Commit graph

2734 commits

Author SHA1 Message Date
Igor Mammedov 607bc396c3
arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly
Backports defines from commit ba1ba5cca3962a9cc400c713c736b4fb8db1f38e from qemu
2018-03-05 00:10:21 -05:00
Cornelia Huck 6f9b7a9363
cpu: drop old comments describing members
These comments are obviously stale.

Backports commit 6fda014e1a65474c4877b36cc42e8a0f377817a4 from qemu
2018-03-05 00:03:31 -05:00
Eric Blake 3017797f7d
osdep.h: Prohibit disabling assert() in supported builds
We already have several files that knowingly require assert()
to work, sometimes because refactoring the code for proper
error handling has not been tackled yet; there are probably
other files that have a similar situation but with no comments
documenting the same. In fact, we have places in migration
that handle untrusted input with assertions, where disabling
the assertions risks a worse security hole than the current
behavior of losing the guest to SIGABRT when migration fails
because of the assertion. Promote our current per-file
safety-valve to instead be project-wide, and expand it to also
cover glib's g_assert().

Note that we do NOT want to encourage 'assert(side-effects);'
(that is a bad practice that prevents copy-and-paste of code to
other projects that CAN disable assertions; plus it costs
unnecessary reviewer mental cycles to remember whether a project
special-cases the crippling of asserts); and we would LIKE to
fix migration to not rely on asserts (but that takes a big code
audit). But in the meantime, we DO want to send a message
that anyone that disables assertions has to tweak code in order
to compile, making it obvious that they are taking on additional
risk that we are not going to support. At the same time, leave
comments mentioning NDEBUG in files that we know still need to
be scrubbed, so there is at least something to grep for.

It would be possible to come up with some other mechanism for
doing runtime checking by default, but which does not abort
the program on failure, while leaving side effects in place
(unlike how crippling assert() avoids even the side effects),
perhaps under the name q_verify(); but it was not deemed worth
the effort (developers should not have to learn a replacement
when the standard C macro works just fine, and it would be a lot
of churn for little gain). The patch specifically uses #error
rather than #warn so that a user is forced to tweak the header
to acknowledge the issue, even when not using a -Werror
compilation.

Backports commit 262a69f4282e44426c7a132138581d400053e0a1 from qemu
2018-03-05 00:01:57 -05:00
Gonglei ce71be5c05
i386/cpu/hyperv: support over 64 vcpus for windows guests
Starting with Windows Server 2012 and Windows 8, if
CPUID.40000005.EAX contains a value of -1, Windows assumes specific
limit to the number of VPs. In this case, Windows Server 2012
guest VMs may use more than 64 VPs, up to the maximum supported
number of processors applicable to the specific Windows
version being used.

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs

For compatibility, Let's introduce a new property for X86CPU,
named "x-hv-max-vps" as Eduardo's suggestion, and set it
to 0x40 before machine 2.10.

(The "x-" prefix indicates that the property is not supposed to
be a stable user interface.)

Backports relevant parts of commit 6c69dfb67e84747cf071958594d939e845dfcc0c from qemu
2018-03-05 00:00:53 -05:00
Joseph Myers a237d9dbca
target/i386: fix phminposuw in-place operation
The SSE4.1 phminposuw instruction finds the minimum 16-bit element in
the source vector, putting the value of that element in the low 16
bits of the destination vector, the index of that element in the next
three bits and zeroing the rest of the destination. The helper for
this operation fills the destination from high to low, meaning that
when the source and destination are the same register, the minimum
source element can be overwritten before it is copied to the
destination. This patch fixes it to fill the destination from low to
high instead, so the minimum source element is always copied first.
This fixes one gcc test failure in my GCC 6-based testing (and so
concludes the present sequence of patches, as I don't have any further
gcc test failures left in that testing that I attribute to QEMU bugs).

Backports commit aa406feadfc5b095ca147ec56d6187c64be015a7 from qemu
2018-03-04 23:59:26 -05:00
Joseph Myers 85b647e486
target/i386: fix pcmpxstrx substring search
One of the cases of the SSE4.2 pcmpestri / pcmpestrm / pcmpistri /
pcmpistrm instructions does a substring search. The implementation of
this case in the pcmpxstrx helper is incorrect. The operation in this
case is a search for a string (argument d to the helper) in another
string (argument s to the helper); if a copy of d at a particular
position would run off the end of s, the resulting output bit should
be 0 whether or not the strings match in the region where they
overlap, but the QEMU implementation was wrongly comparing only up to
the point where s ends and counting it as a match if an initial
segment of d matched a terminal segment of s. Here, "run off the end
of s" means that some byte of d would overlap some byte outside of s;
thus, if d has zero length, it is considered to match everywhere,
including after the end of s. This patch fixes the implementation to
correspond with the proper instruction semantics. This fixes four gcc
test failures in my GCC 6-based testing.

