1 /* 2 * User emulator execution 3 * 4 * Copyright (c) 2003-2005 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 #include "qemu/osdep.h" 20 #include "hw/core/tcg-cpu-ops.h" 21 #include "disas/disas.h" 22 #include "exec/exec-all.h" 23 #include "tcg/tcg.h" 24 #include "qemu/bitops.h" 25 #include "exec/cpu_ldst.h" 26 #include "exec/translate-all.h" 27 #include "exec/helper-proto.h" 28 #include "qemu/atomic128.h" 29 #include "trace/trace-root.h" 30 #include "internal.h" 31 32 #undef EAX 33 #undef ECX 34 #undef EDX 35 #undef EBX 36 #undef ESP 37 #undef EBP 38 #undef ESI 39 #undef EDI 40 #undef EIP 41 #ifdef __linux__ 42 #include <sys/ucontext.h> 43 #endif 44 45 __thread uintptr_t helper_retaddr; 46 47 //#define DEBUG_SIGNAL 48 49 /* exit the current TB from a signal handler. The host registers are 50 restored in a state compatible with the CPU emulator 51 */ 52 static void QEMU_NORETURN cpu_exit_tb_from_sighandler(CPUState *cpu, 53 sigset_t *old_set) 54 { 55 /* XXX: use siglongjmp ? */ 56 sigprocmask(SIG_SETMASK, old_set, NULL); 57 cpu_loop_exit_noexc(cpu); 58 } 59 60 /* 'pc' is the host PC at which the exception was raised. 'address' is 61 the effective address of the memory exception. 'is_write' is 1 if a 62 write caused the exception and otherwise 0'. 'old_set' is the 63 signal set which should be restored */ 64 static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info, 65 int is_write, sigset_t *old_set) 66 { 67 CPUState *cpu = current_cpu; 68 CPUClass *cc; 69 unsigned long address = (unsigned long)info->si_addr; 70 MMUAccessType access_type = is_write ? MMU_DATA_STORE : MMU_DATA_LOAD; 71 72 switch (helper_retaddr) { 73 default: 74 /* 75 * Fault during host memory operation within a helper function. 76 * The helper's host return address, saved here, gives us a 77 * pointer into the generated code that will unwind to the 78 * correct guest pc. 79 */ 80 pc = helper_retaddr; 81 break; 82 83 case 0: 84 /* 85 * Fault during host memory operation within generated code. 86 * (Or, a unrelated bug within qemu, but we can't tell from here). 87 * 88 * We take the host pc from the signal frame. However, we cannot 89 * use that value directly. Within cpu_restore_state_from_tb, we 90 * assume PC comes from GETPC(), as used by the helper functions, 91 * so we adjust the address by -GETPC_ADJ to form an address that 92 * is within the call insn, so that the address does not accidentally 93 * match the beginning of the next guest insn. However, when the 94 * pc comes from the signal frame it points to the actual faulting 95 * host memory insn and not the return from a call insn. 96 * 97 * Therefore, adjust to compensate for what will be done later 98 * by cpu_restore_state_from_tb. 99 */ 100 pc += GETPC_ADJ; 101 break; 102 103 case 1: 104 /* 105 * Fault during host read for translation, or loosely, "execution". 106 * 107 * The guest pc is already pointing to the start of the TB for which 108 * code is being generated. If the guest translator manages the 109 * page crossings correctly, this is exactly the correct address 110 * (and if the translator doesn't handle page boundaries correctly 111 * there's little we can do about that here). Therefore, do not 112 * trigger the unwinder. 113 * 114 * Like tb_gen_code, release the memory lock before cpu_loop_exit. 115 */ 116 pc = 0; 117 access_type = MMU_INST_FETCH; 118 mmap_unlock(); 119 break; 120 } 121 122 /* For synchronous signals we expect to be coming from the vCPU 123 * thread (so current_cpu should be valid) and either from running 124 * code or during translation which can fault as we cross pages. 125 * 126 * If neither is true then something has gone wrong and we should 127 * abort rather than try and restart the vCPU execution. 128 */ 129 if (!cpu || !cpu->running) { 130 printf("qemu:%s received signal outside vCPU context @ pc=0x%" 131 PRIxPTR "\n", __func__, pc); 132 abort(); 133 } 134 135 #if defined(DEBUG_SIGNAL) 136 printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n", 137 pc, address, is_write, *(unsigned long *)old_set); 138 #endif 139 /* XXX: locking issue */ 140 /* Note that it is important that we don't call page_unprotect() unless 141 * this is really a "write to nonwriteable page" fault, because 142 * page_unprotect() assumes that if it is called for an access to 143 * a page that's writeable this means we had two threads racing and 144 * another thread got there first and already made the page writeable; 145 * so we will retry the access. If we were to call page_unprotect() 146 * for some other kind of fault that should really be passed to the 147 * guest, we'd end up in an infinite loop of retrying the faulting 148 * access. 