xref: /openbmc/qemu/linux-user/main.c (revision bc5c4f21)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "qemu-version.h"
21 #include <sys/syscall.h>
22 #include <sys/resource.h>
23 
24 #include "qapi/error.h"
25 #include "qemu.h"
26 #include "qemu/path.h"
27 #include "qemu/config-file.h"
28 #include "qemu/cutils.h"
29 #include "qemu/help_option.h"
30 #include "cpu.h"
31 #include "exec/exec-all.h"
32 #include "tcg.h"
33 #include "qemu/timer.h"
34 #include "qemu/envlist.h"
35 #include "elf.h"
36 #include "exec/log.h"
37 #include "trace/control.h"
38 #include "glib-compat.h"
39 
40 char *exec_path;
41 
42 int singlestep;
43 static const char *filename;
44 static const char *argv0;
45 static int gdbstub_port;
46 static envlist_t *envlist;
47 static const char *cpu_model;
48 unsigned long mmap_min_addr;
49 unsigned long guest_base;
50 int have_guest_base;
51 
52 #define EXCP_DUMP(env, fmt, ...)                                        \
53 do {                                                                    \
54     CPUState *cs = ENV_GET_CPU(env);                                    \
55     fprintf(stderr, fmt , ## __VA_ARGS__);                              \
56     cpu_dump_state(cs, stderr, fprintf, 0);                             \
57     if (qemu_log_separate()) {                                          \
58         qemu_log(fmt, ## __VA_ARGS__);                                  \
59         log_cpu_state(cs, 0);                                           \
60     }                                                                   \
61 } while (0)
62 
63 #if (TARGET_LONG_BITS == 32) && (HOST_LONG_BITS == 64)
64 /*
65  * When running 32-on-64 we should make sure we can fit all of the possible
66  * guest address space into a contiguous chunk of virtual host memory.
67  *
68  * This way we will never overlap with our own libraries or binaries or stack
69  * or anything else that QEMU maps.
70  */
71 # if defined(TARGET_MIPS) || defined(TARGET_NIOS2)
72 /*
73  * MIPS only supports 31 bits of virtual address space for user space.
74  * Nios2 also only supports 31 bits.
75  */
76 unsigned long reserved_va = 0x77000000;
77 # else
78 unsigned long reserved_va = 0xf7000000;
79 # endif
80 #else
81 unsigned long reserved_va;
82 #endif
83 
84 static void usage(int exitcode);
85 
86 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
87 const char *qemu_uname_release;
88 
89 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
90    we allocate a bigger stack. Need a better solution, for example
91    by remapping the process stack directly at the right place */
92 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
93 
94 void gemu_log(const char *fmt, ...)
95 {
96     va_list ap;
97 
98     va_start(ap, fmt);
99     vfprintf(stderr, fmt, ap);
100     va_end(ap);
101 }
102 
103 #if defined(TARGET_I386)
104 int cpu_get_pic_interrupt(CPUX86State *env)
105 {
106     return -1;
107 }
108 #endif
109 
110 /***********************************************************/
111 /* Helper routines for implementing atomic operations.  */
112 
113 /* Make sure everything is in a consistent state for calling fork().  */
114 void fork_start(void)
115 {
116     cpu_list_lock();
117     qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
118     mmap_fork_start();
119 }
120 
121 void fork_end(int child)
122 {
123     mmap_fork_end(child);
124     if (child) {
125         CPUState *cpu, *next_cpu;
126         /* Child processes created by fork() only have a single thread.
127            Discard information about the parent threads.  */
128         CPU_FOREACH_SAFE(cpu, next_cpu) {
129             if (cpu != thread_cpu) {
130                 QTAILQ_REMOVE(&cpus, cpu, node);
131             }
132         }
133         qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
134         qemu_init_cpu_list();
135         gdbserver_fork(thread_cpu);
136     } else {
137         qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
138         cpu_list_unlock();
139     }
140 }
141 
142 #ifdef TARGET_I386
143 /***********************************************************/
144 /* CPUX86 core interface */
145 
146 uint64_t cpu_get_tsc(CPUX86State *env)
147 {
148     return cpu_get_host_ticks();
149 }
150 
151 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
152                      int flags)
153 {
154     unsigned int e1, e2;
155     uint32_t *p;
156     e1 = (addr << 16) | (limit & 0xffff);
157     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
158     e2 |= flags;
159     p = ptr;
160     p[0] = tswap32(e1);
161     p[1] = tswap32(e2);
162 }
163 
164 static uint64_t *idt_table;
165 #ifdef TARGET_X86_64
166 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
167                        uint64_t addr, unsigned int sel)
168 {
169     uint32_t *p, e1, e2;
170     e1 = (addr & 0xffff) | (sel << 16);
171     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
172     p = ptr;
173     p[0] = tswap32(e1);
174     p[1] = tswap32(e2);
175     p[2] = tswap32(addr >> 32);
176     p[3] = 0;
177 }
178 /* only dpl matters as we do only user space emulation */
179 static void set_idt(int n, unsigned int dpl)
180 {
181     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
182 }
183 #else
184 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
185                      uint32_t addr, unsigned int sel)
186 {
187     uint32_t *p, e1, e2;
188     e1 = (addr & 0xffff) | (sel << 16);
189     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
190     p = ptr;
191     p[0] = tswap32(e1);
192     p[1] = tswap32(e2);
193 }
194 
195 /* only dpl matters as we do only user space emulation */
196 static void set_idt(int n, unsigned int dpl)
197 {
198     set_gate(idt_table + n, 0, dpl, 0, 0);
199 }
200 #endif
201 
202 void cpu_loop(CPUX86State *env)
203 {
204     CPUState *cs = CPU(x86_env_get_cpu(env));
205     int trapnr;
206     abi_ulong pc;
207     abi_ulong ret;
208     target_siginfo_t info;
209 
210     for(;;) {
211         cpu_exec_start(cs);
212         trapnr = cpu_exec(cs);
213         cpu_exec_end(cs);
214         process_queued_cpu_work(cs);
215 
216         switch(trapnr) {
217         case 0x80:
218             /* linux syscall from int $0x80 */
219             ret = do_syscall(env,
220                              env->regs[R_EAX],
221                              env->regs[R_EBX],
222                              env->regs[R_ECX],
223                              env->regs[R_EDX],
224                              env->regs[R_ESI],
225                              env->regs[R_EDI],
226                              env->regs[R_EBP],
227                              0, 0);
228             if (ret == -TARGET_ERESTARTSYS) {
229                 env->eip -= 2;
230             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
231                 env->regs[R_EAX] = ret;
232             }
233             break;
234 #ifndef TARGET_ABI32
235         case EXCP_SYSCALL:
236             /* linux syscall from syscall instruction */
237             ret = do_syscall(env,
238                              env->regs[R_EAX],
239                              env->regs[R_EDI],
240                              env->regs[R_ESI],
241                              env->regs[R_EDX],
242                              env->regs[10],
243                              env->regs[8],
244                              env->regs[9],
245                              0, 0);
246             if (ret == -TARGET_ERESTARTSYS) {
247                 env->eip -= 2;
248             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
249                 env->regs[R_EAX] = ret;
250             }
251             break;
252 #endif
253         case EXCP0B_NOSEG:
254         case EXCP0C_STACK:
255             info.si_signo = TARGET_SIGBUS;
256             info.si_errno = 0;
257             info.si_code = TARGET_SI_KERNEL;
258             info._sifields._sigfault._addr = 0;
259             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
260             break;
261         case EXCP0D_GPF:
262             /* XXX: potential problem if ABI32 */
263 #ifndef TARGET_X86_64
264             if (env->eflags & VM_MASK) {
265                 handle_vm86_fault(env);
266             } else
267 #endif
268             {
269                 info.si_signo = TARGET_SIGSEGV;
270                 info.si_errno = 0;
271                 info.si_code = TARGET_SI_KERNEL;
272                 info._sifields._sigfault._addr = 0;
273                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
274             }
275             break;
276         case EXCP0E_PAGE:
277             info.si_signo = TARGET_SIGSEGV;
278             info.si_errno = 0;
279             if (!(env->error_code & 1))
280                 info.si_code = TARGET_SEGV_MAPERR;
281             else
282                 info.si_code = TARGET_SEGV_ACCERR;
283             info._sifields._sigfault._addr = env->cr[2];
284             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
285             break;
286         case EXCP00_DIVZ:
287 #ifndef TARGET_X86_64
288             if (env->eflags & VM_MASK) {
289                 handle_vm86_trap(env, trapnr);
290             } else
291 #endif
292             {
293                 /* division by zero */
294                 info.si_signo = TARGET_SIGFPE;
295                 info.si_errno = 0;
296                 info.si_code = TARGET_FPE_INTDIV;
297                 info._sifields._sigfault._addr = env->eip;
298                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
299             }
300             break;
301         case EXCP01_DB:
302         case EXCP03_INT3:
303 #ifndef TARGET_X86_64
304             if (env->eflags & VM_MASK) {
305                 handle_vm86_trap(env, trapnr);
306             } else
307 #endif
308             {
309                 info.si_signo = TARGET_SIGTRAP;
310                 info.si_errno = 0;
311                 if (trapnr == EXCP01_DB) {
312                     info.si_code = TARGET_TRAP_BRKPT;
313                     info._sifields._sigfault._addr = env->eip;
314                 } else {
315                     info.si_code = TARGET_SI_KERNEL;
316                     info._sifields._sigfault._addr = 0;
317                 }
318                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
319             }
320             break;
321         case EXCP04_INTO:
322         case EXCP05_BOUND:
323 #ifndef TARGET_X86_64
324             if (env->eflags & VM_MASK) {
325                 handle_vm86_trap(env, trapnr);
326             } else
327 #endif
328             {
329                 info.si_signo = TARGET_SIGSEGV;
330                 info.si_errno = 0;
331                 info.si_code = TARGET_SI_KERNEL;
332                 info._sifields._sigfault._addr = 0;
333                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
334             }
335             break;
336         case EXCP06_ILLOP:
337             info.si_signo = TARGET_SIGILL;
338             info.si_errno = 0;
339             info.si_code = TARGET_ILL_ILLOPN;
340             info._sifields._sigfault._addr = env->eip;
341             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
342             break;
343         case EXCP_INTERRUPT:
344             /* just indicate that signals should be handled asap */
345             break;
346         case EXCP_DEBUG:
347             {
348                 int sig;
349 
350                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
351                 if (sig)
352                   {
353                     info.si_signo = sig;
354                     info.si_errno = 0;
355                     info.si_code = TARGET_TRAP_BRKPT;
356                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
357                   }
358             }
359             break;
360         case EXCP_ATOMIC:
361             cpu_exec_step_atomic(cs);
362             break;
363         default:
364             pc = env->segs[R_CS].base + env->eip;
365             EXCP_DUMP(env, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
366                       (long)pc, trapnr);
367             abort();
368         }
369         process_pending_signals(env);
370     }
371 }
372 #endif
373 
374 #ifdef TARGET_ARM
375 
376 #define get_user_code_u32(x, gaddr, env)                \
377     ({ abi_long __r = get_user_u32((x), (gaddr));       \
378         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
379             (x) = bswap32(x);                           \
380         }                                               \
381         __r;                                            \
382     })
383 
384 #define get_user_code_u16(x, gaddr, env)                \
385     ({ abi_long __r = get_user_u16((x), (gaddr));       \
386         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
387             (x) = bswap16(x);                           \
388         }                                               \
389         __r;                                            \
390     })
391 
392 #define get_user_data_u32(x, gaddr, env)                \
393     ({ abi_long __r = get_user_u32((x), (gaddr));       \
394         if (!__r && arm_cpu_bswap_data(env)) {          \
395             (x) = bswap32(x);                           \
396         }                                               \
397         __r;                                            \
398     })
399 
400 #define get_user_data_u16(x, gaddr, env)                \
401     ({ abi_long __r = get_user_u16((x), (gaddr));       \
402         if (!__r && arm_cpu_bswap_data(env)) {          \
403             (x) = bswap16(x);                           \
404         }                                               \
405         __r;                                            \
406     })
407 
408 #define put_user_data_u32(x, gaddr, env)                \
409     ({ typeof(x) __x = (x);                             \
410         if (arm_cpu_bswap_data(env)) {                  \
411             __x = bswap32(__x);                         \
412         }                                               \
413         put_user_u32(__x, (gaddr));                     \
414     })
415 
416 #define put_user_data_u16(x, gaddr, env)                \
417     ({ typeof(x) __x = (x);                             \
418         if (arm_cpu_bswap_data(env)) {                  \
419             __x = bswap16(__x);                         \
420         }                                               \
421         put_user_u16(__x, (gaddr));                     \
422     })
423 
424 #ifdef TARGET_ABI32
425 /* Commpage handling -- there is no commpage for AArch64 */
426 
427 /*
428  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
429  * Input:
430  * r0 = pointer to oldval
431  * r1 = pointer to newval
432  * r2 = pointer to target value
433  *
434  * Output:
435  * r0 = 0 if *ptr was changed, non-0 if no exchange happened
436  * C set if *ptr was changed, clear if no exchange happened
437  *
438  * Note segv's in kernel helpers are a bit tricky, we can set the
439  * data address sensibly but the PC address is just the entry point.
