SH4 is using 16-bit instructions which means most of the constants are
loaded through a constant pool at the end of the subroutine. The same
memory page is therefore accessed in exec and read mode.
With the current implementation, a QEMU TLB entry is set to read or
read/write mode after an UTLB search and to exec mode after an ITLB
search, which causes a lot of TLB exceptions to switch from read or
read/write to exec and vice versa.
This patch optimizes that by already setting the QEMU TLB entry in read
or read/write mode when an UTLB entry is copied into ITLB (during an
ITLB miss). This improve the emulation speed by about 14%.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Some Linux kernels seems to implement ITLB/UTLB flushing through by
writing all TLB entries through the memory mapped interface instead
of writing one to MMUCR.TI.
Implement memory mapped ITLB write interface so that such kernels can
boot. This fixes https://bugs.launchpad.net/bugs/700774 .
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Each @section should have a menu entry and a @node entry.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a file descriptor leak reported by cppcheck:
[/src/qemu/usb-bsd.c:392]: (error) Resource leak: bfd
[/src/qemu/usb-bsd.c:388]: (error) Resource leak: dfd
Rearrange the code to avoid descriptor leaks. Also add braces as
needed.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
TCG on MIPS was trying to avoid changing the branch offset, but didn't
due to a stupid typo. Fix it.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Due to a typo, qemu_st64 doesn't properly byteswap the 32-bit low word of
a 64 bit word before saving it. This patch fixes that.
Acked-by: Andrzej Zaborowski <balrogg@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
QEMU uses code retranslation to restore the CPU state when an exception
happens. For it to work the retranslation must not modify the generated
code. This is what is currently implemented in ARM TCG.
However on CPU that don't have icache/dcache/memory synchronised like
ARM, this requirement is stronger and code retranslation must not modify
the generated code "atomically", as the cache line might be flushed
at any moment (interrupt, exception, task switching), even if not
triggered by QEMU. The probability for this to happen is very low, and
depends on cache size and associativiy, machine load, interrupts, so the
symptoms are might happen randomly.
This requirement is currently not followed in tcg/arm, for the
load/store code, which basically has the following structure:
1) tlb access code is written
2) conditional fast path code is written
3) branch is written with a temporary target
4) slow path code is written
5) branch target is updated
The cache lines corresponding to the retranslated code is not flushed
after code retranslation as the generated code is supposed to be the
same. However if the cache line corresponding to the branch instruction
is flushed between step 3 and 5, and is not flushed again before the
code is executed again, the branch target is wrong. In the guest, the
symptoms are MMU page fault at a random addresses, which leads to
kernel page fault or segmentation faults.
The patch fixes this issue by avoiding writing the branch target until
it is known, that is by writing only the branch instruction first, and
later only the offset.
This fixes booting linux guests on ARM hosts (tested: arm, i386, mips,
mipsel, sh4, sparc).
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'linux-user-for-upstream' of git://gitorious.org/qemu-maemo/qemu:
Remove dead code for ARM semihosting commandline handling
Fix commandline handling for ARM semihosted executables
linux-user: Fix incorrect NaN detection in ARM nwfpe emulation
softfloat: Implement floatx80_is_any_nan() and float128_is_any_nan()
linux-user: Implement FS_IOC_FIEMAP ioctl
linux-user: Support ioctls whose parameter size is not constant
linux-user: Implement sync_file_range{,2} syscalls
There are some bits in the code which were used to store the commandline for
the semihosting call. These bits are now write-only and can be removed.
Signed-off-by: Wolfgang Schildbach <wschi@dolby.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Use the copy of the command line that loader_build_argptr() sets up in guest
memory as the command line to return from the ARM SYS_GET_CMDLINE semihosting
call. Previously we were using a pointer to memory which had already been
freed before the guest program started.
This fixes https://bugs.launchpad.net/qemu/+bug/673613 .
Signed-off-by: Wolfgang Schildbach <wschi@dolby.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
The code in the linux-user ARM nwfpe emulation was incorrectly
checking only for quiet NaNs when it should have been checking
for any kind of NaN. This is probably because the code in
question was taken from the Linux kernel, whose copy of the
softfloat library had been modified so that float*_is_nan()
returned true for all NaNs, not just quiet ones. The qemu
equivalent function is float*_is_any_nan(), so use that.
NB that this code is really obsolete since nobody uses FPE
for actual arithmetic now; this is just cleanup following
the recent renaming of the NaN related functions.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Implement versions of float*_is_any_nan() for the floatx80 and
float128 types.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Implement the FS_IOC_FIEMAP ioctl using the new support for
custom handling of ioctls; this is needed because the struct
that is passed includes a variable-length array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Some ioctls (for example FS_IOC_FIEMAP) use structures whose size is
not constant. The generic argument conversion code in do_ioctl()
cannot handle this, so add support for implementing a special-case
handler for a particular ioctl which does the conversion itself.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Implement the missing syscalls sync_file_range and sync_file_range2.
The latter in particular is used by newer versions of apt on Ubuntu
for ARM.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Commit 92d675d1c1 triggered uninitialized
variables warning with GCC 4.6. Fix them by adding zero initializers.
