Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Remove cpu_smm_register and cpu_smm_update.  Instead, each CPU
address space gets an extra region which is an alias of
/machine/smram.  This extra region is enabled or disabled
as the CPU enters/exits SMM.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The function is a nop for user mode, so just remove them.
Signed-off-by: NFam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-3-git-send-email-famz@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

New threads always point at the same env which is incorrect and usually
leads to a crash.
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

start/end_exclusive() need be pairs, except the start_exclusive() in
stop_all_tasks() which is only used by force_sig(), which will be abort.
So at present, start_exclusive() in stop_all_task() need not be paired.

queue_signal() may call force_sig(), or return after kill pid (or queue
signal). If could return from queue_signal(), stop_all_task() would not
be called in time, the next end_exclusive() would be issue.

So in arm_kernel_cmpxchg64_helper() for ARM, need remove end_exclusive()
after queue_signal(). The related commit: "97cc7560 linux-user: Implement
new ARM 64 bit cmpxchg kernel helper".
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

When support was added for TrustZone to ARM CPU emulation, we failed
to correctly update the support for the linux-user implementation of
the get/set_tls syscalls. This meant that accesses to the TPIDRURO
register via the syscalls were always using the non-secure copy of
the register even if native MRC/MCR accesses were using the secure
register. This inconsistency caused most binaries to segfault on startup
if the CPU type was explicitly set to one of the TZ-enabled ones like
cortex-a15. (The default "any" CPU doesn't have TZ enabled and so is
not affected.)

Use access_secure_reg() to determine whether we should be using
the secure or the nonsecure copy of TPIDRURO when emulating these
syscalls.
Signed-off-by: NMikhail Ilyin <m.ilin@samsung.com>
Message-id: 1426505198-2411-1-git-send-email-m.ilin@samsung.com
[PMM: rewrote commit message to more clearly explain the issue
 and its consequences.]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Instead of making cpu_init() return CPUArchState, return CPUState.

Changes were made using the Coccinelle semantic patch below.

  @@
  typedef CPUState;
  identifier e;
  expression args;
  type CPUArchState;
  @@
  -   e =
  +   cpu =
          cpu_init(args);
  -   if (!e) {
  +   if (!cpu) {
          ...
      }
  -   cpu = ENV_GET_CPU(env);
  +   e = cpu->env_ptr;

  @@
  identifier new_env, new_cpu, env, cpu;
  type CPUArchState;
  expression args;
  @@
  -{
  -   CPUState *cpu = ENV_GET_CPU(env);
  -   CPUArchState *new_env = cpu_init(args);
  -   CPUState *new_cpu = ENV_GET_CPU(new_env);
  +{
  +   CPUState *cpu = ENV_GET_CPU(env);
  +   CPUState *new_cpu = cpu_init(args);
  +   CPUArchState *new_env = new_cpu->env_ptr;
      ...
  }

  @@
  identifier c, cpu_init_func, cpu_model;
  type StateType, CPUType;
  @@
  -static inline StateType* cpu_init(const char *cpu_model)
  -{
  -   CPUType *c = cpu_init_func(cpu_model);
  (
  -   if (c == NULL) {
  -       return NULL;
  -   }
  -   return &c->env;
  |
  -   if (c) {
  -       return &c->env;
  -   }
  -   return NULL;
  )
  -}
  +#define cpu_init(cpu_model) CPU(cpu_init_func(cpu_model))

  @@
  identifier cpu_init_func;
  identifier model;
  @@
  -#define cpu_init(model) (&cpu_init_func(model)->env)
  +#define cpu_init(model) CPU(cpu_init_func(model))
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: Riku Voipio <riku.voipio@iki.fi>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Anthony Green <green@moxielogic.com>
Cc: Jia Liu <proljc@gmail.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Max Filippov <jcmvbkbc@gmail.com>
[AF: Fixed up cpu_copy() manually]
Signed-off-by: NAndreas Färber <afaerber@suse.de>

This reverts commit b8a173b2, reversing
changes made to 5de09046.

(I applied this pull request when I should not have done so, and
am now immediately reverting it.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This was the only caller of cpu_init() that was not checking for NULL
yet.
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

In main.c, all SIG* should be TARGET_SIG*, since the relevant functions
(queue_signal() and gdb_handlesig()) expect TARGET_SIG*.

