We need to write the result to the destination register before
raising any exception. Thus inline the code for each insn, and
check for any exception after we're done.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
We should raise INV for infinities as well, not OVR+INE.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The range +- 2**63 - 2**64 was returning the wrong truncated
result. We also incorrectly signaled overflow for -2**63.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Floating-point overflow is a different bit from integer overflow.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Previously forgotten, the kernel needs the software completion bit to
know that it needs to emulate software completion qualified insns.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The qualifiers can suppress the raising of exceptions, but real
hardware still records that the exceptions occurred.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Store the fpcr as the hardware represents it. Convert the softfpu
representation of exceptions into the fpcr representation.
Signed-off-by: Richard Henderson <rth@twiddle.net>
PC should be one past the faulting insn. Add better commentary
for the machine-check exception path.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Richard Henderson <rth@twiddle.net>
When we use QUAL_RM_D, we copy fpcr_dyn_round to float_status.
When we install a new FPCR value, we update fpcr_dyn_round.
Reset the status of the cache so that we re-copy for the next
fp insn that requires dynamic rounding.
Signed-off-by: Richard Henderson <rth@twiddle.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVViG7AAoJEDhwtADrkYZTqu0QAJCtZI2V3JZ3RmUfj/ISpekZ
9gery42k6mc9dnMp+YOEdfbYYkjtcb3NqSPQi1iJUtBS1GjYGgvC2dqYDs6Eemow
OEMyat7pwzPL7oOgoXC2F3fd/LMkpGU+qNIcj9ofqrd0I46MXYCTuwS6f8j1geDQ
QtG+P57g6VFNzoy6I2H7NV3u3kLw1uwUTGaIEuuoCPUmSSWJrCxmoN2pFmHK1Rwk
8rjuN5ZBLt2Vonqkj59qv/MA7/VmpasIVdbfsbnt36Jih7IyojDxpcNB80xTMlnh
2AmVXSTsP62f7xhG2xWJf9+aOu4MWqfKCmv2f4wxuLV78eHRqjBz9zvMZTzSIE3j
ca71KBl5qXIPB0YdCXZrI6k6UnsXzkO8V51IfrclWqzGKX23JBaNltaKyFnAeFEU
mkVZFX2STFqE1sv9rpYlXcwnXf0OzERtoSK0yeQOFCUVRdFuZkUBHMoCcb06cZMt
kfP+gLt5d3hM9u1nv4rd2pfIq09HME+L6yyyG6x38EF1gvY7Up+ckqYSTaeioVWZ
S4lv1Wus/QFll5EZ5RIQNmA9PW58CJ7v5E3M2II82WNcqoWjhvcnjFtmaorvJ8N1
PFqIbODjbG3WOUTe5jZnJemzSoXKeX1QhQ4nwhAPMQQpvWiheOWlgE1sAj3vnK+l
7PUF4BnOPk0pH6nCeWY6
=wbUI
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-05-15' into staging
qapi: Fix qapi mangling of downstream names, and more
# gpg: Signature made Fri May 15 17:41:31 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-qapi-2015-05-15: (26 commits)
qapi: Inline gen_command_decl_prologue(), gen_command_def_prologue()
qapi: Drop pointless flush() before close()
qapi: Factor open_output(), close_output() out of generators
qapi: Turn generators' mandatory option -i into an argument
qapi: Fix generators to report command line errors decently
qapi: Factor parse_command_line() out of the generators
qapi: qapi-commands.py option --type is unused, drop it
qapi: qapi-event.py option -b does nothing, drop it
tests: Add missing dependencies on $(qapi-py)
qapi: Support downstream events and commands
qapi: Support downstream alternates
qapi: Support downstream flat unions
qapi: Support downstream simple unions
qapi: Support downstream structs
qapi: Support downstream enums
qapi: Make c_type() consistently convert qapi names
qapi: Tidy c_type() logic
qapi: Move camel_to_upper(), c_enum_const() to closely related code
qapi: Use c_enum_const() in generate_alternate_qtypes()
qapi: Simplify c_enum_const()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
These modifiers control, on a per-memory-op basis, whether
unaligned memory accesses are allowed. The default setting
reflects the target's definition of ALIGNED_ONLY.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The extra information is not yet used but it is now available.
