aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)Author
2017-07-31target/arm: Migrate MPU_RNR register state for M profile coresPeter Maydell
The PMSAv7 region number register is migrated for R profile cores using the cpreg scheme, but M profile doesn't use cpregs, and so we weren't migrating the MPU_RNR register state at all. Fix that by adding a migration subsection for the M profile case. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1501153150-19984-6-git-send-email-peter.maydell@linaro.org
2017-07-31target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get resetPeter Maydell
When the PMSAv7 implementation was originally added it was for R profile CPUs only, and reset was handled using the cpreg .resetfn hooks. Unfortunately for M profile cores this doesn't work, because they do not register any cpregs. Move the reset handling into arm_cpu_reset(), where it will work for both R profile and M profile cores. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1501153150-19984-5-git-send-email-peter.maydell@linaro.org
2017-07-31target/arm: Rename cp15.c6_rgnr to pmsav7.rnrPeter Maydell
Almost all of the PMSAv7 state is in the pmsav7 substruct of the ARM CPU state structure. The exception is the region number register, which is in cp15.c6_rgnr. This exception is a bit odd for M profile, which otherwise generally does not store state in the cp15 substruct. Rename cp15.c6_rgnr to pmsav7.rnr accordingly. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1501153150-19984-4-git-send-email-peter.maydell@linaro.org
2017-07-31target/arm: Don't allow guest to make System space executable for M profilePeter Maydell
For an M profile v7PMSA, the system space (0xe0000000 - 0xffffffff) can never be executable, even if the guest tries to set the MPU registers up that way. Enforce this restriction. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1501153150-19984-3-git-send-email-peter.maydell@linaro.org
2017-07-31target/arm: Don't do MPU lookups for addresses in M profile PPB regionPeter Maydell
The M profile PMSAv7 specification says that if the address being looked up is in the PPB region (0xe0000000 - 0xe00fffff) then we do not use the MPU regions but always use the default memory map. Implement this (we were previously behaving like an R profile PMSAv7, which does not special case this). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1501153150-19984-2-git-send-email-peter.maydell@linaro.org
2017-07-31target/arm: Correct MPU trace handling of write vs executePeter Maydell
Correct off-by-one bug in the PSMAv7 MPU tracing where it would print a write access as "reading", an insn fetch as "writing", and a read access as "execute". Since we have an MMUAccessType enum now, we can make the code clearer in the process by using that rather than the raw 0/1/2 values. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 1500906792-18010-1-git-send-email-peter.maydell@linaro.org
2017-07-31docs: fix broken paths to docs/devel/tracing.txtPhilippe Mathieu-Daudé
With the move of some docs/ to docs/devel/ on ac06724a71, no references were updated. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31m68k/translate: fix incorrect copy/pastePhilippe Mathieu-Daudé
db3d7945ae extended gen_cc_cond() for cond [6, 7, 9, 10] but misswrote [4, 5] target/m68k/translate.c:1323:70: warning: identical expressions on both sides of logical operator if (op == CC_OP_ADDB || op == CC_OP_ADDW || op == CC_OP_ADDL || op == CC_OP_ADDB || op == CC_OP_ADDW || op == CC_OP_ADDL) { ~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~ ^ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-31qemu-system-tricore: segfault when entering "x 0" on the monitorEduardo Otubo
Starting Qemu with "qemu-system-tricore -nographic -M tricore_testboard -S" and entering "x 0" at the monitor prompt leads to Segmentation fault. This happens because tricore_cpu_get_phys_page_debug() is not implemented yet, this is a temporary workaround to avoid the crash. Signed-off-by: Eduardo Otubo <otubo@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-07-28target/s390x: fix pgm irq ilen in translate_pages()David Hildenbrand
0 is certainly wrong. Let's use ILEN_AUTO. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170721125609.11117-3-david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-28target/s390x: fix pgm irq ilen for stsiDavid Hildenbrand
The instruction is 4 bytes long. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170721125609.11117-2-david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-26target/i386: Don't use x86_cpu_load_def() on "max" CPU modelEduardo Habkost
