Commit graph

3771 commits

Author SHA1 Message Date
Markus Armbruster fb0fb93109
qapi-types: add #if conditions to types & visitors
Types & visitors are coupled and must be handled together to avoid
temporary build regression.

Wrap generated types/visitor code with #if/#endif using the context
helpers. Derived from a patch by Marc-André.

Backports commit 9f88c66211342714b06c051140fd64ffd338dbe1 from qemu
2018-07-05 12:12:28 -04:00
Marc-André Lureau 7b4961d75b
qapi/events: add #if conditions to events
Wrap generated code with #if/#endif using an 'ifcontext' on
QAPIGenCSnippet objects.

This makes a conditional event's qapi_event_send_FOO() compile-time
conditional, but its enum QAPIEvent member remains unconditional for
now. A follow up patch "qapi-event: add 'if' condition to implicit
event enum" will improve this.

Backports commit c3cd6aa0201c126eda8dc71b60e7aa259a3e79b9 from qemu
2018-07-05 12:09:05 -04:00
Marc-André Lureau 3826a61eae
qapi: add #if/#endif helpers
Add helpers to wrap generated code with #if/#endif lines.

A later patch wants to use QAPIGen for generating C snippets rather
than full C files with copyright headers etc. Splice in class
QAPIGenCCode between QAPIGen and QAPIGenC.

Add a 'with' statement context manager that will be used to wrap
generator visitor methods. The manager will check if code was
generated before adding #if/#endif lines on QAPIGenCSnippet
objects. Used in the following patches.

Backports commit ded9fc28b5a07213f3e5e8ac7ea0494b85813de1 from qemu
2018-07-05 12:07:14 -04:00
Marc-André Lureau 8a2db0aabd
qapi: mcgen() shouldn't indent # lines
Skip preprocessor lines when adding indentation, since that would
likely result in invalid code.

Backports commit 485d948ce86f5a096dc848ec31b70cd66452d40d from qemu
2018-07-05 12:04:58 -04:00
Marc-André Lureau 2ba3229cbb
qapi: add 'ifcond' to visitor methods
Modify the test visitor to check correct passing of values.

Backports commit fbf09a2fa4d9460033023e56cc1b195be053b353 from qemu
2018-07-05 12:04:07 -04:00
Marc-André Lureau 9b10264eea
qapi: leave the ifcond attribute undefined until check()
We commonly initialize attributes to None in .init(), then set their
real value in .check(). Accessing the attribute before .check()
yields None. If we're lucky, the code that accesses the attribute
prematurely chokes on None.

It won't for .ifcond, because None is a legitimate value.

Leave the ifcond attribute undefined until check().

Backports commit 4fca21c1b043cb1ef2e197ef15e7474ba668d925 from qemu
2018-07-05 12:00:10 -04:00
Marc-André Lureau 0253b6184b
qapi: pass 'if' condition into QAPISchemaEntity objects
Built-in objects remain unconditional. Explicitly defined objects use
the condition specified in the schema. Implicitly defined objects
inherit their condition from their users. For most of them, there is
exactly one user, so the condition to use is obvious. The exception
is wrapped types generated for simple union variants, which can be
shared by any number of simple unions. The tight condition would be
the disjunction of the conditions of these simple unions. For now,
use the wrapped type's condition instead. Much simpler and good
enough for now.

Backports commit 2cbc94376e718448699036be7f6e29ab75312b70 from qemu
2018-07-05 11:47:54 -04:00
Marc-André Lureau b55309fab2
qapi: add 'if' to top-level expressions
Accept 'if' key in top-level elements, accepted as string or list of
string type. The following patches will modify the test visitor to
check the value is correctly saved, and generate #if/#endif code (as a
single #if/endif line or a series for a list).

Example of 'if' key:
{ 'struct': 'TestIfStruct', 'data': { 'foo': 'int' },
'if': 'defined(TEST_IF_STRUCT)' }

The generated code is for now *unconditional*. Later patches generate
the conditionals.

Backports commit 967c885108f18e5065744719f7959ba5ea0a5b0d from qemu
2018-07-05 11:41:42 -04:00
Igor Mammedov 9bec5e0be8
qapi: introduce new cmd option "allow-preconfig"
New option will be used to allow commands, which are prepared/need
to run, during preconfig state. Other commands that should be able
to run in preconfig state, should be amended to not expect machine
in initialized state or deal with it.

For compatibility reasons, commands that don't use new flag
'allow-preconfig' explicitly are not permitted to run in
preconfig state but allowed in all other states like they used
to be.

Within this patch allow following commands in preconfig state:
qmp_capabilities
query-qmp-schema
query-commands
query-command-line-options
query-status
exit-preconfig
to allow qmp connection, basic introspection and moving to the next
state.

PS:
set-numa-node and query-hotpluggable-cpus will be enabled later in
a separate patches.

Backports commit d6fe3d02e9a2ce7b63a0723d0b71f3013f59d705 from qemu
2018-07-05 11:39:46 -04:00
Peter Xu 082c39587d
qapi: restrict allow-oob value to be "true"
It was missed in the first version of OOB series.  We should check this
to make sure we throw the right error when fault value is passed in.

Backports commit 9408860165e07aaadec66c336f3dc849b945a8ed from qemu
2018-07-05 11:37:26 -04:00
Peter Xu 15819915db
qapi: introduce new cmd option "allow-oob"
Here "oob" stands for "Out-Of-Band". When "allow-oob" is set, it means
the command allows out-of-band execution.

The "oob" idea is proposed by Markus Armbruster in following thread:

https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg02057.html

This new "allow-oob" boolean will be exposed by "query-qmp-schema" as
well for command entries, so that QMP clients can know which commands
can be used in out-of-band calls. For example the command "migrate"
originally looks like:

{"name": "migrate", "ret-type": "17", "meta-type": "command",
"arg-type": "86"}

And it'll be changed into:

{"name": "migrate", "ret-type": "17", "allow-oob": false,
"meta-type": "command", "arg-type": "86"}

This patch only provides the QMP interface level changes. It does not
contain the real out-of-band execution implementation yet.

Backports commit 876c67512e2af8c05686faa9f9ff49b38d7a392c from qemu
2018-07-05 11:34:47 -04:00
Jan Kiszka f5f1d9f86b
target-i386: Add NPT support
This implements NPT suport for SVM by hooking into
x86_cpu_handle_mmu_fault where it reads the stage-1 page table. Whether
we need to perform this 2nd stage translation, and how, is decided
during vmrun and stored in hflags2, along with nested_cr3 and
nested_pg_mode.

As get_hphys performs a direct cpu_vmexit in case of NPT faults, we need
retaddr in that function. To avoid changing the signature of
cpu_handle_mmu_fault, this passes the value from tlb_fill to get_hphys
via the CPU state.

This was tested successfully via the Jailhouse hypervisor.

Backports commit fe441054bb3f0c75ff23335790342c0408e11c3a from qemu
2018-07-03 19:52:56 -04:00
Philippe Mathieu-Daudé f5698ff9a5
x86/cpu: Use definitions from qemu/units.h
Backports commit 6a4e0614c3e2ca01ac030e9c486c77d4d7225021 from qemu
2018-07-03 19:48:38 -04:00
Philippe Mathieu-Daudé 26948b6b98
include: Add IEC binary prefixes in qemu/units.h
Loosely based on 076b35b5a56.

Backports commit 7ecdc94c40f4958a66893c0eac423c6a80f376d4 from qemu
2018-07-03 19:47:19 -04:00
Richard Henderson 8bd115214d
cpu: Assert asidx_from_attrs return value in range
Backports commit 9c8c334b0637bf3c592d432b0c11f3b62dd5dba3 from qemu
2018-07-03 19:43:59 -04:00
Lioncash 0cf14f0d13
target/arm: Fix ISAR6 register state
Bad patch application
2018-07-03 19:31:52 -04:00
Peter Maydell 0c6311f8cc
accel/tcg: Correct "is this a TLB miss" check in get_page_addr_code()
In commit 71b9a45330fe220d1 we changed the condition we use
to determine whether we need to refill the TLB in
get_page_addr_code() to
if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
(addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK)))) {

This isn't the right check (it will falsely fail if the
input addr happens to have the low bit corresponding to
TLB_INVALID_MASK set, for instance). Replace it with a
use of the new tlb_hit() function, which is the correct test.

Backports commit e4c967a7201400d7f76e5847d5b4c4ac9e2566e0 from qemu
2018-07-03 19:23:25 -04:00
Peter Maydell 6543f9ea26
tcg: Define and use new tlb_hit() and tlb_hit_page() functions
The condition to check whether an address has hit against a particular
TLB entry is not completely trivial. We do this in various places, and
in fact in one place (get_page_addr_code()) we have got the condition
wrong. Abstract it out into new tlb_hit() and tlb_hit_page() inline
functions (one for a known-page-aligned address and one for an
arbitrary address), and use them in all the places where we had the
condition correct.

This is a no-behaviour-change patch; we leave fixing the buggy
code in get_page_addr_code() to a subsequent patch

Backports commit 334692bce7f0653a93b8d84ecde8c847b08dec38 from qemu
2018-07-03 19:21:36 -04:00
Richard Henderson 611bc4e6db
target/arm: Add ID_ISAR6
This register was added to aa32 state by ARMv8.2.

Backports commit 802abf4024d23e48d45373ac3f2b580124b54b47 from qemu
2018-07-03 05:15:47 -04:00
Richard Henderson 0da6b74f69
target/arm: Prune a15 features from max
There is no need to re-set these 3 features already
implied by the call to aarch64_a15_initfn.

Backports commit 0b33968e7f4cf998f678b2d1a5be3d6f3f3513d8 from qemu
2018-07-03 05:09:39 -04:00
Richard Henderson d950e69174
target/arm: Prune a57 features from max
There is no need to re-set these 9 features already
implied by the call to aarch64_a57_initfn.

Backports commit 156a7065365578deb3d63c2b5b69a4b5999a8fcc from qemu
2018-07-03 05:08:47 -04:00
Richard Henderson 6d81235ebb
target/arm: Fix SVE system register access checks
Leave ARM_CP_SVE, removing ARM_CP_FPU; the sve_access_check
produced by the flag already includes fp_access_check. If
we also check ARM_CP_FPU the double fp_access_check asserts.

Backports commit 11d7870b1b4d038d7beb827f3afa72e284701351 from qemu
2018-07-03 05:07:53 -04:00
Richard Henderson f64e48dbee
target/arm: Fix SVE signed division vs x86 overflow exception
We already check for the same condition within the normal integer
sdiv and sdiv64 helpers. Use a slightly different formation that
does not require deducing the expression type.

Backports commit 7e8fafbfd0537937ba8fb366a90ea6548cc31576 from qemu
2018-07-03 05:06:06 -04:00
Aaron Lindsay 27afa92f24
target/arm: Mark PMINTENSET accesses as possibly doing IO
This makes it match its AArch64 equivalent, PMINTENSET_EL1

Backports commit b7d793ad3db06401bc817c0ca355a2d160c802d4 from qemu
2018-07-03 05:05:00 -04:00
Aaron Lindsay 4684e875d3
target/arm: Add ARM_FEATURE_V7VE for v7 Virtualization Extensions 2018-07-03 05:04:08 -04:00
Alex Bennée 85512a5121
target/arm: support reading of CNT[VCT|FRQ]_EL0 from user-space
Since kernel commit a86bd139f2 (arm64: arch_timer: Enable CNTVCT_EL0
trap..), released in kernel version v4.12, user-space has been able
to read these system registers. As we can't use QEMUTimer's in
linux-user mode we just directly call cpu_get_clock().

Backports commit 26c4a83bd4707797868174332a540f7d61288d15 from qemu
2018-07-03 05:00:06 -04:00
Richard Henderson a325de6685
target/arm: Implement ARMv8.2-DotProd
We've already added the helpers with an SVE patch, all that remains
is to wire up the aa64 and aa32 translators. Enable the feature
within -cpu max for CONFIG_USER_ONLY.

Backports commit 26c470a7bb4233454137de1062341ad48947f252 from qemu
2018-07-03 04:55:43 -04:00
Richard Henderson d4a8f1bfcb
target/arm: Enable SVE for aarch64-linux-user
Enable ARM_FEATURE_SVE for the generic "max" cpu.

Backports commit 802ac0e1e956f3b34a7cb0eda4ec28a60aa87a0a from qemu
2018-07-03 04:46:44 -04:00
Richard Henderson d343f8ac0f
target/arm: Implement SVE dot product (indexed)
Backports commit 16fcfdc7325649b187ac489f3ae0b0d2a20b6230 from qemu
2018-07-03 04:42:41 -04:00
Richard Henderson 2f6d555473
target/arm: Implement SVE dot product (vectors)
Backports commit d730ecaae77ac696515207a5ef99509240fc792b from qemu
2018-07-03 04:35:25 -04:00
Richard Henderson 01a7224cdb
target/arm: Implement SVE fp complex multiply add (indexed)
Enhance the existing helpers to support SVE, which takes the
index from each 128-bit segment. The change has no effect
for AdvSIMD, since there is only one such segment.

Backports commit 18fc24057815bf3d956cfab892a2bc2344bd1dcb from qemu
2018-07-03 04:32:46 -04:00
Richard Henderson 281deae0a9
target/arm: Pass index to AdvSIMD FCMLA (indexed)
For aa64 advsimd, we had been passing the pre-indexed vector.
However, sve applies the index to each 128-bit segment, so we
need to pass in the index separately.

For aa32 advsimd, the fp32 operation always has index 0, but
we failed to interpret the fp16 index correctly.

