aurel32 [Tue, 11 Nov 2008 11:50:51 +0000 (11:50 +0000)]
target-mips: gen_compute_branch1()
Optimize code generation in gen_compute_branch1():
- Directly use I32 variables instead of converting values from _tl to
_i32 and back to _tl.
- Write the result directly to bcond instead of passing by a local
variable.
- Temp variables are valid up to and *including* the brcond instruction.
Use them instead of temp local variables.
aurel32 [Tue, 11 Nov 2008 11:50:43 +0000 (11:50 +0000)]
target-mips: optimize movc*()
Optimize code generation in gen_movc*():
- Temp variables are valid up to and *including* the brcond instruction.
Use them instead of temp local variables.
- Avoid using temporary variables to transfer values.
- Access fpu_fcr31 directly in gen_movcf_ps().
aurel32 [Tue, 11 Nov 2008 11:50:33 +0000 (11:50 +0000)]
target-mips: optimize gen_farith()
Optimize code generation in gen_farith():
- Temp variables are valid up to and *including* the brcond instruction.
Use them instead of temp local variables.
aurel32 [Tue, 11 Nov 2008 11:50:25 +0000 (11:50 +0000)]
target-mips: optimize gen_muldiv()
Optimize code generation in gen_muldiv():
- Don't do sign extension when the value is already guaranteed to be
sign extended (otherwise, results are marked as UNPREDICTABLE).
- Access the LO, HI registers directly instead of writting them through
a temporary variable.
aurel32 [Tue, 11 Nov 2008 11:50:17 +0000 (11:50 +0000)]
target-mips: optimize gen_arith()/gen_arith_imm()
Optimize code generation in gen_arith()/gen_arith_imm():
- Don't do sign extension when the value is already guaranteed to be
sign extended (otherwise, results are marked as UNPREDICTABLE).
- When the value is sign extended, compare the value to 0 instead of
testing bit 31/63.
- Temp variables are valid up to and *including* the brcond instruction.
Use them instead of temp local variables.
aurel32 [Tue, 11 Nov 2008 11:47:06 +0000 (11:47 +0000)]
target-mips: convert bit shuffle ops to TCG
Bit shuffle operations can be written with very few TCG instructions
(between 5 and 8), so it is worth converting them to TCG.
This code also move all bit shuffle generation code to a separate
function in order to have a cleaner exception code path, that is it
doesn't store back the TCG register to the target register after the
exception, as the TCG register doesn't exist anymore.
aurel32 [Tue, 11 Nov 2008 11:34:39 +0000 (11:34 +0000)]
target-mips: fix mft* helpers/call
This patch attempts to fix mft* helpers and the associated TCG calls.
mft* helpers do not take a register in argument, however:
- some helpers are called with an argument while they do not take one.
- some helpers are declared with an argument they don't use.
aurel32 [Tue, 11 Nov 2008 11:30:48 +0000 (11:30 +0000)]
target-alpha: add proper fcntl definitions
On Alpha the target to native fcntl definitions were missing. Because of
this, programs trying to open files with the O_CREAT option were getting
O_APPEND instead, etc.
This was keeping gcc from the spec benchmarks from running, among other
things.
malc [Tue, 11 Nov 2008 03:04:57 +0000 (03:04 +0000)]
Fix alignment problem with some 64bit load/store instructions
LD/STD/LWA require displacement to be multiple of 4, provide
tcg_out_ldsta which checks the supplied displacement and falls
back on indexed variant when the check fails. All uses of
LD/STD/LWA outside of tcg_out_ldst appear to be safe.
aurel32 [Mon, 10 Nov 2008 11:10:14 +0000 (11:10 +0000)]
target-alpha: fix cmpbge instruction
The cmpbge instruction should compare all 8 bytes of one 64-bit value with
another. However, we were looping with a < 7 condition which was skipping
the top byte. So if we were doing a compare where the top byte was
important, we could get the wrong result (this notably breaks the strlen()
function with certain sized strings).
balrog [Mon, 10 Nov 2008 01:34:27 +0000 (01:34 +0000)]
Currently trying to turn an oversized directory into a VVFAT image will
result in a cryptic error (and an abort):
qemu: block-vvfat.c:97: array_get: Assertion `index < array->next' failed.
Aborted
Turn this into an actually useful error message:
Directory does not fit in FAT16 (capacity 504MB)
qemu: could not open disk image fat:$DIR/
aurel32 [Sun, 9 Nov 2008 17:27:27 +0000 (17:27 +0000)]
target-ppc: fixes for gen_op_neg()
- Rename to gen_op_arith_neg for consistency with other functions.
- Correctly free TCG temp variable.
- Fix the return value in 64-bit mode in case of overflow.
aliguori [Sat, 8 Nov 2008 16:27:07 +0000 (16:27 +0000)]
Use an option rom instead of boot sector for -kernel
Generate an option rom instead of using a hijacked boot sector for kernel
booting. This just requires adding a small option ROM header and a few more
instructions to the boot sector to take over the int19 vector and run our
boot code.
A disk is no longer needed when using -kernel on x86.
aurel32 [Fri, 7 Nov 2008 14:00:24 +0000 (14:00 +0000)]
target-alpha: fix locked loads/stores
Fix reading of cpu_lock in gen_qemu_stql_c, original patch from Laurent
Desnogues.
