Straightforward replacement, except for qemu_kill_report(), which
printed a common part of its error message first, then the applicable
special part. Print each complete message with a single
error_report() instead.
Multi-line messages were replaced by error_report() followed by
error_printf().
The following changes were made to the error messages:
* The "invalid date format" message was reworded to better fit
the new error_report()+error_printf() pattern.
* On the remaining messages, only the trailing newlines, "qemu:" and
"error:" message prefixes were removed.
Backports relevant parts of commit f61eddcb2bb5cbbdd1d911b7e937db9affc29028 from qemu
If this CPU supports EL3, enhance the printing of the current
CPU mode in debug logging to distinguish S from NS modes as
appropriate.
Backports commit 06e5cf7acd1f94ab7c1cd6945974a1f039672940 from qemu
The AArch64 debug CPU display of PSTATE as "PSTATE=200003c5 (flags --C-)"
on the end of the same line as the last of the general purpose registers
is unnecessarily different from the AArch32 display of PSR as
"PSR=200001d3 --C- A svc32" on its own line. Update the AArch64
code to put PSTATE in its own line and in the same format, including
printing the exception level (mode).
Backports commit 08b8e0f527930208a548b424d2ab3103bf3c8c02 from qemu
Correct updating XContext.Region field on mmu exceptions.
If Config3.CTXTC = 0 then the R field of XContext has to be updated
with the value of bits 63..62 of the virtual address upon a TLB
exception.
Also fixed the below line which overs 80 characters.
Backports commit 60270f85cc93d2d34e45b7679c374b1d771f0eeb from qemu
Add SIGRIE (Signal Reserved Instruction Exception) for both MIPS and
microMIPS.
The instruction allows to use the 16-bit code field for software use.
This instruction is introduced by and required as of Release 6.
Backports commit bb238210bb096534b68dab15a87c6ff0bef43672 from qemu
Set Config5.XNP for R6 cores to indicate the extended LL/SC family
of instructions NOT present.
Backports commit 35ac9e342e008e3d47ef18d33a6977fdb99de9cd from qemu
Add Performance Counter (4) and XNP (5) register numbers to RDHWR.
Add check_hwrena() to simplify access control checkings.
Add RDHWR support to microMIPS R6.
Backports commit b00c72180c36510bf9b124e190bd520e3b7e1358 from qemu
Implement the relationship between CP0.Status.KX, SX and UX. It should not
be possible to set UX bit if SX is 0, the same applies for setting SX if
KX is 0.
Backports commit 2dcf7908d9e0274c08911400beb7ed14276bb170 from qemu
In Release 6, the behaviour of WAIT has been modified to make it a
requirement that a processor that has disabled operation as a result of
executing a WAIT will resume operation on arrival of an interrupt even if
interrupts are not enabled.
Backports commit 7540a43a1d9de71fa7a53ccd2bb24a04e2aace41 from qemu
qobject_to_qstring() crashes on null, which is a trap for the unwary.
Return null instead, and simplify a few callers.
Backports commit 7f0278435df1fa845b3bd9556942f89296d4246b from qemu
qobject_to_qlist() crashes on null, which is a trap for the unwary.
Return null instead.
Backports commit 2d6421a90047a83f6722832405fe09571040ea5b from qemu
qobject_to_qfloat() and qobject_to_qint() crash on null, which is a
trap for the unwary. Return null instead, and simplify a few callers.
Backports commit fcf73f66a67f5e58c18216f8c8651e38cf4d90af from qemu
qobject_to_qdict() crashes on null, which is a trap for the unwary.
Return null instead, and simplify a few callers.
Backports commit 89cad9f3ec6b30d7550fb5704475fc9c3393a066 from qemu
qobject_to_qbool() crashes on null, which is a trap for the unwary.
Return null instead, and simplify a few callers.
Backports commit 14b6160099f0caf5dc9d62e637b007bc5d719a96 from qemu
Some targets already had this within their logic, but make sure
it's present for all targets.
Backports commit 522a0d4e3c0d397ffb45ec400d8cbd426dad9d17 from qemu
Reduce the boilerplate required for each target. At the same time,
move the test for breakpoint after calling tcg_gen_insn_start.
Note that arm and aarch64 do not use cpu_breakpoint_test, but still
move the inline test down after tcg_gen_insn_start.
Backports commit b933066ae03d924a92b2616b4a24e7d91cd5b841 from qemu
Left shift of negative values is undefined behavior. Detected by clang:
qemu/target-i386/translate.c:2423:26: runtime error:
left shift of negative value -8
This changes the code to reverse the sign after the left shift.