149 */ 150 if (is_write && info->si_signo == SIGSEGV && info->si_code == SEGV_ACCERR && 151 h2g_valid(address)) { 152 switch (page_unprotect(h2g(address), pc)) { 153 case 0: 154 /* Fault not caused by a page marked unwritable to protect 155 * cached translations, must be the guest binary's problem. 156 */ 157 break; 158 case 1: 159 /* Fault caused by protection of cached translation; TBs 160 * invalidated, so resume execution. Retain helper_retaddr 161 * for a possible second fault. 162 */ 163 return 1; 164 case 2: 165 /* Fault caused by protection of cached translation, and the 166 * currently executing TB was modified and must be exited 167 * immediately. Clear helper_retaddr for next execution. 168 */ 169 clear_helper_retaddr(); 170 cpu_exit_tb_from_sighandler(cpu, old_set); 171 /* NORETURN */ 172 173 default: 174 g_assert_not_reached(); 175 } 176 } 177 178 /* Convert forcefully to guest address space, invalid addresses 179 are still valid segv ones */ 180 address = h2g_nocheck(address); 181 182 /* 183 * There is no way the target can handle this other than raising 184 * an exception. Undo signal and retaddr state prior to longjmp. 185 */ 186 sigprocmask(SIG_SETMASK, old_set, NULL); 187 clear_helper_retaddr(); 188 189 cc = CPU_GET_CLASS(cpu); 190 cc->tcg_ops->tlb_fill(cpu, address, 0, access_type, 191 MMU_USER_IDX, false, pc); 192 g_assert_not_reached(); 193 } 194 195 static int probe_access_internal(CPUArchState *env, target_ulong addr, 196 int fault_size, MMUAccessType access_type, 197 bool nonfault, uintptr_t ra) 198 { 199 int flags; 200 201 switch (access_type) { 202 case MMU_DATA_STORE: 203 flags = PAGE_WRITE; 204 break; 205 case MMU_DATA_LOAD: 206 flags = PAGE_READ; 207 break; 208 case MMU_INST_FETCH: 209 flags = PAGE_EXEC; 210 break; 211 default: 212 g_assert_not_reached(); 213 } 214 215 if (!guest_addr_valid_untagged(addr) || 216 page_check_range(addr, 1, flags) < 0) { 217 if (nonfault) { 218 return TLB_INVALID_MASK; 219 } else { 220 CPUState *cpu = env_cpu(env); 221 CPUClass *cc = CPU_GET_CLASS(cpu); 222 cc->tcg_ops->tlb_fill(cpu, addr, fault_size, access_type, 223 MMU_USER_IDX, false, ra); 224 g_assert_not_reached(); 225 } 226 } 227 return 0; 228 } 229 230 int probe_access_flags(CPUArchState *env, target_ulong addr, 231 MMUAccessType access_type, int mmu_idx, 232 bool nonfault, void **phost, uintptr_t ra) 233 { 234 int flags; 235 236 flags = probe_access_internal(env, addr, 0, access_type, nonfault, ra); 237 *phost = flags ? NULL : g2h(env_cpu(env), addr); 238 return flags; 239 } 240 241 void *probe_access(CPUArchState *env, target_ulong addr, int size, 242 MMUAccessType access_type, int mmu_idx, uintptr_t ra) 243 { 244 int flags; 245 246 g_assert(-(addr | TARGET_PAGE_MASK) >= size); 247 flags = probe_access_internal(env, addr, size, access_type, false, ra); 248 g_assert(flags == 0); 249 250 return size ? g2h(env_cpu(env), addr) : NULL; 251 } 252 253 #if defined(__i386__) 254 255 #if defined(__NetBSD__) 256 #include <ucontext.h> 257 #include <machine/trap.h> 258 259 #define EIP_sig(context) ((context)->uc_mcontext.__gregs[_REG_EIP]) 260 #define TRAP_sig(context) ((context)->uc_mcontext.__gregs[_REG_TRAPNO]) 261 #define ERROR_sig(context) ((context)->uc_mcontext.__gregs[_REG_ERR]) 262 #define MASK_sig(context) ((context)->uc_sigmask) 263 #define PAGE_FAULT_TRAP T_PAGEFLT 264 #elif defined(__FreeBSD__) || defined(__DragonFly__) 265 #include <ucontext.h> 266 #include <machine/trap.h> 267 268 #define EIP_sig(context) (*((unsigned long *)&(context)->uc_mcontext.mc_eip)) 269 #define TRAP_sig(context) ((context)->uc_mcontext.mc_trapno) 270 #define ERROR_sig(context) ((context)->uc_mcontext.mc_err) 271 #define MASK_sig(context) ((context)->uc_sigmask) 272 #define PAGE_FAULT_TRAP T_PAGEFLT 273 #elif defined(__OpenBSD__) 274 #include <machine/trap.h> 275 #define EIP_sig(context) ((context)->sc_eip) 276 #define TRAP_sig(context) ((context)->sc_trapno) 277 #define ERROR_sig(context) ((context)->sc_err) 278 #define MASK_sig(context) ((context)->sc_mask) 