Backports commit 2cc99919a81a62589a4a6b0f365eabfead1db1a7 from qemu
2018-07-03 04:27:10 -04:00
Richard Henderson 63431f0c21
target/arm: Implement SVE fp complex multiply add
Backports commit 05f48bab3080fb876fbad8d8f14e6ba545432d67 from qemu
2018-07-03 04:21:41 -04:00
Richard Henderson 79220741df
target/arm: Implement SVE floating-point complex add
Backports commit 76a9d9cdc481ed79f1c2ec16eeed185f13e6a8ae from qemu
2018-07-03 04:17:41 -04:00
Richard Henderson f7847aad46
target/arm: Implement SVE MOVPRFX
Backports commit a21035822e67000b4849e31935d0ecc39a96bb9f from qemu
2018-07-03 04:14:37 -04:00
Richard Henderson 00d3671412
target/arm: Implement SVE floating-point unary operations
Backports commit ec5b375bb5a0e35c0c21dc9dd1d82894269ce215 from qemu
2018-07-03 04:11:12 -04:00
Richard Henderson 2c2c940ef8
target/arm: Implement SVE floating-point round to integral value
Backports commit cda3c75322c6fae1cc5b367ee6d7acf2cbdbcf2b from qemu
2018-07-03 04:07:21 -04:00
Richard Henderson a9160a0e08
target/arm: Implement SVE floating-point convert to integer
Backports commit df4de1affc440d6f2cdaeea329b90c0b88ece5a1 from qemu
2018-07-03 04:02:58 -04:00
Richard Henderson 524630de27
target/arm: Implement SVE floating-point convert precision
Backports commit 46d33d1e3c9c5d56d57056db55010de52c173902 from qemu
2018-07-03 03:58:07 -04:00
Richard Henderson b14793a933
target/arm: Implement SVE floating-point trig multiply-add coefficient
Backports commit 67fcd9ad35d2b38630ee34e8ced8878d334c74fb from qemu
2018-07-03 03:52:36 -04:00
Richard Henderson f7e0c9e079
target/arm: Implement SVE FP Compare with Zero Group
Backports commit 4d2e2a03384a43c641e0cbca7ac79d7d0c50f666 from qemu
2018-07-03 03:49:52 -04:00
Richard Henderson 942f3c835e
target/arm: Implement SVE Floating Point Unary Operations - Unpredicated Group
Backports commit 3887c0388d39930ab419d4ae6e8ca5ea67a74ad5 from qemu
2018-07-03 03:44:40 -04:00
Richard Henderson f9f228efec
target/arm: Implement SVE FP Fast Reduction Group
Backports commit 23fbe79faa38cb4acc59f956a63feba3c2cc73ac from qemu
2018-07-03 03:41:00 -04:00
Richard Henderson cf3c7824ff
target/arm: Implement SVE Floating Point Multiply Indexed Group
Backports commit ca40a6e6e390eb1cad7ade881dc7c622793f9324 from qemu
2018-07-03 03:35:49 -04:00
Richard Henderson c718ef4243
target/arm: Implement SVE floating-point arithmetic with immediate
Backports commit cc48affe83fff4b2886c064265d7103dee5e4a14 from qemu
2018-07-03 03:24:46 -04:00
Richard Henderson db1d39ab4a
target/arm: Implement SVE floating-point compare vectors
Backports commit abfdefd5bd444b629d16dcefc2b60ac8da37e87d from qemu
2018-07-03 03:14:24 -04:00
Richard Henderson be65f60799
target/arm: Implement SVE scatter store vector immediate
Backports commit 408ecde97bd30f8ec13f831976d0a9a6535bb569 from qemu
2018-07-03 03:09:51 -04:00
Richard Henderson 892a9a66eb
target/arm: Implement SVE first-fault gather loads
Backports commit ed67eb7fa2a63b6709ec94397d833bc3686f7833 from qemu
2018-07-03 03:06:07 -04:00
Richard Henderson 1782f20dde
target/arm: Implement SVE gather loads
Backports commit 673e9fa6c29e030f4ab6ceae5d0f50bd36fe0ee0 from qemu
2018-07-03 02:58:18 -04:00
Richard Henderson 3a5d095277
target/arm: Implement SVE prefetches
Backports commit dec6cf6b43a1e3b18626852064d1e6e863c9b681 from qemu
2018-07-03 02:42:06 -04:00
Richard Henderson b78e283513
target/arm: Implement SVE scatter stores
Backports commit f6dbf62a7e3d00e9a1dcc7fe3e53b32c3ed93e24 from qemu
2018-07-03 02:40:17 -04:00
Richard Henderson d71cdfa41f
target/arm: Implement SVE store vector/predicate register
Backports commit 5047c204d0d4a0fff616a24963b2b45c7d9ba4c4 from qemu
2018-07-03 02:32:10 -04:00
Richard Henderson c497dc0a83
target/arm: Implement SVE load and broadcast element
Backports commit 684598640dc3b28f86ccc28cc9af50ba257f4cc8 from qemu
2018-07-03 02:27:00 -04:00
Richard Henderson 2caa99929e
target/arm: Implement SVE Floating Point Accumulating Reduction Group
Backports commit 7f9ddf64d5fe5bfaa91ae0ec52217d86f4d86452 from qemu
2018-07-03 02:21:41 -04:00
Richard Henderson 44d89b4cb1
target/arm: Implement SVE FP Multiply-Add Group
Backports commit 6ceabaad1101b0b33490b0fd4bed5b6445b0a34e from qemu
2018-07-03 02:17:16 -04:00
Richard Henderson d1c5d5b728
target/arm: Implement SVE floating-point arithmetic (predicated)
Backports commit ec3b87c28eb120b6575cc1ed7bfbfbf1b0060163 from qemu
2018-07-03 02:13:04 -04:00
Richard Henderson e7f53b6d1b
target/arm: Implement SVE integer convert to floating-point
Backports commit 8092c6a314c9625d8976fb6c5b6969f2a1105cd8 from qemu
2018-07-03 02:05:50 -04:00
Richard Henderson 8a99e1bad2
target/arm: Implement SVE load and broadcast quadword
Backports commit 05abe304be2987cb3576729a14dab96e9ccfaec9 from qemu
2018-07-03 02:01:23 -04:00
Richard Henderson 3a51861c05
target/arm: Implement SVE Memory Contiguous Store Group
Backports commit 1a039c7e58533d5f9431a2064771113d5961c964 from qemu
2018-07-03 01:57:52 -04:00
Richard Henderson 22a155a5d4
target/arm: Implement SVE Contiguous Load, first-fault and no-fault
Backports commit e2654d757598d6c06d1ceb25c62ddf7d63cac32f from qemu
2018-07-03 01:52:38 -04:00
Richard Henderson da1eeb226e
target/arm: Implement SVE Memory Contiguous Load Group
Backports commit c4e7c493da2fdd2c92a7958e592e38200af2f1ba from qemu
2018-07-03 01:40:18 -04:00
Jan Kiszka a27161c7a0
target-i386: Mark cpu_vmexit noreturn
It calls cpu_loop_exit in system emulation mode (and should never be
called in user emulation mode).

Backports commit 50b3de6e5cd464dcc20e3a48f5a09e0299a184ac from qemu
2018-07-03 01:30:01 -04:00
Jan Kiszka fab6f4cd3a
target-i386: Allow interrupt injection after STGI
We need to terminate the translation block after STGI so that pending
interrupts can be injected.

This fixes pending NMI injection for Jailhouse which uses "stgi; clgi"
to open a brief injection window.

Backports commit df2518aa587a0157bbfbc635fe47295629d9914a from qemu
2018-07-03 01:29:43 -04:00
Jan Kiszka 7c01627388
target-i386: Add NMI interception to SVM
Check for SVM interception prior to injecting an NMI. Tested via the
Jailhouse hypervisor.

Backports commit 02f7fd25a446a220905c2e5cb0fc3655d7f63b29 from qemu
2018-07-03 01:25:29 -04:00
Paolo Bonzini b7e2e6ec04
osdep: work around Coverity parsing errors
Coverity does not like the new _Float* types that are used by
recent glibc, and croaks on every single file that includes
stdlib.h. Add dummy typedefs to please it.

Backports commit a1a98357e3fdfce92b5ed0c6728489b9992fecb5 from qemu
2018-07-03 01:23:39 -04:00
Richard Henderson 91359e67f9
target/i386: Fix BLSR and BLSI
The implementation of these two instructions was swapped.
At the same time, unify the setup of eflags for the insn group.

Backports commit 13672386a93fef64cfd33bd72fbf3d80f2c00e94 from qemu
2018-07-03 01:22:04 -04:00
Eric Auger 7ecf09a13d
exec: Fix MAP_RAM for cached access
When an IOMMUMemoryRegion is in front of a virtio device,
address_space_cache_init does not set cache->ptr as the memory
region is not RAM. However when the device performs an access,
we end up in glue() which performs the translation and then uses
MAP_RAM. This latter uses the unset ptr and returns a wrong value
which leads to a SIGSEV in address_space_lduw_internal_cached_slow,
for instance.

In slow path cache->ptr is NULL and MAP_RAM must redirect to
qemu_map_ram_ptr((mr)->ram_block, ofs).

As MAP_RAM, IS_DIRECT and INVALIDATE are the same in _cached_slow
and non cached mode, let's remove those macros.

This fixes the use cases featuring vIOMMU (Intel and ARM SMMU)
which lead to a SIGSEV.

Fixes: 48564041a73a (exec: reintroduce MemoryRegion caching)

Backports part of commit a99761d3c85679da380c0f597468acd3dc1b53b3 from
qemu
2018-07-03 01:11:12 -04:00
Stefan Hajnoczi e8b92838fe
compiler: add a sizeof_field() macro
Determining the size of a field is useful when you don't have a struct
variable handy. Open-coding this is ugly.

This patch adds the sizeof_field() macro, which is similar to
typeof_field(). Existing instances are updated to use the macro.

Backports commit f18793b096e69c7acfce66cded483ba9fc01762a from qemu
2018-07-03 01:02:54 -04:00
Yongbok Kim a63e549673
target/mips: Fix data type for offset
Offset can be larger than 16 bit from nanoMIPS,
and immediate field can be larger than 16 bits as well.

Backports commit 72e1f16f18fe62504f8f25d7a3f6813b24b221be from qemu
2018-07-03 01:01:09 -04:00
Yongbok Kim f2d68a4079
target/mips: Update gen_flt_ldst()
Update gen_flt_ldst() in order to reuse the functions for nanoMIPS

Backports commit b52d3bfa2d54d99ef25f6d008815eecc53b67bfe from qemu
2018-07-03 00:59:47 -04:00
Yongbok Kim a246bdb5b3
target/mips: Fix microMIPS on reset
Fix to activate microMIPS on reset when Config3.ISA == {1, 3}

Backports commit 0305d194be1dbda09fa7a7c883894030d07c355f from qemu
2018-07-03 00:57:50 -04:00
Yongbok Kim 872be901d4
target/mips: Raise a RI when given fs is n/a from CTC1
Fix to raise a Reserved Instruction exception when given fs is not
available from CTC1.

Backports commit f48a2cb21824217a61ec7be797860a0702e5325c from qemu
2018-07-03 00:57:09 -04:00
Peter Maydell 4abcf14b52
target/arm: Handle small regions in get_phys_addr_pmsav8()
Allow ARMv8M to handle small MPU and SAU region sizes, by making
get_phys_add_pmsav8() set the page size to the 1 if the MPU or
SAU region covers less than a TARGET_PAGE_SIZE.

We choose to use a size of 1 because it makes no difference to
the core code, and avoids having to track both the base and
limit for SAU and MPU and then convert into an artificially
restricted "page size" that the core code will then ignore.

Since the core TCG code can't handle execution from small
MPU regions, we strip the exec permission from them so that
any execution attempts will cause an MPU exception, rather
than allowing it to end up with a cpu_abort() in
get_page_addr_code().

(The previous code's intention was to make any small page be
treated as having no permissions, but unfortunately errors
in the implementation meant that it didn't behave that way.
It's possible that some binaries using small regions were
accidentally working with our old behaviour and won't now.)

We also retain an existing bug, where we ignored the possibility
that the SAU region might not cover the entire page, in the
case of executable regions. This is necessary because some
currently-working guest code images rely on being able to
execute from addresses which are covered by a page-sized
MPU region but a smaller SAU region. We can remove this
workaround if we ever support execution from small regions.

Backports commit 720424359917887c926a33d248131fbff84c9c28 from qemu
2018-07-03 00:55:37 -04:00
Peter Maydell 5e8e8b9bf8
target/arm: Set page (region) size in get_phys_addr_pmsav7()
We want to handle small MPU region sizes for ARMv7M. To do this,
make get_phys_addr_pmsav7() set the page size to the region
size if it is less that TARGET_PAGE_SIZE, rather than working
only in TARGET_PAGE_SIZE chunks.

Since the core TCG code con't handle execution from small
MPU regions, we strip the exec permission from them so that
any execution attempts will cause an MPU exception, rather
than allowing it to end up with a cpu_abort() in
get_page_addr_code().

(The previous code's intention was to make any small page be
treated as having no permissions, but unfortunately errors
in the implementation meant that it didn't behave that way.
It's possible that some binaries using small regions were
accidentally working with our old behaviour and won't now.)

Backports commit e5e40999b5e03567ef654546e3d448431643f8f3 from qemu
2018-07-03 00:49:51 -04:00
Babu Moger ec6b1f1554
i386: Enable TOPOEXT feature on AMD EPYC CPU
Enable TOPOEXT feature on EPYC CPU. This is required to support
hyperthreading on VM guests. Also extend xlevel to 0x8000001E.

Disable topoext on PC_COMPAT_2_12 and keep xlevel 0x8000000a.

Backports commit e00516475c270dcb6705753da96063f95699abf2 from qemu
2018-07-03 00:32:50 -04:00
Babu Moger b5f47a4884
i386: Fix up the Node id for CPUID_8000_001E
This is part of topoext support. To keep the compatibility, it is better
we support all the combination of nr_cores and nr_threads currently
supported. By allowing more nr_cores and nr_threads, we might end up with
more nodes than we can actually support with the real hardware. We need to
fix up the node id to make this work. We can achieve this by shifting the
socket_id bits left to address more nodes.

Backports commit 631be32155dbafa1fe886f2488127956c9120ba6 from qemu
2018-07-03 00:31:38 -04:00
Konrad Rzeszutek Wilk 475062aca9
i386: Define AMD's no SSB mitigation needed.
AMD future CPUs expose a mechanism to tell the guest that the
Speculative Store Bypass Disable is not needed and that the
CPU is all good.

This is exposed via the CPUID 8000_0008.EBX[26] bit.

See 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf

A copy of this document is available at
https://bugzilla.kernel.org/show_bug.cgi?id=199889

Backports commit 254790a909a2f153d689bfa7d8e8f0386cda870d from qemu
2018-07-03 00:24:58 -04:00
Konrad Rzeszutek Wilk 0023d048aa
i386: define the AMD 'amd-ssbd' CPUID feature bit
AMD future CPUs expose _two_ ways to utilize the Intel equivalant
of the Speculative Store Bypass Disable. The first is via
the virtualized VIRT_SPEC CTRL MSR (0xC001_011f) and the second
is via the SPEC_CTRL MSR (0x48). The document titled:
124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf

gives priority of SPEC CTRL MSR over the VIRT SPEC CTRL MSR.

A copy of this document is available at
https://bugzilla.kernel.org/show_bug.cgi?id=199889

Anyhow, this means that on future AMD CPUs there will be _two_ ways to
deal with SSBD.

Backports commit a764f3f7197f4d7ad8fe8424269933de912224cb from qemu
2018-07-03 00:24:24 -04:00
Eduardo Habkost bffd8c6244
i386: Remove ospke CPUID flag name
OSPKE is not a static feature flag: it changes dynamically at
runtime depending on CR4, and it was never configurable: KVM
never returned OSPKE on GET_SUPPORTED_CPUID, and on TCG enables
it automatically if CR4_PKE_MASK is set.

Remove OSPKE from the feature name array so users don't try to
configure it manually.

Backports commit 9ccb9784b57804f5c74434ad6ccb66650a015ffc from qemu
2018-07-03 00:23:33 -04:00
Eduardo Habkost f294aa7cb5
i386: Remove osxsave CPUID flag name
OSXAVE is not a static feature flag: it changes dynamically at
runtime depending on CR4, and it was never configurable: KVM
never returned OSXSAVE on GET_SUPPORTED_CPUID, and it is not
included in TCG_EXT_FEATURES.

Remove OSXSAVE from the feature name array so users don't try to
configure it manually.

Backports commit f1a23522b03a569f13aad49294bb4c4b1a9500c7 from qemu
2018-07-03 00:22:32 -04:00
Babu Moger c07a5c06e7
i386: Add support for CPUID_8000_001E for AMD
Add support for cpuid leaf CPUID_8000_001E. Build the config that closely
match the underlying hardware. Please refer to the Processor Programming
Reference (PPR) for AMD Family 17h Model for more details.