Backports commit ae35eea7e4a9f21dd147406dfbcd0c4c6aaf2a60 from qemu
2018-03-04 23:58:45 -05:00
Joseph Myers 59df0bae12
target/i386: fix packusdw in-place operation
The SSE4.1 packusdw instruction combines source and destination
vectors of signed 32-bit integers into a single vector of unsigned
16-bit integers, with unsigned saturation. When the source and
destination are the same register, this means each 32-bit element of
that register is used twice as an input, to produce two of the 16-bit
output elements, and so if the operation is carried out
element-by-element in-place, no matter what the order in which it is
applied to the elements, the first element's operation will overwrite
some future input. The helper for packssdw avoids this issue by
computing the result in a local temporary and copying it to the
destination at the end; this patch fixes the packusdw helper to do
likewise. This fixes three gcc test failures in my GCC 6-based
testing.

Backports commit 80e19606215d4df370dfe8fe21c558a129f00f0b from qemu
2018-03-04 23:57:54 -05:00
Joseph Myers 84b3c54b18
target/i386: set rip_offset for further SSE instructions
It turns out that my recent fix to set rip_offset when emulating some
SSE4.1 instructions needs generalizing to cover a wider class of
instructions. Specifically, every instruction in the sse_op_table7
table, coming from various instruction set extensions, has an 8-bit
immediate operand that comes after any memory operand, and so needs
rip_offset set for correctness if there is a memory operand that is
rip-relative, and my patch only set it for a subset of those
instructions. This patch moves the rip_offset setting to cover the
wider class of instructions, so fixing 9 further gcc testsuite
failures in my GCC 6-based testing. (I do not know whether there
might be still further classes of instructions missing this setting.)

Backports commit c6a8242915328cda0df0fbc0803da3448137e614 from qemu
2018-03-04 23:57:12 -05:00
Joseph Myers e883a15231
target/i386: fix pmovsx/pmovzx in-place operations
The SSE4.1 pmovsx* and pmovzx* instructions take packed 1-byte, 2-byte
or 4-byte inputs and sign-extend or zero-extend them to a wider vector
output. The associated helpers for these instructions do the
extension on each element in turn, starting with the lowest. If the
input and output are the same register, this means that all the input
elements after the first have been overwritten before they are read.
This patch makes the helpers extend starting with the highest element,
not the lowest, to avoid such overwriting. This fixes many GCC test
failures (161 in the gcc testsuite in my GCC 6-based testing) when
testing with a default CPU setting enabling those instructions.

Backports commit c6a56c8e990b213a1638af2d34352771d5fa4d9c from qemu
2018-03-04 23:56:01 -05:00
Richard Henderson 7168f72d4d
tcg/mips: Fully convert tcg_target_op_def
Backports commit 89b2e37e6506d92b00ac478e7953be6ddd7a86a9 from qemu
2018-03-04 23:54:26 -05:00
Richard Henderson 24c5be0472
tcg/sparc: Fully convert tcg_target_op_def
Backports commit 9be44a16c258287aab5a3accda153d3a5144359f from qemu
2018-03-04 23:52:18 -05:00
Richard Henderson d3b1c8d5a4
tcg/ppc: Fully convert tcg_target_op_def
Backports commit 6cb3658a04149b2c1fb92e2ea9d2e2f6cecc0014 from qemu
2018-03-04 23:50:58 -05:00
Richard Henderson 3094e7927e
tcg/arm: Fully convert tcg_target_op_def
Backports commit 7536b82d28876d1ffe0359667b28c93d49386fa0 from qemu
2018-03-04 23:48:55 -05:00
Richard Henderson 47ed20fdd4
tcg/aarch64: Fully convert tcg_target_op_def
Backports commit 1897cc2eb8be2d8be23380b45a2d3c1a2808723f from qemu
2018-03-04 23:46:38 -05:00
Richard Henderson fe632c4df8
tcg: Fix types in tcg_regset_{set,reset}_reg
There was a potential problem here with an ILP32 host
with 64 host registers.

Backports commit 80a8b9a910e14d4a1937f70dce944891990f3441 from qemu
2018-03-04 23:44:13 -05:00
Richard Henderson fc8b4316a9
tcg: Remove tcg_regset_set32
It's not even clear what the interface REG and VAL32 were supposed to mean.
All uses had REG = 0 and VAL32 was the bitset assigned to the destination.

