Commit graph

330 commits

Author SHA1 Message Date
Sergey Fedorov 73c59faad5
tcg: Clean up direct block chaining safety checks
We don't take care of direct jumps when address mapping changes. Thus we
must be sure to generate direct jumps so that they always keep valid
even if address mapping changes. Luckily, we can only allow to execute a
TB if it was generated from the pages which match with current mapping.

Document tcg_gen_goto_tb() declaration and note the reason for
destination PC limitations.

Some targets with variable length instructions allow TB to straddle a
page boundary. However, we make sure that both of TB pages match the
current address mapping when looking up TBs. So it is safe to do direct
jumps into the both pages. Correct the checks for some of those targets.

Given that, we can safely patch a TB which spans two pages. Remove the
unnecessary check in cpu_exec() and allow such TBs to be patched.

Backports commit 5b053a4a28278bca606eeff7d1c0730df1b047e9 from qemu
2018-02-23 22:26:00 -05:00
Emilio G. Cota 170f6e0b3b
tb: consistently use uint32_t for tb->flags
We are inconsistent with the type of tb->flags: usage varies loosely
between int and uint64_t. Settle to uint32_t everywhere, which is
superior to both: at least one target (aarch64) uses the most significant
bit in the u32, and uint64_t is wasteful.

Compile-tested for all targets.

Backports commit 89fee74a0f066dfd73830a7b5fa137e87888c870 from qemu
2018-02-23 21:28:11 -05:00
Dave Hansen f50acc467f
target-i386: fix typo in xsetbv implementation
QEMU 2.6 added support for the XSAVE family of instructions, which
includes the XSETBV instruction which allows setting the XCR0
register.

But, when booting Linux kernels with XSAVE support enabled, I was
getting very early crashes where the instruction pointer was set
to 0x3. I tracked it down to a jump instruction generated by this:

gen_jmp_im(s->pc - pc_start);

where s->pc is pointing to the instruction after XSETBV and pc_start
is pointing _at_ XSETBV. Subtract the two and you get 0x3. Whoops.

The fix is to replace this typo with the pattern found everywhere
else in the file when folks want to end the translation buffer.

Richard Henderson confirmed that this is a bug and that this is the
correct fix.

Backports commit 502c8e86ea07294067578292c6d402601c196019 from qemu
2018-02-23 14:15:35 -05:00
Paolo Bonzini 44c4dd02c9
target-i386: key sfence availability on CPUID_SSE, not CPUID_SSE2
sfence was introduced before lfence and mfence. This fixes Linux
2.4's measurement of checksumming speeds for the pIII_sse
algorithm:

md: linear personality registered as nr 1
md: raid0 personality registered as nr 2
md: raid1 personality registered as nr 3
md: raid5 personality registered as nr 4
raid5: measuring checksumming speed
8regs : 384.400 MB/sec
32regs : 259.200 MB/sec
invalid operand: 0000
CPU: 0
EIP: 0010:[<c0240b2a>] Not tainted
EFLAGS: 00000246
eax: c15d8000 ebx: 00000000 ecx: 00000000 edx: c15d5000
esi: 8005003b edi: 00000004 ebp: 00000000 esp: c15bdf50
ds: 0018 es: 0018 ss: 0018
Process swapper (pid: 1, stackpage=c15bd000)
Stack: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000206 c0241c6c 00001000 c15d4000 c15d7000 c15d4000
c15d4000
Call Trace: [<c0241c6c>] [<c0105000>] [<c0241db4>] [<c010503b>]
[<c0105000>]
[<c0107416>] [<c0105030>]

Code: 0f ae f8 0f 10 04 24 0f 10 4c 24 10 0f 10 54 24 20 0f 10 5c
<0>Kernel panic: Attempted to kill init!

Backports commit bd5d278668f33aa08755a982986cd1159746c037 from qemu
2018-02-23 14:03:19 -05:00
Paolo Bonzini bdcea2bcb0
target-i386: check for PKU even for non-writable pages
Xiao Guangrong ran kvm-unit-tests on an actual machine with PKU and
found that it fails:

test pte.p pte.user pde.p pde.user pde.a pde.pse pkru.wd pkey=1 user write efer.nx cr4.pke: FAIL: error code 27 expected 7
Dump mapping: address: 0x123400000000
------L4: 2ebe007
------L3: 2ebf007
------L2: 8000000020000a5

(All failures are combinations of "pde.user pde.p pkru.wd pkey=1",
plus either "pde.pse" or "pte.p pte.user", plus one of "user cr0.wp",
"cr0.wp" or "user", plus unimportant bits such as accessed/dirty or
efer.nx).

So PFEC.PKEY is set even if the ordinary check failed (which it did
because pde.w is zero). Adjust QEMU to match behavior of silicon.

Backports commit 44d066a2f770ee9d61fd1c2a609bdf2a994dfdf7 from qemu
2018-02-23 13:23:37 -05:00
Chen Fan d0621f1852
cpu: Introduce X86CPUTopoInfo structure for argument simplification
In order to simplify arguments of function, introduce a new struct
named X86CPUTopoInfo.

