History | View | Annotate | Download (265.4 kB)
Fix popcnt in long mode
Thanks to Andriy Gapon for initial problem report.
Signed-off-by: malc <av1474@comtv.ru>
x86: Implement SMEP and SMAP
This patch implements Supervisor Mode Execution Prevention (SMEP) andSupervisor Mode Access Prevention (SMAP) for x86. The purpose of thepatch, obviously, is to help kernel developers debug the support forthose features....
Emit debug_insn for CPU_LOG_TB_OP_OPT as well.
For all targets that currently call tcg_gen_debug_insn_start,add CPU_LOG_TB_OP_OPT to the condition that gates it.
This is useful for comparing optimization dumps, when thepre-optimization dump is merely noise....
target-i386/translate.c: mov to/from crN/drN: ignore mod bits
This instruction is always treated as a register-to-register (MOD = 11)instruction, regardless of the encoding of the MOD field in the MODR/Mbyte.
Also, Microport UNIX System V/386 v 2.1 (ca 1987) runs fine on...
x86: avoid AREG0 for misc helpers
Add an explicit CPUX86State parameter instead of relying on AREG0.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
x86: avoid AREG0 in segmentation helpers
Rename remains of op_helper.c to seg_helper.c.
x86: switch to AREG0 free mode
Remove temporary wrappers and switch to AREG0 free mode.
x86: avoid AREG0 for FPU helpers
Make FPU helpers take a parameter for CPUState insteadof relying on global env.
Introduce temporary wrappers for FPU load and store ops. Removewrappers for non-AREG0 code. Don't call unconverted helpersdirectly.
x86: avoid AREG0 for condition code helpers
x86: avoid AREG0 for integer helpers
x86: avoid AREG0 for SVM helpers
x86: avoid AREG0 for SMM helpers
x86: Fixed incorrect segment base address addition in 64-bits mode
According to the Intel manual"Intel® 64 and IA-32 Architectures Software Developer’s ManualVolume 3", "3.4.4 Segment Loading Instructions in IA-32e Mode":
"When in compatibility mode, FS and GS overrides operate as defined by...
target-i386: make it clearer that op table accesses don't overrun
Rephrase some of the expressions used to select an entryin the SSE op table arrays so that it's clearer that theydon't overrun the op table array size.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>...
target-i386: Remove confusing X86_64_DEF macro
The X86_64_DEF macro is a confusing way of making some termsin a conditional only appear if TARGET_X86_64 is defined. Weonly use it in two places, and in both cases this is for makingthe same test, so abstract that check out into a function...
target-i386: Remove unused macros
Commit 11f8cdb removed all the uses of the X86_64_ONLYmacro. The BUGGY_64() macro has been unused for a long time:it originally marked some ops which couldn't be enabledbecause of issues with the pre-TCG code generation scheme....
target-i386: Fix compilation with --enable-debug
commit c4baa0503d9623f1ce891f525ccd140c598bc29a improved SSE tabletype safety which now raises compiler errors when latest QEMU wasconfigured with --enable-debug.
Fix this by splitting the SSE tables even further to separate...
x86: avoid AREG0 for exceptions
Merge raise_exception_env() to raise_exception(), likewise withraise_exception_err_env() and raise_exception_err().
Introduce cpu_svm_check_intercept_param() and cpu_vmexit()...
x86: improve SSE table type safety
SSE function tables could easily be corrupted because of useof void pointers.
Introduce function pointer types and helper variables in orderto improve type safety.
Split sse_op_table3 according to types used.
target-i386: Don't overuse CPUState
Scripted conversion: sed -i "s/CPUState/CPUX86State/g" target-i386/*.[hc] sed -i "s/#define CPUX86State/#define CPUState/" target-i386/cpu.h
Signed-off-by: Andreas Färber <afaerber@suse.de>Acked-by: Anthony Liguori <aliguori@us.ibm.com>
target-i386: fix compilation with --enable-debug-tcg
Commit 2355c16e74ffa4d14e7fc2b4a23b055565ac0221 introduced a new ldmxcsrhelper taking an i32 argument, but the helper is actually passed a long.Fix that by truncating the long to i32.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target-i386: fix SSE rounding and flush to zero
SSE rounding and flush to zero control has never been implemented. Howevergiven that softfloat-native was using a single state for FPU and SSE andgiven that glibc is setting both FPU and SSE state in fesetround(), this...
target-i386: fix cmpxchg instruction emulation
When the i386 cmpxchg instruction is executed with a memory operandand the comparison result is "unequal", do the memory write beforechanging the accumulator instead of the other way around, becauseotherwise the new accumulator value will incorrectly be used in the...
target-i386: Remove redundant word mask in port out instructions
T0 was already masked to 16 bits when loading it.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>Reviewed-by: Richard Henderson <rth@twiddle.net>Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
target-i386: Remove data type CCTable
Remove also two assert statements which were the last remaining users.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
target-i386: Compute all flag data inside %cl != 0 test.
