xref: /openbmc/qemu/linux-user/main.c (revision 7f709ce7)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "qemu-version.h"
21 #include <sys/syscall.h>
22 #include <sys/resource.h>
23 
24 #include "qapi/error.h"
25 #include "qemu.h"
26 #include "qemu/path.h"
27 #include "qemu/config-file.h"
28 #include "qemu/cutils.h"
29 #include "qemu/help_option.h"
30 #include "cpu.h"
31 #include "exec/exec-all.h"
32 #include "tcg.h"
33 #include "qemu/timer.h"
34 #include "qemu/envlist.h"
35 #include "elf.h"
36 #include "exec/log.h"
37 #include "trace/control.h"
38 #include "glib-compat.h"
39 
40 char *exec_path;
41 
42 int singlestep;
43 static const char *filename;
44 static const char *argv0;
45 static int gdbstub_port;
46 static envlist_t *envlist;
47 static const char *cpu_model;
48 unsigned long mmap_min_addr;
49 unsigned long guest_base;
50 int have_guest_base;
51 
52 #define EXCP_DUMP(env, fmt, ...)                                        \
53 do {                                                                    \
54     CPUState *cs = ENV_GET_CPU(env);                                    \
55     fprintf(stderr, fmt , ## __VA_ARGS__);                              \
56     cpu_dump_state(cs, stderr, fprintf, 0);                             \
57     if (qemu_log_separate()) {                                          \
58         qemu_log(fmt, ## __VA_ARGS__);                                  \
59         log_cpu_state(cs, 0);                                           \
60     }                                                                   \
61 } while (0)
62 
63 /*
64  * When running 32-on-64 we should make sure we can fit all of the possible
65  * guest address space into a contiguous chunk of virtual host memory.
66  *
67  * This way we will never overlap with our own libraries or binaries or stack
68  * or anything else that QEMU maps.
69  *
70  * Many cpus reserve the high bit (or more than one for some 64-bit cpus)
71  * of the address for the kernel.  Some cpus rely on this and user space
72  * uses the high bit(s) for pointer tagging and the like.  For them, we
73  * must preserve the expected address space.
74  */
75 #ifndef MAX_RESERVED_VA
76 # if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
77 #  if TARGET_VIRT_ADDR_SPACE_BITS == 32 && \
78       (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
79 /* There are a number of places where we assign reserved_va to a variable
80    of type abi_ulong and expect it to fit.  Avoid the last page.  */
81 #   define MAX_RESERVED_VA  (0xfffffffful & TARGET_PAGE_MASK)
82 #  else
83 #   define MAX_RESERVED_VA  (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
84 #  endif
85 # else
86 #  define MAX_RESERVED_VA  0
87 # endif
88 #endif
89 
90 /* That said, reserving *too* much vm space via mmap can run into problems
91    with rlimits, oom due to page table creation, etc.  We will still try it,
92    if directed by the command-line option, but not by default.  */
93 #if HOST_LONG_BITS == 64 && TARGET_VIRT_ADDR_SPACE_BITS <= 32
94 unsigned long reserved_va = MAX_RESERVED_VA;
95 #else
96 unsigned long reserved_va;
97 #endif
98 
99 static void usage(int exitcode);
100 
101 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
102 const char *qemu_uname_release;
103 
104 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
105    we allocate a bigger stack. Need a better solution, for example
106    by remapping the process stack directly at the right place */
107 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
108 
109 void gemu_log(const char *fmt, ...)
110 {
111     va_list ap;
112 
113     va_start(ap, fmt);
114     vfprintf(stderr, fmt, ap);
115     va_end(ap);
116 }
117 
118 #if defined(TARGET_I386)
119 int cpu_get_pic_interrupt(CPUX86State *env)
120 {
121     return -1;
122 }
123 #endif
124 
125 /***********************************************************/
126 /* Helper routines for implementing atomic operations.  */
127 
128 /* Make sure everything is in a consistent state for calling fork().  */
129 void fork_start(void)
130 {
131     cpu_list_lock();
132     qemu_mutex_lock(&tb_ctx.tb_lock);
133     mmap_fork_start();
134 }
135 
136 void fork_end(int child)
137 {
138     mmap_fork_end(child);
139     if (child) {
140         CPUState *cpu, *next_cpu;
141         /* Child processes created by fork() only have a single thread.
142            Discard information about the parent threads.  */
143         CPU_FOREACH_SAFE(cpu, next_cpu) {
144             if (cpu != thread_cpu) {
145                 QTAILQ_REMOVE(&cpus, cpu, node);
146             }
147         }
148         qemu_mutex_init(&tb_ctx.tb_lock);
149         qemu_init_cpu_list();
150         gdbserver_fork(thread_cpu);
151     } else {
152         qemu_mutex_unlock(&tb_ctx.tb_lock);
153         cpu_list_unlock();
154     }
155 }
156 
157 #ifdef TARGET_I386
158 /***********************************************************/
159 /* CPUX86 core interface */
160 
161 uint64_t cpu_get_tsc(CPUX86State *env)
162 {
163     return cpu_get_host_ticks();
164 }
165 
166 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
167                      int flags)
168 {
169     unsigned int e1, e2;
170     uint32_t *p;
171     e1 = (addr << 16) | (limit & 0xffff);
172     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
173     e2 |= flags;
174     p = ptr;
175     p[0] = tswap32(e1);
176     p[1] = tswap32(e2);
177 }
178 
179 static uint64_t *idt_table;
180 #ifdef TARGET_X86_64
181 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
182                        uint64_t addr, unsigned int sel)
183 {
184     uint32_t *p, e1, e2;
185     e1 = (addr & 0xffff) | (sel << 16);
186     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
187     p = ptr;
188     p[0] = tswap32(e1);
189     p[1] = tswap32(e2);
190     p[2] = tswap32(addr >> 32);
191     p[3] = 0;
192 }
193 /* only dpl matters as we do only user space emulation */
194 static void set_idt(int n, unsigned int dpl)
195 {
196     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
197 }
198 #else
199 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
200                      uint32_t addr, unsigned int sel)
201 {
202     uint32_t *p, e1, e2;
203     e1 = (addr & 0xffff) | (sel << 16);
204     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
205     p = ptr;
206     p[0] = tswap32(e1);
207     p[1] = tswap32(e2);
208 }
209 
210 /* only dpl matters as we do only user space emulation */
211 static void set_idt(int n, unsigned int dpl)
212 {
213     set_gate(idt_table + n, 0, dpl, 0, 0);
214 }
215 #endif
216 
217 void cpu_loop(CPUX86State *env)
218 {
219     CPUState *cs = CPU(x86_env_get_cpu(env));
220     int trapnr;
221     abi_ulong pc;
222     abi_ulong ret;
223     target_siginfo_t info;
224 
225     for(;;) {
226         cpu_exec_start(cs);
227         trapnr = cpu_exec(cs);
228         cpu_exec_end(cs);
229         process_queued_cpu_work(cs);
230 
231         switch(trapnr) {
232         case 0x80:
233             /* linux syscall from int $0x80 */
234             ret = do_syscall(env,
235                              env->regs[R_EAX],
236                              env->regs[R_EBX],
237                              env->regs[R_ECX],
238                              env->regs[R_EDX],
239                              env->regs[R_ESI],
240                              env->regs[R_EDI],
241                              env->regs[R_EBP],
242                              0, 0);
243             if (ret == -TARGET_ERESTARTSYS) {
244                 env->eip -= 2;
245             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
246                 env->regs[R_EAX] = ret;
247             }
248             break;
249 #ifndef TARGET_ABI32
250         case EXCP_SYSCALL:
251             /* linux syscall from syscall instruction */
252             ret = do_syscall(env,
253                              env->regs[R_EAX],
254                              env->regs[R_EDI],
255                              env->regs[R_ESI],
256                              env->regs[R_EDX],
257                              env->regs[10],
258                              env->regs[8],
259                              env->regs[9],
260                              0, 0);
261             if (ret == -TARGET_ERESTARTSYS) {
262                 env->eip -= 2;
263             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
264                 env->regs[R_EAX] = ret;
265             }
266             break;
267 #endif
268         case EXCP0B_NOSEG:
269         case EXCP0C_STACK:
270             info.si_signo = TARGET_SIGBUS;
271             info.si_errno = 0;
272             info.si_code = TARGET_SI_KERNEL;
273             info._sifields._sigfault._addr = 0;
274             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
275             break;
276         case EXCP0D_GPF:
277             /* XXX: potential problem if ABI32 */
278 #ifndef TARGET_X86_64
279             if (env->eflags & VM_MASK) {
280                 handle_vm86_fault(env);
281             } else
282 #endif
283             {
284                 info.si_signo = TARGET_SIGSEGV;
285                 info.si_errno = 0;
286                 info.si_code = TARGET_SI_KERNEL;
287                 info._sifields._sigfault._addr = 0;
288                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
289             }
290             break;
291         case EXCP0E_PAGE:
292             info.si_signo = TARGET_SIGSEGV;
293             info.si_errno = 0;
294             if (!(env->error_code & 1))
295                 info.si_code = TARGET_SEGV_MAPERR;
296             else
297                 info.si_code = TARGET_SEGV_ACCERR;
298             info._sifields._sigfault._addr = env->cr[2];
299             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
300             break;
301         case EXCP00_DIVZ:
302 #ifndef TARGET_X86_64
303             if (env->eflags & VM_MASK) {
304                 handle_vm86_trap(env, trapnr);
305             } else
306 #endif
307             {
308                 /* division by zero */
309                 info.si_signo = TARGET_SIGFPE;
310                 info.si_errno = 0;
311                 info.si_code = TARGET_FPE_INTDIV;
312                 info._sifields._sigfault._addr = env->eip;
313                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
314             }
315             break;
316         case EXCP01_DB:
317         case EXCP03_INT3:
318 #ifndef TARGET_X86_64
319             if (env->eflags & VM_MASK) {
320                 handle_vm86_trap(env, trapnr);
321             } else
322 #endif
323             {
324                 info.si_signo = TARGET_SIGTRAP;
325                 info.si_errno = 0;
326                 if (trapnr == EXCP01_DB) {
327                     info.si_code = TARGET_TRAP_BRKPT;
328                     info._sifields._sigfault._addr = env->eip;
329                 } else {
330                     info.si_code = TARGET_SI_KERNEL;
331                     info._sifields._sigfault._addr = 0;
332                 }
333                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
334             }
335             break;
336         case EXCP04_INTO:
337         case EXCP05_BOUND:
338 #ifndef TARGET_X86_64
339             if (env->eflags & VM_MASK) {
340                 handle_vm86_trap(env, trapnr);
341             } else
342 #endif
343             {
344                 info.si_signo = TARGET_SIGSEGV;
345                 info.si_errno = 0;
346                 info.si_code = TARGET_SI_KERNEL;
347                 info._sifields._sigfault._addr = 0;
348                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
349             }
350             break;
351         case EXCP06_ILLOP:
352             info.si_signo = TARGET_SIGILL;
353             info.si_errno = 0;
354             info.si_code = TARGET_ILL_ILLOPN;
355             info._sifields._sigfault._addr = env->eip;
356             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
357             break;
358         case EXCP_INTERRUPT:
359             /* just indicate that signals should be handled asap */
360             break;
361         case EXCP_DEBUG:
362             {
363                 int sig;
364 
365                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
366                 if (sig)
367                   {
368                     info.si_signo = sig;
369                     info.si_errno = 0;
370                     info.si_code = TARGET_TRAP_BRKPT;
371                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
372                   }
373             }
374             break;
375         case EXCP_ATOMIC:
376             cpu_exec_step_atomic(cs);
377             break;
378         default:
379             pc = env->segs[R_CS].base + env->eip;
380             EXCP_DUMP(env, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
381                       (long)pc, trapnr);
382             abort();
383         }
384         process_pending_signals(env);
385     }
386 }
387 #endif
388 
389 #ifdef TARGET_ARM
390 
391 #define get_user_code_u32(x, gaddr, env)                \
392     ({ abi_long __r = get_user_u32((x), (gaddr));       \
393         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
394             (x) = bswap32(x);                           \
395         }                                               \
396         __r;                                            \
397     })
398 
399 #define get_user_code_u16(x, gaddr, env)                \
400     ({ abi_long __r = get_user_u16((x), (gaddr));       \
401         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
402             (x) = bswap16(x);                           \
403         }                                               \
404         __r;                                            \
405     })
406 
407 #define get_user_data_u32(x, gaddr, env)                \
408     ({ abi_long __r = get_user_u32((x), (gaddr));       \
409         if (!__r && arm_cpu_bswap_data(env)) {          \
410             (x) = bswap32(x);                           \
411         }                                               \
412         __r;                                            \
413     })
414 
415 #define get_user_data_u16(x, gaddr, env)                \
416     ({ abi_long __r = get_user_u16((x), (gaddr));       \
417         if (!__r && arm_cpu_bswap_data(env)) {          \
418             (x) = bswap16(x);                           \
419         }                                               \
420         __r;                                            \
421     })
422 
423 #define put_user_data_u32(x, gaddr, env)                \
424     ({ typeof(x) __x = (x);                             \
425         if (arm_cpu_bswap_data(env)) {                  \
426             __x = bswap32(__x);                         \
427         }                                               \
428         put_user_u32(__x, (gaddr));                     \
429     })
430 
431 #define put_user_data_u16(x, gaddr, env)                \
432     ({ typeof(x) __x = (x);                             \
433         if (arm_cpu_bswap_data(env)) {                  \
434             __x = bswap16(__x);                         \
435         }                                               \
436         put_user_u16(__x, (gaddr));                     \
437     })
438 
439 #ifdef TARGET_ABI32
440 /* Commpage handling -- there is no commpage for AArch64 */
441 
442 /*
443  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
444  * Input:
445  * r0 = pointer to oldval
446  * r1 = pointer to newval
447  * r2 = pointer to target value
448  *
449  * Output:
450  * r0 = 0 if *ptr was changed, non-0 if no exchange happened
451  * C set if *ptr was changed, clear if no exchange happened
452  *
453  * Note segv's in kernel helpers are a bit tricky, we can set the
454  * data address sensibly but the PC address is just the entry point.
455  */
456 static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
457 {
458     uint64_t oldval, newval, val;
459     uint32_t addr, cpsr;
460     target_siginfo_t info;
461 
462     /* Based on the 32 bit code in do_kernel_trap */
463 
464     /* XXX: This only works between threads, not between processes.
465        It's probably possible to implement this with native host
466        operations. However things like ldrex/strex are much harder so
467        there's not much point trying.  */
468     start_exclusive();
469     cpsr = cpsr_read(env);
470     addr = env->regs[2];
471 
472     if (get_user_u64(oldval, env->regs[0])) {
473         env->exception.vaddress = env->regs[0];
474         goto segv;
475     };
476 
477     if (get_user_u64(newval, env->regs[1])) {
478         env->exception.vaddress = env->regs[1];
479         goto segv;
480     };
481 
482     if (get_user_u64(val, addr)) {
483         env->exception.vaddress = addr;
484         goto segv;
485     }
486 
487     if (val == oldval) {
488         val = newval;
489 
490         if (put_user_u64(val, addr)) {
491             env->exception.vaddress = addr;
492             goto segv;
493         };
494 
495         env->regs[0] = 0;
496         cpsr |= CPSR_C;
497     } else {
498         env->regs[0] = -1;
499         cpsr &= ~CPSR_C;
500     }
501     cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
502     end_exclusive();
503     return;
504 
505 segv:
506     end_exclusive();
507     /* We get the PC of the entry address - which is as good as anything,
508        on a real kernel what you get depends on which mode it uses. */
509     info.si_signo = TARGET_SIGSEGV;
510     info.si_errno = 0;
511     /* XXX: check env->error_code */
512     info.si_code = TARGET_SEGV_MAPERR;
513     info._sifields._sigfault._addr = env->exception.vaddress;
514     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
515 }
516 
517 /* Handle a jump to the kernel code page.  */
518 static int
519 do_kernel_trap(CPUARMState *env)
520 {
521     uint32_t addr;
522     uint32_t cpsr;
523     uint32_t val;
524 
525     switch (env->regs[15]) {
526     case 0xffff0fa0: /* __kernel_memory_barrier */
527         /* ??? No-op. Will need to do better for SMP.  */
528         break;
529     case 0xffff0fc0: /* __kernel_cmpxchg */
530          /* XXX: This only works between threads, not between processes.
