:00
Richard Henderson 1fd2644738
target/arm: Refactor disas_simd_indexed decode
Include the U bit in the switches rather than testing separately.

Backports commit 5f81b1de43259ed0969e62a7419ab9dd9da2c5c0 from qemu
2018-03-08 23:44:03 -05:00
Richard Henderson 109a777fd6
target/arm: Add ARM_FEATURE_V8_RDM
Not enabled anywhere yet.

Backports commit 1dc81c15418d9b174f59a1c6262eb3487f352c56 from qemu
2018-03-08 23:44:03 -05:00
Peter Maydell e917a1ac0e
target/arm: Add Cortex-M33
Add a Cortex-M33 definition. The M33 is an M profile CPU
which implements the ARM v8M architecture, including the
M profile Security Extension.

Backports commit c7b26382fee8b745c6e903c85281babf30c2cb7c from qemu
2018-03-08 23:44:03 -05:00
Peter Maydell bd606401dc
target/arm: Define init-svtor property for the reset secure VTOR value
The Cortex-M33 allows the system to specify the reset value of the
secure Vector Table Offset Register (VTOR) by asserting config
signals. In particular, guest images for the MPS2 AN505 board rely
on the MPS2's initial VTOR being correct for that board.
Implement a QEMU property so board and SoC code can set the reset
value to the correct value.

Backports commit 38e2a77c9d6876e58f45cabb1dd9a6a60c22b39e from qemu
2018-03-08 23:44:03 -05:00
Peter Maydell eb4796e965
target/arm: Enable ARM_V8_FP16 feature bit for the AArch64 any CPU
Now we have implemented FP16 we can enable it for the "any" CPU.

Backports commit 969b389ee8ba84bc3f2e7ccfa993679fac410ad2 from qemu
2018-03-08 23:44:02 -05:00
Alex Bennée 6e41113897
arm/translate-a64: add all single op FP16 to handle_fp_1src_half
This includes FMOV, FABS, FNEG, FSQRT and FRINT[NPMZAXI]. We re-use
existing helpers to achieve this.

Backports commit c2c08713a6a5846bbe601d4d1b4f9708ba77efdc from qemu
2018-03-08 23:44:02 -05:00
Alex Bennée c6c8a1cccc
arm/translate-a64: implement simd_scalar_three_reg_same_fp16
This covers the encoding group:

Advanced SIMD scalar three same FP16

As all the helpers are already there it is simply a case of calling the
existing helpers in the scalar context.

Backports commit 7c93b7741b29b3ffda81a6e9525771b4409db99f from qemu
2018-03-08 23:44:02 -05:00
Alex Bennée dd29452046
arm/translate-a64: add all FP16 ops in simd_scalar_pairwise
I only needed to do a little light re-factoring to support the
half-precision helpers.

Backports commit 5c36d89567cfd049a7c59ff219639f788225068f from qemu
2018-03-08 23:44:02 -05:00
Alex Bennée 8bbabd7eb3
arm/translate-a64: add FP16 FMOV to simd_mod_imm
Only one half-precision instruction has been added to this group.

Backports commit 70b4e6a445715519ae55179dc54f6e961ab30c27 from qemu
2018-03-08 23:43:52 -05:00
Alex Bennée b117df18df
arm/translate-a64: add FP16 FRSQRTE to simd_two_reg_misc_fp16
Backports commit c625ff95070e3ef96bd007de744e1d97c881efeb from qemu
2018-03-08 22:45:39 -05:00
Alex Bennée 068143595e
arm/helper.c: re-factor rsqrte and add rsqrte_f16
Much like recpe the ARM ARM has simplified the pseudo code for the
calculation which is done on a fixed point 9 bit integer maths. So
while adding f16 we can also clean this up to be a little less heavy
on the floating point and just return the fractional part and leave
the calle's to do the final packing of the result.

Backports commit d719cbc7641991d16b891ffbbfc3a16a04e37b9a from qemu

Also removes a load of symbols that seem unnecessary from the header_gen script
2018-03-08 22:42:04 -05:00
Alex Bennée fdb07713e6
arm/translate-a64: add FP16 FSQRT to simd_two_reg_misc_fp16
Backports commit b96a54c7e5576bd35b7d00d37b7929d2892d8cac from qemu
2018-03-08 21:57:35 -05:00
Alex Bennée 6102a61b14
arm/translate-a64: add FP16 FRCPX to simd_two_reg_misc_fp16
We go with the localised helper.

Backports commit 986950283837f697b35782b9ac3bc99fca614640 from qemu
2018-03-08 19:15:23 -05:00
Alex Bennée 4ea310c131
arm/translate-a64: add FP16 FRECPE
Now we have added f16 during the re-factoring we can simply call the
helper.

Backports commit fbd06e1e4b6566b4d727f9e553c819d034942f68 from qemu
2018-03-08 19:12:06 -05:00
Alex Bennée 5f3864c2c2
arm/helper.c: re-factor recpe and add recepe_f16
It looks like the ARM ARM has simplified the pseudo code for the
calculation which is done on a fixed point 9 bit integer maths. So
while adding f16 we can also clean this up to be a little less heavy
on the floating point and just return the fractional part and leave
the calle's to do the final packing of the result.

Backports commit 5eb70735af1c0b607bf2671a53aff3710cc1672f from qemu
2018-03-08 19:05:48 -05:00
Alex Bennée c590ff441c
arm/translate-a64: add FP16 FNEG/FABS to simd_two_reg_misc_fp16
Neither of these operations alter the floating point status registers
so we can do a pure bitwise operation, either squashing any sign
bit (ABS) or inverting it (NEG).

Backports commit 15f8a233c8c023dbc77b6fe6cd7c79eac9bee263 from qemu
2018-03-08 18:51:35 -05:00
Alex Bennée 7161c1ed52
arm/translate-a64: add FP16 SCVTF/UCVFT to simd_two_reg_misc_fp16 2018-03-08 18:48:25 -05:00
Alex Bennée 8ac9e3cff2
arm/translate-a64: add FP16 FCMxx (zero) to simd_two_reg_misc_fp16
I re-use the existing handle_2misc_fcmp_zero handler and tweak it
slightly to deal with the half-precision case.

Backports commit 7d4dd1a73a023f75c893623710e43743501b318e from qemu
2018-03-08 18:32:36 -05:00
Alex Bennée 39a68548d1
arm/translate-a64: add FCVTxx to simd_two_reg_misc_fp16
This covers all the floating point convert operations.

Backports commit 2df581304193d70eaf0d22cf4cb4613f74b6e59b from qemu
2018-03-08 18:25:29 -05:00
Alex Bennée d5f002b39a
arm/translate-a64: add FP16 FPRINTx to simd_two_reg_misc_fp16
This adds the full range of half-precision floating point to integral
instructions.

Backports commit 6109aea2d954891027acba64a13f1f1c7463cfac from qemu
2018-03-08 18:21:58 -05:00
Alex Bennée 33eda0f5d4
arm/translate-a64: initial decode for simd_two_reg_misc_fp16
This actually covers two different sections of the encoding table:

Advanced SIMD scalar two-register miscellaneous FP16
Advanced SIMD two-register miscellaneous (FP16)

The difference between the two is covered by a combination of Q (bit
30) and S (bit 28). Notably the FRINTx instructions are only
available in the vector form.

This is just the decode skeleton which will be filled out by later
patches.

Backports commit 5d432be6fd6efe37833ac82623c3abd35117b421 from qemu
2018-03-08 18:14:04 -05:00
Alex Bennée 82ffaab7de
arm/translate-a64: add FP16 x2 ops for simd_indexed
A bunch of the vectorised bitwise operations just operate on larger
chunks at a time. We can do the same for the new half-precision
operations by introducing some TWOHALFOP helpers which work on each
half of a pair of half-precision operations at once.

Hopefully all this hoop jumping will get simpler once we have
generically vectorised helpers here.

Backports commit 6089030c7322d8f96b54fb9904e53b0f464bb8fe from qemu
2018-03-08 18:08:39 -05:00
Alex Bennée 38815b2901
arm/translate-a64: add FP16 FMULX/MLS/FMLA to simd_indexed
The helpers use the new re-factored muladd support in SoftFloat for
the float16 work.

Backports commit 5d265064cf30daaacce5a4ce9945fc573015fb5f from qemu
2018-03-08 15:56:20 -05:00
Alex Bennée c6fda07628
arm/translate-a64: add FP16 pairwise ops simd_three_reg_same_fp16
This includes FMAXNMP, FADDP, FMAXP, FMINNMP, FMINP.

Backports commit 7a2c6e618156674cf9eac8bf36e79f674fbf974e from qemu
2018-03-08 15:50:56 -05:00
Alex Bennée 4b2577537b
arm/translate-a64: add FP16 FR[ECP/SQRT]S to simd_three_reg_same_fp16
As some of the constants here will also be needed
elsewhere (specifically for the upcoming SVE support) we move them out
to softfloat.h.

Backports commit 026e2d6ef74000afb9049f46add4b94f594c8fb3 from qemu
2018-03-08 15:47:34 -05:00
Alex Bennée a02b9b81a9
arm/translate-a64: add FP16 FMULA/X/S to simd_three_reg_same_fp16
Backports commit 2deb992b767d28035fac3b374c7730494ff0b43d from qemu

Also backports the fp16 changes introduced in commit f566c0474a9b9bbd9ed248607e4007e24d3358c0
2018-03-08 15:42:48 -05:00
Alex Bennée ba8df54753
arm/translate-a64: add FP16 F[A]C[EQ/GE/GT] to simd_three_reg_same_fp16
These use the generic float16_compare functionality which in turn uses
the common float_compare code from the softfloat re-factor.

Backports commit d32adeae1a71a8e71374fa48d3d6ab0ad4c23e94 from qemu
2018-03-08 12:59:37 -05:00
Alex Bennée 4a6a41d2c5
arm/translate-a64: add FP16 FADD/FABD/FSUB/FMUL/FDIV to simd_three_reg_same_fp16
The fprintf is only there for debugging as the skeleton is added to,
it will be removed once the skeleton is complete.

Backports commit 372087348d561e7f4051d7b32609bda417092ddf from qemu
2018-03-08 12:56:15 -05:00
Alex Bennée 2f850606e9
arm/translate-a64: initial decode for simd_three_reg_same_fp16
This is the initial decode skeleton for the Advanced SIMD three same
instruction group.

The fprintf is purely to aid debugging as the additional instructions
are added. It will be removed once the group is complete.

