2 * ARM implementation of KVM hooks, 64 bit specific code
4 * Copyright Mian-M. Hamayun 2013, Virtual Open Systems
5 * Copyright Alex Bennée 2014, Linaro
7 * This work is licensed under the terms of the GNU GPL, version 2 or later.
8 * See the COPYING file in the top-level directory.
13 #include <sys/types.h>
14 #include <sys/ioctl.h>
16 #include <sys/ptrace.h>
18 #include <linux/elf.h>
19 #include <linux/kvm.h>
21 #include "config-host.h"
22 #include "qemu-common.h"
23 #include "qemu/timer.h"
24 #include "qemu/error-report.h"
25 #include "qemu/host-utils.h"
26 #include "exec/gdbstub.h"
27 #include "sysemu/sysemu.h"
28 #include "sysemu/kvm.h"
31 #include "internals.h"
32 #include "hw/arm/arm.h"
34 static bool have_guest_debug;
37 * Although the ARM implementation of hardware assisted debugging
38 * allows for different breakpoints per-core, the current GDB
39 * interface treats them as a global pool of registers (which seems to
40 * be the case for x86, ppc and s390). As a result we store one copy
41 * of registers which is used for all active cores.
43 * Write access is serialised by virtue of the GDB protocol which
44 * updates things. Read access (i.e. when the values are copied to the
45 * vCPU) is also gated by GDB's run control.
47 * This is not unreasonable as most of the time debugging kernels you
48 * never know which core will eventually execute your function.
56 /* The watchpoint registers can cover more area than the requested
57 * watchpoint so we need to store the additional information
58 * somewhere. We also need to supply a CPUWatchpoint to the GDB stub
59 * when the watchpoint is hit.
64 CPUWatchpoint details;
67 /* Maximum and current break/watch point counts */
68 int max_hw_bps, max_hw_wps;
69 GArray *hw_breakpoints, *hw_watchpoints;
71 #define cur_hw_wps (hw_watchpoints->len)
72 #define cur_hw_bps (hw_breakpoints->len)
73 #define get_hw_bp(i) (&g_array_index(hw_breakpoints, HWBreakpoint, i))
74 #define get_hw_wp(i) (&g_array_index(hw_watchpoints, HWWatchpoint, i))
77 * kvm_arm_init_debug() - check for guest debug capabilities
80 * kvm_check_extension returns the number of debug registers we have
81 * or 0 if we have none.
84 static void kvm_arm_init_debug(CPUState *cs)
86 have_guest_debug = kvm_check_extension(cs->kvm_state,
87 KVM_CAP_SET_GUEST_DEBUG);
89 max_hw_wps = kvm_check_extension(cs->kvm_state, KVM_CAP_GUEST_DEBUG_HW_WPS);
90 hw_watchpoints = g_array_sized_new(true, true,
91 sizeof(HWWatchpoint), max_hw_wps);
93 max_hw_bps = kvm_check_extension(cs->kvm_state, KVM_CAP_GUEST_DEBUG_HW_BPS);
94 hw_breakpoints = g_array_sized_new(true, true,
95 sizeof(HWBreakpoint), max_hw_bps);
100 * insert_hw_breakpoint()
101 * @addr: address of breakpoint
103 * See ARM ARM D2.9.1 for details but here we are only going to create
104 * simple un-linked breakpoints (i.e. we don't chain breakpoints
105 * together to match address and context or vmid). The hardware is
106 * capable of fancier matching but that will require exposing that
107 * fanciness to GDB's interface
109 * D7.3.2 DBGBCR<n>_EL1, Debug Breakpoint Control Registers
111 * 31 24 23 20 19 16 15 14 13 12 9 8 5 4 3 2 1 0
112 * +------+------+-------+-----+----+------+-----+------+-----+---+
113 * | RES0 | BT | LBN | SSC | HMC| RES0 | BAS | RES0 | PMC | E |
114 * +------+------+-------+-----+----+------+-----+------+-----+---+
116 * BT: Breakpoint type (0 = unlinked address match)
117 * LBN: Linked BP number (0 = unused)
118 * SSC/HMC/PMC: Security, Higher and Priv access control (Table D-12)
119 * BAS: Byte Address Select (RES1 for AArch64)
122 static int insert_hw_breakpoint(target_ulong addr)
125 .bcr = 0x1, /* BCR E=1, enable */
129 if (cur_hw_bps >= max_hw_bps) {
133 brk.bcr = deposit32(brk.bcr, 1, 2, 0x3); /* PMC = 11 */
134 brk.bcr = deposit32(brk.bcr, 5, 4, 0xf); /* BAS = RES1 */
136 g_array_append_val(hw_breakpoints, brk);
142 * delete_hw_breakpoint()
143 * @pc: address of breakpoint
145 * Delete a breakpoint and shuffle any above down
148 static int delete_hw_breakpoint(target_ulong pc)
151 for (i = 0; i < hw_breakpoints->len; i++) {
152 HWBreakpoint *brk = get_hw_bp(i);
153 if (brk->bvr == pc) {
154 g_array_remove_index(hw_breakpoints, i);
162 * insert_hw_watchpoint()
163 * @addr: address of watch point
165 * @type: type of watch point
167 * See ARM ARM D2.10. As with the breakpoints we can do some advanced
168 * stuff if we want to. The watch points can be linked with the break
169 * points above to make them context aware. However for simplicity
170 * currently we only deal with simple read/write watch points.
