xref: /openbmc/qemu/linux-user/main.c (revision 786a4ea8)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <stdarg.h>
22 #include <string.h>
23 #include <errno.h>
24 #include <unistd.h>
25 #include <sys/mman.h>
26 #include <sys/syscall.h>
27 #include <sys/resource.h>
28 
29 #include "qemu.h"
30 #include "qemu-common.h"
31 #include "cpu.h"
32 #include "tcg.h"
33 #include "qemu/timer.h"
34 #include "qemu/envlist.h"
35 #include "elf.h"
36 
37 char *exec_path;
38 
39 int singlestep;
40 const char *filename;
41 const char *argv0;
42 int gdbstub_port;
43 envlist_t *envlist;
44 static const char *cpu_model;
45 unsigned long mmap_min_addr;
46 #if defined(CONFIG_USE_GUEST_BASE)
47 unsigned long guest_base;
48 int have_guest_base;
49 #if (TARGET_LONG_BITS == 32) && (HOST_LONG_BITS == 64)
50 /*
51  * When running 32-on-64 we should make sure we can fit all of the possible
52  * guest address space into a contiguous chunk of virtual host memory.
53  *
54  * This way we will never overlap with our own libraries or binaries or stack
55  * or anything else that QEMU maps.
56  */
57 # ifdef TARGET_MIPS
58 /* MIPS only supports 31 bits of virtual address space for user space */
59 unsigned long reserved_va = 0x77000000;
60 # else
61 unsigned long reserved_va = 0xf7000000;
62 # endif
63 #else
64 unsigned long reserved_va;
65 #endif
66 #endif
67 
68 static void usage(void);
69 
70 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
71 const char *qemu_uname_release;
72 
73 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
74    we allocate a bigger stack. Need a better solution, for example
75    by remapping the process stack directly at the right place */
76 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
77 
78 void gemu_log(const char *fmt, ...)
79 {
80     va_list ap;
81 
82     va_start(ap, fmt);
83     vfprintf(stderr, fmt, ap);
84     va_end(ap);
85 }
86 
87 #if defined(TARGET_I386)
88 int cpu_get_pic_interrupt(CPUX86State *env)
89 {
90     return -1;
91 }
92 #endif
93 
94 /***********************************************************/
95 /* Helper routines for implementing atomic operations.  */
96 
97 /* To implement exclusive operations we force all cpus to syncronise.
98    We don't require a full sync, only that no cpus are executing guest code.
99    The alternative is to map target atomic ops onto host equivalents,
100    which requires quite a lot of per host/target work.  */
101 static pthread_mutex_t cpu_list_mutex = PTHREAD_MUTEX_INITIALIZER;
102 static pthread_mutex_t exclusive_lock = PTHREAD_MUTEX_INITIALIZER;
103 static pthread_cond_t exclusive_cond = PTHREAD_COND_INITIALIZER;
104 static pthread_cond_t exclusive_resume = PTHREAD_COND_INITIALIZER;
105 static int pending_cpus;
106 
107 /* Make sure everything is in a consistent state for calling fork().  */
108 void fork_start(void)
109 {
110     pthread_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
111     pthread_mutex_lock(&exclusive_lock);
112     mmap_fork_start();
113 }
114 
115 void fork_end(int child)
116 {
117     mmap_fork_end(child);
118     if (child) {
119         CPUState *cpu, *next_cpu;
120         /* Child processes created by fork() only have a single thread.
121            Discard information about the parent threads.  */
122         CPU_FOREACH_SAFE(cpu, next_cpu) {
123             if (cpu != thread_cpu) {
124                 QTAILQ_REMOVE(&cpus, thread_cpu, node);
125             }
126         }
127         pending_cpus = 0;
128         pthread_mutex_init(&exclusive_lock, NULL);
129         pthread_mutex_init(&cpu_list_mutex, NULL);
130         pthread_cond_init(&exclusive_cond, NULL);
131         pthread_cond_init(&exclusive_resume, NULL);
132         pthread_mutex_init(&tcg_ctx.tb_ctx.tb_lock, NULL);
133         gdbserver_fork((CPUArchState *)thread_cpu->env_ptr);
134     } else {
135         pthread_mutex_unlock(&exclusive_lock);
136         pthread_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
137     }
138 }
139 
140 /* Wait for pending exclusive operations to complete.  The exclusive lock
141    must be held.  */
142 static inline void exclusive_idle(void)
143 {
144     while (pending_cpus) {
145         pthread_cond_wait(&exclusive_resume, &exclusive_lock);
146     }
147 }
148 
149 /* Start an exclusive operation.
150    Must only be called from outside cpu_arm_exec.   */
151 static inline void start_exclusive(void)
152 {
153     CPUState *other_cpu;
154 
155     pthread_mutex_lock(&exclusive_lock);
156     exclusive_idle();
157 
158     pending_cpus = 1;
159     /* Make all other cpus stop executing.  */
160     CPU_FOREACH(other_cpu) {
161         if (other_cpu->running) {
162             pending_cpus++;
163             cpu_exit(other_cpu);
164         }
165     }
166     if (pending_cpus > 1) {
167         pthread_cond_wait(&exclusive_cond, &exclusive_lock);
168     }
169 }
170 
171 /* Finish an exclusive operation.  */
172 static inline void __attribute__((unused)) end_exclusive(void)
173 {
174     pending_cpus = 0;
175     pthread_cond_broadcast(&exclusive_resume);
176     pthread_mutex_unlock(&exclusive_lock);
177 }
178 
179 /* Wait for exclusive ops to finish, and begin cpu execution.  */
180 static inline void cpu_exec_start(CPUState *cpu)
181 {
182     pthread_mutex_lock(&exclusive_lock);
183     exclusive_idle();
184     cpu->running = true;
185     pthread_mutex_unlock(&exclusive_lock);
186 }
187 
188 /* Mark cpu as not executing, and release pending exclusive ops.  */
189 static inline void cpu_exec_end(CPUState *cpu)
190 {
191     pthread_mutex_lock(&exclusive_lock);
192     cpu->running = false;
193     if (pending_cpus > 1) {
194         pending_cpus--;
195         if (pending_cpus == 1) {
196             pthread_cond_signal(&exclusive_cond);
197         }
198     }
199     exclusive_idle();
200     pthread_mutex_unlock(&exclusive_lock);
201 }
202 
203 void cpu_list_lock(void)
204 {
205     pthread_mutex_lock(&cpu_list_mutex);
206 }
207 
208 void cpu_list_unlock(void)
209 {
210     pthread_mutex_unlock(&cpu_list_mutex);
211 }
212 
213 
214 #ifdef TARGET_I386
215 /***********************************************************/
216 /* CPUX86 core interface */
217 
218 void cpu_smm_update(CPUX86State *env)
219 {
220 }
221 
222 uint64_t cpu_get_tsc(CPUX86State *env)
223 {
224     return cpu_get_real_ticks();
225 }
226 
227 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
228                      int flags)
229 {
230     unsigned int e1, e2;
231     uint32_t *p;
232     e1 = (addr << 16) | (limit & 0xffff);
233     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
234     e2 |= flags;
235     p = ptr;
236     p[0] = tswap32(e1);
237     p[1] = tswap32(e2);
238 }
239 
240 static uint64_t *idt_table;
241 #ifdef TARGET_X86_64
242 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
243                        uint64_t addr, unsigned int sel)
244 {
245     uint32_t *p, e1, e2;
246     e1 = (addr & 0xffff) | (sel << 16);
247     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
248     p = ptr;
249     p[0] = tswap32(e1);
250     p[1] = tswap32(e2);
251     p[2] = tswap32(addr >> 32);
252     p[3] = 0;
253 }
254 /* only dpl matters as we do only user space emulation */
255 static void set_idt(int n, unsigned int dpl)
256 {
257     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
258 }
259 #else
260 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
261                      uint32_t addr, unsigned int sel)
262 {
263     uint32_t *p, e1, e2;
264     e1 = (addr & 0xffff) | (sel << 16);
265     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
266     p = ptr;
267     p[0] = tswap32(e1);
268     p[1] = tswap32(e2);
269 }
270 
271 /* only dpl matters as we do only user space emulation */
272 static void set_idt(int n, unsigned int dpl)
273 {
274     set_gate(idt_table + n, 0, dpl, 0, 0);
275 }
276 #endif
277 
278 void cpu_loop(CPUX86State *env)
279 {
280     CPUState *cs = CPU(x86_env_get_cpu(env));
281     int trapnr;
282     abi_ulong pc;
283     target_siginfo_t info;
284 
285     for(;;) {
286         cpu_exec_start(cs);
287         trapnr = cpu_x86_exec(env);
288         cpu_exec_end(cs);
289         switch(trapnr) {
290         case 0x80:
291             /* linux syscall from int $0x80 */
292             env->regs[R_EAX] = do_syscall(env,
293                                           env->regs[R_EAX],
294                                           env->regs[R_EBX],
295                                           env->regs[R_ECX],
296                                           env->regs[R_EDX],
297                                           env->regs[R_ESI],
298                                           env->regs[R_EDI],
299                                           env->regs[R_EBP],
300                                           0, 0);
301             break;
302 #ifndef TARGET_ABI32
303         case EXCP_SYSCALL:
304             /* linux syscall from syscall instruction */
305             env->regs[R_EAX] = do_syscall(env,
306                                           env->regs[R_EAX],
307                                           env->regs[R_EDI],
308                                           env->regs[R_ESI],
309                                           env->regs[R_EDX],
310                                           env->regs[10],
311                                           env->regs[8],
312                                           env->regs[9],
313                                           0, 0);
314             break;
315 #endif
316         case EXCP0B_NOSEG:
317         case EXCP0C_STACK:
318             info.si_signo = TARGET_SIGBUS;
319             info.si_errno = 0;
320             info.si_code = TARGET_SI_KERNEL;
321             info._sifields._sigfault._addr = 0;
322             queue_signal(env, info.si_signo, &info);
323             break;
324         case EXCP0D_GPF:
325             /* XXX: potential problem if ABI32 */
326 #ifndef TARGET_X86_64
327             if (env->eflags & VM_MASK) {
328                 handle_vm86_fault(env);
329             } else
330 #endif
331             {
332                 info.si_signo = TARGET_SIGSEGV;
333                 info.si_errno = 0;
334                 info.si_code = TARGET_SI_KERNEL;
335                 info._sifields._sigfault._addr = 0;
336                 queue_signal(env, info.si_signo, &info);
337             }
338             break;
339         case EXCP0E_PAGE:
340             info.si_signo = TARGET_SIGSEGV;
341             info.si_errno = 0;
342             if (!(env->error_code & 1))
343                 info.si_code = TARGET_SEGV_MAPERR;
344             else
345                 info.si_code = TARGET_SEGV_ACCERR;
346             info._sifields._sigfault._addr = env->cr[2];
347             queue_signal(env, info.si_signo, &info);
348             break;
349         case EXCP00_DIVZ:
350 #ifndef TARGET_X86_64
351             if (env->eflags & VM_MASK) {
352                 handle_vm86_trap(env, trapnr);
353             } else
354 #endif
355             {
356                 /* division by zero */
357                 info.si_signo = TARGET_SIGFPE;
358                 info.si_errno = 0;
359                 info.si_code = TARGET_FPE_INTDIV;
360                 info._sifields._sigfault._addr = env->eip;
361                 queue_signal(env, info.si_signo, &info);
362             }
363             break;
364         case EXCP01_DB:
365         case EXCP03_INT3:
366 #ifndef TARGET_X86_64
367             if (env->eflags & VM_MASK) {
368                 handle_vm86_trap(env, trapnr);
369             } else
370 #endif
371             {
372                 info.si_signo = TARGET_SIGTRAP;
373                 info.si_errno = 0;
374                 if (trapnr == EXCP01_DB) {
375                     info.si_code = TARGET_TRAP_BRKPT;
376                     info._sifields._sigfault._addr = env->eip;
377                 } else {
378                     info.si_code = TARGET_SI_KERNEL;
379                     info._sifields._sigfault._addr = 0;
380                 }
381                 queue_signal(env, info.si_signo, &info);
382             }
383             break;
384         case EXCP04_INTO:
385         case EXCP05_BOUND:
386 #ifndef TARGET_X86_64
387             if (env->eflags & VM_MASK) {
388                 handle_vm86_trap(env, trapnr);
389             } else
390 #endif
391             {
392                 info.si_signo = TARGET_SIGSEGV;
393                 info.si_errno = 0;
394                 info.si_code = TARGET_SI_KERNEL;
395                 info._sifields._sigfault._addr = 0;
396                 queue_signal(env, info.si_signo, &info);
397             }
398             break;
399         case EXCP06_ILLOP:
400             info.si_signo = TARGET_SIGILL;
401             info.si_errno = 0;
402             info.si_code = TARGET_ILL_ILLOPN;
403             info._sifields._sigfault._addr = env->eip;
404             queue_signal(env, info.si_signo, &info);
405             break;
406         case EXCP_INTERRUPT:
407             /* just indicate that signals should be handled asap */
408             break;
409         case EXCP_DEBUG:
410             {
411                 int sig;
412 
413                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
414                 if (sig)
415                   {
416                     info.si_signo = sig;
417                     info.si_errno = 0;
418                     info.si_code = TARGET_TRAP_BRKPT;
419                     queue_signal(env, info.si_signo, &info);
420                   }
421             }
422             break;
423         default:
424             pc = env->segs[R_CS].base + env->eip;
425             fprintf(stderr, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
426                     (long)pc, trapnr);
427             abort();
428         }
429         process_pending_signals(env);
430     }
431 }
432 #endif
433 
434 #ifdef TARGET_ARM
435 
436 #define get_user_code_u32(x, gaddr, doswap)             \
437     ({ abi_long __r = get_user_u32((x), (gaddr));       \
438         if (!__r && (doswap)) {                         \
439             (x) = bswap32(x);                           \
440         }                                               \
441         __r;                                            \
442     })
443 
444 #define get_user_code_u16(x, gaddr, doswap)             \
445     ({ abi_long __r = get_user_u16((x), (gaddr));       \
446         if (!__r && (doswap)) {                         \
447             (x) = bswap16(x);                           \
448         }                                               \
449         __r;                                            \
450     })
451 
452 #ifdef TARGET_ABI32
453 /* Commpage handling -- there is no commpage for AArch64 */
454 
455 /*
456  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
457  * Input:
458  * r0 = pointer to oldval
459  * r1 = pointer to newval
460  * r2 = pointer to target value
461  *
462  * Output:
463  * r0 = 0 if *ptr was changed, non-0 if no exchange happened
464  * C set if *ptr was changed, clear if no exchange happened
465  *
466  * Note segv's in kernel helpers are a bit tricky, we can set the
467  * data address sensibly but the PC address is just the entry point.
468  */
469 static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
470 {
471     uint64_t oldval, newval, val;
472     uint32_t addr, cpsr;
473     target_siginfo_t info;
474 
475     /* Based on the 32 bit code in do_kernel_trap */
476 
477     /* XXX: This only works between threads, not between processes.
478        It's probably possible to implement this with native host
479        operations. However things like ldrex/strex are much harder so
480        there's not much point trying.  */
481     start_exclusive();
482     cpsr = cpsr_read(env);
483     addr = env->regs[2];
484 
485     if (get_user_u64(oldval, env->regs[0])) {
486         env->exception.vaddress = env->regs[0];
487         goto segv;
488     };
489 
490     if (get_user_u64(newval, env->regs[1])) {
491         env->exception.vaddress = env->regs[1];
492         goto segv;
493     };
494 
495     if (get_user_u64(val, addr)) {
496         env->exception.vaddress = addr;
497         goto segv;
498     }
499 
500     if (val == oldval) {
501         val = newval;
502 
503         if (put_user_u64(val, addr)) {
504             env->exception.vaddress = addr;
505             goto segv;
506         };
507 
508         env->regs[0] = 0;
509         cpsr |= CPSR_C;
510     } else {
511         env->regs[0] = -1;
512         cpsr &= ~CPSR_C;
513     }
514     cpsr_write(env, cpsr, CPSR_C);
515     end_exclusive();
516     return;
517 
518 segv:
519     end_exclusive();
520     /* We get the PC of the entry address - which is as good as anything,
521        on a real kernel what you get depends on which mode it uses. */
522     info.si_signo = TARGET_SIGSEGV;
523     info.si_errno = 0;
524     /* XXX: check env->error_code */
525     info.si_code = TARGET_SEGV_MAPERR;
526     info._sifields._sigfault._addr = env->exception.vaddress;
527     queue_signal(env, info.si_signo, &info);
528 }
529 
530 /* Handle a jump to the kernel code page.  */
531 static int
532 do_kernel_trap(CPUARMState *env)
533 {
534     uint32_t addr;
535     uint32_t cpsr;
536     uint32_t val;
537 
538     switch (env->regs[15]) {
539     case 0xffff0fa0: /* __kernel_memory_barrier */
540         /* ??? No-op. Will need to do better for SMP.  */
541         break;
542     case 0xffff0fc0: /* __kernel_cmpxchg */
543          /* XXX: This only works between threads, not between processes.
544             It's probably possible to implement this with native host
545             operations. However things like ldrex/strex are much harder so
546             there's not much point trying.  */
547         start_exclusive();
548         cpsr = cpsr_read(env);
549         addr = env->regs[2];
550         /* FIXME: This should SEGV if the access fails.  */
551         if (get_user_u32(val, addr))
552             val = ~env->regs[0];
553         if (val == env->regs[0]) {
554             val = env->regs[1];
555             /* FIXME: Check for segfaults.  */
556             put_user_u32(val, addr);
557             env->regs[0] = 0;
558             cpsr |= CPSR_C;
559         } else {
560             env->regs[0] = -1;
561             cpsr &= ~CPSR_C;
562         }
563         cpsr_write(env, cpsr, CPSR_C);
564         end_exclusive();
565         break;
566     case 0xffff0fe0: /* __kernel_get_tls */
567         env->regs[0] = cpu_get_tls(env);
568         break;
569     case 0xffff0f60: /* __kernel_cmpxchg64 */
570         arm_kernel_cmpxchg64_helper(env);
571         break;
572 
573     default:
574         return 1;
575     }
576     /* Jump back to the caller.  */
577     addr = env->regs[14];
578     if (addr & 1) {
579         env->thumb = 1;
580         addr &= ~1;
581     }
582     env->regs[15] = addr;
583 
584     return 0;
585 }
586 
587 /* Store exclusive handling for AArch32 */
588 static int do_strex(CPUARMState *env)
589 {
590     uint64_t val;
591     int size;
592     int rc = 1;
593     int segv = 0;
594     uint32_t addr;
595     start_exclusive();
596     if (env->exclusive_addr != env->exclusive_test) {
597         goto fail;
598     }
599     /* We know we're always AArch32 so the address is in uint32_t range
600      * unless it was the -1 exclusive-monitor-lost value (which won't
601      * match exclusive_test above).