The corresponding vi command is "1,$ s/\<SIG/TARGET_SIG/g".
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The function end_exclusive() isn't used on all targets; mark it as
such to avoid a clang warning.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The start_exclusive() infrastructure is used on all target
architectures, even if only to do the "stop all CPUs before
dumping core" in force_sig(), so be consistent and call
cpu_exec_start/end in the main loop of every target.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

In the m68k cpu_loop() use get_user_u16 to read the immediate for
the simcall rahter than lduw, to bring it into line with how other
archs do it and to remove another user of the ldl family of functions.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-8-git-send-email-peter.maydell@linaro.org

The TARGET_HAS_ICE #define is intended to indicate whether a target-*
guest CPU implementation supports the breakpoint handling. However,
all our guest CPUs have that support (the only two which do not
define TARGET_HAS_ICE are unicore32 and openrisc, and in both those
cases the bp support is present and the lack of the #define is just
a bug). So remove the #define entirely: all new guest CPU support
should include breakpoint handling as part of the basic implementation.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Message-id: 1420484960-32365-1-git-send-email-peter.maydell@linaro.org

Replace the 20Kc original MIPS64 ISA processor used for 64-bit user
emulation with the 5KEf processor that implements the MIPS64r2 ISA,
complementing the choice of the 24Kf processor for 32-bit emulation.
Signed-off-by: NMaciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: NLeon Alrae <leon.alrae@imgtec.com>
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.
Signed-off-by: NFabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-25-git-send-email-greg.bellows@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

On AArch64 the si_addr field of siginfo_t is truncated to 32 bits
because the fault address passes through an uint32_t variable.

Follow Peters suggestion and drop the uint32_t variable
since its only used once in the Aarch64 loop.
Reported-by: NAmanieu d'Antras <amanieu@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

This patch introduces the -seed command line option and the
QEMU_RAND_SEED environment variable for setting the random seed, which
is used for the AT_RANDOM ELF aux entry.
Signed-off-by: NMagnus Reftel <reftel@spotify.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The current implementation of watchpoints requires that they
have a power of 2 length which is not greater than TARGET_PAGE_SIZE
and that their address is a multiple of their length. Watchpoints
on ARM don't fit these restrictions, so change the implementation
so they can be relaxed.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Currently syscall instruction is buggy on user mode X86_64,
the EIP is updated after do_syscall(), that is too late for
clone(). Because clone() will create a thread at the env->EIP
(the address of syscall insn), and then child thread enters
do_syscall() again, that is not expected. Sometimes it is tragic.

User mode syscall insn emulation is not used MSR, so the
action should be same to INT 0x80. INT 0x80 will update EIP in
do_interrupt(), ditto for syscall() for consistency.
Signed-off-by: NJincheng Miao <jmiao@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The default, 970fx, doesn't support MSR_LE.  So even though we set LE in
ppc_cpu_reset, it gets cleared again in hreg_store_msr.  Error out if a
user-selected cpu model doesn't support LE.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
[agraf: switch to POWER7 as default for BE and LE]
Signed-off-by: NAlexander Graf <agraf@suse.de>

OABI arm used a software interrupt(0xef9f0001) for breakpoints.
Since 2005 gdb has used the break instruction(0xe7f001f0) for EABI.
Apparently Steel Bank Common Lisp still uses the swi instruction.

This is the kernel implementation:
http://lxr.free-electrons.com/source/arch/arm/kernel/traps.c#L598Signed-off-by: NHunter Laux <hunterlaux@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

As a "utility", it only supported ppc, and in a way that other
tcg backends provided directly in tcg-target.h.  Removing this
disparity is easier now that the two ppc backends are merged.
Tested-by: NTom Musta <tommusta@gmail.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Instead of getting backup auxv data from the env pointer given to main,
read it from /proc/self/auxv.  We can do this at any time, so we're not
tied to any ordering wrt a call to qemu_init_auxval from main.
Tested-by: NTom Musta <tommusta@gmail.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The size and register information are encoded into the reserve_info field
of CPU state in the store conditional translation code.  Specifically, the
size is shifted left by 5 bits (see target-ppc/translate.c gen_conditional_store).

The user-mode store conditional code erroneously extracts the size by ANDing
with a 4 bit mask; this breaks if size >= 16.

Eliminate the mask to make the extraction of size mirror its encoding.
Signed-off-by: NTom Musta <tommusta@gmail.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

This allows running PPC64 little-endian in user mode if target is configured
that way.  In PPC64 LE user mode we set MSR.LE during initialization.
Signed-off-by: NDoug Kwan <dougkwan@google.com>
Signed-off-by: NTom Musta <tommusta@gmail.com>
Signed-off-by: NAlexander Graf <agraf@suse.de>

With the next patch, these need to be correct or VM86 tasks
have the wrong CPL.  The flags are basically what the Intel VMX
documentation say is mandatory for entry into a VM86 guest.