Backports commit ed256144cd6f0ca2ff59fc3fc8dca547506f433b from qemu
2018-02-23 10:58:43 -05:00
Paolo Bonzini 1435732c0d
target-i386: implement PKE for TCG
Backports commit 0f70ed4759a29ca932af1e9525729f4f455642f8 from qemu
2018-02-22 10:18:55 -05:00
Veronia Bahaa bafc81b1d3
util: move declarations out of qemu-common.h
Move declarations out of qemu-common.h for functions declared in
utils/ files: e.g. include/qemu/path.h for utils/path.c.
Move inline functions out of qemu-common.h and into new files (e.g.
include/qemu/bcd.h)

Backports commit f348b6d1a53e5271cf1c9f9acc4646b4b98c1771 from qemu
2018-02-22 09:25:48 -05:00
Marc-André Lureau fff79ed49b
utils: rename strtosz to use qemu prefix
Not only it makes sense, but it gets rid of checkpatch warning:
WARNING: consider using qemu_strtosz in preference to strtosz

Also remove get rid of tabs to please checkpatch.

Backports commit 4677bb40f809394bef5fa07329dea855c0371697 from qemu
2018-02-22 00:17:52 -05:00
Markus Armbruster 06668850e3
include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.

Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.

Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.

This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.

Backports commit da34e65cb4025728566d6504a99916f6e7e1dd6a from qemu
2018-02-21 23:08:18 -05:00
Richard Henderson 7775b05fb8
target-i386: Dump unknown opcodes with -d unimp
We discriminate here between opcodes that are illegal in the current
cpu mode or with illegal arguments (such as modrm.mod == 3) and
encodings that are unknown (such as an unimplemented isa extension).

Backports commit b9f9c5b41aab06479cb1695990b7cca98ef84fc7 from qemu
2018-02-21 21:37:16 -05:00
Richard Henderson 1c096b8fa2
target-i386: Fix inhibit irq mask handling
The patch in 7f0b714 was too simplistic, in that we wound up setting
the flag and then resetting it immediately in gen_eob.

Fixes the reported boot problem with Windows XP.

Backports commit f083d92c03e7a0741d2a9eba774a60d5a3ca772f from qemu
2018-02-21 21:24:50 -05:00
Richard Henderson c7d5d85979
target-i386: Use gen_nop_modrm for prefetch instructions
Backports commit 26317698ef3be5942c5ee5630997dbc98431c5f6 from qemu
2018-02-21 21:22:52 -05:00
Paolo Bonzini 55c2a21fe8
target-i386: Fix addr16 prefix
While ADDSEG will only be false in 16-bit mode for LEA, it can be
false even in other cases when 16-bit addresses are obtained via
the 67h prefix in 32-bit mode. In this case, gen_lea_v_seg forgets
to add a nonzero FS or GS base if CS/DS/ES/SS are all zero. This
case is pretty rare but happens when booting Windows 95/98, and
this patch fixes it.

The bug is visible since commit d6a291498, but it was introduced
together with gen_lea_v_seg and it probably could be reproduced
with a "addr16 gs movsb" instruction as early as in commit
ca2f29f555805d07fb0b9ebfbbfc4e3656530977.

Backports commit e2e02a820741ec4d96b8f313b06a2a7ed5e94fbd from qemu
2018-02-21 21:21:26 -05:00
Richard Henderson 085a3c9aab
target-i386: Fix SMSW for 64-bit mode
In non-64-bit modes, the instruction always stores 16 bits.
But in 64-bit mode, when the destination is a register, the
instruction can write 32 or 64 bits.

Backports commit a657f79e32422634415c09f3f15c73d610297af5 from qemu
2018-02-21 21:19:33 -05:00
Paolo Bonzini a233d7b13e
target-i386: Fix SMSW and LMSW from/to register
SMSW and LMSW accept register operands, but commit 1906b2a ("target-i386:
Rearrange processing of 0F 01", 2016-02-13) did not account for that.

Backports commit 880f8486503b32a29b653a3c0b3cfc5432012f38 from qemu
2018-02-21 21:17:45 -05:00
Paolo Bonzini bdf1189046
target-i386: Avoid repeated calls to the bnd_jmp helper
Two flags were tested the wrong way.

Backports commit 8b33e82b863d1c6fce7e69a41f6c96a8e15b73fb from qemu
2018-02-21 21:13:37 -05:00
Daniel P. Berrange b97ab59f08
qom: Allow properties to be registered against classes
When there are many instances of a given class, registering
properties against the instance is wasteful of resources. The
majority of objects have a statically defined list of possible
properties, so most of the properties are easily registerable
against the class. Only those properties which are conditionally
registered at runtime need be recorded against the klass.

Registering properties against classes also makes it possible
to provide static introspection of QOM - currently introspection
is only possible after creating an instance of a class, which
severely limits its usefulness.

This impl only supports simple scalar properties. It does not
attempt to allow child object / link object properties against
the class. There are ways to support those too, but it would
make this patch more complicated, so it is left as an exercise
for the future.

There is no equivalent to object_property_del() provided, since
classes must be immutable once they are defined.

Backports commit 16bf7f522a2ff68993f80631ed86254c71eaf5d4 from qemu
2018-02-21 21:00:56 -05:00
Lioncash 6b19f43925
tcg: Make cpu_tmp1 and cpu_tmp4 a TCGv
Commit 5d4e1a1081d3f1ec2908ff0eaebe312389971ab4 allows
making the type concrete.
2018-02-21 00:07:23 -05:00
Lioncash 7caca36070
tcg: Make cpu_cc_dst, cpu_cc_src, cpu_cc_src2, and cpu_cc_srcT a TCGv
Commit 5d4e1a1081d3f1ec2908ff0eaebe312389971ab4 allows us to make the types concrete
2018-02-21 00:00:08 -05:00
Lioncash 4062dcc9bc
tcg: Make cpu_T0 and cpu_T1 TCGv
Commit 5d4e1a1081d3f1ec2908ff0eaebe312389971ab4 allows us
to make the type concrete
2018-02-20 23:51:44 -05:00
Lioncash 72170ae5c0
tcg: Make cpu_A0 a TCGv
Commit 5d4e1a1081d3f1ec2908ff0eaebe312389971ab4 allows us to make the type concrete.
2018-02-20 23:43:58 -05:00
Lioncash ccbf1ed6ed
tcg: Make cpu_regs a TCGv array
Commit eae07f4767 allows us
to make the type concrete as opposed to using void* and malloc
2018-02-20 23:41:21 -05:00
Lioncash 02b2d3c873
tcg: Make cpu_seg_base a TCGv array
Commit eae07f4767 allows us to
use the type directly instead of casting to void and using malloc
(yay).
2018-02-20 23:34:38 -05:00
Paolo Bonzini abb0408274
target-i386: fix confusion in xcr0 bit position vs. mask
The xsave and xrstor helpers are accessing the x86_ext_save_areas array
using a bit mask instead of a bit position. Provide two sets of XSTATE_*
definitions and use XSTATE_*_BIT when a bit position is requested.