531             It's probably possible to implement this with native host
532             operations. However things like ldrex/strex are much harder so
533             there's not much point trying.  */
534         start_exclusive();
535         cpsr = cpsr_read(env);
536         addr = env->regs[2];
537         /* FIXME: This should SEGV if the access fails.  */
538         if (get_user_u32(val, addr))
539             val = ~env->regs[0];
540         if (val == env->regs[0]) {
541             val = env->regs[1];
542             /* FIXME: Check for segfaults.  */
543             put_user_u32(val, addr);
544             env->regs[0] = 0;
545             cpsr |= CPSR_C;
546         } else {
547             env->regs[0] = -1;
548             cpsr &= ~CPSR_C;
549         }
550         cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
551         end_exclusive();
552         break;
553     case 0xffff0fe0: /* __kernel_get_tls */
554         env->regs[0] = cpu_get_tls(env);
555         break;
556     case 0xffff0f60: /* __kernel_cmpxchg64 */
557         arm_kernel_cmpxchg64_helper(env);
558         break;
559 
560     default:
561         return 1;
562     }
563     /* Jump back to the caller.  */
564     addr = env->regs[14];
565     if (addr & 1) {
566         env->thumb = 1;
567         addr &= ~1;
568     }
569     env->regs[15] = addr;
570 
571     return 0;
572 }
573 
574 void cpu_loop(CPUARMState *env)
575 {
576     CPUState *cs = CPU(arm_env_get_cpu(env));
577     int trapnr;
578     unsigned int n, insn;
579     target_siginfo_t info;
580     uint32_t addr;
581     abi_ulong ret;
582 
583     for(;;) {
584         cpu_exec_start(cs);
585         trapnr = cpu_exec(cs);
586         cpu_exec_end(cs);
587         process_queued_cpu_work(cs);
588 
589         switch(trapnr) {
590         case EXCP_UDEF:
591         case EXCP_NOCP:
592         case EXCP_INVSTATE:
593             {
594                 TaskState *ts = cs->opaque;
595                 uint32_t opcode;
596                 int rc;
597 
598                 /* we handle the FPU emulation here, as Linux */
599                 /* we get the opcode */
600                 /* FIXME - what to do if get_user() fails? */
601                 get_user_code_u32(opcode, env->regs[15], env);
602 
603                 rc = EmulateAll(opcode, &ts->fpa, env);
604                 if (rc == 0) { /* illegal instruction */
605                     info.si_signo = TARGET_SIGILL;
606                     info.si_errno = 0;
607                     info.si_code = TARGET_ILL_ILLOPN;
608                     info._sifields._sigfault._addr = env->regs[15];
609                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
610                 } else if (rc < 0) { /* FP exception */
611                     int arm_fpe=0;
612 
613                     /* translate softfloat flags to FPSR flags */
614                     if (-rc & float_flag_invalid)
615                       arm_fpe |= BIT_IOC;
616                     if (-rc & float_flag_divbyzero)
617                       arm_fpe |= BIT_DZC;
618                     if (-rc & float_flag_overflow)
619                       arm_fpe |= BIT_OFC;
620                     if (-rc & float_flag_underflow)
621                       arm_fpe |= BIT_UFC;
622                     if (-rc & float_flag_inexact)
623                       arm_fpe |= BIT_IXC;
624 
625                     FPSR fpsr = ts->fpa.fpsr;
626                     //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
627 
628                     if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
629                       info.si_signo = TARGET_SIGFPE;
630                       info.si_errno = 0;
631 
632                       /* ordered by priority, least first */
633                       if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
634                       if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
635                       if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
636                       if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
637                       if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
638 
639                       info._sifields._sigfault._addr = env->regs[15];
640                       queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
641                     } else {
642                       env->regs[15] += 4;
643                     }
644 
645                     /* accumulate unenabled exceptions */
646                     if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
647                       fpsr |= BIT_IXC;
648                     if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
649                       fpsr |= BIT_UFC;
650                     if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
651                       fpsr |= BIT_OFC;
652                     if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
653                       fpsr |= BIT_DZC;
654                     if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
655                       fpsr |= BIT_IOC;
656                     ts->fpa.fpsr=fpsr;
657                 } else { /* everything OK */
658                     /* increment PC */
659                     env->regs[15] += 4;
660                 }
661             }
662             break;
663         case EXCP_SWI:
664         case EXCP_BKPT:
665             {
666                 env->eabi = 1;
667                 /* system call */
668                 if (trapnr == EXCP_BKPT) {
669                     if (env->thumb) {
670                         /* FIXME - what to do if get_user() fails? */
671                         get_user_code_u16(insn, env->regs[15], env);
672                         n = insn & 0xff;
673                         env->regs[15] += 2;
674                     } else {
675                         /* FIXME - what to do if get_user() fails? */
676                         get_user_code_u32(insn, env->regs[15], env);
677                         n = (insn & 0xf) | ((insn >> 4) & 0xff0);
678                         env->regs[15] += 4;
679                     }
680                 } else {
681                     if (env->thumb) {
682                         /* FIXME - what to do if get_user() fails? */
683                         get_user_code_u16(insn, env->regs[15] - 2, env);
684                         n = insn & 0xff;
685                     } else {
686                         /* FIXME - what to do if get_user() fails? */
687                         get_user_code_u32(insn, env->regs[15] - 4, env);
688                         n = insn & 0xffffff;
689                     }
690                 }
691 
692                 if (n == ARM_NR_cacheflush) {
693                     /* nop */
694                 } else if (n == ARM_NR_semihosting
695                            || n == ARM_NR_thumb_semihosting) {
696                     env->regs[0] = do_arm_semihosting (env);
697                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
698                     /* linux syscall */
699                     if (env->thumb || n == 0) {
700                         n = env->regs[7];
701                     } else {
702                         n -= ARM_SYSCALL_BASE;
703                         env->eabi = 0;
704                     }
705                     if ( n > ARM_NR_BASE) {
706                         switch (n) {
707                         case ARM_NR_cacheflush:
708                             /* nop */
709                             break;
710                         case ARM_NR_set_tls:
711                             cpu_set_tls(env, env->regs[0]);
712                             env->regs[0] = 0;
713                             break;
714                         case ARM_NR_breakpoint:
715                             env->regs[15] -= env->thumb ? 2 : 4;
716                             goto excp_debug;
717                         default:
718                             gemu_log("qemu: Unsupported ARM syscall: 0x%x\n",
719                                      n);
720                             env->regs[0] = -TARGET_ENOSYS;
721                             break;
722                         }
723                     } else {
724                         ret = do_syscall(env,
725                                          n,
726                                          env->regs[0],
727                                          env->regs[1],
728                                          env->regs[2],
729                                          env->regs[3],
730                                          env->regs[4],
731                                          env->regs[5],
732                                          0, 0);
733                         if (ret == -TARGET_ERESTARTSYS) {
734                             env->regs[15] -= env->thumb ? 2 : 4;
735                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
736                             env->regs[0] = ret;
737                         }
738                     }
739                 } else {
740                     goto error;
741                 }
742             }
743             break;
744         case EXCP_SEMIHOST:
745             env->regs[0] = do_arm_semihosting(env);
746             break;
747         case EXCP_INTERRUPT:
748             /* just indicate that signals should be handled asap */
749             break;
750         case EXCP_PREFETCH_ABORT:
751         case EXCP_DATA_ABORT:
752             addr = env->exception.vaddress;
753             {
754                 info.si_signo = TARGET_SIGSEGV;
755                 info.si_errno = 0;
756                 /* XXX: check env->error_code */
757                 info.si_code = TARGET_SEGV_MAPERR;
758                 info._sifields._sigfault._addr = addr;
759                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
760             }
761             break;
762         case EXCP_DEBUG:
763         excp_debug:
764             {
765                 int sig;
766 
767                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
768                 if (sig)
769                   {
770                     info.si_signo = sig;
771                     info.si_errno = 0;
772                     info.si_code = TARGET_TRAP_BRKPT;
773                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
774                   }
775             }
776             break;
777         case EXCP_KERNEL_TRAP:
778             if (do_kernel_trap(env))
779               goto error;
780             break;
781         case EXCP_YIELD:
782             /* nothing to do here for user-mode, just resume guest code */
783             break;
784         case EXCP_ATOMIC:
785             cpu_exec_step_atomic(cs);
786             break;
787         default:
788         error:
789             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
790             abort();
791         }
792         process_pending_signals(env);
793     }
794 }
795 
796 #else
797 
798 /* AArch64 main loop */
799 void cpu_loop(CPUARMState *env)
800 {
801     CPUState *cs = CPU(arm_env_get_cpu(env));
802     int trapnr, sig;
803     abi_long ret;
804     target_siginfo_t info;
805 
806     for (;;) {
807         cpu_exec_start(cs);
808         trapnr = cpu_exec(cs);
809         cpu_exec_end(cs);
810         process_queued_cpu_work(cs);
811 
812         switch (trapnr) {
813         case EXCP_SWI:
814             ret = do_syscall(env,
815                              env->xregs[8],
816                              env->xregs[0],
817                              env->xregs[1],
818                              env->xregs[2],
819                              env->xregs[3],
820                              env->xregs[4],
821                              env->xregs[5],
822                              0, 0);
823             if (ret == -TARGET_ERESTARTSYS) {
824                 env->pc -= 4;
825             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
826                 env->xregs[0] = ret;
827             }
828             break;
829         case EXCP_INTERRUPT:
830             /* just indicate that signals should be handled asap */
831             break;
832         case EXCP_UDEF:
833             info.si_signo = TARGET_SIGILL;
834             info.si_errno = 0;
835             info.si_code = TARGET_ILL_ILLOPN;
836             info._sifields._sigfault._addr = env->pc;
837             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
838             break;
839         case EXCP_PREFETCH_ABORT:
840         case EXCP_DATA_ABORT:
841             info.si_signo = TARGET_SIGSEGV;
842             info.si_errno = 0;
843             /* XXX: check env->error_code */
844             info.si_code = TARGET_SEGV_MAPERR;
845             info._sifields._sigfault._addr = env->exception.vaddress;
846             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
847             break;
848         case EXCP_DEBUG:
849         case EXCP_BKPT:
850             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
851             if (sig) {
852                 info.si_signo = sig;
853                 info.si_errno = 0;
854                 info.si_code = TARGET_TRAP_BRKPT;
855                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
856             }
857             break;
858         case EXCP_SEMIHOST:
859             env->xregs[0] = do_arm_semihosting(env);
860             break;
861         case EXCP_YIELD:
862             /* nothing to do here for user-mode, just resume guest code */
863             break;
864         case EXCP_ATOMIC:
865             cpu_exec_step_atomic(cs);
866             break;
867         default:
868             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
869             abort();
870         }
871         process_pending_signals(env);
872         /* Exception return on AArch64 always clears the exclusive monitor,
873          * so any return to running guest code implies this.
874          */
875         env->exclusive_addr = -1;
876     }
877 }
878 #endif /* ndef TARGET_ABI32 */
879 
880 #endif
881 
882 #ifdef TARGET_UNICORE32
883 
884 void cpu_loop(CPUUniCore32State *env)
885 {
886     CPUState *cs = CPU(uc32_env_get_cpu(env));
887     int trapnr;
888     unsigned int n, insn;
889     target_siginfo_t info;
890 
891     for (;;) {
892         cpu_exec_start(cs);
893         trapnr = cpu_exec(cs);
894         cpu_exec_end(cs);
895         process_queued_cpu_work(cs);
896 
897         switch (trapnr) {
898         case UC32_EXCP_PRIV:
899             {
900                 /* system call */
901                 get_user_u32(insn, env->regs[31] - 4);
902                 n = insn & 0xffffff;
903 
904                 if (n >= UC32_SYSCALL_BASE) {
905                     /* linux syscall */
906                     n -= UC32_SYSCALL_BASE;
907                     if (n == UC32_SYSCALL_NR_set_tls) {
908                             cpu_set_tls(env, env->regs[0]);
909                             env->regs[0] = 0;
910                     } else {
911                         abi_long ret = do_syscall(env,
912                                                   n,
913                                                   env->regs[0],
914                                                   env->regs[1],
915                                                   env->regs[2],
916                                                   env->regs[3],
917                                                   env->regs[4],
918                                                   env->regs[5],
919                                                   0, 0);
920                         if (ret == -TARGET_ERESTARTSYS) {
921                             env->regs[31] -= 4;
922                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
923                             env->regs[0] = ret;
924                         }
925                     }
926                 } else {
927                     goto error;
928                 }
929             }
930             break;
931         case UC32_EXCP_DTRAP:
932         case UC32_EXCP_ITRAP:
933             info.si_signo = TARGET_SIGSEGV;
934             info.si_errno = 0;
935             /* XXX: check env->error_code */
936             info.si_code = TARGET_SEGV_MAPERR;
937             info._sifields._sigfault._addr = env->cp0.c4_faultaddr;
938             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
939             break;
940         case EXCP_INTERRUPT:
941             /* just indicate that signals should be handled asap */
942             break;
943         case EXCP_DEBUG:
944             {
945                 int sig;
946 
947                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
948                 if (sig) {
949                     info.si_signo = sig;
950                     info.si_errno = 0;
951                     info.si_code = TARGET_TRAP_BRKPT;
952                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
953                 }
954             }
955             break;
956         case EXCP_ATOMIC:
957             cpu_exec_step_atomic(cs);
958             break;
959         default:
960             goto error;
961         }
962         process_pending_signals(env);
963     }
964 
965 error:
966     EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
967     abort();
968 }
969 #endif
970 
971 #ifdef TARGET_SPARC
972 #define SPARC64_STACK_BIAS 2047
973 
974 //#define DEBUG_WIN
975 
976 /* WARNING: dealing with register windows _is_ complicated. More info
977    can be found at http://www.sics.se/~psm/sparcstack.html */
978 static inline int get_reg_index(CPUSPARCState *env, int cwp, int index)
979 {
980     index = (index + cwp * 16) % (16 * env->nwindows);
981     /* wrap handling : if cwp is on the last window, then we use the
982        registers 'after' the end */
983     if (index < 8 && env->cwp == env->nwindows - 1)
984         index += 16 * env->nwindows;
985     return index;
986 }
987 
988 /* save the register window 'cwp1' */
989 static inline void save_window_offset(CPUSPARCState *env, int cwp1)
990 {
991     unsigned int i;
992     abi_ulong sp_ptr;
993 
994     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
995 #ifdef TARGET_SPARC64
996     if (sp_ptr & 3)
997         sp_ptr += SPARC64_STACK_BIAS;
998 #endif
999 #if defined(DEBUG_WIN)
1000     printf("win_overflow: sp_ptr=0x" TARGET_ABI_FMT_lx " save_cwp=%d\n",
1001            sp_ptr, cwp1);
1002 #endif
1003     for(i = 0; i < 16; i++) {
1004         /* FIXME - what to do if put_user() fails? */
1005         put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1006         sp_ptr += sizeof(abi_ulong);
1007     }
1008 }
1009 
1010 static void save_window(CPUSPARCState *env)
1011 {
1012 #ifndef TARGET_SPARC64
1013     unsigned int new_wim;
1014     new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
1015         ((1LL << env->nwindows) - 1);
1016     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1017     env->wim = new_wim;
1018 #else
1019     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1020     env->cansave++;
1021     env->canrestore--;
1022 #endif
1023 }
1024 
1025 static void restore_window(CPUSPARCState *env)
1026 {
1027 #ifndef TARGET_SPARC64
1028     unsigned int new_wim;
1029 #endif
1030     unsigned int i, cwp1;
1031     abi_ulong sp_ptr;
1032 
1033 #ifndef TARGET_SPARC64
1034     new_wim = ((env->wim << 1) | (env->wim >> (env->nwindows - 1))) &
1035         ((1LL << env->nwindows) - 1);
1036 #endif
1037 
1038     /* restore the invalid window */
1039     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1040     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1041 #ifdef TARGET_SPARC64
1042     if (sp_ptr & 3)
1043         sp_ptr += SPARC64_STACK_BIAS;
1044 #endif
1045 #if defined(DEBUG_WIN)
1046     printf("win_underflow: sp_ptr=0x" TARGET_ABI_FMT_lx " load_cwp=%d\n",
1047            sp_ptr, cwp1);
1048 #endif
1049     for(i = 0; i < 16; i++) {
1050         /* FIXME - what to do if get_user() fails? */
1051         get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1052         sp_ptr += sizeof(abi_ulong);
1053     }
1054 #ifdef TARGET_SPARC64
1055     env->canrestore++;
1056     if (env->cleanwin < env->nwindows - 1)
1057         env->cleanwin++;
1058     env->cansave--;
1059 #else
1060     env->wim = new_wim;
1061 #endif
1062 }
1063 
1064 static void flush_windows(CPUSPARCState *env)
1065 {
1066     int offset, cwp1;
1067 
1068     offset = 1;
1069     for(;;) {
1070         /* if restore would invoke restore_window(), then we can stop */
1071         cwp1 = cpu_cwp_inc(env, env->cwp + offset);
1072 #ifndef TARGET_SPARC64
1073         if (env->wim & (1 << cwp1))
1074             break;
1075 #else
1076         if (env->canrestore == 0)
1077             break;
1078         env->cansave++;
1079         env->canrestore--;
1080 #endif
1081         save_window_offset(env, cwp1);
1082         offset++;
1083     }
1084     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1085 #ifndef TARGET_SPARC64
1086     /* set wim so that restore will reload the registers */
1087     env->wim = 1 << cwp1;
1088 #endif
1089 #if defined(DEBUG_WIN)
1090     printf("flush_windows: nb=%d\n", offset - 1);
1091 #endif
1092 }
1093 
1094 void cpu_loop (CPUSPARCState *env)
1095 {
1096     CPUState *cs = CPU(sparc_env_get_cpu(env));
1097     int trapnr;
1098     abi_long ret;
1099     target_siginfo_t info;
1100 
1101     while (1) {
1102         cpu_exec_start(cs);
1103         trapnr = cpu_exec(cs);
1104         cpu_exec_end(cs);
1105         process_queued_cpu_work(cs);
1106 
1107         /* Compute PSR before exposing state.  */
1108         if (env->cc_op != CC_OP_FLAGS) {
1109             cpu_get_psr(env);
1110         }
1111 
1112         switch (trapnr) {
1113 #ifndef TARGET_SPARC64
1114         case 0x88:
1115         case 0x90:
1116 #else
1117         case 0x110:
1118         case 0x16d:
1119 #endif
1120             ret = do_syscall (env, env->gregs[1],
1121                               env->regwptr[0], env->regwptr[1],
1122                               env->regwptr[2], env->regwptr[3],
1123                               env->regwptr[4], env->regwptr[5],
1124                               0, 0);
1125             if (ret == -TARGET_ERESTARTSYS || ret == -TARGET_QEMU_ESIGRETURN) {
1126                 break;
1127             }
1128             if ((abi_ulong)ret >= (abi_ulong)(-515)) {
1129 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1130                 env->xcc |= PSR_CARRY;
1131 #else
1132                 env->psr |= PSR_CARRY;
1133 #endif
1134                 ret = -ret;
1135             } else {
1136 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1137                 env->xcc &= ~PSR_CARRY;
1138 #else
1139                 env->psr &= ~PSR_CARRY;
1140 #endif
1141             }
1142             env->regwptr[0] = ret;
1143             /* next instruction */
1144             env->pc = env->npc;
1145             env->npc = env->npc + 4;
1146             break;
1147         case 0x83: /* flush windows */
1148 #ifdef TARGET_ABI32
1149         case 0x103:
1150 #endif
1151             flush_windows(env);
1152             /* next instruction */
1153             env->pc = env->npc;
1154             env->npc = env->npc + 4;
1155             break;
1156 #ifndef TARGET_SPARC64
1157         case TT_WIN_OVF: /* window overflow */
1158             save_window(env);
1159             break;
1160         case TT_WIN_UNF: /* window underflow */
1161             restore_window(env);
1162             break;
1163         case TT_TFAULT:
1164         case TT_DFAULT:
1165             {
1166                 info.si_signo = TARGET_SIGSEGV;
1167                 info.si_errno = 0;
1168                 /* XXX: check env->error_code */
1169                 info.si_code = TARGET_SEGV_MAPERR;
1170                 info._sifields._sigfault._addr = env->mmuregs[4];
1171                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1172             }
1173             break;
1174 #else
1175         case TT_SPILL: /* window overflow */
1176             save_window(env);
1177             break;
1178         case TT_FILL: /* window underflow */
1179             restore_window(env);
1180             break;
1181         case TT_TFAULT:
1182         case TT_DFAULT:
1183             {
1184                 info.si_signo = TARGET_SIGSEGV;
1185                 info.si_errno = 0;
1186                 /* XXX: check env->error_code */
1187                 info.si_code = TARGET_SEGV_MAPERR;
1188                 if (trapnr == TT_DFAULT)
1189                     info._sifields._sigfault._addr = env->dmmu.mmuregs[4];
1190                 else
1191                     info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
1192                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1193             }
1194             break;
1195 #ifndef TARGET_ABI32
1196         case 0x16e:
1197             flush_windows(env);
1198             sparc64_get_context(env);
1199             break;