Backports commit ed78467a214595a63af7800a073a03ffe37cd7db from qemu
2018-07-03 00:21:23 -04:00
Matthias Maier b27996c799
Revert commit d4e5ec877ca
This commit removes the PYTHON_UTF8 workaround. The problem with setting

LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8

is that the en_US.UTF-8 locale might not be available. In this case
setting above locales results in build errors even though another UTF-8
locale was originally set [1]. The only stable way of fixing the
encoding problem is by specifying the encoding in Python, like the
previous commit does.

[1] https://bugs.gentoo.org/657766

Backports commit 0d6b93deeeb3cc190692d629f5927befdc8b1fb8 from qemu
2018-07-02 23:03:11 -04:00
Markus Armbruster af4b0028b8
qapi: Open files with encoding='utf-8'
Python 2 happily reads UTF-8 files in text mode, but Python 3 requires
either UTF-8 locale or an explicit encoding passed to open(). Commit
d4e5ec877ca fixed this by setting the en_US.UTF-8 locale. Falls apart
when the locale isn't be available.

Matthias Maier and Arfrever Frehtes Taifersar Arahesis proposed to use
binary mode instead, with manual conversion from bytes to str. Works,
but opening with an explicit encoding is simpler, so do that.

Since Python 2's open() doesn't support the encoding parameter, we
need to suppress it with a version check.

Backports commit de685ae5e9a4b523513033bd6cadc8187a227170 from qemu
2018-07-02 23:01:31 -04:00
Anton Nefedov 559833a0d4
qapi: allow empty branches in flat unions
It often happens that just a few discriminator values imply extra data in
a flat union. Existing checks did not make possible to leave other values
uncovered. Such cases had to be worked around by either stating a dummy
(empty) type or introducing another (subset) discriminator enumeration.

Both options create redundant entities in qapi files for little profit.

With this patch it is not necessary anymore to add designated union
fields for every possible value of a discriminator enumeration.

Backports commit 800877bb1639d38ffaebe312a37b61c66bb10c83 from qemu
2018-07-02 22:59:43 -04:00
Marc-André Lureau 6069bb69a7
qapi/events: generate event enum in main module
The event generator produces an enum, and put it in the last visited
module. It fits better in the main module, since it's the set of all
visited events, from all modules.

Backports commit f030ffd39d6c1ea8fff281be5e4b19c819d7ce10 from qemu
2018-06-29 14:19:06 -05:00
Marc-André Lureau e973b88d32
qapi/visit: remove useless prefix argument
Backports commit a48e7542be9ef6dab3c8d52f563298d06ef872c9 from qemu
2018-06-29 14:17:43 -05:00
Julia Suvorova f28514178a
target/arm: Strict alignment for ARMv6-M and ARMv8-M Baseline
Unlike ARMv7-M, ARMv6-M and ARMv8-M Baseline only supports naturally
aligned memory accesses for load/store instructions.

Backports commit 2aeba0d007d33efa12a6339bb140aa634e0d52eb from qemu
2018-06-29 14:15:33 -05:00
Julia Suvorova 65d0e176c3
target/arm: Introduce ARM_FEATURE_M_MAIN
This feature is intended to distinguish ARMv8-M variants: Baseline and
Mainline. ARMv7-M compatibility requires the Main Extension. ARMv6-M
compatibility is provided by all ARMv8-M implementations.

Backports commit cc2ae7c9de14efd72c6205825eb7cd980ac09c11 from qemu
2018-06-29 14:14:18 -05:00
Edgar E. Iglesias dfc6bd6a0b
target-arm: Add the Cortex-R5F
Add the Cortex-R5F with the optional FPU enabled.

Backports commit ebac5458c7517ed7b8ee06eb90beacc7472b295d from qemu
2018-06-29 13:53:31 -05:00
Julia Suvorova 38747fc125
target/arm: Minor cleanup for ARMv6-M 32-bit instructions
The arrays were made static, "if" was simplified because V7M and V8M
define V6 feature.

Backports commit 8297cb13e407db8a96cc7ed6b6a6c318a150759a from qemu
2018-06-29 13:50:30 -05:00
John Arbuckle 22c3206738
tcg/i386: Use byte form of xgetbv instruction
The assembler in most versions of Mac OS X is pretty old and does not
support the xgetbv instruction. To go around this problem, the raw
encoding of the instruction is used instead.

Backports commit 1019242af11400252f6735ca71a35f81ac23a66d from qemu
2018-06-28 13:23:32 -05:00
Julia Suvorova f447a6f668
target/arm: Allow ARMv6-M Thumb2 instructions
ARMv6-M supports 6 Thumb2 instructions. This patch checks for these
instructions and allows their execution.
Like Thumb2 cores, ARMv6-M always interprets BL instruction as 32-bit.

This patch is required for future Cortex-M0 support.

Backports commit 14120108f87b3f9e1beacdf0a6096e464e62bb65 from qemu
2018-06-15 14:12:20 -04:00
Richard Henderson d81cc5f5cd
target/arm: Implement SVE Floating Point Arithmetic - Unpredicated Group
Backports commit 29b80469dc51ae4064e9ef9223967882d2610523 from qemu
2018-06-15 14:10:16 -04:00
Richard Henderson e56db70fee
target/arm: Implement SVE Integer Wide Immediate - Unpredicated Group
Backports commit 6e6a157d683058d86a224cf128320d67b0915365 from qemu
2018-06-15 14:05:11 -04:00
Richard Henderson b5352c6ba1
target/arm: Implement FDUP/DUP
Backports commit ed49196125360c037d7f23c1c315a85cc234e72d from qemu
2018-06-15 13:56:03 -04:00
Richard Henderson 496bb35c97
target/arm: Implement SVE Integer Compare - Scalars Group
Backports commit caf1cefc72be98497e0907d0e07f4327fc641e96 from qemu
2018-06-15 13:54:05 -04:00
Richard Henderson bc55b3e570
target/arm: Implement SVE Predicate Count Group
Backports commit 9ee3a611de28b8d0862fa687215b04b5aad20747 from qemu
2018-06-15 13:49:58 -04:00
Richard Henderson bb930f35b0
target/arm: Implement SVE Partition Break Group
Backports commit 35da316f5e847292ffbe7b6d16cd3988043dfe22 from qemu
2018-06-15 13:42:35 -04:00
Richard Henderson ade246e87b
target/arm: Implement SVE Integer Compare - Immediate Group
Backports commit 38cadeba0daf0f16cf2aeaa5b2752b26fb0676c5 from qemu
2018-06-15 13:35:40 -04:00
Richard Henderson 2969a38d61
target/arm: Implement SVE Integer Compare - Vectors Group
Backports commit 757f9cff1b63895bfd6fc8d66a6e52d7c40baa7b from qemu
2018-06-15 13:29:15 -04:00
Richard Henderson 7211d415a4
target/arm: Implement SVE Select Vectors Group
Backports commit d3fe4a29d754dee73cbf3cb7584db222981179ac from qemu
2018-06-15 13:17:47 -04:00
Richard Henderson 7698c1634e
target/arm: Implement SVE vector splice (predicated)
Backports commit b48ff24098c72f86e187e6abb7e9ca4de40a7fb4 from qemu
2018-06-15 13:14:33 -04:00
Richard Henderson 7d930e8515
target/arm: Implement SVE reverse within elements
Backports commit dae8fb9019d2aa6ccb151a19871df40de6c98e29 from qemu
2018-06-15 13:12:14 -04:00
Richard Henderson 53d151de58
target/arm: Implement SVE copy to vector (predicated)
Backports commit 792a557847697235037fea30eaaacb9b45b4c9e5 from qemu
2018-06-15 13:03:36 -04:00
Richard Henderson 0bb2fdd752
target/arm: Implement SVE conditionally broadcast/extract element
Backports commit ef23cb726dc32375bc2fca7ac3e9f34816f6ee13 from qemu
2018-06-15 13:01:40 -04:00
Richard Henderson 8ba3bde59b
target/arm: Implement SVE compress active elements
Backports commit 3ca879aeb3412bc2be35d01a7bedf5fada960b5d from qemu
2018-06-15 12:52:19 -04:00
Richard Henderson d9ed221567
target/arm: Implement SVE Permute - Interleaving Group
Backports commit 234b48e9c68759aea78ff5a1e49c2ba806cd1d83 from qemu
2018-06-15 12:49:42 -04:00
Richard Henderson 3722ab310b
target/arm: Implement SVE Permute - Predicates Group
Backports commit d731d8cb3c74258669211f065c918353eb7b8f4a from qemu
2018-06-15 12:44:50 -04:00
Richard Henderson c57ff23c56
target/arm: Implement SVE Permute - Unpredicated Group
Backports commit 30562ab716bcec0bf718b47b5268949856b17604 from qemu
2018-06-15 12:37:56 -04:00
Richard Henderson 4dc2b5ea79
target/arm: Extend vec_reg_offset to larger sizes
Rearrange the arithmetic so that we are agnostic about the total size
of the vector and the size of the element. This will allow us to index
up to the 32nd byte and with 16-byte elements.

Backports commit 66f2dbd783d0b6172043e3679171421b2d0bac11 from qemu
2018-06-15 12:23:35 -04:00
Peter Maydell 0a23259560
exec.c: Use stn_p() and ldn_p() instead of explicit switches
Now we have stn_p() and ldn_p() we can use them in various
functions in exec.c that used to have their own switch-on-size code.

Backports commit 6d3ede5410e05c5f6221dab1daf99164fd6bf879 from qemu
2018-06-15 12:20:59 -04:00
Peter Maydell cb879422e9
exec.c: Don't accidentally sign-extend 4-byte loads in subpage_read()
In subpage_read() we perform a load of the data into a local buffer
which we then access using ldub_p(), lduw_p(), ldl_p() or ldq_p()
depending on its size, storing the result into the uint64_t *data.
Since ldl_p() returns an 'int', this means that for the 4-byte
case we will sign-extend the data, whereas for 1 and 2 byte
reads we zero-extend it.

This ought not to matter since the caller will likely ignore values in
the high bytes of the data, but add a cast so that we're consistent.

Backports commit 22672c6075a16d1998e37686f02ed4bd2fb30f78 from qemu
2018-06-15 12:18:40 -04:00
Peter Maydell 8295b228e3
bswap: Add new stn_*_p() and ldn_*_p() memory access functions
There's a common pattern in QEMU where a function needs to perform
a data load or store of an N byte integer in a particular endianness.
At the moment this is handled by doing a switch() on the size and
calling the appropriate ld*_p or st*_p function for each size.

Provide a new family of functions ldn_*_p() and stn_*_p() which
take the size as an argument and do the switch() themselves.

Backports commit afa4f6653dca095f63f3fe7f2001e9334f5676c1 from qemu
2018-06-15 12:17:21 -04:00
Peter Maydell 61a7ac6948
cpu-defs.h: Document CPUIOTLBEntry 'addr' field
The 'addr' field in the CPUIOTLBEntry struct has a rather non-obvious
use; add a comment documenting it (reverse-engineered from what
the code that sets it is doing).

Backports commit ace4109011b4912b24e76f152e2cf010e78819c5 from qemu
2018-06-15 12:07:39 -04:00
Peter Maydell 7a6ae26346
cputlb: Pass cpu_transaction_failed() the correct physaddr
The API for cpu_transaction_failed() says that it takes the physical
address for the failed transaction. However we were actually passing
it the offset within the target MemoryRegion. We don't currently
have any target CPU implementations of this hook that require the
physical address; fix this bug so we don't get confused if we ever
do add one.

Backports commit 2d54f19401bc54b3b56d1cc44c96e4087b604b97 from qemu
2018-06-15 12:03:23 -04:00
Nicholas Piggin 1a9d9e3547
osdep: powerpc64 align memory to allow 2MB radix THP page tables
This allows KVM with the Book3S radix MMU mode to take advantage of
THP and install larger pages in the partition scope page tables (the
host translation).

Backports commit 0c1272cc7c72dfe0ef66be8f283cf67c74b58586 from qemu
2018-06-15 11:53:55 -04:00
Babu Moger d4ad9e37a2
i386: Populate AMD Processor Cache Information for cpuid 0x8000001D
Add information for cpuid 0x8000001D leaf. Populate cache topology information
for different cache types (Data Cache, Instruction Cache, L2 and L3) supported
by 0x8000001D leaf. Please refer to the Processor Programming Reference (PPR)
for AMD Family 17h Model for more details.

Backports commit 8f4202fb1080f86958782b1fca0bf0279f67d136 from qemu
2018-06-15 11:52:28 -04:00
Eduardo Habkost 7837f23cd9
i386: Clean up cache CPUID code
Always initialize CPUCaches structs with cache information, even
if legacy_cache=true. Use different CPUCaches struct for
CPUID[2], CPUID[4], and the AMD CPUID leaves.

This will simplify a lot the logic inside cpu_x86_cpuid()

Backports commit a9f27ea9adc8c695197bd08f2e938ef7b4183f07 from qemu
2018-06-15 11:51:09 -04:00
Richard Henderson 1a91edd263
target/m68k: Merge disas_m68k_insn into m68k_tr_translate_insn
Backports commit a56f36c1d2bccbc50a53fa8093b93d205607f1b8 from qemu
2018-06-15 11:40:18 -04:00
Richard Henderson a8540a30d2
target/m68k: Improve ending TB at page boundaries
Rather than limit total TB size to PAGE-32 bytes, end the TB when
near the end of a page. This should provide proper semantics of
SIGSEGV when executing near the end of a page.

Backports commit 4c7a0f6f34869b3dfe7091d28ff27a8dfbdd8b70 from qemu
2018-06-15 11:36:08 -04:00
Richard Henderson c42ca54685
target/m68k: Convert to TranslatorOps
Backports commit 11ab74b01e0a8ea4973eed89c6b90fa6e4fb9fb6 from qemu
2018-06-15 11:35:31 -04:00
Richard Henderson f4432cbca7
target/m68k: Convert to DisasContextBase
Removed ctx->insn_pc in favour of ctx->base.pc_next.
Yes, it is annoying, but didn't want to waste its 4 bytes.

Backports commit a575cbe01caecf22ab322a9baa5930a6d9e39ca6 from qemu
2018-06-15 11:25:23 -04:00
Richard Henderson 0445fcf34a
target/m68k: Rename DISAS_UPDATE and gen_lookup_tb
The name gen_lookup_tb is at odds with tcg_gen_lookup_and_goto_tb.
For these cases, we do indeed want to exit back to the main loop.
Similarly, DISAS_UPDATE performs no actual update, whereas DISAS_EXIT
does what it says.

Backports commit 4106f26e95c83b8759c3fe61a4d3a1fa740db0a9 from qemu
2018-06-15 10:50:34 -04:00
Richard Henderson 90b3770665
target/m68k: Use lookup_and_goto_tb for DISAS_JUMP
These are all indirect or out-of-page direct jumps.
We can indirectly chain to the next TB without going
back to the main loop.