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Wire up the new softfloat support for flushing input denormals
to zero on ARM. The FPSCR FZ bit enables flush-to-zero for
both inputs and outputs, but the reporting of when inputs are
flushed to zero is via a separate IDC bit rather than the UFC
(underflow) bit used when output denormals are flushed to zero.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When handling a write to the ARM FPSCR, set the softfloat cumulative
exception flags from the cumulative flags in the FPSCR, not the
exception-enable bits. Also don't apply a mask: vfp_exceptbits_to_host
will only look at the correct bits anyway.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add support to softfloat for flushing input denormal float32 and float64
to zero. softfloat's existing 'flush_to_zero' flag only flushes denormals
to zero on output. Some CPUs need input denormals to be flushed before
processing as well. Implement this, using a new status flag to enable it
and a new exception status bit to indicate when it has happened. Existing
CPUs should be unaffected as there is no behaviour change unless the
mode is enabled.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
SMMLA and SMMLS are broken on both in normal and thumb mode, that is
both (different) implementations are wrong. They try to avoid a 64-bit
add for the rounding, which is not trivial if you want to support both
SMMLA and SMMLS with the same code.
The code below uses the same implementation for both modes, using the
code from the ARM manual. It also fixes the thumb decoding that was a
mix between normal and thumb mode.
This fixes the issues reported in
https://bugs.launchpad.net/qemu/+bug/629298
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Avoid a warning with GCC 4.6.0:
/src/qemu/block.c: In function 'bdrv_img_create':
/src/qemu/block.c:2862:25: error: variable 'fmt' set but not used [-Werror=unused-but-set-variable]
CC: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch replaces explicit bswaps with endianness hints to the
mmio layer.
CC: Alexander Graf <agraf@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
956a3e6bb7 introduced a bug concerning
reset bit for port 92.
Since the keyboard output port and port 92 are not compatible anyway,
let's separate them.
Reported-by: Peter Lieven <pl@dlh.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
--
v2: added reset handler and VMState
Implement the correct NaN propagation rules for PowerPC targets by
providing an appropriate pickNaN function.
Also fix the #ifdef tests for default NaN definition, the correct name
is TARGET_PPC instead of TARGET_POWERPC.
Reviewed-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Implement the correct NaN propagation rules for MIPS targets by
providing an appropriate pickNaN function.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Use float{32,64,x80,128}_maybe_silence_nan() instead of toggling the
sNaN bit manually. This allow per target implementation of sNaN to qNaN
conversion.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Add float{x80,128}_maybe_silence_nan() functions, they will be need by
propagateFloat{x80,128}NaN().
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
On targets that define sNaN with the sNaN bit as one, simply clearing
this bit may correspond to an infinite value.
Convert it to a default NaN if SNAN_BIT_IS_ONE, as it corresponds to
the MIPS implementation, the only emulated CPU with SNAN_BIT_IS_ONE.
When other CPU of this type are added, this might be updated to include
more cases.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Similarly to what has been done in commit
185698715d rename the misnamed *IsNaN
variables into *IsQuietNaN.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
We don't have any HPPA target, so let's remove HPPA specific code. It
can be re-added when someone adds an HPPA target.
This has been blessed by Stuart Brady <sdb@zubnet.me.uk>, author of the
target-hppa fork.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Use the new function float32_is_any_nan() instead of
float32_is_quiet_nan() || float32_is_signaling_nan().
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The PRECISE_EMULATION is "hardcoded" to one in target-ppc/exec.h and not
something easily tunable. Remove it and non-precise emulation code as
it doesn't make a noticeable difference in speed. People wanting speed
improvement should use softfloat-native instead.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
rtl8139 includes a cpu_register_io_memory acquired value in it's
migration data. This is not only unecessary, but we should treat
these values as unique to the VM instances since the value depends
on call order. In most cases, this miraculously still works.
However, if devices are added or removed from the system, it may
represent an ordering change, which could cause the target rtl8139
device to make use of another device's cpu_register_io_memory value.
If we detect that a hot-add/remove has occured, include a subsection
to restrict migrations only to driver versions known to include this
fix.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Create a trivial interface to track whether the machine has been
modified since boot. Adding or removing devices will trigger this
to return true. An example usage scenario for such an interface is
the rtl8139 driver which includes a cpu_register_io_memory() value
in it's migration stream. For the majority of migrations, where
no hotplug has occured in the machine, this works correctly. Once
the machine is modified, we can use this interface to detect that
and include a subsection for the device to prevent migrations to
rtl8139 versions with this bug.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit d85d0d3883 introduces a regression
with Windows ME that leads to a division by 0 and a crash.
It uses the color expansion rop with the source pitch set to 0. This is
something allowed, as the manual explicitely says "When the source of
color-expand data is display memory, the source pitch is ignored.".
This patch fixes this regression by computing sx, sy and others
variables only if they are going to be used later, that is for a plain
copy ROP. It basically consists in moving code.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
On big endian hosts, the curses interface is unusable: the emulated
graphic card only displays garbage, while the monitor interface displays
nothing (or rather only spaces).
The curses interface is waiting for data in native endianness, so
console_write_ch() should not do any conversion. The conversion should
be done when reading the video buffer in hw/vga.c. I supposed this
buffer is in little endian mode, though it's not impossible that the
data is actually in guest endianness. I currently have no big endian
guest to way (they all switch to graphic mode immediately).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This will fix the return value of the function which otherwise returns too
many samples because sw->total_hw_samples_acquired isn't correctly
accounted.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: malc <av1474@comtv.ru>
Aurelien Jarno
Mike Frysinger
Stefan Weil
Blue Swirl
Michael Walle
Wolfgang Schildbach
Peter Maydell
Edgar E. Iglesias
Alex Williamson
Edgar E. Iglesias