xref: /openbmc/qemu/linux-user/main.c (revision 9f2d175d)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "qemu-version.h"
21 #include <sys/syscall.h>
22 #include <sys/resource.h>
23 
24 #include "qapi/error.h"
25 #include "qemu.h"
26 #include "qemu/path.h"
27 #include "qemu/config-file.h"
28 #include "qemu/cutils.h"
29 #include "qemu/help_option.h"
30 #include "cpu.h"
31 #include "exec/exec-all.h"
32 #include "tcg.h"
33 #include "qemu/timer.h"
34 #include "qemu/envlist.h"
35 #include "elf.h"
36 #include "exec/log.h"
37 #include "trace/control.h"
38 #include "target_elf.h"
39 
40 char *exec_path;
41 
42 int singlestep;
43 static const char *filename;
44 static const char *argv0;
45 static int gdbstub_port;
46 static envlist_t *envlist;
47 static const char *cpu_model;
48 unsigned long mmap_min_addr;
49 unsigned long guest_base;
50 int have_guest_base;
51 
52 #define EXCP_DUMP(env, fmt, ...)                                        \
53 do {                                                                    \
54     CPUState *cs = ENV_GET_CPU(env);                                    \
55     fprintf(stderr, fmt , ## __VA_ARGS__);                              \
56     cpu_dump_state(cs, stderr, fprintf, 0);                             \
57     if (qemu_log_separate()) {                                          \
58         qemu_log(fmt, ## __VA_ARGS__);                                  \
59         log_cpu_state(cs, 0);                                           \
60     }                                                                   \
61 } while (0)
62 
63 /*
64  * When running 32-on-64 we should make sure we can fit all of the possible
65  * guest address space into a contiguous chunk of virtual host memory.
66  *
67  * This way we will never overlap with our own libraries or binaries or stack
68  * or anything else that QEMU maps.
69  *
70  * Many cpus reserve the high bit (or more than one for some 64-bit cpus)
71  * of the address for the kernel.  Some cpus rely on this and user space
72  * uses the high bit(s) for pointer tagging and the like.  For them, we
73  * must preserve the expected address space.
74  */
75 #ifndef MAX_RESERVED_VA
76 # if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
77 #  if TARGET_VIRT_ADDR_SPACE_BITS == 32 && \
78       (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
79 /* There are a number of places where we assign reserved_va to a variable
80    of type abi_ulong and expect it to fit.  Avoid the last page.  */
81 #   define MAX_RESERVED_VA  (0xfffffffful & TARGET_PAGE_MASK)
82 #  else
83 #   define MAX_RESERVED_VA  (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
84 #  endif
85 # else
86 #  define MAX_RESERVED_VA  0
87 # endif
88 #endif
89 
90 /* That said, reserving *too* much vm space via mmap can run into problems
91    with rlimits, oom due to page table creation, etc.  We will still try it,
92    if directed by the command-line option, but not by default.  */
93 #if HOST_LONG_BITS == 64 && TARGET_VIRT_ADDR_SPACE_BITS <= 32
94 unsigned long reserved_va = MAX_RESERVED_VA;
95 #else
96 unsigned long reserved_va;
97 #endif
98 
99 static void usage(int exitcode);
100 
101 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
102 const char *qemu_uname_release;
103 
104 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
105    we allocate a bigger stack. Need a better solution, for example
106    by remapping the process stack directly at the right place */
107 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
108 
109 void gemu_log(const char *fmt, ...)
110 {
111     va_list ap;
112 
113     va_start(ap, fmt);
114     vfprintf(stderr, fmt, ap);
115     va_end(ap);
116 }
117 
118 #if defined(TARGET_I386)
119 int cpu_get_pic_interrupt(CPUX86State *env)
120 {
121     return -1;
122 }
123 #endif
124 
125 /***********************************************************/
126 /* Helper routines for implementing atomic operations.  */
127 
128 /* Make sure everything is in a consistent state for calling fork().  */
129 void fork_start(void)
130 {
131     start_exclusive();
132     mmap_fork_start();
133     qemu_mutex_lock(&tb_ctx.tb_lock);
134     cpu_list_lock();
135 }
136 
137 void fork_end(int child)
138 {
139     mmap_fork_end(child);
140     if (child) {
141         CPUState *cpu, *next_cpu;
142         /* Child processes created by fork() only have a single thread.
143            Discard information about the parent threads.  */
144         CPU_FOREACH_SAFE(cpu, next_cpu) {
145             if (cpu != thread_cpu) {
146                 QTAILQ_REMOVE(&cpus, cpu, node);
147             }
148         }
149         qemu_mutex_init(&tb_ctx.tb_lock);
150         qemu_init_cpu_list();
151         gdbserver_fork(thread_cpu);
152         /* qemu_init_cpu_list() takes care of reinitializing the
153          * exclusive state, so we don't need to end_exclusive() here.
154          */
155     } else {
156         qemu_mutex_unlock(&tb_ctx.tb_lock);
157         cpu_list_unlock();
158         end_exclusive();
159     }
160 }
161 
162 #ifdef TARGET_I386
163 /***********************************************************/
164 /* CPUX86 core interface */
165 
166 uint64_t cpu_get_tsc(CPUX86State *env)
167 {
168     return cpu_get_host_ticks();
169 }
170 
171 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
172                      int flags)
173 {
174     unsigned int e1, e2;
175     uint32_t *p;
176     e1 = (addr << 16) | (limit & 0xffff);
177     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
178     e2 |= flags;
179     p = ptr;
180     p[0] = tswap32(e1);
181     p[1] = tswap32(e2);
182 }
183 
184 static uint64_t *idt_table;
185 #ifdef TARGET_X86_64
186 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
187                        uint64_t addr, unsigned int sel)
188 {
189     uint32_t *p, e1, e2;
190     e1 = (addr & 0xffff) | (sel << 16);
191     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
192     p = ptr;
193     p[0] = tswap32(e1);
194     p[1] = tswap32(e2);
195     p[2] = tswap32(addr >> 32);
196     p[3] = 0;
197 }
198 /* only dpl matters as we do only user space emulation */
199 static void set_idt(int n, unsigned int dpl)
200 {
201     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
202 }
203 #else
204 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
205                      uint32_t addr, unsigned int sel)
206 {
207     uint32_t *p, e1, e2;
208     e1 = (addr & 0xffff) | (sel << 16);
209     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
210     p = ptr;
211     p[0] = tswap32(e1);
212     p[1] = tswap32(e2);
213 }
214 
215 /* only dpl matters as we do only user space emulation */
216 static void set_idt(int n, unsigned int dpl)
217 {
218     set_gate(idt_table + n, 0, dpl, 0, 0);
219 }
220 #endif
221 
222 void cpu_loop(CPUX86State *env)
223 {
224     CPUState *cs = CPU(x86_env_get_cpu(env));
225     int trapnr;
226     abi_ulong pc;
227     abi_ulong ret;
228     target_siginfo_t info;
229 
230     for(;;) {
231         cpu_exec_start(cs);
232         trapnr = cpu_exec(cs);
233         cpu_exec_end(cs);
234         process_queued_cpu_work(cs);
235 
236         switch(trapnr) {
237         case 0x80:
238             /* linux syscall from int $0x80 */
239             ret = do_syscall(env,
240                              env->regs[R_EAX],
241                              env->regs[R_EBX],
242                              env->regs[R_ECX],
243                              env->regs[R_EDX],
244                              env->regs[R_ESI],
245                              env->regs[R_EDI],
246                              env->regs[R_EBP],
247                              0, 0);
248             if (ret == -TARGET_ERESTARTSYS) {
249                 env->eip -= 2;
250             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
251                 env->regs[R_EAX] = ret;
252             }
253             break;
254 #ifndef TARGET_ABI32
255         case EXCP_SYSCALL:
256             /* linux syscall from syscall instruction */
257             ret = do_syscall(env,
258                              env->regs[R_EAX],
259                              env->regs[R_EDI],
260                              env->regs[R_ESI],
261                              env->regs[R_EDX],
262                              env->regs[10],
263                              env->regs[8],
264                              env->regs[9],
265                              0, 0);
266             if (ret == -TARGET_ERESTARTSYS) {
267                 env->eip -= 2;
268             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
269                 env->regs[R_EAX] = ret;
270             }
271             break;
272 #endif
273         case EXCP0B_NOSEG:
274         case EXCP0C_STACK:
275             info.si_signo = TARGET_SIGBUS;
276             info.si_errno = 0;
277             info.si_code = TARGET_SI_KERNEL;
278             info._sifields._sigfault._addr = 0;
279             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
280             break;
281         case EXCP0D_GPF:
282             /* XXX: potential problem if ABI32 */
283 #ifndef TARGET_X86_64
284             if (env->eflags & VM_MASK) {
285                 handle_vm86_fault(env);
286             } else
287 #endif
288             {
289                 info.si_signo = TARGET_SIGSEGV;
290                 info.si_errno = 0;
291                 info.si_code = TARGET_SI_KERNEL;
292                 info._sifields._sigfault._addr = 0;
293                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
294             }
295             break;
296         case EXCP0E_PAGE:
297             info.si_signo = TARGET_SIGSEGV;
298             info.si_errno = 0;
299             if (!(env->error_code & 1))
300                 info.si_code = TARGET_SEGV_MAPERR;
301             else
302                 info.si_code = TARGET_SEGV_ACCERR;
303             info._sifields._sigfault._addr = env->cr[2];
304             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
305             break;
306         case EXCP00_DIVZ:
307 #ifndef TARGET_X86_64
308             if (env->eflags & VM_MASK) {
309                 handle_vm86_trap(env, trapnr);
310             } else
311 #endif
312             {
313                 /* division by zero */
314                 info.si_signo = TARGET_SIGFPE;
315                 info.si_errno = 0;
316                 info.si_code = TARGET_FPE_INTDIV;
317                 info._sifields._sigfault._addr = env->eip;
318                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
319             }
320             break;
321         case EXCP01_DB:
322         case EXCP03_INT3:
323 #ifndef TARGET_X86_64
324             if (env->eflags & VM_MASK) {
325                 handle_vm86_trap(env, trapnr);
326             } else
327 #endif
328             {
329                 info.si_signo = TARGET_SIGTRAP;
330                 info.si_errno = 0;
331                 if (trapnr == EXCP01_DB) {
332                     info.si_code = TARGET_TRAP_BRKPT;
333                     info._sifields._sigfault._addr = env->eip;
334                 } else {
335                     info.si_code = TARGET_SI_KERNEL;
336                     info._sifields._sigfault._addr = 0;
337                 }
338                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
339             }
340             break;
341         case EXCP04_INTO:
342         case EXCP05_BOUND:
343 #ifndef TARGET_X86_64
344             if (env->eflags & VM_MASK) {
345                 handle_vm86_trap(env, trapnr);
346             } else
347 #endif
348             {
349                 info.si_signo = TARGET_SIGSEGV;
350                 info.si_errno = 0;
351                 info.si_code = TARGET_SI_KERNEL;
352                 info._sifields._sigfault._addr = 0;
353                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
354             }
355             break;
356         case EXCP06_ILLOP:
357             info.si_signo = TARGET_SIGILL;
358             info.si_errno = 0;
359             info.si_code = TARGET_ILL_ILLOPN;
360             info._sifields._sigfault._addr = env->eip;
361             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
362             break;
363         case EXCP_INTERRUPT:
364             /* just indicate that signals should be handled asap */
365             break;
366         case EXCP_DEBUG:
367             {
368                 int sig;
369 
370                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
371                 if (sig)
372                   {
373                     info.si_signo = sig;
374                     info.si_errno = 0;
375                     info.si_code = TARGET_TRAP_BRKPT;
376                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
377                   }
378             }
379             break;
380         case EXCP_ATOMIC:
381             cpu_exec_step_atomic(cs);
382             break;
383         default:
384             pc = env->segs[R_CS].base + env->eip;
385             EXCP_DUMP(env, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
386                       (long)pc, trapnr);
387             abort();
388         }
389         process_pending_signals(env);
390     }
391 }
392 #endif
393 
394 #ifdef TARGET_ARM
395 
396 #define get_user_code_u32(x, gaddr, env)                \
397     ({ abi_long __r = get_user_u32((x), (gaddr));       \
398         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
399             (x) = bswap32(x);                           \
400         }                                               \
401         __r;                                            \
402     })
403 
404 #define get_user_code_u16(x, gaddr, env)                \
405     ({ abi_long __r = get_user_u16((x), (gaddr));       \
406         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
407             (x) = bswap16(x);                           \
408         }                                               \
409         __r;                                            \
410     })
411 
412 #define get_user_data_u32(x, gaddr, env)                \
413     ({ abi_long __r = get_user_u32((x), (gaddr));       \
414         if (!__r && arm_cpu_bswap_data(env)) {          \
415             (x) = bswap32(x);                           \
416         }                                               \
417         __r;                                            \
418     })
419 
420 #define get_user_data_u16(x, gaddr, env)                \
421     ({ abi_long __r = get_user_u16((x), (gaddr));       \
422         if (!__r && arm_cpu_bswap_data(env)) {          \
423             (x) = bswap16(x);                           \
424         }                                               \
425         __r;                                            \
426     })
427 
428 #define put_user_data_u32(x, gaddr, env)                \
429     ({ typeof(x) __x = (x);                             \
430         if (arm_cpu_bswap_data(env)) {                  \
431             __x = bswap32(__x);                         \
432         }                                               \
433         put_user_u32(__x, (gaddr));                     \
434     })
435 
436 #define put_user_data_u16(x, gaddr, env)                \
437     ({ typeof(x) __x = (x);                             \
438         if (arm_cpu_bswap_data(env)) {                  \
439             __x = bswap16(__x);                         \
440         }                                               \
441         put_user_u16(__x, (gaddr));                     \
442     })
443 
444 #ifdef TARGET_ABI32
445 /* Commpage handling -- there is no commpage for AArch64 */
446 
447 /*
448  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
449  * Input:
450  * r0 = pointer to oldval
451  * r1 = pointer to newval
452  * r2 = pointer to target value
453  *
454  * Output:
455  * r0 = 0 if *ptr was changed, non-0 if no exchange happened
456  * C set if *ptr was changed, clear if no exchange happened
457  *
458  * Note segv's in kernel helpers are a bit tricky, we can set the
459  * data address sensibly but the PC address is just the entry point.
460  */
461 static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
462 {
463     uint64_t oldval, newval, val;
464     uint32_t addr, cpsr;
465     target_siginfo_t info;
466 
467     /* Based on the 32 bit code in do_kernel_trap */
468 
469     /* XXX: This only works between threads, not between processes.
470        It's probably possible to implement this with native host
471        operations. However things like ldrex/strex are much harder so
472        there's not much point trying.  */
473     start_exclusive();
474     cpsr = cpsr_read(env);
475     addr = env->regs[2];
476 
477     if (get_user_u64(oldval, env->regs[0])) {
478         env->exception.vaddress = env->regs[0];
479         goto segv;
480     };
481 
482     if (get_user_u64(newval, env->regs[1])) {
483         env->exception.vaddress = env->regs[1];
484         goto segv;
485     };
486 
487     if (get_user_u64(val, addr)) {
488         env->exception.vaddress = addr;
489         goto segv;
490     }
491 
492     if (val == oldval) {
493         val = newval;
494 
495         if (put_user_u64(val, addr)) {
496             env->exception.vaddress = addr;
497             goto segv;
498         };
499 
500         env->regs[0] = 0;
501         cpsr |= CPSR_C;
502     } else {
503         env->regs[0] = -1;
504         cpsr &= ~CPSR_C;
505     }
506     cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
507     end_exclusive();
508     return;
509 
510 segv:
511     end_exclusive();
512     /* We get the PC of the entry address - which is as good as anything,
513        on a real kernel what you get depends on which mode it uses. */
514     info.si_signo = TARGET_SIGSEGV;
515     info.si_errno = 0;
516     /* XXX: check env->error_code */
517     info.si_code = TARGET_SEGV_MAPERR;
518     info._sifields._sigfault._addr = env->exception.vaddress;
519     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
520 }
521 
522 /* Handle a jump to the kernel code page.  */
523 static int
524 do_kernel_trap(CPUARMState *env)
525 {
526     uint32_t addr;
527     uint32_t cpsr;
528     uint32_t val;
529 
530     switch (env->regs[15]) {
531     case 0xffff0fa0: /* __kernel_memory_barrier */
532         /* ??? No-op. Will need to do better for SMP.  */
533         break;
534     case 0xffff0fc0: /* __kernel_cmpxchg */
535          /* XXX: This only works between threads, not between processes.