Backports commit 376e8d6cda985df31c8561db4b7ea365b6fe6f87 from qemu
2018-03-08 12:53:23 -05:00
Alex Bennée fe74abd307
arm/translate-a64: handle_3same_64 comment fix
We do implement all the opcodes.

Backports commit 3840d219b433507f04a685120ff770ce4e06c55d from qemu
2018-03-08 12:51:01 -05:00
Alex Bennée af75074fe7
arm/translate-a64: implement half-precision F(MIN|MAX)(V|NMV)
This implements the half-precision variants of the across vector
reduction operations. This involves a re-factor of the reduction code
which more closely matches the ARM ARM order (and handles 8 element
reductions).

Backports commit 807cdd504283c11addcd7ea95ba594bbddc86fe4 from qemu
2018-03-08 12:49:30 -05:00
Alex Bennée 27d8d01566
target/arm/helper: pass explicit fpst to set_rmode
As the rounding mode is now split between FP16 and the rest of
floating point we need to be explicit when tweaking it. Instead of
passing the CPU env we now pass the appropriate fpst pointer directly.

Backports commit 9b04991686785e18b18a36d193b68f08f7c91648 from qemu
2018-03-08 12:41:54 -05:00
Alex Bennée 996f38056f
target/arm/cpu.h: add additional float_status flags
Half-precision flush to zero behaviour is controlled by a separate
FZ16 bit in the FPCR. To handle this we pass a pointer to
fp_status_fp16 when working on half-precision operations. The value of
the presented FPCR is calculated from an amalgam of the two when read.

Backports commit d81ce0ef2c4f1052fcdef891a12499eca3084db7 from qemu
2018-03-08 12:34:39 -05:00
Alex Bennée 348789d2e4
target/arm/cpu.h: update comment for half-precision values
Backports commit d0e69ea88f4e74212b29d9436143c5bcfd437757 from qemu
2018-03-08 12:29:47 -05:00
Alex Bennée a030564492
target/arm/cpu64: introduce ARM_V8_FP16 feature bit
Backports commit 6ad4d6187563f069fe5f11c3c1c9ccec1f69c2b7 from qemu
2018-03-08 12:29:17 -05:00
Peter Maydell f4df29ca4f
target/arm: Fix register definitions for VMIDR and VMPIDR
The register definitions for VMIDR and VMPIDR have separate
reginfo structs for the AArch32 and AArch64 registers. However
the 32-bit versions are wrong:
* they use offsetof instead of offsetoflow32 to mark where
the 32-bit value lives in the uint64_t CPU state field
* they don't mark themselves as ARM_CP_ALIAS

In particular this means that if you try to use an Arm guest CPU
which enables EL2 on a big-endian host it will assert at reset:
target/arm/cpu.c:114: cp_reg_check_reset: Assertion `oldvalue == newvalue' failed.

because the reset of the 32-bit register writes to the top
half of the uint64_t.

Correct the errors in the structures.

Backports commit 36476562d57a3b64bbe86db26e63677dd21907c5 from qemu
2018-03-08 12:26:09 -05:00
Alex Bennée 0eee5afd0e
target/*/cpu.h: remove softfloat.h
As cpu.h is another typically widely included file which doesn't need
full access to the softfloat API we can remove the includes from here
as well. Where they do need types it's typically for float_status and
the rounding modes so we move that to softfloat-types.h as well.

As a result of not having softfloat in every cpu.h call we now need to
add it to various helpers that do need the full softfloat.h
definitions.

Backports commit 24f91e81b65fcdd0552d1f0fcb0ea7cfe3829c19 from qemu
2018-03-08 09:58:47 -05:00
Peter Maydell 19baeb5120
target/arm: Implement v8M MSPLIM and PSPLIM registers
The v8M architecture includes hardware support for enforcing
stack pointer limits. We don't implement this behaviour yet,
but provide the MSPLIM and PSPLIM stack pointer limit registers
as reads-as-written, so that when we do implement the checks
in future this won't break guest migration.

Backports commit 57bb31568114023f67680d6fe478ceb13c51aa7d from qemu
2018-03-08 09:42:04 -05:00
Peter Maydell 5812f7e3a3
target/arm: Implement writing to CONTROL_NS for v8M
In commit 50f11062d4c896 we added support for MSR/MRS access
to the NS banked special registers, but we forgot to implement
the support for writing to CONTROL_NS. Correct the omission.

Backports commit 6eb3a64e2a96f5ced1f7896042b01f002bf0a91f from qemu
2018-03-08 09:39:43 -05:00
Peter Maydell 09cfe29d5b
hw/intc/armv7m_nvic: Implement SCR
We were previously making the system control register (SCR)
just RAZ/WI. Although we don't implement the functionality
this register controls, we should at least provide the state,
including the banked state for v8M.

Backports register related changes in commit 24ac0fb129f9ce9dd96901b2377fc6271dc55b2b from qemu
2018-03-08 09:36:59 -05:00
Peter Maydell c390c07ae0
hw/intc/armv7m_nvic: Implement cache ID registers
M profile cores have a similar setup for cache ID registers
to A profile:
* Cache Level ID Register (CLIDR) is a fixed value
* Cache Type Register (CTR) is a fixed value
* Cache Size ID Registers (CCSIDR) are a bank of registers;
which one you see is selected by the Cache Size Selection
Register (CSSELR)

The only difference is that they're in the NVIC memory mapped
register space rather than being coprocessor registers.
Implement the M profile view of them.

Since neither Cortex-M3 nor Cortex-M4 implement caches,
we don't need to update their init functions and can leave
the ctr/clidr/ccsidr[] fields in their ARMCPU structs at zero.
Newer cores (like the Cortex-M33) will want to be able to
set these ID registers to non-zero values, though.

Backports commit 43bbce7fbef22adf687dd84934fd0b2f8df807a8 from qemu
2018-03-08 09:35:53 -05:00
Peter Maydell 6f31c219b9
hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
Instead of hardcoding the values of M profile ID registers in the
NVIC, use the fields in the CPU struct. This will allow us to
give different M profile CPU types different ID register values.

This commit includes the addition of the missing ID_ISAR5,
which exists as RES0 in both v7M and v8M.

(The values of the ID registers might be wrong for the M4 --
this commit leaves the behaviour there unchanged.)

Backports commit 5a53e2c1dc939fea1af92cc126ee546d8211d412 from qemu
2018-03-08 09:34:37 -05:00
Richard Henderson 1f71084740
target/arm: Handle SVE registers when using clear_vec_high
When storing to an AdvSIMD FP register, all of the high
bits of the SVE register are zeroed. Therefore, call it
more often with is_q as a parameter.

Backports commit 4ff55bcb0ee6452b768835f86d94bd727185f812 from qemu
2018-03-08 09:32:33 -05:00
Richard Henderson 07b928eca4
target/arm: Enforce access to ZCR_EL at translation
This also makes sure that we get the correct ordering of
SVE vs FP exceptions.

Backports commit 490aa7f13a2ad31f92205879c4dc2387b602ef14 from qemu
2018-03-08 09:17:33 -05:00
Richard Henderson c095dc9e83
target/arm: Suppress TB end for FPCR/FPSR
Nothing in either register affects the TB.

Backports commit b916c9c35ce8158bf7f9ed5514eb279e52875de2 from qemu
2018-03-08 09:15:02 -05:00
Richard Henderson d5c4d3e3c3
target/arm: Enforce FP access to FPCR/FPSR
Backports commit fe03d45f9e9baa89e8c4da50de771767d5d48990 from qemu
2018-03-08 09:14:52 -05:00
Richard Henderson 1bff556dbc
target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
Because they are ARM_CP_STATE_AA64, ARM_CP_64BIT is implied.

Backports commit 5d1e699988cdb1494ab4ac9a2b67d4c539143654 from qemu
2018-03-08 09:06:46 -05:00
Markus Armbruster 6a71ff06ca
Include qapi/qmp/qdict.h exactly where needed
This cleanup makes the number of objects depending on qapi/qmp/qdict.h
drop from 4550 (out of 4743) to 368 in my "build everything" tree.
For qapi/qmp/qobject.h, the number drops from 4552 to 390.

While there, separate #include from file comment with a blank line.

Backports commit 452fcdbc49c59884c8c284268d64baa24fea11e1 from qemu
2018-03-08 08:51:46 -05:00
Igor Mammedov 5a66d7f326
sparc: move adhoc CPUSPARCState initialization to realize time
SPARCCPU::env was initialized from previously set properties
(with help of sparc_cpu_parse_features) in cpu_sparc_register().
However there is not reason to keep it there as this task is
typically done at realize time. So move post properties
initialization into sparc_cpu_realizefn, which brings
cpu_sparc_init() closer to cpu_generic_init().

Backports commit 700549620b3ee15924f19b9eb79961655ce671c5 from qemu
2018-03-07 21:40:33 -05:00
Igor Mammedov 0d7be1a913
sparc: embed sparc_def_t into CPUSPARCState
Make CPUSPARCState::def embedded so it would be allocated as part
of cpu instance and we won't have to worry about cleaning def pointer
up mannualy on cpu destruction.

Backports commit 576e1c4c239621482474ba7b495a41bab2d16ae5 from qemu
2018-03-07 21:35:23 -05:00
Igor Mammedov 2142f3ff98
sparc: convert cpu models to SPARC cpu subclasses
Backports commit 12a6c15ef31c98ecefa63e91ac36955383038384 from qemu
2018-03-07 21:30:22 -05:00
Markus Armbruster 5d554fefeb
Include qapi/error.h exactly where needed
This cleanup makes the number of objects depending on qapi/error.h
drop from 1910 (out of 4743) to 1612 in my "build everything" tree.

While there, separate #include from file comment with a blank line,
and drop a useless comment on why qemu/osdep.h is included first.

Backports commit e688df6bc4549f28534cdb001f168b8caae55b0c from qemu
2018-03-07 12:26:38 -05:00
Markus Armbruster aa7a707738
Drop superfluous includes of qapi-types.h and test-qapi-types.h
Backports commit 522ece32d214bd4b086821c4350c2aebe5587878 from qemu
2018-03-07 12:21:43 -05:00
Pavel Dovgalyuk 01150e151e
m68k: implement movep instruction
This patch implements movep instruction. It moves data between a data register
and alternate bytes within the address space starting at the location
specified and incrementing by two.

It was designed for the original 68000 and used in firmwares for
interfacing the 8-bit peripherals through the 16-bit data bus.
Without this patch opcode for this instruction is recognized as some bitop.

