xref: /openbmc/qemu/linux-user/main.c (revision 1b111dc1)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <stdarg.h>
22 #include <string.h>
23 #include <errno.h>
24 #include <unistd.h>
25 #include <sys/mman.h>
26 #include <sys/syscall.h>
27 #include <sys/resource.h>
28 
29 #include "qemu.h"
30 #include "qemu-common.h"
31 #include "qemu/cache-utils.h"
32 #include "cpu.h"
33 #include "tcg.h"
34 #include "qemu/timer.h"
35 #include "qemu/envlist.h"
36 #include "elf.h"
37 
38 char *exec_path;
39 
40 int singlestep;
41 const char *filename;
42 const char *argv0;
43 int gdbstub_port;
44 envlist_t *envlist;
45 static const char *cpu_model;
46 unsigned long mmap_min_addr;
47 #if defined(CONFIG_USE_GUEST_BASE)
48 unsigned long guest_base;
49 int have_guest_base;
50 #if (TARGET_LONG_BITS == 32) && (HOST_LONG_BITS == 64)
51 /*
52  * When running 32-on-64 we should make sure we can fit all of the possible
53  * guest address space into a contiguous chunk of virtual host memory.
54  *
55  * This way we will never overlap with our own libraries or binaries or stack
56  * or anything else that QEMU maps.
57  */
58 # ifdef TARGET_MIPS
59 /* MIPS only supports 31 bits of virtual address space for user space */
60 unsigned long reserved_va = 0x77000000;
61 # else
62 unsigned long reserved_va = 0xf7000000;
63 # endif
64 #else
65 unsigned long reserved_va;
66 #endif
67 #endif
68 
69 static void usage(void);
70 
71 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
72 const char *qemu_uname_release = CONFIG_UNAME_RELEASE;
73 
74 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
75    we allocate a bigger stack. Need a better solution, for example
76    by remapping the process stack directly at the right place */
77 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
78 
79 void gemu_log(const char *fmt, ...)
80 {
81     va_list ap;
82 
83     va_start(ap, fmt);
84     vfprintf(stderr, fmt, ap);
85     va_end(ap);
86 }
87 
88 #if defined(TARGET_I386)
89 int cpu_get_pic_interrupt(CPUX86State *env)
90 {
91     return -1;
92 }
93 #endif
94 
95 /***********************************************************/
96 /* Helper routines for implementing atomic operations.  */
97 
98 /* To implement exclusive operations we force all cpus to syncronise.
99    We don't require a full sync, only that no cpus are executing guest code.
100    The alternative is to map target atomic ops onto host equivalents,
101    which requires quite a lot of per host/target work.  */
102 static pthread_mutex_t cpu_list_mutex = PTHREAD_MUTEX_INITIALIZER;
103 static pthread_mutex_t exclusive_lock = PTHREAD_MUTEX_INITIALIZER;
104 static pthread_cond_t exclusive_cond = PTHREAD_COND_INITIALIZER;
105 static pthread_cond_t exclusive_resume = PTHREAD_COND_INITIALIZER;
106 static int pending_cpus;
107 
108 /* Make sure everything is in a consistent state for calling fork().  */
109 void fork_start(void)
110 {
111     pthread_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
112     pthread_mutex_lock(&exclusive_lock);
113     mmap_fork_start();
114 }
115 
116 void fork_end(int child)
117 {
118     mmap_fork_end(child);
119     if (child) {
120         CPUState *cpu, *next_cpu;
121         /* Child processes created by fork() only have a single thread.
122            Discard information about the parent threads.  */
123         CPU_FOREACH_SAFE(cpu, next_cpu) {
124             if (cpu != thread_cpu) {
125                 QTAILQ_REMOVE(&cpus, thread_cpu, node);
126             }
127         }
128         pending_cpus = 0;
129         pthread_mutex_init(&exclusive_lock, NULL);
130         pthread_mutex_init(&cpu_list_mutex, NULL);
131         pthread_cond_init(&exclusive_cond, NULL);
132         pthread_cond_init(&exclusive_resume, NULL);
133         pthread_mutex_init(&tcg_ctx.tb_ctx.tb_lock, NULL);
134         gdbserver_fork((CPUArchState *)thread_cpu->env_ptr);
135     } else {
136         pthread_mutex_unlock(&exclusive_lock);
137         pthread_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
138     }
139 }
140 
141 /* Wait for pending exclusive operations to complete.  The exclusive lock
142    must be held.  */
143 static inline void exclusive_idle(void)
144 {
145     while (pending_cpus) {
146         pthread_cond_wait(&exclusive_resume, &exclusive_lock);
147     }
148 }
149 
150 /* Start an exclusive operation.
151    Must only be called from outside cpu_arm_exec.   */
152 static inline void start_exclusive(void)
153 {
154     CPUState *other_cpu;
155 
156     pthread_mutex_lock(&exclusive_lock);
157     exclusive_idle();
158 
159     pending_cpus = 1;
160     /* Make all other cpus stop executing.  */
161     CPU_FOREACH(other_cpu) {
162         if (other_cpu->running) {
163             pending_cpus++;
164             cpu_exit(other_cpu);
165         }
166     }
167     if (pending_cpus > 1) {
168         pthread_cond_wait(&exclusive_cond, &exclusive_lock);
169     }
170 }
171 
172 /* Finish an exclusive operation.  */
173 static inline void end_exclusive(void)
174 {
175     pending_cpus = 0;
176     pthread_cond_broadcast(&exclusive_resume);
177     pthread_mutex_unlock(&exclusive_lock);
178 }
179 
180 /* Wait for exclusive ops to finish, and begin cpu execution.  */
181 static inline void cpu_exec_start(CPUState *cpu)
182 {
183     pthread_mutex_lock(&exclusive_lock);
184     exclusive_idle();
185     cpu->running = true;
186     pthread_mutex_unlock(&exclusive_lock);
187 }
188 
189 /* Mark cpu as not executing, and release pending exclusive ops.  */
190 static inline void cpu_exec_end(CPUState *cpu)
191 {
192     pthread_mutex_lock(&exclusive_lock);
193     cpu->running = false;
194     if (pending_cpus > 1) {
195         pending_cpus--;
196         if (pending_cpus == 1) {
197             pthread_cond_signal(&exclusive_cond);
198         }
199     }
200     exclusive_idle();
201     pthread_mutex_unlock(&exclusive_lock);
202 }
203 
204 void cpu_list_lock(void)
205 {
206     pthread_mutex_lock(&cpu_list_mutex);
207 }
208 
209 void cpu_list_unlock(void)
210 {
211     pthread_mutex_unlock(&cpu_list_mutex);
212 }
213 
214 
215 #ifdef TARGET_I386
216 /***********************************************************/
217 /* CPUX86 core interface */
218 
219 void cpu_smm_update(CPUX86State *env)
220 {
221 }
222 
223 uint64_t cpu_get_tsc(CPUX86State *env)
224 {
225     return cpu_get_real_ticks();
226 }
227 
228 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
229                      int flags)
230 {
231     unsigned int e1, e2;
232     uint32_t *p;
233     e1 = (addr << 16) | (limit & 0xffff);
234     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
235     e2 |= flags;
236     p = ptr;
237     p[0] = tswap32(e1);
238     p[1] = tswap32(e2);
239 }
240 
241 static uint64_t *idt_table;
242 #ifdef TARGET_X86_64
243 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
244                        uint64_t addr, unsigned int sel)
245 {
246     uint32_t *p, e1, e2;
247     e1 = (addr & 0xffff) | (sel << 16);
248     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
249     p = ptr;
250     p[0] = tswap32(e1);
251     p[1] = tswap32(e2);
252     p[2] = tswap32(addr >> 32);
253     p[3] = 0;
254 }
255 /* only dpl matters as we do only user space emulation */
256 static void set_idt(int n, unsigned int dpl)
257 {
258     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
259 }
260 #else
261 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
262                      uint32_t addr, unsigned int sel)
263 {
264     uint32_t *p, e1, e2;
265     e1 = (addr & 0xffff) | (sel << 16);
266     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
267     p = ptr;
268     p[0] = tswap32(e1);
269     p[1] = tswap32(e2);
270 }
271 
272 /* only dpl matters as we do only user space emulation */
273 static void set_idt(int n, unsigned int dpl)
274 {
275     set_gate(idt_table + n, 0, dpl, 0, 0);
276 }
277 #endif
278 
279 void cpu_loop(CPUX86State *env)
280 {
281     CPUState *cs = CPU(x86_env_get_cpu(env));
282     int trapnr;
283     abi_ulong pc;
284     target_siginfo_t info;
285 
286     for(;;) {
287         trapnr = cpu_x86_exec(env);
288         switch(trapnr) {
289         case 0x80:
290             /* linux syscall from int $0x80 */
291             env->regs[R_EAX] = do_syscall(env,
292                                           env->regs[R_EAX],
293                                           env->regs[R_EBX],
294                                           env->regs[R_ECX],
295                                           env->regs[R_EDX],
296                                           env->regs[R_ESI],
297                                           env->regs[R_EDI],
298                                           env->regs[R_EBP],
299                                           0, 0);
300             break;
301 #ifndef TARGET_ABI32
302         case EXCP_SYSCALL:
303             /* linux syscall from syscall instruction */
304             env->regs[R_EAX] = do_syscall(env,
305                                           env->regs[R_EAX],
306                                           env->regs[R_EDI],
307                                           env->regs[R_ESI],
308                                           env->regs[R_EDX],
309                                           env->regs[10],
310                                           env->regs[8],
311                                           env->regs[9],
312                                           0, 0);
313             env->eip = env->exception_next_eip;
314             break;
315 #endif
316         case EXCP0B_NOSEG:
317         case EXCP0C_STACK:
318             info.si_signo = SIGBUS;
319             info.si_errno = 0;
320             info.si_code = TARGET_SI_KERNEL;
321             info._sifields._sigfault._addr = 0;
322             queue_signal(env, info.si_signo, &info);
323             break;
324         case EXCP0D_GPF:
325             /* XXX: potential problem if ABI32 */
326 #ifndef TARGET_X86_64
327             if (env->eflags & VM_MASK) {
328                 handle_vm86_fault(env);
329             } else
330 #endif
331             {
332                 info.si_signo = SIGSEGV;
333                 info.si_errno = 0;
334                 info.si_code = TARGET_SI_KERNEL;
335                 info._sifields._sigfault._addr = 0;
336                 queue_signal(env, info.si_signo, &info);
337             }
338             break;
339         case EXCP0E_PAGE:
340             info.si_signo = SIGSEGV;
341             info.si_errno = 0;
342             if (!(env->error_code & 1))
343                 info.si_code = TARGET_SEGV_MAPERR;
344             else
345                 info.si_code = TARGET_SEGV_ACCERR;
346             info._sifields._sigfault._addr = env->cr[2];
347             queue_signal(env, info.si_signo, &info);
348             break;
349         case EXCP00_DIVZ:
350 #ifndef TARGET_X86_64
351             if (env->eflags & VM_MASK) {
352                 handle_vm86_trap(env, trapnr);
353             } else
354 #endif
355             {
356                 /* division by zero */
357                 info.si_signo = SIGFPE;
358                 info.si_errno = 0;
359                 info.si_code = TARGET_FPE_INTDIV;
360                 info._sifields._sigfault._addr = env->eip;
361                 queue_signal(env, info.si_signo, &info);
362             }
363             break;
364         case EXCP01_DB:
365         case EXCP03_INT3:
366 #ifndef TARGET_X86_64
367             if (env->eflags & VM_MASK) {
368                 handle_vm86_trap(env, trapnr);
369             } else
370 #endif
371             {
372                 info.si_signo = SIGTRAP;
373                 info.si_errno = 0;
374                 if (trapnr == EXCP01_DB) {
375                     info.si_code = TARGET_TRAP_BRKPT;
376                     info._sifields._sigfault._addr = env->eip;
377                 } else {
378                     info.si_code = TARGET_SI_KERNEL;
379                     info._sifields._sigfault._addr = 0;
380                 }
381                 queue_signal(env, info.si_signo, &info);
382             }
383             break;
384         case EXCP04_INTO:
385         case EXCP05_BOUND:
386 #ifndef TARGET_X86_64
387             if (env->eflags & VM_MASK) {
388                 handle_vm86_trap(env, trapnr);
389             } else
390 #endif
391             {
392                 info.si_signo = SIGSEGV;
393                 info.si_errno = 0;
394                 info.si_code = TARGET_SI_KERNEL;
395                 info._sifields._sigfault._addr = 0;
396                 queue_signal(env, info.si_signo, &info);
397             }
398             break;
399         case EXCP06_ILLOP:
400             info.si_signo = SIGILL;
401             info.si_errno = 0;
402             info.si_code = TARGET_ILL_ILLOPN;
403             info._sifields._sigfault._addr = env->eip;
404             queue_signal(env, info.si_signo, &info);
405             break;
406         case EXCP_INTERRUPT:
407             /* just indicate that signals should be handled asap */
408             break;
409         case EXCP_DEBUG:
410             {
411                 int sig;
412 
413                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
414                 if (sig)
415                   {
416                     info.si_signo = sig;
417                     info.si_errno = 0;
418                     info.si_code = TARGET_TRAP_BRKPT;
419                     queue_signal(env, info.si_signo, &info);
420                   }
421             }
422             break;
423         default:
424             pc = env->segs[R_CS].base + env->eip;
425             fprintf(stderr, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
426                     (long)pc, trapnr);
427             abort();
428         }
429         process_pending_signals(env);
430     }
431 }
432 #endif
433 
434 #ifdef TARGET_ARM
435 
436 #define get_user_code_u32(x, gaddr, doswap)             \
437     ({ abi_long __r = get_user_u32((x), (gaddr));       \
438         if (!__r && (doswap)) {                         \
439             (x) = bswap32(x);                           \
440         }                                               \
441         __r;                                            \
442     })
443 
444 #define get_user_code_u16(x, gaddr, doswap)             \
445     ({ abi_long __r = get_user_u16((x), (gaddr));       \
446         if (!__r && (doswap)) {                         \
447             (x) = bswap16(x);                           \
448         }                                               \
449         __r;                                            \
450     })
451 
452 #ifdef TARGET_ABI32
453 /* Commpage handling -- there is no commpage for AArch64 */
454 
455 /*
456  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
457  * Input:
458  * r0 = pointer to oldval
459  * r1 = pointer to newval
460  * r2 = pointer to target value
461  *
462  * Output:
463  * r0 = 0 if *ptr was changed, non-0 if no exchange happened
464  * C set if *ptr was changed, clear if no exchange happened
465  *
466  * Note segv's in kernel helpers are a bit tricky, we can set the
467  * data address sensibly but the PC address is just the entry point.
468  */
469 static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
470 {
471     uint64_t oldval, newval, val;
472     uint32_t addr, cpsr;
473     target_siginfo_t info;
474 
475     /* Based on the 32 bit code in do_kernel_trap */
476 
477     /* XXX: This only works between threads, not between processes.
478        It's probably possible to implement this with native host
479        operations. However things like ldrex/strex are much harder so
480        there's not much point trying.  */
481     start_exclusive();
482     cpsr = cpsr_read(env);
483     addr = env->regs[2];
484 
485     if (get_user_u64(oldval, env->regs[0])) {
486         env->cp15.c6_data = env->regs[0];
487         goto segv;
488     };
489 
490     if (get_user_u64(newval, env->regs[1])) {
491         env->cp15.c6_data = env->regs[1];
492         goto segv;
493     };
494 
495     if (get_user_u64(val, addr)) {
496         env->cp15.c6_data = addr;
497         goto segv;
498     }
499 
500     if (val == oldval) {
501         val = newval;
502 
503         if (put_user_u64(val, addr)) {
504             env->cp15.c6_data = addr;
505             goto segv;
506         };
507 
508         env->regs[0] = 0;
509         cpsr |= CPSR_C;
510     } else {
511         env->regs[0] = -1;
512         cpsr &= ~CPSR_C;
513     }
514     cpsr_write(env, cpsr, CPSR_C);
515     end_exclusive();
516     return;
517 
518 segv:
519     end_exclusive();
520     /* We get the PC of the entry address - which is as good as anything,
521        on a real kernel what you get depends on which mode it uses. */
522     info.si_signo = SIGSEGV;
523     info.si_errno = 0;
524     /* XXX: check env->error_code */
525     info.si_code = TARGET_SEGV_MAPERR;
526     info._sifields._sigfault._addr = env->cp15.c6_data;
527     queue_signal(env, info.si_signo, &info);
528 
529     end_exclusive();
530 }
531 
532 /* Handle a jump to the kernel code page.  */
533 static int
534 do_kernel_trap(CPUARMState *env)
535 {
536     uint32_t addr;
537     uint32_t cpsr;
538     uint32_t val;
539 
540     switch (env->regs[15]) {
541     case 0xffff0fa0: /* __kernel_memory_barrier */
542         /* ??? No-op. Will need to do better for SMP.  */
543         break;
544     case 0xffff0fc0: /* __kernel_cmpxchg */
545          /* XXX: This only works between threads, not between processes.
