Notice raise and bpt, decoding the constants embedded in the
nop addil instruction in the x0 slot.

[rth: Generalize TILEGX_EXCP_OPCODE_ILL to TILEGX_EXCP_SIGNAL.
Drop validation of signal values.]
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Message-Id: <1443243635-4886-1-git-send-email-gang.chen.5i5j@gmail.com>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

The system mode binaries provide a similar alias
and it makes common options like --version and --help
work as expected.
Signed-off-by: NMeador Inge <meadori@codesourcery.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

As suggested by Laurent, use EXIT_SUCCESS and EXIT_FAILURE from
stdlib.h instead of numeric values.

Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

This patch adds better support for diagnosing option
parser errors.  The previous implementation just printed
the usage text and exited when a bad option or argument
was found.  This made it very difficult to determine why
the usage was being displayed and it was doubly confusing
for cases like '--help' (it wasn't clear that --help was
actually an error).
Signed-off-by: NMeador Inge <meadori@codesourcery.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

This option is already available on the system mode
binaries.  It would be better if long options were
supported (i.e. --help), but this is okay for now.
Signed-off-by: NMeador Inge <meadori@codesourcery.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Signed-off-by: NMeador Inge <meadori@codesourcery.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

We are setting SRR0 to the instruction before the one causing the
unaligned exception. A quick testcase:

. = 0x100
.globl _start
_start:
	/* Cause a 0x600 */
	li	3,0x1
	stwcx.	3,0,3
1:	b	1b

. = 0x600
1:	b	1b

Built into something we can load as a BIOS image:

gcc -mbig -c test.S
ld -EB -Ttext 0x0 -o test test.o
objcopy -O binary test test.bin

Run with:

qemu-system-ppc64 -nographic -bios test.bin

Shows an incorrect SRR0 (points at the li):

SRR0 0000000000000100

With the patch we get the correct SRR0:

SRR0 0000000000000104
Signed-off-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NAlexander Graf <agraf@suse.de>

Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Add main working flow feature, system call processing feature, and elf64
tilegx binary loading feature, based on Linux kernel tilegx 64-bit
implementation.

[rth: Moved all of the implementation of atomic instructions to a later patch.]
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-Id: <BLU436-SMTP938552D42808AA60634582B9660@phx.gbl>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Warnings from the Sparse static analysis tool:

linux-user/main.c:40:12: warning:
 symbol 'filename' was not declared. Should it be static?
linux-user/main.c:41:12: warning:
 symbol 'argv0' was not declared. Should it be static?
linux-user/main.c:42:5: warning:
 symbol 'gdbstub_port' was not declared. Should it be static?
linux-user/main.c:43:11: warning:
 symbol 'envlist' was not declared. Should it be static?
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

spinlock is only used in two cases:
  * cpu-exec.c: to protect TranslationBlock
  * mem_helper.c: for lock helper in target-i386 (which seems broken).

It's a pthread_mutex_t in user-mode, so we can use QemuMutex directly,
with an #ifdef.  The #ifdef will be removed when multithreaded TCG
will need the mutex as well.
Signed-off-by: NKONRAD Frederic <fred.konrad@greensocs.com>
Message-Id: <1439220437-23957-5-git-send-email-fred.konrad@greensocs.com>
Signed-off-by: NEmilio G. Cota <cota@braap.org>
[Merge Emilio G. Cota's patch to remove volatile. - Paolo]
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

For the A64 instruction set, the semihosting call instruction
is 'HLT 0xf000'. Wire this up to call do_arm_semihosting()
if semihosting is enabled.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NChristopher Covington <christopher.covington@linaro.org>
Tested-by: NChristopher Covington <cov@codeaurora.org>
Message-id: 1439483745-28752-10-git-send-email-peter.maydell@linaro.org

All tcg host architectures now support the guest base and as
there is no real performance lost, it can be always enabled.

Anyway, guest base use can be disabled lively by setting guest
base to 0.

CONFIG_USE_GUEST_BASE is defined as (USE_GUEST_BASE && USER_ONLY),
it should have to be replaced by CONFIG_USER_ONLY in non CONFIG_USER_ONLY
parts, but as some other parts are using !CONFIG_SOFTMMU I have chosen to
use !CONFIG_SOFTMMU instead.
Reviewed-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>
Message-Id: <1440373328-9788-2-git-send-email-laurent@vivier.eu>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

For the MIPS N64 ABI when QEMU reads the break/trap instruction so that
it can inspect the break/trap code it reads 8 rather than 4 bytes
which means it finds the code field from the instruction after the
break/trap instruction.  This then causes the break/trap handling
code to fail because it does not understand the code number.

The fix forces QEMU to always read 4 bytes of instruction data rather
than deciding how much to read based on the ABI.
Signed-off-by: NAndrew Bennett <andrew.bennett@imgtec.com>
Reviewed-by: NLeon Alrae <leon.alrae@imgtec.com>
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>

Remove un-needed usages of ENV_GET_CPU() by converting the APIs to use
CPUState pointers and retrieving the env_ptr as minimally needed.