This requires minor changes through all of the tcg backends.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
At the tcg opcode level, not at the tcg-op.h generator level.
This requires minor changes through all of the tcg backends,
but none of the cpu translators.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Mandatory option is silly, and the error handling is missing: the
programs crash when -i isn't supplied. Make it an argument, and check
it properly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Report to stderr, prefix with the program name. Also reject
extra arguments.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Anything but --type sync (which is the default) suppresses output
entirely, which makes no sense.
Dates back to the initial commit c17d990. Commit message says
"Currently only generators for synchronous qapi/qmp functions are
supported", so maybe output other than "synchronous qapi/qmp" was
planned at the time, to be selected with --type.
Should other kinds of output ever materialize, we can put the option
back.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Enhance the testsuite to cover downstream events and commands.
Events worked without more tweaks, but commands needed a few final
updates in the generator to mangle names in the appropriate places.
In making those tweaks, it was easier to drop type_visitor() and
inline its actions instead.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Enhance the testsuite to cover downstream alternates, including
whether the branch name or type is downstream. Update the
generator to mangle alternate names in the appropriate places.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Enhance the testsuite to cover downstream flat unions, including
the base type, discriminator name and type, and branch name and
type. Update the generator to mangle the union names in the
appropriate places.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Enhance the testsuite to cover downstream simple unions, including
when a union branch is a downstream name. Update the generator to
mangle the union names in the appropriate places.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Enhance the testsuite to cover downstream structs, including struct
members and base structs. Update the generator to mangle the
struct names in the appropriate places.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Enhance the testsuite to cover a downstream enum type and enum
string. Update the generator to mangle the enum name in the
appropriate places.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Continuing the string of cleanups for supporting downstream names
containing '.', this patch focuses on ensuring c_type() can
handle a downstream name. This patch alone does not fix the
places where generator output should be calling this function
but was open-coding things instead, but it gets us a step closer.
In particular, the changes to c_list_type() and type_name() mean
that type_name(FOO) now handles the case when FOO contains '.',
'-', or is a ticklish identifier other than a builtin (builtins
are exempted because ['int'] must remain mapped to 'intList' and
not 'q_intList'). Meanwhile, ['unix'] now maps to 'q_unixList'
rather than 'unixList', to match the fact that 'unix' is ticklish;
however, our naming conventions state that complex types should
start with a capital, so no type name following conventions will
ever have the 'q_' prepended.
Likewise, changes to c_type() mean that c_type(FOO) properly
handles an enum or complex type FOO with '.' or '-' in the
name, or is a ticklish identifier (again, a ticklish identifier
as a type name violates conventions).
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
c_type() is designed to be called on both string names and on
array designations, so 'name' is a bit misleading because it
operates on more than strings. Also, no caller ever passes
an empty string. Finally, + notation is a bit nicer to read
than '%s' % value for string concatenation.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Now that the two functions are identical, we only need one of them,
and we might as well give it a more descriptive name. Basically,
the function serves as the translation from a QAPI name into a
(portion of a) C identifier, without regards to whether it is a
variable or function name.
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
c_fun() maps '.' to '_', c_var() doesn't. Nothing prevents '.' in
QAPI names that get passed to c_var().
Which QAPI names get passed to c_fun(), to c_var(), or to both is not
obvious. Names of command parameters and struct type members get
passed to c_var().
c_var() strips a leading '*', but this cannot happen. c_fun()
doesn't.
Fix c_var() to work exactly like c_fun().
Perhaps they should be replaced by a single mapping function.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[add 'import string']
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Event name for hot unplug errors was wrong.
Make doc match code.
