Commit bc2429b9 introduced
a severe bug (stack corruption).

bitmap_clear was called with a wrong argument
which caused out-of-bound writes to the local variable width_mask.

This bug was detected with QEMU running on windows.
It also occurs with wine:

*** stack smashing detected ***:  terminated
wine: Unhandled illegal instruction at address 0x6115c7 (thread 0009), starting debugger...

The bug is not windows specific!

Instead of fixing the wrong parameter value, bitmap_clear(), bitmap_set
and width_mask were removed, and bitmap_intersect() was replaced by
!bitmap_empty(). The new operation is much shorter and equivalent to
the old operations.

The declarations of the dirty bitmaps in vnc.h were also wrong for 64 bit
hosts because of a rounding effect: for these hosts, VNC_MAX_WIDTH is no
longer a multiple of (16 * BITS_PER_LONG), so the rounded value of
VNC_DIRTY_WORDS was too small.

Fix both declarations by using the macro which is designed for this
purpose.

Cc: Corentin Chary <corentincj@iksaif.net>
Cc: Wen Congyang <wency@cn.fujitsu.com>
Cc: Gerhard Wiesinger <lists@wiesinger.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

client_migrate_info was merged badly, placing it between the command
and the documentation for another command. In addition it did not
respect the general rule of hmp-commands.hx, of having command
definition before the documentation.
Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

When the commit f471a17e converted the
ram_blocks structure to QLIST, it also removed the conditional check before
switching the current block at the beginning of the list.

In the common use case where ram_blocks has a few blocks with only one
frequently accessed (the main RAM), this has a performance impact as it
performs the useless list operations on each call (which are on a really
hot path).

On my machine emulation (ARM on amd64), this patch reduces the
percentage of CPU time spent in qemu_get_ram_ptr from 6.3% to 2.1% in the
profiling of a full boot.
Signed-off-by: NVincent Palatin <vpalatin@chromium.org>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@petalogix.com>

Extend mst_fpga and mainstone with logic to support PCMCIA
attachment (IRQs, status regs).
Signed-off-by: NDmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: NAndrzej Zaborowski <andrew.zaborowski@intel.com>

Signed-off-by: NDmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: NAndrzej Zaborowski <andrew.zaborowski@intel.com>

This is based on Dmitry Eremin-Solenikov's patch but simplified.

First, sysbus_init_irq shan't be called on on-stack variables. Indeed,
it only stores a passed pointer in qdev and the stored irq is later
populated, so we get a nice write-to-stack bug.
Second, irq for pxa27x should probably be handled in a more gentler way,
as we should check if we have events to raise this irq.
Signed-off-by: NDmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: NAndrzej Zaborowski <andrew.zaborowski@intel.com>

Add me as the lm32-target and machines maintainer.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch creates tests/lm32 directory and adds tests for every
LatticeMico32 opcode.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds general target documentation and a todo list.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds support for the following two BSPs:
 - LM32 EVR32 BSP (as used by RTEMS)
 - uclinux BSP by Theobroma Systems
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds helper functions to create a ROM, which contains a hardware
description of a board. This is used in Theobromas LM32 Linux port.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch add support for a system control block. It is supposed to
act as helper for the emulated program. E.g. shutting down the VM or
printing test results. This model is intended for testing purposes only and
doesn't fit to any real hardware. Therefore, it is not added to any board
by default. Instead a user has to add it explicitly with the '-device'
commandline parameter.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch add support for the LatticeMico32 UART.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds support for the LatticeMico32 system timer.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds init functions for the PIC and JTAG UART commonly used
in the board initialization.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds the JTAG UART model. It is accessed through special control
registers and opcodes. Therefore the translation uses callbacks to this
model.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds the interrupt controller of the lm32. Because the PIC is
accessed through special control registers and opcodes, there are callbacks
from the lm32 translation code to this model.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds lm32 support to the gdbstub.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds support for saving and loading the processor state.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds translation helper functions.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds the main translation routine. All opcodes of the
LatticeMico32 processor are supported and translated to TCG ops.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch adds support for the LatticeMico32 softcore processor by Lattice
Semiconductor.
Signed-off-by: NMichael Walle <michael@walle.cc>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Newer ARM kernels try to probe for whether the CPU has hardware breakpoint
support. For this to work QEMU has to implement a minimal set of the cp14
debug registers. The architecture requires v7 cores to implement debug
and so there is no defined way to report its absence; however in practice
returning a zero DBGDIDR (ie with a reserved value for "debug architecture
version") should cause well-written hw debug users to do the right thing.
We also implement DBGDRAR and DBGDSAR as RAZ, indicating no memory mapped
debug components.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Use the new TCG temporary leak debugging facilities to
check that each ARM instruction does not leak temporaries.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

This commit removes the ad-hoc resource leak checking code from
target-arm. This includes replacing all uses of new_tmp() with
tcg_temp_new_i32() and all uses of dead_tmp() with
tcg_temp_free_i32().
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Add support (if CONFIG_DEBUG_TCG is defined) for debugging leakage
of temporary variables. Generally any temporaries created by
a target while it is translating an instruction should be freed
by the end of that instruction; otherwise carefully crafted
guest code could cause TCG to run out of temporaries and assert.
By calling tcg_check_temp_count() after each instruction we can
check that we are not leaking temporaries in this way.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Integrate secondary CPU reset into arm_boot, removing it from realview.c.
On non-Linux systems secondary CPUs start with the same entry as the boot
CPU.
Signed-off-by: NAdam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Implement VA->PA translations by cp15-c7 that went through unchanged
previously.
Signed-off-by: NAdam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Fix selection of target list filter mode.
Signed-off-by: NAdam Lackorzynski <adam@os.inf.tu-dresden.de>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The code for Thumb2 ORNS (or negated and set flags) was trashing
a TCG input register which was needed later for use in calculating
flags, with the effect that the carry flag was always set with
the wrong sense. Fix this by using the TCG orc op instead of
separate not and or ops.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When failing due to conflicting I/O port registrations,
include the offending I/O port address in the message.

Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAndreas Färber <andreas.faerber@web.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Optional feature allowing a user to generate the probe list to match
the name of the binary, in case they wish to install qemu under a
different name than qemu-{system,user},<arch>
Signed-off-by: NJes Sorensen <Jes.Sorensen@redhat.com>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>
Acked-by: NStefan Hajnoczi <stefaha@linux.vnet.ibm.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Fix two bugs in the translation of the instructions VMOV sa,sb,rx,ry and
VMOV rx,ry,sa,sb (which copy between a pair of ARM core registers and a
pair of VFP single precision registers):

 * An incorrect condition meant these instruction patterns were being
   treated as load/store multiple, which resulted in the generation
   of bad code and a runtime segfault
 * The order of the core register pair was reversed so the values would
   go to the wrong registers
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

MinGW optionally includes pdcurses, so add support for it.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

In v7 of the ARM architecture, WFI (wait for interrupt) is a first-class
instruction, but in previous versions this functionality was provided
via a cp15 coprocessor register. Add correct feature checks to the
decoding of the cp15 WFI instructions so that they behave correctly
for newer cores. In particular, the old 0,c7,c8,2 encoding used on
ARM940 has been reused for VA-to-PA translation in v6 and v7.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAdam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NJason Wang <jasowang@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>