546             It's probably possible to implement this with native host
547             operations. However things like ldrex/strex are much harder so
548             there's not much point trying.  */
549         start_exclusive();
550         cpsr = cpsr_read(env);
551         addr = env->regs[2];
552         /* FIXME: This should SEGV if the access fails.  */
553         if (get_user_u32(val, addr))
554             val = ~env->regs[0];
555         if (val == env->regs[0]) {
556             val = env->regs[1];
557             /* FIXME: Check for segfaults.  */
558             put_user_u32(val, addr);
559             env->regs[0] = 0;
560             cpsr |= CPSR_C;
561         } else {
562             env->regs[0] = -1;
563             cpsr &= ~CPSR_C;
564         }
565         cpsr_write(env, cpsr, CPSR_C);
566         end_exclusive();
567         break;
568     case 0xffff0fe0: /* __kernel_get_tls */
569         env->regs[0] = env->cp15.c13_tls2;
570         break;
571     case 0xffff0f60: /* __kernel_cmpxchg64 */
572         arm_kernel_cmpxchg64_helper(env);
573         break;
574 
575     default:
576         return 1;
577     }
578     /* Jump back to the caller.  */
579     addr = env->regs[14];
580     if (addr & 1) {
581         env->thumb = 1;
582         addr &= ~1;
583     }
584     env->regs[15] = addr;
585 
586     return 0;
587 }
588 #endif
589 
590 static int do_strex(CPUARMState *env)
591 {
592     uint32_t val;
593     int size;
594     int rc = 1;
595     int segv = 0;
596     uint32_t addr;
597     start_exclusive();
598     addr = env->exclusive_addr;
599     if (addr != env->exclusive_test) {
600         goto fail;
601     }
602     size = env->exclusive_info & 0xf;
603     switch (size) {
604     case 0:
605         segv = get_user_u8(val, addr);
606         break;
607     case 1:
608         segv = get_user_u16(val, addr);
609         break;
610     case 2:
611     case 3:
612         segv = get_user_u32(val, addr);
613         break;
614     default:
615         abort();
616     }
617     if (segv) {
618         env->cp15.c6_data = addr;
619         goto done;
620     }
621     if (val != env->exclusive_val) {
622         goto fail;
623     }
624     if (size == 3) {
625         segv = get_user_u32(val, addr + 4);
626         if (segv) {
627             env->cp15.c6_data = addr + 4;
628             goto done;
629         }
630         if (val != env->exclusive_high) {
631             goto fail;
632         }
633     }
634     val = env->regs[(env->exclusive_info >> 8) & 0xf];
635     switch (size) {
636     case 0:
637         segv = put_user_u8(val, addr);
638         break;
639     case 1:
640         segv = put_user_u16(val, addr);
641         break;
642     case 2:
643     case 3:
644         segv = put_user_u32(val, addr);
645         break;
646     }
647     if (segv) {
648         env->cp15.c6_data = addr;
649         goto done;
650     }
651     if (size == 3) {
652         val = env->regs[(env->exclusive_info >> 12) & 0xf];
653         segv = put_user_u32(val, addr + 4);
654         if (segv) {
655             env->cp15.c6_data = addr + 4;
656             goto done;
657         }
658     }
659     rc = 0;
660 fail:
661     env->regs[15] += 4;
662     env->regs[(env->exclusive_info >> 4) & 0xf] = rc;
663 done:
664     end_exclusive();
665     return segv;
666 }
667 
668 #ifdef TARGET_ABI32
669 void cpu_loop(CPUARMState *env)
670 {
671     CPUState *cs = CPU(arm_env_get_cpu(env));
672     int trapnr;
673     unsigned int n, insn;
674     target_siginfo_t info;
675     uint32_t addr;
676 
677     for(;;) {
678         cpu_exec_start(cs);
679         trapnr = cpu_arm_exec(env);
680         cpu_exec_end(cs);
681         switch(trapnr) {
682         case EXCP_UDEF:
683             {
684                 TaskState *ts = env->opaque;
685                 uint32_t opcode;
686                 int rc;
687 
688                 /* we handle the FPU emulation here, as Linux */
689                 /* we get the opcode */
690                 /* FIXME - what to do if get_user() fails? */
691                 get_user_code_u32(opcode, env->regs[15], env->bswap_code);
692 
693                 rc = EmulateAll(opcode, &ts->fpa, env);
694                 if (rc == 0) { /* illegal instruction */
695                     info.si_signo = SIGILL;
696                     info.si_errno = 0;
697                     info.si_code = TARGET_ILL_ILLOPN;
698                     info._sifields._sigfault._addr = env->regs[15];
699                     queue_signal(env, info.si_signo, &info);
700                 } else if (rc < 0) { /* FP exception */
701                     int arm_fpe=0;
702 
703                     /* translate softfloat flags to FPSR flags */
704                     if (-rc & float_flag_invalid)
705                       arm_fpe |= BIT_IOC;
706                     if (-rc & float_flag_divbyzero)
707                       arm_fpe |= BIT_DZC;
708                     if (-rc & float_flag_overflow)
709                       arm_fpe |= BIT_OFC;
710                     if (-rc & float_flag_underflow)
711                       arm_fpe |= BIT_UFC;
712                     if (-rc & float_flag_inexact)
713                       arm_fpe |= BIT_IXC;
714 
715                     FPSR fpsr = ts->fpa.fpsr;
716                     //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
717 
718                     if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
719                       info.si_signo = SIGFPE;
720                       info.si_errno = 0;
721 
722                       /* ordered by priority, least first */
723                       if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
724                       if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
725                       if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
726                       if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
727                       if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
728 
729                       info._sifields._sigfault._addr = env->regs[15];
730                       queue_signal(env, info.si_signo, &info);
731                     } else {
732                       env->regs[15] += 4;
733                     }
734 
735                     /* accumulate unenabled exceptions */
736                     if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
737                       fpsr |= BIT_IXC;
738                     if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
739                       fpsr |= BIT_UFC;
740                     if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
741                       fpsr |= BIT_OFC;
742                     if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
743                       fpsr |= BIT_DZC;
744                     if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
745                       fpsr |= BIT_IOC;
746                     ts->fpa.fpsr=fpsr;
747                 } else { /* everything OK */
748                     /* increment PC */
749                     env->regs[15] += 4;
750                 }
751             }
752             break;
753         case EXCP_SWI:
754         case EXCP_BKPT:
755             {
756                 env->eabi = 1;
757                 /* system call */
758                 if (trapnr == EXCP_BKPT) {
759                     if (env->thumb) {
760                         /* FIXME - what to do if get_user() fails? */
761                         get_user_code_u16(insn, env->regs[15], env->bswap_code);
762                         n = insn & 0xff;
763                         env->regs[15] += 2;
764                     } else {
765                         /* FIXME - what to do if get_user() fails? */
766                         get_user_code_u32(insn, env->regs[15], env->bswap_code);
767                         n = (insn & 0xf) | ((insn >> 4) & 0xff0);
768                         env->regs[15] += 4;
769                     }
770                 } else {
771                     if (env->thumb) {
772                         /* FIXME - what to do if get_user() fails? */
773                         get_user_code_u16(insn, env->regs[15] - 2,
774                                           env->bswap_code);
775                         n = insn & 0xff;
776                     } else {
777                         /* FIXME - what to do if get_user() fails? */
778                         get_user_code_u32(insn, env->regs[15] - 4,
779                                           env->bswap_code);
780                         n = insn & 0xffffff;
781                     }
782                 }
783 
784                 if (n == ARM_NR_cacheflush) {
785                     /* nop */
786                 } else if (n == ARM_NR_semihosting
787                            || n == ARM_NR_thumb_semihosting) {
788                     env->regs[0] = do_arm_semihosting (env);
789                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
790                     /* linux syscall */
791                     if (env->thumb || n == 0) {
792                         n = env->regs[7];
793                     } else {
794                         n -= ARM_SYSCALL_BASE;
795                         env->eabi = 0;
796                     }
797                     if ( n > ARM_NR_BASE) {
798                         switch (n) {
799                         case ARM_NR_cacheflush:
800                             /* nop */
801                             break;
802                         case ARM_NR_set_tls:
803                             cpu_set_tls(env, env->regs[0]);
804                             env->regs[0] = 0;
805                             break;
806                         default:
807                             gemu_log("qemu: Unsupported ARM syscall: 0x%x\n",
808                                      n);
809                             env->regs[0] = -TARGET_ENOSYS;
810                             break;
811                         }
812                     } else {
813                         env->regs[0] = do_syscall(env,
814                                                   n,
815                                                   env->regs[0],
816                                                   env->regs[1],
817                                                   env->regs[2],
818                                                   env->regs[3],
819                                                   env->regs[4],
820                                                   env->regs[5],
821                                                   0, 0);
822                     }
823                 } else {
824                     goto error;
825                 }
826             }
827             break;
828         case EXCP_INTERRUPT:
829             /* just indicate that signals should be handled asap */
830             break;
831         case EXCP_PREFETCH_ABORT:
832             addr = env->cp15.c6_insn;
833             goto do_segv;
834         case EXCP_DATA_ABORT:
835             addr = env->cp15.c6_data;
836         do_segv:
837             {
838                 info.si_signo = SIGSEGV;
839                 info.si_errno = 0;
840                 /* XXX: check env->error_code */
841                 info.si_code = TARGET_SEGV_MAPERR;
842                 info._sifields._sigfault._addr = addr;
843                 queue_signal(env, info.si_signo, &info);
844             }
845             break;
846         case EXCP_DEBUG:
847             {
848                 int sig;
849 
850                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
851                 if (sig)
852                   {
853                     info.si_signo = sig;
854                     info.si_errno = 0;
855                     info.si_code = TARGET_TRAP_BRKPT;
856                     queue_signal(env, info.si_signo, &info);
857                   }
858             }
859             break;
860         case EXCP_KERNEL_TRAP:
861             if (do_kernel_trap(env))
862               goto error;
863             break;
864         case EXCP_STREX:
865             if (do_strex(env)) {
866                 addr = env->cp15.c6_data;
867                 goto do_segv;
868             }
869             break;
870         default:
871         error:
872             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
873                     trapnr);
874             cpu_dump_state(cs, stderr, fprintf, 0);
875             abort();
876         }
877         process_pending_signals(env);
878     }
879 }
880 
881 #else
882 
883 /* AArch64 main loop */
884 void cpu_loop(CPUARMState *env)
885 {
886     CPUState *cs = CPU(arm_env_get_cpu(env));
887     int trapnr, sig;
888     target_siginfo_t info;
889     uint32_t addr;
890 
891     for (;;) {
892         cpu_exec_start(cs);
893         trapnr = cpu_arm_exec(env);
894         cpu_exec_end(cs);
895 
896         switch (trapnr) {
897         case EXCP_SWI:
898             env->xregs[0] = do_syscall(env,
899                                        env->xregs[8],
900                                        env->xregs[0],
901                                        env->xregs[1],
902                                        env->xregs[2],
903                                        env->xregs[3],
904                                        env->xregs[4],
905                                        env->xregs[5],
906                                        0, 0);
907             break;
908         case EXCP_INTERRUPT:
909             /* just indicate that signals should be handled asap */
910             break;
911         case EXCP_UDEF:
912             info.si_signo = SIGILL;
913             info.si_errno = 0;
914             info.si_code = TARGET_ILL_ILLOPN;
915             info._sifields._sigfault._addr = env->pc;
916             queue_signal(env, info.si_signo, &info);
917             break;
918         case EXCP_PREFETCH_ABORT:
919             addr = env->cp15.c6_insn;
920             goto do_segv;
921         case EXCP_DATA_ABORT:
922             addr = env->cp15.c6_data;
923         do_segv:
924             info.si_signo = SIGSEGV;
925             info.si_errno = 0;
926             /* XXX: check env->error_code */
927             info.si_code = TARGET_SEGV_MAPERR;
928             info._sifields._sigfault._addr = addr;
929             queue_signal(env, info.si_signo, &info);
930             break;
931         case EXCP_DEBUG:
932         case EXCP_BKPT:
933             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
934             if (sig) {
935                 info.si_signo = sig;
936                 info.si_errno = 0;
937                 info.si_code = TARGET_TRAP_BRKPT;
938                 queue_signal(env, info.si_signo, &info);
939             }
940             break;
941         case EXCP_STREX:
942             if (do_strex(env)) {
943                 addr = env->cp15.c6_data;
944                 goto do_segv;
945             }
946             break;
947         default:
948             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
949                     trapnr);
950             cpu_dump_state(cs, stderr, fprintf, 0);
951             abort();
952         }
953         process_pending_signals(env);
954     }
955 }
956 #endif /* ndef TARGET_ABI32 */
957 
958 #endif
959 
960 #ifdef TARGET_UNICORE32
961 
962 void cpu_loop(CPUUniCore32State *env)
963 {
964     CPUState *cs = CPU(uc32_env_get_cpu(env));
965     int trapnr;
966     unsigned int n, insn;
967     target_siginfo_t info;
968 
969     for (;;) {
970         cpu_exec_start(cs);
971         trapnr = uc32_cpu_exec(env);
972         cpu_exec_end(cs);
973         switch (trapnr) {
974         case UC32_EXCP_PRIV:
975             {
976                 /* system call */
977                 get_user_u32(insn, env->regs[31] - 4);
978                 n = insn & 0xffffff;
979 
980                 if (n >= UC32_SYSCALL_BASE) {
981                     /* linux syscall */
982                     n -= UC32_SYSCALL_BASE;
983                     if (n == UC32_SYSCALL_NR_set_tls) {
984                             cpu_set_tls(env, env->regs[0]);
985                             env->regs[0] = 0;
986                     } else {
987                         env->regs[0] = do_syscall(env,
988                                                   n,
989                                                   env->regs[0],
990                                                   env->regs[1],
991                                                   env->regs[2],
992                                                   env->regs[3],
993                                                   env->regs[4],
994                                                   env->regs[5],
995                                                   0, 0);
996                     }
997                 } else {
998                     goto error;
999                 }
1000             }
1001             break;
1002         case UC32_EXCP_DTRAP:
1003         case UC32_EXCP_ITRAP:
1004             info.si_signo = SIGSEGV;
1005             info.si_errno = 0;
1006             /* XXX: check env->error_code */
1007             info.si_code = TARGET_SEGV_MAPERR;
1008             info._sifields._sigfault._addr = env->cp0.c4_faultaddr;
1009             queue_signal(env, info.si_signo, &info);
1010             break;
1011         case EXCP_INTERRUPT:
1012             /* just indicate that signals should be handled asap */
1013             break;
1014         case EXCP_DEBUG:
1015             {
1016                 int sig;
1017 
1018                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1019                 if (sig) {
1020                     info.si_signo = sig;
1021                     info.si_errno = 0;
1022                     info.si_code = TARGET_TRAP_BRKPT;
1023                     queue_signal(env, info.si_signo, &info);
1024                 }
1025             }
1026             break;
1027         default:
1028             goto error;
1029         }
1030         process_pending_signals(env);
1031     }
1032 
1033 error:
1034     fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
1035     cpu_dump_state(cs, stderr, fprintf, 0);
1036     abort();
1037 }
1038 #endif
1039 
1040 #ifdef TARGET_SPARC
1041 #define SPARC64_STACK_BIAS 2047
1042 
1043 //#define DEBUG_WIN
1044 
1045 /* WARNING: dealing with register windows _is_ complicated. More info
1046    can be found at http://www.sics.se/~psm/sparcstack.html */
1047 static inline int get_reg_index(CPUSPARCState *env, int cwp, int index)
1048 {
1049     index = (index + cwp * 16) % (16 * env->nwindows);
1050     /* wrap handling : if cwp is on the last window, then we use the
1051        registers 'after' the end */
1052     if (index < 8 && env->cwp == env->nwindows - 1)
1053         index += 16 * env->nwindows;
1054     return index;
1055 }
1056 
1057 /* save the register window 'cwp1' */
1058 static inline void save_window_offset(CPUSPARCState *env, int cwp1)
1059 {
1060     unsigned int i;
1061     abi_ulong sp_ptr;
1062 
1063     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1064 #ifdef TARGET_SPARC64
1065     if (sp_ptr & 3)
1066         sp_ptr += SPARC64_STACK_BIAS;
1067 #endif
1068 #if defined(DEBUG_WIN)
1069     printf("win_overflow: sp_ptr=0x" TARGET_ABI_FMT_lx " save_cwp=%d\n",
1070            sp_ptr, cwp1);
1071 #endif
1072     for(i = 0; i < 16; i++) {
1073         /* FIXME - what to do if put_user() fails? */
1074         put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1075         sp_ptr += sizeof(abi_ulong);
1076     }
1077 }
1078 
1079 static void save_window(CPUSPARCState *env)
1080 {
1081 #ifndef TARGET_SPARC64
1082     unsigned int new_wim;
1083     new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
1084         ((1LL << env->nwindows) - 1);
1085     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1086     env->wim = new_wim;
1087 #else
1088     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1089     env->cansave++;
1090     env->canrestore--;
1091 #endif
1092 }
1093 
1094 static void restore_window(CPUSPARCState *env)
1095 {
1096 #ifndef TARGET_SPARC64
1097     unsigned int new_wim;
1098 #endif
1099     unsigned int i, cwp1;
1100     abi_ulong sp_ptr;
1101 
1102 #ifndef TARGET_SPARC64
1103     new_wim = ((env->wim << 1) | (env->wim >> (env->nwindows - 1))) &
1104         ((1LL << env->nwindows) - 1);
1105 #endif
1106 
1107     /* restore the invalid window */
1108     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1109     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1110 #ifdef TARGET_SPARC64
1111     if (sp_ptr & 3)
1112         sp_ptr += SPARC64_STACK_BIAS;
1113 #endif
1114 #if defined(DEBUG_WIN)
1115     printf("win_underflow: sp_ptr=0x" TARGET_ABI_FMT_lx " load_cwp=%d\n",
1116            sp_ptr, cwp1);
1117 #endif
1118     for(i = 0; i < 16; i++) {
1119         /* FIXME - what to do if get_user() fails? */
1120         get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1121         sp_ptr += sizeof(abi_ulong);
1122     }
1123 #ifdef TARGET_SPARC64
1124     env->canrestore++;
1125     if (env->cleanwin < env->nwindows - 1)
1126         env->cleanwin++;
1127     env->cansave--;
1128 #else
1129     env->wim = new_wim;
1130 #endif
1131 }
1132 
1133 static void flush_windows(CPUSPARCState *env)
1134 {
1135     int offset, cwp1;
1136 
1137     offset = 1;
1138     for(;;) {
1139         /* if restore would invoke restore_window(), then we can stop */
1140         cwp1 = cpu_cwp_inc(env, env->cwp + offset);
1141 #ifndef TARGET_SPARC64
1142         if (env->wim & (1 << cwp1))
1143             break;
1144 #else
1145         if (env->canrestore == 0)
1146             break;
1147         env->cansave++;
1148         env->canrestore--;
1149 #endif
1150         save_window_offset(env, cwp1);
1151         offset++;
1152     }
1153     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1154 #ifndef TARGET_SPARC64
