aboutsummaryrefslogtreecommitdiff
path: root/target-i386/seg_helper.c
AgeCommit message (Collapse)Author
2016-09-14target-i386: Fixed syscall posssible segfaultStanislav Shmarov
In user-mode emulation env->idt.base memory is allocated in linux-user/main.c with size 8*512 = 4096 (for 64-bit). When fake interrupt EXCP_SYSCALL is thrown do_interrupt_user checks destination privilege level for this fake exception, and tries to read 4 bytes at address base + (256 * 2^4)=4096, that causes segfault. Privlege level was checked only for int's, so lets read dpl from memory only for this case. Signed-off-by: Stanislav Shmarov <snarpix@gmail.com> Message-Id: <1473773008-2588376-1-git-send-email-snarpix@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-09target-i386: Add comment about do_interrupt_user() next_eip argumentPeter Maydell
Add a comment to do_interrupt_user() along the same lines as the existing one for do_interrupt_all() noting that the next_eip argument is not used unless is_int is true or intno is EXCP_SYSCALL. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org> Acked-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Riku Voipio <riku.voipio@linaro.org> Message-id: 1463494687-25947-6-git-send-email-peter.maydell@linaro.org
2016-05-19cpu: move exec-all.h inclusion out of cpu.hPaolo Bonzini
exec-all.h contains TCG-specific definitions. It is not needed outside TCG-specific files such as translate.c, exec.c or *helper.c. One generic function had snuck into include/exec/exec-all.h; move it to include/qom/cpu.h. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-09target-i386: Rewrite gen_enter inlineRichard Henderson
Use gen_lea_v_seg for centralized segment base knowledge. Unify code across 32- and 64-bit. Fix note about "must save state" before using the out-of-line helpers. Signed-off-by: Richard Henderson <rth@twiddle.net> Message-Id: <1450379966-28198-8-git-send-email-rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-03log: do not unnecessarily include qom/cpu.hPaolo Bonzini
Split the bits that require it to exec/log.h. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-id: 1452174932-28657-8-git-send-email-den@openvz.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-01-29x86: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-11-git-send-email-peter.maydell@linaro.org
2015-10-23target-i386: Introduce cpu_x86_update_dr7Richard Henderson
This moves the last of the iteration over breakpoints into the bpt_helper.c file. This also allows us to make several breakpoint functions static. Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-09-25i386: interrupt poll processingPavel Dovgalyuk
This patch updates x86_cpu_exec_interrupt function. It can process two interrupt request at a time (poll and another one). This makes its execution non-deterministic. Determinism is requred for recorded icount execution. Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Message-Id: <20150917162410.8676.13042.stgit@PASHA-ISP.def.inno> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-15target-i386: exception handling for seg_helper functionsPavel Dovgalyuk
This patch fixes exception handling for seg_helper functions. Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-06-05target-i386: Use correct memory attributes for memory accessesPaolo Bonzini
These include page table walks, SVM accesses and SMM state save accesses. The bulk of the patch is obtained with sed -i 's/\(\<[a-z_]*_phys\(_notdirty\)\?\>(cs\)->as,/x86_\1,/' Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-10x86: fix SS selector in SYSRETBill Paul
According to my reading of the Intel documentation, the SYSRET instruction is supposed to force the RPL bits of the %ss register to 3 when returning to user mode. The actual sequence is: SS.Selector <-- (IA32_STAR[63:48]+8) OR 3; (* RPL forced to 3 *) However, the code in helper_sysret() leaves them at 0 (in other words, the "OR 3" part of the above sequence is missing). It does set the privilege level bits of %cs correctly though. This has caused me trouble with some of my VxWorks development: code that runs okay on real hardware will crash on QEMU, unless I apply the patch below. Signed-off-by: Bill Paul <wpaul@windriver.com> Message-Id: <201503091548.01462.wpaul@windriver.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-20cpu_ldst.h: Use inline functions for usermode cpu_ld/st accessorsPeter Maydell
Use inline functions rather than macros for cpu_ld/st accessors for the *-user configurations, as we already do for softmmu. This has a two advantages: * we can actually typecheck our arguments * we don't need to leak the _raw macros everywhere Since the _kernel functions were only used by target-i386/seg_helper.c, put the definitions for them in that file too. (It already has the similar template include code to define them for the softmmu case, so it makes sense to have it deal with defining them for user-only.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1421334118-3287-12-git-send-email-peter.maydell@linaro.org
2014-11-12target-i386: eliminate dead code and hoist common code out of "if"Paolo Bonzini
ist != 0 is checked in the first "if", so it cannot be true in the "else if" part. While at it, simplify the code and move the ESP alignment out of the conditionals. Reported by Coverity. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-09-25target-i386: Use cpu_exec_interrupt qom hookRichard Henderson