Backports commit 712b4243c761cb6ab6a4367a160fd2a42e2d4b76 from qemu
Introduce ARMMMUFaultInfo to propagate MMU Fault information
across the MMU translation code path. This is in preparation for
adding Stage-2 translation.
No functional changes.
Backports commit e14b5a23d8c83304559f31397f95d22ada60a19a from qemu
The starting level for S2 pagetable walks is computed
differently from the S1 starting level. Implement the S2
variant.
Backports commit 1853d5a9dcac910322c6cc5b2fddec45fd052d25 from qemu
Rename granule_sz to stride to better match the reference manuals.
No functional change.
Backports commit 973a5434825c076995218868b5b3047e5de400c6 from qemu
Remove the tsz variable and introduce inputsize.
This simplifies the code a little and makes it easier to
compare with the reference manuals.
No functional change.
Backports commit 4ca6a051758edf625a17dfc4ce4ab72edabac170 from qemu
Add support for AArch32 S2 negative t0sz. In preparation for
using 40bit IPAs on AArch32.
Backports commit 4ee38098010240e0b390061fdd0151ff62d80279 from qemu
Move declaration of t0sz and t1sz to the top of the function
avoiding a mix of code and variable declarations.
No functional change.
Backports commit 1f4c8c18a5b6f4fad13e13b7e3828124c6c8f34d from qemu
Make t0sz and t1sz signed integers to match tsz and to make
it easier to implement support for AArch32 negative t0sz.
t1sz is changed for consistensy.
No functional change.
Backports commit 5c31a10d16c595d6a59e3e7fc1808c3b1d03e02f from qemu
When the memory we're trying to translate code from is not executable we have
to turn this into a guest fault. In order to report the correct PC for this
fault, and to make sure it is not reported until after any other possible
faults for instructions earlier in execution, we must terminate TBs at
the end of a page, in case the next instruction is in a non-executable page.
This is simple for T16, A32 and A64 instructions, which are always aligned
to their size. However T32 instructions may be 32-bits but only 16-aligned,
so they can straddle a page boundary.
Correct the condition that checks whether the next instruction will touch
the following page, to ensure that if we're 2 bytes before the boundary
and this insn is T32 then we end the TB.
Backports commit 541ebcd401ee47f3c1a3ce503ef5466b75e9d20a from qemu
The code in arm_excp_unmasked() suppresses the ability of PSTATE.AIF
to mask exceptions from a lower EL targeting EL2 or EL3 if the
CPU is 64-bit. This is correct for a target of EL3, but not correct
for targeting EL2. Further, we go to some effort to calculate
scr and hcr values which are not used at all for the 64-bit CPU
case.
Rearrange the code to correctly implement the 64-bit CPU logic
and keep the hcr/scr calculations in the 32-bit CPU codepath.
Backports commit 7cd6de3bb1ca55dfa8f53fb9894803eb33f497b3 from qemu
Fix undefined behavior detected by clang runtime check:
qemu/target-i386/cpu.c:1494:15: runtime error:
left shift of 1 by 31 places cannot be represented in type 'int'
While doing that, add extra parenthesis for clarity.
Backports commit 72370dc1149d7c90d2c2218e0d0658bee23a5bf7 from qemu
Introduce helper_get_dr so that we don't have to put CR4[DE]
into the scarce HFLAGS resource. At the same time, rename
helper_movl_drN_T0 to helper_set_dr and set the helper flags.
Backports commit d0052339236072bbf08c1d600c0906126b1ab258 from qemu
If the debug register is not enabled, we need
do nothing besides update the register.
Backports commit 7525b55051277717329cf64a9e1d5cff840d6f38 from qemu
Before the last patch, we had an efficient loop that disabled
local breakpoints on task switch. Re-add that, but in a more
general way that handles changes to the global enable bits too.
Backports commit 36eb6e096729f9aade3a6af7dbe4d0a990335d7e from qemu
This moves the last of the iteration over breakpoints into
the bpt_helper.c file. This also allows us to make several
breakpoint functions static.
Backports commit 93d00d0fbe4711061834730fb70525d167b6f908 from qemu
Processors up to the Pentium (says Bochs---I do not have old enough
manuals) require a 32KiB alignment for the SMBASE, but newer processors
do not need that, and Tiano Core will use non-aligned SMBASE values.
