4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2006 Pierre d'Herbemont
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #include <sys/syscall.h>
33 #define DEBUG_LOGFILE "/tmp/qemu.log"
36 #include <crt_externs.h>
37 # define environ (*_NSGetEnviron())
40 #include <mach/mach_init.h>
41 #include <mach/vm_map.h>
43 const char *interp_prefix = "";
45 asm(".zerofill __STD_PROG_ZONE, __STD_PROG_ZONE, __std_prog_zone, 0x0dfff000");
47 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
48 we allocate a bigger stack. Need a better solution, for example
49 by remapping the process stack directly at the right place */
50 unsigned long stack_size = 512 * 1024;
52 void qerror(const char *fmt, ...)
57 vfprintf(stderr, fmt, ap);
59 fprintf(stderr, "\n");
63 void gemu_log(const char *fmt, ...)
68 vfprintf(stderr, fmt, ap);
72 void cpu_outb(CPUState *env, int addr, int val)
74 fprintf(stderr, "outb: port=0x%04x, data=%02x\n", addr, val);
77 void cpu_outw(CPUState *env, int addr, int val)
79 fprintf(stderr, "outw: port=0x%04x, data=%04x\n", addr, val);
82 void cpu_outl(CPUState *env, int addr, int val)
84 fprintf(stderr, "outl: port=0x%04x, data=%08x\n", addr, val);
87 int cpu_inb(CPUState *env, int addr)
89 fprintf(stderr, "inb: port=0x%04x\n", addr);
93 int cpu_inw(CPUState *env, int addr)
95 fprintf(stderr, "inw: port=0x%04x\n", addr);
99 int cpu_inl(CPUState *env, int addr)
101 fprintf(stderr, "inl: port=0x%04x\n", addr);
105 int cpu_get_pic_interrupt(CPUState *env)
111 static inline uint64_t cpu_ppc_get_tb (CPUState *env)
117 uint32_t cpu_ppc_load_tbl (CPUState *env)
119 return cpu_ppc_get_tb(env) & 0xFFFFFFFF;
122 uint32_t cpu_ppc_load_tbu (CPUState *env)
124 return cpu_ppc_get_tb(env) >> 32;
127 static void cpu_ppc_store_tb (CPUState *env, uint64_t value)
132 void cpu_ppc_store_tbu (CPUState *env, uint32_t value)
134 cpu_ppc_store_tb(env, ((uint64_t)value << 32) | cpu_ppc_load_tbl(env));
137 void cpu_ppc_store_tbl (CPUState *env, uint32_t value)
139 cpu_ppc_store_tb(env, ((uint64_t)cpu_ppc_load_tbl(env) << 32) | value);
142 uint32_t cpu_ppc_load_decr (CPUState *env)
148 void cpu_ppc_store_decr (CPUState *env, uint32_t value)
153 void cpu_ppc601_store_rtcu (CPUState *env, uint32_t value)
155 cpu_ppc_store_tbu( env, value );
158 uint32_t cpu_ppc601_load_rtcu (CPUState *env)
160 cpu_ppc_load_tbu(env);
163 uint32_t cpu_ppc601_load_rtcl (CPUState *env)
165 return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
168 void cpu_loop(CPUPPCState *env)
172 target_siginfo_t info;
175 trapnr = cpu_ppc_exec(env);
176 if (trapnr != EXCP_SYSCALL_USER && trapnr != EXCP_BRANCH &&
177 trapnr != EXCP_TRACE) {
179 cpu_dump_state(env, logfile, fprintf, 0);
185 case EXCP_SYSCALL_USER:
187 if(((int)env->gpr[0]) <= SYS_MAXSYSCALL && ((int)env->gpr[0])>0)
188 ret = do_unix_syscall(env, env->gpr[0]/*, env->gpr[3], env->gpr[4],
189 env->gpr[5], env->gpr[6], env->gpr[7],
190 env->gpr[8], env->gpr[9], env->gpr[10]*/);
191 else if(((int)env->gpr[0])<0)