536             It's probably possible to implement this with native host
537             operations. However things like ldrex/strex are much harder so
538             there's not much point trying.  */
539         start_exclusive();
540         cpsr = cpsr_read(env);
541         addr = env->regs[2];
542         /* FIXME: This should SEGV if the access fails.  */
543         if (get_user_u32(val, addr))
544             val = ~env->regs[0];
545         if (val == env->regs[0]) {
546             val = env->regs[1];
547             /* FIXME: Check for segfaults.  */
548             put_user_u32(val, addr);
549             env->regs[0] = 0;
550             cpsr |= CPSR_C;
551         } else {
552             env->regs[0] = -1;
553             cpsr &= ~CPSR_C;
554         }
555         cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
556         end_exclusive();
557         break;
558     case 0xffff0fe0: /* __kernel_get_tls */
559         env->regs[0] = cpu_get_tls(env);
560         break;
561     case 0xffff0f60: /* __kernel_cmpxchg64 */
562         arm_kernel_cmpxchg64_helper(env);
563         break;
564 
565     default:
566         return 1;
567     }
568     /* Jump back to the caller.  */
569     addr = env->regs[14];
570     if (addr & 1) {
571         env->thumb = 1;
572         addr &= ~1;
573     }
574     env->regs[15] = addr;
575 
576     return 0;
577 }
578 
579 void cpu_loop(CPUARMState *env)
580 {
581     CPUState *cs = CPU(arm_env_get_cpu(env));
582     int trapnr;
583     unsigned int n, insn;
584     target_siginfo_t info;
585     uint32_t addr;
586     abi_ulong ret;
587 
588     for(;;) {
589         cpu_exec_start(cs);
590         trapnr = cpu_exec(cs);
591         cpu_exec_end(cs);
592         process_queued_cpu_work(cs);
593 
594         switch(trapnr) {
595         case EXCP_UDEF:
596         case EXCP_NOCP:
597         case EXCP_INVSTATE:
598             {
599                 TaskState *ts = cs->opaque;
600                 uint32_t opcode;
601                 int rc;
602 
603                 /* we handle the FPU emulation here, as Linux */
604                 /* we get the opcode */
605                 /* FIXME - what to do if get_user() fails? */
606                 get_user_code_u32(opcode, env->regs[15], env);
607 
608                 rc = EmulateAll(opcode, &ts->fpa, env);
609                 if (rc == 0) { /* illegal instruction */
610                     info.si_signo = TARGET_SIGILL;
611                     info.si_errno = 0;
612                     info.si_code = TARGET_ILL_ILLOPN;
613                     info._sifields._sigfault._addr = env->regs[15];
614                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
615                 } else if (rc < 0) { /* FP exception */
616                     int arm_fpe=0;
617 
618                     /* translate softfloat flags to FPSR flags */
619                     if (-rc & float_flag_invalid)
620                       arm_fpe |= BIT_IOC;
621                     if (-rc & float_flag_divbyzero)
622                       arm_fpe |= BIT_DZC;
623                     if (-rc & float_flag_overflow)
624                       arm_fpe |= BIT_OFC;
625                     if (-rc & float_flag_underflow)
626                       arm_fpe |= BIT_UFC;
627                     if (-rc & float_flag_inexact)
628                       arm_fpe |= BIT_IXC;
629 
630                     FPSR fpsr = ts->fpa.fpsr;
631                     //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
632 
633                     if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
634                       info.si_signo = TARGET_SIGFPE;
635                       info.si_errno = 0;
636 
637                       /* ordered by priority, least first */
638                       if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
639                       if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
640                       if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
641                       if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
642                       if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
643 
644                       info._sifields._sigfault._addr = env->regs[15];
645                       queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
646                     } else {
647                       env->regs[15] += 4;
648                     }
649 
650                     /* accumulate unenabled exceptions */
651                     if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
652                       fpsr |= BIT_IXC;
653                     if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
654                       fpsr |= BIT_UFC;
655                     if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
656                       fpsr |= BIT_OFC;
657                     if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
658                       fpsr |= BIT_DZC;
659                     if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
660                       fpsr |= BIT_IOC;
661                     ts->fpa.fpsr=fpsr;
662                 } else { /* everything OK */
663                     /* increment PC */
664                     env->regs[15] += 4;
665                 }
666             }
667             break;
668         case EXCP_SWI:
669         case EXCP_BKPT:
670             {
671                 env->eabi = 1;
672                 /* system call */
673                 if (trapnr == EXCP_BKPT) {
674                     if (env->thumb) {
675                         /* FIXME - what to do if get_user() fails? */
676                         get_user_code_u16(insn, env->regs[15], env);
677                         n = insn & 0xff;
678                         env->regs[15] += 2;
679                     } else {
680                         /* FIXME - what to do if get_user() fails? */
681                         get_user_code_u32(insn, env->regs[15], env);
682                         n = (insn & 0xf) | ((insn >> 4) & 0xff0);
683                         env->regs[15] += 4;
684                     }
685                 } else {
686                     if (env->thumb) {
687                         /* FIXME - what to do if get_user() fails? */
688                         get_user_code_u16(insn, env->regs[15] - 2, env);
689                         n = insn & 0xff;
690                     } else {
691                         /* FIXME - what to do if get_user() fails? */
692                         get_user_code_u32(insn, env->regs[15] - 4, env);
693                         n = insn & 0xffffff;
694                     }
695                 }
696 
697                 if (n == ARM_NR_cacheflush) {
698                     /* nop */
699                 } else if (n == ARM_NR_semihosting
700                            || n == ARM_NR_thumb_semihosting) {
701                     env->regs[0] = do_arm_semihosting (env);
702                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
703                     /* linux syscall */
704                     if (env->thumb || n == 0) {
705                         n = env->regs[7];
706                     } else {
707                         n -= ARM_SYSCALL_BASE;
708                         env->eabi = 0;
709                     }
710                     if ( n > ARM_NR_BASE) {
711                         switch (n) {
712                         case ARM_NR_cacheflush:
713                             /* nop */
714                             break;
715                         case ARM_NR_set_tls:
716                             cpu_set_tls(env, env->regs[0]);
717                             env->regs[0] = 0;
718                             break;
719                         case ARM_NR_breakpoint:
720                             env->regs[15] -= env->thumb ? 2 : 4;
721                             goto excp_debug;
722                         default:
723                             gemu_log("qemu: Unsupported ARM syscall: 0x%x\n",
724                                      n);
725                             env->regs[0] = -TARGET_ENOSYS;
726                             break;
727                         }
728                     } else {
729                         ret = do_syscall(env,
730                                          n,
731                                          env->regs[0],
732                                          env->regs[1],
733                                          env->regs[2],
734                                          env->regs[3],
735                                          env->regs[4],
736                                          env->regs[5],
737                                          0, 0);
738                         if (ret == -TARGET_ERESTARTSYS) {
739                             env->regs[15] -= env->thumb ? 2 : 4;
740                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
741                             env->regs[0] = ret;
742                         }
743                     }
744                 } else {
745                     goto error;
746                 }
747             }
748             break;
749         case EXCP_SEMIHOST:
750             env->regs[0] = do_arm_semihosting(env);
751             break;
752         case EXCP_INTERRUPT:
753             /* just indicate that signals should be handled asap */
754             break;
755         case EXCP_PREFETCH_ABORT:
756         case EXCP_DATA_ABORT:
757             addr = env->exception.vaddress;
758             {
759                 info.si_signo = TARGET_SIGSEGV;
760                 info.si_errno = 0;
761                 /* XXX: check env->error_code */
762                 info.si_code = TARGET_SEGV_MAPERR;
763                 info._sifields._sigfault._addr = addr;
764                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
765             }
766             break;
767         case EXCP_DEBUG:
768         excp_debug:
769             {
770                 int sig;
771 
772                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
773                 if (sig)
774                   {
775                     info.si_signo = sig;
776                     info.si_errno = 0;
777                     info.si_code = TARGET_TRAP_BRKPT;
778                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
779                   }
780             }
781             break;
782         case EXCP_KERNEL_TRAP:
783             if (do_kernel_trap(env))
784               goto error;
785             break;
786         case EXCP_YIELD:
787             /* nothing to do here for user-mode, just resume guest code */
788             break;
789         case EXCP_ATOMIC:
790             cpu_exec_step_atomic(cs);
791             break;
792         default:
793         error:
794             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
795             abort();
796         }
797         process_pending_signals(env);
798     }
799 }
800 
801 #else
802 
803 /* AArch64 main loop */
804 void cpu_loop(CPUARMState *env)
805 {
806     CPUState *cs = CPU(arm_env_get_cpu(env));
807     int trapnr, sig;
808     abi_long ret;
809     target_siginfo_t info;
810 
811     for (;;) {
812         cpu_exec_start(cs);
813         trapnr = cpu_exec(cs);
814         cpu_exec_end(cs);
815         process_queued_cpu_work(cs);
816 
817         switch (trapnr) {
818         case EXCP_SWI:
819             ret = do_syscall(env,
820                              env->xregs[8],
821                              env->xregs[0],
822                              env->xregs[1],
823                              env->xregs[2],
824                              env->xregs[3],
825                              env->xregs[4],
826                              env->xregs[5],
827                              0, 0);
828             if (ret == -TARGET_ERESTARTSYS) {
829                 env->pc -= 4;
830             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
831                 env->xregs[0] = ret;
832             }
833             break;
834         case EXCP_INTERRUPT:
835             /* just indicate that signals should be handled asap */
836             break;
837         case EXCP_UDEF:
838             info.si_signo = TARGET_SIGILL;
839             info.si_errno = 0;
840             info.si_code = TARGET_ILL_ILLOPN;
841             info._sifields._sigfault._addr = env->pc;
842             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
843             break;
844         case EXCP_PREFETCH_ABORT:
845         case EXCP_DATA_ABORT:
846             info.si_signo = TARGET_SIGSEGV;
847             info.si_errno = 0;
848             /* XXX: check env->error_code */
849             info.si_code = TARGET_SEGV_MAPERR;
850             info._sifields._sigfault._addr = env->exception.vaddress;
851             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
852             break;
853         case EXCP_DEBUG:
854         case EXCP_BKPT:
855             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
856             if (sig) {
857                 info.si_signo = sig;
858                 info.si_errno = 0;
859                 info.si_code = TARGET_TRAP_BRKPT;
860                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
861             }
862             break;
863         case EXCP_SEMIHOST:
864             env->xregs[0] = do_arm_semihosting(env);
865             break;
866         case EXCP_YIELD:
867             /* nothing to do here for user-mode, just resume guest code */
868             break;
869         case EXCP_ATOMIC:
870             cpu_exec_step_atomic(cs);
871             break;
872         default:
873             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
874             abort();
875         }
876         process_pending_signals(env);
877         /* Exception return on AArch64 always clears the exclusive monitor,
878          * so any return to running guest code implies this.
879          */
880         env->exclusive_addr = -1;
881     }
882 }
883 #endif /* ndef TARGET_ABI32 */
884 
885 #endif
886 
887 #ifdef TARGET_UNICORE32
888 
889 void cpu_loop(CPUUniCore32State *env)
890 {
891     CPUState *cs = CPU(uc32_env_get_cpu(env));
892     int trapnr;
893     unsigned int n, insn;
894     target_siginfo_t info;
895 
896     for (;;) {
897         cpu_exec_start(cs);
898         trapnr = cpu_exec(cs);
899         cpu_exec_end(cs);
900         process_queued_cpu_work(cs);
901 
902         switch (trapnr) {
903         case UC32_EXCP_PRIV:
904             {
905                 /* system call */
906                 get_user_u32(insn, env->regs[31] - 4);
907                 n = insn & 0xffffff;
908 
909                 if (n >= UC32_SYSCALL_BASE) {
910                     /* linux syscall */
911                     n -= UC32_SYSCALL_BASE;
912                     if (n == UC32_SYSCALL_NR_set_tls) {
913                             cpu_set_tls(env, env->regs[0]);
914                             env->regs[0] = 0;
915                     } else {
916                         abi_long ret = do_syscall(env,
917                                                   n,
918                                                   env->regs[0],
919                                                   env->regs[1],
920                                                   env->regs[2],
921                                                   env->regs[3],
922                                                   env->regs[4],
923                                                   env->regs[5],
924                                                   0, 0);
925                         if (ret == -TARGET_ERESTARTSYS) {
926                             env->regs[31] -= 4;
927                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
928                             env->regs[0] = ret;
929                         }
930                     }
931                 } else {
932                     goto error;
933                 }
934             }
935             break;
936         case UC32_EXCP_DTRAP:
937         case UC32_EXCP_ITRAP:
938             info.si_signo = TARGET_SIGSEGV;
939             info.si_errno = 0;
940             /* XXX: check env->error_code */
941             info.si_code = TARGET_SEGV_MAPERR;
942             info._sifields._sigfault._addr = env->cp0.c4_faultaddr;
943             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
944             break;
945         case EXCP_INTERRUPT:
946             /* just indicate that signals should be handled asap */
947             break;
948         case EXCP_DEBUG:
949             {
950                 int sig;
951 
952                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
953                 if (sig) {
954                     info.si_signo = sig;
955                     info.si_errno = 0;
956                     info.si_code = TARGET_TRAP_BRKPT;
957                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
958                 }
959             }
960             break;
961         case EXCP_ATOMIC:
962             cpu_exec_step_atomic(cs);
963             break;
964         default:
965             goto error;
966         }
967         process_pending_signals(env);
968     }
969 
970 error:
971     EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
972     abort();
973 }
974 #endif
975 
976 #ifdef TARGET_SPARC
977 #define SPARC64_STACK_BIAS 2047
978 
979 //#define DEBUG_WIN
980 
981 /* WARNING: dealing with register windows _is_ complicated. More info
982    can be found at http://www.sics.se/~psm/sparcstack.html */
983 static inline int get_reg_index(CPUSPARCState *env, int cwp, int index)
984 {
985     index = (index + cwp * 16) % (16 * env->nwindows);
986     /* wrap handling : if cwp is on the last window, then we use the
987        registers 'after' the end */
988     if (index < 8 && env->cwp == env->nwindows - 1)
989         index += 16 * env->nwindows;
990     return index;
991 }
992 
993 /* save the register window 'cwp1' */
994 static inline void save_window_offset(CPUSPARCState *env, int cwp1)
995 {
996     unsigned int i;
997     abi_ulong sp_ptr;
998 
999     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1000 #ifdef TARGET_SPARC64
1001     if (sp_ptr & 3)
1002         sp_ptr += SPARC64_STACK_BIAS;
1003 #endif
1004 #if defined(DEBUG_WIN)
1005     printf("win_overflow: sp_ptr=0x" TARGET_ABI_FMT_lx " save_cwp=%d\n",
1006            sp_ptr, cwp1);
1007 #endif
1008     for(i = 0; i < 16; i++) {
1009         /* FIXME - what to do if put_user() fails? */
1010         put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1011         sp_ptr += sizeof(abi_ulong);
1012     }
1013 }
1014 
1015 static void save_window(CPUSPARCState *env)
1016 {
1017 #ifndef TARGET_SPARC64
1018     unsigned int new_wim;
1019     new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
1020         ((1LL << env->nwindows) - 1);
1021     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1022     env->wim = new_wim;
1023 #else
1024     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1025     env->cansave++;
1026     env->canrestore--;
1027 #endif
1028 }
1029 
1030 static void restore_window(CPUSPARCState *env)
1031 {
1032 #ifndef TARGET_SPARC64
1033     unsigned int new_wim;
1034 #endif
1035     unsigned int i, cwp1;
1036     abi_ulong sp_ptr;
1037 
1038 #ifndef TARGET_SPARC64
1039     new_wim = ((env->wim << 1) | (env->wim >> (env->nwindows - 1))) &
1040         ((1LL << env->nwindows) - 1);
1041 #endif
1042 
1043     /* restore the invalid window */
1044     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1045     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1046 #ifdef TARGET_SPARC64
1047     if (sp_ptr & 3)
1048         sp_ptr += SPARC64_STACK_BIAS;
1049 #endif
1050 #if defined(DEBUG_WIN)
1051     printf("win_underflow: sp_ptr=0x" TARGET_ABI_FMT_lx " load_cwp=%d\n",
1052            sp_ptr, cwp1);
1053 #endif
1054     for(i = 0; i < 16; i++) {
1055         /* FIXME - what to do if get_user() fails? */
1056         get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1057         sp_ptr += sizeof(abi_ulong);
1058     }
1059 #ifdef TARGET_SPARC64
1060     env->canrestore++;
1061     if (env->cleanwin < env->nwindows - 1)
1062         env->cleanwin++;
1063     env->cansave--;
1064 #else
1065     env->wim = new_wim;
1066 #endif
1067 }
1068 
1069 static void flush_windows(CPUSPARCState *env)
1070 {
1071     int offset, cwp1;
1072 
1073     offset = 1;
1074     for(;;) {
1075         /* if restore would invoke restore_window(), then we can stop */
1076         cwp1 = cpu_cwp_inc(env, env->cwp + offset);
1077 #ifndef TARGET_SPARC64
1078         if (env->wim & (1 << cwp1))
1079             break;
1080 #else
1081         if (env->canrestore == 0)
1082             break;
1083         env->cansave++;
1084         env->canrestore--;
1085 #endif
1086         save_window_offset(env, cwp1);
1087         offset++;
1088     }
1089     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1090 #ifndef TARGET_SPARC64
1091     /* set wim so that restore will reload the registers */
1092     env->wim = 1 << cwp1;
1093 #endif
1094 #if defined(DEBUG_WIN)
1095     printf("flush_windows: nb=%d\n", offset - 1);
1096 #endif
1097 }
1098 
1099 void cpu_loop (CPUSPARCState *env)
1100 {
1101     CPUState *cs = CPU(sparc_env_get_cpu(env));
1102     int trapnr;
1103     abi_long ret;
1104     target_siginfo_t info;
1105 
1106     while (1) {
1107         cpu_exec_start(cs);
1108         trapnr = cpu_exec(cs);
1109         cpu_exec_end(cs);
1110         process_queued_cpu_work(cs);
1111 
1112         /* Compute PSR before exposing state.  */
1113         if (env->cc_op != CC_OP_FLAGS) {
1114             cpu_get_psr(env);
1115         }
1116 
1117         switch (trapnr) {
1118 #ifndef TARGET_SPARC64
1119         case 0x88:
1120         case 0x90:
1121 #else
1122         case 0x110:
1123         case 0x16d:
1124 #endif
1125             ret = do_syscall (env, env->gregs[1],
1126                               env->regwptr[0], env->regwptr[1],
1127                               env->regwptr[2], env->regwptr[3],
1128                               env->regwptr[4], env->regwptr[5],
1129                               0, 0);
1130             if (ret == -TARGET_ERESTARTSYS || ret == -TARGET_QEMU_ESIGRETURN) {
1131                 break;
1132             }
1133             if ((abi_ulong)ret >= (abi_ulong)(-515)) {
1134 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1135                 env->xcc |= PSR_CARRY;
1136 #else
1137                 env->psr |= PSR_CARRY;
1138 #endif
1139                 ret = -ret;
1140             } else {
1141 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1142                 env->xcc &= ~PSR_CARRY;
1143 #else
1144                 env->psr &= ~PSR_CARRY;
1145 #endif
1146             }
1147             env->regwptr[0] = ret;
1148             /* next instruction */
1149             env->pc = env->npc;
1150             env->npc = env->npc + 4;
1151             break;
1152         case 0x83: /* flush windows */
1153 #ifdef TARGET_ABI32
1154         case 0x103:
1155 #endif
1156             flush_windows(env);
1157             /* next instruction */
1158             env->pc = env->npc;
1159             env->npc = env->npc + 4;
1160             break;
1161 #ifndef TARGET_SPARC64
1162         case TT_WIN_OVF: /* window overflow */
1163             save_window(env);
1164             break;
1165         case TT_WIN_UNF: /* window underflow */
1166             restore_window(env);
1167             break;
1168         case TT_TFAULT:
1169         case TT_DFAULT:
1170             {
1171                 info.si_signo = TARGET_SIGSEGV;
1172                 info.si_errno = 0;
1173                 /* XXX: check env->error_code */
1174                 info.si_code = TARGET_SEGV_MAPERR;
1175                 info._sifields._sigfault._addr = env->mmuregs[4];
1176                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1177             }
1178             break;
1179 #else
1180         case TT_SPILL: /* window overflow */
1181             save_window(env);
1182             break;
1183         case TT_FILL: /* window underflow */
1184             restore_window(env);
1185             break;
1186         case TT_TFAULT:
1187         case TT_DFAULT:
1188             {
1189                 info.si_signo = TARGET_SIGSEGV;
1190                 info.si_errno = 0;
1191                 /* XXX: check env->error_code */
1192                 info.si_code = TARGET_SEGV_MAPERR;
1193                 if (trapnr == TT_DFAULT)
1194                     info._sifields._sigfault._addr = env->dmmu.mmuregs[4];
1195                 else
1196                     info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
1197                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1198             }
1199             break;
1200 #ifndef TARGET_ABI32
1201         case 0x16e:
1202             flush_windows(env);
1203             sparc64_get_context(env);
1204             break;
