Commit graph

577 commits

Author SHA1 Message Date
Peter Maydell 92b5817d92
target/arm: Always set FAR to a known unknown value for debug exceptions
For debug exceptions due to breakpoints or the BKPT instruction which
are taken to AArch32, the Fault Address Register is architecturally
UNKNOWN. We were using that as license to simply not set
env->exception.vaddress, but this isn't correct, because it will
expose to the guest whatever old value was in that field when
arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old
value might be a FAR for a previous guest EL2 or secure exception, in
which case we shouldn't show it to an EL1 or non-secure exception
handler. It might also be a non-deterministic value, which is bad
for record-and-replay.

Clear env->exception.vaddress before taking breakpoint debug
exceptions, to avoid this minor information leak.

Backports commit 548f514cf89dd9ab39c0cb4c063097bccf141fdd from qemu
2018-03-25 16:38:14 -04:00
Peter Maydell d6eafe5982
target/arm: Set FSR for BKPT, BRK when raising exception
Now that we have a helper function specifically for the BRK and
BKPT instructions, we can set the exception.fsr there rather
than in arm_cpu_do_interrupt_aarch32(). This allows us to
use our new arm_debug_exception_fsr() helper.

In particular this fixes a bug where we were hardcoding the
short-form IFSR value, which is wrong if the target exception
level has LPAE enabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1756927

Backports commit 62b94f31d0df75187bb00684fc29e8639eacc0c5 from qemu
2018-03-25 16:36:51 -04:00
Peter Maydell 16c0c2d253
target/arm: Factor out code to calculate FSR for debug exceptions
When a debug exception is taken to AArch32, it appears as a Prefetch
Abort, and the Instruction Fault Status Register (IFSR) must be set.
The IFSR has two possible formats, depending on whether LPAE is in
use. Factor out the code in arm_debug_excp_handler() which picks
an FSR value into its own utility function, update it to use
arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants,
and use the correct condition to select long or short format.

In particular this fixes a bug where we could select the short
format because we're at EL0 and the EL1 translation regime is
not using LPAE, but then route the debug exception to EL2 because
of MDCR_EL2.TDE and hand EL2 the wrong format FSR.

Backports commit 81621d9ab8a0f07956e67850b15eebf6d6992eec from qemu
2018-03-25 16:35:27 -04:00
Peter Maydell 7a3ee5fd95
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0. We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction. We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.

Backports commit c900a2e62dd6dde11c8f5249b638caad05bb15be from qemu
2018-03-25 16:33:04 -04:00
Victor Kamensky ecd2ecb590
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.

To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.

This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.

Backports commit a75a52d62418dafe462be4fe30485501d1010bb9 from qemu
2018-03-25 16:27:27 -04:00
Bharata B Rao e373c001fa
cpu: Add Error argument to cpu_exec_init()
Add an Error argument to cpu_exec_init() to let users collect the
error. This is in preparation to change the CPU enumeration logic
in cpu_exec_init(). With the new enumeration logic, cpu_exec_init()
can fail if cpu_index values corresponding to max_cpus have already
been handed out.

Since all current callers of cpu_exec_init() are from instance_init,
use error_abort Error argument to abort in case of an error.

Backports commit 5a790cc4b942e651fec7edc597c19b637fad5a76 from qemu
2018-03-21 07:50:33 -04:00
Laurent Vivier c133a7b306
target/m68k: add a mechanism to automatically free TCGv
SRC_EA() and gen_extend() can return either a temporary
TCGv or a memory allocated one. Mark them when they are
allocated, and free them automatically at end of the
instruction translation.

