Signed-off-by: NEvgeny Voevodin <e.voevodin@samsung.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Signed-off-by: NEvgeny Voevodin <e.voevodin@samsung.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Pass around CPUArchState instead of using global cpu_single_env.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>

Pass around CPUArchState instead of using global cpu_single_env.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>
Acked-by: NRichard Henderson <rth@twiddle.net>
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Acked-by: NGuan Xuetao <gxt@mprc.pku.edu.cn>

Thanks to Andriy Gapon for initial problem report.
Signed-off-by: Nmalc <av1474@comtv.ru>

This patch implements Supervisor Mode Execution Prevention (SMEP) and
Supervisor Mode Access Prevention (SMAP) for x86.  The purpose of the
patch, obviously, is to help kernel developers debug the support for
those features.

A fair bit of the code relates to the handling of CPUID features.  The
CPUID code probably would get greatly simplified if all the feature
bit words were unified into a single vector object, but in the
interest of producing a minimal patch for SMEP/SMAP, and because I had
very limited time for this project, I followed the existing style.

[ v2: don't change the definition of the qemu64 CPU shorthand, since
  that breaks loading old snapshots.  Per Anthony Liguori this can be
  fixed once the CPU feature set is snapshot.

  Change the coding style slightly to conform to checkpatch.pl. ]
Signed-off-by: NH. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

For all targets that currently call tcg_gen_debug_insn_start,
add CPU_LOG_TB_OP_OPT to the condition that gates it.

This is useful for comparing optimization dumps, when the
pre-optimization dump is merely noise.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

> This instruction is always treated as a register-to-register (MOD = 11)
> instruction, regardless of the encoding of the MOD field in the MODR/M
> byte.

Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on
real Intel 386 and 486 CPU's (at least), but does not run in qemu without
this patch.
Signed-off-by: NMatthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: Nmalc <av1474@comtv.ru>

Add an explicit CPUX86State parameter instead of relying on AREG0.

Remove temporary wrappers and switch to AREG0 free mode.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.

Rename remains of op_helper.c to seg_helper.c.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Make FPU helpers take a parameter for CPUState instead
of relying on global env.

Introduce temporary wrappers for FPU load and store ops. Remove
wrappers for non-AREG0 code. Don't call unconverted helpers
directly.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

According to the Intel manual
"Intel® 64 and IA-32 Architectures Software Developer’s Manual
Volume 3", "3.4.4 Segment Loading Instructions in IA-32e Mode":

"When in compatibility mode, FS and GS overrides operate as defined by
32-bit mode behavior regardless of the value loaded into the upper 32
linear-address bits of the hidden descriptor register base field.
Compatibility mode ignores the upper 32 bits when calculating an effective address."

However, the code misses the 64-bit mode case, where an instruction with
address and segment size override would be translated incorrectly. For example,
inc dword ptr gs:260h[ebx*4] gets incorrectly translated to:

(uint32_t)(gs.base + ebx * 4 + 0x260)
instead of
gs.base + (uint32_t)(ebx * 4 + 0x260)
Signed-off-by: NVitaly Chipounov <vitaly.chipounov@epfl.ch>
Reviewed-by: NMax Filippov <jcmvbkbc@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Rephrase some of the expressions used to select an entry
in the SSE op table arrays so that it's clearer that they
don't overrun the op table array size.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

The X86_64_DEF macro is a confusing way of making some terms
in a conditional only appear if TARGET_X86_64 is defined. We
only use it in two places, and in both cases this is for making
the same test, so abstract that check out into a function
where we can use a more conventional #ifdef.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Commit 11f8cdbc removed all the uses of the X86_64_ONLY
macro. The BUGGY_64() macro has been unused for a long time:
it originally marked some ops which couldn't be enabled
because of issues with the pre-TCG code generation scheme.
Remove the now-unnecessary definitions of both macros.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

commit c4baa050 improved SSE table
type safety which now raises compiler errors when latest QEMU was
configured with --enable-debug.

Fix this by splitting the SSE tables even further to separate
helper functions with different signatures.

Instead of crashing by calling address 0, the code now jumps to
label illegal_op.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

SSE function tables could easily be corrupted because of use
of void pointers.

Introduce function pointer types and helper variables in order
to improve type safety.

Split sse_op_table3 according to types used.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add an explicit CPUX86State parameter instead of relying on AREG0.