440  */
441 static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
442 {
443     uint64_t oldval, newval, val;
444     uint32_t addr, cpsr;
445     target_siginfo_t info;
446 
447     /* Based on the 32 bit code in do_kernel_trap */
448 
449     /* XXX: This only works between threads, not between processes.
450        It's probably possible to implement this with native host
451        operations. However things like ldrex/strex are much harder so
452        there's not much point trying.  */
453     start_exclusive();
454     cpsr = cpsr_read(env);
455     addr = env->regs[2];
456 
457     if (get_user_u64(oldval, env->regs[0])) {
458         env->exception.vaddress = env->regs[0];
459         goto segv;
460     };
461 
462     if (get_user_u64(newval, env->regs[1])) {
463         env->exception.vaddress = env->regs[1];
464         goto segv;
465     };
466 
467     if (get_user_u64(val, addr)) {
468         env->exception.vaddress = addr;
469         goto segv;
470     }
471 
472     if (val == oldval) {
473         val = newval;
474 
475         if (put_user_u64(val, addr)) {
476             env->exception.vaddress = addr;
477             goto segv;
478         };
479 
480         env->regs[0] = 0;
481         cpsr |= CPSR_C;
482     } else {
483         env->regs[0] = -1;
484         cpsr &= ~CPSR_C;
485     }
486     cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
487     end_exclusive();
488     return;
489 
490 segv:
491     end_exclusive();
492     /* We get the PC of the entry address - which is as good as anything,
493        on a real kernel what you get depends on which mode it uses. */
494     info.si_signo = TARGET_SIGSEGV;
495     info.si_errno = 0;
496     /* XXX: check env->error_code */
497     info.si_code = TARGET_SEGV_MAPERR;
498     info._sifields._sigfault._addr = env->exception.vaddress;
499     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
500 }
501 
502 /* Handle a jump to the kernel code page.  */
503 static int
504 do_kernel_trap(CPUARMState *env)
505 {
506     uint32_t addr;
507     uint32_t cpsr;
508     uint32_t val;
509 
510     switch (env->regs[15]) {
511     case 0xffff0fa0: /* __kernel_memory_barrier */
512         /* ??? No-op. Will need to do better for SMP.  */
513         break;
514     case 0xffff0fc0: /* __kernel_cmpxchg */
515          /* XXX: This only works between threads, not between processes.
516             It's probably possible to implement this with native host
517             operations. However things like ldrex/strex are much harder so
518             there's not much point trying.  */
519         start_exclusive();
520         cpsr = cpsr_read(env);
521         addr = env->regs[2];
522         /* FIXME: This should SEGV if the access fails.  */
523         if (get_user_u32(val, addr))
524             val = ~env->regs[0];
525         if (val == env->regs[0]) {
526             val = env->regs[1];
527             /* FIXME: Check for segfaults.  */
528             put_user_u32(val, addr);
529             env->regs[0] = 0;
530             cpsr |= CPSR_C;
531         } else {
532             env->regs[0] = -1;
533             cpsr &= ~CPSR_C;
534         }
535         cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
536         end_exclusive();
537         break;
538     case 0xffff0fe0: /* __kernel_get_tls */
539         env->regs[0] = cpu_get_tls(env);
540         break;
541     case 0xffff0f60: /* __kernel_cmpxchg64 */
542         arm_kernel_cmpxchg64_helper(env);
543         break;
544 
545     default:
546         return 1;
547     }
548     /* Jump back to the caller.  */
549     addr = env->regs[14];
550     if (addr & 1) {
551         env->thumb = 1;
552         addr &= ~1;
553     }
554     env->regs[15] = addr;
555 
556     return 0;
557 }
558 
559 void cpu_loop(CPUARMState *env)
560 {
561     CPUState *cs = CPU(arm_env_get_cpu(env));
562     int trapnr;
563     unsigned int n, insn;
564     target_siginfo_t info;
565     uint32_t addr;
566     abi_ulong ret;
567 
568     for(;;) {
569         cpu_exec_start(cs);
570         trapnr = cpu_exec(cs);
571         cpu_exec_end(cs);
572         process_queued_cpu_work(cs);
573 
574         switch(trapnr) {
575         case EXCP_UDEF:
576         case EXCP_NOCP:
577             {
578                 TaskState *ts = cs->opaque;
579                 uint32_t opcode;
580                 int rc;
581 
582                 /* we handle the FPU emulation here, as Linux */
583                 /* we get the opcode */
584                 /* FIXME - what to do if get_user() fails? */
585                 get_user_code_u32(opcode, env->regs[15], env);
586 
587                 rc = EmulateAll(opcode, &ts->fpa, env);
588                 if (rc == 0) { /* illegal instruction */
589                     info.si_signo = TARGET_SIGILL;
590                     info.si_errno = 0;
591                     info.si_code = TARGET_ILL_ILLOPN;
592                     info._sifields._sigfault._addr = env->regs[15];
593                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
594                 } else if (rc < 0) { /* FP exception */
595                     int arm_fpe=0;
596 
597                     /* translate softfloat flags to FPSR flags */
598                     if (-rc & float_flag_invalid)
599                       arm_fpe |= BIT_IOC;
600                     if (-rc & float_flag_divbyzero)
601                       arm_fpe |= BIT_DZC;
602                     if (-rc & float_flag_overflow)
603                       arm_fpe |= BIT_OFC;
604                     if (-rc & float_flag_underflow)
605                       arm_fpe |= BIT_UFC;
606                     if (-rc & float_flag_inexact)
607                       arm_fpe |= BIT_IXC;
608 
609                     FPSR fpsr = ts->fpa.fpsr;
610                     //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
611 
612                     if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
613                       info.si_signo = TARGET_SIGFPE;
614                       info.si_errno = 0;
615 
616                       /* ordered by priority, least first */
617                       if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
618                       if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
619                       if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
620                       if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
621                       if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
622 
623                       info._sifields._sigfault._addr = env->regs[15];
624                       queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
625                     } else {
626                       env->regs[15] += 4;
627                     }
628 
629                     /* accumulate unenabled exceptions */
630                     if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
631                       fpsr |= BIT_IXC;
632                     if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
633                       fpsr |= BIT_UFC;
634                     if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
635                       fpsr |= BIT_OFC;
636                     if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
637                       fpsr |= BIT_DZC;
638                     if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
639                       fpsr |= BIT_IOC;
640                     ts->fpa.fpsr=fpsr;
641                 } else { /* everything OK */
642                     /* increment PC */
643                     env->regs[15] += 4;
644                 }
645             }
646             break;
647         case EXCP_SWI:
648         case EXCP_BKPT:
649             {
650                 env->eabi = 1;
651                 /* system call */
652                 if (trapnr == EXCP_BKPT) {
653                     if (env->thumb) {
654                         /* FIXME - what to do if get_user() fails? */
655                         get_user_code_u16(insn, env->regs[15], env);
656                         n = insn & 0xff;
657                         env->regs[15] += 2;
658                     } else {
659                         /* FIXME - what to do if get_user() fails? */
660                         get_user_code_u32(insn, env->regs[15], env);
661                         n = (insn & 0xf) | ((insn >> 4) & 0xff0);
662                         env->regs[15] += 4;
663                     }
664                 } else {
665                     if (env->thumb) {
666                         /* FIXME - what to do if get_user() fails? */
667                         get_user_code_u16(insn, env->regs[15] - 2, env);
668                         n = insn & 0xff;
669                     } else {
670                         /* FIXME - what to do if get_user() fails? */
671                         get_user_code_u32(insn, env->regs[15] - 4, env);
672                         n = insn & 0xffffff;
673                     }
674                 }
675 
676                 if (n == ARM_NR_cacheflush) {
677                     /* nop */
678                 } else if (n == ARM_NR_semihosting
679                            || n == ARM_NR_thumb_semihosting) {
680                     env->regs[0] = do_arm_semihosting (env);
681                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
682                     /* linux syscall */
683                     if (env->thumb || n == 0) {
684                         n = env->regs[7];
685                     } else {
686                         n -= ARM_SYSCALL_BASE;
687                         env->eabi = 0;
688                     }
689                     if ( n > ARM_NR_BASE) {
690                         switch (n) {
691                         case ARM_NR_cacheflush:
692                             /* nop */
693                             break;
694                         case ARM_NR_set_tls:
695                             cpu_set_tls(env, env->regs[0]);
696                             env->regs[0] = 0;
697                             break;
698                         case ARM_NR_breakpoint:
699                             env->regs[15] -= env->thumb ? 2 : 4;
700                             goto excp_debug;
701                         default:
702                             gemu_log("qemu: Unsupported ARM syscall: 0x%x\n",
703                                      n);
704                             env->regs[0] = -TARGET_ENOSYS;
705                             break;
706                         }
707                     } else {
708                         ret = do_syscall(env,
709                                          n,
710                                          env->regs[0],
711                                          env->regs[1],
712                                          env->regs[2],
713                                          env->regs[3],
714                                          env->regs[4],
715                                          env->regs[5],
716                                          0, 0);
717                         if (ret == -TARGET_ERESTARTSYS) {
718                             env->regs[15] -= env->thumb ? 2 : 4;
719                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
720                             env->regs[0] = ret;
721                         }
722                     }
723                 } else {
724                     goto error;
725                 }
726             }
727             break;
728         case EXCP_SEMIHOST:
729             env->regs[0] = do_arm_semihosting(env);
730             break;
731         case EXCP_INTERRUPT:
732             /* just indicate that signals should be handled asap */
733             break;
734         case EXCP_PREFETCH_ABORT:
735         case EXCP_DATA_ABORT:
736             addr = env->exception.vaddress;
737             {
738                 info.si_signo = TARGET_SIGSEGV;
739                 info.si_errno = 0;
740                 /* XXX: check env->error_code */
741                 info.si_code = TARGET_SEGV_MAPERR;
742                 info._sifields._sigfault._addr = addr;
743                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
744             }
745             break;
746         case EXCP_DEBUG:
747         excp_debug:
748             {
749                 int sig;
750 
751                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
752                 if (sig)
753                   {
754                     info.si_signo = sig;
755                     info.si_errno = 0;
756                     info.si_code = TARGET_TRAP_BRKPT;
757                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
758                   }
759             }
760             break;
761         case EXCP_KERNEL_TRAP:
762             if (do_kernel_trap(env))
763               goto error;
764             break;
765         case EXCP_YIELD:
766             /* nothing to do here for user-mode, just resume guest code */
767             break;
768         case EXCP_ATOMIC:
769             cpu_exec_step_atomic(cs);
770             break;
771         default:
772         error:
773             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
774             abort();
775         }
776         process_pending_signals(env);
777     }
778 }
779 
780 #else
781 
782 /* AArch64 main loop */
783 void cpu_loop(CPUARMState *env)
784 {
785     CPUState *cs = CPU(arm_env_get_cpu(env));
786     int trapnr, sig;
787     abi_long ret;
788     target_siginfo_t info;
789 
790     for (;;) {
791         cpu_exec_start(cs);
792         trapnr = cpu_exec(cs);
793         cpu_exec_end(cs);
794         process_queued_cpu_work(cs);
795 
796         switch (trapnr) {
797         case EXCP_SWI:
798             ret = do_syscall(env,
799                              env->xregs[8],
800                              env->xregs[0],
801                              env->xregs[1],
802                              env->xregs[2],
803                              env->xregs[3],
804                              env->xregs[4],
805                              env->xregs[5],
806                              0, 0);
807             if (ret == -TARGET_ERESTARTSYS) {
808                 env->pc -= 4;
809             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
810                 env->xregs[0] = ret;
811             }
812             break;
813         case EXCP_INTERRUPT:
814             /* just indicate that signals should be handled asap */
815             break;
816         case EXCP_UDEF:
817             info.si_signo = TARGET_SIGILL;
818             info.si_errno = 0;
819             info.si_code = TARGET_ILL_ILLOPN;
820             info._sifields._sigfault._addr = env->pc;
821             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
822             break;
823         case EXCP_PREFETCH_ABORT:
824         case EXCP_DATA_ABORT:
825             info.si_signo = TARGET_SIGSEGV;
826             info.si_errno = 0;
827             /* XXX: check env->error_code */
828             info.si_code = TARGET_SEGV_MAPERR;
829             info._sifields._sigfault._addr = env->exception.vaddress;
830             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
831             break;
832         case EXCP_DEBUG:
833         case EXCP_BKPT:
834             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
835             if (sig) {
836                 info.si_signo = sig;
837                 info.si_errno = 0;
838                 info.si_code = TARGET_TRAP_BRKPT;
839                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
840             }
841             break;
842         case EXCP_SEMIHOST:
843             env->xregs[0] = do_arm_semihosting(env);
844             break;
845         case EXCP_YIELD:
846             /* nothing to do here for user-mode, just resume guest code */
847             break;
848         case EXCP_ATOMIC:
849             cpu_exec_step_atomic(cs);
850             break;
851         default:
852             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
853             abort();
854         }
855         process_pending_signals(env);
856         /* Exception return on AArch64 always clears the exclusive monitor,
857          * so any return to running guest code implies this.