1155     /* set wim so that restore will reload the registers */
1156     env->wim = 1 << cwp1;
1157 #endif
1158 #if defined(DEBUG_WIN)
1159     printf("flush_windows: nb=%d\n", offset - 1);
1160 #endif
1161 }
1162 
1163 void cpu_loop (CPUSPARCState *env)
1164 {
1165     CPUState *cs = CPU(sparc_env_get_cpu(env));
1166     int trapnr;
1167     abi_long ret;
1168     target_siginfo_t info;
1169 
1170     while (1) {
1171         trapnr = cpu_sparc_exec (env);
1172 
1173         /* Compute PSR before exposing state.  */
1174         if (env->cc_op != CC_OP_FLAGS) {
1175             cpu_get_psr(env);
1176         }
1177 
1178         switch (trapnr) {
1179 #ifndef TARGET_SPARC64
1180         case 0x88:
1181         case 0x90:
1182 #else
1183         case 0x110:
1184         case 0x16d:
1185 #endif
1186             ret = do_syscall (env, env->gregs[1],
1187                               env->regwptr[0], env->regwptr[1],
1188                               env->regwptr[2], env->regwptr[3],
1189                               env->regwptr[4], env->regwptr[5],
1190                               0, 0);
1191             if ((abi_ulong)ret >= (abi_ulong)(-515)) {
1192 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1193                 env->xcc |= PSR_CARRY;
1194 #else
1195                 env->psr |= PSR_CARRY;
1196 #endif
1197                 ret = -ret;
1198             } else {
1199 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1200                 env->xcc &= ~PSR_CARRY;
1201 #else
1202                 env->psr &= ~PSR_CARRY;
1203 #endif
1204             }
1205             env->regwptr[0] = ret;
1206             /* next instruction */
1207             env->pc = env->npc;
1208             env->npc = env->npc + 4;
1209             break;
1210         case 0x83: /* flush windows */
1211 #ifdef TARGET_ABI32
1212         case 0x103:
1213 #endif
1214             flush_windows(env);
1215             /* next instruction */
1216             env->pc = env->npc;
1217             env->npc = env->npc + 4;
1218             break;
1219 #ifndef TARGET_SPARC64
1220         case TT_WIN_OVF: /* window overflow */
1221             save_window(env);
1222             break;
1223         case TT_WIN_UNF: /* window underflow */
1224             restore_window(env);
1225             break;
1226         case TT_TFAULT:
1227         case TT_DFAULT:
1228             {
1229                 info.si_signo = TARGET_SIGSEGV;
1230                 info.si_errno = 0;
1231                 /* XXX: check env->error_code */
1232                 info.si_code = TARGET_SEGV_MAPERR;
1233                 info._sifields._sigfault._addr = env->mmuregs[4];
1234                 queue_signal(env, info.si_signo, &info);
1235             }
1236             break;
1237 #else
1238         case TT_SPILL: /* window overflow */
1239             save_window(env);
1240             break;
1241         case TT_FILL: /* window underflow */
1242             restore_window(env);
1243             break;
1244         case TT_TFAULT:
1245         case TT_DFAULT:
1246             {
1247                 info.si_signo = TARGET_SIGSEGV;
1248                 info.si_errno = 0;
1249                 /* XXX: check env->error_code */
1250                 info.si_code = TARGET_SEGV_MAPERR;
1251                 if (trapnr == TT_DFAULT)
1252                     info._sifields._sigfault._addr = env->dmmuregs[4];
1253                 else
1254                     info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
1255                 queue_signal(env, info.si_signo, &info);
1256             }
1257             break;
1258 #ifndef TARGET_ABI32
1259         case 0x16e:
1260             flush_windows(env);
1261             sparc64_get_context(env);
1262             break;
1263         case 0x16f:
1264             flush_windows(env);
1265             sparc64_set_context(env);
1266             break;
1267 #endif
1268 #endif
1269         case EXCP_INTERRUPT:
1270             /* just indicate that signals should be handled asap */
1271             break;
1272         case TT_ILL_INSN:
1273             {
1274                 info.si_signo = TARGET_SIGILL;
1275                 info.si_errno = 0;
1276                 info.si_code = TARGET_ILL_ILLOPC;
1277                 info._sifields._sigfault._addr = env->pc;
1278                 queue_signal(env, info.si_signo, &info);
1279             }
1280             break;
1281         case EXCP_DEBUG:
1282             {
1283                 int sig;
1284 
1285                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1286                 if (sig)
1287                   {
1288                     info.si_signo = sig;
1289                     info.si_errno = 0;
1290                     info.si_code = TARGET_TRAP_BRKPT;
1291                     queue_signal(env, info.si_signo, &info);
1292                   }
1293             }
1294             break;
1295         default:
1296             printf ("Unhandled trap: 0x%x\n", trapnr);
1297             cpu_dump_state(cs, stderr, fprintf, 0);
1298             exit (1);
1299         }
1300         process_pending_signals (env);
1301     }
1302 }
1303 
1304 #endif
1305 
1306 #ifdef TARGET_PPC
1307 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
1308 {
1309     /* TO FIX */
1310     return 0;
1311 }
1312 
1313 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
1314 {
1315     return cpu_ppc_get_tb(env);
1316 }
1317 
1318 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
1319 {
1320     return cpu_ppc_get_tb(env) >> 32;
1321 }
1322 
1323 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
1324 {
1325     return cpu_ppc_get_tb(env);
1326 }
1327 
1328 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
1329 {
1330     return cpu_ppc_get_tb(env) >> 32;
1331 }
1332 
1333 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
1334 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
1335 
1336 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
1337 {
1338     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1339 }
1340 
1341 /* XXX: to be fixed */
1342 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1343 {
1344     return -1;
1345 }
1346 
1347 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1348 {
1349     return -1;
1350 }
1351 
1352 #define EXCP_DUMP(env, fmt, ...)                                        \
1353 do {                                                                    \
1354     CPUState *cs = ENV_GET_CPU(env);                                    \
1355     fprintf(stderr, fmt , ## __VA_ARGS__);                              \
1356     cpu_dump_state(cs, stderr, fprintf, 0);                             \
1357     qemu_log(fmt, ## __VA_ARGS__);                                      \
1358     if (qemu_log_enabled()) {                                           \
1359         log_cpu_state(cs, 0);                                           \
1360     }                                                                   \
1361 } while (0)
1362 
1363 static int do_store_exclusive(CPUPPCState *env)
1364 {
1365     target_ulong addr;
1366     target_ulong page_addr;
1367     target_ulong val;
1368     int flags;
1369     int segv = 0;
1370 
1371     addr = env->reserve_ea;
1372     page_addr = addr & TARGET_PAGE_MASK;
1373     start_exclusive();
1374     mmap_lock();
1375     flags = page_get_flags(page_addr);
1376     if ((flags & PAGE_READ) == 0) {
1377         segv = 1;
1378     } else {
1379         int reg = env->reserve_info & 0x1f;
1380         int size = (env->reserve_info >> 5) & 0xf;
1381         int stored = 0;
1382 
1383         if (addr == env->reserve_addr) {
1384             switch (size) {
1385             case 1: segv = get_user_u8(val, addr); break;
1386             case 2: segv = get_user_u16(val, addr); break;
1387             case 4: segv = get_user_u32(val, addr); break;
1388 #if defined(TARGET_PPC64)
1389             case 8: segv = get_user_u64(val, addr); break;
1390 #endif
1391             default: abort();
1392             }
1393             if (!segv && val == env->reserve_val) {
1394                 val = env->gpr[reg];
1395                 switch (size) {
1396                 case 1: segv = put_user_u8(val, addr); break;
1397                 case 2: segv = put_user_u16(val, addr); break;
1398                 case 4: segv = put_user_u32(val, addr); break;
1399 #if defined(TARGET_PPC64)
1400                 case 8: segv = put_user_u64(val, addr); break;
1401 #endif
1402                 default: abort();
1403                 }
1404                 if (!segv) {
1405                     stored = 1;
1406                 }
1407             }
1408         }
1409         env->crf[0] = (stored << 1) | xer_so;
1410         env->reserve_addr = (target_ulong)-1;
1411     }
1412     if (!segv) {
1413         env->nip += 4;
1414     }
1415     mmap_unlock();
1416     end_exclusive();
1417     return segv;
1418 }
1419 
1420 void cpu_loop(CPUPPCState *env)
1421 {
1422     CPUState *cs = CPU(ppc_env_get_cpu(env));
1423     target_siginfo_t info;
1424     int trapnr;
1425     target_ulong ret;
1426 
1427     for(;;) {
1428         cpu_exec_start(cs);
1429         trapnr = cpu_ppc_exec(env);
1430         cpu_exec_end(cs);
1431         switch(trapnr) {
1432         case POWERPC_EXCP_NONE:
1433             /* Just go on */
1434             break;
1435         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
1436             cpu_abort(env, "Critical interrupt while in user mode. "
1437                       "Aborting\n");
1438             break;
1439         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
1440             cpu_abort(env, "Machine check exception while in user mode. "
1441                       "Aborting\n");
1442             break;
1443         case POWERPC_EXCP_DSI:      /* Data storage exception                */
1444             EXCP_DUMP(env, "Invalid data memory access: 0x" TARGET_FMT_lx "\n",
1445                       env->spr[SPR_DAR]);
1446             /* XXX: check this. Seems bugged */
1447             switch (env->error_code & 0xFF000000) {
1448             case 0x40000000:
1449                 info.si_signo = TARGET_SIGSEGV;
1450                 info.si_errno = 0;
1451                 info.si_code = TARGET_SEGV_MAPERR;
1452                 break;
1453             case 0x04000000:
1454                 info.si_signo = TARGET_SIGILL;
1455                 info.si_errno = 0;
1456                 info.si_code = TARGET_ILL_ILLADR;
1457                 break;
1458             case 0x08000000:
1459                 info.si_signo = TARGET_SIGSEGV;
1460                 info.si_errno = 0;
1461                 info.si_code = TARGET_SEGV_ACCERR;
1462                 break;
1463             default:
1464                 /* Let's send a regular segfault... */
1465                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1466                           env->error_code);
1467                 info.si_signo = TARGET_SIGSEGV;
1468                 info.si_errno = 0;
1469                 info.si_code = TARGET_SEGV_MAPERR;
1470                 break;
1471             }
1472             info._sifields._sigfault._addr = env->nip;
1473             queue_signal(env, info.si_signo, &info);
1474             break;
1475         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
1476             EXCP_DUMP(env, "Invalid instruction fetch: 0x\n" TARGET_FMT_lx
1477                       "\n", env->spr[SPR_SRR0]);
1478             /* XXX: check this */
1479             switch (env->error_code & 0xFF000000) {
1480             case 0x40000000:
1481                 info.si_signo = TARGET_SIGSEGV;
1482             info.si_errno = 0;
1483                 info.si_code = TARGET_SEGV_MAPERR;
1484                 break;
1485             case 0x10000000:
1486             case 0x08000000:
1487                 info.si_signo = TARGET_SIGSEGV;
1488                 info.si_errno = 0;
1489                 info.si_code = TARGET_SEGV_ACCERR;
1490                 break;
1491             default:
1492                 /* Let's send a regular segfault... */
1493                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1494                           env->error_code);
1495                 info.si_signo = TARGET_SIGSEGV;
1496                 info.si_errno = 0;
1497                 info.si_code = TARGET_SEGV_MAPERR;
1498                 break;
1499             }
1500             info._sifields._sigfault._addr = env->nip - 4;
1501             queue_signal(env, info.si_signo, &info);
1502             break;
1503         case POWERPC_EXCP_EXTERNAL: /* External input                        */
1504             cpu_abort(env, "External interrupt while in user mode. "
1505                       "Aborting\n");
1506             break;
1507         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
1508             EXCP_DUMP(env, "Unaligned memory access\n");
1509             /* XXX: check this */
1510             info.si_signo = TARGET_SIGBUS;
1511             info.si_errno = 0;
1512             info.si_code = TARGET_BUS_ADRALN;
1513             info._sifields._sigfault._addr = env->nip - 4;
1514             queue_signal(env, info.si_signo, &info);
1515             break;
1516         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
1517             /* XXX: check this */
1518             switch (env->error_code & ~0xF) {
1519             case POWERPC_EXCP_FP:
1520                 EXCP_DUMP(env, "Floating point program exception\n");
1521                 info.si_signo = TARGET_SIGFPE;
1522                 info.si_errno = 0;
1523                 switch (env->error_code & 0xF) {
1524                 case POWERPC_EXCP_FP_OX:
1525                     info.si_code = TARGET_FPE_FLTOVF;
1526                     break;
1527                 case POWERPC_EXCP_FP_UX:
1528                     info.si_code = TARGET_FPE_FLTUND;
1529                     break;
1530                 case POWERPC_EXCP_FP_ZX:
1531                 case POWERPC_EXCP_FP_VXZDZ:
1532                     info.si_code = TARGET_FPE_FLTDIV;
1533                     break;
1534                 case POWERPC_EXCP_FP_XX:
1535                     info.si_code = TARGET_FPE_FLTRES;
1536                     break;
1537                 case POWERPC_EXCP_FP_VXSOFT:
1538                     info.si_code = TARGET_FPE_FLTINV;
1539                     break;
1540                 case POWERPC_EXCP_FP_VXSNAN:
1541                 case POWERPC_EXCP_FP_VXISI:
1542                 case POWERPC_EXCP_FP_VXIDI:
1543                 case POWERPC_EXCP_FP_VXIMZ:
1544                 case POWERPC_EXCP_FP_VXVC:
1545                 case POWERPC_EXCP_FP_VXSQRT:
1546                 case POWERPC_EXCP_FP_VXCVI:
1547                     info.si_code = TARGET_FPE_FLTSUB;
1548                     break;
1549                 default:
1550                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
1551                               env->error_code);
1552                     break;
1553                 }
1554                 break;
1555             case POWERPC_EXCP_INVAL:
1556                 EXCP_DUMP(env, "Invalid instruction\n");
1557                 info.si_signo = TARGET_SIGILL;
1558                 info.si_errno = 0;
1559                 switch (env->error_code & 0xF) {
1560                 case POWERPC_EXCP_INVAL_INVAL:
1561                     info.si_code = TARGET_ILL_ILLOPC;
1562                     break;
1563                 case POWERPC_EXCP_INVAL_LSWX:
1564                     info.si_code = TARGET_ILL_ILLOPN;
1565                     break;
1566                 case POWERPC_EXCP_INVAL_SPR:
1567                     info.si_code = TARGET_ILL_PRVREG;
1568                     break;
1569                 case POWERPC_EXCP_INVAL_FP:
1570                     info.si_code = TARGET_ILL_COPROC;
1571                     break;
1572                 default:
1573                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
1574                               env->error_code & 0xF);
1575                     info.si_code = TARGET_ILL_ILLADR;
1576                     break;
1577                 }
1578                 break;
1579             case POWERPC_EXCP_PRIV:
1580                 EXCP_DUMP(env, "Privilege violation\n");
1581                 info.si_signo = TARGET_SIGILL;
1582                 info.si_errno = 0;
1583                 switch (env->error_code & 0xF) {
1584                 case POWERPC_EXCP_PRIV_OPC:
1585                     info.si_code = TARGET_ILL_PRVOPC;
1586                     break;
1587                 case POWERPC_EXCP_PRIV_REG:
1588                     info.si_code = TARGET_ILL_PRVREG;
1589                     break;
1590                 default:
1591                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
1592                               env->error_code & 0xF);
1593                     info.si_code = TARGET_ILL_PRVOPC;
1594                     break;
1595                 }
1596                 break;
1597             case POWERPC_EXCP_TRAP:
1598                 cpu_abort(env, "Tried to call a TRAP\n");
1599                 break;
1600             default:
1601                 /* Should not happen ! */
1602                 cpu_abort(env, "Unknown program exception (%02x)\n",
1603                           env->error_code);
1604                 break;
1605             }
1606             info._sifields._sigfault._addr = env->nip - 4;
1607             queue_signal(env, info.si_signo, &info);
1608             break;
1609         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
1610             EXCP_DUMP(env, "No floating point allowed\n");
1611             info.si_signo = TARGET_SIGILL;
1612             info.si_errno = 0;
1613             info.si_code = TARGET_ILL_COPROC;
1614             info._sifields._sigfault._addr = env->nip - 4;
1615             queue_signal(env, info.si_signo, &info);
1616             break;
1617         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
1618             cpu_abort(env, "Syscall exception while in user mode. "
1619                       "Aborting\n");
1620             break;
1621         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
1622             EXCP_DUMP(env, "No APU instruction allowed\n");
1623             info.si_signo = TARGET_SIGILL;
1624             info.si_errno = 0;
1625             info.si_code = TARGET_ILL_COPROC;
1626             info._sifields._sigfault._addr = env->nip - 4;
1627             queue_signal(env, info.si_signo, &info);
1628             break;
1629         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
1630             cpu_abort(env, "Decrementer interrupt while in user mode. "
1631                       "Aborting\n");
1632             break;
1633         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
1634             cpu_abort(env, "Fix interval timer interrupt while in user mode. "
1635                       "Aborting\n");
1636             break;
1637         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
1638             cpu_abort(env, "Watchdog timer interrupt while in user mode. "
1639                       "Aborting\n");
1640             break;
1641         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
1642             cpu_abort(env, "Data TLB exception while in user mode. "
1643                       "Aborting\n");
1644             break;
1645         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
1646             cpu_abort(env, "Instruction TLB exception while in user mode. "
1647                       "Aborting\n");
1648             break;
1649         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
1650             EXCP_DUMP(env, "No SPE/floating-point instruction allowed\n");
1651             info.si_signo = TARGET_SIGILL;
1652             info.si_errno = 0;
1653             info.si_code = TARGET_ILL_COPROC;
1654             info._sifields._sigfault._addr = env->nip - 4;
1655             queue_signal(env, info.si_signo, &info);
1656             break;
1657         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
1658             cpu_abort(env, "Embedded floating-point data IRQ not handled\n");
1659             break;
1660         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
1661             cpu_abort(env, "Embedded floating-point round IRQ not handled\n");
1662             break;
1663         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
1664             cpu_abort(env, "Performance monitor exception not handled\n");
1665             break;
1666         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
1667             cpu_abort(env, "Doorbell interrupt while in user mode. "
1668                        "Aborting\n");
1669             break;
1670         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
1671             cpu_abort(env, "Doorbell critical interrupt while in user mode. "
1672                       "Aborting\n");
1673             break;
1674         case POWERPC_EXCP_RESET:    /* System reset exception                */
1675             cpu_abort(env, "Reset interrupt while in user mode. "
1676                       "Aborting\n");
1677             break;
1678         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
1679             cpu_abort(env, "Data segment exception while in user mode. "
1680                       "Aborting\n");
1681             break;
1682         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
1683             cpu_abort(env, "Instruction segment exception "
1684                       "while in user mode. Aborting\n");
1685             break;
1686         /* PowerPC 64 with hypervisor mode support */
1687         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
1688             cpu_abort(env, "Hypervisor decrementer interrupt "
1689                       "while in user mode. Aborting\n");
1690             break;
1691         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
1692             /* Nothing to do:
1693              * we use this exception to emulate step-by-step execution mode.