Signed-off-by: Richard Henderson <rth@twiddle.net> Message-id: 1410626734-3804-23-git-send-email-rth@twiddle.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-22linux-user: Fix syscall instruction usermode emulation on X86_64Jincheng Miao
Currently syscall instruction is buggy on user mode X86_64, the EIP is updated after do_syscall(), that is too late for clone(). Because clone() will create a thread at the env->EIP (the address of syscall insn), and then child thread enters do_syscall() again, that is not expected. Sometimes it is tragic. User mode syscall insn emulation is not used MSR, so the action should be same to INT 0x80. INT 0x80 will update EIP in do_interrupt(), ditto for syscall() for consistency. Signed-off-by: Jincheng Miao <jmiao@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/bonzini/softmmu-smap' into stagingPeter Maydell
* remotes/bonzini/softmmu-smap: (33 commits) target-i386: cleanup x86_cpu_get_phys_page_debug target-i386: fix protection bits in the TLB for SMEP target-i386: support long addresses for 4MB pages (PSE-36) target-i386: raise page fault for reserved bits in large pages target-i386: unify reserved bits and NX bit check target-i386: simplify pte/vaddr calculation target-i386: raise page fault for reserved physical address bits target-i386: test reserved PS bit on PML4Es target-i386: set correct error code for reserved bit access target-i386: introduce support for 1 GB pages target-i386: introduce do_check_protect label target-i386: tweak handling of PG_NX_MASK target-i386: commonize checks for PAE and non-PAE target-i386: commonize checks for 4MB and 4KB pages target-i386: commonize checks for 2MB and 4KB pages target-i386: fix coding standards in x86_cpu_handle_mmu_fault target-i386: simplify SMAP handling in MMU_KSMAP_IDX target-i386: fix kernel accesses with SMAP and CPL = 3 target-i386: move check_io helpers to seg_helper.c target-i386: rename KSMAP to KNOSMAP ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05Merge remote-tracking branch 'remotes/kvm/uq/master' into stagingPeter Maydell
* remotes/kvm/uq/master: kvm: Fix eax for cpuid leaf 0x40000000 kvmclock: Ensure proper env->tsc value for kvmclock_current_nsec calculation kvm: Enable -cpu option to hide KVM kvm: Ensure negative return value on kvm_init() error handling path target-i386: set CC_OP to CC_OP_EFLAGS in cpu_load_eflags target-i386: get CPL from SS.DPL target-i386: rework CPL checks during task switch, preparing for next patch target-i386: fix segment flags for SMM and VM86 mode target-i386: Fix vm86 mode regression introduced in fd460606fd6f. kvm_stat: allow choosing between tracepoints and old stats kvmclock: Ensure time in migration never goes backward Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-05target-i386: fix kernel accesses with SMAP and CPL = 3Paolo Bonzini
With SMAP, implicit kernel accesses from user mode always behave as if AC=0. To do this, kernel mode is not anymore a separate MMU mode. Instead, KERNEL_IDX is renamed to KSMAP_IDX and the kernel mode accessors wrap KSMAP_IDX and KNOSMAP_IDX. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-06-05target-i386: move check_io helpers to seg_helper.cPaolo Bonzini
Prepare for adding _kernel accessors there in the next patch. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-06-05softmmu: introduce cpu_ldst.hPaolo Bonzini
This will collect all load and store helpers soon. For now it is just a replacement for softmmu_exec.h, which this patch stops including directly, but we also include it where this will be necessary in order to simplify the next patch. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-28tcg: Invert the inclusion of helper.hRichard Henderson
Rather than include helper.h with N values of GEN_HELPER, include a secondary file that sets up the macros to include helper.h. This minimizes the files that must be rebuilt when changing the macros for file N. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-05-21target-i386: set CC_OP to CC_OP_EFLAGS in cpu_load_eflagsPaolo Bonzini
There is no reason to keep that out of the function. The comment refers to the disassembler's cc_op state rather than the CPUState field. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-21target-i386: rework CPL checks during task switch, preparing for next patchPaolo Bonzini
During task switch, all of CS.DPL, CS.RPL, SS.DPL must match (in addition to all the other requirements) and will be the new CPL. So far this worked by carefully setting the CS selector and flags before doing the task switch; but this will not work once we get the CPL from SS.DPL. Temporarily assume that the CPL comes from CS.RPL during task switch to a protected-mode task, until the descriptor of SS is loaded. Tested-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-21target-i386: fix segment flags for SMM and VM86 modePaolo Bonzini
With the next patch, these need to be correct or VM86 tasks have the wrong CPL. The flags are basically what the Intel VMX documentation say is mandatory for entry into a VM86 guest. For consistency, SMM ought to have the same flags except with CPL=0. Tested-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-21target-i386: Fix vm86 mode regression introduced in fd460606fd6f.Kevin O'Connor
