This patch adds the JTAG UART model. It is accessed through special control
registers and opcodes. Therefore the translation uses callbacks to this
model.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds the interrupt controller of the lm32. Because the PIC is
accessed through special control registers and opcodes, there are callbacks
from the lm32 translation code to this model.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds lm32 support to the gdbstub.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds support for saving and loading the processor state.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds translation helper functions.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds the main translation routine. All opcodes of the
LatticeMico32 processor are supported and translated to TCG ops.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds support for the LatticeMico32 softcore processor by Lattice
Semiconductor.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Newer ARM kernels try to probe for whether the CPU has hardware breakpoint
support. For this to work QEMU has to implement a minimal set of the cp14
debug registers. The architecture requires v7 cores to implement debug
and so there is no defined way to report its absence; however in practice
returning a zero DBGDIDR (ie with a reserved value for "debug architecture
version") should cause well-written hw debug users to do the right thing.
We also implement DBGDRAR and DBGDSAR as RAZ, indicating no memory mapped
debug components.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Use the new TCG temporary leak debugging facilities to
check that each ARM instruction does not leak temporaries.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This commit removes the ad-hoc resource leak checking code from
target-arm. This includes replacing all uses of new_tmp() with
tcg_temp_new_i32() and all uses of dead_tmp() with
tcg_temp_free_i32().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add support (if CONFIG_DEBUG_TCG is defined) for debugging leakage
of temporary variables. Generally any temporaries created by
a target while it is translating an instruction should be freed
by the end of that instruction; otherwise carefully crafted
guest code could cause TCG to run out of temporaries and assert.
By calling tcg_check_temp_count() after each instruction we can
check that we are not leaking temporaries in this way.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Integrate secondary CPU reset into arm_boot, removing it from realview.c.
On non-Linux systems secondary CPUs start with the same entry as the boot
CPU.
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Implement VA->PA translations by cp15-c7 that went through unchanged
previously.
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix selection of target list filter mode.
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The code for Thumb2 ORNS (or negated and set flags) was trashing
a TCG input register which was needed later for use in calculating
flags, with the effect that the carry flag was always set with
the wrong sense. Fix this by using the TCG orc op instead of
separate not and or ops.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When failing due to conflicting I/O port registrations,
include the offending I/O port address in the message.
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Optional feature allowing a user to generate the probe list to match
the name of the binary, in case they wish to install qemu under a
different name than qemu-{system,user},<arch>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stefan Hajnoczi <stefaha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix two bugs in the translation of the instructions VMOV sa,sb,rx,ry and
VMOV rx,ry,sa,sb (which copy between a pair of ARM core registers and a
pair of VFP single precision registers):
* An incorrect condition meant these instruction patterns were being
treated as load/store multiple, which resulted in the generation
of bad code and a runtime segfault
* The order of the core register pair was reversed so the values would
go to the wrong registers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
MinGW optionally includes pdcurses, so add support for it.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In v7 of the ARM architecture, WFI (wait for interrupt) is a first-class
instruction, but in previous versions this functionality was provided
via a cp15 coprocessor register. Add correct feature checks to the
decoding of the cp15 WFI instructions so that they behave correctly
for newer cores. In particular, the old 0,c7,c8,2 encoding used on
ARM940 has been reused for VA-to-PA translation in v6 and v7.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
It was migrating the wrong structures, no way it would work
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
It was migrating the wrong structures, no way it would work
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
sd_set_cb() calls bdrv_is_read_only() and bdrv_is_inserted() even if
no block driver is associated with the card reader.
This patch fixes the issues by not setting the irq in this case, this
fixes ARM versatile crash.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The following additions to the tracing documentation are included:
1. Move "stderr" backend documentation to top-level and out of "simple"
backend. Include hints on when this backend is useful.
2. Document the "simple" backend thread-safety limitation.
3. Document the "dtrace" backend for SystemTap.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The simpletrace.py script pretty-prints a binary trace file. Most of
the code can be reused by trace file analysis scripts, so turn it into a
module.
Here is an example script that uses the new simpletrace module:
#!/usr/bin/env python
# Print virtqueue elements that were never returned to the guest.
import simpletrace
class VirtqueueRequestTracker(simpletrace.Analyzer):
def __init__(self):
self.elems = set()
def virtqueue_pop(self, vq, elem, in_num, out_num):
self.elems.add(elem)
def virtqueue_fill(self, vq, elem, length, idx):
self.elems.remove(elem)
def end(self):
for elem in self.elems:
print hex(elem)
simpletrace.run(VirtqueueRequestTracker())
The simpletrace API is based around the Analyzer class. Users implement
an analyzer subclass and add methods for trace events they want to
process. A catchall() method is invoked for trace events which do not
have dedicated methods. Finally, there are also begin() and end()
methods like in sed that can be used to perform setup or print
statistics at the end.