Scripted conversion for target-* change:

for I in target-*/cpu.h; do
    sed -i \
    's/\(^int cpu_[^_]*_exec(\)[^ ][^ ]* \*s);$/\1CPUState *cpu);/' \
    $I;
done
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

All callsites to this function navigate the cpu->env_ptr only for the
function to take the env ptr back to the original cpu ptr. Change the
function to just pass in the CPU pointer instead. Removes a core code
usage of ENV_GET_CPU() (in gdbstub.c).

Cc: Riku Voipio <riku.voipio@iki.fi>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NPeter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

In qemu-linux-user, when calling gethostbyname2(),
it was hanging in .__res_nmkquery.

(gdb) bt
0 in .__res_nmkquery () from /lib64/libresolv.so.2
1 in .__libc_res_nquery () from /lib64/libresolv.so.2
2 in .__libc_res_nsearch () from /lib64/libresolv.so.2
3 in ._nss_dns_gethostbyname3_r () from /lib64/libnss_dns.so.2
4 in ._nss_dns_gethostbyname2_r () from /lib64/libnss_dns.so.2
5 in .gethostbyname2_r () from /lib64/libc.so.6
6 in .gethostbyname2 () from /lib64/libc.so.6

.__res_nmkquery() is:

...
do { RANDOM_BITS (randombits); } while ((randombits & 0xffff) == 0);
...

<.__res_nmkquery+112>:	mftbl   r11
<.__res_nmkquery+116>:	clrlwi  r10,r11,16
<.__res_nmkquery+120>:	cmpwi   cr7,r10,0
<.__res_nmkquery+124>:	beq     cr7,<.__res_nmkquery+112>

but as mftbl (Move From Time Base Lower) is not implemented,
r11 is always 0, so we have an infinite loop.

This patch fills the Time Base register with cpu_get_real_ticks().
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>
Signed-off-by: NAlexander Graf <agraf@suse.de>

When a thread is spawned, cpu_copy re-initializes
the bp & wp lists of current thread, instead of the ones
of the new thread.
The effect is that breakpoints are no longer hit.
Signed-off-by: NThierry Bultel <thierry.bultel@basystemes.fr>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

Remove cpu_smm_register and cpu_smm_update.  Instead, each CPU
address space gets an extra region which is an alias of
/machine/smram.  This extra region is enabled or disabled
as the CPU enters/exits SMM.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The function is a nop for user mode, so just remove them.
Signed-off-by: NFam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-3-git-send-email-famz@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

New threads always point at the same env which is incorrect and usually
leads to a crash.
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>
Reviewed-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

start/end_exclusive() need be pairs, except the start_exclusive() in
stop_all_tasks() which is only used by force_sig(), which will be abort.
So at present, start_exclusive() in stop_all_task() need not be paired.

queue_signal() may call force_sig(), or return after kill pid (or queue
signal). If could return from queue_signal(), stop_all_task() would not
be called in time, the next end_exclusive() would be issue.

So in arm_kernel_cmpxchg64_helper() for ARM, need remove end_exclusive()
after queue_signal(). The related commit: "97cc7560 linux-user: Implement
new ARM 64 bit cmpxchg kernel helper".
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

When support was added for TrustZone to ARM CPU emulation, we failed
to correctly update the support for the linux-user implementation of
the get/set_tls syscalls. This meant that accesses to the TPIDRURO
register via the syscalls were always using the non-secure copy of
the register even if native MRC/MCR accesses were using the secure
register. This inconsistency caused most binaries to segfault on startup
if the CPU type was explicitly set to one of the TZ-enabled ones like
cortex-a15. (The default "any" CPU doesn't have TZ enabled and so is
not affected.)

Use access_secure_reg() to determine whether we should be using
the secure or the nonsecure copy of TPIDRURO when emulating these
syscalls.
Signed-off-by: NMikhail Ilyin <m.ilin@samsung.com>
Message-id: 1426505198-2411-1-git-send-email-m.ilin@samsung.com
[PMM: rewrote commit message to more clearly explain the issue
 and its consequences.]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Instead of making cpu_init() return CPUArchState, return CPUState.

Changes were made using the Coccinelle semantic patch below.