172 * D7.3.11 DBGWCR<n>_EL1, Debug Watchpoint Control Registers
174 * 31 29 28 24 23 21 20 19 16 15 14 13 12 5 4 3 2 1 0
175 * +------+-------+------+----+-----+-----+-----+-----+-----+-----+---+
176 * | RES0 | MASK | RES0 | WT | LBN | SSC | HMC | BAS | LSC | PAC | E |
177 * +------+-------+------+----+-----+-----+-----+-----+-----+-----+---+
179 * MASK: num bits addr mask (0=none,01/10=res,11=3 bits (8 bytes))
180 * WT: 0 - unlinked, 1 - linked (not currently used)
181 * LBN: Linked BP number (not currently used)
182 * SSC/HMC/PAC: Security, Higher and Priv access control (Table D2-11)
183 * BAS: Byte Address Select
184 * LSC: Load/Store control (01: load, 10: store, 11: both)
187 * The bottom 2 bits of the value register are masked. Therefore to
188 * break on any sizes smaller than an unaligned word you need to set
189 * MASK=0, BAS=bit per byte in question. For larger regions (^2) you
190 * need to ensure you mask the address as required and set BAS=0xff
193 static int insert_hw_watchpoint(target_ulong addr,
194 target_ulong len, int type)
197 .wcr = 1, /* E=1, enable */
198 .wvr = addr & (~0x7ULL),
199 .details = { .vaddr = addr, .len = len }
202 if (cur_hw_wps >= max_hw_wps) {
207 * HMC=0 SSC=0 PAC=3 will hit EL0 or EL1, any security state,
208 * valid whether EL3 is implemented or not
210 wp.wcr = deposit32(wp.wcr, 1, 2, 3);
213 case GDB_WATCHPOINT_READ:
214 wp.wcr = deposit32(wp.wcr, 3, 2, 1);
215 wp.details.flags = BP_MEM_READ;
217 case GDB_WATCHPOINT_WRITE:
218 wp.wcr = deposit32(wp.wcr, 3, 2, 2);
219 wp.details.flags = BP_MEM_WRITE;
221 case GDB_WATCHPOINT_ACCESS:
222 wp.wcr = deposit32(wp.wcr, 3, 2, 3);
223 wp.details.flags = BP_MEM_ACCESS;
226 g_assert_not_reached();
230 /* we align the address and set the bits in BAS */
231 int off = addr & 0x7;
232 int bas = (1 << len) - 1;
234 wp.wcr = deposit32(wp.wcr, 5 + off, 8 - off, bas);
236 /* For ranges above 8 bytes we need to be a power of 2 */
237 if (is_power_of_2(len)) {
238 int bits = ctz64(len);
240 wp.wvr &= ~((1 << bits) - 1);
241 wp.wcr = deposit32(wp.wcr, 24, 4, bits);
242 wp.wcr = deposit32(wp.wcr, 5, 8, 0xff);
248 g_array_append_val(hw_watchpoints, wp);
253 static bool check_watchpoint_in_range(int i, target_ulong addr)
255 HWWatchpoint *wp = get_hw_wp(i);
256 uint64_t addr_top, addr_bottom = wp->wvr;
257 int bas = extract32(wp->wcr, 5, 8);
258 int mask = extract32(wp->wcr, 24, 4);
261 addr_top = addr_bottom + (1 << mask);
263 /* BAS must be contiguous but can offset against the base
264 * address in DBGWVR */
265 addr_bottom = addr_bottom + ctz32(bas);
266 addr_top = addr_bottom + clo32(bas);
269 if (addr >= addr_bottom && addr <= addr_top) {
277 * delete_hw_watchpoint()
278 * @addr: address of breakpoint