192 ret = do_mach_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
193 env->gpr[5], env->gpr[6], env->gpr[7],
194 env->gpr[8], env->gpr[9], env->gpr[10]);
196 ret = do_thread_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
197 env->gpr[5], env->gpr[6], env->gpr[7],
198 env->gpr[8], env->gpr[9], env->gpr[10]);
200 /* Unix syscall error signaling */
201 if(((int)env->gpr[0]) <= SYS_MAXSYSCALL && ((int)env->gpr[0])>0)
213 /* Should not happen ! */
214 fprintf(stderr, "RESET asked... Stop emulation\n");
216 fprintf(logfile, "RESET asked... Stop emulation\n");
218 case EXCP_MACHINE_CHECK:
219 fprintf(stderr, "Machine check exeption... Stop emulation\n");
221 fprintf(logfile, "RESET asked... Stop emulation\n");
222 info.si_signo = SIGBUS;
224 info.si_code = BUS_OBJERR;
225 info.si_addr = (void*)(env->nip - 4);
226 queue_signal(info.si_signo, &info);
229 /* To deal with multiple qemu header version as host for the darwin-user code */
232 fprintf(stderr, "Invalid data memory access: 0x%08x\n", env->spr[DAR]);
234 fprintf(logfile, "Invalid data memory access: 0x%08x\n",
237 /* Handle this via the gdb */
238 gdb_handlesig (env, SIGSEGV);
240 info.si_addr = (void*)env->nip;
241 queue_signal(info.si_signo, &info);
244 fprintf(stderr, "Invalid instruction fetch\n");
246 fprintf(logfile, "Invalid instruction fetch\n");
247 /* Handle this via the gdb */
248 gdb_handlesig (env, SIGSEGV);
250 info.si_addr = (void*)(env->nip - 4);
251 queue_signal(info.si_signo, &info);
254 /* Should not happen ! */
255 fprintf(stderr, "External interruption... Stop emulation\n");
257 fprintf(logfile, "External interruption... Stop emulation\n");
260 fprintf(stderr, "Invalid unaligned memory access\n");
262 fprintf(logfile, "Invalid unaligned memory access\n");
263 info.si_signo = SIGBUS;
265 info.si_code = BUS_ADRALN;
266 info.si_addr = (void*)(env->nip - 4);
267 queue_signal(info.si_signo, &info);
270 switch (env->error_code & ~0xF) {
272 fprintf(stderr, "Program exception\n");
274 fprintf(logfile, "Program exception\n");
276 env->fpscr[7] |= 0x8;
277 /* Finally, update FEX */
278 if ((((env->fpscr[7] & 0x3) << 3) | (env->fpscr[6] >> 1)) &
279 ((env->fpscr[1] << 1) | (env->fpscr[0] >> 3)))
280 env->fpscr[7] |= 0x4;
281 info.si_signo = SIGFPE;
283 switch (env->error_code & 0xF) {
285 info.si_code = FPE_FLTOVF;
288 info.si_code = FPE_FLTUND;
292 info.si_code = FPE_FLTDIV;
295 info.si_code = FPE_FLTRES;
298 info.si_code = FPE_FLTINV;
307 info.si_code = FPE_FLTSUB;
310 fprintf(stderr, "Unknown floating point exception "
311 "(%02x)\n", env->error_code);
313 fprintf(logfile, "Unknown floating point exception "
314 "(%02x)\n", env->error_code & 0xF);
319 fprintf(stderr, "Invalid instruction\n");
321 fprintf(logfile, "Invalid instruction\n");
322 info.si_signo = SIGILL;
324 switch (env->error_code & 0xF) {
325 case EXCP_INVAL_INVAL:
326 info.si_code = ILL_ILLOPC;
328 case EXCP_INVAL_LSWX:
329 info.si_code = ILL_ILLOPN;
332 info.si_code = ILL_PRVREG;
335 info.si_code = ILL_COPROC;
338 fprintf(stderr, "Unknown invalid operation (%02x)\n",