Backports commit 8aaf7da9c3b1f282b5a123de3e87a2e6ca87f3b9 from qemu
2018-06-15 10:48:18 -04:00
Richard Henderson c2fe05f7d9
target/m68k: Remove DISAS_JUMP_NEXT as unused
Backports commit 707ddb5ac6f91309ff6ed6bec988ed8100846f50 from qemu
2018-06-15 10:46:26 -04:00
Richard Henderson 76b8bd614d
target/m68k: Replace DISAS_TB_JUMP with DISAS_NORETURN
We have exited the TB after using goto_tb; there is no
distinction from DISAS_NORETURN.

Backports commit 825340f5659647deb62743c3cb479ec8d78f1862 from qemu
2018-06-15 10:45:33 -04:00
Richard Henderson 3c01ea765d
target/m68k: Use DISAS_NORETURN for exceptions
The raise_exception helper does not return. Do not generate
any code following that.

Backports commit cb4add334a5a8db263c20c33c5365be3868f8967 from qemu
2018-06-15 10:44:07 -04:00
Philippe Mathieu-Daudé 145174a359
target/m68k: Add trailing '\n' to qemu_log() call
Backports commit 21528149eba03fc17f428a8e1660d8666683ca85 from qemu
2018-06-08 19:25:21 -04:00
Philippe Mathieu-Daudé 5992214b3b
target/arm: Add trailing '\n' to qemu_log() calls
Backports commit 0221c8fdf2321137b34bd4dbb2557d0725739822 from qemu
2018-06-08 19:24:38 -04:00
Fam Zheng 666130cb41
Makefile: Rename TARGET_DIRS to TARGET_LIST
To be more accurate on its purpose and make code that looks for a certain
target out of this variable more readable.

Backports commit 208ecb3e1acc8d55dab49fdf721a86d513691688 from qemu
2018-06-08 19:22:45 -04:00
Richard Henderson 10e2b13650
tcg: Pass tb and index to tcg_gen_exit_tb separately
Do the cast to uintptr_t within the helper, so that the compiler
can type check the pointer argument. We can also do some more
sanity checking of the index argument.

Backports commit 07ea28b41830f946de3841b0ac61a3413679feb9 from qemu
2018-06-07 11:56:32 -04:00
Paolo Bonzini 330bb60809
tcg: remove softfloat from --disable-tcg builds
Even though the presence of softfloat does not cause --disable-tcg builds to fail,
it is the single largest .o file in them. Remove it, since TCG is the only client.

Backports commit 8f971cf0c9265fa5d9f06a195f119237e403c0ce from qemu
2018-06-07 11:49:35 -04:00
Peter Maydell 76fd93726c
exec.c: Initialize sa_flags passed to sigaction()
Coverity points out that in the user-only version of cpu_abort() we
call sigaction() with a partially initialized struct sigaction
(CID 1005351). Correct the omission.

Backports commit 8347c18506c3f8619527d19134cb4aac071dc54a from qemu
2018-06-07 11:47:08 -04:00
Richard Henderson 533a3f6a6c
tcg: Fix helper function vs host abi for float16
Depending on the host abi, float16, aka uint16_t, values are
passed and returned either zero-extended in the host register
or with garbage at the top of the host register.

The tcg code generator has so far been assuming garbage, as that
matches the x86 abi, but this is incorrect for other host abis.
Further, target/arm has so far been assuming zero-extended results,
so that it may store the 16-bit value into a 32-bit slot with the
high 16-bits already clear.

Rectify both problems by mapping "f16" in the helper definition
to uint32_t instead of (a typedef for) uint16_t. This forces
the host compiler to assume garbage in the upper 16 bits on input
and to zero-extend the result on output.

Backports commit 6c2be133a7478e443c99757b833d0f265c48e0a6 from qemu
2018-06-02 10:10:12 -04:00
Peter Maydell 0f0b2e0bd8
target/arm: Honour FPCR.FZ in FRECPX
The FRECPX instructions should (like most other floating point operations)
honour the FPCR.FZ bit which specifies whether input denormals should
be flushed to zero (or FZ16 for the half-precision version).
We forgot to implement this, which doesn't affect the results (since
the calculation doesn't actually care about the mantissa bits) but did
mean we were failing to set the FPSR.IDC bit.

Backports commit 2cfbf36ec07f7cac1aabb3b86f1c95c8a55424ba from qemu
2018-06-02 10:02:57 -04:00
Konrad Rzeszutek Wilk a08dcb8aa6
i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
AMD Zen expose the Intel equivalant to Speculative Store Bypass Disable
via the 0x80000008_EBX[25] CPUID feature bit.

This needs to be exposed to guest OS to allow them to protect
against CVE-2018-3639.

Backports commit 403503b162ffc33fb64cfefdf7b880acf41772cd from qemu
2018-05-22 16:58:25 -04:00
Konrad Rzeszutek Wilk 860411e045
i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639)
"Some AMD processors only support a non-architectural means of enabling
speculative store bypass disable (SSBD). To allow a simplified view of
this to a guest, an architectural definition has been created through a new
CPUID bit, 0x80000008_EBX[25], and a new MSR, 0xc001011f. With this, a
hypervisor can virtualize the existence of this definition and provide an
architectural method for using SSBD to a guest.

Add the new CPUID feature, the new MSR and update the existing SSBD
support to use this MSR when present." (from x86/speculation: Add virtualized
speculative store bypass disable support in Linux).

Backports commit cfeea0c021db6234c154dbc723730e81553924ff from qemu
2018-05-22 16:57:39 -04:00
Daniel P. Berrangé 795bcc7de3
i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
New microcode introduces the "Speculative Store Bypass Disable"
CPUID feature bit. This needs to be exposed to guest OS to allow
them to protect against CVE-2018-3639.

Backports commit d19d1f965904a533998739698020ff4ee8a103da from qemu
2018-05-22 16:56:41 -04:00
Philippe Mathieu-Daudé 752fd5dd12
typedefs: Remove PcGuestInfo from qemu/typedefs.h
It is long gone since e4e8ba04c2007 ...

Backports commit 201376cb9e500f64209444cb95f566679c0f54a2 from qemu
2018-05-22 00:32:07 -04:00
Murilo Opsfelder Araujo 3a3aa9e23d
HACKING: document preference for g_new instead of g_malloc
This patch documents the preference for g_new instead of g_malloc. The
reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.

Discussion in QEMU's mailing list:
http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html

Backports commit f7c922ed3d8e3cb54febbdc594ce9f4400e0d290 from qemu
2018-05-22 00:30:50 -04:00
Emilio G. Cota 7e8902eccc
tcg: fix s/compliment/complement/ typos
Backports commit 1d349821551c2da4dfefe36c6ac17319f33ebbd5 from qemu
2018-05-22 00:29:51 -04:00
Richard Henderson 6835b2dd13
target/arm: Implement SVE Permute - Extract Group
Backports commit b94f8f60bd841c5b737185cd38263e26822f77ab from qemu
2018-05-20 05:26:55 -04:00
Richard Henderson 9917f0d536
target/arm: Implement SVE Integer Wide Immediate - Predicated Group
Backports commit f25a2361539626721dbccce14c077cad03b2e72c from qemu
2018-05-20 05:24:04 -04:00
Richard Henderson f4ecf1a152
target/arm: Implement SVE Bitwise Immediate Group
Backports commit e1fa1164f397bbd381439ed32d97d9b4b4d7eb43 from qemu
2018-05-20 05:17:53 -04:00
Richard Henderson 89038c1e4b
target/arm: Implement SVE Element Count Group
Backports commit 24e82e68341e73ec0f65534c78c13fd03395b188 from qemu
2018-05-20 05:15:35 -04:00
Richard Henderson 0249ab3f7e
target/arm: Implement SVE floating-point trig select coefficient
Backports commit a1f233f25fd502f9a5b40c14df1b4dbdda463487 from qemu
2018-05-20 05:05:20 -04:00
Richard Henderson d6c18fc788
target/arm: Implement SVE floating-point exponential accelerator
Backports commit 0762cd428fd7b471207f5cb5b4bd4bd8f141dbe0 from qemu
2018-05-20 05:01:16 -04:00
Richard Henderson cb55a3acdb
target/arm: Implement SVE Compute Vector Address Group
Backports commit 4b242d9c1b6beaf5c81d84e956243b614a4a1d84 from qemu
2018-05-20 04:57:18 -04:00
Richard Henderson 45e009269e
target/arm: Implement SVE Bitwise Shift - Unpredicated Group
Backports commit d9d78dccc86eed10ccf1c8e1ac236e41ec330b06 from qemu
2018-05-20 04:51:58 -04:00
Lioncash bf97c44a2b
target/arm: Implement SVE Stack Allocation Group 2018-05-20 04:45:53 -04:00
Richard Henderson 45a09e2f25
target/arm: Implement SVE Index Generation Group
Backports commit 9a56c9c3a955b77fe436beef7ac03c76a65fa32d from qemu
2018-05-20 04:43:01 -04:00
Richard Henderson 390bd68287
target/arm: Implement SVE Integer Arithmetic - Unpredicated Group
Backports commit fea98f9c3077e4666f6d4933030b5891fbd6bb12 from qemu
2018-05-20 04:36:54 -04:00
Richard Henderson 1730d3cff0
target/arm: Implement SVE Integer Multiply-Add Group
Backports commit 96a36e4a44bbf296ac212ed68ebf4e48d3dfb1f0 from qemu
2018-05-20 04:35:36 -04:00
Richard Henderson 32949156d2
target/arm: Implement SVE Integer Arithmetic - Unary Predicated Group
Backports commit afac6d0467c1327ad2e30a3c35347fcf5a773742 from qemu
2018-05-20 04:31:18 -04:00
Lioncash 878b862a04
target/arm: Implement SVE bitwise shift by wide elements (predicated) 2018-05-20 03:10:24 -04:00
Richard Henderson 5aa51a3a74
target/arm: Implement SVE bitwise shift by vector (predicated)
Backports commit 27721dbb7ae5e2a52f06588cf38854e4cbc613c0 from qemu
2018-05-20 03:07:02 -04:00
Richard Henderson 7bb3067b95
target/arm: Implement SVE bitwise shift by immediate (predicated)
Backports commit ccd841c3d71db6943f8b6d3d56bd2abb548ba40c from qemu
2018-05-20 03:01:07 -04:00
Richard Henderson 837e39ea63
target/arm: Implement SVE Integer Reduction Group
Excepting MOVPRFX, which isn't a reduction. Presumably it is
placed within the group because of its encoding.

Backports commit 047cec971d2791b206677b954227ea92ff7ee3db from qemu
2018-05-20 02:53:04 -04:00
Richard Henderson 331aabddeb
target/arm: Implement SVE Predicate Misc Group
Backports commit 028e2a7b876631eff165cac59eb43bdb2dcc213b and
f97cfd596ed9bd38644323cb61d19b85ac703c81 from qemu
2018-05-20 02:43:36 -04:00
Richard Henderson 65f74e3608
target/arm: Implement SVE Predicate Logical Operations Group
Backports commit 516e246a1a292f6c6f6aad5451799accbb08acd9 from qemu
2018-05-20 01:35:59 -04:00
Lioncash 1eaa2e4571
target/arm: Implement SVE predicate test 2018-05-20 01:16:16 -04:00
Richard Henderson e6a0b2c2bc
target/arm: Implement SVE Bitwise Logical - Unpredicated Group
These were the instructions that were stubbed out when
introducing the decode skeleton.

Backports commit 39eea56172e668cc4cca611ed9166779df54ac63 from qemu
2018-05-20 01:00:52 -04:00
Richard Henderson 49def4bbde
target/arm: Add SVE decode skeleton
Including only 4, as-yet unimplemented, instruction patterns
so that the whole thing compiles.

Backports commit 38388f7ee3adc04a7e7246c04352451c4f8d00fb from qemu
2018-05-20 00:48:14 -04:00
Richard Henderson d2d8e2fc33
target/arm: Introduce translate-a64.h
Move some stuff that will be common to both translate-a64.c
and translate-sve.c.

Backports commit 8c71baedb8055beaa681823206ee3a74f9f8649a from qemu
2018-05-20 00:34:25 -04:00
Abdallah Bouassida 11149ba82b
target/arm: Add _S suffix to the secure version of a sysreg
This is a preparation for the coming feature of creating dynamically an XML
description for the ARM sysregs.
Add "_S" suffix to the secure version of sysregs that have both S and NS views
Replace (S) and (NS) by _S and _NS for the register that are manually defined,
so all the registers follow the same convention.

Backports commit 9c513e786d85cc58b8ba56a482566f759e0835b6 from qemu
2018-05-20 00:19:34 -04:00
Abdallah Bouassida 079615b2a0
target/arm: Add ARM_CP_NO_GDB as a new bit field for ARMCPRegInfo type
This is a preparation for the coming feature of creating dynamically an XML
description for the ARM sysregs.
A register has ARM_CP_NO_GDB enabled will not be shown in the dynamic XML.
This bit is enabled automatically when creating CP_ANY wildcard aliases.
This bit could be enabled manually for any register we want to remove from the
dynamic XML description.

Backports commit 1f16378718fa87d63f70d0797f4546a88d8e3dd7 from qemu
2018-05-20 00:15:56 -04:00
Richard Henderson 31b3a98233
fpu/softfloat: Define floatN_silence_nan in terms of parts_silence_nan
Isolate the target-specific choice to 3 functions instead of 6.

The code in floatx80_default_nan tried to be over-general. There are
only two targets that support this format: x86 and m68k. Thus there
is no point in inventing a mechanism for snan_bit_is_one.

Move routines that no longer have ifdefs out of softfloat-specialize.h.

Backports commit 377ed92679a2a5f838bc0a095112ea5020720fff from qemu
2018-05-20 00:13:42 -04:00
Richard Henderson 65c768593c
fpu/softfloat: Clean up parts_default_nan
Reduce the number of ifdefs. Correct the result for OpenRISC
and TriCore (although TriCore fixed in target-specific code).

Backports commit 8fb3d90203f328d1bebcf7f20934027bfc4e7f3f from qemu
2018-05-20 00:11:25 -04:00
Richard Henderson df3436b518
fpu/softfloat: Define floatN_default_nan in terms of parts_default_nan
Isolate the target-specific choice to 2 functions instead of 6.

The code in float16_default_nan was only correct for ARM, MIPS, and X86.
Though float16 support is rare among our targets.

The code in float128_default_nan was arguably wrong for Sparc. While
QEMU supports the Sparc 128-bit insns, no real cpu enables it.

The code in floatx80_default_nan tried to be over-general. There are
only two targets that support this format: x86 and m68k. Thus there
is no point in inventing a value for snan_bit_is_one.

Move routines that no longer have ifdefs out of softfloat-specialize.h.

Backports commit 0218a16e540ad416683e19dfbd52f75092507b27 from qemu
2018-05-20 00:04:20 -04:00
Richard Henderson 77bee9e8a5
fpu/softfloat: Pass FloatClass to pickNaNMulAdd
For each operand, pass a single enumeration instead of a pair of booleans.
The commit also merges multiple different ifdef-selected implementations
of pickNaNMulAdd into a single function whose body is ifdef-selected.

Backports commit 3bd2dec1a1e8fadb49e3ff2e2633f79e01a25c41 from qemu
2018-05-19 23:59:01 -04:00
Richard Henderson d03c570049
fpu/softfloat: Pass FloatClass to pickNaN
For each operand, pass a single enumeration instead of a pair of booleans.
The commit also merges multiple different ifdef-selected implementations
of pickNaN into a single function whose body is ifdef-selected.

