2 * i386 emulator main execution loop
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
26 #if !defined(CONFIG_SOFTMMU)
38 #include <sys/ucontext.h>
42 #if defined(__sparc__) && !defined(HOST_SOLARIS)
43 // Work around ugly bugs in glibc that mangle global register contents
45 #define env cpu_single_env
48 int tb_invalidated_flag;
51 //#define DEBUG_SIGNAL
53 int qemu_cpu_has_work(CPUState *env)
55 return cpu_has_work(env);
58 void cpu_loop_exit(void)
60 /* NOTE: the register at this point must be saved by hand because
61 longjmp restore them */
63 longjmp(env->jmp_env, 1);
66 /* exit the current TB from a signal handler. The host registers are
67 restored in a state compatible with the CPU emulator
69 void cpu_resume_from_signal(CPUState *env1, void *puc)
71 #if !defined(CONFIG_SOFTMMU)
73 struct ucontext *uc = puc;
74 #elif defined(__OpenBSD__)
75 struct sigcontext *uc = puc;
81 /* XXX: restore cpu registers saved in host registers */
83 #if !defined(CONFIG_SOFTMMU)
85 /* XXX: use siglongjmp ? */
87 sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
88 #elif defined(__OpenBSD__)
89 sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
93 env->exception_index = -1;
94 longjmp(env->jmp_env, 1);
97 /* Execute the code without caching the generated code. An interpreter
98 could be used if available. */
99 static void cpu_exec_nocache(int max_cycles, TranslationBlock *orig_tb)
101 unsigned long next_tb;
102 TranslationBlock *tb;
104 /* Should never happen.
105 We only end up here when an existing TB is too long. */
106 if (max_cycles > CF_COUNT_MASK)
107 max_cycles = CF_COUNT_MASK;
109 tb = tb_gen_code(env, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
111 env->current_tb = tb;
112 /* execute the generated code */
113 next_tb = tcg_qemu_tb_exec(tb->tc_ptr);
115 if ((next_tb & 3) == 2) {
116 /* Restore PC. This may happen if async event occurs before
117 the TB starts executing. */
118 cpu_pc_from_tb(env, tb);
120 tb_phys_invalidate(tb, -1);
124 static TranslationBlock *tb_find_slow(target_ulong pc,
125 target_ulong cs_base,
128 TranslationBlock *tb, **ptb1;
130 target_ulong phys_pc, phys_page1, phys_page2, virt_page2;
132 tb_invalidated_flag = 0;
134 regs_to_env(); /* XXX: do it just before cpu_gen_code() */
136 /* find translated block using physical mappings */
137 phys_pc = get_phys_addr_code(env, pc);
138 phys_page1 = phys_pc & TARGET_PAGE_MASK;
140 h = tb_phys_hash_func(phys_pc);
141 ptb1 = &tb_phys_hash[h];
147 tb->page_addr[0] == phys_page1 &&
148 tb->cs_base == cs_base &&
149 tb->flags == flags) {
150 /* check next page if needed */
151 if (tb->page_addr[1] != -1) {
152 virt_page2 = (pc & TARGET_PAGE_MASK) +
154 phys_page2 = get_phys_addr_code(env, virt_page2);
155 if (tb->page_addr[1] == phys_page2)
161 ptb1 = &tb->phys_hash_next;
164 /* if no translated code available, then translate it now */
165 tb = tb_gen_code(env, pc, cs_base, flags, 0);
168 /* we add the TB in the virtual pc hash table */
169 env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
173 static inline TranslationBlock *tb_find_fast(void)
175 TranslationBlock *tb;
176 target_ulong cs_base, pc;
179 /* we record a subset of the CPU state. It will
180 always be the same before a given translated block
182 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
183 tb = env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
184 if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
185 tb->flags != flags)) {
186 tb = tb_find_slow(pc, cs_base, flags);
191 static CPUDebugExcpHandler *debug_excp_handler;
193 CPUDebugExcpHandler *cpu_set_debug_excp_handler(CPUDebugExcpHandler *handler)
195 CPUDebugExcpHandler *old_handler = debug_excp_handler;
197 debug_excp_handler = handler;
201 static void cpu_handle_debug_exception(CPUState *env)
205 if (!env->watchpoint_hit)
206 TAILQ_FOREACH(wp, &env->watchpoints, entry)
207 wp->flags &= ~BP_WATCHPOINT_HIT;
209 if (debug_excp_handler)
210 debug_excp_handler(env);
213 /* main execution loop */
215 int cpu_exec(CPUState *env1)
217 #define DECLARE_HOST_REGS 1
218 #include "hostregs_helper.h"
219 int ret, interrupt_request;
220 TranslationBlock *tb;
222 unsigned long next_tb;
224 if (cpu_halted(env1) == EXCP_HALTED)
227 cpu_single_env = env1;
229 /* first we save global registers */
230 #define SAVE_HOST_REGS 1
231 #include "hostregs_helper.h"
235 #if defined(TARGET_I386)
236 /* put eflags in CPU temporary format */
237 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
238 DF = 1 - (2 * ((env->eflags >> 10) & 1));
239 CC_OP = CC_OP_EFLAGS;
240 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
241 #elif defined(TARGET_SPARC)
242 #elif defined(TARGET_M68K)
243 env->cc_op = CC_OP_FLAGS;