602      */
603     assert(extract64(env->exclusive_addr, 32, 32) == 0);
604     addr = env->exclusive_addr;
605     size = env->exclusive_info & 0xf;
606     switch (size) {
607     case 0:
608         segv = get_user_u8(val, addr);
609         break;
610     case 1:
611         segv = get_user_u16(val, addr);
612         break;
613     case 2:
614     case 3:
615         segv = get_user_u32(val, addr);
616         break;
617     default:
618         abort();
619     }
620     if (segv) {
621         env->exception.vaddress = addr;
622         goto done;
623     }
624     if (size == 3) {
625         uint32_t valhi;
626         segv = get_user_u32(valhi, addr + 4);
627         if (segv) {
628             env->exception.vaddress = addr + 4;
629             goto done;
630         }
631         val = deposit64(val, 32, 32, valhi);
632     }
633     if (val != env->exclusive_val) {
634         goto fail;
635     }
636 
637     val = env->regs[(env->exclusive_info >> 8) & 0xf];
638     switch (size) {
639     case 0:
640         segv = put_user_u8(val, addr);
641         break;
642     case 1:
643         segv = put_user_u16(val, addr);
644         break;
645     case 2:
646     case 3:
647         segv = put_user_u32(val, addr);
648         break;
649     }
650     if (segv) {
651         env->exception.vaddress = addr;
652         goto done;
653     }
654     if (size == 3) {
655         val = env->regs[(env->exclusive_info >> 12) & 0xf];
656         segv = put_user_u32(val, addr + 4);
657         if (segv) {
658             env->exception.vaddress = addr + 4;
659             goto done;
660         }
661     }
662     rc = 0;
663 fail:
664     env->regs[15] += 4;
665     env->regs[(env->exclusive_info >> 4) & 0xf] = rc;
666 done:
667     end_exclusive();
668     return segv;
669 }
670 
671 void cpu_loop(CPUARMState *env)
672 {
673     CPUState *cs = CPU(arm_env_get_cpu(env));
674     int trapnr;
675     unsigned int n, insn;
676     target_siginfo_t info;
677     uint32_t addr;
678 
679     for(;;) {
680         cpu_exec_start(cs);
681         trapnr = cpu_arm_exec(env);
682         cpu_exec_end(cs);
683         switch(trapnr) {
684         case EXCP_UDEF:
685             {
686                 TaskState *ts = cs->opaque;
687                 uint32_t opcode;
688                 int rc;
689 
690                 /* we handle the FPU emulation here, as Linux */
691                 /* we get the opcode */
692                 /* FIXME - what to do if get_user() fails? */
693                 get_user_code_u32(opcode, env->regs[15], env->bswap_code);
694 
695                 rc = EmulateAll(opcode, &ts->fpa, env);
696                 if (rc == 0) { /* illegal instruction */
697                     info.si_signo = TARGET_SIGILL;
698                     info.si_errno = 0;
699                     info.si_code = TARGET_ILL_ILLOPN;
700                     info._sifields._sigfault._addr = env->regs[15];
701                     queue_signal(env, info.si_signo, &info);
702                 } else if (rc < 0) { /* FP exception */
703                     int arm_fpe=0;
704 
705                     /* translate softfloat flags to FPSR flags */
706                     if (-rc & float_flag_invalid)
707                       arm_fpe |= BIT_IOC;
708                     if (-rc & float_flag_divbyzero)
709                       arm_fpe |= BIT_DZC;
710                     if (-rc & float_flag_overflow)
711                       arm_fpe |= BIT_OFC;
712                     if (-rc & float_flag_underflow)
713                       arm_fpe |= BIT_UFC;
714                     if (-rc & float_flag_inexact)
715                       arm_fpe |= BIT_IXC;
716 
717                     FPSR fpsr = ts->fpa.fpsr;
718                     //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
719 
720                     if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
721                       info.si_signo = TARGET_SIGFPE;
722                       info.si_errno = 0;
723 
724                       /* ordered by priority, least first */
725                       if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
726                       if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
727                       if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
728                       if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
729                       if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
730 
731                       info._sifields._sigfault._addr = env->regs[15];
732                       queue_signal(env, info.si_signo, &info);
733                     } else {
734                       env->regs[15] += 4;
735                     }
736 
737                     /* accumulate unenabled exceptions */
738                     if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
739                       fpsr |= BIT_IXC;
740                     if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
741                       fpsr |= BIT_UFC;
742                     if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
743                       fpsr |= BIT_OFC;
744                     if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
745                       fpsr |= BIT_DZC;
746                     if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
747                       fpsr |= BIT_IOC;
748                     ts->fpa.fpsr=fpsr;
749                 } else { /* everything OK */
750                     /* increment PC */
751                     env->regs[15] += 4;
752                 }
753             }
754             break;
755         case EXCP_SWI:
756         case EXCP_BKPT:
757             {
758                 env->eabi = 1;
759                 /* system call */
760                 if (trapnr == EXCP_BKPT) {
761                     if (env->thumb) {
762                         /* FIXME - what to do if get_user() fails? */
763                         get_user_code_u16(insn, env->regs[15], env->bswap_code);
764                         n = insn & 0xff;
765                         env->regs[15] += 2;
766                     } else {
767                         /* FIXME - what to do if get_user() fails? */
768                         get_user_code_u32(insn, env->regs[15], env->bswap_code);
769                         n = (insn & 0xf) | ((insn >> 4) & 0xff0);
770                         env->regs[15] += 4;
771                     }
772                 } else {
773                     if (env->thumb) {
774                         /* FIXME - what to do if get_user() fails? */
775                         get_user_code_u16(insn, env->regs[15] - 2,
776                                           env->bswap_code);
777                         n = insn & 0xff;
778                     } else {
779                         /* FIXME - what to do if get_user() fails? */
780                         get_user_code_u32(insn, env->regs[15] - 4,
781                                           env->bswap_code);
782                         n = insn & 0xffffff;
783                     }
784                 }
785 
786                 if (n == ARM_NR_cacheflush) {
787                     /* nop */
788                 } else if (n == ARM_NR_semihosting
789                            || n == ARM_NR_thumb_semihosting) {
790                     env->regs[0] = do_arm_semihosting (env);
791                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
792                     /* linux syscall */
793                     if (env->thumb || n == 0) {
794                         n = env->regs[7];
795                     } else {
796                         n -= ARM_SYSCALL_BASE;
797                         env->eabi = 0;
798                     }
799                     if ( n > ARM_NR_BASE) {
800                         switch (n) {
801                         case ARM_NR_cacheflush:
802                             /* nop */
803                             break;
804                         case ARM_NR_set_tls:
805                             cpu_set_tls(env, env->regs[0]);
806                             env->regs[0] = 0;
807                             break;
808                         case ARM_NR_breakpoint:
809                             env->regs[15] -= env->thumb ? 2 : 4;
810                             goto excp_debug;
811                         default:
812                             gemu_log("qemu: Unsupported ARM syscall: 0x%x\n",
813                                      n);
814                             env->regs[0] = -TARGET_ENOSYS;
815                             break;
816                         }
817                     } else {
818                         env->regs[0] = do_syscall(env,
819                                                   n,
820                                                   env->regs[0],
821                                                   env->regs[1],
822                                                   env->regs[2],
823                                                   env->regs[3],
824                                                   env->regs[4],
825                                                   env->regs[5],
826                                                   0, 0);
827                     }
828                 } else {
829                     goto error;
830                 }
831             }
832             break;
833         case EXCP_INTERRUPT:
834             /* just indicate that signals should be handled asap */
835             break;
836         case EXCP_STREX:
837             if (!do_strex(env)) {
838                 break;
839             }
840             /* fall through for segv */
841         case EXCP_PREFETCH_ABORT:
842         case EXCP_DATA_ABORT:
843             addr = env->exception.vaddress;
844             {
845                 info.si_signo = TARGET_SIGSEGV;
846                 info.si_errno = 0;
847                 /* XXX: check env->error_code */
848                 info.si_code = TARGET_SEGV_MAPERR;
849                 info._sifields._sigfault._addr = addr;
850                 queue_signal(env, info.si_signo, &info);
851             }
852             break;
853         case EXCP_DEBUG:
854         excp_debug:
855             {
856                 int sig;
857 
858                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
859                 if (sig)
860                   {
861                     info.si_signo = sig;
862                     info.si_errno = 0;
863                     info.si_code = TARGET_TRAP_BRKPT;
864                     queue_signal(env, info.si_signo, &info);
865                   }
866             }
867             break;
868         case EXCP_KERNEL_TRAP:
869             if (do_kernel_trap(env))
870               goto error;
871             break;
872         default:
873         error:
874             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
875                     trapnr);
876             cpu_dump_state(cs, stderr, fprintf, 0);
877             abort();
878         }
879         process_pending_signals(env);
880     }
881 }
882 
883 #else
884 
885 /*
886  * Handle AArch64 store-release exclusive
887  *
888  * rs = gets the status result of store exclusive
889  * rt = is the register that is stored
890  * rt2 = is the second register store (in STP)
891  *
892  */
893 static int do_strex_a64(CPUARMState *env)
894 {
895     uint64_t val;
896     int size;
897     bool is_pair;
898     int rc = 1;
899     int segv = 0;
900     uint64_t addr;
901     int rs, rt, rt2;
902 
903     start_exclusive();
904     /* size | is_pair << 2 | (rs << 4) | (rt << 9) | (rt2 << 14)); */
905     size = extract32(env->exclusive_info, 0, 2);
906     is_pair = extract32(env->exclusive_info, 2, 1);
907     rs = extract32(env->exclusive_info, 4, 5);
908     rt = extract32(env->exclusive_info, 9, 5);
909     rt2 = extract32(env->exclusive_info, 14, 5);
910 
911     addr = env->exclusive_addr;
912 
913     if (addr != env->exclusive_test) {
914         goto finish;
915     }
916 
917     switch (size) {
918     case 0:
919         segv = get_user_u8(val, addr);
920         break;
921     case 1:
922         segv = get_user_u16(val, addr);
923         break;
924     case 2:
925         segv = get_user_u32(val, addr);
926         break;
927     case 3:
928         segv = get_user_u64(val, addr);
929         break;
930     default:
931         abort();
932     }
933     if (segv) {
934         env->exception.vaddress = addr;
935         goto error;
936     }
937     if (val != env->exclusive_val) {
938         goto finish;
939     }
940     if (is_pair) {
941         if (size == 2) {
942             segv = get_user_u32(val, addr + 4);
943         } else {
944             segv = get_user_u64(val, addr + 8);
945         }
946         if (segv) {
947             env->exception.vaddress = addr + (size == 2 ? 4 : 8);
948             goto error;
949         }
950         if (val != env->exclusive_high) {
951             goto finish;
952         }
953     }
954     /* handle the zero register */
955     val = rt == 31 ? 0 : env->xregs[rt];
956     switch (size) {
957     case 0:
958         segv = put_user_u8(val, addr);
959         break;
960     case 1:
961         segv = put_user_u16(val, addr);
962         break;
963     case 2:
964         segv = put_user_u32(val, addr);
965         break;
966     case 3:
967         segv = put_user_u64(val, addr);
968         break;
969     }
970     if (segv) {
971         goto error;
972     }
973     if (is_pair) {
974         /* handle the zero register */
975         val = rt2 == 31 ? 0 : env->xregs[rt2];
976         if (size == 2) {
977             segv = put_user_u32(val, addr + 4);
978         } else {
979             segv = put_user_u64(val, addr + 8);
980         }
981         if (segv) {
982             env->exception.vaddress = addr + (size == 2 ? 4 : 8);
983             goto error;
984         }
985     }
986     rc = 0;
987 finish:
988     env->pc += 4;
989     /* rs == 31 encodes a write to the ZR, thus throwing away
990      * the status return. This is rather silly but valid.
991      */
992     if (rs < 31) {
993         env->xregs[rs] = rc;
994     }
995 error:
996     /* instruction faulted, PC does not advance */
997     /* either way a strex releases any exclusive lock we have */
998     env->exclusive_addr = -1;
999     end_exclusive();
1000     return segv;
1001 }
1002 
1003 /* AArch64 main loop */
1004 void cpu_loop(CPUARMState *env)
1005 {
1006     CPUState *cs = CPU(arm_env_get_cpu(env));
1007     int trapnr, sig;
1008     target_siginfo_t info;
1009 
1010     for (;;) {
1011         cpu_exec_start(cs);
1012         trapnr = cpu_arm_exec(env);
1013         cpu_exec_end(cs);
1014 
1015         switch (trapnr) {
1016         case EXCP_SWI:
1017             env->xregs[0] = do_syscall(env,
1018                                        env->xregs[8],
1019                                        env->xregs[0],
1020                                        env->xregs[1],
1021                                        env->xregs[2],
1022                                        env->xregs[3],
1023                                        env->xregs[4],
1024                                        env->xregs[5],
1025                                        0, 0);
1026             break;
1027         case EXCP_INTERRUPT:
1028             /* just indicate that signals should be handled asap */
1029             break;
1030         case EXCP_UDEF:
1031             info.si_signo = TARGET_SIGILL;
1032             info.si_errno = 0;
1033             info.si_code = TARGET_ILL_ILLOPN;
1034             info._sifields._sigfault._addr = env->pc;
1035             queue_signal(env, info.si_signo, &info);
1036             break;
1037         case EXCP_STREX:
1038             if (!do_strex_a64(env)) {
1039                 break;
1040             }
1041             /* fall through for segv */
1042         case EXCP_PREFETCH_ABORT:
1043         case EXCP_DATA_ABORT:
1044             info.si_signo = TARGET_SIGSEGV;
1045             info.si_errno = 0;
1046             /* XXX: check env->error_code */
1047             info.si_code = TARGET_SEGV_MAPERR;
1048             info._sifields._sigfault._addr = env->exception.vaddress;
1049             queue_signal(env, info.si_signo, &info);
1050             break;
1051         case EXCP_DEBUG:
1052         case EXCP_BKPT:
1053             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1054             if (sig) {
1055                 info.si_signo = sig;
1056                 info.si_errno = 0;
1057                 info.si_code = TARGET_TRAP_BRKPT;
1058                 queue_signal(env, info.si_signo, &info);
1059             }
1060             break;
1061         default:
1062             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
1063                     trapnr);
1064             cpu_dump_state(cs, stderr, fprintf, 0);
1065             abort();
1066         }
1067         process_pending_signals(env);
1068         /* Exception return on AArch64 always clears the exclusive monitor,
1069          * so any return to running guest code implies this.
1070          * A strex (successful or otherwise) also clears the monitor, so
1071          * we don't need to specialcase EXCP_STREX.