858          */
859         env->exclusive_addr = -1;
860     }
861 }
862 #endif /* ndef TARGET_ABI32 */
863 
864 #endif
865 
866 #ifdef TARGET_UNICORE32
867 
868 void cpu_loop(CPUUniCore32State *env)
869 {
870     CPUState *cs = CPU(uc32_env_get_cpu(env));
871     int trapnr;
872     unsigned int n, insn;
873     target_siginfo_t info;
874 
875     for (;;) {
876         cpu_exec_start(cs);
877         trapnr = cpu_exec(cs);
878         cpu_exec_end(cs);
879         process_queued_cpu_work(cs);
880 
881         switch (trapnr) {
882         case UC32_EXCP_PRIV:
883             {
884                 /* system call */
885                 get_user_u32(insn, env->regs[31] - 4);
886                 n = insn & 0xffffff;
887 
888                 if (n >= UC32_SYSCALL_BASE) {
889                     /* linux syscall */
890                     n -= UC32_SYSCALL_BASE;
891                     if (n == UC32_SYSCALL_NR_set_tls) {
892                             cpu_set_tls(env, env->regs[0]);
893                             env->regs[0] = 0;
894                     } else {
895                         abi_long ret = do_syscall(env,
896                                                   n,
897                                                   env->regs[0],
898                                                   env->regs[1],
899                                                   env->regs[2],
900                                                   env->regs[3],
901                                                   env->regs[4],
902                                                   env->regs[5],
903                                                   0, 0);
904                         if (ret == -TARGET_ERESTARTSYS) {
905                             env->regs[31] -= 4;
906                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
907                             env->regs[0] = ret;
908                         }
909                     }
910                 } else {
911                     goto error;
912                 }
913             }
914             break;
915         case UC32_EXCP_DTRAP:
916         case UC32_EXCP_ITRAP:
917             info.si_signo = TARGET_SIGSEGV;
918             info.si_errno = 0;
919             /* XXX: check env->error_code */
920             info.si_code = TARGET_SEGV_MAPERR;
921             info._sifields._sigfault._addr = env->cp0.c4_faultaddr;
922             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
923             break;
924         case EXCP_INTERRUPT:
925             /* just indicate that signals should be handled asap */
926             break;
927         case EXCP_DEBUG:
928             {
929                 int sig;
930 
931                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
932                 if (sig) {
933                     info.si_signo = sig;
934                     info.si_errno = 0;
935                     info.si_code = TARGET_TRAP_BRKPT;
936                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
937                 }
938             }
939             break;
940         case EXCP_ATOMIC:
941             cpu_exec_step_atomic(cs);
942             break;
943         default:
944             goto error;
945         }
946         process_pending_signals(env);
947     }
948 
949 error:
950     EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
951     abort();
952 }
953 #endif
954 
955 #ifdef TARGET_SPARC
956 #define SPARC64_STACK_BIAS 2047
957 
958 //#define DEBUG_WIN
959 
960 /* WARNING: dealing with register windows _is_ complicated. More info
961    can be found at http://www.sics.se/~psm/sparcstack.html */
962 static inline int get_reg_index(CPUSPARCState *env, int cwp, int index)
963 {
964     index = (index + cwp * 16) % (16 * env->nwindows);
965     /* wrap handling : if cwp is on the last window, then we use the
966        registers 'after' the end */
967     if (index < 8 && env->cwp == env->nwindows - 1)
968         index += 16 * env->nwindows;
969     return index;
970 }
971 
972 /* save the register window 'cwp1' */
973 static inline void save_window_offset(CPUSPARCState *env, int cwp1)
974 {
975     unsigned int i;
976     abi_ulong sp_ptr;
977 
978     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
979 #ifdef TARGET_SPARC64
980     if (sp_ptr & 3)
981         sp_ptr += SPARC64_STACK_BIAS;
982 #endif
983 #if defined(DEBUG_WIN)
984     printf("win_overflow: sp_ptr=0x" TARGET_ABI_FMT_lx " save_cwp=%d\n",
985            sp_ptr, cwp1);
986 #endif
987     for(i = 0; i < 16; i++) {
988         /* FIXME - what to do if put_user() fails? */
989         put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
990         sp_ptr += sizeof(abi_ulong);
991     }
992 }
993 
994 static void save_window(CPUSPARCState *env)
995 {
996 #ifndef TARGET_SPARC64
997     unsigned int new_wim;
998     new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
999         ((1LL << env->nwindows) - 1);
1000     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1001     env->wim = new_wim;
1002 #else
1003     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1004     env->cansave++;
1005     env->canrestore--;
1006 #endif
1007 }
1008 
1009 static void restore_window(CPUSPARCState *env)
1010 {
1011 #ifndef TARGET_SPARC64
1012     unsigned int new_wim;
1013 #endif
1014     unsigned int i, cwp1;
1015     abi_ulong sp_ptr;
1016 
1017 #ifndef TARGET_SPARC64
1018     new_wim = ((env->wim << 1) | (env->wim >> (env->nwindows - 1))) &
1019         ((1LL << env->nwindows) - 1);
1020 #endif
1021 
1022     /* restore the invalid window */
1023     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1024     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1025 #ifdef TARGET_SPARC64
1026     if (sp_ptr & 3)
1027         sp_ptr += SPARC64_STACK_BIAS;
1028 #endif
1029 #if defined(DEBUG_WIN)
1030     printf("win_underflow: sp_ptr=0x" TARGET_ABI_FMT_lx " load_cwp=%d\n",
1031            sp_ptr, cwp1);
1032 #endif
1033     for(i = 0; i < 16; i++) {
1034         /* FIXME - what to do if get_user() fails? */
1035         get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1036         sp_ptr += sizeof(abi_ulong);
1037     }
1038 #ifdef TARGET_SPARC64
1039     env->canrestore++;
1040     if (env->cleanwin < env->nwindows - 1)
1041         env->cleanwin++;
1042     env->cansave--;
1043 #else
1044     env->wim = new_wim;
1045 #endif
1046 }
1047 
1048 static void flush_windows(CPUSPARCState *env)
1049 {
1050     int offset, cwp1;
1051 
1052     offset = 1;
1053     for(;;) {
1054         /* if restore would invoke restore_window(), then we can stop */
1055         cwp1 = cpu_cwp_inc(env, env->cwp + offset);
1056 #ifndef TARGET_SPARC64
1057         if (env->wim & (1 << cwp1))
1058             break;
1059 #else
1060         if (env->canrestore == 0)
1061             break;
1062         env->cansave++;
1063         env->canrestore--;
1064 #endif
1065         save_window_offset(env, cwp1);
1066         offset++;
1067     }
1068     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1069 #ifndef TARGET_SPARC64
1070     /* set wim so that restore will reload the registers */
1071     env->wim = 1 << cwp1;
1072 #endif
1073 #if defined(DEBUG_WIN)
1074     printf("flush_windows: nb=%d\n", offset - 1);
1075 #endif
1076 }
1077 
1078 void cpu_loop (CPUSPARCState *env)
1079 {
1080     CPUState *cs = CPU(sparc_env_get_cpu(env));
1081     int trapnr;
1082     abi_long ret;
1083     target_siginfo_t info;
1084 
1085     while (1) {
1086         cpu_exec_start(cs);
1087         trapnr = cpu_exec(cs);
1088         cpu_exec_end(cs);
1089         process_queued_cpu_work(cs);
1090 
1091         /* Compute PSR before exposing state.  */
1092         if (env->cc_op != CC_OP_FLAGS) {
1093             cpu_get_psr(env);
1094         }
1095 
1096         switch (trapnr) {
1097 #ifndef TARGET_SPARC64
1098         case 0x88:
1099         case 0x90:
1100 #else
1101         case 0x110:
1102         case 0x16d:
1103 #endif
1104             ret = do_syscall (env, env->gregs[1],
1105                               env->regwptr[0], env->regwptr[1],
1106                               env->regwptr[2], env->regwptr[3],
1107                               env->regwptr[4], env->regwptr[5],
1108                               0, 0);
1109             if (ret == -TARGET_ERESTARTSYS || ret == -TARGET_QEMU_ESIGRETURN) {
1110                 break;
1111             }
1112             if ((abi_ulong)ret >= (abi_ulong)(-515)) {
1113 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1114                 env->xcc |= PSR_CARRY;
1115 #else
1116                 env->psr |= PSR_CARRY;
1117 #endif
1118                 ret = -ret;
1119             } else {
1120 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1121                 env->xcc &= ~PSR_CARRY;
1122 #else
1123                 env->psr &= ~PSR_CARRY;
1124 #endif
1125             }
1126             env->regwptr[0] = ret;
1127             /* next instruction */
1128             env->pc = env->npc;
1129             env->npc = env->npc + 4;
1130             break;
1131         case 0x83: /* flush windows */
1132 #ifdef TARGET_ABI32
1133         case 0x103:
1134 #endif
1135             flush_windows(env);
1136             /* next instruction */
1137             env->pc = env->npc;
1138             env->npc = env->npc + 4;
1139             break;
1140 #ifndef TARGET_SPARC64
1141         case TT_WIN_OVF: /* window overflow */
1142             save_window(env);
1143             break;
1144         case TT_WIN_UNF: /* window underflow */
1145             restore_window(env);
1146             break;
1147         case TT_TFAULT:
1148         case TT_DFAULT:
1149             {
1150                 info.si_signo = TARGET_SIGSEGV;
1151                 info.si_errno = 0;
1152                 /* XXX: check env->error_code */
1153                 info.si_code = TARGET_SEGV_MAPERR;
1154                 info._sifields._sigfault._addr = env->mmuregs[4];
1155                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1156             }
1157             break;
1158 #else
1159         case TT_SPILL: /* window overflow */
1160             save_window(env);
1161             break;
1162         case TT_FILL: /* window underflow */
1163             restore_window(env);
1164             break;
1165         case TT_TFAULT:
1166         case TT_DFAULT:
1167             {
1168                 info.si_signo = TARGET_SIGSEGV;
1169                 info.si_errno = 0;
1170                 /* XXX: check env->error_code */
1171                 info.si_code = TARGET_SEGV_MAPERR;
1172                 if (trapnr == TT_DFAULT)
1173                     info._sifields._sigfault._addr = env->dmmu.mmuregs[4];
1174                 else
1175                     info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
1176                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1177             }
1178             break;
1179 #ifndef TARGET_ABI32
1180         case 0x16e:
1181             flush_windows(env);
1182             sparc64_get_context(env);
1183             break;
1184         case 0x16f:
1185             flush_windows(env);
1186             sparc64_set_context(env);
1187             break;
1188 #endif
1189 #endif
1190         case EXCP_INTERRUPT:
1191             /* just indicate that signals should be handled asap */
1192             break;
1193         case TT_ILL_INSN:
1194             {
1195                 info.si_signo = TARGET_SIGILL;
1196                 info.si_errno = 0;
1197                 info.si_code = TARGET_ILL_ILLOPC;
1198                 info._sifields._sigfault._addr = env->pc;
1199                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1200             }
1201             break;
1202         case EXCP_DEBUG:
1203             {
1204                 int sig;
1205 
1206                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1207                 if (sig)
1208                   {
1209                     info.si_signo = sig;
1210                     info.si_errno = 0;
1211                     info.si_code = TARGET_TRAP_BRKPT;
1212                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1213                   }
1214             }
1215             break;
1216         case EXCP_ATOMIC:
1217             cpu_exec_step_atomic(cs);
1218             break;
1219         default:
1220             printf ("Unhandled trap: 0x%x\n", trapnr);
1221             cpu_dump_state(cs, stderr, fprintf, 0);
1222             exit(EXIT_FAILURE);
1223         }
1224         process_pending_signals (env);
1225     }
1226 }
1227 
1228 #endif
1229 
1230 #ifdef TARGET_PPC
1231 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
1232 {
1233     return cpu_get_host_ticks();
1234 }
1235 
1236 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
1237 {
1238     return cpu_ppc_get_tb(env);
1239 }
1240 
1241 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
1242 {
1243     return cpu_ppc_get_tb(env) >> 32;
1244 }
1245 
1246 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
1247 {
1248     return cpu_ppc_get_tb(env);
1249 }
1250 
1251 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
1252 {
1253     return cpu_ppc_get_tb(env) >> 32;
1254 }
1255 
1256 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
1257 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
1258 
1259 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
1260 {
1261     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1262 }
1263 
1264 /* XXX: to be fixed */
1265 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1266 {
1267     return -1;
1268 }
1269 
1270 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1271 {
1272     return -1;
1273 }
1274 
1275 static int do_store_exclusive(CPUPPCState *env)
1276 {
1277     target_ulong addr;
1278     target_ulong page_addr;
1279     target_ulong val, val2 __attribute__((unused)) = 0;
1280     int flags;
1281     int segv = 0;
1282 
1283     addr = env->reserve_ea;
1284     page_addr = addr & TARGET_PAGE_MASK;
1285     start_exclusive();
1286     mmap_lock();
1287     flags = page_get_flags(page_addr);
1288     if ((flags & PAGE_READ) == 0) {
1289         segv = 1;
1290     } else {
1291         int reg = env->reserve_info & 0x1f;
1292         int size = env->reserve_info >> 5;
1293         int stored = 0;
1294 
1295         if (addr == env->reserve_addr) {
1296             switch (size) {
1297             case 1: segv = get_user_u8(val, addr); break;
1298             case 2: segv = get_user_u16(val, addr); break;
1299             case 4: segv = get_user_u32(val, addr); break;
1300 #if defined(TARGET_PPC64)
1301             case 8: segv = get_user_u64(val, addr); break;
1302             case 16: {
1303                 segv = get_user_u64(val, addr);
1304                 if (!segv) {
1305                     segv = get_user_u64(val2, addr + 8);
1306                 }
1307                 break;
1308             }
1309 #endif
1310             default: abort();
1311             }
1312             if (!segv && val == env->reserve_val) {
1313                 val = env->gpr[reg];
1314                 switch (size) {
1315                 case 1: segv = put_user_u8(val, addr); break;
1316                 case 2: segv = put_user_u16(val, addr); break;
1317                 case 4: segv = put_user_u32(val, addr); break;
1318 #if defined(TARGET_PPC64)
1319                 case 8: segv = put_user_u64(val, addr); break;
1320                 case 16: {
1321                     if (val2 == env->reserve_val2) {
1322                         if (msr_le) {
1323                             val2 = val;
1324                             val = env->gpr[reg+1];
1325                         } else {
1326                             val2 = env->gpr[reg+1];
1327                         }
1328                         segv = put_user_u64(val, addr);
1329                         if (!segv) {
1330                             segv = put_user_u64(val2, addr + 8);
1331                         }
1332                     }
1333                     break;
1334                 }
1335 #endif
1336                 default: abort();
1337                 }
1338                 if (!segv) {
1339                     stored = 1;
1340                 }
1341             }
1342         }
1343         env->crf[0] = (stored << 1) | xer_so;
1344         env->reserve_addr = (target_ulong)-1;
1345     }
1346     if (!segv) {
1347         env->nip += 4;
1348     }
1349     mmap_unlock();
1350     end_exclusive();
1351     return segv;
1352 }
1353 
1354 void cpu_loop(CPUPPCState *env)
1355 {
1356     CPUState *cs = CPU(ppc_env_get_cpu(env));
1357     target_siginfo_t info;
1358     int trapnr;
1359     target_ulong ret;
1360 
1361     for(;;) {
1362         cpu_exec_start(cs);
1363         trapnr = cpu_exec(cs);
1364         cpu_exec_end(cs);
1365         process_queued_cpu_work(cs);
1366 
1367         switch(trapnr) {
1368         case POWERPC_EXCP_NONE:
1369             /* Just go on */
1370             break;
1371         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
1372             cpu_abort(cs, "Critical interrupt while in user mode. "
1373                       "Aborting\n");
1374             break;
1375         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
1376             cpu_abort(cs, "Machine check exception while in user mode. "
1377                       "Aborting\n");
1378             break;
1379         case POWERPC_EXCP_DSI:      /* Data storage exception                */
1380             /* XXX: check this. Seems bugged */
1381             switch (env->error_code & 0xFF000000) {
1382             case 0x40000000:
1383             case 0x42000000:
1384                 info.si_signo = TARGET_SIGSEGV;
1385                 info.si_errno = 0;
1386                 info.si_code = TARGET_SEGV_MAPERR;
1387                 break;
1388             case 0x04000000:
1389                 info.si_signo = TARGET_SIGILL;
1390                 info.si_errno = 0;
1391                 info.si_code = TARGET_ILL_ILLADR;
1392                 break;
1393             case 0x08000000:
1394                 info.si_signo = TARGET_SIGSEGV;
1395                 info.si_errno = 0;
1396                 info.si_code = TARGET_SEGV_ACCERR;
1397                 break;
1398             default:
1399                 /* Let's send a regular segfault... */
1400                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1401                           env->error_code);
1402                 info.si_signo = TARGET_SIGSEGV;
1403                 info.si_errno = 0;
1404                 info.si_code = TARGET_SEGV_MAPERR;
1405                 break;
1406             }
1407             info._sifields._sigfault._addr = env->nip;
1408             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1409             break;
1410         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
1411             /* XXX: check this */
1412             switch (env->error_code & 0xFF000000) {
1413             case 0x40000000:
1414                 info.si_signo = TARGET_SIGSEGV;
1415             info.si_errno = 0;
1416                 info.si_code = TARGET_SEGV_MAPERR;
1417                 break;
1418             case 0x10000000:
1419             case 0x08000000:
1420                 info.si_signo = TARGET_SIGSEGV;
1421                 info.si_errno = 0;
1422                 info.si_code = TARGET_SEGV_ACCERR;
1423                 break;
1424             default:
1425                 /* Let's send a regular segfault... */
1426                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1427                           env->error_code);
1428                 info.si_signo = TARGET_SIGSEGV;
1429                 info.si_errno = 0;
1430                 info.si_code = TARGET_SEGV_MAPERR;
1431                 break;
1432             }
1433             info._sifields._sigfault._addr = env->nip - 4;
1434             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1435             break;
1436         case POWERPC_EXCP_EXTERNAL: /* External input                        */
1437             cpu_abort(cs, "External interrupt while in user mode. "
1438                       "Aborting\n");
1439             break;
1440         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
1441             /* XXX: check this */
1442             info.si_signo = TARGET_SIGBUS;
1443             info.si_errno = 0;
1444             info.si_code = TARGET_BUS_ADRALN;
1445             info._sifields._sigfault._addr = env->nip;
1446             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1447             break;
1448         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
1449         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
1450             /* XXX: check this */
1451             switch (env->error_code & ~0xF) {
1452             case POWERPC_EXCP_FP:
1453                 info.si_signo = TARGET_SIGFPE;
1454                 info.si_errno = 0;
1455                 switch (env->error_code & 0xF) {
1456                 case POWERPC_EXCP_FP_OX:
1457                     info.si_code = TARGET_FPE_FLTOVF;
1458                     break;
1459                 case POWERPC_EXCP_FP_UX:
1460                     info.si_code = TARGET_FPE_FLTUND;
1461                     break;
1462                 case POWERPC_EXCP_FP_ZX:
1463                 case POWERPC_EXCP_FP_VXZDZ:
1464                     info.si_code = TARGET_FPE_FLTDIV;
1465                     break;
1466                 case POWERPC_EXCP_FP_XX:
1467                     info.si_code = TARGET_FPE_FLTRES;
1468                     break;
1469                 case POWERPC_EXCP_FP_VXSOFT:
1470                     info.si_code = TARGET_FPE_FLTINV;
1471                     break;
1472                 case POWERPC_EXCP_FP_VXSNAN:
1473                 case POWERPC_EXCP_FP_VXISI:
1474                 case POWERPC_EXCP_FP_VXIDI:
1475                 case POWERPC_EXCP_FP_VXIMZ:
1476                 case POWERPC_EXCP_FP_VXVC:
1477                 case POWERPC_EXCP_FP_VXSQRT:
1478                 case POWERPC_EXCP_FP_VXCVI:
1479                     info.si_code = TARGET_FPE_FLTSUB;
1480                     break;
1481                 default:
1482                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
1483                               env->error_code);
1484                     break;
1485                 }
1486                 break;
1487             case POWERPC_EXCP_INVAL:
1488                 info.si_signo = TARGET_SIGILL;
1489                 info.si_errno = 0;
1490                 switch (env->error_code & 0xF) {
1491                 case POWERPC_EXCP_INVAL_INVAL:
1492                     info.si_code = TARGET_ILL_ILLOPC;
1493                     break;
1494                 case POWERPC_EXCP_INVAL_LSWX:
1495                     info.si_code = TARGET_ILL_ILLOPN;
1496                     break;
1497                 case POWERPC_EXCP_INVAL_SPR:
1498                     info.si_code = TARGET_ILL_PRVREG;
1499                     break;
1500                 case POWERPC_EXCP_INVAL_FP:
1501                     info.si_code = TARGET_ILL_COPROC;
1502                     break;
1503                 default:
1504                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
1505                               env->error_code & 0xF);
1506                     info.si_code = TARGET_ILL_ILLADR;
1507                     break;
1508                 }
1509                 break;
1510             case POWERPC_EXCP_PRIV:
1511                 info.si_signo = TARGET_SIGILL;
1512                 info.si_errno = 0;
1513                 switch (env->error_code & 0xF) {
1514                 case POWERPC_EXCP_PRIV_OPC:
1515                     info.si_code = TARGET_ILL_PRVOPC;
1516                     break;
1517                 case POWERPC_EXCP_PRIV_REG:
1518                     info.si_code = TARGET_ILL_PRVREG;
1519                     break;
1520                 default:
1521                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
1522                               env->error_code & 0xF);
1523                     info.si_code = TARGET_ILL_PRVOPC;
1524                     break;
1525                 }
1526                 break;
1527             case POWERPC_EXCP_TRAP:
1528                 cpu_abort(cs, "Tried to call a TRAP\n");
1529                 break;
1530             default:
1531                 /* Should not happen ! */
1532                 cpu_abort(cs, "Unknown program exception (%02x)\n",
1533                           env->error_code);
1534                 break;
1535             }
1536             info._sifields._sigfault._addr = env->nip;
1537             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1538             break;
1539         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
1540             info.si_signo = TARGET_SIGILL;
1541             info.si_errno = 0;
1542             info.si_code = TARGET_ILL_COPROC;
1543             info._sifields._sigfault._addr = env->nip;
1544             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1545             break;
1546         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
1547             cpu_abort(cs, "Syscall exception while in user mode. "
1548                       "Aborting\n");
1549             break;
1550         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
1551             info.si_signo = TARGET_SIGILL;
1552             info.si_errno = 0;
1553             info.si_code = TARGET_ILL_COPROC;
1554             info._sifields._sigfault._addr = env->nip;
1555             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1556             break;
1557         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
1558             cpu_abort(cs, "Decrementer interrupt while in user mode. "
1559                       "Aborting\n");
1560             break;
1561         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
1562             cpu_abort(cs, "Fix interval timer interrupt while in user mode. "
1563                       "Aborting\n");
1564             break;
1565         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
1566             cpu_abort(cs, "Watchdog timer interrupt while in user mode. "
1567                       "Aborting\n");
1568             break;
1569         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
1570             cpu_abort(cs, "Data TLB exception while in user mode. "
1571                       "Aborting\n");
1572             break;
1573         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
1574             cpu_abort(cs, "Instruction TLB exception while in user mode. "
1575                       "Aborting\n");
1576             break;
1577         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
1578             info.si_signo = TARGET_SIGILL;
1579             info.si_errno = 0;
1580             info.si_code = TARGET_ILL_COPROC;
1581             info._sifields._sigfault._addr = env->nip;
1582             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1583             break;
1584         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
1585             cpu_abort(cs, "Embedded floating-point data IRQ not handled\n");
1586             break;
1587         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
1588             cpu_abort(cs, "Embedded floating-point round IRQ not handled\n");
1589             break;
1590         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
1591             cpu_abort(cs, "Performance monitor exception not handled\n");
1592             break;
1593         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
1594             cpu_abort(cs, "Doorbell interrupt while in user mode. "
1595                        "Aborting\n");
1596             break;
1597         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
1598             cpu_abort(cs, "Doorbell critical interrupt while in user mode. "
1599                       "Aborting\n");
1600             break;
1601         case POWERPC_EXCP_RESET:    /* System reset exception                */
1602             cpu_abort(cs, "Reset interrupt while in user mode. "
1603                       "Aborting\n");
1604             break;
1605         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
1606             cpu_abort(cs, "Data segment exception while in user mode. "
1607                       "Aborting\n");
1608             break;
1609         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
1610             cpu_abort(cs, "Instruction segment exception "
1611                       "while in user mode. Aborting\n");
1612             break;
1613         /* PowerPC 64 with hypervisor mode support */
1614         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
1615             cpu_abort(cs, "Hypervisor decrementer interrupt "
1616                       "while in user mode. Aborting\n");
1617             break;
1618         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
1619             /* Nothing to do:
1620              * we use this exception to emulate step-by-step execution mode.
1621              */
1622             break;
1623         /* PowerPC 64 with hypervisor mode support */
1624         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
1625             cpu_abort(cs, "Hypervisor data storage exception "
1626                       "while in user mode. Aborting\n");
1627             break;
1628         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
1629             cpu_abort(cs, "Hypervisor instruction storage exception "
1630                       "while in user mode. Aborting\n");
1631             break;
1632         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
1633             cpu_abort(cs, "Hypervisor data segment exception "
1634                       "while in user mode. Aborting\n");
1635             break;
1636         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
1637             cpu_abort(cs, "Hypervisor instruction segment exception "
1638                       "while in user mode. Aborting\n");
1639             break;
1640         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
1641             info.si_signo = TARGET_SIGILL;
1642             info.si_errno = 0;
1643             info.si_code = TARGET_ILL_COPROC;
1644             info._sifields._sigfault._addr = env->nip;
1645             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1646             break;
1647         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
1648             cpu_abort(cs, "Programmable interval timer interrupt "
1649                       "while in user mode. Aborting\n");
1650             break;
1651         case POWERPC_EXCP_IO:       /* IO error exception                    */
1652             cpu_abort(cs, "IO error exception while in user mode. "
1653                       "Aborting\n");
1654             break;
1655         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
1656             cpu_abort(cs, "Run mode exception while in user mode. "
1657                       "Aborting\n");
1658             break;
1659         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
1660             cpu_abort(cs, "Emulation trap exception not handled\n");
1661             break;
1662         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
1663             cpu_abort(cs, "Instruction fetch TLB exception "
1664                       "while in user-mode. Aborting");
1665             break;
1666         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
1667             cpu_abort(cs, "Data load TLB exception while in user-mode. "
1668                       "Aborting");
1669             break;
1670         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
1671             cpu_abort(cs, "Data store TLB exception while in user-mode. "
1672                       "Aborting");
1673             break;
1674         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
1675             cpu_abort(cs, "Floating-point assist exception not handled\n");
1676             break;
1677         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
1678             cpu_abort(cs, "Instruction address breakpoint exception "
1679                       "not handled\n");
1680             break;
1681         case POWERPC_EXCP_SMI:      /* System management interrupt           */
1682             cpu_abort(cs, "System management interrupt while in user mode. "
1683                       "Aborting\n");
1684             break;
1685         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
1686             cpu_abort(cs, "Thermal interrupt interrupt while in user mode. "
1687                       "Aborting\n");
1688             break;
1689         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
1690             cpu_abort(cs, "Performance monitor exception not handled\n");
1691             break;
1692         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
1693             cpu_abort(cs, "Vector assist exception not handled\n");
1694             break;
1695         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
1696             cpu_abort(cs, "Soft patch exception not handled\n");
1697             break;
1698         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
1699             cpu_abort(cs, "Maintenance exception while in user mode. "
1700                       "Aborting\n");
1701             break;
1702         case POWERPC_EXCP_STOP:     /* stop translation                      */
1703             /* We did invalidate the instruction cache. Go on */
1704             break;
1705         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
1706             /* We just stopped because of a branch. Go on */
1707             break;
1708         case POWERPC_EXCP_SYSCALL_USER:
1709             /* system call in user-mode emulation */
1710             /* WARNING:
1711              * PPC ABI uses overflow flag in cr0 to signal an error
1712              * in syscalls.
1713              */
1714             env->crf[0] &= ~0x1;
1715             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
1716                              env->gpr[5], env->gpr[6], env->gpr[7],
1717                              env->gpr[8], 0, 0);
1718             if (ret == -TARGET_ERESTARTSYS) {
1719                 break;
1720             }
1721             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
1722                 /* Returning from a successful sigreturn syscall.
1723                    Avoid corrupting register state.  */
1724                 break;
1725             }
1726             env->nip += 4;
1727             if (ret > (target_ulong)(-515)) {
1728                 env->crf[0] |= 0x1;
1729                 ret = -ret;
1730             }
1731             env->gpr[3] = ret;
1732             break;
1733         case POWERPC_EXCP_STCX:
1734             if (do_store_exclusive(env)) {
1735                 info.si_signo = TARGET_SIGSEGV;
1736                 info.si_errno = 0;
1737                 info.si_code = TARGET_SEGV_MAPERR;
1738                 info._sifields._sigfault._addr = env->nip;
1739                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1740             }
1741             break;
1742         case EXCP_DEBUG:
1743             {
1744                 int sig;
1745 
1746                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1747                 if (sig) {
1748                     info.si_signo = sig;
1749                     info.si_errno = 0;
1750                     info.si_code = TARGET_TRAP_BRKPT;
1751                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1752                   }
1753             }
1754             break;
1755         case EXCP_INTERRUPT:
1756             /* just indicate that signals should be handled asap */
1757             break;
1758         case EXCP_ATOMIC:
1759             cpu_exec_step_atomic(cs);
1760             break;
1761         default:
1762             cpu_abort(cs, "Unknown exception 0x%x. Aborting\n", trapnr);
1763             break;
1764         }
1765         process_pending_signals(env);
1766     }
1767 }
1768 #endif
1769 
1770 #ifdef TARGET_MIPS
1771 
1772 # ifdef TARGET_ABI_MIPSO32
1773 #  define MIPS_SYS(name, args) args,
1774 static const uint8_t mips_syscall_args[] = {
1775 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
1776 	MIPS_SYS(sys_exit	, 1)
1777 	MIPS_SYS(sys_fork	, 0)
1778 	MIPS_SYS(sys_read	, 3)
1779 	MIPS_SYS(sys_write	, 3)
1780 	MIPS_SYS(sys_open	, 3)	/* 4005 */
1781 	MIPS_SYS(sys_close	, 1)
1782 	MIPS_SYS(sys_waitpid	, 3)
1783 	MIPS_SYS(sys_creat	, 2)
1784 	MIPS_SYS(sys_link	, 2)
1785 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
1786 	MIPS_SYS(sys_execve	, 0)
1787 	MIPS_SYS(sys_chdir	, 1)
1788 	MIPS_SYS(sys_time	, 1)
1789 	MIPS_SYS(sys_mknod	, 3)
1790 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
1791 	MIPS_SYS(sys_lchown	, 3)
1792 	MIPS_SYS(sys_ni_syscall	, 0)
1793 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
1794 	MIPS_SYS(sys_lseek	, 3)
1795 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
1796 	MIPS_SYS(sys_mount	, 5)
1797 	MIPS_SYS(sys_umount	, 1)
1798 	MIPS_SYS(sys_setuid	, 1)
1799 	MIPS_SYS(sys_getuid	, 0)
1800 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
1801 	MIPS_SYS(sys_ptrace	, 4)
1802 	MIPS_SYS(sys_alarm	, 1)
1803 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
1804 	MIPS_SYS(sys_pause	, 0)
1805 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
1806 	MIPS_SYS(sys_ni_syscall	, 0)
1807 	MIPS_SYS(sys_ni_syscall	, 0)
1808 	MIPS_SYS(sys_access	, 2)
1809 	MIPS_SYS(sys_nice	, 1)
1810 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
1811 	MIPS_SYS(sys_sync	, 0)
1812 	MIPS_SYS(sys_kill	, 2)
1813 	MIPS_SYS(sys_rename	, 2)
1814 	MIPS_SYS(sys_mkdir	, 2)
1815 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
1816 	MIPS_SYS(sys_dup		, 1)
1817 	MIPS_SYS(sys_pipe	, 0)
1818 	MIPS_SYS(sys_times	, 1)
1819 	MIPS_SYS(sys_ni_syscall	, 0)
1820 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
1821 	MIPS_SYS(sys_setgid	, 1)
1822 	MIPS_SYS(sys_getgid	, 0)
1823 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
1824 	MIPS_SYS(sys_geteuid	, 0)
1825 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
1826 	MIPS_SYS(sys_acct	, 0)
1827 	MIPS_SYS(sys_umount2	, 2)
1828 	MIPS_SYS(sys_ni_syscall	, 0)
1829 	MIPS_SYS(sys_ioctl	, 3)
1830 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
1831 	MIPS_SYS(sys_ni_syscall	, 2)
1832 	MIPS_SYS(sys_setpgid	, 2)
1833 	MIPS_SYS(sys_ni_syscall	, 0)
1834 	MIPS_SYS(sys_olduname	, 1)
1835 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
1836 	MIPS_SYS(sys_chroot	, 1)
1837 	MIPS_SYS(sys_ustat	, 2)
1838 	MIPS_SYS(sys_dup2	, 2)
1839 	MIPS_SYS(sys_getppid	, 0)
1840 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
1841 	MIPS_SYS(sys_setsid	, 0)
1842 	MIPS_SYS(sys_sigaction	, 3)
1843 	MIPS_SYS(sys_sgetmask	, 0)
1844 	MIPS_SYS(sys_ssetmask	, 1)
1845 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
1846 	MIPS_SYS(sys_setregid	, 2)
1847 	MIPS_SYS(sys_sigsuspend	, 0)
1848 	MIPS_SYS(sys_sigpending	, 1)
1849 	MIPS_SYS(sys_sethostname	, 2)
1850 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
1851 	MIPS_SYS(sys_getrlimit	, 2)
1852 	MIPS_SYS(sys_getrusage	, 2)
1853 	MIPS_SYS(sys_gettimeofday, 2)
1854 	MIPS_SYS(sys_settimeofday, 2)
1855 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
1856 	MIPS_SYS(sys_setgroups	, 2)
1857 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
1858 	MIPS_SYS(sys_symlink	, 2)
1859 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
1860 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
1861 	MIPS_SYS(sys_uselib	, 1)
1862 	MIPS_SYS(sys_swapon	, 2)
1863 	MIPS_SYS(sys_reboot	, 3)
1864 	MIPS_SYS(old_readdir	, 3)
1865 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
1866 	MIPS_SYS(sys_munmap	, 2)
1867 	MIPS_SYS(sys_truncate	, 2)
1868 	MIPS_SYS(sys_ftruncate	, 2)
1869 	MIPS_SYS(sys_fchmod	, 2)
1870 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
1871 	MIPS_SYS(sys_getpriority	, 2)
1872 	MIPS_SYS(sys_setpriority	, 3)
1873 	MIPS_SYS(sys_ni_syscall	, 0)
1874 	MIPS_SYS(sys_statfs	, 2)
1875 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
1876 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
1877 	MIPS_SYS(sys_socketcall	, 2)
1878 	MIPS_SYS(sys_syslog	, 3)
1879 	MIPS_SYS(sys_setitimer	, 3)
1880 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
1881 	MIPS_SYS(sys_newstat	, 2)
1882 	MIPS_SYS(sys_newlstat	, 2)
1883 	MIPS_SYS(sys_newfstat	, 2)
1884 	MIPS_SYS(sys_uname	, 1)
1885 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
1886 	MIPS_SYS(sys_vhangup	, 0)
1887 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
1888 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
1889 	MIPS_SYS(sys_wait4	, 4)
1890 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
1891 	MIPS_SYS(sys_sysinfo	, 1)
1892 	MIPS_SYS(sys_ipc		, 6)
1893 	MIPS_SYS(sys_fsync	, 1)
1894 	MIPS_SYS(sys_sigreturn	, 0)
1895 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
1896 	MIPS_SYS(sys_setdomainname, 2)
1897 	MIPS_SYS(sys_newuname	, 1)
1898 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
1899 	MIPS_SYS(sys_adjtimex	, 1)
1900 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
1901 	MIPS_SYS(sys_sigprocmask	, 3)
1902 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
1903 	MIPS_SYS(sys_init_module	, 5)
1904 	MIPS_SYS(sys_delete_module, 1)
1905 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
1906 	MIPS_SYS(sys_quotactl	, 0)
1907 	MIPS_SYS(sys_getpgid	, 1)
1908 	MIPS_SYS(sys_fchdir	, 1)
1909 	MIPS_SYS(sys_bdflush	, 2)
1910 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
1911 	MIPS_SYS(sys_personality	, 1)
1912 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
1913 	MIPS_SYS(sys_setfsuid	, 1)
1914 	MIPS_SYS(sys_setfsgid	, 1)
1915 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
1916 	MIPS_SYS(sys_getdents	, 3)
1917 	MIPS_SYS(sys_select	, 5)
1918 	MIPS_SYS(sys_flock	, 2)
1919 	MIPS_SYS(sys_msync	, 3)
1920 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
1921 	MIPS_SYS(sys_writev	, 3)
1922 	MIPS_SYS(sys_cacheflush	, 3)
1923 	MIPS_SYS(sys_cachectl	, 3)
1924 	MIPS_SYS(sys_sysmips	, 4)
1925 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
1926 	MIPS_SYS(sys_getsid	, 1)
1927 	MIPS_SYS(sys_fdatasync	, 0)
1928 	MIPS_SYS(sys_sysctl	, 1)
1929 	MIPS_SYS(sys_mlock	, 2)
1930 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
1931 	MIPS_SYS(sys_mlockall	, 1)
1932 	MIPS_SYS(sys_munlockall	, 0)
1933 	MIPS_SYS(sys_sched_setparam, 2)
1934 	MIPS_SYS(sys_sched_getparam, 2)
1935 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
1936 	MIPS_SYS(sys_sched_getscheduler, 1)
1937 	MIPS_SYS(sys_sched_yield	, 0)
1938 	MIPS_SYS(sys_sched_get_priority_max, 1)
1939 	MIPS_SYS(sys_sched_get_priority_min, 1)
1940 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
1941 	MIPS_SYS(sys_nanosleep,	2)
1942 	MIPS_SYS(sys_mremap	, 5)
1943 	MIPS_SYS(sys_accept	, 3)
1944 	MIPS_SYS(sys_bind	, 3)
1945 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
1946 	MIPS_SYS(sys_getpeername	, 3)
1947 	MIPS_SYS(sys_getsockname	, 3)
1948 	MIPS_SYS(sys_getsockopt	, 5)
1949 	MIPS_SYS(sys_listen	, 2)
1950 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
1951 	MIPS_SYS(sys_recvfrom	, 6)
1952 	MIPS_SYS(sys_recvmsg	, 3)
1953 	MIPS_SYS(sys_send	, 4)
1954 	MIPS_SYS(sys_sendmsg	, 3)
1955 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
1956 	MIPS_SYS(sys_setsockopt	, 5)
1957 	MIPS_SYS(sys_shutdown	, 2)
1958 	MIPS_SYS(sys_socket	, 3)
1959 	MIPS_SYS(sys_socketpair	, 4)
1960 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
1961 	MIPS_SYS(sys_getresuid	, 3)
1962 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
1963 	MIPS_SYS(sys_poll	, 3)
1964 	MIPS_SYS(sys_nfsservctl	, 3)
1965 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
1966 	MIPS_SYS(sys_getresgid	, 3)
1967 	MIPS_SYS(sys_prctl	, 5)
1968 	MIPS_SYS(sys_rt_sigreturn, 0)
1969 	MIPS_SYS(sys_rt_sigaction, 4)
1970 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
1971 	MIPS_SYS(sys_rt_sigpending, 2)
1972 	MIPS_SYS(sys_rt_sigtimedwait, 4)
1973 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
1974 	MIPS_SYS(sys_rt_sigsuspend, 0)
1975 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
1976 	MIPS_SYS(sys_pwrite64	, 6)
1977 	MIPS_SYS(sys_chown	, 3)
1978 	MIPS_SYS(sys_getcwd	, 2)
1979 	MIPS_SYS(sys_capget	, 2)
1980 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
1981 	MIPS_SYS(sys_sigaltstack	, 2)
1982 	MIPS_SYS(sys_sendfile	, 4)
1983 	MIPS_SYS(sys_ni_syscall	, 0)
1984 	MIPS_SYS(sys_ni_syscall	, 0)
1985 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
1986 	MIPS_SYS(sys_truncate64	, 4)
1987 	MIPS_SYS(sys_ftruncate64	, 4)
1988 	MIPS_SYS(sys_stat64	, 2)
1989 	MIPS_SYS(sys_lstat64	, 2)
1990 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
1991 	MIPS_SYS(sys_pivot_root	, 2)
1992 	MIPS_SYS(sys_mincore	, 3)
1993 	MIPS_SYS(sys_madvise	, 3)
1994 	MIPS_SYS(sys_getdents64	, 3)
1995 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
1996 	MIPS_SYS(sys_ni_syscall	, 0)
1997 	MIPS_SYS(sys_gettid	, 0)
1998 	MIPS_SYS(sys_readahead	, 5)
1999 	MIPS_SYS(sys_setxattr	, 5)
2000 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
2001 	MIPS_SYS(sys_fsetxattr	, 5)
2002 	MIPS_SYS(sys_getxattr	, 4)
2003 	MIPS_SYS(sys_lgetxattr	, 4)
2004 	MIPS_SYS(sys_fgetxattr	, 4)
2005 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
2006 	MIPS_SYS(sys_llistxattr	, 3)
2007 	MIPS_SYS(sys_flistxattr	, 3)
2008 	MIPS_SYS(sys_removexattr	, 2)
2009 	MIPS_SYS(sys_lremovexattr, 2)
2010 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
2011 	MIPS_SYS(sys_tkill	, 2)
2012 	MIPS_SYS(sys_sendfile64	, 5)
2013 	MIPS_SYS(sys_futex	, 6)
2014 	MIPS_SYS(sys_sched_setaffinity, 3)
2015 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
2016 	MIPS_SYS(sys_io_setup	, 2)
2017 	MIPS_SYS(sys_io_destroy	, 1)
2018 	MIPS_SYS(sys_io_getevents, 5)
2019 	MIPS_SYS(sys_io_submit	, 3)
2020 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
2021 	MIPS_SYS(sys_exit_group	, 1)
2022 	MIPS_SYS(sys_lookup_dcookie, 3)
2023 	MIPS_SYS(sys_epoll_create, 1)
2024 	MIPS_SYS(sys_epoll_ctl	, 4)
2025 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
2026 	MIPS_SYS(sys_remap_file_pages, 5)
2027 	MIPS_SYS(sys_set_tid_address, 1)
2028 	MIPS_SYS(sys_restart_syscall, 0)
2029 	MIPS_SYS(sys_fadvise64_64, 7)
2030 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
2031 	MIPS_SYS(sys_fstatfs64	, 2)
2032 	MIPS_SYS(sys_timer_create, 3)
2033 	MIPS_SYS(sys_timer_settime, 4)
2034 	MIPS_SYS(sys_timer_gettime, 2)
2035 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
2036 	MIPS_SYS(sys_timer_delete, 1)
2037 	MIPS_SYS(sys_clock_settime, 2)
2038 	MIPS_SYS(sys_clock_gettime, 2)
2039 	MIPS_SYS(sys_clock_getres, 2)
2040 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
2041 	MIPS_SYS(sys_tgkill	, 3)
2042 	MIPS_SYS(sys_utimes	, 2)
2043 	MIPS_SYS(sys_mbind	, 4)
2044 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
2045 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