280 * Delete a breakpoint and shuffle any above down
283 static int delete_hw_watchpoint(target_ulong addr,
284 target_ulong len, int type)
287 for (i = 0; i < cur_hw_wps; i++) {
288 if (check_watchpoint_in_range(i, addr)) {
289 g_array_remove_index(hw_watchpoints, i);
297 int kvm_arch_insert_hw_breakpoint(target_ulong addr,
298 target_ulong len, int type)
301 case GDB_BREAKPOINT_HW:
302 return insert_hw_breakpoint(addr);
304 case GDB_WATCHPOINT_READ:
305 case GDB_WATCHPOINT_WRITE:
306 case GDB_WATCHPOINT_ACCESS:
307 return insert_hw_watchpoint(addr, len, type);
313 int kvm_arch_remove_hw_breakpoint(target_ulong addr,
314 target_ulong len, int type)
317 case GDB_BREAKPOINT_HW:
318 return delete_hw_breakpoint(addr);
320 case GDB_WATCHPOINT_READ:
321 case GDB_WATCHPOINT_WRITE:
322 case GDB_WATCHPOINT_ACCESS:
323 return delete_hw_watchpoint(addr, len, type);
330 void kvm_arch_remove_all_hw_breakpoints(void)
332 if (cur_hw_wps > 0) {
333 g_array_remove_range(hw_watchpoints, 0, cur_hw_wps);
335 if (cur_hw_bps > 0) {
336 g_array_remove_range(hw_breakpoints, 0, cur_hw_bps);
340 void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr)
343 memset(ptr, 0, sizeof(struct kvm_guest_debug_arch));
345 for (i = 0; i < max_hw_wps; i++) {
346 HWWatchpoint *wp = get_hw_wp(i);
347 ptr->dbg_wcr[i] = wp->wcr;
348 ptr->dbg_wvr[i] = wp->wvr;
350 for (i = 0; i < max_hw_bps; i++) {
351 HWBreakpoint *bp = get_hw_bp(i);
352 ptr->dbg_bcr[i] = bp->bcr;
353 ptr->dbg_bvr[i] = bp->bvr;
357 bool kvm_arm_hw_debug_active(CPUState *cs)
359 return ((cur_hw_wps > 0) || (cur_hw_bps > 0));
362 static bool find_hw_breakpoint(CPUState *cpu, target_ulong pc)
366 for (i = 0; i < cur_hw_bps; i++) {
367 HWBreakpoint *bp = get_hw_bp(i);
375 static CPUWatchpoint *find_hw_watchpoint(CPUState *cpu, target_ulong addr)
379 for (i = 0; i < cur_hw_wps; i++) {
380 if (check_watchpoint_in_range(i, addr)) {
381 return &get_hw_wp(i)->details;
388 static inline void set_feature(uint64_t *features, int feature)
390 *features |= 1ULL << feature;
393 bool kvm_arm_get_host_cpu_features(ARMHostCPUClass *ahcc)
395 /* Identify the feature bits corresponding to the host CPU, and
396 * fill out the ARMHostCPUClass fields accordingly. To do this
397 * we have to create a scratch VM, create a single CPU inside it,
398 * and then query that CPU for the relevant ID registers.
399 * For AArch64 we currently don't care about ID registers at
400 * all; we just want to know the CPU type.
403 uint64_t features = 0;
404 /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
405 * we know these will only support creating one kind of guest CPU,
406 * which is its preferred CPU type. Fortunately these old kernels
407 * support only a very limited number of CPUs.