1200         case 0x16f:
1201             flush_windows(env);
1202             sparc64_set_context(env);
1203             break;
1204 #endif
1205 #endif
1206         case EXCP_INTERRUPT:
1207             /* just indicate that signals should be handled asap */
1208             break;
1209         case TT_ILL_INSN:
1210             {
1211                 info.si_signo = TARGET_SIGILL;
1212                 info.si_errno = 0;
1213                 info.si_code = TARGET_ILL_ILLOPC;
1214                 info._sifields._sigfault._addr = env->pc;
1215                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1216             }
1217             break;
1218         case EXCP_DEBUG:
1219             {
1220                 int sig;
1221 
1222                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1223                 if (sig)
1224                   {
1225                     info.si_signo = sig;
1226                     info.si_errno = 0;
1227                     info.si_code = TARGET_TRAP_BRKPT;
1228                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1229                   }
1230             }
1231             break;
1232         case EXCP_ATOMIC:
1233             cpu_exec_step_atomic(cs);
1234             break;
1235         default:
1236             printf ("Unhandled trap: 0x%x\n", trapnr);
1237             cpu_dump_state(cs, stderr, fprintf, 0);
1238             exit(EXIT_FAILURE);
1239         }
1240         process_pending_signals (env);
1241     }
1242 }
1243 
1244 #endif
1245 
1246 #ifdef TARGET_PPC
1247 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
1248 {
1249     return cpu_get_host_ticks();
1250 }
1251 
1252 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
1253 {
1254     return cpu_ppc_get_tb(env);
1255 }
1256 
1257 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
1258 {
1259     return cpu_ppc_get_tb(env) >> 32;
1260 }
1261 
1262 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
1263 {
1264     return cpu_ppc_get_tb(env);
1265 }
1266 
1267 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
1268 {
1269     return cpu_ppc_get_tb(env) >> 32;
1270 }
1271 
1272 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
1273 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
1274 
1275 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
1276 {
1277     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1278 }
1279 
1280 /* XXX: to be fixed */
1281 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1282 {
1283     return -1;
1284 }
1285 
1286 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1287 {
1288     return -1;
1289 }
1290 
1291 static int do_store_exclusive(CPUPPCState *env)
1292 {
1293     target_ulong addr;
1294     target_ulong page_addr;
1295     target_ulong val, val2 __attribute__((unused)) = 0;
1296     int flags;
1297     int segv = 0;
1298 
1299     addr = env->reserve_ea;
1300     page_addr = addr & TARGET_PAGE_MASK;
1301     start_exclusive();
1302     mmap_lock();
1303     flags = page_get_flags(page_addr);
1304     if ((flags & PAGE_READ) == 0) {
1305         segv = 1;
1306     } else {
1307         int reg = env->reserve_info & 0x1f;
1308         int size = env->reserve_info >> 5;
1309         int stored = 0;
1310 
1311         if (addr == env->reserve_addr) {
1312             switch (size) {
1313             case 1: segv = get_user_u8(val, addr); break;
1314             case 2: segv = get_user_u16(val, addr); break;
1315             case 4: segv = get_user_u32(val, addr); break;
1316 #if defined(TARGET_PPC64)
1317             case 8: segv = get_user_u64(val, addr); break;
1318             case 16: {
1319                 segv = get_user_u64(val, addr);
1320                 if (!segv) {
1321                     segv = get_user_u64(val2, addr + 8);
1322                 }
1323                 break;
1324             }
1325 #endif
1326             default: abort();
1327             }
1328             if (!segv && val == env->reserve_val) {
1329                 val = env->gpr[reg];
1330                 switch (size) {
1331                 case 1: segv = put_user_u8(val, addr); break;
1332                 case 2: segv = put_user_u16(val, addr); break;
1333                 case 4: segv = put_user_u32(val, addr); break;
1334 #if defined(TARGET_PPC64)
1335                 case 8: segv = put_user_u64(val, addr); break;
1336                 case 16: {
1337                     if (val2 == env->reserve_val2) {
1338                         if (msr_le) {
1339                             val2 = val;
1340                             val = env->gpr[reg+1];
1341                         } else {
1342                             val2 = env->gpr[reg+1];
1343                         }
1344                         segv = put_user_u64(val, addr);
1345                         if (!segv) {
1346                             segv = put_user_u64(val2, addr + 8);
1347                         }
1348                     }
1349                     break;
1350                 }
1351 #endif
1352                 default: abort();
1353                 }
1354                 if (!segv) {
1355                     stored = 1;
1356                 }
1357             }
1358         }
1359         env->crf[0] = (stored << 1) | xer_so;
1360         env->reserve_addr = (target_ulong)-1;
1361     }
1362     if (!segv) {
1363         env->nip += 4;
1364     }
1365     mmap_unlock();
1366     end_exclusive();
1367     return segv;
1368 }
1369 
1370 void cpu_loop(CPUPPCState *env)
1371 {
1372     CPUState *cs = CPU(ppc_env_get_cpu(env));
1373     target_siginfo_t info;
1374     int trapnr;
1375     target_ulong ret;
1376 
1377     for(;;) {
1378         cpu_exec_start(cs);
1379         trapnr = cpu_exec(cs);
1380         cpu_exec_end(cs);
1381         process_queued_cpu_work(cs);
1382 
1383         switch(trapnr) {
1384         case POWERPC_EXCP_NONE:
1385             /* Just go on */
1386             break;
1387         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
1388             cpu_abort(cs, "Critical interrupt while in user mode. "
1389                       "Aborting\n");
1390             break;
1391         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
1392             cpu_abort(cs, "Machine check exception while in user mode. "
1393                       "Aborting\n");
1394             break;
1395         case POWERPC_EXCP_DSI:      /* Data storage exception                */
1396             /* XXX: check this. Seems bugged */
1397             switch (env->error_code & 0xFF000000) {
1398             case 0x40000000:
1399             case 0x42000000:
1400                 info.si_signo = TARGET_SIGSEGV;
1401                 info.si_errno = 0;
1402                 info.si_code = TARGET_SEGV_MAPERR;
1403                 break;
1404             case 0x04000000:
1405                 info.si_signo = TARGET_SIGILL;
1406                 info.si_errno = 0;
1407                 info.si_code = TARGET_ILL_ILLADR;
1408                 break;
1409             case 0x08000000:
1410                 info.si_signo = TARGET_SIGSEGV;
1411                 info.si_errno = 0;
1412                 info.si_code = TARGET_SEGV_ACCERR;
1413                 break;
1414             default:
1415                 /* Let's send a regular segfault... */
1416                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1417                           env->error_code);
1418                 info.si_signo = TARGET_SIGSEGV;
1419                 info.si_errno = 0;
1420                 info.si_code = TARGET_SEGV_MAPERR;
1421                 break;
1422             }
1423             info._sifields._sigfault._addr = env->spr[SPR_DAR];
1424             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1425             break;
1426         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
1427             /* XXX: check this */
1428             switch (env->error_code & 0xFF000000) {
1429             case 0x40000000:
1430                 info.si_signo = TARGET_SIGSEGV;
1431             info.si_errno = 0;
1432                 info.si_code = TARGET_SEGV_MAPERR;
1433                 break;
1434             case 0x10000000:
1435             case 0x08000000:
1436                 info.si_signo = TARGET_SIGSEGV;
1437                 info.si_errno = 0;
1438                 info.si_code = TARGET_SEGV_ACCERR;
1439                 break;
1440             default:
1441                 /* Let's send a regular segfault... */
1442                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1443                           env->error_code);
1444                 info.si_signo = TARGET_SIGSEGV;
1445                 info.si_errno = 0;
1446                 info.si_code = TARGET_SEGV_MAPERR;
1447                 break;
1448             }
1449             info._sifields._sigfault._addr = env->nip - 4;
1450             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1451             break;
1452         case POWERPC_EXCP_EXTERNAL: /* External input                        */
1453             cpu_abort(cs, "External interrupt while in user mode. "
1454                       "Aborting\n");
1455             break;
1456         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
1457             /* XXX: check this */
1458             info.si_signo = TARGET_SIGBUS;
1459             info.si_errno = 0;
1460             info.si_code = TARGET_BUS_ADRALN;
1461             info._sifields._sigfault._addr = env->nip;
1462             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1463             break;
1464         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
1465         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
1466             /* XXX: check this */
1467             switch (env->error_code & ~0xF) {
1468             case POWERPC_EXCP_FP:
1469                 info.si_signo = TARGET_SIGFPE;
1470                 info.si_errno = 0;
1471                 switch (env->error_code & 0xF) {
1472                 case POWERPC_EXCP_FP_OX:
1473                     info.si_code = TARGET_FPE_FLTOVF;
1474                     break;
1475                 case POWERPC_EXCP_FP_UX:
1476                     info.si_code = TARGET_FPE_FLTUND;
1477                     break;
1478                 case POWERPC_EXCP_FP_ZX:
1479                 case POWERPC_EXCP_FP_VXZDZ:
1480                     info.si_code = TARGET_FPE_FLTDIV;
1481                     break;
1482                 case POWERPC_EXCP_FP_XX:
1483                     info.si_code = TARGET_FPE_FLTRES;
1484                     break;
1485                 case POWERPC_EXCP_FP_VXSOFT:
1486                     info.si_code = TARGET_FPE_FLTINV;
1487                     break;
1488                 case POWERPC_EXCP_FP_VXSNAN:
1489                 case POWERPC_EXCP_FP_VXISI:
1490                 case POWERPC_EXCP_FP_VXIDI:
1491                 case POWERPC_EXCP_FP_VXIMZ:
1492                 case POWERPC_EXCP_FP_VXVC:
1493                 case POWERPC_EXCP_FP_VXSQRT:
1494                 case POWERPC_EXCP_FP_VXCVI:
1495                     info.si_code = TARGET_FPE_FLTSUB;
1496                     break;
1497                 default:
1498                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
1499                               env->error_code);
1500                     break;
1501                 }
1502                 break;
1503             case POWERPC_EXCP_INVAL:
1504                 info.si_signo = TARGET_SIGILL;
1505                 info.si_errno = 0;
1506                 switch (env->error_code & 0xF) {
1507                 case POWERPC_EXCP_INVAL_INVAL:
1508                     info.si_code = TARGET_ILL_ILLOPC;
1509                     break;
1510                 case POWERPC_EXCP_INVAL_LSWX:
1511                     info.si_code = TARGET_ILL_ILLOPN;
1512                     break;
1513                 case POWERPC_EXCP_INVAL_SPR:
1514                     info.si_code = TARGET_ILL_PRVREG;
1515                     break;
1516                 case POWERPC_EXCP_INVAL_FP:
1517                     info.si_code = TARGET_ILL_COPROC;
1518                     break;
1519                 default:
1520                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
1521                               env->error_code & 0xF);
1522                     info.si_code = TARGET_ILL_ILLADR;
1523                     break;
1524                 }
1525                 break;
1526             case POWERPC_EXCP_PRIV:
1527                 info.si_signo = TARGET_SIGILL;
1528                 info.si_errno = 0;
1529                 switch (env->error_code & 0xF) {
1530                 case POWERPC_EXCP_PRIV_OPC:
1531                     info.si_code = TARGET_ILL_PRVOPC;
1532                     break;
1533                 case POWERPC_EXCP_PRIV_REG:
1534                     info.si_code = TARGET_ILL_PRVREG;
1535                     break;
1536                 default:
1537                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
1538                               env->error_code & 0xF);
1539                     info.si_code = TARGET_ILL_PRVOPC;
1540                     break;
1541                 }
1542                 break;
1543             case POWERPC_EXCP_TRAP:
1544                 cpu_abort(cs, "Tried to call a TRAP\n");
1545                 break;
1546             default:
1547                 /* Should not happen ! */
1548                 cpu_abort(cs, "Unknown program exception (%02x)\n",
1549                           env->error_code);
1550                 break;
1551             }
1552             info._sifields._sigfault._addr = env->nip;
1553             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1554             break;
1555         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
1556             info.si_signo = TARGET_SIGILL;
1557             info.si_errno = 0;
1558             info.si_code = TARGET_ILL_COPROC;
1559             info._sifields._sigfault._addr = env->nip;
1560             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1561             break;
1562         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
1563             cpu_abort(cs, "Syscall exception while in user mode. "
1564                       "Aborting\n");
1565             break;
1566         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
1567             info.si_signo = TARGET_SIGILL;
1568             info.si_errno = 0;
1569             info.si_code = TARGET_ILL_COPROC;
1570             info._sifields._sigfault._addr = env->nip;
1571             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1572             break;
1573         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
1574             cpu_abort(cs, "Decrementer interrupt while in user mode. "
1575                       "Aborting\n");
1576             break;
1577         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
1578             cpu_abort(cs, "Fix interval timer interrupt while in user mode. "
1579                       "Aborting\n");
1580             break;
1581         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
1582             cpu_abort(cs, "Watchdog timer interrupt while in user mode. "
1583                       "Aborting\n");
1584             break;
1585         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
1586             cpu_abort(cs, "Data TLB exception while in user mode. "
1587                       "Aborting\n");
1588             break;
1589         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
1590             cpu_abort(cs, "Instruction TLB exception while in user mode. "
1591                       "Aborting\n");
1592             break;
1593         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
1594             info.si_signo = TARGET_SIGILL;
1595             info.si_errno = 0;
1596             info.si_code = TARGET_ILL_COPROC;
1597             info._sifields._sigfault._addr = env->nip;
1598             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1599             break;
1600         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
1601             cpu_abort(cs, "Embedded floating-point data IRQ not handled\n");
1602             break;
1603         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
1604             cpu_abort(cs, "Embedded floating-point round IRQ not handled\n");
1605             break;
1606         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
1607             cpu_abort(cs, "Performance monitor exception not handled\n");
1608             break;
1609         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
1610             cpu_abort(cs, "Doorbell interrupt while in user mode. "
1611                        "Aborting\n");
1612             break;
1613         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
1614             cpu_abort(cs, "Doorbell critical interrupt while in user mode. "
1615                       "Aborting\n");
1616             break;
1617         case POWERPC_EXCP_RESET:    /* System reset exception                */
1618             cpu_abort(cs, "Reset interrupt while in user mode. "
1619                       "Aborting\n");
1620             break;
1621         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
1622             cpu_abort(cs, "Data segment exception while in user mode. "
1623                       "Aborting\n");
1624             break;
1625         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
1626             cpu_abort(cs, "Instruction segment exception "
1627                       "while in user mode. Aborting\n");
1628             break;
1629         /* PowerPC 64 with hypervisor mode support */
1630         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
1631             cpu_abort(cs, "Hypervisor decrementer interrupt "
1632                       "while in user mode. Aborting\n");
1633             break;
1634         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
1635             /* Nothing to do:
1636              * we use this exception to emulate step-by-step execution mode.
1637              */
1638             break;
1639         /* PowerPC 64 with hypervisor mode support */
1640         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
1641             cpu_abort(cs, "Hypervisor data storage exception "
1642                       "while in user mode. Aborting\n");
1643             break;
1644         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
1645             cpu_abort(cs, "Hypervisor instruction storage exception "
1646                       "while in user mode. Aborting\n");
1647             break;
1648         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
1649             cpu_abort(cs, "Hypervisor data segment exception "
1650                       "while in user mode. Aborting\n");
1651             break;
1652         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
1653             cpu_abort(cs, "Hypervisor instruction segment exception "
1654                       "while in user mode. Aborting\n");
1655             break;
1656         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
1657             info.si_signo = TARGET_SIGILL;
1658             info.si_errno = 0;
1659             info.si_code = TARGET_ILL_COPROC;
1660             info._sifields._sigfault._addr = env->nip;
1661             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1662             break;
1663         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
1664             cpu_abort(cs, "Programmable interval timer interrupt "
1665                       "while in user mode. Aborting\n");
1666             break;
1667         case POWERPC_EXCP_IO:       /* IO error exception                    */
1668             cpu_abort(cs, "IO error exception while in user mode. "
1669                       "Aborting\n");
1670             break;
1671         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
1672             cpu_abort(cs, "Run mode exception while in user mode. "
1673                       "Aborting\n");
1674             break;
1675         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
1676             cpu_abort(cs, "Emulation trap exception not handled\n");
1677             break;
1678         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
1679             cpu_abort(cs, "Instruction fetch TLB exception "
1680                       "while in user-mode. Aborting");
1681             break;
1682         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
1683             cpu_abort(cs, "Data load TLB exception while in user-mode. "
1684                       "Aborting");
1685             break;
1686         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
1687             cpu_abort(cs, "Data store TLB exception while in user-mode. "
1688                       "Aborting");
1689             break;
1690         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
1691             cpu_abort(cs, "Floating-point assist exception not handled\n");
1692             break;
1693         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
1694             cpu_abort(cs, "Instruction address breakpoint exception "
1695                       "not handled\n");
1696             break;
1697         case POWERPC_EXCP_SMI:      /* System management interrupt           */
1698             cpu_abort(cs, "System management interrupt while in user mode. "
1699                       "Aborting\n");
1700             break;
1701         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
1702             cpu_abort(cs, "Thermal interrupt interrupt while in user mode. "
1703                       "Aborting\n");
1704             break;
1705         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
1706             cpu_abort(cs, "Performance monitor exception not handled\n");
1707             break;
1708         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
1709             cpu_abort(cs, "Vector assist exception not handled\n");
1710             break;
1711         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
1712             cpu_abort(cs, "Soft patch exception not handled\n");
1713             break;
1714         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
1715             cpu_abort(cs, "Maintenance exception while in user mode. "
1716                       "Aborting\n");
1717             break;
1718         case POWERPC_EXCP_STOP:     /* stop translation                      */
1719             /* We did invalidate the instruction cache. Go on */
1720             break;
1721         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
1722             /* We just stopped because of a branch. Go on */
1723             break;
1724         case POWERPC_EXCP_SYSCALL_USER:
1725             /* system call in user-mode emulation */
1726             /* WARNING:
1727              * PPC ABI uses overflow flag in cr0 to signal an error
1728              * in syscalls.
1729              */
1730             env->crf[0] &= ~0x1;
1731             env->nip += 4;
1732             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
1733                              env->gpr[5], env->gpr[6], env->gpr[7],
1734                              env->gpr[8], 0, 0);
1735             if (ret == -TARGET_ERESTARTSYS) {
1736                 env->nip -= 4;
1737                 break;
1738             }
1739             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
1740                 /* Returning from a successful sigreturn syscall.
1741                    Avoid corrupting register state.  */
1742                 break;
1743             }
1744             if (ret > (target_ulong)(-515)) {
1745                 env->crf[0] |= 0x1;
1746                 ret = -ret;
1747             }
1748             env->gpr[3] = ret;
1749             break;
1750         case POWERPC_EXCP_STCX:
1751             if (do_store_exclusive(env)) {
1752                 info.si_signo = TARGET_SIGSEGV;
1753                 info.si_errno = 0;
1754                 info.si_code = TARGET_SEGV_MAPERR;
1755                 info._sifields._sigfault._addr = env->nip;
1756                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1757             }
1758             break;
1759         case EXCP_DEBUG:
1760             {
1761                 int sig;
1762 
1763                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1764                 if (sig) {
1765                     info.si_signo = sig;
1766                     info.si_errno = 0;
1767                     info.si_code = TARGET_TRAP_BRKPT;
1768                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1769                   }
1770             }
1771             break;
1772         case EXCP_INTERRUPT:
1773             /* just indicate that signals should be handled asap */
1774             break;
1775         case EXCP_ATOMIC:
1776             cpu_exec_step_atomic(cs);
1777             break;
1778         default:
1779             cpu_abort(cs, "Unknown exception 0x%x. Aborting\n", trapnr);
1780             break;