339 env->error_code & 0xF);
341 fprintf(logfile, "Unknown invalid operation (%02x)\n",
342 env->error_code & 0xF);
344 info.si_code = ILL_ILLADR;
347 /* Handle this via the gdb */
348 gdb_handlesig (env, SIGSEGV);
351 fprintf(stderr, "Privilege violation\n");
353 fprintf(logfile, "Privilege violation\n");
354 info.si_signo = SIGILL;
356 switch (env->error_code & 0xF) {
358 info.si_code = ILL_PRVOPC;
361 info.si_code = ILL_PRVREG;
364 fprintf(stderr, "Unknown privilege violation (%02x)\n",
365 env->error_code & 0xF);
366 info.si_code = ILL_PRVOPC;
371 fprintf(stderr, "Tried to call a TRAP\n");
373 fprintf(logfile, "Tried to call a TRAP\n");
376 /* Should not happen ! */
377 fprintf(stderr, "Unknown program exception (%02x)\n",
380 fprintf(logfile, "Unknwon program exception (%02x)\n",
385 info.si_addr = (void*)(env->nip - 4);
386 queue_signal(info.si_signo, &info);
389 fprintf(stderr, "No floating point allowed\n");
391 fprintf(logfile, "No floating point allowed\n");
392 info.si_signo = SIGILL;
394 info.si_code = ILL_COPROC;
395 info.si_addr = (void*)(env->nip - 4);
396 queue_signal(info.si_signo, &info);
399 /* Should not happen ! */
400 fprintf(stderr, "Decrementer exception\n");
402 fprintf(logfile, "Decrementer exception\n");
405 /* Pass to gdb: we use this to trace execution */
406 gdb_handlesig (env, SIGTRAP);
409 /* Should not happen ! */
410 fprintf(stderr, "Floating point assist exception\n");
412 fprintf(logfile, "Floating point assist exception\n");
415 /* We reloaded the msr, just go on */
417 fprintf(stderr, "Tried to go into supervisor mode !\n");
419 fprintf(logfile, "Tried to go into supervisor mode !\n");
424 /* We stopped because of a jump... */
427 /* Don't know why this should ever happen... */
428 fprintf(stderr, "EXCP_INTERRUPT\n");
431 gdb_handlesig (env, SIGTRAP);
434 fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
437 fprintf(logfile, "qemu: unhandled CPU exception 0x%02x - "
438 "0x%02x - aborting\n", trapnr, env->error_code);
442 process_pending_signals(env);
450 /***********************************************************/
451 /* CPUX86 core interface */
453 uint64_t cpu_get_tsc(CPUX86State *env)
455 return cpu_get_real_ticks();
459 write_dt(void *ptr, unsigned long addr, unsigned long limit,
463 e1 = (addr << 16) | (limit & 0xffff);
464 e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
466 stl((uint8_t *)ptr, e1);
467 stl((uint8_t *)ptr + 4, e2);
470 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
471 unsigned long addr, unsigned int sel)
474 e1 = (addr & 0xffff) | (sel << 16);
475 e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
476 stl((uint8_t *)ptr, e1);
477 stl((uint8_t *)ptr + 4, e2);
480 #define GDT_TABLE_SIZE 14
481 #define LDT_TABLE_SIZE 15
482 #define IDT_TABLE_SIZE 256
484 uint64_t gdt_table[GDT_TABLE_SIZE];
485 uint64_t ldt_table[LDT_TABLE_SIZE];
486 uint64_t idt_table[IDT_TABLE_SIZE];
487 uint32_t tss[TSS_SIZE];
489 /* only dpl matters as we do only user space emulation */