1694              */
1695             break;
1696         /* PowerPC 64 with hypervisor mode support */
1697         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
1698             cpu_abort(env, "Hypervisor data storage exception "
1699                       "while in user mode. Aborting\n");
1700             break;
1701         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
1702             cpu_abort(env, "Hypervisor instruction storage exception "
1703                       "while in user mode. Aborting\n");
1704             break;
1705         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
1706             cpu_abort(env, "Hypervisor data segment exception "
1707                       "while in user mode. Aborting\n");
1708             break;
1709         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
1710             cpu_abort(env, "Hypervisor instruction segment exception "
1711                       "while in user mode. Aborting\n");
1712             break;
1713         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
1714             EXCP_DUMP(env, "No Altivec instructions allowed\n");
1715             info.si_signo = TARGET_SIGILL;
1716             info.si_errno = 0;
1717             info.si_code = TARGET_ILL_COPROC;
1718             info._sifields._sigfault._addr = env->nip - 4;
1719             queue_signal(env, info.si_signo, &info);
1720             break;
1721         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
1722             cpu_abort(env, "Programmable interval timer interrupt "
1723                       "while in user mode. Aborting\n");
1724             break;
1725         case POWERPC_EXCP_IO:       /* IO error exception                    */
1726             cpu_abort(env, "IO error exception while in user mode. "
1727                       "Aborting\n");
1728             break;
1729         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
1730             cpu_abort(env, "Run mode exception while in user mode. "
1731                       "Aborting\n");
1732             break;
1733         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
1734             cpu_abort(env, "Emulation trap exception not handled\n");
1735             break;
1736         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
1737             cpu_abort(env, "Instruction fetch TLB exception "
1738                       "while in user-mode. Aborting");
1739             break;
1740         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
1741             cpu_abort(env, "Data load TLB exception while in user-mode. "
1742                       "Aborting");
1743             break;
1744         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
1745             cpu_abort(env, "Data store TLB exception while in user-mode. "
1746                       "Aborting");
1747             break;
1748         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
1749             cpu_abort(env, "Floating-point assist exception not handled\n");
1750             break;
1751         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
1752             cpu_abort(env, "Instruction address breakpoint exception "
1753                       "not handled\n");
1754             break;
1755         case POWERPC_EXCP_SMI:      /* System management interrupt           */
1756             cpu_abort(env, "System management interrupt while in user mode. "
1757                       "Aborting\n");
1758             break;
1759         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
1760             cpu_abort(env, "Thermal interrupt interrupt while in user mode. "
1761                       "Aborting\n");
1762             break;
1763         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
1764             cpu_abort(env, "Performance monitor exception not handled\n");
1765             break;
1766         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
1767             cpu_abort(env, "Vector assist exception not handled\n");
1768             break;
1769         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
1770             cpu_abort(env, "Soft patch exception not handled\n");
1771             break;
1772         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
1773             cpu_abort(env, "Maintenance exception while in user mode. "
1774                       "Aborting\n");
1775             break;
1776         case POWERPC_EXCP_STOP:     /* stop translation                      */
1777             /* We did invalidate the instruction cache. Go on */
1778             break;
1779         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
1780             /* We just stopped because of a branch. Go on */
1781             break;
1782         case POWERPC_EXCP_SYSCALL_USER:
1783             /* system call in user-mode emulation */
1784             /* WARNING:
1785              * PPC ABI uses overflow flag in cr0 to signal an error
1786              * in syscalls.
1787              */
1788             env->crf[0] &= ~0x1;
1789             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
1790                              env->gpr[5], env->gpr[6], env->gpr[7],
1791                              env->gpr[8], 0, 0);
1792             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
1793                 /* Returning from a successful sigreturn syscall.
1794                    Avoid corrupting register state.  */
1795                 break;
1796             }
1797             if (ret > (target_ulong)(-515)) {
1798                 env->crf[0] |= 0x1;
1799                 ret = -ret;
1800             }
1801             env->gpr[3] = ret;
1802             break;
1803         case POWERPC_EXCP_STCX:
1804             if (do_store_exclusive(env)) {
1805                 info.si_signo = TARGET_SIGSEGV;
1806                 info.si_errno = 0;
1807                 info.si_code = TARGET_SEGV_MAPERR;
1808                 info._sifields._sigfault._addr = env->nip;
1809                 queue_signal(env, info.si_signo, &info);
1810             }
1811             break;
1812         case EXCP_DEBUG:
1813             {
1814                 int sig;
1815 
1816                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1817                 if (sig) {
1818                     info.si_signo = sig;
1819                     info.si_errno = 0;
1820                     info.si_code = TARGET_TRAP_BRKPT;
1821                     queue_signal(env, info.si_signo, &info);
1822                   }
1823             }
1824             break;
1825         case EXCP_INTERRUPT:
1826             /* just indicate that signals should be handled asap */
1827             break;
1828         default:
1829             cpu_abort(env, "Unknown exception 0x%d. Aborting\n", trapnr);
1830             break;
1831         }
1832         process_pending_signals(env);
1833     }
1834 }
1835 #endif
1836 
1837 #ifdef TARGET_MIPS
1838 
1839 # ifdef TARGET_ABI_MIPSO32
1840 #  define MIPS_SYS(name, args) args,
1841 static const uint8_t mips_syscall_args[] = {
1842 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
1843 	MIPS_SYS(sys_exit	, 1)
1844 	MIPS_SYS(sys_fork	, 0)
1845 	MIPS_SYS(sys_read	, 3)
1846 	MIPS_SYS(sys_write	, 3)
1847 	MIPS_SYS(sys_open	, 3)	/* 4005 */
1848 	MIPS_SYS(sys_close	, 1)
1849 	MIPS_SYS(sys_waitpid	, 3)
1850 	MIPS_SYS(sys_creat	, 2)
1851 	MIPS_SYS(sys_link	, 2)
1852 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
1853 	MIPS_SYS(sys_execve	, 0)
1854 	MIPS_SYS(sys_chdir	, 1)
1855 	MIPS_SYS(sys_time	, 1)
1856 	MIPS_SYS(sys_mknod	, 3)
1857 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
1858 	MIPS_SYS(sys_lchown	, 3)
1859 	MIPS_SYS(sys_ni_syscall	, 0)
1860 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
1861 	MIPS_SYS(sys_lseek	, 3)
1862 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
1863 	MIPS_SYS(sys_mount	, 5)
1864 	MIPS_SYS(sys_umount	, 1)
1865 	MIPS_SYS(sys_setuid	, 1)
1866 	MIPS_SYS(sys_getuid	, 0)
1867 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
1868 	MIPS_SYS(sys_ptrace	, 4)
1869 	MIPS_SYS(sys_alarm	, 1)
1870 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
1871 	MIPS_SYS(sys_pause	, 0)
1872 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
1873 	MIPS_SYS(sys_ni_syscall	, 0)
1874 	MIPS_SYS(sys_ni_syscall	, 0)
1875 	MIPS_SYS(sys_access	, 2)
1876 	MIPS_SYS(sys_nice	, 1)
1877 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
1878 	MIPS_SYS(sys_sync	, 0)
1879 	MIPS_SYS(sys_kill	, 2)
1880 	MIPS_SYS(sys_rename	, 2)
1881 	MIPS_SYS(sys_mkdir	, 2)
1882 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
1883 	MIPS_SYS(sys_dup		, 1)
1884 	MIPS_SYS(sys_pipe	, 0)
1885 	MIPS_SYS(sys_times	, 1)
1886 	MIPS_SYS(sys_ni_syscall	, 0)
1887 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
1888 	MIPS_SYS(sys_setgid	, 1)
1889 	MIPS_SYS(sys_getgid	, 0)
1890 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
1891 	MIPS_SYS(sys_geteuid	, 0)
1892 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
1893 	MIPS_SYS(sys_acct	, 0)
1894 	MIPS_SYS(sys_umount2	, 2)
1895 	MIPS_SYS(sys_ni_syscall	, 0)
1896 	MIPS_SYS(sys_ioctl	, 3)
1897 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
1898 	MIPS_SYS(sys_ni_syscall	, 2)
1899 	MIPS_SYS(sys_setpgid	, 2)
1900 	MIPS_SYS(sys_ni_syscall	, 0)
1901 	MIPS_SYS(sys_olduname	, 1)
1902 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
1903 	MIPS_SYS(sys_chroot	, 1)
1904 	MIPS_SYS(sys_ustat	, 2)
1905 	MIPS_SYS(sys_dup2	, 2)
1906 	MIPS_SYS(sys_getppid	, 0)
1907 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
1908 	MIPS_SYS(sys_setsid	, 0)
1909 	MIPS_SYS(sys_sigaction	, 3)
1910 	MIPS_SYS(sys_sgetmask	, 0)
1911 	MIPS_SYS(sys_ssetmask	, 1)
1912 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
1913 	MIPS_SYS(sys_setregid	, 2)
1914 	MIPS_SYS(sys_sigsuspend	, 0)
1915 	MIPS_SYS(sys_sigpending	, 1)
1916 	MIPS_SYS(sys_sethostname	, 2)
1917 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
1918 	MIPS_SYS(sys_getrlimit	, 2)
1919 	MIPS_SYS(sys_getrusage	, 2)
1920 	MIPS_SYS(sys_gettimeofday, 2)
1921 	MIPS_SYS(sys_settimeofday, 2)
1922 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
1923 	MIPS_SYS(sys_setgroups	, 2)
1924 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
1925 	MIPS_SYS(sys_symlink	, 2)
1926 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
1927 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
1928 	MIPS_SYS(sys_uselib	, 1)
1929 	MIPS_SYS(sys_swapon	, 2)
1930 	MIPS_SYS(sys_reboot	, 3)
1931 	MIPS_SYS(old_readdir	, 3)
1932 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
1933 	MIPS_SYS(sys_munmap	, 2)
1934 	MIPS_SYS(sys_truncate	, 2)
1935 	MIPS_SYS(sys_ftruncate	, 2)
1936 	MIPS_SYS(sys_fchmod	, 2)
1937 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
1938 	MIPS_SYS(sys_getpriority	, 2)
1939 	MIPS_SYS(sys_setpriority	, 3)
1940 	MIPS_SYS(sys_ni_syscall	, 0)
1941 	MIPS_SYS(sys_statfs	, 2)
1942 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
1943 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
1944 	MIPS_SYS(sys_socketcall	, 2)
1945 	MIPS_SYS(sys_syslog	, 3)
1946 	MIPS_SYS(sys_setitimer	, 3)
1947 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
1948 	MIPS_SYS(sys_newstat	, 2)
1949 	MIPS_SYS(sys_newlstat	, 2)
1950 	MIPS_SYS(sys_newfstat	, 2)
1951 	MIPS_SYS(sys_uname	, 1)
1952 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
1953 	MIPS_SYS(sys_vhangup	, 0)
1954 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
1955 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
1956 	MIPS_SYS(sys_wait4	, 4)
1957 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
1958 	MIPS_SYS(sys_sysinfo	, 1)
1959 	MIPS_SYS(sys_ipc		, 6)
1960 	MIPS_SYS(sys_fsync	, 1)
1961 	MIPS_SYS(sys_sigreturn	, 0)
1962 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
1963 	MIPS_SYS(sys_setdomainname, 2)
1964 	MIPS_SYS(sys_newuname	, 1)
1965 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
1966 	MIPS_SYS(sys_adjtimex	, 1)
1967 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
1968 	MIPS_SYS(sys_sigprocmask	, 3)
1969 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
1970 	MIPS_SYS(sys_init_module	, 5)
1971 	MIPS_SYS(sys_delete_module, 1)
1972 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
1973 	MIPS_SYS(sys_quotactl	, 0)
1974 	MIPS_SYS(sys_getpgid	, 1)
1975 	MIPS_SYS(sys_fchdir	, 1)
1976 	MIPS_SYS(sys_bdflush	, 2)
1977 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
1978 	MIPS_SYS(sys_personality	, 1)
1979 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
1980 	MIPS_SYS(sys_setfsuid	, 1)
1981 	MIPS_SYS(sys_setfsgid	, 1)
1982 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
1983 	MIPS_SYS(sys_getdents	, 3)
1984 	MIPS_SYS(sys_select	, 5)
1985 	MIPS_SYS(sys_flock	, 2)
1986 	MIPS_SYS(sys_msync	, 3)
1987 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
1988 	MIPS_SYS(sys_writev	, 3)
1989 	MIPS_SYS(sys_cacheflush	, 3)
1990 	MIPS_SYS(sys_cachectl	, 3)
1991 	MIPS_SYS(sys_sysmips	, 4)
1992 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
1993 	MIPS_SYS(sys_getsid	, 1)
1994 	MIPS_SYS(sys_fdatasync	, 0)
1995 	MIPS_SYS(sys_sysctl	, 1)
1996 	MIPS_SYS(sys_mlock	, 2)
1997 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
1998 	MIPS_SYS(sys_mlockall	, 1)
1999 	MIPS_SYS(sys_munlockall	, 0)
2000 	MIPS_SYS(sys_sched_setparam, 2)
2001 	MIPS_SYS(sys_sched_getparam, 2)
2002 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
2003 	MIPS_SYS(sys_sched_getscheduler, 1)
2004 	MIPS_SYS(sys_sched_yield	, 0)
2005 	MIPS_SYS(sys_sched_get_priority_max, 1)
2006 	MIPS_SYS(sys_sched_get_priority_min, 1)
2007 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
2008 	MIPS_SYS(sys_nanosleep,	2)
2009 	MIPS_SYS(sys_mremap	, 5)
2010 	MIPS_SYS(sys_accept	, 3)
2011 	MIPS_SYS(sys_bind	, 3)
2012 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
2013 	MIPS_SYS(sys_getpeername	, 3)
2014 	MIPS_SYS(sys_getsockname	, 3)
2015 	MIPS_SYS(sys_getsockopt	, 5)
2016 	MIPS_SYS(sys_listen	, 2)
2017 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
2018 	MIPS_SYS(sys_recvfrom	, 6)
2019 	MIPS_SYS(sys_recvmsg	, 3)
2020 	MIPS_SYS(sys_send	, 4)
2021 	MIPS_SYS(sys_sendmsg	, 3)
2022 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
2023 	MIPS_SYS(sys_setsockopt	, 5)
2024 	MIPS_SYS(sys_shutdown	, 2)
2025 	MIPS_SYS(sys_socket	, 3)
2026 	MIPS_SYS(sys_socketpair	, 4)
2027 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
2028 	MIPS_SYS(sys_getresuid	, 3)
2029 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
2030 	MIPS_SYS(sys_poll	, 3)
2031 	MIPS_SYS(sys_nfsservctl	, 3)
2032 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
2033 	MIPS_SYS(sys_getresgid	, 3)
2034 	MIPS_SYS(sys_prctl	, 5)
2035 	MIPS_SYS(sys_rt_sigreturn, 0)
2036 	MIPS_SYS(sys_rt_sigaction, 4)
2037 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
2038 	MIPS_SYS(sys_rt_sigpending, 2)
2039 	MIPS_SYS(sys_rt_sigtimedwait, 4)
2040 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
2041 	MIPS_SYS(sys_rt_sigsuspend, 0)
2042 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
2043 	MIPS_SYS(sys_pwrite64	, 6)
2044 	MIPS_SYS(sys_chown	, 3)
2045 	MIPS_SYS(sys_getcwd	, 2)
2046 	MIPS_SYS(sys_capget	, 2)
2047 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
2048 	MIPS_SYS(sys_sigaltstack	, 2)
2049 	MIPS_SYS(sys_sendfile	, 4)
2050 	MIPS_SYS(sys_ni_syscall	, 0)
2051 	MIPS_SYS(sys_ni_syscall	, 0)