Backports commit 4f251cfd52c7945ebd6ab0d86518b1a9aa51b10c from qemu
2018-05-19 23:49:46 -04:00
Richard Henderson 7995525f68
fpu/softfloat: Make is_nan et al available to softfloat-specialize.h
We will need these helpers within softfloat-specialize.h, so move
the definitions above the include. After specialization, they will
not always be used so mark them to avoid the Werror.

Backports commit 247d1f2190c5530fd18fe92a145d0a1985fca4e4 from qemu
2018-05-19 23:41:51 -04:00
Richard Henderson 79a4c4ed0f
fpu/softfloat: Specialize on snan_bit_is_one
Only MIPS requires snan_bit_is_one to be variable. While we are
specializing softfloat behaviour, allow other targets to eliminate
this runtime check.

Backports commit 03385dfdaaa2dc31bbd07d13244a6b037bfab4cc from qemu
2018-05-19 23:38:58 -04:00
Richard Henderson 9810a6d9d6
fpu/softfloat: Remove floatX_maybe_silence_nan
These functions are now unused.

Backports commit 5240a30dcc6ca85dc9352f351e2cc326402288ed from qemu
2018-05-19 23:29:30 -04:00
Richard Henderson 2eb50e8117
fpu/softfloat: Use float*_silence_nan in propagateFloat*NaN
We have already checked the arguments for SNaN;
we don't need to do it again.

Backports commit 4885312f47c0b3607e36d0568db3d717a79e51a3 from qemu
2018-05-19 23:27:34 -04:00
Richard Henderson 4c8b31e7fe
target/mips: Remove floatX_maybe_silence_nan from conversions
This is now handled properly by the generic softfloat code.

Backports commit 4accd4a89f776b0d2a34d1edf74c785549c7f3b9 from qemu
2018-05-19 23:25:04 -04:00
Richard Henderson 4e9ca91bb2
target/m68k: Use floatX_silence_nan when we have already checked for SNaN
Backports commit 1c0c951f717e66b4be45611c0d6661a2dff4241c from qemu
2018-05-19 23:23:56 -04:00
Richard Henderson 1b6cac4e7e
target/arm: Remove floatX_maybe_silence_nan from conversions
This is now handled properly by the generic softfloat code.

Backports commit a9d173dc603af74102c24c1c92d479ba580bbf07 from qemu
2018-05-19 23:23:09 -04:00
Richard Henderson 5e532f6d20
target/arm: Use floatX_silence_nan when we have already checked for SNaN
Backports commit d7ecc062c4e264f716ed239df931f52adb340508 from qemu
2018-05-19 23:21:28 -04:00
Alex Bennée f1f2521b38
fpu/softfloat: re-factor float to float conversions
This allows us to delete a lot of additional boilerplate
code which is no longer needed.

Backports commit 6fed16b265a4fcc810895bbca4d67e1ae7a89f07 from qemu
2018-05-19 23:16:58 -04:00
Alex Bennée e65fd25e17
fpu/softfloat: Partial support for ARM Alternative half-precision
For float16 ARM supports an alternative half-precision format which
sacrifices the ability to represent NaN/Inf in return for a higher
dynamic range. The new FloatFmt flag, arm_althp, is then used to
modify the behaviour of canonicalize and round_canonical with respect
to representation and exception raising.

Usage of this new flag waits until we re-factor float-to-float conversions.

Backports commit ca3a3d5a3141d44aa717dc11e4d33a834a85e1f6 from qemu
2018-05-19 23:02:38 -04:00
Alex Bennée 50105cf593
target/arm: squash FZ16 behaviour for conversions
The ARM ARM specifies FZ16 is suppressed for conversions. Rather than
pushing this logic into the softfloat code we can simply save the FZ
state and temporarily disable it for the softfloat call.

Backports commit 0acb9e7cb341cd767e39ec0875c8706eb2f1c359 from qemu
2018-05-19 23:00:09 -04:00
Alex Bennée 40d57900bf
target/arm: convert conversion helpers to fpst/ahp_flag
Instead of passing env and leaving it up to the helper to get the
right fpstatus we pass it explicitly. There was already a get_fpstatus
helper for neon for the 32 bit code. We also add an get_ahp_flag() for
passing the state of the alternative FP16 format flag. This leaves
scope for later tracking the AHP state in translation flags.

Backports commit 486624fcd3eaca6165ab8401d73bbae6c0fb81c1 from qemu
2018-05-19 22:58:25 -04:00
Richard Henderson e26a389129
fpu/softfloat: Replace float_class_msnan with parts_silence_nan
With a canonical representation of NaNs, we can silence an SNaN
immediately rather than delay until the final format is known.

Backports commit 0bcfbcbea548656ff930394f296589728c2a0c5d from qemu
2018-05-19 22:28:27 -04:00
Richard Henderson baf1d57071
fpu/softfloat: Replace float_class_dnan with parts_default_nan
With a canonical representation of NaNs, we can return the
default nan directly rather than delay the expansion until
the final format is known.

Note one case where we uselessly assigned to a.sign, which was
overwritten/ignored later when expanding float_class_dnan.

Backports commit f7e598e264b94d0982e647ac303108781d5eb4fa from qemu
2018-05-19 22:25:21 -04:00
Richard Henderson 97152bc427
fpu/softfloat: Introduce parts_is_snan_frac
Backports commit 298b468e4389587ab2e8599dd33eff3fbc698011 from qemu
2018-05-19 22:20:03 -04:00
Richard Henderson f89c1fc034
fpu/softfloat: Canonicalize NaN fraction
Shift the NaN fraction to a canonical position, much like we
do for the fraction of normal numbers. This will facilitate
manipulation of NaNs within the shared code paths.

Backports commit 94933df0e5c34d1a50fc950553f9c9649cae5320 from qemu
2018-05-19 22:17:44 -04:00
Richard Henderson 3873bfe133
fpu/softfloat: Move softfloat-specialize.h below FloatParts definition
We want to be able to specialize on the canonical representation.

Backports commit 0664335a6eb65d684918dd3f1a7f0a3d5b92cbe1 from qemu
2018-05-19 22:07:12 -04:00
Richard Henderson ff8fab55a2
fpu/softfloat: Split floatXX_silence_nan from floatXX_maybe_silence_nan
The new function assumes that the input is an SNaN and
does not double-check.

Backports commit d619bb98fdcda24f9ee3b7a53a4d555228dbca52 from qemu
2018-05-19 22:06:33 -04:00
Richard Henderson db3479e242
fpu/softfloat: Merge NO_SIGNALING_NANS definitions
Move the ifdef inside the relevant functions instead of
duplicating the function declarations.

Backports commit bca52234d1c04e0665f67708bcdef6d805d60adb from qemu
2018-05-19 21:59:24 -04:00
Petr Tesarik d1d09f384e
fpu/softfloat: Fix conversion from uint64 to float128
The significand is passed to normalizeRoundAndPackFloat128() as high
first, low second. The current code passes the integer first, so the
result is incorrectly shifted left by 64 bits.

This bug affects the emulation of s390x instruction CXLGBR (convert
from logical 64-bit binary-integer operand to extended BFP result).

Backports commit 6603d50648901e8b9e6d66ec1142accf0b1df1e6 from qemu
2018-05-19 21:55:59 -04:00
Babu Moger 5091ebe6fb
i386: Add new property to control cache info
The property legacy-cache will be used to control the cache information.
If user passes "-cpu legacy-cache" then older information will
be displayed even if the hardware supports new information. Otherwise
use the statically loaded cache definitions if available.

Renamed the previous cache structures to legacy_*. If there is any change in
the cache information, then it needs to be initialized in builtin_x86_defs.

Backports commit ab8f992e3e63e91be257e4e343d386dae7be4bcb from qemu
2018-05-17 19:04:56 -04:00
Babu Moger 1add2da704
i386: Initialize cache information for EPYC family processors
Initialize pre-determined cache information for EPYC processors.

Backports commit fe52acd2a054b97765963a42037f2f886545e30c from qemu
2018-05-17 19:01:19 -04:00
Babu Moger c5b8a6a704
i386: Add cache information in X86CPUDefinition
Add cache information in X86CPUDefinition and CPUX86State.

Backports commit 6aaeb05492ef668f415324f43e7d875c0f1e90b3 from qemu
2018-05-17 18:56:12 -04:00
Eduardo Habkost db87beaaa6
i386: Helpers to encode cache information consistently
Instead of having a collection of macros that need to be used in
complex expressions to build CPUID data, define a CPUCacheInfo
struct that can hold information about a given cache. Helper
functions will take a CPUCacheInfo struct as input to encode
CPUID leaves for a cache.

This will help us ensure consistency between cache information
CPUID leaves, and make the existing inconsistencies in CPUID info
more visible.

Backports commit 7e3482f824809e1f6ffeb5bb8103ba27a7d1a52a from qemu
2018-05-17 18:54:29 -04:00
Jingqi Liu 9c93f3f530
x86/cpu: Enable CLDEMOTE(Demote Cache Line) cpu feature
The CLDEMOTE instruction hints to hardware that the cache line that
contains the linear address should be moved("demoted") from
the cache(s) closest to the processor core to a level more distant
from the processor core. This may accelerate subsequent accesses
to the line by other cores in the same coherence domain,
especially if the line was written by the core that demotes the line.

Intel Snow Ridge has added new cpu feature, CLDEMOTE.
The new cpu feature needs to be exposed to guest VM.

The bit definition:
CPUID.(EAX=7,ECX=0):ECX[bit 25] CLDEMOTE

The release document ref below link:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf

Backports commit 0da0fb062841d0dcd8ba47e4a989d2e952cdf0ff from qemu
2018-05-17 18:37:17 -04:00
Boqun Feng 09b42d05fe
i386: add KnightsMill cpu model
A new cpu model called "KnightsMill" is added to model Knights Mill
processors. Compared to "Skylake-Server" cpu model, the following
features are added:

avx512_4vnniw avx512_4fmaps avx512pf avx512er avx512_vpopcntdq

and the following features are removed:

pcid invpcid clflushopt avx512dq avx512bw clwb smap rtm mpx
xsavec xgetbv1 hle

Backports commit a18495159a35e9c5973d9aa0f612a97318bf684d from qemu
2018-05-17 18:35:37 -04:00
Peter Maydell 3dddb8564f
tcg: Optionally log FPU state in TCG -d cpu logging
Usually the logging of the CPU state produced by -d cpu is sufficient
to diagnose problems, but sometimes you want to see the state of
the floating point registers as well. We don't want to enable that
by default as it adds a lot of extra data to the log; instead,
allow it to be optionally enabled via -d fpu.

Backports relevant parts of commit ae7651804748c6b479d5ae09aeac4edb9c44f76e from qemu
2018-05-15 22:31:08 -04:00
Alex Bennée 070276faf6
target/arm: Fix sqrt_f16 exception raising
We are meant to explicitly pass fpst, not cpu_env.

Backports commit 905edee9101c54cda5b72286b7f7607cf1c3c4d1 from qemu
2018-05-15 22:29:54 -04:00
Alex Bennée f8e1f71df9
target/arm: Implement FMOV (immediate) for fp16
All the hard work is already done by vfp_expand_imm, we just need to
make sure we pick up the correct size.

Backports commit 6ba28ddb9be37bdb67e3e38007a53ccbdcd010df from qemu
2018-05-15 22:28:46 -04:00
Alex Bennée cd76e7aaaa
target/arm: Implement FCSEL for fp16
These were missed out from the rest of the half-precision work.

Backports commit ace97feef3613194900d4eb9ffc6819b840fbaeb from qemu
2018-05-15 22:26:53 -04:00
Alex Bennée 80074e4745
target/arm: Implement FCMP for fp16
These where missed out from the rest of the half-precision work.

Backports commit 7a1929256ea1a03df12625e75ed571c60dca5bfb from qemu
2018-05-15 22:24:39 -04:00
Richard Henderson eeab666292
target/arm: Implement FP data-processing (3 source) for fp16
We missed all of the scalar fp16 fma operations.

Backports commit 95f9864fde6078e2d2c036a07cc4fe44f199be96 from qemu
2018-05-15 22:19:42 -04:00
Richard Henderson a614dbb3c7
target/arm: Implement FP data-processing (2 source) for fp16
We missed all of the scalar fp16 binary operations.

Backports commit b8f5171cf01420a9f0ee895c5591e9b9914f391a from qemu
2018-05-15 22:14:43 -04:00
Richard Henderson 60dfdb724b
target/arm: Introduce and use read_fp_hreg
Backports commit 3d99d931266eaeaf7e83703a53f32232cd6faad7 from qemu
2018-05-15 22:10:51 -04:00
Richard Henderson 9b42d01480
target/arm: Implement FCVT (scalar, fixed-point) for fp16
Backports commit 2752728016bef06e7c9cfb961019272859beeca4 from qemu
2018-05-15 22:08:07 -04:00
Richard Henderson 8436080518
target/arm: Implement FCVT (scalar, integer) for fp16
Backports commit 564a0632504fad840491aa9a59453f4e64a316c4 from qemu
2018-05-15 22:06:49 -04:00
Richard Henderson 75643ab1cf
target/arm: Early exit after unallocated_encoding in disas_fp_int_conv
No sense in emitting code after the exception.

Backports commit 8c738d430796edeae5e13d6daf0895c02c62bd54 from qemu
2018-05-15 21:55:42 -04:00
Richard Henderson bcaceb9bc7
target/arm: Implement FMOV (general) for fp16
Adding the fp16 moves to/from general registers.

Backports commit 68130236e30a1ec64363f4915349feee181bfbc1 from qemu
2018-05-15 21:54:32 -04:00
Peter Maydell 2629c0122e
target/arm: Fix fp_status_f16 tininess before rounding
In commit d81ce0ef2c4f105 we added an extra float_status field
fp_status_fp16 for Arm, but forgot to initialize it correctly
by setting it to float_tininess_before_rounding. This currently
will only cause problems for the new V8_FP16 feature, since the
float-to-float conversion code doesn't use it yet. The effect
would be that we failed to set the Underflow IEEE exception flag
in all the cases where we should.

Add the missing initialization.

Backports commit bcc531f0364796104df4443d17f99b5fb494eca2 from qemu
2018-05-15 21:51:48 -04:00
Peter Maydell e7656cbd7a
fpu/softfloat: Don't set Invalid for float-to-int(MAXINT)
In float-to-integer conversion, if the floating point input
converts exactly to the largest or smallest integer that
fits in to the result type, this is not an overflow.
In this situation we were producing the correct result value,
but were incorrectly setting the Invalid flag.
For example for Arm A64, "FCVTAS w0, d0" on an input of
0x41dfffffffc00000 should produce 0x7fffffff and set no flags.

Fix the boundary case to take the right half of the if()
statements.

This fixes a regression from 2.11 introduced by the softfloat
refactoring.

Backports commit 333583757c5e910b040bef793974773635ce1918 from qemu
2018-05-15 21:50:41 -04:00
Alex Bennée 99de568b7d
fpu/softfloat: int_to_float ensure r fully initialised
Reported by Coverity (CID1390635). We ensure this for uint_to_float
later on so we might as well mirror that.