Backports commit dd75d4fcb4a82c34d4f466e7fc166162b71ff740 from qemu
Running barebox on qemu-system-mips* with '-d unimp' overloads
stderr by very very many mips_cpu_handle_mmu_fault() messages:
mips_cpu_handle_mmu_fault address=b80003fd ret 0 physical 00000000180003fd prot 3
mips_cpu_handle_mmu_fault address=a0800884 ret 0 physical 0000000000800884 prot 3
mips_cpu_handle_mmu_fault pc a080cd80 ad b80003fd rw 0 mmu_idx 0
So it's very difficult to find LOG_UNIMP message.
The mips_cpu_handle_mmu_fault() messages appear on enabling ANY
logging! It's not very handy.
Adding separate log category for *_cpu_handle_mmu_fault()
logging fixes the problem.
Backports commit 339aaf5b7f26d1e638641c59a44883b7654bd8ea from qemu
Extend MIPS movcond implementation to support the SELNEZ/SELEQZ
instructions introduced in MIPS r6 (where MOVN/MOVZ have been removed).
Whereas the "MOVN/MOVZ rd, rs, rt" instructions have the following
semantics:
rd = [!]rt ? rs : rd
The "SELNEZ/SELEQZ rd, rs, rt" instructions are slightly different:
rd = [!]rt ? rs : 0
First we ensure that if one of the movcond input values is zero that it
comes last (we can swap the input arguments if we invert the condition).
This is so that it can exactly match one of the SELNEZ/SELEQZ
instructions and avoid the need to emit the other one.
Otherwise we emit the opposite instruction first into a temporary
register, and OR that into the result:
SELNEZ/SELEQZ TMP1, v2, c1
SELEQZ/SELNEZ ret, v1, c1
OR ret, ret, TMP1
Which does the following:
ret = cond ? v1 : v2
Backports commit 137d63902faf4960081856db9242cbaf234a23af from qemu
MIPSr6 adds several new integer multiply, divide, and modulo
instructions, and removes several pre-r6 encodings, along with the HI/LO
registers which were the implicit operands of some of those
instructions. Update TCG to use the new instructions when built for r6.
The new instructions actually map much more directly to the TCG ops, as
they only provide a single 32-bit half of the result and in a normal
general purpose register instead of HI or LO.
The mulu2_i32 and muls2_i32 operations are no longer appropriate for r6,
so they are removed from the TCG opcode table. This is because they
would need to emit two separate host instructions anyway (for the high
and low half of the result), which TCG can arrange automatically for us
in the absense of mulu2_i32/muls2_i32 by splitting it into mul_i32 and
mul*h_i32 TCG ops.
Backports commit bc6d0c22b09a72897d9db4482076f89e7de97400 from qemu
MIPSr6 encodes JR as JALR with zero as the link register, and the pre-r6
JR encoding is removed. Update TCG to use the new encoding when built
for r6.
We still use the old encoding for pre-r6, so as not to confuse return
prediction stack hardware which may detect only particular encodings of
the return instruction.
Backports commit 6e0d096989be52c2b945fc83a9bd15d887bbdb47 from qemu
Add definition use_mips32r6_instructions to the MIPS TCG backend which
is constant 1 when built for MIPS release 6. This will be used to decide
between pre-R6 and R6 instruction encodings.
Backports commit ce14bd4d469f3a14f6cbfceb6360aee066a60d72 from qemu
We already have a TLADDR_ARGS definition, so rearrange the order
slightly and use it in the definition of insn_start, instead of
having an #ifdef.
Backports commit c0e40dbdcc291c85faa289a53be60b7b1b7c7598 from qemu
Restrict the size of code_gen_buffer to 2GB on ppc64, which
lets us assert that everything is reachable with addis+addi
from tb_ret_addr. This lets us use a max of 4 insns for goto_tb
instead of 7.
Emit the indirect branch portion of goto_tb up front, which
means we only have to update two insns to update any link.
With a 64-bit store, we can update the link atomically, which
may be required in future.
Backports commit 5bfd75a35c11dd3aa61c73d0d2cd88137c31519c from qemu
Changing the prologue to the beginning of the code_gen_buffer
changes the direction of the "return" branch. Need to change
the logic to match.
Backports commit 70f897bdc4ce4101ec008317d43090f532bfb07d from qemu
Anonymous and file-backed RAM allocation are now almost exactly the same.
Reduce code duplication by moving RAM mmap code out of oslib-posix.c and
exec.c.
Backports commit 794e8f301a17953efa78ab7538019ec43c59e82a from qemu
A QEMU breakpoint match is not definitely an architectural breakpoint
match. If an exception is generated unconditionally during translation,
it is hardly possible to ignore it in the debug exception handler.