Backports commit f46934df662182097dce07d57ec00f37e4d2abf1 from qemu
2018-03-04 23:42:59 -05:00
Richard Henderson 9a9c2ede4a
tcg: Remove tcg_regset_{or,and,andnot,not}
Backports commit 07ddf036fa66bca279590c09fe1c46bcdcc5bcff from qemu
2018-03-04 23:34:16 -05:00
Richard Henderson 7ba6f6f5e6
tcg: Remove tcg_regset_set
Backports commit d21369f5fb41299d5e7b032ec6da12da7f95f72f from qemu
2018-03-04 23:31:35 -05:00
Richard Henderson 49d09d6888
tcg: Remove tcg_regset_clear
Backports commit ccb1bb66ea2a42e773bfa04178d8b383ff86d4d8 from qemu
2018-03-04 23:24:45 -05:00
Richard Henderson 7b68a8f0ca
tcg: Add tcg_op_supported
Backports commit be0f34b5840312bbe9627c2b9f68a25f32903dae from qemu
2018-03-04 23:20:28 -05:00
Richard Henderson c5e952978c
target/arm: Avoid an extra temporary for store_exclusive
Instead of copying addr to a local temp, reuse the value (which we
have just compared as equal) already saved in cpu_exclusive_addr.

Backports commit 37e29a64254bf82a1901784fcca17c25f8164c2f from qemu
2018-03-04 23:17:50 -05:00
Jaroslaw Pelczar 7fded6c15c
AArch64: Fix single stepping of ERET instruction
Previously when single stepping through ERET instruction via GDB
would result in debugger entering the "next" PC after ERET instruction.
When debugging in kernel mode, this will also cause unintended behavior,
because debugger will try to access memory from EL0 point of view.

Backports commit dddbba9943ef6a81c8702e4a50cb0a8b1a4201fe from qemu
2018-03-04 23:15:30 -05:00
Peter Maydell 6a951f17ed
target/arm: Rename 'type' to 'excret' in do_v7m_exception_exit()
In the v7M and v8M ARM ARM, the magic exception return values are
referred to as EXC_RETURN values, and in QEMU we use V7M_EXCRET_*
constants to define bits within them. Rename the 'type' variable
which holds the exception return value in do_v7m_exception_exit()
to excret, making it clearer that it does hold an EXC_RETURN value.

Backports commit 351e527a613147aa2a2e6910f92923deef27ee48 from qemu
2018-03-04 23:14:22 -05:00
Peter Maydell 1301cb1771
target/arm: Add and use defines for EXCRET constants
The exception-return magic values get some new bits in v8M, which
makes some bit definitions for them worthwhile.

We don't use the bit definitions for the switch on the low bits
which checks the return type for v7M, because this is defined
in the v7M ARM ARM as a set of valid values rather than via
per-bit checks.

Backports commit 4d1e7a4745c050f7ccac49a1c01437526b5130b5 from qemu
2018-03-04 23:12:37 -05:00
Peter Maydell aa71933721
target/arm: Remove unnecessary '| 0xf0000000' from do_v7m_exception_exit()
In do_v7m_exception_exit(), there's no need to force the high 4
bits of 'type' to 1 when calling v7m_exception_taken(), because
we know that they're always 1 or we could not have got to this
"handle return to magic exception return address" code. Remove
the unnecessary ORs.

Backports commit 7115cdf5782922611bcc44c89eec5990db7f6466 from qemu
2018-03-04 23:11:13 -05:00
Peter Maydell 2718aa8233
target/arm: Get PRECISERR and IBUSERR the right way round
For a bus fault, the M profile BFSR bit PRECISERR means a bus
fault on a data access, and IBUSERR means a bus fault on an
instruction access. We had these the wrong way around; fix this.

Backports commit c6158878650c01b2c753b2ea7d0967c8fe5ca59e from qemu
2018-03-04 23:10:33 -05:00
Peter Maydell ceccd92940
target/arm: Clear exclusive monitor on v7M reset, exception entry/exit
For M profile we must clear the exclusive monitor on reset, exception
entry and exception exit. We weren't doing any of these things; fix
this bug.

Backports commit dc3c4c14f0f12854dbd967be3486f4db4e66d25b from qemu
2018-03-04 23:09:41 -05:00
Peter Maydell 2a9b62c12b
target/arm: Clear exclusive monitor on v7M reset, exception entry/exit
For M profile we must clear the exclusive monitor on reset, exception
entry and exception exit. We weren't doing any of these things; fix
this bug.

Backports commit dc3c4c14f0f12854dbd967be3486f4db4e66d25b from qemu
2018-03-04 23:08:31 -05:00
Peter Maydell 09ca9356a3
target/arm: Use M_REG_NUM_BANKS rather than hardcoding 2
Use a symbolic constant M_REG_NUM_BANKS for the array size for
registers which are banked by M profile security state, rather
than hardcoding lots of 2s.