2052 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
2053 	MIPS_SYS(sys_truncate64	, 4)
2054 	MIPS_SYS(sys_ftruncate64	, 4)
2055 	MIPS_SYS(sys_stat64	, 2)
2056 	MIPS_SYS(sys_lstat64	, 2)
2057 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
2058 	MIPS_SYS(sys_pivot_root	, 2)
2059 	MIPS_SYS(sys_mincore	, 3)
2060 	MIPS_SYS(sys_madvise	, 3)
2061 	MIPS_SYS(sys_getdents64	, 3)
2062 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
2063 	MIPS_SYS(sys_ni_syscall	, 0)
2064 	MIPS_SYS(sys_gettid	, 0)
2065 	MIPS_SYS(sys_readahead	, 5)
2066 	MIPS_SYS(sys_setxattr	, 5)
2067 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
2068 	MIPS_SYS(sys_fsetxattr	, 5)
2069 	MIPS_SYS(sys_getxattr	, 4)
2070 	MIPS_SYS(sys_lgetxattr	, 4)
2071 	MIPS_SYS(sys_fgetxattr	, 4)
2072 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
2073 	MIPS_SYS(sys_llistxattr	, 3)
2074 	MIPS_SYS(sys_flistxattr	, 3)
2075 	MIPS_SYS(sys_removexattr	, 2)
2076 	MIPS_SYS(sys_lremovexattr, 2)
2077 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
2078 	MIPS_SYS(sys_tkill	, 2)
2079 	MIPS_SYS(sys_sendfile64	, 5)
2080 	MIPS_SYS(sys_futex	, 6)
2081 	MIPS_SYS(sys_sched_setaffinity, 3)
2082 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
2083 	MIPS_SYS(sys_io_setup	, 2)
2084 	MIPS_SYS(sys_io_destroy	, 1)
2085 	MIPS_SYS(sys_io_getevents, 5)
2086 	MIPS_SYS(sys_io_submit	, 3)
2087 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
2088 	MIPS_SYS(sys_exit_group	, 1)
2089 	MIPS_SYS(sys_lookup_dcookie, 3)
2090 	MIPS_SYS(sys_epoll_create, 1)
2091 	MIPS_SYS(sys_epoll_ctl	, 4)
2092 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
2093 	MIPS_SYS(sys_remap_file_pages, 5)
2094 	MIPS_SYS(sys_set_tid_address, 1)
2095 	MIPS_SYS(sys_restart_syscall, 0)
2096 	MIPS_SYS(sys_fadvise64_64, 7)
2097 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
2098 	MIPS_SYS(sys_fstatfs64	, 2)
2099 	MIPS_SYS(sys_timer_create, 3)
2100 	MIPS_SYS(sys_timer_settime, 4)
2101 	MIPS_SYS(sys_timer_gettime, 2)
2102 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
2103 	MIPS_SYS(sys_timer_delete, 1)
2104 	MIPS_SYS(sys_clock_settime, 2)
2105 	MIPS_SYS(sys_clock_gettime, 2)
2106 	MIPS_SYS(sys_clock_getres, 2)
2107 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
2108 	MIPS_SYS(sys_tgkill	, 3)
2109 	MIPS_SYS(sys_utimes	, 2)
2110 	MIPS_SYS(sys_mbind	, 4)
2111 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
2112 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
2113 	MIPS_SYS(sys_mq_open	, 4)
2114 	MIPS_SYS(sys_mq_unlink	, 1)
2115 	MIPS_SYS(sys_mq_timedsend, 5)
2116 	MIPS_SYS(sys_mq_timedreceive, 5)
2117 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
2118 	MIPS_SYS(sys_mq_getsetattr, 3)
2119 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
2120 	MIPS_SYS(sys_waitid	, 4)
2121 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
2122 	MIPS_SYS(sys_add_key	, 5)
2123 	MIPS_SYS(sys_request_key, 4)
2124 	MIPS_SYS(sys_keyctl	, 5)
2125 	MIPS_SYS(sys_set_thread_area, 1)
2126 	MIPS_SYS(sys_inotify_init, 0)
2127 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
2128 	MIPS_SYS(sys_inotify_rm_watch, 2)
2129 	MIPS_SYS(sys_migrate_pages, 4)
2130 	MIPS_SYS(sys_openat, 4)
2131 	MIPS_SYS(sys_mkdirat, 3)
2132 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
2133 	MIPS_SYS(sys_fchownat, 5)
2134 	MIPS_SYS(sys_futimesat, 3)
2135 	MIPS_SYS(sys_fstatat64, 4)
2136 	MIPS_SYS(sys_unlinkat, 3)
2137 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
2138 	MIPS_SYS(sys_linkat, 5)
2139 	MIPS_SYS(sys_symlinkat, 3)
2140 	MIPS_SYS(sys_readlinkat, 4)
2141 	MIPS_SYS(sys_fchmodat, 3)
2142 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
2143 	MIPS_SYS(sys_pselect6, 6)
2144 	MIPS_SYS(sys_ppoll, 5)
2145 	MIPS_SYS(sys_unshare, 1)
2146 	MIPS_SYS(sys_splice, 6)
2147 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
2148 	MIPS_SYS(sys_tee, 4)
2149 	MIPS_SYS(sys_vmsplice, 4)
2150 	MIPS_SYS(sys_move_pages, 6)
2151 	MIPS_SYS(sys_set_robust_list, 2)
2152 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
2153 	MIPS_SYS(sys_kexec_load, 4)
2154 	MIPS_SYS(sys_getcpu, 3)
2155 	MIPS_SYS(sys_epoll_pwait, 6)
2156 	MIPS_SYS(sys_ioprio_set, 3)
2157 	MIPS_SYS(sys_ioprio_get, 2)
2158         MIPS_SYS(sys_utimensat, 4)
2159         MIPS_SYS(sys_signalfd, 3)
2160         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
2161         MIPS_SYS(sys_eventfd, 1)
2162         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
2163         MIPS_SYS(sys_timerfd_create, 2)
2164         MIPS_SYS(sys_timerfd_gettime, 2)
2165         MIPS_SYS(sys_timerfd_settime, 4)
2166         MIPS_SYS(sys_signalfd4, 4)
2167         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
2168         MIPS_SYS(sys_epoll_create1, 1)
2169         MIPS_SYS(sys_dup3, 3)
2170         MIPS_SYS(sys_pipe2, 2)
2171         MIPS_SYS(sys_inotify_init1, 1)
2172         MIPS_SYS(sys_preadv, 6)         /* 4330 */
2173         MIPS_SYS(sys_pwritev, 6)
2174         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
2175         MIPS_SYS(sys_perf_event_open, 5)
2176         MIPS_SYS(sys_accept4, 4)
2177         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
2178         MIPS_SYS(sys_fanotify_init, 2)
2179         MIPS_SYS(sys_fanotify_mark, 6)
2180         MIPS_SYS(sys_prlimit64, 4)
2181         MIPS_SYS(sys_name_to_handle_at, 5)
2182         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
2183         MIPS_SYS(sys_clock_adjtime, 2)
2184         MIPS_SYS(sys_syncfs, 1)
2185 };
2186 #  undef MIPS_SYS
2187 # endif /* O32 */
2188 
2189 static int do_store_exclusive(CPUMIPSState *env)
2190 {
2191     target_ulong addr;
2192     target_ulong page_addr;
2193     target_ulong val;
2194     int flags;
2195     int segv = 0;
2196     int reg;
2197     int d;
2198 
2199     addr = env->lladdr;
2200     page_addr = addr & TARGET_PAGE_MASK;
2201     start_exclusive();
2202     mmap_lock();
2203     flags = page_get_flags(page_addr);
2204     if ((flags & PAGE_READ) == 0) {
2205         segv = 1;
2206     } else {
2207         reg = env->llreg & 0x1f;
2208         d = (env->llreg & 0x20) != 0;
2209         if (d) {
2210             segv = get_user_s64(val, addr);
2211         } else {
2212             segv = get_user_s32(val, addr);
2213         }
2214         if (!segv) {
2215             if (val != env->llval) {
2216                 env->active_tc.gpr[reg] = 0;
2217             } else {
2218                 if (d) {
2219                     segv = put_user_u64(env->llnewval, addr);
2220                 } else {
2221                     segv = put_user_u32(env->llnewval, addr);
2222                 }
2223                 if (!segv) {
2224                     env->active_tc.gpr[reg] = 1;
2225                 }
2226             }
2227         }
2228     }
2229     env->lladdr = -1;
2230     if (!segv) {
2231         env->active_tc.PC += 4;
2232     }
2233     mmap_unlock();
2234     end_exclusive();
2235     return segv;
2236 }
2237 
2238 /* Break codes */
2239 enum {
2240     BRK_OVERFLOW = 6,
2241     BRK_DIVZERO = 7
2242 };
2243 
2244 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
2245                     unsigned int code)
2246 {
2247     int ret = -1;
2248 
2249     switch (code) {
2250     case BRK_OVERFLOW:
2251     case BRK_DIVZERO:
2252         info->si_signo = TARGET_SIGFPE;
2253         info->si_errno = 0;
2254         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
2255         queue_signal(env, info->si_signo, &*info);
2256         ret = 0;
2257         break;
2258     default:
2259         break;
2260     }
2261 
2262     return ret;
2263 }
2264 
2265 void cpu_loop(CPUMIPSState *env)
2266 {
2267     CPUState *cs = CPU(mips_env_get_cpu(env));
2268     target_siginfo_t info;
2269     int trapnr;
2270     abi_long ret;
2271 # ifdef TARGET_ABI_MIPSO32
2272     unsigned int syscall_num;
2273 # endif
2274 
2275     for(;;) {
2276         cpu_exec_start(cs);
2277         trapnr = cpu_mips_exec(env);
2278         cpu_exec_end(cs);
2279         switch(trapnr) {
2280         case EXCP_SYSCALL:
2281             env->active_tc.PC += 4;
2282 # ifdef TARGET_ABI_MIPSO32
2283             syscall_num = env->active_tc.gpr[2] - 4000;
2284             if (syscall_num >= sizeof(mips_syscall_args)) {
2285                 ret = -TARGET_ENOSYS;
2286             } else {
2287                 int nb_args;
2288                 abi_ulong sp_reg;
2289                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
2290 
2291                 nb_args = mips_syscall_args[syscall_num];
2292                 sp_reg = env->active_tc.gpr[29];
2293                 switch (nb_args) {
2294                 /* these arguments are taken from the stack */
2295                 case 8:
2296                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
2297                         goto done_syscall;
2298                     }
2299                 case 7:
2300                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
2301                         goto done_syscall;
2302                     }
2303                 case 6:
2304                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
2305                         goto done_syscall;
2306                     }
2307                 case 5:
2308                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
2309                         goto done_syscall;
2310                     }
2311                 default:
2312                     break;
2313                 }
2314                 ret = do_syscall(env, env->active_tc.gpr[2],
2315                                  env->active_tc.gpr[4],
2316                                  env->active_tc.gpr[5],
2317                                  env->active_tc.gpr[6],
2318                                  env->active_tc.gpr[7],
2319                                  arg5, arg6, arg7, arg8);
2320             }
2321 done_syscall:
2322 # else
2323             ret = do_syscall(env, env->active_tc.gpr[2],
2324                              env->active_tc.gpr[4], env->active_tc.gpr[5],
2325                              env->active_tc.gpr[6], env->active_tc.gpr[7],
2326                              env->active_tc.gpr[8], env->active_tc.gpr[9],
2327                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
2328 # endif /* O32 */
2329             if (ret == -TARGET_QEMU_ESIGRETURN) {
2330                 /* Returning from a successful sigreturn syscall.
2331                    Avoid clobbering register state.  */
2332                 break;
2333             }
2334             if ((abi_ulong)ret >= (abi_ulong)-1133) {
2335                 env->active_tc.gpr[7] = 1; /* error flag */
2336                 ret = -ret;
2337             } else {
2338                 env->active_tc.gpr[7] = 0; /* error flag */
2339             }
2340             env->active_tc.gpr[2] = ret;
2341             break;
2342         case EXCP_TLBL:
2343         case EXCP_TLBS:
2344         case EXCP_AdEL:
2345         case EXCP_AdES:
2346             info.si_signo = TARGET_SIGSEGV;
2347             info.si_errno = 0;
2348             /* XXX: check env->error_code */
2349             info.si_code = TARGET_SEGV_MAPERR;
2350             info._sifields._sigfault._addr = env->CP0_BadVAddr;
2351             queue_signal(env, info.si_signo, &info);
2352             break;
2353         case EXCP_CpU:
2354         case EXCP_RI:
2355             info.si_signo = TARGET_SIGILL;
2356             info.si_errno = 0;
2357             info.si_code = 0;
2358             queue_signal(env, info.si_signo, &info);
2359             break;
2360         case EXCP_INTERRUPT:
2361             /* just indicate that signals should be handled asap */
2362             break;
2363         case EXCP_DEBUG:
2364             {
2365                 int sig;
2366 
2367                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2368                 if (sig)
2369                   {
2370                     info.si_signo = sig;
2371                     info.si_errno = 0;
2372                     info.si_code = TARGET_TRAP_BRKPT;
2373                     queue_signal(env, info.si_signo, &info);
2374                   }
2375             }
2376             break;
2377         case EXCP_SC:
2378             if (do_store_exclusive(env)) {
2379                 info.si_signo = TARGET_SIGSEGV;
2380                 info.si_errno = 0;
2381                 info.si_code = TARGET_SEGV_MAPERR;
2382                 info._sifields._sigfault._addr = env->active_tc.PC;
2383                 queue_signal(env, info.si_signo, &info);
2384             }
2385             break;
2386         case EXCP_DSPDIS:
2387             info.si_signo = TARGET_SIGILL;
2388             info.si_errno = 0;
2389             info.si_code = TARGET_ILL_ILLOPC;
2390             queue_signal(env, info.si_signo, &info);
2391             break;
2392         /* The code below was inspired by the MIPS Linux kernel trap
2393          * handling code in arch/mips/kernel/traps.c.
2394          */
2395         case EXCP_BREAK:
2396             {
2397                 abi_ulong trap_instr;
2398                 unsigned int code;
2399 
2400                 if (env->hflags & MIPS_HFLAG_M16) {
2401                     if (env->insn_flags & ASE_MICROMIPS) {
2402                         /* microMIPS mode */
2403                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2404                         if (ret != 0) {
2405                             goto error;
2406                         }
2407 
2408                         if ((trap_instr >> 10) == 0x11) {
2409                             /* 16-bit instruction */
2410                             code = trap_instr & 0xf;
2411                         } else {
2412                             /* 32-bit instruction */
2413                             abi_ulong instr_lo;
2414 
2415                             ret = get_user_u16(instr_lo,
2416                                                env->active_tc.PC + 2);
2417                             if (ret != 0) {
2418                                 goto error;
2419                             }
2420                             trap_instr = (trap_instr << 16) | instr_lo;
2421                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
2422                             /* Unfortunately, microMIPS also suffers from
2423                                the old assembler bug...  */
2424                             if (code >= (1 << 10)) {
2425                                 code >>= 10;
2426                             }
2427                         }
2428                     } else {
2429                         /* MIPS16e mode */
2430                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2431                         if (ret != 0) {
2432                             goto error;
2433                         }
2434                         code = (trap_instr >> 6) & 0x3f;
2435                     }
2436                 } else {
2437                     ret = get_user_ual(trap_instr, env->active_tc.PC);
2438                     if (ret != 0) {
2439                         goto error;
2440                     }
2441 
2442                     /* As described in the original Linux kernel code, the
2443                      * below checks on 'code' are to work around an old
2444                      * assembly bug.