490 static void set_idt(int n, unsigned int dpl)
492 set_gate(idt_table + n, 0, dpl, 0, 0);
495 /* ABI convention: after a syscall if there was an error the CF flag is set */
496 static inline void set_error(CPUX86State *env, int ret)
499 env->eflags = env->eflags | 0x1;
502 env->regs[R_EAX] = ret;
505 void cpu_loop(CPUX86State *env)
510 target_siginfo_t info;
513 trapnr = cpu_x86_exec(env);
514 uint32_t *params = (uint32_t *)env->regs[R_ESP];
516 case 0x79: /* Our commpage hack back door exit is here */
517 do_commpage(env, env->eip, *(params + 1), *(params + 2),
518 *(params + 3), *(params + 4),
519 *(params + 5), *(params + 6),
520 *(params + 7), *(params + 8));
522 case 0x81: /* mach syscall */
524 ret = do_mach_syscall(env, env->regs[R_EAX],
525 *(params + 1), *(params + 2),
526 *(params + 3), *(params + 4),
527 *(params + 5), *(params + 6),
528 *(params + 7), *(params + 8));
532 case 0x90: /* unix backdoor */
534 /* after sysenter, stack is in R_ECX, new eip in R_EDX (sysexit will flip them back)*/
535 int saved_stack = env->regs[R_ESP];
536 env->regs[R_ESP] = env->regs[R_ECX];
538 ret = do_unix_syscall(env, env->regs[R_EAX]);
540 env->regs[R_ECX] = env->regs[R_ESP];
541 env->regs[R_ESP] = saved_stack;
546 case 0x80: /* unix syscall */
548 ret = do_unix_syscall(env, env->regs[R_EAX]/*,
549 *(params + 1), *(params + 2),
550 *(params + 3), *(params + 4),
551 *(params + 5), *(params + 6),
552 *(params + 7), *(params + 8)*/);
556 case 0x82: /* thread syscall */
558 ret = do_thread_syscall(env, env->regs[R_EAX],
559 *(params + 1), *(params + 2),
560 *(params + 3), *(params + 4),
561 *(params + 5), *(params + 6),
562 *(params + 7), *(params + 8));
568 info.si_signo = SIGBUS;
570 info.si_code = BUS_NOOP;
572 gdb_handlesig (env, SIGBUS);
573 queue_signal(info.si_signo, &info);
576 info.si_signo = SIGSEGV;
578 info.si_code = SEGV_NOOP;
580 gdb_handlesig (env, SIGSEGV);
581 queue_signal(info.si_signo, &info);
584 info.si_signo = SIGSEGV;
586 if (!(env->error_code & 1))
587 info.si_code = SEGV_MAPERR;
589 info.si_code = SEGV_ACCERR;
590 info.si_addr = (void*)env->cr[2];
591 gdb_handlesig (env, SIGSEGV);
592 queue_signal(info.si_signo, &info);
595 /* division by zero */
596 info.si_signo = SIGFPE;
598 info.si_code = FPE_INTDIV;
599 info.si_addr = (void*)env->eip;
600 gdb_handlesig (env, SIGFPE);
601 queue_signal(info.si_signo, &info);
605 info.si_signo = SIGTRAP;
607 info.si_code = TRAP_BRKPT;
608 info.si_addr = (void*)env->eip;
609 gdb_handlesig (env, SIGTRAP);
610 queue_signal(info.si_signo, &info);
614 info.si_signo = SIGSEGV;
616 info.si_code = SEGV_NOOP;
618 gdb_handlesig (env, SIGSEGV);
619 queue_signal(info.si_signo, &info);
622 info.si_signo = SIGILL;
624 info.si_code = ILL_ILLOPN;
625 info.si_addr = (void*)env->eip;
626 gdb_handlesig (env, SIGILL);
627 queue_signal(info.si_signo, &info);
630 /* just indicate that signals should be handled asap */
636 sig = gdb_handlesig (env, SIGTRAP);
641 info.si_code = TRAP_BRKPT;
642 queue_signal(info.si_signo, &info);
