1 /* 2 * qemu user cpu loop 3 * 4 * Copyright (c) 2003-2008 Fabrice Bellard 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qemu-common.h" 22 #include "qemu.h" 23 #include "elf.h" 24 #include "cpu_loop-common.h" 25 #include "semihosting/common-semi.h" 26 27 #define get_user_code_u32(x, gaddr, env) \ 28 ({ abi_long __r = get_user_u32((x), (gaddr)); \ 29 if (!__r && bswap_code(arm_sctlr_b(env))) { \ 30 (x) = bswap32(x); \ 31 } \ 32 __r; \ 33 }) 34 35 #define get_user_code_u16(x, gaddr, env) \ 36 ({ abi_long __r = get_user_u16((x), (gaddr)); \ 37 if (!__r && bswap_code(arm_sctlr_b(env))) { \ 38 (x) = bswap16(x); \ 39 } \ 40 __r; \ 41 }) 42 43 #define get_user_data_u32(x, gaddr, env) \ 44 ({ abi_long __r = get_user_u32((x), (gaddr)); \ 45 if (!__r && arm_cpu_bswap_data(env)) { \ 46 (x) = bswap32(x); \ 47 } \ 48 __r; \ 49 }) 50 51 #define get_user_data_u16(x, gaddr, env) \ 52 ({ abi_long __r = get_user_u16((x), (gaddr)); \ 53 if (!__r && arm_cpu_bswap_data(env)) { \ 54 (x) = bswap16(x); \ 55 } \ 56 __r; \ 57 }) 58 59 #define put_user_data_u32(x, gaddr, env) \ 60 ({ typeof(x) __x = (x); \ 61 if (arm_cpu_bswap_data(env)) { \ 62 __x = bswap32(__x); \ 63 } \ 64 put_user_u32(__x, (gaddr)); \ 65 }) 66 67 #define put_user_data_u16(x, gaddr, env) \ 68 ({ typeof(x) __x = (x); \ 69 if (arm_cpu_bswap_data(env)) { \ 70 __x = bswap16(__x); \ 71 } \ 72 put_user_u16(__x, (gaddr)); \ 73 }) 74 75 /* Commpage handling -- there is no commpage for AArch64 */ 76 77 /* 78 * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt 79 * Input: 80 * r0 = pointer to oldval 81 * r1 = pointer to newval 82 * r2 = pointer to target value 83 * 84 * Output: 85 * r0 = 0 if *ptr was changed, non-0 if no exchange happened 86 * C set if *ptr was changed, clear if no exchange happened 87 * 88 * Note segv's in kernel helpers are a bit tricky, we can set the 89 * data address sensibly but the PC address is just the entry point. 90 */ 91 static void arm_kernel_cmpxchg64_helper(CPUARMState *env) 92 { 93 uint64_t oldval, newval, val; 94 uint32_t addr, cpsr; 95 target_siginfo_t info; 96 97 /* Based on the 32 bit code in do_kernel_trap */ 98 99 /* XXX: This only works between threads, not between processes. 100 It's probably possible to implement this with native host 101 operations. However things like ldrex/strex are much harder so 102 there's not much point trying. */ 103 start_exclusive(); 104 cpsr = cpsr_read(env); 105 addr = env->regs[2]; 106 107 if (get_user_u64(oldval, env->regs[0])) { 108 env->exception.vaddress = env->regs[0]; 109 goto segv; 110 }; 111 112 if (get_user_u64(newval, env->regs[1])) { 113 env->exception.vaddress = env->regs[1]; 114 goto segv; 115 }; 116 117 if (get_user_u64(val, addr)) { 118 env->exception.vaddress = addr; 119 goto segv; 120 } 121 122 if (val == oldval) { 123 val = newval; 124 125 if (put_user_u64(val, addr)) { 126 env->exception.vaddress = addr; 127 goto segv; 128 }; 129 130 env->regs[0] = 0; 131 cpsr |= CPSR_C; 132 } else { 133 env->regs[0] = -1; 134 cpsr &= ~CPSR_C; 135 } 136 cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr); 137 end_exclusive(); 138 return; 139 140 segv: 141 end_exclusive(); 142 /* We get the PC of the entry address - which is as good as anything, 143 on a real kernel what you get depends on which