When the guest writes something to a host, we copied over the entire
buffer first into the host and then processed it.  Do away with that, it
could result in a malicious guest causing a DoS on the host.
Reported-by: NPaul Brook <paul@codesourcery.com>
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Instead of combining flush logic into the discard case and not discard
case, have one function doing discard case.  This will help later when
adding flow control logic to the do_flush_queued_data() function.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Remove unnecessary braces around a case statement.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

The initialisation for generic ports and console ports is similar.
Factor out the parts that are the same in a different function that can
be called from each of the initfns.
Signed-off-by: NAmit Shah <amit.shah@redhat.com>

Fix several bugs in NaN handling:
 * e in fcmpe* only changes qNaN handling
 * FCC is unchanged if an exception is raised
 * clear previous FTT before setting it
Reported-by: NMateusz Loskot <mateusz@loskot.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add support for logging the start of instructions in TCG
code debug dumps for ARM targets.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Break the TB after reading the count register. This makes it
possible to take timer interrupts immediately after a read of
a possibly expired timer.
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

When reading cp0_count from a timer with a late trigger that should
already have expired, expire it and raise the timer irq.

This makes it possible for guest code (e.g, Linux) that first read
cp0_count, then compare it with cp0_compare and check for raised
timer interrupt lines to run reliably.
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Reorganize for future patches, no functional change.
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

Acked-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

These errors were reported by cppcheck:

[bsd-user/elfload.c:1108]: (error) Common realloc mistake: "syms" nulled but not freed upon failure
[bsd-user/elfload.c:1076]: (error) Memory leak: s
[bsd-user/elfload.c:1079]: (error) Memory leak: syms

v2:
* The previous fix for memory leaks was incomplete (thanks to Peter Maydell for te hint).
* Fix wrong realloc usage, too.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Linux kernel started to use the SM501 2D engine for the console, and
especially the copyrect operation.

Implement this operation so that recent kernels can be used with QEMU.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

This fixes boot on PPC prep.
Signed-off-by: NHervé Poussineau <hpoussin@reactos.org>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

On Windows, this is required to flush the remaining data in the IO stream,
otherwise Gdb do not receive the last packet.

Version 2:
   Fix linux-user build error.
Signed-off-by: NFabien Chouteau <chouteau@adacore.com>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@petalogix.com>

The USB keyboard emulation's translation table in hw/usb-hid.c doesn't
match the codes actually sent for the Logo (a.k.a. "Windows") or Menu
keys. This results in the guest OS not being able to receive these keys
at all when the USB keyboard emulation is being used.

In particular, both the keymap in /usr/share/kvm/keymaps/modifiers and
the evdev table in x_keymap.c map these keys to 0xdb, 0xdc, and 0xdd,
while usb_hid_usage_keys[] seems to be expecting them to be mapped to
0x7d, 0x7e, and 0x7f.

The attached patch seems to fix the problem, at least in my (limited)
testing.

http://bugs.debian.org/578846
http://bugs.debian.org/600593 (cloned from the above against different pkg)
https://bugs.launchpad.net/qemu/+bug/584139Signed-Off-By: NBrad Jorsch <anomie@users.sourceforge.net>
Signed-Off-By: NMichael Tokarev <mjt@tls.msk.ru>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Using setcond it's now possible to generate a relatively short negc
instruction in TCG.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

With current OpenBSD, code_gen_buffer was mapped 8GB away from
text segment. Then any helpers were beyond the 2GB range of call
instruction genereated by TCG and so the calls would go nowhere,
leading to a segfault.