1072          */
1073         env->exclusive_addr = -1;
1074     }
1075 }
1076 #endif /* ndef TARGET_ABI32 */
1077 
1078 #endif
1079 
1080 #ifdef TARGET_UNICORE32
1081 
1082 void cpu_loop(CPUUniCore32State *env)
1083 {
1084     CPUState *cs = CPU(uc32_env_get_cpu(env));
1085     int trapnr;
1086     unsigned int n, insn;
1087     target_siginfo_t info;
1088 
1089     for (;;) {
1090         cpu_exec_start(cs);
1091         trapnr = uc32_cpu_exec(env);
1092         cpu_exec_end(cs);
1093         switch (trapnr) {
1094         case UC32_EXCP_PRIV:
1095             {
1096                 /* system call */
1097                 get_user_u32(insn, env->regs[31] - 4);
1098                 n = insn & 0xffffff;
1099 
1100                 if (n >= UC32_SYSCALL_BASE) {
1101                     /* linux syscall */
1102                     n -= UC32_SYSCALL_BASE;
1103                     if (n == UC32_SYSCALL_NR_set_tls) {
1104                             cpu_set_tls(env, env->regs[0]);
1105                             env->regs[0] = 0;
1106                     } else {
1107                         env->regs[0] = do_syscall(env,
1108                                                   n,
1109                                                   env->regs[0],
1110                                                   env->regs[1],
1111                                                   env->regs[2],
1112                                                   env->regs[3],
1113                                                   env->regs[4],
1114                                                   env->regs[5],
1115                                                   0, 0);
1116                     }
1117                 } else {
1118                     goto error;
1119                 }
1120             }
1121             break;
1122         case UC32_EXCP_DTRAP:
1123         case UC32_EXCP_ITRAP:
1124             info.si_signo = TARGET_SIGSEGV;
1125             info.si_errno = 0;
1126             /* XXX: check env->error_code */
1127             info.si_code = TARGET_SEGV_MAPERR;
1128             info._sifields._sigfault._addr = env->cp0.c4_faultaddr;
1129             queue_signal(env, info.si_signo, &info);
1130             break;
1131         case EXCP_INTERRUPT:
1132             /* just indicate that signals should be handled asap */
1133             break;
1134         case EXCP_DEBUG:
1135             {
1136                 int sig;
1137 
1138                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1139                 if (sig) {
1140                     info.si_signo = sig;
1141                     info.si_errno = 0;
1142                     info.si_code = TARGET_TRAP_BRKPT;
1143                     queue_signal(env, info.si_signo, &info);
1144                 }
1145             }
1146             break;
1147         default:
1148             goto error;
1149         }
1150         process_pending_signals(env);
1151     }
1152 
1153 error:
1154     fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
1155     cpu_dump_state(cs, stderr, fprintf, 0);
1156     abort();
1157 }
1158 #endif
1159 
1160 #ifdef TARGET_SPARC
1161 #define SPARC64_STACK_BIAS 2047
1162 
1163 //#define DEBUG_WIN
1164 
1165 /* WARNING: dealing with register windows _is_ complicated. More info
1166    can be found at http://www.sics.se/~psm/sparcstack.html */
1167 static inline int get_reg_index(CPUSPARCState *env, int cwp, int index)
1168 {
1169     index = (index + cwp * 16) % (16 * env->nwindows);
1170     /* wrap handling : if cwp is on the last window, then we use the
1171        registers 'after' the end */
1172     if (index < 8 && env->cwp == env->nwindows - 1)
1173         index += 16 * env->nwindows;
1174     return index;
1175 }
1176 
1177 /* save the register window 'cwp1' */
1178 static inline void save_window_offset(CPUSPARCState *env, int cwp1)
1179 {
1180     unsigned int i;
1181     abi_ulong sp_ptr;
1182 
1183     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1184 #ifdef TARGET_SPARC64
1185     if (sp_ptr & 3)
1186         sp_ptr += SPARC64_STACK_BIAS;
1187 #endif
1188 #if defined(DEBUG_WIN)
1189     printf("win_overflow: sp_ptr=0x" TARGET_ABI_FMT_lx " save_cwp=%d\n",
1190            sp_ptr, cwp1);
1191 #endif
1192     for(i = 0; i < 16; i++) {
1193         /* FIXME - what to do if put_user() fails? */
1194         put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1195         sp_ptr += sizeof(abi_ulong);
1196     }
1197 }
1198 
1199 static void save_window(CPUSPARCState *env)
1200 {
1201 #ifndef TARGET_SPARC64
1202     unsigned int new_wim;
1203     new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
1204         ((1LL << env->nwindows) - 1);
1205     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1206     env->wim = new_wim;
1207 #else
1208     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1209     env->cansave++;
1210     env->canrestore--;
1211 #endif
1212 }
1213 
1214 static void restore_window(CPUSPARCState *env)
1215 {
1216 #ifndef TARGET_SPARC64
1217     unsigned int new_wim;
1218 #endif
1219     unsigned int i, cwp1;
1220     abi_ulong sp_ptr;
1221 
1222 #ifndef TARGET_SPARC64
1223     new_wim = ((env->wim << 1) | (env->wim >> (env->nwindows - 1))) &
1224         ((1LL << env->nwindows) - 1);
1225 #endif
1226 
1227     /* restore the invalid window */
1228     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1229     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1230 #ifdef TARGET_SPARC64
1231     if (sp_ptr & 3)
1232         sp_ptr += SPARC64_STACK_BIAS;
1233 #endif
1234 #if defined(DEBUG_WIN)
1235     printf("win_underflow: sp_ptr=0x" TARGET_ABI_FMT_lx " load_cwp=%d\n",
1236            sp_ptr, cwp1);
1237 #endif
1238     for(i = 0; i < 16; i++) {
1239         /* FIXME - what to do if get_user() fails? */
1240         get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1241         sp_ptr += sizeof(abi_ulong);
1242     }
1243 #ifdef TARGET_SPARC64
1244     env->canrestore++;
1245     if (env->cleanwin < env->nwindows - 1)
1246         env->cleanwin++;
1247     env->cansave--;
1248 #else
1249     env->wim = new_wim;
1250 #endif
1251 }
1252 
1253 static void flush_windows(CPUSPARCState *env)
1254 {
1255     int offset, cwp1;
1256 
1257     offset = 1;
1258     for(;;) {
1259         /* if restore would invoke restore_window(), then we can stop */
1260         cwp1 = cpu_cwp_inc(env, env->cwp + offset);
1261 #ifndef TARGET_SPARC64
1262         if (env->wim & (1 << cwp1))
1263             break;
1264 #else
1265         if (env->canrestore == 0)
1266             break;
1267         env->cansave++;
1268         env->canrestore--;
1269 #endif
1270         save_window_offset(env, cwp1);
1271         offset++;
1272     }
1273     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1274 #ifndef TARGET_SPARC64
1275     /* set wim so that restore will reload the registers */
1276     env->wim = 1 << cwp1;
1277 #endif
1278 #if defined(DEBUG_WIN)
1279     printf("flush_windows: nb=%d\n", offset - 1);
1280 #endif
1281 }
1282 
1283 void cpu_loop (CPUSPARCState *env)
1284 {
1285     CPUState *cs = CPU(sparc_env_get_cpu(env));
1286     int trapnr;
1287     abi_long ret;
1288     target_siginfo_t info;
1289 
1290     while (1) {
1291         cpu_exec_start(cs);
1292         trapnr = cpu_sparc_exec (env);
1293         cpu_exec_end(cs);
1294 
1295         /* Compute PSR before exposing state.  */
1296         if (env->cc_op != CC_OP_FLAGS) {
1297             cpu_get_psr(env);
1298         }
1299 
1300         switch (trapnr) {
1301 #ifndef TARGET_SPARC64
1302         case 0x88:
1303         case 0x90:
1304 #else
1305         case 0x110:
1306         case 0x16d:
1307 #endif
1308             ret = do_syscall (env, env->gregs[1],
1309                               env->regwptr[0], env->regwptr[1],
1310                               env->regwptr[2], env->regwptr[3],
1311                               env->regwptr[4], env->regwptr[5],
1312                               0, 0);
1313             if ((abi_ulong)ret >= (abi_ulong)(-515)) {
1314 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1315                 env->xcc |= PSR_CARRY;
1316 #else
1317                 env->psr |= PSR_CARRY;
1318 #endif
1319                 ret = -ret;
1320             } else {
1321 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1322                 env->xcc &= ~PSR_CARRY;
1323 #else
1324                 env->psr &= ~PSR_CARRY;
1325 #endif
1326             }
1327             env->regwptr[0] = ret;
1328             /* next instruction */
1329             env->pc = env->npc;
1330             env->npc = env->npc + 4;
1331             break;
1332         case 0x83: /* flush windows */
1333 #ifdef TARGET_ABI32
1334         case 0x103:
1335 #endif
1336             flush_windows(env);
1337             /* next instruction */
1338             env->pc = env->npc;
1339             env->npc = env->npc + 4;
1340             break;
1341 #ifndef TARGET_SPARC64
1342         case TT_WIN_OVF: /* window overflow */
1343             save_window(env);
1344             break;
1345         case TT_WIN_UNF: /* window underflow */
1346             restore_window(env);
1347             break;
1348         case TT_TFAULT:
1349         case TT_DFAULT:
1350             {
1351                 info.si_signo = TARGET_SIGSEGV;
1352                 info.si_errno = 0;
1353                 /* XXX: check env->error_code */
1354                 info.si_code = TARGET_SEGV_MAPERR;
1355                 info._sifields._sigfault._addr = env->mmuregs[4];
1356                 queue_signal(env, info.si_signo, &info);
1357             }
1358             break;
1359 #else
1360         case TT_SPILL: /* window overflow */
1361             save_window(env);
1362             break;
1363         case TT_FILL: /* window underflow */
1364             restore_window(env);
1365             break;
1366         case TT_TFAULT:
1367         case TT_DFAULT:
1368             {
1369                 info.si_signo = TARGET_SIGSEGV;
1370                 info.si_errno = 0;
1371                 /* XXX: check env->error_code */
1372                 info.si_code = TARGET_SEGV_MAPERR;
1373                 if (trapnr == TT_DFAULT)
1374                     info._sifields._sigfault._addr = env->dmmuregs[4];
1375                 else
1376                     info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
1377                 queue_signal(env, info.si_signo, &info);
1378             }
1379             break;
1380 #ifndef TARGET_ABI32
1381         case 0x16e:
1382             flush_windows(env);
1383             sparc64_get_context(env);
1384             break;
1385         case 0x16f:
1386             flush_windows(env);
1387             sparc64_set_context(env);
1388             break;
1389 #endif
1390 #endif
1391         case EXCP_INTERRUPT:
1392             /* just indicate that signals should be handled asap */
1393             break;
1394         case TT_ILL_INSN:
1395             {
1396                 info.si_signo = TARGET_SIGILL;
1397                 info.si_errno = 0;
1398                 info.si_code = TARGET_ILL_ILLOPC;
1399                 info._sifields._sigfault._addr = env->pc;
1400                 queue_signal(env, info.si_signo, &info);
1401             }
1402             break;
1403         case EXCP_DEBUG:
1404             {
1405                 int sig;
1406 
1407                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1408                 if (sig)
1409                   {
1410                     info.si_signo = sig;
1411                     info.si_errno = 0;
1412                     info.si_code = TARGET_TRAP_BRKPT;
1413                     queue_signal(env, info.si_signo, &info);
1414                   }
1415             }
1416             break;
1417         default:
1418             printf ("Unhandled trap: 0x%x\n", trapnr);
1419             cpu_dump_state(cs, stderr, fprintf, 0);
1420             exit (1);
1421         }
1422         process_pending_signals (env);
1423     }
1424 }
1425 
1426 #endif
1427 
1428 #ifdef TARGET_PPC
1429 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
1430 {
1431     /* TO FIX */
1432     return 0;
1433 }
1434 
1435 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
1436 {
1437     return cpu_ppc_get_tb(env);
1438 }
1439 
1440 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
1441 {
1442     return cpu_ppc_get_tb(env) >> 32;
1443 }
1444 
1445 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
1446 {
1447     return cpu_ppc_get_tb(env);
1448 }
1449 
1450 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
1451 {
1452     return cpu_ppc_get_tb(env) >> 32;
1453 }
1454 
1455 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
1456 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
1457 
1458 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
1459 {
1460     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1461 }
1462 
1463 /* XXX: to be fixed */
1464 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1465 {
1466     return -1;
1467 }
1468 
1469 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1470 {
1471     return -1;
1472 }
1473 
1474 #define EXCP_DUMP(env, fmt, ...)                                        \
1475 do {                                                                    \
1476     CPUState *cs = ENV_GET_CPU(env);                                    \
1477     fprintf(stderr, fmt , ## __VA_ARGS__);                              \
1478     cpu_dump_state(cs, stderr, fprintf, 0);                             \
1479     qemu_log(fmt, ## __VA_ARGS__);                                      \
1480     if (qemu_log_enabled()) {                                           \
1481         log_cpu_state(cs, 0);                                           \
1482     }                                                                   \
1483 } while (0)
1484 
1485 static int do_store_exclusive(CPUPPCState *env)
1486 {
1487     target_ulong addr;
1488     target_ulong page_addr;
1489     target_ulong val, val2 __attribute__((unused)) = 0;
1490     int flags;
1491     int segv = 0;
1492 
1493     addr = env->reserve_ea;
1494     page_addr = addr & TARGET_PAGE_MASK;
1495     start_exclusive();
1496     mmap_lock();
1497     flags = page_get_flags(page_addr);
1498     if ((flags & PAGE_READ) == 0) {
1499         segv = 1;
1500     } else {
1501         int reg = env->reserve_info & 0x1f;
1502         int size = env->reserve_info >> 5;
1503         int stored = 0;
1504 
1505         if (addr == env->reserve_addr) {
1506             switch (size) {
1507             case 1: segv = get_user_u8(val, addr); break;
1508             case 2: segv = get_user_u16(val, addr); break;
1509             case 4: segv = get_user_u32(val, addr); break;
1510 #if defined(TARGET_PPC64)
1511             case 8: segv = get_user_u64(val, addr); break;
1512             case 16: {
1513                 segv = get_user_u64(val, addr);
1514                 if (!segv) {
1515                     segv = get_user_u64(val2, addr + 8);
1516                 }
1517                 break;
1518             }
1519 #endif
1520             default: abort();
1521             }
1522             if (!segv && val == env->reserve_val) {
1523                 val = env->gpr[reg];
1524                 switch (size) {
1525                 case 1: segv = put_user_u8(val, addr); break;
1526                 case 2: segv = put_user_u16(val, addr); break;
1527                 case 4: segv = put_user_u32(val, addr); break;
1528 #if defined(TARGET_PPC64)
1529                 case 8: segv = put_user_u64(val, addr); break;
1530                 case 16: {
1531                     if (val2 == env->reserve_val2) {
1532                         if (msr_le) {
1533                             val2 = val;
1534                             val = env->gpr[reg+1];
1535                         } else {
1536                             val2 = env->gpr[reg+1];
1537                         }
1538                         segv = put_user_u64(val, addr);
1539                         if (!segv) {
1540                             segv = put_user_u64(val2, addr + 8);
1541                         }
1542                     }
1543                     break;
1544                 }
1545 #endif
1546                 default: abort();
1547                 }
1548                 if (!segv) {
1549                     stored = 1;
1550                 }
1551             }
1552         }
1553         env->crf[0] = (stored << 1) | xer_so;
1554         env->reserve_addr = (target_ulong)-1;
1555     }
1556     if (!segv) {
1557         env->nip += 4;
1558     }
1559     mmap_unlock();
1560     end_exclusive();
1561     return segv;
1562 }
1563 
1564 void cpu_loop(CPUPPCState *env)
1565 {
1566     CPUState *cs = CPU(ppc_env_get_cpu(env));
1567     target_siginfo_t info;
1568     int trapnr;
1569     target_ulong ret;
1570 
1571     for(;;) {
1572         cpu_exec_start(cs);
1573         trapnr = cpu_ppc_exec(env);
1574         cpu_exec_end(cs);
1575         switch(trapnr) {
1576         case POWERPC_EXCP_NONE:
1577             /* Just go on */
1578             break;
1579         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
1580             cpu_abort(cs, "Critical interrupt while in user mode. "
1581                       "Aborting\n");
1582             break;
1583         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
1584             cpu_abort(cs, "Machine check exception while in user mode. "
1585                       "Aborting\n");
1586             break;
1587         case POWERPC_EXCP_DSI:      /* Data storage exception                */
1588             EXCP_DUMP(env, "Invalid data memory access: 0x" TARGET_FMT_lx "\n",
1589                       env->spr[SPR_DAR]);
1590             /* XXX: check this. Seems bugged */
1591             switch (env->error_code & 0xFF000000) {
1592             case 0x40000000:
1593                 info.si_signo = TARGET_SIGSEGV;
1594                 info.si_errno = 0;
1595                 info.si_code = TARGET_SEGV_MAPERR;
1596                 break;
1597             case 0x04000000:
1598                 info.si_signo = TARGET_SIGILL;
1599                 info.si_errno = 0;
1600                 info.si_code = TARGET_ILL_ILLADR;
1601                 break;
1602             case 0x08000000:
1603                 info.si_signo = TARGET_SIGSEGV;
1604                 info.si_errno = 0;
1605                 info.si_code = TARGET_SEGV_ACCERR;
1606                 break;
1607             default:
1608                 /* Let's send a regular segfault... */
1609                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1610                           env->error_code);
1611                 info.si_signo = TARGET_SIGSEGV;
1612                 info.si_errno = 0;
1613                 info.si_code = TARGET_SEGV_MAPERR;
1614                 break;
1615             }
1616             info._sifields._sigfault._addr = env->nip;
1617             queue_signal(env, info.si_signo, &info);
1618             break;
1619         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
1620             EXCP_DUMP(env, "Invalid instruction fetch: 0x\n" TARGET_FMT_lx
1621                       "\n", env->spr[SPR_SRR0]);
1622             /* XXX: check this */
1623             switch (env->error_code & 0xFF000000) {
1624             case 0x40000000:
1625                 info.si_signo = TARGET_SIGSEGV;
1626             info.si_errno = 0;
1627                 info.si_code = TARGET_SEGV_MAPERR;
1628                 break;
1629             case 0x10000000:
1630             case 0x08000000:
1631                 info.si_signo = TARGET_SIGSEGV;
1632                 info.si_errno = 0;
1633                 info.si_code = TARGET_SEGV_ACCERR;
1634                 break;
1635             default:
1636                 /* Let's send a regular segfault... */
1637                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1638                           env->error_code);
1639                 info.si_signo = TARGET_SIGSEGV;
1640                 info.si_errno = 0;
1641                 info.si_code = TARGET_SEGV_MAPERR;
1642                 break;
1643             }
1644             info._sifields._sigfault._addr = env->nip - 4;
1645             queue_signal(env, info.si_signo, &info);
1646             break;
1647         case POWERPC_EXCP_EXTERNAL: /* External input                        */
1648             cpu_abort(cs, "External interrupt while in user mode. "
1649                       "Aborting\n");
1650             break;
1651         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
1652             EXCP_DUMP(env, "Unaligned memory access\n");
1653             /* XXX: check this */
1654             info.si_signo = TARGET_SIGBUS;
1655             info.si_errno = 0;
1656             info.si_code = TARGET_BUS_ADRALN;
1657             info._sifields._sigfault._addr = env->nip - 4;
1658             queue_signal(env, info.si_signo, &info);
1659             break;
1660         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
1661             /* XXX: check this */
1662             switch (env->error_code & ~0xF) {
1663             case POWERPC_EXCP_FP:
1664                 EXCP_DUMP(env, "Floating point program exception\n");
1665                 info.si_signo = TARGET_SIGFPE;
1666                 info.si_errno = 0;
1667                 switch (env->error_code & 0xF) {
1668                 case POWERPC_EXCP_FP_OX:
1669                     info.si_code = TARGET_FPE_FLTOVF;
1670                     break;
1671                 case POWERPC_EXCP_FP_UX:
1672                     info.si_code = TARGET_FPE_FLTUND;
1673                     break;
1674                 case POWERPC_EXCP_FP_ZX:
1675                 case POWERPC_EXCP_FP_VXZDZ:
1676                     info.si_code = TARGET_FPE_FLTDIV;
1677                     break;
1678                 case POWERPC_EXCP_FP_XX:
1679                     info.si_code = TARGET_FPE_FLTRES;
1680                     break;
1681                 case POWERPC_EXCP_FP_VXSOFT:
1682                     info.si_code = TARGET_FPE_FLTINV;
1683                     break;
1684                 case POWERPC_EXCP_FP_VXSNAN:
1685                 case POWERPC_EXCP_FP_VXISI:
1686                 case POWERPC_EXCP_FP_VXIDI:
1687                 case POWERPC_EXCP_FP_VXIMZ:
1688                 case POWERPC_EXCP_FP_VXVC:
1689                 case POWERPC_EXCP_FP_VXSQRT:
1690                 case POWERPC_EXCP_FP_VXCVI:
1691                     info.si_code = TARGET_FPE_FLTSUB;
1692                     break;
1693                 default:
1694                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
1695                               env->error_code);
1696                     break;
1697                 }
1698                 break;
1699             case POWERPC_EXCP_INVAL:
1700                 EXCP_DUMP(env, "Invalid instruction\n");
1701                 info.si_signo = TARGET_SIGILL;
1702                 info.si_errno = 0;
1703                 switch (env->error_code & 0xF) {
1704                 case POWERPC_EXCP_INVAL_INVAL:
1705                     info.si_code = TARGET_ILL_ILLOPC;
1706                     break;
1707                 case POWERPC_EXCP_INVAL_LSWX:
1708                     info.si_code = TARGET_ILL_ILLOPN;
1709                     break;
1710                 case POWERPC_EXCP_INVAL_SPR:
1711                     info.si_code = TARGET_ILL_PRVREG;
1712                     break;
1713                 case POWERPC_EXCP_INVAL_FP:
1714                     info.si_code = TARGET_ILL_COPROC;
1715                     break;
1716                 default:
1717                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
1718                               env->error_code & 0xF);
1719                     info.si_code = TARGET_ILL_ILLADR;
1720                     break;
1721                 }
1722                 break;
1723             case POWERPC_EXCP_PRIV:
1724                 EXCP_DUMP(env, "Privilege violation\n");
1725                 info.si_signo = TARGET_SIGILL;
1726                 info.si_errno = 0;
1727                 switch (env->error_code & 0xF) {
1728                 case POWERPC_EXCP_PRIV_OPC:
1729                     info.si_code = TARGET_ILL_PRVOPC;
1730                     break;
1731                 case POWERPC_EXCP_PRIV_REG:
1732                     info.si_code = TARGET_ILL_PRVREG;
1733                     break;
1734                 default:
1735                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
1736                               env->error_code & 0xF);
1737                     info.si_code = TARGET_ILL_PRVOPC;
1738                     break;
1739                 }
1740                 break;
1741             case POWERPC_EXCP_TRAP:
1742                 cpu_abort(cs, "Tried to call a TRAP\n");
1743                 break;
1744             default:
1745                 /* Should not happen ! */
1746                 cpu_abort(cs, "Unknown program exception (%02x)\n",
1747                           env->error_code);
1748                 break;
1749             }
1750             info._sifields._sigfault._addr = env->nip - 4;
1751             queue_signal(env, info.si_signo, &info);
1752             break;
1753         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
1754             EXCP_DUMP(env, "No floating point allowed\n");
1755             info.si_signo = TARGET_SIGILL;
1756             info.si_errno = 0;
1757             info.si_code = TARGET_ILL_COPROC;
1758             info._sifields._sigfault._addr = env->nip - 4;
1759             queue_signal(env, info.si_signo, &info);
1760             break;
1761         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
1762             cpu_abort(cs, "Syscall exception while in user mode. "
1763                       "Aborting\n");
1764             break;
1765         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
1766             EXCP_DUMP(env, "No APU instruction allowed\n");
1767             info.si_signo = TARGET_SIGILL;
1768             info.si_errno = 0;
1769             info.si_code = TARGET_ILL_COPROC;
1770             info._sifields._sigfault._addr = env->nip - 4;
1771             queue_signal(env, info.si_signo, &info);
1772             break;
1773         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
1774             cpu_abort(cs, "Decrementer interrupt while in user mode. "
1775                       "Aborting\n");
1776             break;
1777         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
1778             cpu_abort(cs, "Fix interval timer interrupt while in user mode. "
1779                       "Aborting\n");
1780             break;
1781         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
1782             cpu_abort(cs, "Watchdog timer interrupt while in user mode. "
1783                       "Aborting\n");
1784             break;
1785         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
1786             cpu_abort(cs, "Data TLB exception while in user mode. "
1787                       "Aborting\n");
1788             break;
1789         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
1790             cpu_abort(cs, "Instruction TLB exception while in user mode. "
1791                       "Aborting\n");
1792             break;
1793         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
1794             EXCP_DUMP(env, "No SPE/floating-point instruction allowed\n");
1795             info.si_signo = TARGET_SIGILL;
1796             info.si_errno = 0;
1797             info.si_code = TARGET_ILL_COPROC;
1798             info._sifields._sigfault._addr = env->nip - 4;
1799             queue_signal(env, info.si_signo, &info);
1800             break;
1801         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
1802             cpu_abort(cs, "Embedded floating-point data IRQ not handled\n");
1803             break;
1804         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
1805             cpu_abort(cs, "Embedded floating-point round IRQ not handled\n");
1806             break;
1807         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
1808             cpu_abort(cs, "Performance monitor exception not handled\n");
1809             break;
1810         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
1811             cpu_abort(cs, "Doorbell interrupt while in user mode. "
1812                        "Aborting\n");
1813             break;
1814         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
1815             cpu_abort(cs, "Doorbell critical interrupt while in user mode. "
1816                       "Aborting\n");
1817             break;
1818         case POWERPC_EXCP_RESET:    /* System reset exception                */
1819             cpu_abort(cs, "Reset interrupt while in user mode. "
1820                       "Aborting\n");
1821             break;
1822         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
1823             cpu_abort(cs, "Data segment exception while in user mode. "
1824                       "Aborting\n");
1825             break;
1826         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
1827             cpu_abort(cs, "Instruction segment exception "
1828                       "while in user mode. Aborting\n");
1829             break;
1830         /* PowerPC 64 with hypervisor mode support */
1831         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
1832             cpu_abort(cs, "Hypervisor decrementer interrupt "
1833                       "while in user mode. Aborting\n");
1834             break;
1835         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
1836             /* Nothing to do:
1837              * we use this exception to emulate step-by-step execution mode.