Backports commit a5a5f5e2e437db6c19164b734f838a7bf9e0c5ec from qemu
2018-05-15 21:49:34 -04:00
Laurent Vivier 664396a635
m68k: fix floatx80_mod() (Coverity CID1390568)
Update the variable checked by the loop condition (expDiff).
Backport the update from Previous.

Fixes: 591596b77a ("target/m68k: add fmod/frem")

Backports commit 5a73e7f313da0e4657bcac61b533ced71b0d0224 from qemu
2018-05-15 07:44:12 -04:00
Richard Henderson 5902f32abf
target/arm: Clear SVE high bits for FMOV
Use write_fp_dreg and clear_vec_high to zero the bits
that need zeroing for these cases.

Backports commit 9a9f1f59521f46e8ff4527d9a2b52f83577e2aa3 from qemu
2018-05-14 08:43:55 -04:00
Richard Henderson 67740bbc7f
target/arm: Fix float16 to/from int16
The instruction "ucvtf v0.4h, v04h, #2", with input 0x8000u,
overflows the intermediate float16 to infinity before we have a
chance to scale the output. Use float64 as the intermediate type
so that no input argument (uint32_t in this case) can overflow
or round before scaling. Given the declared argument, the signed
int32_t function has the same problem.

When converting from float16 to integer, using u/int32_t instead
of u/int16_t means that the bounding is incorrect.

Backports commit 88808a022c06f98d81cd3f2d105a5734c5614839 from qemu
2018-05-14 08:41:20 -04:00
Richard Henderson e403957a5e
target/arm: Implement vector shifted FCVT for fp16
While we have some of the scalar paths for FCVT for fp16,
we failed to decode the fp16 version of these instructions.

Backports commit d0ba8e74acd299b092786ffc30b306638d395a9e from qemu
2018-05-14 08:36:54 -04:00
Richard Henderson ad6c191d96
target/arm: Implement vector shifted SCVF/UCVF for fp16
While we have some of the scalar paths for *CVF for fp16,
we failed to decode the fp16 version of these instructions.

Backports commit a6117fae4576edfe7a5a5b802a742c33112c0993 from qemu
2018-05-14 08:31:29 -04:00
Richard Henderson 5752b2086b
target/arm: Enable ARM_FEATURE_V8_ATOMICS for user-only
Backports commit ec7f05fae36637d11de272da82ad1e6c233e77d7 from qemu
2018-05-14 08:29:59 -04:00
Richard Henderson 688d0fd0ed
target/arm: Implement CAS and CASP
Backports commit 44ac14b06fa33f60982923b6b8a3bf8dd2fea61d from qemu
2018-05-14 08:28:45 -04:00
Richard Henderson b23c543e1a
target/arm: Fill in disas_ldst_atomic
This implements all of the v8.1-Atomics instructions except
for compare-and-swap, which is decoded elsewhere.

Backports commit 74608ea45434c9b07055b21885e093528c5ed98c from qemu
2018-05-14 08:18:37 -04:00
Richard Henderson 7ae8671b5e
target/arm: Introduce ARM_FEATURE_V8_ATOMICS and initial decode
The insns in the ARMv8.1-Atomics are added to the existing
load/store exclusive and load/store reg opcode spaces.
Rearrange the top-level decoders for these to accomodate.
The Atomics insns themselves still generate Unallocated.

Backports commit 68412d2ecedbab5a43b0d346cddb27e00d724aff from qemu
2018-05-14 08:15:52 -04:00
Richard Henderson b42217fbaf
tcg: Use GEN_ATOMIC_HELPER_FN for opposite endian atomic add
Backports commit 58edf9eef9d0e99dc051367c5a446a62223ec6e4 from qemu
2018-05-14 08:07:49 -04:00
Richard Henderson de1708aadc
tcg: Introduce atomic helpers for integer min/max
Given that this atomic operation will be used by both risc-v
and aarch64, let's not duplicate code across the two targets.

Backports commit 5507c2bf35aa6b4705939349184e71afd5e058b2 from qemu
2018-05-14 08:06:42 -04:00
Richard Henderson b2af557a0f
target/arm: Use new min/max expanders
The generic expanders replace nearly identical code in the translator.

Backports commit ecb8ab8d71aab770555a6972428b711400a27248 from qemu
2018-05-14 07:34:52 -04:00
Richard Henderson eef66443b2
tcg: Introduce helpers for integer min/max
These operations are re-invented by several targets so far.
Several supported hosts have insns for these, so place the
expanders out-of-line for a future introduction of tcg opcodes.

Backports commit b87fb8cd9f9a0ba599ff79e7bf03222da02e5724 from qemu
2018-05-14 07:31:50 -04:00
Peter Maydell b22f822858
atomic.h: Work around gcc spurious "unused value" warning
Some versions of gcc produce a spurious warning if the result of
__atomic_compare_echange_n() is not used and the type involved
is a signed 8 bit value:
error: value computed is not used [-Werror=unused-value]
This has been seen on at least
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609

Work around this by using an explicit cast to void to indicate
that we don't care about the return value.

We don't currently use our atomic_cmpxchg() macro on any signed
8 bit types, but the upcoming support for the Arm v8.1-Atomics
will require it.

Backports commit cd95fc28fb6d8afced0d70ce52c294d0761a9daa from qemu
2018-05-14 07:26:40 -04:00
Peter Maydell 150125de3f
softfloat: Handle default NaN mode after pickNaNMulAdd, not before
It is implementation defined whether a multiply-add of
(0,inf,qnan) or (inf,0,qnan) raises InvalidaOperation or
not, so we let the target-specific pickNaNMulAdd function
handle this. This means that we must do the "return the
default NaN in default NaN mode" check after the call,
not before. Correct the ordering, and restore the comment
from the old propagateFloat64MulAddNaN() that warned about
this corner case.

This fixes a regression from 2.11 for Arm guests where we would
incorrectly fail to set the Invalid flag for these cases.

Backports commit 1839189bbf89889076aadf0c793c1b57977b28d7 from qemu
2018-05-14 07:24:40 -04:00
Emilio G. Cota bb95f85569
target/mips: convert to TranslatorOps
Notes:

- DISAS_TOO_MANY replaces the former "break" in the translation loop.
However, care must be taken not to overwrite a previous condition
in is_jmp; that's why in translate_insn we first check is_jmp and
return if it's != DISAS_NEXT.

- Added an assert in translate_insn, before exiting due to an exception,
to make sure that is_jmp is set to DISAS_NORETURN (the exception
generation function always sets it.)

- Added an assert for the default case in is_jmp's switch.

Backports commit 18f440edfb974feaff8490d4861844b5a2b7a3b5 from qemu
2018-05-12 16:42:21 -04:00
Emilio G. Cota 2c93423acd
target/mips: use *ctx for DisasContext
No changes to the logic here; this is just to make the diff
that follows easier to read.

While at it, remove the unnecessary 'struct' in
'struct TranslationBlock'.

Note that checkpatch complains with a false positive:
ERROR: space prohibited after that '&' (ctx:WxW)
\#75: FILE: target/mips/translate.c:20220:
+ ctx->kscrexist = (env->CP0_Config4 >> CP0C4_KScrExist) & 0xff;
^

Backports commit 12be92588cf26a192f1b62846906983fc1e102a7 from qemu
2018-05-12 16:26:06 -04:00
Emilio G. Cota dae6b84c14
target/mips: convert to DisasContextBase
Backports commit eeb3bba8477cebc46c482ef37d565d54e771c2d3 from qemu
2018-05-12 16:18:00 -04:00
Emilio G. Cota de5d90f9a4
target/mips: convert to DisasJumpType
Notes:

- BS_EXCP in generate_exception_err and after hen_helper_wait
becomes DISAS_NORETURN, because we do not return after
raising an exception.

- Some uses of BS_EXCP are misleading in that they're used
only as a "not BS_STOP" exit condition, i.e. they have nothing
to do with an actual exception. For those cases, define
and use DISAS_EXIT, which is clearer. With this and the
above change, BS_EXCP goes away completely.

- fix a comment typo (s/intetrupt/interrupt/).

Backports commit b28425babc2ad4b90cd87d07a1809d3322b9c065 from qemu
2018-05-11 16:17:02 -04:00
Richard Henderson 8a416b8146
target/mips: use lookup_and_goto_ptr on BS_STOP
The TB after BS_STOP is not fixed (e.g. helper_mtc0_hwrena
changes hflags, which ends up changing the TB flags via
cpu_get_tb_cpu_state). This requires a full lookup (i.e.
with flags) via lookup_and_goto_ptr instead of gen_goto_tb,
since the latter only looks at the PC for in-page goto's. Fix it.

Backports commit cd314a7d0190a03122ca0606ecf71b4b873a22c6 from qemu.
2018-05-11 15:18:23 -04:00
Emilio G. Cota 26dc4a6682
target/sparc: convert to TranslatorOps
Notes:

- Moved the cross-page check from the end of translate_insn to
init_disas_context.

Backports commit 6e61bc941025345ab01c48d116bef60bb8990406 from qemu
2018-05-11 15:17:12 -04:00
Emilio G. Cota 7071a144c2
target/sparc: convert to DisasContextBase
Notes:

- pc and npc are left unmodified, since they can point to out-of-TB
jump targets.

- Got rid of last_pc in gen_intermediate_code(), using base.pc_next
instead. Only update pc_next (1) on a breakpoint (so that tb->size
includes the insn), and (2) after reading the current instruction
from memory. This allows us to use base.pc_next in the BP check,
which is what the translator loop does.

Backports commit af00be490b30d7f576d12ac7b2bc5406ca6fda3f from qemu
2018-05-11 14:20:49 -04:00
Emilio G. Cota 3180dcaa98
target/sparc: convert to DisasJumpType
Backports commit c5e6ccdf6c8d32d3a45d9dca4d6847dcff741882 from qemu
2018-05-11 14:03:23 -04:00
Emilio G. Cota d26bf1d446
translator: merge max_insns into DisasContextBase
While at it, use int for both num_insns and max_insns to make
sure we have same-type comparisons.

Backports commit b542683d77b4f56cef0221b267c341616d87bce9 from qemu
2018-05-11 13:59:17 -04:00
Emilio G. Cota 28cfe5dab0
target/mips: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Backports commit 6cd79443d33e6ba6b4c5b787eb713ca1cec56328 from qemu
2018-05-11 13:51:51 -04:00
Emilio G. Cota 8162e6f1c6
target/arm: avoid integer overflow in next_page PC check
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Backports commit bfe7ad5be77a6a8925a7ab1628452c8942222102 from qemu
2018-05-11 13:49:57 -04:00
Richard Henderson f417df19b7
tcg: Limit the number of ops in a TB
In 6001f7729e12 we partially attempt to address the branch
displacement overflow caused by 15fa08f845.

However, gcc/testsuite/gcc.target/aarch64/advsimd-intrinsics/vqtbX.c
is a testcase that contains a TB so large as to overflow anyway.
The limit here of 8000 ops produces a maximum output TB size of
24112 bytes on a ppc64le host with that test case. This is still
much less than the maximum forward branch distance of 32764 bytes.

Backports commit abebf92597186be2bc48d487235da28b1127860f from qemu
2018-05-11 11:25:01 -04:00
Richard Henderson 33f7f6f09a
tcg/i386: Fix dup_vec in non-AVX2 codepath
The VPUNPCKLD* instructions are all "non-destructive source",
indicated by "NDS" in the encoding string in the x86 ISA manual.
This means that they take two source operands, one of which is
encoded in the VEX.vvvv field. We were incorrectly treating them
as if they were destructive-source and passing 0 as the 'v'
argument of tcg_out_vex_modrm(). This meant we were always
using %xmm0 as one of the source operands, causing incorrect
results if the register allocator happened to want to use
something else. For instance the input AArch64 insn:
DUP v26.16b, w21
which becomes TCG IR ops:
dup_vec v128,e8,tmp2,x21
st_vec v128,e8,tmp2,env,$0xa40
was assembled to:
0x607c568c: c4 c1 7a 7e 86 e8 00 00 vmovq 0xe8(%r14), %xmm0
0x607c5694: 00
0x607c5695: c5 f9 60 c8 vpunpcklbw %xmm0, %xmm0, %xmm1
0x607c5699: c5 f9 61 c9 vpunpcklwd %xmm1, %xmm0, %xmm1
0x607c569d: c5 f9 70 c9 00 vpshufd $0, %xmm1, %xmm1
0x607c56a2: c4 c1 7a 7f 8e 40 0a 00 vmovdqu %xmm1, 0xa40(%r14)
0x607c56aa: 00

when the vpunpcklwd insn should be "%xmm1, %xmm1, %xmm1".
This resulted in our incorrectly setting the output vector to
q26=0000320000003200:0000320000003200
when given an input of x21 == 0000000002803200
rather than the expected all-zeroes.

Pass the correct source register number to tcg_out_vex_modrm()
for these insns.

Backports commit 7eb30ef0ba2eb59e7430d4848ae8d4bf4e50f768 from qemu
2018-05-11 11:22:38 -04:00
Richard Henderson 991683af73
target/m68k: Fix build Werror with gcc 8.0.1
The Werror stems from the compiler finding a path through the second
switch via a missing default case in which src1 is uninitialized, and
not being able to prove that the missing default case is unreachable
due to the first switch.

Simplify the second switch to merge default with OS_LONG,
which returns directly. This removes the unreachable path.

Backports commit 5cbc61110738accb16ff8ed1f08a32906d02790f from qemu.
2018-05-11 10:37:45 -04:00
Peter Maydell ca9b601d0d
target/arm: Implement v8M VLLDM and VLSTM
For v8M the instructions VLLDM and VLSTM support lazy saving
and restoring of the secure floating-point registers. Even
if the floating point extension is not implemented, these
instructions must act as NOPs in Secure state, so they can
be used as part of the secure-to-nonsecure call sequence.

Fixes: https://bugs.launchpad.net/qemu/+bug/1768295

Backports commit b1e5336a9899016c53d59eba53ebf6abcc21995c from qemu
2018-05-08 08:29:12 -04:00
Mathew Maidment 06da6ae3c8
target/arm: Correct MPUIR privilege level in register_cp_regs_for_features() conditional case
The duplication of id_tlbtr_reginfo was unintentionally added within
3281af8114c6b8ead02f08b58e3c36895c1ea047 which should have been
id_mpuir_reginfo.

The effect was that for OMAP and StrongARM CPUs we would
incorrectly UNDEF writes to MPUIR rather than NOPing them.

Backports commit 100061121c1f69a672ce7bb3e9e3781f8018f9f6 from qemu
2018-05-08 08:27:40 -04:00
Richard Henderson 5940a36394
target/arm: Tidy condition in disas_simd_two_reg_misc
Path analysis shows that size == 3 && !is_q has been eliminated.

Fixes: Coverity CID1385853

Backports commit a8766e3172c1671cab297c1ef4566a3c5d094822 from qemu
2018-05-08 08:26:31 -04:00
Richard Henderson cb324fd039
target/arm: Tidy conditions in handle_vec_simd_shri
The (size > 3 && !is_q) condition is identical to the preceeding test
of bit 3 in immh; eliminate it. For the benefit of Coverity, assert
that size is within the bounds we expect.