  @@
  typedef CPUState;
  identifier e;
  expression args;
  type CPUArchState;
  @@
  -   e =
  +   cpu =
          cpu_init(args);
  -   if (!e) {
  +   if (!cpu) {
          ...
      }
  -   cpu = ENV_GET_CPU(env);
  +   e = cpu->env_ptr;

  @@
  identifier new_env, new_cpu, env, cpu;
  type CPUArchState;
  expression args;
  @@
  -{
  -   CPUState *cpu = ENV_GET_CPU(env);
  -   CPUArchState *new_env = cpu_init(args);
  -   CPUState *new_cpu = ENV_GET_CPU(new_env);
  +{
  +   CPUState *cpu = ENV_GET_CPU(env);
  +   CPUState *new_cpu = cpu_init(args);
  +   CPUArchState *new_env = new_cpu->env_ptr;
      ...
  }

  @@
  identifier c, cpu_init_func, cpu_model;
  type StateType, CPUType;
  @@
  -static inline StateType* cpu_init(const char *cpu_model)
  -{
  -   CPUType *c = cpu_init_func(cpu_model);
  (
  -   if (c == NULL) {
  -       return NULL;
  -   }
  -   return &c->env;
  |
  -   if (c) {
  -       return &c->env;
  -   }
  -   return NULL;
  )
  -}
  +#define cpu_init(cpu_model) CPU(cpu_init_func(cpu_model))

  @@
  identifier cpu_init_func;
  identifier model;
  @@
  -#define cpu_init(model) (&cpu_init_func(model)->env)
  +#define cpu_init(model) CPU(cpu_init_func(model))
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: Riku Voipio <riku.voipio@iki.fi>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Anthony Green <green@moxielogic.com>
Cc: Jia Liu <proljc@gmail.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Max Filippov <jcmvbkbc@gmail.com>
[AF: Fixed up cpu_copy() manually]
Signed-off-by: NAndreas Färber <afaerber@suse.de>

This reverts commit b8a173b2, reversing
changes made to 5de09046.

(I applied this pull request when I should not have done so, and
am now immediately reverting it.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This was the only caller of cpu_init() that was not checking for NULL
yet.
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

In main.c, all SIG* should be TARGET_SIG*, since the relevant functions
(queue_signal() and gdb_handlesig()) expect TARGET_SIG*.

The corresponding vi command is "1,$ s/\<SIG/TARGET_SIG/g".
Signed-off-by: NChen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>

The function end_exclusive() isn't used on all targets; mark it as
such to avoid a clang warning.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The start_exclusive() infrastructure is used on all target
architectures, even if only to do the "stop all CPUs before
dumping core" in force_sig(), so be consistent and call
cpu_exec_start/end in the main loop of every target.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

In the m68k cpu_loop() use get_user_u16 to read the immediate for
the simcall rahter than lduw, to bring it into line with how other
archs do it and to remove another user of the ldl family of functions.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Message-id: 1421334118-3287-8-git-send-email-peter.maydell@linaro.org

The TARGET_HAS_ICE #define is intended to indicate whether a target-*
guest CPU implementation supports the breakpoint handling. However,
all our guest CPUs have that support (the only two which do not
define TARGET_HAS_ICE are unicore32 and openrisc, and in both those
cases the bp support is present and the lack of the #define is just
a bug). So remove the #define entirely: all new guest CPU support
should include breakpoint handling as part of the basic implementation.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Message-id: 1420484960-32365-1-git-send-email-peter.maydell@linaro.org

Replace the 20Kc original MIPS64 ISA processor used for 64-bit user
emulation with the 5KEf processor that implements the MIPS64r2 ISA,
complementing the choice of the 24Kf processor for 32-bit emulation.
Signed-off-by: NMaciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: NLeon Alrae <leon.alrae@imgtec.com>
Signed-off-by: NLeon Alrae <leon.alrae@imgtec.com>

When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.
Signed-off-by: NFabian Aggeler <aggelerf@ethz.ch>
Signed-off-by: NGreg Bellows <greg.bellows@linaro.org>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Message-id: 1416242878-876-25-git-send-email-greg.bellows@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

On AArch64 the si_addr field of siginfo_t is truncated to 32 bits
because the fault address passes through an uint32_t variable.

Follow Peters suggestion and drop the uint32_t variable
since its only used once in the Aarch64 loop.
Reported-by: NAmanieu d'Antras <amanieu@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

This patch introduces the -seed command line option and the
QEMU_RAND_SEED environment variable for setting the random seed, which
is used for the AT_RANDOM ELF aux entry.
Signed-off-by: NMagnus Reftel <reftel@spotify.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The current implementation of watchpoints requires that they
have a power of 2 length which is not greater than TARGET_PAGE_SIZE
and that their address is a multiple of their length. Watchpoints
on ARM don't fit these restrictions, so change the implementation
so they can be relaxed.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Currently syscall instruction is buggy on user mode X86_64,
the EIP is updated after do_syscall(), that is too late for
clone(). Because clone() will create a thread at the env->EIP
(the address of syscall insn), and then child thread enters
do_syscall() again, that is not expected. Sometimes it is tragic.

User mode syscall insn emulation is not used MSR, so the
action should be same to INT 0x80. INT 0x80 will update EIP in
do_interrupt(), ditto for syscall() for consistency.
Signed-off-by: NJincheng Miao <jmiao@redhat.com>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The default, 970fx, doesn't support MSR_LE.  So even though we set LE in
ppc_cpu_reset, it gets cleared again in hreg_store_msr.  Error out if a
user-selected cpu model doesn't support LE.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
[agraf: switch to POWER7 as default for BE and LE]
Signed-off-by: NAlexander Graf <agraf@suse.de>