1838              */
1839             break;
1840         /* PowerPC 64 with hypervisor mode support */
1841         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
1842             cpu_abort(cs, "Hypervisor data storage exception "
1843                       "while in user mode. Aborting\n");
1844             break;
1845         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
1846             cpu_abort(cs, "Hypervisor instruction storage exception "
1847                       "while in user mode. Aborting\n");
1848             break;
1849         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
1850             cpu_abort(cs, "Hypervisor data segment exception "
1851                       "while in user mode. Aborting\n");
1852             break;
1853         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
1854             cpu_abort(cs, "Hypervisor instruction segment exception "
1855                       "while in user mode. Aborting\n");
1856             break;
1857         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
1858             EXCP_DUMP(env, "No Altivec instructions allowed\n");
1859             info.si_signo = TARGET_SIGILL;
1860             info.si_errno = 0;
1861             info.si_code = TARGET_ILL_COPROC;
1862             info._sifields._sigfault._addr = env->nip - 4;
1863             queue_signal(env, info.si_signo, &info);
1864             break;
1865         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
1866             cpu_abort(cs, "Programmable interval timer interrupt "
1867                       "while in user mode. Aborting\n");
1868             break;
1869         case POWERPC_EXCP_IO:       /* IO error exception                    */
1870             cpu_abort(cs, "IO error exception while in user mode. "
1871                       "Aborting\n");
1872             break;
1873         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
1874             cpu_abort(cs, "Run mode exception while in user mode. "
1875                       "Aborting\n");
1876             break;
1877         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
1878             cpu_abort(cs, "Emulation trap exception not handled\n");
1879             break;
1880         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
1881             cpu_abort(cs, "Instruction fetch TLB exception "
1882                       "while in user-mode. Aborting");
1883             break;
1884         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
1885             cpu_abort(cs, "Data load TLB exception while in user-mode. "
1886                       "Aborting");
1887             break;
1888         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
1889             cpu_abort(cs, "Data store TLB exception while in user-mode. "
1890                       "Aborting");
1891             break;
1892         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
1893             cpu_abort(cs, "Floating-point assist exception not handled\n");
1894             break;
1895         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
1896             cpu_abort(cs, "Instruction address breakpoint exception "
1897                       "not handled\n");
1898             break;
1899         case POWERPC_EXCP_SMI:      /* System management interrupt           */
1900             cpu_abort(cs, "System management interrupt while in user mode. "
1901                       "Aborting\n");
1902             break;
1903         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
1904             cpu_abort(cs, "Thermal interrupt interrupt while in user mode. "
1905                       "Aborting\n");
1906             break;
1907         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
1908             cpu_abort(cs, "Performance monitor exception not handled\n");
1909             break;
1910         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
1911             cpu_abort(cs, "Vector assist exception not handled\n");
1912             break;
1913         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
1914             cpu_abort(cs, "Soft patch exception not handled\n");
1915             break;
1916         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
1917             cpu_abort(cs, "Maintenance exception while in user mode. "
1918                       "Aborting\n");
1919             break;
1920         case POWERPC_EXCP_STOP:     /* stop translation                      */
1921             /* We did invalidate the instruction cache. Go on */
1922             break;
1923         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
1924             /* We just stopped because of a branch. Go on */
1925             break;
1926         case POWERPC_EXCP_SYSCALL_USER:
1927             /* system call in user-mode emulation */
1928             /* WARNING:
1929              * PPC ABI uses overflow flag in cr0 to signal an error
1930              * in syscalls.
1931              */
1932             env->crf[0] &= ~0x1;
1933             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
1934                              env->gpr[5], env->gpr[6], env->gpr[7],
1935                              env->gpr[8], 0, 0);
1936             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
1937                 /* Returning from a successful sigreturn syscall.
1938                    Avoid corrupting register state.  */
1939                 break;
1940             }
1941             if (ret > (target_ulong)(-515)) {
1942                 env->crf[0] |= 0x1;
1943                 ret = -ret;
1944             }
1945             env->gpr[3] = ret;
1946             break;
1947         case POWERPC_EXCP_STCX:
1948             if (do_store_exclusive(env)) {
1949                 info.si_signo = TARGET_SIGSEGV;
1950                 info.si_errno = 0;
1951                 info.si_code = TARGET_SEGV_MAPERR;
1952                 info._sifields._sigfault._addr = env->nip;
1953                 queue_signal(env, info.si_signo, &info);
1954             }
1955             break;
1956         case EXCP_DEBUG:
1957             {
1958                 int sig;
1959 
1960                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1961                 if (sig) {
1962                     info.si_signo = sig;
1963                     info.si_errno = 0;
1964                     info.si_code = TARGET_TRAP_BRKPT;
1965                     queue_signal(env, info.si_signo, &info);
1966                   }
1967             }
1968             break;
1969         case EXCP_INTERRUPT:
1970             /* just indicate that signals should be handled asap */
1971             break;
1972         default:
1973             cpu_abort(cs, "Unknown exception 0x%d. Aborting\n", trapnr);
1974             break;
1975         }
1976         process_pending_signals(env);
1977     }
1978 }
1979 #endif
1980 
1981 #ifdef TARGET_MIPS
1982 
1983 # ifdef TARGET_ABI_MIPSO32
1984 #  define MIPS_SYS(name, args) args,
1985 static const uint8_t mips_syscall_args[] = {
1986 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
1987 	MIPS_SYS(sys_exit	, 1)
1988 	MIPS_SYS(sys_fork	, 0)
1989 	MIPS_SYS(sys_read	, 3)
1990 	MIPS_SYS(sys_write	, 3)
1991 	MIPS_SYS(sys_open	, 3)	/* 4005 */
1992 	MIPS_SYS(sys_close	, 1)
1993 	MIPS_SYS(sys_waitpid	, 3)
1994 	MIPS_SYS(sys_creat	, 2)
1995 	MIPS_SYS(sys_link	, 2)
1996 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
1997 	MIPS_SYS(sys_execve	, 0)
1998 	MIPS_SYS(sys_chdir	, 1)
1999 	MIPS_SYS(sys_time	, 1)
2000 	MIPS_SYS(sys_mknod	, 3)
2001 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
2002 	MIPS_SYS(sys_lchown	, 3)
2003 	MIPS_SYS(sys_ni_syscall	, 0)
2004 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
2005 	MIPS_SYS(sys_lseek	, 3)
2006 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
2007 	MIPS_SYS(sys_mount	, 5)
2008 	MIPS_SYS(sys_umount	, 1)
2009 	MIPS_SYS(sys_setuid	, 1)
2010 	MIPS_SYS(sys_getuid	, 0)
2011 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
2012 	MIPS_SYS(sys_ptrace	, 4)
2013 	MIPS_SYS(sys_alarm	, 1)
2014 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
2015 	MIPS_SYS(sys_pause	, 0)
2016 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
2017 	MIPS_SYS(sys_ni_syscall	, 0)
2018 	MIPS_SYS(sys_ni_syscall	, 0)
2019 	MIPS_SYS(sys_access	, 2)
2020 	MIPS_SYS(sys_nice	, 1)
2021 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
2022 	MIPS_SYS(sys_sync	, 0)
2023 	MIPS_SYS(sys_kill	, 2)
2024 	MIPS_SYS(sys_rename	, 2)
2025 	MIPS_SYS(sys_mkdir	, 2)
2026 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
2027 	MIPS_SYS(sys_dup		, 1)
2028 	MIPS_SYS(sys_pipe	, 0)
2029 	MIPS_SYS(sys_times	, 1)
2030 	MIPS_SYS(sys_ni_syscall	, 0)
2031 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
2032 	MIPS_SYS(sys_setgid	, 1)
2033 	MIPS_SYS(sys_getgid	, 0)
2034 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
2035 	MIPS_SYS(sys_geteuid	, 0)
2036 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
2037 	MIPS_SYS(sys_acct	, 0)
2038 	MIPS_SYS(sys_umount2	, 2)
2039 	MIPS_SYS(sys_ni_syscall	, 0)
2040 	MIPS_SYS(sys_ioctl	, 3)
2041 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
2042 	MIPS_SYS(sys_ni_syscall	, 2)
2043 	MIPS_SYS(sys_setpgid	, 2)
2044 	MIPS_SYS(sys_ni_syscall	, 0)
2045 	MIPS_SYS(sys_olduname	, 1)
2046 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
2047 	MIPS_SYS(sys_chroot	, 1)
2048 	MIPS_SYS(sys_ustat	, 2)
2049 	MIPS_SYS(sys_dup2	, 2)
2050 	MIPS_SYS(sys_getppid	, 0)
2051 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
2052 	MIPS_SYS(sys_setsid	, 0)
2053 	MIPS_SYS(sys_sigaction	, 3)
2054 	MIPS_SYS(sys_sgetmask	, 0)
2055 	MIPS_SYS(sys_ssetmask	, 1)
2056 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
2057 	MIPS_SYS(sys_setregid	, 2)
2058 	MIPS_SYS(sys_sigsuspend	, 0)
2059 	MIPS_SYS(sys_sigpending	, 1)
2060 	MIPS_SYS(sys_sethostname	, 2)
2061 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
2062 	MIPS_SYS(sys_getrlimit	, 2)
2063 	MIPS_SYS(sys_getrusage	, 2)
2064 	MIPS_SYS(sys_gettimeofday, 2)
2065 	MIPS_SYS(sys_settimeofday, 2)
2066 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
2067 	MIPS_SYS(sys_setgroups	, 2)
2068 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
2069 	MIPS_SYS(sys_symlink	, 2)
2070 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
2071 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
2072 	MIPS_SYS(sys_uselib	, 1)
2073 	MIPS_SYS(sys_swapon	, 2)
2074 	MIPS_SYS(sys_reboot	, 3)
2075 	MIPS_SYS(old_readdir	, 3)
2076 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
2077 	MIPS_SYS(sys_munmap	, 2)
2078 	MIPS_SYS(sys_truncate	, 2)
2079 	MIPS_SYS(sys_ftruncate	, 2)
2080 	MIPS_SYS(sys_fchmod	, 2)
2081 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
2082 	MIPS_SYS(sys_getpriority	, 2)
2083 	MIPS_SYS(sys_setpriority	, 3)
2084 	MIPS_SYS(sys_ni_syscall	, 0)
2085 	MIPS_SYS(sys_statfs	, 2)
2086 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
2087 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
2088 	MIPS_SYS(sys_socketcall	, 2)
2089 	MIPS_SYS(sys_syslog	, 3)
2090 	MIPS_SYS(sys_setitimer	, 3)
2091 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
2092 	MIPS_SYS(sys_newstat	, 2)
2093 	MIPS_SYS(sys_newlstat	, 2)
2094 	MIPS_SYS(sys_newfstat	, 2)
2095 	MIPS_SYS(sys_uname	, 1)
2096 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
2097 	MIPS_SYS(sys_vhangup	, 0)
2098 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
2099 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
2100 	MIPS_SYS(sys_wait4	, 4)
2101 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
2102 	MIPS_SYS(sys_sysinfo	, 1)
2103 	MIPS_SYS(sys_ipc		, 6)
2104 	MIPS_SYS(sys_fsync	, 1)
2105 	MIPS_SYS(sys_sigreturn	, 0)
2106 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
2107 	MIPS_SYS(sys_setdomainname, 2)
2108 	MIPS_SYS(sys_newuname	, 1)
2109 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
2110 	MIPS_SYS(sys_adjtimex	, 1)
2111 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
2112 	MIPS_SYS(sys_sigprocmask	, 3)
2113 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
2114 	MIPS_SYS(sys_init_module	, 5)
2115 	MIPS_SYS(sys_delete_module, 1)
2116 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
2117 	MIPS_SYS(sys_quotactl	, 0)
2118 	MIPS_SYS(sys_getpgid	, 1)
2119 	MIPS_SYS(sys_fchdir	, 1)
2120 	MIPS_SYS(sys_bdflush	, 2)
2121 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
2122 	MIPS_SYS(sys_personality	, 1)
2123 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
2124 	MIPS_SYS(sys_setfsuid	, 1)
2125 	MIPS_SYS(sys_setfsgid	, 1)
2126 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
2127 	MIPS_SYS(sys_getdents	, 3)
2128 	MIPS_SYS(sys_select	, 5)
2129 	MIPS_SYS(sys_flock	, 2)
2130 	MIPS_SYS(sys_msync	, 3)
2131 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
2132 	MIPS_SYS(sys_writev	, 3)
2133 	MIPS_SYS(sys_cacheflush	, 3)
2134 	MIPS_SYS(sys_cachectl	, 3)
2135 	MIPS_SYS(sys_sysmips	, 4)
2136 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
2137 	MIPS_SYS(sys_getsid	, 1)
2138 	MIPS_SYS(sys_fdatasync	, 0)
2139 	MIPS_SYS(sys_sysctl	, 1)
2140 	MIPS_SYS(sys_mlock	, 2)
2141 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
2142 	MIPS_SYS(sys_mlockall	, 1)
2143 	MIPS_SYS(sys_munlockall	, 0)
2144 	MIPS_SYS(sys_sched_setparam, 2)
2145 	MIPS_SYS(sys_sched_getparam, 2)
2146 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
2147 	MIPS_SYS(sys_sched_getscheduler, 1)
2148 	MIPS_SYS(sys_sched_yield	, 0)
2149 	MIPS_SYS(sys_sched_get_priority_max, 1)
2150 	MIPS_SYS(sys_sched_get_priority_min, 1)
2151 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
2152 	MIPS_SYS(sys_nanosleep,	2)
2153 	MIPS_SYS(sys_mremap	, 5)
2154 	MIPS_SYS(sys_accept	, 3)
2155 	MIPS_SYS(sys_bind	, 3)
2156 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
2157 	MIPS_SYS(sys_getpeername	, 3)
2158 	MIPS_SYS(sys_getsockname	, 3)
2159 	MIPS_SYS(sys_getsockopt	, 5)
2160 	MIPS_SYS(sys_listen	, 2)
2161 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
2162 	MIPS_SYS(sys_recvfrom	, 6)
2163 	MIPS_SYS(sys_recvmsg	, 3)
2164 	MIPS_SYS(sys_send	, 4)
2165 	MIPS_SYS(sys_sendmsg	, 3)
2166 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
2167 	MIPS_SYS(sys_setsockopt	, 5)
2168 	MIPS_SYS(sys_shutdown	, 2)
2169 	MIPS_SYS(sys_socket	, 3)
2170 	MIPS_SYS(sys_socketpair	, 4)
2171 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
2172 	MIPS_SYS(sys_getresuid	, 3)
2173 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
2174 	MIPS_SYS(sys_poll	, 3)
2175 	MIPS_SYS(sys_nfsservctl	, 3)
2176 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
2177 	MIPS_SYS(sys_getresgid	, 3)
2178 	MIPS_SYS(sys_prctl	, 5)
2179 	MIPS_SYS(sys_rt_sigreturn, 0)
2180 	MIPS_SYS(sys_rt_sigaction, 4)
2181 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
2182 	MIPS_SYS(sys_rt_sigpending, 2)
2183 	MIPS_SYS(sys_rt_sigtimedwait, 4)
2184 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
2185 	MIPS_SYS(sys_rt_sigsuspend, 0)
2186 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
2187 	MIPS_SYS(sys_pwrite64	, 6)
2188 	MIPS_SYS(sys_chown	, 3)
2189 	MIPS_SYS(sys_getcwd	, 2)
2190 	MIPS_SYS(sys_capget	, 2)
2191 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
2192 	MIPS_SYS(sys_sigaltstack	, 2)
2193 	MIPS_SYS(sys_sendfile	, 4)
2194 	MIPS_SYS(sys_ni_syscall	, 0)
2195 	MIPS_SYS(sys_ni_syscall	, 0)
2196 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
2197 	MIPS_SYS(sys_truncate64	, 4)