2046 	MIPS_SYS(sys_mq_open	, 4)
2047 	MIPS_SYS(sys_mq_unlink	, 1)
2048 	MIPS_SYS(sys_mq_timedsend, 5)
2049 	MIPS_SYS(sys_mq_timedreceive, 5)
2050 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
2051 	MIPS_SYS(sys_mq_getsetattr, 3)
2052 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
2053 	MIPS_SYS(sys_waitid	, 4)
2054 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
2055 	MIPS_SYS(sys_add_key	, 5)
2056 	MIPS_SYS(sys_request_key, 4)
2057 	MIPS_SYS(sys_keyctl	, 5)
2058 	MIPS_SYS(sys_set_thread_area, 1)
2059 	MIPS_SYS(sys_inotify_init, 0)
2060 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
2061 	MIPS_SYS(sys_inotify_rm_watch, 2)
2062 	MIPS_SYS(sys_migrate_pages, 4)
2063 	MIPS_SYS(sys_openat, 4)
2064 	MIPS_SYS(sys_mkdirat, 3)
2065 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
2066 	MIPS_SYS(sys_fchownat, 5)
2067 	MIPS_SYS(sys_futimesat, 3)
2068 	MIPS_SYS(sys_fstatat64, 4)
2069 	MIPS_SYS(sys_unlinkat, 3)
2070 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
2071 	MIPS_SYS(sys_linkat, 5)
2072 	MIPS_SYS(sys_symlinkat, 3)
2073 	MIPS_SYS(sys_readlinkat, 4)
2074 	MIPS_SYS(sys_fchmodat, 3)
2075 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
2076 	MIPS_SYS(sys_pselect6, 6)
2077 	MIPS_SYS(sys_ppoll, 5)
2078 	MIPS_SYS(sys_unshare, 1)
2079 	MIPS_SYS(sys_splice, 6)
2080 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
2081 	MIPS_SYS(sys_tee, 4)
2082 	MIPS_SYS(sys_vmsplice, 4)
2083 	MIPS_SYS(sys_move_pages, 6)
2084 	MIPS_SYS(sys_set_robust_list, 2)
2085 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
2086 	MIPS_SYS(sys_kexec_load, 4)
2087 	MIPS_SYS(sys_getcpu, 3)
2088 	MIPS_SYS(sys_epoll_pwait, 6)
2089 	MIPS_SYS(sys_ioprio_set, 3)
2090 	MIPS_SYS(sys_ioprio_get, 2)
2091         MIPS_SYS(sys_utimensat, 4)
2092         MIPS_SYS(sys_signalfd, 3)
2093         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
2094         MIPS_SYS(sys_eventfd, 1)
2095         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
2096         MIPS_SYS(sys_timerfd_create, 2)
2097         MIPS_SYS(sys_timerfd_gettime, 2)
2098         MIPS_SYS(sys_timerfd_settime, 4)
2099         MIPS_SYS(sys_signalfd4, 4)
2100         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
2101         MIPS_SYS(sys_epoll_create1, 1)
2102         MIPS_SYS(sys_dup3, 3)
2103         MIPS_SYS(sys_pipe2, 2)
2104         MIPS_SYS(sys_inotify_init1, 1)
2105         MIPS_SYS(sys_preadv, 5)         /* 4330 */
2106         MIPS_SYS(sys_pwritev, 5)
2107         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
2108         MIPS_SYS(sys_perf_event_open, 5)
2109         MIPS_SYS(sys_accept4, 4)
2110         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
2111         MIPS_SYS(sys_fanotify_init, 2)
2112         MIPS_SYS(sys_fanotify_mark, 6)
2113         MIPS_SYS(sys_prlimit64, 4)
2114         MIPS_SYS(sys_name_to_handle_at, 5)
2115         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
2116         MIPS_SYS(sys_clock_adjtime, 2)
2117         MIPS_SYS(sys_syncfs, 1)
2118         MIPS_SYS(sys_sendmmsg, 4)
2119         MIPS_SYS(sys_setns, 2)
2120         MIPS_SYS(sys_process_vm_readv, 6) /* 345 */
2121         MIPS_SYS(sys_process_vm_writev, 6)
2122         MIPS_SYS(sys_kcmp, 5)
2123         MIPS_SYS(sys_finit_module, 3)
2124         MIPS_SYS(sys_sched_setattr, 2)
2125         MIPS_SYS(sys_sched_getattr, 3)  /* 350 */
2126         MIPS_SYS(sys_renameat2, 5)
2127         MIPS_SYS(sys_seccomp, 3)
2128         MIPS_SYS(sys_getrandom, 3)
2129         MIPS_SYS(sys_memfd_create, 2)
2130         MIPS_SYS(sys_bpf, 3)            /* 355 */
2131         MIPS_SYS(sys_execveat, 5)
2132         MIPS_SYS(sys_userfaultfd, 1)
2133         MIPS_SYS(sys_membarrier, 2)
2134         MIPS_SYS(sys_mlock2, 3)
2135         MIPS_SYS(sys_copy_file_range, 6) /* 360 */
2136         MIPS_SYS(sys_preadv2, 6)
2137         MIPS_SYS(sys_pwritev2, 6)
2138 };
2139 #  undef MIPS_SYS
2140 # endif /* O32 */
2141 
2142 static int do_store_exclusive(CPUMIPSState *env)
2143 {
2144     target_ulong addr;
2145     target_ulong page_addr;
2146     target_ulong val;
2147     int flags;
2148     int segv = 0;
2149     int reg;
2150     int d;
2151 
2152     addr = env->lladdr;
2153     page_addr = addr & TARGET_PAGE_MASK;
2154     start_exclusive();
2155     mmap_lock();
2156     flags = page_get_flags(page_addr);
2157     if ((flags & PAGE_READ) == 0) {
2158         segv = 1;
2159     } else {
2160         reg = env->llreg & 0x1f;
2161         d = (env->llreg & 0x20) != 0;
2162         if (d) {
2163             segv = get_user_s64(val, addr);
2164         } else {
2165             segv = get_user_s32(val, addr);
2166         }
2167         if (!segv) {
2168             if (val != env->llval) {
2169                 env->active_tc.gpr[reg] = 0;
2170             } else {
2171                 if (d) {
2172                     segv = put_user_u64(env->llnewval, addr);
2173                 } else {
2174                     segv = put_user_u32(env->llnewval, addr);
2175                 }
2176                 if (!segv) {
2177                     env->active_tc.gpr[reg] = 1;
2178                 }
2179             }
2180         }
2181     }
2182     env->lladdr = -1;
2183     if (!segv) {
2184         env->active_tc.PC += 4;
2185     }
2186     mmap_unlock();
2187     end_exclusive();
2188     return segv;
2189 }
2190 
2191 /* Break codes */
2192 enum {
2193     BRK_OVERFLOW = 6,
2194     BRK_DIVZERO = 7
2195 };
2196 
2197 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
2198                     unsigned int code)
2199 {
2200     int ret = -1;
2201 
2202     switch (code) {
2203     case BRK_OVERFLOW:
2204     case BRK_DIVZERO:
2205         info->si_signo = TARGET_SIGFPE;
2206         info->si_errno = 0;
2207         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
2208         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2209         ret = 0;
2210         break;
2211     default:
2212         info->si_signo = TARGET_SIGTRAP;
2213         info->si_errno = 0;
2214         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2215         ret = 0;
2216         break;
2217     }
2218 
2219     return ret;
2220 }
2221 
2222 void cpu_loop(CPUMIPSState *env)
2223 {
2224     CPUState *cs = CPU(mips_env_get_cpu(env));
2225     target_siginfo_t info;
2226     int trapnr;
2227     abi_long ret;
2228 # ifdef TARGET_ABI_MIPSO32
2229     unsigned int syscall_num;
2230 # endif
2231 
2232     for(;;) {
2233         cpu_exec_start(cs);
2234         trapnr = cpu_exec(cs);
2235         cpu_exec_end(cs);
2236         process_queued_cpu_work(cs);
2237 
2238         switch(trapnr) {
2239         case EXCP_SYSCALL:
2240             env->active_tc.PC += 4;
2241 # ifdef TARGET_ABI_MIPSO32
2242             syscall_num = env->active_tc.gpr[2] - 4000;
2243             if (syscall_num >= sizeof(mips_syscall_args)) {
2244                 ret = -TARGET_ENOSYS;
2245             } else {
2246                 int nb_args;
2247                 abi_ulong sp_reg;
2248                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
2249 
2250                 nb_args = mips_syscall_args[syscall_num];
2251                 sp_reg = env->active_tc.gpr[29];
2252                 switch (nb_args) {
2253                 /* these arguments are taken from the stack */
2254                 case 8:
2255                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
2256                         goto done_syscall;
2257                     }
2258                 case 7:
2259                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
2260                         goto done_syscall;
2261                     }
2262                 case 6:
2263                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
2264                         goto done_syscall;
2265                     }
2266                 case 5:
2267                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
2268                         goto done_syscall;
2269                     }
2270                 default:
2271                     break;
2272                 }
2273                 ret = do_syscall(env, env->active_tc.gpr[2],
2274                                  env->active_tc.gpr[4],
2275                                  env->active_tc.gpr[5],
2276                                  env->active_tc.gpr[6],
2277                                  env->active_tc.gpr[7],
2278                                  arg5, arg6, arg7, arg8);
2279             }
2280 done_syscall:
2281 # else
2282             ret = do_syscall(env, env->active_tc.gpr[2],
2283                              env->active_tc.gpr[4], env->active_tc.gpr[5],
2284                              env->active_tc.gpr[6], env->active_tc.gpr[7],
2285                              env->active_tc.gpr[8], env->active_tc.gpr[9],
2286                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
2287 # endif /* O32 */
2288             if (ret == -TARGET_ERESTARTSYS) {
2289                 env->active_tc.PC -= 4;
2290                 break;
2291             }
2292             if (ret == -TARGET_QEMU_ESIGRETURN) {
2293                 /* Returning from a successful sigreturn syscall.
2294                    Avoid clobbering register state.  */
2295                 break;
2296             }
2297             if ((abi_ulong)ret >= (abi_ulong)-1133) {
2298                 env->active_tc.gpr[7] = 1; /* error flag */
2299                 ret = -ret;
2300             } else {
2301                 env->active_tc.gpr[7] = 0; /* error flag */
2302             }
2303             env->active_tc.gpr[2] = ret;
2304             break;
2305         case EXCP_TLBL:
2306         case EXCP_TLBS:
2307         case EXCP_AdEL:
2308         case EXCP_AdES:
2309             info.si_signo = TARGET_SIGSEGV;
2310             info.si_errno = 0;
2311             /* XXX: check env->error_code */
2312             info.si_code = TARGET_SEGV_MAPERR;
2313             info._sifields._sigfault._addr = env->CP0_BadVAddr;
2314             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2315             break;
2316         case EXCP_CpU:
2317         case EXCP_RI:
2318             info.si_signo = TARGET_SIGILL;
2319             info.si_errno = 0;
2320             info.si_code = 0;
2321             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2322             break;
2323         case EXCP_INTERRUPT:
2324             /* just indicate that signals should be handled asap */
2325             break;
2326         case EXCP_DEBUG:
2327             {
2328                 int sig;
2329 
2330                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2331                 if (sig)
2332                   {
2333                     info.si_signo = sig;
2334                     info.si_errno = 0;
2335                     info.si_code = TARGET_TRAP_BRKPT;
2336                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2337                   }
2338             }
2339             break;
2340         case EXCP_SC:
2341             if (do_store_exclusive(env)) {
2342                 info.si_signo = TARGET_SIGSEGV;
2343                 info.si_errno = 0;
2344                 info.si_code = TARGET_SEGV_MAPERR;
2345                 info._sifields._sigfault._addr = env->active_tc.PC;
2346                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2347             }
2348             break;
2349         case EXCP_DSPDIS:
2350             info.si_signo = TARGET_SIGILL;
2351             info.si_errno = 0;
2352             info.si_code = TARGET_ILL_ILLOPC;
2353             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2354             break;
2355         /* The code below was inspired by the MIPS Linux kernel trap
2356          * handling code in arch/mips/kernel/traps.c.