409 static const uint32_t cpus_to_try[] = {
410 KVM_ARM_TARGET_AEM_V8,
411 KVM_ARM_TARGET_FOUNDATION_V8,
412 KVM_ARM_TARGET_CORTEX_A57,
413 QEMU_KVM_ARM_TARGET_NONE
415 struct kvm_vcpu_init init;
417 if (!kvm_arm_create_scratch_host_vcpu(cpus_to_try, fdarray, &init)) {
421 ahcc->target = init.target;
422 ahcc->dtb_compatible = "arm,arm-v8";
424 kvm_arm_destroy_scratch_host_vcpu(fdarray);
426 /* We can assume any KVM supporting CPU is at least a v8
427 * with VFPv4+Neon; this in turn implies most of the other
430 set_feature(&features, ARM_FEATURE_V8);
431 set_feature(&features, ARM_FEATURE_VFP4);
432 set_feature(&features, ARM_FEATURE_NEON);
433 set_feature(&features, ARM_FEATURE_AARCH64);
435 ahcc->features = features;
440 #define ARM_CPU_ID_MPIDR 3, 0, 0, 0, 5
442 int kvm_arch_init_vcpu(CPUState *cs)
446 ARMCPU *cpu = ARM_CPU(cs);
448 if (cpu->kvm_target == QEMU_KVM_ARM_TARGET_NONE ||
449 !object_dynamic_cast(OBJECT(cpu), TYPE_AARCH64_CPU)) {
450 fprintf(stderr, "KVM is not supported for this guest CPU type\n");
454 /* Determine init features for this CPU */
455 memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
456 if (cpu->start_powered_off) {
457 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
459 if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
460 cpu->psci_version = 2;
461 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PSCI_0_2;
463 if (!arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
464 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_EL1_32BIT;
467 /* Do KVM_ARM_VCPU_INIT ioctl */
468 ret = kvm_arm_vcpu_init(cs);
474 * When KVM is in use, PSCI is emulated in-kernel and not by qemu.
475 * Currently KVM has its own idea about MPIDR assignment, so we
476 * override our defaults with what we get from KVM.
478 ret = kvm_get_one_reg(cs, ARM64_SYS_REG(ARM_CPU_ID_MPIDR), &mpidr);
482 cpu->mp_affinity = mpidr & ARM64_AFFINITY_MASK;
484 kvm_arm_init_debug(cs);
486 return kvm_arm_init_cpreg_list(cpu);
489 bool kvm_arm_reg_syncs_via_cpreg_list(uint64_t regidx)
491 /* Return true if the regidx is a register we should synchronize
492 * via the cpreg_tuples array (ie is not a core reg we sync by
493 * hand in kvm_arch_get/put_registers())
495 switch (regidx & KVM_REG_ARM_COPROC_MASK) {
496 case KVM_REG_ARM_CORE:
503 typedef struct CPRegStateLevel {
508 /* All system registers not listed in the following table are assumed to be
509 * of the level KVM_PUT_RUNTIME_STATE. If a register should be written less
510 * often, you must add it to this table with a state of either
511 * KVM_PUT_RESET_STATE or KVM_PUT_FULL_STATE.
513 static const CPRegStateLevel non_runtime_cpregs[] = {
514 { KVM_REG_ARM_TIMER_CNT, KVM_PUT_FULL_STATE },
517 int kvm_arm_cpreg_level(uint64_t regidx)
521 for (i = 0; i < ARRAY_SIZE(non_runtime_cpregs); i++) {
522 const CPRegStateLevel *l = &non_runtime_cpregs[i];
523 if (l->regidx == regidx) {
528 return KVM_PUT_RUNTIME_STATE;
531 #define AARCH64_CORE_REG(x) (KVM_REG_ARM64 | KVM_REG_SIZE_U64 | \
532 KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
534 #define AARCH64_SIMD_CORE_REG(x) (KVM_REG_ARM64 | KVM_REG_SIZE_U128 | \
535 KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
537 #define AARCH64_SIMD_CTRL_REG(x) (KVM_REG_ARM64 | KVM_REG_SIZE_U32 | \
538 KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
540 int kvm_arch_put_registers(CPUState *cs, int level)
542 struct kvm_one_reg reg;
549 ARMCPU *cpu = ARM_CPU(cs);
550 CPUARMState *env = &cpu->env;
552 /* If we are in AArch32 mode then we need to copy the AArch32 regs to the
553 * AArch64 registers before pushing them out to 64-bit KVM.