mode it uses. */ 144 info.si_signo = TARGET_SIGSEGV; 145 info.si_errno = 0; 146 /* XXX: check env->error_code */ 147 info.si_code = TARGET_SEGV_MAPERR; 148 info._sifields._sigfault._addr = env->exception.vaddress; 149 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); 150 } 151 152 /* Handle a jump to the kernel code page. */ 153 static int 154 do_kernel_trap(CPUARMState *env) 155 { 156 uint32_t addr; 157 uint32_t cpsr; 158 uint32_t val; 159 160 switch (env->regs[15]) { 161 case 0xffff0fa0: /* __kernel_memory_barrier */ 162 /* ??? No-op. Will need to do better for SMP. */ 163 break; 164 case 0xffff0fc0: /* __kernel_cmpxchg */ 165 /* XXX: This only works between threads, not between processes. 166 It's probably possible to implement this with native host 167 operations. However things like ldrex/strex are much harder so 168 there's not much point trying. */ 169 start_exclusive(); 170 cpsr = cpsr_read(env); 171 addr = env->regs[2]; 172 /* FIXME: This should SEGV if the access fails. */ 173 if (get_user_u32(val, addr)) 174 val = ~env->regs[0]; 175 if (val == env->regs[0]) { 176 val = env->regs[1]; 177 /* FIXME: Check for segfaults. */ 178 put_user_u32(val, addr); 179 env->regs[0] = 0; 180 cpsr |= CPSR_C; 181 } else { 182 env->regs[0] = -1; 183 cpsr &= ~CPSR_C; 184 } 185 cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr); 186 end_exclusive(); 187 break; 188 case 0xffff0fe0: /* __kernel_get_tls */ 189 env->regs[0] = cpu_get_tls(env); 190 break; 191 case 0xffff0f60: /* __kernel_cmpxchg64 */ 192 arm_kernel_cmpxchg64_helper(env); 193 break; 194 195 default: 196 return 1; 197 } 198 /* Jump back to the caller. */ 199 addr = env->regs[14]; 200 if (addr & 1) { 201 env->thumb = 1; 202 addr &= ~1; 203 } 204 env->regs[15] = addr; 205 206 return 0; 207 } 208 209 static bool insn_is_linux_bkpt(uint32_t opcode, bool is_thumb) 210 { 211 /* 212 * Return true if this insn is one of the three magic UDF insns 213 * which the kernel treats as breakpoint insns. 214 */ 215 if (!is_thumb) { 216 return (opcode & 0x0fffffff) == 0x07f001f0; 217 } else { 218 /* 219 * Note that we get the two halves of the 32-bit T32 insn 220 * in the opposite order to the value the kernel uses in 221 * its undef_hook struct. 222 */ 223 return ((opcode & 0xffff) == 0xde01) || (opcode == 0xa000f7f0); 224 } 225 } 226 227 void cpu_loop(CPUARMState *env) 228 { 229 CPUState *cs = env_cpu(env); 230 int trapnr; 231 unsigned int n, insn; 232 target_siginfo_t info; 233 uint32_t addr; 234 abi_ulong ret; 235 236 for(;;) { 237 cpu_exec_start(cs); 238 trapnr = cpu_exec(cs); 239 cpu_exec_end(cs); 240 process_queued_cpu_work(cs); 241 242 switch(trapnr) { 243 case EXCP_UDEF: 244 case EXCP_NOCP: 245 case EXCP_INVSTATE: 246 { 247 TaskState *ts = cs->opaque; 248 uint32_t opcode; 249 int rc; 250 251 /* we handle the FPU emulation here, as Linux */ 252 /* we get the opcode */ 253 /* FIXME - what to do if get_user() fails? */ 254 get_user_code_u32(opcode, env->regs[15], env); 255 256 /* 257 * The Linux kernel treats some UDF patterns specially 258 * to use as breakpoints (instead of the architectural 259 * bkpt insn). These should trigger a SIGTRAP rather 260 * than SIGILL. 