The (x << (cl - 1)) quantity is only used if CL != 0. Move thecomputation of that quantity nearer its use.
This avoids the creation of undefined TCG operations when theconstant propagation optimization proves that CL == 0, and thus...
Remove exec-all.h include directives
Most exec-all.h include directives are now useless, remove them.
target-i386: Make x86 mfence and lfence illegal without SSE2
While trying to use qemu -cpu pentium3 to test for incorrect uses of certainSSE2 instructions, I found that QEMU allowed the mfence and lfenceinstructions to be executed even though Pentium 3 doesn't support them....
Remove unused function parameters from gen_pc_load and rename the function
Function gen_pc_load was introduced in commitd2856f1ad4c259e5766847c49acbb4e390731bd4.The only reason for parameter searched_pc wasa debug statement in target-i386/translate.c....
Fix conversions from pointer to tcg_target_long
tcg_gen_exit_tb takes a parameter of type tcg_target_long,so the type casts of pointer to long should be replaced bytype casts of pointer to tcg_target_long (suggested by Blue Swirl).
These changes are needed for build environments where...
target-i386: Use deposit operation.
Use this for assignment to the low byte or low word of a register.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>Signed-off-by: Richard Henderson <rth@twiddle.net>Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
target-i386: use gen_update_cc_op()
This patch simplifies target-i386/translate.c a bit by replacing somecode with gen_update_cc_op()
Signed-off-by: Jun Koi <junkoi2004@gmail.com>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
use symbol for DisasContext->is_jmp
This patch replaces constant value assigned for (DisasContext*)->is_jmp with DISAS_TB_JUMP.
Signed-off-by: Jun Koi <junkoi2004@gmail.com>Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Add more boundary checking to sse3/4 parsing
ssse3 uses tables with only two entries per op, but it is indexedwith b1 which can contain variables upto 3. This happens when ssse3or sse4 are used with REP* prefixes.
Add boundary checking for this case....
target-i386: fix xchg rax,r8
We were ignoring REX_B while special-casing NOP, i.e. xchg eax,eax.
Signed-off-by: Richard Henderson <rth@twiddle.net>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target-i386: fix decoding of negative 4-byte displacements
Negative four byte displacements need to be sign-extended afterc086b783eb7a578993d6d2ab62c4c2666800b63d. Do so.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Acked-by: Richard Henderson <rth@twiddle.net>...
target-i386: Remove duplicate CPU log.
The proper logging for -d cpu is done in generic code.
x86: remove dead assignments, spotted by clang analyzer
Value stored is never read.
remove TARGET_* defines from translate-all.c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target-i386: fix commit c22549204a6edc431e8e4358e61bd56386ff6957
The commit c22549204a6edc431e8e4358e61bd56386ff6957 led movntps &movntdq to be translated incorrectly.
Signed-off-by: TeLeMan <geleman@gmail.com>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target-i386: fix SIB decoding with index = 4
A SIB byte with an index of 4 means "no scaled index", even if the scalevalue is not 0. In 64-bit mode, if REX.X is used, an index of 4 selects%r12. This is correctly handled by the computation of the index variable,...
target-i386: Fix long jumps/calls in long mode with REX.W set
Signed-off-by: malc <av1474@comtv.ru>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target-i386: fix lddqu SSE instruction
This instruction load data from memory to register and not the reverse.
remove two dead assignments in target-i386/translate.c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
x86: translate.c: remove dead assignment
clang-analyzer points out a redundant assignment.
Signed-off-by: Amit Shah <amit.shah@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
target-i386: Fix "call im" on x86_64 when executing 32-bit code
Similarly to what is done in 32938e127f50a40844a0fb9c5abb8691aeeccf7efor "jmp im", trunc the immediate to 32-bit when not running in 64-bitmode.