244 env->cc_dest = env->sr & 0xf;
245 env->cc_x = (env->sr >> 4) & 1;
246 #elif defined(TARGET_ALPHA)
247 #elif defined(TARGET_ARM)
248 #elif defined(TARGET_PPC)
249 #elif defined(TARGET_MIPS)
250 #elif defined(TARGET_SH4)
251 #elif defined(TARGET_CRIS)
254 #error unsupported target CPU
256 env->exception_index = -1;
258 /* prepare setjmp context for exception handling */
260 if (setjmp(env->jmp_env) == 0) {
261 #if defined(__sparc__) && !defined(HOST_SOLARIS)
263 env = cpu_single_env;
264 #define env cpu_single_env
266 env->current_tb = NULL;
267 /* if an exception is pending, we execute it here */
268 if (env->exception_index >= 0) {
269 if (env->exception_index >= EXCP_INTERRUPT) {
270 /* exit request from the cpu execution loop */
271 ret = env->exception_index;
272 if (ret == EXCP_DEBUG)
273 cpu_handle_debug_exception(env);
276 #if defined(CONFIG_USER_ONLY)
277 /* if user mode only, we simulate a fake exception
278 which will be handled outside the cpu execution
280 #if defined(TARGET_I386)
281 do_interrupt_user(env->exception_index,
282 env->exception_is_int,
284 env->exception_next_eip);
285 /* successfully delivered */
286 env->old_exception = -1;
288 ret = env->exception_index;
291 #if defined(TARGET_I386)
292 /* simulate a real cpu exception. On i386, it can
293 trigger new exceptions, but we do not handle
294 double or triple faults yet. */
295 do_interrupt(env->exception_index,
296 env->exception_is_int,
298 env->exception_next_eip, 0);
299 /* successfully delivered */
300 env->old_exception = -1;
301 #elif defined(TARGET_PPC)
303 #elif defined(TARGET_MIPS)
305 #elif defined(TARGET_SPARC)
307 #elif defined(TARGET_ARM)
309 #elif defined(TARGET_SH4)
311 #elif defined(TARGET_ALPHA)
313 #elif defined(TARGET_CRIS)
315 #elif defined(TARGET_M68K)
320 env->exception_index = -1;
323 if (kqemu_is_ok(env) && env->interrupt_request == 0 && env->exit_request == 0) {
325 env->eflags = env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK);
326 ret = kqemu_cpu_exec(env);
327 /* put eflags in CPU temporary format */
328 CC_SRC = env->eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
329 DF = 1 - (2 * ((env->eflags >> 10) & 1));
330 CC_OP = CC_OP_EFLAGS;
331 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
334 longjmp(env->jmp_env, 1);
335 } else if (ret == 2) {
336 /* softmmu execution needed */
338 if (env->interrupt_request != 0 || env->exit_request != 0) {
339 /* hardware interrupt will be executed just after */
341 /* otherwise, we restart */
342 longjmp(env->jmp_env, 1);
350 longjmp(env->jmp_env, 1);
353 next_tb = 0; /* force lookup of first TB */
355 interrupt_request = env->interrupt_request;
356 if (unlikely(interrupt_request)) {
357 if (unlikely(env->singlestep_enabled & SSTEP_NOIRQ)) {
358 /* Mask out external interrupts for this step. */
359 interrupt_request &= ~(CPU_INTERRUPT_HARD |
364 if (interrupt_request & CPU_INTERRUPT_DEBUG) {
365 env->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
366 env->exception_index = EXCP_DEBUG;
369 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
370 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS)
371 if (interrupt_request & CPU_INTERRUPT_HALT) {
372 env->interrupt_request &= ~CPU_INTERRUPT_HALT;
374 env->exception_index = EXCP_HLT;
378 #if defined(TARGET_I386)
379 if (env->hflags2 & HF2_GIF_MASK) {
380 if ((interrupt_request & CPU_INTERRUPT_SMI) &&
381 !(env->hflags & HF_SMM_MASK)) {
382 svm_check_intercept(SVM_EXIT_SMI);
383 env->interrupt_request &= ~CPU_INTERRUPT_SMI;
386 } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
387 !(env->hflags2 & HF2_NMI_MASK)) {
388 env->interrupt_request &= ~CPU_INTERRUPT_NMI;
389 env->hflags2 |= HF2_NMI_MASK;
390 do_interrupt(EXCP02_NMI, 0, 0, 0, 1);
392 } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
393 (((env->hflags2 & HF2_VINTR_MASK) &&
394 (env->hflags2 & HF2_HIF_MASK)) ||
395 (!(env->hflags2 & HF2_VINTR_MASK) &&
396 (env->eflags & IF_MASK &&
397 !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
399 svm_check_intercept(SVM_EXIT_INTR);
400 env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
401 intno = cpu_get_pic_interrupt(env);
402 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing hardware INT=0x%02x\n", intno);
403 #if defined(__sparc__) && !defined(HOST_SOLARIS)
405 env = cpu_single_env;
406 #define env cpu_single_env
408 do_interrupt(intno, 0, 0, 0, 1);
409 /* ensure that no TB jump will be modified as
410 the program flow was changed */
412 #if !defined(CONFIG_USER_ONLY)
413 } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
414 (env->eflags & IF_MASK) &&
415 !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
417 /* FIXME: this should respect TPR */
418 svm_check_intercept(SVM_EXIT_VINTR);