Backports commit 4a16724f06ead684a5962477a557c26c677c2729 from qemu
2018-03-04 23:07:30 -05:00
Dr. David Alan Gilbert 9730b2ccf6
sparc: Fix typedef clash
Older compilers (rhel6) don't like redefinition of typedefs

Fixes: 12a6c15ef31c98ecefa63e91ac36955383038384

Backports commit 9d81b2d2000f41be55a0624a26873f993fb6e928 from qemu
2018-03-04 23:05:50 -05:00
Kamil Rytarowski b10922fb33
target/m68k: Switch fpu_rom from make_floatx80() to make_floatx80_init()
GCC 4.7.2 on SunOS reports that the values assigned to array members are not
real constants:

target/m68k/fpu_helper.c:32:5: error: initializer element is not constant
target/m68k/fpu_helper.c:32:5: error: (near initialization for 'fpu_rom[0]')
rules.mak:66: recipe for target 'target/m68k/fpu_helper.o' failed

Convert the array to make_floatx80_init() to fix it.
Replace floatx80_pi-like constants with make_floatx80_init() as they are
defined as make_floatx80().

This fixes build on SmartOS (Joyent).

Backports commit 6fa9ba09dbf4eb8b52bcb47d6820957f1b77ee0b from qemu
2018-03-04 23:05:01 -05:00
Lioncash 3c5f8b2800
tcg/ppc: Update to commit 53c89efd02cef626040165cc8f06b5cf2c15355d 2018-03-04 23:00:03 -05:00
Lioncash c786137691
tcg/arm: Update to commit afe74dbd6a58031741b68e99843c1f1d390996b2 2018-03-04 22:58:36 -05:00
Richard Henderson 504bdad70d
tcg/arm: Tighten tlb indexing offset test
We are not going to use ldrd for loading the comparator
for 32-bit guests, so don't limit cmp_off to 8 bits then.
This eliminates one insn in the tlb load for some guests.

Backports commit 95ede84f4de18747d03d79c148013cff99acd60b from qemu
2018-03-04 22:57:04 -05:00
Richard Henderson e4d05c2567
tcg/arm: Improve tlb load for armv7
Use UBFX to avoid limitation on CPU_TLB_BITS. Since we're dropping
the initial shift, we need to replace the page masking. We can use
MOVW+BIC to do this without shifting. The result is the same size
as the armv6 path with one less conditional instruction.

Backports commit 647ab96aaf5defeb138e48d610f7f633c587b40d from qemu
2018-03-04 22:56:27 -05:00
Richard Henderson b3fd6a8c8c
tcg/sparc: Use constant pool for movi
Backports commit e9823b4c3347370414b63010ec4a2a4754e4abb5 from qemu
2018-03-04 22:53:59 -05:00
Richard Henderson b786e2d27e
tcg/sparc: Introduce TCG_REG_TB
Backports commit ab20bdc11624837bd0c8aea83c603b66f0406e8b from qemu
2018-03-04 22:51:38 -05:00
Richard Henderson 0c3781e7eb
tcg/aarch64: Use constant pool for movi
Backports commit 55129955e92ec164ee2d778f20070dc214109bc6 from qemu
2018-03-04 22:46:50 -05:00
Richard Henderson 5150970625
tcg/s390: Use constant pool for cmpi
Also use CHI/CGHI for 16-bit signed constants.

Backports commit a534bb15f30ff7e420434b3e5746bcad595c5429 from qemu
2018-03-04 22:44:26 -05:00
Richard Henderson c08620b984
tcg/s390: Use constant pool for xori
Backports commit 5bf67a9217a31512f35b036924e1db1baf2f9ebf from qemu
2018-03-04 22:39:14 -05:00
Lioncash 35d3118469
tcg/s390: Use constant pool for ori 2018-03-04 22:35:27 -05:00
Richard Henderson bdadfa7520
tcg/s390: Use constant pool for andi
Backports commit bdcd5d1926a7ae42c060efdcaa15074930a92ebb from qemu
2018-03-04 22:33:08 -05:00
Richard Henderson bc23bab79d
tcg/s390: Use constant pool for movi
Split out maybe_out_small_movi for use with other operations
that want to add to the constant pool.

Backports commit 28eef8aaece5e83df4568d9842ab9611ec130b2c from qemu
2018-03-04 22:32:04 -05:00
Richard Henderson ba1563eb2f
tcg/s390: Fix sign of patch_reloc addend
We were passing in -2 instead of +2, but then ignoring
the actual contents of addend in the calculation.

Backports commit e692a3492d04500355bcf23575eed7cf137b38d5 from qemu
2018-03-04 22:28:24 -05:00
Richard Henderson 2fff7d54cb
tcg/s390: Introduce TCG_REG_TB
Backports commit 829e1376d94009a7ccacc0535bffcc679f7bb507 from qemu
2018-03-04 22:26:52 -05:00
Richard Henderson b96f53e8a3
tcg/i386: Store out-of-range call targets in constant pool
Already it saves 2 bytes per call, but also the constant pool
entry may well be shared across multiple calls.

