The TARGET_HAS_ICE #define is intended to indicate whether a target-*
guest CPU implementation supports the breakpoint handling. However,
all our guest CPUs have that support (the only two which do not
define TARGET_HAS_ICE are unicore32 and openrisc, and in both those
cases the bp support is present and the lack of the #define is just
a bug). So remove the #define entirely: all new guest CPU support
should include breakpoint handling as part of the basic implementation.
Backports commit ec53b45bcd1f74f7a4c31331fa6d50b402cd6d26 from qemu
Allow multiple calls to cpu_address_space_init(); each
call adds an entry to the cpu->ases array at the specified
index. It is up to the target-specific CPU code to actually use
these extra address spaces.
Since this multiple AddressSpace support won't work with
KVM, add an assertion to avoid confusing failures.
Backports commit 12ebc9a76dd7702aef0a3618717a826c19c34ef4 from qemu
Rather than setting cpu->as unconditionally in cpu_exec_init
(and then having target-i386 override this later), don't set
it until the first call to cpu_address_space_init.
This requires us to initialise the address space for
both TCG and KVM (KVM doesn't need the AS listener but
it does require cpu->as to be set).
For target CPUs which don't set up any address spaces (currently
everything except i386), add the default address_space_memory
in qemu_init_vcpu().
Backports commit 56943e8cc14b7eeeab67d1942fa5d8bcafe3e53f from qemu
x86_cpu_handle_mmu_fault is currently checking twice for writability
and executability of pages; the first time to decide whether to
trigger a page fault, the second time to compute the "prot" argument
to tlb_set_page_with_attrs.
Reorganize code so that first "prot" is computed, then it is used
to check whether to raise a page fault, then finally PROT_WRITE is
removed if the D bit will have to be set.
Backports commit 76c64d33601a4948d6f72022992574a75b6fab97 from qemu
Now these instructions are handled by TCG and can be added to the
TCG_7_0_EBX_FEATURES macro.
Backports commit 0c47242b519a224279f13c685aa6e79347f97b85 from qemu
Detect the clflushopt and pcommit instructions and check their
corresponding feature flags, instead of checking CPUID_SSE and
CPUID_CLFLUSH.
Backports commit 891bc821a3ee462b09b1ec436f2891f00ab1f85b from qemu
Accept the clwb instruction (66 0F AE /6) if its corresponding feature
flag is enabled on CPUID[7].
Backports commit 5e1fac2dba7780e0cb2c022d4b39586af70bea0d from qemu
POPCNT is not available on Penryn and older and on Opteron_G2 and older,
and we want to make the default CPU runnable in most hosts, so it won't
be enabled by default in KVM mode.
We should eventually have all features supported by TCG enabled by
default in TCG mode, but as we don't have a good mechanism today to
ensure we have different defaults in KVM and TCG mode, disable POPCNT in
the qemu64 and qemu32 CPU models entirely.
Backports commit 6aa91e4a0237ddcebb85e3a95e166f3b3cfa42ae from qemu
ABM is not available on Sandy Bridge and older, and we want to make the
default CPU runnable in most hosts, so it won't be enabled by default in
KVM mode.
We should eventually have all features supported by TCG enabled by
default in TCG mode, but as we don't have a good mechanism today to
ensure we have different defaults in KVM and TCG mode, disable ABM in
the qemu64 CPU model entirely.
Backports commit 711956722c6764336f8b78a2106e57c55f02f36d from qemu
SSE4a is not available in any Intel CPU, and we want to make the default
CPU runnable in most hosts, so it doesn't make sense to enable it by
default in KVM mode.
We should eventually have all features supported by TCG enabled by
default in TCG mode, but as we don't have a good mechanism today to
ensure we have different defaults in KVM and TCG mode, disable SSE4a in
the qemu64 CPU model entirely.
Backports commit 0909ad24b2769368716c85f79fbb995dbb7041a9 from qemu
In this mode, referring an invalid element of the source forces the
result to false (table 4-7, last column) but referring an invalid
element of the destination forces the result to true, so the outer
loop should still be run even if some elements of the destination
will be invalid. They will be avoided in the inner loop, which
correctly bounds "i" to validd, but they will still contribute to a
positive outcome of the search.