A binary trace file is processed either with:
simpletrace.run(analyzer) # uses command-line args
or with:
simpletrace.process('path/to/trace-events',
'path/to/trace-file',
analyzer)
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When emulating a 32 bit Linux user-mode program on a 64 bit target
we implement the llseek syscall in terms of lseek. Correct a bug
which meant we were silently casting the result of host lseek()
to a 32 bit integer as it passed through get_errno() and thus
throwing away the top half.
We also don't try to store the result back to userspace unless
the seek succeeded; this matches the kernel behaviour.
Thanks to Eoghan Sherry for identifying the problem and suggesting
a solution.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Instantiate the three PL061 GPIO modules the realview boards have.
Connect the MMC card status outputs of the PL181 MMC controller
to both the system registers and the GPIO module which handles
internal devices.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add a qemu_irq_split() function which allows a board to wire a single
GPIO output up to two GPIO inputs. This is needed for realview boards,
where the MMC card status is visible both in a system register and
via a PL061 GPIO module.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
ARM's PL061 has a different set of ID registers to the one in the
Luminary Stellaris; implement this so that the Linux driver can
identify the Realview PBX PL061 correctly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Implement some GPIO inputs which a board can connect up to set the
MMC card status bits in the MCI register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add two GPIO output pins to the PL181 model to indicate the card
present and readonly status information. On ARM boards these usually
are reflected in a system register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase. Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.
Tested on Linux and Windows Server 2003.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
bugfix under DOS for AMD netware driver:
AMD PCNTNW Ethernet MLID v3.10 (960115), network card not found
bugfix works well under DOS with:
1.) AMD NDIS driver v2.0.1
2.) AMD PCNTNW Ethernet MLID v3.10 (960115)
3.) Knoppix 6.2
Signed-off-by: Gerhard Wiesinger <lists@wiesinger.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
If any of the clients is not ready to receive (ie it has a can_receive
callback and can_receive() returns false), we don't want to start
sending, else this client may miss/discard the packet.
I got this behaviour with the following setup :
the emulated machine is using an USB-ethernet adapter, it is connected
to the network using SLIRP and I'm dumping the traffic in a .pcap file.
As per the following command line :
-net nic,model=usb,vlan=1 -net user,vlan=1 -net dump,vlan=1,file=/tmp/pkt.pcap
Every time that two packets are coming in a row from the host, the
usb-net code will receive the first one, then returns 0 to can_receive
call since it has a 1 packet long queue. But as the dump code is always
ready to receive, qemu_can_send_packet will return true and the next
packet will discard the previous one in the usb-net code.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
make the code compile correctly when DEBUG is activated.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
If CONFIG_USE_GUEST_BASE is not defined, gcc complains:
linux-user/mmap.c:235: error: comparison of unsigned expression >= 0 is always true
because RESERVED_VA is #defined to 0. Since mmap_find_vma_reserved()
will never be called anyway if RESERVED_VA is always 0, fix this by
simply #ifdef'ing away the function and its callsite.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
A pointer to a size_t variable was passed as the void * pointer to
lduw_p() in virtio_net_receive(). Instead of acting on the 16-bit value
this caused failure on big-endian hosts.
Avoid this issue in the future by using stw_p() instead. In general we
should use ld*_p() for loading from target memory and st*_p() for
storing to target memory anyway, not the other way around.
Also tighten up a correct use of lduw_p() when stw_p() should be used
instead in virtio_net_get_config().
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
All targets except SH4 have the same cpu_halted() routine, and it has
only one caller. It is therefore a good candidate for inlining.
The difference is the handling of the intr_at_halt, which is necessary
to ignore SR.BL when sleeping. Move intr_at_halt handling out of it, by
setting this variable while executing the sleep instruction, and
clearing it when the CPU has been woken-up by an interrupt, whatever the
state of SR.BL. Also rename this variable in_sleep.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
VMSTATE_PCIE_AER_ERRS is indeed useful for other emulation drivers.
Move it to hw/hw.h under the name of VMSTATE_STRUCT_VARRAY_POINTER_UINT16.
Also add VMSTATE_STRUCT_VARRAY_POINTER_INT32 which is more or less
the same as _UINT16 macro, except the fact it uses int32_t internally.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>