When commit 0bacd8b3046f ('i386: Don't set CPUClass::cpu_def on "max" model') removed the CPUClass::cpu_def field, we kept using the x86_cpu_load_def() helper directly in max_x86_cpu_initfn(), emulating the previous behavior when CPUClass::cpu_def was set. However, x86_cpu_load_def() is intended to help initialization of CPU models from the builtin_x86_defs table, and does lots of other steps that are not necessary for "max". One of the things x86_cpu_load_def() do is to set the properties listed at tcg_default_props/kvm_default_props. We must not do that on the "max" CPU model, otherwise under KVM we will incorrectly report all KVM features as always available, and the "svm" feature as always unavailable. The latter caused the bug reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1467599 ("Unable to start domain: the CPU is incompatible with host CPU: Host CPU does not provide required features: svm") Replace x86_cpu_load_def() with simple object_property_set*() calls. In addition to fixing the above bug, this makes the KVM branch in max_x86_cpu_initfn() very similar to the existing TCG branch. For reference, the full list of steps performed by x86_cpu_load_def() is: * Setting min-level and min-xlevel. Already done by max_x86_cpu_initfn(). * Setting family/model/stepping/model-id. Done by the code added to max_x86_cpu_initfn() in this patch. * Copying def->features. Wrong because "-cpu max" features need to be calculated at realize time. This was not a problem in the current code because host_cpudef.features was all zeroes. * x86_cpu_apply_props() calls. This causes the bug above, and shouldn't be done. * Setting CPUID_EXT_HYPERVISOR. Not needed because it is already reported by x86_cpu_get_supported_feature_word(), and because "-cpu max" features need to be calculated at realize time. * Setting CPU vendor to host CPU vendor if on KVM mode. Redundant, because max_x86_cpu_initfn() already sets it to the host CPU vendor. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20170712162058.10538-5-ehabkost@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-26target/i386: Define CPUID_MODEL_ID_SZ macroEduardo Habkost
Document cpu_x86_fill_model_id() and define CPUID_MODEL_ID_SZ to help callers use the right buffer size. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20170712162058.10538-4-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-26target/i386: Use host_vendor_fms() in max_x86_cpu_initfn()Eduardo Habkost
The existing code duplicated the logic in host_vendor_fms(), so reuse the helper function instead. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20170712162058.10538-3-ehabkost@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-07-25s390x/css: fix ilen in IO instruction handlersHalil Pasic
When initiating a program check interruption by calling program_interrupt the instruction length (ilen) of the current instruction is supplied as the third parameter. On s390x all the IO instructions are of instruction format S and their ilen is 4. The calls to program_interrupt (introduced by commits 7b18aad543 ("s390: Add channel I/O instructions.", 2013-01-24) and 61bf0dcb2e ("s390x/ioinst: Add missing alignment checks for IO instructions", 2013-06-21)) however use ilen == 2. This is probably due to a confusion between ilen which specifies the instruction length in bytes and ILC which does the same but in halfwords. If kvm_enabled() this does not actually matter, because the ilen parameter of program_interrupt is effectively unused. Let's provide the correct ilen to program_interrupt. Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com> Fixes: 7b18aad543 ("s390: Add channel I/O instructions.") Fixes: 61bf0dcb2e ("s390x/ioinst: Add missing alignment checks for IO instructions") Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20170724143452.55534-1-pasic@linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: Add remaining switches to compile with --disable-tcgThomas Huth
Adding some CONFIG_TCG tests to be finally able to compile QEMU on s390x also without TCG. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1500886370-14572-6-git-send-email-thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: Move exception-related functions to a new excp_helper.c fileThomas Huth
These functions can not be compiled with --disable-tcg. But since we need the other functions from helper.c in the non-tcg build, we can also not simply remove helper.c from the non-tcg builds. Thus the problematic functions have to be moved into a separate new file instead that we can later omit in the non-tcg builds. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1500886370-14572-5-git-send-email-thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: Rework program_interrupt() and related functionsThomas Huth
misc_helper.c won't be compiled with --disable-tcg anymore, but we still need the program_interrupt() function in that case. Move it to interrupt.c instead, and refactor it to re-use the code from trigger_pgm_exception() (for TCG) and enter_pgmcheck() (for KVM, which now got renamed to kvm_s390_program_interrupt() for clarity). Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1500886370-14572-4-git-send-email-thuth@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: Move diag helpers to a separate fileThomas Huth