Backports commit 4e45f23943c0bb91588627de3801826546155ad8 from qemu
2018-03-04 22:22:49 -05:00
Richard Henderson e9d8cef430
tcg: Infrastructure for managing constant pools
A new shared header tcg-pool.inc.c adds new_pool_label,
for registering a tcg_target_ulong to be emitted after
the generated code, plus relocation data to install a
pointer to the data.

A new pointer is added to the TCGContext, so that we
dump the constant pool as data, not code.

Backports commit 57a269469dbf70013dab3a176e1735636010a772 from qemu
2018-03-04 22:17:33 -05:00
Richard Henderson f96514a99c
tcg: Rearrange ldst label tracking
Dispense with TCGBackendData, as it has never been used for more than
holding a single pointer. Use a define in the cpu/tcg-target.h to
signal requirement for TCGLabelQemuLdst, so that we can drop the no-op
tcg-be-null.h stubs. Rename tcg-be-ldst.h to tcg-ldst.inc.c.

Backports commit 659ef5cbb893872d25e9d95191cc23b16546c8a1 from qemu
2018-03-04 22:13:13 -05:00
Richard Henderson 3c8cdb237a
tcg: Use tcg_malloc to allocate TCGLabelQemuLdst
Pre-allocating 640 of them per TB is a waste.

Backports commit 686461c96254f34bcce67a949c72867ab6ec3fcf from qemu
2018-03-04 22:00:24 -05:00
Richard Henderson 31b8b67cd3
tcg: Move USE_DIRECT_JUMP discriminator to tcg/cpu/tcg-target.h
Replace the USE_DIRECT_JUMP ifdef with a TCG_TARGET_HAS_direct_jump
boolean test. Replace the tb_set_jmp_target1 ifdef with an unconditional
function tb_target_set_jmp_target.

While we're touching all backends, add a parameter for tb->tc_ptr;
we're going to need it shortly for some backends.

Move tb_set_jmp_target and tb_add_jump from exec-all.h to cpu-exec.c.

Backports commit a85833933628384d74ec412024d55cf012640287 from qemu
2018-03-04 21:52:35 -05:00
Peter Maydell 433bdcff34
configure: Drop AIX host support
Nobody has mentioned AIX host support on the mailing list for years,
and we have no test systems for it so it is most likely broken.
We've advertised in configure for two releases now that we plan
to drop support for this host OS, and have had no complaints.
Drop the AIX host support code.

We can also drop the now-unused AIX version of sys_cache_info().

Note that the _CALL_AIX define used in the PPC tcg backend is
also used for Linux PPC64, and so that code should not be removed.

Backports commit 7872375219c03682bda3f6191fa5f6a58238ed36 from qemu
2018-03-04 21:32:40 -05:00
Peter Maydell 8d02ee3b51
target/arm: Implement new do_transaction_failed hook
Implement the new do_transaction_failed hook for ARM, which should
cause the CPU to take a prefetch abort or data abort.

Backports commit c79c0a314c43b78f6326d5f137bdbafdbf8e9766 from qemu
2018-03-04 21:29:05 -05:00
Peter Maydell 2070ef1c37
boards.h: Define new flag ignore_memory_transaction_failures
Define a new MachineClass field ignore_memory_transaction_failures.
If this is flag is true then the CPU will ignore memory transaction
failures which should cause the CPU to take an exception due to an
access to an unassigned physical address; the transaction will
instead return zero (for a read) or be ignored (for a write). This
should be set only by legacy board models which rely on the old
RAZ/WI behaviour for handling devices that QEMU does not yet model.
New board models should instead use "unimplemented-device" for all
memory ranges where the guest will attempt to probe for a device that
QEMU doesn't implement and a stub device is required.

We need this for ARM boards, where we're about to implement support for
generating external aborts on memory transaction failures. Too many
of our legacy board models rely on the RAZ/WI behaviour and we
would break currently working guests when their "probe for device"
code provoked an external abort rather than a RAZ.

Backports commit ed860129acd3fcd0b1e47884e810212aaca4d21b from qemu
2018-03-04 21:27:15 -05:00
Peter Maydell 4b816fe0aa
target/arm: Implement BXNS, and banked stack pointers
Implement the BXNS v8M instruction, which is like BX but will do a
jump-and-switch-to-NonSecure if the branch target address has bit 0
clear.

This is the first piece of code which implements "switch to the
other security state", so the commit also includes the code to
switch the stack pointers around, which is the only complicated
part of switching security state.

BLXNS is more complicated than just "BXNS but set the link register",
so we leave it for a separate commit.

Backports commit fb602cb726b3ebdd01ef3b1732d74baf9fee7ec9 from qemu
2018-03-04 21:21:23 -05:00
Peter Maydell 221232fb35
target/arm: Move regime_is_secure() to target/arm/internals.h
Move the regime_is_secure() utility function to internals.h;
we are going to want to call it from translate.c.