419 intno = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_vector));
420 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Servicing virtual hardware INT=0x%02x\n", intno);
421 do_interrupt(intno, 0, 0, 0, 1);
422 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
427 #elif defined(TARGET_PPC)
429 if ((interrupt_request & CPU_INTERRUPT_RESET)) {
433 if (interrupt_request & CPU_INTERRUPT_HARD) {
434 ppc_hw_interrupt(env);
435 if (env->pending_interrupts == 0)
436 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
439 #elif defined(TARGET_MIPS)
440 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
441 (env->CP0_Status & env->CP0_Cause & CP0Ca_IP_mask) &&
442 (env->CP0_Status & (1 << CP0St_IE)) &&
443 !(env->CP0_Status & (1 << CP0St_EXL)) &&
444 !(env->CP0_Status & (1 << CP0St_ERL)) &&
445 !(env->hflags & MIPS_HFLAG_DM)) {
447 env->exception_index = EXCP_EXT_INTERRUPT;
452 #elif defined(TARGET_SPARC)
453 if ((interrupt_request & CPU_INTERRUPT_HARD) &&
455 int pil = env->interrupt_index & 15;
456 int type = env->interrupt_index & 0xf0;
458 if (((type == TT_EXTINT) &&
459 (pil == 15 || pil > env->psrpil)) ||
461 env->interrupt_request &= ~CPU_INTERRUPT_HARD;
462 env->exception_index = env->interrupt_index;
464 env->interrupt_index = 0;
465 #if !defined(TARGET_SPARC64) && !defined(CONFIG_USER_ONLY)
470 } else if (interrupt_request & CPU_INTERRUPT_TIMER) {
471 //do_interrupt(0, 0, 0, 0, 0);
472 env->interrupt_request &= ~CPU_INTERRUPT_TIMER;
474 #elif defined(TARGET_ARM)
475 if (interrupt_request & CPU_INTERRUPT_FIQ
476 && !(env->uncached_cpsr & CPSR_F)) {
477 env->exception_index = EXCP_FIQ;
481 /* ARMv7-M interrupt return works by loading a magic value
482 into the PC. On real hardware the load causes the
483 return to occur. The qemu implementation performs the
484 jump normally, then does the exception return when the
485 CPU tries to execute code at the magic address.
486 This will cause the magic PC value to be pushed to
487 the stack if an interrupt occured at the wrong time.
488 We avoid this by disabling interrupts when
489 pc contains a magic address. */
490 if (interrupt_request & CPU_INTERRUPT_HARD
491 && ((IS_M(env) && env->regs[15] < 0xfffffff0)
492 || !(env->uncached_cpsr & CPSR_I))) {
493 env->exception_index = EXCP_IRQ;
497 #elif defined(TARGET_SH4)
498 if (interrupt_request & CPU_INTERRUPT_HARD) {
502 #elif defined(TARGET_ALPHA)
503 if (interrupt_request & CPU_INTERRUPT_HARD) {
507 #elif defined(TARGET_CRIS)
508 if (interrupt_request & CPU_INTERRUPT_HARD
509 && (env->pregs[PR_CCS] & I_FLAG)) {
510 env->exception_index = EXCP_IRQ;
514 if (interrupt_request & CPU_INTERRUPT_NMI
515 && (env->pregs[PR_CCS] & M_FLAG)) {
516 env->exception_index = EXCP_NMI;
520 #elif defined(TARGET_M68K)
521 if (interrupt_request & CPU_INTERRUPT_HARD
522 && ((env->sr & SR_I) >> SR_I_SHIFT)
523 < env->pending_level) {
524 /* Real hardware gets the interrupt vector via an
525 IACK cycle at this point. Current emulated
526 hardware doesn't rely on this, so we
527 provide/save the vector when the interrupt is
529 env->exception_index = env->pending_vector;
534 /* Don't use the cached interupt_request value,
535 do_interrupt may have updated the EXITTB flag. */
536 if (env->interrupt_request & CPU_INTERRUPT_EXITTB) {
537 env->interrupt_request &= ~CPU_INTERRUPT_EXITTB;
538 /* ensure that no TB jump will be modified as
539 the program flow was changed */
543 if (unlikely(env->exit_request)) {
544 env->exit_request = 0;
545 env->exception_index = EXCP_INTERRUPT;
549 if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
550 /* restore flags in standard format */
552 #if defined(TARGET_I386)
553 env->eflags = env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK);
554 log_cpu_state(env, X86_DUMP_CCOP);
555 env->eflags &= ~(DF_MASK | CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
556 #elif defined(TARGET_ARM)
557 log_cpu_state(env, 0);
558 #elif defined(TARGET_SPARC)
559 log_cpu_state(env, 0);
560 #elif defined(TARGET_PPC)
561 log_cpu_state(env, 0);
562 #elif defined(TARGET_M68K)
563 cpu_m68k_flush_flags(env, env->cc_op);
564 env->cc_op = CC_OP_FLAGS;
565 env->sr = (env->sr & 0xffe0)
566 | env->cc_dest | (env->cc_x << 4);
567 log_cpu_state(env, 0);
568 #elif defined(TARGET_MIPS)
569 log_cpu_state(env, 0);
570 #elif defined(TARGET_SH4)
571 log_cpu_state(env, 0);
572 #elif defined(TARGET_ALPHA)
573 log_cpu_state(env, 0);
574 #elif defined(TARGET_CRIS)
575 log_cpu_state(env, 0);
577 #error unsupported target CPU
583 /* Note: we do it here to avoid a gcc bug on Mac OS X when
584 doing it in tb_find_slow */
585 if (tb_invalidated_flag) {
586 /* as some TB could have been invalidated because