misc_helper.c won't be compiled with --disable-tcg anymore, but we still need the diag helpers in KVM builds, too, so move the helper functions to a separate file. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1500886370-14572-3-git-send-email-thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: Move s390_cpu_dump_state() to helper.cThomas Huth
translate.c can not be compiled with --disable-tcg, but we need the s390_cpu_dump_state() in KVM-only builds, too. So let's move that function to helper.c instead, which will also be compiled when --disable-tcg has been specified. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1500886370-14572-2-git-send-email-thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: improve baselining if certain base features are missingDavid Hildenbrand
There are certain features that we put into base models, but that are not relevant for the actual search. The most famous example are MSA subfunctions that might be disabled on certain real hardware out there. While the kvm host model detection will usually detect the correct model on such machines (as it will in the common case not pass features to check for into s390_find_cpu_def()), baselining will fall back to a quite old model just because some MSA subfunctions are missing. Let's improve that by ignoring lack of these features while performing the search for a base model. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170720123721.12366-6-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25s390x/kvm: better comment regarding zPCI feature availabilityDavid Hildenbrand
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170720123721.12366-5-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: introduce (test|set)_be_bitDavid Hildenbrand
Using ordinary bitmap operations to set/test bits does not work properly on architectures !s390x. Let's drop (test|set)_bit_inv and introduce (test|set)_be_bit instead. These functions work on uint8_t array, not on unsigned longs arrays and are for now only used in the context of CPU features. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170720123721.12366-4-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: indicate query subfunction in s390_fill_feat_blockDavid Hildenbrand
We'll have to do the same for TCG, so let's just move it in there. Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170720123721.12366-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25target/s390x: drop BE_BIT()David Hildenbrand
Unused and broken, let's just get rid of it. Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20170720123721.12366-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-25s390/cpumodel: remove KSS from the default model of z14Christian Borntraeger
The SIE_KSS feature will allow a guest to use KSS for a nested guest. To create a nested guest the SIE_F2 facility is still necessary. Since SIE_F2 is not part of the default model it does not make a lot of sense to provide the SIE_KSS feature in the default model. Let's also create a dependency check. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com> Reviewed-by: Janosch Frank <frankja@linux.vnet.ibm.com> Message-Id: <1500550051-7821-2-git-send-email-borntraeger@de.ibm.com> Acked-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-07-24target/arm: fix TCG temp leak in aarch64 rev16Emilio G. Cota
Fix a TCG temporary leak in the new aarch64 rev16 handling. Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-24qapi: Use QNull for a more regular visit_type_null()Markus Armbruster
Make visit_type_null() take an @obj argument like its buddies. This helps keep the next commit simple. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-24qapi: Separate type QNull from QObjectMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2017-07-21Merge remote-tracking branch 'remotes/yongbok/tags/mips-20170721' into stagingPeter Maydell
MIPS patches 2017-07-21 Changes: * Add Enhanced Virtual Addressing (EVA) support # gpg: Signature made Fri 21 Jul 2017 03:25:15 BST # gpg: using RSA key 0x2238EB86D5F797C2 # gpg: Good signature from "Yongbok Kim <yongbok.kim@imgtec.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 8600 4CF5 3415 A5D9 4CFA 2B5C 2238 EB86 D5F7 97C2 * remotes/yongbok/tags/mips-20170721: target/mips: Enable CP0_EBase.WG on MIPS64 CPUs target/mips: Add EVA support to P5600 target/mips: Implement segmentation control target/mips: Add segmentation control registers target/mips: Add an MMU mode for ERL target/mips: Abstract mmu_idx from hflags target/mips: Check memory permissions with mem_idx target/mips: Decode microMIPS EVA load & store instructions target/mips: Decode MIPS32 EVA load & store instructions target/mips: Prepare loads/stores for EVA target/mips: Add CP0_Ebase.WG (write gate) support target/mips: Weaken TLB flush on UX,SX,KX,ASID changes target/mips: Fix TLBWI shadow flush for EHINV,XI,RI target/mips: Fix MIPS64 MFC0 UserLocal on BE host Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-21Use qemu_tolower() and qemu_toupper(), not tolower() and toupper()Peter Maydell