Fix by specifying an address for the code_gen_buffer,
hopefully free and nearby the helpers.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Fix wrong usage of ! and & in MMU related functions. Thanks to Blue
Swirl for reporting the issue.
Reported-by: NBlue Swirl <blauwirbel@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Fix usage of wrong variable, spotted by clang:
/src/qemu/monitor.c:2278:36: warning: The left operand of '&' is a garbage value
                        prot = pde & (PG_USER_MASK | PG_RW_MASK |
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

ORS=" " adds a blank to the name of the include file.
Some shells (e.g. dash) don't accept input redirection
(tr -d '\r' < $f) when $f ends with a blank, so they
print an error message instead of reading pci.mak.
This is a non-fatal error because pci.mak does not
contain an include line. It was introduced by commit
5d6b423c.

Using printf avoids adding a blank and is also supported
by older awk versions (this solution was suggested by
Paolo Bonzini, thank you).

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Tested-by: NAndreas Färber <andreas.faerber@web.de>

The MAINTAINERS file was lacking entries concerning the TCG code, add
them based on the git history.

For the common TCG code, is probably better to keep qemu-devel@non-gnu.org
as this code can break easily, so it's better to get it reviewed by a few
persons.
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Since nobody else seems interested in maintaining MIPS and SH4 targets,
and as I have done most of the recent code changes, let officialize
that.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

We were not correctly restoring the IT bits when resuming execution
after taking an unexpected exception in the middle of an IT block.
Fix this by tracking them along with PC changes and restoring in
gen_pc_load().

This fixes bug https://bugs.launchpad.net/qemu/+bug/581335Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When invoking a signal handler for an ARM target, make sure the IT
bits in the CPSR are cleared. (This would otherwise cause incorrect
execution if the IT state was non-zero when an exception occured.
This bug has been masked previously because we weren't getting the
IT state bits at exception entry right anyway.)

Also use the proper cpsr_read()/cpsr_write() interface to update
the CPSR rather than manipulating CPUState fields directly.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Create a new function which does the common sequence of gen_set_condexec,
gen_set_pc_im, gen_exception, set is_jmp to DISAS_JUMP.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Remove a redundant call to gen_set_condexec() in the translation of Thumb
mode SWI. (SWI and WFI generate "exceptions" which happen after the
execution of the instruction, ie when PC and IT bits have updated.
So the condexec bits at this point are not correct. However, the code
that handles finishing the translation of the TB will write the correct
value of the condexec bits later, so the only effect was that a conditional
Thumb SWI would generate slightly worse code than necessary.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When translating, get the user/priv state from the TB flags, not
the CPUState.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

M profile ARM cores don't have a CPSR mode field. Set the bit in the
TB flags that indicates non-user mode correctly for these cores.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When translating, the condexec bits for the TB are in the TB flags;
the CPUState condexec bits may be different.

This patch fixes https://bugs.launchpad.net/bugs/604872 where we might
segfault if we took an exception in the middle of a TB with an IT
block, because when we came to retranslate in cpu_restore_state()
the CPUState condexec bits would have advanced compared to the start
of the TB and we would generate different (wrong) code.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The Thumb/ARM state for the TB being translated should come from
the TB flags, not the CPUState.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When translating, the VFP vector length and stride for this TB are encoded
in the TB flags; the CPUState copies may be different and must not be used.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When translating code, whether the VFP unit is enabled for this TB
is stored in a bit in the TB flags. Use this rather than incorrectly
reading the FPEXC from the CPUState passed to translation.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Add symbolic constants for the bitfields we use in the TB flags.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When translating the SRS instruction, handle the "store registers
to stack of current mode" case in the helper function rather than
inline. This means the generated code does not make assumptions
about the current CPU mode which might not be valid when the TB
is executed later.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

VSQRTS always uses the standard FPSCR value as it is a Neon instruction.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Add support to the ARM helper routines for a second fp_status value
which should be used for operations which the ARM ARM indicates use
"ARM standard floating-point arithmetic" rather than being controlled
by the rounding/flush/NaN settings in the FPSCR.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

The implementation of the ARM VRSQRTS instruction (which calculates
(3 - op1 * op2) / 2) was missing the division operation. It also
did not handle the special cases of (0,inf) and (inf,0).
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>