Fixes: Coverity CID1385846
Fixes: Coverity CID1385849
Fixes: Coverity CID1385852
Fixes: Coverity CID1385857

Backports commit 8dae46970532afcf93470b00e83ca9921980efc3 from qemu
2018-05-08 08:25:37 -04:00
Marc-André Lureau 0087625b7e
qobject: Modify qobject_ref() to return obj
For convenience and clarity, make it possible to call qobject_ref() at
the time when the reference is associated with a variable, or
argument, by making qobject_ref() return the same pointer as given.
Use that to simplify the callers.

Backports commit f5a74a5a50387c6f980b2e2f94f062487a1826da from qemu
2018-05-04 10:24:10 -04:00
Marc-André Lureau ab4528c1e4
qobject: Replace qobject_incref/QINCREF qobject_decref/QDECREF
Now that we can safely call QOBJECT() on QObject * as well as its
subtypes, we can have macros qobject_ref() / qobject_unref() that work
everywhere instead of having to use QINCREF() / QDECREF() for QObject
and qobject_incref() / qobject_decref() for its subtypes.

The replacement is mechanical, except I broke a long line, and added a
cast in monitor_qmp_cleanup_req_queue_locked(). Unlike
qobject_decref(), qobject_unref() doesn't accept void *.

Note that the new macros evaluate their argument exactly once, thus no
need to shout them.

Backports commit cb3e7f08aeaab0ab13e629ce8496dca150a449ba from qemu
2018-05-04 10:16:07 -04:00
Marc-André Lureau f4b3c5d0bd
qobject: use a QObjectBase_ struct
By moving the base fields to a QObjectBase_, QObject can be a type
which also has a 'base' field. This allows writing a generic QOBJECT()
macro that will work with any QObject type, including QObject
itself. The container_of() macro ensures that the object to cast has a
QObjectBase_ base field, giving some type safety guarantees. QObject
must have no members but QObjectBase_ base, or else QOBJECT() breaks.

QObjectBase_ is not a typedef and uses a trailing underscore to make
it obvious it is not for normal use and to avoid potential abuse.

Backports commit 3d3eacaeccaab718ea0e2ddaa578bfae9e311c59 from qemu
2018-05-04 10:11:24 -04:00
Marc-André Lureau 2ca916e106
qobject: Ensure base is at offset 0
All QObject types have the base QObject as their first field. This
allows the simplification of qobject_to().

Backports commit 7ee9edfdb117da47c86c9764d90f0be11a648666 from qemu
2018-05-04 09:54:36 -04:00
Laurent Vivier ec12091943
tcg: workaround branch instruction overflow in tcg_out_qemu_ld/st
ppc64 uses a BC instruction to call the tcg_out_qemu_ld/st
slow path. BC instruction uses a relative address encoded
on 14 bits.

The slow path functions are added at the end of the generated
instructions buffer, in the reverse order of the callers.
So more we have slow path functions more the distance between
the caller (BC) and the function increases.

This patch changes the behavior to generate the functions in
the same order of the callers.

Backports commit 6001f7729e12dd1d810291e4cbf83cee8e07441d from qemu
2018-05-03 15:09:07 -04:00
Richard Henderson 2150745db4
tcg: Improve TCGv_ptr support
Drop TCGV_PTR_TO_NAT and TCGV_NAT_TO_PTR internal macros.

Add tcg_temp_local_new_ptr, tcg_gen_brcondi_ptr, tcg_gen_ext_i32_ptr,
tcg_gen_trunc_i64_ptr, tcg_gen_extu_ptr_i64, tcg_gen_trunc_ptr_i32.

Use inlines instead of macros where possible.

Backports commit 5bfa803448638a45542441fd6b7cc1241403ea72 from qemu
2018-05-03 15:05:43 -04:00
Richard Henderson 4fa9ea2ae1
tcg: Allow wider vectors for cmp and mul
In db432672, we allow wide inputs for operations such as add.
However, in 212be173 and 3774030a we didn't do the same for
compare and multiply.

Backports commit 9a938d86b04025ac605db0ea9819e5896bf576ec from qemu
2018-05-03 14:42:57 -04:00
Henry Wertz 090e2e9d0e
tcg/arm: Fix memory barrier encoding
I found with qemu 2.11.x or newer that I would get an illegal instruction
error running some Intel binaries on my ARM chromebook. On investigation,
I found it was quitting on memory barriers.

qemu instruction:
mb $0x31
was translating as:
0x604050cc: 5bf07ff5 blpl #0x600250a8

After patch it gives:
0x604050cc: f57ff05b dmb ish

In short, I found INSN_DMB_ISH (memory barrier for ARMv7) appeared to be
correct based on online docs, but due to some endian-related shenanigans it
had to be byte-swapped to suit qemu; it appears INSN_DMB_MCR (memory
barrier for ARMv6) also should be byte swapped (and this patch does so).
I have not checked for correctness of aarch64's barrier instruction.

Backports commit 3f814b803797c007abfe5c4041de754e01723031 from qemu
2018-05-03 14:41:36 -04:00
Richard Henderson 16a55143dc
tcg: Document INDEX_mul[us]h_*
Backports commit d103021269ca9307ed7ca0d845d2b9e6c387509a from qemu
2018-05-03 14:40:49 -04:00
Laurent Vivier 97c8507f00
m68k: remove dead code (Coverity CID1390617)
floatx80_sin() and floatx80_cos() are derived from one
sincos() function. They have both unused code coming from
their common origin. Remove it.

Backports commit 6361d2984ce88912976a34e1797a5ad5139c649b from qemu
2018-05-01 11:44:18 -04:00
Laurent Vivier ebf0c8f9ca
m68k: Fix floatx80_lognp1 (Coverity CID1390587)
return the result of packFloatx80() instead of
dropping it.

Backports commit 981348af5c3c72335d95f6877abf702d80176eb3 from qemu
2018-05-01 11:41:07 -04:00
Pavel Dovgalyuk bf16c6daee
m68k: fix subx mem, mem instruction
This patch fixes decrement of the pointers for subx mem, mem instructions.
Without the patch pointers are decremented by OS_* constant value instead of
retrieving the corresponding data size and using it as a decrement.

Backports commit 355d4d1c00e708907ff391c24ca708f1c9c06bf0 from qemu
2018-05-01 11:40:00 -04:00
Aaron Lindsay d3e7bbffea
target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide
This is a bug fix to ensure 64-bit reads of these registers don't read
adjacent data.

Backports commit e4e91a217c17fff4045dd4b423cdcb471b3d6a0e from qemu
2018-04-26 09:25:09 -04:00
Aaron Lindsay 4ed7524444
target/arm: Fix bitmask for PMCCFILTR writes
It was shifted to the left one bit too few.

Backports commit ac57fd24cd864d42e7551f82266bc0930bd39547 from qemu
2018-04-26 09:23:04 -04:00
Aaron Lindsay 99a0be89a8
target/arm: Add pre-EL change hooks
Because the design of the PMU requires that the counter values be
converted between their delta and guest-visible forms for mode
filtering, an additional hook which occurs before the EL is changed is
necessary.

Backports commit b5c53d1b3886387874f8c8582b205aeb3e4c3df6 from qemu
2018-04-26 09:21:54 -04:00
Aaron Lindsay 8caf217d26
target/arm: Support multiple EL change hooks
Backports commit 08267487c99e8150382420936ab72c1e0ad74ce3 from qemu
2018-04-26 09:16:09 -04:00
Aaron Lindsay dfe1f54920
target/arm: Fetch GICv3 state directly from CPUARMState
This eliminates the need for fetching it from el_change_hook_opaque, and
allows for supporting multiple el_change_hooks without having to hack
something together to find the registered opaque belonging to GICv3.

Backports commit d5a5e4c93dae0dc3feb402cf7ee78d846da1a7e1 from qemu
2018-04-26 09:10:32 -04:00
Aaron Lindsay 1228bcf45d
target/arm: Mask PMU register writes based on PMCR_EL0.N
This is in preparation for enabling counters other than PMCCNTR

Backports commit 7ece99b17e832065236c07a158dfac62619ef99b from qemu
2018-04-26 09:09:12 -04:00
Aaron Lindsay e1d021ad74
target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0
They share the same underlying state

Backports commit 169c893874977eee8303a6dad4a3f25c5464858f from qemu
2018-04-26 09:07:50 -04:00
Aaron Lindsay e1bffbf7df
target/arm: Check PMCNTEN for whether PMCCNTR is enabled
Backports commit ccbc0e338486b21cb0eb52e52cd309bbbe6a7507 from qemu
2018-04-26 09:07:02 -04:00
Peter Maydell 43e7478d3f
target/arm: Use v7m_stack_read() for reading the frame signature
In commit 95695effe8caa552b8f2 we changed the v7M/v8M stack
pop code to use a new v7m_stack_read() function that checks
whether the read should fail due to an MPU or bus abort.
We missed one call though, the one which reads the signature
word for the callee-saved register part of the frame.

Correct the omission.

Backports commit 4818bad98c8212fbbb0525d10761b6b65279ab92 from qemu
2018-04-26 09:02:11 -04:00
Peter Maydell bec50934ad
target/arm: Remove stale TODO comment
Remove a stale TODO comment -- we have now made the arm_ldl_ptw()
and arm_ldq_ptw() functions propagate physical memory read errors
out to their callers.

Backports commit 145772707fe80395b87c244ccf5699a756f1946b from qemu
2018-04-26 09:00:08 -04:00
Richard Henderson 76e343ef55
fpu: Bound increment for scalbn
Without bounding the increment, we can overflow exp either here
in scalbn_decomposed or when adding the bias in round_canonical.
This can result in e.g. underflowing to 0 instead of overflowing
to infinity.

The old softfloat code did bound the increment.

Backports commit ce8d4082054519f2eaac39958edde502860a7fc6 from qemu
2018-04-18 09:21:03 -04:00
Alex Bennée af6a0b7c14
fpu/softfloat: check for Inf / x or 0 / x before /0
The re-factoring of div_floats changed the order of checking meaning
an operation like -inf/0 erroneously raises the divbyzero flag.
IEEE-754 (2008) specifies this should only occur for operations on
finite operands.

We fix this by moving the check on the dividend being Inf/0 to before
the divisor is zero check.

Backports commit 9cb4e398c2f95c1e837fe9c570e124a55259f725 from qemu
2018-04-18 09:19:28 -04:00
Pavel Dovgalyuk fe353764e9
m68k: fix exception stack frame for 68000
68000 CPUs do not save format in the exception stack frame.
This patch adds feature checking to prevent format saving for 68000.
m68k_ret() already includes this modification, this patch fixes
the exception processing function too.

Backports commit 000761dc0c97d70e7314db3e8f52783880325a22 from qemu
2018-04-16 13:49:56 -04:00
Alex Bennée 9517a002da
fpu/softfloat: raise float_invalid for NaN/Inf in round_to_int_and_pack
The re-factor broke the raising of INVALID when NaN/Inf is passed to
the float_to_int conversion functions. round_to_uint_and_pack got this
right for NaN but also missed out the Inf handling.

Fixes https://bugs.launchpad.net/qemu/+bug/1759264

Backports commit 801bc56336a127d9b351b3a2cc0336e4d0cb2686 from qemu
2018-04-16 13:48:17 -04:00
Emilio G. Cota 74b7fe484c
softfloat: fix {min, max}nummag for same-abs-value inputs
Before 8936006 ("fpu/softfloat: re-factor minmax", 2018-02-21),
we used to return +Zero for maxnummag(-Zero,+Zero); after that
commit, we return -Zero.

Fix it by making {min,max}nummag consistent with {min,max}num,
deferring to the latter when the absolute value of the operands
is the same.

With this fix we now pass fp-test.

Backports commit 6245327a367292b354489c54e965646823023919 from qemu
2018-04-16 13:46:29 -04:00
Peter Maydell 778d0c47df
tcg/mips: Handle large offsets from target env to tlb_table
The MIPS TCG target makes the assumption that the offset from the
target env pointer to the tlb_table is less than about 64K. This
used to be true, but gradual addition of features to the Arm
target means that it's no longer true there. This results in
the build-time assertion failing:

In file included from /home/pm215/qemu/include/qemu/osdep.h:36:0,
from /home/pm215/qemu/tcg/tcg.c:28:
/home/pm215/qemu/tcg/mips/tcg-target.inc.c: In function ‘tcg_out_tlb_load’:
/home/pm215/qemu/include/qemu/compiler.h:90:36: error: static assertion failed: "not expecting: offsetof(CPUArchState, tlb_table[NB_MMU_MODES - 1][1]) > 0x7ff0 + 0x7fff"
^
/home/pm215/qemu/include/qemu/compiler.h:98:30: note: in expansion of macro ‘QEMU_BUILD_BUG_MSG’
^
/home/pm215/qemu/tcg/mips/tcg-target.inc.c:1236:9: note: in expansion of macro ‘QEMU_BUILD_BUG_ON’
QEMU_BUILD_BUG_ON(offsetof(CPUArchState,
^
/home/pm215/qemu/rules.mak:66: recipe for target 'tcg/tcg.o' failed

An ideal long term approach would be to rearrange the CPU state
so that the tlb_table was not so far along it, but this is tricky
because it would move it from the "not cleared on CPU reset" part
of the struct to the "cleared on CPU reset" part. As a simple fix
for the 2.12 release, make the MIPS TCG target handle an arbitrary
offset by emitting more add instructions. This will mean an extra
instruction in the fastpath for TCG loads and stores for the
affected guests (currently just aarch64-softmmu)

Backports commit 161dfd1e7fad1203840c0390f235030eba3fd23c from qemu
2018-04-16 13:44:39 -04:00
Pavel Dovgalyuk b4bf3c776b
icount: fix cpu_restore_state_from_tb for non-tb-exit cases
In icount mode, instructions that access io memory spaces in the middle
of the translation block invoke TB recompilation. After recompilation,
such instructions become last in the TB and are allowed to access io
memory spaces.

When the code includes instruction like i386 'xchg eax, 0xffffd080'
which accesses APIC, QEMU goes into an infinite loop of the recompilation.

This instruction includes two memory accesses - one read and one write.
After the first access, APIC calls cpu_report_tpr_access, which restores
the CPU state to get the current eip. But cpu_restore_state_from_tb
resets the cpu->can_do_io flag which makes the second memory access invalid.
Therefore the second memory access causes a recompilation of the block.
Then these operations repeat again and again.

This patch moves resetting cpu->can_do_io flag from
cpu_restore_state_from_tb to cpu_loop_exit* functions.

It also adds a parameter for cpu_restore_state which controls restoring
icount. There is no need to restore icount when we only query CPU state
without breaking the TB. Restoring it in such cases leads to the
incorrect flow of the virtual time.

In most cases new parameter is true (icount should be recalculated).
But there are two cases in i386 and openrisc when the CPU state is only
queried without the need to break the TB. This patch fixes both of
these cases.

Backports commit afd46fcad2dceffda35c0586f5723c127b6e09d8 from qemu
2018-04-11 20:05:40 -04:00
Alex Bennée 4074587775
accel/tcg/translate-all: expand cpu_restore_state addr check
We are still seeing signals during translation time when we walk over
a page protection boundary. This expands the check to ensure the host
PC is inside the code generation buffer. The original suggestion was
to check versus tcg_ctx.code_gen_ptr but as we now segment the
translation buffer we have to settle for just a general check for
being inside.