261 */ 262 if (insn_is_linux_bkpt(opcode, env->thumb)) { 263 goto excp_debug; 264 } 265 266 rc = EmulateAll(opcode, &ts->fpa, env); 267 if (rc == 0) { /* illegal instruction */ 268 info.si_signo = TARGET_SIGILL; 269 info.si_errno = 0; 270 info.si_code = TARGET_ILL_ILLOPN; 271 info._sifields._sigfault._addr = env->regs[15]; 272 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); 273 } else if (rc < 0) { /* FP exception */ 274 int arm_fpe=0; 275 276 /* translate softfloat flags to FPSR flags */ 277 if (-rc & float_flag_invalid) 278 arm_fpe |= BIT_IOC; 279 if (-rc & float_flag_divbyzero) 280 arm_fpe |= BIT_DZC; 281 if (-rc & float_flag_overflow) 282 arm_fpe |= BIT_OFC; 283 if (-rc & float_flag_underflow) 284 arm_fpe |= BIT_UFC; 285 if (-rc & float_flag_inexact) 286 arm_fpe |= BIT_IXC; 287 288 FPSR fpsr = ts->fpa.fpsr; 289 //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe); 290 291 if (fpsr & (arm_fpe << 16)) { /* exception enabled? */ 292 info.si_signo = TARGET_SIGFPE; 293 info.si_errno = 0; 294 295 /* ordered by priority, least first */ 296 if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES; 297 if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND; 298 if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF; 299 if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV; 300 if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV; 301 302 info._sifields._sigfault._addr = env->regs[15]; 303 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); 304 } else { 305 env->regs[15] += 4; 306 } 307 308 /* accumulate unenabled exceptions */ 309 if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC)) 310 fpsr |= BIT_IXC; 311 if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC)) 312 fpsr |= BIT_UFC; 313 if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC)) 314 fpsr |= BIT_OFC; 315 if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC)) 316 fpsr |= BIT_DZC; 317 if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC)) 318 fpsr |= BIT_IOC; 319 ts->fpa.fpsr=fpsr; 320 } else { /* everything OK */ 321 /* increment PC */ 322 env->regs[15] += 4; 323 } 324 } 325 break; 326 case EXCP_SWI: 327 { 328 env->eabi = 1; 329 /* system call */ 330 if (env->thumb) { 331 /* Thumb is always EABI style with syscall number in r7 */ 332 n = env->regs[7]; 333 } else { 334 /* 335 * Equivalent of kernel CONFIG_OABI_COMPAT: read the 336 * Arm SVC insn to extract the immediate, which is the 337 * syscall number in OABI. 338 */ 339 /* FIXME - what to do if get_user() fails? */ 340 get_user_code_u32(insn, env->regs[15] - 4, env); 341 n = insn & 0xffffff; 342 if (n == 0) { 343 /* zero immediate: EABI, syscall number in r7 */ 344 n = env->regs[7]; 345 } else { 346 /* 347 * This XOR matches the kernel code: an immediate 348 * in the valid range (0x900000 .. 0x9fffff) is 349 * converted into the correct EABI-style syscall 350 * number; invalid immediates end up as values 351 * > 0xfffff and are handled below as out-of-range. 352 */ 353 n ^= ARM_SYSCALL_BASE; 354 env->eabi = 0; 355 } 356 } 357 358 if (n > ARM_NR_BASE) { 359 switch (n) { 360 case ARM_NR_cacheflush: 361 /* nop */ 362 break; 363 case ARM_NR_set_tls: 364 cpu_set_tls(env, env->regs[0]); 365 env->regs[0] = 0; 366 break; 367 case ARM_NR_breakpoint: 368 env->regs[15] -= env->thumb ? 2 : 4; 369 goto excp_debug; 370 case ARM_NR_get_tls: 371 env->regs[0] = cpu_get_tls(env); 372 break; 373 default: 374 if (n < 0xf0800) { 375 /* 376 * Syscalls 0xf0000..0xf07ff (or 0x9f0000.. 