1781         }
1782         process_pending_signals(env);
1783     }
1784 }
1785 #endif
1786 
1787 #ifdef TARGET_MIPS
1788 
1789 # ifdef TARGET_ABI_MIPSO32
1790 #  define MIPS_SYS(name, args) args,
1791 static const uint8_t mips_syscall_args[] = {
1792 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
1793 	MIPS_SYS(sys_exit	, 1)
1794 	MIPS_SYS(sys_fork	, 0)
1795 	MIPS_SYS(sys_read	, 3)
1796 	MIPS_SYS(sys_write	, 3)
1797 	MIPS_SYS(sys_open	, 3)	/* 4005 */
1798 	MIPS_SYS(sys_close	, 1)
1799 	MIPS_SYS(sys_waitpid	, 3)
1800 	MIPS_SYS(sys_creat	, 2)
1801 	MIPS_SYS(sys_link	, 2)
1802 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
1803 	MIPS_SYS(sys_execve	, 0)
1804 	MIPS_SYS(sys_chdir	, 1)
1805 	MIPS_SYS(sys_time	, 1)
1806 	MIPS_SYS(sys_mknod	, 3)
1807 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
1808 	MIPS_SYS(sys_lchown	, 3)
1809 	MIPS_SYS(sys_ni_syscall	, 0)
1810 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
1811 	MIPS_SYS(sys_lseek	, 3)
1812 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
1813 	MIPS_SYS(sys_mount	, 5)
1814 	MIPS_SYS(sys_umount	, 1)
1815 	MIPS_SYS(sys_setuid	, 1)
1816 	MIPS_SYS(sys_getuid	, 0)
1817 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
1818 	MIPS_SYS(sys_ptrace	, 4)
1819 	MIPS_SYS(sys_alarm	, 1)
1820 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
1821 	MIPS_SYS(sys_pause	, 0)
1822 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
1823 	MIPS_SYS(sys_ni_syscall	, 0)
1824 	MIPS_SYS(sys_ni_syscall	, 0)
1825 	MIPS_SYS(sys_access	, 2)
1826 	MIPS_SYS(sys_nice	, 1)
1827 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
1828 	MIPS_SYS(sys_sync	, 0)
1829 	MIPS_SYS(sys_kill	, 2)
1830 	MIPS_SYS(sys_rename	, 2)
1831 	MIPS_SYS(sys_mkdir	, 2)
1832 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
1833 	MIPS_SYS(sys_dup		, 1)
1834 	MIPS_SYS(sys_pipe	, 0)
1835 	MIPS_SYS(sys_times	, 1)
1836 	MIPS_SYS(sys_ni_syscall	, 0)
1837 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
1838 	MIPS_SYS(sys_setgid	, 1)
1839 	MIPS_SYS(sys_getgid	, 0)
1840 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
1841 	MIPS_SYS(sys_geteuid	, 0)
1842 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
1843 	MIPS_SYS(sys_acct	, 0)
1844 	MIPS_SYS(sys_umount2	, 2)
1845 	MIPS_SYS(sys_ni_syscall	, 0)
1846 	MIPS_SYS(sys_ioctl	, 3)
1847 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
1848 	MIPS_SYS(sys_ni_syscall	, 2)
1849 	MIPS_SYS(sys_setpgid	, 2)
1850 	MIPS_SYS(sys_ni_syscall	, 0)
1851 	MIPS_SYS(sys_olduname	, 1)
1852 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
1853 	MIPS_SYS(sys_chroot	, 1)
1854 	MIPS_SYS(sys_ustat	, 2)
1855 	MIPS_SYS(sys_dup2	, 2)
1856 	MIPS_SYS(sys_getppid	, 0)
1857 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
1858 	MIPS_SYS(sys_setsid	, 0)
1859 	MIPS_SYS(sys_sigaction	, 3)
1860 	MIPS_SYS(sys_sgetmask	, 0)
1861 	MIPS_SYS(sys_ssetmask	, 1)
1862 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
1863 	MIPS_SYS(sys_setregid	, 2)
1864 	MIPS_SYS(sys_sigsuspend	, 0)
1865 	MIPS_SYS(sys_sigpending	, 1)
1866 	MIPS_SYS(sys_sethostname	, 2)
1867 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
1868 	MIPS_SYS(sys_getrlimit	, 2)
1869 	MIPS_SYS(sys_getrusage	, 2)
1870 	MIPS_SYS(sys_gettimeofday, 2)
1871 	MIPS_SYS(sys_settimeofday, 2)
1872 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
1873 	MIPS_SYS(sys_setgroups	, 2)
1874 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
1875 	MIPS_SYS(sys_symlink	, 2)
1876 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
1877 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
1878 	MIPS_SYS(sys_uselib	, 1)
1879 	MIPS_SYS(sys_swapon	, 2)
1880 	MIPS_SYS(sys_reboot	, 3)
1881 	MIPS_SYS(old_readdir	, 3)
1882 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
1883 	MIPS_SYS(sys_munmap	, 2)
1884 	MIPS_SYS(sys_truncate	, 2)
1885 	MIPS_SYS(sys_ftruncate	, 2)
1886 	MIPS_SYS(sys_fchmod	, 2)
1887 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
1888 	MIPS_SYS(sys_getpriority	, 2)
1889 	MIPS_SYS(sys_setpriority	, 3)
1890 	MIPS_SYS(sys_ni_syscall	, 0)
1891 	MIPS_SYS(sys_statfs	, 2)
1892 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
1893 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
1894 	MIPS_SYS(sys_socketcall	, 2)
1895 	MIPS_SYS(sys_syslog	, 3)
1896 	MIPS_SYS(sys_setitimer	, 3)
1897 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
1898 	MIPS_SYS(sys_newstat	, 2)
1899 	MIPS_SYS(sys_newlstat	, 2)
1900 	MIPS_SYS(sys_newfstat	, 2)
1901 	MIPS_SYS(sys_uname	, 1)
1902 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
1903 	MIPS_SYS(sys_vhangup	, 0)
1904 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
1905 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
1906 	MIPS_SYS(sys_wait4	, 4)
1907 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
1908 	MIPS_SYS(sys_sysinfo	, 1)
1909 	MIPS_SYS(sys_ipc		, 6)
1910 	MIPS_SYS(sys_fsync	, 1)
1911 	MIPS_SYS(sys_sigreturn	, 0)
1912 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
1913 	MIPS_SYS(sys_setdomainname, 2)
1914 	MIPS_SYS(sys_newuname	, 1)
1915 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
1916 	MIPS_SYS(sys_adjtimex	, 1)
1917 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
1918 	MIPS_SYS(sys_sigprocmask	, 3)
1919 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
1920 	MIPS_SYS(sys_init_module	, 5)
1921 	MIPS_SYS(sys_delete_module, 1)
1922 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
1923 	MIPS_SYS(sys_quotactl	, 0)
1924 	MIPS_SYS(sys_getpgid	, 1)
1925 	MIPS_SYS(sys_fchdir	, 1)
1926 	MIPS_SYS(sys_bdflush	, 2)
1927 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
1928 	MIPS_SYS(sys_personality	, 1)
1929 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
1930 	MIPS_SYS(sys_setfsuid	, 1)
1931 	MIPS_SYS(sys_setfsgid	, 1)
1932 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
1933 	MIPS_SYS(sys_getdents	, 3)
1934 	MIPS_SYS(sys_select	, 5)
1935 	MIPS_SYS(sys_flock	, 2)
1936 	MIPS_SYS(sys_msync	, 3)
1937 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
1938 	MIPS_SYS(sys_writev	, 3)
1939 	MIPS_SYS(sys_cacheflush	, 3)
1940 	MIPS_SYS(sys_cachectl	, 3)
1941 	MIPS_SYS(sys_sysmips	, 4)
1942 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
1943 	MIPS_SYS(sys_getsid	, 1)
1944 	MIPS_SYS(sys_fdatasync	, 0)
1945 	MIPS_SYS(sys_sysctl	, 1)
1946 	MIPS_SYS(sys_mlock	, 2)
1947 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
1948 	MIPS_SYS(sys_mlockall	, 1)
1949 	MIPS_SYS(sys_munlockall	, 0)
1950 	MIPS_SYS(sys_sched_setparam, 2)
1951 	MIPS_SYS(sys_sched_getparam, 2)
1952 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
1953 	MIPS_SYS(sys_sched_getscheduler, 1)
1954 	MIPS_SYS(sys_sched_yield	, 0)
1955 	MIPS_SYS(sys_sched_get_priority_max, 1)
1956 	MIPS_SYS(sys_sched_get_priority_min, 1)
1957 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
1958 	MIPS_SYS(sys_nanosleep,	2)
1959 	MIPS_SYS(sys_mremap	, 5)
1960 	MIPS_SYS(sys_accept	, 3)
1961 	MIPS_SYS(sys_bind	, 3)
1962 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
1963 	MIPS_SYS(sys_getpeername	, 3)
1964 	MIPS_SYS(sys_getsockname	, 3)
1965 	MIPS_SYS(sys_getsockopt	, 5)
1966 	MIPS_SYS(sys_listen	, 2)
1967 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
1968 	MIPS_SYS(sys_recvfrom	, 6)
1969 	MIPS_SYS(sys_recvmsg	, 3)
1970 	MIPS_SYS(sys_send	, 4)
1971 	MIPS_SYS(sys_sendmsg	, 3)
1972 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
1973 	MIPS_SYS(sys_setsockopt	, 5)
1974 	MIPS_SYS(sys_shutdown	, 2)
1975 	MIPS_SYS(sys_socket	, 3)
1976 	MIPS_SYS(sys_socketpair	, 4)
1977 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
1978 	MIPS_SYS(sys_getresuid	, 3)
1979 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
1980 	MIPS_SYS(sys_poll	, 3)
1981 	MIPS_SYS(sys_nfsservctl	, 3)
1982 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
1983 	MIPS_SYS(sys_getresgid	, 3)
1984 	MIPS_SYS(sys_prctl	, 5)
1985 	MIPS_SYS(sys_rt_sigreturn, 0)
1986 	MIPS_SYS(sys_rt_sigaction, 4)
1987 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
1988 	MIPS_SYS(sys_rt_sigpending, 2)
1989 	MIPS_SYS(sys_rt_sigtimedwait, 4)
1990 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
1991 	MIPS_SYS(sys_rt_sigsuspend, 0)
1992 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
1993 	MIPS_SYS(sys_pwrite64	, 6)
1994 	MIPS_SYS(sys_chown	, 3)
1995 	MIPS_SYS(sys_getcwd	, 2)
1996 	MIPS_SYS(sys_capget	, 2)
1997 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
1998 	MIPS_SYS(sys_sigaltstack	, 2)
1999 	MIPS_SYS(sys_sendfile	, 4)
2000 	MIPS_SYS(sys_ni_syscall	, 0)
2001 	MIPS_SYS(sys_ni_syscall	, 0)
2002 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
2003 	MIPS_SYS(sys_truncate64	, 4)
2004 	MIPS_SYS(sys_ftruncate64	, 4)
2005 	MIPS_SYS(sys_stat64	, 2)
2006 	MIPS_SYS(sys_lstat64	, 2)
2007 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
2008 	MIPS_SYS(sys_pivot_root	, 2)
2009 	MIPS_SYS(sys_mincore	, 3)
2010 	MIPS_SYS(sys_madvise	, 3)
2011 	MIPS_SYS(sys_getdents64	, 3)
2012 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
2013 	MIPS_SYS(sys_ni_syscall	, 0)
2014 	MIPS_SYS(sys_gettid	, 0)
2015 	MIPS_SYS(sys_readahead	, 5)
2016 	MIPS_SYS(sys_setxattr	, 5)
2017 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
2018 	MIPS_SYS(sys_fsetxattr	, 5)
2019 	MIPS_SYS(sys_getxattr	, 4)
2020 	MIPS_SYS(sys_lgetxattr	, 4)
2021 	MIPS_SYS(sys_fgetxattr	, 4)
2022 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
2023 	MIPS_SYS(sys_llistxattr	, 3)
2024 	MIPS_SYS(sys_flistxattr	, 3)
2025 	MIPS_SYS(sys_removexattr	, 2)
2026 	MIPS_SYS(sys_lremovexattr, 2)
2027 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
2028 	MIPS_SYS(sys_tkill	, 2)
2029 	MIPS_SYS(sys_sendfile64	, 5)
2030 	MIPS_SYS(sys_futex	, 6)
2031 	MIPS_SYS(sys_sched_setaffinity, 3)
2032 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
2033 	MIPS_SYS(sys_io_setup	, 2)
2034 	MIPS_SYS(sys_io_destroy	, 1)
2035 	MIPS_SYS(sys_io_getevents, 5)
2036 	MIPS_SYS(sys_io_submit	, 3)
2037 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
2038 	MIPS_SYS(sys_exit_group	, 1)
2039 	MIPS_SYS(sys_lookup_dcookie, 3)
2040 	MIPS_SYS(sys_epoll_create, 1)
2041 	MIPS_SYS(sys_epoll_ctl	, 4)
2042 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
2043 	MIPS_SYS(sys_remap_file_pages, 5)
2044 	MIPS_SYS(sys_set_tid_address, 1)
2045 	MIPS_SYS(sys_restart_syscall, 0)
2046 	MIPS_SYS(sys_fadvise64_64, 7)
2047 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
2048 	MIPS_SYS(sys_fstatfs64	, 2)
2049 	MIPS_SYS(sys_timer_create, 3)
2050 	MIPS_SYS(sys_timer_settime, 4)
2051 	MIPS_SYS(sys_timer_gettime, 2)
2052 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
2053 	MIPS_SYS(sys_timer_delete, 1)
2054 	MIPS_SYS(sys_clock_settime, 2)
2055 	MIPS_SYS(sys_clock_gettime, 2)
2056 	MIPS_SYS(sys_clock_getres, 2)
2057 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
2058 	MIPS_SYS(sys_tgkill	, 3)
2059 	MIPS_SYS(sys_utimes	, 2)
2060 	MIPS_SYS(sys_mbind	, 4)
2061 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
2062 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
2063 	MIPS_SYS(sys_mq_open	, 4)
2064 	MIPS_SYS(sys_mq_unlink	, 1)
2065 	MIPS_SYS(sys_mq_timedsend, 5)
2066 	MIPS_SYS(sys_mq_timedreceive, 5)
2067 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
2068 	MIPS_SYS(sys_mq_getsetattr, 3)
2069 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
2070 	MIPS_SYS(sys_waitid	, 4)
2071 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
2072 	MIPS_SYS(sys_add_key	, 5)
2073 	MIPS_SYS(sys_request_key, 4)
2074 	MIPS_SYS(sys_keyctl	, 5)
2075 	MIPS_SYS(sys_set_thread_area, 1)
2076 	MIPS_SYS(sys_inotify_init, 0)
2077 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
2078 	MIPS_SYS(sys_inotify_rm_watch, 2)
2079 	MIPS_SYS(sys_migrate_pages, 4)
2080 	MIPS_SYS(sys_openat, 4)
2081 	MIPS_SYS(sys_mkdirat, 3)
2082 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
2083 	MIPS_SYS(sys_fchownat, 5)
2084 	MIPS_SYS(sys_futimesat, 3)
2085 	MIPS_SYS(sys_fstatat64, 4)
2086 	MIPS_SYS(sys_unlinkat, 3)
2087 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
2088 	MIPS_SYS(sys_linkat, 5)
2089 	MIPS_SYS(sys_symlinkat, 3)
2090 	MIPS_SYS(sys_readlinkat, 4)
2091 	MIPS_SYS(sys_fchmodat, 3)
2092 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
2093 	MIPS_SYS(sys_pselect6, 6)
2094 	MIPS_SYS(sys_ppoll, 5)
2095 	MIPS_SYS(sys_unshare, 1)
2096 	MIPS_SYS(sys_splice, 6)
2097 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
2098 	MIPS_SYS(sys_tee, 4)
2099 	MIPS_SYS(sys_vmsplice, 4)
2100 	MIPS_SYS(sys_move_pages, 6)
2101 	MIPS_SYS(sys_set_robust_list, 2)
2102 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
2103 	MIPS_SYS(sys_kexec_load, 4)
2104 	MIPS_SYS(sys_getcpu, 3)
2105 	MIPS_SYS(sys_epoll_pwait, 6)
2106 	MIPS_SYS(sys_ioprio_set, 3)
2107 	MIPS_SYS(sys_ioprio_get, 2)
2108         MIPS_SYS(sys_utimensat, 4)
2109         MIPS_SYS(sys_signalfd, 3)
2110         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
2111         MIPS_SYS(sys_eventfd, 1)
2112         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
2113         MIPS_SYS(sys_timerfd_create, 2)
2114         MIPS_SYS(sys_timerfd_gettime, 2)
2115         MIPS_SYS(sys_timerfd_settime, 4)
2116         MIPS_SYS(sys_signalfd4, 4)
2117         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
2118         MIPS_SYS(sys_epoll_create1, 1)
2119         MIPS_SYS(sys_dup3, 3)
2120         MIPS_SYS(sys_pipe2, 2)
2121         MIPS_SYS(sys_inotify_init1, 1)
2122         MIPS_SYS(sys_preadv, 5)         /* 4330 */
2123         MIPS_SYS(sys_pwritev, 5)
2124         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
2125         MIPS_SYS(sys_perf_event_open, 5)
2126         MIPS_SYS(sys_accept4, 4)
2127         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
2128         MIPS_SYS(sys_fanotify_init, 2)
2129         MIPS_SYS(sys_fanotify_mark, 6)
2130         MIPS_SYS(sys_prlimit64, 4)
2131         MIPS_SYS(sys_name_to_handle_at, 5)
2132         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
2133         MIPS_SYS(sys_clock_adjtime, 2)
2134         MIPS_SYS(sys_syncfs, 1)
2135         MIPS_SYS(sys_sendmmsg, 4)
2136         MIPS_SYS(sys_setns, 2)
2137         MIPS_SYS(sys_process_vm_readv, 6) /* 345 */
2138         MIPS_SYS(sys_process_vm_writev, 6)
2139         MIPS_SYS(sys_kcmp, 5)
2140         MIPS_SYS(sys_finit_module, 3)
2141         MIPS_SYS(sys_sched_setattr, 2)
2142         MIPS_SYS(sys_sched_getattr, 3)  /* 350 */
2143         MIPS_SYS(sys_renameat2, 5)
2144         MIPS_SYS(sys_seccomp, 3)
2145         MIPS_SYS(sys_getrandom, 3)
2146         MIPS_SYS(sys_memfd_create, 2)
2147         MIPS_SYS(sys_bpf, 3)            /* 355 */
2148         MIPS_SYS(sys_execveat, 5)
2149         MIPS_SYS(sys_userfaultfd, 1)
2150         MIPS_SYS(sys_membarrier, 2)
2151         MIPS_SYS(sys_mlock2, 3)
2152         MIPS_SYS(sys_copy_file_range, 6) /* 360 */
2153         MIPS_SYS(sys_preadv2, 6)
2154         MIPS_SYS(sys_pwritev2, 6)
2155 };
2156 #  undef MIPS_SYS
2157 # endif /* O32 */
2158 
2159 static int do_store_exclusive(CPUMIPSState *env)
2160 {
2161     target_ulong addr;
2162     target_ulong page_addr;
2163     target_ulong val;
2164     int flags;
2165     int segv = 0;
2166     int reg;
2167     int d;
2168 
2169     addr = env->lladdr;
2170     page_addr = addr & TARGET_PAGE_MASK;
2171     start_exclusive();
2172     mmap_lock();
2173     flags = page_get_flags(page_addr);
2174     if ((flags & PAGE_READ) == 0) {
2175         segv = 1;
2176     } else {
2177         reg = env->llreg & 0x1f;
2178         d = (env->llreg & 0x20) != 0;
2179         if (d) {
2180             segv = get_user_s64(val, addr);
2181         } else {
2182             segv = get_user_s32(val, addr);
2183         }
2184         if (!segv) {
2185             if (val != env->llval) {
2186                 env->active_tc.gpr[reg] = 0;
2187             } else {
2188                 if (d) {
2189                     segv = put_user_u64(env->llnewval, addr);
2190                 } else {
2191                     segv = put_user_u32(env->llnewval, addr);
2192                 }
2193                 if (!segv) {
2194                     env->active_tc.gpr[reg] = 1;
2195                 }
2196             }
2197         }
2198     }
2199     env->lladdr = -1;
2200     if (!segv) {
2201         env->active_tc.PC += 4;
2202     }
2203     mmap_unlock();
2204     end_exclusive();
2205     return segv;
2206 }
2207 
2208 /* Break codes */
2209 enum {
2210     BRK_OVERFLOW = 6,
2211     BRK_DIVZERO = 7
2212 };
2213 
2214 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
2215                     unsigned int code)
2216 {
2217     int ret = -1;
2218 
2219     switch (code) {
2220     case BRK_OVERFLOW:
2221     case BRK_DIVZERO:
2222         info->si_signo = TARGET_SIGFPE;
2223         info->si_errno = 0;
2224         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
2225         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2226         ret = 0;
2227         break;
2228     default:
2229         info->si_signo = TARGET_SIGTRAP;
2230         info->si_errno = 0;
2231         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2232         ret = 0;
2233         break;
2234     }
2235 
2236     return ret;
2237 }
2238 
2239 void cpu_loop(CPUMIPSState *env)
2240 {
2241     CPUState *cs = CPU(mips_env_get_cpu(env));
2242     target_siginfo_t info;
2243     int trapnr;
2244     abi_long ret;
2245 # ifdef TARGET_ABI_MIPSO32
2246     unsigned int syscall_num;
2247 # endif
2248 
2249     for(;;) {
2250         cpu_exec_start(cs);
2251         trapnr = cpu_exec(cs);
2252         cpu_exec_end(cs);
2253         process_queued_cpu_work(cs);
2254 
2255         switch(trapnr) {
2256         case EXCP_SYSCALL:
2257             env->active_tc.PC += 4;
2258 # ifdef TARGET_ABI_MIPSO32
2259             syscall_num = env->active_tc.gpr[2] - 4000;
2260             if (syscall_num >= sizeof(mips_syscall_args)) {
2261                 ret = -TARGET_ENOSYS;
2262             } else {
2263                 int nb_args;
2264                 abi_ulong sp_reg;
2265                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
2266 
2267                 nb_args = mips_syscall_args[syscall_num];
2268                 sp_reg = env->active_tc.gpr[29];
2269                 switch (nb_args) {
2270                 /* these arguments are taken from the stack */
2271                 case 8:
2272                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
2273                         goto done_syscall;
2274                     }
2275                 case 7:
2276                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
2277                         goto done_syscall;
2278                     }
2279                 case 6:
2280                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
2281                         goto done_syscall;
2282                     }
2283                 case 5:
2284                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
2285                         goto done_syscall;
2286                     }
2287                 default:
2288                     break;
2289                 }
2290                 ret = do_syscall(env, env->active_tc.gpr[2],
2291                                  env->active_tc.gpr[4],
2292                                  env->active_tc.gpr[5],
2293                                  env->active_tc.gpr[6],
2294                                  env->active_tc.gpr[7],
2295                                  arg5, arg6, arg7, arg8);
2296             }
2297 done_syscall:
2298 # else
2299             ret = do_syscall(env, env->active_tc.gpr[2],
2300                              env->active_tc.gpr[4], env->active_tc.gpr[5],
2301                              env->active_tc.gpr[6], env->active_tc.gpr[7],
2302                              env->active_tc.gpr[8], env->active_tc.gpr[9],
2303                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
2304 # endif /* O32 */
2305             if (ret == -TARGET_ERESTARTSYS) {
2306                 env->active_tc.PC -= 4;
2307                 break;
2308             }
2309             if (ret == -TARGET_QEMU_ESIGRETURN) {
2310                 /* Returning from a successful sigreturn syscall.
2311                    Avoid clobbering register state.  */
2312                 break;
2313             }
2314             if ((abi_ulong)ret >= (abi_ulong)-1133) {
2315                 env->active_tc.gpr[7] = 1; /* error flag */
2316                 ret = -ret;
2317             } else {
2318                 env->active_tc.gpr[7] = 0; /* error flag */
2319             }
2320             env->active_tc.gpr[2] = ret;
2321             break;
2322         case EXCP_TLBL:
2323         case EXCP_TLBS:
2324         case EXCP_AdEL:
2325         case EXCP_AdES:
2326             info.si_signo = TARGET_SIGSEGV;
2327             info.si_errno = 0;
2328             /* XXX: check env->error_code */
2329             info.si_code = TARGET_SEGV_MAPERR;
2330             info._sifields._sigfault._addr = env->CP0_BadVAddr;
2331             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2332             break;
2333         case EXCP_CpU:
2334         case EXCP_RI:
2335             info.si_signo = TARGET_SIGILL;
2336             info.si_errno = 0;
2337             info.si_code = 0;
2338             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2339             break;
2340         case EXCP_INTERRUPT:
2341             /* just indicate that signals should be handled asap */
2342             break;
2343         case EXCP_DEBUG:
2344             {
2345                 int sig;
2346 
2347                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2348                 if (sig)
2349                   {
2350                     info.si_signo = sig;
2351                     info.si_errno = 0;
2352                     info.si_code = TARGET_TRAP_BRKPT;
2353                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2354                   }
2355             }
2356             break;
2357         case EXCP_SC:
2358             if (do_store_exclusive(env)) {
2359                 info.si_signo = TARGET_SIGSEGV;
2360                 info.si_errno = 0;
2361                 info.si_code = TARGET_SEGV_MAPERR;
2362                 info._sifields._sigfault._addr = env->active_tc.PC;
2363                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2364             }
2365             break;
2366         case EXCP_DSPDIS:
2367             info.si_signo = TARGET_SIGILL;
2368             info.si_errno = 0;
2369             info.si_code = TARGET_ILL_ILLOPC;
2370             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2371             break;
2372         /* The code below was inspired by the MIPS Linux kernel trap
2373          * handling code in arch/mips/kernel/traps.c.
2374          */
2375         case EXCP_BREAK:
2376             {
2377                 abi_ulong trap_instr;
2378                 unsigned int code;
2379 
2380                 if (env->hflags & MIPS_HFLAG_M16) {
2381                     if (env->insn_flags & ASE_MICROMIPS) {
2382                         /* microMIPS mode */
2383                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2384                         if (ret != 0) {
2385                             goto error;
2386                         }
2387 
2388                         if ((trap_instr >> 10) == 0x11) {
2389                             /* 16-bit instruction */
2390                             code = trap_instr & 0xf;
2391                         } else {
2392                             /* 32-bit instruction */
2393                             abi_ulong instr_lo;
2394 
2395                             ret = get_user_u16(instr_lo,
2396                                                env->active_tc.PC + 2);
2397                             if (ret != 0) {
2398                                 goto error;
2399                             }
2400                             trap_instr = (trap_instr << 16) | instr_lo;
2401                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
2402                             /* Unfortunately, microMIPS also suffers from
2403                                the old assembler bug...  */
2404                             if (code >= (1 << 10)) {
2405                                 code >>= 10;
2406                             }
2407                         }
2408                     } else {
2409                         /* MIPS16e mode */
2410                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2411                         if (ret != 0) {
2412                             goto error;
2413                         }
2414                         code = (trap_instr >> 6) & 0x3f;
2415                     }
2416                 } else {
2417                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2418                     if (ret != 0) {
2419                         goto error;
2420                     }
2421 
2422                     /* As described in the original Linux kernel code, the
2423                      * below checks on 'code' are to work around an old
2424                      * assembly bug.