We want to free locally allocated TCGv to avoid
overflow in sequence like:

0xc00ae406: movel %fp@(-132),%fp@(-268)
0xc00ae40c: movel %fp@(-128),%fp@(-264)
0xc00ae412: movel %fp@(-20),%fp@(-212)
0xc00ae418: movel %fp@(-16),%fp@(-208)
0xc00ae41e: movel %fp@(-60),%fp@(-220)
0xc00ae424: movel %fp@(-56),%fp@(-216)
0xc00ae42a: movel %fp@(-124),%fp@(-252)
0xc00ae430: movel %fp@(-120),%fp@(-248)
0xc00ae436: movel %fp@(-12),%fp@(-260)
0xc00ae43c: movel %fp@(-8),%fp@(-256)
0xc00ae442: movel %fp@(-52),%fp@(-276)
0xc00ae448: movel %fp@(-48),%fp@(-272)
...

That can fill a lot of TCGv entries in a sequence,
especially since 15fa08f845 ("tcg: Dynamically allocate TCGOps")
we have no limit to fill the TCGOps cache and we can fill
the entire TCG variables array and overflow it.

Backports commit ecc207d2fc1d45fabb16c38742a6675a7ba56cbc from qemu
2018-03-20 14:32:04 -04:00
Luwei Kang 30d878a0ef
i386: Disable Intel PT if packets IP payloads have LIP values
Intel processor trace should be disabled when
CPUID.(EAX=14H,ECX=0H).ECX.[bit31] is set.
Generated packets which contain IP payloads will have LIP
values when this bit is set, or IP payloads will have RIP
values.
Currently, The information of CPUID 14H is constant to make
live migration safty and this bit is always 0 in guest even
if host support LIP values.
Guest sees the bit is 0 will expect IP payloads with RIP
values, but the host CPU will generate IP payloads with
LIP values if this bit is set in HW.
To make sure the value of IP payloads correctly, Intel PT
should be disabled when bit[31] is set.

Backports relevant parts of commit c078ca968c6c7cb62781c1843d840cb0f5c72781 from qemu
2018-03-20 14:25:40 -04:00
Igor Mammedov cd27da0d88
cpu: get rid of unused cpu_init() defines
cpu_init(cpu_model) were replaced by cpu_create(cpu_type) so
no users are left, remove it.

Backports commit 3f71e724e283233753f1b5b3d6a30948d3084636 from qemu
2018-03-20 14:21:45 -04:00
Igor Mammedov f8eeacb280
Use cpu_create(type) instead of cpu_init(cpu_model)
With all targets defining CPU_RESOLVING_TYPE, refactor
cpu_parse_cpu_model(type, cpu_model) to parse_cpu_model(cpu_model)
so that callers won't have to know internal resolving cpu
type. Place it in exec.c so it could be called from both
target independed vl.c and *-user/main.c.

That allows us to stop abusing cpu type from
MachineClass::default_cpu_type
as resolver class in vl.c which were confusing part of
cpu_parse_cpu_model().

Also with new parse_cpu_model(), the last users of cpu_init()
in null-machine.c and bsd/linux-user targets could be switched
to cpu_create() API and cpu_init() API will be removed by
follow up patch.

With no longer users left remove MachineState::cpu_model field,
new code should use MachineState::cpu_type instead and
leave cpu_model parsing to generic code in vl.c.

Backports commit 2278b93941d42c30e2950d4b8dff4943d064e7de from qemu
2018-03-20 14:20:30 -04:00
Igor Mammedov 20f67e8f9a
pc: use generic cpu_model parsing
define default CPU type in generic way in pc_machine_class_init()
and let common machine code to handle cpu_model parsing

Patch also introduces TARGET_DEFAULT_CPU_TYPE define for 2 purposes:
* make foo_machine_class_init() look uniform on every target
* use define in [bsd|linux]-user targets to pick default
cpu type

Backports commit 311ca98d16bbb6a2a38b38ba898baa4a4d4ab9a7 from qemu
2018-03-20 13:22:05 -04:00
Igor Mammedov 9c5153270f
i386: keep cpu_model field in MachineState uptodate
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Backports commit 6aff24c6a61c6fec31e555c7748ba6085b7b2c06 from qemu
2018-03-20 12:40:35 -04:00
Igor Mammedov 8344a5a63c
pc: Parse CPU features only once
Considering that features are converted to global properties and
global properties are automatically applied to every new instance
of created CPU (at object_new() time), there is no point in
parsing cpu_model string every time a CPU created. So move
parsing outside CPU creation loop and do it only once.