2198 	MIPS_SYS(sys_ftruncate64	, 4)
2199 	MIPS_SYS(sys_stat64	, 2)
2200 	MIPS_SYS(sys_lstat64	, 2)
2201 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
2202 	MIPS_SYS(sys_pivot_root	, 2)
2203 	MIPS_SYS(sys_mincore	, 3)
2204 	MIPS_SYS(sys_madvise	, 3)
2205 	MIPS_SYS(sys_getdents64	, 3)
2206 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
2207 	MIPS_SYS(sys_ni_syscall	, 0)
2208 	MIPS_SYS(sys_gettid	, 0)
2209 	MIPS_SYS(sys_readahead	, 5)
2210 	MIPS_SYS(sys_setxattr	, 5)
2211 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
2212 	MIPS_SYS(sys_fsetxattr	, 5)
2213 	MIPS_SYS(sys_getxattr	, 4)
2214 	MIPS_SYS(sys_lgetxattr	, 4)
2215 	MIPS_SYS(sys_fgetxattr	, 4)
2216 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
2217 	MIPS_SYS(sys_llistxattr	, 3)
2218 	MIPS_SYS(sys_flistxattr	, 3)
2219 	MIPS_SYS(sys_removexattr	, 2)
2220 	MIPS_SYS(sys_lremovexattr, 2)
2221 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
2222 	MIPS_SYS(sys_tkill	, 2)
2223 	MIPS_SYS(sys_sendfile64	, 5)
2224 	MIPS_SYS(sys_futex	, 6)
2225 	MIPS_SYS(sys_sched_setaffinity, 3)
2226 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
2227 	MIPS_SYS(sys_io_setup	, 2)
2228 	MIPS_SYS(sys_io_destroy	, 1)
2229 	MIPS_SYS(sys_io_getevents, 5)
2230 	MIPS_SYS(sys_io_submit	, 3)
2231 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
2232 	MIPS_SYS(sys_exit_group	, 1)
2233 	MIPS_SYS(sys_lookup_dcookie, 3)
2234 	MIPS_SYS(sys_epoll_create, 1)
2235 	MIPS_SYS(sys_epoll_ctl	, 4)
2236 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
2237 	MIPS_SYS(sys_remap_file_pages, 5)
2238 	MIPS_SYS(sys_set_tid_address, 1)
2239 	MIPS_SYS(sys_restart_syscall, 0)
2240 	MIPS_SYS(sys_fadvise64_64, 7)
2241 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
2242 	MIPS_SYS(sys_fstatfs64	, 2)
2243 	MIPS_SYS(sys_timer_create, 3)
2244 	MIPS_SYS(sys_timer_settime, 4)
2245 	MIPS_SYS(sys_timer_gettime, 2)
2246 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
2247 	MIPS_SYS(sys_timer_delete, 1)
2248 	MIPS_SYS(sys_clock_settime, 2)
2249 	MIPS_SYS(sys_clock_gettime, 2)
2250 	MIPS_SYS(sys_clock_getres, 2)
2251 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
2252 	MIPS_SYS(sys_tgkill	, 3)
2253 	MIPS_SYS(sys_utimes	, 2)
2254 	MIPS_SYS(sys_mbind	, 4)
2255 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
2256 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
2257 	MIPS_SYS(sys_mq_open	, 4)
2258 	MIPS_SYS(sys_mq_unlink	, 1)
2259 	MIPS_SYS(sys_mq_timedsend, 5)
2260 	MIPS_SYS(sys_mq_timedreceive, 5)
2261 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
2262 	MIPS_SYS(sys_mq_getsetattr, 3)
2263 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
2264 	MIPS_SYS(sys_waitid	, 4)
2265 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
2266 	MIPS_SYS(sys_add_key	, 5)
2267 	MIPS_SYS(sys_request_key, 4)
2268 	MIPS_SYS(sys_keyctl	, 5)
2269 	MIPS_SYS(sys_set_thread_area, 1)
2270 	MIPS_SYS(sys_inotify_init, 0)
2271 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
2272 	MIPS_SYS(sys_inotify_rm_watch, 2)
2273 	MIPS_SYS(sys_migrate_pages, 4)
2274 	MIPS_SYS(sys_openat, 4)
2275 	MIPS_SYS(sys_mkdirat, 3)
2276 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
2277 	MIPS_SYS(sys_fchownat, 5)
2278 	MIPS_SYS(sys_futimesat, 3)
2279 	MIPS_SYS(sys_fstatat64, 4)
2280 	MIPS_SYS(sys_unlinkat, 3)
2281 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
2282 	MIPS_SYS(sys_linkat, 5)
2283 	MIPS_SYS(sys_symlinkat, 3)
2284 	MIPS_SYS(sys_readlinkat, 4)
2285 	MIPS_SYS(sys_fchmodat, 3)
2286 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
2287 	MIPS_SYS(sys_pselect6, 6)
2288 	MIPS_SYS(sys_ppoll, 5)
2289 	MIPS_SYS(sys_unshare, 1)
2290 	MIPS_SYS(sys_splice, 6)
2291 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
2292 	MIPS_SYS(sys_tee, 4)
2293 	MIPS_SYS(sys_vmsplice, 4)
2294 	MIPS_SYS(sys_move_pages, 6)
2295 	MIPS_SYS(sys_set_robust_list, 2)
2296 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
2297 	MIPS_SYS(sys_kexec_load, 4)
2298 	MIPS_SYS(sys_getcpu, 3)
2299 	MIPS_SYS(sys_epoll_pwait, 6)
2300 	MIPS_SYS(sys_ioprio_set, 3)
2301 	MIPS_SYS(sys_ioprio_get, 2)
2302         MIPS_SYS(sys_utimensat, 4)
2303         MIPS_SYS(sys_signalfd, 3)
2304         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
2305         MIPS_SYS(sys_eventfd, 1)
2306         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
2307         MIPS_SYS(sys_timerfd_create, 2)
2308         MIPS_SYS(sys_timerfd_gettime, 2)
2309         MIPS_SYS(sys_timerfd_settime, 4)
2310         MIPS_SYS(sys_signalfd4, 4)
2311         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
2312         MIPS_SYS(sys_epoll_create1, 1)
2313         MIPS_SYS(sys_dup3, 3)
2314         MIPS_SYS(sys_pipe2, 2)
2315         MIPS_SYS(sys_inotify_init1, 1)
2316         MIPS_SYS(sys_preadv, 6)         /* 4330 */
2317         MIPS_SYS(sys_pwritev, 6)
2318         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
2319         MIPS_SYS(sys_perf_event_open, 5)
2320         MIPS_SYS(sys_accept4, 4)
2321         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
2322         MIPS_SYS(sys_fanotify_init, 2)
2323         MIPS_SYS(sys_fanotify_mark, 6)
2324         MIPS_SYS(sys_prlimit64, 4)
2325         MIPS_SYS(sys_name_to_handle_at, 5)
2326         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
2327         MIPS_SYS(sys_clock_adjtime, 2)
2328         MIPS_SYS(sys_syncfs, 1)
2329 };
2330 #  undef MIPS_SYS
2331 # endif /* O32 */
2332 
2333 static int do_store_exclusive(CPUMIPSState *env)
2334 {
2335     target_ulong addr;
2336     target_ulong page_addr;
2337     target_ulong val;
2338     int flags;
2339     int segv = 0;
2340     int reg;
2341     int d;
2342 
2343     addr = env->lladdr;
2344     page_addr = addr & TARGET_PAGE_MASK;
2345     start_exclusive();
2346     mmap_lock();
2347     flags = page_get_flags(page_addr);
2348     if ((flags & PAGE_READ) == 0) {
2349         segv = 1;
2350     } else {
2351         reg = env->llreg & 0x1f;
2352         d = (env->llreg & 0x20) != 0;
2353         if (d) {
2354             segv = get_user_s64(val, addr);
2355         } else {
2356             segv = get_user_s32(val, addr);
2357         }
2358         if (!segv) {
2359             if (val != env->llval) {
2360                 env->active_tc.gpr[reg] = 0;
2361             } else {
2362                 if (d) {
2363                     segv = put_user_u64(env->llnewval, addr);
2364                 } else {
2365                     segv = put_user_u32(env->llnewval, addr);
2366                 }
2367                 if (!segv) {
2368                     env->active_tc.gpr[reg] = 1;
2369                 }
2370             }
2371         }
2372     }
2373     env->lladdr = -1;
2374     if (!segv) {
2375         env->active_tc.PC += 4;
2376     }
2377     mmap_unlock();
2378     end_exclusive();
2379     return segv;
2380 }
2381 
2382 /* Break codes */
2383 enum {
2384     BRK_OVERFLOW = 6,
2385     BRK_DIVZERO = 7
2386 };
2387 
2388 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
2389                     unsigned int code)
2390 {
2391     int ret = -1;
2392 
2393     switch (code) {
2394     case BRK_OVERFLOW:
2395     case BRK_DIVZERO:
2396         info->si_signo = TARGET_SIGFPE;
2397         info->si_errno = 0;
2398         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
2399         queue_signal(env, info->si_signo, &*info);
2400         ret = 0;
2401         break;
2402     default:
2403         info->si_signo = TARGET_SIGTRAP;
2404         info->si_errno = 0;
2405         queue_signal(env, info->si_signo, &*info);
2406         ret = 0;
2407         break;
2408     }
2409 
2410     return ret;
2411 }
2412 
2413 void cpu_loop(CPUMIPSState *env)
2414 {
2415     CPUState *cs = CPU(mips_env_get_cpu(env));
2416     target_siginfo_t info;
2417     int trapnr;
2418     abi_long ret;
2419 # ifdef TARGET_ABI_MIPSO32
2420     unsigned int syscall_num;
2421 # endif
2422 
2423     for(;;) {
2424         cpu_exec_start(cs);
2425         trapnr = cpu_mips_exec(env);
2426         cpu_exec_end(cs);
2427         switch(trapnr) {
2428         case EXCP_SYSCALL:
2429             env->active_tc.PC += 4;
2430 # ifdef TARGET_ABI_MIPSO32
2431             syscall_num = env->active_tc.gpr[2] - 4000;
2432             if (syscall_num >= sizeof(mips_syscall_args)) {
2433                 ret = -TARGET_ENOSYS;
2434             } else {
2435                 int nb_args;
2436                 abi_ulong sp_reg;
2437                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
2438 
2439                 nb_args = mips_syscall_args[syscall_num];
2440                 sp_reg = env->active_tc.gpr[29];
2441                 switch (nb_args) {
2442                 /* these arguments are taken from the stack */
2443                 case 8:
2444                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
2445                         goto done_syscall;
2446                     }
2447                 case 7:
2448                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
2449                         goto done_syscall;
2450                     }
2451                 case 6:
2452                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
2453                         goto done_syscall;
2454                     }
2455                 case 5:
2456                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
2457                         goto done_syscall;
2458                     }
2459                 default:
2460                     break;
2461                 }
2462                 ret = do_syscall(env, env->active_tc.gpr[2],
2463                                  env->active_tc.gpr[4],
2464                                  env->active_tc.gpr[5],
2465                                  env->active_tc.gpr[6],
2466                                  env->active_tc.gpr[7],
2467                                  arg5, arg6, arg7, arg8);
2468             }
2469 done_syscall:
2470 # else
2471             ret = do_syscall(env, env->active_tc.gpr[2],
2472                              env->active_tc.gpr[4], env->active_tc.gpr[5],
2473                              env->active_tc.gpr[6], env->active_tc.gpr[7],
2474                              env->active_tc.gpr[8], env->active_tc.gpr[9],
2475                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
2476 # endif /* O32 */
2477             if (ret == -TARGET_QEMU_ESIGRETURN) {
2478                 /* Returning from a successful sigreturn syscall.
2479                    Avoid clobbering register state.  */
2480                 break;
2481             }
2482             if ((abi_ulong)ret >= (abi_ulong)-1133) {
2483                 env->active_tc.gpr[7] = 1; /* error flag */
2484                 ret = -ret;
2485             } else {
2486                 env->active_tc.gpr[7] = 0; /* error flag */
2487             }
2488             env->active_tc.gpr[2] = ret;
2489             break;
2490         case EXCP_TLBL:
2491         case EXCP_TLBS:
2492         case EXCP_AdEL:
2493         case EXCP_AdES:
2494             info.si_signo = TARGET_SIGSEGV;
2495             info.si_errno = 0;
2496             /* XXX: check env->error_code */
2497             info.si_code = TARGET_SEGV_MAPERR;
2498             info._sifields._sigfault._addr = env->CP0_BadVAddr;
2499             queue_signal(env, info.si_signo, &info);
2500             break;
2501         case EXCP_CpU:
2502         case EXCP_RI:
2503             info.si_signo = TARGET_SIGILL;
2504             info.si_errno = 0;
2505             info.si_code = 0;
2506             queue_signal(env, info.si_signo, &info);
2507             break;
2508         case EXCP_INTERRUPT:
2509             /* just indicate that signals should be handled asap */
2510             break;
2511         case EXCP_DEBUG:
2512             {
2513                 int sig;
2514 
2515                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2516                 if (sig)
2517                   {
2518                     info.si_signo = sig;
2519                     info.si_errno = 0;
2520                     info.si_code = TARGET_TRAP_BRKPT;
2521                     queue_signal(env, info.si_signo, &info);
2522                   }
2523             }
2524             break;
2525         case EXCP_SC:
2526             if (do_store_exclusive(env)) {
2527                 info.si_signo = TARGET_SIGSEGV;
2528                 info.si_errno = 0;
2529                 info.si_code = TARGET_SEGV_MAPERR;
2530                 info._sifields._sigfault._addr = env->active_tc.PC;
2531                 queue_signal(env, info.si_signo, &info);
2532             }
2533             break;
2534         case EXCP_DSPDIS:
2535             info.si_signo = TARGET_SIGILL;
2536             info.si_errno = 0;
2537             info.si_code = TARGET_ILL_ILLOPC;
2538             queue_signal(env, info.si_signo, &info);
2539             break;
2540         /* The code below was inspired by the MIPS Linux kernel trap
2541          * handling code in arch/mips/kernel/traps.c.
2542          */
2543         case EXCP_BREAK:
2544             {
2545                 abi_ulong trap_instr;
2546                 unsigned int code;
2547 
2548                 if (env->hflags & MIPS_HFLAG_M16) {
2549                     if (env->insn_flags & ASE_MICROMIPS) {
2550                         /* microMIPS mode */
2551                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2552                         if (ret != 0) {
2553                             goto error;
2554                         }
2555 
2556                         if ((trap_instr >> 10) == 0x11) {
2557                             /* 16-bit instruction */
2558                             code = trap_instr & 0xf;
2559                         } else {
2560                             /* 32-bit instruction */
2561                             abi_ulong instr_lo;
2562 
2563                             ret = get_user_u16(instr_lo,
2564                                                env->active_tc.PC + 2);
2565                             if (ret != 0) {
2566                                 goto error;
2567                             }
2568                             trap_instr = (trap_instr << 16) | instr_lo;
2569                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
2570                             /* Unfortunately, microMIPS also suffers from
2571                                the old assembler bug...  */
2572                             if (code >= (1 << 10)) {
2573                                 code >>= 10;
2574                             }
2575                         }
2576                     } else {
2577                         /* MIPS16e mode */
2578                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2579                         if (ret != 0) {
2580                             goto error;
2581                         }
2582                         code = (trap_instr >> 6) & 0x3f;
2583                     }
2584                 } else {
2585                     ret = get_user_ual(trap_instr, env->active_tc.PC);
2586                     if (ret != 0) {
2587                         goto error;
2588                     }
2589 
2590                     /* As described in the original Linux kernel code, the
2591                      * below checks on 'code' are to work around an old
2592                      * assembly bug.