Backports commit 1226e212292e271b8795265c9639d5c0553df199 from qemu
2018-03-07 11:51:32 -05:00
Peter Maydell 8e7ecd89a4
target/arm/translate.c: Fix missing 'break' for TT insns
The code where we added the TT instruction was accidentally
missing a 'break', which meant that after generating the code
to execute the TT we would fall through to 'goto illegal_op'
and generate code to take an UNDEF insn.

Backports commit 384c6c03fb687bea239a5990a538c4bc50fdcecb from qemu
2018-03-07 11:45:39 -05:00
Richard Henderson 02516c53ff
target/arm: Add SVE state to TB->FLAGS
Add both SVE exception state and vector length.

Backports commit 1db5e96c54d8b3d1df0a6fed6771390be6b010da from qemu
2018-03-07 11:44:32 -05:00
Richard Henderson 523e5114c0
target/arm: Add ZCR_ELx
Define ZCR_EL[1-3].

Backports commit 5be5e8eda78474f6e89a54af12ee6f44234115ed from qemu
2018-03-07 11:41:46 -05:00
Richard Henderson a47fb718bc
target/arm: Add predicate registers for SVE
Backports commit 3c7d30866fd1f56e5945726221410e0d8d535033 from qemu
2018-03-07 11:34:57 -05:00
Richard Henderson 834e3a1d04
target/arm: Expand vector registers for SVE
Change vfp.regs as a uint64_t to vfp.zregs as an ARMVectorReg.
The previous patches have made the change in representation
relatively painless.

Backports commit c39c2b9043ec59516c80f2c6f3e8193e99d04d4b from qemu
2018-03-07 11:33:49 -05:00
Lioncash 5439b4a542
unicorn/aarch64: Use qemu-provided helpers for accessing VFP/NEON/SIMD registers
Avoids directly touching the representation of the VFP/NEON/SIMD registers
2018-03-07 11:25:41 -05:00
Lioncash 9e14a824ed
unicorn/mips: Lessen the amount of MIPS_CPU macro usage
Syntaxically reduces line noise
2018-03-07 10:50:08 -05:00
Lioncash be260c43b6
unicorn/sparc: Lessen the use of the SPARC_CPU macro
Syntaxically reduces the amount of line noise
2018-03-07 10:46:18 -05:00
Lioncash 047766c908
unicorn/m68k: Lessen usage of M68K_CPU macro
Reduces the amount of line noise (and avoids syntaxically repeating accesses to the environment state)
2018-03-07 10:37:50 -05:00
Lioncash 6cbcf9ce76
unicorn/i386: Lessen amount of X86_CPU macros and casts
Reduces the amount of line noise
2018-03-07 10:34:00 -05:00
Lioncash 441f3b73da
unicorn_arm: Use ARM_CPU macro instead of a direct cast in arm_release
Makes the code more reliant on qemu instead of manually doing our own thing
2018-03-07 10:24:21 -05:00
Lioncash 767dedcb09
unicorn_aarch64: Clean up variable assignments in arm64_release 2018-03-07 10:22:51 -05:00
Lioncash d0abc23e99
unicorn/arm: use uc->cpu instead of uc->current_cpu
Keeps cpu variable usage consistent. Also eliminates unnecessary casts
2018-03-07 10:15:49 -05:00
Lioncash 890f234a53
unicorn/aarch64: Lessen the amount of ARMCPU macro usages
This macro can just be used once per function that it's used in,
reducing the overall amount of line noise in register reading and writing
2018-03-07 09:59:27 -05:00
Ard Biesheuvel f425b6aa81
target/arm: enable user-mode SHA-3, SM3, SM4 and SHA-512 instruction support
Add support for the new ARMv8.2 SHA-3, SM3, SM4 and SHA-512 instructions to
AArch64 user mode emulation.

Backports commit 955f56d44a73d74016b2e71765d984ac7a6db1dc from qemu
2018-03-07 08:58:43 -05:00
Ard Biesheuvel 85e6d710e4
target/arm: implement SM4 instructions
This implements emulation of the new SM4 instructions that have
been added as an optional extension to the ARMv8 Crypto Extensions
in ARM v8.2.

Backports commit b6577bcd251ca0d57ae1de149e3c706b38f21587 from qemu
2018-03-07 08:57:53 -05:00
Ard Biesheuvel 78d15a9cd0
target/arm: implement SM3 instructions
This implements emulation of the new SM3 instructions that have
been added as an optional extension to the ARMv8 Crypto Extensions
in ARM v8.2.

Backports commit 80d6f4c6bbb718f343a832df8dee15329cc7686c from qemu
2018-03-07 08:53:47 -05:00
Ard Biesheuvel 72078a7674
target/arm: implement SHA-3 instructions
This implements emulation of the new SHA-3 instructions that have
been added as an optional extensions to the ARMv8 Crypto Extensions
in ARM v8.2.

Backports commit cd270ade74ea86467f393a9fb9c54c4f1148c28f from qemu
2018-03-07 08:44:47 -05:00
Ard Biesheuvel 66b8b01f09
target/arm: implement SHA-3 instructions
This implements emulation of the new SHA-3 instructions that have
been added as an optional extensions to the ARMv8 Crypto Extensions
in ARM v8.2.

Backports commit cd270ade74ea86467f393a9fb9c54c4f1148c28f from qemu
2018-03-07 08:41:40 -05:00
Ard Biesheuvel 0ef74f6d6d
target/arm: implement SHA-512 instructions
This implements emulation of the new SHA-512 instructions that have
been added as an optional extensions to the ARMv8 Crypto Extensions
in ARM v8.2.

Backports commit 90b827d131812d7f0a8abb13dba1942a2bcee821 from qemu
2018-03-07 08:39:49 -05:00
Peter Maydell c1f778a438
target/arm: Handle exceptions during exception stack pop
Handle possible MPU faults, SAU faults or bus errors when
popping register state off the stack during exception return.

Backports commit 95695effe8caa552b8f243bceb3a08de4003c882 from qemu
2018-03-07 08:33:21 -05:00
Peter Maydell 0dadc2575f
target/arm: Make exception vector loads honour the SAU
Make the load of the exception vector from the vector table honour
the SAU and any bus error on the load (possibly provoking a derived
exception), rather than simply aborting if the load fails.

Backports commit 600c33f24752a00e81e9372261e35c2befea612b from qemu
2018-03-07 08:31:57 -05:00
Peter Maydell 2c8a0fe0d7
nvic: Implement AIRCR changes for v8M
The Application Interrupt and Reset Control Register has some changes
for v8M:
 * new bits SYSRESETREQS, BFHFNMINS and PRIS: these all have
   real state if the security extension is implemented and otherwise
   are constant
 * the PRIGROUP field is banked between security states
 * non-secure code can be blocked from using the SYSRESET bit
   to reset the system if SYSRESETREQS is set

Implement the new state and the changes to register read and write.
For the moment we ignore the effects of the secure PRIGROUP.
We will implement the effects of PRIS and BFHFNMIS later.

Backports register-related additions in commit 3b2e934463121f06d04e4d17658a9a7cdc3717b0 from qemu
2018-03-07 08:30:34 -05:00
Peter Maydell 630a38cf94
target/arm: Make v7m_push_callee_stack() honour MPU
Make v7m_push_callee_stack() honour the MPU by using the
new v7m_stack_write() function. We return a flag to indicate
whether the pushes failed, which we can then use in
v7m_exception_taken() to cause us to handle the derived
exception correctly.

Backports commit 65b4234ff73a4d4865438ce30bdfaaa499464efa from qemu
2018-03-07 08:23:04 -05:00
Peter Maydell 0bc82ea78f
target/arm: Make v7M exception entry stack push check MPU
The memory writes done to push registers on the stack
on exception entry in M profile CPUs are supposed to
go via MPU permissions checks, which may cause us to
take a derived exception instead of the original one of
the MPU lookup fails. We were implementing these as
always-succeeds direct writes to physical memory.
Rewrite v7m_push_stack() to do the necessary checks.

Backports commit fd592d890ec40e3686760de84044230a8ebb1eb3 from qemu
2018-03-07 08:20:02 -05:00
Peter Maydell a10b65bd47
target/arm: Add ignore_stackfaults argument to v7m_exception_taken()
In the v8M architecture, if the process of taking an exception
results in a further exception this is called a derived exception
(for example, an MPU exception when writing the exception frame to
memory). If the derived exception happens while pushing the initial
stack frame, we must ignore any subsequent possible exception
pushing the callee-saves registers.

In preparation for making the stack writes check for exceptions,
add a return value from v7m_push_stack() and a new parameter to
v7m_exception_taken(), so that the former can tell the latter that
it needs to ignore failures to write to the stack. We also plumb
the argument through to v7m_push_callee_stack(), which is where
the code to ignore the failures will be.

(Note that the v8M ARM pseudocode structures this slightly differently:
derived exceptions cause the attempt to process the original
exception to be abandoned; then at the top level it calls
DerivedLateArrival to prioritize the derived exception and call
TakeException from there. We choose to let the NVIC do the prioritization
and continue forward with a call to TakeException which will then
take either the original or the derived exception. The effect is
the same, but this structure works better for QEMU because we don't
have a convenient top level place to do the abandon-and-retry logic.)

Backports commit 0094ca70e165cfb69882fa2e100d935d45f1c983 from qemu
2018-03-07 08:17:25 -05:00
Peter Maydell e1349f817a
target/arm: Split "get pending exception info" from "acknowledge it"
Currently armv7m_nvic_acknowledge_irq() does three things:
* make the current highest priority pending interrupt active
* return a bool indicating whether that interrupt is targeting
Secure or NonSecure state
* implicitly tell the caller which is the highest priority
pending interrupt by setting env->v7m.exception

We need to split these jobs, because v7m_exception_taken()
needs to know whether the pending interrupt targets Secure so
it can choose to stack callee-saves registers or not, but it
must not make the interrupt active until after it has done
that stacking, in case the stacking causes a derived exception.
Similarly, it needs to know the number of the pending interrupt
so it can read the correct vector table entry before the
interrupt is made active, because vector table reads might
also cause a derived exception.

Create a new armv7m_nvic_get_pending_irq_info() function which simply
returns information about the highest priority pending interrupt, and
use it to rearrange the v7m_exception_taken() code so we don't
acknowledge the exception until we've done all the things which could
possibly cause a derived exception.

Backports part of commit 6c9485188170e11ad31ce477c8ce200b8e8ce59d from qemu
2018-03-07 08:12:35 -05:00
Peter Maydell 49010633f0
target/arm: Add armv7m_nvic_set_pending_derived()
In order to support derived exceptions (exceptions generated in
the course of trying to take an exception), we need to be able
to handle prioritizing whether to take the original exception
or the derived exception.