Backports commit cfc3b074de4b4ccee2540edbf8cfdb026dc19943 from qemu
2018-02-20 21:00:41 -05:00
Richard Henderson 22d4f95912
target-i386: Implement FSGSBASE
Backports commit 07929f2ab2ab9c9e01d4ae79f48f2b2476b715c8 from qemu
2018-02-20 14:45:58 -05:00
Richard Henderson 6ca787fb48
target-i386: Enable CR4/XCR0 features for user-mode
Backports commit a114d25d5b42600871d75929604c0b9fcc448ec0 from qemu
2018-02-20 14:37:33 -05:00
Richard Henderson 86cc5862a1
target-i386: Clear bndregs during legacy near jumps
Backports commit 7d117ce81ef6258cdcc0d24c774d045fa4b5fd26 from qemu
2018-02-20 14:36:11 -05:00
Richard Henderson 8ca89461b5
target-i386: Implement BNDLDX, BNDSTX
Backports commit bdd87b3b591add6e4d7c6b6125fcf0d706cc8bc4 from qemu
2018-02-20 14:32:48 -05:00
Richard Henderson f30c3efd0e
target-i386: Implement BNDLDX, BNDSTX
Backports commit bdd87b3b591add6e4d7c6b6125fcf0d706cc8bc4 from qemu
2018-02-20 14:26:18 -05:00
Richard Henderson a02626afe7
target-i386: Update BNDSTATUS for exceptions raised by BOUND
Backports commit 75d14edcf5fd9d5bb614554539799abaaeab3166 from qemu
2018-02-20 14:24:07 -05:00
Richard Henderson 554c41f05f
target-i386: Implement BNDCL, BNDCU, BNDCN
Backports commit 523e28d7614571680d21641bd0bd9b9e84570cee from qemu
2018-02-20 14:22:46 -05:00
Richard Henderson c2f92123f4
target-i386: Implement BNDMOV
Backports commit 62b58ba58bfebdb8a1c447beaa1285cc21249d15 from qemu
2018-02-20 14:14:39 -05:00
Richard Henderson 8bc3037864
target-i386: Implement BNDMK
Backports commit 149b427b32de358c3bd5bc064c50acca6e9ff78f from qemu
2018-02-20 14:02:31 -05:00
Richard Henderson e11a7bcede
target-i386: Split up gen_lea_modrm
This is immediately usable by lea and multi-byte nop,
and will be required to implement parts of the mpx spec.

Backports commit a074ce42a3186bd9f96ef541bb2e01419181dae3 from qemu
2018-02-20 13:49:05 -05:00
Richard Henderson 159e837a6c
target-i386: Perform set/reset_inhibit_irq inline
With helpers that can be reused for other things.

Backports commit 7f0b7141b4c7deab51efd8ee1e83eab2d9b7a9ea from qemu
2018-02-20 13:34:47 -05:00
Richard Henderson cacb60b57b
target-i386: Enable control registers for MPX
Enable and disable at CPL changes, MSR changes, and XRSTOR changes.

Backports commit f4f1110e4b34797ddfa87bb28f9518b9256778be from qemu
2018-02-20 13:27:46 -05:00
Richard Henderson 7a7a72f49b
target-i386: Implement XSAVEOPT
Backports commit c9cfe8f9fb21f086e24b3a8f7ccd9c06e4d8d9d6 from qemu
2018-02-20 12:52:10 -05:00
Richard Henderson 6c5b6a0e7f
target-i386: Add XSAVE extension
This includes XSAVE, XRSTOR, XGETBV, XSETBV, which are all related,
as well as the associate cpuid bits.

Backports commit 19dc85dba23c0db1ca932c62e453c37e00761628 from qemu
2018-02-20 12:47:52 -05:00
Richard Henderson 6657c0c54a
target-i386: Rearrange processing of 0F AE
Rather than nesting tests of OP, MOD, and RM, decode them all at once
with a switch. Also, add some missing #UD checks for e.g. incorrect
LOCK prefix.

Backports commit 121f3157887f92268a3d6169e2d4601f9292020b from qemu
2018-02-20 12:36:54 -05:00
Richard Henderson cb536601cb
target-i386: Rearrange processing of 0F 01
Rather than nesting tests of OP, MOD, and RM, decode them
all at once with a switch. Fixes incorrect decoding of
AMD Pacifica extensions (aka vmrun et al) via op==2 path.

Backports commit 1906b2af7c2345037d9b2fdf484b457b5acd09d1 from qemu
2018-02-20 12:32:45 -05:00
Richard Henderson b490486028
target-i386: Split fxsave/fxrstor implementation
We will be able to reuse these pieces for XSAVE/XRSTOR.