Reported-by: Kevin O'Connor <kevin@koconnor.net>...
target-i386: implement lzcnt emulation
lzcnt is a AMD Phenom/Barcelona added instruction returning thenumber of leading zero bits in a word.As this is similar to the "bsr" instruction, reuse the existingcode. There need to be some more changes, though, as lzcnt always...
target-i386: fix ARPL
The arpl implementation in target-i386/translate.c uses cpu_A0temporary across a brcond op. This patch fixes that issue.
Signed-off-by: Laurent Desnogues <laurent.desnogues@gmail.com>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
target-i386: Fix exceptions for fxsave/fxrstor
This patch corrects the following aspects of exception generation infxsave/fxrstor:
target-i386: add RDTSCP support
RDTSCP reads the time stamp counter and atomically also the contentof a 32-bit MSR, which can be freely set by the OS. This allows CPUlocal data to be queried by userspace.Linux uses this to allow a fast implementation of the getcpu()...
target-i386: add SSE4a instruction support
This adds support for the AMD Phenom/Barcelona's SSE4a instructions.Those include insertq and extrq, which are doing shift and mask onXMM registers, in two versions (immediate shift/length values andstored in another XMM register)....
target-i386: add lock mov cr0 = cr8
AMD CPUs featuring a shortcut to access CR8 even from 32-bit mode.If you use the LOCK prefix with "mov CR0", it accesses CR8 instead.This behavior is guarded by the CR8_LEGACY CPUID bit(Fn8000_0001:ECX1).
Signed-off-by: Andre Przywara <andre.przywara@amd.com>...
x86: use globals for CPU registers
Use globals for the 8 or 16 CPU registers on i386 and x86_64.
target-i386: kill a tmp register
target-i386: use subfi instead of sub with a non-freed constant
Fix sys-queue.h conflict for good
Problem: Our file sys-queue.h is a copy of the BSD file, but there aresome additions and it's not entirely compatible. Because of that, there havebeen conflicts with system headers on BSD systems. Some hacks have beenintroduced in the commits 15cc9235840a22c289edbe064a9b3c19c5f49896,...
rename WORDS_BIGENDIAN to HOST_WORDS_BIGENDIAN
Signed-off-by: Juan Quintela <quintela@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Update to a hopefully more future proof FSF address
x86: Add support for resume flag
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Include assert.h from qemu-common.h
Include assert.h from qemu-common.h and remove other direct uses.cpu-all.h still need to include it because of the dyngen-exec.h hacks
Signed-off-by: Paul Brook <paul@codesourcery.com>
Replace gcc variadic macro extension with C99 version
Add new command line option -singlestep for tcg single stepping.
This replaces a compile time option for some targets and addsthis feature to targets which did not have a compile time option.
Add monitor command to enable or disable single step mode.
Modify monitor command "info status" to display single step mode....
Immediate versions of ro[lr]
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6968 c046a42c-6fe2-441c-8c8c-71466251a162
target-i386: use the new bswap* TCG ops
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6836 c046a42c-6fe2-441c-8c8c-71466251a162
tcg: rename bswap_i32/i64 functions
Rename bswap_i32 into bswap32_i32 and bswap_i64 into bswap64_i64
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6829 c046a42c-6fe2-441c-8c8c-71466251a162
global s/loglevel & X/qemu_loglevel_mask(X)/ (Eduardo Habkost)
These are references to 'loglevel' that aren't on a simple 'if (loglevel &X) qemu_log()' statement.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>...
Convert references to logfile/loglevel to use qemu_log*() macros
This is a large patch that changes all occurrences of logfile/loglevelglobal variables to use the new qemu_log*() macros.
Update FSF address in GPL/LGPL boilerplate
The attached patch updates the FSF address in the GPL/LGPL boilerplatein most GPL/LGPLed files, and also in COPYING.LIB.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>...
Fix smsw for x86_64 guest and bigendian host case
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6009 c046a42c-6fe2-441c-8c8c-71466251a162
target-i386: Fix jmp im on x86_64 when executing 32-bit code
When running grub-install (32-bit) on an x86_64 Linux system in qemu, ithangs on a pagefault forever, because an integer overflow occurs on theIP on "jmp im". This patch masks overflows for 32 bit IPs on a 64 bit...
target-i386: fix CVE-2007-1322
The icebp instruction can be abused to terminate the emulation,resulting in denial of service.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5921 c046a42c-6fe2-441c-8c8c-71466251a162
Use sys-queue.h for break/watchpoint managment (Jan Kiszka)
This switches cpu_break/watchpoint_* to TAILQ wrappers, simplifying thecode and also fixing a use after release issue incpu_break/watchpoint_remove_all.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>...