Generate a call to a helper to check CPU breakpoints and raise an
exception only if any breakpoint matches architecturally.
Backports commit 5d98bf8f38c17a348ab6e8af196088cd4953acd0 from qemu
GDB breakpoints have higher priority so they have to be checked first.
Should GDB breakpoint match, just return from the debug exception
handler.
Backports commit e63a2d4d9ed73e33a0b7483085808048be8bbcb1 from qemu
Implement debug exception routing according to ARM ARM D2.3.1 Pseudocode
description of routing debug exceptions.
Backports commit 81669b8b81eb450d7b89ee5fdd57bdb73d87022d from qemu
Add the MDCR_EL2 register. We don't implement any of
the debug-related traps this register controls yet, so
currently it simply reads back as written.
Backports commit 14cc7b54372995a6ba72c7719372e4f710fc9b5a from qemu
Added oslar_write function to OSLAR_EL1 sysreg, using a status variable
in ARMCPUState.cp15 struct (oslsr_el1). This variable is also linked
to the newly added read-only OSLSR_EL1 register.
Linux reads from this register during its suspend/resume procedure.
Backports commit 1424ca8d4320427c3e93722b65e19077969808a2 from qemu
It is incorrect to call arm_el_is_aa64() function for unimplemented EL.
This patch fixes several attempts to do so.
Backports commit 2cde031f5a34996bab32571a26b1a6bcf3e5b5d9 from qemu
If any store instruction writes the code inside the same TB
after this store insn, the execution of the TB must be stopped
to execute new code correctly.
As described in ARMv8 manual D3.4.6 self-modifying code must do an
IC invalidation to be valid, and an ISB after it. So it's enough to end
the TB after ISB instruction on the code translation.
Also this TB break is necessary to take any pending interrupts immediately
after an ISB (as required by ARMv8 ARM D1.14.4).
Backports commit 6df99dec9e81838423d723996e96236693fa31fe from qemu
At present, the "average" guestimate of TB size is way too small, leading
to many unused entries in the pre-allocated TB array. For a guest with 1GB
ram, we're currently allocating 256MB for the array.
Survey arm, alpha, aarch64, ppc, sparc, i686, x86_64 guests running on
x86_64 and ppc64 hosts and select a new average. The size of the array
drops to 81MB with no more flushing than before.
Backports commit 126d89e8cdfa3be15d51f76906eaccbcd0023f98 from qemu
We currently pre-compute an worst case code size for any TB, which
works out to be 122kB. Since the average TB size is near 1kB, this
wastes quite a lot of storage.
Instead, check for overflow in between generating code for each opcode.
The overhead of the check isn't measurable and wastage is minimized.
Backports commit b125f9dc7bd68cd4c57189db4da83b0620b28a72 from qemu
This will catch any overflow of the buffer.
Add a native win32 alternative for alloc_code_gen_buffer;
remove the malloc alternative.
Backports commit f293709c6af7a65a9bcec09cdba7a60183657a3e from qemu
By putting the prologue at the end, we risk overwriting the
prologue should our estimate of maximum TB size. Given the
two different placements of the call to tcg_prologue_init,
move the high water mark computation into tcg_prologue_init.
Backports commit 8163b74938d8b7d12e70597c4553dd0dc49443d5 from qemu
It is no longer used, so tidy up everything reached by it.
This includes the gen_opc_* arrays, the search_pc parameter
and the inline gen_intermediate_code_internal functions.
Backports commit 4e5e1215156662b2b153255c49d4640d82c5568b from qemu
In this case, QEMU might longjmp out of cpu-exec.c and miss the final
cleanup in cpu_exec_nocache. Do this manually through a new compile
flag.
Backports commit d8a499f17ee5f05407874f29f69f0e3e3198a853 from qemu
The gen_opc_* arrays are already redundant with the data stored in
the insn_start arguments. Transition restore_state_to_opc to use
data from the latter.
Backports commit bad729e272387de7dbfa3ec4319036552fc6c107 from qemu
Since jump_pc[1] is always npc + 4, we can infer after incrementing
that jump_pc[1] == pc + 4. Because of that, we can encode the branch
destination into a single word, and store that in npc.
Backports commit 6c42444f9a53b6af39d46008cb9f650b11e96cb9 from qemu
Unify three copies of this code from different
branch types. Fix the case when npc == DYNAMIC_PC,
i.e. a branch within a delay slot.