Cc: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
This will allow clients to query additional information directly using
qom-get on the CPU objects.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
A few TCG fixes for the s390x target. Nothing special, but with these
applied I can run most of the SLE12 binaries in Linux-user emulation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iQIcBAABAgAGBQJVU0hVAAoJECszeR4D/txgMdMQAKB9mN26EYtzFSCmKWiud4PF
IHMpTWcuLTWCJOL2dtRLHTzN3QJdFk/Kg8snwJSulF26mcV+poYXLG/a8kbECFL/
iwoodw3lb4m3yU0QaXZcMDazWk1U1muXWMyjtuiutDePEqVf6YfP4iX2r6GKKVxq
OQ0Nm5iirOCaP7CZMyseUmNNljTutOrx0xMwif8OKWrw8SPjIIgMSkVowAp5sBb7
c/DHYt1TNYfapOoFSVC06UU5GA5gsIyrNGj4EBMs+IpKmRVMiRTRa817liLE7Cjl
p4lIqBPoBL3ccPamNASKqw+9CNEIWu6pIQw/uUhxlK6IwBwJZLMY6c0s47mAGBn4
ABeB5SODBy9LoQLcGJAFAKHLk1BUys2+AckXZXrkb0+T8tyuiugAsb72ynSqxkHo
OfGh9OYGVIrm2+JSFdBkpbvYSdqbkj8fVUNHSTKpJVUNEJZzcFPFKOia9N6NKUEE
HdA/D78GuYnQr+5hGvG9Mg3LPSl7OjeoMHKDFUMsBC/XYQOLQzURDxj709dO6ZkH
vRTMVHyJ5LDHOzA4fk0TNRI6k/HUmYnAxK0rBHt25Q4TIMWBaARIMC5TPdl7DoIH
ngG0wtHh8EJmJJi5afHjlsBnSGCMD06xNwrxha3jE8I7OwvmCwvIC7J4DMLgNPzi
oUNYyBdQ6gNoJ7zSQrBZ
=hVj1
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' into staging
Patch queue for s390 - 2015-05-13
A few TCG fixes for the s390x target. Nothing special, but with these
applied I can run most of the SLE12 binaries in Linux-user emulation.
# gpg: Signature made Wed May 13 13:49:25 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-s390-for-upstream:
s390x: Add interlocked access facility 1 instructions
s390x: Add some documentation in opcode list
s390x: Fix stoc direction
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Version: GnuPG v1
iQIcBAABAgAGBQJVUzrzAAoJEH3vgQaq/DkOXS8QALd0l54nibDK8CA8ApUZeUns
frOmGf4bsP88YrJww0alYEiu3ERT4hmjqKkltcyioVFY2t/CuVwCkoayAKac4ga0
sg1pfAMwBG5mGfQ67N/9h+rivJkCboChK0tIaVKD78+G9ez564rVkt5Px8MD3PKP
SpatJSrfmOe5DjNVdlbgsNxuMEYZsI/req+G6kRJEddoHSIrQ6Ow/bk8Y5OLr1YV
GLCCb2n/G4tAkSb1akmVXBx+WqIWrtXyQVz//jWV1g4zMS773vco2jHZMDfPt1we
NvMoEo7uac8txlTYTXrHBFI19h+rW5jXs7+eYyM2bI04xZntEdxJzM1AIKoqzQUk
EtGmnGLNsrKg7hrIxcjHwJ09sBl3VkIj62PYUiyhXRB1t7b2bg5IOaRUESCZDnhQ
XV6ygdi6uGYoAiaM7JJ7FCt3k/xBFTPEHmyNTC+5Pza3mP5GXifNpDgLRPWP0ufG
EBnUdWDiWIYY6FNa/Z4A5BX5gu41vVQkGNMVjOc8rbZ7iuaGJxay1epVQyuH9vll
vZ8mUtFowvzWfGZGK/hjXVN7a3NK1N+JzVse1zVwqrf6z3nJXDd/Unn1ZfTcjHZb
0nBfe1WJRfsDOEgwYescjqckIwfcsLn1w+Q5MG76dQ6w2PeZcqaRf1LEl4sbiMSO
G+1YypZjZ2hJIwwBUam9
=D51H
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/jnsnow/tags/ide-cve-pull-request' into staging
# gpg: Signature made Wed May 13 12:52:19 2015 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: FAEB 9711 A12C F475 812F 18F2 88A9 064D 1835 61EB
# Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76 CBD0 7DEF 8106 AAFC 390E
* remotes/jnsnow/tags/ide-cve-pull-request:
fdc: force the fifo access to be in bounds of the allocated buffer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We're currently missing all instructions defined by the "interlocked-access
facility 1" which is part of zEC12. This patch implements all of them except
for LPD and LPDG.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
I find it really hard to grasp what each field in the opcode list means.