2425                      */
2426                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
2427                     if (code >= (1 << 10)) {
2428                         code >>= 10;
2429                     }
2430                 }
2431 
2432                 if (do_break(env, &info, code) != 0) {
2433                     goto error;
2434                 }
2435             }
2436             break;
2437         case EXCP_TRAP:
2438             {
2439                 abi_ulong trap_instr;
2440                 unsigned int code = 0;
2441 
2442                 if (env->hflags & MIPS_HFLAG_M16) {
2443                     /* microMIPS mode */
2444                     abi_ulong instr[2];
2445 
2446                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
2447                           get_user_u16(instr[1], env->active_tc.PC + 2);
2448 
2449                     trap_instr = (instr[0] << 16) | instr[1];
2450                 } else {
2451                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2452                 }
2453 
2454                 if (ret != 0) {
2455                     goto error;
2456                 }
2457 
2458                 /* The immediate versions don't provide a code.  */
2459                 if (!(trap_instr & 0xFC000000)) {
2460                     if (env->hflags & MIPS_HFLAG_M16) {
2461                         /* microMIPS mode */
2462                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
2463                     } else {
2464                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
2465                     }
2466                 }
2467 
2468                 if (do_break(env, &info, code) != 0) {
2469                     goto error;
2470                 }
2471             }
2472             break;
2473         case EXCP_ATOMIC:
2474             cpu_exec_step_atomic(cs);
2475             break;
2476         default:
2477 error:
2478             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
2479             abort();
2480         }
2481         process_pending_signals(env);
2482     }
2483 }
2484 #endif
2485 
2486 #ifdef TARGET_NIOS2
2487 
2488 void cpu_loop(CPUNios2State *env)
2489 {
2490     CPUState *cs = ENV_GET_CPU(env);
2491     Nios2CPU *cpu = NIOS2_CPU(cs);
2492     target_siginfo_t info;
2493     int trapnr, gdbsig, ret;
2494 
2495     for (;;) {
2496         cpu_exec_start(cs);
2497         trapnr = cpu_exec(cs);
2498         cpu_exec_end(cs);
2499         gdbsig = 0;
2500 
2501         switch (trapnr) {
2502         case EXCP_INTERRUPT:
2503             /* just indicate that signals should be handled asap */
2504             break;
2505         case EXCP_TRAP:
2506             if (env->regs[R_AT] == 0) {
2507                 abi_long ret;
2508                 qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
2509 
2510                 ret = do_syscall(env, env->regs[2],
2511                                  env->regs[4], env->regs[5], env->regs[6],
2512                                  env->regs[7], env->regs[8], env->regs[9],
2513                                  0, 0);
2514 
2515                 if (env->regs[2] == 0) {    /* FIXME: syscall 0 workaround */
2516                     ret = 0;
2517                 }
2518 
2519                 env->regs[2] = abs(ret);
2520                 /* Return value is 0..4096 */
2521                 env->regs[7] = (ret > 0xfffffffffffff000ULL);
2522                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2523                 env->regs[CR_STATUS] &= ~0x3;
2524                 env->regs[R_EA] = env->regs[R_PC] + 4;
2525                 env->regs[R_PC] += 4;
2526                 break;
2527             } else {
2528                 qemu_log_mask(CPU_LOG_INT, "\nTrap\n");
2529 
2530                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2531                 env->regs[CR_STATUS] &= ~0x3;
2532                 env->regs[R_EA] = env->regs[R_PC] + 4;
2533                 env->regs[R_PC] = cpu->exception_addr;
2534 
2535                 gdbsig = TARGET_SIGTRAP;
2536                 break;
2537             }
2538         case 0xaa:
2539             switch (env->regs[R_PC]) {
2540             /*case 0x1000:*/  /* TODO:__kuser_helper_version */
2541             case 0x1004:      /* __kuser_cmpxchg */
2542                 start_exclusive();
2543                 if (env->regs[4] & 0x3) {
2544                     goto kuser_fail;
2545                 }
2546                 ret = get_user_u32(env->regs[2], env->regs[4]);
2547                 if (ret) {
2548                     end_exclusive();
2549                     goto kuser_fail;
2550                 }
2551                 env->regs[2] -= env->regs[5];
2552                 if (env->regs[2] == 0) {
2553                     put_user_u32(env->regs[6], env->regs[4]);
2554                 }
2555                 end_exclusive();
2556                 env->regs[R_PC] = env->regs[R_RA];
2557                 break;
2558             /*case 0x1040:*/  /* TODO:__kuser_sigtramp */
2559             default:
2560                 ;
2561 kuser_fail:
2562                 info.si_signo = TARGET_SIGSEGV;
2563                 info.si_errno = 0;
2564                 /* TODO: check env->error_code */
2565                 info.si_code = TARGET_SEGV_MAPERR;
2566                 info._sifields._sigfault._addr = env->regs[R_PC];
2567                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2568             }
2569             break;
2570         default:
2571             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
2572                      trapnr);
2573             gdbsig = TARGET_SIGILL;
2574             break;
2575         }
2576         if (gdbsig) {
2577             gdb_handlesig(cs, gdbsig);
2578             if (gdbsig != TARGET_SIGTRAP) {
2579                 exit(EXIT_FAILURE);
2580             }
2581         }
2582 
2583         process_pending_signals(env);
2584     }
2585 }
2586 
2587 #endif /* TARGET_NIOS2 */
2588 
2589 #ifdef TARGET_OPENRISC
2590 
2591 void cpu_loop(CPUOpenRISCState *env)
2592 {
2593     CPUState *cs = CPU(openrisc_env_get_cpu(env));
2594     int trapnr;
2595     abi_long ret;
2596     target_siginfo_t info;
2597 
2598     for (;;) {
2599         cpu_exec_start(cs);
2600         trapnr = cpu_exec(cs);
2601         cpu_exec_end(cs);
2602         process_queued_cpu_work(cs);
2603 
2604         switch (trapnr) {
2605         case EXCP_SYSCALL:
2606             env->pc += 4;   /* 0xc00; */
2607             ret = do_syscall(env,
2608                              cpu_get_gpr(env, 11), /* return value       */
2609                              cpu_get_gpr(env, 3),  /* r3 - r7 are params */
2610                              cpu_get_gpr(env, 4),
2611                              cpu_get_gpr(env, 5),
2612                              cpu_get_gpr(env, 6),
2613                              cpu_get_gpr(env, 7),
2614                              cpu_get_gpr(env, 8), 0, 0);
2615             if (ret == -TARGET_ERESTARTSYS) {
2616                 env->pc -= 4;
2617             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2618                 cpu_set_gpr(env, 11, ret);
2619             }
2620             break;
2621         case EXCP_DPF:
2622         case EXCP_IPF:
2623         case EXCP_RANGE:
2624             info.si_signo = TARGET_SIGSEGV;
2625             info.si_errno = 0;
2626             info.si_code = TARGET_SEGV_MAPERR;
2627             info._sifields._sigfault._addr = env->pc;
2628             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2629             break;
2630         case EXCP_ALIGN:
2631             info.si_signo = TARGET_SIGBUS;
2632             info.si_errno = 0;
2633             info.si_code = TARGET_BUS_ADRALN;
2634             info._sifields._sigfault._addr = env->pc;
2635             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2636             break;
2637         case EXCP_ILLEGAL:
2638             info.si_signo = TARGET_SIGILL;
2639             info.si_errno = 0;
2640             info.si_code = TARGET_ILL_ILLOPC;
2641             info._sifields._sigfault._addr = env->pc;
2642             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2643             break;
2644         case EXCP_FPE:
2645             info.si_signo = TARGET_SIGFPE;
2646             info.si_errno = 0;
2647             info.si_code = 0;
2648             info._sifields._sigfault._addr = env->pc;
2649             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2650             break;
2651         case EXCP_INTERRUPT:
2652             /* We processed the pending cpu work above.  */
2653             break;
2654         case EXCP_DEBUG:
2655             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
2656             if (trapnr) {
2657                 info.si_signo = trapnr;
2658                 info.si_errno = 0;
2659                 info.si_code = TARGET_TRAP_BRKPT;
2660                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2661             }
2662             break;
2663         case EXCP_ATOMIC:
2664             cpu_exec_step_atomic(cs);
2665             break;
2666         default:
2667             g_assert_not_reached();
2668         }
2669         process_pending_signals(env);
2670     }
2671 }
2672 
2673 #endif /* TARGET_OPENRISC */
2674 
2675 #ifdef TARGET_SH4
2676 void cpu_loop(CPUSH4State *env)
2677 {
2678     CPUState *cs = CPU(sh_env_get_cpu(env));
2679     int trapnr, ret;
2680     target_siginfo_t info;
2681 
2682     while (1) {
2683         cpu_exec_start(cs);
2684         trapnr = cpu_exec(cs);
2685         cpu_exec_end(cs);
2686         process_queued_cpu_work(cs);
2687 
2688         switch (trapnr) {
2689         case 0x160:
2690             env->pc += 2;
2691             ret = do_syscall(env,
2692                              env->gregs[3],
2693                              env->gregs[4],
2694                              env->gregs[5],
2695                              env->gregs[6],
2696                              env->gregs[7],
2697                              env->gregs[0],
2698                              env->gregs[1],
2699                              0, 0);
2700             if (ret == -TARGET_ERESTARTSYS) {
2701                 env->pc -= 2;
2702             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2703                 env->gregs[0] = ret;
2704             }
2705             break;
2706         case EXCP_INTERRUPT:
2707             /* just indicate that signals should be handled asap */
2708             break;
2709         case EXCP_DEBUG:
2710             {
2711                 int sig;
2712 
2713                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2714                 if (sig)
2715                   {
2716                     info.si_signo = sig;
2717                     info.si_errno = 0;
2718                     info.si_code = TARGET_TRAP_BRKPT;
2719                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2720                   }
2721             }
2722             break;
2723 	case 0xa0:
2724 	case 0xc0:
2725             info.si_signo = TARGET_SIGSEGV;
2726             info.si_errno = 0;
2727             info.si_code = TARGET_SEGV_MAPERR;
2728             info._sifields._sigfault._addr = env->tea;
2729             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2730 	    break;
2731 
2732         case EXCP_ATOMIC:
2733             cpu_exec_step_atomic(cs);
2734             break;
2735         default:
2736             printf ("Unhandled trap: 0x%x\n", trapnr);
2737             cpu_dump_state(cs, stderr, fprintf, 0);
2738             exit(EXIT_FAILURE);
2739         }
2740         process_pending_signals (env);
2741     }
2742 }
2743 #endif
2744 
2745 #ifdef TARGET_CRIS
2746 void cpu_loop(CPUCRISState *env)
2747 {
2748     CPUState *cs = CPU(cris_env_get_cpu(env));
2749     int trapnr, ret;
2750     target_siginfo_t info;
2751 
2752     while (1) {
2753         cpu_exec_start(cs);
2754         trapnr = cpu_exec(cs);
2755         cpu_exec_end(cs);
2756         process_queued_cpu_work(cs);
2757 
2758         switch (trapnr) {
2759         case 0xaa:
2760             {
2761                 info.si_signo = TARGET_SIGSEGV;
2762                 info.si_errno = 0;
2763                 /* XXX: check env->error_code */
2764                 info.si_code = TARGET_SEGV_MAPERR;
2765                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
2766                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2767             }
2768             break;
2769 	case EXCP_INTERRUPT:
2770 	  /* just indicate that signals should be handled asap */
2771 	  break;
2772         case EXCP_BREAK:
2773             ret = do_syscall(env,
2774                              env->regs[9],
2775                              env->regs[10],
2776                              env->regs[11],
2777                              env->regs[12],
2778                              env->regs[13],
2779                              env->pregs[7],
2780                              env->pregs[11],
2781                              0, 0);
2782             if (ret == -TARGET_ERESTARTSYS) {
2783                 env->pc -= 2;
2784             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2785                 env->regs[10] = ret;
2786             }
2787             break;
2788         case EXCP_DEBUG:
2789             {
2790                 int sig;
2791 
2792                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2793                 if (sig)
2794                   {
2795                     info.si_signo = sig;
2796                     info.si_errno = 0;
2797                     info.si_code = TARGET_TRAP_BRKPT;
2798                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2799                   }
2800             }
2801             break;
2802         case EXCP_ATOMIC:
2803             cpu_exec_step_atomic(cs);
2804             break;
2805         default:
2806             printf ("Unhandled trap: 0x%x\n", trapnr);
2807             cpu_dump_state(cs, stderr, fprintf, 0);
2808             exit(EXIT_FAILURE);
2809         }
2810         process_pending_signals (env);
2811     }
2812 }
2813 #endif
2814 
2815 #ifdef TARGET_MICROBLAZE
2816 void cpu_loop(CPUMBState *env)
2817 {
2818     CPUState *cs = CPU(mb_env_get_cpu(env));
2819     int trapnr, ret;
2820     target_siginfo_t info;
2821 
2822     while (1) {
2823         cpu_exec_start(cs);
2824         trapnr = cpu_exec(cs);
2825         cpu_exec_end(cs);
2826         process_queued_cpu_work(cs);
2827 
2828         switch (trapnr) {
2829         case 0xaa:
2830             {
2831                 info.si_signo = TARGET_SIGSEGV;
2832                 info.si_errno = 0;
2833                 /* XXX: check env->error_code */
2834                 info.si_code = TARGET_SEGV_MAPERR;
2835                 info._sifields._sigfault._addr = 0;
2836                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2837             }
2838             break;
2839 	case EXCP_INTERRUPT:
2840 	  /* just indicate that signals should be handled asap */
2841 	  break;
2842         case EXCP_BREAK:
2843             /* Return address is 4 bytes after the call.  */
2844             env->regs[14] += 4;
2845             env->sregs[SR_PC] = env->regs[14];
2846             ret = do_syscall(env,
2847                              env->regs[12],
2848                              env->regs[5],
2849                              env->regs[6],
2850                              env->regs[7],
2851                              env->regs[8],
2852                              env->regs[9],
2853                              env->regs[10],
2854                              0, 0);
2855             if (ret == -TARGET_ERESTARTSYS) {
2856                 /* Wind back to before the syscall. */
2857                 env->sregs[SR_PC] -= 4;
2858             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2859                 env->regs[3] = ret;
2860             }
2861             /* All syscall exits result in guest r14 being equal to the
2862              * PC we return to, because the kernel syscall exit "rtbd" does
2863              * this. (This is true even for sigreturn(); note that r14 is
2864              * not a userspace-usable register, as the kernel may clobber it
2865              * at any point.)
2866              */
2867             env->regs[14] = env->sregs[SR_PC];
2868             break;
2869         case EXCP_HW_EXCP:
2870             env->regs[17] = env->sregs[SR_PC] + 4;
2871             if (env->iflags & D_FLAG) {
2872                 env->sregs[SR_ESR] |= 1 << 12;
2873                 env->sregs[SR_PC] -= 4;
2874                 /* FIXME: if branch was immed, replay the imm as well.  */
2875             }
2876 
2877             env->iflags &= ~(IMM_FLAG | D_FLAG);
2878 
2879             switch (env->sregs[SR_ESR] & 31) {
2880                 case ESR_EC_DIVZERO:
2881                     info.si_signo = TARGET_SIGFPE;
2882                     info.si_errno = 0;
2883                     info.si_code = TARGET_FPE_FLTDIV;
2884                     info._sifields._sigfault._addr = 0;
2885                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2886                     break;
2887                 case ESR_EC_FPU:
2888                     info.si_signo = TARGET_SIGFPE;
2889                     info.si_errno = 0;
2890                     if (env->sregs[SR_FSR] & FSR_IO) {
2891                         info.si_code = TARGET_FPE_FLTINV;
2892                     }
2893                     if (env->sregs[SR_FSR] & FSR_DZ) {
2894                         info.si_code = TARGET_FPE_FLTDIV;
2895                     }
2896                     info._sifields._sigfault._addr = 0;
2897                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2898                     break;
2899                 default:
2900                     printf ("Unhandled hw-exception: 0x%x\n",
2901                             env->sregs[SR_ESR] & ESR_EC_MASK);
2902                     cpu_dump_state(cs, stderr, fprintf, 0);
2903                     exit(EXIT_FAILURE);
2904                     break;
2905             }
2906             break;
2907         case EXCP_DEBUG:
2908             {
2909                 int sig;
2910 
2911                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2912                 if (sig)
2913                   {
2914                     info.si_signo = sig;
2915                     info.si_errno = 0;
2916                     info.si_code = TARGET_TRAP_BRKPT;
2917                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2918                   }
2919             }
2920             break;
2921         case EXCP_ATOMIC:
2922             cpu_exec_step_atomic(cs);
2923             break;
2924         default:
2925             printf ("Unhandled trap: 0x%x\n", trapnr);
2926             cpu_dump_state(cs, stderr, fprintf, 0);
2927             exit(EXIT_FAILURE);
2928         }
2929         process_pending_signals (env);
2930     }
2931 }
2932 #endif
2933 
2934 #ifdef TARGET_M68K
2935 
2936 void cpu_loop(CPUM68KState *env)
2937 {
2938     CPUState *cs = CPU(m68k_env_get_cpu(env));
2939     int trapnr;
2940     unsigned int n;
2941     target_siginfo_t info;
2942     TaskState *ts = cs->opaque;
2943 
2944     for(;;) {
2945         cpu_exec_start(cs);
2946         trapnr = cpu_exec(cs);
2947         cpu_exec_end(cs);
2948         process_queued_cpu_work(cs);
2949 
2950         switch(trapnr) {
2951         case EXCP_ILLEGAL:
2952             {
2953                 if (ts->sim_syscalls) {
2954                     uint16_t nr;
2955                     get_user_u16(nr, env->pc + 2);
2956                     env->pc += 4;
2957                     do_m68k_simcall(env, nr);
2958                 } else {
2959                     goto do_sigill;
2960                 }
2961             }
2962             break;
2963         case EXCP_HALT_INSN:
2964             /* Semihosing syscall.  */
2965             env->pc += 4;
2966             do_m68k_semihosting(env, env->dregs[0]);
2967             break;
2968         case EXCP_LINEA:
2969         case EXCP_LINEF:
2970         case EXCP_UNSUPPORTED:
2971         do_sigill:
2972             info.si_signo = TARGET_SIGILL;
2973             info.si_errno = 0;
2974             info.si_code = TARGET_ILL_ILLOPN;
2975             info._sifields._sigfault._addr = env->pc;
2976             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2977             break;
2978         case EXCP_DIV0:
2979             info.si_signo = TARGET_SIGFPE;
2980             info.si_errno = 0;
2981             info.si_code = TARGET_FPE_INTDIV;
2982             info._sifields._sigfault._addr = env->pc;
2983             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2984             break;
2985         case EXCP_TRAP0:
2986             {
2987                 abi_long ret;
2988                 ts->sim_syscalls = 0;
2989                 n = env->dregs[0];
2990                 env->pc += 2;
2991                 ret = do_syscall(env,
2992                                  n,
2993                                  env->dregs[1],
2994                                  env->dregs[2],
2995                                  env->dregs[3],
2996                                  env->dregs[4],
2997                                  env->dregs[5],
2998                                  env->aregs[0],
2999                                  0, 0);
3000                 if (ret == -TARGET_ERESTARTSYS) {
3001                     env->pc -= 2;
3002                 } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3003                     env->dregs[0] = ret;
3004                 }
3005             }
3006             break;
3007         case EXCP_INTERRUPT:
3008             /* just indicate that signals should be handled asap */
3009             break;
3010         case EXCP_ACCESS:
3011             {
3012                 info.si_signo = TARGET_SIGSEGV;
3013                 info.si_errno = 0;
3014                 /* XXX: check env->error_code */
3015                 info.si_code = TARGET_SEGV_MAPERR;
3016                 info._sifields._sigfault._addr = env->mmu.ar;
3017                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3018             }
3019             break;
3020         case EXCP_DEBUG:
3021             {
3022                 int sig;
3023 
3024                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3025                 if (sig)
3026                   {
3027                     info.si_signo = sig;
3028                     info.si_errno = 0;
3029                     info.si_code = TARGET_TRAP_BRKPT;
3030                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3031                   }
3032             }
3033             break;
3034         case EXCP_ATOMIC:
3035             cpu_exec_step_atomic(cs);
3036             break;
3037         default:
3038             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
3039             abort();
3040         }
3041         process_pending_signals(env);
3042     }
3043 }
3044 #endif /* TARGET_M68K */
3045 
3046 #ifdef TARGET_ALPHA
3047 void cpu_loop(CPUAlphaState *env)
3048 {
3049     CPUState *cs = CPU(alpha_env_get_cpu(env));
3050     int trapnr;
3051     target_siginfo_t info;
3052     abi_long sysret;
3053 
3054     while (1) {
3055         bool arch_interrupt = true;
3056 
3057         cpu_exec_start(cs);
3058         trapnr = cpu_exec(cs);
3059         cpu_exec_end(cs);
3060         process_queued_cpu_work(cs);
3061 
3062         switch (trapnr) {
3063         case EXCP_RESET:
3064             fprintf(stderr, "Reset requested. Exit\n");
3065             exit(EXIT_FAILURE);
3066             break;
3067         case EXCP_MCHK:
3068             fprintf(stderr, "Machine check exception. Exit\n");
3069             exit(EXIT_FAILURE);
3070             break;
3071         case EXCP_SMP_INTERRUPT:
3072         case EXCP_CLK_INTERRUPT:
3073         case EXCP_DEV_INTERRUPT:
3074             fprintf(stderr, "External interrupt. Exit\n");
3075             exit(EXIT_FAILURE);
3076             break;
3077         case EXCP_MMFAULT:
3078             info.si_signo = TARGET_SIGSEGV;
3079             info.si_errno = 0;
3080             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
3081                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
3082             info._sifields._sigfault._addr = env->trap_arg0;
3083             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3084             break;
3085         case EXCP_UNALIGN:
3086             info.si_signo = TARGET_SIGBUS;
3087             info.si_errno = 0;
3088             info.si_code = TARGET_BUS_ADRALN;
3089             info._sifields._sigfault._addr = env->trap_arg0;
3090             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3091             break;
3092         case EXCP_OPCDEC:
3093         do_sigill:
3094             info.si_signo = TARGET_SIGILL;
3095             info.si_errno = 0;
3096             info.si_code = TARGET_ILL_ILLOPC;
3097             info._sifields._sigfault._addr = env->pc;
3098             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3099             break;
3100         case EXCP_ARITH:
3101             info.si_signo = TARGET_SIGFPE;
3102             info.si_errno = 0;
3103             info.si_code = TARGET_FPE_FLTINV;
3104             info._sifields._sigfault._addr = env->pc;
3105             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3106             break;
3107         case EXCP_FEN:
3108             /* No-op.  Linux simply re-enables the FPU.  */
3109             break;
3110         case EXCP_CALL_PAL:
3111             switch (env->error_code) {
3112             case 0x80:
3113                 /* BPT */
3114                 info.si_signo = TARGET_SIGTRAP;
3115                 info.si_errno = 0;
3116                 info.si_code = TARGET_TRAP_BRKPT;
3117                 info._sifields._sigfault._addr = env->pc;
3118                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3119                 break;
3120             case 0x81:
3121                 /* BUGCHK */
3122                 info.si_signo = TARGET_SIGTRAP;
3123                 info.si_errno = 0;
3124                 info.si_code = 0;
3125                 info._sifields._sigfault._addr = env->pc;
3126                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3127                 break;
3128             case 0x83:
3129                 /* CALLSYS */
3130                 trapnr = env->ir[IR_V0];
3131                 sysret = do_syscall(env, trapnr,
3132                                     env->ir[IR_A0], env->ir[IR_A1],
3133                                     env->ir[IR_A2], env->ir[IR_A3],
3134                                     env->ir[IR_A4], env->ir[IR_A5],
3135                                     0, 0);
3136                 if (sysret == -TARGET_ERESTARTSYS) {
3137                     env->pc -= 4;
3138                     break;
3139                 }
3140                 if (sysret == -TARGET_QEMU_ESIGRETURN) {
3141                     break;
3142                 }
3143                 /* Syscall writes 0 to V0 to bypass error check, similar
3144                    to how this is handled internal to Linux kernel.