2445                      */
2446                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
2447                     if (code >= (1 << 10)) {
2448                         code >>= 10;
2449                     }
2450                 }
2451 
2452                 if (do_break(env, &info, code) != 0) {
2453                     goto error;
2454                 }
2455             }
2456             break;
2457         case EXCP_TRAP:
2458             {
2459                 abi_ulong trap_instr;
2460                 unsigned int code = 0;
2461 
2462                 if (env->hflags & MIPS_HFLAG_M16) {
2463                     /* microMIPS mode */
2464                     abi_ulong instr[2];
2465 
2466                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
2467                           get_user_u16(instr[1], env->active_tc.PC + 2);
2468 
2469                     trap_instr = (instr[0] << 16) | instr[1];
2470                 } else {
2471                     ret = get_user_ual(trap_instr, env->active_tc.PC);
2472                 }
2473 
2474                 if (ret != 0) {
2475                     goto error;
2476                 }
2477 
2478                 /* The immediate versions don't provide a code.  */
2479                 if (!(trap_instr & 0xFC000000)) {
2480                     if (env->hflags & MIPS_HFLAG_M16) {
2481                         /* microMIPS mode */
2482                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
2483                     } else {
2484                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
2485                     }
2486                 }
2487 
2488                 if (do_break(env, &info, code) != 0) {
2489                     goto error;
2490                 }
2491             }
2492             break;
2493         default:
2494 error:
2495             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
2496                     trapnr);
2497             cpu_dump_state(cs, stderr, fprintf, 0);
2498             abort();
2499         }
2500         process_pending_signals(env);
2501     }
2502 }
2503 #endif
2504 
2505 #ifdef TARGET_OPENRISC
2506 
2507 void cpu_loop(CPUOpenRISCState *env)
2508 {
2509     CPUState *cs = CPU(openrisc_env_get_cpu(env));
2510     int trapnr, gdbsig;
2511 
2512     for (;;) {
2513         trapnr = cpu_exec(env);
2514         gdbsig = 0;
2515 
2516         switch (trapnr) {
2517         case EXCP_RESET:
2518             qemu_log("\nReset request, exit, pc is %#x\n", env->pc);
2519             exit(1);
2520             break;
2521         case EXCP_BUSERR:
2522             qemu_log("\nBus error, exit, pc is %#x\n", env->pc);
2523             gdbsig = SIGBUS;
2524             break;
2525         case EXCP_DPF:
2526         case EXCP_IPF:
2527             cpu_dump_state(cs, stderr, fprintf, 0);
2528             gdbsig = TARGET_SIGSEGV;
2529             break;
2530         case EXCP_TICK:
2531             qemu_log("\nTick time interrupt pc is %#x\n", env->pc);
2532             break;
2533         case EXCP_ALIGN:
2534             qemu_log("\nAlignment pc is %#x\n", env->pc);
2535             gdbsig = SIGBUS;
2536             break;
2537         case EXCP_ILLEGAL:
2538             qemu_log("\nIllegal instructionpc is %#x\n", env->pc);
2539             gdbsig = SIGILL;
2540             break;
2541         case EXCP_INT:
2542             qemu_log("\nExternal interruptpc is %#x\n", env->pc);
2543             break;
2544         case EXCP_DTLBMISS:
2545         case EXCP_ITLBMISS:
2546             qemu_log("\nTLB miss\n");
2547             break;
2548         case EXCP_RANGE:
2549             qemu_log("\nRange\n");
2550             gdbsig = SIGSEGV;
2551             break;
2552         case EXCP_SYSCALL:
2553             env->pc += 4;   /* 0xc00; */
2554             env->gpr[11] = do_syscall(env,
2555                                       env->gpr[11], /* return value       */
2556                                       env->gpr[3],  /* r3 - r7 are params */
2557                                       env->gpr[4],
2558                                       env->gpr[5],
2559                                       env->gpr[6],
2560                                       env->gpr[7],
2561                                       env->gpr[8], 0, 0);
2562             break;
2563         case EXCP_FPE:
2564             qemu_log("\nFloating point error\n");
2565             break;
2566         case EXCP_TRAP:
2567             qemu_log("\nTrap\n");
2568             gdbsig = SIGTRAP;
2569             break;
2570         case EXCP_NR:
2571             qemu_log("\nNR\n");
2572             break;
2573         default:
2574             qemu_log("\nqemu: unhandled CPU exception %#x - aborting\n",
2575                      trapnr);
2576             cpu_dump_state(cs, stderr, fprintf, 0);
2577             gdbsig = TARGET_SIGILL;
2578             break;
2579         }
2580         if (gdbsig) {
2581             gdb_handlesig(cs, gdbsig);
2582             if (gdbsig != TARGET_SIGTRAP) {
2583                 exit(1);
2584             }
2585         }
2586 
2587         process_pending_signals(env);
2588     }
2589 }
2590 
2591 #endif /* TARGET_OPENRISC */
2592 
2593 #ifdef TARGET_SH4
2594 void cpu_loop(CPUSH4State *env)
2595 {
2596     CPUState *cs = CPU(sh_env_get_cpu(env));
2597     int trapnr, ret;
2598     target_siginfo_t info;
2599 
2600     while (1) {
2601         trapnr = cpu_sh4_exec (env);
2602 
2603         switch (trapnr) {
2604         case 0x160:
2605             env->pc += 2;
2606             ret = do_syscall(env,
2607                              env->gregs[3],
2608                              env->gregs[4],
2609                              env->gregs[5],
2610                              env->gregs[6],
2611                              env->gregs[7],
2612                              env->gregs[0],
2613                              env->gregs[1],
2614                              0, 0);
2615             env->gregs[0] = ret;
2616             break;
2617         case EXCP_INTERRUPT:
2618             /* just indicate that signals should be handled asap */
2619             break;
2620         case EXCP_DEBUG:
2621             {
2622                 int sig;
2623 
2624                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2625                 if (sig)
2626                   {
2627                     info.si_signo = sig;
2628                     info.si_errno = 0;
2629                     info.si_code = TARGET_TRAP_BRKPT;
2630                     queue_signal(env, info.si_signo, &info);
2631                   }
2632             }
2633             break;
2634 	case 0xa0:
2635 	case 0xc0:
2636             info.si_signo = SIGSEGV;
2637             info.si_errno = 0;
2638             info.si_code = TARGET_SEGV_MAPERR;
2639             info._sifields._sigfault._addr = env->tea;
2640             queue_signal(env, info.si_signo, &info);
2641 	    break;
2642 
2643         default:
2644             printf ("Unhandled trap: 0x%x\n", trapnr);
2645             cpu_dump_state(cs, stderr, fprintf, 0);
2646             exit (1);
2647         }
2648         process_pending_signals (env);
2649     }
2650 }
2651 #endif
2652 
2653 #ifdef TARGET_CRIS
2654 void cpu_loop(CPUCRISState *env)
2655 {
2656     CPUState *cs = CPU(cris_env_get_cpu(env));
2657     int trapnr, ret;
2658     target_siginfo_t info;
2659 
2660     while (1) {
2661         trapnr = cpu_cris_exec (env);
2662         switch (trapnr) {
2663         case 0xaa:
2664             {
2665                 info.si_signo = SIGSEGV;
2666                 info.si_errno = 0;
2667                 /* XXX: check env->error_code */
2668                 info.si_code = TARGET_SEGV_MAPERR;
2669                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
2670                 queue_signal(env, info.si_signo, &info);
2671             }
2672             break;
2673 	case EXCP_INTERRUPT:
2674 	  /* just indicate that signals should be handled asap */
2675 	  break;
2676         case EXCP_BREAK:
2677             ret = do_syscall(env,
2678                              env->regs[9],
2679                              env->regs[10],
2680                              env->regs[11],
2681                              env->regs[12],
2682                              env->regs[13],
2683                              env->pregs[7],
2684                              env->pregs[11],
2685                              0, 0);
2686             env->regs[10] = ret;
2687             break;
2688         case EXCP_DEBUG:
2689             {
2690                 int sig;
2691 
2692                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2693                 if (sig)
2694                   {
2695                     info.si_signo = sig;
2696                     info.si_errno = 0;
2697                     info.si_code = TARGET_TRAP_BRKPT;
2698                     queue_signal(env, info.si_signo, &info);
2699                   }
2700             }
2701             break;
2702         default:
2703             printf ("Unhandled trap: 0x%x\n", trapnr);
2704             cpu_dump_state(cs, stderr, fprintf, 0);
2705             exit (1);
2706         }
2707         process_pending_signals (env);
2708     }
2709 }
2710 #endif
2711 
2712 #ifdef TARGET_MICROBLAZE
2713 void cpu_loop(CPUMBState *env)
2714 {
2715     CPUState *cs = CPU(mb_env_get_cpu(env));
2716     int trapnr, ret;
2717     target_siginfo_t info;
2718 
2719     while (1) {
2720         trapnr = cpu_mb_exec (env);
2721         switch (trapnr) {
2722         case 0xaa:
2723             {
2724                 info.si_signo = SIGSEGV;
2725                 info.si_errno = 0;
2726                 /* XXX: check env->error_code */
2727                 info.si_code = TARGET_SEGV_MAPERR;
2728                 info._sifields._sigfault._addr = 0;
2729                 queue_signal(env, info.si_signo, &info);
2730             }
2731             break;
2732 	case EXCP_INTERRUPT:
2733 	  /* just indicate that signals should be handled asap */
2734 	  break;
2735         case EXCP_BREAK:
2736             /* Return address is 4 bytes after the call.  */
2737             env->regs[14] += 4;
2738             env->sregs[SR_PC] = env->regs[14];
2739             ret = do_syscall(env,
2740                              env->regs[12],
2741                              env->regs[5],
2742                              env->regs[6],
2743                              env->regs[7],
2744                              env->regs[8],
2745                              env->regs[9],
2746                              env->regs[10],
2747                              0, 0);
2748             env->regs[3] = ret;
2749             break;
2750         case EXCP_HW_EXCP:
2751             env->regs[17] = env->sregs[SR_PC] + 4;
2752             if (env->iflags & D_FLAG) {
2753                 env->sregs[SR_ESR] |= 1 << 12;
2754                 env->sregs[SR_PC] -= 4;
2755                 /* FIXME: if branch was immed, replay the imm as well.  */
2756             }
2757 
2758             env->iflags &= ~(IMM_FLAG | D_FLAG);
2759 
2760             switch (env->sregs[SR_ESR] & 31) {
2761                 case ESR_EC_DIVZERO:
2762                     info.si_signo = SIGFPE;
2763                     info.si_errno = 0;
2764                     info.si_code = TARGET_FPE_FLTDIV;
2765                     info._sifields._sigfault._addr = 0;
2766                     queue_signal(env, info.si_signo, &info);
2767                     break;
2768                 case ESR_EC_FPU:
2769                     info.si_signo = SIGFPE;
2770                     info.si_errno = 0;
2771                     if (env->sregs[SR_FSR] & FSR_IO) {
2772                         info.si_code = TARGET_FPE_FLTINV;
2773                     }
2774                     if (env->sregs[SR_FSR] & FSR_DZ) {
2775                         info.si_code = TARGET_FPE_FLTDIV;
2776                     }
2777                     info._sifields._sigfault._addr = 0;
2778                     queue_signal(env, info.si_signo, &info);
2779                     break;
2780                 default:
2781                     printf ("Unhandled hw-exception: 0x%x\n",
2782                             env->sregs[SR_ESR] & ESR_EC_MASK);
2783                     cpu_dump_state(cs, stderr, fprintf, 0);
2784                     exit (1);
2785                     break;
2786             }
2787             break;
2788         case EXCP_DEBUG:
2789             {
2790                 int sig;
2791 
2792                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2793                 if (sig)
2794                   {
2795                     info.si_signo = sig;
2796                     info.si_errno = 0;
2797                     info.si_code = TARGET_TRAP_BRKPT;
2798                     queue_signal(env, info.si_signo, &info);
2799                   }
2800             }
2801             break;
2802         default:
2803             printf ("Unhandled trap: 0x%x\n", trapnr);
2804             cpu_dump_state(cs, stderr, fprintf, 0);
2805             exit (1);
2806         }
2807         process_pending_signals (env);
2808     }
2809 }
2810 #endif
2811 
2812 #ifdef TARGET_M68K
2813 
2814 void cpu_loop(CPUM68KState *env)
2815 {
2816     CPUState *cs = CPU(m68k_env_get_cpu(env));
2817     int trapnr;
2818     unsigned int n;
2819     target_siginfo_t info;
2820     TaskState *ts = env->opaque;
2821 
2822     for(;;) {
2823         trapnr = cpu_m68k_exec(env);
2824         switch(trapnr) {
2825         case EXCP_ILLEGAL:
2826             {
2827                 if (ts->sim_syscalls) {
2828                     uint16_t nr;
2829                     nr = lduw(env->pc + 2);
2830                     env->pc += 4;
2831                     do_m68k_simcall(env, nr);
2832                 } else {
2833                     goto do_sigill;
2834                 }
2835             }
2836             break;
2837         case EXCP_HALT_INSN:
2838             /* Semihosing syscall.  */
2839             env->pc += 4;
2840             do_m68k_semihosting(env, env->dregs[0]);
2841             break;
2842         case EXCP_LINEA:
2843         case EXCP_LINEF:
2844         case EXCP_UNSUPPORTED:
2845         do_sigill:
2846             info.si_signo = SIGILL;
2847             info.si_errno = 0;
2848             info.si_code = TARGET_ILL_ILLOPN;
2849             info._sifields._sigfault._addr = env->pc;
2850             queue_signal(env, info.si_signo, &info);
2851             break;
2852         case EXCP_TRAP0:
2853             {
2854                 ts->sim_syscalls = 0;
2855                 n = env->dregs[0];
2856                 env->pc += 2;
2857                 env->dregs[0] = do_syscall(env,
2858                                           n,
2859                                           env->dregs[1],
2860                                           env->dregs[2],
2861                                           env->dregs[3],
2862                                           env->dregs[4],
2863                                           env->dregs[5],
2864                                           env->aregs[0],
2865                                           0, 0);
2866             }
2867             break;
2868         case EXCP_INTERRUPT:
2869             /* just indicate that signals should be handled asap */
2870             break;
2871         case EXCP_ACCESS:
2872             {
2873                 info.si_signo = SIGSEGV;
2874                 info.si_errno = 0;
2875                 /* XXX: check env->error_code */
2876                 info.si_code = TARGET_SEGV_MAPERR;
2877                 info._sifields._sigfault._addr = env->mmu.ar;
2878                 queue_signal(env, info.si_signo, &info);
2879             }
2880             break;
2881         case EXCP_DEBUG:
2882             {
2883                 int sig;
2884 
2885                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2886                 if (sig)
2887                   {
2888                     info.si_signo = sig;
2889                     info.si_errno = 0;
2890                     info.si_code = TARGET_TRAP_BRKPT;
2891                     queue_signal(env, info.si_signo, &info);
2892                   }
2893             }
2894             break;
2895         default:
2896             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
2897                     trapnr);
2898             cpu_dump_state(cs, stderr, fprintf, 0);
2899             abort();
2900         }
2901         process_pending_signals(env);
2902     }
2903 }
2904 #endif /* TARGET_M68K */
2905 
2906 #ifdef TARGET_ALPHA
2907 static void do_store_exclusive(CPUAlphaState *env, int reg, int quad)
2908 {
2909     target_ulong addr, val, tmp;
2910     target_siginfo_t info;
2911     int ret = 0;
2912 
2913     addr = env->lock_addr;
2914     tmp = env->lock_st_addr;
2915     env->lock_addr = -1;
2916     env->lock_st_addr = 0;
2917 
2918     start_exclusive();
2919     mmap_lock();
2920 
2921     if (addr == tmp) {
2922         if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
2923             goto do_sigsegv;
2924         }
2925 
2926         if (val == env->lock_value) {
2927             tmp = env->ir[reg];
2928             if (quad ? put_user_u64(tmp, addr) : put_user_u32(tmp, addr)) {
2929                 goto do_sigsegv;
2930             }
2931             ret = 1;
2932         }
2933     }
2934     env->ir[reg] = ret;
2935     env->pc += 4;
2936 
2937     mmap_unlock();
2938     end_exclusive();
2939     return;
2940 
2941  do_sigsegv:
2942     mmap_unlock();
2943     end_exclusive();
2944 
2945     info.si_signo = TARGET_SIGSEGV;
2946     info.si_errno = 0;
2947     info.si_code = TARGET_SEGV_MAPERR;
2948     info._sifields._sigfault._addr = addr;
2949     queue_signal(env, TARGET_SIGSEGV, &info);
2950 }
2951 
2952 void cpu_loop(CPUAlphaState *env)
2953 {
2954     CPUState *cs = CPU(alpha_env_get_cpu(env));
2955     int trapnr;
2956     target_siginfo_t info;
2957     abi_long sysret;
2958 
2959     while (1) {
2960         trapnr = cpu_alpha_exec (env);
2961 
2962         /* All of the traps imply a transition through PALcode, which
2963            implies an REI instruction has been executed.  Which means
2964            that the intr_flag should be cleared.  */
2965         env->intr_flag = 0;
2966 
2967         switch (trapnr) {
2968         case EXCP_RESET:
2969             fprintf(stderr, "Reset requested. Exit\n");
2970             exit(1);
2971             break;
2972         case EXCP_MCHK:
2973             fprintf(stderr, "Machine check exception. Exit\n");
2974             exit(1);
2975             break;
2976         case EXCP_SMP_INTERRUPT:
2977         case EXCP_CLK_INTERRUPT:
2978         case EXCP_DEV_INTERRUPT:
2979             fprintf(stderr, "External interrupt. Exit\n");
2980             exit(1);
2981             break;
2982         case EXCP_MMFAULT:
2983             env->lock_addr = -1;
2984             info.si_signo = TARGET_SIGSEGV;
2985             info.si_errno = 0;
2986             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
2987                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
2988             info._sifields._sigfault._addr = env->trap_arg0;
2989             queue_signal(env, info.si_signo, &info);
2990             break;
2991         case EXCP_UNALIGN:
2992             env->lock_addr = -1;
2993             info.si_signo = TARGET_SIGBUS;
2994             info.si_errno = 0;
2995             info.si_code = TARGET_BUS_ADRALN;
2996             info._sifields._sigfault._addr = env->trap_arg0;
2997             queue_signal(env, info.si_signo, &info);
2998             break;
2999         case EXCP_OPCDEC:
3000         do_sigill:
3001             env->lock_addr = -1;
3002             info.si_signo = TARGET_SIGILL;
3003             info.si_errno = 0;
3004             info.si_code = TARGET_ILL_ILLOPC;
3005             info._sifields._sigfault._addr = env->pc;
3006             queue_signal(env, info.si_signo, &info);
3007             break;
3008         case EXCP_ARITH:
3009             env->lock_addr = -1;
3010             info.si_signo = TARGET_SIGFPE;
3011             info.si_errno = 0;
3012             info.si_code = TARGET_FPE_FLTINV;
3013             info._sifields._sigfault._addr = env->pc;
3014             queue_signal(env, info.si_signo, &info);
3015             break;
3016         case EXCP_FEN:
3017             /* No-op.  Linux simply re-enables the FPU.  */
3018             break;
3019         case EXCP_CALL_PAL:
3020             env->lock_addr = -1;
3021             switch (env->error_code) {
3022             case 0x80:
3023                 /* BPT */
3024                 info.si_signo = TARGET_SIGTRAP;
3025                 info.si_errno = 0;
3026                 info.si_code = TARGET_TRAP_BRKPT;
3027                 info._sifields._sigfault._addr = env->pc;
3028                 queue_signal(env, info.si_signo, &info);
3029                 break;
3030             case 0x81:
3031                 /* BUGCHK */
3032                 info.si_signo = TARGET_SIGTRAP;
3033                 info.si_errno = 0;
3034                 info.si_code = 0;
3035                 info._sifields._sigfault._addr = env->pc;
3036                 queue_signal(env, info.si_signo, &info);
3037                 break;
3038             case 0x83:
3039                 /* CALLSYS */
3040                 trapnr = env->ir[IR_V0];
3041                 sysret = do_syscall(env, trapnr,
3042                                     env->ir[IR_A0], env->ir[IR_A1],
3043                                     env->ir[IR_A2], env->ir[IR_A3],
3044                                     env->ir[IR_A4], env->ir[IR_A5],
3045                                     0, 0);
3046                 if (trapnr == TARGET_NR_sigreturn
3047                     || trapnr == TARGET_NR_rt_sigreturn) {
3048                     break;
3049                 }
3050                 /* Syscall writes 0 to V0 to bypass error check, similar
3051                    to how this is handled internal to Linux kernel.