1205         case 0x16f:
1206             flush_windows(env);
1207             sparc64_set_context(env);
1208             break;
1209 #endif
1210 #endif
1211         case EXCP_INTERRUPT:
1212             /* just indicate that signals should be handled asap */
1213             break;
1214         case TT_ILL_INSN:
1215             {
1216                 info.si_signo = TARGET_SIGILL;
1217                 info.si_errno = 0;
1218                 info.si_code = TARGET_ILL_ILLOPC;
1219                 info._sifields._sigfault._addr = env->pc;
1220                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1221             }
1222             break;
1223         case EXCP_DEBUG:
1224             {
1225                 int sig;
1226 
1227                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1228                 if (sig)
1229                   {
1230                     info.si_signo = sig;
1231                     info.si_errno = 0;
1232                     info.si_code = TARGET_TRAP_BRKPT;
1233                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1234                   }
1235             }
1236             break;
1237         case EXCP_ATOMIC:
1238             cpu_exec_step_atomic(cs);
1239             break;
1240         default:
1241             printf ("Unhandled trap: 0x%x\n", trapnr);
1242             cpu_dump_state(cs, stderr, fprintf, 0);
1243             exit(EXIT_FAILURE);
1244         }
1245         process_pending_signals (env);
1246     }
1247 }
1248 
1249 #endif
1250 
1251 #ifdef TARGET_PPC
1252 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
1253 {
1254     return cpu_get_host_ticks();
1255 }
1256 
1257 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
1258 {
1259     return cpu_ppc_get_tb(env);
1260 }
1261 
1262 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
1263 {
1264     return cpu_ppc_get_tb(env) >> 32;
1265 }
1266 
1267 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
1268 {
1269     return cpu_ppc_get_tb(env);
1270 }
1271 
1272 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
1273 {
1274     return cpu_ppc_get_tb(env) >> 32;
1275 }
1276 
1277 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
1278 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
1279 
1280 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
1281 {
1282     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1283 }
1284 
1285 /* XXX: to be fixed */
1286 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1287 {
1288     return -1;
1289 }
1290 
1291 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1292 {
1293     return -1;
1294 }
1295 
1296 static int do_store_exclusive(CPUPPCState *env)
1297 {
1298     target_ulong addr;
1299     target_ulong page_addr;
1300     target_ulong val, val2 __attribute__((unused)) = 0;
1301     int flags;
1302     int segv = 0;
1303 
1304     addr = env->reserve_ea;
1305     page_addr = addr & TARGET_PAGE_MASK;
1306     start_exclusive();
1307     mmap_lock();
1308     flags = page_get_flags(page_addr);
1309     if ((flags & PAGE_READ) == 0) {
1310         segv = 1;
1311     } else {
1312         int reg = env->reserve_info & 0x1f;
1313         int size = env->reserve_info >> 5;
1314         int stored = 0;
1315 
1316         if (addr == env->reserve_addr) {
1317             switch (size) {
1318             case 1: segv = get_user_u8(val, addr); break;
1319             case 2: segv = get_user_u16(val, addr); break;
1320             case 4: segv = get_user_u32(val, addr); break;
1321 #if defined(TARGET_PPC64)
1322             case 8: segv = get_user_u64(val, addr); break;
1323             case 16: {
1324                 segv = get_user_u64(val, addr);
1325                 if (!segv) {
1326                     segv = get_user_u64(val2, addr + 8);
1327                 }
1328                 break;
1329             }
1330 #endif
1331             default: abort();
1332             }
1333             if (!segv && val == env->reserve_val) {
1334                 val = env->gpr[reg];
1335                 switch (size) {
1336                 case 1: segv = put_user_u8(val, addr); break;
1337                 case 2: segv = put_user_u16(val, addr); break;
1338                 case 4: segv = put_user_u32(val, addr); break;
1339 #if defined(TARGET_PPC64)
1340                 case 8: segv = put_user_u64(val, addr); break;
1341                 case 16: {
1342                     if (val2 == env->reserve_val2) {
1343                         if (msr_le) {
1344                             val2 = val;
1345                             val = env->gpr[reg+1];
1346                         } else {
1347                             val2 = env->gpr[reg+1];
1348                         }
1349                         segv = put_user_u64(val, addr);
1350                         if (!segv) {
1351                             segv = put_user_u64(val2, addr + 8);
1352                         }
1353                     }
1354                     break;
1355                 }
1356 #endif
1357                 default: abort();
1358                 }
1359                 if (!segv) {
1360                     stored = 1;
1361                 }
1362             }
1363         }
1364         env->crf[0] = (stored << 1) | xer_so;
1365         env->reserve_addr = (target_ulong)-1;
1366     }
1367     if (!segv) {
1368         env->nip += 4;
1369     }
1370     mmap_unlock();
1371     end_exclusive();
1372     return segv;
1373 }
1374 
1375 void cpu_loop(CPUPPCState *env)
1376 {
1377     CPUState *cs = CPU(ppc_env_get_cpu(env));
1378     target_siginfo_t info;
1379     int trapnr;
1380     target_ulong ret;
1381 
1382     for(;;) {
1383         cpu_exec_start(cs);
1384         trapnr = cpu_exec(cs);
1385         cpu_exec_end(cs);
1386         process_queued_cpu_work(cs);
1387 
1388         switch(trapnr) {
1389         case POWERPC_EXCP_NONE:
1390             /* Just go on */
1391             break;
1392         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
1393             cpu_abort(cs, "Critical interrupt while in user mode. "
1394                       "Aborting\n");
1395             break;
1396         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
1397             cpu_abort(cs, "Machine check exception while in user mode. "
1398                       "Aborting\n");
1399             break;
1400         case POWERPC_EXCP_DSI:      /* Data storage exception                */
1401             /* XXX: check this. Seems bugged */
1402             switch (env->error_code & 0xFF000000) {
1403             case 0x40000000:
1404             case 0x42000000:
1405                 info.si_signo = TARGET_SIGSEGV;
1406                 info.si_errno = 0;
1407                 info.si_code = TARGET_SEGV_MAPERR;
1408                 break;
1409             case 0x04000000:
1410                 info.si_signo = TARGET_SIGILL;
1411                 info.si_errno = 0;
1412                 info.si_code = TARGET_ILL_ILLADR;
1413                 break;
1414             case 0x08000000:
1415                 info.si_signo = TARGET_SIGSEGV;
1416                 info.si_errno = 0;
1417                 info.si_code = TARGET_SEGV_ACCERR;
1418                 break;
1419             default:
1420                 /* Let's send a regular segfault... */
1421                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1422                           env->error_code);
1423                 info.si_signo = TARGET_SIGSEGV;
1424                 info.si_errno = 0;
1425                 info.si_code = TARGET_SEGV_MAPERR;
1426                 break;
1427             }
1428             info._sifields._sigfault._addr = env->spr[SPR_DAR];
1429             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1430             break;
1431         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
1432             /* XXX: check this */
1433             switch (env->error_code & 0xFF000000) {
1434             case 0x40000000:
1435                 info.si_signo = TARGET_SIGSEGV;
1436             info.si_errno = 0;
1437                 info.si_code = TARGET_SEGV_MAPERR;
1438                 break;
1439             case 0x10000000:
1440             case 0x08000000:
1441                 info.si_signo = TARGET_SIGSEGV;
1442                 info.si_errno = 0;
1443                 info.si_code = TARGET_SEGV_ACCERR;
1444                 break;
1445             default:
1446                 /* Let's send a regular segfault... */
1447                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1448                           env->error_code);
1449                 info.si_signo = TARGET_SIGSEGV;
1450                 info.si_errno = 0;
1451                 info.si_code = TARGET_SEGV_MAPERR;
1452                 break;
1453             }
1454             info._sifields._sigfault._addr = env->nip - 4;
1455             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1456             break;
1457         case POWERPC_EXCP_EXTERNAL: /* External input                        */
1458             cpu_abort(cs, "External interrupt while in user mode. "
1459                       "Aborting\n");
1460             break;
1461         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
1462             /* XXX: check this */
1463             info.si_signo = TARGET_SIGBUS;
1464             info.si_errno = 0;
1465             info.si_code = TARGET_BUS_ADRALN;
1466             info._sifields._sigfault._addr = env->nip;
1467             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1468             break;
1469         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
1470         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
1471             /* XXX: check this */
1472             switch (env->error_code & ~0xF) {
1473             case POWERPC_EXCP_FP:
1474                 info.si_signo = TARGET_SIGFPE;
1475                 info.si_errno = 0;
1476                 switch (env->error_code & 0xF) {
1477                 case POWERPC_EXCP_FP_OX:
1478                     info.si_code = TARGET_FPE_FLTOVF;
1479                     break;
1480                 case POWERPC_EXCP_FP_UX:
1481                     info.si_code = TARGET_FPE_FLTUND;
1482                     break;
1483                 case POWERPC_EXCP_FP_ZX:
1484                 case POWERPC_EXCP_FP_VXZDZ:
1485                     info.si_code = TARGET_FPE_FLTDIV;
1486                     break;
1487                 case POWERPC_EXCP_FP_XX:
1488                     info.si_code = TARGET_FPE_FLTRES;
1489                     break;
1490                 case POWERPC_EXCP_FP_VXSOFT:
1491                     info.si_code = TARGET_FPE_FLTINV;
1492                     break;
1493                 case POWERPC_EXCP_FP_VXSNAN:
1494                 case POWERPC_EXCP_FP_VXISI:
1495                 case POWERPC_EXCP_FP_VXIDI:
1496                 case POWERPC_EXCP_FP_VXIMZ:
1497                 case POWERPC_EXCP_FP_VXVC:
1498                 case POWERPC_EXCP_FP_VXSQRT:
1499                 case POWERPC_EXCP_FP_VXCVI:
1500                     info.si_code = TARGET_FPE_FLTSUB;
1501                     break;
1502                 default:
1503                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
1504                               env->error_code);
1505                     break;
1506                 }
1507                 break;
1508             case POWERPC_EXCP_INVAL:
1509                 info.si_signo = TARGET_SIGILL;
1510                 info.si_errno = 0;
1511                 switch (env->error_code & 0xF) {
1512                 case POWERPC_EXCP_INVAL_INVAL:
1513                     info.si_code = TARGET_ILL_ILLOPC;
1514                     break;
1515                 case POWERPC_EXCP_INVAL_LSWX:
1516                     info.si_code = TARGET_ILL_ILLOPN;
1517                     break;
1518                 case POWERPC_EXCP_INVAL_SPR:
1519                     info.si_code = TARGET_ILL_PRVREG;
1520                     break;
1521                 case POWERPC_EXCP_INVAL_FP:
1522                     info.si_code = TARGET_ILL_COPROC;
1523                     break;
1524                 default:
1525                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
1526                               env->error_code & 0xF);
1527                     info.si_code = TARGET_ILL_ILLADR;
1528                     break;
1529                 }
1530                 break;
1531             case POWERPC_EXCP_PRIV:
1532                 info.si_signo = TARGET_SIGILL;
1533                 info.si_errno = 0;
1534                 switch (env->error_code & 0xF) {
1535                 case POWERPC_EXCP_PRIV_OPC:
1536                     info.si_code = TARGET_ILL_PRVOPC;
1537                     break;
1538                 case POWERPC_EXCP_PRIV_REG:
1539                     info.si_code = TARGET_ILL_PRVREG;
1540                     break;
1541                 default:
1542                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
1543                               env->error_code & 0xF);
1544                     info.si_code = TARGET_ILL_PRVOPC;
1545                     break;
1546                 }
1547                 break;
1548             case POWERPC_EXCP_TRAP:
1549                 cpu_abort(cs, "Tried to call a TRAP\n");
1550                 break;
1551             default:
1552                 /* Should not happen ! */
1553                 cpu_abort(cs, "Unknown program exception (%02x)\n",
1554                           env->error_code);
1555                 break;
1556             }
1557             info._sifields._sigfault._addr = env->nip;
1558             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1559             break;
1560         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
1561             info.si_signo = TARGET_SIGILL;
1562             info.si_errno = 0;
1563             info.si_code = TARGET_ILL_COPROC;
1564             info._sifields._sigfault._addr = env->nip;
1565             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1566             break;
1567         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
1568             cpu_abort(cs, "Syscall exception while in user mode. "
1569                       "Aborting\n");
1570             break;
1571         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
1572             info.si_signo = TARGET_SIGILL;
1573             info.si_errno = 0;
1574             info.si_code = TARGET_ILL_COPROC;
1575             info._sifields._sigfault._addr = env->nip;
1576             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1577             break;
1578         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
1579             cpu_abort(cs, "Decrementer interrupt while in user mode. "
1580                       "Aborting\n");
1581             break;
1582         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
1583             cpu_abort(cs, "Fix interval timer interrupt while in user mode. "
1584                       "Aborting\n");
1585             break;
1586         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
1587             cpu_abort(cs, "Watchdog timer interrupt while in user mode. "
1588                       "Aborting\n");
1589             break;
1590         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
1591             cpu_abort(cs, "Data TLB exception while in user mode. "
1592                       "Aborting\n");
1593             break;
1594         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
1595             cpu_abort(cs, "Instruction TLB exception while in user mode. "
1596                       "Aborting\n");
1597             break;
1598         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
1599             info.si_signo = TARGET_SIGILL;
1600             info.si_errno = 0;
1601             info.si_code = TARGET_ILL_COPROC;
1602             info._sifields._sigfault._addr = env->nip;
1603             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1604             break;
1605         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
1606             cpu_abort(cs, "Embedded floating-point data IRQ not handled\n");
1607             break;
1608         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
1609             cpu_abort(cs, "Embedded floating-point round IRQ not handled\n");
1610             break;
1611         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
1612             cpu_abort(cs, "Performance monitor exception not handled\n");
1613             break;
1614         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
1615             cpu_abort(cs, "Doorbell interrupt while in user mode. "
1616                        "Aborting\n");
1617             break;
1618         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
1619             cpu_abort(cs, "Doorbell critical interrupt while in user mode. "
1620                       "Aborting\n");
1621             break;
1622         case POWERPC_EXCP_RESET:    /* System reset exception                */
1623             cpu_abort(cs, "Reset interrupt while in user mode. "
1624                       "Aborting\n");
1625             break;
1626         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
1627             cpu_abort(cs, "Data segment exception while in user mode. "
1628                       "Aborting\n");
1629             break;
1630         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
1631             cpu_abort(cs, "Instruction segment exception "
1632                       "while in user mode. Aborting\n");
1633             break;
1634         /* PowerPC 64 with hypervisor mode support */
1635         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
1636             cpu_abort(cs, "Hypervisor decrementer interrupt "
1637                       "while in user mode. Aborting\n");
1638             break;
1639         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
1640             /* Nothing to do:
1641              * we use this exception to emulate step-by-step execution mode.
1642              */
1643             break;
1644         /* PowerPC 64 with hypervisor mode support */
1645         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
1646             cpu_abort(cs, "Hypervisor data storage exception "
1647                       "while in user mode. Aborting\n");
1648             break;
1649         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
1650             cpu_abort(cs, "Hypervisor instruction storage exception "
1651                       "while in user mode. Aborting\n");
1652             break;
1653         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
1654             cpu_abort(cs, "Hypervisor data segment exception "
1655                       "while in user mode. Aborting\n");
1656             break;
1657         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
1658             cpu_abort(cs, "Hypervisor instruction segment exception "
1659                       "while in user mode. Aborting\n");
1660             break;
1661         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
1662             info.si_signo = TARGET_SIGILL;
1663             info.si_errno = 0;
1664             info.si_code = TARGET_ILL_COPROC;
1665             info._sifields._sigfault._addr = env->nip;
1666             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1667             break;
1668         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
1669             cpu_abort(cs, "Programmable interval timer interrupt "
1670                       "while in user mode. Aborting\n");
1671             break;
1672         case POWERPC_EXCP_IO:       /* IO error exception                    */
1673             cpu_abort(cs, "IO error exception while in user mode. "
1674                       "Aborting\n");
1675             break;
1676         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
1677             cpu_abort(cs, "Run mode exception while in user mode. "
1678                       "Aborting\n");
1679             break;
1680         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
1681             cpu_abort(cs, "Emulation trap exception not handled\n");
1682             break;
1683         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
1684             cpu_abort(cs, "Instruction fetch TLB exception "
1685                       "while in user-mode. Aborting");
1686             break;
1687         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
1688             cpu_abort(cs, "Data load TLB exception while in user-mode. "
1689                       "Aborting");
1690             break;
1691         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
1692             cpu_abort(cs, "Data store TLB exception while in user-mode. "
1693                       "Aborting");
1694             break;
1695         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
1696             cpu_abort(cs, "Floating-point assist exception not handled\n");
1697             break;
1698         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
1699             cpu_abort(cs, "Instruction address breakpoint exception "
1700                       "not handled\n");
1701             break;
1702         case POWERPC_EXCP_SMI:      /* System management interrupt           */
1703             cpu_abort(cs, "System management interrupt while in user mode. "
1704                       "Aborting\n");
1705             break;
1706         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
1707             cpu_abort(cs, "Thermal interrupt interrupt while in user mode. "
1708                       "Aborting\n");
1709             break;
1710         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
1711             cpu_abort(cs, "Performance monitor exception not handled\n");
1712             break;
1713         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
1714             cpu_abort(cs, "Vector assist exception not handled\n");
1715             break;
1716         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
1717             cpu_abort(cs, "Soft patch exception not handled\n");
1718             break;
1719         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
1720             cpu_abort(cs, "Maintenance exception while in user mode. "
1721                       "Aborting\n");
1722             break;
1723         case POWERPC_EXCP_STOP:     /* stop translation                      */
1724             /* We did invalidate the instruction cache. Go on */
1725             break;
1726         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
1727             /* We just stopped because of a branch. Go on */
1728             break;
1729         case POWERPC_EXCP_SYSCALL_USER:
1730             /* system call in user-mode emulation */
1731             /* WARNING:
1732              * PPC ABI uses overflow flag in cr0 to signal an error
1733              * in syscalls.
1734              */
1735             env->crf[0] &= ~0x1;
1736             env->nip += 4;
1737             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
1738                              env->gpr[5], env->gpr[6], env->gpr[7],
1739                              env->gpr[8], 0, 0);
1740             if (ret == -TARGET_ERESTARTSYS) {
1741                 env->nip -= 4;
1742                 break;
1743             }
1744             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
1745                 /* Returning from a successful sigreturn syscall.
1746                    Avoid corrupting register state.  */
1747                 break;
1748             }
1749             if (ret > (target_ulong)(-515)) {
1750                 env->crf[0] |= 0x1;
1751                 ret = -ret;
1752             }
1753             env->gpr[3] = ret;
1754             break;
1755         case POWERPC_EXCP_STCX:
1756             if (do_store_exclusive(env)) {
1757                 info.si_signo = TARGET_SIGSEGV;
1758                 info.si_errno = 0;
1759                 info.si_code = TARGET_SEGV_MAPERR;
1760                 info._sifields._sigfault._addr = env->nip;
1761                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1762             }
1763             break;
1764         case EXCP_DEBUG:
1765             {
1766                 int sig;
1767 
1768                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1769                 if (sig) {
1770                     info.si_signo = sig;
1771                     info.si_errno = 0;
1772                     info.si_code = TARGET_TRAP_BRKPT;
1773                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1774                   }
1775             }
1776             break;
1777         case EXCP_INTERRUPT:
1778             /* just indicate that signals should be handled asap */
1779             break;
1780         case EXCP_ATOMIC:
1781             cpu_exec_step_atomic(cs);
1782             break;
1783         default:
1784             cpu_abort(cs, "Unknown exception 0x%x. Aborting\n", trapnr);
1785             break;