587 of memory exceptions while generating the code, we
588 must recompute the hash index here */
590 tb_invalidated_flag = 0;
593 qemu_log_mask(CPU_LOG_EXEC, "Trace 0x%08lx [" TARGET_FMT_lx "] %s\n",
594 (long)tb->tc_ptr, tb->pc,
595 lookup_symbol(tb->pc));
597 /* see if we can patch the calling TB. When the TB
598 spans two pages, we cannot safely do a direct
603 (env->kqemu_enabled != 2) &&
605 tb->page_addr[1] == -1) {
606 tb_add_jump((TranslationBlock *)(next_tb & ~3), next_tb & 3, tb);
609 spin_unlock(&tb_lock);
610 env->current_tb = tb;
612 /* cpu_interrupt might be called while translating the
613 TB, but before it is linked into a potentially
614 infinite loop and becomes env->current_tb. Avoid
615 starting execution if there is a pending interrupt. */
616 if (unlikely (env->exit_request))
617 env->current_tb = NULL;
619 while (env->current_tb) {
621 /* execute the generated code */
622 #if defined(__sparc__) && !defined(HOST_SOLARIS)
624 env = cpu_single_env;
625 #define env cpu_single_env
627 next_tb = tcg_qemu_tb_exec(tc_ptr);
628 env->current_tb = NULL;
629 if ((next_tb & 3) == 2) {
630 /* Instruction counter expired. */
632 tb = (TranslationBlock *)(long)(next_tb & ~3);
634 cpu_pc_from_tb(env, tb);
635 insns_left = env->icount_decr.u32;
636 if (env->icount_extra && insns_left >= 0) {
637 /* Refill decrementer and continue execution. */
638 env->icount_extra += insns_left;
639 if (env->icount_extra > 0xffff) {
642 insns_left = env->icount_extra;
644 env->icount_extra -= insns_left;
645 env->icount_decr.u16.low = insns_left;
647 if (insns_left > 0) {
648 /* Execute remaining instructions. */
649 cpu_exec_nocache(insns_left, tb);
651 env->exception_index = EXCP_INTERRUPT;
657 /* reset soft MMU for next block (it can currently
658 only be set by a memory fault) */
659 #if defined(CONFIG_KQEMU)
660 #define MIN_CYCLE_BEFORE_SWITCH (100 * 1000)
661 if (kqemu_is_ok(env) &&
662 (cpu_get_time_fast() - env->last_io_time) >= MIN_CYCLE_BEFORE_SWITCH) {
673 #if defined(TARGET_I386)
674 /* restore flags in standard format */
675 env->eflags = env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK);
676 #elif defined(TARGET_ARM)
677 /* XXX: Save/restore host fpu exception state?. */
678 #elif defined(TARGET_SPARC)
679 #elif defined(TARGET_PPC)
680 #elif defined(TARGET_M68K)
681 cpu_m68k_flush_flags(env, env->cc_op);
682 env->cc_op = CC_OP_FLAGS;
683 env->sr = (env->sr & 0xffe0)
684 | env->cc_dest | (env->cc_x << 4);
685 #elif defined(TARGET_MIPS)
686 #elif defined(TARGET_SH4)
687 #elif defined(TARGET_ALPHA)
688 #elif defined(TARGET_CRIS)
691 #error unsupported target CPU
694 /* restore global registers */
695 #include "hostregs_helper.h"
697 /* fail safe : never use cpu_single_env outside cpu_exec() */
698 cpu_single_env = NULL;
702 /* must only be called from the generated code as an exception can be
704 void tb_invalidate_page_range(target_ulong start, target_ulong end)
706 /* XXX: cannot enable it yet because it yields to MMU exception
707 where NIP != read address on PowerPC */
709 target_ulong phys_addr;
710 phys_addr = get_phys_addr_code(env, start);
711 tb_invalidate_phys_page_range(phys_addr, phys_addr + end - start, 0);
715 #if defined(TARGET_I386) && defined(CONFIG_USER_ONLY)
717 void cpu_x86_load_seg(CPUX86State *s, int seg_reg, int selector)
719 CPUX86State *saved_env;
723 if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
725 cpu_x86_load_seg_cache(env, seg_reg, selector,
726 (selector << 4), 0xffff, 0);
728 helper_load_seg(seg_reg, selector);
733 void cpu_x86_fsave(CPUX86State *s, target_ulong ptr, int data32)
735 CPUX86State *saved_env;
740 helper_fsave(ptr, data32);
745 void cpu_x86_frstor(CPUX86State *s, target_ulong ptr, int data32)
747 CPUX86State *saved_env;
752 helper_frstor(ptr, data32);
757 #endif /* TARGET_I386 */
759 #if !defined(CONFIG_SOFTMMU)
761 #if defined(TARGET_I386)
763 /* 'pc' is the host PC at which the exception was raised. 'address' is
764 the effective address of the memory exception. 'is_write' is 1 if a
765 write caused the exception and otherwise 0'. 'old_set' is the
766 signal set which should be restored */
767 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
768 int is_write, sigset_t *old_set,
771 TranslationBlock *tb;
775 env = cpu_single_env; /* XXX: find a correct solution for multithread */
776 #if defined(DEBUG_SIGNAL)
777 qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
778 pc, address, is_write, *(unsigned long *)old_set);
780 /* XXX: locking issue */
781 if (is_write && page_unprotect(h2g(address), pc, puc)) {
785 /* see if it is an MMU fault */
786 ret = cpu_x86_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
788 return 0; /* not an MMU fault */