On NetBSD, where tolower() and toupper() are implemented using an array lookup, the compiler warns if you pass a plain 'char' to these functions: gdbstub.c:914:13: warning: array subscript has type 'char' This reflects the fact that toupper() and tolower() give undefined behaviour if they are passed a value that isn't a valid 'unsigned char' or EOF. We have qemu_tolower() and qemu_toupper() to avoid this problem; use them. (The use in scsi-generic.c does not trigger the warning because it passes a uint8_t; we switch it anyway, for consistency.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> for the s390 part. Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-id: 1500568290-7966-1-git-send-email-peter.maydell@linaro.org
2017-07-21target/mips: Enable CP0_EBase.WG on MIPS64 CPUsJames Hogan
Enable the CP0_EBase.WG (write gate) on the I6400 and MIPS64R2-generic CPUs. This allows 64-bit guests to run KVM itself, which uses CP0_EBase.WG to point CP0_EBase at XKPhys. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-21target/mips: Add EVA support to P5600James Hogan
Add the Enhanced Virtual Addressing (EVA) feature to the P5600 core configuration, along with the related Segmentation Control (SC) feature and writable CP0_EBase.WG bit. This allows it to run Malta EVA kernels. Signed-off-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Implement segmentation controlJames Hogan
Implement the optional segmentation control feature in the virtual to physical address translation code. The fixed legacy segment and xkphys handling is replaced with a dynamic layout based on the segmentation control registers (which should be set up even when the feature is not exposed to the guest). Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> [yongbok.kim@imgtec.com: cosmetic changes] Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Add segmentation control registersJames Hogan
The optional segmentation control registers CP0_SegCtl0, CP0_SegCtl1 & CP0_SegCtl2 control the behaviour and required privilege of the legacy virtual memory segments. Add them to the CP0 interface so they can be read and written when CP0_Config3.SC=1, and initialise them to describe the standard legacy layout so they can be used in future patches regardless of whether they are exposed to the guest. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Add an MMU mode for ERLJames Hogan
The segmentation control feature allows a legacy memory segment to become unmapped uncached at error level (according to CP0_Status.ERL), and in fact the user segment is already treated in this way by QEMU. Add a new MMU mode for this state so that QEMU's mappings don't persist between ERL=0 and ERL=1. Signed-off-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> [yongbok.kim@imgtec.com: cosmetic changes] Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Abstract mmu_idx from hflagsJames Hogan
The MIPS mmu_idx is sometimes calculated from hflags without an env pointer available as cpu_mmu_index() requires. Create a common hflags_mmu_index() for the purpose of this calculation which can operate on any hflags, not just with an env pointer, and update cpu_mmu_index() itself and gen_intermediate_code() to use it. Also update debug_post_eret() and helper_mtc0_status() to log the MMU mode with the status change (SM, UM, or nothing for kernel mode) based on cpu_mmu_index() rather than directly testing hflags. This will also allow the logic to be more easily updated when a new MMU mode is added. Signed-off-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Check memory permissions with mem_idxJames Hogan
When performing virtual to physical address translation, check the required privilege level based on the mem_idx rather than the mode in the hflags. This will allow EVA loads & stores to operate safely only on user memory from kernel mode. For the cases where the mmu_idx doesn't need to be overridden (mips_cpu_get_phys_page_debug() and cpu_mips_translate_address()), we calculate the required mmu_idx using cpu_mmu_index(). Note that this only tests the MIPS_HFLAG_KSU bits rather than MIPS_HFLAG_MODE, so we don't test the debug mode hflag MIPS_HFLAG_DM any longer. This should be fine as get_physical_address() only compares against MIPS_HFLAG_UM and MIPS_HFLAG_SM, neither of which should get set by compute_hflags() when MIPS_HFLAG_DM is set. Signed-off-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Decode microMIPS EVA load & store instructionsJames Hogan
Implement decoding of microMIPS EVA load and store instruction groups in the POOL31C pool. These use the same gen_ld(), gen_st(), gen_st_cond() helpers as the MIPS32 decoding, passing the equivalent MIPS32 opcodes as opc. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Decode MIPS32 EVA load & store instructionsJames Hogan