1786         }
1787         process_pending_signals(env);
1788     }
1789 }
1790 #endif
1791 
1792 #ifdef TARGET_MIPS
1793 
1794 # ifdef TARGET_ABI_MIPSO32
1795 #  define MIPS_SYS(name, args) args,
1796 static const uint8_t mips_syscall_args[] = {
1797 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
1798 	MIPS_SYS(sys_exit	, 1)
1799 	MIPS_SYS(sys_fork	, 0)
1800 	MIPS_SYS(sys_read	, 3)
1801 	MIPS_SYS(sys_write	, 3)
1802 	MIPS_SYS(sys_open	, 3)	/* 4005 */
1803 	MIPS_SYS(sys_close	, 1)
1804 	MIPS_SYS(sys_waitpid	, 3)
1805 	MIPS_SYS(sys_creat	, 2)
1806 	MIPS_SYS(sys_link	, 2)
1807 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
1808 	MIPS_SYS(sys_execve	, 0)
1809 	MIPS_SYS(sys_chdir	, 1)
1810 	MIPS_SYS(sys_time	, 1)
1811 	MIPS_SYS(sys_mknod	, 3)
1812 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
1813 	MIPS_SYS(sys_lchown	, 3)
1814 	MIPS_SYS(sys_ni_syscall	, 0)
1815 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
1816 	MIPS_SYS(sys_lseek	, 3)
1817 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
1818 	MIPS_SYS(sys_mount	, 5)
1819 	MIPS_SYS(sys_umount	, 1)
1820 	MIPS_SYS(sys_setuid	, 1)
1821 	MIPS_SYS(sys_getuid	, 0)
1822 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
1823 	MIPS_SYS(sys_ptrace	, 4)
1824 	MIPS_SYS(sys_alarm	, 1)
1825 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
1826 	MIPS_SYS(sys_pause	, 0)
1827 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
1828 	MIPS_SYS(sys_ni_syscall	, 0)
1829 	MIPS_SYS(sys_ni_syscall	, 0)
1830 	MIPS_SYS(sys_access	, 2)
1831 	MIPS_SYS(sys_nice	, 1)
1832 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
1833 	MIPS_SYS(sys_sync	, 0)
1834 	MIPS_SYS(sys_kill	, 2)
1835 	MIPS_SYS(sys_rename	, 2)
1836 	MIPS_SYS(sys_mkdir	, 2)
1837 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
1838 	MIPS_SYS(sys_dup		, 1)
1839 	MIPS_SYS(sys_pipe	, 0)
1840 	MIPS_SYS(sys_times	, 1)
1841 	MIPS_SYS(sys_ni_syscall	, 0)
1842 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
1843 	MIPS_SYS(sys_setgid	, 1)
1844 	MIPS_SYS(sys_getgid	, 0)
1845 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
1846 	MIPS_SYS(sys_geteuid	, 0)
1847 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
1848 	MIPS_SYS(sys_acct	, 0)
1849 	MIPS_SYS(sys_umount2	, 2)
1850 	MIPS_SYS(sys_ni_syscall	, 0)
1851 	MIPS_SYS(sys_ioctl	, 3)
1852 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
1853 	MIPS_SYS(sys_ni_syscall	, 2)
1854 	MIPS_SYS(sys_setpgid	, 2)
1855 	MIPS_SYS(sys_ni_syscall	, 0)
1856 	MIPS_SYS(sys_olduname	, 1)
1857 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
1858 	MIPS_SYS(sys_chroot	, 1)
1859 	MIPS_SYS(sys_ustat	, 2)
1860 	MIPS_SYS(sys_dup2	, 2)
1861 	MIPS_SYS(sys_getppid	, 0)
1862 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
1863 	MIPS_SYS(sys_setsid	, 0)
1864 	MIPS_SYS(sys_sigaction	, 3)
1865 	MIPS_SYS(sys_sgetmask	, 0)
1866 	MIPS_SYS(sys_ssetmask	, 1)
1867 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
1868 	MIPS_SYS(sys_setregid	, 2)
1869 	MIPS_SYS(sys_sigsuspend	, 0)
1870 	MIPS_SYS(sys_sigpending	, 1)
1871 	MIPS_SYS(sys_sethostname	, 2)
1872 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
1873 	MIPS_SYS(sys_getrlimit	, 2)
1874 	MIPS_SYS(sys_getrusage	, 2)
1875 	MIPS_SYS(sys_gettimeofday, 2)
1876 	MIPS_SYS(sys_settimeofday, 2)
1877 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
1878 	MIPS_SYS(sys_setgroups	, 2)
1879 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
1880 	MIPS_SYS(sys_symlink	, 2)
1881 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
1882 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
1883 	MIPS_SYS(sys_uselib	, 1)
1884 	MIPS_SYS(sys_swapon	, 2)
1885 	MIPS_SYS(sys_reboot	, 3)
1886 	MIPS_SYS(old_readdir	, 3)
1887 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
1888 	MIPS_SYS(sys_munmap	, 2)
1889 	MIPS_SYS(sys_truncate	, 2)
1890 	MIPS_SYS(sys_ftruncate	, 2)
1891 	MIPS_SYS(sys_fchmod	, 2)
1892 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
1893 	MIPS_SYS(sys_getpriority	, 2)
1894 	MIPS_SYS(sys_setpriority	, 3)
1895 	MIPS_SYS(sys_ni_syscall	, 0)
1896 	MIPS_SYS(sys_statfs	, 2)
1897 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
1898 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
1899 	MIPS_SYS(sys_socketcall	, 2)
1900 	MIPS_SYS(sys_syslog	, 3)
1901 	MIPS_SYS(sys_setitimer	, 3)
1902 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
1903 	MIPS_SYS(sys_newstat	, 2)
1904 	MIPS_SYS(sys_newlstat	, 2)
1905 	MIPS_SYS(sys_newfstat	, 2)
1906 	MIPS_SYS(sys_uname	, 1)
1907 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
1908 	MIPS_SYS(sys_vhangup	, 0)
1909 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
1910 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
1911 	MIPS_SYS(sys_wait4	, 4)
1912 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
1913 	MIPS_SYS(sys_sysinfo	, 1)
1914 	MIPS_SYS(sys_ipc		, 6)
1915 	MIPS_SYS(sys_fsync	, 1)
1916 	MIPS_SYS(sys_sigreturn	, 0)
1917 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
1918 	MIPS_SYS(sys_setdomainname, 2)
1919 	MIPS_SYS(sys_newuname	, 1)
1920 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
1921 	MIPS_SYS(sys_adjtimex	, 1)
1922 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
1923 	MIPS_SYS(sys_sigprocmask	, 3)
1924 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
1925 	MIPS_SYS(sys_init_module	, 5)
1926 	MIPS_SYS(sys_delete_module, 1)
1927 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
1928 	MIPS_SYS(sys_quotactl	, 0)
1929 	MIPS_SYS(sys_getpgid	, 1)
1930 	MIPS_SYS(sys_fchdir	, 1)
1931 	MIPS_SYS(sys_bdflush	, 2)
1932 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
1933 	MIPS_SYS(sys_personality	, 1)
1934 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
1935 	MIPS_SYS(sys_setfsuid	, 1)
1936 	MIPS_SYS(sys_setfsgid	, 1)
1937 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
1938 	MIPS_SYS(sys_getdents	, 3)
1939 	MIPS_SYS(sys_select	, 5)
1940 	MIPS_SYS(sys_flock	, 2)
1941 	MIPS_SYS(sys_msync	, 3)
1942 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
1943 	MIPS_SYS(sys_writev	, 3)
1944 	MIPS_SYS(sys_cacheflush	, 3)
1945 	MIPS_SYS(sys_cachectl	, 3)
1946 	MIPS_SYS(sys_sysmips	, 4)
1947 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
1948 	MIPS_SYS(sys_getsid	, 1)
1949 	MIPS_SYS(sys_fdatasync	, 0)
1950 	MIPS_SYS(sys_sysctl	, 1)
1951 	MIPS_SYS(sys_mlock	, 2)
1952 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
1953 	MIPS_SYS(sys_mlockall	, 1)
1954 	MIPS_SYS(sys_munlockall	, 0)
1955 	MIPS_SYS(sys_sched_setparam, 2)
1956 	MIPS_SYS(sys_sched_getparam, 2)
1957 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
1958 	MIPS_SYS(sys_sched_getscheduler, 1)
1959 	MIPS_SYS(sys_sched_yield	, 0)
1960 	MIPS_SYS(sys_sched_get_priority_max, 1)
1961 	MIPS_SYS(sys_sched_get_priority_min, 1)
1962 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
1963 	MIPS_SYS(sys_nanosleep,	2)
1964 	MIPS_SYS(sys_mremap	, 5)
1965 	MIPS_SYS(sys_accept	, 3)
1966 	MIPS_SYS(sys_bind	, 3)
1967 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
1968 	MIPS_SYS(sys_getpeername	, 3)
1969 	MIPS_SYS(sys_getsockname	, 3)
1970 	MIPS_SYS(sys_getsockopt	, 5)
1971 	MIPS_SYS(sys_listen	, 2)
1972 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
1973 	MIPS_SYS(sys_recvfrom	, 6)
1974 	MIPS_SYS(sys_recvmsg	, 3)
1975 	MIPS_SYS(sys_send	, 4)
1976 	MIPS_SYS(sys_sendmsg	, 3)
1977 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
1978 	MIPS_SYS(sys_setsockopt	, 5)
1979 	MIPS_SYS(sys_shutdown	, 2)
1980 	MIPS_SYS(sys_socket	, 3)
1981 	MIPS_SYS(sys_socketpair	, 4)
1982 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
1983 	MIPS_SYS(sys_getresuid	, 3)
1984 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
1985 	MIPS_SYS(sys_poll	, 3)
1986 	MIPS_SYS(sys_nfsservctl	, 3)
1987 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
1988 	MIPS_SYS(sys_getresgid	, 3)
1989 	MIPS_SYS(sys_prctl	, 5)
1990 	MIPS_SYS(sys_rt_sigreturn, 0)
1991 	MIPS_SYS(sys_rt_sigaction, 4)
1992 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
1993 	MIPS_SYS(sys_rt_sigpending, 2)
1994 	MIPS_SYS(sys_rt_sigtimedwait, 4)
1995 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
1996 	MIPS_SYS(sys_rt_sigsuspend, 0)
1997 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
1998 	MIPS_SYS(sys_pwrite64	, 6)
1999 	MIPS_SYS(sys_chown	, 3)
2000 	MIPS_SYS(sys_getcwd	, 2)
2001 	MIPS_SYS(sys_capget	, 2)
2002 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
2003 	MIPS_SYS(sys_sigaltstack	, 2)
2004 	MIPS_SYS(sys_sendfile	, 4)
2005 	MIPS_SYS(sys_ni_syscall	, 0)
2006 	MIPS_SYS(sys_ni_syscall	, 0)
2007 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
2008 	MIPS_SYS(sys_truncate64	, 4)
2009 	MIPS_SYS(sys_ftruncate64	, 4)
2010 	MIPS_SYS(sys_stat64	, 2)
2011 	MIPS_SYS(sys_lstat64	, 2)
2012 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
2013 	MIPS_SYS(sys_pivot_root	, 2)
2014 	MIPS_SYS(sys_mincore	, 3)
2015 	MIPS_SYS(sys_madvise	, 3)
2016 	MIPS_SYS(sys_getdents64	, 3)
2017 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
2018 	MIPS_SYS(sys_ni_syscall	, 0)
2019 	MIPS_SYS(sys_gettid	, 0)
2020 	MIPS_SYS(sys_readahead	, 5)
2021 	MIPS_SYS(sys_setxattr	, 5)
2022 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
2023 	MIPS_SYS(sys_fsetxattr	, 5)
2024 	MIPS_SYS(sys_getxattr	, 4)
2025 	MIPS_SYS(sys_lgetxattr	, 4)
2026 	MIPS_SYS(sys_fgetxattr	, 4)
2027 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
2028 	MIPS_SYS(sys_llistxattr	, 3)
2029 	MIPS_SYS(sys_flistxattr	, 3)
2030 	MIPS_SYS(sys_removexattr	, 2)
2031 	MIPS_SYS(sys_lremovexattr, 2)
2032 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
2033 	MIPS_SYS(sys_tkill	, 2)
2034 	MIPS_SYS(sys_sendfile64	, 5)
2035 	MIPS_SYS(sys_futex	, 6)
2036 	MIPS_SYS(sys_sched_setaffinity, 3)
2037 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
2038 	MIPS_SYS(sys_io_setup	, 2)
2039 	MIPS_SYS(sys_io_destroy	, 1)
2040 	MIPS_SYS(sys_io_getevents, 5)
2041 	MIPS_SYS(sys_io_submit	, 3)
2042 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
2043 	MIPS_SYS(sys_exit_group	, 1)
2044 	MIPS_SYS(sys_lookup_dcookie, 3)
2045 	MIPS_SYS(sys_epoll_create, 1)
2046 	MIPS_SYS(sys_epoll_ctl	, 4)
2047 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
2048 	MIPS_SYS(sys_remap_file_pages, 5)
2049 	MIPS_SYS(sys_set_tid_address, 1)
2050 	MIPS_SYS(sys_restart_syscall, 0)
2051 	MIPS_SYS(sys_fadvise64_64, 7)
2052 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
2053 	MIPS_SYS(sys_fstatfs64	, 2)
2054 	MIPS_SYS(sys_timer_create, 3)
2055 	MIPS_SYS(sys_timer_settime, 4)
2056 	MIPS_SYS(sys_timer_gettime, 2)
2057 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
2058 	MIPS_SYS(sys_timer_delete, 1)
2059 	MIPS_SYS(sys_clock_settime, 2)
2060 	MIPS_SYS(sys_clock_gettime, 2)
2061 	MIPS_SYS(sys_clock_getres, 2)
2062 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
2063 	MIPS_SYS(sys_tgkill	, 3)
2064 	MIPS_SYS(sys_utimes	, 2)
2065 	MIPS_SYS(sys_mbind	, 4)
2066 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
2067 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
2068 	MIPS_SYS(sys_mq_open	, 4)
2069 	MIPS_SYS(sys_mq_unlink	, 1)
2070 	MIPS_SYS(sys_mq_timedsend, 5)
2071 	MIPS_SYS(sys_mq_timedreceive, 5)
2072 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
2073 	MIPS_SYS(sys_mq_getsetattr, 3)
2074 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
2075 	MIPS_SYS(sys_waitid	, 4)
2076 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
2077 	MIPS_SYS(sys_add_key	, 5)
2078 	MIPS_SYS(sys_request_key, 4)
2079 	MIPS_SYS(sys_keyctl	, 5)
2080 	MIPS_SYS(sys_set_thread_area, 1)
2081 	MIPS_SYS(sys_inotify_init, 0)
2082 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
2083 	MIPS_SYS(sys_inotify_rm_watch, 2)
2084 	MIPS_SYS(sys_migrate_pages, 4)
2085 	MIPS_SYS(sys_openat, 4)
2086 	MIPS_SYS(sys_mkdirat, 3)
2087 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
2088 	MIPS_SYS(sys_fchownat, 5)
2089 	MIPS_SYS(sys_futimesat, 3)
2090 	MIPS_SYS(sys_fstatat64, 4)
2091 	MIPS_SYS(sys_unlinkat, 3)
2092 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
2093 	MIPS_SYS(sys_linkat, 5)
2094 	MIPS_SYS(sys_symlinkat, 3)
2095 	MIPS_SYS(sys_readlinkat, 4)
2096 	MIPS_SYS(sys_fchmodat, 3)
2097 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
2098 	MIPS_SYS(sys_pselect6, 6)
2099 	MIPS_SYS(sys_ppoll, 5)
2100 	MIPS_SYS(sys_unshare, 1)
2101 	MIPS_SYS(sys_splice, 6)
2102 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
2103 	MIPS_SYS(sys_tee, 4)
2104 	MIPS_SYS(sys_vmsplice, 4)
2105 	MIPS_SYS(sys_move_pages, 6)
2106 	MIPS_SYS(sys_set_robust_list, 2)
2107 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
2108 	MIPS_SYS(sys_kexec_load, 4)
2109 	MIPS_SYS(sys_getcpu, 3)
2110 	MIPS_SYS(sys_epoll_pwait, 6)
2111 	MIPS_SYS(sys_ioprio_set, 3)
2112 	MIPS_SYS(sys_ioprio_get, 2)
2113         MIPS_SYS(sys_utimensat, 4)
2114         MIPS_SYS(sys_signalfd, 3)
2115         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
2116         MIPS_SYS(sys_eventfd, 1)
2117         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
2118         MIPS_SYS(sys_timerfd_create, 2)
2119         MIPS_SYS(sys_timerfd_gettime, 2)
2120         MIPS_SYS(sys_timerfd_settime, 4)
2121         MIPS_SYS(sys_signalfd4, 4)
2122         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
2123         MIPS_SYS(sys_epoll_create1, 1)
2124         MIPS_SYS(sys_dup3, 3)
2125         MIPS_SYS(sys_pipe2, 2)
2126         MIPS_SYS(sys_inotify_init1, 1)
2127         MIPS_SYS(sys_preadv, 5)         /* 4330 */
2128         MIPS_SYS(sys_pwritev, 5)
2129         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
2130         MIPS_SYS(sys_perf_event_open, 5)
2131         MIPS_SYS(sys_accept4, 4)
2132         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
2133         MIPS_SYS(sys_fanotify_init, 2)
2134         MIPS_SYS(sys_fanotify_mark, 6)
2135         MIPS_SYS(sys_prlimit64, 4)
2136         MIPS_SYS(sys_name_to_handle_at, 5)
2137         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
2138         MIPS_SYS(sys_clock_adjtime, 2)
2139         MIPS_SYS(sys_syncfs, 1)
2140         MIPS_SYS(sys_sendmmsg, 4)
2141         MIPS_SYS(sys_setns, 2)
2142         MIPS_SYS(sys_process_vm_readv, 6) /* 345 */
2143         MIPS_SYS(sys_process_vm_writev, 6)
2144         MIPS_SYS(sys_kcmp, 5)
2145         MIPS_SYS(sys_finit_module, 3)
2146         MIPS_SYS(sys_sched_setattr, 2)
2147         MIPS_SYS(sys_sched_getattr, 3)  /* 350 */
2148         MIPS_SYS(sys_renameat2, 5)
2149         MIPS_SYS(sys_seccomp, 3)
2150         MIPS_SYS(sys_getrandom, 3)
2151         MIPS_SYS(sys_memfd_create, 2)
2152         MIPS_SYS(sys_bpf, 3)            /* 355 */
2153         MIPS_SYS(sys_execveat, 5)
2154         MIPS_SYS(sys_userfaultfd, 1)
2155         MIPS_SYS(sys_membarrier, 2)
2156         MIPS_SYS(sys_mlock2, 3)
2157         MIPS_SYS(sys_copy_file_range, 6) /* 360 */
2158         MIPS_SYS(sys_preadv2, 6)
2159         MIPS_SYS(sys_pwritev2, 6)
2160 };
2161 #  undef MIPS_SYS
2162 # endif /* O32 */
2163 
2164 static int do_store_exclusive(CPUMIPSState *env)
2165 {
2166     target_ulong addr;
2167     target_ulong page_addr;
2168     target_ulong val;
2169     int flags;
2170     int segv = 0;
2171     int reg;
2172     int d;
2173 
2174     addr = env->lladdr;
2175     page_addr = addr & TARGET_PAGE_MASK;
2176     start_exclusive();
2177     mmap_lock();
2178     flags = page_get_flags(page_addr);
2179     if ((flags & PAGE_READ) == 0) {
2180         segv = 1;
2181     } else {
2182         reg = env->llreg & 0x1f;
2183         d = (env->llreg & 0x20) != 0;
2184         if (d) {
2185             segv = get_user_s64(val, addr);
2186         } else {
2187             segv = get_user_s32(val, addr);
2188         }
2189         if (!segv) {
2190             if (val != env->llval) {
2191                 env->active_tc.gpr[reg] = 0;
2192             } else {
2193                 if (d) {
2194                     segv = put_user_u64(env->llnewval, addr);
2195                 } else {
2196                     segv = put_user_u32(env->llnewval, addr);
2197                 }
2198                 if (!segv) {
2199                     env->active_tc.gpr[reg] = 1;
2200                 }
2201             }
2202         }
2203     }
2204     env->lladdr = -1;
2205     if (!segv) {
2206         env->active_tc.PC += 4;
2207     }
2208     mmap_unlock();
2209     end_exclusive();
2210     return segv;
2211 }
2212 
2213 /* Break codes */
2214 enum {
2215     BRK_OVERFLOW = 6,
2216     BRK_DIVZERO = 7
2217 };
2218 
2219 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
2220                     unsigned int code)
2221 {
2222     int ret = -1;
2223 
2224     switch (code) {
2225     case BRK_OVERFLOW:
2226     case BRK_DIVZERO:
2227         info->si_signo = TARGET_SIGFPE;
2228         info->si_errno = 0;
2229         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
2230         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2231         ret = 0;
2232         break;
2233     default:
2234         info->si_signo = TARGET_SIGTRAP;
2235         info->si_errno = 0;
2236         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2237         ret = 0;
2238         break;
2239     }
2240 
2241     return ret;
2242 }
2243 
2244 void cpu_loop(CPUMIPSState *env)
2245 {
2246     CPUState *cs = CPU(mips_env_get_cpu(env));
2247     target_siginfo_t info;
2248     int trapnr;
2249     abi_long ret;
2250 # ifdef TARGET_ABI_MIPSO32
2251     unsigned int syscall_num;
2252 # endif
2253 
2254     for(;;) {
2255         cpu_exec_start(cs);
2256         trapnr = cpu_exec(cs);
2257         cpu_exec_end(cs);
2258         process_queued_cpu_work(cs);
2259 
2260         switch(trapnr) {
2261         case EXCP_SYSCALL:
2262             env->active_tc.PC += 4;
2263 # ifdef TARGET_ABI_MIPSO32
2264             syscall_num = env->active_tc.gpr[2] - 4000;
2265             if (syscall_num >= sizeof(mips_syscall_args)) {
2266                 ret = -TARGET_ENOSYS;
2267             } else {
2268                 int nb_args;
2269                 abi_ulong sp_reg;
2270                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
2271 
2272                 nb_args = mips_syscall_args[syscall_num];
2273                 sp_reg = env->active_tc.gpr[29];
2274                 switch (nb_args) {
2275                 /* these arguments are taken from the stack */
2276                 case 8:
2277                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
2278                         goto done_syscall;
2279                     }
2280                 case 7:
2281                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
2282                         goto done_syscall;
2283                     }
2284                 case 6:
2285                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
2286                         goto done_syscall;
2287                     }
2288                 case 5:
2289                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
2290                         goto done_syscall;
2291                     }
2292                 default:
2293                     break;
2294                 }
2295                 ret = do_syscall(env, env->active_tc.gpr[2],
2296                                  env->active_tc.gpr[4],
2297                                  env->active_tc.gpr[5],
2298                                  env->active_tc.gpr[6],
2299                                  env->active_tc.gpr[7],
2300                                  arg5, arg6, arg7, arg8);
2301             }
2302 done_syscall:
2303 # else
2304             ret = do_syscall(env, env->active_tc.gpr[2],
2305                              env->active_tc.gpr[4], env->active_tc.gpr[5],
2306                              env->active_tc.gpr[6], env->active_tc.gpr[7],
2307                              env->active_tc.gpr[8], env->active_tc.gpr[9],
2308                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
2309 # endif /* O32 */
2310             if (ret == -TARGET_ERESTARTSYS) {
2311                 env->active_tc.PC -= 4;
2312                 break;
2313             }
2314             if (ret == -TARGET_QEMU_ESIGRETURN) {
2315                 /* Returning from a successful sigreturn syscall.
2316                    Avoid clobbering register state.  */
2317                 break;
2318             }
2319             if ((abi_ulong)ret >= (abi_ulong)-1133) {
2320                 env->active_tc.gpr[7] = 1; /* error flag */
2321                 ret = -ret;
2322             } else {
2323                 env->active_tc.gpr[7] = 0; /* error flag */
2324             }
2325             env->active_tc.gpr[2] = ret;
2326             break;
2327         case EXCP_TLBL:
2328         case EXCP_TLBS:
2329         case EXCP_AdEL:
2330         case EXCP_AdES:
2331             info.si_signo = TARGET_SIGSEGV;
2332             info.si_errno = 0;
2333             /* XXX: check env->error_code */
2334             info.si_code = TARGET_SEGV_MAPERR;
2335             info._sifields._sigfault._addr = env->CP0_BadVAddr;
2336             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2337             break;
2338         case EXCP_CpU:
2339         case EXCP_RI:
2340             info.si_signo = TARGET_SIGILL;
2341             info.si_errno = 0;
2342             info.si_code = 0;
2343             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2344             break;
2345         case EXCP_INTERRUPT:
2346             /* just indicate that signals should be handled asap */
2347             break;
2348         case EXCP_DEBUG:
2349             {
2350                 int sig;
2351 
2352                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2353                 if (sig)
2354                   {
2355                     info.si_signo = sig;
2356                     info.si_errno = 0;
2357                     info.si_code = TARGET_TRAP_BRKPT;
2358                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2359                   }
2360             }
2361             break;
2362         case EXCP_SC:
2363             if (do_store_exclusive(env)) {
2364                 info.si_signo = TARGET_SIGSEGV;
2365                 info.si_errno = 0;
2366                 info.si_code = TARGET_SEGV_MAPERR;
2367                 info._sifields._sigfault._addr = env->active_tc.PC;
2368                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2369             }
2370             break;
2371         case EXCP_DSPDIS:
2372             info.si_signo = TARGET_SIGILL;
2373             info.si_errno = 0;
2374             info.si_code = TARGET_ILL_ILLOPC;
2375             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2376             break;
2377         /* The code below was inspired by the MIPS Linux kernel trap
2378          * handling code in arch/mips/kernel/traps.c.
2379          */
2380         case EXCP_BREAK:
2381             {
2382                 abi_ulong trap_instr;
2383                 unsigned int code;
2384 
2385                 if (env->hflags & MIPS_HFLAG_M16) {
2386                     if (env->insn_flags & ASE_MICROMIPS) {
2387                         /* microMIPS mode */
2388                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2389                         if (ret != 0) {
2390                             goto error;
2391                         }
2392 
2393                         if ((trap_instr >> 10) == 0x11) {
2394                             /* 16-bit instruction */
2395                             code = trap_instr & 0xf;
2396                         } else {
2397                             /* 32-bit instruction */
2398                             abi_ulong instr_lo;
2399 
2400                             ret = get_user_u16(instr_lo,
2401                                                env->active_tc.PC + 2);
2402                             if (ret != 0) {
2403                                 goto error;
2404                             }
2405                             trap_instr = (trap_instr << 16) | instr_lo;
2406                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
2407                             /* Unfortunately, microMIPS also suffers from
2408                                the old assembler bug...  */
2409                             if (code >= (1 << 10)) {
2410                                 code >>= 10;
2411                             }
2412                         }
2413                     } else {
2414                         /* MIPS16e mode */
2415                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2416                         if (ret != 0) {
2417                             goto error;
2418                         }
2419                         code = (trap_instr >> 6) & 0x3f;
2420                     }
2421                 } else {
2422                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2423                     if (ret != 0) {
2424                         goto error;
2425                     }
2426 
2427                     /* As described in the original Linux kernel code, the
2428                      * below checks on 'code' are to work around an old
2429                      * assembly bug.