A new flag was added to gen_store_mem to allocate local temps instead
of temps; this flag should be set when the tcg_gen_qemu_store callback
uses brcond before using the temps or else liveness analysis will get
rid of the temps.
This also adds lock printing in cpu_dump_state which can help
debug.
malc [Thu, 6 Nov 2008 18:54:46 +0000 (18:54 +0000)]
Fix interrupt exclusion via SSTEP_NOIRQ
Commit #5620 revealed an issue of the SSTEP_NOIRQ masking that was
applied on all interrupt sources (including internal ones) when single
stepping through the guest. Due to that commit, we now ended up in an
infinite loop when CPU_INTERRUPT_EXIT was pending on SSTEP resume. That
was due to #5620 eating all TBs while CPU_INTERRUPT_EXIT is pending, but
SSTEP_NOIRQ preventing CPU_INTERRUPT_EXIT to be processed.
What SSTEP_NOIRQ should actually do is to block the delivery of all
external, guest visible interrupts. With the fix below applied, single
stepping now works again.
aurel32 [Thu, 6 Nov 2008 09:16:57 +0000 (09:16 +0000)]
target-alpha: Fix ret instruction
Hopefully pine doesn't corrupt this patch, I've had problems recently.
For an alpha "ret" instruction, of the type
ret $26
The return was being ignored. This is because in translate.c
register $26 (the return address) was being over-written with the current
PC before it could be jumped to. Thus the ret was ignored.
This patch just re-orders things so the return address is processed before
it is over-written with the current PC.
aliguori [Wed, 5 Nov 2008 21:22:34 +0000 (21:22 +0000)]
Fix windows build after init_host_timer changes.
host_alarm_timer fires in a separate thread. The windows build current
uses SetEvent() and WaitEvent() to then notify the main thread. This is
functionally equivalent to what we're doing in Unix with pipe(). So let's
just #ifdef the pipe() code on Windows since it doesn't build there anyway.
aliguori [Wed, 5 Nov 2008 20:29:45 +0000 (20:29 +0000)]
Fix alarm_timer race with select - v3 (Jan Kiszka)
Changing the default IO timeout to 5 s (#5578) made a race visible
between the alarm_timer and select() in main_loop_wait(): If the timer
fired before select was able to block, the full select() timeout could
have been applied instead of returning immediately. Since #5578, this
causes heavy problems to the Musicpal board emulation with stalls up to
5 s, but also with some older Linux guest kernels.
The following patch introduces a pipe that is written to by
host_alarm_handler and select()'ed in main_loop_wait(). This avoids
prevents that select() blocks though a timer has fired and waits for
processing.
blueswir1 [Wed, 5 Nov 2008 20:24:35 +0000 (20:24 +0000)]
SM501 emulation for R2D-SH4
This patch adds minimum emulation of SM501 multifunction device,
whose main feature is 2D graphics. It is one of the peripheral
of R2D, the SH4 evaluation board. We can see TUX printed on the
QEMU console.
aliguori [Wed, 5 Nov 2008 16:04:33 +0000 (16:04 +0000)]
Add KVM support to QEMU
This patch adds very basic KVM support. KVM is a kernel module for Linux that
allows userspace programs to make use of hardware virtualization support. It
current supports x86 hardware virtualization using Intel VT-x or AMD-V. It
also supports IA64 VT-i, PPC 440, and S390.
This patch only implements the bare minimum support to get a guest booting. It
has very little impact the rest of QEMU and attempts to integrate nicely with
the rest of QEMU.
Even though this implementation is basic, it is significantly faster than TCG.
Booting and shutting down a Linux guest:
w/TCG: 1:32.36 elapsed 84% CPU
w/KVM: 0:31.14 elapsed 59% CPU
Right now, KVM is disabled by default and must be explicitly enabled with
-enable-kvm. We can enable it by default later when we have had better
testing.
aliguori [Wed, 5 Nov 2008 15:34:06 +0000 (15:34 +0000)]
Split CPUID from op_helper
KVM needs to call CPUID from outside of the TCG code. This patch
splits out the CPUID logic into a separate helper that both the op
helper and KVM can call.
malc [Tue, 4 Nov 2008 14:18:13 +0000 (14:18 +0000)]
Add safety net against potential infinite loop
cpu_interrupt might be called while translating the TB, but before it
is linked into a potentially infinite loop and becomes env->current_tb.
Currently this can (and does) cause huge problems only when using
dyntick clock, with other (periodic) clocks host_alarm_handler will
eventually be executed resulting in a call to cpu_interrupt which will
reset the recursion of running TB and the damage is "only" latency.
Move addi_i64, muli_i64 and subi_i64 out of #if TCG_TARGET_REG_BITS
as both implementations are strictly identical. Use the same
optimisation (ie when imm == 0) for addi_i64 and subi_64 than the
32-bit version.
aurel32 [Sat, 1 Nov 2008 00:53:39 +0000 (00:53 +0000)]
CVE-2008-4539: fix a heap overflow in Cirrus emulation
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
projects / qemu.git / log