2593                      */
2594                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
2595                     if (code >= (1 << 10)) {
2596                         code >>= 10;
2597                     }
2598                 }
2599 
2600                 if (do_break(env, &info, code) != 0) {
2601                     goto error;
2602                 }
2603             }
2604             break;
2605         case EXCP_TRAP:
2606             {
2607                 abi_ulong trap_instr;
2608                 unsigned int code = 0;
2609 
2610                 if (env->hflags & MIPS_HFLAG_M16) {
2611                     /* microMIPS mode */
2612                     abi_ulong instr[2];
2613 
2614                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
2615                           get_user_u16(instr[1], env->active_tc.PC + 2);
2616 
2617                     trap_instr = (instr[0] << 16) | instr[1];
2618                 } else {
2619                     ret = get_user_ual(trap_instr, env->active_tc.PC);
2620                 }
2621 
2622                 if (ret != 0) {
2623                     goto error;
2624                 }
2625 
2626                 /* The immediate versions don't provide a code.  */
2627                 if (!(trap_instr & 0xFC000000)) {
2628                     if (env->hflags & MIPS_HFLAG_M16) {
2629                         /* microMIPS mode */
2630                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
2631                     } else {
2632                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
2633                     }
2634                 }
2635 
2636                 if (do_break(env, &info, code) != 0) {
2637                     goto error;
2638                 }
2639             }
2640             break;
2641         default:
2642 error:
2643             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
2644                     trapnr);
2645             cpu_dump_state(cs, stderr, fprintf, 0);
2646             abort();
2647         }
2648         process_pending_signals(env);
2649     }
2650 }
2651 #endif
2652 
2653 #ifdef TARGET_OPENRISC
2654 
2655 void cpu_loop(CPUOpenRISCState *env)
2656 {
2657     CPUState *cs = CPU(openrisc_env_get_cpu(env));
2658     int trapnr, gdbsig;
2659 
2660     for (;;) {
2661         cpu_exec_start(cs);
2662         trapnr = cpu_exec(env);
2663         cpu_exec_end(cs);
2664         gdbsig = 0;
2665 
2666         switch (trapnr) {
2667         case EXCP_RESET:
2668             qemu_log("\nReset request, exit, pc is %#x\n", env->pc);
2669             exit(1);
2670             break;
2671         case EXCP_BUSERR:
2672             qemu_log("\nBus error, exit, pc is %#x\n", env->pc);
2673             gdbsig = TARGET_SIGBUS;
2674             break;
2675         case EXCP_DPF:
2676         case EXCP_IPF:
2677             cpu_dump_state(cs, stderr, fprintf, 0);
2678             gdbsig = TARGET_SIGSEGV;
2679             break;
2680         case EXCP_TICK:
2681             qemu_log("\nTick time interrupt pc is %#x\n", env->pc);
2682             break;
2683         case EXCP_ALIGN:
2684             qemu_log("\nAlignment pc is %#x\n", env->pc);
2685             gdbsig = TARGET_SIGBUS;
2686             break;
2687         case EXCP_ILLEGAL:
2688             qemu_log("\nIllegal instructionpc is %#x\n", env->pc);
2689             gdbsig = TARGET_SIGILL;
2690             break;
2691         case EXCP_INT:
2692             qemu_log("\nExternal interruptpc is %#x\n", env->pc);
2693             break;
2694         case EXCP_DTLBMISS:
2695         case EXCP_ITLBMISS:
2696             qemu_log("\nTLB miss\n");
2697             break;
2698         case EXCP_RANGE:
2699             qemu_log("\nRange\n");
2700             gdbsig = TARGET_SIGSEGV;
2701             break;
2702         case EXCP_SYSCALL:
2703             env->pc += 4;   /* 0xc00; */
2704             env->gpr[11] = do_syscall(env,
2705                                       env->gpr[11], /* return value       */
2706                                       env->gpr[3],  /* r3 - r7 are params */
2707                                       env->gpr[4],
2708                                       env->gpr[5],
2709                                       env->gpr[6],
2710                                       env->gpr[7],
2711                                       env->gpr[8], 0, 0);
2712             break;
2713         case EXCP_FPE:
2714             qemu_log("\nFloating point error\n");
2715             break;
2716         case EXCP_TRAP:
2717             qemu_log("\nTrap\n");
2718             gdbsig = TARGET_SIGTRAP;
2719             break;
2720         case EXCP_NR:
2721             qemu_log("\nNR\n");
2722             break;
2723         default:
2724             qemu_log("\nqemu: unhandled CPU exception %#x - aborting\n",
2725                      trapnr);
2726             cpu_dump_state(cs, stderr, fprintf, 0);
2727             gdbsig = TARGET_SIGILL;
2728             break;
2729         }
2730         if (gdbsig) {
2731             gdb_handlesig(cs, gdbsig);
2732             if (gdbsig != TARGET_SIGTRAP) {
2733                 exit(1);
2734             }
2735         }
2736 
2737         process_pending_signals(env);
2738     }
2739 }
2740 
2741 #endif /* TARGET_OPENRISC */
2742 
2743 #ifdef TARGET_SH4
2744 void cpu_loop(CPUSH4State *env)
2745 {
2746     CPUState *cs = CPU(sh_env_get_cpu(env));
2747     int trapnr, ret;
2748     target_siginfo_t info;
2749 
2750     while (1) {
2751         cpu_exec_start(cs);
2752         trapnr = cpu_sh4_exec (env);
2753         cpu_exec_end(cs);
2754 
2755         switch (trapnr) {
2756         case 0x160:
2757             env->pc += 2;
2758             ret = do_syscall(env,
2759                              env->gregs[3],
2760                              env->gregs[4],
2761                              env->gregs[5],
2762                              env->gregs[6],
2763                              env->gregs[7],
2764                              env->gregs[0],
2765                              env->gregs[1],
2766                              0, 0);
2767             env->gregs[0] = ret;
2768             break;
2769         case EXCP_INTERRUPT:
2770             /* just indicate that signals should be handled asap */
2771             break;
2772         case EXCP_DEBUG:
2773             {
2774                 int sig;
2775 
2776                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2777                 if (sig)
2778                   {
2779                     info.si_signo = sig;
2780                     info.si_errno = 0;
2781                     info.si_code = TARGET_TRAP_BRKPT;
2782                     queue_signal(env, info.si_signo, &info);
2783                   }
2784             }
2785             break;
2786 	case 0xa0:
2787 	case 0xc0:
2788             info.si_signo = TARGET_SIGSEGV;
2789             info.si_errno = 0;
2790             info.si_code = TARGET_SEGV_MAPERR;
2791             info._sifields._sigfault._addr = env->tea;
2792             queue_signal(env, info.si_signo, &info);
2793 	    break;
2794 
2795         default:
2796             printf ("Unhandled trap: 0x%x\n", trapnr);
2797             cpu_dump_state(cs, stderr, fprintf, 0);
2798             exit (1);
2799         }
2800         process_pending_signals (env);
2801     }
2802 }
2803 #endif
2804 
2805 #ifdef TARGET_CRIS
2806 void cpu_loop(CPUCRISState *env)
2807 {
2808     CPUState *cs = CPU(cris_env_get_cpu(env));
2809     int trapnr, ret;
2810     target_siginfo_t info;
2811 
2812     while (1) {
2813         cpu_exec_start(cs);
2814         trapnr = cpu_cris_exec (env);
2815         cpu_exec_end(cs);
2816         switch (trapnr) {
2817         case 0xaa:
2818             {
2819                 info.si_signo = TARGET_SIGSEGV;
2820                 info.si_errno = 0;
2821                 /* XXX: check env->error_code */
2822                 info.si_code = TARGET_SEGV_MAPERR;
2823                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
2824                 queue_signal(env, info.si_signo, &info);
2825             }
2826             break;
2827 	case EXCP_INTERRUPT:
2828 	  /* just indicate that signals should be handled asap */
2829 	  break;
2830         case EXCP_BREAK:
2831             ret = do_syscall(env,
2832                              env->regs[9],
2833                              env->regs[10],
2834                              env->regs[11],
2835                              env->regs[12],
2836                              env->regs[13],
2837                              env->pregs[7],
2838                              env->pregs[11],
2839                              0, 0);
2840             env->regs[10] = ret;
2841             break;
2842         case EXCP_DEBUG:
2843             {
2844                 int sig;
2845 
2846                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2847                 if (sig)
2848                   {
2849                     info.si_signo = sig;
2850                     info.si_errno = 0;
2851                     info.si_code = TARGET_TRAP_BRKPT;
2852                     queue_signal(env, info.si_signo, &info);
2853                   }
2854             }
2855             break;
2856         default:
2857             printf ("Unhandled trap: 0x%x\n", trapnr);
2858             cpu_dump_state(cs, stderr, fprintf, 0);
2859             exit (1);
2860         }
2861         process_pending_signals (env);
2862     }
2863 }
2864 #endif
2865 
2866 #ifdef TARGET_MICROBLAZE
2867 void cpu_loop(CPUMBState *env)
2868 {
2869     CPUState *cs = CPU(mb_env_get_cpu(env));
2870     int trapnr, ret;
2871     target_siginfo_t info;
2872 
2873     while (1) {
2874         cpu_exec_start(cs);
2875         trapnr = cpu_mb_exec (env);
2876         cpu_exec_end(cs);
2877         switch (trapnr) {
2878         case 0xaa:
2879             {
2880                 info.si_signo = TARGET_SIGSEGV;
2881                 info.si_errno = 0;
2882                 /* XXX: check env->error_code */
2883                 info.si_code = TARGET_SEGV_MAPERR;
2884                 info._sifields._sigfault._addr = 0;
2885                 queue_signal(env, info.si_signo, &info);
2886             }
2887             break;
2888 	case EXCP_INTERRUPT:
2889 	  /* just indicate that signals should be handled asap */
2890 	  break;
2891         case EXCP_BREAK:
2892             /* Return address is 4 bytes after the call.  */
2893             env->regs[14] += 4;
2894             env->sregs[SR_PC] = env->regs[14];
2895             ret = do_syscall(env,
2896                              env->regs[12],
2897                              env->regs[5],
2898                              env->regs[6],
2899                              env->regs[7],
2900                              env->regs[8],
2901                              env->regs[9],
2902                              env->regs[10],
2903                              0, 0);
2904             env->regs[3] = ret;
2905             break;
2906         case EXCP_HW_EXCP:
2907             env->regs[17] = env->sregs[SR_PC] + 4;
2908             if (env->iflags & D_FLAG) {
2909                 env->sregs[SR_ESR] |= 1 << 12;
2910                 env->sregs[SR_PC] -= 4;
2911                 /* FIXME: if branch was immed, replay the imm as well.  */
2912             }
2913 
2914             env->iflags &= ~(IMM_FLAG | D_FLAG);
2915 
2916             switch (env->sregs[SR_ESR] & 31) {
2917                 case ESR_EC_DIVZERO:
2918                     info.si_signo = TARGET_SIGFPE;
2919                     info.si_errno = 0;
2920                     info.si_code = TARGET_FPE_FLTDIV;
2921                     info._sifields._sigfault._addr = 0;
2922                     queue_signal(env, info.si_signo, &info);
2923                     break;
2924                 case ESR_EC_FPU:
2925                     info.si_signo = TARGET_SIGFPE;
2926                     info.si_errno = 0;
2927                     if (env->sregs[SR_FSR] & FSR_IO) {
2928                         info.si_code = TARGET_FPE_FLTINV;
2929                     }
2930                     if (env->sregs[SR_FSR] & FSR_DZ) {
2931                         info.si_code = TARGET_FPE_FLTDIV;
2932                     }
2933                     info._sifields._sigfault._addr = 0;
2934                     queue_signal(env, info.si_signo, &info);
2935                     break;
2936                 default:
2937                     printf ("Unhandled hw-exception: 0x%x\n",
2938                             env->sregs[SR_ESR] & ESR_EC_MASK);
2939                     cpu_dump_state(cs, stderr, fprintf, 0);
2940                     exit (1);
2941                     break;
2942             }
2943             break;
2944         case EXCP_DEBUG:
2945             {
2946                 int sig;
2947 
2948                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2949                 if (sig)
2950                   {
2951                     info.si_signo = sig;
2952                     info.si_errno = 0;
2953                     info.si_code = TARGET_TRAP_BRKPT;
2954                     queue_signal(env, info.si_signo, &info);
2955                   }
2956             }
2957             break;
2958         default:
2959             printf ("Unhandled trap: 0x%x\n", trapnr);
2960             cpu_dump_state(cs, stderr, fprintf, 0);
2961             exit (1);
2962         }
2963         process_pending_signals (env);
2964     }
2965 }
2966 #endif
2967 
2968 #ifdef TARGET_M68K
2969 
2970 void cpu_loop(CPUM68KState *env)
2971 {
2972     CPUState *cs = CPU(m68k_env_get_cpu(env));
2973     int trapnr;
2974     unsigned int n;
2975     target_siginfo_t info;
2976     TaskState *ts = cs->opaque;
2977 
2978     for(;;) {
2979         cpu_exec_start(cs);
2980         trapnr = cpu_m68k_exec(env);
2981         cpu_exec_end(cs);
2982         switch(trapnr) {
2983         case EXCP_ILLEGAL:
2984             {
2985                 if (ts->sim_syscalls) {
2986                     uint16_t nr;
2987                     get_user_u16(nr, env->pc + 2);
2988                     env->pc += 4;
2989                     do_m68k_simcall(env, nr);
2990                 } else {
2991                     goto do_sigill;
2992                 }
2993             }
2994             break;
2995         case EXCP_HALT_INSN:
2996             /* Semihosing syscall.  */
2997             env->pc += 4;
2998             do_m68k_semihosting(env, env->dregs[0]);
2999             break;
3000         case EXCP_LINEA:
3001         case EXCP_LINEF:
3002         case EXCP_UNSUPPORTED:
3003         do_sigill:
3004             info.si_signo = TARGET_SIGILL;
3005             info.si_errno = 0;
3006             info.si_code = TARGET_ILL_ILLOPN;
3007             info._sifields._sigfault._addr = env->pc;
3008             queue_signal(env, info.si_signo, &info);
3009             break;
3010         case EXCP_TRAP0:
3011             {
3012                 ts->sim_syscalls = 0;
3013                 n = env->dregs[0];
3014                 env->pc += 2;
3015                 env->dregs[0] = do_syscall(env,
3016                                           n,
3017                                           env->dregs[1],
3018                                           env->dregs[2],
3019                                           env->dregs[3],
3020                                           env->dregs[4],
3021                                           env->dregs[5],
3022                                           env->aregs[0],
3023                                           0, 0);
3024             }
3025             break;
3026         case EXCP_INTERRUPT:
3027             /* just indicate that signals should be handled asap */
3028             break;
3029         case EXCP_ACCESS:
3030             {
3031                 info.si_signo = TARGET_SIGSEGV;
3032                 info.si_errno = 0;
3033                 /* XXX: check env->error_code */
3034                 info.si_code = TARGET_SEGV_MAPERR;
3035                 info._sifields._sigfault._addr = env->mmu.ar;
3036                 queue_signal(env, info.si_signo, &info);
3037             }
3038             break;
3039         case EXCP_DEBUG:
3040             {
3041                 int sig;
3042 
3043                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3044                 if (sig)
3045                   {
3046                     info.si_signo = sig;
3047                     info.si_errno = 0;
3048                     info.si_code = TARGET_TRAP_BRKPT;
3049                     queue_signal(env, info.si_signo, &info);
3050                   }
3051             }
3052             break;
3053         default:
3054             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
3055                     trapnr);
3056             cpu_dump_state(cs, stderr, fprintf, 0);
3057             abort();
3058         }
3059         process_pending_signals(env);
3060     }
3061 }
3062 #endif /* TARGET_M68K */
3063 
3064 #ifdef TARGET_ALPHA
3065 static void do_store_exclusive(CPUAlphaState *env, int reg, int quad)
3066 {
3067     target_ulong addr, val, tmp;
3068     target_siginfo_t info;
3069     int ret = 0;
3070 
3071     addr = env->lock_addr;
3072     tmp = env->lock_st_addr;
3073     env->lock_addr = -1;
3074     env->lock_st_addr = 0;
3075 
3076     start_exclusive();
3077     mmap_lock();
3078 
3079     if (addr == tmp) {
3080         if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3081             goto do_sigsegv;
3082         }
3083 
3084         if (val == env->lock_value) {
3085             tmp = env->ir[reg];
3086             if (quad ? put_user_u64(tmp, addr) : put_user_u32(tmp, addr)) {
3087                 goto do_sigsegv;
3088             }
3089             ret = 1;
3090         }
3091     }
3092     env->ir[reg] = ret;
3093     env->pc += 4;
3094 
3095     mmap_unlock();
3096     end_exclusive();
3097     return;
3098 
3099  do_sigsegv:
3100     mmap_unlock();
3101     end_exclusive();
3102 
3103     info.si_signo = TARGET_SIGSEGV;
3104     info.si_errno = 0;
3105     info.si_code = TARGET_SEGV_MAPERR;
3106     info._sifields._sigfault._addr = addr;
3107     queue_signal(env, TARGET_SIGSEGV, &info);
3108 }
3109 
3110 void cpu_loop(CPUAlphaState *env)
3111 {
3112     CPUState *cs = CPU(alpha_env_get_cpu(env));
3113     int trapnr;
3114     target_siginfo_t info;
3115     abi_long sysret;
3116 
3117     while (1) {
3118         cpu_exec_start(cs);
3119         trapnr = cpu_alpha_exec (env);
3120         cpu_exec_end(cs);
3121 
3122         /* All of the traps imply a transition through PALcode, which
3123            implies an REI instruction has been executed.  Which means
3124            that the intr_flag should be cleared.  */
3125         env->intr_flag = 0;
3126 
3127         switch (trapnr) {
3128         case EXCP_RESET:
3129             fprintf(stderr, "Reset requested. Exit\n");
3130             exit(1);
3131             break;
3132         case EXCP_MCHK:
3133             fprintf(stderr, "Machine check exception. Exit\n");
3134             exit(1);
3135             break;
3136         case EXCP_SMP_INTERRUPT:
3137         case EXCP_CLK_INTERRUPT:
3138         case EXCP_DEV_INTERRUPT:
3139             fprintf(stderr, "External interrupt. Exit\n");
3140             exit(1);
3141             break;
3142         case EXCP_MMFAULT:
3143             env->lock_addr = -1;
3144             info.si_signo = TARGET_SIGSEGV;
3145             info.si_errno = 0;
3146             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
3147                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
3148             info._sifields._sigfault._addr = env->trap_arg0;
3149             queue_signal(env, info.si_signo, &info);
3150             break;
3151         case EXCP_UNALIGN:
3152             env->lock_addr = -1;
3153             info.si_signo = TARGET_SIGBUS;
3154             info.si_errno = 0;
3155             info.si_code = TARGET_BUS_ADRALN;
3156             info._sifields._sigfault._addr = env->trap_arg0;
3157             queue_signal(env, info.si_signo, &info);
3158             break;
3159         case EXCP_OPCDEC:
3160         do_sigill:
3161             env->lock_addr = -1;
3162             info.si_signo = TARGET_SIGILL;
3163             info.si_errno = 0;
3164             info.si_code = TARGET_ILL_ILLOPC;
3165             info._sifields._sigfault._addr = env->pc;
3166             queue_signal(env, info.si_signo, &info);
3167             break;
3168         case EXCP_ARITH:
3169             env->lock_addr = -1;
3170             info.si_signo = TARGET_SIGFPE;
3171             info.si_errno = 0;
3172             info.si_code = TARGET_FPE_FLTINV;
3173             info._sifields._sigfault._addr = env->pc;
3174             queue_signal(env, info.si_signo, &info);
3175             break;
3176         case EXCP_FEN:
3177             /* No-op.  Linux simply re-enables the FPU.  */
3178             break;
3179         case EXCP_CALL_PAL:
3180             env->lock_addr = -1;
3181             switch (env->error_code) {
3182             case 0x80:
3183                 /* BPT */
3184                 info.si_signo = TARGET_SIGTRAP;
3185                 info.si_errno = 0;
3186                 info.si_code = TARGET_TRAP_BRKPT;
3187                 info._sifields._sigfault._addr = env->pc;
3188                 queue_signal(env, info.si_signo, &info);
3189                 break;
3190             case 0x81:
3191                 /* BUGCHK */
3192                 info.si_signo = TARGET_SIGTRAP;
3193                 info.si_errno = 0;
3194                 info.si_code = 0;
3195                 info._sifields._sigfault._addr = env->pc;
3196                 queue_signal(env, info.si_signo, &info);
3197                 break;
3198             case 0x83:
3199                 /* CALLSYS */
3200                 trapnr = env->ir[IR_V0];
3201                 sysret = do_syscall(env, trapnr,
3202                                     env->ir[IR_A0], env->ir[IR_A1],
3203                                     env->ir[IR_A2], env->ir[IR_A3],
3204                                     env->ir[IR_A4], env->ir[IR_A5],
3205                                     0, 0);
3206                 if (trapnr == TARGET_NR_sigreturn
3207                     || trapnr == TARGET_NR_rt_sigreturn) {
3208                     break;
3209                 }
3210                 /* Syscall writes 0 to V0 to bypass error check, similar
3211                    to how this is handled internal to Linux kernel.