790 return 1; /* the MMU fault was handled without causing real CPU fault */
791 /* now we have a real cpu fault */
794 /* the PC is inside the translated code. It means that we have
795 a virtual CPU fault */
796 cpu_restore_state(tb, env, pc, puc);
800 printf("PF exception: EIP=0x%08x CR2=0x%08x error=0x%x\n",
801 env->eip, env->cr[2], env->error_code);
803 /* we restore the process signal mask as the sigreturn should
804 do it (XXX: use sigsetjmp) */
805 sigprocmask(SIG_SETMASK, old_set, NULL);
806 raise_exception_err(env->exception_index, env->error_code);
808 /* activate soft MMU for this block */
809 env->hflags |= HF_SOFTMMU_MASK;
810 cpu_resume_from_signal(env, puc);
812 /* never comes here */
816 #elif defined(TARGET_ARM)
817 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
818 int is_write, sigset_t *old_set,
821 TranslationBlock *tb;
825 env = cpu_single_env; /* XXX: find a correct solution for multithread */
826 #if defined(DEBUG_SIGNAL)
827 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
828 pc, address, is_write, *(unsigned long *)old_set);
830 /* XXX: locking issue */
831 if (is_write && page_unprotect(h2g(address), pc, puc)) {
834 /* see if it is an MMU fault */
835 ret = cpu_arm_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
837 return 0; /* not an MMU fault */
839 return 1; /* the MMU fault was handled without causing real CPU fault */
840 /* now we have a real cpu fault */
843 /* the PC is inside the translated code. It means that we have
844 a virtual CPU fault */
845 cpu_restore_state(tb, env, pc, puc);
847 /* we restore the process signal mask as the sigreturn should
848 do it (XXX: use sigsetjmp) */
849 sigprocmask(SIG_SETMASK, old_set, NULL);
851 /* never comes here */
854 #elif defined(TARGET_SPARC)
855 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
856 int is_write, sigset_t *old_set,
859 TranslationBlock *tb;
863 env = cpu_single_env; /* XXX: find a correct solution for multithread */
864 #if defined(DEBUG_SIGNAL)
865 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
866 pc, address, is_write, *(unsigned long *)old_set);
868 /* XXX: locking issue */
869 if (is_write && page_unprotect(h2g(address), pc, puc)) {
872 /* see if it is an MMU fault */
873 ret = cpu_sparc_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
875 return 0; /* not an MMU fault */
877 return 1; /* the MMU fault was handled without causing real CPU fault */
878 /* now we have a real cpu fault */
881 /* the PC is inside the translated code. It means that we have
882 a virtual CPU fault */
883 cpu_restore_state(tb, env, pc, puc);
885 /* we restore the process signal mask as the sigreturn should
886 do it (XXX: use sigsetjmp) */
887 sigprocmask(SIG_SETMASK, old_set, NULL);
889 /* never comes here */
892 #elif defined (TARGET_PPC)
893 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
894 int is_write, sigset_t *old_set,
897 TranslationBlock *tb;
901 env = cpu_single_env; /* XXX: find a correct solution for multithread */
902 #if defined(DEBUG_SIGNAL)
903 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
904 pc, address, is_write, *(unsigned long *)old_set);
906 /* XXX: locking issue */
907 if (is_write && page_unprotect(h2g(address), pc, puc)) {
911 /* see if it is an MMU fault */
912 ret = cpu_ppc_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
914 return 0; /* not an MMU fault */
916 return 1; /* the MMU fault was handled without causing real CPU fault */
918 /* now we have a real cpu fault */
921 /* the PC is inside the translated code. It means that we have
922 a virtual CPU fault */
923 cpu_restore_state(tb, env, pc, puc);
927 printf("PF exception: NIP=0x%08x error=0x%x %p\n",
928 env->nip, env->error_code, tb);
930 /* we restore the process signal mask as the sigreturn should
931 do it (XXX: use sigsetjmp) */
932 sigprocmask(SIG_SETMASK, old_set, NULL);
935 /* activate soft MMU for this block */
936 cpu_resume_from_signal(env, puc);
938 /* never comes here */
942 #elif defined(TARGET_M68K)
943 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
944 int is_write, sigset_t *old_set,
947 TranslationBlock *tb;
951 env = cpu_single_env; /* XXX: find a correct solution for multithread */
952 #if defined(DEBUG_SIGNAL)
953 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
954 pc, address, is_write, *(unsigned long *)old_set);
956 /* XXX: locking issue */
957 if (is_write && page_unprotect(address, pc, puc)) {
960 /* see if it is an MMU fault */
961 ret = cpu_m68k_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
963 return 0; /* not an MMU fault */
965 return 1; /* the MMU fault was handled without causing real CPU fault */
966 /* now we have a real cpu fault */
969 /* the PC is inside the translated code. It means that we have