2430                      */
2431                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
2432                     if (code >= (1 << 10)) {
2433                         code >>= 10;
2434                     }
2435                 }
2436 
2437                 if (do_break(env, &info, code) != 0) {
2438                     goto error;
2439                 }
2440             }
2441             break;
2442         case EXCP_TRAP:
2443             {
2444                 abi_ulong trap_instr;
2445                 unsigned int code = 0;
2446 
2447                 if (env->hflags & MIPS_HFLAG_M16) {
2448                     /* microMIPS mode */
2449                     abi_ulong instr[2];
2450 
2451                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
2452                           get_user_u16(instr[1], env->active_tc.PC + 2);
2453 
2454                     trap_instr = (instr[0] << 16) | instr[1];
2455                 } else {
2456                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2457                 }
2458 
2459                 if (ret != 0) {
2460                     goto error;
2461                 }
2462 
2463                 /* The immediate versions don't provide a code.  */
2464                 if (!(trap_instr & 0xFC000000)) {
2465                     if (env->hflags & MIPS_HFLAG_M16) {
2466                         /* microMIPS mode */
2467                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
2468                     } else {
2469                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
2470                     }
2471                 }
2472 
2473                 if (do_break(env, &info, code) != 0) {
2474                     goto error;
2475                 }
2476             }
2477             break;
2478         case EXCP_ATOMIC:
2479             cpu_exec_step_atomic(cs);
2480             break;
2481         default:
2482 error:
2483             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
2484             abort();
2485         }
2486         process_pending_signals(env);
2487     }
2488 }
2489 #endif
2490 
2491 #ifdef TARGET_NIOS2
2492 
2493 void cpu_loop(CPUNios2State *env)
2494 {
2495     CPUState *cs = ENV_GET_CPU(env);
2496     Nios2CPU *cpu = NIOS2_CPU(cs);
2497     target_siginfo_t info;
2498     int trapnr, gdbsig, ret;
2499 
2500     for (;;) {
2501         cpu_exec_start(cs);
2502         trapnr = cpu_exec(cs);
2503         cpu_exec_end(cs);
2504         gdbsig = 0;
2505 
2506         switch (trapnr) {
2507         case EXCP_INTERRUPT:
2508             /* just indicate that signals should be handled asap */
2509             break;
2510         case EXCP_TRAP:
2511             if (env->regs[R_AT] == 0) {
2512                 abi_long ret;
2513                 qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
2514 
2515                 ret = do_syscall(env, env->regs[2],
2516                                  env->regs[4], env->regs[5], env->regs[6],
2517                                  env->regs[7], env->regs[8], env->regs[9],
2518                                  0, 0);
2519 
2520                 if (env->regs[2] == 0) {    /* FIXME: syscall 0 workaround */
2521                     ret = 0;
2522                 }
2523 
2524                 env->regs[2] = abs(ret);
2525                 /* Return value is 0..4096 */
2526                 env->regs[7] = (ret > 0xfffffffffffff000ULL);
2527                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2528                 env->regs[CR_STATUS] &= ~0x3;
2529                 env->regs[R_EA] = env->regs[R_PC] + 4;
2530                 env->regs[R_PC] += 4;
2531                 break;
2532             } else {
2533                 qemu_log_mask(CPU_LOG_INT, "\nTrap\n");
2534 
2535                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2536                 env->regs[CR_STATUS] &= ~0x3;
2537                 env->regs[R_EA] = env->regs[R_PC] + 4;
2538                 env->regs[R_PC] = cpu->exception_addr;
2539 
2540                 gdbsig = TARGET_SIGTRAP;
2541                 break;
2542             }
2543         case 0xaa:
2544             switch (env->regs[R_PC]) {
2545             /*case 0x1000:*/  /* TODO:__kuser_helper_version */
2546             case 0x1004:      /* __kuser_cmpxchg */
2547                 start_exclusive();
2548                 if (env->regs[4] & 0x3) {
2549                     goto kuser_fail;
2550                 }
2551                 ret = get_user_u32(env->regs[2], env->regs[4]);
2552                 if (ret) {
2553                     end_exclusive();
2554                     goto kuser_fail;
2555                 }
2556                 env->regs[2] -= env->regs[5];
2557                 if (env->regs[2] == 0) {
2558                     put_user_u32(env->regs[6], env->regs[4]);
2559                 }
2560                 end_exclusive();
2561                 env->regs[R_PC] = env->regs[R_RA];
2562                 break;
2563             /*case 0x1040:*/  /* TODO:__kuser_sigtramp */
2564             default:
2565                 ;
2566 kuser_fail:
2567                 info.si_signo = TARGET_SIGSEGV;
2568                 info.si_errno = 0;
2569                 /* TODO: check env->error_code */
2570                 info.si_code = TARGET_SEGV_MAPERR;
2571                 info._sifields._sigfault._addr = env->regs[R_PC];
2572                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2573             }
2574             break;
2575         default:
2576             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
2577                      trapnr);
2578             gdbsig = TARGET_SIGILL;
2579             break;
2580         }
2581         if (gdbsig) {
2582             gdb_handlesig(cs, gdbsig);
2583             if (gdbsig != TARGET_SIGTRAP) {
2584                 exit(EXIT_FAILURE);
2585             }
2586         }
2587 
2588         process_pending_signals(env);
2589     }
2590 }
2591 
2592 #endif /* TARGET_NIOS2 */
2593 
2594 #ifdef TARGET_OPENRISC
2595 
2596 void cpu_loop(CPUOpenRISCState *env)
2597 {
2598     CPUState *cs = CPU(openrisc_env_get_cpu(env));
2599     int trapnr;
2600     abi_long ret;
2601     target_siginfo_t info;
2602 
2603     for (;;) {
2604         cpu_exec_start(cs);
2605         trapnr = cpu_exec(cs);
2606         cpu_exec_end(cs);
2607         process_queued_cpu_work(cs);
2608 
2609         switch (trapnr) {
2610         case EXCP_SYSCALL:
2611             env->pc += 4;   /* 0xc00; */
2612             ret = do_syscall(env,
2613                              cpu_get_gpr(env, 11), /* return value       */
2614                              cpu_get_gpr(env, 3),  /* r3 - r7 are params */
2615                              cpu_get_gpr(env, 4),
2616                              cpu_get_gpr(env, 5),
2617                              cpu_get_gpr(env, 6),
2618                              cpu_get_gpr(env, 7),
2619                              cpu_get_gpr(env, 8), 0, 0);
2620             if (ret == -TARGET_ERESTARTSYS) {
2621                 env->pc -= 4;
2622             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2623                 cpu_set_gpr(env, 11, ret);
2624             }
2625             break;
2626         case EXCP_DPF:
2627         case EXCP_IPF:
2628         case EXCP_RANGE:
2629             info.si_signo = TARGET_SIGSEGV;
2630             info.si_errno = 0;
2631             info.si_code = TARGET_SEGV_MAPERR;
2632             info._sifields._sigfault._addr = env->pc;
2633             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2634             break;
2635         case EXCP_ALIGN:
2636             info.si_signo = TARGET_SIGBUS;
2637             info.si_errno = 0;
2638             info.si_code = TARGET_BUS_ADRALN;
2639             info._sifields._sigfault._addr = env->pc;
2640             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2641             break;
2642         case EXCP_ILLEGAL:
2643             info.si_signo = TARGET_SIGILL;
2644             info.si_errno = 0;
2645             info.si_code = TARGET_ILL_ILLOPC;
2646             info._sifields._sigfault._addr = env->pc;
2647             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2648             break;
2649         case EXCP_FPE:
2650             info.si_signo = TARGET_SIGFPE;
2651             info.si_errno = 0;
2652             info.si_code = 0;
2653             info._sifields._sigfault._addr = env->pc;
2654             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2655             break;
2656         case EXCP_INTERRUPT:
2657             /* We processed the pending cpu work above.  */
2658             break;
2659         case EXCP_DEBUG:
2660             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
2661             if (trapnr) {
2662                 info.si_signo = trapnr;
2663                 info.si_errno = 0;
2664                 info.si_code = TARGET_TRAP_BRKPT;
2665                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2666             }
2667             break;
2668         case EXCP_ATOMIC:
2669             cpu_exec_step_atomic(cs);
2670             break;
2671         default:
2672             g_assert_not_reached();
2673         }
2674         process_pending_signals(env);
2675     }
2676 }
2677 
2678 #endif /* TARGET_OPENRISC */
2679 
2680 #ifdef TARGET_SH4
2681 void cpu_loop(CPUSH4State *env)
2682 {
2683     CPUState *cs = CPU(sh_env_get_cpu(env));
2684     int trapnr, ret;
2685     target_siginfo_t info;
2686 
2687     while (1) {
2688         bool arch_interrupt = true;
2689 
2690         cpu_exec_start(cs);
2691         trapnr = cpu_exec(cs);
2692         cpu_exec_end(cs);
2693         process_queued_cpu_work(cs);
2694 
2695         switch (trapnr) {
2696         case 0x160:
2697             env->pc += 2;
2698             ret = do_syscall(env,
2699                              env->gregs[3],
2700                              env->gregs[4],
2701                              env->gregs[5],
2702                              env->gregs[6],
2703                              env->gregs[7],
2704                              env->gregs[0],
2705                              env->gregs[1],
2706                              0, 0);
2707             if (ret == -TARGET_ERESTARTSYS) {
2708                 env->pc -= 2;
2709             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2710                 env->gregs[0] = ret;
2711             }
2712             break;
2713         case EXCP_INTERRUPT:
2714             /* just indicate that signals should be handled asap */
2715             break;
2716         case EXCP_DEBUG:
2717             {
2718                 int sig;
2719 
2720                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2721                 if (sig) {
2722                     info.si_signo = sig;
2723                     info.si_errno = 0;
2724                     info.si_code = TARGET_TRAP_BRKPT;
2725                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2726                 } else {
2727                     arch_interrupt = false;
2728                 }
2729             }
2730             break;
2731 	case 0xa0:
2732 	case 0xc0:
2733             info.si_signo = TARGET_SIGSEGV;
2734             info.si_errno = 0;
2735             info.si_code = TARGET_SEGV_MAPERR;
2736             info._sifields._sigfault._addr = env->tea;
2737             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2738 	    break;
2739         case EXCP_ATOMIC:
2740             cpu_exec_step_atomic(cs);
2741             arch_interrupt = false;
2742             break;
2743         default:
2744             printf ("Unhandled trap: 0x%x\n", trapnr);
2745             cpu_dump_state(cs, stderr, fprintf, 0);
2746             exit(EXIT_FAILURE);
2747         }
2748         process_pending_signals (env);
2749 
2750         /* Most of the traps imply an exception or interrupt, which
2751            implies an REI instruction has been executed.  Which means
2752            that LDST (aka LOK_ADDR) should be cleared.  But there are
2753            a few exceptions for traps internal to QEMU.  */
2754         if (arch_interrupt) {
2755             env->lock_addr = -1;
2756         }
2757     }
2758 }
2759 #endif
2760 
2761 #ifdef TARGET_CRIS
2762 void cpu_loop(CPUCRISState *env)
2763 {
2764     CPUState *cs = CPU(cris_env_get_cpu(env));
2765     int trapnr, ret;
2766     target_siginfo_t info;
2767 
2768     while (1) {
2769         cpu_exec_start(cs);
2770         trapnr = cpu_exec(cs);
2771         cpu_exec_end(cs);
2772         process_queued_cpu_work(cs);
2773 
2774         switch (trapnr) {
2775         case 0xaa:
2776             {
2777                 info.si_signo = TARGET_SIGSEGV;
2778                 info.si_errno = 0;
2779                 /* XXX: check env->error_code */
2780                 info.si_code = TARGET_SEGV_MAPERR;
2781                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
2782                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2783             }
2784             break;
2785 	case EXCP_INTERRUPT:
2786 	  /* just indicate that signals should be handled asap */
2787 	  break;
2788         case EXCP_BREAK:
2789             ret = do_syscall(env,
2790                              env->regs[9],
2791                              env->regs[10],
2792                              env->regs[11],
2793                              env->regs[12],
2794                              env->regs[13],
2795                              env->pregs[7],
2796                              env->pregs[11],
2797                              0, 0);
2798             if (ret == -TARGET_ERESTARTSYS) {
2799                 env->pc -= 2;
2800             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2801                 env->regs[10] = ret;
2802             }
2803             break;
2804         case EXCP_DEBUG:
2805             {
2806                 int sig;
2807 
2808                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2809                 if (sig)
2810                   {
2811                     info.si_signo = sig;
2812                     info.si_errno = 0;
2813                     info.si_code = TARGET_TRAP_BRKPT;
2814                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2815                   }
2816             }
2817             break;
2818         case EXCP_ATOMIC:
2819             cpu_exec_step_atomic(cs);
2820             break;
2821         default:
2822             printf ("Unhandled trap: 0x%x\n", trapnr);
2823             cpu_dump_state(cs, stderr, fprintf, 0);
2824             exit(EXIT_FAILURE);
2825         }
2826         process_pending_signals (env);
2827     }
2828 }
2829 #endif
2830 
2831 #ifdef TARGET_MICROBLAZE
2832 void cpu_loop(CPUMBState *env)
2833 {
2834     CPUState *cs = CPU(mb_env_get_cpu(env));
2835     int trapnr, ret;
2836     target_siginfo_t info;
2837 
2838     while (1) {
2839         cpu_exec_start(cs);
2840         trapnr = cpu_exec(cs);
2841         cpu_exec_end(cs);
2842         process_queued_cpu_work(cs);
2843 
2844         switch (trapnr) {
2845         case 0xaa:
2846             {
2847                 info.si_signo = TARGET_SIGSEGV;
2848                 info.si_errno = 0;
2849                 /* XXX: check env->error_code */
2850                 info.si_code = TARGET_SEGV_MAPERR;
2851                 info._sifields._sigfault._addr = 0;
2852                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2853             }
2854             break;
2855 	case EXCP_INTERRUPT:
2856 	  /* just indicate that signals should be handled asap */
2857 	  break;
2858         case EXCP_BREAK:
2859             /* Return address is 4 bytes after the call.  */
2860             env->regs[14] += 4;
2861             env->sregs[SR_PC] = env->regs[14];
2862             ret = do_syscall(env,
2863                              env->regs[12],
2864                              env->regs[5],
2865                              env->regs[6],
2866                              env->regs[7],
2867                              env->regs[8],
2868                              env->regs[9],
2869                              env->regs[10],
2870                              0, 0);
2871             if (ret == -TARGET_ERESTARTSYS) {
2872                 /* Wind back to before the syscall. */
2873                 env->sregs[SR_PC] -= 4;
2874             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2875                 env->regs[3] = ret;
2876             }
2877             /* All syscall exits result in guest r14 being equal to the
2878              * PC we return to, because the kernel syscall exit "rtbd" does
2879              * this. (This is true even for sigreturn(); note that r14 is
2880              * not a userspace-usable register, as the kernel may clobber it
2881              * at any point.)
2882              */
2883             env->regs[14] = env->sregs[SR_PC];
2884             break;
2885         case EXCP_HW_EXCP:
2886             env->regs[17] = env->sregs[SR_PC] + 4;
2887             if (env->iflags & D_FLAG) {
2888                 env->sregs[SR_ESR] |= 1 << 12;
2889                 env->sregs[SR_PC] -= 4;
2890                 /* FIXME: if branch was immed, replay the imm as well.  */
2891             }
2892 
2893             env->iflags &= ~(IMM_FLAG | D_FLAG);
2894 
2895             switch (env->sregs[SR_ESR] & 31) {
2896                 case ESR_EC_DIVZERO:
2897                     info.si_signo = TARGET_SIGFPE;
2898                     info.si_errno = 0;
2899                     info.si_code = TARGET_FPE_FLTDIV;
2900                     info._sifields._sigfault._addr = 0;
2901                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2902                     break;
2903                 case ESR_EC_FPU:
2904                     info.si_signo = TARGET_SIGFPE;
2905                     info.si_errno = 0;
2906                     if (env->sregs[SR_FSR] & FSR_IO) {
2907                         info.si_code = TARGET_FPE_FLTINV;
2908                     }
2909                     if (env->sregs[SR_FSR] & FSR_DZ) {
2910                         info.si_code = TARGET_FPE_FLTDIV;
2911                     }
2912                     info._sifields._sigfault._addr = 0;
2913                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2914                     break;
2915                 default:
2916                     printf ("Unhandled hw-exception: 0x%x\n",
2917                             env->sregs[SR_ESR] & ESR_EC_MASK);
2918                     cpu_dump_state(cs, stderr, fprintf, 0);
2919                     exit(EXIT_FAILURE);
2920                     break;
2921             }
2922             break;
2923         case EXCP_DEBUG:
2924             {
2925                 int sig;
2926 
2927                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2928                 if (sig)
2929                   {
2930                     info.si_signo = sig;
2931                     info.si_errno = 0;
2932                     info.si_code = TARGET_TRAP_BRKPT;
2933                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2934                   }
2935             }
2936             break;
2937         case EXCP_ATOMIC:
2938             cpu_exec_step_atomic(cs);
2939             break;
2940         default:
2941             printf ("Unhandled trap: 0x%x\n", trapnr);
2942             cpu_dump_state(cs, stderr, fprintf, 0);
2943             exit(EXIT_FAILURE);
2944         }
2945         process_pending_signals (env);
2946     }
2947 }
2948 #endif
2949 
2950 #ifdef TARGET_M68K
2951 
2952 void cpu_loop(CPUM68KState *env)
2953 {
2954     CPUState *cs = CPU(m68k_env_get_cpu(env));
2955     int trapnr;
2956     unsigned int n;
2957     target_siginfo_t info;
2958     TaskState *ts = cs->opaque;
2959 
2960     for(;;) {
2961         cpu_exec_start(cs);
2962         trapnr = cpu_exec(cs);
2963         cpu_exec_end(cs);
2964         process_queued_cpu_work(cs);
2965 
2966         switch(trapnr) {
2967         case EXCP_ILLEGAL:
2968             {
2969                 if (ts->sim_syscalls) {
2970                     uint16_t nr;
2971                     get_user_u16(nr, env->pc + 2);
2972                     env->pc += 4;
2973                     do_m68k_simcall(env, nr);
2974                 } else {
2975                     goto do_sigill;
2976                 }
2977             }
2978             break;
2979         case EXCP_HALT_INSN:
2980             /* Semihosing syscall.  */
2981             env->pc += 4;
2982             do_m68k_semihosting(env, env->dregs[0]);
2983             break;
2984         case EXCP_LINEA:
2985         case EXCP_LINEF:
2986         case EXCP_UNSUPPORTED:
2987         do_sigill:
2988             info.si_signo = TARGET_SIGILL;
2989             info.si_errno = 0;
2990             info.si_code = TARGET_ILL_ILLOPN;
2991             info._sifields._sigfault._addr = env->pc;
2992             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2993             break;
2994         case EXCP_CHK:
2995             info.si_signo = TARGET_SIGFPE;
2996             info.si_errno = 0;
2997             info.si_code = TARGET_FPE_INTOVF;
2998             info._sifields._sigfault._addr = env->pc;
2999             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3000             break;
3001         case EXCP_DIV0:
3002             info.si_signo = TARGET_SIGFPE;
3003             info.si_errno = 0;
3004             info.si_code = TARGET_FPE_INTDIV;
3005             info._sifields._sigfault._addr = env->pc;
3006             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3007             break;
3008         case EXCP_TRAP0:
3009             {
3010                 abi_long ret;
3011                 ts->sim_syscalls = 0;
3012                 n = env->dregs[0];
3013                 env->pc += 2;
3014                 ret = do_syscall(env,
3015                                  n,
3016                                  env->dregs[1],
3017                                  env->dregs[2],
3018                                  env->dregs[3],
3019                                  env->dregs[4],
3020                                  env->dregs[5],
3021                                  env->aregs[0],
3022                                  0, 0);
3023                 if (ret == -TARGET_ERESTARTSYS) {
3024                     env->pc -= 2;
3025                 } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3026                     env->dregs[0] = ret;
3027                 }
3028             }
3029             break;
3030         case EXCP_INTERRUPT:
3031             /* just indicate that signals should be handled asap */
3032             break;
3033         case EXCP_ACCESS:
3034             {
3035                 info.si_signo = TARGET_SIGSEGV;
3036                 info.si_errno = 0;
3037                 /* XXX: check env->error_code */
3038                 info.si_code = TARGET_SEGV_MAPERR;
3039                 info._sifields._sigfault._addr = env->mmu.ar;
3040                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3041             }
3042             break;
3043         case EXCP_DEBUG:
3044             {
3045                 int sig;
3046 
3047                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3048                 if (sig)
3049                   {
3050                     info.si_signo = sig;
3051                     info.si_errno = 0;
3052                     info.si_code = TARGET_TRAP_BRKPT;
3053                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3054                   }
3055             }
3056             break;
3057         case EXCP_ATOMIC:
3058             cpu_exec_step_atomic(cs);
3059             break;
3060         default:
3061             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
3062             abort();
3063         }
3064         process_pending_signals(env);
3065     }
3066 }
3067 #endif /* TARGET_M68K */
3068 
3069 #ifdef TARGET_ALPHA
3070 void cpu_loop(CPUAlphaState *env)
3071 {
3072     CPUState *cs = CPU(alpha_env_get_cpu(env));
3073     int trapnr;
3074     target_siginfo_t info;
3075     abi_long sysret;
3076 
3077     while (1) {
3078         bool arch_interrupt = true;
3079 
3080         cpu_exec_start(cs);
3081         trapnr = cpu_exec(cs);
3082         cpu_exec_end(cs);
3083         process_queued_cpu_work(cs);
3084 
3085         switch (trapnr) {
3086         case EXCP_RESET:
3087             fprintf(stderr, "Reset requested. Exit\n");
3088             exit(EXIT_FAILURE);
3089             break;
3090         case EXCP_MCHK:
3091             fprintf(stderr, "Machine check exception. Exit\n");
3092             exit(EXIT_FAILURE);
3093             break;
3094         case EXCP_SMP_INTERRUPT:
3095         case EXCP_CLK_INTERRUPT:
3096         case EXCP_DEV_INTERRUPT:
3097             fprintf(stderr, "External interrupt. Exit\n");
3098             exit(EXIT_FAILURE);
3099             break;
3100         case EXCP_MMFAULT:
3101             info.si_signo = TARGET_SIGSEGV;
3102             info.si_errno = 0;
3103             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
3104                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
3105             info._sifields._sigfault._addr = env->trap_arg0;
3106             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3107             break;
3108         case EXCP_UNALIGN:
3109             info.si_signo = TARGET_SIGBUS;
3110             info.si_errno = 0;
3111             info.si_code = TARGET_BUS_ADRALN;
3112             info._sifields._sigfault._addr = env->trap_arg0;
3113             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3114             break;
3115         case EXCP_OPCDEC:
3116         do_sigill:
3117             info.si_signo = TARGET_SIGILL;
3118             info.si_errno = 0;
3119             info.si_code = TARGET_ILL_ILLOPC;
3120             info._sifields._sigfault._addr = env->pc;
3121             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3122             break;
3123         case EXCP_ARITH:
3124             info.si_signo = TARGET_SIGFPE;
3125             info.si_errno = 0;
3126             info.si_code = TARGET_FPE_FLTINV;
3127             info._sifields._sigfault._addr = env->pc;
3128             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3129             break;
3130         case EXCP_FEN:
3131             /* No-op.  Linux simply re-enables the FPU.  */
3132             break;
3133         case EXCP_CALL_PAL:
3134             switch (env->error_code) {
3135             case 0x80:
3136                 /* BPT */
3137                 info.si_signo = TARGET_SIGTRAP;
3138                 info.si_errno = 0;
3139                 info.si_code = TARGET_TRAP_BRKPT;
3140                 info._sifields._sigfault._addr = env->pc;
3141                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3142                 break;
3143             case 0x81:
3144                 /* BUGCHK */
3145                 info.si_signo = TARGET_SIGTRAP;
3146                 info.si_errno = 0;
3147                 info.si_code = 0;
3148                 info._sifields._sigfault._addr = env->pc;
3149                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3150                 break;
3151             case 0x83:
3152                 /* CALLSYS */
3153                 trapnr = env->ir[IR_V0];
3154                 sysret = do_syscall(env, trapnr,
3155                                     env->ir[IR_A0], env->ir[IR_A1],
3156                                     env->ir[IR_A2], env->ir[IR_A3],
3157                                     env->ir[IR_A4], env->ir[IR_A5],
3158                                     0, 0);
3159                 if (sysret == -TARGET_ERESTARTSYS) {
3160                     env->pc -= 4;
3161                     break;
3162                 }
3163                 if (sysret == -TARGET_QEMU_ESIGRETURN) {
3164                     break;
3165                 }
3166                 /* Syscall writes 0 to V0 to bypass error check, similar
3167                    to how this is handled internal to Linux kernel.