Backports commit 61fcd69b0db268e7612b07fadc436b93def91768 from qemu
2018-03-04 21:14:05 -05:00
Peter Maydell 07b9144ef2
target/arm: Make CFSR register banked for v8M
Make the CFSR register banked if v8M security extensions are enabled.

Not all the bits in this register are banked: the BFSR
bits [15:8] are shared between S and NS, and we store them
in the NS copy of the register.

Backports commit 334e8dad7a109d15cb20b090131374ae98682a50 from qemu
2018-03-04 21:12:55 -05:00
Peter Maydell 74c66cc2a9
target/arm: Make MMFAR banked for v8M
Make the MMFAR register banked if v8M security extensions are
enabled.

Backports commit c51a5cfc9fae82099028eb12cb1d064ee07f348e from qemu
2018-03-04 21:10:47 -05:00
Peter Maydell 4b24f6d87b
target/arm: Make CCR register banked for v8M
Make the CCR register banked if v8M security extensions are enabled.

This is slightly more complicated than the other "add banking"
patches because there is one bit in the register which is not
banked. We keep the live data in the NS copy of the register,
and adjust it on register reads and writes. (Since we don't
currently implement the behaviour that the bit controls, there
is nowhere else that needs to care.)

This patch includes the enforcement of the bits which are newly
RES1 in ARMv8M.

Backports commit 9d40cd8a68cfc7606f4548cc9e812bab15c6dc28 from qemu
2018-03-04 21:09:34 -05:00
Peter Maydell f88f4b5e31
target/arm: Make MPU_CTRL register banked for v8M
Make the MPU_CTRL register banked if v8M security extensions are
enabled.

Backports commit ecf5e8eae8b0b5fa41f00b53d67747b42fd1b8b9 from qemu
2018-03-04 21:08:16 -05:00
Peter Maydell 683830d5ac
target/arm: Make MPU_RNR register banked for v8M
Make the MPU_RNR register banked if v8M security extensions are
enabled.

Backports commit 1bc04a8880374407c4b12d82ceb8752e12ff5336 from qemu
2018-03-04 21:06:01 -05:00
Peter Maydell 5e14b33c65
target/arm: Make MPU_RBAR, MPU_RLAR banked for v8M
Make the MPU registers MPU_MAIR0 and MPU_MAIR1 banked if v8M security
extensions are enabled.

We can freely add more items to vmstate_m_security without
breaking migration compatibility, because no CPU currently
has the ARM_FEATURE_M_SECURITY bit enabled and so this
subsection is not yet used by anything.

Backports commit 62c58ee0b24eafb44c06402fe059fbd7972eb409 from qemu
2018-03-04 21:04:41 -05:00
Peter Maydell 5b6e1e2150
target/arm: Make MPU_MAIR0, MPU_MAIR1 registers banked for v8M
Make the MPU registers MPU_MAIR0 and MPU_MAIR1 banked if v8M security
extensions are enabled.

Backports commit 4125e6feb71c810ca38f0d8e66e748b472a9cc54 from qemu
2018-03-04 21:02:51 -05:00
Peter Maydell 3e35eee327
target/arm: Make VTOR register banked for v8M
Make the VTOR register banked if v8M security extensions are enabled.

Backports commit 45db7ba681ede57113a67499840e69ee586bcdf2 from qemu
2018-03-04 21:01:51 -05:00
Peter Maydell 59c6845ada
target/arm: Make CONTROL register banked for v8M
Make the CONTROL register banked if v8M security extensions are enabled.

Backports commit 8bfc26ea302ec03585d7258a7cf8938f76512730 from qemu
2018-03-04 21:00:58 -05:00
Peter Maydell 14cb6925f3
target/arm: Make FAULTMASK register banked for v8M
Make the FAULTMASK register banked if v8M security extensions are enabled.

Note that we do not yet implement the functionality of the new
AIRCR.PRIS bit (which allows the effect of the NS copy of FAULTMASK to
be restricted).

This patch includes the code to determine for v8M which copy
of FAULTMASK should be updated on exception exit; further
changes will be required to the exception exit code in general
to support v8M, so this is just a small piece of that.

The v8M ARM ARM introduces a notation where individual paragraphs
are labelled with R (for rule) or I (for information) followed
by a random group of subscript letters. In comments where we want
to refer to a particular part of the manual we use this convention,
which should be more stable across document revisions than using
section or page numbers.

Backports commit 42a6686b2f6199d086a58edd7731faeb2dbe7c14 from qemu
2018-03-04 20:58:38 -05:00
Peter Maydell ff3f7811ce
target/arm: Make PRIMASK register banked for v8M
Make the PRIMASK register banked if v8M security extensions are enabled.

Note that we do not yet implement the functionality of the new
AIRCR.PRIS bit (which allows the effect of the NS copy of PRIMASK to
be restricted).