3052                    (Ab)use trapnr temporarily as boolean indicating error.  */
3053                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
3054                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
3055                 env->ir[IR_A3] = trapnr;
3056                 break;
3057             case 0x86:
3058                 /* IMB */
3059                 /* ??? We can probably elide the code using page_unprotect
3060                    that is checking for self-modifying code.  Instead we
3061                    could simply call tb_flush here.  Until we work out the
3062                    changes required to turn off the extra write protection,
3063                    this can be a no-op.  */
3064                 break;
3065             case 0x9E:
3066                 /* RDUNIQUE */
3067                 /* Handled in the translator for usermode.  */
3068                 abort();
3069             case 0x9F:
3070                 /* WRUNIQUE */
3071                 /* Handled in the translator for usermode.  */
3072                 abort();
3073             case 0xAA:
3074                 /* GENTRAP */
3075                 info.si_signo = TARGET_SIGFPE;
3076                 switch (env->ir[IR_A0]) {
3077                 case TARGET_GEN_INTOVF:
3078                     info.si_code = TARGET_FPE_INTOVF;
3079                     break;
3080                 case TARGET_GEN_INTDIV:
3081                     info.si_code = TARGET_FPE_INTDIV;
3082                     break;
3083                 case TARGET_GEN_FLTOVF:
3084                     info.si_code = TARGET_FPE_FLTOVF;
3085                     break;
3086                 case TARGET_GEN_FLTUND:
3087                     info.si_code = TARGET_FPE_FLTUND;
3088                     break;
3089                 case TARGET_GEN_FLTINV:
3090                     info.si_code = TARGET_FPE_FLTINV;
3091                     break;
3092                 case TARGET_GEN_FLTINE:
3093                     info.si_code = TARGET_FPE_FLTRES;
3094                     break;
3095                 case TARGET_GEN_ROPRAND:
3096                     info.si_code = 0;
3097                     break;
3098                 default:
3099                     info.si_signo = TARGET_SIGTRAP;
3100                     info.si_code = 0;
3101                     break;
3102                 }
3103                 info.si_errno = 0;
3104                 info._sifields._sigfault._addr = env->pc;
3105                 queue_signal(env, info.si_signo, &info);
3106                 break;
3107             default:
3108                 goto do_sigill;
3109             }
3110             break;
3111         case EXCP_DEBUG:
3112             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
3113             if (info.si_signo) {
3114                 env->lock_addr = -1;
3115                 info.si_errno = 0;
3116                 info.si_code = TARGET_TRAP_BRKPT;
3117                 queue_signal(env, info.si_signo, &info);
3118             }
3119             break;
3120         case EXCP_STL_C:
3121         case EXCP_STQ_C:
3122             do_store_exclusive(env, env->error_code, trapnr - EXCP_STL_C);
3123             break;
3124         case EXCP_INTERRUPT:
3125             /* Just indicate that signals should be handled asap.  */
3126             break;
3127         default:
3128             printf ("Unhandled trap: 0x%x\n", trapnr);
3129             cpu_dump_state(cs, stderr, fprintf, 0);
3130             exit (1);
3131         }
3132         process_pending_signals (env);
3133     }
3134 }
3135 #endif /* TARGET_ALPHA */
3136 
3137 #ifdef TARGET_S390X
3138 void cpu_loop(CPUS390XState *env)
3139 {
3140     CPUState *cs = CPU(s390_env_get_cpu(env));
3141     int trapnr, n, sig;
3142     target_siginfo_t info;
3143     target_ulong addr;
3144 
3145     while (1) {
3146         trapnr = cpu_s390x_exec(env);
3147         switch (trapnr) {
3148         case EXCP_INTERRUPT:
3149             /* Just indicate that signals should be handled asap.  */
3150             break;
3151 
3152         case EXCP_SVC:
3153             n = env->int_svc_code;
3154             if (!n) {
3155                 /* syscalls > 255 */
3156                 n = env->regs[1];
3157             }
3158             env->psw.addr += env->int_svc_ilen;
3159             env->regs[2] = do_syscall(env, n, env->regs[2], env->regs[3],
3160                                       env->regs[4], env->regs[5],
3161                                       env->regs[6], env->regs[7], 0, 0);
3162             break;
3163 
3164         case EXCP_DEBUG:
3165             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3166             if (sig) {
3167                 n = TARGET_TRAP_BRKPT;
3168                 goto do_signal_pc;
3169             }
3170             break;
3171         case EXCP_PGM:
3172             n = env->int_pgm_code;
3173             switch (n) {
3174             case PGM_OPERATION:
3175             case PGM_PRIVILEGED:
3176                 sig = SIGILL;
3177                 n = TARGET_ILL_ILLOPC;
3178                 goto do_signal_pc;
3179             case PGM_PROTECTION:
3180             case PGM_ADDRESSING:
3181                 sig = SIGSEGV;
3182                 /* XXX: check env->error_code */
3183                 n = TARGET_SEGV_MAPERR;
3184                 addr = env->__excp_addr;
3185                 goto do_signal;
3186             case PGM_EXECUTE:
3187             case PGM_SPECIFICATION:
3188             case PGM_SPECIAL_OP:
3189             case PGM_OPERAND:
3190             do_sigill_opn:
3191                 sig = SIGILL;
3192                 n = TARGET_ILL_ILLOPN;
3193                 goto do_signal_pc;
3194 
3195             case PGM_FIXPT_OVERFLOW:
3196                 sig = SIGFPE;
3197                 n = TARGET_FPE_INTOVF;
3198                 goto do_signal_pc;
3199             case PGM_FIXPT_DIVIDE:
3200                 sig = SIGFPE;
3201                 n = TARGET_FPE_INTDIV;
3202                 goto do_signal_pc;
3203 
3204             case PGM_DATA:
3205                 n = (env->fpc >> 8) & 0xff;
3206                 if (n == 0xff) {
3207                     /* compare-and-trap */
3208                     goto do_sigill_opn;
3209                 } else {
3210                     /* An IEEE exception, simulated or otherwise.  */
3211                     if (n & 0x80) {
3212                         n = TARGET_FPE_FLTINV;
3213                     } else if (n & 0x40) {
3214                         n = TARGET_FPE_FLTDIV;
3215                     } else if (n & 0x20) {
3216                         n = TARGET_FPE_FLTOVF;
3217                     } else if (n & 0x10) {
3218                         n = TARGET_FPE_FLTUND;
3219                     } else if (n & 0x08) {
3220                         n = TARGET_FPE_FLTRES;
3221                     } else {
3222                         /* ??? Quantum exception; BFP, DFP error.  */
3223                         goto do_sigill_opn;
3224                     }
3225                     sig = SIGFPE;
3226                     goto do_signal_pc;
3227                 }
3228 
3229             default:
3230                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
3231                 cpu_dump_state(cs, stderr, fprintf, 0);
3232                 exit(1);
3233             }
3234             break;
3235 
3236         do_signal_pc:
3237             addr = env->psw.addr;
3238         do_signal:
3239             info.si_signo = sig;
3240             info.si_errno = 0;
3241             info.si_code = n;
3242             info._sifields._sigfault._addr = addr;
3243             queue_signal(env, info.si_signo, &info);
3244             break;
3245 
3246         default:
3247             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
3248             cpu_dump_state(cs, stderr, fprintf, 0);
3249             exit(1);
3250         }
3251         process_pending_signals (env);
3252     }
3253 }
3254 
3255 #endif /* TARGET_S390X */
3256 
3257 THREAD CPUState *thread_cpu;
3258 
3259 void task_settid(TaskState *ts)
3260 {
3261     if (ts->ts_tid == 0) {
3262         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3263     }
3264 }
3265 
3266 void stop_all_tasks(void)
3267 {
3268     /*
3269      * We trust that when using NPTL, start_exclusive()
3270      * handles thread stopping correctly.
3271      */
3272     start_exclusive();
3273 }
3274 
3275 /* Assumes contents are already zeroed.  */
3276 void init_task_state(TaskState *ts)
3277 {
3278     int i;
3279 
3280     ts->used = 1;
3281     ts->first_free = ts->sigqueue_table;
3282     for (i = 0; i < MAX_SIGQUEUE_SIZE - 1; i++) {
3283         ts->sigqueue_table[i].next = &ts->sigqueue_table[i + 1];
3284     }
3285     ts->sigqueue_table[i].next = NULL;
3286 }
3287 
3288 CPUArchState *cpu_copy(CPUArchState *env)
3289 {
3290     CPUArchState *new_env = cpu_init(cpu_model);
3291 #if defined(TARGET_HAS_ICE)
3292     CPUBreakpoint *bp;
3293     CPUWatchpoint *wp;
3294 #endif
3295 
3296     /* Reset non arch specific state */
3297     cpu_reset(ENV_GET_CPU(new_env));
3298 
3299     memcpy(new_env, env, sizeof(CPUArchState));
3300 
3301     /* Clone all break/watchpoints.
3302        Note: Once we support ptrace with hw-debug register access, make sure
3303        BP_CPU break/watchpoints are handled correctly on clone. */
3304     QTAILQ_INIT(&env->breakpoints);
3305     QTAILQ_INIT(&env->watchpoints);
3306 #if defined(TARGET_HAS_ICE)
3307     QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
3308         cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
3309     }
3310     QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3311         cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
3312                               wp->flags, NULL);
3313     }
3314 #endif
3315 
3316     return new_env;
3317 }
3318 
3319 static void handle_arg_help(const char *arg)
3320 {
3321     usage();
3322 }
3323 
3324 static void handle_arg_log(const char *arg)
3325 {
3326     int mask;
3327 
3328     mask = qemu_str_to_log_mask(arg);
3329     if (!mask) {
3330         qemu_print_log_usage(stdout);
3331         exit(1);
3332     }
3333     qemu_set_log(mask);
3334 }
3335 
3336 static void handle_arg_log_filename(const char *arg)
3337 {
3338     qemu_set_log_filename(arg);
3339 }
3340 
3341 static void handle_arg_set_env(const char *arg)
3342 {
3343     char *r, *p, *token;
3344     r = p = strdup(arg);
3345     while ((token = strsep(&p, ",")) != NULL) {
3346         if (envlist_setenv(envlist, token) != 0) {
3347             usage();
3348         }
3349     }
3350     free(r);
3351 }
3352 
3353 static void handle_arg_unset_env(const char *arg)
3354 {
3355     char *r, *p, *token;
3356     r = p = strdup(arg);
3357     while ((token = strsep(&p, ",")) != NULL) {
3358         if (envlist_unsetenv(envlist, token) != 0) {
3359             usage();
3360         }
3361     }
3362     free(r);
3363 }
3364 
3365 static void handle_arg_argv0(const char *arg)
3366 {
3367     argv0 = strdup(arg);
3368 }
3369 
3370 static void handle_arg_stack_size(const char *arg)
3371 {
3372     char *p;
3373     guest_stack_size = strtoul(arg, &p, 0);
3374     if (guest_stack_size == 0) {
3375         usage();
3376     }
3377 
3378     if (*p == 'M') {
3379         guest_stack_size *= 1024 * 1024;
3380     } else if (*p == 'k' || *p == 'K') {
3381         guest_stack_size *= 1024;
3382     }
3383 }
3384 
3385 static void handle_arg_ld_prefix(const char *arg)
3386 {
3387     interp_prefix = strdup(arg);
3388 }
3389 
3390 static void handle_arg_pagesize(const char *arg)
3391 {
3392     qemu_host_page_size = atoi(arg);
3393     if (qemu_host_page_size == 0 ||
3394         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
3395         fprintf(stderr, "page size must be a power of two\n");
3396         exit(1);
3397     }
3398 }
3399 
3400 static void handle_arg_gdb(const char *arg)
3401 {
3402     gdbstub_port = atoi(arg);
3403 }
3404 
3405 static void handle_arg_uname(const char *arg)
3406 {
3407     qemu_uname_release = strdup(arg);
3408 }
3409 
3410 static void handle_arg_cpu(const char *arg)
3411 {
3412     cpu_model = strdup(arg);
3413     if (cpu_model == NULL || is_help_option(cpu_model)) {
3414         /* XXX: implement xxx_cpu_list for targets that still miss it */
3415 #if defined(cpu_list)
3416         cpu_list(stdout, &fprintf);
3417 #endif
3418         exit(1);
3419     }
3420 }
3421 
3422 #if defined(CONFIG_USE_GUEST_BASE)
3423 static void handle_arg_guest_base(const char *arg)
3424 {
3425     guest_base = strtol(arg, NULL, 0);
3426     have_guest_base = 1;
3427 }
3428 
3429 static void handle_arg_reserved_va(const char *arg)
3430 {
3431     char *p;
3432     int shift = 0;
3433     reserved_va = strtoul(arg, &p, 0);
3434     switch (*p) {
3435     case 'k':
3436     case 'K':
3437         shift = 10;
3438         break;
3439     case 'M':
3440         shift = 20;
3441         break;
3442     case 'G':
3443         shift = 30;
3444         break;
3445     }
3446     if (shift) {
3447         unsigned long unshifted = reserved_va;
3448         p++;
3449         reserved_va <<= shift;
3450         if (((reserved_va >> shift) != unshifted)
3451 #if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
3452             || (reserved_va > (1ul << TARGET_VIRT_ADDR_SPACE_BITS))
3453 #endif
3454             ) {
3455             fprintf(stderr, "Reserved virtual address too big\n");
3456             exit(1);
3457         }
3458     }
3459     if (*p) {
3460         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
3461         exit(1);
3462     }
3463 }
3464 #endif
3465 
3466 static void handle_arg_singlestep(const char *arg)
3467 {
3468     singlestep = 1;
3469 }
3470 
3471 static void handle_arg_strace(const char *arg)
3472 {
3473     do_strace = 1;
3474 }
3475 
3476 static void handle_arg_version(const char *arg)
3477 {
3478     printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
3479            ", Copyright (c) 2003-2008 Fabrice Bellard\n");
3480     exit(0);
3481 }
3482 
3483 struct qemu_argument {
3484     const char *argv;
3485     const char *env;
3486     bool has_arg;
3487     void (*handle_opt)(const char *arg);
3488     const char *example;
3489     const char *help;
3490 };
3491 
3492 static const struct qemu_argument arg_table[] = {
3493     {"h",          "",                 false, handle_arg_help,
3494      "",           "print this help"},
3495     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
3496      "port",       "wait gdb connection to 'port'"},
3497     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
3498      "path",       "set the elf interpreter prefix to 'path'"},
3499     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
3500      "size",       "set the stack size to 'size' bytes"},
3501     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
3502      "model",      "select CPU (-cpu help for list)"},
3503     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
3504      "var=value",  "sets targets environment variable (see below)"},
3505     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
3506      "var",        "unsets targets environment variable (see below)"},
3507     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
3508      "argv0",      "forces target process argv[0] to be 'argv0'"},
3509     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
3510      "uname",      "set qemu uname release string to 'uname'"},
3511 #if defined(CONFIG_USE_GUEST_BASE)
3512     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
3513      "address",    "set guest_base address to 'address'"},
3514     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
3515      "size",       "reserve 'size' bytes for guest virtual address space"},
3516 #endif
3517     {"d",          "QEMU_LOG",         true,  handle_arg_log,
3518      "item[,...]", "enable logging of specified items "
3519      "(use '-d help' for a list of items)"},
3520     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
3521      "logfile",     "write logs to 'logfile' (default stderr)"},
3522     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
3523      "pagesize",   "set the host page size to 'pagesize'"},
3524     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
3525      "",           "run in singlestep mode"},
3526     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
3527      "",           "log system calls"},
3528     {"version",    "QEMU_VERSION",     false, handle_arg_version,
3529      "",           "display version information and exit"},
3530     {NULL, NULL, false, NULL, NULL, NULL}
3531 };
3532 
3533 static void usage(void)
3534 {
3535     const struct qemu_argument *arginfo;
3536     int maxarglen;
3537     int maxenvlen;
3538 
3539     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
3540            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
3541            "\n"
3542            "Options and associated environment variables:\n"
3543            "\n");
3544 
3545     /* Calculate column widths. We must always have at least enough space
3546      * for the column header.
3547      */
3548     maxarglen = strlen("Argument");
3549     maxenvlen = strlen("Env-variable");
3550 
3551     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3552         int arglen = strlen(arginfo->argv);
3553         if (arginfo->has_arg) {
3554             arglen += strlen(arginfo->example) + 1;
3555         }
3556         if (strlen(arginfo->env) > maxenvlen) {
3557             maxenvlen = strlen(arginfo->env);
3558         }
3559         if (arglen > maxarglen) {
3560             maxarglen = arglen;
3561         }
3562     }
3563 
3564     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
3565             maxenvlen, "Env-variable");
3566 
3567     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3568         if (arginfo->has_arg) {
3569             printf("-%s %-*s %-*s %s\n", arginfo->argv,
3570                    (int)(maxarglen - strlen(arginfo->argv) - 1),
3571                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
3572         } else {
3573             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
3574                     maxenvlen, arginfo->env,
3575                     arginfo->help);
3576         }
3577     }
3578 
3579     printf("\n"
3580            "Defaults:\n"
3581            "QEMU_LD_PREFIX  = %s\n"
3582            "QEMU_STACK_SIZE = %ld byte\n",
3583            interp_prefix,
3584            guest_stack_size);
3585 
3586     printf("\n"
3587            "You can use -E and -U options or the QEMU_SET_ENV and\n"
3588            "QEMU_UNSET_ENV environment variables to set and unset\n"
3589            "environment variables for the target process.\n"
3590            "It is possible to provide several variables by separating them\n"
3591            "by commas in getsubopt(3) style. Additionally it is possible to\n"
3592            "provide the -E and -U options multiple times.\n"
3593            "The following lines are equivalent:\n"
3594            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
3595            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
3596            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
3597            "Note that if you provide several changes to a single variable\n"
3598            "the last change will stay in effect.\n");
3599 
3600     exit(1);
3601 }
3602 
3603 static int parse_args(int argc, char **argv)
3604 {
3605     const char *r;
3606     int optind;
3607     const struct qemu_argument *arginfo;
3608 
3609     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3610         if (arginfo->env == NULL) {
3611             continue;
3612         }
3613 
3614         r = getenv(arginfo->env);
3615         if (r != NULL) {
3616             arginfo->handle_opt(r);
3617         }
3618     }
3619 
3620     optind = 1;
3621     for (;;) {
3622         if (optind >= argc) {
3623             break;
3624         }
3625         r = argv[optind];
3626         if (r[0] != '-') {
3627             break;
3628         }
3629         optind++;
3630         r++;
3631         if (!strcmp(r, "-")) {
3632             break;
3633         }
3634 
3635         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3636             if (!strcmp(r, arginfo->argv)) {
3637                 if (arginfo->has_arg) {
3638                     if (optind >= argc) {
3639                         usage();
3640                     }
3641                     arginfo->handle_opt(argv[optind]);
3642                     optind++;
3643                 } else {
3644                     arginfo->handle_opt(NULL);
3645                 }
3646                 break;
3647             }
3648         }
3649 
3650         /* no option matched the current argv */
3651         if (arginfo->handle_opt == NULL) {
3652             usage();
3653         }
3654     }
3655 
3656     if (optind >= argc) {
3657         usage();
3658     }
3659 
3660     filename = argv[optind];
3661     exec_path = argv[optind];
3662 
3663     return optind;
3664 }
3665 
3666 int main(int argc, char **argv, char **envp)
3667 {
3668     struct target_pt_regs regs1, *regs = &regs1;
3669     struct image_info info1, *info = &info1;
3670     struct linux_binprm bprm;
3671     TaskState *ts;
3672     CPUArchState *env;
3673     CPUState *cpu;
3674     int optind;
3675     char **target_environ, **wrk;
3676     char **target_argv;
3677     int target_argc;
3678     int i;
3679     int ret;
3680     int execfd;
3681 
3682     module_call_init(MODULE_INIT_QOM);
3683 
3684     qemu_init_auxval(envp);
3685     qemu_cache_utils_init();
3686 
3687     if ((envlist = envlist_create()) == NULL) {
3688         (void) fprintf(stderr, "Unable to allocate envlist\n");
3689         exit(1);
3690     }
3691 
3692     /* add current environment into the list */
3693     for (wrk = environ; *wrk != NULL; wrk++) {
3694         (void) envlist_setenv(envlist, *wrk);
3695     }
3696 
3697     /* Read the stack limit from the kernel.  If it's "unlimited",
3698        then we can do little else besides use the default.  */
3699     {
3700         struct rlimit lim;
3701         if (getrlimit(RLIMIT_STACK, &lim) == 0
3702             && lim.rlim_cur != RLIM_INFINITY
3703             && lim.rlim_cur == (target_long)lim.rlim_cur) {
3704             guest_stack_size = lim.rlim_cur;
3705         }
3706     }
3707 
3708     cpu_model = NULL;
3709 #if defined(cpudef_setup)
3710     cpudef_setup(); /* parse cpu definitions in target config file (TBD) */
3711 #endif
3712 
3713     optind = parse_args(argc, argv);
3714 
3715     /* Zero out regs */
3716     memset(regs, 0, sizeof(struct target_pt_regs));
3717 
3718     /* Zero out image_info */
3719     memset(info, 0, sizeof(struct image_info));
3720 
3721     memset(&bprm, 0, sizeof (bprm));
3722 
3723     /* Scan interp_prefix dir for replacement files. */
3724     init_paths(interp_prefix);
3725 
3726     init_qemu_uname_release();
3727 
3728     if (cpu_model == NULL) {
3729 #if defined(TARGET_I386)
3730 #ifdef TARGET_X86_64
3731         cpu_model = "qemu64";
3732 #else
3733         cpu_model = "qemu32";
3734 #endif
3735 #elif defined(TARGET_ARM)
3736         cpu_model = "any";
3737 #elif defined(TARGET_UNICORE32)
3738         cpu_model = "any";
3739 #elif defined(TARGET_M68K)
3740         cpu_model = "any";
3741 #elif defined(TARGET_SPARC)
3742 #ifdef TARGET_SPARC64
3743         cpu_model = "TI UltraSparc II";
3744 #else
3745         cpu_model = "Fujitsu MB86904";
3746 #endif
3747 #elif defined(TARGET_MIPS)
3748 #if defined(TARGET_ABI_MIPSN32) || defined(TARGET_ABI_MIPSN64)
3749         cpu_model = "20Kc";
3750 #else
3751         cpu_model = "24Kf";
3752 #endif
3753 #elif defined TARGET_OPENRISC
3754         cpu_model = "or1200";
3755 #elif defined(TARGET_PPC)
3756 #ifdef TARGET_PPC64
3757         cpu_model = "970fx";
3758 #else
3759         cpu_model = "750";
3760 #endif
3761 #else
3762         cpu_model = "any";
3763 #endif
3764     }
3765     tcg_exec_init(0);
3766     cpu_exec_init_all();
3767     /* NOTE: we need to init the CPU at this stage to get
3768        qemu_host_page_size */
3769     env = cpu_init(cpu_model);
3770     if (!env) {
3771         fprintf(stderr, "Unable to find CPU definition\n");
3772         exit(1);
3773     }
3774     cpu = ENV_GET_CPU(env);
3775     cpu_reset(cpu);
3776 
3777     thread_cpu = cpu;
3778 
3779     if (getenv("QEMU_STRACE")) {
3780         do_strace = 1;
3781     }
3782 
3783     target_environ = envlist_to_environ(envlist, NULL);
3784     envlist_free(envlist);
3785 
3786 #if defined(CONFIG_USE_GUEST_BASE)
3787     /*
3788      * Now that page sizes are configured in cpu_init() we can do
3789      * proper page alignment for guest_base.