3168                    (Ab)use trapnr temporarily as boolean indicating error.  */
3169                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
3170                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
3171                 env->ir[IR_A3] = trapnr;
3172                 break;
3173             case 0x86:
3174                 /* IMB */
3175                 /* ??? We can probably elide the code using page_unprotect
3176                    that is checking for self-modifying code.  Instead we
3177                    could simply call tb_flush here.  Until we work out the
3178                    changes required to turn off the extra write protection,
3179                    this can be a no-op.  */
3180                 break;
3181             case 0x9E:
3182                 /* RDUNIQUE */
3183                 /* Handled in the translator for usermode.  */
3184                 abort();
3185             case 0x9F:
3186                 /* WRUNIQUE */
3187                 /* Handled in the translator for usermode.  */
3188                 abort();
3189             case 0xAA:
3190                 /* GENTRAP */
3191                 info.si_signo = TARGET_SIGFPE;
3192                 switch (env->ir[IR_A0]) {
3193                 case TARGET_GEN_INTOVF:
3194                     info.si_code = TARGET_FPE_INTOVF;
3195                     break;
3196                 case TARGET_GEN_INTDIV:
3197                     info.si_code = TARGET_FPE_INTDIV;
3198                     break;
3199                 case TARGET_GEN_FLTOVF:
3200                     info.si_code = TARGET_FPE_FLTOVF;
3201                     break;
3202                 case TARGET_GEN_FLTUND:
3203                     info.si_code = TARGET_FPE_FLTUND;
3204                     break;
3205                 case TARGET_GEN_FLTINV:
3206                     info.si_code = TARGET_FPE_FLTINV;
3207                     break;
3208                 case TARGET_GEN_FLTINE:
3209                     info.si_code = TARGET_FPE_FLTRES;
3210                     break;
3211                 case TARGET_GEN_ROPRAND:
3212                     info.si_code = 0;
3213                     break;
3214                 default:
3215                     info.si_signo = TARGET_SIGTRAP;
3216                     info.si_code = 0;
3217                     break;
3218                 }
3219                 info.si_errno = 0;
3220                 info._sifields._sigfault._addr = env->pc;
3221                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3222                 break;
3223             default:
3224                 goto do_sigill;
3225             }
3226             break;
3227         case EXCP_DEBUG:
3228             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
3229             if (info.si_signo) {
3230                 info.si_errno = 0;
3231                 info.si_code = TARGET_TRAP_BRKPT;
3232                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3233             } else {
3234                 arch_interrupt = false;
3235             }
3236             break;
3237         case EXCP_INTERRUPT:
3238             /* Just indicate that signals should be handled asap.  */
3239             break;
3240         case EXCP_ATOMIC:
3241             cpu_exec_step_atomic(cs);
3242             arch_interrupt = false;
3243             break;
3244         default:
3245             printf ("Unhandled trap: 0x%x\n", trapnr);
3246             cpu_dump_state(cs, stderr, fprintf, 0);
3247             exit(EXIT_FAILURE);
3248         }
3249         process_pending_signals (env);
3250 
3251         /* Most of the traps imply a transition through PALcode, which
3252            implies an REI instruction has been executed.  Which means
3253            that RX and LOCK_ADDR should be cleared.  But there are a
3254            few exceptions for traps internal to QEMU.  */
3255         if (arch_interrupt) {
3256             env->flags &= ~ENV_FLAG_RX_FLAG;
3257             env->lock_addr = -1;
3258         }
3259     }
3260 }
3261 #endif /* TARGET_ALPHA */
3262 
3263 #ifdef TARGET_S390X
3264 
3265 /* s390x masks the fault address it reports in si_addr for SIGSEGV and SIGBUS */
3266 #define S390X_FAIL_ADDR_MASK -4096LL
3267 
3268 void cpu_loop(CPUS390XState *env)
3269 {
3270     CPUState *cs = CPU(s390_env_get_cpu(env));
3271     int trapnr, n, sig;
3272     target_siginfo_t info;
3273     target_ulong addr;
3274     abi_long ret;
3275 
3276     while (1) {
3277         cpu_exec_start(cs);
3278         trapnr = cpu_exec(cs);
3279         cpu_exec_end(cs);
3280         process_queued_cpu_work(cs);
3281 
3282         switch (trapnr) {
3283         case EXCP_INTERRUPT:
3284             /* Just indicate that signals should be handled asap.  */
3285             break;
3286 
3287         case EXCP_SVC:
3288             n = env->int_svc_code;
3289             if (!n) {
3290                 /* syscalls > 255 */
3291                 n = env->regs[1];
3292             }
3293             env->psw.addr += env->int_svc_ilen;
3294             ret = do_syscall(env, n, env->regs[2], env->regs[3],
3295                              env->regs[4], env->regs[5],
3296                              env->regs[6], env->regs[7], 0, 0);
3297             if (ret == -TARGET_ERESTARTSYS) {
3298                 env->psw.addr -= env->int_svc_ilen;
3299             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3300                 env->regs[2] = ret;
3301             }
3302             break;
3303 
3304         case EXCP_DEBUG:
3305             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3306             if (sig) {
3307                 n = TARGET_TRAP_BRKPT;
3308                 goto do_signal_pc;
3309             }
3310             break;
3311         case EXCP_PGM:
3312             n = env->int_pgm_code;
3313             switch (n) {
3314             case PGM_OPERATION:
3315             case PGM_PRIVILEGED:
3316                 sig = TARGET_SIGILL;
3317                 n = TARGET_ILL_ILLOPC;
3318                 goto do_signal_pc;
3319             case PGM_PROTECTION:
3320             case PGM_ADDRESSING:
3321                 sig = TARGET_SIGSEGV;
3322                 /* XXX: check env->error_code */
3323                 n = TARGET_SEGV_MAPERR;
3324                 addr = env->__excp_addr & S390X_FAIL_ADDR_MASK;
3325                 goto do_signal;
3326             case PGM_EXECUTE:
3327             case PGM_SPECIFICATION:
3328             case PGM_SPECIAL_OP:
3329             case PGM_OPERAND:
3330             do_sigill_opn:
3331                 sig = TARGET_SIGILL;
3332                 n = TARGET_ILL_ILLOPN;
3333                 goto do_signal_pc;
3334 
3335             case PGM_FIXPT_OVERFLOW:
3336                 sig = TARGET_SIGFPE;
3337                 n = TARGET_FPE_INTOVF;
3338                 goto do_signal_pc;
3339             case PGM_FIXPT_DIVIDE:
3340                 sig = TARGET_SIGFPE;
3341                 n = TARGET_FPE_INTDIV;
3342                 goto do_signal_pc;
3343 
3344             case PGM_DATA:
3345                 n = (env->fpc >> 8) & 0xff;
3346                 if (n == 0xff) {
3347                     /* compare-and-trap */
3348                     goto do_sigill_opn;
3349                 } else {
3350                     /* An IEEE exception, simulated or otherwise.  */
3351                     if (n & 0x80) {
3352                         n = TARGET_FPE_FLTINV;
3353                     } else if (n & 0x40) {
3354                         n = TARGET_FPE_FLTDIV;
3355                     } else if (n & 0x20) {
3356                         n = TARGET_FPE_FLTOVF;
3357                     } else if (n & 0x10) {
3358                         n = TARGET_FPE_FLTUND;
3359                     } else if (n & 0x08) {
3360                         n = TARGET_FPE_FLTRES;
3361                     } else {
3362                         /* ??? Quantum exception; BFP, DFP error.  */
3363                         goto do_sigill_opn;
3364                     }
3365                     sig = TARGET_SIGFPE;
3366                     goto do_signal_pc;
3367                 }
3368 
3369             default:
3370                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
3371                 cpu_dump_state(cs, stderr, fprintf, 0);
3372                 exit(EXIT_FAILURE);
3373             }
3374             break;
3375 
3376         do_signal_pc:
3377             addr = env->psw.addr;
3378         do_signal:
3379             info.si_signo = sig;
3380             info.si_errno = 0;
3381             info.si_code = n;
3382             info._sifields._sigfault._addr = addr;
3383             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3384             break;
3385 
3386         case EXCP_ATOMIC:
3387             cpu_exec_step_atomic(cs);
3388             break;
3389         default:
3390             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
3391             cpu_dump_state(cs, stderr, fprintf, 0);
3392             exit(EXIT_FAILURE);
3393         }
3394         process_pending_signals (env);
3395     }
3396 }
3397 
3398 #endif /* TARGET_S390X */
3399 
3400 #ifdef TARGET_TILEGX
3401 
3402 static void gen_sigill_reg(CPUTLGState *env)
3403 {
3404     target_siginfo_t info;
3405 
3406     info.si_signo = TARGET_SIGILL;
3407     info.si_errno = 0;
3408     info.si_code = TARGET_ILL_PRVREG;
3409     info._sifields._sigfault._addr = env->pc;
3410     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3411 }
3412 
3413 static void do_signal(CPUTLGState *env, int signo, int sigcode)
3414 {
3415     target_siginfo_t info;
3416 
3417     info.si_signo = signo;
3418     info.si_errno = 0;
3419     info._sifields._sigfault._addr = env->pc;
3420 
3421     if (signo == TARGET_SIGSEGV) {
3422         /* The passed in sigcode is a dummy; check for a page mapping
3423            and pass either MAPERR or ACCERR.  */
3424         target_ulong addr = env->excaddr;
3425         info._sifields._sigfault._addr = addr;
3426         if (page_check_range(addr, 1, PAGE_VALID) < 0) {
3427             sigcode = TARGET_SEGV_MAPERR;
3428         } else {
3429             sigcode = TARGET_SEGV_ACCERR;
3430         }
3431     }
3432     info.si_code = sigcode;
3433 
3434     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3435 }
3436 
3437 static void gen_sigsegv_maperr(CPUTLGState *env, target_ulong addr)
3438 {
3439     env->excaddr = addr;
3440     do_signal(env, TARGET_SIGSEGV, 0);
3441 }
3442 
3443 static void set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
3444 {
3445     if (unlikely(reg >= TILEGX_R_COUNT)) {
3446         switch (reg) {
3447         case TILEGX_R_SN:
3448         case TILEGX_R_ZERO:
3449             return;
3450         case TILEGX_R_IDN0:
3451         case TILEGX_R_IDN1:
3452         case TILEGX_R_UDN0:
3453         case TILEGX_R_UDN1:
3454         case TILEGX_R_UDN2:
3455         case TILEGX_R_UDN3:
3456             gen_sigill_reg(env);
3457             return;
3458         default:
3459             g_assert_not_reached();
3460         }
3461     }
3462     env->regs[reg] = val;
3463 }
3464 
3465 /*
3466  * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
3467  * memory at the address held in the first source register. If the values are
3468  * not equal, then no memory operation is performed. If the values are equal,
3469  * the 8-byte quantity from the second source register is written into memory
3470  * at the address held in the first source register. In either case, the result
3471  * of the instruction is the value read from memory. The compare and write to
3472  * memory are atomic and thus can be used for synchronization purposes. This
3473  * instruction only operates for addresses aligned to a 8-byte boundary.
3474  * Unaligned memory access causes an Unaligned Data Reference interrupt.
3475  *
3476  * Functional Description (64-bit)
3477  *       uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
3478  *       rf[Dest] = memVal;
3479  *       if (memVal == SPR[CmpValueSPR])
3480  *           memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
3481  *
3482  * Functional Description (32-bit)
3483  *       uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
3484  *       rf[Dest] = memVal;
3485  *       if (memVal == signExtend32 (SPR[CmpValueSPR]))
3486  *           memoryWriteWord (rf[SrcA], rf[SrcB]);
3487  *
3488  *
3489  * This function also processes exch and exch4 which need not process SPR.
3490  */
3491 static void do_exch(CPUTLGState *env, bool quad, bool cmp)
3492 {
3493     target_ulong addr;
3494     target_long val, sprval;
3495 
3496     start_exclusive();
3497 
3498     addr = env->atomic_srca;
3499     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3500         goto sigsegv_maperr;
3501     }
3502 
3503     if (cmp) {
3504         if (quad) {
3505             sprval = env->spregs[TILEGX_SPR_CMPEXCH];
3506         } else {
3507             sprval = sextract64(env->spregs[TILEGX_SPR_CMPEXCH], 0, 32);
3508         }
3509     }
3510 
3511     if (!cmp || val == sprval) {
3512         target_long valb = env->atomic_srcb;
3513         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3514             goto sigsegv_maperr;
3515         }
3516     }
3517 
3518     set_regval(env, env->atomic_dstr, val);
3519     end_exclusive();
3520     return;
3521 
3522  sigsegv_maperr:
3523     end_exclusive();
3524     gen_sigsegv_maperr(env, addr);
3525 }
3526 
3527 static void do_fetch(CPUTLGState *env, int trapnr, bool quad)
3528 {
3529     int8_t write = 1;
3530     target_ulong addr;
3531     target_long val, valb;
3532 
3533     start_exclusive();
3534 
3535     addr = env->atomic_srca;
3536     valb = env->atomic_srcb;
3537     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3538         goto sigsegv_maperr;
3539     }
3540 
3541     switch (trapnr) {
3542     case TILEGX_EXCP_OPCODE_FETCHADD:
3543     case TILEGX_EXCP_OPCODE_FETCHADD4:
3544         valb += val;
3545         break;
3546     case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3547         valb += val;
3548         if (valb < 0) {
3549             write = 0;
3550         }
3551         break;
3552     case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3553         valb += val;
3554         if ((int32_t)valb < 0) {
3555             write = 0;
3556         }
3557         break;
3558     case TILEGX_EXCP_OPCODE_FETCHAND:
3559     case TILEGX_EXCP_OPCODE_FETCHAND4:
3560         valb &= val;
3561         break;
3562     case TILEGX_EXCP_OPCODE_FETCHOR:
3563     case TILEGX_EXCP_OPCODE_FETCHOR4:
3564         valb |= val;
3565         break;
3566     default:
3567         g_assert_not_reached();
3568     }
3569 
3570     if (write) {
3571         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3572             goto sigsegv_maperr;
3573         }
3574     }
3575 
3576     set_regval(env, env->atomic_dstr, val);
3577     end_exclusive();
3578     return;
3579 
3580  sigsegv_maperr:
3581     end_exclusive();
3582     gen_sigsegv_maperr(env, addr);
3583 }
3584 
3585 void cpu_loop(CPUTLGState *env)
3586 {
3587     CPUState *cs = CPU(tilegx_env_get_cpu(env));
3588     int trapnr;
3589 
3590     while (1) {
3591         cpu_exec_start(cs);
3592         trapnr = cpu_exec(cs);
3593         cpu_exec_end(cs);
3594         process_queued_cpu_work(cs);
3595 
3596         switch (trapnr) {
3597         case TILEGX_EXCP_SYSCALL:
3598         {
3599             abi_ulong ret = do_syscall(env, env->regs[TILEGX_R_NR],
3600                                        env->regs[0], env->regs[1],
3601                                        env->regs[2], env->regs[3],
3602                                        env->regs[4], env->regs[5],
3603                                        env->regs[6], env->regs[7]);
3604             if (ret == -TARGET_ERESTARTSYS) {
3605                 env->pc -= 8;
3606             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3607                 env->regs[TILEGX_R_RE] = ret;
3608                 env->regs[TILEGX_R_ERR] = TILEGX_IS_ERRNO(ret) ? -ret : 0;
3609             }
3610             break;
3611         }
3612         case TILEGX_EXCP_OPCODE_EXCH:
3613             do_exch(env, true, false);
3614             break;
3615         case TILEGX_EXCP_OPCODE_EXCH4:
3616             do_exch(env, false, false);
3617             break;
3618         case TILEGX_EXCP_OPCODE_CMPEXCH:
3619             do_exch(env, true, true);
3620             break;
3621         case TILEGX_EXCP_OPCODE_CMPEXCH4:
3622             do_exch(env, false, true);
3623             break;
3624         case TILEGX_EXCP_OPCODE_FETCHADD:
3625         case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3626         case TILEGX_EXCP_OPCODE_FETCHAND:
3627         case TILEGX_EXCP_OPCODE_FETCHOR:
3628             do_fetch(env, trapnr, true);
3629             break;
3630         case TILEGX_EXCP_OPCODE_FETCHADD4:
3631         case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3632         case TILEGX_EXCP_OPCODE_FETCHAND4:
3633         case TILEGX_EXCP_OPCODE_FETCHOR4:
3634             do_fetch(env, trapnr, false);
3635             break;
3636         case TILEGX_EXCP_SIGNAL:
3637             do_signal(env, env->signo, env->sigcode);
3638             break;
3639         case TILEGX_EXCP_REG_IDN_ACCESS:
3640         case TILEGX_EXCP_REG_UDN_ACCESS:
3641             gen_sigill_reg(env);
3642             break;
3643         case EXCP_ATOMIC:
3644             cpu_exec_step_atomic(cs);
3645             break;
3646         default:
3647             fprintf(stderr, "trapnr is %d[0x%x].\n", trapnr, trapnr);
3648             g_assert_not_reached();
3649         }
3650         process_pending_signals(env);
3651     }
3652 }
3653 
3654 #endif
3655 
3656 #ifdef TARGET_RISCV
3657 
3658 void cpu_loop(CPURISCVState *env)
3659 {
3660     CPUState *cs = CPU(riscv_env_get_cpu(env));
3661     int trapnr, signum, sigcode;
3662     target_ulong sigaddr;
3663     target_ulong ret;
3664 
3665     for (;;) {
3666         cpu_exec_start(cs);
3667         trapnr = cpu_exec(cs);
3668         cpu_exec_end(cs);
3669         process_queued_cpu_work(cs);
3670 
3671         signum = 0;
3672         sigcode = 0;
3673         sigaddr = 0;
3674 
3675         switch (trapnr) {
3676         case EXCP_INTERRUPT:
3677             /* just indicate that signals should be handled asap */
3678             break;
3679         case EXCP_ATOMIC:
3680             cpu_exec_step_atomic(cs);
3681             break;
3682         case RISCV_EXCP_U_ECALL:
3683             env->pc += 4;
3684             if (env->gpr[xA7] == TARGET_NR_arch_specific_syscall + 15) {
3685                 /* riscv_flush_icache_syscall is a no-op in QEMU as
3686                    self-modifying code is automatically detected */
3687                 ret = 0;
3688             } else {
3689                 ret = do_syscall(env,
3690                                  env->gpr[xA7],
3691                                  env->gpr[xA0],
3692                                  env->gpr[xA1],
3693                                  env->gpr[xA2],
3694                                  env->gpr[xA3],
3695                                  env->gpr[xA4],
3696                                  env->gpr[xA5],
3697                                  0, 0);
3698             }
3699             if (ret == -TARGET_ERESTARTSYS) {
3700                 env->pc -= 4;
3701             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3702                 env->gpr[xA0] = ret;
3703             }
3704             if (cs->singlestep_enabled) {
3705                 goto gdbstep;
3706             }
3707             break;
3708         case RISCV_EXCP_ILLEGAL_INST:
3709             signum = TARGET_SIGILL;
3710             sigcode = TARGET_ILL_ILLOPC;
3711             break;
3712         case RISCV_EXCP_BREAKPOINT:
3713             signum = TARGET_SIGTRAP;
3714             sigcode = TARGET_TRAP_BRKPT;
3715             sigaddr = env->pc;
3716             break;
3717         case RISCV_EXCP_INST_PAGE_FAULT:
3718         case RISCV_EXCP_LOAD_PAGE_FAULT:
3719         case RISCV_EXCP_STORE_PAGE_FAULT:
3720             signum = TARGET_SIGSEGV;
3721             sigcode = TARGET_SEGV_MAPERR;
3722             break;
3723         case EXCP_DEBUG:
3724         gdbstep:
3725             signum = gdb_handlesig(cs, TARGET_SIGTRAP);
3726             sigcode = TARGET_TRAP_BRKPT;
3727             break;
3728         default:
3729             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
3730                      trapnr);
3731             exit(EXIT_FAILURE);
3732         }
3733 
3734         if (signum) {
3735             target_siginfo_t info = {
3736                 .si_signo = signum,
3737                 .si_errno = 0,
3738                 .si_code = sigcode,
3739                 ._sifields._sigfault._addr = sigaddr
3740             };
3741             queue_signal(env, info.si_signo, QEMU_SI_KILL, &info);
3742         }
3743 
3744         process_pending_signals(env);
3745     }
3746 }
3747 
3748 #endif /* TARGET_RISCV */
3749 
3750 #ifdef TARGET_HPPA
3751 
3752 static abi_ulong hppa_lws(CPUHPPAState *env)
3753 {
3754     uint32_t which = env->gr[20];
3755     abi_ulong addr = env->gr[26];
3756     abi_ulong old = env->gr[25];
3757     abi_ulong new = env->gr[24];
3758     abi_ulong size, ret;
3759 
3760     switch (which) {
3761     default:
3762         return -TARGET_ENOSYS;
3763 
3764     case 0: /* elf32 atomic 32bit cmpxchg */
3765         if ((addr & 3) || !access_ok(VERIFY_WRITE, addr, 4)) {
3766             return -TARGET_EFAULT;
3767         }
3768         old = tswap32(old);
3769         new = tswap32(new);
3770         ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3771         ret = tswap32(ret);
3772         break;
3773 
3774     case 2: /* elf32 atomic "new" cmpxchg */
3775         size = env->gr[23];
3776         if (size >= 4) {
3777             return -TARGET_ENOSYS;
3778         }
3779         if (((addr | old | new) & ((1 << size) - 1))
3780             || !access_ok(VERIFY_WRITE, addr, 1 << size)
3781             || !access_ok(VERIFY_READ, old, 1 << size)
3782             || !access_ok(VERIFY_READ, new, 1 << size)) {
3783             return -TARGET_EFAULT;
3784         }
3785         /* Note that below we use host-endian loads so that the cmpxchg
3786            can be host-endian as well.  */
3787         switch (size) {
3788         case 0:
3789             old = *(uint8_t *)g2h(old);
3790             new = *(uint8_t *)g2h(new);
3791             ret = atomic_cmpxchg((uint8_t *)g2h(addr), old, new);
3792             ret = ret != old;