Merge raise_exception_env() to raise_exception(), likewise with
raise_exception_err_env() and raise_exception_err().

Introduce cpu_svm_check_intercept_param() and cpu_vmexit()
as wrappers.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Scripted conversion:
  sed -i "s/CPUState/CPUX86State/g" target-i386/*.[hc]
  sed -i "s/#define CPUX86State/#define CPUState/" target-i386/cpu.h
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Acked-by: NAnthony Liguori <aliguori@us.ibm.com>

Commit 2355c16e introduced a new ldmxcsr
helper taking an i32 argument, but the helper is actually passed a long.
Fix that by truncating the long to i32.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

SSE rounding and flush to zero control has never been implemented. However
given that softfloat-native was using a single state for FPU and SSE and
given that glibc is setting both FPU and SSE state in fesetround(), this
was working correctly up to the switch to softfloat.

Fix that by adding an update_sse_status() function similar to
update_fpu_status(), and callin git on write to mxcsr.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

When the i386 cmpxchg instruction is executed with a memory operand
and the comparison result is "unequal", do the memory write before
changing the accumulator instead of the other way around, because
otherwise the new accumulator value will incorrectly be used in the
comparison when the instruction is restarted after a page fault.

This bug was originally reported on 2010-04-25 as
https://bugs.launchpad.net/qemu/+bug/569760Signed-off-by: NAndreas Gustafsson <gson@gson.org>

T0 was already masked to 16 bits when loading it.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Remove also two assert statements which were the last remaining users.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>

The (x << (cl - 1)) quantity is only used if CL != 0.  Move the
computation of that quantity nearer its use.

This avoids the creation of undefined TCG operations when the
constant propagation optimization proves that CL == 0, and thus
CL-1 is outside the range [0-wordsize).
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: Nmalc <av1474@comtv.ru>

Most exec-all.h include directives are now useless, remove them.
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

While trying to use qemu -cpu pentium3 to test for incorrect uses of certain
SSE2 instructions, I found that QEMU allowed the mfence and lfence
instructions to be executed even though Pentium 3 doesn't support them.

According to the processor specs (and experience on a real Pentium 3), these
instructions are only available with SSE2, but QEMU is checking for SSE.  The
check for the related sfence instruction is correct (it works with SSE).

This trival patch fixes the test.
Signed-off-by: NMartin Simmons <martin@lispworks.com>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Function gen_pc_load was introduced in commit
d2856f1a.
The only reason for parameter searched_pc was
a debug statement in target-i386/translate.c.

Parameter puc was needed by target-sparc until
commit d7da2a10.

Remove searched_pc from the debug statement and remove both
parameters from the parameter list of gen_pc_load.

As the function name gen_pc_load was also misleading,
it is now called restore_state_to_opc. This new name
was suggested by Peter Maydell, thanks.

v2: Remove last parameter, too, and rename the function.

v3: Fix [] typo in target-arm/translate.c.
    Fix wrong SHA1 object name in commit message (copy+paste error).

Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NStefan Weil <weil@mail.berlios.de>

tcg_gen_exit_tb takes a parameter of type tcg_target_long,
so the type casts of pointer to long should be replaced by
type casts of pointer to tcg_target_long (suggested by Blue Swirl).

These changes are needed for build environments where
sizeof(long) != sizeof(void *), especially for w64.
Signed-off-by: NStefan Weil <weil@mail.berlios.de>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Use this for assignment to the low byte or low word of a register.
Acked-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

This patch simplifies target-i386/translate.c a bit by replacing some
code with gen_update_cc_op()
Signed-off-by: NJun Koi <junkoi2004@gmail.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

This patch replaces constant value assigned for (DisasContext
*)->is_jmp with DISAS_TB_JUMP.
Signed-off-by: NJun Koi <junkoi2004@gmail.com>
Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@gmail.com>

ssse3 uses tables with only two entries per op, but it is indexed
with b1 which can contain variables upto 3. This happens when ssse3
or sse4 are used with REP* prefixes.

Add boundary checking for this case.
Signed-off-by: NAndi Kleen <ak@linux.intel.com>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

We were ignoring REX_B while special-casing NOP, i.e. xchg eax,eax.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Negative four byte displacements need to be sign-extended after
c086b783.  Do so.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Acked-by: NRichard Henderson  <rth@twiddle.net>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>