Parsing also should be done before any CPU is created so that
features would affect the first CPU a well.

Backports commit 6aff24c6a61c6fec31e555c7748ba6085b7b2c06 from qemu
2018-03-20 12:27:44 -04:00
Igor Mammedov 87db6e033b
cpu: Use CPUClass->parse_features() as convertor to global properties
Currently CPUClass->parse_features() is used to parse -cpu
features string and set properties on created CPU instances.

But considering that features specified by -cpu apply to every
created CPU instance, it doesn't make sense to parse the same
features string for every CPU created. It also makes every target
that cares about parsing features string explicitly call
CPUClass->parse_features() parser, which gets in a way if we
consider using generic device_add for CPU hotplug as device_add
has not a clue about CPU specific hooks.

Turns out we can use global properties mechanism to set
properties on every created CPU instance for a given type. That
way it's possible to convert CPU features into a set of global
properties for CPU type specified by -cpu cpu_model and common
Device.device_post_init() will apply them to CPU of given type
automatically regardless whether it's manually created CPU or CPU
created with help of device_add.

Backports commits 62a48a2a5798425997152dea3fc48708f9116c04 and
f313369fdb78f849ecbbd8e5d88f01ddf38786c8 from qemu
2018-03-20 12:00:27 -04:00
Igor Mammedov f86355f82c
cpu: add CPU_RESOLVING_TYPE macro
it will be used for providing to cpu name resolving class for
parsing cpu model for system and user emulation code.

Along with change add target to null-machine tests, so
that when switch to CPU_RESOLVING_TYPE happens,
it would ensure that null-machine usecase still works.

Backports commit 0dacec874fa3b3fd34b0d0670fa257efdcbbebd0 from qemu
2018-03-20 11:28:13 -04:00
Igor Mammedov c6dd0d3bef
m68k: cleanup cpu type name composition
use new M68K_CPU_TYPE_NAME to compose CPU type names
and get rid of intermediate M68kCPUInfo/register_cpu_type()
which is replaced by static TypeInfo array.

Backports commit f61797bd947cff86b12036917b35ebc38628e4df from qemu
2018-03-20 08:40:05 -04:00
Igor Mammedov 9e175711d6
sparc: cleanup cpu type name composition
introduce SPARC_CPU_TYPE_NAME macro and use it to
construct cpu type names.

Backports commit 1d4bfc5496387124e56df6fd49481e1821403456 from qemu
2018-03-20 08:26:21 -04:00
Eduardo Habkost 074865ff98
cpu: Generify CPU init functions
Backports commits 2994fd96d986578a342f2342501b4ad30f6d0a85,
701e3c78ce45fa630ffc6826c4b9a4218954bc7f, and
d1853231c60d16af78cf4d1608d043614bfbac0b from qemuu
2018-03-20 08:21:51 -04:00
Peter Crosthwaite ce1831bfb4
target-*: Don't redefine cpu_exec()
This function needs to be converted to QOM hook and virtualised for
multi-arch. This rename interferes, as cpu-qom will not have access
to the renaming causing name divergence. This rename doesn't really do
anything anyway so just delete it.

Backports commit 8642c1b81e0418df066a7960a7426d85a923a253 from qemu
2018-03-20 07:02:47 -04:00
Igor Mammedov 15eb359656
numa: move numa_node from CPUState into target specific classes
Move vcpu's associated numa_node field out of generic CPUState
into inherited classes that actually care about cpu<->numa mapping,
i.e: ARMCPU, PowerPCCPU, X86CPU.