556 aarch64_sync_32_to_64(env);
559 for (i = 0; i < 31; i++) {
560 reg.id = AARCH64_CORE_REG(regs.regs[i]);
561 reg.addr = (uintptr_t) &env->xregs[i];
562 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
568 /* KVM puts SP_EL0 in regs.sp and SP_EL1 in regs.sp_el1. On the
569 * QEMU side we keep the current SP in xregs[31] as well.
571 aarch64_save_sp(env, 1);
573 reg.id = AARCH64_CORE_REG(regs.sp);
574 reg.addr = (uintptr_t) &env->sp_el[0];
575 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
580 reg.id = AARCH64_CORE_REG(sp_el1);
581 reg.addr = (uintptr_t) &env->sp_el[1];
582 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
587 /* Note that KVM thinks pstate is 64 bit but we use a uint32_t */
589 val = pstate_read(env);
591 val = cpsr_read(env);
593 reg.id = AARCH64_CORE_REG(regs.pstate);
594 reg.addr = (uintptr_t) &val;
595 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
600 reg.id = AARCH64_CORE_REG(regs.pc);
601 reg.addr = (uintptr_t) &env->pc;
602 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
607 reg.id = AARCH64_CORE_REG(elr_el1);
608 reg.addr = (uintptr_t) &env->elr_el[1];
609 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
614 /* Saved Program State Registers
616 * Before we restore from the banked_spsr[] array we need to
617 * ensure that any modifications to env->spsr are correctly
618 * reflected in the banks.
620 el = arm_current_el(env);
621 if (el > 0 && !is_a64(env)) {
622 i = bank_number(env->uncached_cpsr & CPSR_M);
623 env->banked_spsr[i] = env->spsr;
626 /* KVM 0-4 map to QEMU banks 1-5 */
627 for (i = 0; i < KVM_NR_SPSR; i++) {
628 reg.id = AARCH64_CORE_REG(spsr[i]);
629 reg.addr = (uintptr_t) &env->banked_spsr[i + 1];
630 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
636 /* Advanced SIMD and FP registers
637 * We map Qn = regs[2n+1]:regs[2n]
639 for (i = 0; i < 32; i++) {
642 #ifdef HOST_WORDS_BIGENDIAN
643 fp_val[0] = env->vfp.regs[rd + 1];
644 fp_val[1] = env->vfp.regs[rd];
646 fp_val[1] = env->vfp.regs[rd + 1];
647 fp_val[0] = env->vfp.regs[rd];
649 reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
650 reg.addr = (uintptr_t)(&fp_val);
651 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
657 reg.addr = (uintptr_t)(&fpr);
658 fpr = vfp_get_fpsr(env);
659 reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
660 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
665 fpr = vfp_get_fpcr(env);
666 reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
667 ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, ®);
672 if (!write_list_to_kvmstate(cpu, level)) {
676 kvm_arm_sync_mpstate_to_kvm(cpu);
681 int kvm_arch_get_registers(CPUState *cs)
683 struct kvm_one_reg reg;
690 ARMCPU *cpu = ARM_CPU(cs);
691 CPUARMState *env = &cpu->env;
693 for (i = 0; i < 31; i++) {
694 reg.id = AARCH64_CORE_REG(regs.regs[i]);
695 reg.addr = (uintptr_t) &env->xregs[i];
696 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
702 reg.id = AARCH64_CORE_REG(regs.sp);
703 reg.addr = (uintptr_t) &env->sp_el[0];
704 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
709 reg.id = AARCH64_CORE_REG(sp_el1);
710 reg.addr = (uintptr_t) &env->sp_el[1];
711 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
716 reg.id = AARCH64_CORE_REG(regs.pstate);
717 reg.addr = (uintptr_t) &val;
718 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
723 env->aarch64 = ((val & PSTATE_nRW) == 0);
725 pstate_write(env, val);
727 env->uncached_cpsr = val & CPSR_M;
728 cpsr_write(env, val, 0xffffffff);
731 /* KVM puts SP_EL0 in regs.sp and SP_EL1 in regs.sp_el1. On the
732 * QEMU side we keep the current SP in xregs[31] as well.
734 aarch64_restore_sp(env, 1);
736 reg.id = AARCH64_CORE_REG(regs.pc);
737 reg.addr = (uintptr_t) &env->pc;
738 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
743 /* If we are in AArch32 mode then we need to sync the AArch32 regs with the
744 * incoming AArch64 regs received from 64-bit KVM.