We do this by introducing a new function
armv7m_nvic_set_pending_derived() which the exception-taking code in
helper.c will call when a derived exception occurs. Derived
exceptions are dealt with mostly like normal pending exceptions, so
we share the implementation with the armv7m_nvic_set_pending()
function.

Note that the way we structure this is significantly different
from the v8M Arm ARM pseudocode: that does all the prioritization
logic in the DerivedLateArrival() function, whereas we choose to
let the existing "identify highest priority exception" logic
do the prioritization for us. The effect is the same, though.

Backports part of commit 5ede82b8ccb652382c106d53f656ed67997d76e8 from qemu
2018-03-07 08:10:01 -05:00
Richard Henderson 16a0a3e156
target/arm: Use vector infrastructure for aa64 orr/bic immediate
Backports commit 064e265d5680e5c605d6ee8370fc1e8da094e66d from qemu
2018-03-06 16:17:42 -05:00
Richard Henderson c5c8488928
target/arm: Use vector infrastructure for aa64 multiplies
Backports commit 0c7c55c492c918b6275baa3fee8b176c31465e3c from qemu
2018-03-06 16:14:47 -05:00
Richard Henderson 955fec9300
target/arm: Use vector infrastructure for aa64 compares
Backports commit 79d61de6bdc3980f0efef85f7539e129ab8a4a40 from qemu
2018-03-06 16:10:10 -05:00
Richard Henderson 5626cb714e
target/arm: Use vector infrastructure for aa64 constant shifts
Backports commit cdb45a6063feb5efbb5896795e791dd3db006fbb from qemu
2018-03-06 16:10:10 -05:00
Richard Henderson a63be5a7aa
target/arm: Use vector infrastructure for aa64 dup/movi
Backports commit 861a1ded24917843b9a5a99ea0a6b37c2c9a1930 from qemu
2018-03-06 16:10:10 -05:00
Richard Henderson 84f848d876
target/arm: Use vector infrastructure for aa64 mov/not/neg
Backports commit 377ef731a85773788ae328e638698d27691bd77d from qemu
2018-03-06 16:10:10 -05:00
Richard Henderson 03b76589b4
target/arm: Use vector infrastructure for aa64 add/sub/logic
Backports commit bc48092f5865c20893bb19200a7a320feac99eeb from qemu
2018-03-06 16:10:10 -05:00
Richard Henderson f30abaea66
target/arm: Align vector registers
Backports commit 8b3495ea195503922c1e00253495cb6887b99dd5 from qemu
2018-03-06 16:10:10 -05:00
Laurent Vivier db311b6802
target/m68k: add HMP command "info tlb"
Backports relevant parts of commit 2097dca6d3a30b80ac5a6232f518548d5ae644a9 from qemu
2018-03-06 11:23:10 -05:00
Laurent Vivier e1102bd396
target/m68k: add pflush/ptest
Backports commit e55886c3340c3a3f1267a3a3d42082008bb255fb from qemu
2018-03-06 11:21:51 -05:00
Laurent Vivier caee2d2dda
target/m68k: add moves
and introduce SFC and DFC control registers.

Backports commit 5fa9f1f28321f7268e68e58cff8c61a2ab817f91 from qemu
2018-03-06 11:17:36 -05:00
Laurent Vivier 8800971c07
target/m68k: add index parameter to gen_load()/gen_store() and Co.
The instruction "moves" can select source and destination
address space (user or kernel). This patch modifies
all the load/store functions to be able to provide
the address space the caller wants to use instead
of using the current one. All the callers are modified
to provide the default address space to these functions.

Backports commit 54e1e0b5b5ce4fc76335b1fbbf09cb8fdd5ab89d from qemu
2018-03-06 11:13:30 -05:00
Laurent Vivier 570a0e872f
target/m68k: add Transparent Translation
Add ittr0, ittr1, dttr0, dttr1 and manage Transparent Translations

Backports commit c05c73b0838fc1b3fea87bc0ffa7b80b0556a2cb from qemu
2018-03-06 11:05:27 -05:00
Laurent Vivier ee10680bf9
target/m68k: add MC68040 MMU
Only add MC68040 MMU page table processing and related
registers (Special Status Word, Translation Control Register,
User Root Pointer and Supervisor Root Pointer).

Transparent Translation Registers, DFC/SFC and pflush/ptest
will be added later.

Backports commit 88b2fef6c3c3b45ac0dc2196ace7248a09c8e41d from qemu
2018-03-06 11:03:02 -05:00
Laurent Vivier 0aecb15f3b
accel/tcg: add size paremeter in tlb_fill()
The MC68040 MMU provides the size of the access that
triggers the page fault.

This size is set in the Special Status Word which
is written in the stack frame of the access fault
exception.

So we need the size in m68k_cpu_unassigned_access() and
m68k_cpu_handle_mmu_fault().

To be able to do that, this patch modifies the prototype of
handle_mmu_fault handler, tlb_fill() and probe_write().
do_unassigned_access() already includes a size parameter.

This patch also updates handle_mmu_fault handlers and
tlb_fill() of all targets (only parameter, no code change).

Backports commit 98670d47cd8d63a529ff230fd39ddaa186156f8c from qemu
2018-03-06 10:56:34 -05:00
Laurent Vivier e039ae7a66
target/m68k: fix TCG variable double free
t64 is also unconditionally freed after the switch () { ... }

Backports commit 39e3e113bdb27b4144d697fbd6678a9c24740103 from qemu
2018-03-06 10:38:27 -05:00
Richard Henderson 0af3b16b5b
target/arm: Simplify fp_exception_el for user-only
Backports commit 55faa21273151259de38da271c8a2f2b37d6c250 from qemu
2018-03-06 10:37:30 -05:00
Richard Henderson 11688c4b12
target/arm: Hoist store to flags output in cpu_get_tb_cpu_state
Backports commit b9adaa70a0dfce7a8e4bdb27a7c6bec5c6f633c4 from qemu
2018-03-06 10:36:51 -05:00
Richard Henderson 7dfbe4e104
target/arm: Move cpu_get_tb_cpu_state out of line
Backports commit a9e013112f03bf1644a549a769be599a3ceb6155 from qemu
2018-03-06 10:33:49 -05:00
Richard Henderson 404fa33c4b
target/arm: Use pointers in neon tbl helper
Rather than passing a regno to the helper, pass pointers to the
vector register directly. This eliminates the need to pass in
the environment pointer and reduces the number of places that
directly access env->vfp.regs[].

Backports commit e7c06c4e4c98c47899417f154df1f2ef4e8d09a0 from qemu
2018-03-06 10:20:21 -05:00
Richard Henderson 0bc07dd6be
target/arm: Use pointers in neon zip/uzp helpers
Rather than passing regnos to the helpers, pass pointers to the
vector registers directly. This eliminates the need to pass in
the environment pointer and reduces the number of places that
directly access env->vfp.regs[].

Backports commit b13708bbbdda54c7f7e28222b22453986c026391 from qemu
2018-03-06 10:17:51 -05:00
Richard Henderson b0578edcf7
target/arm: Use pointers in crypto helpers
Rather than passing regnos to the helpers, pass pointers to the
vector registers directly. This eliminates the need to pass in
the environment pointer and reduces the number of places that
directly access env->vfp.regs[].

Backports commit 1a66ac61af45af04688d1d15896737310e366c06 from qemu
2018-03-06 10:10:06 -05:00
Richard Henderson ca9a411074
target/arm: Mark disas_set_insn_syndrome inline
If it isn't used when translate.h is included,
we'll get a compiler Werror.

Backports commit cf96a682481bbfb1e6b53d2436c3d51563d5dff8 from qemu
2018-03-06 09:20:04 -05:00
Ard Biesheuvel aeee985cc9
target/arm: Fix 32-bit address truncation
Commit ("3b39d734141a target/arm: Handle page table walk load failures
correctly") modified both versions of the page table walking code (i.e.,
arm_ldl_ptw and arm_ldq_ptw) to record the result of the translation in
a temporary 'data' variable so that it can be inspected before being
returned. However, arm_ldq_ptw() returns an uint64_t, and using a
temporary uint32_t variable truncates the upper bits, corrupting the
result. This causes problems when using more than 4 GB of memory in
a TCG guest. So use a uint64_t instead.

Backports commit 9aea1ea31af25fe344a88da086ff913cca09c667 from qemu
2018-03-06 09:19:19 -05:00
Lioncash 4a680da17d
mips: Fix build
Not ideal, but it allows use of the backend at least
2018-03-06 09:08:59 -05:00
Eric Blake 20da22732f
mips: Tweak location of ';' in macros
It is more typical to provide the ';' by the caller of a macro
than to embed it in the macro itself; this is because syntax
highlight engines can get confused if a macro is called without
a semicolon before the closing '}'.

Backports commit 94f5c480e9b5ce95394026b3f025816470e23eaf from qemu
2018-03-06 09:03:57 -05:00
Peter Maydell b658f1f36c
target/arm: Handle page table walk load failures correctly
Instead of ignoring the response from address_space_ld*()
(indicating an attempt to read a page table descriptor from
an invalid physical address), use it to report the failure
correctly.

Since this is another couple of locations where we need to
decide the value of the ARMMMUFaultInfo ea bit based on a
MemTxResult, we factor out that operation into a helper
function.

Backports commit 3b39d734141a71296d08af3d4c32f872fafd782e from qemu
2018-03-06 08:55:08 -05:00
Peter Maydell fe9271d5bd
get_phys_addr_pmsav7: Support AP=0b111 for v7M
For PMSAv7, the v7A/R Arm ARM defines that setting AP to 0b111
is an UNPREDICTABLE reserved combination. However, for v7M
this value is documented as having the same behaviour as 0b110:
read-only for both privileged and unprivileged. Accept this
value on an M profile core rather than treating it as a guest
error and a no-access page.

Backports commit 8638f1ad7403b63db880dadce38e6690b5d82b64 from qemu
2018-03-06 08:51:55 -05:00
Peter Maydell bfd6d3e59b
target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions
Refactor disas_thumb2_insn() so that it generates the code for raising
an UNDEF exception for invalid insns, rather than returning a flag
which the caller must check to see if it needs to generate the UNDEF
code. This brings the function in to line with the behaviour of
disas_thumb_insn() and disas_arm_insn().