Backports commit 6d8048341995b31a77dc2e0dcaaf4e3df0e3121a from qemu
2018-03-04 20:55:49 -05:00
Peter Maydell c9a7aad4dc
target/arm: Make BASEPRI register banked for v8M
Make the BASEPRI register banked if v8M security extensions are enabled.

Note that we do not yet implement the functionality of the new
AIRCR.PRIS bit (which allows the effect of the NS copy of BASEPRI to
be restricted).

Backports commit acf949411ffb675edbfb707e235800b02e6a36f8 from qemu
2018-03-04 20:54:44 -05:00
Peter Maydell f4d155ad3a
target/arm: Add MMU indexes for secure v8M
Now that MPU lookups can return different results for v8M
when the CPU is in secure vs non-secure state, we need to
have separate MMU indexes; add the secure counterparts
to the existing three M profile MMU indexes.

Backports commit 66787c7868d05d29974e09201611b718c976f955 from qemu
2018-03-04 20:53:04 -05:00
Peter Maydell 13bad2c234
target/arm: Register second AddressSpace for secure v8M CPUs
If a v8M CPU supports the security extension then we need to
give it two AddressSpaces, the same way we do already for
an A profile core with EL3.

Backports commit 1d2091bc75ab7f9e2c43082f361a528a63c79527 from qemu
2018-03-04 20:51:00 -05:00
Peter Maydell 8ce42ad30c
target/arm: Add state field, feature bit and migration for v8M secure state
As the first step in implementing ARM v8M's security extension:
* add a new feature bit ARM_FEATURE_M_SECURITY
* add the CPU state field that indicates whether the CPU is
currently in the secure state
* add a migration subsection for this new state
(we will add the Secure copies of banked register state
to this subsection in later patches)
* add a #define for the one new-in-v8M exception type
* make the CPU debug log print S/NS status

Backports commit 1e577cc7cffd3de14dbd321de5c3ef191c6ab07f from qemu
2018-03-04 20:50:04 -05:00
Peter Maydell 829a34ec55
target/arm: Implement new PMSAv8 behaviour
Implement the behavioural side of the new PMSAv8 specification.

Backports commit 504e3cc36b68b34c176f3f4116b1d5677471ec20 from qemu
2018-03-04 20:47:54 -05:00
Peter Maydell 1acd9efdc2
target/arm: Implement ARMv8M's PMSAv8 registers
As part of ARMv8M, we need to add support for the PMSAv8 MPU
architecture.

PMSAv8 differs from PMSAv7 both in register/data layout (for instance
using base and limit registers rather than base and size) and also in
behaviour (for example it does not have subregions); rather than
trying to wedge it into the existing PMSAv7 code and data structures,
we define separate ones.

This commit adds the data structures which hold the state for a
PMSAv8 MPU and the register interface to it. The implementation of
the MPU behaviour will be added in a subsequent commit.

Backports commit 0e1a46bbd2d6c39614b87f4e88ea305acce8a35f from qemu
2018-03-04 20:45:49 -05:00
Richard Henderson 6d2bcf6ed8
target/arm: Perform per-insn cross-page check only for Thumb
ARM is a fixed-length ISA and we can compute the page crossing
condition exactly once during init_disas_context.

Backports commit d0264d86b026e9d948de577b05ff86d708658576 from qemu
2018-03-04 20:42:22 -05:00
Richard Henderson ab21785d3f
target/arm: Split out thumb_tr_translate_insn
We need not check for ARM vs Thumb state in order to dispatch
disassembly of every instruction.

Backports commit 722ef0a562a8cd810297b00516e36380e2f33353 from qemu
2018-03-04 20:41:07 -05:00
Richard Henderson 23d769c856
target/arm: Move ss check to init_disas_context
We can check for single-step just once.

Backports commit f7708456aac23a8bb8864b12bcf1f20c6e4b7045 from qemu
2018-03-04 20:34:33 -05:00
Richard Henderson dd36ec2bbf
target/arm: [a64] Move page and ss checks to init_disas_context
Since AArch64 uses a fixed-width ISA, we can pre-compute the number of
insns remaining on the page. Also, we can check for single-step once.