Backports commit 64dbaff09bb768dbbb13142862554f18ab642866 from qemu
2018-02-20 11:58:00 -05:00
Paolo Bonzini 98452daad6
target-i386: fix PSE36 mode
(pde & 0x1fe000) is a 32-bit integer; when shifting it
into bits 39-32 the result is zero. Fix it by making the
mask (and thus the result of the AND) a 64-bit integer.

Reported by Coverity.

Backports commit 388ee48a88e684e719660a2cae9c21897b94fa37 from qemu
2018-02-20 11:03:49 -05:00
Richard Henderson 65a78ebb26
target-i386: Deconstruct the cpu_T array
All references to cpu_T are done with a constant index. It aids
readability to decompose the array into two scalar variables.

Backports commit 1d1cc4d0f481b2939c7e9f6606e571b2fc81971a from qemu
2018-02-20 11:02:34 -05:00
Richard Henderson 5d45260df7
target-i386: Tidy gen_add_A0_im
Merge gen_op_addl_A0_im and gen_op_addq_A0_im into gen_add_A0_im
and clean up the ifdef.

Replace the one remaining user of gen_op_addl_A0_im with gen_add_A0_im.

Backports commit 4e85057b92d214decf10045d3d4faa2faf33d100 from qemu
2018-02-20 10:20:04 -05:00
Richard Henderson 0004dfcba3
target-i386: Rewrite leave
Unify the code across stack pointer widths. Fix the note about
not updating ESP before the potential exception.

Backports commit 2045f04c3ae030bda650f84035f114bbd84909a9 from qemu
2018-02-20 10:16:56 -05:00
Richard Henderson 7dd4fcc621
target-i386: Rewrite gen_enter inline
Use gen_lea_v_seg for centralized segment base knowledge. Unify
code across 32- and 64-bit. Fix note about "must save state"
before using the out-of-line helpers.

Backports commit 743e398e2fbf2f7183bf7a53c9d011fabcaa1770 from qemu
2018-02-20 10:13:43 -05:00
Richard Henderson 302752df8b
target-i386: Use gen_lea_v_seg in pusha/popa
More centralization of handling of segment bases.
Also fixes the note about 16-bit wrap around not fully handled.

Backports commit d37ea0c04723f3e15fde55fe97cff6278159929b from qemu
2018-02-20 10:07:46 -05:00
Richard Henderson 092c7bea97
target-i386: Access segs via TCG registers
Having segs[].base as a register significantly improves code
generation for real and protected modes, particularly for TBs
that have multiple memory references where the segment base
can be held in a hard register through the TB.

Backports commit 3558f8055f37a34762b7a2a0f02687e6eeab893d from qemu
2018-02-20 10:02:37 -05:00
Richard Henderson 969f8ab407
target-i386: Use gen_lea_v_seg in stack subroutines
I.e. gen_push_v, gen_pop_T0, gen_stack_A0.
More centralization of handling of segment bases.

Backports commit 77ebcad04f3659fa7eb799928fdd68280fac720d from qemu
2018-02-20 09:28:40 -05:00
Richard Henderson 0d1766a9f0
target-i386: Use gen_lea_v_seg in gen_lea_modrm
Centralize handling of segment bases.

Backports commit d6a2914984c89fa0a3125b9842e0cbf68de79a3d from qemu
2018-02-20 09:23:49 -05:00
Richard Henderson f3220dbb8c
target-i386: Introduce mo_stacksize
Centralize computation of a MO_SIZE for the stack pointer.

Backports commit 64ae256c2450262e27f07657c5734d3197458d95 from qemu
2018-02-20 09:18:48 -05:00
Richard Henderson 63c4e79870
target-i386: Create gen_lea_v_seg
Add forgotten zero-extension in the TARGET_X86_64, !CODE64, ss32 case;
use this new function to implement gen_string_movl_A0_EDI,
gen_string_movl_A0_ESI, gen_add_A0_ds_seg.

Backports commit ca2f29f555805d07fb0b9ebfbbfc4e3656530977 from qemu
2018-02-20 09:17:13 -05:00
Eric Blake 9ec25b4673
qom: Swap 'name' next to visitor in ObjectPropertyAccessor
Similar to the previous patch, it's nice to have all functions
in the tree that involve a visitor and a name for conversion to
or from QAPI to consistently stick the 'name' parameter next
to the Visitor parameter.

Done by manually changing include/qom/object.h and qom/object.c,
then running this Coccinelle script and touching up the fallout
(Coccinelle insisted on adding some trailing whitespace).

@ rule1 @
identifier fn;
typedef Object, Visitor, Error;
identifier obj, v, opaque, name, errp;
@@
void fn
- (Object *obj, Visitor *v, void *opaque, const char *name,
+ (Object *obj, Visitor *v, const char *name, void *opaque,
Error **errp) { ... }

@@
identifier rule1.fn;
expression obj, v, opaque, name, errp;
@@
fn(obj, v,
- opaque, name,
+ name, opaque,
errp)

Backports commit d7bce9999df85c56c8cb1fcffd944d51bff8ff48 from qemu
2018-02-19 23:14:37 -05:00
Eric Blake 5dd5646a9a
qapi: Swap visit_* arguments for consistent 'name' placement
JSON uses "name":value, but many of our visitor interfaces were
called with visit_type_FOO(v, &value, name, errp). This can be
a bit confusing to have to mentally swap the parameter order to
match JSON order. It's particularly bad for visit_start_struct(),
where the 'name' parameter is smack in the middle of the
otherwise-related group of 'obj, kind, size' parameters! It's
time to do a global swap of the parameter ordering, so that the
'name' parameter is always immediately after the Visitor argument.