Backports commit 2eea841c11096e8dcc457b80e21f3fbdc32d2590 from qemu
2018-03-06 08:50:18 -05:00
Michael Weiser 5fabebabee
target/arm: Fix stlxp for aarch64_be
ldxp loads two consecutive doublewords from memory regardless of CPU
endianness. On store, stlxp currently assumes to work with a 128bit
value and consequently switches order in big-endian mode. With this
change it packs the doublewords in reverse order in anticipation of the
128bit big-endian store operation interposing them so they end up in
memory in the right order. This makes it work for both MTTCG and !MTTCG.
It effectively implements the ARM ARM STLXP operation pseudo-code:

data = if BigEndian() then el1:el2 else el2:el1;

With this change an aarch64_be Linux 4.14.4 kernel succeeds to boot up
in system emulation mode.

Backports commit 0785557f8811133bd69be02aeccf018d47a26373 from qemu
2018-03-06 08:48:12 -05:00
Jean-Christophe Dubois 0a43963f3b
target/sparc: remove MemoryRegionSection check code from sparc_cpu_get_phys_page_debug()
This code is preventing the MMU debug code from displaying virtual
mappings of IO devices (anything that is not located in the RAM).

Before this patch, Qemu would output 0xffffffffffffffff (-1) as the
physical address corresponding to an IO device virtual address.

With this patch the intended physical address is displayed.

Backports commit 7e450a8f50ac12fc8f69b6ce555254c84efcf407 from qemu
2018-03-06 08:42:13 -05:00
Laurent Vivier 13e1357dbf
target/m68k: add the Interrupt Stack Pointer
Add the third stack pointer, the Interrupt Stack Pointer (ISP)
(680x0 only). This stack will be needed in softmmu mode.

Update movec to set/get the value of the three stacks.

Backports commit 6e22b28e22aa6ed1b8db6f24da2633868019d4c9 from qemu
2018-03-06 08:41:07 -05:00
Laurent Vivier ec1c2e9576
target/m68k: add andi/ori/eori to SR/CCR
Backports commit b5ae1edc294f78865ede38377c0a9b92da4370e0 from qemu
2018-03-06 08:36:01 -05:00
Laurent Vivier 9527a5c994
target/m68k: add 680x0 "move to SR" instruction
Some cleanup, and allows SR to be moved from any addressing mode.
Previous code was wrong for coldfire: coldfire also allows to
use addressing mode to set SR/CCR. It only supports Data register
to get SR/CCR (move from)

Backports commit b6a21d8d8f69ac04fd6180e752a65d582c07e948 from qemu
2018-03-06 08:33:49 -05:00
Laurent Vivier 6559be21ad
target/m68k: move CCR/SR functions
The following patches will be clearer if we move
functions before adding new ones.

Backports commit 01490ea8f575656a9431fc0170a82bc6064fa2ef from qemu
2018-03-06 08:29:52 -05:00
Laurent Vivier f9ee2d24cc
target/m68k: implement fsave/frestore
Backports commit fff3b4b0e16c76669e56173acb9d3cc6aac85e85 from qemu
2018-03-06 08:28:36 -05:00
Laurent Vivier b82fe8b95c
target/m68k: add reset
The instruction traps if the CPU is not in
Supervisor state but the helper is empty because
there is no easy way to reset all the peripherals
without resetting the CPU itself.

Backports commit 0bdb2b3bf5660f892ddbfa09baea56cdca57ad1d from qemu
2018-03-06 08:26:01 -05:00
Laurent Vivier c5643956e3
target/m68k: add cpush/cinv
Add cache lines invalidate and cache lines push
as no-op operations, as we don't have cache.

These instructions are 68040 only.

Backports commit f58ed1c50add3e76331afdc92387c0da9dd9e443 from qemu
2018-03-06 08:24:40 -05:00
Laurent Vivier 6487da53eb
target/m68k: softmmu cleanup
don't compile supervisor only instructions in linux-user mode

Backports commit 6ad257641d60f8c4a47972af9027b1c9bb5af787 from qemu
2018-03-06 08:22:39 -05:00
Laurent Vivier 03096cb560
target/m68k: add move16
move16 moves the source line to the destination line. Lines are aligned
to 16-byte boundaries and are 16 bytes long.

Backports commit 9d4f0429f3dc1dc6c67de3eaa3106e6c1cfa1524 from qemu
2018-03-06 08:15:33 -05:00
Laurent Vivier c652028eb5
target/m68k: add chk and chk2
chk and chk2 compare a value to boundaries, and
trigger a CHK exception if the value is out of bounds.

Backports commit 8bf6cbaf396a8b54b138bb8a7c3377f2868ed16e from qemu
2018-03-06 08:08:53 -05:00
Laurent Vivier 172f3709e3
target/m68k: manage 680x0 stack frames
680x0 manages several stack frame formats:
- format 0: four-word stack frame
- format 1: four-word throwaway stack frame
- format 2: six-word stack frame
- format 3: Floating-Point post-instruction stack frame
- format 4: eight-word stack frame
- format 7: access-error stack frame

Backports commit d2f8fb8e7f8e7d082103d705e178c9f72e0bea77 from qemu
2018-03-06 08:04:08 -05:00
Laurent Vivier 134916d653
target/m68k: add CPU_LOG_INT trace
Display the interrupts/exceptions information
in QEMU logs (-d int)

Backports commit 5beb144e04f44772804ac8405b6a54a17fe78909 from qemu
2018-03-06 07:58:38 -05:00
Laurent Vivier 6d46cb09dc
target/m68k: use insn_pc to generate instruction fault address
Backports commit 16a14cdf575a2eda4698930d22b75072537754dd from qemu
2018-03-06 07:51:28 -05:00
Laurent Vivier 3a12e69ad6
target/m68k: fix gen_get_ccr()
As gen_helper_get_ccr() is able to compute CCR from cc_op and
flags, we don't need to flush flags before to call it.
flush_flags() and get_ccr() use COMPUTE_CCR() to compute
flags. get_ccr() computes CCR value,
whereas flush_flags update live cc_op and flags.

Backports commit 4131c242cc850aaf76e59d4c787d220f07850cf5 from qemu
2018-03-06 07:47:25 -05:00
Laurent Vivier 57d48199a8
target-m68k: sync CC_OP before gen_jmp_tb()
And remove update_cc_op() from gen_exception() because there is
one in gen_jmp_im().

Backports commit 7cd7b5ca9be805e8a4ced4c07014c24e34812f27 from qemu
2018-03-06 07:46:46 -05:00
Richard Henderson 7fe5f620df
tcg: Dynamically allocate TCGOps
With no fixed array allocation, we can't overflow a buffer.
This will be important as optimizations related to host vectors
may expand the number of ops used.

Use QTAILQ to link the ops together.

Backports commit 15fa08f8451babc88d733bd411d4c94976f9d0f8 from qemu
2018-03-05 16:34:40 -05:00
Richard Henderson 5f074f09ab
tcg: Remove TCGV_UNUSED* and TCGV_IS_UNUSED*
These are now trivial sets and tests against NULL. Unwrap.

Backports commit f764718d0cb30af9f1f8e1d6a33622cc05ca4155 from qemu
2018-03-05 15:58:15 -05:00
Alex Bennée 8e973e762d
target/*helper: don't check retaddr before calling cpu_restore_state
cpu_restore_state officially supports being passed an address it can't
resolve the state for. As a result the checks in the helpers are
superfluous and can be removed. This makes the code consistent with
other users of cpu_restore_state.

Of course this does nothing to address what to do if cpu_restore_state
can't resolve the state but so far it seems this is handled elsewhere.

The change was made with included coccinelle script.

Backports commit 65255e8efdd5fca602bcc4ff61a879939ff75f4f from qemu
2018-03-05 14:47:41 -05:00
Laurent Vivier 4db1e153ae
target/m68k: fix set_cc_op()
The first call of set_cc_op() in a new translation sequence
is done with old_op set to CC_OP_DYNAMIC (-1).

This will do an out of bound access to the array cc_op_live[].

We fix that by adding an entry in cc_op_live[] for CC_OP_DYNAMIC.

Backports commit 7deddf96e94f3e1eb3677db0ea7b53e61751b544 from qemu
2018-03-05 14:44:38 -05:00
Peter Xu 1bb34aadf9
cpu: refactor cpu_address_space_init()
Normally we create an address space for that CPU and pass that address
space into the function. Let's just do it inside to unify address space
creations. It'll simplify my next patch to rename those address spaces.

Backports commit 80ceb07a83375e3a0091591f96bd47bce2f640ce from qemu
2018-03-05 14:39:25 -05:00
Stefan Weil 55b19c099e
target/i386: Fix compiler warnings
These gcc warnings are fixed:

target/i386/translate.c:4461:12: warning:
variable 'prefixes' might be clobbered by 'longjmp' or 'vfork' [-Wclobbered]
target/i386/translate.c:4466:9: warning:
variable 'rex_w' might be clobbered by 'longjmp' or 'vfork' [-Wclobbered]
target/i386/translate.c:4466:16: warning:
variable 'rex_r' might be clobbered by 'longjmp' or 'vfork' [-Wclobbered]

Tested with x86_64-w64-mingw32-gcc from Debian stretch.

Backports commit a4926d99129a1d8072fc4681cd4efdb214f65ed4 from qemu
2018-03-05 14:20:36 -05:00
Yang Zhong 258b885b17
x86/cpu: Enable new SSE/AVX/AVX512 cpu features
Intel IceLake cpu has added new cpu features,AVX512_VBMI2/GFNI/
VAES/VPCLMULQDQ/AVX512_VNNI/AVX512_BITALG. Those new cpu features
need expose to guest VM.

The bit definition:
CPUID.(EAX=7,ECX=0):ECX[bit 06] AVX512_VBMI2
CPUID.(EAX=7,ECX=0):ECX[bit 08] GFNI
CPUID.(EAX=7,ECX=0):ECX[bit 09] VAES
CPUID.(EAX=7,ECX=0):ECX[bit 10] VPCLMULQDQ
CPUID.(EAX=7,ECX=0):ECX[bit 11] AVX512_VNNI
CPUID.(EAX=7,ECX=0):ECX[bit 12] AVX512_BITALG

The release document ref below link:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf

Backports commit aff9e6e46a343e1404498be4edd03db1112f0950 from qemu
2018-03-05 14:19:37 -05:00
Edgar E. Iglesias 60136b485c
target/arm: Extend PAR format determination
Now that do_ats_write() is entirely in control of whether to
generate a 32-bit PAR or a 64-bit PAR, we can make it use the
correct (complicated) condition for doing so.