745 * We must perform this after all of the registers have been acquired from
749 aarch64_sync_64_to_32(env);
752 reg.id = AARCH64_CORE_REG(elr_el1);
753 reg.addr = (uintptr_t) &env->elr_el[1];
754 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
759 /* Fetch the SPSR registers
761 * KVM SPSRs 0-4 map to QEMU banks 1-5
763 for (i = 0; i < KVM_NR_SPSR; i++) {
764 reg.id = AARCH64_CORE_REG(spsr[i]);
765 reg.addr = (uintptr_t) &env->banked_spsr[i + 1];
766 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
772 el = arm_current_el(env);
773 if (el > 0 && !is_a64(env)) {
774 i = bank_number(env->uncached_cpsr & CPSR_M);
775 env->spsr = env->banked_spsr[i];
778 /* Advanced SIMD and FP registers
779 * We map Qn = regs[2n+1]:regs[2n]
781 for (i = 0; i < 32; i++) {
783 reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
784 reg.addr = (uintptr_t)(&fp_val);
785 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
790 #ifdef HOST_WORDS_BIGENDIAN
791 env->vfp.regs[rd + 1] = fp_val[0];
792 env->vfp.regs[rd] = fp_val[1];
794 env->vfp.regs[rd + 1] = fp_val[1];
795 env->vfp.regs[rd] = fp_val[0];
800 reg.addr = (uintptr_t)(&fpr);
801 reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
802 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
806 vfp_set_fpsr(env, fpr);
808 reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
809 ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®);
813 vfp_set_fpcr(env, fpr);
815 if (!write_kvmstate_to_list(cpu)) {
818 /* Note that it's OK to have registers which aren't in CPUState,
819 * so we can ignore a failure return here.
821 write_list_to_cpustate(cpu);
823 kvm_arm_sync_mpstate_to_qemu(cpu);
825 /* TODO: other registers */
829 /* C6.6.29 BRK instruction */
830 static const uint32_t brk_insn = 0xd4200000;
832 int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
834 if (have_guest_debug) {
835 if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 4, 0) ||
836 cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&brk_insn, 4, 1)) {
841 error_report("guest debug not supported on this kernel");
846 int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
850 if (have_guest_debug) {
851 if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&brk, 4, 0) ||
853 cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 4, 1)) {
858 error_report("guest debug not supported on this kernel");
863 /* See v8 ARM ARM D7.2.27 ESR_ELx, Exception Syndrome Register
865 * To minimise translating between kernel and user-space the kernel
866 * ABI just provides user-space with the full exception syndrome
867 * register value to be decoded in QEMU.
870 bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
872 int hsr_ec = debug_exit->hsr >> ARM_EL_EC_SHIFT;
873 ARMCPU *cpu = ARM_CPU(cs);
874 CPUClass *cc = CPU_GET_CLASS(cs);
875 CPUARMState *env = &cpu->env;
877 /* Ensure PC is synchronised */
878 kvm_cpu_synchronize_state(cs);
881 case EC_SOFTWARESTEP:
882 if (cs->singlestep_enabled) {
886 * The kernel should have suppressed the guest's ability to
887 * single step at this point so something has gone wrong.
889 error_report("%s: guest single-step while debugging unsupported"
890 " (%"PRIx64", %"PRIx32")\n",
891 __func__, env->pc, debug_exit->hsr);
896 if (kvm_find_sw_breakpoint(cs, env->pc)) {
901 if (find_hw_breakpoint(cs, env->pc)) {
907 CPUWatchpoint *wp = find_hw_watchpoint(cs, debug_exit->far);
909 cs->watchpoint_hit = wp;
915 error_report("%s: unhandled debug exit (%"PRIx32", %"PRIx64")\n",
916 __func__, debug_exit->hsr, env->pc);
919 /* If we are not handling the debug exception it must belong to
920 * the guest. Let's re-use the existing TCG interrupt code to set
921 * everything up properly.
923 cs->exception_index = EXCP_BKPT;
924 env->exception.syndrome = debug_exit->hsr;
925 env->exception.vaddress = debug_exit->far;
926 cc->do_interrupt(cs);
projects / qemu.git / blob