3145                    (Ab)use trapnr temporarily as boolean indicating error.  */
3146                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
3147                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
3148                 env->ir[IR_A3] = trapnr;
3149                 break;
3150             case 0x86:
3151                 /* IMB */
3152                 /* ??? We can probably elide the code using page_unprotect
3153                    that is checking for self-modifying code.  Instead we
3154                    could simply call tb_flush here.  Until we work out the
3155                    changes required to turn off the extra write protection,
3156                    this can be a no-op.  */
3157                 break;
3158             case 0x9E:
3159                 /* RDUNIQUE */
3160                 /* Handled in the translator for usermode.  */
3161                 abort();
3162             case 0x9F:
3163                 /* WRUNIQUE */
3164                 /* Handled in the translator for usermode.  */
3165                 abort();
3166             case 0xAA:
3167                 /* GENTRAP */
3168                 info.si_signo = TARGET_SIGFPE;
3169                 switch (env->ir[IR_A0]) {
3170                 case TARGET_GEN_INTOVF:
3171                     info.si_code = TARGET_FPE_INTOVF;
3172                     break;
3173                 case TARGET_GEN_INTDIV:
3174                     info.si_code = TARGET_FPE_INTDIV;
3175                     break;
3176                 case TARGET_GEN_FLTOVF:
3177                     info.si_code = TARGET_FPE_FLTOVF;
3178                     break;
3179                 case TARGET_GEN_FLTUND:
3180                     info.si_code = TARGET_FPE_FLTUND;
3181                     break;
3182                 case TARGET_GEN_FLTINV:
3183                     info.si_code = TARGET_FPE_FLTINV;
3184                     break;
3185                 case TARGET_GEN_FLTINE:
3186                     info.si_code = TARGET_FPE_FLTRES;
3187                     break;
3188                 case TARGET_GEN_ROPRAND:
3189                     info.si_code = 0;
3190                     break;
3191                 default:
3192                     info.si_signo = TARGET_SIGTRAP;
3193                     info.si_code = 0;
3194                     break;
3195                 }
3196                 info.si_errno = 0;
3197                 info._sifields._sigfault._addr = env->pc;
3198                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3199                 break;
3200             default:
3201                 goto do_sigill;
3202             }
3203             break;
3204         case EXCP_DEBUG:
3205             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
3206             if (info.si_signo) {
3207                 info.si_errno = 0;
3208                 info.si_code = TARGET_TRAP_BRKPT;
3209                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3210             } else {
3211                 arch_interrupt = false;
3212             }
3213             break;
3214         case EXCP_INTERRUPT:
3215             /* Just indicate that signals should be handled asap.  */
3216             break;
3217         case EXCP_ATOMIC:
3218             cpu_exec_step_atomic(cs);
3219             arch_interrupt = false;
3220             break;
3221         default:
3222             printf ("Unhandled trap: 0x%x\n", trapnr);
3223             cpu_dump_state(cs, stderr, fprintf, 0);
3224             exit(EXIT_FAILURE);
3225         }
3226         process_pending_signals (env);
3227 
3228         /* Most of the traps imply a transition through PALcode, which
3229            implies an REI instruction has been executed.  Which means
3230            that RX and LOCK_ADDR should be cleared.  But there are a
3231            few exceptions for traps internal to QEMU.  */
3232         if (arch_interrupt) {
3233             env->flags &= ~ENV_FLAG_RX_FLAG;
3234             env->lock_addr = -1;
3235         }
3236     }
3237 }
3238 #endif /* TARGET_ALPHA */
3239 
3240 #ifdef TARGET_S390X
3241 
3242 /* s390x masks the fault address it reports in si_addr for SIGSEGV and SIGBUS */
3243 #define S390X_FAIL_ADDR_MASK -4096LL
3244 
3245 void cpu_loop(CPUS390XState *env)
3246 {
3247     CPUState *cs = CPU(s390_env_get_cpu(env));
3248     int trapnr, n, sig;
3249     target_siginfo_t info;
3250     target_ulong addr;
3251     abi_long ret;
3252 
3253     while (1) {
3254         cpu_exec_start(cs);
3255         trapnr = cpu_exec(cs);
3256         cpu_exec_end(cs);
3257         process_queued_cpu_work(cs);
3258 
3259         switch (trapnr) {
3260         case EXCP_INTERRUPT:
3261             /* Just indicate that signals should be handled asap.  */
3262             break;
3263 
3264         case EXCP_SVC:
3265             n = env->int_svc_code;
3266             if (!n) {
3267                 /* syscalls > 255 */
3268                 n = env->regs[1];
3269             }
3270             env->psw.addr += env->int_svc_ilen;
3271             ret = do_syscall(env, n, env->regs[2], env->regs[3],
3272                              env->regs[4], env->regs[5],
3273                              env->regs[6], env->regs[7], 0, 0);
3274             if (ret == -TARGET_ERESTARTSYS) {
3275                 env->psw.addr -= env->int_svc_ilen;
3276             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3277                 env->regs[2] = ret;
3278             }
3279             break;
3280 
3281         case EXCP_DEBUG:
3282             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3283             if (sig) {
3284                 n = TARGET_TRAP_BRKPT;
3285                 goto do_signal_pc;
3286             }
3287             break;
3288         case EXCP_PGM:
3289             n = env->int_pgm_code;
3290             switch (n) {
3291             case PGM_OPERATION:
3292             case PGM_PRIVILEGED:
3293                 sig = TARGET_SIGILL;
3294                 n = TARGET_ILL_ILLOPC;
3295                 goto do_signal_pc;
3296             case PGM_PROTECTION:
3297             case PGM_ADDRESSING:
3298                 sig = TARGET_SIGSEGV;
3299                 /* XXX: check env->error_code */
3300                 n = TARGET_SEGV_MAPERR;
3301                 addr = env->__excp_addr & S390X_FAIL_ADDR_MASK;
3302                 goto do_signal;
3303             case PGM_EXECUTE:
3304             case PGM_SPECIFICATION:
3305             case PGM_SPECIAL_OP:
3306             case PGM_OPERAND:
3307             do_sigill_opn:
3308                 sig = TARGET_SIGILL;
3309                 n = TARGET_ILL_ILLOPN;
3310                 goto do_signal_pc;
3311 
3312             case PGM_FIXPT_OVERFLOW:
3313                 sig = TARGET_SIGFPE;
3314                 n = TARGET_FPE_INTOVF;
3315                 goto do_signal_pc;
3316             case PGM_FIXPT_DIVIDE:
3317                 sig = TARGET_SIGFPE;
3318                 n = TARGET_FPE_INTDIV;
3319                 goto do_signal_pc;
3320 
3321             case PGM_DATA:
3322                 n = (env->fpc >> 8) & 0xff;
3323                 if (n == 0xff) {
3324                     /* compare-and-trap */
3325                     goto do_sigill_opn;
3326                 } else {
3327                     /* An IEEE exception, simulated or otherwise.  */
3328                     if (n & 0x80) {
3329                         n = TARGET_FPE_FLTINV;
3330                     } else if (n & 0x40) {
3331                         n = TARGET_FPE_FLTDIV;
3332                     } else if (n & 0x20) {
3333                         n = TARGET_FPE_FLTOVF;
3334                     } else if (n & 0x10) {
3335                         n = TARGET_FPE_FLTUND;
3336                     } else if (n & 0x08) {
3337                         n = TARGET_FPE_FLTRES;
3338                     } else {
3339                         /* ??? Quantum exception; BFP, DFP error.  */
3340                         goto do_sigill_opn;
3341                     }
3342                     sig = TARGET_SIGFPE;
3343                     goto do_signal_pc;
3344                 }
3345 
3346             default:
3347                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
3348                 cpu_dump_state(cs, stderr, fprintf, 0);
3349                 exit(EXIT_FAILURE);
3350             }
3351             break;
3352 
3353         do_signal_pc:
3354             addr = env->psw.addr;
3355         do_signal:
3356             info.si_signo = sig;
3357             info.si_errno = 0;
3358             info.si_code = n;
3359             info._sifields._sigfault._addr = addr;
3360             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3361             break;
3362 
3363         case EXCP_ATOMIC:
3364             cpu_exec_step_atomic(cs);
3365             break;
3366         default:
3367             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
3368             cpu_dump_state(cs, stderr, fprintf, 0);
3369             exit(EXIT_FAILURE);
3370         }
3371         process_pending_signals (env);
3372     }
3373 }
3374 
3375 #endif /* TARGET_S390X */
3376 
3377 #ifdef TARGET_TILEGX
3378 
3379 static void gen_sigill_reg(CPUTLGState *env)
3380 {
3381     target_siginfo_t info;
3382 
3383     info.si_signo = TARGET_SIGILL;
3384     info.si_errno = 0;
3385     info.si_code = TARGET_ILL_PRVREG;
3386     info._sifields._sigfault._addr = env->pc;
3387     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3388 }
3389 
3390 static void do_signal(CPUTLGState *env, int signo, int sigcode)
3391 {
3392     target_siginfo_t info;
3393 
3394     info.si_signo = signo;
3395     info.si_errno = 0;
3396     info._sifields._sigfault._addr = env->pc;
3397 
3398     if (signo == TARGET_SIGSEGV) {
3399         /* The passed in sigcode is a dummy; check for a page mapping
3400            and pass either MAPERR or ACCERR.  */
3401         target_ulong addr = env->excaddr;
3402         info._sifields._sigfault._addr = addr;
3403         if (page_check_range(addr, 1, PAGE_VALID) < 0) {
3404             sigcode = TARGET_SEGV_MAPERR;
3405         } else {
3406             sigcode = TARGET_SEGV_ACCERR;
3407         }
3408     }
3409     info.si_code = sigcode;
3410 
3411     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3412 }
3413 
3414 static void gen_sigsegv_maperr(CPUTLGState *env, target_ulong addr)
3415 {
3416     env->excaddr = addr;
3417     do_signal(env, TARGET_SIGSEGV, 0);
3418 }
3419 
3420 static void set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
3421 {
3422     if (unlikely(reg >= TILEGX_R_COUNT)) {
3423         switch (reg) {
3424         case TILEGX_R_SN:
3425         case TILEGX_R_ZERO:
3426             return;
3427         case TILEGX_R_IDN0:
3428         case TILEGX_R_IDN1:
3429         case TILEGX_R_UDN0:
3430         case TILEGX_R_UDN1:
3431         case TILEGX_R_UDN2:
3432         case TILEGX_R_UDN3:
3433             gen_sigill_reg(env);
3434             return;
3435         default:
3436             g_assert_not_reached();
3437         }
3438     }
3439     env->regs[reg] = val;
3440 }
3441 
3442 /*
3443  * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
3444  * memory at the address held in the first source register. If the values are
3445  * not equal, then no memory operation is performed. If the values are equal,
3446  * the 8-byte quantity from the second source register is written into memory
3447  * at the address held in the first source register. In either case, the result
3448  * of the instruction is the value read from memory. The compare and write to
3449  * memory are atomic and thus can be used for synchronization purposes. This
3450  * instruction only operates for addresses aligned to a 8-byte boundary.
3451  * Unaligned memory access causes an Unaligned Data Reference interrupt.
3452  *
3453  * Functional Description (64-bit)
3454  *       uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
3455  *       rf[Dest] = memVal;
3456  *       if (memVal == SPR[CmpValueSPR])
3457  *           memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
3458  *
3459  * Functional Description (32-bit)
3460  *       uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
3461  *       rf[Dest] = memVal;
3462  *       if (memVal == signExtend32 (SPR[CmpValueSPR]))
3463  *           memoryWriteWord (rf[SrcA], rf[SrcB]);
3464  *
3465  *
3466  * This function also processes exch and exch4 which need not process SPR.
3467  */
3468 static void do_exch(CPUTLGState *env, bool quad, bool cmp)
3469 {
3470     target_ulong addr;
3471     target_long val, sprval;
3472 
3473     start_exclusive();
3474 
3475     addr = env->atomic_srca;
3476     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3477         goto sigsegv_maperr;
3478     }
3479 
3480     if (cmp) {
3481         if (quad) {
3482             sprval = env->spregs[TILEGX_SPR_CMPEXCH];
3483         } else {
3484             sprval = sextract64(env->spregs[TILEGX_SPR_CMPEXCH], 0, 32);
3485         }
3486     }
3487 
3488     if (!cmp || val == sprval) {
3489         target_long valb = env->atomic_srcb;
3490         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3491             goto sigsegv_maperr;
3492         }
3493     }
3494 
3495     set_regval(env, env->atomic_dstr, val);
3496     end_exclusive();
3497     return;
3498 
3499  sigsegv_maperr:
3500     end_exclusive();
3501     gen_sigsegv_maperr(env, addr);
3502 }
3503 
3504 static void do_fetch(CPUTLGState *env, int trapnr, bool quad)
3505 {
3506     int8_t write = 1;
3507     target_ulong addr;
3508     target_long val, valb;
3509 
3510     start_exclusive();
3511 
3512     addr = env->atomic_srca;
3513     valb = env->atomic_srcb;
3514     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3515         goto sigsegv_maperr;
3516     }
3517 
3518     switch (trapnr) {
3519     case TILEGX_EXCP_OPCODE_FETCHADD:
3520     case TILEGX_EXCP_OPCODE_FETCHADD4:
3521         valb += val;
3522         break;
3523     case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3524         valb += val;
3525         if (valb < 0) {
3526             write = 0;
3527         }
3528         break;
3529     case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3530         valb += val;
3531         if ((int32_t)valb < 0) {
3532             write = 0;
3533         }
3534         break;
3535     case TILEGX_EXCP_OPCODE_FETCHAND:
3536     case TILEGX_EXCP_OPCODE_FETCHAND4:
3537         valb &= val;
3538         break;
3539     case TILEGX_EXCP_OPCODE_FETCHOR:
3540     case TILEGX_EXCP_OPCODE_FETCHOR4:
3541         valb |= val;
3542         break;
3543     default:
3544         g_assert_not_reached();
3545     }
3546 
3547     if (write) {
3548         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3549             goto sigsegv_maperr;
3550         }
3551     }
3552 
3553     set_regval(env, env->atomic_dstr, val);
3554     end_exclusive();
3555     return;
3556 
3557  sigsegv_maperr:
3558     end_exclusive();
3559     gen_sigsegv_maperr(env, addr);
3560 }
3561 
3562 void cpu_loop(CPUTLGState *env)
3563 {
3564     CPUState *cs = CPU(tilegx_env_get_cpu(env));
3565     int trapnr;
3566 
3567     while (1) {
3568         cpu_exec_start(cs);
3569         trapnr = cpu_exec(cs);
3570         cpu_exec_end(cs);
3571         process_queued_cpu_work(cs);
3572 
3573         switch (trapnr) {
3574         case TILEGX_EXCP_SYSCALL:
3575         {
3576             abi_ulong ret = do_syscall(env, env->regs[TILEGX_R_NR],
3577                                        env->regs[0], env->regs[1],
3578                                        env->regs[2], env->regs[3],
3579                                        env->regs[4], env->regs[5],
3580                                        env->regs[6], env->regs[7]);
3581             if (ret == -TARGET_ERESTARTSYS) {
3582                 env->pc -= 8;
3583             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3584                 env->regs[TILEGX_R_RE] = ret;
3585                 env->regs[TILEGX_R_ERR] = TILEGX_IS_ERRNO(ret) ? -ret : 0;
3586             }
3587             break;
3588         }
3589         case TILEGX_EXCP_OPCODE_EXCH:
3590             do_exch(env, true, false);
3591             break;
3592         case TILEGX_EXCP_OPCODE_EXCH4:
3593             do_exch(env, false, false);
3594             break;
3595         case TILEGX_EXCP_OPCODE_CMPEXCH:
3596             do_exch(env, true, true);
3597             break;
3598         case TILEGX_EXCP_OPCODE_CMPEXCH4:
3599             do_exch(env, false, true);
3600             break;
3601         case TILEGX_EXCP_OPCODE_FETCHADD:
3602         case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3603         case TILEGX_EXCP_OPCODE_FETCHAND:
3604         case TILEGX_EXCP_OPCODE_FETCHOR:
3605             do_fetch(env, trapnr, true);
3606             break;
3607         case TILEGX_EXCP_OPCODE_FETCHADD4:
3608         case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3609         case TILEGX_EXCP_OPCODE_FETCHAND4:
3610         case TILEGX_EXCP_OPCODE_FETCHOR4:
3611             do_fetch(env, trapnr, false);
3612             break;
3613         case TILEGX_EXCP_SIGNAL:
3614             do_signal(env, env->signo, env->sigcode);
3615             break;
3616         case TILEGX_EXCP_REG_IDN_ACCESS:
3617         case TILEGX_EXCP_REG_UDN_ACCESS:
3618             gen_sigill_reg(env);
3619             break;
3620         case EXCP_ATOMIC:
3621             cpu_exec_step_atomic(cs);
3622             break;
3623         default:
3624             fprintf(stderr, "trapnr is %d[0x%x].\n", trapnr, trapnr);
3625             g_assert_not_reached();
3626         }
3627         process_pending_signals(env);
3628     }
3629 }
3630 
3631 #endif
3632 
3633 #ifdef TARGET_HPPA
3634 
3635 static abi_ulong hppa_lws(CPUHPPAState *env)
3636 {
3637     uint32_t which = env->gr[20];
3638     abi_ulong addr = env->gr[26];
3639     abi_ulong old = env->gr[25];
3640     abi_ulong new = env->gr[24];
3641     abi_ulong size, ret;
3642 
3643     switch (which) {
3644     default:
3645         return -TARGET_ENOSYS;
3646 
3647     case 0: /* elf32 atomic 32bit cmpxchg */
3648         if ((addr & 3) || !access_ok(VERIFY_WRITE, addr, 4)) {
3649             return -TARGET_EFAULT;
3650         }
3651         old = tswap32(old);
3652         new = tswap32(new);
3653         ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3654         ret = tswap32(ret);
3655         break;
3656 
3657     case 2: /* elf32 atomic "new" cmpxchg */
3658         size = env->gr[23];
3659         if (size >= 4) {
3660             return -TARGET_ENOSYS;
3661         }
3662         if (((addr | old | new) & ((1 << size) - 1))
3663             || !access_ok(VERIFY_WRITE, addr, 1 << size)
3664             || !access_ok(VERIFY_READ, old, 1 << size)
3665             || !access_ok(VERIFY_READ, new, 1 << size)) {
3666             return -TARGET_EFAULT;
3667         }
3668         /* Note that below we use host-endian loads so that the cmpxchg
3669            can be host-endian as well.  */
3670         switch (size) {
3671         case 0:
3672             old = *(uint8_t *)g2h(old);
3673             new = *(uint8_t *)g2h(new);
3674             ret = atomic_cmpxchg((uint8_t *)g2h(addr), old, new);
3675             ret = ret != old;
3676             break;
3677         case 1:
3678             old = *(uint16_t *)g2h(old);
3679             new = *(uint16_t *)g2h(new);
3680             ret = atomic_cmpxchg((uint16_t *)g2h(addr), old, new);
3681             ret = ret != old;
3682             break;
3683         case 2:
3684             old = *(uint32_t *)g2h(old);
3685             new = *(uint32_t *)g2h(new);
3686             ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3687             ret = ret != old;
3688             break;
3689         case 3:
3690             {
3691                 uint64_t o64, n64, r64;
3692                 o64 = *(uint64_t *)g2h(old);
3693                 n64 = *(uint64_t *)g2h(new);
3694 #ifdef CONFIG_ATOMIC64
3695                 r64 = atomic_cmpxchg__nocheck((uint64_t *)g2h(addr), o64, n64);
3696                 ret = r64 != o64;
3697 #else
3698                 start_exclusive();
3699                 r64 = *(uint64_t *)g2h(addr);
3700                 ret = 1;
3701                 if (r64 == o64) {
3702                     *(uint64_t *)g2h(addr) = n64;
3703                     ret = 0;
3704                 }
3705                 end_exclusive();
3706 #endif
3707             }
3708             break;
3709         }
3710         break;
3711     }
3712 
3713     env->gr[28] = ret;
3714     return 0;
3715 }
3716 
3717 void cpu_loop(CPUHPPAState *env)
3718 {
3719     CPUState *cs = CPU(hppa_env_get_cpu(env));
3720     target_siginfo_t info;
3721     abi_ulong ret;
3722     int trapnr;
3723 
3724     while (1) {
3725         cpu_exec_start(cs);
3726         trapnr = cpu_exec(cs);
3727         cpu_exec_end(cs);
3728         process_queued_cpu_work(cs);
3729 
3730         switch (trapnr) {
3731         case EXCP_SYSCALL:
3732             ret = do_syscall(env, env->gr[20],
3733                              env->gr[26], env->gr[25],
3734                              env->gr[24], env->gr[23],
3735                              env->gr[22], env->gr[21], 0, 0);
3736             switch (ret) {
3737             default:
3738                 env->gr[28] = ret;
3739                 /* We arrived here by faking the gateway page.  Return.  */
3740                 env->iaoq_f = env->gr[31];
3741                 env->iaoq_b = env->gr[31] + 4;
3742                 break;
3743             case -TARGET_ERESTARTSYS:
3744             case -TARGET_QEMU_ESIGRETURN:
3745                 break;
3746             }
3747             break;
3748         case EXCP_SYSCALL_LWS:
3749             env->gr[21] = hppa_lws(env);
3750             /* We arrived here by faking the gateway page.  Return.  */
3751             env->iaoq_f = env->gr[31];
3752             env->iaoq_b = env->gr[31] + 4;
3753             break;
3754         case EXCP_SIGSEGV:
3755             info.si_signo = TARGET_SIGSEGV;
3756             info.si_errno = 0;
3757             info.si_code = TARGET_SEGV_ACCERR;
3758             info._sifields._sigfault._addr = env->ior;
3759             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3760             break;
3761         case EXCP_SIGILL:
3762             info.si_signo = TARGET_SIGILL;
3763             info.si_errno = 0;
3764             info.si_code = TARGET_ILL_ILLOPN;
3765             info._sifields._sigfault._addr = env->iaoq_f;
3766             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3767             break;
3768         case EXCP_SIGFPE:
3769             info.si_signo = TARGET_SIGFPE;
3770             info.si_errno = 0;
3771             info.si_code = 0;
3772             info._sifields._sigfault._addr = env->iaoq_f;
3773             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3774             break;
3775         case EXCP_DEBUG:
3776             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
3777             if (trapnr) {
3778                 info.si_signo = trapnr;
3779                 info.si_errno = 0;
3780                 info.si_code = TARGET_TRAP_BRKPT;
3781                 queue_signal(env, trapnr, QEMU_SI_FAULT, &info);
3782             }
3783             break;
3784         case EXCP_INTERRUPT:
3785             /* just indicate that signals should be handled asap */
3786             break;
3787         default:
3788             g_assert_not_reached();
3789         }
3790         process_pending_signals(env);
3791     }
3792 }
3793 
3794 #endif /* TARGET_HPPA */
3795 
3796 THREAD CPUState *thread_cpu;
3797 
3798 bool qemu_cpu_is_self(CPUState *cpu)
3799 {
3800     return thread_cpu == cpu;
3801 }
3802 
3803 void qemu_cpu_kick(CPUState *cpu)
3804 {
3805     cpu_exit(cpu);
3806 }
3807 
3808 void task_settid(TaskState *ts)
3809 {
3810     if (ts->ts_tid == 0) {
3811         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3812     }
3813 }
3814 
3815 void stop_all_tasks(void)
3816 {
3817     /*
3818      * We trust that when using NPTL, start_exclusive()
3819      * handles thread stopping correctly.