Backports commit 1313e2d7e2cd8b21741e0cf542eb09dfc4188f79 from qemu
2018-03-05 14:08:50 -05:00
Peter Maydell 0dfb84ea50
target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill()
All of the callers of get_phys_addr() and arm_tlb_fill() now ignore
the FSR values they return, so we can just remove the argument
entirely.

Backports commit bc52bfeb3be2052942b7dac8ba284f342ac9605b from qemu
2018-03-05 14:05:08 -05:00
Peter Maydell ec686af668
target/arm: Ignore fsr from get_phys_addr() in do_ats_write()
In do_ats_write(), rather than using the FSR value from get_phys_addr(),
construct the PAR values using the information in the ARMMMUFaultInfo
struct. This allows us to create a PAR of the correct format regardless
of what the translation table format is.

For the moment we leave the condition for "when should this be a
64 bit PAR" as it was previously; this will need to be fixed to
properly support AArch32 Hyp mode.

Backports commit 5efe9ed45dec775ebe91ce72bd805ee780d16064 from qemu
2018-03-05 14:01:26 -05:00
Peter Maydell 3a5701e030
target/arm: Use ARMMMUFaultInfo in deliver_fault()
Now that ARMMMUFaultInfo is guaranteed to have enough information
to construct a fault status code, we can pass it in to the
deliver_fault() function and let it generate the correct type
of FSR for the destination, rather than relying on the value
provided by get_phys_addr().

I don't think there are any cases the old code was getting
wrong, but this is more obviously correct.

Backports commit 681f9a89d201d7891e2c60dff5e5415d8f618518 from qemu
2018-03-05 13:59:50 -05:00
Peter Maydell 4d666dbb99
target/arm: Convert get_phys_addr_pmsav8() to not return FSC values
Make get_phys_addr_pmsav8() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit 3f551b5b7380ff131fe22944aa6f5b166aa13caf from qemu
2018-03-05 13:57:33 -05:00
Peter Maydell 3eb4a2ea84
target/arm: Convert get_phys_addr_pmsav7() to not return FSC values
Make get_phys_addr_pmsav7() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit 9375ad15338b24e06109071ac3a85df48a2cc2e6 from qemu
2018-03-05 13:55:20 -05:00
Peter Maydell 79b2c4b1e7
target/arm: Convert get_phys_addr_pmsav5() to not return FSC values
Make get_phys_addr_pmsav5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Note that PMSAv5 does not define any guest-visible fault status
register, so the different "fsr" values we were previously
returning are entirely arbitrary. So we can just switch to using
the most appropriae fi->type values without worrying that we
need to special-case FaultInfo->FSC conversion for PMSAv5.

Backports commit 53a4e5c5b07b2f50c538511b74b0d3d4964695ea from qemu
2018-03-05 13:54:05 -05:00
Peter Maydell 013e7873ee
target/arm: Convert get_phys_addr_lpae() to not return FSC values
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit da909b2c23a68e57bbcb6be98229e40df606f0c8 from qemu
2018-03-05 13:52:18 -05:00
Peter Maydell c6496ec00a
target/arm: Convert get_phys_addr_v6() to not return FSC values
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit f06cf243945ccb24cb9578304306ae7fcb4cf3fd from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 4ccf3c3927
target/arm: Convert get_phys_addr_v5() to not return FSC values
Make get_phys_addr_v5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.

Backports commit f989983e8dc9be6bc3468c6dbe46fcb1501a740c from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 457e4f35ac
target/arm: Remove fsr argument from arm_ld*_ptw()
All the callers of arm_ldq_ptw() and arm_ldl_ptw() ignore the value
that those functions store in the fsr argument on failure: if they
return failure to their callers they will always overwrite the fsr
value with something else.

Remove the argument from these functions and S1_ptw_translate().
This will simplify removing fsr from the calling functions.

Backports commit 3795a6de9f7ec4a7e3dcb8bf02a88a014147b0b0 from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 211cbde764
target/arm: Provide fault type enum and FSR conversion functions
Currently get_phys_addr() and its various subfunctions return
a hard-coded fault status register value for translation
failures. This is awkward because FSR values these days may
be either long-descriptor format or short-descriptor format.
Worse, the right FSR type to use doesn't depend only on the
translation table being walked -- some cases, like fault
info reported to AArch32 EL2 for some kinds of ATS operation,
must be in long-descriptor format even if the translation
table being walked was short format. We can't get those cases
right with our current approach.

Provide fields in the ARMMMUFaultInfo struct which allow
get_phys_addr() to provide sufficient information for a caller to
construct an FSR value themselves, and utility functions which do
this for both long and short format FSR values, as a first step in
switching get_phys_addr() and its children to only returning the
failure cause in the ARMMMUFaultInfo struct.

Backports commit 1fa498fe0de979030bd1f481046e9f1c5574a584 from qemu
2018-03-05 13:48:32 -05:00
Peter Maydell 8fe6b6c308
target/arm: Implement TT instruction
Implement the TT instruction which queries the security
state and access permissions of a memory location.

Backports commit 5158de241b0fb344a6c948dfcbc4e611ab5fafbe from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell 4e5ec9c0dc
target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()
For the TT instruction we're going to need to do an MPU lookup that
also tells us which MPU region the access hit. This requires us
to do the MPU lookup without first doing the SAU security access
check, so pull the MPU lookup parts of get_phys_addr_pmsav8()
out into their own function.

The TT instruction also needs to know the MPU region number which
the lookup hit, so provide this information to the caller of the
MPU lookup code, even though get_phys_addr_pmsav8() doesn't
need to know it.

Backports commit 54317c0ff3a3c0f6b2c3a1d3c8b5d93686a86d24 from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell c441b19d76
target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv()
The TT instruction is going to need to look up the MMU index
for a specified security and privilege state. Refactor the
existing arm_v7m_mmu_idx_for_secstate() into a version that
lets you specify the privilege state and one that uses the
current state of the CPU.

Backports commit ec8e3340286a87d3924c223d60ba5c994549f796 from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell 89acdeb9af
target/arm: Split M profile MNegPri mmu index into user and priv
For M profile, we currently have an mmu index MNegPri for
"requested execution priority negative". This fails to
distinguish "requested execution priority negative, privileged"
from "requested execution priority negative, usermode", but
the two can return different results for MPU lookups. Fix this
by splitting MNegPri into MNegPriPriv and MNegPriUser, and
similarly for the Secure equivalent MSNegPri.

This takes us from 6 M profile MMU modes to 8, which means
we need to bump NB_MMU_MODES; this is OK since the point
where we are forced to reduce TLB sizes is 9 MMU modes.

(It would in theory be possible to stick with 6 MMU indexes:
{mpu-disabled,user,privileged} x {secure,nonsecure} since
in the MPU-disabled case the result of an MPU lookup is
always the same for both user and privileged code. However
we would then need to rework the TB flags handling to put
user/priv into the TB flags separately from the mmuidx.
Adding an extra couple of mmu indexes is simpler.)

Backports commit 62593718d77c06ad2b5e942727cead40775d2395 from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell d877985eea
target/arm: Add missing M profile case to regime_is_user()
When we added the ARMMMUIdx_MSUser MMU index we forgot to
add it to the case statement in regime_is_user(), so we
weren't treating it as unprivileged when doing MPU lookups.
Correct the omission.

Backports commit 871bec7c44a453d9cab972ce1b5d12e1af0545ab from qemu
2018-03-05 13:48:31 -05:00
Peter Maydell 999080382f
target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode
In ARMv7M the CPU ignores explicit writes to CONTROL.SPSEL
in Handler mode. In v8M the behaviour is slightly different:
writes to the bit are permitted but will have no effect.

We've already done the hard work to handle the value in
CONTROL.SPSEL being out of sync with what stack pointer is
actually in use, so all we need to do to fix this last loose
end is to update the condition we use to guard whether we
call write_v7m_control_spsel() on the register write.

Backports commit 83d7f86d3d27473c0aac79c1baaa5c2ab01b02d9 from qemu
2018-03-05 13:48:30 -05:00
Peter Maydell 6713884243
target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads
For v8M it is possible for the CONTROL.SPSEL bit value and the
current stack to be out of sync. This means we need to update
the checks used in reads and writes of the PSP and MSP special
registers to use v7m_using_psp() rather than directly checking
the SPSEL bit in the control register.

Backports commit 1169d3aa5b19adca9384d954d80e1f48da388284 from qemu
2018-03-05 13:48:30 -05:00
Eduardo Habkost 64a535ea8c
i386: Add EPYC-IBPB CPU model
EPYC-IBPB is a copy of the EPYC CPU model with
just CPUID_8000_0008_EBX_IBPB added.

Backports commit 8ebfafa796ca0cb2b035a7f06f836a675d8b48be from qemu
2018-03-05 13:48:30 -05:00
Eduardo Habkost 676409d54e
i386: Add new -IBRS versions of Intel CPU models
The new MSR IA32_SPEC_CTRL MSR was introduced by a recent Intel
microcode updated and can be used by OSes to mitigate
CVE-2017-5715. Unfortunately we can't change the existing CPU
models without breaking existing setups, so users need to
explicitly update their VM configuration to use the new *-IBRS
CPU model if they want to expose IBRS to guests.

The new CPU models are simple copies of the existing CPU models,
with just CPUID_7_0_EDX_SPEC_CTRL added and model_id updated.

Backports commit 61efbbf869293f1deb9ee39d44bd4e635de59fa7 from qemu
2018-03-05 13:48:30 -05:00
Eduardo Habkost 6fbabb4bce
i386: Add FEAT_8000_0008_EBX CPUID feature word
Add the new feature word and the "ibpb" feature flag.

Based on a patch by Paolo Bonzini.

Backports commit 1ade973f5202404e772aae7b1acd331270d246dc from qemu
2018-03-05 13:48:30 -05:00
Eduardo Habkost 7bee95ad28
i386: Add spec-ctrl CPUID bit
Add the feature name and a CPUID_7_0_EDX_SPEC_CTRL macro.

Backports commit 803d42fa65a371f7bb13180a5953299dc3a160e0 from qemu
2018-03-05 13:48:30 -05:00
Paolo Bonzini 7cf98b1a6e
i386: Add support for SPEC_CTRL MSR
Backports commit cb2637a5ae1f4e61af423395300548f14e8a2e2a from qemu
2018-03-05 13:48:29 -05:00
Eduardo Habkost 181524d695
i386: Change X86CPUDefinition::model_id to const char*
It is valid to have a 48-character model ID on CPUID, however the
definition of X86CPUDefinition::model_id is char[48], which can
make the compiler drop the null terminator from the string.