279 #define PAGE_FAULT_TRAP T_PAGEFLT 280 #else 281 #define EIP_sig(context) ((context)->uc_mcontext.gregs[REG_EIP]) 282 #define TRAP_sig(context) ((context)->uc_mcontext.gregs[REG_TRAPNO]) 283 #define ERROR_sig(context) ((context)->uc_mcontext.gregs[REG_ERR]) 284 #define MASK_sig(context) ((context)->uc_sigmask) 285 #define PAGE_FAULT_TRAP 0xe 286 #endif 287 288 int cpu_signal_handler(int host_signum, void *pinfo, 289 void *puc) 290 { 291 siginfo_t *info = pinfo; 292 #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) 293 ucontext_t *uc = puc; 294 #elif defined(__OpenBSD__) 295 struct sigcontext *uc = puc; 296 #else 297 ucontext_t *uc = puc; 298 #endif 299 unsigned long pc; 300 int trapno; 301 302 #ifndef REG_EIP 303 /* for glibc 2.1 */ 304 #define REG_EIP EIP 305 #define REG_ERR ERR 306 #define REG_TRAPNO TRAPNO 307 #endif 308 pc = EIP_sig(uc); 309 trapno = TRAP_sig(uc); 310 return handle_cpu_signal(pc, info, 311 trapno == PAGE_FAULT_TRAP ? 312 (ERROR_sig(uc) >> 1) & 1 : 0, 313 &MASK_sig(uc)); 314 } 315 316 #elif defined(__x86_64__) 317 318 #ifdef __NetBSD__ 319 #include <machine/trap.h> 320 #define PC_sig(context) _UC_MACHINE_PC(context) 321 #define TRAP_sig(context) ((context)->uc_mcontext.__gregs[_REG_TRAPNO]) 322 #define ERROR_sig(context) ((context)->uc_mcontext.__gregs[_REG_ERR]) 323 #define MASK_sig(context) ((context)->uc_sigmask) 324 #define PAGE_FAULT_TRAP T_PAGEFLT 325 #elif defined(__OpenBSD__) 326 #include <machine/trap.h> 327 #define PC_sig(context) ((context)->sc_rip) 328 #define TRAP_sig(context) ((context)->sc_trapno) 329 #define ERROR_sig(context) ((context)->sc_err) 330 #define MASK_sig(context) ((context)->sc_mask) 331 #define PAGE_FAULT_TRAP T_PAGEFLT 332 #elif defined(__FreeBSD__) || defined(__DragonFly__) 333 #include <ucontext.h> 334 #include <machine/trap.h> 335 336 #define PC_sig(context) (*((unsigned long *)&(context)->uc_mcontext.mc_rip)) 337 #define TRAP_sig(context) ((context)->uc_mcontext.mc_trapno) 338 #define ERROR_sig(context) ((context)->uc_mcontext.mc_err) 339 #define MASK_sig(context) ((context)->uc_sigmask) 340 #define PAGE_FAULT_TRAP T_PAGEFLT 341 #else 342 #define PC_sig(context) ((context)->uc_mcontext.gregs[REG_RIP]) 343 #define TRAP_sig(context) ((context)->uc_mcontext.gregs[REG_TRAPNO]) 344 #define ERROR_sig(context) ((context)->uc_mcontext.gregs[REG_ERR]) 345 #define MASK_sig(context) ((context)->uc_sigmask) 346 #define PAGE_FAULT_TRAP 0xe 347 #endif 348 349 int cpu_signal_handler(int host_signum, void *pinfo, 350 void *puc) 351 { 352 siginfo_t *info = pinfo; 353 unsigned long pc; 354 #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) 355 ucontext_t *uc = puc; 356 #elif defined(__OpenBSD__) 357 struct sigcontext *uc = puc; 358 #else 359 ucontext_t *uc = puc; 360 #endif 361 362 pc = PC_sig(uc); 363 return handle_cpu_signal(pc, info, 364 TRAP_sig(uc) == PAGE_FAULT_TRAP ? 365 (ERROR_sig(uc) >> 1) & 1 : 0, 366 &MASK_sig(uc)); 367 } 368 369 #elif defined(_ARCH_PPC) 370 371 /*********************************************************************** 372 * signal context platform-specific definitions 373 * From Wine 374 */ 375 #ifdef linux 376 /* All Registers access - only for local access */ 377 #define REG_sig(reg_name, context) \ 378 ((context)->uc_mcontext.regs->reg_name) 379 /* Gpr Registers access */ 380 #define GPR_sig(reg_num, context) REG_sig(gpr[reg_num], context) 381 /* Program counter */ 382 #define IAR_sig(context) REG_sig(nip, context) 383 /* Machine State Register (Supervisor) */ 384 #define MSR_sig(context) REG_sig(msr, context) 385 /* Count register */ 386 #define CTR_sig(context) REG_sig(ctr, context) 387 /* User's integer exception register */ 388 #define XER_sig(context) REG_sig(xer, context) 389 /* Link register */ 390 #define LR_sig(context) REG_sig(link, context) 391 /* Condition register */ 392 #define CR_sig(context) REG_sig(ccr, context) 393 394 /* Float Registers access */ 395 #define FLOAT_sig(reg_num, context) \ 396 (((double *)((char *)((context)->uc_mcontext.regs + 48 * 4)))[reg_num]) 397 #define FPSCR_sig(context) \ 398 (*(int *)((char *)((context)->uc_mcontext.regs + (48 + 32 * 2) * 4))) 399 /* Exception Registers access */ 400 #define DAR_sig(context) REG_sig(dar, context) 401 #define DSISR_sig(context) REG_sig(dsisr, context) 402 #define TRAP_sig(context) REG_sig(trap, context) 403 #endif /* linux */ 404 405 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 406 #include <ucontext.h> 407 #define IAR_sig(context) ((context)->uc_mcontext.mc_srr0) 408 #define MSR_sig(context) ((context)->uc_mcontext.mc_srr1) 409 #define CTR_sig(context) ((context)->uc_mcontext.mc_ctr) 410 #define XER_sig(context) ((context)->uc_mcontext.mc_xer) 411 #define LR_sig(context) ((context)->uc_mcontext.mc_lr) 412 #define CR_sig(context) ((context)->uc_mcontext.mc_cr) 413 /* Exception Registers access */ 414 #define DAR_sig(context) ((context)->uc_mcontext.mc_dar) 415 #define DSISR_sig(context) ((context)->uc_mcontext.mc_dsisr) 416 #define TRAP_sig(context) ((context)->uc_mcontext.mc_exc) 417 #endif /* __FreeBSD__|| __FreeBSD_kernel__ */ 418 419 int cpu_signal_handler(int host_signum, void *pinfo, 420 void *puc) 421 { 422 siginfo_t *info = pinfo; 423 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) 424 ucontext_t *uc = puc; 425 #else 426 ucontext_t *uc = puc; 427 #endif 428 unsigned long pc; 429 int is_write; 430 431 pc = IAR_sig(uc); 432 is_write = 0; 433 #if 0 434 /* ppc 4xx case */ 435 if (DSISR_sig(uc) & 0x00800000) { 436 is_write = 1; 437 } 438 #else 439 if (TRAP_sig(uc) != 0x400 && (DSISR_sig(uc) & 0x02000000)) { 440 is_write = 1; 441 } 442 #endif 443 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 444 } 445 446 #elif defined(__alpha__) 447 448 int cpu_signal_handler(int host_signum, void *pinfo, 449 void *puc) 450 { 451 siginfo_t *info = pinfo; 452 ucontext_t *uc = puc; 453 uint32_t *pc = uc->uc_mcontext.sc_pc; 454 uint32_t insn = *pc; 455 int is_write = 0; 456 457 /* XXX: need kernel patch to get write flag faster */ 458 switch (insn >> 26) { 459 case 0x0d: /* stw */ 460 case 0x0e: /* stb */ 461 case 0x0f: /* stq_u */ 462 case 0x24: /* stf */ 463 case 0x25: /* stg */ 464 case 0x26: /* sts */ 465 case 0x27: /* stt */ 466 case 0x2c: /* stl */ 467 case 0x2d: /* stq */ 468 case 0x2e: /* stl_c */ 469 case 0x2f: /* stq_c */ 470 is_write = 1; 471 } 472 473 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 474 } 475 #elif defined(__sparc__) 476 477 int cpu_signal_handler(int host_signum, void *pinfo, 478 void *puc) 479 { 480 siginfo_t *info = pinfo; 481 int is_write; 482 uint32_t insn; 483 #if !defined(__arch64__) || defined(CONFIG_SOLARIS) 484 uint32_t *regs = (uint32_t *)(info + 1); 485 void *sigmask = (regs + 20); 486 /* XXX: is there a standard glibc define ? */ 487 unsigned long pc = regs[1]; 488 #else 489 #ifdef __linux__ 490 struct sigcontext *sc = puc; 491 unsigned long pc = sc->sigc_regs.tpc; 492 void *sigmask = (void *)sc->sigc_mask; 493 #elif defined(__OpenBSD__) 494 struct sigcontext *uc = puc; 495 unsigned long pc = uc->sc_pc; 496 void *sigmask = (void *)(long)uc->sc_mask; 497 #elif defined(__NetBSD__) 498 ucontext_t *uc = puc; 499 unsigned long pc = _UC_MACHINE_PC(uc); 500 void *sigmask = (void *)&uc->uc_sigmask; 501 #endif 502 #endif 503 504 /* XXX: need kernel patch to get write flag faster */ 505 is_write = 0; 506 insn = *(uint32_t *)pc; 507 if ((insn >> 30) == 3) { 508 switch ((insn >> 19) & 0x3f) { 509 case 0x05: /* stb */ 510 case 0x15: /* stba */ 511 case 0x06: /* sth */ 512 case 0x16: /* stha */ 513 case 0x04: /* st */ 514 case 0x14: /* sta */ 515 case 0x07: /* std */ 516 case 0x17: /* stda */ 517 case 0x0e: /* stx */ 518 case 0x1e: /* stxa */ 519 case 0x24: /* stf */ 520 case 0x34: /* stfa */ 521 case 0x27: /* stdf */ 522 case 0x37: /* stdfa */ 523 case 0x26: /* stqf */ 524 case 0x36: /* stqfa */ 525 case 0x25: /* stfsr */ 526 case 0x3c: /* casa */ 527 case 0x3e: /* casxa */ 528 is_write = 1; 529 break; 530 } 531 } 532 return handle_cpu_signal(pc, info, is_write, sigmask); 533 } 534 535 #elif defined(__arm__) 536 537 #if defined(__NetBSD__) 538 #include <ucontext.h> 539 #include <sys/siginfo.h> 540 #endif 541 542 int cpu_signal_handler(int host_signum, void *pinfo, 543 void *puc) 544 { 545 siginfo_t *info = pinfo; 546 #if defined(__NetBSD__) 547 ucontext_t *uc = puc; 548 siginfo_t *si = pinfo; 549 #else 550 ucontext_t *uc = puc; 551 #endif 552 unsigned long pc; 553 uint32_t fsr; 554 int is_write; 555 556 #if defined(__NetBSD__) 557 pc = uc->uc_mcontext.