Additional reason in favor of the swap: the existing include/qjson.h
prefers listing 'name' first in json_prop_*(), and I have plans to
unify that file with the qapi visitors; listing 'name' first in
qapi will minimize churn to the (admittedly few) qjson.h clients.

Later patches will then fix docs, object.h, visitor-impl.h, and
those clients to match.

Done by first patching scripts/qapi*.py by hand to make generated
files do what I want, then by running the following Coccinelle
script to affect the rest of the code base:
$ spatch --sp-file script `git grep -l '\bvisit_' -- '**/*.[ch]'`
I then had to apply some touchups (Coccinelle insisted on TAB
indentation in visitor.h, and botched the signature of
visit_type_enum() by rewriting 'const char *const strings[]' to
the syntactically invalid 'const char*const[] strings'). The
movement of parameters is sufficient to provoke compiler errors
if any callers were missed.

// Part 1: Swap declaration order
@@
type TV, TErr, TObj, T1, T2;
identifier OBJ, ARG1, ARG2;
@@
void visit_start_struct
-(TV v, TObj OBJ, T1 ARG1, const char *name, T2 ARG2, TErr errp)
+(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp)
{ ... }

@@
type bool, TV, T1;
identifier ARG1;
@@
bool visit_optional
-(TV v, T1 ARG1, const char *name)
+(TV v, const char *name, T1 ARG1)
{ ... }

@@
type TV, TErr, TObj, T1;
identifier OBJ, ARG1;
@@
void visit_get_next_type
-(TV v, TObj OBJ, T1 ARG1, const char *name, TErr errp)
+(TV v, const char *name, TObj OBJ, T1 ARG1, TErr errp)
{ ... }

@@
type TV, TErr, TObj, T1, T2;
identifier OBJ, ARG1, ARG2;
@@
void visit_type_enum
-(TV v, TObj OBJ, T1 ARG1, T2 ARG2, const char *name, TErr errp)
+(TV v, const char *name, TObj OBJ, T1 ARG1, T2 ARG2, TErr errp)
{ ... }

@@
type TV, TErr, TObj;
identifier OBJ;
identifier VISIT_TYPE =~ "^visit_type_";
@@
void VISIT_TYPE
-(TV v, TObj OBJ, const char *name, TErr errp)
+(TV v, const char *name, TObj OBJ, TErr errp)
{ ... }

// Part 2: swap caller order
@@
expression V, NAME, OBJ, ARG1, ARG2, ERR;
identifier VISIT_TYPE =~ "^visit_type_";
@@
(
-visit_start_struct(V, OBJ, ARG1, NAME, ARG2, ERR)
+visit_start_struct(V, NAME, OBJ, ARG1, ARG2, ERR)
|
-visit_optional(V, ARG1, NAME)
+visit_optional(V, NAME, ARG1)
|
-visit_get_next_type(V, OBJ, ARG1, NAME, ERR)
+visit_get_next_type(V, NAME, OBJ, ARG1, ERR)
|
-visit_type_enum(V, OBJ, ARG1, ARG2, NAME, ERR)
+visit_type_enum(V, NAME, OBJ, ARG1, ARG2, ERR)
|
-VISIT_TYPE(V, OBJ, NAME, ERR)
+VISIT_TYPE(V, NAME, OBJ, ERR)
)

Backports commit 51e72bc1dd6ace6e91d675f41a1f09bd00ab8043 from qemu
2018-02-19 22:45:07 -05:00
Richard Henderson c507f16702
tcg: Remove lingering references to gen_opc_buf
Three in comments and one in code in the stub tcg_liveness_analysis.

Backports commit 201577059331b8b3aef221ee2ed594deb99d6631 from qemu
2018-02-19 01:42:55 -05:00
Peter Maydell 963b57c8de
x86: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Backports commit b6a0aa053711e27e1a7825c1fca662beb05bee6f from qemu
2018-02-19 01:00:09 -05:00
Huaitong Han e3d01bc57e
target-i386: Add PKU and and OSPKE support
Add PKU and OSPKE CPUID features, including xsave state and
migration support.

Backports commit f74eefe0b98cd7e13825de8e8d9f32e22aed102c from qemu
2018-02-19 00:07:31 -05:00
Haozhong Zhang be65d10c09
target-i386: Add support to migrate vcpu's TSC rate
This patch enables migrating vcpu's TSC rate. If KVM on the
destination machine supports TSC scaling, guest programs will
observe a consistent TSC rate across the migration.

If TSC scaling is not supported on the destination machine, the
migration will not be aborted and QEMU on the destination will
not set vcpu's TSC rate to the migrated value.

If vcpu's TSC rate specified by CPU option 'tsc-freq' on the
destination machine is inconsistent with the migrated TSC rate,
the migration will be aborted.

For backwards compatibility, the migration of vcpu's TSC rate is
disabled on pc-*-2.5 and older machine types.

Backports relevant parts of commit 36f96c4b6bd25f43000c317518ff3df10202bc75 from qemu
2018-02-18 23:59:08 -05:00
Eduardo Habkost 974c3bfdd3
target-i386: Add suffixes to MMReg struct fields
This will ensure we never use the MMX_* and ZMM_* macros with the
wrong struct type.

Backports commit f23a9db6bca5b9a228c77bbcaa06d01510e148b7 from qemu
2018-02-18 23:57:16 -05:00
Eduardo Habkost 0b1f839189
target-i386: Define MMREG_UNION macro
This will simplify the definitions of ZMMReg and MMXReg.