If a CPU model happens to have 48 bytes on model_id, "-cpu help"
will print garbage and the object_property_set_str() call at
x86_cpu_load_def() will read data outside the model_id array.

We could increase the array size to 49, but this would mean the
compiler would not issue a warning if a 49-char string is used by
mistake for model_id.

To make things simpler, simply change model_id to be const char*,
and validate the string length using an assert() on
x86_register_cpudef_type().

Backports commit 4b220d88ba76fb2623ce4b8ba1f1eea66b82144e from qemu
2018-03-05 13:48:29 -05:00
Peter Maydell d89704eb0f
target/i386: Fix handling of VEX prefixes
In commit e3af7c788b73a6495eb9d94992ef11f6ad6f3c56 we
replaced direct calls to to cpu_ld*_code() with calls
to the x86_ld*_code() wrappers which incorporate an
advance of s->pc. Unfortunately we didn't notice that
in one place the old code was deliberately not incrementing
s->pc:

@@ -4501,7 +4528,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu)
static const int pp_prefix[4] = {
0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
};
- int vex3, vex2 = cpu_ldub_code(env, s->pc);
+ int vex3, vex2 = x86_ldub_code(env, s);

if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
/* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,

This meant we were mishandling this set of instructions.
Remove the manual advance of s->pc for the "is VEX" case
(which is now done by x86_ldub_code()) and instead rewind
PC in the case where we decide that this isn't really VEX.

Backports commit 817a9fcba8043faa467929e7b0193df6bdc92211 from qemu
2018-03-05 13:48:29 -05:00
Peter Maydell 352a7b2501
target/arm: Generate UNDEF for 32-bit Thumb2 insns
The refactoring of commit 296e5a0a6c3935 has a nasty bug:
it accidentally dropped the generation of code to raise
the UNDEF exception when disas_thumb2_insn() returns nonzero.
This means that 32-bit Thumb2 instruction patterns that
ought to UNDEF just act like nops instead. This is likely
to break any number of things, including the kernel's "disable
the FPU and use the UNDEF exception to identify when to turn
it back on again" trick.

Backports commit 7472e2efb049ea65a6a5e7261b78ebf5c561bc2f from qemu
2018-03-05 13:48:29 -05:00
Peter Maydell c01b9a3cfe
arm: check regime, not current state, for ATS write PAR format
In do_ats_write(), rather than using extended_addresses_enabled() to
decide whether the value we get back from get_phys_addr() is a 64-bit
format PAR or a 32-bit one, use arm_s1_regime_using_lpae_format().

This is not really the correct answer, because the PAR format
depends on the AT instruction being used, not just on the
translation regime. However getting this correct requires a
significant refactoring, so that get_phys_addr() returns raw
information about the fault which the caller can then assemble
into a suitable FSR/PAR/syndrome for its purposes, rather than
get_phys_addr() returning a pre-formatted FSR.

However this change at least improves the situation by making
the PAR work correctly for address translation operations done
at AArch64 EL2 on the EL2 translation regime. In particular,
this is necessary for Xen to be able to run in our emulation,
so this seems like a safer interim fix given that we are in freeze.

Backports commit 50cd71b0d347c74517dcb7da447fe657fca57d9c from qemu
2018-03-05 13:48:28 -05:00
Peter Maydell 175b632c91
target/arm: Report GICv3 sysregs present in ID registers if needed
The CPU ID registers ID_AA64PFR0_EL1, ID_PFR1_EL1 and ID_PFR1
have a field for reporting presence of GICv3 system registers.
We need to report this field correctly in order for Xen to
work as a guest inside QEMU emulation. We mustn't incorrectly
claim the sysregs exist when they don't, though, or Linux will
crash.

Unfortunately the way we've designed the GICv3 emulation in QEMU
puts the system registers as part of the GICv3 device, which
may be created after the CPU proper has been realized. This
means that we don't know at the point when we define the ID
registers what the correct value is. Handle this by switching
them to calling a function at runtime to read the value, where
we can fill in the GIC field appropriately.

Backports commit 96a8b92ed8f02d5e86ad380d3299d9f41f99b072 from qemu
2018-03-05 13:48:28 -05:00
Wanpeng Li 72430e4d75
target-i386: adds PV_TLB_FLUSH CPUID feature bit
Adds PV_TLB_FLUSH CPUID feature bit.

Backports commit 6976af663d3a19d1f86a56b5504f1b4559d0f1ae from qemu
2018-03-05 13:48:28 -05:00
Richard Henderson a58eb310eb
target/arm: Use helper_retaddr in stxp helpers
We use raw memory primitives along the !parallel_cpus paths in order to
simplify the endianness handling. Because of that, we did not benefit
from the generic changes to cpu_ldst_user_only_template.h.

The simplest fix is to manipulate helper_retaddr here.

Backports commit 3bdb5fcc9a08a9a47ce30c4e0c2d64c95190b49d from qemu
2018-03-05 13:48:28 -05:00
Emilio G. Cota 208014df9e
arm/translate-a64: mark path as unreachable to eliminate warning
Fixes the following warning when compiling with gcc 5.4.0 with -O1
optimizations and --enable-debug:

target/arm/translate-a64.c: In function ‘aarch64_tr_translate_insn’:
target/arm/translate-a64.c:2361:8: error: ‘post_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!post_index) {
^
target/arm/translate-a64.c:2307:10: note: ‘post_index’ was declared here
bool post_index;
^
target/arm/translate-a64.c:2386:8: error: ‘writeback’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (writeback) {
^
target/arm/translate-a64.c:2308:10: note: ‘writeback’ was declared here
bool writeback;
^

Note that idx comes from selecting 2 bits, and therefore its value
can be at most 3.

Backports commit 5ca66278c859bb1ded243755aeead2be6992ce73 from qemu
2018-03-05 11:40:11 -05:00
Peter Maydell 33d42df60c
translate.c: Fix usermode big-endian AArch32 LDREXD and STREXD
For AArch32 LDREXD and STREXD, architecturally the 32-bit word at the
lowest address is always Rt and the one at addr+4 is Rt2, even if the
CPU is big-endian. Our implementation does these with a single
64-bit store, so if we're big-endian then we need to put the two
32-bit halves together in the opposite order to little-endian,
so that they end up in the right places. We were trying to do
this with the gen_aa32_frob64() function, but that is not correct
for the usermode emulator, because there there is a distinction
between "load a 64 bit value" (which does a BE 64-bit access
and doesn't need swapping) and "load two 32 bit values as one
64 bit access" (where we still need to do the swapping, like
system mode BE32).

Backports commit 3448d47b3172015006b79197eb5a69826c6a7b6d from qemu
2018-03-05 11:39:29 -05:00
Andrew Baumann 5250db33b5
arm: implement cache/shareability attribute bits for PAR registers
On a successful address translation instruction, PAR is supposed to
contain cacheability and shareability attributes determined by the
translation. We previously returned 0 for these bits (in line with the
general strategy of ignoring caches and memory attributes), but some
guest OSes may depend on them.

This patch collects the attribute bits in the page-table walk, and
updates PAR with the correct attributes for all LPAE translations.
Short descriptor formats still return 0 for these bits, as in the
prior implementation.

Backports commit 5b2d261d60caf9d988d91ca1e02392d6fc8ea104 from qemu
2018-03-05 11:35:28 -05:00
Stefano Stabellini 1212c9b73c
fix WFI/WFE length in syndrome register
WFI/E are often, but not always, 4 bytes long. When they are, we need to
set ARM_EL_IL_SHIFT in the syndrome register.

Pass the instruction length to HELPER(wfi), use it to decrement pc
appropriately and to pass an is_16bit flag to syn_wfx, which sets
ARM_EL_IL_SHIFT if needed.

Set dc->insn in both arm_tr_translate_insn and thumb_tr_translate_insn.

Backports commit 58803318e5a546b2eb0efd7a053ed36b6c29ae6f from qemu
2018-03-05 11:21:51 -05:00
Richard Henderson 28061c2e59
qom: Introduce CPUClass.tcg_initialize
Move target cpu tcg initialization to common code,
called from cpu_exec_realizefn.

Backports commit 55c3ceef61fcf06fc98ddc752b7cce788ce7680b from qemu
2018-03-05 09:49:26 -05:00
Richard Henderson 4d9c8583fa
tcg: Remove TCGV_EQUAL*
When we used structures for TCGv_*, we needed a macro in order to
perform a comparison. Now that we use pointers, this is just clutter

Backports commit 11f4e8f8bfaa2caaab24bef6bbbb8a0205015119 from qemu
2018-03-05 09:16:07 -05:00
Richard Henderson d450156414
tcg: Remove GET_TCGV_* and MAKE_TCGV_*
The GET and MAKE functions weren't really specific enough.
We now have a full complement of functions that convert exactly
between temporaries, arguments, tcgv pointers, and indices.

The target/sparc change is also a bug fix, which would have affected
a host that defines TCG_TARGET_HAS_extr[lh]_i64_i32, i.e. MIPS64.

Backports commit dc41aa7d34989b552efe712ffe184236216f960b from qemu
2018-03-05 09:12:26 -05:00
Richard Henderson eb488f5bd6
tcg: Merge opcode arguments into TCGOp
Rather than have a separate buffer of 10*max_ops entries,
give each opcode 10 entries. The result is actually a bit
smaller and should have slightly more cache locality.

Backports commit 75e8b9b7aa0b95a761b9add7e2f09248b101a392 from qemu
2018-03-05 04:45:20 -05:00
Paolo Bonzini 7dd4afd8d9
target/i386: trap on instructions longer than >15 bytes
Besides being more correct, arbitrarily long instruction allow the
generation of a translation block that spans three pages. This
confuses the generator and even allows ring 3 code to poison the
translation block cache and inject code into other processes that are
in guest ring 3.

This is an improved (and more invasive) fix for commit 30663fd ("tcg/i386:
Check the size of instruction being translated", 2017-03-24). In addition
to being more precise (and generating the right exception, which is #GP
rather than #UD), it distinguishes better between page faults and too long
instructions, as shown by this test case:

int main()
{
char *x = mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANON, -1, 0);
memset(x, 0x66, 4096);
x[4096] = 0x90;
x[4097] = 0xc3;
char *i = x + 4096 - 15;
mprotect(x + 4096, 4096, PROT_READ|PROT_WRITE);
((void(*)(void)) i) ();
}

... which produces a #GP without the mprotect, and a #PF with it.