__gregs[_REG_R15]; 558 #elif defined(__GLIBC__) && (__GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ <= 3)) 559 pc = uc->uc_mcontext.gregs[R15]; 560 #else 561 pc = uc->uc_mcontext.arm_pc; 562 #endif 563 564 #ifdef __NetBSD__ 565 fsr = si->si_trap; 566 #else 567 fsr = uc->uc_mcontext.error_code; 568 #endif 569 /* 570 * In the FSR, bit 11 is WnR, assuming a v6 or 571 * later processor. On v5 we will always report 572 * this as a read, which will fail later. 573 */ 574 is_write = extract32(fsr, 11, 1); 575 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 576 } 577 578 #elif defined(__aarch64__) 579 580 #if defined(__NetBSD__) 581 582 #include <ucontext.h> 583 #include <sys/siginfo.h> 584 585 int cpu_signal_handler(int host_signum, void *pinfo, void *puc) 586 { 587 ucontext_t *uc = puc; 588 siginfo_t *si = pinfo; 589 unsigned long pc; 590 int is_write; 591 uint32_t esr; 592 593 pc = uc->uc_mcontext.__gregs[_REG_PC]; 594 esr = si->si_trap; 595 596 /* 597 * siginfo_t::si_trap is the ESR value, for data aborts ESR.EC 598 * is 0b10010x: then bit 6 is the WnR bit 599 */ 600 is_write = extract32(esr, 27, 5) == 0x12 && extract32(esr, 6, 1) == 1; 601 return handle_cpu_signal(pc, si, is_write, &uc->uc_sigmask); 602 } 603 604 #else 605 606 #ifndef ESR_MAGIC 607 /* Pre-3.16 kernel headers don't have these, so provide fallback definitions */ 608 #define ESR_MAGIC 0x45535201 609 struct esr_context { 610 struct _aarch64_ctx head; 611 uint64_t esr; 612 }; 613 #endif 614 615 static inline struct _aarch64_ctx *first_ctx(ucontext_t *uc) 616 { 617 return (struct _aarch64_ctx *)&uc->uc_mcontext.__reserved; 618 } 619 620 static inline struct _aarch64_ctx *next_ctx(struct _aarch64_ctx *hdr) 621 { 622 return (struct _aarch64_ctx *)((char *)hdr + hdr->size); 623 } 624 625 int cpu_signal_handler(int host_signum, void *pinfo, void *puc) 626 { 627 siginfo_t *info = pinfo; 628 ucontext_t *uc = puc; 629 uintptr_t pc = uc->uc_mcontext.pc; 630 bool is_write; 631 struct _aarch64_ctx *hdr; 632 struct esr_context const *esrctx = NULL; 633 634 /* Find the esr_context, which has the WnR bit in it */ 635 for (hdr = first_ctx(uc); hdr->magic; hdr = next_ctx(hdr)) { 636 if (hdr->magic == ESR_MAGIC) { 637 esrctx = (struct esr_context const *)hdr; 638 break; 639 } 640 } 641 642 if (esrctx) { 643 /* For data aborts ESR.EC is 0b10010x: then bit 6 is the WnR bit */ 644 uint64_t esr = esrctx->esr; 645 is_write = extract32(esr, 27, 5) == 0x12 && extract32(esr, 6, 1) == 1; 646 } else { 647 /* 648 * Fall back to parsing instructions; will only be needed 649 * for really ancient (pre-3.16) kernels. 650 */ 651 uint32_t insn = *(uint32_t *)pc; 652 653 is_write = ((insn & 0xbfff0000) == 0x0c000000 /* C3.3.1 */ 654 || (insn & 0xbfe00000) == 0x0c800000 /* C3.3.2 */ 655 || (insn & 0xbfdf0000) == 0x0d000000 /* C3.3.3 */ 656 || (insn & 0xbfc00000) == 0x0d800000 /* C3.3.4 */ 657 || (insn & 0x3f400000) == 0x08000000 /* C3.3.6 */ 658 || (insn & 0x3bc00000) == 0x39000000 /* C3.3.13 */ 659 || (insn & 0x3fc00000) == 0x3d800000 /* ... 128bit */ 660 /* Ignore bits 10, 11 & 21, controlling indexing. */ 661 || (insn & 0x3bc00000) == 0x38000000 /* C3.3.8-12 */ 662 || (insn & 0x3fe00000) == 0x3c800000 /* ... 128bit */ 663 /* Ignore bits 23 & 24, controlling indexing. */ 664 || (insn & 0x3a400000) == 0x28000000); /* C3.3.7,14-16 */ 665 } 666 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 667 } 668 #endif 669 670 #elif defined(__s390__) 671 672 int cpu_signal_handler(int host_signum, void *pinfo, 673 void *puc) 674 { 675 siginfo_t *info = pinfo; 676 ucontext_t *uc = puc; 677 unsigned long pc; 678 uint16_t *pinsn; 679 int is_write = 0; 680 681 pc = uc->uc_mcontext.psw.addr; 682 683 /* 684 * ??? On linux, the non-rt signal handler has 4 (!) arguments instead 685 * of the normal 2 arguments. The 4th argument contains the "Translation- 686 * Exception Identification for DAT Exceptions" from the hardware (aka 687 * "int_parm_long"), which does in fact contain the is_write value. 