Backports commit 31d414d649b289ff9d1e048c41554298d1094fd3 from qemu
2018-02-18 23:55:29 -05:00
Eduardo Habkost 831fdde7fa
target-i386: Define MMXReg._d field
Add a new field and reorder MMXReg fields, to make MMXReg and
ZMMReg field lists look the same (except for the array sizes).

Backports commit 9253e1a7923e94598419ac9a7df7b8bc6cba65a5 from qemu
2018-02-18 23:54:09 -05:00
Eduardo Habkost 566acb7188
target-i386: Rename XMM_[BWLSDQ] helpers to ZMM_*
They are helpers for the ZMMReg fields, so name them accordingly.

This is just a global search+replace, no other changes are being
introduced.

Backports commit 19cbd87c14ab208858ee1233b790f37cfefed4b9 from qemu
2018-02-18 23:53:16 -05:00
Eduardo Habkost e90dbe6bb9
target-i386: Rename struct XMMReg to ZMMReg
The struct represents a 512-bit register, so name it accordingly.

This is just a global search+replace, no other changes are being
introduced.

Backports commit fa4518741ed69aa7993f9c15bb52eacc375681fc from qemu
2018-02-18 23:46:30 -05:00
Eduardo Habkost 326fa3d207
target-i386: Use a _q array on MMXReg too
Make MMXReg use the same field names used on XMMReg, so we can
try to reuse macros and other code later.

Backports commit 9618f40f06e90c8fa8ae06b56c7404a7cc937e22 from qemu
2018-02-18 23:20:26 -05:00
Eduardo Habkost ea83d22cdf
target-i386/ops_sse.h: Use MMX_Q macro
We have a MMX_Q macro in addition to MMX_{B,W,L}. Use it.

Backports commit 83625474b340c0f1eb2544d7a6e898cc68e868a2 from qemu
2018-02-18 23:16:21 -05:00
Eduardo Habkost baf37a04ad
target-i386: Rename optimize_flags_init()
Rename the function so that the reason for its existence is
clearer: it does x86-specific initialization of TCG structures.

Backports commit 63618b4ed48f0fc2a7a3fd1117e2f0b512248dab from qemu
2018-02-18 22:56:02 -05:00
Peter Maydell e07cd2542c
exec.c: Drop TARGET_HAS_ICE define and checks
The TARGET_HAS_ICE #define is intended to indicate whether a target-*
guest CPU implementation supports the breakpoint handling. However,
all our guest CPUs have that support (the only two which do not
define TARGET_HAS_ICE are unicore32 and openrisc, and in both those
cases the bp support is present and the lack of the #define is just
a bug). So remove the #define entirely: all new guest CPU support
should include breakpoint handling as part of the basic implementation.

Backports commit ec53b45bcd1f74f7a4c31331fa6d50b402cd6d26 from qemu
2018-02-18 18:17:14 -05:00
Peter Maydell 51369b67cd
exec.c: Allow target CPUs to define multiple AddressSpaces
Allow multiple calls to cpu_address_space_init(); each
call adds an entry to the cpu->ases array at the specified
index. It is up to the target-specific CPU code to actually use
these extra address spaces.

Since this multiple AddressSpace support won't work with
KVM, add an assertion to avoid confusing failures.

Backports commit 12ebc9a76dd7702aef0a3618717a826c19c34ef4 from qemu
2018-02-17 22:35:13 -05:00
Peter Maydell f1b237236c
exec.c: Don't set cpu->as until cpu_address_space_init
Rather than setting cpu->as unconditionally in cpu_exec_init
(and then having target-i386 override this later), don't set
it until the first call to cpu_address_space_init.

This requires us to initialise the address space for
both TCG and KVM (KVM doesn't need the AS listener but
it does require cpu->as to be set).

For target CPUs which don't set up any address spaces (currently
everything except i386), add the default address_space_memory
in qemu_init_vcpu().

Backports commit 56943e8cc14b7eeeab67d1942fa5d8bcafe3e53f from qemu
2018-02-17 22:24:36 -05:00
Paolo Bonzini 3dab621825
target-i386: do not duplicate page protection checks
x86_cpu_handle_mmu_fault is currently checking twice for writability
and executability of pages; the first time to decide whether to
trigger a page fault, the second time to compute the "prot" argument
to tlb_set_page_with_attrs.

Reorganize code so that first "prot" is computed, then it is used
to check whether to raise a page fault, then finally PROT_WRITE is
removed if the D bit will have to be set.

Backports commit 76c64d33601a4948d6f72022992574a75b6fab97 from qemu
2018-02-17 20:59:54 -05:00
Xiao Guangrong ba067e4411
target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURES
Now these instructions are handled by TCG and can be added to the
TCG_7_0_EBX_FEATURES macro.

Backports commit 0c47242b519a224279f13c685aa6e79347f97b85 from qemu
2018-02-17 17:26:53 -05:00
Eduardo Habkost 4a70bfed55
target-i386: tcg: Check right CPUID bits for clflushopt/pcommit
Detect the clflushopt and pcommit instructions and check their
corresponding feature flags, instead of checking CPUID_SSE and
CPUID_CLFLUSH.

Backports commit 891bc821a3ee462b09b1ec436f2891f00ab1f85b from qemu
2018-02-17 17:25:36 -05:00
Eduardo Habkost 6d0dae872d
target-i386: tcg: Accept clwb instruction
Accept the clwb instruction (66 0F AE /6) if its corresponding feature
flag is enabled on CPUID[7].