Backports commit b066c5375737ad0d630196dab2a2b329515a1d00 from qemu
2018-03-05 04:12:28 -05:00
Paolo Bonzini 44f87a8fbf
target/i386: introduce x86_ld*_code
These take care of advancing s->pc, and will provide a unified point
where to check for the 15-byte instruction length limit.

Backports commit e3af7c788b73a6495eb9d94992ef11f6ad6f3c56 from qemu
2018-03-05 04:11:02 -05:00
Peter Maydell 0c06666800
target/arm: Implement SG instruction corner cases
The common situation of the SG instruction is that it is
executed from S&NSC memory by a CPU in NS state. That case
is handled by v7m_handle_execute_nsc(). However the instruction
also has defined behaviour in a couple of other cases:
* SG instruction in NS memory (behaves as a NOP)
* SG in S memory but CPU already secure (clears IT bits and
does nothing else)
* SG instruction in v8M without Security Extension (NOP)

These can be implemented in translate.c.

Backports commit 76eff04d166b8fe747adbe82de8b7e060e668ff9 from qemu
2018-03-05 03:47:20 -05:00
Peter Maydell 272427b4a0
target/arm: Support some Thumb insns being always unconditional
A few Thumb instructions are always unconditional even inside an
IT block (as opposed to being UNPREDICTABLE if used inside an
IT block): BKPT, the v8M SG instruction, and the A profile
HLT (debug halt) instruction.

This means we need to suppress the jump-over-instruction-on-condfail
code generation (though the IT state still advances as usual and
subsequent insns in the IT block may be conditional).

Backports commit dcf14dfb704519846f396a376339ebdb93eaf049 from qemu
2018-03-05 03:46:10 -05:00
Peter Maydell 7a293cd7cc
target-arm: Simplify insn_crosses_page()
Recent changes have left insn_crosses_page() more complicated
than it needed to be:
* it's only called from thumb_tr_translate_insn() so we know
for certain that we're looking at a Thumb insn
* the caller's check for dc->pc >= dc->next_page_start - 3
means that dc->pc can't possibly be 4 aligned, so there's
no need to check that (the check was partly there to ensure
that we didn't treat an ARM insn as Thumb, I think)
* we now have thumb_insn_is_16bit() which lets us do a precise
check of the length of the next insn, rather than opencoding
an inaccurate check

Simplify it down to just loading the first half of the insn
and calling thumb_insn_is_16bit() on it.

Backports commit 5b8d7289e9e92a0d7bcecb93cd189e245fef10cd from qemu
2018-03-05 03:44:54 -05:00
Peter Maydell 96f86f472a
target/arm: Pull Thumb insn word loads up to top level
Refactor the Thumb decode to do the loads of the instruction words at
the top level rather than only loading the second half of a 32-bit
Thumb insn in the middle of the decode.

This is simple apart from the awkward case of Thumb1, where the
BL/BLX prefix and suffix instructions live in what in Thumb2 is the
32-bit insn space. To handle these we decode enough to identify
whether we're looking at a prefix/suffix that we handle as a 16 bit
insn, or a prefix that we're going to merge with the following suffix
to consider as a 32 bit insn. The translation of the 16 bit cases
then moves from disas_thumb2_insn() to disas_thumb_insn().

The refactoring has the benefit that we don't need to pass the
CPUARMState* down into the decoder code any more, but the major
reason for doing this is that some Thumb instructions must be always
unconditional regardless of the IT state bits, so we need to know the
whole insn before we emit the "skip this insn if the IT bits and cond
state tell us to" code. (The always unconditional insns are BKPT,
HLT and SG; the last of these is 32 bits.)

Backports commit 296e5a0a6c393553079a641c50521ae33ff89324 from qemu
2018-03-05 03:43:38 -05:00
Peter Maydell b85d617bda
target-arm: Don't check for "Thumb2 or M profile" for not-Thumb1
The code which implements the Thumb1 split BL/BLX instructions
is guarded by a check on "not M or THUMB2". All we really need
to check here is "not THUMB2" (and we assume that elsewhere too,
eg in the ARCH(6T2) test that UNDEFs the Thumb2 insns).

This doesn't change behaviour because all M profile cores
have Thumb2 and so ARM_FEATURE_M implies ARM_FEATURE_THUMB2.
(v6M implements a very restricted subset of Thumb2, but we
can cross that bridge when we get to it with appropriate
feature bits.)

Backports commit 6b8acf256df09c8a8dd7dcaa79b06eaff4ad63f7 from qemu
2018-03-05 03:34:48 -05:00
Peter Maydell ee9b8a20c9
target/arm: Implement secure function return
Secure function return happens when a non-secure function has been
called using BLXNS and so has a particular magic LR value (either
0xfefffffe or 0xfeffffff). The function return via BX behaves
specially when the new PC value is this magic value, in the same
way that exception returns are handled.

Adjust our BX excret guards so that they recognize the function
return magic number as well, and perform the function-return
unstacking in do_v7m_exception_exit().

Backports commit d02a8698d7ae2bfed3b11fe5b064cb0aa406863b from qemu
2018-03-05 03:33:42 -05:00
Peter Maydell e312993f1f
target/arm: Implement BLXNS
Implement the BLXNS instruction, which allows secure code to
call non-secure code.

Backports commit 3e3fa230e3b8ffe119f14ba57a6bc677a411be57 from qemu
2018-03-05 03:31:59 -05:00
Peter Maydell 2c4578f46e
target/arm: Implement SG instruction
Implement the SG instruction, which we emulate 'by hand' in the
exception handling code path.

Backports commit 333e10c51ef5876ced26f77b61b69ce0f83161a9 from qemu
2018-03-05 03:28:28 -05:00
Peter Maydell 19ecd4f732
target/arm: Add M profile secure MMU index values to get_a32_user_mem_index()
Add the M profile secure MMU index values to the switch in
get_a32_user_mem_index() so that LDRT/STRT work correctly
rather than asserting at translate time.

Backports commit b9f587d62cebed427206539750ebf59bde4df422 from qemu
2018-03-05 03:25:54 -05:00
Emilio G. Cota 5fae6dd433
tcg: remove addr argument from lookup_tb_ptr
It is unlikely that we will ever want to call this helper passing
an argument other than the current PC. So just remove the argument,
and use the pc we already get from cpu_get_tb_cpu_state.

This change paves the way to having a common "tb_lookup" function.

Backports commit 7f11636dbee89b0e4d03e9e2b96e14649a7db778 from qemu
2018-03-05 02:16:34 -05:00
Todd Eisenberger 75bdfd85a7
x86: Correct translation of some rdgsbase and wrgsbase encodings
It looks like there was a transcription error when writing this code
initially. The code previously only decoded src or dst of rax. This
resolves
https://bugs.launchpad.net/qemu/+bug/1719984.

Backports commit e0dd5fd41a1a38766009f442967fab700d2d0550 from qemu
2018-03-05 02:05:26 -05:00
Peter Maydell 059f238f11
target/arm: Factor out "get mmuidx for specified security state"
For the SG instruction and secure function return we are going
to want to do memory accesses using the MMU index of the CPU
in secure state, even though the CPU is currently in non-secure
state. Write arm_v7m_mmu_idx_for_secstate() to do this job,
and use it in cpu_mmu_index().

Backports commit b81ac0eb6315e602b18439961e0538538e4aed4f from qemu
2018-03-05 02:00:23 -05:00
Peter Maydell 6958a4763d
target/arm: Fix calculation of secure mm_idx values
In cpu_mmu_index() we try to do this:
if (env->v7m.secure) {
mmu_idx += ARMMMUIdx_MSUser;
}
but it will give the wrong answer, because ARMMMUIdx_MSUser
includes the 0x40 ARM_MMU_IDX_M field, and so does the
mmu_idx we're adding to, and we'll end up with 0x8n rather
than 0x4n. This error is then nullified by the call to
arm_to_core_mmu_idx() which masks out the high part, but
we're about to factor out the code that calculates the
ARMMMUIdx values so it can be used without passing it through
arm_to_core_mmu_idx(), so fix this bug first.

Backports commit fe768788d29597ee56fc11ba2279d502c2617457 from qemu
2018-03-05 01:58:42 -05:00
Peter Maydell 7988aec017
target/arm: Implement security attribute lookups for memory accesses
Implement the security attribute lookups for memory accesses
in the get_phys_addr() functions, causing these to generate
various kinds of SecureFault for bad accesses.

The major subtlety in this code relates to handling of the
case when the security attributes the SAU assigns to the
address don't match the current security state of the CPU.

In the ARM ARM pseudocode for validating instruction
accesses, the security attributes of the address determine
whether the Secure or NonSecure MPU state is used. At face
value, handling this would require us to encode the relevant
bits of state into mmu_idx for both S and NS at once, which
would result in our needing 16 mmu indexes. Fortunately we
don't actually need to do this because a mismatch between
address attributes and CPU state means either:
* some kind of fault (usually a SecureFault, but in theory
perhaps a UserFault for unaligned access to Device memory)
* execution of the SG instruction in NS state from a
Secure & NonSecure code region

The purpose of SG is simply to flip the CPU into Secure
state, so we can handle it by emulating execution of that
instruction directly in arm_v7m_cpu_do_interrupt(), which
means we can treat all the mismatch cases as "throw an
exception" and we don't need to encode the state of the
other MPU bank into our mmu_idx values.

This commit doesn't include the actual emulation of SG;
it also doesn't include implementation of the IDAU, which
is a per-board way to specify hard-coded memory attributes
for addresses, which override the CPU-internal SAU if they
specify a more secure setting than the SAU is programmed to.

Backports commit 35337cc391245f251bfb9134f181c33e6375d6c1 from qemu
2018-03-05 01:57:07 -05:00
Peter Maydell f9b4381ce0
nvic: Implement Security Attribution Unit registers
Implement the register interface for the SAU: SAU_CTRL,
SAU_TYPE, SAU_RNR, SAU_RBAR and SAU_RLAR. None of the
actual behaviour is implemented here; registers just
read back as written.

When the CPU definition for Cortex-M33 is eventually
added, its initfn will set cpu->sau_sregion, in the same
way that we currently set cpu->pmsav7_dregion for the
M3 and M4.

Number of SAU regions is typically a configurable
CPU parameter, but this patch doesn't provide a
QEMU CPU property for it. We can easily add one when
we have a board that requires it.

Backports commit 9901c576f6c02d43206e5faaf6e362ab7ea83246 from qemu
2018-03-05 01:55:11 -05:00