3212                    (Ab)use trapnr temporarily as boolean indicating error.  */
3213                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
3214                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
3215                 env->ir[IR_A3] = trapnr;
3216                 break;
3217             case 0x86:
3218                 /* IMB */
3219                 /* ??? We can probably elide the code using page_unprotect
3220                    that is checking for self-modifying code.  Instead we
3221                    could simply call tb_flush here.  Until we work out the
3222                    changes required to turn off the extra write protection,
3223                    this can be a no-op.  */
3224                 break;
3225             case 0x9E:
3226                 /* RDUNIQUE */
3227                 /* Handled in the translator for usermode.  */
3228                 abort();
3229             case 0x9F:
3230                 /* WRUNIQUE */
3231                 /* Handled in the translator for usermode.  */
3232                 abort();
3233             case 0xAA:
3234                 /* GENTRAP */
3235                 info.si_signo = TARGET_SIGFPE;
3236                 switch (env->ir[IR_A0]) {
3237                 case TARGET_GEN_INTOVF:
3238                     info.si_code = TARGET_FPE_INTOVF;
3239                     break;
3240                 case TARGET_GEN_INTDIV:
3241                     info.si_code = TARGET_FPE_INTDIV;
3242                     break;
3243                 case TARGET_GEN_FLTOVF:
3244                     info.si_code = TARGET_FPE_FLTOVF;
3245                     break;
3246                 case TARGET_GEN_FLTUND:
3247                     info.si_code = TARGET_FPE_FLTUND;
3248                     break;
3249                 case TARGET_GEN_FLTINV:
3250                     info.si_code = TARGET_FPE_FLTINV;
3251                     break;
3252                 case TARGET_GEN_FLTINE:
3253                     info.si_code = TARGET_FPE_FLTRES;
3254                     break;
3255                 case TARGET_GEN_ROPRAND:
3256                     info.si_code = 0;
3257                     break;
3258                 default:
3259                     info.si_signo = TARGET_SIGTRAP;
3260                     info.si_code = 0;
3261                     break;
3262                 }
3263                 info.si_errno = 0;
3264                 info._sifields._sigfault._addr = env->pc;
3265                 queue_signal(env, info.si_signo, &info);
3266                 break;
3267             default:
3268                 goto do_sigill;
3269             }
3270             break;
3271         case EXCP_DEBUG:
3272             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
3273             if (info.si_signo) {
3274                 env->lock_addr = -1;
3275                 info.si_errno = 0;
3276                 info.si_code = TARGET_TRAP_BRKPT;
3277                 queue_signal(env, info.si_signo, &info);
3278             }
3279             break;
3280         case EXCP_STL_C:
3281         case EXCP_STQ_C:
3282             do_store_exclusive(env, env->error_code, trapnr - EXCP_STL_C);
3283             break;
3284         case EXCP_INTERRUPT:
3285             /* Just indicate that signals should be handled asap.  */
3286             break;
3287         default:
3288             printf ("Unhandled trap: 0x%x\n", trapnr);
3289             cpu_dump_state(cs, stderr, fprintf, 0);
3290             exit (1);
3291         }
3292         process_pending_signals (env);
3293     }
3294 }
3295 #endif /* TARGET_ALPHA */
3296 
3297 #ifdef TARGET_S390X
3298 void cpu_loop(CPUS390XState *env)
3299 {
3300     CPUState *cs = CPU(s390_env_get_cpu(env));
3301     int trapnr, n, sig;
3302     target_siginfo_t info;
3303     target_ulong addr;
3304 
3305     while (1) {
3306         cpu_exec_start(cs);
3307         trapnr = cpu_s390x_exec(env);
3308         cpu_exec_end(cs);
3309         switch (trapnr) {
3310         case EXCP_INTERRUPT:
3311             /* Just indicate that signals should be handled asap.  */
3312             break;
3313 
3314         case EXCP_SVC:
3315             n = env->int_svc_code;
3316             if (!n) {
3317                 /* syscalls > 255 */
3318                 n = env->regs[1];
3319             }
3320             env->psw.addr += env->int_svc_ilen;
3321             env->regs[2] = do_syscall(env, n, env->regs[2], env->regs[3],
3322                                       env->regs[4], env->regs[5],
3323                                       env->regs[6], env->regs[7], 0, 0);
3324             break;
3325 
3326         case EXCP_DEBUG:
3327             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3328             if (sig) {
3329                 n = TARGET_TRAP_BRKPT;
3330                 goto do_signal_pc;
3331             }
3332             break;
3333         case EXCP_PGM:
3334             n = env->int_pgm_code;
3335             switch (n) {
3336             case PGM_OPERATION:
3337             case PGM_PRIVILEGED:
3338                 sig = TARGET_SIGILL;
3339                 n = TARGET_ILL_ILLOPC;
3340                 goto do_signal_pc;
3341             case PGM_PROTECTION:
3342             case PGM_ADDRESSING:
3343                 sig = TARGET_SIGSEGV;
3344                 /* XXX: check env->error_code */
3345                 n = TARGET_SEGV_MAPERR;
3346                 addr = env->__excp_addr;
3347                 goto do_signal;
3348             case PGM_EXECUTE:
3349             case PGM_SPECIFICATION:
3350             case PGM_SPECIAL_OP:
3351             case PGM_OPERAND:
3352             do_sigill_opn:
3353                 sig = TARGET_SIGILL;
3354                 n = TARGET_ILL_ILLOPN;
3355                 goto do_signal_pc;
3356 
3357             case PGM_FIXPT_OVERFLOW:
3358                 sig = TARGET_SIGFPE;
3359                 n = TARGET_FPE_INTOVF;
3360                 goto do_signal_pc;
3361             case PGM_FIXPT_DIVIDE:
3362                 sig = TARGET_SIGFPE;
3363                 n = TARGET_FPE_INTDIV;
3364                 goto do_signal_pc;
3365 
3366             case PGM_DATA:
3367                 n = (env->fpc >> 8) & 0xff;
3368                 if (n == 0xff) {
3369                     /* compare-and-trap */
3370                     goto do_sigill_opn;
3371                 } else {
3372                     /* An IEEE exception, simulated or otherwise.  */
3373                     if (n & 0x80) {
3374                         n = TARGET_FPE_FLTINV;
3375                     } else if (n & 0x40) {
3376                         n = TARGET_FPE_FLTDIV;
3377                     } else if (n & 0x20) {
3378                         n = TARGET_FPE_FLTOVF;
3379                     } else if (n & 0x10) {
3380                         n = TARGET_FPE_FLTUND;
3381                     } else if (n & 0x08) {
3382                         n = TARGET_FPE_FLTRES;
3383                     } else {
3384                         /* ??? Quantum exception; BFP, DFP error.  */
3385                         goto do_sigill_opn;
3386                     }
3387                     sig = TARGET_SIGFPE;
3388                     goto do_signal_pc;
3389                 }
3390 
3391             default:
3392                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
3393                 cpu_dump_state(cs, stderr, fprintf, 0);
3394                 exit(1);
3395             }
3396             break;
3397 
3398         do_signal_pc:
3399             addr = env->psw.addr;
3400         do_signal:
3401             info.si_signo = sig;
3402             info.si_errno = 0;
3403             info.si_code = n;
3404             info._sifields._sigfault._addr = addr;
3405             queue_signal(env, info.si_signo, &info);
3406             break;
3407 
3408         default:
3409             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
3410             cpu_dump_state(cs, stderr, fprintf, 0);
3411             exit(1);
3412         }
3413         process_pending_signals (env);
3414     }
3415 }
3416 
3417 #endif /* TARGET_S390X */
3418 
3419 THREAD CPUState *thread_cpu;
3420 
3421 void task_settid(TaskState *ts)
3422 {
3423     if (ts->ts_tid == 0) {
3424         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3425     }
3426 }
3427 
3428 void stop_all_tasks(void)
3429 {
3430     /*
3431      * We trust that when using NPTL, start_exclusive()
3432      * handles thread stopping correctly.
3433      */
3434     start_exclusive();
3435 }
3436 
3437 /* Assumes contents are already zeroed.  */
3438 void init_task_state(TaskState *ts)
3439 {
3440     int i;
3441 
3442     ts->used = 1;
3443     ts->first_free = ts->sigqueue_table;
3444     for (i = 0; i < MAX_SIGQUEUE_SIZE - 1; i++) {
3445         ts->sigqueue_table[i].next = &ts->sigqueue_table[i + 1];
3446     }
3447     ts->sigqueue_table[i].next = NULL;
3448 }
3449 
3450 CPUArchState *cpu_copy(CPUArchState *env)
3451 {
3452     CPUState *cpu = ENV_GET_CPU(env);
3453     CPUState *new_cpu = cpu_init(cpu_model);
3454     CPUArchState *new_env = new_cpu->env_ptr;
3455     CPUBreakpoint *bp;
3456     CPUWatchpoint *wp;
3457 
3458     /* Reset non arch specific state */
3459     cpu_reset(new_cpu);
3460 
3461     memcpy(new_env, env, sizeof(CPUArchState));
3462 
3463     /* Clone all break/watchpoints.
3464        Note: Once we support ptrace with hw-debug register access, make sure
3465        BP_CPU break/watchpoints are handled correctly on clone. */
3466     QTAILQ_INIT(&cpu->breakpoints);
3467     QTAILQ_INIT(&cpu->watchpoints);
3468     QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
3469         cpu_breakpoint_insert(new_cpu, bp->pc, bp->flags, NULL);
3470     }
3471     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
3472         cpu_watchpoint_insert(new_cpu, wp->vaddr, wp->len, wp->flags, NULL);
3473     }
3474 
3475     return new_env;
3476 }
3477 
3478 static void handle_arg_help(const char *arg)
3479 {
3480     usage();
3481 }
3482 
3483 static void handle_arg_log(const char *arg)
3484 {
3485     int mask;
3486 
3487     mask = qemu_str_to_log_mask(arg);
3488     if (!mask) {
3489         qemu_print_log_usage(stdout);
3490         exit(1);
3491     }
3492     qemu_set_log(mask);
3493 }
3494 
3495 static void handle_arg_log_filename(const char *arg)
3496 {
3497     qemu_set_log_filename(arg);
3498 }
3499 
3500 static void handle_arg_set_env(const char *arg)
3501 {
3502     char *r, *p, *token;
3503     r = p = strdup(arg);
3504     while ((token = strsep(&p, ",")) != NULL) {
3505         if (envlist_setenv(envlist, token) != 0) {
3506             usage();
3507         }
3508     }
3509     free(r);
3510 }
3511 
3512 static void handle_arg_unset_env(const char *arg)
3513 {
3514     char *r, *p, *token;
3515     r = p = strdup(arg);
3516     while ((token = strsep(&p, ",")) != NULL) {
3517         if (envlist_unsetenv(envlist, token) != 0) {
3518             usage();
3519         }
3520     }
3521     free(r);
3522 }
3523 
3524 static void handle_arg_argv0(const char *arg)
3525 {
3526     argv0 = strdup(arg);
3527 }
3528 
3529 static void handle_arg_stack_size(const char *arg)
3530 {
3531     char *p;
3532     guest_stack_size = strtoul(arg, &p, 0);
3533     if (guest_stack_size == 0) {
3534         usage();
3535     }
3536 
3537     if (*p == 'M') {
3538         guest_stack_size *= 1024 * 1024;
3539     } else if (*p == 'k' || *p == 'K') {
3540         guest_stack_size *= 1024;
3541     }
3542 }
3543 
3544 static void handle_arg_ld_prefix(const char *arg)
3545 {
3546     interp_prefix = strdup(arg);
3547 }
3548 
3549 static void handle_arg_pagesize(const char *arg)
3550 {
3551     qemu_host_page_size = atoi(arg);
3552     if (qemu_host_page_size == 0 ||
3553         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
3554         fprintf(stderr, "page size must be a power of two\n");
3555         exit(1);
3556     }
3557 }
3558 
3559 static void handle_arg_randseed(const char *arg)
3560 {
3561     unsigned long long seed;
3562 
3563     if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
3564         fprintf(stderr, "Invalid seed number: %s\n", arg);
3565         exit(1);
3566     }
3567     srand(seed);
3568 }
3569 
3570 static void handle_arg_gdb(const char *arg)
3571 {
3572     gdbstub_port = atoi(arg);
3573 }
3574 
3575 static void handle_arg_uname(const char *arg)
3576 {
3577     qemu_uname_release = strdup(arg);
3578 }
3579 
3580 static void handle_arg_cpu(const char *arg)
3581 {
3582     cpu_model = strdup(arg);
3583     if (cpu_model == NULL || is_help_option(cpu_model)) {
3584         /* XXX: implement xxx_cpu_list for targets that still miss it */
3585 #if defined(cpu_list)
3586         cpu_list(stdout, &fprintf);
3587 #endif
3588         exit(1);
3589     }
3590 }
3591 
3592 #if defined(CONFIG_USE_GUEST_BASE)
3593 static void handle_arg_guest_base(const char *arg)
3594 {
3595     guest_base = strtol(arg, NULL, 0);
3596     have_guest_base = 1;
3597 }
3598 
3599 static void handle_arg_reserved_va(const char *arg)
3600 {
3601     char *p;
3602     int shift = 0;
3603     reserved_va = strtoul(arg, &p, 0);
3604     switch (*p) {
3605     case 'k':
3606     case 'K':
3607         shift = 10;
3608         break;
3609     case 'M':
3610         shift = 20;
3611         break;
3612     case 'G':
3613         shift = 30;
3614         break;
3615     }
3616     if (shift) {
3617         unsigned long unshifted = reserved_va;
3618         p++;
3619         reserved_va <<= shift;
3620         if (((reserved_va >> shift) != unshifted)
3621 #if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
3622             || (reserved_va > (1ul << TARGET_VIRT_ADDR_SPACE_BITS))
3623 #endif
3624             ) {
3625             fprintf(stderr, "Reserved virtual address too big\n");
3626             exit(1);
3627         }
3628     }
3629     if (*p) {
3630         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
3631         exit(1);
3632     }
3633 }
3634 #endif
3635 
3636 static void handle_arg_singlestep(const char *arg)
3637 {
3638     singlestep = 1;
3639 }
3640 
3641 static void handle_arg_strace(const char *arg)
3642 {
3643     do_strace = 1;
3644 }
3645 
3646 static void handle_arg_version(const char *arg)
3647 {
3648     printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
3649            ", Copyright (c) 2003-2008 Fabrice Bellard\n");
3650     exit(0);
3651 }
3652 
3653 struct qemu_argument {
3654     const char *argv;
3655     const char *env;
3656     bool has_arg;
3657     void (*handle_opt)(const char *arg);
3658     const char *example;
3659     const char *help;
3660 };
3661 
3662 static const struct qemu_argument arg_table[] = {
3663     {"h",          "",                 false, handle_arg_help,
3664      "",           "print this help"},
3665     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
3666      "port",       "wait gdb connection to 'port'"},
3667     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
3668      "path",       "set the elf interpreter prefix to 'path'"},
3669     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
3670      "size",       "set the stack size to 'size' bytes"},
3671     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
3672      "model",      "select CPU (-cpu help for list)"},
3673     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
3674      "var=value",  "sets targets environment variable (see below)"},
3675     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
3676      "var",        "unsets targets environment variable (see below)"},
3677     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
3678      "argv0",      "forces target process argv[0] to be 'argv0'"},
3679     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
3680      "uname",      "set qemu uname release string to 'uname'"},
3681 #if defined(CONFIG_USE_GUEST_BASE)
3682     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
3683      "address",    "set guest_base address to 'address'"},
3684     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
3685      "size",       "reserve 'size' bytes for guest virtual address space"},
3686 #endif
3687     {"d",          "QEMU_LOG",         true,  handle_arg_log,
3688      "item[,...]", "enable logging of specified items "
3689      "(use '-d help' for a list of items)"},
3690     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
3691      "logfile",     "write logs to 'logfile' (default stderr)"},
3692     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
3693      "pagesize",   "set the host page size to 'pagesize'"},
3694     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
3695      "",           "run in singlestep mode"},
3696     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
3697      "",           "log system calls"},
3698     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
3699      "",           "Seed for pseudo-random number generator"},
3700     {"version",    "QEMU_VERSION",     false, handle_arg_version,
3701      "",           "display version information and exit"},
3702     {NULL, NULL, false, NULL, NULL, NULL}
3703 };
3704 
3705 static void usage(void)
3706 {
3707     const struct qemu_argument *arginfo;
3708     int maxarglen;
3709     int maxenvlen;
3710 
3711     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
3712            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
3713            "\n"
3714            "Options and associated environment variables:\n"
3715            "\n");
3716 
3717     /* Calculate column widths. We must always have at least enough space
3718      * for the column header.
3719      */
3720     maxarglen = strlen("Argument");
3721     maxenvlen = strlen("Env-variable");
3722 
3723     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3724         int arglen = strlen(arginfo->argv);
3725         if (arginfo->has_arg) {
3726             arglen += strlen(arginfo->example) + 1;
3727         }
3728         if (strlen(arginfo->env) > maxenvlen) {
3729             maxenvlen = strlen(arginfo->env);
3730         }
3731         if (arglen > maxarglen) {
3732             maxarglen = arglen;
3733         }
3734     }
3735 
3736     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
3737             maxenvlen, "Env-variable");
3738 
3739     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3740         if (arginfo->has_arg) {
3741             printf("-%s %-*s %-*s %s\n", arginfo->argv,
3742                    (int)(maxarglen - strlen(arginfo->argv) - 1),
3743                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
3744         } else {
3745             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
3746                     maxenvlen, arginfo->env,
3747                     arginfo->help);
3748         }
3749     }
3750 
3751     printf("\n"
3752            "Defaults:\n"
3753            "QEMU_LD_PREFIX  = %s\n"
3754            "QEMU_STACK_SIZE = %ld byte\n",
3755            interp_prefix,
3756            guest_stack_size);
3757 
3758     printf("\n"
3759            "You can use -E and -U options or the QEMU_SET_ENV and\n"
3760            "QEMU_UNSET_ENV environment variables to set and unset\n"
3761            "environment variables for the target process.\n"
3762            "It is possible to provide several variables by separating them\n"
3763            "by commas in getsubopt(3) style. Additionally it is possible to\n"
3764            "provide the -E and -U options multiple times.\n"
3765            "The following lines are equivalent:\n"
3766            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
3767            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
3768            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
3769            "Note that if you provide several changes to a single variable\n"
3770            "the last change will stay in effect.\n");
3771 
3772     exit(1);
3773 }
3774 
3775 static int parse_args(int argc, char **argv)
3776 {
3777     const char *r;
3778     int optind;
3779     const struct qemu_argument *arginfo;
3780 
3781     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3782         if (arginfo->env == NULL) {
3783             continue;
3784         }
3785 
3786         r = getenv(arginfo->env);
3787         if (r != NULL) {
3788             arginfo->handle_opt(r);
3789         }
3790     }
3791 
3792     optind = 1;
3793     for (;;) {
3794         if (optind >= argc) {
3795             break;
3796         }
3797         r = argv[optind];
3798         if (r[0] != '-') {
3799             break;
3800         }
3801         optind++;
3802         r++;
3803         if (!strcmp(r, "-")) {
3804             break;
3805         }
3806 
3807         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3808             if (!strcmp(r, arginfo->argv)) {
3809                 if (arginfo->has_arg) {
3810                     if (optind >= argc) {
3811                         usage();
3812                     }
3813                     arginfo->handle_opt(argv[optind]);
3814                     optind++;
3815                 } else {
3816                     arginfo->handle_opt(NULL);
3817                 }
3818                 break;
3819             }
3820         }
3821 
3822         /* no option matched the current argv */
3823         if (arginfo->handle_opt == NULL) {
3824             usage();
3825         }
3826     }
3827 
3828     if (optind >= argc) {
3829         usage();
3830     }
3831 
3832     filename = argv[optind];
3833     exec_path = argv[optind];
3834 
3835     return optind;
3836 }
3837 
3838 int main(int argc, char **argv, char **envp)
3839 {
3840     struct target_pt_regs regs1, *regs = &regs1;
3841     struct image_info info1, *info = &info1;
3842     struct linux_binprm bprm;
3843     TaskState *ts;
3844     CPUArchState *env;
3845     CPUState *cpu;
3846     int optind;
3847     char **target_environ, **wrk;
3848     char **target_argv;
3849     int target_argc;
3850     int i;
3851     int ret;
3852     int execfd;
3853 
3854     module_call_init(MODULE_INIT_QOM);
3855 
3856     if ((envlist = envlist_create()) == NULL) {
3857         (void) fprintf(stderr, "Unable to allocate envlist\n");
3858         exit(1);
3859     }
3860 
3861     /* add current environment into the list */
3862     for (wrk = environ; *wrk != NULL; wrk++) {
3863         (void) envlist_setenv(envlist, *wrk);
3864     }
3865 
3866     /* Read the stack limit from the kernel.  If it's "unlimited",
3867        then we can do little else besides use the default.  */
3868     {
3869         struct rlimit lim;
3870         if (getrlimit(RLIMIT_STACK, &lim) == 0
3871             && lim.rlim_cur != RLIM_INFINITY
3872             && lim.rlim_cur == (target_long)lim.rlim_cur) {
3873             guest_stack_size = lim.rlim_cur;
3874         }
3875     }
3876 
3877     cpu_model = NULL;
3878 #if defined(cpudef_setup)
3879     cpudef_setup(); /* parse cpu definitions in target config file (TBD) */
3880 #endif
3881 
3882     srand(time(NULL));
3883 
3884     optind = parse_args(argc, argv);
3885 
3886     /* Zero out regs */
3887     memset(regs, 0, sizeof(struct target_pt_regs));
3888 
3889     /* Zero out image_info */
3890     memset(info, 0, sizeof(struct image_info));
3891 
3892     memset(&bprm, 0, sizeof (bprm));
3893 
3894     /* Scan interp_prefix dir for replacement files. */
3895     init_paths(interp_prefix);
3896 
3897     init_qemu_uname_release();
3898 
3899     if (cpu_model == NULL) {
3900 #if defined(TARGET_I386)
3901 #ifdef TARGET_X86_64
3902         cpu_model = "qemu64";
3903 #else
3904         cpu_model = "qemu32";
3905 #endif
3906 #elif defined(TARGET_ARM)
3907         cpu_model = "any";
3908 #elif defined(TARGET_UNICORE32)
3909         cpu_model = "any";
3910 #elif defined(TARGET_M68K)
3911         cpu_model = "any";
3912 #elif defined(TARGET_SPARC)
3913 #ifdef TARGET_SPARC64
3914         cpu_model = "TI UltraSparc II";
3915 #else
3916         cpu_model = "Fujitsu MB86904";
3917 #endif
3918 #elif defined(TARGET_MIPS)
3919 #if defined(TARGET_ABI_MIPSN32) || defined(TARGET_ABI_MIPSN64)
3920         cpu_model = "5KEf";
3921 #else
3922         cpu_model = "24Kf";
3923 #endif
3924 #elif defined TARGET_OPENRISC
3925         cpu_model = "or1200";
3926 #elif defined(TARGET_PPC)
3927 # ifdef TARGET_PPC64
3928         cpu_model = "POWER7";
3929 # else
3930         cpu_model = "750";
3931 # endif
3932 #else
3933         cpu_model = "any";
3934 #endif
3935     }
3936     tcg_exec_init(0);
3937     cpu_exec_init_all();
3938     /* NOTE: we need to init the CPU at this stage to get
3939        qemu_host_page_size */
3940     cpu = cpu_init(cpu_model);
3941     if (!cpu) {
3942         fprintf(stderr, "Unable to find CPU definition\n");
3943         exit(1);
3944     }
3945     env = cpu->env_ptr;
3946     cpu_reset(cpu);
3947 
3948     thread_cpu = cpu;
3949 
3950     if (getenv("QEMU_STRACE")) {
3951         do_strace = 1;
3952     }
3953 
3954     if (getenv("QEMU_RAND_SEED")) {
3955         handle_arg_randseed(getenv("QEMU_RAND_SEED"));
3956     }
3957 
3958     target_environ = envlist_to_environ(envlist, NULL);
3959     envlist_free(envlist);
3960 
3961 #if defined(CONFIG_USE_GUEST_BASE)
3962     /*
3963      * Now that page sizes are configured in cpu_init() we can do
3964      * proper page alignment for guest_base.