This fixes tst_strstr in glibc 2.17.
Backports commit 54c54f8b56047d3c2420e1ae06a6a8890c220ac4 from qemu
Some targets already had this within their logic, but make sure
it's present for all targets.
Backports commit 522a0d4e3c0d397ffb45ec400d8cbd426dad9d17 from qemu
Reduce the boilerplate required for each target. At the same time,
move the test for breakpoint after calling tcg_gen_insn_start.
Note that arm and aarch64 do not use cpu_breakpoint_test, but still
move the inline test down after tcg_gen_insn_start.
Backports commit b933066ae03d924a92b2616b4a24e7d91cd5b841 from qemu
Left shift of negative values is undefined behavior. Detected by clang:
qemu/target-i386/translate.c:2423:26: runtime error:
left shift of negative value -8
This changes the code to reverse the sign after the left shift.
Backports commit 712b4243c761cb6ab6a4367a160fd2a42e2d4b76 from qemu
Fix undefined behavior detected by clang runtime check:
qemu/target-i386/cpu.c:1494:15: runtime error:
left shift of 1 by 31 places cannot be represented in type 'int'
While doing that, add extra parenthesis for clarity.
Backports commit 72370dc1149d7c90d2c2218e0d0658bee23a5bf7 from qemu
Introduce helper_get_dr so that we don't have to put CR4[DE]
into the scarce HFLAGS resource. At the same time, rename
helper_movl_drN_T0 to helper_set_dr and set the helper flags.
Backports commit d0052339236072bbf08c1d600c0906126b1ab258 from qemu
If the debug register is not enabled, we need
do nothing besides update the register.
Backports commit 7525b55051277717329cf64a9e1d5cff840d6f38 from qemu
Before the last patch, we had an efficient loop that disabled
local breakpoints on task switch. Re-add that, but in a more
general way that handles changes to the global enable bits too.
Backports commit 36eb6e096729f9aade3a6af7dbe4d0a990335d7e from qemu
This moves the last of the iteration over breakpoints into
the bpt_helper.c file. This also allows us to make several
breakpoint functions static.
Backports commit 93d00d0fbe4711061834730fb70525d167b6f908 from qemu
Processors up to the Pentium (says Bochs---I do not have old enough
manuals) require a 32KiB alignment for the SMBASE, but newer processors
do not need that, and Tiano Core will use non-aligned SMBASE values.
Backports commit dd75d4fcb4a82c34d4f466e7fc166162b71ff740 from qemu
It is no longer used, so tidy up everything reached by it.
This includes the gen_opc_* arrays, the search_pc parameter
and the inline gen_intermediate_code_internal functions.
Backports commit 4e5e1215156662b2b153255c49d4640d82c5568b from qemu
The gen_opc_* arrays are already redundant with the data stored in
the insn_start arguments. Transition restore_state_to_opc to use
data from the latter.
Backports commit bad729e272387de7dbfa3ec4319036552fc6c107 from qemu
ABM is only implemented as a single instruction set by AMD; all AMD
processors support both instructions or neither. Intel considers POPCNT
as part of SSE4.2, and LZCNT as part of BMI1, but Intel also uses AMD's
ABM flag to indicate support for both POPCNT and LZCNT. It has to be
added to Haswell and Broadwell because Haswell, by adding LZCNT, has
completed the ABM.
Tested with "qemu-kvm -cpu Haswell-noTSX,enforce" (and also with older
machine types) on an Haswell-EP machine.
Backports commit becb66673ec30cb604926d247ab9449a60ad8b11 from qemu
When doing a re-initialization of a CPU core, the default state is to _not_
have 64-bit long mode enabled. This means the LME (long mode enable) and LMA
(long mode active) bits in the EFER model-specific register should be cleared.
However, the EFER state is part of the CPU environment which is
preserved by do_cpu_init(), so if EFER.LME and EFER.LMA were set at the
time an INIT IPI was received, they will remain set after the init completes.
This is contrary to what the Intel architecture manual describes and what
happens on real hardware, and it leaves the CPU in a weird state that the
guest can't clear.