Slowly walking through its semantics myself, I figured I'd write a small
summary at the top of the file to make life easier for me and whoever
looks at the file next.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The store conditional instruction wants to store when the condition
is fulfilled, so we should branch out when it's not true.
The code today branches out when the condition is true, clearly
reversing the logic. Fix it up by negating the condition.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.
Fix this by making sure that the index is always bounded by the
allocated memory.
This is CVE-2015-3456.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
* Support TZ and grouping in the GIC
* hw/sd: sd_reset cleanup
* armv7m_nvic: fix bug in systick device
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVUd3CAAoJEDwlJe0UNgzeJnkP/2xbFBu/EYAGSjFnxzQsi1/V
jPUBDHM3JS6lsWOoy+Laxy62pTkUNkmarq8hNjZh6x7zgGwnaKnGtKwACZylTvOc
y99zwMG44dzibfhTQX3FEePipVXDRxfVWVErwd0eQvZ4JTjYKPWQvKKlAAmSE0A0
wKX4MstAzV13h+0z2cSBX5xsVy/NuB6rPFU8FLvmjZwVvHT4ivCeAENAcXoM3VZx
PprtHcxlJIXhsAauTPbZvlSMyKOVMQFVHEMR4qQGXjvVLdZfA26t5ptXiWQJCGe+
c35QBj5BbKm3k4bI5EMUtYT/Y4UcVfH1BMFIQhL9Z+HhyNcp8IuEZ2vtXrxHXmqS
QaxKYCYZ+CC1P9YHosKjz9JZfEiufKlnlznIhX5c33/J3oUOb6OwspEHzh4L793k
e7x0VyqTLWBeabZLyr45ghKBRn3BcVJaVDwJhaomju4XO0Ppx8RYpmrnoq4+TBNJ
sS7sLyU2WuEzmfTRcq16+AkWCEotZtXlVjisKg1Zy5ZPP1kRH7jl3Th5hhByzE/O
U4HQUfm6PiTR7D//52NcOuN2B8OGFdRtGFXDrgYL8RyExnF1yXLoWPAN/AKVaLpf
YbHv/1BCQPWyaV3UE+olXDo+ZVtD4EkIDPnetGDgKHg+CyuBwnpRLfyWBxzUcQtC
wH+FVWqZl4t8DZIugUyK
=st51
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150512' into staging
target-arm queue:
* Support TZ and grouping in the GIC
* hw/sd: sd_reset cleanup
* armv7m_nvic: fix bug in systick device
# gpg: Signature made Tue May 12 12:02:26 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150512:
hw/arm/highbank.c: Wire FIQ between CPU <> GIC
hw/arm/vexpress.c: Wire FIQ between CPU <> GIC
hw/arm/virt.c: Wire FIQ between CPU <> GIC
hw/intc/arm_gic: Add grouping support to gic_update()
hw/intc/arm_gic: Change behavior of IAR writes
hw/intc/arm_gic: Change behavior of EOIR writes
hw/intc/arm_gic: Handle grouping for GICC_HPPIR
hw/intc/arm_gic: Restrict priority view
hw/intc/arm_gic: Implement Non-secure view of RPR
hw/intc/arm_gic: Make ICCICR/GICC_CTLR banked
hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked
hw/intc/arm_gic: Make ICDDCR/GICD_CTLR banked
hw/intc/arm_gic_kvm.c: Save and restore GICD_IGROUPRn state
hw/intc/arm_gic: Add Interrupt Group Registers
hw/intc/arm_gic: Switch to read/write callbacks with tx attributes
hw/intc/arm_gic: Add Security Extensions property
hw/intc/arm_gic: Create outbound FIQ lines
hw/sd: Don't pass BlockBackend to sd_reset()
armv7m_nvic: systick: Reload the RELOAD value and count down only if ENABLE bit is set
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>