Backports commit 5e1fac2dba7780e0cb2c022d4b39586af70bea0d from qemu
2018-02-17 17:23:54 -05:00
Xiao Guangrong 003b2155a1
target-i386: Enable clflushopt/clwb/pcommit instructions
These instructions are used by NVDIMM drivers and the specification is
located at:
https://software.intel.com/sites/default/files/managed/0d/53/319433-022.pdf

There instructions are available on Skylake Server.

Backports commit f7fda280948a5e74aeb076ef346b991ecb173c56 from qemu
2018-02-17 15:34:57 -05:00
Eduardo Habkost b558a66ba2
target-i386: Remove POPCNT from qemu64 and qemu32 CPU models
POPCNT is not available on Penryn and older and on Opteron_G2 and older,
and we want to make the default CPU runnable in most hosts, so it won't
be enabled by default in KVM mode.

We should eventually have all features supported by TCG enabled by
default in TCG mode, but as we don't have a good mechanism today to
ensure we have different defaults in KVM and TCG mode, disable POPCNT in
the qemu64 and qemu32 CPU models entirely.

Backports commit 6aa91e4a0237ddcebb85e3a95e166f3b3cfa42ae from qemu
2018-02-17 15:33:29 -05:00
Eduardo Habkost 716da652e7
target-i386: Remove ABM from qemu64 CPU model
ABM is not available on Sandy Bridge and older, and we want to make the
default CPU runnable in most hosts, so it won't be enabled by default in
KVM mode.

We should eventually have all features supported by TCG enabled by
default in TCG mode, but as we don't have a good mechanism today to
ensure we have different defaults in KVM and TCG mode, disable ABM in
the qemu64 CPU model entirely.

Backports commit 711956722c6764336f8b78a2106e57c55f02f36d from qemu
2018-02-17 15:32:41 -05:00
Eduardo Habkost d108029fb3
target-i386: Remove SSE4a from qemu64 CPU model
SSE4a is not available in any Intel CPU, and we want to make the default
CPU runnable in most hosts, so it doesn't make sense to enable it by
default in KVM mode.

We should eventually have all features supported by TCG enabled by
default in TCG mode, but as we don't have a good mechanism today to
ensure we have different defaults in KVM and TCG mode, disable SSE4a in
the qemu64 CPU model entirely.

Backports commit 0909ad24b2769368716c85f79fbb995dbb7041a9 from qemu
2018-02-17 15:31:59 -05:00
Paolo Bonzini 2e6770c643
target-i386: fix pcmpxstrx equal-ordered (strstr) mode
In this mode, referring an invalid element of the source forces the
result to false (table 4-7, last column) but referring an invalid
element of the destination forces the result to true, so the outer
loop should still be run even if some elements of the destination
will be invalid. They will be avoided in the inner loop, which
correctly bounds "i" to validd, but they will still contribute to a
positive outcome of the search.

This fixes tst_strstr in glibc 2.17.

Backports commit 54c54f8b56047d3c2420e1ae06a6a8890c220ac4 from qemu
2018-02-17 15:24:15 -05:00
Richard Henderson c01a6dab0a
target-*: Advance pc after recognizing a breakpoint
Some targets already had this within their logic, but make sure
it's present for all targets.

Backports commit 522a0d4e3c0d397ffb45ec400d8cbd426dad9d17 from qemu
2018-02-17 15:24:11 -05:00
Richard Henderson 3ec0adcc07
target-*: Introduce and use cpu_breakpoint_test
Reduce the boilerplate required for each target. At the same time,
move the test for breakpoint after calling tcg_gen_insn_start.

Note that arm and aarch64 do not use cpu_breakpoint_test, but still
move the inline test down after tcg_gen_insn_start.

Backports commit b933066ae03d924a92b2616b4a24e7d91cd5b841 from qemu
2018-02-17 15:24:10 -05:00
Eduardo Habkost 67f13016b3
target-i386: Don't left shift negative constant
Left shift of negative values is undefined behavior. Detected by clang:
qemu/target-i386/translate.c:2423:26: runtime error:
left shift of negative value -8

This changes the code to reverse the sign after the left shift.

Backports commit 712b4243c761cb6ab6a4367a160fd2a42e2d4b76 from qemu
2018-02-17 15:24:10 -05:00
Eduardo Habkost 828d48d077
target-i386: Use 1UL for bit shift
Fix undefined behavior detected by clang runtime check:

qemu/target-i386/cpu.c:1494:15: runtime error:
left shift of 1 by 31 places cannot be represented in type 'int'

While doing that, add extra parenthesis for clarity.

Backports commit 72370dc1149d7c90d2c2218e0d0658bee23a5bf7 from qemu
2018-02-17 15:24:06 -05:00
Eduardo Habkost feb90cf413
target-i386: Add DE to TCG_FEATURES
Now DE is supported by TCG so it can be enabled in CPUID bits.

Backports commit b6c5a6f021f485fc36bca678b2c867e9b6783924 from qemu
2018-02-17 15:24:06 -05:00
Richard Henderson fcc9dbc103
target-i386: Check CR4[DE] for processing DR4/DR5
Introduce helper_get_dr so that we don't have to put CR4[DE]
into the scarce HFLAGS resource. At the same time, rename
helper_movl_drN_T0 to helper_set_dr and set the helper flags.

Backports commit d0052339236072bbf08c1d600c0906126b1ab258 from qemu
2018-02-17 15:24:06 -05:00
Eduardo Habkost c6bfe2a03d
target-i386: Handle I/O breakpoints
Backports commit 5223a9423c5fb9e32b0c3eaaa2c0bf8c5cfd6866 from qemu
2018-02-17 15:24:06 -05:00
Richard Henderson d1cfcb6d79
target-i386: Optimize setting dr[0-3]
If the debug register is not enabled, we need
do nothing besides update the register.

