This patch fixes exception handling for seg_helper functions.
Signed-off-by: NPavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

These include page table walks, SVM accesses and SMM state save accesses.

The bulk of the patch is obtained with

   sed -i 's/\(\<[a-z_]*_phys\(_notdirty\)\?\>(cs\)->as,/x86_\1,/'
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

According to my reading of the Intel documentation, the SYSRET instruction
is supposed to force the RPL bits of the %ss register to 3 when returning
to user mode. The actual sequence is:

SS.Selector <-- (IA32_STAR[63:48]+8) OR 3; (* RPL forced to 3 *)

However, the code in helper_sysret() leaves them at 0 (in other words, the "OR
3" part of the above sequence is missing). It does set the privilege level
bits of %cs correctly though.

This has caused me trouble with some of my VxWorks development: code that runs
okay on real hardware will crash on QEMU, unless I apply the patch below.
Signed-off-by: NBill Paul <wpaul@windriver.com>
Message-Id: <201503091548.01462.wpaul@windriver.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Use inline functions rather than macros for cpu_ld/st accessors
for the *-user configurations, as we already do for softmmu.
This has a two advantages:
 * we can actually typecheck our arguments
 * we don't need to leak the _raw macros everywhere

Since the _kernel functions were only used by target-i386/seg_helper.c,
put the definitions for them in that file too. (It already has the
similar template include code to define them for the softmmu case,
so it makes sense to have it deal with defining them for user-only.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-12-git-send-email-peter.maydell@linaro.org

ist != 0 is checked in the first "if", so it cannot be true in
the "else if" part.  While at it, simplify the code and move
the ESP alignment out of the conditionals.

Reported by Coverity.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NRichard Henderson <rth@twiddle.net>
Message-id: 1410626734-3804-23-git-send-email-rth@twiddle.net
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Currently syscall instruction is buggy on user mode X86_64,
the EIP is updated after do_syscall(), that is too late for
clone(). Because clone() will create a thread at the env->EIP
(the address of syscall insn), and then child thread enters
do_syscall() again, that is not expected. Sometimes it is tragic.

User mode syscall insn emulation is not used MSR, so the
action should be same to INT 0x80. INT 0x80 will update EIP in
do_interrupt(), ditto for syscall() for consistency.
Signed-off-by: NJincheng Miao <jmiao@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

With SMAP, implicit kernel accesses from user mode always behave as
if AC=0.  To do this, kernel mode is not anymore a separate MMU mode.
Instead, KERNEL_IDX is renamed to KSMAP_IDX and the kernel mode accessors
wrap KSMAP_IDX and KNOSMAP_IDX.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Prepare for adding _kernel accessors there in the next patch.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This will collect all load and store helpers soon.  For now
it is just a replacement for softmmu_exec.h, which this patch
stops including directly, but we also include it where this will
be necessary in order to simplify the next patch.
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Rather than include helper.h with N values of GEN_HELPER, include a
secondary file that sets up the macros to include helper.h.  This
minimizes the files that must be rebuilt when changing the macros
for file N.
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

There is no reason to keep that out of the function.  The comment refers
to the disassembler's cc_op state rather than the CPUState field.
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

During task switch, all of CS.DPL, CS.RPL, SS.DPL must match (in addition
to all the other requirements) and will be the new CPL.  So far this worked
by carefully setting the CS selector and flags before doing the task
switch; but this will not work once we get the CPL from SS.DPL.

Temporarily assume that the CPL comes from CS.RPL during task switch
to a protected-mode task, until the descriptor of SS is loaded.
Tested-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

With the next patch, these need to be correct or VM86 tasks
have the wrong CPL.  The flags are basically what the Intel VMX
documentation say is mandatory for entry into a VM86 guest.

For consistency, SMM ought to have the same flags except with
CPL=0.
Tested-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Commit fd460606 moved setting of eflags above calls to
cpu_x86_load_seg_cache() in seg_helper.c.  Unfortunately, in
do_interrupt_protected() this moved the clearing of VM_MASK above a
test for it.

Fix this regression by storing the value of VM_MASK at the start of
do_interrupt_protected().
Signed-off-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Instead of manually calling cpu_x86_set_cpl() when the CPL changes,
check for CPL changes on calls to cpu_x86_load_seg_cache(R_CS).  Every
location that called cpu_x86_set_cpl() also called
cpu_x86_load_seg_cache(R_CS), so cpu_x86_set_cpl() is no longer
required.

This fixes the SMM handler code as it was not setting/restoring the
CPL level manually.
Signed-off-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The cpu_x86_load_seg_cache() function inspects eflags, so make sure
all changes to eflags are done prior to loading the segment caches.
Signed-off-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Commits fdfba1a2,
f606604f and
2c17449b added usages of ENV_GET_CPU()
macro in target-specific code.

Use x86_env_get_cpu() or reuse existing X86CPU variable instead.

Cc: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com>

Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com>

Since log_cpu_state_mask() argument was changed to CPUState,
CPUArchState is no longer needed.

Choose CPUState rather than X86CPU to not hide type mismatches with CPU().
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Since commit 878096ee (cpu: Turn
cpu_dump_{state,statistics}() into CPUState hooks) CPUArchState is no
longer needed.

Add documentation and make the functions available through qemu/log.h
outside NEED_CPU_H to allow use in qom/cpu.c. Moving them to qom/cpu.h
was not yet possible due to convoluted include paths, so that some
devices grow an implicit and unneeded dependency on qom/cpu.h for now.

Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Reviewed-by: NRichard Henderson <rth@twiddle.net>
[AF: Simplified mb_cpu_do_interrupt() and do_interrupt_all() changes]
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Prepares for log_cpu_state() changing argument to CPUState.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

This removes a global per-target function and thus takes us one step
closer to compiling multiple targets into one executable.

It will also allow to override the interrupt handling for certain CPU
families.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

hw_breakpoint_enabled() returned a bit field indicating whether a local
breakpoint and/or global breakpoint was enabled. Avoid this number magic
by using explicit boolean helper functions hw_local_breakpoint_enabled()
and hw_global_breakpoint_enabled(), to aid readability.

Reuse them for the hw_breakpoint_enabled() implementation and change
its return type to bool.

While at it, fix Coding Style issues (missing braces).
Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Implicit use of dr7 bit field is a little hard to understand,
so define constants for them and use them consistently.
Signed-off-by: Nliguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>