Backports commit dcc3a21209a8eeae0fe43966012f8e08d3566f98 from qemu
2018-03-04 20:32:45 -05:00
Lioncash 6586c88706
target/i386: Remove unnecessary unicorn hooking code in i386_tr_init_disas_context
This is all centralized in translator_loop now
2018-03-04 20:31:07 -05:00
Lluís Vilanova 74d437827b
target/arm: [tcg] Port to generic translation framework
Backports commit 2316922420da6fd0d1ffb5557d0cdcc5958bcf44 from qemu
2018-03-04 20:28:06 -05:00
Lluís Vilanova cc00feb2df
target/arm: [tcg,a64] Port to disas_log
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 58350fa4b2852fede96cfebad0b26bf79bca419c from qemu
2018-03-04 20:09:39 -05:00
Lluís Vilanova 5d3ff533a1
target/arm: [tcg] Port to disas_log
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 4013f7fc811e90b89da3a516dc71b01ca0e7e54e from qemu
2018-03-04 20:05:16 -05:00
Lluís Vilanova 7a02cb360c
target/arm: [tcg,a64] Port to tb_stop
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit be4079641f1bc755fc5d3ff194cf505c506227d8 from qemu
2018-03-04 20:02:45 -05:00
Lluís Vilanova d8def0cdb5
target/arm: [tcg] Port to tb_stop
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 70d3c035ae36a2c5c0f991ba958526127c92bb67 from qemu
2018-03-04 20:02:32 -05:00
Lluís Vilanova 665192d96f
target/arm: [tcg,a64] Port to translate_insn
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 24299c892cbfe29120f051b6b7d0bcf3e0cc8e85 from qemu
2018-03-04 19:47:54 -05:00
Lluís Vilanova 0c4909738d
target/arm: [tcg] Port to translate_insn
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 13189a9080b35b13af23f2be4806fa0cdbb31af3 from qemu
2018-03-04 19:44:01 -05:00
Lluís Vilanova 7b89c4c813
target/arm: [tcg,a64] Port to breakpoint_check
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 0cb56b373da70047979b61b042f59aaff4012e1b from qemu
2018-03-04 19:34:06 -05:00
Lluís Vilanova 67e0d99080
target/arm: [tcg,a64] Port to insn_start
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit a68956ad7f8510bdc0b54793c65c62c6a94570a4 from qemu
2018-03-04 19:31:22 -05:00
Lluís Vilanova b9df4e0ca0
target/arm: [tcg] Port to insn_start
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit f62bd897e64c6fb1f93e8795e835980516fe53b5 from qemu
2018-03-04 19:25:29 -05:00
Lluís Vilanova b3878f117e
target/arm: [tcg] Port to tb_start
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit b14768544fd715a3f1742c10fc36ae81c703cbc1 from qemu
2018-03-04 19:22:20 -05:00
Lluís Vilanova 529c6c17f1
target/arm: [tcg,a64] Port to init_disas_context
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 5c03990665aa9095e4d2734c8ca0f936a8e8f000 from qemu
2018-03-04 19:17:09 -05:00
Lluís Vilanova 5e5c722359
target/arm: [tcg] Port to init_disas_context
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 1d8a5535238fc5976e0542a413f4ad88f5d4b233 from qemu
2018-03-04 19:10:55 -05:00
Lluís Vilanova 8581e6f6fe
target/arm: [tcg] Port to DisasContextBase
Incrementally paves the way towards using the generic
instruction translation loop.

Backports commit dcba3a8d443842f7a30a2c52d50a6b50b6982b35 from qemu
2018-03-04 19:00:06 -05:00
Lluís Vilanova c40f5eb73e
target/i386: [tcg] Port to generic translation framework
Backports commit d2e6eedf5078d0f2ac17fc1a0d24f6be79c071d7 from qemu
2018-03-04 17:42:42 -05:00
Lluís Vilanova 579a23cfa0
target/i386: [tcg] Port to disas_log
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit e0d110d943891b719de7ca075fc17fa8ea5749b8 from qemu
2018-03-04 17:31:25 -05:00
Lluís Vilanova 75ddf81d2c
target/i386: [tcg] Port to tb_stop
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 47e981b42553f00110024c33897354f9014e83e9 from qemu
2018-03-04 17:27:45 -05:00
Lluís Vilanova bea36e432c
target/i386: [tcg] Port to translate_insn
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 2c2f8cacd8cf4f67d6f1384b19d38f9a0a25878b from qemu
2018-03-04 17:24:32 -05:00
Lluís Vilanova 5f020bdf07
target/i386: [tcg] Port to breakpoint_check
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit e6b41ec37f0a9742374dfdb90e662745969cd7ea from qemu
2018-03-04 17:19:43 -05:00
Lluís Vilanova e3ea2c0393
target/i386: [tcg] Port to breakpoint_check
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit e6b41ec37f0a9742374dfdb90e662745969cd7ea from qemu
2018-03-04 17:16:55 -05:00
Lluís Vilanova 1f0f1fb302
target/i386: [tcg] Port to insn_start
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 9d75f52b34053066b8e8fc37610d5f300d67538b from qemu
2018-03-04 17:15:37 -05:00
Lluís Vilanova 8896a2887e
target/i386: [tcg] Port to init_disas_context
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 9761d39b09c4beb1340bf3074be3d3e0a5d453a4 from qemu
2018-03-04 17:14:16 -05:00
Lluís Vilanova 4babc3ff64
target/i386: [tcg] Port to DisasContextBase
Incrementally paves the way towards using the generic instruction translation
loop.

Backports commit 6cf147aa299e49f7794858609a1e8ef19f81c007 from qemu
2018-03-04 14:48:29 -05:00