Backports commit 2bf2e019ed0a6349220620240c0ba807846793b9 from qemu
We always pass pc2 == dc->npc and r_cond == cpu_cond,
and always set is_br afterward. Infer all of that.
Backports commit bfa31b765798139804ce9e5e35c7e142d233df31 from qemu
ABM is only implemented as a single instruction set by AMD; all AMD
processors support both instructions or neither. Intel considers POPCNT
as part of SSE4.2, and LZCNT as part of BMI1, but Intel also uses AMD's
ABM flag to indicate support for both POPCNT and LZCNT. It has to be
added to Haswell and Broadwell because Haswell, by adding LZCNT, has
completed the ABM.
Tested with "qemu-kvm -cpu Haswell-noTSX,enforce" (and also with older
machine types) on an Haswell-EP machine.
Backports commit becb66673ec30cb604926d247ab9449a60ad8b11 from qemu
When doing a re-initialization of a CPU core, the default state is to _not_
have 64-bit long mode enabled. This means the LME (long mode enable) and LMA
(long mode active) bits in the EFER model-specific register should be cleared.
However, the EFER state is part of the CPU environment which is
preserved by do_cpu_init(), so if EFER.LME and EFER.LMA were set at the
time an INIT IPI was received, they will remain set after the init completes.
This is contrary to what the Intel architecture manual describes and what
happens on real hardware, and it leaves the CPU in a weird state that the
guest can't clear.
To fix this, the 'efer' member of the CPUX86State structure has been moved
to an area outside the region preserved by do_cpu_init(), so that it can
be properly re-initialized by x86_cpu_reset().
Backports commit 2188cc52cb363433751f72b991d8fb05fc60e39d from qemu
Rename ELF_MACHINE to be I386 specific. This is used as-is by the
multiboot loader.
Linux-user previously used this definition but will not anymore,
falling back to the default bahaviour of using ELF_ARCH as ELF_MACHINE.
This removes another architecture specific definition from the global
namespace.
Backports commit a5e8788f89312f19f54dba0454ee5bf7209b4cd7 from qemu
The only generic code relying on this is linux-user, but linux users'
default behaviour of defaulting ELF_MACHINE to ELF_ARCH will handle
this.
The bootloaders can just pass EM_MIPS directly, as that is
architecture specific code.
This removes another architecture specific definition from the global
namespace.
Backports commit 04ce380e9e3fad1dbf4e86ebdf9315573a06b30e from qemu
The bootloaders can just pass EM_SPARC or EM_SPARCV9 directly, as
they are architecture specific code (to one or the other).
This removes another architecture specific definition from the global
namespace.
Backports commit 77452383e0c45704e2339b58eac29a3730bc18b1 from qemu
The only generic code relying on this is linux-user, but linux users'
default behaviour of defaulting ELF_MACHINE to ELF_ARCH will handle
this.
The machine model bootloaders can just pass EM_68K directly, as that
is architecture specific code.
This removes another architecture specific definition from the global
namespace.
Backports commit 45e6b8b61a7bbb71d1fa6c4193b47ba3a1f9f033 from qemu
The only generic code relying on this is linux-user. Linux user
already has a lot of #ifdef TARGET_ customisation so instead, define
ELF_ARCH as either EM_ARM or EM_AARCH64 appropriately.
The armv7m bootloader can just pass EM_ARM directly, as that
is architecture specific code. Note that arm_boot already has its own
logic selecting an arm specific elf machine so this makes V7M more
consistent with arm_boot.
This removes another architecture specific definition from the global
namespace.
Backports commit b597c3f7da17fcb37d394a16a6c0ef0a02846177 from qemu
Fix formatting of local apic definitions and drop unused constant
APIC_INPUT_POLARITY, APIC_SEND_PENDING. Magic numbers in shifts are
replaced with constants defined just above.
Backports commit b6cfc3c2ac5a1025d8fe7d74421a73ec495408f9 from qemu
Added prefix APIC_ for determining the constant of a particular subsystem,
improve the overall readability and match other constant names.
Backports commit a22bf99c5852f369dc620be2c3c93535a5b69a58 from qemu
These constants are needed for optimal access to
bit fields local apic registers without magic numbers.
Backports commit 6519d187e301c5a14a8c9b32fb93027b04a4336d from qemu
Instead of computing mem_index and s_bits in both tcg_out_qemu_ld and
tcg_out_qemu_st function and passing them to tcg_out_tlb_load, directly
pass oi to the tcg_out_tlb_load function and compute mem_index and
s_bits there.
Backports commit 81dfaf1a8f7f95259801da9732472f879023ef77 from qemu