To fix this, the 'efer' member of the CPUX86State structure has been moved
to an area outside the region preserved by do_cpu_init(), so that it can
be properly re-initialized by x86_cpu_reset().
Backports commit 2188cc52cb363433751f72b991d8fb05fc60e39d from qemu
Rename ELF_MACHINE to be I386 specific. This is used as-is by the
multiboot loader.
Linux-user previously used this definition but will not anymore,
falling back to the default bahaviour of using ELF_ARCH as ELF_MACHINE.
This removes another architecture specific definition from the global
namespace.
Backports commit a5e8788f89312f19f54dba0454ee5bf7209b4cd7 from qemu
This patch fixes exception handling for memory helpers
and removes obsolete PC update from translate.c.
Backports commit 2afbdf84807d673eb682cb78158e11cdacbf4673 from qemu
This patch fixes exception handling for div instructions
and removes obsolete PC update from translate.c.
Backports commit cc33c5d66bb315f77739f761a3f868a7d138c041 from qemu
This patch fixes exception handling for FPU instructions
and removes obsolete PC update from translate.c.
Backports commit 6cad09d2f74d7318f737acaa21b3da49a0c9e670 from qemu
This patch introduces new versions of raise_exception functions
that receive TB return address as an argument.
Backports commit 9198009529d06b6489b68a7505942cca3a50893f from qemu
This is set to true when the index is for an instruction fetch
translation.
The core get_page_addr_code() sets it, as do the SOFTMMU_CODE_ACCESS
acessors.
All targets ignore it for now, and all other callers pass "false".
This will allow targets who wish to split the mmu index between
instruction and data accesses to do so. A subsequent patch will
do just that for PowerPC.
Backports commit 97ed5ccdee95f0b98bedc601ff979e368583472c from qemu
W10 insider has a bug where it ignores CPUID level and interprets
CPUID.(EAX=07H, ECX=0H) incorrectly, because CPUID in fact returned
CPUID.(EAX=04H, ECX=0H); this resulted in execution of unsupported
instructions.
While it's a Windows bug, there is no reason to emulate incorrect level.
I used http://instlatx64.atw.hu/ as a source of CPUID and checked that
it matches Penryn Xeon X5472, Westmere Xeon W3520, SandyBridge i5-2540M,
and Haswell i5-4670T.
kvm64 and qemu64 were bumped to 0xD to allow all available features for
them (and to avoid the same Windows bug).
Backports commit 3046bb5debc8153a542acb1df93b2a1a85527a15 from qemu.
With the Intel microcode update that removed HLE and RTM, there will be
different kinds of Haswell and Broadwell CPUs out there: some that still
have the HLE and RTM features, and some that don't have the HLE and RTM
features. On both cases people may be willing to use the pc-*-2.3
machine-types.
So, to cover both cases, introduce Haswell-noTSX and Broadwell-noTSX CPU
models, for hosts that have Haswell and Broadwell CPUs without TSX support.
Backports commit a356850b80b3d13b2ef737dad2acb05e6da03753 from qemu
ARAT signals that the APIC timer does not stop in power saving states.
As our APICs are emulated, it's fine to expose this feature to guests,
at least when asking for KVM host features or with CPU types that
include the flag. The exact model number that introduced the feature is
not known, but reports can be found that it's at least available since
Sandy Bridge.
Backports commit 28b8e4d0bf93ba176b4b7be819d537383c5a9060 from qemu
This patch denies crossing the boundary of the pages in the replay mode,
because it can cause an exception. Do it only when boundary is
crossed by the first instruction in the block.
If current instruction already crossed the bound - it's ok,
because an exception hasn't stopped this code.
Backports commit 5b9efc39aee90bbd343793e942bf8f582a0c9e4f from qemu
TCG generates optimized code for i386 repz instructions in single step mode.
It means that when ecx becomes 0, execution of the string instruction breaks
immediately without an additional iteration for ecx==0 (which will only check
ecx and set the flags). Omitting this iteration leads to different
instructions counting in singlestep mode and in normal execution.
This patch disables optimization of this last iteration for icount mode
which should be deterministic.
Backport commit c4d4525c38cd93cc5d1a743976eb25ac571d435f from qemu