I've also fixed up the declaration to make it clear it can deal with
invalid addresses. A later patch will fix up the call sites.

Backports commit d25f2a72272b9ffe0d06710d6217d1169bc2cc7d from qemu
2018-04-11 19:53:57 -04:00
Richard Henderson bc8e85a1c5
fpu: Fix rounding mode for floatN_to_uintM_round_to_zero
We incorrectly passed in the current rounding mode
instead of float_round_to_zero.

Backports commit bd49e6027cbc207c87633c7add3ebd7d3474cd35 from qemu
2018-04-11 19:36:12 -04:00
Richard Henderson 49476ebf5e
tcg: Introduce tcg_set_insn_start_param
The parameters for tcg_gen_insn_start are target_ulong, which may be split
into two TCGArg parameters for storage in the opcode on 32-bit hosts.

Fixes the ARM target and its direct use of tcg_set_insn_param, which would
set the wrong argument in the 64-on-32 case.

Backports commit 9743cd5736263e90d312b2c33bd739ffe1eae70d from qemu
2018-04-11 19:34:18 -04:00
Peter Maydell 8f26d8e556
target/arm: Report unsupported MPU region sizes more clearly
Currently our PMSAv7 and ARMv7M MPU implementation cannot handle
MPU region sizes smaller than our TARGET_PAGE_SIZE. However we
report that in a slightly confusing way:

DRSR[3]: No support for MPU (sub)region alignment of 9 bits. Minimum is 10

The problem is not the alignment of the region, but its size;
tweak the error message to say so:
DRSR[3]: No support for MPU (sub)region size of 512 bytes. Minimum is 1024.

Backports commit 8aec759b45fa6986c0b159cb27353d6abb0d5d73 from qemu
2018-04-11 19:32:16 -04:00
Onur Sahin 18e6b1549f
target-arm: Check undefined opcodes for SWP in A32 decoder
Make sure we are not treating architecturally Undefined instructions
as a SWP, by verifying the opcodes as per section A8.8.229 of ARMv7-A
specification. Bits [21:20] must be zero for this to be a SWP or SWPB.
We also choose to UNDEF for the architecturally UNPREDICTABLE case of
bits [11:8] not being zero.

Backports commit c4869ca630a57f4269bb932ec7f719cef5bc79b8 from qemu
2018-04-11 19:30:50 -04:00
Eugene Minibaev 87180dd231
Add missing bit for SSE instr in VEX decoding
The 2-byte VEX prefix imples a leading 0Fh opcode byte.

Backports commit e0014d4b3a955cfd8d517674703bfa87f340290a from qemu
2018-04-10 08:49:15 -04:00
Alexandro Sanchez Bach 4a1de154ef
target/i386: Fix andn instruction
In commit 7073fbada733c8d10992f00772c9b9299d740e9b, the `andn` instruction
was implemented via `tcg_gen_andc` but passes the operands in the wrong
order:
- X86 defines `andn dest,src1,src2` as: dest = ~src1 & src2
- TCG defines `andc dest,src1,src2` as: dest = src1 & ~src2

The following simple test shows the issue:

int main(void) {
uint32_t ret = 0;
__asm (
"mov $0xFF00, %%ecx\n"
"mov $0x0F0F, %%eax\n"
"andn %%ecx, %%eax, %%ecx\n"
"mov %%ecx, %0\n"
: "=r" (ret));
printf("%08X\n", ret);
return 0;
}

This patch fixes the problem by simply swapping the order of the two last
arguments in `tcg_gen_andc_tl`.

Backports commit 5cd10051c2e02b7a86eae49919d6c65a87dbea46 from qemu
2018-04-10 08:48:05 -04:00
Richard Henderson e0903adacf
tcg: Fix out-of-line generic vector compares
A mistake in the type passed to sizeof, that happens to work
when the out-of-line fallback itself is using host vectors,
but fails when using only the base types.

Backports commit 6cb1d3b8517572031a22675280ec642972cdb395 from qemu
2018-04-07 23:05:19 -04:00
Laurent Vivier b25de410a9
tcg: fix 16-byte vector operations detection
configure tries to detect if the compiler
supports 16-byte vector operations.

As stated in the comment of the detection
program, there is a problem with the system
compiler on GCC on Centos 7.

This program doesn't actually detect the problem
with GCC on RHEL7 on PPC64LE (Red Hat 4.8.5-28).

This patch updates the test to look more like
it is in QEMU helpers, and now detects the problem.

The error reported is:

CC ppc64-softmmu/accel/tcg/tcg-runtime-gvec.o
..//accel/tcg/tcg-runtime-gvec.c: In function ‘helper_gvec_shl8i’:
../accel/tcg/tcg-runtime-gvec.c:558:26: internal compiler error: in emit_move_insn, at expr.c:3495
*(vec8 *)(d + i) = *(vec8 *)(a + i) << shift;
^
Fixes: db43267 "tcg: Add generic vector expanders"

Backports commit 74912f6dad207bfdd5bfa8c6012c364ea9405fc7 from qemu
2018-04-07 23:03:11 -04:00
Richard Henderson c2e46f2931
tcg: Mark muluh_i64 and mulsh_i64 as 64-bit ops
Failure to do so results in the tcg optimizer sign-extending
any constant fold from 32-bits. This turns out to be visible
in the RISC-V testsuite using a host that emits these opcodes
(e.g. any non-x86_64).

Backports commit f2f1dde75160cac6ede330f3db50dc817d01a2d6 from qemu
2018-03-29 14:03:00 -04:00
Peter Maydell 92b5817d92
target/arm: Always set FAR to a known unknown value for debug exceptions
For debug exceptions due to breakpoints or the BKPT instruction which
are taken to AArch32, the Fault Address Register is architecturally
UNKNOWN. We were using that as license to simply not set
env->exception.vaddress, but this isn't correct, because it will
expose to the guest whatever old value was in that field when
arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old
value might be a FAR for a previous guest EL2 or secure exception, in
which case we shouldn't show it to an EL1 or non-secure exception
handler. It might also be a non-deterministic value, which is bad
for record-and-replay.

Clear env->exception.vaddress before taking breakpoint debug
exceptions, to avoid this minor information leak.

Backports commit 548f514cf89dd9ab39c0cb4c063097bccf141fdd from qemu
2018-03-25 16:38:14 -04:00
Peter Maydell d6eafe5982
target/arm: Set FSR for BKPT, BRK when raising exception
Now that we have a helper function specifically for the BRK and
BKPT instructions, we can set the exception.fsr there rather
than in arm_cpu_do_interrupt_aarch32(). This allows us to
use our new arm_debug_exception_fsr() helper.

In particular this fixes a bug where we were hardcoding the
short-form IFSR value, which is wrong if the target exception
level has LPAE enabled.

Fixes: https://bugs.launchpad.net/qemu/+bug/1756927

Backports commit 62b94f31d0df75187bb00684fc29e8639eacc0c5 from qemu
2018-03-25 16:36:51 -04:00
Peter Maydell 16c0c2d253
target/arm: Factor out code to calculate FSR for debug exceptions
When a debug exception is taken to AArch32, it appears as a Prefetch
Abort, and the Instruction Fault Status Register (IFSR) must be set.
The IFSR has two possible formats, depending on whether LPAE is in
use. Factor out the code in arm_debug_excp_handler() which picks
an FSR value into its own utility function, update it to use
arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants,
and use the correct condition to select long or short format.

In particular this fixes a bug where we could select the short
format because we're at EL0 and the EL1 translation regime is
not using LPAE, but then route the debug exception to EL2 because
of MDCR_EL2.TDE and hand EL2 the wrong format FSR.

Backports commit 81621d9ab8a0f07956e67850b15eebf6d6992eec from qemu
2018-03-25 16:35:27 -04:00
Peter Maydell 7a3ee5fd95
target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK
The MDCR_EL2.TDE bit allows the exception level targeted by debug
exceptions to be set to EL2 for code executing at EL0. We handle
this in the arm_debug_target_el() function, but this is only used for
hardware breakpoint and watchpoint exceptions, not for the exception
generated when the guest executes an AArch32 BKPT or AArch64 BRK
instruction. We don't have enough information for a translate-time
equivalent of arm_debug_target_el(), so instead make BKPT and BRK
call a special purpose helper which can do the routing, rather than
the generic exception_with_syndrome helper.

Backports commit c900a2e62dd6dde11c8f5249b638caad05bb15be from qemu
2018-03-25 16:33:04 -04:00
Victor Kamensky ecd2ecb590
arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT
In OE project 4.15 linux kernel boot hang was observed under
single cpu aarch64 qemu. Kernel code was in a loop waiting for
vtimer arrival, spinning in TC generated blocks, while interrupt
was pending unprocessed. This happened because when qemu tried to
handle vtimer interrupt target had interrupts disabled, as
result flag indicating TCG exit, cpu->icount_decr.u16.high,
was cleared but arm_cpu_exec_interrupt function did not call
arm_cpu_do_interrupt to process interrupt. Later when target
reenabled interrupts, it happened without exit into main loop, so
following code that waited for result of interrupt execution
run in infinite loop.

To solve the problem instructions that operate on CPU sys state
(i.e enable/disable interrupt), and marked as DISAS_UPDATE,
should be considered as DISAS_EXIT variant, and should be
forced to exit back to main loop so qemu will have a chance
processing pending CPU state updates, including pending
interrupts.

This change brings consistency with how DISAS_UPDATE is treated
in aarch32 case.

Backports commit a75a52d62418dafe462be4fe30485501d1010bb9 from qemu
2018-03-25 16:27:27 -04:00
Lioncash 1c4c5a9403
softfloat-specialize: Perform comparison pass with qemu
Ensures code and formatting are similar
2018-03-21 13:27:59 -04:00
Lioncash ba874ef639
softfloat: Perform comparison pass with qemu
Ensure that the code and formatting are similar.
2018-03-21 13:26:09 -04:00
Lioncash 2dc6364de9
object: Add assert to ensure uc is not null 2018-03-21 12:47:44 -04:00
Lioncash a0c39b4996
translate-all: Fix missing #elif condition in alloc_code_gen_buffer 2018-03-21 12:46:03 -04:00
Lioncash b65302b377
qemu-thread-win32: Prevent null pointer dereference in win32_start_routine 2018-03-21 12:42:44 -04:00
Lioncash 43fe0c8a1c
memory: Protect against use-after-free 2018-03-21 09:40:33 -04:00
Bharata B Rao 309b85548f
cpu: Convert cpu_index into a bitmap
Currently CPUState::cpu_index is monotonically increasing and a newly
created CPU always gets the next higher index. The next available
index is calculated by counting the existing number of CPUs. This is
fine as long as we only add CPUs, but there are architectures which
are starting to support CPU removal, too. For an architecture like PowerPC
which derives its CPU identifier (device tree ID) from cpu_index, the
existing logic of generating cpu_index values causes problems.

With the currently proposed method of handling vCPU removal by parking
the vCPU fd in QEMU
(Ref: http://lists.gnu.org/archive/html/qemu-devel/2015-02/msg02604.html),
generating cpu_index this way will not work for PowerPC.

This patch changes the way cpu_index is handed out by maintaining
a bit map of the CPUs that tracks both addition and removal of CPUs.

The CPU bitmap allocation logic is part of cpu_exec_init(), which is
called by instance_init routines of various CPU targets. Newly added
cpu_exec_exit() API handles the deallocation part and this routine is
called from generic CPU instance_finalize.

Note: This new CPU enumeration is for !CONFIG_USER_ONLY only.
CONFIG_USER_ONLY continues to have the old enumeration logic.

Backports commit b7bca7333411bd19c449147e8202ae6b0e4a8e09 from qemu
2018-03-21 08:06:07 -04:00
Bharata B Rao e373c001fa
cpu: Add Error argument to cpu_exec_init()
Add an Error argument to cpu_exec_init() to let users collect the
error. This is in preparation to change the CPU enumeration logic
in cpu_exec_init(). With the new enumeration logic, cpu_exec_init()
can fail if cpu_index values corresponding to max_cpus have already
been handed out.

Since all current callers of cpu_exec_init() are from instance_init,
use error_abort Error argument to abort in case of an error.

Backports commit 5a790cc4b942e651fec7edc597c19b637fad5a76 from qemu
2018-03-21 07:50:33 -04:00
Laurent Vivier c133a7b306
target/m68k: add a mechanism to automatically free TCGv
SRC_EA() and gen_extend() can return either a temporary
TCGv or a memory allocated one. Mark them when they are
allocated, and free them automatically at end of the
instruction translation.

We want to free locally allocated TCGv to avoid
overflow in sequence like:

0xc00ae406: movel %fp@(-132),%fp@(-268)
0xc00ae40c: movel %fp@(-128),%fp@(-264)
0xc00ae412: movel %fp@(-20),%fp@(-212)
0xc00ae418: movel %fp@(-16),%fp@(-208)
0xc00ae41e: movel %fp@(-60),%fp@(-220)
0xc00ae424: movel %fp@(-56),%fp@(-216)
0xc00ae42a: movel %fp@(-124),%fp@(-252)
0xc00ae430: movel %fp@(-120),%fp@(-248)
0xc00ae436: movel %fp@(-12),%fp@(-260)
0xc00ae43c: movel %fp@(-8),%fp@(-256)
0xc00ae442: movel %fp@(-52),%fp@(-276)
0xc00ae448: movel %fp@(-48),%fp@(-272)
...

That can fill a lot of TCGv entries in a sequence,
especially since 15fa08f845 ("tcg: Dynamically allocate TCGOps")
we have no limit to fill the TCGOps cache and we can fill
the entire TCG variables array and overflow it.

Backports commit ecc207d2fc1d45fabb16c38742a6675a7ba56cbc from qemu
2018-03-20 14:32:04 -04:00
Luwei Kang 30d878a0ef
i386: Disable Intel PT if packets IP payloads have LIP values
Intel processor trace should be disabled when
CPUID.(EAX=14H,ECX=0H).ECX.[bit31] is set.
Generated packets which contain IP payloads will have LIP
values when this bit is set, or IP payloads will have RIP
values.
Currently, The information of CPUID 14H is constant to make
live migration safty and this bit is always 0 in guest even
if host support LIP values.
Guest sees the bit is 0 will expect IP payloads with RIP
values, but the host CPU will generate IP payloads with
LIP values if this bit is set in HW.
To make sure the value of IP payloads correctly, Intel PT
should be disabled when bit[31] is set.

Backports relevant parts of commit c078ca968c6c7cb62781c1843d840cb0f5c72781 from qemu
2018-03-20 14:25:40 -04:00
Igor Mammedov 415b11ee49
cpu: drop unnecessary NULL check and cpu_common_class_by_name()
both do nothing as for the first all callers
parse_cpu_model() and qmp_query_cpu_model_()
should provide non NULL value, so just abort if it's not so.

While at it drop cpu_common_class_by_name() which is not need
any more as every target has CPUClass::class_by_name callback
by now, though abort in case a new arch will forget to define one.

Backports commit 99193d8f2ef594648ad67cc3d007b0e4fb2f8cf8 from qemu
2018-03-20 14:23:52 -04:00