3793             break;
3794         case 1:
3795             old = *(uint16_t *)g2h(old);
3796             new = *(uint16_t *)g2h(new);
3797             ret = atomic_cmpxchg((uint16_t *)g2h(addr), old, new);
3798             ret = ret != old;
3799             break;
3800         case 2:
3801             old = *(uint32_t *)g2h(old);
3802             new = *(uint32_t *)g2h(new);
3803             ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3804             ret = ret != old;
3805             break;
3806         case 3:
3807             {
3808                 uint64_t o64, n64, r64;
3809                 o64 = *(uint64_t *)g2h(old);
3810                 n64 = *(uint64_t *)g2h(new);
3811 #ifdef CONFIG_ATOMIC64
3812                 r64 = atomic_cmpxchg__nocheck((uint64_t *)g2h(addr), o64, n64);
3813                 ret = r64 != o64;
3814 #else
3815                 start_exclusive();
3816                 r64 = *(uint64_t *)g2h(addr);
3817                 ret = 1;
3818                 if (r64 == o64) {
3819                     *(uint64_t *)g2h(addr) = n64;
3820                     ret = 0;
3821                 }
3822                 end_exclusive();
3823 #endif
3824             }
3825             break;
3826         }
3827         break;
3828     }
3829 
3830     env->gr[28] = ret;
3831     return 0;
3832 }
3833 
3834 void cpu_loop(CPUHPPAState *env)
3835 {
3836     CPUState *cs = CPU(hppa_env_get_cpu(env));
3837     target_siginfo_t info;
3838     abi_ulong ret;
3839     int trapnr;
3840 
3841     while (1) {
3842         cpu_exec_start(cs);
3843         trapnr = cpu_exec(cs);
3844         cpu_exec_end(cs);
3845         process_queued_cpu_work(cs);
3846 
3847         switch (trapnr) {
3848         case EXCP_SYSCALL:
3849             ret = do_syscall(env, env->gr[20],
3850                              env->gr[26], env->gr[25],
3851                              env->gr[24], env->gr[23],
3852                              env->gr[22], env->gr[21], 0, 0);
3853             switch (ret) {
3854             default:
3855                 env->gr[28] = ret;
3856                 /* We arrived here by faking the gateway page.  Return.  */
3857                 env->iaoq_f = env->gr[31];
3858                 env->iaoq_b = env->gr[31] + 4;
3859                 break;
3860             case -TARGET_ERESTARTSYS:
3861             case -TARGET_QEMU_ESIGRETURN:
3862                 break;
3863             }
3864             break;
3865         case EXCP_SYSCALL_LWS:
3866             env->gr[21] = hppa_lws(env);
3867             /* We arrived here by faking the gateway page.  Return.  */
3868             env->iaoq_f = env->gr[31];
3869             env->iaoq_b = env->gr[31] + 4;
3870             break;
3871         case EXCP_ITLB_MISS:
3872         case EXCP_DTLB_MISS:
3873         case EXCP_NA_ITLB_MISS:
3874         case EXCP_NA_DTLB_MISS:
3875         case EXCP_IMP:
3876         case EXCP_DMP:
3877         case EXCP_DMB:
3878         case EXCP_PAGE_REF:
3879         case EXCP_DMAR:
3880         case EXCP_DMPI:
3881             info.si_signo = TARGET_SIGSEGV;
3882             info.si_errno = 0;
3883             info.si_code = TARGET_SEGV_ACCERR;
3884             info._sifields._sigfault._addr = env->cr[CR_IOR];
3885             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3886             break;
3887         case EXCP_UNALIGN:
3888             info.si_signo = TARGET_SIGBUS;
3889             info.si_errno = 0;
3890             info.si_code = 0;
3891             info._sifields._sigfault._addr = env->cr[CR_IOR];
3892             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3893             break;
3894         case EXCP_ILL:
3895         case EXCP_PRIV_OPR:
3896         case EXCP_PRIV_REG:
3897             info.si_signo = TARGET_SIGILL;
3898             info.si_errno = 0;
3899             info.si_code = TARGET_ILL_ILLOPN;
3900             info._sifields._sigfault._addr = env->iaoq_f;
3901             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3902             break;
3903         case EXCP_OVERFLOW:
3904         case EXCP_COND:
3905         case EXCP_ASSIST:
3906             info.si_signo = TARGET_SIGFPE;
3907             info.si_errno = 0;
3908             info.si_code = 0;
3909             info._sifields._sigfault._addr = env->iaoq_f;
3910             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3911             break;
3912         case EXCP_DEBUG:
3913             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
3914             if (trapnr) {
3915                 info.si_signo = trapnr;
3916                 info.si_errno = 0;
3917                 info.si_code = TARGET_TRAP_BRKPT;
3918                 queue_signal(env, trapnr, QEMU_SI_FAULT, &info);
3919             }
3920             break;
3921         case EXCP_INTERRUPT:
3922             /* just indicate that signals should be handled asap */
3923             break;
3924         default:
3925             g_assert_not_reached();
3926         }
3927         process_pending_signals(env);
3928     }
3929 }
3930 
3931 #endif /* TARGET_HPPA */
3932 
3933 __thread CPUState *thread_cpu;
3934 
3935 bool qemu_cpu_is_self(CPUState *cpu)
3936 {
3937     return thread_cpu == cpu;
3938 }
3939 
3940 void qemu_cpu_kick(CPUState *cpu)
3941 {
3942     cpu_exit(cpu);
3943 }
3944 
3945 void task_settid(TaskState *ts)
3946 {
3947     if (ts->ts_tid == 0) {
3948         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3949     }
3950 }
3951 
3952 void stop_all_tasks(void)
3953 {
3954     /*
3955      * We trust that when using NPTL, start_exclusive()
3956      * handles thread stopping correctly.
3957      */
3958     start_exclusive();
3959 }
3960 
3961 /* Assumes contents are already zeroed.  */
3962 void init_task_state(TaskState *ts)
3963 {
3964     ts->used = 1;
3965 }
3966 
3967 CPUArchState *cpu_copy(CPUArchState *env)
3968 {
3969     CPUState *cpu = ENV_GET_CPU(env);
3970     CPUState *new_cpu = cpu_init(cpu_model);
3971     CPUArchState *new_env = new_cpu->env_ptr;
3972     CPUBreakpoint *bp;
3973     CPUWatchpoint *wp;
3974 
3975     /* Reset non arch specific state */
3976     cpu_reset(new_cpu);
3977 
3978     memcpy(new_env, env, sizeof(CPUArchState));
3979 
3980     /* Clone all break/watchpoints.
3981        Note: Once we support ptrace with hw-debug register access, make sure
3982        BP_CPU break/watchpoints are handled correctly on clone. */
3983     QTAILQ_INIT(&new_cpu->breakpoints);
3984     QTAILQ_INIT(&new_cpu->watchpoints);
3985     QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
3986         cpu_breakpoint_insert(new_cpu, bp->pc, bp->flags, NULL);
3987     }
3988     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
3989         cpu_watchpoint_insert(new_cpu, wp->vaddr, wp->len, wp->flags, NULL);
3990     }
3991 
3992     return new_env;
3993 }
3994 
3995 static void handle_arg_help(const char *arg)
3996 {
3997     usage(EXIT_SUCCESS);
3998 }
3999 
4000 static void handle_arg_log(const char *arg)
4001 {
4002     int mask;
4003 
4004     mask = qemu_str_to_log_mask(arg);
4005     if (!mask) {
4006         qemu_print_log_usage(stdout);
4007         exit(EXIT_FAILURE);
4008     }
4009     qemu_log_needs_buffers();
4010     qemu_set_log(mask);
4011 }
4012 
4013 static void handle_arg_dfilter(const char *arg)
4014 {
4015     qemu_set_dfilter_ranges(arg, NULL);
4016 }
4017 
4018 static void handle_arg_log_filename(const char *arg)
4019 {
4020     qemu_set_log_filename(arg, &error_fatal);
4021 }
4022 
4023 static void handle_arg_set_env(const char *arg)
4024 {
4025     char *r, *p, *token;
4026     r = p = strdup(arg);
4027     while ((token = strsep(&p, ",")) != NULL) {
4028         if (envlist_setenv(envlist, token) != 0) {
4029             usage(EXIT_FAILURE);
4030         }
4031     }
4032     free(r);
4033 }
4034 
4035 static void handle_arg_unset_env(const char *arg)
4036 {
4037     char *r, *p, *token;
4038     r = p = strdup(arg);
4039     while ((token = strsep(&p, ",")) != NULL) {
4040         if (envlist_unsetenv(envlist, token) != 0) {
4041             usage(EXIT_FAILURE);
4042         }
4043     }
4044     free(r);
4045 }
4046 
4047 static void handle_arg_argv0(const char *arg)
4048 {
4049     argv0 = strdup(arg);
4050 }
4051 
4052 static void handle_arg_stack_size(const char *arg)
4053 {
4054     char *p;
4055     guest_stack_size = strtoul(arg, &p, 0);
4056     if (guest_stack_size == 0) {
4057         usage(EXIT_FAILURE);
4058     }
4059 
4060     if (*p == 'M') {
4061         guest_stack_size *= 1024 * 1024;
4062     } else if (*p == 'k' || *p == 'K') {
4063         guest_stack_size *= 1024;
4064     }
4065 }
4066 
4067 static void handle_arg_ld_prefix(const char *arg)
4068 {
4069     interp_prefix = strdup(arg);
4070 }
4071 
4072 static void handle_arg_pagesize(const char *arg)
4073 {
4074     qemu_host_page_size = atoi(arg);
4075     if (qemu_host_page_size == 0 ||
4076         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
4077         fprintf(stderr, "page size must be a power of two\n");
4078         exit(EXIT_FAILURE);
4079     }
4080 }
4081 
4082 static void handle_arg_randseed(const char *arg)
4083 {
4084     unsigned long long seed;
4085 
4086     if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
4087         fprintf(stderr, "Invalid seed number: %s\n", arg);
4088         exit(EXIT_FAILURE);
4089     }
4090     srand(seed);
4091 }
4092 
4093 static void handle_arg_gdb(const char *arg)
4094 {
4095     gdbstub_port = atoi(arg);
4096 }
4097 
4098 static void handle_arg_uname(const char *arg)
4099 {
4100     qemu_uname_release = strdup(arg);
4101 }
4102 
4103 static void handle_arg_cpu(const char *arg)
4104 {
4105     cpu_model = strdup(arg);
4106     if (cpu_model == NULL || is_help_option(cpu_model)) {
4107         /* XXX: implement xxx_cpu_list for targets that still miss it */
4108 #if defined(cpu_list)
4109         cpu_list(stdout, &fprintf);
4110 #endif
4111         exit(EXIT_FAILURE);
4112     }
4113 }
4114 
4115 static void handle_arg_guest_base(const char *arg)
4116 {
4117     guest_base = strtol(arg, NULL, 0);
4118     have_guest_base = 1;
4119 }
4120 
4121 static void handle_arg_reserved_va(const char *arg)
4122 {
4123     char *p;
4124     int shift = 0;
4125     reserved_va = strtoul(arg, &p, 0);
4126     switch (*p) {
4127     case 'k':
4128     case 'K':
4129         shift = 10;
4130         break;
4131     case 'M':
4132         shift = 20;
4133         break;
4134     case 'G':
4135         shift = 30;
4136         break;
4137     }
4138     if (shift) {
4139         unsigned long unshifted = reserved_va;
4140         p++;
4141         reserved_va <<= shift;
4142         if (reserved_va >> shift != unshifted
4143             || (MAX_RESERVED_VA && reserved_va > MAX_RESERVED_VA)) {
4144             fprintf(stderr, "Reserved virtual address too big\n");
4145             exit(EXIT_FAILURE);
4146         }
4147     }
4148     if (*p) {
4149         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
4150         exit(EXIT_FAILURE);
4151     }
4152 }
4153 
4154 static void handle_arg_singlestep(const char *arg)
4155 {
4156     singlestep = 1;
4157 }
4158 
4159 static void handle_arg_strace(const char *arg)
4160 {
4161     do_strace = 1;
4162 }
4163 
4164 static void handle_arg_version(const char *arg)
4165 {
4166     printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
4167            "\n" QEMU_COPYRIGHT "\n");
4168     exit(EXIT_SUCCESS);
4169 }
4170 
4171 static char *trace_file;
4172 static void handle_arg_trace(const char *arg)
4173 {
4174     g_free(trace_file);
4175     trace_file = trace_opt_parse(arg);
4176 }
4177 
4178 struct qemu_argument {
4179     const char *argv;
4180     const char *env;
4181     bool has_arg;
4182     void (*handle_opt)(const char *arg);
4183     const char *example;
4184     const char *help;
4185 };
4186 
4187 static const struct qemu_argument arg_table[] = {
4188     {"h",          "",                 false, handle_arg_help,
4189      "",           "print this help"},
4190     {"help",       "",                 false, handle_arg_help,
4191      "",           ""},
4192     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
4193      "port",       "wait gdb connection to 'port'"},
4194     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
4195      "path",       "set the elf interpreter prefix to 'path'"},
4196     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
4197      "size",       "set the stack size to 'size' bytes"},
4198     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
4199      "model",      "select CPU (-cpu help for list)"},
4200     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
4201      "var=value",  "sets targets environment variable (see below)"},
4202     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
4203      "var",        "unsets targets environment variable (see below)"},
4204     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
4205      "argv0",      "forces target process argv[0] to be 'argv0'"},
4206     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
4207      "uname",      "set qemu uname release string to 'uname'"},
4208     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
4209      "address",    "set guest_base address to 'address'"},
4210     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
4211      "size",       "reserve 'size' bytes for guest virtual address space"},
4212     {"d",          "QEMU_LOG",         true,  handle_arg_log,
4213      "item[,...]", "enable logging of specified items "
4214      "(use '-d help' for a list of items)"},
4215     {"dfilter",    "QEMU_DFILTER",     true,  handle_arg_dfilter,
4216      "range[,...]","filter logging based on address range"},
4217     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
4218      "logfile",     "write logs to 'logfile' (default stderr)"},
4219     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
4220      "pagesize",   "set the host page size to 'pagesize'"},
4221     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
4222      "",           "run in singlestep mode"},
4223     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
4224      "",           "log system calls"},
4225     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
4226      "",           "Seed for pseudo-random number generator"},
4227     {"trace",      "QEMU_TRACE",       true,  handle_arg_trace,
4228      "",           "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
4229     {"version",    "QEMU_VERSION",     false, handle_arg_version,
4230      "",           "display version information and exit"},
4231     {NULL, NULL, false, NULL, NULL, NULL}
4232 };
4233 
4234 static void usage(int exitcode)
4235 {
4236     const struct qemu_argument *arginfo;
4237     int maxarglen;
4238     int maxenvlen;
4239 
4240     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
4241            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
4242            "\n"
4243            "Options and associated environment variables:\n"
4244            "\n");
4245 
4246     /* Calculate column widths. We must always have at least enough space
4247      * for the column header.
4248      */
4249     maxarglen = strlen("Argument");
4250     maxenvlen = strlen("Env-variable");
4251 
4252     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4253         int arglen = strlen(arginfo->argv);
4254         if (arginfo->has_arg) {
4255             arglen += strlen(arginfo->example) + 1;
4256         }
4257         if (strlen(arginfo->env) > maxenvlen) {
4258             maxenvlen = strlen(arginfo->env);
4259         }
4260         if (arglen > maxarglen) {
4261             maxarglen = arglen;
4262         }
4263     }
4264 
4265     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
4266             maxenvlen, "Env-variable");
4267 
4268     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4269         if (arginfo->has_arg) {
4270             printf("-%s %-*s %-*s %s\n", arginfo->argv,
4271                    (int)(maxarglen - strlen(arginfo->argv) - 1),
4272                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
4273         } else {
4274             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
4275                     maxenvlen, arginfo->env,
4276                     arginfo->help);
4277         }
4278     }
4279 
4280     printf("\n"
4281            "Defaults:\n"
4282            "QEMU_LD_PREFIX  = %s\n"
4283            "QEMU_STACK_SIZE = %ld byte\n",
4284            interp_prefix,
4285            guest_stack_size);
4286 
4287     printf("\n"
4288            "You can use -E and -U options or the QEMU_SET_ENV and\n"
4289            "QEMU_UNSET_ENV environment variables to set and unset\n"
4290            "environment variables for the target process.\n"
4291            "It is possible to provide several variables by separating them\n"
4292            "by commas in getsubopt(3) style. Additionally it is possible to\n"
4293            "provide the -E and -U options multiple times.\n"
4294            "The following lines are equivalent:\n"
4295            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
4296            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
4297            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
4298            "Note that if you provide several changes to a single variable\n"
4299            "the last change will stay in effect.\n"
4300            "\n"
4301            QEMU_HELP_BOTTOM "\n");
4302 
4303     exit(exitcode);
4304 }
4305 
4306 static int parse_args(int argc, char **argv)
4307 {
4308     const char *r;
4309     int optind;
4310     const struct qemu_argument *arginfo;
4311 
4312     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4313         if (arginfo->env == NULL) {
4314             continue;
4315         }
4316 
4317         r = getenv(arginfo->env);
4318         if (r != NULL) {
4319             arginfo->handle_opt(r);
4320         }
4321     }
4322 
4323     optind = 1;
4324     for (;;) {
4325         if (optind >= argc) {
4326             break;
4327         }
4328         r = argv[optind];
4329         if (r[0] != '-') {
4330             break;
4331         }
4332         optind++;
4333         r++;
4334         if (!strcmp(r, "-")) {
4335             break;
4336         }
4337         /* Treat --foo the same as -foo.  */
4338         if (r[0] == '-') {
4339             r++;
4340         }
4341 
4342         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4343             if (!strcmp(r, arginfo->argv)) {
4344                 if (arginfo->has_arg) {
4345                     if (optind >= argc) {
4346                         (void) fprintf(stderr,
4347                             "qemu: missing argument for option '%s'\n", r);
4348                         exit(EXIT_FAILURE);
4349                     }
4350                     arginfo->handle_opt(argv[optind]);
4351                     optind++;
4352                 } else {
4353                     arginfo->handle_opt(NULL);
4354                 }
4355                 break;
4356             }
4357         }
4358 
4359         /* no option matched the current argv */
4360         if (arginfo->handle_opt == NULL) {
4361             (void) fprintf(stderr, "qemu: unknown option '%s'\n", r);
4362             exit(EXIT_FAILURE);
4363         }
4364     }
4365 
4366     if (optind >= argc) {
4367         (void) fprintf(stderr, "qemu: no user program specified\n");
4368         exit(EXIT_FAILURE);
4369     }
4370 
4371     filename = argv[optind];
4372     exec_path = argv[optind];
4373 
4374     return optind;
4375 }
4376 
4377 int main(int argc, char **argv, char **envp)
4378 {
4379     struct target_pt_regs regs1, *regs = &regs1;
4380     struct image_info info1, *info = &info1;
4381     struct linux_binprm bprm;
4382     TaskState *ts;
4383     CPUArchState *env;
4384     CPUState *cpu;
4385     int optind;
4386     char **target_environ, **wrk;
4387     char **target_argv;
4388     int target_argc;
4389     int i;
4390     int ret;
4391     int execfd;
4392 
4393     module_call_init(MODULE_INIT_TRACE);
4394     qemu_init_cpu_list();
4395     module_call_init(MODULE_INIT_QOM);
4396 
4397     envlist = envlist_create();
4398 
4399     /* add current environment into the list */
4400     for (wrk = environ; *wrk != NULL; wrk++) {
4401         (void) envlist_setenv(envlist, *wrk);
4402     }
4403 
4404     /* Read the stack limit from the kernel.  If it's "unlimited",
4405        then we can do little else besides use the default.  */
4406     {
4407         struct rlimit lim;
4408         if (getrlimit(RLIMIT_STACK, &lim) == 0
4409             && lim.rlim_cur != RLIM_INFINITY
4410             && lim.rlim_cur == (target_long)lim.rlim_cur) {
4411             guest_stack_size = lim.rlim_cur;
4412         }
4413     }
4414 
4415     cpu_model = NULL;
4416 
4417     srand(time(NULL));
4418 
4419     qemu_add_opts(&qemu_trace_opts);
4420 
4421     optind = parse_args(argc, argv);
4422 
4423     if (!trace_init_backends()) {
4424         exit(1);
4425     }
4426     trace_init_file(trace_file);
4427 
4428     /* Zero out regs */
4429     memset(regs, 0, sizeof(struct target_pt_regs));
4430 
4431     /* Zero out image_info */
4432     memset(info, 0, sizeof(struct image_info));
4433 
4434     memset(&bprm, 0, sizeof (bprm));
4435 
4436     /* Scan interp_prefix dir for replacement files. */
4437     init_paths(interp_prefix);
4438 
4439     init_qemu_uname_release();
4440 
4441     execfd = qemu_getauxval(AT_EXECFD);
4442     if (execfd == 0) {
4443         execfd = open(filename, O_RDONLY);
4444         if (execfd < 0) {
4445             printf("Error while loading %s: %s\n", filename, strerror(errno));
4446             _exit(EXIT_FAILURE);
4447         }
4448     }
4449 
4450     if (cpu_model == NULL) {
4451         cpu_model = cpu_get_model(get_elf_eflags(execfd));
4452     }
4453     tcg_exec_init(0);
4454     /* NOTE: we need to init the CPU at this stage to get
4455        qemu_host_page_size */
4456     cpu = cpu_init(cpu_model);
4457     env = cpu->env_ptr;
4458     cpu_reset(cpu);
4459 
4460     thread_cpu = cpu;
4461 
4462     if (getenv("QEMU_STRACE")) {
4463         do_strace = 1;
4464     }
4465 
4466     if (getenv("QEMU_RAND_SEED")) {
4467         handle_arg_randseed(getenv("QEMU_RAND_SEED"));
4468     }
4469 
4470     target_environ = envlist_to_environ(envlist, NULL);
4471     envlist_free(envlist);
4472 
4473     /*
4474      * Now that page sizes are configured in cpu_init() we can do
4475      * proper page alignment for guest_base.