Implement decoding of MIPS32 EVA loads and stores. These access the user address space from kernel mode when implemented, so for each instruction we need to check that EVA is available from Config5.EVA & check for sufficient COP0 privilege (with the new check_eva()), and then override the mem_idx used for the operation. Unfortunately some Loongson 2E instructions use overlapping encodings, so we must be careful not to prevent those from being decoded when EVA is absent. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Prepare loads/stores for EVAJames Hogan
EVA load and store instructions access the user mode address map, so they need to use mem_idx of MIPS_HFLAG_UM. Update the various utility functions to allow mem_idx to be more easily overridden from the decoding logic. Specifically we add a mem_idx argument to the op_ld/st_* helpers used for atomics, and a mem_idx local variable to gen_ld(), gen_st(), and gen_st_cond(). Signed-off-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Add CP0_Ebase.WG (write gate) supportJames Hogan
Add support for the CP0_EBase.WG bit, which allows upper bits to be written (bits 31:30 on MIPS32, or bits 63:30 on MIPS64), along with the CP0_Config5.CV bit to control whether the exception vector for Cache Error exceptions is forced into KSeg1. This is necessary on MIPS32 to support Segmentation Control and Enhanced Virtual Addressing (EVA) extensions (where KSeg1 addresses may not represent an unmapped uncached segment). It is also useful on MIPS64 to allow the exception base to reside in XKPhys, and possibly out of range of KSEG0 and KSEG1. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> [yongbok.kim@imgtec.com: minor changes] Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Weaken TLB flush on UX,SX,KX,ASID changesJames Hogan
There is no need to invalidate any shadow TLB entries when the ASID changes or when access to one of the 64-bit segments has been disabled, since doing so doesn't reveal to software whether any TLB entries have been evicted into the shadow half of the TLB. Therefore weaken the tlb flushes in these cases to only flush the QEMU TLB. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Fix TLBWI shadow flush for EHINV,XI,RIJames Hogan
Writing specific TLB entries with TLBWI flushes shadow TLB entries unless an existing entry is having its access permissions upgraded. This is necessary as software would from then on expect the previous mapping in that entry to no longer be in effect (even if QEMU has quietly evicted it to the shadow TLB on a TLBWR). However it won't do this if only EHINV, XI, or RI bits have been set, even if that results in a reduction of permissions, so add the necessary checks to invoke the flush when these bits are set. Fixes: 2fb58b73746e ("target-mips: add RI and XI fields to TLB entry") Fixes: 9456c2fbcd82 ("target-mips: add TLBINV support") Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Yongbok Kim <yongbok.kim@imgtec.com> [yongbok.kim@imgtec.com: cosmetic changes] Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-20target/mips: Fix MIPS64 MFC0 UserLocal on BE hostJames Hogan
Using MFC0 to read CP0_UserLocal uses tcg_gen_ld32s_tl, however CP0_UserLocal is a target_ulong. On a big endian host with a MIPS64 target this reads and sign extends the more significant half of the 64-bit register. Fix this by using ld_tl to load the whole target_ulong and ext32s_tl to sign extend it, as done for various other target_ulong COP0 registers. Fixes: d279279e2b5c ("target-mips: implement UserLocal Register") Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Yongbok Kim <yongbok.kim@imgtec.com> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Petar Jovanovic <petar.jovanovic@imgtec.com> Reviewed-by: Yongbok Kim <yongbok.kim@imgtec.com> Signed-off-by: Yongbok Kim <yongbok.kim@imgtec.com>
2017-07-19tcg: Pass generic CPUState to gen_intermediate_code()Lluís Vilanova
Needed to implement a target-agnostic gen_intermediate_code() in the future. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Alex Benneé <alex.benee@linaro.org> Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu> Message-Id: <150002025498.22386.18051908483085660588.stgit@frigg.lan> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19target/alpha: optimize gen_cvtlq() using deposit opPhilippe Mathieu-Daudé
Suggested-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20170718045540.16322-10-f4bug@amsat.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19target/sparc: optimize gen_op_mulscc() using deposit opPhilippe Mathieu-Daudé
Suggested-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20170718045540.16322-9-f4bug@amsat.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19target/sparc: optimize various functions using extract opPhilippe Mathieu-Daudé
Done with the Coccinelle semantic patch scripts/coccinelle/tcg_gen_extract.cocci. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-07-19target/ppc: optimize various functions using extract opPhilippe Mathieu-Daudé
Done with the Coccinelle semantic patch scripts/coccinelle/tcg_gen_extract.cocci. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20170718045540.16322-6-f4bug@amsat.org> Signed-off-by: Richard Henderson <rth@twiddle.net>