Backports commit 7525b55051277717329cf64a9e1d5cff840d6f38 from qemu
2018-02-17 15:24:06 -05:00
Richard Henderson 805e0ba7b2
target-i386: Move hw_*breakpoint_* functions
They're only used from bpt_helper.c now.

Backports commit 696ad9e4b27a49a9706010d00b31b17fe1f0d569 from qemu
2018-02-17 15:24:05 -05:00
Eduardo Habkost e88063fa05
target-i386: Ensure bit 10 on DR7 is never cleared
Bit 10 of DR7 is documented as always set to 1, so ensure that's
always the case.

Backports commit 9055330ffbf5ca85f024c29874799d9c8bd17aa9 from qemu
2018-02-17 15:24:05 -05:00
Richard Henderson 77b129a1c6
target-i386: Re-introduce optimal breakpoint removal
Before the last patch, we had an efficient loop that disabled
local breakpoints on task switch. Re-add that, but in a more
general way that handles changes to the global enable bits too.

Backports commit 36eb6e096729f9aade3a6af7dbe4d0a990335d7e from qemu
2018-02-17 15:24:05 -05:00
Richard Henderson 0ad95f8341
target-i386: Introduce cpu_x86_update_dr7
This moves the last of the iteration over breakpoints into
the bpt_helper.c file. This also allows us to make several
breakpoint functions static.

Backports commit 93d00d0fbe4711061834730fb70525d167b6f908 from qemu
2018-02-17 15:24:05 -05:00
Paolo Bonzini c5c44f3a8a
target-i386: allow any alignment for SMBASE
Processors up to the Pentium (says Bochs---I do not have old enough
manuals) require a 32KiB alignment for the SMBASE, but newer processors
do not need that, and Tiano Core will use non-aligned SMBASE values.

Backports commit dd75d4fcb4a82c34d4f466e7fc166162b71ff740 from qemu
2018-02-17 15:24:05 -05:00
Richard Henderson a5ac288135
tcg: Remove gen_intermediate_code_pc
It is no longer used, so tidy up everything reached by it.
This includes the gen_opc_* arrays, the search_pc parameter
and the inline gen_intermediate_code_internal functions.

Backports commit 4e5e1215156662b2b153255c49d4640d82c5568b from qemu
2018-02-17 15:23:59 -05:00
Richard Henderson 1cbd175736
tcg: Pass data argument to restore_state_to_opc
The gen_opc_* arrays are already redundant with the data stored in
the insn_start arguments. Transition restore_state_to_opc to use
data from the latter.

Backports commit bad729e272387de7dbfa3ec4319036552fc6c107 from qemu
2018-02-17 15:23:58 -05:00
Lioncash b115c5509d
tcg: Add TCG_MAX_INSNS
Adjust all translators to respect it.

Backports commit 190ce7fbc79fd0883a6170d7f30da59d366e6830 from qemu
2018-02-17 15:23:58 -05:00
Richard Henderson 5637099383
target-*: Drop cpu_gen_code define
This symbol no longer exists.

Backports commit dc03246cc377268db63abc8c5663ef571aec2eea from qemu
2018-02-17 15:23:57 -05:00
Richard Henderson f05c35c49c
target-i386: Add cc_op state to insn_start
Backports commit 2066d09516ba34d0d180fdea451436d9babb3308 from qemu
2018-02-17 15:23:56 -05:00
Paolo Bonzini 96e0535c76
target-i386: add ABM to Haswell* and Broadwell* CPU models
ABM is only implemented as a single instruction set by AMD; all AMD
processors support both instructions or neither. Intel considers POPCNT
as part of SSE4.2, and LZCNT as part of BMI1, but Intel also uses AMD's
ABM flag to indicate support for both POPCNT and LZCNT. It has to be
added to Haswell and Broadwell because Haswell, by adding LZCNT, has
completed the ABM.

Tested with "qemu-kvm -cpu Haswell-noTSX,enforce" (and also with older
machine types) on an Haswell-EP machine.

Backports commit becb66673ec30cb604926d247ab9449a60ad8b11 from qemu
2018-02-17 15:23:55 -05:00
Bill Paul 5b14f0ed52
Correctly re-init EFER state during INIT IPI
When doing a re-initialization of a CPU core, the default state is to _not_
have 64-bit long mode enabled. This means the LME (long mode enable) and LMA
(long mode active) bits in the EFER model-specific register should be cleared.

However, the EFER state is part of the CPU environment which is
preserved by do_cpu_init(), so if EFER.LME and EFER.LMA were set at the
time an INIT IPI was received, they will remain set after the init completes.

This is contrary to what the Intel architecture manual describes and what
happens on real hardware, and it leaves the CPU in a weird state that the
guest can't clear.

To fix this, the 'efer' member of the CPUX86State structure has been moved
to an area outside the region preserved by do_cpu_init(), so that it can
be properly re-initialized by x86_cpu_reset().

Backports commit 2188cc52cb363433751f72b991d8fb05fc60e39d from qemu
2018-02-17 15:23:55 -05:00
Peter Crosthwaite 1faea35feb
i386: Rename ELF_MACHINE to be x86 specific
Rename ELF_MACHINE to be I386 specific. This is used as-is by the
multiboot loader.

Linux-user previously used this definition but will not anymore,
falling back to the default bahaviour of using ELF_ARCH as ELF_MACHINE.

This removes another architecture specific definition from the global
namespace.

Backports commit a5e8788f89312f19f54dba0454ee5bf7209b4cd7 from qemu
2018-02-17 15:23:55 -05:00