970 a virtual CPU fault */
971 cpu_restore_state(tb, env, pc, puc);
973 /* we restore the process signal mask as the sigreturn should
974 do it (XXX: use sigsetjmp) */
975 sigprocmask(SIG_SETMASK, old_set, NULL);
977 /* never comes here */
981 #elif defined (TARGET_MIPS)
982 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
983 int is_write, sigset_t *old_set,
986 TranslationBlock *tb;
990 env = cpu_single_env; /* XXX: find a correct solution for multithread */
991 #if defined(DEBUG_SIGNAL)
992 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
993 pc, address, is_write, *(unsigned long *)old_set);
995 /* XXX: locking issue */
996 if (is_write && page_unprotect(h2g(address), pc, puc)) {
1000 /* see if it is an MMU fault */
1001 ret = cpu_mips_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
1003 return 0; /* not an MMU fault */
1005 return 1; /* the MMU fault was handled without causing real CPU fault */
1007 /* now we have a real cpu fault */
1008 tb = tb_find_pc(pc);
1010 /* the PC is inside the translated code. It means that we have
1011 a virtual CPU fault */
1012 cpu_restore_state(tb, env, pc, puc);
1016 printf("PF exception: PC=0x" TARGET_FMT_lx " error=0x%x %p\n",
1017 env->PC, env->error_code, tb);
1019 /* we restore the process signal mask as the sigreturn should
1020 do it (XXX: use sigsetjmp) */
1021 sigprocmask(SIG_SETMASK, old_set, NULL);
1024 /* activate soft MMU for this block */
1025 cpu_resume_from_signal(env, puc);
1027 /* never comes here */
1031 #elif defined (TARGET_SH4)
1032 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
1033 int is_write, sigset_t *old_set,
1036 TranslationBlock *tb;
1040 env = cpu_single_env; /* XXX: find a correct solution for multithread */
1041 #if defined(DEBUG_SIGNAL)
1042 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
1043 pc, address, is_write, *(unsigned long *)old_set);
1045 /* XXX: locking issue */
1046 if (is_write && page_unprotect(h2g(address), pc, puc)) {
1050 /* see if it is an MMU fault */
1051 ret = cpu_sh4_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
1053 return 0; /* not an MMU fault */
1055 return 1; /* the MMU fault was handled without causing real CPU fault */
1057 /* now we have a real cpu fault */
1058 tb = tb_find_pc(pc);
1060 /* the PC is inside the translated code. It means that we have
1061 a virtual CPU fault */
1062 cpu_restore_state(tb, env, pc, puc);
1065 printf("PF exception: NIP=0x%08x error=0x%x %p\n",
1066 env->nip, env->error_code, tb);
1068 /* we restore the process signal mask as the sigreturn should
1069 do it (XXX: use sigsetjmp) */
1070 sigprocmask(SIG_SETMASK, old_set, NULL);
1072 /* never comes here */
1076 #elif defined (TARGET_ALPHA)
1077 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
1078 int is_write, sigset_t *old_set,
1081 TranslationBlock *tb;
1085 env = cpu_single_env; /* XXX: find a correct solution for multithread */
1086 #if defined(DEBUG_SIGNAL)
1087 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
1088 pc, address, is_write, *(unsigned long *)old_set);
1090 /* XXX: locking issue */
1091 if (is_write && page_unprotect(h2g(address), pc, puc)) {
1095 /* see if it is an MMU fault */
1096 ret = cpu_alpha_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
1098 return 0; /* not an MMU fault */
1100 return 1; /* the MMU fault was handled without causing real CPU fault */
1102 /* now we have a real cpu fault */
1103 tb = tb_find_pc(pc);
1105 /* the PC is inside the translated code. It means that we have
1106 a virtual CPU fault */
1107 cpu_restore_state(tb, env, pc, puc);
1110 printf("PF exception: NIP=0x%08x error=0x%x %p\n",
1111 env->nip, env->error_code, tb);
1113 /* we restore the process signal mask as the sigreturn should
1114 do it (XXX: use sigsetjmp) */
1115 sigprocmask(SIG_SETMASK, old_set, NULL);
1117 /* never comes here */
1120 #elif defined (TARGET_CRIS)
1121 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
1122 int is_write, sigset_t *old_set,
1125 TranslationBlock *tb;
1129 env = cpu_single_env; /* XXX: find a correct solution for multithread */
1130 #if defined(DEBUG_SIGNAL)
1131 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
1132 pc, address, is_write, *(unsigned long *)old_set);
1134 /* XXX: locking issue */
1135 if (is_write && page_unprotect(h2g(address), pc, puc)) {
1139 /* see if it is an MMU fault */
1140 ret = cpu_cris_handle_mmu_fault(env, address, is_write, MMU_USER_IDX, 0);
1142 return 0; /* not an MMU fault */
1144 return 1; /* the MMU fault was handled without causing real CPU fault */
1146 /* now we have a real cpu fault */
1147 tb = tb_find_pc(pc);
1149 /* the PC is inside the translated code. It means that we have