Refactor and enhance break/watchpoint API (Jan Kiszka)
This patch prepares the QEMU cpu_watchpoint/breakpoint API to allow thesucceeding enhancements this series comes with.
First of all, it overcomes MAX_BREAKPOINTS/MAX_WATCHPOINTS by switchingto dynamically allocated data structures that are kept in linked lists....
TCG variable type checking.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5729 c046a42c-6fe2-441c-8c8c-71466251a162
Fix crc32w decoding, fix a constant width in blendvpd.
Forced the constant's width to long long so that it doesn't overflow,problem spotted by C. W. Betts.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5417 c046a42c-6fe2-441c-8c8c-71466251a162
x86 "popcnt" affects flags.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5412 c046a42c-6fe2-441c-8c8c-71466251a162
Implement SSE4.1, SSE4.2 (x86).
This adds support for CPUID_EXT_SSE41, CPUID_EXT_SSE42, CPUID_EXT_POPCNTextensions. Most instructions haven't been tested yet.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5411 c046a42c-6fe2-441c-8c8c-71466251a162
x86 pextrw destination operand can be r64.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5367 c046a42c-6fe2-441c-8c8c-71466251a162
SYSENTER/SYSEXIT IA-32e implementation (Alexander Graf).
On Intel CPUs, sysenter and sysexit are valid in 64-bit mode. This patchmakes both 64-bit aware and enables them for Intel CPUs.Add cpu save/load for 64-bit wide sysenter variables.
Signed-off-by: Alexander Graf <agraf@suse.de>...
Implement x86 SSSE3 instructions.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5315 c046a42c-6fe2-441c-8c8c-71466251a162
Small cleanup of gen_intermediate_code(_internal), by Laurent Desnogues.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4891 c046a42c-6fe2-441c-8c8c-71466251a162
fix cvtsq2s[sd] (Juergen Lock)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4856 c046a42c-6fe2-441c-8c8c-71466251a162
Re-add static qualifier. Fix annother occurance of "const static".
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4850 c046a42c-6fe2-441c-8c8c-71466251a162
Fix rdtsc instruction counting.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4810 c046a42c-6fe2-441c-8c8c-71466251a162
Add instruction counter.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4799 c046a42c-6fe2-441c-8c8c-71466251a162
HLT, MWAIT and MONITOR insn fixes (initial patch by Alexander Graf)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4746 c046a42c-6fe2-441c-8c8c-71466251a162
undocumented 0x82 opcode is invalid in 64 bit code
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4687 c046a42c-6fe2-441c-8c8c-71466251a162
fixed exceptions for cpuid and invlpg
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4664 c046a42c-6fe2-441c-8c8c-71466251a162
reworked SVM interrupt handling logic - fixed vmrun EIP saved value - reworked cr8 handling - added CPUState.hflags2
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4662 c046a42c-6fe2-441c-8c8c-71466251a162
32 bit SVM fixes - INVLPG and INVLPGA updates
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4660 c046a42c-6fe2-441c-8c8c-71466251a162
SVM rework
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4605 c046a42c-6fe2-441c-8c8c-71466251a162
fixed x86_64 regression
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4586 c046a42c-6fe2-441c-8c8c-71466251a162
transformed TN into temporaries - add local temporaries usage when needed - optimized fcmovX
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4577 c046a42c-6fe2-441c-8c8c-71466251a162
Fix ARM conditional branch bug.Add tcg_gen_brcondi.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4552 c046a42c-6fe2-441c-8c8c-71466251a162
use debug_insn_start to have nicer debug traces
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4532 c046a42c-6fe2-441c-8c8c-71466251a162
proper helper definition registering (all targets must do that)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4530 c046a42c-6fe2-441c-8c8c-71466251a162
optimization of shifts by a constant
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4524 c046a42c-6fe2-441c-8c8c-71466251a162
lahf/sahf cpuid test
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4523 c046a42c-6fe2-441c-8c8c-71466251a162
cmpxchg8b fix - added cmpxchg16b
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4522 c046a42c-6fe2-441c-8c8c-71466251a162
cmpxchg 64 bit fix
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4521 c046a42c-6fe2-441c-8c8c-71466251a162