Commit fd460606fd6f moved setting of eflags above calls to cpu_x86_load_seg_cache() in seg_helper.c. Unfortunately, in do_interrupt_protected() this moved the clearing of VM_MASK above a test for it. Fix this regression by storing the value of VM_MASK at the start of do_interrupt_protected(). Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-13target-i386: the x86 CPL is stored in CS.selector - auto update hflags ↵Kevin O'Connor
accordingly. Instead of manually calling cpu_x86_set_cpl() when the CPL changes, check for CPL changes on calls to cpu_x86_load_seg_cache(R_CS). Every location that called cpu_x86_set_cpl() also called cpu_x86_load_seg_cache(R_CS), so cpu_x86_set_cpl() is no longer required. This fixes the SMM handler code as it was not setting/restoring the CPL level manually. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-05-13target-i386: set eflags prior to calling cpu_x86_load_seg_cache() in ↵Kevin O'Connor
seg_helper.c The cpu_x86_load_seg_cache() function inspects eflags, so make sure all changes to eflags are done prior to loading the segment caches. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-03-13exec: Change cpu_abort() argument to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13cpu-exec: Change cpu_loop_exit() argument to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13cpu: Move exception_index field from CPU_COMMON to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13target-i386: Clean up ENV_GET_CPU() usageAndreas Färber
Commits fdfba1a298ae26dd44bcfdb0429314139a0bc55a, f606604f1c10b60ef294f1b9b229426521a365e3 and 2c17449b3022ca9623c4a7e2a504a4150ac4ad30 added usages of ENV_GET_CPU() macro in target-specific code. Use x86_env_get_cpu() or reuse existing X86CPU variable instead. Cc: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-02-11exec: Make stl_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11exec: Make ldl_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2013-07-09target-i386: Change LOG_PCALL_STATE() argument to CPUStateAndreas Färber
Since log_cpu_state_mask() argument was changed to CPUState, CPUArchState is no longer needed. Choose CPUState rather than X86CPU to not hide type mismatches with CPU(). Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-09log: Change log_cpu_state[_mask]() argument to CPUStateAndreas Färber
Since commit 878096eeb278a8ac1ccd6667af73e026f29b4cf5 (cpu: Turn cpu_dump_{state,statistics}() into CPUState hooks) CPUArchState is no longer needed. Add documentation and make the functions available through qemu/log.h outside NEED_CPU_H to allow use in qom/cpu.c. Moving them to qom/cpu.h was not yet possible due to convoluted include paths, so that some devices grow an implicit and unneeded dependency on qom/cpu.h for now. Acked-by: Michael Walle <michael@walle.cc> (for lm32) Reviewed-by: Richard Henderson <rth@twiddle.net> [AF: Simplified mb_cpu_do_interrupt() and do_interrupt_all() changes] Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-09target-i386: Change do_interrupt_all() argument to X86CPUAndreas Färber
Prepares for log_cpu_state() changing argument to CPUState. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-06-15target-i386: fix over 80 chars warningsliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove EIP macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove EDI macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove ESI macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove ESP macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove EBP macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove EDX macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove ECX macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove EBX macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-06-15target-i386/helper: remove EAX macroliguang
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-12cpu: Replace do_interrupt() by CPUClass::do_interrupt methodAndreas Färber
This removes a global per-target function and thus takes us one step closer to compiling multiple targets into one executable. It will also allow to override the interrupt handling for certain CPU families. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-01-15target-i386: Introduce hw_{local,global}_breakpoint_enabled()liguang
hw_breakpoint_enabled() returned a bit field indicating whether a local breakpoint and/or global breakpoint was enabled. Avoid this number magic by using explicit boolean helper functions hw_local_breakpoint_enabled() and hw_global_breakpoint_enabled(), to aid readability. Reuse them for the hw_breakpoint_enabled() implementation and change its return type to bool. While at it, fix Coding Style issues (missing braces). Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-01-15target-i386: Define DR7 bit field constantsliguang
Implicit use of dr7 bit field is a little hard to understand, so define constants for them and use them consistently. Signed-off-by: liguang <lig.fnst@cn.fujitsu.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-12-19misc: move include files to include/qemu/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>