1150 a virtual CPU fault */
1151 cpu_restore_state(tb, env, pc, puc);
1153 /* we restore the process signal mask as the sigreturn should
1154 do it (XXX: use sigsetjmp) */
1155 sigprocmask(SIG_SETMASK, old_set, NULL);
1157 /* never comes here */
1162 #error unsupported target CPU
1165 #if defined(__i386__)
1167 #if defined(__APPLE__)
1168 # include <sys/ucontext.h>
1170 # define EIP_sig(context) (*((unsigned long*)&(context)->uc_mcontext->ss.eip))
1171 # define TRAP_sig(context) ((context)->uc_mcontext->es.trapno)
1172 # define ERROR_sig(context) ((context)->uc_mcontext->es.err)
1173 # define MASK_sig(context) ((context)->uc_sigmask)
1174 #elif defined(__OpenBSD__)
1175 # define EIP_sig(context) ((context)->sc_eip)
1176 # define TRAP_sig(context) ((context)->sc_trapno)
1177 # define ERROR_sig(context) ((context)->sc_err)
1178 # define MASK_sig(context) ((context)->sc_mask)
1180 # define EIP_sig(context) ((context)->uc_mcontext.gregs[REG_EIP])
1181 # define TRAP_sig(context) ((context)->uc_mcontext.gregs[REG_TRAPNO])
1182 # define ERROR_sig(context) ((context)->uc_mcontext.gregs[REG_ERR])
1183 # define MASK_sig(context) ((context)->uc_sigmask)
1186 int cpu_signal_handler(int host_signum, void *pinfo,
1189 siginfo_t *info = pinfo;
1190 #if defined(__OpenBSD__)
1191 struct sigcontext *uc = puc;
1193 struct ucontext *uc = puc;
1202 #define REG_TRAPNO TRAPNO
1205 trapno = TRAP_sig(uc);
1206 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1208 (ERROR_sig(uc) >> 1) & 1 : 0,
1209 &MASK_sig(uc), puc);
1212 #elif defined(__x86_64__)
1215 #define PC_sig(context) _UC_MACHINE_PC(context)
1216 #define TRAP_sig(context) ((context)->uc_mcontext.__gregs[_REG_TRAPNO])
1217 #define ERROR_sig(context) ((context)->uc_mcontext.__gregs[_REG_ERR])
1218 #define MASK_sig(context) ((context)->uc_sigmask)
1219 #elif defined(__OpenBSD__)
1220 #define PC_sig(context) ((context)->sc_rip)
1221 #define TRAP_sig(context) ((context)->sc_trapno)
1222 #define ERROR_sig(context) ((context)->sc_err)
1223 #define MASK_sig(context) ((context)->sc_mask)
1225 #define PC_sig(context) ((context)->uc_mcontext.gregs[REG_RIP])
1226 #define TRAP_sig(context) ((context)->uc_mcontext.gregs[REG_TRAPNO])
1227 #define ERROR_sig(context) ((context)->uc_mcontext.gregs[REG_ERR])
1228 #define MASK_sig(context) ((context)->uc_sigmask)
1231 int cpu_signal_handler(int host_signum, void *pinfo,
1234 siginfo_t *info = pinfo;
1237 ucontext_t *uc = puc;
1238 #elif defined(__OpenBSD__)
1239 struct sigcontext *uc = puc;
1241 struct ucontext *uc = puc;
1245 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1246 TRAP_sig(uc) == 0xe ?
1247 (ERROR_sig(uc) >> 1) & 1 : 0,
1248 &MASK_sig(uc), puc);
1251 #elif defined(_ARCH_PPC)
1253 /***********************************************************************
1254 * signal context platform-specific definitions
1258 /* All Registers access - only for local access */
1259 # define REG_sig(reg_name, context) ((context)->uc_mcontext.regs->reg_name)
1260 /* Gpr Registers access */
1261 # define GPR_sig(reg_num, context) REG_sig(gpr[reg_num], context)
1262 # define IAR_sig(context) REG_sig(nip, context) /* Program counter */
1263 # define MSR_sig(context) REG_sig(msr, context) /* Machine State Register (Supervisor) */
1264 # define CTR_sig(context) REG_sig(ctr, context) /* Count register */
1265 # define XER_sig(context) REG_sig(xer, context) /* User's integer exception register */
1266 # define LR_sig(context) REG_sig(link, context) /* Link register */
1267 # define CR_sig(context) REG_sig(ccr, context) /* Condition register */
1268 /* Float Registers access */
1269 # define FLOAT_sig(reg_num, context) (((double*)((char*)((context)->uc_mcontext.regs+48*4)))[reg_num])
1270 # define FPSCR_sig(context) (*(int*)((char*)((context)->uc_mcontext.regs+(48+32*2)*4)))
1271 /* Exception Registers access */
1272 # define DAR_sig(context) REG_sig(dar, context)
1273 # define DSISR_sig(context) REG_sig(dsisr, context)
1274 # define TRAP_sig(context) REG_sig(trap, context)
1278 # include <sys/ucontext.h>
1279 typedef struct ucontext SIGCONTEXT;
1280 /* All Registers access - only for local access */
1281 # define REG_sig(reg_name, context) ((context)->uc_mcontext->ss.reg_name)
1282 # define FLOATREG_sig(reg_name, context) ((context)->uc_mcontext->fs.reg_name)
1283 # define EXCEPREG_sig(reg_name, context) ((context)->uc_mcontext->es.reg_name)
1284 # define VECREG_sig(reg_name, context) ((context)->uc_mcontext->vs.reg_name)
1285 /* Gpr Registers access */
1286 # define GPR_sig(reg_num, context) REG_sig(r##reg_num, context)
1287 # define IAR_sig(context) REG_sig(srr0, context) /* Program counter */
1288 # define MSR_sig(context) REG_sig(srr1, context) /* Machine State Register (Supervisor) */