688 * The rt signal handler, as far as I can tell, does not give this value 689 * at all. Not that we could get to it from here even if it were. 690 * So fall back to parsing instructions. Treat read-modify-write ones as 691 * writes, which is not fully correct, but for tracking self-modifying code 692 * this is better than treating them as reads. Checking si_addr page flags 693 * might be a viable improvement, albeit a racy one. 694 */ 695 /* ??? This is not even close to complete. */ 696 pinsn = (uint16_t *)pc; 697 switch (pinsn[0] >> 8) { 698 case 0x50: /* ST */ 699 case 0x42: /* STC */ 700 case 0x40: /* STH */ 701 case 0xba: /* CS */ 702 case 0xbb: /* CDS */ 703 is_write = 1; 704 break; 705 case 0xc4: /* RIL format insns */ 706 switch (pinsn[0] & 0xf) { 707 case 0xf: /* STRL */ 708 case 0xb: /* STGRL */ 709 case 0x7: /* STHRL */ 710 is_write = 1; 711 } 712 break; 713 case 0xc8: /* SSF format insns */ 714 switch (pinsn[0] & 0xf) { 715 case 0x2: /* CSST */ 716 is_write = 1; 717 } 718 break; 719 case 0xe3: /* RXY format insns */ 720 switch (pinsn[2] & 0xff) { 721 case 0x50: /* STY */ 722 case 0x24: /* STG */ 723 case 0x72: /* STCY */ 724 case 0x70: /* STHY */ 725 case 0x8e: /* STPQ */ 726 case 0x3f: /* STRVH */ 727 case 0x3e: /* STRV */ 728 case 0x2f: /* STRVG */ 729 is_write = 1; 730 } 731 break; 732 case 0xeb: /* RSY format insns */ 733 switch (pinsn[2] & 0xff) { 734 case 0x14: /* CSY */ 735 case 0x30: /* CSG */ 736 case 0x31: /* CDSY */ 737 case 0x3e: /* CDSG */ 738 case 0xe4: /* LANG */ 739 case 0xe6: /* LAOG */ 740 case 0xe7: /* LAXG */ 741 case 0xe8: /* LAAG */ 742 case 0xea: /* LAALG */ 743 case 0xf4: /* LAN */ 744 case 0xf6: /* LAO */ 745 case 0xf7: /* LAX */ 746 case 0xfa: /* LAAL */ 747 case 0xf8: /* LAA */ 748 is_write = 1; 749 } 750 break; 751 } 752 753 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 754 } 755 756 #elif defined(__mips__) 757 758 #if defined(__misp16) || defined(__mips_micromips) 759 #error "Unsupported encoding" 760 #endif 761 762 int cpu_signal_handler(int host_signum, void *pinfo, 763 void *puc) 764 { 765 siginfo_t *info = pinfo; 766 ucontext_t *uc = puc; 767 uintptr_t pc = uc->uc_mcontext.pc; 768 uint32_t insn = *(uint32_t *)pc; 769 int is_write = 0; 770 771 /* Detect all store instructions at program counter. */ 772 switch((insn >> 26) & 077) { 773 case 050: /* SB */ 774 case 051: /* SH */ 775 case 052: /* SWL */ 776 case 053: /* SW */ 777 case 054: /* SDL */ 778 case 055: /* SDR */ 779 case 056: /* SWR */ 780 case 070: /* SC */ 781 case 071: /* SWC1 */ 782 case 074: /* SCD */ 783 case 075: /* SDC1 */ 784 case 077: /* SD */ 785 #if !defined(__mips_isa_rev) || __mips_isa_rev < 6 786 case 072: /* SWC2 */ 787 case 076: /* SDC2 */ 788 #endif 789 is_write = 1; 790 break; 791 case 023: /* COP1X */ 792 /* Required in all versions of MIPS64 since 793 MIPS64r1 and subsequent versions of MIPS32r2. */ 794 switch (insn & 077) { 795 case 010: /* SWXC1 */ 796 case 011: /* SDXC1 */ 797 case 015: /* SUXC1 */ 798 is_write = 1; 799 } 800 break; 801 } 802 803 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 804 } 805 806 #elif defined(__riscv) 807 808 int cpu_signal_handler(int host_signum, void *pinfo, 809 void *puc) 810 { 811 siginfo_t *info = pinfo; 812 ucontext_t *uc = puc; 813 greg_t pc = uc->uc_mcontext.__gregs[REG_PC]; 814 uint32_t insn = *(uint32_t *)pc; 815 int is_write = 0; 816 817 /* Detect store by reading the instruction at the program 818 counter. Note: we currently only generate 32-bit 819 instructions so we thus only detect 32-bit stores */ 820 switch (((insn >> 0) & 0b11)) { 821 case 3: 822 switch (((insn >> 2) & 0b11111)) { 823 case 8: 824 switch (((insn >> 12) & 0b111)) { 825 case 0: /* sb */ 826 case 1: /* sh */ 827 case 2: /* sw */ 828 case 3: /* sd */ 829 case 4: /* sq */ 830 is_write = 1; 831 break; 832 default: 833 break; 834 } 835 break; 836 case 9: 837 switch (((insn >> 12) & 0b111)) { 838 case 2: /* fsw */ 839 case 3: /* fsd */ 840 case 4: /* fsq */ 841 is_write = 1; 842 break; 843 default: 844 break; 845 } 846 break; 847 default: 848 break; 849 } 850 } 851 852 /* Check for compressed instructions */ 853 switch (((insn >> 13) & 0b111)) { 854 case 7: 855 switch (insn & 0b11) { 856 case 0: /*c.sd */ 857 case 2: /* c.sdsp */ 858 is_write = 1; 859 break; 860 default: 861 break; 862 } 863 break; 864 case 6: 865 switch (insn & 0b11) { 866 case 0: /* c.sw */ 867 case 3: /* c.swsp */ 868 is_write = 1; 869 break; 870 default: 871 break; 872 } 873 break; 874 default: 875 break; 876 } 877 878 return handle_cpu_signal(pc, info, is_write, &uc->uc_sigmask); 879 } 880 881 #else 882 883 #error host CPU specific signal handler needed 884 885 #endif 886 887 /* The softmmu versions of these helpers are in cputlb.c. */ 888 889 /* 890 * Verify that we have passed the correct MemOp to the correct function. 