647 pc = (void*)(env->segs[R_CS].base + env->eip);
648 fprintf(stderr, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
652 process_pending_signals(env);
659 printf("qemu-" TARGET_ARCH " version " QEMU_VERSION ", Copyright (c) 2003-2004 Fabrice Bellard\n"
660 "usage: qemu-" TARGET_ARCH " [-h] [-d opts] [-L path] [-s size] program [arguments...]\n"
661 "Darwin CPU emulator (compiled for %s emulation)\n"
663 "-h print this help\n"
664 "-L path set the %s library path (default='%s')\n"
665 "-s size set the stack size in bytes (default=%ld)\n"
669 "-no-code-copy disable code copy acceleration\n"
671 "-d options activate log (logfile='%s')\n"
672 "-g wait for gdb on port 1234\n"
673 "-p pagesize set the host page size to 'pagesize'\n",
682 /* XXX: currently only used for async signals (see signal.c) */
683 CPUState *global_env;
684 /* used only if single thread */
685 CPUState *cpu_single_env = NULL;
687 /* used to free thread contexts */
688 TaskState *first_task_state;
690 int main(int argc, char **argv)
692 const char *filename;
693 struct target_pt_regs regs1, *regs = ®s1;
694 TaskState ts1, *ts = &ts1;
697 short use_gdbstub = 0;
704 cpu_set_log_filename(DEBUG_LOGFILE);
715 if (!strcmp(r, "-")) {
717 } else if (!strcmp(r, "d")) {
725 mask = cpu_str_to_log_mask(r);
727 printf("Log items (comma separated):\n");
728 for(item = cpu_log_items; item->mask != 0; item++) {
729 printf("%-10s %s\n", item->name, item->help);
734 } else if (!strcmp(r, "s")) {
736 stack_size = strtol(r, (char **)&r, 0);
740 stack_size *= 1024 * 1024;
741 else if (*r == 'k' || *r == 'K')
743 } else if (!strcmp(r, "L")) {
744 interp_prefix = argv[optind++];
745 } else if (!strcmp(r, "p")) {
746 qemu_host_page_size = atoi(argv[optind++]);
747 if (qemu_host_page_size == 0 ||
748 (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
749 fprintf(stderr, "page size must be a power of two\n");
753 if (!strcmp(r, "g")) {
757 if (!strcmp(r, "no-code-copy")) {
758 code_copy_enabled = 0;
767 filename = argv[optind];
770 memset(regs, 0, sizeof(struct target_pt_regs));
772 /* NOTE: we need to init the CPU at this stage to get
773 qemu_host_page_size */
776 printf("Starting %s with qemu\n----------------\n", filename);
780 if (mach_exec(filename, argv+optind, environ, regs) != 0) {
781 printf("Error loading %s\n", filename);
789 /* build Task State */
790 memset(ts, 0, sizeof(TaskState));
793 env->user_mode_only = 1;
795 #if defined(TARGET_I386)
796 cpu_x86_set_cpl(env, 3);
798 env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
799 env->hflags |= HF_PE_MASK;
801 if (env->cpuid_features & CPUID_SSE) {
802 env->cr[4] |= CR4_OSFXSR_MASK;
803 env->hflags |= HF_OSFXSR_MASK;
806 /* flags setup : we activate the IRQs by default as in user mode */
807 env->eflags |= IF_MASK;
809 /* darwin register setup */
810 env->regs[R_EAX] = regs->eax;
811 env->regs[R_EBX] = regs->ebx;
812 env->regs[R_ECX] = regs->ecx;
813 env->regs[R_EDX] = regs->edx;
814 env->regs[R_ESI] = regs->esi;
815 env->regs[R_EDI] = regs->edi;