3790      */
3791     guest_base = HOST_PAGE_ALIGN(guest_base);
3792 
3793     if (reserved_va || have_guest_base) {
3794         guest_base = init_guest_space(guest_base, reserved_va, 0,
3795                                       have_guest_base);
3796         if (guest_base == (unsigned long)-1) {
3797             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
3798                     "space for use as guest address space (check your virtual "
3799                     "memory ulimit setting or reserve less using -R option)\n",
3800                     reserved_va);
3801             exit(1);
3802         }
3803 
3804         if (reserved_va) {
3805             mmap_next_start = reserved_va;
3806         }
3807     }
3808 #endif /* CONFIG_USE_GUEST_BASE */
3809 
3810     /*
3811      * Read in mmap_min_addr kernel parameter.  This value is used
3812      * When loading the ELF image to determine whether guest_base
3813      * is needed.  It is also used in mmap_find_vma.
3814      */
3815     {
3816         FILE *fp;
3817 
3818         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
3819             unsigned long tmp;
3820             if (fscanf(fp, "%lu", &tmp) == 1) {
3821                 mmap_min_addr = tmp;
3822                 qemu_log("host mmap_min_addr=0x%lx\n", mmap_min_addr);
3823             }
3824             fclose(fp);
3825         }
3826     }
3827 
3828     /*
3829      * Prepare copy of argv vector for target.
3830      */
3831     target_argc = argc - optind;
3832     target_argv = calloc(target_argc + 1, sizeof (char *));
3833     if (target_argv == NULL) {
3834 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
3835 	exit(1);
3836     }
3837 
3838     /*
3839      * If argv0 is specified (using '-0' switch) we replace
3840      * argv[0] pointer with the given one.
3841      */
3842     i = 0;
3843     if (argv0 != NULL) {
3844         target_argv[i++] = strdup(argv0);
3845     }
3846     for (; i < target_argc; i++) {
3847         target_argv[i] = strdup(argv[optind + i]);
3848     }
3849     target_argv[target_argc] = NULL;
3850 
3851     ts = g_malloc0 (sizeof(TaskState));
3852     init_task_state(ts);
3853     /* build Task State */
3854     ts->info = info;
3855     ts->bprm = &bprm;
3856     env->opaque = ts;
3857     task_settid(ts);
3858 
3859     execfd = qemu_getauxval(AT_EXECFD);
3860     if (execfd == 0) {
3861         execfd = open(filename, O_RDONLY);
3862         if (execfd < 0) {
3863             printf("Error while loading %s: %s\n", filename, strerror(errno));
3864             _exit(1);
3865         }
3866     }
3867 
3868     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
3869         info, &bprm);
3870     if (ret != 0) {
3871         printf("Error while loading %s: %s\n", filename, strerror(-ret));
3872         _exit(1);
3873     }
3874 
3875     for (wrk = target_environ; *wrk; wrk++) {
3876         free(*wrk);
3877     }
3878 
3879     free(target_environ);
3880 
3881     if (qemu_log_enabled()) {
3882 #if defined(CONFIG_USE_GUEST_BASE)
3883         qemu_log("guest_base  0x%lx\n", guest_base);
3884 #endif
3885         log_page_dump();
3886 
3887         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
3888         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
3889         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n",
3890                  info->start_code);
3891         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n",
3892                  info->start_data);
3893         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
3894         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n",
3895                  info->start_stack);
3896         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
3897         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
3898     }
3899 
3900     target_set_brk(info->brk);
3901     syscall_init();
3902     signal_init();
3903 
3904 #if defined(CONFIG_USE_GUEST_BASE)
3905     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
3906        generating the prologue until now so that the prologue can take
3907        the real value of GUEST_BASE into account.  */
3908     tcg_prologue_init(&tcg_ctx);
3909 #endif
3910 
3911 #if defined(TARGET_I386)
3912     cpu_x86_set_cpl(env, 3);
3913 
3914     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
3915     env->hflags |= HF_PE_MASK;
3916     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
3917         env->cr[4] |= CR4_OSFXSR_MASK;
3918         env->hflags |= HF_OSFXSR_MASK;
3919     }
3920 #ifndef TARGET_ABI32
3921     /* enable 64 bit mode if possible */
3922     if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
3923         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
3924         exit(1);
3925     }
3926     env->cr[4] |= CR4_PAE_MASK;
3927     env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
3928     env->hflags |= HF_LMA_MASK;
3929 #endif
3930 
3931     /* flags setup : we activate the IRQs by default as in user mode */
3932     env->eflags |= IF_MASK;
3933 
3934     /* linux register setup */
3935 #ifndef TARGET_ABI32
3936     env->regs[R_EAX] = regs->rax;
3937     env->regs[R_EBX] = regs->rbx;
3938     env->regs[R_ECX] = regs->rcx;
3939     env->regs[R_EDX] = regs->rdx;
3940     env->regs[R_ESI] = regs->rsi;
3941     env->regs[R_EDI] = regs->rdi;
3942     env->regs[R_EBP] = regs->rbp;
3943     env->regs[R_ESP] = regs->rsp;
3944     env->eip = regs->rip;
3945 #else
3946     env->regs[R_EAX] = regs->eax;
3947     env->regs[R_EBX] = regs->ebx;
3948     env->regs[R_ECX] = regs->ecx;
3949     env->regs[R_EDX] = regs->edx;
3950     env->regs[R_ESI] = regs->esi;
3951     env->regs[R_EDI] = regs->edi;
3952     env->regs[R_EBP] = regs->ebp;
3953     env->regs[R_ESP] = regs->esp;
3954     env->eip = regs->eip;
3955 #endif
3956 
3957     /* linux interrupt setup */
3958 #ifndef TARGET_ABI32
3959     env->idt.limit = 511;
3960 #else
3961     env->idt.limit = 255;
3962 #endif
3963     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
3964                                 PROT_READ|PROT_WRITE,
3965                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
3966     idt_table = g2h(env->idt.base);
3967     set_idt(0, 0);
3968     set_idt(1, 0);
3969     set_idt(2, 0);
3970     set_idt(3, 3);
3971     set_idt(4, 3);
3972     set_idt(5, 0);
3973     set_idt(6, 0);
3974     set_idt(7, 0);
3975     set_idt(8, 0);
3976     set_idt(9, 0);
3977     set_idt(10, 0);
3978     set_idt(11, 0);
3979     set_idt(12, 0);
3980     set_idt(13, 0);
3981     set_idt(14, 0);
3982     set_idt(15, 0);
3983     set_idt(16, 0);
3984     set_idt(17, 0);
3985     set_idt(18, 0);
3986     set_idt(19, 0);
3987     set_idt(0x80, 3);
3988 
3989     /* linux segment setup */
3990     {
3991         uint64_t *gdt_table;
3992         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
3993                                     PROT_READ|PROT_WRITE,
3994                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
3995         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
3996         gdt_table = g2h(env->gdt.base);
3997 #ifdef TARGET_ABI32
3998         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
3999                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4000                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4001 #else
4002         /* 64 bit code segment */
4003         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4004                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4005                  DESC_L_MASK |
4006                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4007 #endif
4008         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
4009                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4010                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
4011     }
4012     cpu_x86_load_seg(env, R_CS, __USER_CS);
4013     cpu_x86_load_seg(env, R_SS, __USER_DS);
4014 #ifdef TARGET_ABI32
4015     cpu_x86_load_seg(env, R_DS, __USER_DS);
4016     cpu_x86_load_seg(env, R_ES, __USER_DS);
4017     cpu_x86_load_seg(env, R_FS, __USER_DS);
4018     cpu_x86_load_seg(env, R_GS, __USER_DS);
4019     /* This hack makes Wine work... */
4020     env->segs[R_FS].selector = 0;
4021 #else
4022     cpu_x86_load_seg(env, R_DS, 0);
4023     cpu_x86_load_seg(env, R_ES, 0);
4024     cpu_x86_load_seg(env, R_FS, 0);
4025     cpu_x86_load_seg(env, R_GS, 0);
4026 #endif
4027 #elif defined(TARGET_AARCH64)
4028     {
4029         int i;
4030 
4031         if (!(arm_feature(env, ARM_FEATURE_AARCH64))) {
4032             fprintf(stderr,
4033                     "The selected ARM CPU does not support 64 bit mode\n");
4034             exit(1);
4035         }
4036 
4037         for (i = 0; i < 31; i++) {
4038             env->xregs[i] = regs->regs[i];
4039         }
4040         env->pc = regs->pc;
4041         env->xregs[31] = regs->sp;
4042     }
4043 #elif defined(TARGET_ARM)
4044     {
4045         int i;
4046         cpsr_write(env, regs->uregs[16], 0xffffffff);
4047         for(i = 0; i < 16; i++) {
4048             env->regs[i] = regs->uregs[i];
4049         }
4050         /* Enable BE8.  */
4051         if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4
4052             && (info->elf_flags & EF_ARM_BE8)) {
4053             env->bswap_code = 1;
4054         }
4055     }
4056 #elif defined(TARGET_UNICORE32)
4057     {
4058         int i;
4059         cpu_asr_write(env, regs->uregs[32], 0xffffffff);
4060         for (i = 0; i < 32; i++) {
4061             env->regs[i] = regs->uregs[i];
4062         }
4063     }
4064 #elif defined(TARGET_SPARC)
4065     {
4066         int i;
4067 	env->pc = regs->pc;
4068 	env->npc = regs->npc;
4069         env->y = regs->y;
4070         for(i = 0; i < 8; i++)
4071             env->gregs[i] = regs->u_regs[i];
4072         for(i = 0; i < 8; i++)
4073             env->regwptr[i] = regs->u_regs[i + 8];
4074     }
4075 #elif defined(TARGET_PPC)
4076     {
4077         int i;
4078 
4079 #if defined(TARGET_PPC64)
4080 #if defined(TARGET_ABI32)
4081         env->msr &= ~((target_ulong)1 << MSR_SF);
4082 #else
4083         env->msr |= (target_ulong)1 << MSR_SF;
4084 #endif
4085 #endif
4086         env->nip = regs->nip;
4087         for(i = 0; i < 32; i++) {
4088             env->gpr[i] = regs->gpr[i];
4089         }
4090     }
4091 #elif defined(TARGET_M68K)
4092     {
4093         env->pc = regs->pc;
4094         env->dregs[0] = regs->d0;
4095         env->dregs[1] = regs->d1;
4096         env->dregs[2] = regs->d2;
4097         env->dregs[3] = regs->d3;
4098         env->dregs[4] = regs->d4;
4099         env->dregs[5] = regs->d5;
4100         env->dregs[6] = regs->d6;
4101         env->dregs[7] = regs->d7;
4102         env->aregs[0] = regs->a0;
4103         env->aregs[1] = regs->a1;
4104         env->aregs[2] = regs->a2;
4105         env->aregs[3] = regs->a3;
4106         env->aregs[4] = regs->a4;
4107         env->aregs[5] = regs->a5;
4108         env->aregs[6] = regs->a6;
4109         env->aregs[7] = regs->usp;
4110         env->sr = regs->sr;
4111         ts->sim_syscalls = 1;
4112     }
4113 #elif defined(TARGET_MICROBLAZE)
4114     {
4115         env->regs[0] = regs->r0;
4116         env->regs[1] = regs->r1;
4117         env->regs[2] = regs->r2;
4118         env->regs[3] = regs->r3;
4119         env->regs[4] = regs->r4;
4120         env->regs[5] = regs->r5;
4121         env->regs[6] = regs->r6;
4122         env->regs[7] = regs->r7;
4123         env->regs[8] = regs->r8;
4124         env->regs[9] = regs->r9;
4125         env->regs[10] = regs->r10;
4126         env->regs[11] = regs->r11;
4127         env->regs[12] = regs->r12;
4128         env->regs[13] = regs->r13;
4129         env->regs[14] = regs->r14;
4130         env->regs[15] = regs->r15;
4131         env->regs[16] = regs->r16;
4132         env->regs[17] = regs->r17;
4133         env->regs[18] = regs->r18;
4134         env->regs[19] = regs->r19;
4135         env->regs[20] = regs->r20;
4136         env->regs[21] = regs->r21;
4137         env->regs[22] = regs->r22;
4138         env->regs[23] = regs->r23;
4139         env->regs[24] = regs->r24;
4140         env->regs[25] = regs->r25;
4141         env->regs[26] = regs->r26;
4142         env->regs[27] = regs->r27;
4143         env->regs[28] = regs->r28;
4144         env->regs[29] = regs->r29;
4145         env->regs[30] = regs->r30;
4146         env->regs[31] = regs->r31;
4147         env->sregs[SR_PC] = regs->pc;
4148     }
4149 #elif defined(TARGET_MIPS)
4150     {
4151         int i;
4152 
4153         for(i = 0; i < 32; i++) {
4154             env->active_tc.gpr[i] = regs->regs[i];
4155         }
4156         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
4157         if (regs->cp0_epc & 1) {
4158             env->hflags |= MIPS_HFLAG_M16;
4159         }
4160     }
4161 #elif defined(TARGET_OPENRISC)
4162     {
4163         int i;
4164 
4165         for (i = 0; i < 32; i++) {
4166             env->gpr[i] = regs->gpr[i];
4167         }
4168 
4169         env->sr = regs->sr;
4170         env->pc = regs->pc;
4171     }
4172 #elif defined(TARGET_SH4)
4173     {
4174         int i;
4175 
4176         for(i = 0; i < 16; i++) {
4177             env->gregs[i] = regs->regs[i];
4178         }
4179         env->pc = regs->pc;
4180     }
4181 #elif defined(TARGET_ALPHA)
4182     {
4183         int i;
4184 
4185         for(i = 0; i < 28; i++) {
4186             env->ir[i] = ((abi_ulong *)regs)[i];
4187         }
4188         env->ir[IR_SP] = regs->usp;
4189         env->pc = regs->pc;
4190     }
4191 #elif defined(TARGET_CRIS)
4192     {
4193 	    env->regs[0] = regs->r0;
4194 	    env->regs[1] = regs->r1;
4195 	    env->regs[2] = regs->r2;
4196 	    env->regs[3] = regs->r3;
4197 	    env->regs[4] = regs->r4;
4198 	    env->regs[5] = regs->r5;
4199 	    env->regs[6] = regs->r6;
4200 	    env->regs[7] = regs->r7;
4201 	    env->regs[8] = regs->r8;
4202 	    env->regs[9] = regs->r9;
4203 	    env->regs[10] = regs->r10;
4204 	    env->regs[11] = regs->r11;
4205 	    env->regs[12] = regs->r12;
4206 	    env->regs[13] = regs->r13;
4207 	    env->regs[14] = info->start_stack;
4208 	    env->regs[15] = regs->acr;
4209 	    env->pc = regs->erp;
4210     }
4211 #elif defined(TARGET_S390X)
4212     {
4213             int i;
4214             for (i = 0; i < 16; i++) {
4215                 env->regs[i] = regs->gprs[i];
4216             }
4217             env->psw.mask = regs->psw.mask;
4218             env->psw.addr = regs->psw.addr;
4219     }
4220 #else
4221 #error unsupported target CPU
4222 #endif
4223 
4224 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
4225     ts->stack_base = info->start_stack;
4226     ts->heap_base = info->brk;
4227     /* This will be filled in on the first SYS_HEAPINFO call.  */
4228     ts->heap_limit = 0;
4229 #endif
4230 
4231     if (gdbstub_port) {
4232         if (gdbserver_start(gdbstub_port) < 0) {
4233             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
4234                     gdbstub_port);
4235             exit(1);
4236         }
4237         gdb_handlesig(cpu, 0);
4238     }
4239     cpu_loop(env);
4240     /* never exits */
4241     return 0;
4242 }
4243