891 * 892 * We could present one function to target code, and dispatch based on 893 * the MemOp, but so far we have worked hard to avoid an indirect function 894 * call along the memory path. 895 */ 896 static void validate_memop(MemOpIdx oi, MemOp expected) 897 { 898 #ifdef CONFIG_DEBUG_TCG 899 MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP); 900 assert(have == expected); 901 #endif 902 } 903 904 static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr, 905 MemOpIdx oi, uintptr_t ra, MMUAccessType type) 906 { 907 void *ret; 908 909 /* TODO: Enforce guest required alignment. */ 910 911 ret = g2h(env_cpu(env), addr); 912 set_helper_retaddr(ra); 913 return ret; 914 } 915 916 uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr, 917 MemOpIdx oi, uintptr_t ra) 918 { 919 void *haddr; 920 uint8_t ret; 921 922 validate_memop(oi, MO_UB); 923 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 924 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 925 ret = ldub_p(haddr); 926 clear_helper_retaddr(); 927 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 928 return ret; 929 } 930 931 uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr, 932 MemOpIdx oi, uintptr_t ra) 933 { 934 void *haddr; 935 uint16_t ret; 936 937 validate_memop(oi, MO_BEUW); 938 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 939 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 940 ret = lduw_be_p(haddr); 941 clear_helper_retaddr(); 942 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 943 return ret; 944 } 945 946 uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr, 947 MemOpIdx oi, uintptr_t ra) 948 { 949 void *haddr; 950 uint32_t ret; 951 952 validate_memop(oi, MO_BEUL); 953 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 954 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 955 ret = ldl_be_p(haddr); 956 clear_helper_retaddr(); 957 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 958 return ret; 959 } 960 961 uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr, 962 MemOpIdx oi, uintptr_t ra) 963 { 964 void *haddr; 965 uint64_t ret; 966 967 validate_memop(oi, MO_BEQ); 968 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 969 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 970 ret = ldq_be_p(haddr); 971 clear_helper_retaddr(); 972 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 973 return ret; 974 } 975 976 uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr, 977 MemOpIdx oi, uintptr_t ra) 978 { 979 void *haddr; 980 uint16_t ret; 981 982 validate_memop(oi, MO_LEUW); 983 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 984 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 985 ret = lduw_le_p(haddr); 986 clear_helper_retaddr(); 987 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 988 return ret; 989 } 990 991 uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr, 992 MemOpIdx oi, uintptr_t ra) 993 { 994 void *haddr; 995 uint32_t ret; 996 997 validate_memop(oi, MO_LEUL); 998 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 999 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 1000 ret = ldl_le_p(haddr); 1001 clear_helper_retaddr(); 1002 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 1003 return ret; 1004 } 1005 1006 uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr, 1007 MemOpIdx oi, uintptr_t ra) 1008 { 1009 void *haddr; 1010 uint64_t ret; 1011 1012 validate_memop(oi, MO_LEQ); 1013 trace_guest_ld_before_exec(env_cpu(env), addr, oi); 1014 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD); 1015 ret = ldq_le_p(haddr); 1016 clear_helper_retaddr(); 1017 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R); 1018 return ret; 1019 } 1020 1021 void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val, 1022 MemOpIdx oi, uintptr_t ra) 1023 { 1024 void *haddr; 1025 1026 validate_memop(oi, MO_UB); 1027 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1028 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1029 stb_p(haddr, val); 1030 clear_helper_retaddr(); 1031 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1032 } 1033 1034 void cpu_stw_be_mmu(CPUArchState *env, abi_ptr addr, uint16_t val, 1035 MemOpIdx oi, uintptr_t ra) 1036 { 1037 void *haddr; 1038 1039 validate_memop(oi, MO_BEUW); 1040 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1041 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1042 stw_be_p(haddr, val); 1043 clear_helper_retaddr(); 1044 