Backports relevant parts of commit 15f8b14228b856850df3fa5ba999ad96521f2208 from qemu
2018-03-20 06:46:20 -04:00
Chao Peng a64b7f0d3f
i386: Add support to get/set/migrate Intel Processor Trace feature
Add Intel Processor Trace related definition. It also add
corresponding part to kvm_get/set_msr and vmstate.

Backports commit b77146e9a129bcdb60edc23639211679ae846a92 from qemu
2018-03-17 19:11:21 -04:00
Chao Peng da2d5108ee
i386: Add Intel Processor Trace feature support
Expose Intel Processor Trace feature to guest.

To make Intel PT live migration safe and get same CPUID information
with same CPU model on diffrent host. CPUID[14] is constant in this
patch. Intel PT use EPT is first supported in IceLake, the CPUID[14]
get on this machine as default value. Intel PT would be disabled
if any machine don't support this minial feature list.

Backports commit e37a5c7fa459558b5020588994707fe3fdd6616e from qemu
2018-03-17 19:10:30 -04:00
Wanpeng Li f0701e6dd5
target-i386: add KVM_HINTS_DEDICATED performance hint
Add KVM_HINTS_DEDICATED performance hint, guest checks this feature bit
to determine if they run on dedicated vCPUs, allowing optimizations such
as usage of qspinlocks.

Backports commit be7773268d98176489483a315d3e2323cb0615b9 from qemu
2018-03-17 19:07:19 -04:00
Liran Alon 9fbdd8d885
KVM: x86: Add support for save/load MSR_SMI_COUNT
This MSR returns the number of #SMIs that occurred on
CPU since boot.

KVM commit 52797bf9a875 ("KVM: x86: Add emulation of MSR_SMI_COUNT")
introduced support for emulating this MSR.

This commit adds support for QEMU to save/load this
MSR for migration purposes.

Backports relevant parts of commit e13713db5b609d9a83c9cfc8ba389d4215d4ba29 from qemu
2018-03-17 19:02:31 -04:00
Brijesh Singh 624391bdc8
cpu/i386: populate CPUID 0x8000_001F when SEV is active
When SEV is enabled, CPUID 0x8000_001F should provide additional
information regarding the feature (such as which page table bit is used
to mark the pages as encrypted etc).

The details for memory encryption CPUID is available in AMD APM
(https://support.amd.com/TechDocs/24594.pdf) Section E.4.17

Backports relevant parts of commit 6cb8f2a663a47c6e0da17fc4fb9e06abfda2bd48 from qemu
2018-03-17 19:00:59 -04:00
Laurent Vivier 5ec082d17c
target/m68k: implement fcosh
Using a local m68k floatx80_cosh()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 02f9124ebe26c36f0f7ed58085bd963e4372b2cd from qemu
2018-03-17 18:58:57 -04:00
Laurent Vivier 7569530893
target/m68k: implement fsinh
Using a local m68k floatx80_sinh()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit eee6b892a6063c2807ecf33a2f62a8d7cca7652c from qemu
2018-03-17 18:57:16 -04:00
Laurent Vivier a2a662a901
target/m68k: implement ftanh
Using local m68k floatx80_tanh() and floatx80_etoxm1()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 9937b02965c2a7dbc4b21d98e29b082bab095aa5 from qemu
2018-03-17 18:55:33 -04:00
Laurent Vivier e031b14e4a
target/m68k: implement fatanh
Using a local m68k floatx80_atanh()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit e3655afa137b2e0999537eef273a2845ba21d68c from qemu
2018-03-17 18:54:24 -04:00
Laurent Vivier c900ad13f9
target/m68k: implement facos
Using a local m68k floatx80_acos()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit c84813b807fc82c68ff6d72387f95b15ad283bf6 from qemu
2018-03-17 18:52:27 -04:00
Laurent Vivier 542a863020
target/m68k: implement fasin
Using a local m68k floatx80_asin()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit bc20b34e03b51725d7f008551b5f56f1da07ab6a from qemu
2018-03-17 18:50:30 -04:00
Laurent Vivier 80a2ebf67b
target/m68k: implement fatan
Using a local m68k floatx80_atan()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 8c992abc892c90caf1d4dd5b4482cda052a280ba from qemu
2018-03-17 18:48:32 -04:00
Laurent Vivier 5630647279
target/m68k: implement fsincos
using floatx80_sin() and floatx80_cos()