1289 # define CTR_sig(context) REG_sig(ctr, context)
1290 # define XER_sig(context) REG_sig(xer, context) /* Link register */
1291 # define LR_sig(context) REG_sig(lr, context) /* User's integer exception register */
1292 # define CR_sig(context) REG_sig(cr, context) /* Condition register */
1293 /* Float Registers access */
1294 # define FLOAT_sig(reg_num, context) FLOATREG_sig(fpregs[reg_num], context)
1295 # define FPSCR_sig(context) ((double)FLOATREG_sig(fpscr, context))
1296 /* Exception Registers access */
1297 # define DAR_sig(context) EXCEPREG_sig(dar, context) /* Fault registers for coredump */
1298 # define DSISR_sig(context) EXCEPREG_sig(dsisr, context)
1299 # define TRAP_sig(context) EXCEPREG_sig(exception, context) /* number of powerpc exception taken */
1300 #endif /* __APPLE__ */
1302 int cpu_signal_handler(int host_signum, void *pinfo,
1305 siginfo_t *info = pinfo;
1306 struct ucontext *uc = puc;
1314 if (DSISR_sig(uc) & 0x00800000)
1317 if (TRAP_sig(uc) != 0x400 && (DSISR_sig(uc) & 0x02000000))
1320 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1321 is_write, &uc->uc_sigmask, puc);
1324 #elif defined(__alpha__)
1326 int cpu_signal_handler(int host_signum, void *pinfo,
1329 siginfo_t *info = pinfo;
1330 struct ucontext *uc = puc;
1331 uint32_t *pc = uc->uc_mcontext.sc_pc;
1332 uint32_t insn = *pc;
1335 /* XXX: need kernel patch to get write flag faster */
1336 switch (insn >> 26) {
1351 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1352 is_write, &uc->uc_sigmask, puc);
1354 #elif defined(__sparc__)
1356 int cpu_signal_handler(int host_signum, void *pinfo,
1359 siginfo_t *info = pinfo;
1362 #if !defined(__arch64__) || defined(HOST_SOLARIS)
1363 uint32_t *regs = (uint32_t *)(info + 1);
1364 void *sigmask = (regs + 20);
1365 /* XXX: is there a standard glibc define ? */
1366 unsigned long pc = regs[1];
1369 struct sigcontext *sc = puc;
1370 unsigned long pc = sc->sigc_regs.tpc;
1371 void *sigmask = (void *)sc->sigc_mask;
1372 #elif defined(__OpenBSD__)
1373 struct sigcontext *uc = puc;
1374 unsigned long pc = uc->sc_pc;
1375 void *sigmask = (void *)(long)uc->sc_mask;
1379 /* XXX: need kernel patch to get write flag faster */
1381 insn = *(uint32_t *)pc;
1382 if ((insn >> 30) == 3) {
1383 switch((insn >> 19) & 0x3f) {
1407 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1408 is_write, sigmask, NULL);
1411 #elif defined(__arm__)
1413 int cpu_signal_handler(int host_signum, void *pinfo,
1416 siginfo_t *info = pinfo;
1417 struct ucontext *uc = puc;
1421 #if (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ <= 3))
1422 pc = uc->uc_mcontext.gregs[R15];
1424 pc = uc->uc_mcontext.arm_pc;
1426 /* XXX: compute is_write */
1428 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1430 &uc->uc_sigmask, puc);
1433 #elif defined(__mc68000)
1435 int cpu_signal_handler(int host_signum, void *pinfo,
1438 siginfo_t *info = pinfo;
1439 struct ucontext *uc = puc;
1443 pc = uc->uc_mcontext.gregs[16];
1444 /* XXX: compute is_write */
1446 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1448 &uc->uc_sigmask, puc);
1451 #elif defined(__ia64)
1454 /* This ought to be in <bits/siginfo.h>... */
1455 # define __ISR_VALID 1
1458 int cpu_signal_handler(int host_signum, void *pinfo, void *puc)
1460 siginfo_t *info = pinfo;
1461 struct ucontext *uc = puc;
1465 ip = uc->uc_mcontext.sc_ip;
1466 switch (host_signum) {
1472 if (info->si_code && (info->si_segvflags & __ISR_VALID))
1473 /* ISR.W (write-access) is bit 33: */
1474 is_write = (info->si_isr >> 33) & 1;
1480 return handle_cpu_signal(ip, (unsigned long)info->si_addr,
1482 &uc->uc_sigmask, puc);
1485 #elif defined(__s390__)
1487 int cpu_signal_handler(int host_signum, void *pinfo,
1490 siginfo_t *info = pinfo;
1491 struct ucontext *uc = puc;
1495 pc = uc->uc_mcontext.psw.addr;
1496 /* XXX: compute is_write */
1498 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1499 is_write, &uc->uc_sigmask, puc);
1502 #elif defined(__mips__)
1504 int cpu_signal_handler(int host_signum, void *pinfo,
1507 siginfo_t *info = pinfo;
1508 struct ucontext *uc = puc;
1509 greg_t pc = uc->uc_mcontext.pc;
1512 /* XXX: compute is_write */
1514 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1515 is_write, &uc->uc_sigmask, puc);
1518 #elif defined(__hppa__)
1520 int cpu_signal_handler(int host_signum, void *pinfo,
1523 struct siginfo *info = pinfo;
1524 struct ucontext *uc = puc;
1528 pc = uc->uc_mcontext.sc_iaoq[0];
1529 /* FIXME: compute is_write */
1531 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
1533 &uc->uc_sigmask, puc);
1538 #error host CPU specific signal handler needed
1542 #endif /* !defined(CONFIG_SOFTMMU) */
projects / qemu / blob