377 * 0x9f07ff in OABI numbering) are defined 378 * to return -ENOSYS rather than raising 379 * SIGILL. Note that we have already 380 * removed the 0x900000 prefix. 381 */ 382 qemu_log_mask(LOG_UNIMP, 383 "qemu: Unsupported ARM syscall: 0x%x\n", 384 n); 385 env->regs[0] = -TARGET_ENOSYS; 386 } else { 387 /* 388 * Otherwise SIGILL. This includes any SWI with 389 * immediate not originally 0x9fxxxx, because 390 * of the earlier XOR. 391 */ 392 info.si_signo = TARGET_SIGILL; 393 info.si_errno = 0; 394 info.si_code = TARGET_ILL_ILLTRP; 395 info._sifields._sigfault._addr = env->regs[15]; 396 if (env->thumb) { 397 info._sifields._sigfault._addr -= 2; 398 } else { 399 info._sifields._sigfault._addr -= 4; 400 } 401 queue_signal(env, info.si_signo, 402 QEMU_SI_FAULT, &info); 403 } 404 break; 405 } 406 } else { 407 ret = do_syscall(env, 408 n, 409 env->regs[0], 410 env->regs[1], 411 env->regs[2], 412 env->regs[3], 413 env->regs[4], 414 env->regs[5], 415 0, 0); 416 if (ret == -TARGET_ERESTARTSYS) { 417 env->regs[15] -= env->thumb ? 2 : 4; 418 } else if (ret != -TARGET_QEMU_ESIGRETURN) { 419 env->regs[0] = ret; 420 } 421 } 422 } 423 break; 424 case EXCP_SEMIHOST: 425 env->regs[0] = do_common_semihosting(cs); 426 env->regs[15] += env->thumb ? 2 : 4; 427 break; 428 case EXCP_INTERRUPT: 429 /* just indicate that signals should be handled asap */ 430 break; 431 case EXCP_PREFETCH_ABORT: 432 case EXCP_DATA_ABORT: 433 addr = env->exception.vaddress; 434 { 435 info.si_signo = TARGET_SIGSEGV; 436 info.si_errno = 0; 437 /* XXX: check env->error_code */ 438 info.si_code = TARGET_SEGV_MAPERR; 439 info._sifields._sigfault._addr = addr; 440 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); 441 } 442 break; 443 case EXCP_DEBUG: 444 case EXCP_BKPT: 445 excp_debug: 446 info.si_signo = TARGET_SIGTRAP; 447 info.si_errno = 0; 448 info.si_code = TARGET_TRAP_BRKPT; 449 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); 450 break; 451 case EXCP_KERNEL_TRAP: 452 if (do_kernel_trap(env)) 453 goto error; 454 break; 455 case EXCP_YIELD: 456 /* nothing to do here for user-mode, just resume guest code */ 457 break; 458 case EXCP_ATOMIC: 459 cpu_exec_step_atomic(cs); 460 break; 461 default: 462 error: 463 EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr); 464 abort(); 465 } 466 process_pending_signals(env); 467 } 468 } 469 470 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs) 471 { 472 CPUState *cpu = env_cpu(env); 473 TaskState *ts = cpu->opaque; 474 struct image_info *info = ts->info; 475 int i; 476 477 cpsr_write(env, regs->uregs[16], CPSR_USER | CPSR_EXEC, 478 CPSRWriteByInstr); 479 for(i = 0; i < 16; i++) { 480 env->regs[i] = regs->uregs[i]; 481 } 482 #ifdef TARGET_WORDS_BIGENDIAN 483 /* Enable BE8. */ 484 if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4 485 && (info->elf_flags & EF_ARM_BE8)) { 486 env->uncached_cpsr |= CPSR_E; 487 env->cp15.sctlr_el[1] |= SCTLR_E0E; 488 } else { 489 env->cp15.sctlr_el[1] |= SCTLR_B; 490 } 491 arm_rebuild_hflags(env); 492 #endif 493 494 ts->stack_base = info->start_stack; 495 ts->heap_base = info->brk; 496 /* This will be filled in on the first SYS_HEAPINFO call. */ 497 ts->heap_limit = 0; 498 } 499