Backports commit 47446c9ce34b6685ffe20e829ff6c9aaefd3af0a from qemu
2018-03-17 18:41:30 -04:00
Laurent Vivier 4177dd3ce8
target/m68k: implement fcos
Using a local m68k floatx80_cos()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 68d0ed37866de2c5cafc4e2589e263961b2e8cd6 from qemu
2018-03-17 18:39:05 -04:00
Laurent Vivier acc9bd1d21
target/m68k: implement fsin
Using a local m68k floatx80_sin()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 5add1ac42faffd3d3639101fa778dced693a65a3 from qemu
2018-03-17 18:37:01 -04:00
Laurent Vivier caf3cb0571
target/m68k: implement ftan
Using a local m68k floatx80_tan()
[copied from previous:
Written by Andreas Grabher for Previous, NeXT Computer Emulator.]

Backports commit 273401809c8a8330e5430f2c958467efa7079b2c from qemu
2018-03-17 18:35:01 -04:00
Lioncash 1fe99928c8
target/m68k: Correct M68K_CPU macro parameters in m68k_cpu_handle_mmu_fault in helper.c 2018-03-17 18:31:06 -04:00
Lioncash c169f3dc5d
target/i386: Correct X86_CPU macro parameters in x86_cpu_handle_mmu_fault() in helper.c 2018-03-17 18:30:46 -04:00
Lioncash acb7231650
target/m68k: Correct duplicate conditions in gen_cc_cond 2018-03-17 18:30:33 -04:00
Lioncash 95d50a02a1
target/mips/translate: Perform comparison pass with qemu
Keeps code and formatting in sync
2018-03-12 17:52:56 -04:00
Lioncash 7db1bff993
target/mips/op_helper: Perform comparison pass with qemu
Keeps code and formatting in sync
2018-03-12 15:25:08 -04:00
Lioncash 48429b2bcb
target/mips/msa_helper: Perform comparison pass with qemu
Keeps code and formatting in sync
2018-03-12 15:15:42 -04:00
Lioncash 4e8a1f8d6b
target/mips/internal: Perform comparison pass with qemu
Keeps code and formatting in sync with qemu
2018-03-12 15:13:17 -04:00
Lioncash 05089ecb12
target/mips/helper: Perform comparison pass with qemu
Keeps code and formatting in sync with qemu
2018-03-12 15:11:52 -04:00
Lioncash e9d9ed5eaa
target/i386/bpt_helper: Perform comparison pass with qemu
Keep formatting and code in sync where applicable
2018-03-12 13:28:50 -04:00
Lioncash fc7eaf7f77
target/i386/svm_helper: Perform comparison pass with qemu
Keep code and formatting in sync where applicable
2018-03-12 13:27:03 -04:00
Lioncash 27c283bb3c
target/i386/smm_helper: Perform comparison pass with qemu
Ensure code and formatting stay in sync where relevant
2018-03-12 13:25:37 -04:00
Lioncash 73426a7e79
target/i386/seg_helper: Perform comparison pass against qemu
Ensure formatting and code stay in sync where relevant
2018-03-12 13:24:36 -04:00
Lioncash a1910954cd
target/i386/mem_helper: Perform comparison pass against qemu
Ensure formatting and relevant code are in order
2018-03-12 13:19:05 -04:00
Lioncash 995ae229a3
target/i386/excp_helper: remove unnecessary comment 2018-03-12 13:16:53 -04:00