3965      */
3966     guest_base = HOST_PAGE_ALIGN(guest_base);
3967 
3968     if (reserved_va || have_guest_base) {
3969         guest_base = init_guest_space(guest_base, reserved_va, 0,
3970                                       have_guest_base);
3971         if (guest_base == (unsigned long)-1) {
3972             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
3973                     "space for use as guest address space (check your virtual "
3974                     "memory ulimit setting or reserve less using -R option)\n",
3975                     reserved_va);
3976             exit(1);
3977         }
3978 
3979         if (reserved_va) {
3980             mmap_next_start = reserved_va;
3981         }
3982     }
3983 #endif /* CONFIG_USE_GUEST_BASE */
3984 
3985     /*
3986      * Read in mmap_min_addr kernel parameter.  This value is used
3987      * When loading the ELF image to determine whether guest_base
3988      * is needed.  It is also used in mmap_find_vma.
3989      */
3990     {
3991         FILE *fp;
3992 
3993         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
3994             unsigned long tmp;
3995             if (fscanf(fp, "%lu", &tmp) == 1) {
3996                 mmap_min_addr = tmp;
3997                 qemu_log("host mmap_min_addr=0x%lx\n", mmap_min_addr);
3998             }
3999             fclose(fp);
4000         }
4001     }
4002 
4003     /*
4004      * Prepare copy of argv vector for target.
4005      */
4006     target_argc = argc - optind;
4007     target_argv = calloc(target_argc + 1, sizeof (char *));
4008     if (target_argv == NULL) {
4009 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
4010 	exit(1);
4011     }
4012 
4013     /*
4014      * If argv0 is specified (using '-0' switch) we replace
4015      * argv[0] pointer with the given one.
4016      */
4017     i = 0;
4018     if (argv0 != NULL) {
4019         target_argv[i++] = strdup(argv0);
4020     }
4021     for (; i < target_argc; i++) {
4022         target_argv[i] = strdup(argv[optind + i]);
4023     }
4024     target_argv[target_argc] = NULL;
4025 
4026     ts = g_malloc0 (sizeof(TaskState));
4027     init_task_state(ts);
4028     /* build Task State */
4029     ts->info = info;
4030     ts->bprm = &bprm;
4031     cpu->opaque = ts;
4032     task_settid(ts);
4033 
4034     execfd = qemu_getauxval(AT_EXECFD);
4035     if (execfd == 0) {
4036         execfd = open(filename, O_RDONLY);
4037         if (execfd < 0) {
4038             printf("Error while loading %s: %s\n", filename, strerror(errno));
4039             _exit(1);
4040         }
4041     }
4042 
4043     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
4044         info, &bprm);
4045     if (ret != 0) {
4046         printf("Error while loading %s: %s\n", filename, strerror(-ret));
4047         _exit(1);
4048     }
4049 
4050     for (wrk = target_environ; *wrk; wrk++) {
4051         free(*wrk);
4052     }
4053 
4054     free(target_environ);
4055 
4056     if (qemu_log_enabled()) {
4057 #if defined(CONFIG_USE_GUEST_BASE)
4058         qemu_log("guest_base  0x%lx\n", guest_base);
4059 #endif
4060         log_page_dump();
4061 
4062         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
4063         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
4064         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n",
4065                  info->start_code);
4066         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n",
4067                  info->start_data);
4068         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
4069         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n",
4070                  info->start_stack);
4071         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
4072         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
4073     }
4074 
4075     target_set_brk(info->brk);
4076     syscall_init();
4077     signal_init();
4078 
4079 #if defined(CONFIG_USE_GUEST_BASE)
4080     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
4081        generating the prologue until now so that the prologue can take
4082        the real value of GUEST_BASE into account.  */
4083     tcg_prologue_init(&tcg_ctx);
4084 #endif
4085 
4086 #if defined(TARGET_I386)
4087     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
4088     env->hflags |= HF_PE_MASK | HF_CPL_MASK;
4089     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
4090         env->cr[4] |= CR4_OSFXSR_MASK;
4091         env->hflags |= HF_OSFXSR_MASK;
4092     }
4093 #ifndef TARGET_ABI32
4094     /* enable 64 bit mode if possible */
4095     if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
4096         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
4097         exit(1);
4098     }
4099     env->cr[4] |= CR4_PAE_MASK;
4100     env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
4101     env->hflags |= HF_LMA_MASK;
4102 #endif
4103 
4104     /* flags setup : we activate the IRQs by default as in user mode */
4105     env->eflags |= IF_MASK;
4106 
4107     /* linux register setup */
4108 #ifndef TARGET_ABI32
4109     env->regs[R_EAX] = regs->rax;
4110     env->regs[R_EBX] = regs->rbx;
4111     env->regs[R_ECX] = regs->rcx;
4112     env->regs[R_EDX] = regs->rdx;
4113     env->regs[R_ESI] = regs->rsi;
4114     env->regs[R_EDI] = regs->rdi;
4115     env->regs[R_EBP] = regs->rbp;
4116     env->regs[R_ESP] = regs->rsp;
4117     env->eip = regs->rip;
4118 #else
4119     env->regs[R_EAX] = regs->eax;
4120     env->regs[R_EBX] = regs->ebx;
4121     env->regs[R_ECX] = regs->ecx;
4122     env->regs[R_EDX] = regs->edx;
4123     env->regs[R_ESI] = regs->esi;
4124     env->regs[R_EDI] = regs->edi;
4125     env->regs[R_EBP] = regs->ebp;
4126     env->regs[R_ESP] = regs->esp;
4127     env->eip = regs->eip;
4128 #endif
4129 
4130     /* linux interrupt setup */
4131 #ifndef TARGET_ABI32
4132     env->idt.limit = 511;
4133 #else
4134     env->idt.limit = 255;
4135 #endif
4136     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
4137                                 PROT_READ|PROT_WRITE,
4138                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4139     idt_table = g2h(env->idt.base);
4140     set_idt(0, 0);
4141     set_idt(1, 0);
4142     set_idt(2, 0);
4143     set_idt(3, 3);
4144     set_idt(4, 3);
4145     set_idt(5, 0);
4146     set_idt(6, 0);
4147     set_idt(7, 0);
4148     set_idt(8, 0);
4149     set_idt(9, 0);
4150     set_idt(10, 0);
4151     set_idt(11, 0);
4152     set_idt(12, 0);
4153     set_idt(13, 0);
4154     set_idt(14, 0);
4155     set_idt(15, 0);
4156     set_idt(16, 0);
4157     set_idt(17, 0);
4158     set_idt(18, 0);
4159     set_idt(19, 0);
4160     set_idt(0x80, 3);
4161 
4162     /* linux segment setup */
4163     {
4164         uint64_t *gdt_table;
4165         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
4166                                     PROT_READ|PROT_WRITE,
4167                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4168         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
4169         gdt_table = g2h(env->gdt.base);
4170 #ifdef TARGET_ABI32
4171         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4172                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4173                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4174 #else
4175         /* 64 bit code segment */
4176         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4177                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4178                  DESC_L_MASK |
4179                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4180 #endif
4181         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
4182                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4183                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
4184     }
4185     cpu_x86_load_seg(env, R_CS, __USER_CS);
4186     cpu_x86_load_seg(env, R_SS, __USER_DS);
4187 #ifdef TARGET_ABI32
4188     cpu_x86_load_seg(env, R_DS, __USER_DS);
4189     cpu_x86_load_seg(env, R_ES, __USER_DS);
4190     cpu_x86_load_seg(env, R_FS, __USER_DS);
4191     cpu_x86_load_seg(env, R_GS, __USER_DS);
4192     /* This hack makes Wine work... */
4193     env->segs[R_FS].selector = 0;
4194 #else
4195     cpu_x86_load_seg(env, R_DS, 0);
4196     cpu_x86_load_seg(env, R_ES, 0);
4197     cpu_x86_load_seg(env, R_FS, 0);
4198     cpu_x86_load_seg(env, R_GS, 0);
4199 #endif
4200 #elif defined(TARGET_AARCH64)
4201     {
4202         int i;
4203 
4204         if (!(arm_feature(env, ARM_FEATURE_AARCH64))) {
4205             fprintf(stderr,
4206                     "The selected ARM CPU does not support 64 bit mode\n");
4207             exit(1);
4208         }
4209 
4210         for (i = 0; i < 31; i++) {
4211             env->xregs[i] = regs->regs[i];
4212         }
4213         env->pc = regs->pc;
4214         env->xregs[31] = regs->sp;
4215     }
4216 #elif defined(TARGET_ARM)
4217     {
4218         int i;
4219         cpsr_write(env, regs->uregs[16], 0xffffffff);
4220         for(i = 0; i < 16; i++) {
4221             env->regs[i] = regs->uregs[i];
4222         }
4223         /* Enable BE8.  */
4224         if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4
4225             && (info->elf_flags & EF_ARM_BE8)) {
4226             env->bswap_code = 1;
4227         }
4228     }
4229 #elif defined(TARGET_UNICORE32)
4230     {
4231         int i;
4232         cpu_asr_write(env, regs->uregs[32], 0xffffffff);
4233         for (i = 0; i < 32; i++) {
4234             env->regs[i] = regs->uregs[i];
4235         }
4236     }
4237 #elif defined(TARGET_SPARC)
4238     {
4239         int i;
4240 	env->pc = regs->pc;
4241 	env->npc = regs->npc;
4242         env->y = regs->y;
4243         for(i = 0; i < 8; i++)
4244             env->gregs[i] = regs->u_regs[i];
4245         for(i = 0; i < 8; i++)
4246             env->regwptr[i] = regs->u_regs[i + 8];
4247     }
4248 #elif defined(TARGET_PPC)
4249     {
4250         int i;
4251 
4252 #if defined(TARGET_PPC64)
4253 #if defined(TARGET_ABI32)
4254         env->msr &= ~((target_ulong)1 << MSR_SF);
4255 #else
4256         env->msr |= (target_ulong)1 << MSR_SF;
4257 #endif
4258 #endif
4259         env->nip = regs->nip;
4260         for(i = 0; i < 32; i++) {
4261             env->gpr[i] = regs->gpr[i];
4262         }
4263     }
4264 #elif defined(TARGET_M68K)
4265     {
4266         env->pc = regs->pc;
4267         env->dregs[0] = regs->d0;
4268         env->dregs[1] = regs->d1;
4269         env->dregs[2] = regs->d2;
4270         env->dregs[3] = regs->d3;
4271         env->dregs[4] = regs->d4;
4272         env->dregs[5] = regs->d5;
4273         env->dregs[6] = regs->d6;
4274         env->dregs[7] = regs->d7;
4275         env->aregs[0] = regs->a0;
4276         env->aregs[1] = regs->a1;
4277         env->aregs[2] = regs->a2;
4278         env->aregs[3] = regs->a3;
4279         env->aregs[4] = regs->a4;
4280         env->aregs[5] = regs->a5;
4281         env->aregs[6] = regs->a6;
4282         env->aregs[7] = regs->usp;
4283         env->sr = regs->sr;
4284         ts->sim_syscalls = 1;
4285     }
4286 #elif defined(TARGET_MICROBLAZE)
4287     {
4288         env->regs[0] = regs->r0;
4289         env->regs[1] = regs->r1;
4290         env->regs[2] = regs->r2;
4291         env->regs[3] = regs->r3;
4292         env->regs[4] = regs->r4;
4293         env->regs[5] = regs->r5;
4294         env->regs[6] = regs->r6;
4295         env->regs[7] = regs->r7;
4296         env->regs[8] = regs->r8;
4297         env->regs[9] = regs->r9;
4298         env->regs[10] = regs->r10;
4299         env->regs[11] = regs->r11;
4300         env->regs[12] = regs->r12;
4301         env->regs[13] = regs->r13;
4302         env->regs[14] = regs->r14;
4303         env->regs[15] = regs->r15;
4304         env->regs[16] = regs->r16;
4305         env->regs[17] = regs->r17;
4306         env->regs[18] = regs->r18;
4307         env->regs[19] = regs->r19;
4308         env->regs[20] = regs->r20;
4309         env->regs[21] = regs->r21;
4310         env->regs[22] = regs->r22;
4311         env->regs[23] = regs->r23;
4312         env->regs[24] = regs->r24;
4313         env->regs[25] = regs->r25;
4314         env->regs[26] = regs->r26;
4315         env->regs[27] = regs->r27;
4316         env->regs[28] = regs->r28;
4317         env->regs[29] = regs->r29;
4318         env->regs[30] = regs->r30;
4319         env->regs[31] = regs->r31;
4320         env->sregs[SR_PC] = regs->pc;
4321     }
4322 #elif defined(TARGET_MIPS)
4323     {
4324         int i;
4325 
4326         for(i = 0; i < 32; i++) {
4327             env->active_tc.gpr[i] = regs->regs[i];
4328         }
4329         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
4330         if (regs->cp0_epc & 1) {
4331             env->hflags |= MIPS_HFLAG_M16;
4332         }
4333     }
4334 #elif defined(TARGET_OPENRISC)
4335     {
4336         int i;
4337 
4338         for (i = 0; i < 32; i++) {
4339             env->gpr[i] = regs->gpr[i];
4340         }
4341 
4342         env->sr = regs->sr;
4343         env->pc = regs->pc;
4344     }
4345 #elif defined(TARGET_SH4)
4346     {
4347         int i;
4348 
4349         for(i = 0; i < 16; i++) {
4350             env->gregs[i] = regs->regs[i];
4351         }
4352         env->pc = regs->pc;
4353     }
4354 #elif defined(TARGET_ALPHA)
4355     {
4356         int i;
4357 
4358         for(i = 0; i < 28; i++) {
4359             env->ir[i] = ((abi_ulong *)regs)[i];
4360         }
4361         env->ir[IR_SP] = regs->usp;
4362         env->pc = regs->pc;
4363     }
4364 #elif defined(TARGET_CRIS)
4365     {
4366 	    env->regs[0] = regs->r0;
4367 	    env->regs[1] = regs->r1;
4368 	    env->regs[2] = regs->r2;
4369 	    env->regs[3] = regs->r3;
4370 	    env->regs[4] = regs->r4;
4371 	    env->regs[5] = regs->r5;
4372 	    env->regs[6] = regs->r6;
4373 	    env->regs[7] = regs->r7;
4374 	    env->regs[8] = regs->r8;
4375 	    env->regs[9] = regs->r9;
4376 	    env->regs[10] = regs->r10;
4377 	    env->regs[11] = regs->r11;
4378 	    env->regs[12] = regs->r12;
4379 	    env->regs[13] = regs->r13;
4380 	    env->regs[14] = info->start_stack;
4381 	    env->regs[15] = regs->acr;
4382 	    env->pc = regs->erp;
4383     }
4384 #elif defined(TARGET_S390X)
4385     {
4386             int i;
4387             for (i = 0; i < 16; i++) {
4388                 env->regs[i] = regs->gprs[i];
4389             }
4390             env->psw.mask = regs->psw.mask;
4391             env->psw.addr = regs->psw.addr;
4392     }
4393 #else
4394 #error unsupported target CPU
4395 #endif
4396 
4397 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
4398     ts->stack_base = info->start_stack;
4399     ts->heap_base = info->brk;
4400     /* This will be filled in on the first SYS_HEAPINFO call.  */
4401     ts->heap_limit = 0;
4402 #endif
4403 
4404     if (gdbstub_port) {
4405         if (gdbserver_start(gdbstub_port) < 0) {
4406             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
4407                     gdbstub_port);
4408             exit(1);
4409         }
4410         gdb_handlesig(cpu, 0);
4411     }
4412     cpu_loop(env);
4413     /* never exits */
4414     return 0;
4415 }
4416