4476      */
4477     guest_base = HOST_PAGE_ALIGN(guest_base);
4478 
4479     if (reserved_va || have_guest_base) {
4480         guest_base = init_guest_space(guest_base, reserved_va, 0,
4481                                       have_guest_base);
4482         if (guest_base == (unsigned long)-1) {
4483             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
4484                     "space for use as guest address space (check your virtual "
4485                     "memory ulimit setting or reserve less using -R option)\n",
4486                     reserved_va);
4487             exit(EXIT_FAILURE);
4488         }
4489 
4490         if (reserved_va) {
4491             mmap_next_start = reserved_va;
4492         }
4493     }
4494 
4495     /*
4496      * Read in mmap_min_addr kernel parameter.  This value is used
4497      * When loading the ELF image to determine whether guest_base
4498      * is needed.  It is also used in mmap_find_vma.
4499      */
4500     {
4501         FILE *fp;
4502 
4503         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
4504             unsigned long tmp;
4505             if (fscanf(fp, "%lu", &tmp) == 1) {
4506                 mmap_min_addr = tmp;
4507                 qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", mmap_min_addr);
4508             }
4509             fclose(fp);
4510         }
4511     }
4512 
4513     /*
4514      * Prepare copy of argv vector for target.
4515      */
4516     target_argc = argc - optind;
4517     target_argv = calloc(target_argc + 1, sizeof (char *));
4518     if (target_argv == NULL) {
4519 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
4520 	exit(EXIT_FAILURE);
4521     }
4522 
4523     /*
4524      * If argv0 is specified (using '-0' switch) we replace
4525      * argv[0] pointer with the given one.
4526      */
4527     i = 0;
4528     if (argv0 != NULL) {
4529         target_argv[i++] = strdup(argv0);
4530     }
4531     for (; i < target_argc; i++) {
4532         target_argv[i] = strdup(argv[optind + i]);
4533     }
4534     target_argv[target_argc] = NULL;
4535 
4536     ts = g_new0(TaskState, 1);
4537     init_task_state(ts);
4538     /* build Task State */
4539     ts->info = info;
4540     ts->bprm = &bprm;
4541     cpu->opaque = ts;
4542     task_settid(ts);
4543 
4544     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
4545         info, &bprm);
4546     if (ret != 0) {
4547         printf("Error while loading %s: %s\n", filename, strerror(-ret));
4548         _exit(EXIT_FAILURE);
4549     }
4550 
4551     for (wrk = target_environ; *wrk; wrk++) {
4552         g_free(*wrk);
4553     }
4554 
4555     g_free(target_environ);
4556 
4557     if (qemu_loglevel_mask(CPU_LOG_PAGE)) {
4558         qemu_log("guest_base  0x%lx\n", guest_base);
4559         log_page_dump();
4560 
4561         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
4562         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
4563         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n", info->start_code);
4564         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n", info->start_data);
4565         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
4566         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n", info->start_stack);
4567         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
4568         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
4569         qemu_log("argv_start  0x" TARGET_ABI_FMT_lx "\n", info->arg_start);
4570         qemu_log("env_start   0x" TARGET_ABI_FMT_lx "\n",
4571                  info->arg_end + (abi_ulong)sizeof(abi_ulong));
4572         qemu_log("auxv_start  0x" TARGET_ABI_FMT_lx "\n", info->saved_auxv);
4573     }
4574 
4575     target_set_brk(info->brk);
4576     syscall_init();
4577     signal_init();
4578 
4579     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
4580        generating the prologue until now so that the prologue can take
4581        the real value of GUEST_BASE into account.  */
4582     tcg_prologue_init(tcg_ctx);
4583     tcg_region_init();
4584 
4585 #if defined(TARGET_I386)
4586     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
4587     env->hflags |= HF_PE_MASK | HF_CPL_MASK;
4588     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
4589         env->cr[4] |= CR4_OSFXSR_MASK;
4590         env->hflags |= HF_OSFXSR_MASK;
4591     }
4592 #ifndef TARGET_ABI32
4593     /* enable 64 bit mode if possible */
4594     if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
4595         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
4596         exit(EXIT_FAILURE);
4597     }
4598     env->cr[4] |= CR4_PAE_MASK;
4599     env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
4600     env->hflags |= HF_LMA_MASK;
4601 #endif
4602 
4603     /* flags setup : we activate the IRQs by default as in user mode */
4604     env->eflags |= IF_MASK;
4605 
4606     /* linux register setup */
4607 #ifndef TARGET_ABI32
4608     env->regs[R_EAX] = regs->rax;
4609     env->regs[R_EBX] = regs->rbx;
4610     env->regs[R_ECX] = regs->rcx;
4611     env->regs[R_EDX] = regs->rdx;
4612     env->regs[R_ESI] = regs->rsi;
4613     env->regs[R_EDI] = regs->rdi;
4614     env->regs[R_EBP] = regs->rbp;
4615     env->regs[R_ESP] = regs->rsp;
4616     env->eip = regs->rip;
4617 #else
4618     env->regs[R_EAX] = regs->eax;
4619     env->regs[R_EBX] = regs->ebx;
4620     env->regs[R_ECX] = regs->ecx;
4621     env->regs[R_EDX] = regs->edx;
4622     env->regs[R_ESI] = regs->esi;
4623     env->regs[R_EDI] = regs->edi;
4624     env->regs[R_EBP] = regs->ebp;
4625     env->regs[R_ESP] = regs->esp;
4626     env->eip = regs->eip;
4627 #endif
4628 
4629     /* linux interrupt setup */
4630 #ifndef TARGET_ABI32
4631     env->idt.limit = 511;
4632 #else
4633     env->idt.limit = 255;
4634 #endif
4635     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
4636                                 PROT_READ|PROT_WRITE,
4637                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4638     idt_table = g2h(env->idt.base);
4639     set_idt(0, 0);
4640     set_idt(1, 0);
4641     set_idt(2, 0);
4642     set_idt(3, 3);
4643     set_idt(4, 3);
4644     set_idt(5, 0);
4645     set_idt(6, 0);
4646     set_idt(7, 0);
4647     set_idt(8, 0);
4648     set_idt(9, 0);
4649     set_idt(10, 0);
4650     set_idt(11, 0);
4651     set_idt(12, 0);
4652     set_idt(13, 0);
4653     set_idt(14, 0);
4654     set_idt(15, 0);
4655     set_idt(16, 0);
4656     set_idt(17, 0);
4657     set_idt(18, 0);
4658     set_idt(19, 0);
4659     set_idt(0x80, 3);
4660 
4661     /* linux segment setup */
4662     {
4663         uint64_t *gdt_table;
4664         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
4665                                     PROT_READ|PROT_WRITE,
4666                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4667         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
4668         gdt_table = g2h(env->gdt.base);
4669 #ifdef TARGET_ABI32
4670         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4671                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4672                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4673 #else
4674         /* 64 bit code segment */
4675         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4676                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4677                  DESC_L_MASK |
4678                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4679 #endif
4680         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
4681                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4682                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
4683     }
4684     cpu_x86_load_seg(env, R_CS, __USER_CS);
4685     cpu_x86_load_seg(env, R_SS, __USER_DS);
4686 #ifdef TARGET_ABI32
4687     cpu_x86_load_seg(env, R_DS, __USER_DS);
4688     cpu_x86_load_seg(env, R_ES, __USER_DS);
4689     cpu_x86_load_seg(env, R_FS, __USER_DS);
4690     cpu_x86_load_seg(env, R_GS, __USER_DS);
4691     /* This hack makes Wine work... */
4692     env->segs[R_FS].selector = 0;
4693 #else
4694     cpu_x86_load_seg(env, R_DS, 0);
4695     cpu_x86_load_seg(env, R_ES, 0);
4696     cpu_x86_load_seg(env, R_FS, 0);
4697     cpu_x86_load_seg(env, R_GS, 0);
4698 #endif
4699 #elif defined(TARGET_AARCH64)
4700     {
4701         int i;
4702 
4703         if (!(arm_feature(env, ARM_FEATURE_AARCH64))) {
4704             fprintf(stderr,
4705                     "The selected ARM CPU does not support 64 bit mode\n");
4706             exit(EXIT_FAILURE);
4707         }
4708 
4709         for (i = 0; i < 31; i++) {
4710             env->xregs[i] = regs->regs[i];
4711         }
4712         env->pc = regs->pc;
4713         env->xregs[31] = regs->sp;
4714 #ifdef TARGET_WORDS_BIGENDIAN
4715         env->cp15.sctlr_el[1] |= SCTLR_E0E;
4716         for (i = 1; i < 4; ++i) {
4717             env->cp15.sctlr_el[i] |= SCTLR_EE;
4718         }
4719 #endif
4720     }
4721 #elif defined(TARGET_ARM)
4722     {
4723         int i;
4724         cpsr_write(env, regs->uregs[16], CPSR_USER | CPSR_EXEC,
4725                    CPSRWriteByInstr);
4726         for(i = 0; i < 16; i++) {
4727             env->regs[i] = regs->uregs[i];
4728         }
4729 #ifdef TARGET_WORDS_BIGENDIAN
4730         /* Enable BE8.  */
4731         if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4
4732             && (info->elf_flags & EF_ARM_BE8)) {
4733             env->uncached_cpsr |= CPSR_E;
4734             env->cp15.sctlr_el[1] |= SCTLR_E0E;
4735         } else {
4736             env->cp15.sctlr_el[1] |= SCTLR_B;
4737         }
4738 #endif
4739     }
4740 #elif defined(TARGET_UNICORE32)
4741     {
4742         int i;
4743         cpu_asr_write(env, regs->uregs[32], 0xffffffff);
4744         for (i = 0; i < 32; i++) {
4745             env->regs[i] = regs->uregs[i];
4746         }
4747     }
4748 #elif defined(TARGET_SPARC)
4749     {
4750         int i;
4751 	env->pc = regs->pc;
4752 	env->npc = regs->npc;
4753         env->y = regs->y;
4754         for(i = 0; i < 8; i++)
4755             env->gregs[i] = regs->u_regs[i];
4756         for(i = 0; i < 8; i++)
4757             env->regwptr[i] = regs->u_regs[i + 8];
4758     }
4759 #elif defined(TARGET_PPC)
4760     {
4761         int i;
4762 
4763 #if defined(TARGET_PPC64)
4764         int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
4765 #if defined(TARGET_ABI32)
4766         env->msr &= ~((target_ulong)1 << flag);
4767 #else
4768         env->msr |= (target_ulong)1 << flag;
4769 #endif
4770 #endif
4771         env->nip = regs->nip;
4772         for(i = 0; i < 32; i++) {
4773             env->gpr[i] = regs->gpr[i];
4774         }
4775     }
4776 #elif defined(TARGET_M68K)
4777     {
4778         env->pc = regs->pc;
4779         env->dregs[0] = regs->d0;
4780         env->dregs[1] = regs->d1;
4781         env->dregs[2] = regs->d2;
4782         env->dregs[3] = regs->d3;
4783         env->dregs[4] = regs->d4;
4784         env->dregs[5] = regs->d5;
4785         env->dregs[6] = regs->d6;
4786         env->dregs[7] = regs->d7;
4787         env->aregs[0] = regs->a0;
4788         env->aregs[1] = regs->a1;
4789         env->aregs[2] = regs->a2;
4790         env->aregs[3] = regs->a3;
4791         env->aregs[4] = regs->a4;
4792         env->aregs[5] = regs->a5;
4793         env->aregs[6] = regs->a6;
4794         env->aregs[7] = regs->usp;
4795         env->sr = regs->sr;
4796         ts->sim_syscalls = 1;
4797     }
4798 #elif defined(TARGET_MICROBLAZE)
4799     {
4800         env->regs[0] = regs->r0;
4801         env->regs[1] = regs->r1;
4802         env->regs[2] = regs->r2;
4803         env->regs[3] = regs->r3;
4804         env->regs[4] = regs->r4;
4805         env->regs[5] = regs->r5;
4806         env->regs[6] = regs->r6;
4807         env->regs[7] = regs->r7;
4808         env->regs[8] = regs->r8;
4809         env->regs[9] = regs->r9;
4810         env->regs[10] = regs->r10;
4811         env->regs[11] = regs->r11;
4812         env->regs[12] = regs->r12;
4813         env->regs[13] = regs->r13;
4814         env->regs[14] = regs->r14;
4815         env->regs[15] = regs->r15;
4816         env->regs[16] = regs->r16;
4817         env->regs[17] = regs->r17;
4818         env->regs[18] = regs->r18;
4819         env->regs[19] = regs->r19;
4820         env->regs[20] = regs->r20;
4821         env->regs[21] = regs->r21;
4822         env->regs[22] = regs->r22;
4823         env->regs[23] = regs->r23;
4824         env->regs[24] = regs->r24;
4825         env->regs[25] = regs->r25;
4826         env->regs[26] = regs->r26;
4827         env->regs[27] = regs->r27;
4828         env->regs[28] = regs->r28;
4829         env->regs[29] = regs->r29;
4830         env->regs[30] = regs->r30;
4831         env->regs[31] = regs->r31;
4832         env->sregs[SR_PC] = regs->pc;
4833     }
4834 #elif defined(TARGET_MIPS)
4835     {
4836         int i;
4837 
4838         for(i = 0; i < 32; i++) {
4839             env->active_tc.gpr[i] = regs->regs[i];
4840         }
4841         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
4842         if (regs->cp0_epc & 1) {
4843             env->hflags |= MIPS_HFLAG_M16;
4844         }
4845         if (((info->elf_flags & EF_MIPS_NAN2008) != 0) !=
4846             ((env->active_fpu.fcr31 & (1 << FCR31_NAN2008)) != 0)) {
4847             if ((env->active_fpu.fcr31_rw_bitmask &
4848                   (1 << FCR31_NAN2008)) == 0) {
4849                 fprintf(stderr, "ELF binary's NaN mode not supported by CPU\n");
4850                 exit(1);
4851             }
4852             if ((info->elf_flags & EF_MIPS_NAN2008) != 0) {
4853                 env->active_fpu.fcr31 |= (1 << FCR31_NAN2008);
4854             } else {
4855                 env->active_fpu.fcr31 &= ~(1 << FCR31_NAN2008);
4856             }
4857             restore_snan_bit_mode(env);
4858         }
4859     }
4860 #elif defined(TARGET_NIOS2)
4861     {
4862         env->regs[0] = 0;
4863         env->regs[1] = regs->r1;
4864         env->regs[2] = regs->r2;
4865         env->regs[3] = regs->r3;
4866         env->regs[4] = regs->r4;
4867         env->regs[5] = regs->r5;
4868         env->regs[6] = regs->r6;
4869         env->regs[7] = regs->r7;
4870         env->regs[8] = regs->r8;
4871         env->regs[9] = regs->r9;
4872         env->regs[10] = regs->r10;
4873         env->regs[11] = regs->r11;
4874         env->regs[12] = regs->r12;
4875         env->regs[13] = regs->r13;
4876         env->regs[14] = regs->r14;
4877         env->regs[15] = regs->r15;
4878         /* TODO: unsigned long  orig_r2; */
4879         env->regs[R_RA] = regs->ra;
4880         env->regs[R_FP] = regs->fp;
4881         env->regs[R_SP] = regs->sp;
4882         env->regs[R_GP] = regs->gp;
4883         env->regs[CR_ESTATUS] = regs->estatus;
4884         env->regs[R_EA] = regs->ea;
4885         /* TODO: unsigned long  orig_r7; */
4886 
4887         /* Emulate eret when starting thread. */
4888         env->regs[R_PC] = regs->ea;
4889     }
4890 #elif defined(TARGET_OPENRISC)
4891     {
4892         int i;
4893 
4894         for (i = 0; i < 32; i++) {
4895             cpu_set_gpr(env, i, regs->gpr[i]);
4896         }
4897         env->pc = regs->pc;
4898         cpu_set_sr(env, regs->sr);
4899     }
4900 #elif defined(TARGET_RISCV)
4901     {
4902         env->pc = regs->sepc;
4903         env->gpr[xSP] = regs->sp;
4904     }
4905 #elif defined(TARGET_SH4)
4906     {
4907         int i;
4908 
4909         for(i = 0; i < 16; i++) {
4910             env->gregs[i] = regs->regs[i];
4911         }
4912         env->pc = regs->pc;
4913     }
4914 #elif defined(TARGET_ALPHA)
4915     {
4916         int i;
4917 
4918         for(i = 0; i < 28; i++) {
4919             env->ir[i] = ((abi_ulong *)regs)[i];
4920         }
4921         env->ir[IR_SP] = regs->usp;
4922         env->pc = regs->pc;
4923     }
4924 #elif defined(TARGET_CRIS)
4925     {
4926 	    env->regs[0] = regs->r0;
4927 	    env->regs[1] = regs->r1;
4928 	    env->regs[2] = regs->r2;
4929 	    env->regs[3] = regs->r3;
4930 	    env->regs[4] = regs->r4;
4931 	    env->regs[5] = regs->r5;
4932 	    env->regs[6] = regs->r6;
4933 	    env->regs[7] = regs->r7;
4934 	    env->regs[8] = regs->r8;
4935 	    env->regs[9] = regs->r9;
4936 	    env->regs[10] = regs->r10;
4937 	    env->regs[11] = regs->r11;
4938 	    env->regs[12] = regs->r12;
4939 	    env->regs[13] = regs->r13;
4940 	    env->regs[14] = info->start_stack;
4941 	    env->regs[15] = regs->acr;
4942 	    env->pc = regs->erp;
4943     }
4944 #elif defined(TARGET_S390X)
4945     {
4946             int i;
4947             for (i = 0; i < 16; i++) {
4948                 env->regs[i] = regs->gprs[i];
4949             }
4950             env->psw.mask = regs->psw.mask;
4951             env->psw.addr = regs->psw.addr;
4952     }
4953 #elif defined(TARGET_TILEGX)
4954     {
4955         int i;
4956         for (i = 0; i < TILEGX_R_COUNT; i++) {
4957             env->regs[i] = regs->regs[i];
4958         }
4959         for (i = 0; i < TILEGX_SPR_COUNT; i++) {
4960             env->spregs[i] = 0;
4961         }
4962         env->pc = regs->pc;
4963     }
4964 #elif defined(TARGET_HPPA)
4965     {
4966         int i;
4967         for (i = 1; i < 32; i++) {
4968             env->gr[i] = regs->gr[i];
4969         }
4970         env->iaoq_f = regs->iaoq[0];
4971         env->iaoq_b = regs->iaoq[1];
4972     }
4973 #else
4974 #error unsupported target CPU
4975 #endif
4976 
4977 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
4978     ts->stack_base = info->start_stack;
4979     ts->heap_base = info->brk;
4980     /* This will be filled in on the first SYS_HEAPINFO call.  */
4981     ts->heap_limit = 0;
4982 #endif
4983 
4984     if (gdbstub_port) {
4985         if (gdbserver_start(gdbstub_port) < 0) {
4986             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
4987                     gdbstub_port);
4988             exit(EXIT_FAILURE);
4989         }
4990         gdb_handlesig(cpu, 0);
4991     }
4992     cpu_loop(env);
4993     /* never exits */
4994     return 0;
4995 }
4996