For consistency, SMM ought to have the same flags except with
CPL=0.
Tested-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Instead of manually calling cpu_x86_set_cpl() when the CPL changes,
check for CPL changes on calls to cpu_x86_load_seg_cache(R_CS).  Every
location that called cpu_x86_set_cpl() also called
cpu_x86_load_seg_cache(R_CS), so cpu_x86_set_cpl() is no longer
required.

This fixes the SMM handler code as it was not setting/restoring the
CPL level manually.
Signed-off-by: NKevin O'Connor <kevin@koconnor.net>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

--enable-uname-release was a rather heavyweight hammer, as it allows
providing values less that UNAME_MINIMUM_RELEASE. Also, it affects
all built linux-user targets, which in most cases is not what user
wants.

Now that we have UNAME_MINIMUM_RELEASE for all linux-user platforms,
we can drop --enable-uname-release and the related CONFIG_UNAME_RELEASE
define.

Users can still override the variable with QEMU_UNAME=2.6.32 or -r
command line option. If distributors need to update a minimum version
for a specific target, it can be done by updating UNAME_MINIMUM_RELEASE.
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

For AArch32 exceptions, the only information provided about
the cause of an exception is the individual exception type (data
abort, undef, etc), which we store in cs->exception_index. For
AArch64, the CPU provides much more detail about the cause of
the exception, which can be found in the syndrome register.
Create a set of fields in CPUARMState which must be filled in
whenever an exception is raised, so that exception entry can
correctly fill in the syndrome register for the guest.
This includes the information which in AArch32 appears in
the DFAR and IFAR (fault address registers) and the DFSR
and IFSR (fault status registers) for data aborts and
prefetch aborts, since if we end up taking the MMU fault
to AArch64 rather than AArch32 this will need to end up
in different system registers.

This patch does a refactoring which moves the setting of the
AArch32 DFAR/DFSR/IFAR/IFSR from the point where the exception
is raised to the point where it is taken. (This is no change
for cores with an MMU, retains the existing clearly incorrect
behaviour for ARM946 of trashing the MP access permissions
registers which share the c5_data and c5_insn state fields,
and has no effect for v7M because we don't implement its
MPU fault status or address registers.)

As a side effect of the cleanup we fix a bug in the AArch64
linux-user mode code where we were passing a 64 bit fault
address through the 32 bit c6_data/c6_insn fields: it now
goes via the always-64-bit exception.vaddress.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPeter Crosthwaite <peter.crosthwaite@xilinx.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Use CPUState. Allows to clean up CPUArchState in gdbstub.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Use CPUState. This lets us drop a few local env usages.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Most targets were using offsetof(CPUFooState, breakpoints) to determine
how much of CPUFooState to clear on reset. Use the next field after
CPU_COMMON instead, if any, or sizeof(CPUFooState) otherwise.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

This patch adds the Store Quadword Conditionl (stqcx.) instruction
which is introduced in Power ISA 2.07.
Signed-off-by: NTom Musta <tommusta@gmail.com>
[agraf: fix compile error when !TARGET_PPC64]
Signed-off-by: NAlexander Graf <agraf@suse.de>

Exception with break instruction has not been correctly propagated as
SIGTRAP. This resolves crash issues with examples that use break
instruction on MIPS.
Signed-off-by: NPetar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Signed-off-by: NJanne Grunau <j@jannau.net>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This implement exclusive loads/stores for aarch64 along the lines of
arm32 and ppc implementations. The exclusive load remembers the address
and loaded value. The exclusive store throws an an exception which uses
those values to check for equality in a proper exclusive region.

This is not actually the architecture mandated semantics (for either
AArch32 or AArch64) but it is close enough for typical guest code
sequences to work correctly, and saves us from having to monitor all
guest stores. It's fairly easy to come up with test cases where we
don't behave like hardware - we don't for example model cache line
behaviour. However in the common patterns this works, and the existing
32 bit ARM exclusive access implementation has the same limitations.

AArch64 also implements new acquire/release loads/stores (which may be
either exclusive or non-exclusive). These imposes extra ordering
constraints on memory operations (ie they act as if they have an implicit
barrier built into them). As TCG is single-threaded all our barriers
are no-ops, so these just behave like normal loads and stores.
Signed-off-by: NMichael Matz <matz@suse.de>
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>