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1045 } 1046 1047 void cpu_stl_be_mmu(CPUArchState *env, abi_ptr addr, uint32_t val, 1048 MemOpIdx oi, uintptr_t ra) 1049 { 1050 void *haddr; 1051 1052 validate_memop(oi, MO_BEUL); 1053 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1054 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1055 stl_be_p(haddr, val); 1056 clear_helper_retaddr(); 1057 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1058 } 1059 1060 void cpu_stq_be_mmu(CPUArchState *env, abi_ptr addr, uint64_t val, 1061 MemOpIdx oi, uintptr_t ra) 1062 { 1063 void *haddr; 1064 1065 validate_memop(oi, MO_BEQ); 1066 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1067 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1068 stq_be_p(haddr, val); 1069 clear_helper_retaddr(); 1070 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1071 } 1072 1073 void cpu_stw_le_mmu(CPUArchState *env, abi_ptr addr, uint16_t val, 1074 MemOpIdx oi, uintptr_t ra) 1075 { 1076 void *haddr; 1077 1078 validate_memop(oi, MO_LEUW); 1079 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1080 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1081 stw_le_p(haddr, val); 1082 clear_helper_retaddr(); 1083 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1084 } 1085 1086 void cpu_stl_le_mmu(CPUArchState *env, abi_ptr addr, uint32_t val, 1087 MemOpIdx oi, uintptr_t ra) 1088 { 1089 void *haddr; 1090 1091 validate_memop(oi, MO_LEUL); 1092 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1093 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1094 stl_le_p(haddr, val); 1095 clear_helper_retaddr(); 1096 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1097 } 1098 1099 void cpu_stq_le_mmu(CPUArchState *env, abi_ptr addr, uint64_t val, 1100 MemOpIdx oi, uintptr_t ra) 1101 { 1102 void *haddr; 1103 1104 validate_memop(oi, MO_LEQ); 1105 trace_guest_st_before_exec(env_cpu(env), addr, oi); 1106 haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE); 1107 stq_le_p(haddr, val); 1108 clear_helper_retaddr(); 1109 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W); 1110 } 1111 1112 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr ptr) 1113 { 1114 uint32_t ret; 1115 1116 set_helper_retaddr(1); 1117 ret = ldub_p(g2h_untagged(ptr)); 1118 clear_helper_retaddr(); 1119 return ret; 1120 } 1121 1122 uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr ptr) 1123 { 1124 uint32_t ret; 1125 1126 set_helper_retaddr(1); 1127 ret = lduw_p(g2h_untagged(ptr)); 1128 clear_helper_retaddr(); 1129 return ret; 1130 } 1131 1132 uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr ptr) 1133 { 1134 uint32_t ret; 1135 1136 set_helper_retaddr(1); 1137 ret = ldl_p(g2h_untagged(ptr)); 1138 clear_helper_retaddr(); 1139 return ret; 1140 } 1141 1142 uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr) 1143 { 1144 uint64_t ret; 1145 1146 set_helper_retaddr(1); 1147 ret = ldq_p(g2h_untagged(ptr)); 1148 clear_helper_retaddr(); 1149 return ret; 1150 } 1151 1152 #include "ldst_common.c.inc" 1153 1154 /* 1155 * Do not allow unaligned operations to proceed. Return the host address. 1156 * 1157 * @prot may be PAGE_READ, PAGE_WRITE, or PAGE_READ|PAGE_WRITE. 1158 */ 1159 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr, 1160 MemOpIdx oi, int size, int prot, 1161 uintptr_t retaddr) 1162 { 1163 /* Enforce qemu required alignment. */ 1164 if (unlikely(addr & (size - 1))) { 1165 cpu_loop_exit_atomic(env_cpu(env), retaddr); 1166 } 1167 void *ret = g2h(env_cpu(env), addr); 1168 set_helper_retaddr(retaddr); 1169 return ret; 1170 } 1171 1172 #include "atomic_common.c.inc" 1173 1174 /* 1175 * First set of functions passes in OI and RETADDR. 1176 * This makes them callable from other helpers. 1177 */ 1178 1179 #define ATOMIC_NAME(X) \ 1180 glue(glue(glue(cpu_atomic_ ## X, SUFFIX), END), _mmu) 1181 #define ATOMIC_MMU_CLEANUP do { clear_helper_retaddr(); } while (0) 1182 #define ATOMIC_MMU_IDX MMU_USER_IDX 1183 1184 #define DATA_SIZE 1 1185 #include "atomic_template.h" 1186 1187 #define DATA_SIZE 2 1188 #include "atomic_template.h" 1189 1190 #define DATA_SIZE 4 1191 #include "atomic_template.h" 1192 1193 #ifdef CONFIG_ATOMIC64 1194 #define DATA_SIZE 8 1195 #include "atomic_template.h" 1196 #endif 1197 1198 #if HAVE_ATOMIC128 || HAVE_CMPXCHG128 1199 #define DATA_SIZE 16 1200 #include "atomic_template.h" 1201 #endif 1202