816 env->regs[R_EBP] = regs->ebp;
817 env->regs[R_ESP] = regs->esp;
818 env->eip = regs->eip;
820 /* Darwin LDT setup */
821 /* 2 - User code segment
822 3 - User data segment
824 bzero(ldt_table, LDT_TABLE_SIZE * sizeof(ldt_table[0]));
825 env->ldt.base = (uint32_t) ldt_table;
826 env->ldt.limit = sizeof(ldt_table) - 1;
828 write_dt(ldt_table + 2, 0, 0xfffff,
829 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
830 (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
831 write_dt(ldt_table + 3, 0, 0xfffff,
832 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
833 (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
834 write_dt(ldt_table + 4, 0, 0xfffff,
835 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
836 (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
839 * has changed a lot between old Darwin/x86 (pre-Mac Intel) and Mac OS X/x86,
840 now everything is done via int 0x81(mach) int 0x82 (thread) and sysenter/sysexit(unix) */
841 bzero(gdt_table, sizeof(gdt_table));
842 env->gdt.base = (uint32_t)gdt_table;
843 env->gdt.limit = sizeof(gdt_table) - 1;
845 /* Set up a back door to handle sysenter syscalls (unix) */
846 char * syscallbackdoor = malloc(64);
847 page_set_flags((int)syscallbackdoor, (int)syscallbackdoor + 64, PROT_EXEC | PROT_READ | PAGE_VALID);
850 syscallbackdoor[i++] = 0xcd;
851 syscallbackdoor[i++] = 0x90; /* int 0x90 */
852 syscallbackdoor[i++] = 0x0F;
853 syscallbackdoor[i++] = 0x35; /* sysexit */
855 /* Darwin sysenter/sysexit setup */
856 env->sysenter_cs = 0x1; //XXX
857 env->sysenter_eip = (int)syscallbackdoor;
858 env->sysenter_esp = (int)malloc(64);
861 This must match up with GDT[4] */
862 env->tr.base = (uint32_t) tss;
863 env->tr.limit = sizeof(tss) - 1;
864 env->tr.flags = DESC_P_MASK | (0x9 << DESC_TYPE_SHIFT);
865 stw(tss + 2, 0x10); // ss0 = 0x10 = GDT[2] = Kernel Data Segment
867 /* Darwin interrupt setup */
868 bzero(idt_table, sizeof(idt_table));
869 env->idt.base = (uint32_t) idt_table;
870 env->idt.limit = sizeof(idt_table) - 1;
891 /* Syscalls are done via
892 int 0x80 (unix) (rarely used)
895 int 0x83 (diag) (not handled here)
896 sysenter/sysexit (unix) -> we redirect that to int 0x90 */
897 set_idt(0x79, 3); /* Commpage hack, here is our backdoor interrupt */
898 set_idt(0x80, 3); /* Unix Syscall */
899 set_idt(0x81, 3); /* Mach Syscalls */
900 set_idt(0x82, 3); /* thread Syscalls */
902 set_idt(0x90, 3); /* qemu-darwin-user's Unix syscalls backdoor */
905 cpu_x86_load_seg(env, R_CS, __USER_CS);
906 cpu_x86_load_seg(env, R_DS, __USER_DS);
907 cpu_x86_load_seg(env, R_ES, __USER_DS);
908 cpu_x86_load_seg(env, R_SS, __USER_DS);
909 cpu_x86_load_seg(env, R_FS, __USER_DS);
910 cpu_x86_load_seg(env, R_GS, __USER_DS);
912 #elif defined(TARGET_PPC)
915 env->nip = regs->nip;
916 for(i = 0; i < 32; i++) {
917 env->gpr[i] = regs->gpr[i];
921 #error unsupported target CPU
925 printf("Waiting for gdb Connection on port 1234...\n");
926 gdbserver_start (1234);
927 gdb_handlesig(env, 0);
projects / qemu / blob