3820      */
3821     start_exclusive();
3822 }
3823 
3824 /* Assumes contents are already zeroed.  */
3825 void init_task_state(TaskState *ts)
3826 {
3827     ts->used = 1;
3828 }
3829 
3830 CPUArchState *cpu_copy(CPUArchState *env)
3831 {
3832     CPUState *cpu = ENV_GET_CPU(env);
3833     CPUState *new_cpu = cpu_init(cpu_model);
3834     CPUArchState *new_env = new_cpu->env_ptr;
3835     CPUBreakpoint *bp;
3836     CPUWatchpoint *wp;
3837 
3838     /* Reset non arch specific state */
3839     cpu_reset(new_cpu);
3840 
3841     memcpy(new_env, env, sizeof(CPUArchState));
3842 
3843     /* Clone all break/watchpoints.
3844        Note: Once we support ptrace with hw-debug register access, make sure
3845        BP_CPU break/watchpoints are handled correctly on clone. */
3846     QTAILQ_INIT(&new_cpu->breakpoints);
3847     QTAILQ_INIT(&new_cpu->watchpoints);
3848     QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
3849         cpu_breakpoint_insert(new_cpu, bp->pc, bp->flags, NULL);
3850     }
3851     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
3852         cpu_watchpoint_insert(new_cpu, wp->vaddr, wp->len, wp->flags, NULL);
3853     }
3854 
3855     return new_env;
3856 }
3857 
3858 static void handle_arg_help(const char *arg)
3859 {
3860     usage(EXIT_SUCCESS);
3861 }
3862 
3863 static void handle_arg_log(const char *arg)
3864 {
3865     int mask;
3866 
3867     mask = qemu_str_to_log_mask(arg);
3868     if (!mask) {
3869         qemu_print_log_usage(stdout);
3870         exit(EXIT_FAILURE);
3871     }
3872     qemu_log_needs_buffers();
3873     qemu_set_log(mask);
3874 }
3875 
3876 static void handle_arg_dfilter(const char *arg)
3877 {
3878     qemu_set_dfilter_ranges(arg, NULL);
3879 }
3880 
3881 static void handle_arg_log_filename(const char *arg)
3882 {
3883     qemu_set_log_filename(arg, &error_fatal);
3884 }
3885 
3886 static void handle_arg_set_env(const char *arg)
3887 {
3888     char *r, *p, *token;
3889     r = p = strdup(arg);
3890     while ((token = strsep(&p, ",")) != NULL) {
3891         if (envlist_setenv(envlist, token) != 0) {
3892             usage(EXIT_FAILURE);
3893         }
3894     }
3895     free(r);
3896 }
3897 
3898 static void handle_arg_unset_env(const char *arg)
3899 {
3900     char *r, *p, *token;
3901     r = p = strdup(arg);
3902     while ((token = strsep(&p, ",")) != NULL) {
3903         if (envlist_unsetenv(envlist, token) != 0) {
3904             usage(EXIT_FAILURE);
3905         }
3906     }
3907     free(r);
3908 }
3909 
3910 static void handle_arg_argv0(const char *arg)
3911 {
3912     argv0 = strdup(arg);
3913 }
3914 
3915 static void handle_arg_stack_size(const char *arg)
3916 {
3917     char *p;
3918     guest_stack_size = strtoul(arg, &p, 0);
3919     if (guest_stack_size == 0) {
3920         usage(EXIT_FAILURE);
3921     }
3922 
3923     if (*p == 'M') {
3924         guest_stack_size *= 1024 * 1024;
3925     } else if (*p == 'k' || *p == 'K') {
3926         guest_stack_size *= 1024;
3927     }
3928 }
3929 
3930 static void handle_arg_ld_prefix(const char *arg)
3931 {
3932     interp_prefix = strdup(arg);
3933 }
3934 
3935 static void handle_arg_pagesize(const char *arg)
3936 {
3937     qemu_host_page_size = atoi(arg);
3938     if (qemu_host_page_size == 0 ||
3939         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
3940         fprintf(stderr, "page size must be a power of two\n");
3941         exit(EXIT_FAILURE);
3942     }
3943 }
3944 
3945 static void handle_arg_randseed(const char *arg)
3946 {
3947     unsigned long long seed;
3948 
3949     if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
3950         fprintf(stderr, "Invalid seed number: %s\n", arg);
3951         exit(EXIT_FAILURE);
3952     }
3953     srand(seed);
3954 }
3955 
3956 static void handle_arg_gdb(const char *arg)
3957 {
3958     gdbstub_port = atoi(arg);
3959 }
3960 
3961 static void handle_arg_uname(const char *arg)
3962 {
3963     qemu_uname_release = strdup(arg);
3964 }
3965 
3966 static void handle_arg_cpu(const char *arg)
3967 {
3968     cpu_model = strdup(arg);
3969     if (cpu_model == NULL || is_help_option(cpu_model)) {
3970         /* XXX: implement xxx_cpu_list for targets that still miss it */
3971 #if defined(cpu_list)
3972         cpu_list(stdout, &fprintf);
3973 #endif
3974         exit(EXIT_FAILURE);
3975     }
3976 }
3977 
3978 static void handle_arg_guest_base(const char *arg)
3979 {
3980     guest_base = strtol(arg, NULL, 0);
3981     have_guest_base = 1;
3982 }
3983 
3984 static void handle_arg_reserved_va(const char *arg)
3985 {
3986     char *p;
3987     int shift = 0;
3988     reserved_va = strtoul(arg, &p, 0);
3989     switch (*p) {
3990     case 'k':
3991     case 'K':
3992         shift = 10;
3993         break;
3994     case 'M':
3995         shift = 20;
3996         break;
3997     case 'G':
3998         shift = 30;
3999         break;
4000     }
4001     if (shift) {
4002         unsigned long unshifted = reserved_va;
4003         p++;
4004         reserved_va <<= shift;
4005         if (reserved_va >> shift != unshifted
4006             || (MAX_RESERVED_VA && reserved_va > MAX_RESERVED_VA)) {
4007             fprintf(stderr, "Reserved virtual address too big\n");
4008             exit(EXIT_FAILURE);
4009         }
4010     }
4011     if (*p) {
4012         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
4013         exit(EXIT_FAILURE);
4014     }
4015 }
4016 
4017 static void handle_arg_singlestep(const char *arg)
4018 {
4019     singlestep = 1;
4020 }
4021 
4022 static void handle_arg_strace(const char *arg)
4023 {
4024     do_strace = 1;
4025 }
4026 
4027 static void handle_arg_version(const char *arg)
4028 {
4029     printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
4030            "\n" QEMU_COPYRIGHT "\n");
4031     exit(EXIT_SUCCESS);
4032 }
4033 
4034 static char *trace_file;
4035 static void handle_arg_trace(const char *arg)
4036 {
4037     g_free(trace_file);
4038     trace_file = trace_opt_parse(arg);
4039 }
4040 
4041 struct qemu_argument {
4042     const char *argv;
4043     const char *env;
4044     bool has_arg;
4045     void (*handle_opt)(const char *arg);
4046     const char *example;
4047     const char *help;
4048 };
4049 
4050 static const struct qemu_argument arg_table[] = {
4051     {"h",          "",                 false, handle_arg_help,
4052      "",           "print this help"},
4053     {"help",       "",                 false, handle_arg_help,
4054      "",           ""},
4055     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
4056      "port",       "wait gdb connection to 'port'"},
4057     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
4058      "path",       "set the elf interpreter prefix to 'path'"},
4059     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
4060      "size",       "set the stack size to 'size' bytes"},
4061     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
4062      "model",      "select CPU (-cpu help for list)"},
4063     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
4064      "var=value",  "sets targets environment variable (see below)"},
4065     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
4066      "var",        "unsets targets environment variable (see below)"},
4067     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
4068      "argv0",      "forces target process argv[0] to be 'argv0'"},
4069     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
4070      "uname",      "set qemu uname release string to 'uname'"},
4071     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
4072      "address",    "set guest_base address to 'address'"},
4073     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
4074      "size",       "reserve 'size' bytes for guest virtual address space"},
4075     {"d",          "QEMU_LOG",         true,  handle_arg_log,
4076      "item[,...]", "enable logging of specified items "
4077      "(use '-d help' for a list of items)"},
4078     {"dfilter",    "QEMU_DFILTER",     true,  handle_arg_dfilter,
4079      "range[,...]","filter logging based on address range"},
4080     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
4081      "logfile",     "write logs to 'logfile' (default stderr)"},
4082     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
4083      "pagesize",   "set the host page size to 'pagesize'"},
4084     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
4085      "",           "run in singlestep mode"},
4086     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
4087      "",           "log system calls"},
4088     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
4089      "",           "Seed for pseudo-random number generator"},
4090     {"trace",      "QEMU_TRACE",       true,  handle_arg_trace,
4091      "",           "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
4092     {"version",    "QEMU_VERSION",     false, handle_arg_version,
4093      "",           "display version information and exit"},
4094     {NULL, NULL, false, NULL, NULL, NULL}
4095 };
4096 
4097 static void usage(int exitcode)
4098 {
4099     const struct qemu_argument *arginfo;
4100     int maxarglen;
4101     int maxenvlen;
4102 
4103     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
4104            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
4105            "\n"
4106            "Options and associated environment variables:\n"
4107            "\n");
4108 
4109     /* Calculate column widths. We must always have at least enough space
4110      * for the column header.
4111      */
4112     maxarglen = strlen("Argument");
4113     maxenvlen = strlen("Env-variable");
4114 
4115     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4116         int arglen = strlen(arginfo->argv);
4117         if (arginfo->has_arg) {
4118             arglen += strlen(arginfo->example) + 1;
4119         }
4120         if (strlen(arginfo->env) > maxenvlen) {
4121             maxenvlen = strlen(arginfo->env);
4122         }
4123         if (arglen > maxarglen) {
4124             maxarglen = arglen;
4125         }
4126     }
4127 
4128     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
4129             maxenvlen, "Env-variable");
4130 
4131     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4132         if (arginfo->has_arg) {
4133             printf("-%s %-*s %-*s %s\n", arginfo->argv,
4134                    (int)(maxarglen - strlen(arginfo->argv) - 1),
4135                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
4136         } else {
4137             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
4138                     maxenvlen, arginfo->env,
4139                     arginfo->help);
4140         }
4141     }
4142 
4143     printf("\n"
4144            "Defaults:\n"
4145            "QEMU_LD_PREFIX  = %s\n"
4146            "QEMU_STACK_SIZE = %ld byte\n",
4147            interp_prefix,
4148            guest_stack_size);
4149 
4150     printf("\n"
4151            "You can use -E and -U options or the QEMU_SET_ENV and\n"
4152            "QEMU_UNSET_ENV environment variables to set and unset\n"
4153            "environment variables for the target process.\n"
4154            "It is possible to provide several variables by separating them\n"
4155            "by commas in getsubopt(3) style. Additionally it is possible to\n"
4156            "provide the -E and -U options multiple times.\n"
4157            "The following lines are equivalent:\n"
4158            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
4159            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
4160            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
4161            "Note that if you provide several changes to a single variable\n"
4162            "the last change will stay in effect.\n"
4163            "\n"
4164            QEMU_HELP_BOTTOM "\n");
4165 
4166     exit(exitcode);
4167 }
4168 
4169 static int parse_args(int argc, char **argv)
4170 {
4171     const char *r;
4172     int optind;
4173     const struct qemu_argument *arginfo;
4174 
4175     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4176         if (arginfo->env == NULL) {
4177             continue;
4178         }
4179 
4180         r = getenv(arginfo->env);
4181         if (r != NULL) {
4182             arginfo->handle_opt(r);
4183         }
4184     }
4185 
4186     optind = 1;
4187     for (;;) {
4188         if (optind >= argc) {
4189             break;
4190         }
4191         r = argv[optind];
4192         if (r[0] != '-') {
4193             break;
4194         }
4195         optind++;
4196         r++;
4197         if (!strcmp(r, "-")) {
4198             break;
4199         }
4200         /* Treat --foo the same as -foo.  */
4201         if (r[0] == '-') {
4202             r++;
4203         }
4204 
4205         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4206             if (!strcmp(r, arginfo->argv)) {
4207                 if (arginfo->has_arg) {
4208                     if (optind >= argc) {
4209                         (void) fprintf(stderr,
4210                             "qemu: missing argument for option '%s'\n", r);
4211                         exit(EXIT_FAILURE);
4212                     }
4213                     arginfo->handle_opt(argv[optind]);
4214                     optind++;
4215                 } else {
4216                     arginfo->handle_opt(NULL);
4217                 }
4218                 break;
4219             }
4220         }
4221 
4222         /* no option matched the current argv */
4223         if (arginfo->handle_opt == NULL) {
4224             (void) fprintf(stderr, "qemu: unknown option '%s'\n", r);
4225             exit(EXIT_FAILURE);
4226         }
4227     }
4228 
4229     if (optind >= argc) {
4230         (void) fprintf(stderr, "qemu: no user program specified\n");
4231         exit(EXIT_FAILURE);
4232     }
4233 
4234     filename = argv[optind];
4235     exec_path = argv[optind];
4236 
4237     return optind;
4238 }
4239 
4240 int main(int argc, char **argv, char **envp)
4241 {
4242     struct target_pt_regs regs1, *regs = &regs1;
4243     struct image_info info1, *info = &info1;
4244     struct linux_binprm bprm;
4245     TaskState *ts;
4246     CPUArchState *env;
4247     CPUState *cpu;
4248     int optind;
4249     char **target_environ, **wrk;
4250     char **target_argv;
4251     int target_argc;
4252     int i;
4253     int ret;
4254     int execfd;
4255 
4256     module_call_init(MODULE_INIT_TRACE);
4257     qemu_init_cpu_list();
4258     module_call_init(MODULE_INIT_QOM);
4259 
4260     envlist = envlist_create();
4261 
4262     /* add current environment into the list */
4263     for (wrk = environ; *wrk != NULL; wrk++) {
4264         (void) envlist_setenv(envlist, *wrk);
4265     }
4266 
4267     /* Read the stack limit from the kernel.  If it's "unlimited",
4268        then we can do little else besides use the default.  */
4269     {
4270         struct rlimit lim;
4271         if (getrlimit(RLIMIT_STACK, &lim) == 0
4272             && lim.rlim_cur != RLIM_INFINITY
4273             && lim.rlim_cur == (target_long)lim.rlim_cur) {
4274             guest_stack_size = lim.rlim_cur;
4275         }
4276     }
4277 
4278     cpu_model = NULL;
4279 
4280     srand(time(NULL));
4281 
4282     qemu_add_opts(&qemu_trace_opts);
4283 
4284     optind = parse_args(argc, argv);
4285 
4286     if (!trace_init_backends()) {
4287         exit(1);
4288     }
4289     trace_init_file(trace_file);
4290 
4291     /* Zero out regs */
4292     memset(regs, 0, sizeof(struct target_pt_regs));
4293 
4294     /* Zero out image_info */
4295     memset(info, 0, sizeof(struct image_info));
4296 
4297     memset(&bprm, 0, sizeof (bprm));
4298 
4299     /* Scan interp_prefix dir for replacement files. */
4300     init_paths(interp_prefix);
4301 
4302     init_qemu_uname_release();
4303 
4304     if (cpu_model == NULL) {
4305 #if defined(TARGET_I386)
4306 #ifdef TARGET_X86_64
4307         cpu_model = "qemu64";
4308 #else
4309         cpu_model = "qemu32";
4310 #endif
4311 #elif defined(TARGET_ARM)
4312         cpu_model = "any";
4313 #elif defined(TARGET_UNICORE32)
4314         cpu_model = "any";
4315 #elif defined(TARGET_M68K)
4316         cpu_model = "any";
4317 #elif defined(TARGET_SPARC)
4318 #ifdef TARGET_SPARC64
4319         cpu_model = "TI UltraSparc II";
4320 #else
4321         cpu_model = "Fujitsu MB86904";
4322 #endif
4323 #elif defined(TARGET_MIPS)
4324 #if defined(TARGET_ABI_MIPSN32) || defined(TARGET_ABI_MIPSN64)
4325         cpu_model = "5KEf";
4326 #else
4327         cpu_model = "24Kf";
4328 #endif
4329 #elif defined TARGET_OPENRISC
4330         cpu_model = "or1200";
4331 #elif defined(TARGET_PPC)
4332 # ifdef TARGET_PPC64
4333         cpu_model = "POWER8";
4334 # else
4335         cpu_model = "750";
4336 # endif
4337 #elif defined TARGET_SH4
4338         cpu_model = "sh7785";
4339 #elif defined TARGET_S390X
4340         cpu_model = "qemu";
4341 #else
4342         cpu_model = "any";
4343 #endif
4344     }
4345     tcg_exec_init(0);
4346     /* NOTE: we need to init the CPU at this stage to get
4347        qemu_host_page_size */
4348     cpu = cpu_init(cpu_model);
4349     env = cpu->env_ptr;
4350     cpu_reset(cpu);
4351 
4352     thread_cpu = cpu;
4353 
4354     if (getenv("QEMU_STRACE")) {
4355         do_strace = 1;
4356     }
4357 
4358     if (getenv("QEMU_RAND_SEED")) {
4359         handle_arg_randseed(getenv("QEMU_RAND_SEED"));
4360     }
4361 
4362     target_environ = envlist_to_environ(envlist, NULL);
4363     envlist_free(envlist);
4364 
4365     /*
4366      * Now that page sizes are configured in cpu_init() we can do
4367      * proper page alignment for guest_base.
4368      */
4369     guest_base = HOST_PAGE_ALIGN(guest_base);
4370 
4371     if (reserved_va || have_guest_base) {
4372         guest_base = init_guest_space(guest_base, reserved_va, 0,
4373                                       have_guest_base);
4374         if (guest_base == (unsigned long)-1) {
4375             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
4376                     "space for use as guest address space (check your virtual "
4377                     "memory ulimit setting or reserve less using -R option)\n",
4378                     reserved_va);
4379             exit(EXIT_FAILURE);
4380         }
4381 
4382         if (reserved_va) {
4383             mmap_next_start = reserved_va;
4384         }
4385     }
4386 
4387     /*
4388      * Read in mmap_min_addr kernel parameter.  This value is used
4389      * When loading the ELF image to determine whether guest_base
4390      * is needed.  It is also used in mmap_find_vma.
4391      */
4392     {
4393         FILE *fp;
4394 
4395         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
4396             unsigned long tmp;
4397             if (fscanf(fp, "%lu", &tmp) == 1) {
4398                 mmap_min_addr = tmp;
4399                 qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", mmap_min_addr);
4400             }
4401             fclose(fp);
4402         }
4403     }
4404 
4405     /*
4406      * Prepare copy of argv vector for target.
4407      */
4408     target_argc = argc - optind;
4409     target_argv = calloc(target_argc + 1, sizeof (char *));
4410     if (target_argv == NULL) {
4411 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
4412 	exit(EXIT_FAILURE);
4413     }
4414 
4415     /*
4416      * If argv0 is specified (using '-0' switch) we replace
4417      * argv[0] pointer with the given one.
4418      */
4419     i = 0;
4420     if (argv0 != NULL) {
4421         target_argv[i++] = strdup(argv0);
4422     }
4423     for (; i < target_argc; i++) {
4424         target_argv[i] = strdup(argv[optind + i]);
4425     }
4426     target_argv[target_argc] = NULL;
4427 
4428     ts = g_new0(TaskState, 1);
4429     init_task_state(ts);
4430     /* build Task State */
4431     ts->info = info;
4432     ts->bprm = &bprm;
4433     cpu->opaque = ts;
4434     task_settid(ts);
4435 
4436     execfd = qemu_getauxval(AT_EXECFD);
4437     if (execfd == 0) {
4438         execfd = open(filename, O_RDONLY);
4439         if (execfd < 0) {
4440             printf("Error while loading %s: %s\n", filename, strerror(errno));
4441             _exit(EXIT_FAILURE);
4442         }
4443     }
4444 
4445     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
4446         info, &bprm);
4447     if (ret != 0) {
4448         printf("Error while loading %s: %s\n", filename, strerror(-ret));
4449         _exit(EXIT_FAILURE);
4450     }
4451 
4452     for (wrk = target_environ; *wrk; wrk++) {
4453         g_free(*wrk);
4454     }
4455 
4456     g_free(target_environ);
4457 
4458     if (qemu_loglevel_mask(CPU_LOG_PAGE)) {
4459         qemu_log("guest_base  0x%lx\n", guest_base);
4460         log_page_dump();
4461 
4462         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
4463         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
4464         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n", info->start_code);
4465         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n", info->start_data);
4466         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
4467         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n", info->start_stack);
4468         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
4469         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
4470         qemu_log("argv_start  0x" TARGET_ABI_FMT_lx "\n", info->arg_start);
4471         qemu_log("env_start   0x" TARGET_ABI_FMT_lx "\n",
4472                  info->arg_end + (abi_ulong)sizeof(abi_ulong));
4473         qemu_log("auxv_start  0x" TARGET_ABI_FMT_lx "\n", info->saved_auxv);
4474     }
4475 
4476     target_set_brk(info->brk);
4477     syscall_init();
4478     signal_init();
4479 
4480     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
4481        generating the prologue until now so that the prologue can take
4482        the real value of GUEST_BASE into account.  */
4483     tcg_prologue_init(tcg_ctx);
4484     tcg_region_init();
4485 
4486 #if defined(TARGET_I386)
4487     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
4488     env->hflags |= HF_PE_MASK | HF_CPL_MASK;
4489     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
4490         env->cr[4] |= CR4_OSFXSR_MASK;
4491         env->hflags |= HF_OSFXSR_MASK;
4492     }
4493 #ifndef TARGET_ABI32
4494     /* enable 64 bit mode if possible */
4495     if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
4496         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
4497         exit(EXIT_FAILURE);
4498     }
4499     env->cr[4] |= CR4_PAE_MASK;
4500     env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
4501     env->hflags |= HF_LMA_MASK;
4502 #endif
4503 
4504     /* flags setup : we activate the IRQs by default as in user mode */
4505     env->eflags |= IF_MASK;
4506 
4507     /* linux register setup */
4508 #ifndef TARGET_ABI32
4509     env->regs[R_EAX] = regs->rax;
4510     env->regs[R_EBX] = regs->rbx;
4511     env->regs[R_ECX] = regs->rcx;
4512     env->regs[R_EDX] = regs->rdx;
4513     env->regs[R_ESI] = regs->rsi;
4514     env->regs[R_EDI] = regs->rdi;
4515     env->regs[R_EBP] = regs->rbp;
4516     env->regs[R_ESP] = regs->rsp;
4517     env->eip = regs->rip;
4518 #else
4519     env->regs[R_EAX] = regs->eax;
4520     env->regs[R_EBX] = regs->ebx;
4521     env->regs[R_ECX] = regs->ecx;
4522     env->regs[R_EDX] = regs->edx;
4523     env->regs[R_ESI] = regs->esi;
4524     env->regs[R_EDI] = regs->edi;
4525     env->regs[R_EBP] = regs->ebp;
4526     env->regs[R_ESP] = regs->esp;
4527     env->eip = regs->eip;
4528 #endif
4529 
4530     /* linux interrupt setup */
4531 #ifndef TARGET_ABI32
4532     env->idt.limit = 511;
4533 #else
4534     env->idt.limit = 255;
4535 #endif
4536     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
4537                                 PROT_READ|PROT_WRITE,
4538                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4539     idt_table = g2h(env->idt.base);
4540     set_idt(0, 0);
4541     set_idt(1, 0);
4542     set_idt(2, 0);
4543     set_idt(3, 3);
4544     set_idt(4, 3);
4545     set_idt(5, 0);
4546     set_idt(6, 0);
4547     set_idt(7, 0);
4548     set_idt(8, 0);
4549     set_idt(9, 0);
4550     set_idt(10, 0);
4551     set_idt(11, 0);
4552     set_idt(12, 0);
4553     set_idt(13, 0);
4554     set_idt(14, 0);
4555     set_idt(15, 0);
4556     set_idt(16, 0);
4557     set_idt(17, 0);
4558     set_idt(18, 0);
4559     set_idt(19, 0);
4560     set_idt(0x80, 3);
4561 
4562     /* linux segment setup */
4563     {
4564         uint64_t *gdt_table;
4565         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
4566                                     PROT_READ|PROT_WRITE,
4567                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4568         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
4569         gdt_table = g2h(env->gdt.base);
4570 #ifdef TARGET_ABI32
4571         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4572                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4573                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4574 #else
4575         /* 64 bit code segment */
4576         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4577                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4578                  DESC_L_MASK |
4579                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4580 #endif
4581         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
4582                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4583                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
4584     }
4585     cpu_x86_load_seg(env, R_CS, __USER_CS);
4586     cpu_x86_load_seg(env, R_SS, __USER_DS);
4587 #ifdef TARGET_ABI32
4588     cpu_x86_load_seg(env, R_DS, __USER_DS);
4589     cpu_x86_load_seg(env, R_ES, __USER_DS);
4590     cpu_x86_load_seg(env, R_FS, __USER_DS);
4591     cpu_x86_load_seg(env, R_GS, __USER_DS);
4592     /* This hack makes Wine work... */
4593     env->segs[R_FS].selector = 0;
4594 #else
4595     cpu_x86_load_seg(env, R_DS, 0);
4596     cpu_x86_load_seg(env, R_ES, 0);
4597     cpu_x86_load_seg(env, R_FS, 0);
4598     cpu_x86_load_seg(env, R_GS, 0);
4599 #endif
4600 #elif defined(TARGET_AARCH64)
4601     {
4602         int i;
4603 
4604         if (!(arm_feature(env, ARM_FEATURE_AARCH64))) {
4605             fprintf(stderr,
4606                     "The selected ARM CPU does not support 64 bit mode\n");
4607             exit(EXIT_FAILURE);
4608         }
4609 
4610         for (i = 0; i < 31; i++) {
4611             env->xregs[i] = regs->regs[i];
4612         }
4613         env->pc = regs->pc;
4614         env->xregs[31] = regs->sp;
4615     }
4616 #elif defined(TARGET_ARM)
4617     {
4618         int i;
4619         cpsr_write(env, regs->uregs[16], CPSR_USER | CPSR_EXEC,
4620                    CPSRWriteByInstr);
4621         for(i = 0; i < 16; i++) {
4622             env->regs[i] = regs->uregs[i];
4623         }
4624 #ifdef TARGET_WORDS_BIGENDIAN
4625         /* Enable BE8.  */
4626         if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4
4627             && (info->elf_flags & EF_ARM_BE8)) {
4628             env->uncached_cpsr |= CPSR_E;
4629             env->cp15.sctlr_el[1] |= SCTLR_E0E;
4630         } else {
4631             env->cp15.sctlr_el[1] |= SCTLR_B;
4632         }
4633 #endif
4634     }
4635 #elif defined(TARGET_UNICORE32)
4636     {
4637         int i;
4638         cpu_asr_write(env, regs->uregs[32], 0xffffffff);
4639         for (i = 0; i < 32; i++) {
4640             env->regs[i] = regs->uregs[i];
4641         }
4642     }
4643 #elif defined(TARGET_SPARC)
4644     {
4645         int i;
4646 	env->pc = regs->pc;
4647 	env->npc = regs->npc;
4648         env->y = regs->y;
4649         for(i = 0; i < 8; i++)
4650             env->gregs[i] = regs->u_regs[i];
4651         for(i = 0; i < 8; i++)
4652             env->regwptr[i] = regs->u_regs[i + 8];
4653     }
4654 #elif defined(TARGET_PPC)
4655     {
4656         int i;
4657 
4658 #if defined(TARGET_PPC64)
4659         int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
4660 #if defined(TARGET_ABI32)
4661         env->msr &= ~((target_ulong)1 << flag);
4662 #else
4663         env->msr |= (target_ulong)1 << flag;
4664 #endif
4665 #endif
4666         env->nip = regs->nip;
4667         for(i = 0; i < 32; i++) {
4668             env->gpr[i] = regs->gpr[i];
4669         }
4670     }
4671 #elif defined(TARGET_M68K)
4672     {
4673         env->pc = regs->pc;
4674         env->dregs[0] = regs->d0;
4675         env->dregs[1] = regs->d1;
4676         env->dregs[2] = regs->d2;
4677         env->dregs[3] = regs->d3;
4678         env->dregs[4] = regs->d4;
4679         env->dregs[5] = regs->d5;
4680         env->dregs[6] = regs->d6;
4681         env->dregs[7] = regs->d7;
4682         env->aregs[0] = regs->a0;
4683         env->aregs[1] = regs->a1;
4684         env->aregs[2] = regs->a2;
4685         env->aregs[3] = regs->a3;
4686         env->aregs[4] = regs->a4;
4687         env->aregs[5] = regs->a5;
4688         env->aregs[6] = regs->a6;
4689         env->aregs[7] = regs->usp;
4690         env->sr = regs->sr;
4691         ts->sim_syscalls = 1;
4692     }
4693 #elif defined(TARGET_MICROBLAZE)
4694     {
4695         env->regs[0] = regs->r0;
4696         env->regs[1] = regs->r1;
4697         env->regs[2] = regs->r2;
4698         env->regs[3] = regs->r3;
4699         env->regs[4] = regs->r4;
4700         env->regs[5] = regs->r5;
4701         env->regs[6] = regs->r6;
4702         env->regs[7] = regs->r7;
4703         env->regs[8] = regs->r8;
4704         env->regs[9] = regs->r9;
4705         env->regs[10] = regs->r10;
4706         env->regs[11] = regs->r11;
4707         env->regs[12] = regs->r12;
4708         env->regs[13] = regs->r13;
4709         env->regs[14] = regs->r14;
4710         env->regs[15] = regs->r15;
4711         env->regs[16] = regs->r16;
4712         env->regs[17] = regs->r17;
4713         env->regs[18] = regs->r18;
4714         env->regs[19] = regs->r19;
4715         env->regs[20] = regs->r20;
4716         env->regs[21] = regs->r21;
4717         env->regs[22] = regs->r22;
4718         env->regs[23] = regs->r23;
4719         env->regs[24] = regs->r24;
4720         env->regs[25] = regs->r25;
4721         env->regs[26] = regs->r26;
4722         env->regs[27] = regs->r27;
4723         env->regs[28] = regs->r28;
4724         env->regs[29] = regs->r29;
4725         env->regs[30] = regs->r30;
4726         env->regs[31] = regs->r31;
4727         env->sregs[SR_PC] = regs->pc;
4728     }
4729 #elif defined(TARGET_MIPS)
4730     {
4731         int i;
4732 
4733         for(i = 0; i < 32; i++) {
4734             env->active_tc.gpr[i] = regs->regs[i];
4735         }
4736         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
4737         if (regs->cp0_epc & 1) {
4738             env->hflags |= MIPS_HFLAG_M16;
4739         }
4740         if (((info->elf_flags & EF_MIPS_NAN2008) != 0) !=
4741             ((env->active_fpu.fcr31 & (1 << FCR31_NAN2008)) != 0)) {
4742             if ((env->active_fpu.fcr31_rw_bitmask &
4743                   (1 << FCR31_NAN2008)) == 0) {
4744                 fprintf(stderr, "ELF binary's NaN mode not supported by CPU\n");
4745                 exit(1);
4746             }
4747             if ((info->elf_flags & EF_MIPS_NAN2008) != 0) {
4748                 env->active_fpu.fcr31 |= (1 << FCR31_NAN2008);
4749             } else {
4750                 env->active_fpu.fcr31 &= ~(1 << FCR31_NAN2008);
4751             }
4752             restore_snan_bit_mode(env);
4753         }
4754     }
4755 #elif defined(TARGET_NIOS2)
4756     {
4757         env->regs[0] = 0;
4758         env->regs[1] = regs->r1;
4759         env->regs[2] = regs->r2;
4760         env->regs[3] = regs->r3;
4761         env->regs[4] = regs->r4;
4762         env->regs[5] = regs->r5;
4763         env->regs[6] = regs->r6;
4764         env->regs[7] = regs->r7;
4765         env->regs[8] = regs->r8;
4766         env->regs[9] = regs->r9;
4767         env->regs[10] = regs->r10;
4768         env->regs[11] = regs->r11;
4769         env->regs[12] = regs->r12;
4770         env->regs[13] = regs->r13;
4771         env->regs[14] = regs->r14;
4772         env->regs[15] = regs->r15;
4773         /* TODO: unsigned long  orig_r2; */
4774         env->regs[R_RA] = regs->ra;
4775         env->regs[R_FP] = regs->fp;
4776         env->regs[R_SP] = regs->sp;
4777         env->regs[R_GP] = regs->gp;
4778         env->regs[CR_ESTATUS] = regs->estatus;
4779         env->regs[R_EA] = regs->ea;
4780         /* TODO: unsigned long  orig_r7; */
4781 
4782         /* Emulate eret when starting thread. */
4783         env->regs[R_PC] = regs->ea;
4784     }
4785 #elif defined(TARGET_OPENRISC)
4786     {
4787         int i;
4788 
4789         for (i = 0; i < 32; i++) {
4790             cpu_set_gpr(env, i, regs->gpr[i]);
4791         }
4792         env->pc = regs->pc;
4793         cpu_set_sr(env, regs->sr);
4794     }
4795 #elif defined(TARGET_SH4)
4796     {
4797         int i;
4798 
4799         for(i = 0; i < 16; i++) {
4800             env->gregs[i] = regs->regs[i];
4801         }
4802         env->pc = regs->pc;
4803     }
4804 #elif defined(TARGET_ALPHA)
4805     {
4806         int i;
4807 
4808         for(i = 0; i < 28; i++) {
4809             env->ir[i] = ((abi_ulong *)regs)[i];
4810         }
4811         env->ir[IR_SP] = regs->usp;
4812         env->pc = regs->pc;
4813     }
4814 #elif defined(TARGET_CRIS)
4815     {
4816 	    env->regs[0] = regs->r0;
4817 	    env->regs[1] = regs->r1;
4818 	    env->regs[2] = regs->r2;
4819 	    env->regs[3] = regs->r3;
4820 	    env->regs[4] = regs->r4;
4821 	    env->regs[5] = regs->r5;
4822 	    env->regs[6] = regs->r6;
4823 	    env->regs[7] = regs->r7;
4824 	    env->regs[8] = regs->r8;
4825 	    env->regs[9] = regs->r9;
4826 	    env->regs[10] = regs->r10;
4827 	    env->regs[11] = regs->r11;
4828 	    env->regs[12] = regs->r12;
4829 	    env->regs[13] = regs->r13;
4830 	    env->regs[14] = info->start_stack;
4831 	    env->regs[15] = regs->acr;
4832 	    env->pc = regs->erp;
4833     }
4834 #elif defined(TARGET_S390X)
4835     {
4836             int i;
4837             for (i = 0; i < 16; i++) {
4838                 env->regs[i] = regs->gprs[i];
4839             }
4840             env->psw.mask = regs->psw.mask;
4841             env->psw.addr = regs->psw.addr;
4842     }
4843 #elif defined(TARGET_TILEGX)
4844     {
4845         int i;
4846         for (i = 0; i < TILEGX_R_COUNT; i++) {
4847             env->regs[i] = regs->regs[i];
4848         }
4849         for (i = 0; i < TILEGX_SPR_COUNT; i++) {
4850             env->spregs[i] = 0;
4851         }
4852         env->pc = regs->pc;
4853     }
4854 #elif defined(TARGET_HPPA)
4855     {
4856         int i;
4857         for (i = 1; i < 32; i++) {
4858             env->gr[i] = regs->gr[i];
4859         }
4860         env->iaoq_f = regs->iaoq[0];
4861         env->iaoq_b = regs->iaoq[1];
4862     }
4863 #else
4864 #error unsupported target CPU
4865 #endif
4866 
4867 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
4868     ts->stack_base = info->start_stack;
4869     ts->heap_base = info->brk;
4870     /* This will be filled in on the first SYS_HEAPINFO call.  */
4871     ts->heap_limit = 0;
4872 #endif
4873 
4874     if (gdbstub_port) {
4875         if (gdbserver_start(gdbstub_port) < 0) {
4876             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
4877                     gdbstub_port);
4878             exit(EXIT_FAILURE);
4879         }
4880         gdb_handlesig(cpu, 0);
4881     }
4882     cpu_loop(env);
4883     /* never exits */
4884     return 0;
4885 }
4886