2357          */
2358         case EXCP_BREAK:
2359             {
2360                 abi_ulong trap_instr;
2361                 unsigned int code;
2362 
2363                 if (env->hflags & MIPS_HFLAG_M16) {
2364                     if (env->insn_flags & ASE_MICROMIPS) {
2365                         /* microMIPS mode */
2366                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2367                         if (ret != 0) {
2368                             goto error;
2369                         }
2370 
2371                         if ((trap_instr >> 10) == 0x11) {
2372                             /* 16-bit instruction */
2373                             code = trap_instr & 0xf;
2374                         } else {
2375                             /* 32-bit instruction */
2376                             abi_ulong instr_lo;
2377 
2378                             ret = get_user_u16(instr_lo,
2379                                                env->active_tc.PC + 2);
2380                             if (ret != 0) {
2381                                 goto error;
2382                             }
2383                             trap_instr = (trap_instr << 16) | instr_lo;
2384                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
2385                             /* Unfortunately, microMIPS also suffers from
2386                                the old assembler bug...  */
2387                             if (code >= (1 << 10)) {
2388                                 code >>= 10;
2389                             }
2390                         }
2391                     } else {
2392                         /* MIPS16e mode */
2393                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2394                         if (ret != 0) {
2395                             goto error;
2396                         }
2397                         code = (trap_instr >> 6) & 0x3f;
2398                     }
2399                 } else {
2400                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2401                     if (ret != 0) {
2402                         goto error;
2403                     }
2404 
2405                     /* As described in the original Linux kernel code, the
2406                      * below checks on 'code' are to work around an old
2407                      * assembly bug.
2408                      */
2409                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
2410                     if (code >= (1 << 10)) {
2411                         code >>= 10;
2412                     }
2413                 }
2414 
2415                 if (do_break(env, &info, code) != 0) {
2416                     goto error;
2417                 }
2418             }
2419             break;
2420         case EXCP_TRAP:
2421             {
2422                 abi_ulong trap_instr;
2423                 unsigned int code = 0;
2424 
2425                 if (env->hflags & MIPS_HFLAG_M16) {
2426                     /* microMIPS mode */
2427                     abi_ulong instr[2];
2428 
2429                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
2430                           get_user_u16(instr[1], env->active_tc.PC + 2);
2431 
2432                     trap_instr = (instr[0] << 16) | instr[1];
2433                 } else {
2434                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2435                 }
2436 
2437                 if (ret != 0) {
2438                     goto error;
2439                 }
2440 
2441                 /* The immediate versions don't provide a code.  */
2442                 if (!(trap_instr & 0xFC000000)) {
2443                     if (env->hflags & MIPS_HFLAG_M16) {
2444                         /* microMIPS mode */
2445                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
2446                     } else {
2447                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
2448                     }
2449                 }
2450 
2451                 if (do_break(env, &info, code) != 0) {
2452                     goto error;
2453                 }
2454             }
2455             break;
2456         case EXCP_ATOMIC:
2457             cpu_exec_step_atomic(cs);
2458             break;
2459         default:
2460 error:
2461             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
2462             abort();
2463         }
2464         process_pending_signals(env);
2465     }
2466 }
2467 #endif
2468 
2469 #ifdef TARGET_NIOS2
2470 
2471 void cpu_loop(CPUNios2State *env)
2472 {
2473     CPUState *cs = ENV_GET_CPU(env);
2474     Nios2CPU *cpu = NIOS2_CPU(cs);
2475     target_siginfo_t info;
2476     int trapnr, gdbsig, ret;
2477 
2478     for (;;) {
2479         cpu_exec_start(cs);
2480         trapnr = cpu_exec(cs);
2481         cpu_exec_end(cs);
2482         gdbsig = 0;
2483 
2484         switch (trapnr) {
2485         case EXCP_INTERRUPT:
2486             /* just indicate that signals should be handled asap */
2487             break;
2488         case EXCP_TRAP:
2489             if (env->regs[R_AT] == 0) {
2490                 abi_long ret;
2491                 qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
2492 
2493                 ret = do_syscall(env, env->regs[2],
2494                                  env->regs[4], env->regs[5], env->regs[6],
2495                                  env->regs[7], env->regs[8], env->regs[9],
2496                                  0, 0);
2497 
2498                 if (env->regs[2] == 0) {    /* FIXME: syscall 0 workaround */
2499                     ret = 0;
2500                 }
2501 
2502                 env->regs[2] = abs(ret);
2503                 /* Return value is 0..4096 */
2504                 env->regs[7] = (ret > 0xfffffffffffff000ULL);
2505                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2506                 env->regs[CR_STATUS] &= ~0x3;
2507                 env->regs[R_EA] = env->regs[R_PC] + 4;
2508                 env->regs[R_PC] += 4;
2509                 break;
2510             } else {
2511                 qemu_log_mask(CPU_LOG_INT, "\nTrap\n");
2512 
2513                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2514                 env->regs[CR_STATUS] &= ~0x3;
2515                 env->regs[R_EA] = env->regs[R_PC] + 4;
2516                 env->regs[R_PC] = cpu->exception_addr;
2517 
2518                 gdbsig = TARGET_SIGTRAP;
2519                 break;
2520             }
2521         case 0xaa:
2522             switch (env->regs[R_PC]) {
2523             /*case 0x1000:*/  /* TODO:__kuser_helper_version */
2524             case 0x1004:      /* __kuser_cmpxchg */
2525                 start_exclusive();
2526                 if (env->regs[4] & 0x3) {
2527                     goto kuser_fail;
2528                 }
2529                 ret = get_user_u32(env->regs[2], env->regs[4]);
2530                 if (ret) {
2531                     end_exclusive();
2532                     goto kuser_fail;
2533                 }
2534                 env->regs[2] -= env->regs[5];
2535                 if (env->regs[2] == 0) {
2536                     put_user_u32(env->regs[6], env->regs[4]);
2537                 }
2538                 end_exclusive();
2539                 env->regs[R_PC] = env->regs[R_RA];
2540                 break;
2541             /*case 0x1040:*/  /* TODO:__kuser_sigtramp */
2542             default:
2543                 ;
2544 kuser_fail:
2545                 info.si_signo = TARGET_SIGSEGV;
2546                 info.si_errno = 0;
2547                 /* TODO: check env->error_code */
2548                 info.si_code = TARGET_SEGV_MAPERR;
2549                 info._sifields._sigfault._addr = env->regs[R_PC];
2550                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2551             }
2552             break;
2553         default:
2554             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
2555                      trapnr);
2556             gdbsig = TARGET_SIGILL;
2557             break;
2558         }
2559         if (gdbsig) {
2560             gdb_handlesig(cs, gdbsig);
2561             if (gdbsig != TARGET_SIGTRAP) {
2562                 exit(EXIT_FAILURE);
2563             }
2564         }
2565 
2566         process_pending_signals(env);
2567     }
2568 }
2569 
2570 #endif /* TARGET_NIOS2 */
2571 
2572 #ifdef TARGET_OPENRISC
2573 
2574 void cpu_loop(CPUOpenRISCState *env)
2575 {
2576     CPUState *cs = CPU(openrisc_env_get_cpu(env));
2577     int trapnr, gdbsig;
2578     abi_long ret;
2579 
2580     for (;;) {
2581         cpu_exec_start(cs);
2582         trapnr = cpu_exec(cs);
2583         cpu_exec_end(cs);
2584         process_queued_cpu_work(cs);
2585         gdbsig = 0;
2586 
2587         switch (trapnr) {
2588         case EXCP_RESET:
2589             qemu_log_mask(CPU_LOG_INT, "\nReset request, exit, pc is %#x\n", env->pc);
2590             exit(EXIT_FAILURE);
2591             break;
2592         case EXCP_BUSERR:
2593             qemu_log_mask(CPU_LOG_INT, "\nBus error, exit, pc is %#x\n", env->pc);
2594             gdbsig = TARGET_SIGBUS;
2595             break;
2596         case EXCP_DPF:
2597         case EXCP_IPF:
2598             cpu_dump_state(cs, stderr, fprintf, 0);
2599             gdbsig = TARGET_SIGSEGV;
2600             break;
2601         case EXCP_TICK:
2602             qemu_log_mask(CPU_LOG_INT, "\nTick time interrupt pc is %#x\n", env->pc);
2603             break;
2604         case EXCP_ALIGN:
2605             qemu_log_mask(CPU_LOG_INT, "\nAlignment pc is %#x\n", env->pc);
2606             gdbsig = TARGET_SIGBUS;
2607             break;
2608         case EXCP_ILLEGAL:
2609             qemu_log_mask(CPU_LOG_INT, "\nIllegal instructionpc is %#x\n", env->pc);
2610             gdbsig = TARGET_SIGILL;
2611             break;
2612         case EXCP_INT:
2613             qemu_log_mask(CPU_LOG_INT, "\nExternal interruptpc is %#x\n", env->pc);
2614             break;
2615         case EXCP_DTLBMISS:
2616         case EXCP_ITLBMISS:
2617             qemu_log_mask(CPU_LOG_INT, "\nTLB miss\n");
2618             break;
2619         case EXCP_RANGE:
2620             qemu_log_mask(CPU_LOG_INT, "\nRange\n");
2621             gdbsig = TARGET_SIGSEGV;
2622             break;
2623         case EXCP_SYSCALL:
2624             env->pc += 4;   /* 0xc00; */
2625             ret = do_syscall(env,
2626                              env->gpr[11], /* return value       */
2627                              env->gpr[3],  /* r3 - r7 are params */
2628                              env->gpr[4],
2629                              env->gpr[5],
2630                              env->gpr[6],
2631                              env->gpr[7],
2632                              env->gpr[8], 0, 0);
2633             if (ret == -TARGET_ERESTARTSYS) {
2634                 env->pc -= 4;
2635             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2636                 env->gpr[11] = ret;
2637             }
2638             break;
2639         case EXCP_FPE:
2640             qemu_log_mask(CPU_LOG_INT, "\nFloating point error\n");
2641             break;
2642         case EXCP_TRAP:
2643             qemu_log_mask(CPU_LOG_INT, "\nTrap\n");
2644             gdbsig = TARGET_SIGTRAP;
2645             break;
2646         case EXCP_NR:
2647             qemu_log_mask(CPU_LOG_INT, "\nNR\n");
2648             break;
2649         case EXCP_ATOMIC:
2650             cpu_exec_step_atomic(cs);
2651             break;
2652         default:
2653             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
2654                      trapnr);
2655             gdbsig = TARGET_SIGILL;
2656             break;
2657         }
2658         if (gdbsig) {
2659             gdb_handlesig(cs, gdbsig);
2660             if (gdbsig != TARGET_SIGTRAP) {
2661                 exit(EXIT_FAILURE);
2662             }
2663         }
2664 
2665         process_pending_signals(env);
2666     }
2667 }
2668 
2669 #endif /* TARGET_OPENRISC */
2670 
2671 #ifdef TARGET_SH4
2672 void cpu_loop(CPUSH4State *env)
2673 {
2674     CPUState *cs = CPU(sh_env_get_cpu(env));
2675     int trapnr, ret;
2676     target_siginfo_t info;
2677 
2678     while (1) {
2679         cpu_exec_start(cs);
2680         trapnr = cpu_exec(cs);
2681         cpu_exec_end(cs);
2682         process_queued_cpu_work(cs);
2683 
2684         switch (trapnr) {
2685         case 0x160:
2686             env->pc += 2;
2687             ret = do_syscall(env,
2688                              env->gregs[3],
2689                              env->gregs[4],
2690                              env->gregs[5],
2691                              env->gregs[6],
2692                              env->gregs[7],
2693                              env->gregs[0],
2694                              env->gregs[1],
2695                              0, 0);
2696             if (ret == -TARGET_ERESTARTSYS) {
2697                 env->pc -= 2;
2698             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2699                 env->gregs[0] = ret;
2700             }
2701             break;
2702         case EXCP_INTERRUPT:
2703             /* just indicate that signals should be handled asap */
2704             break;
2705         case EXCP_DEBUG:
2706             {
2707                 int sig;
2708 
2709                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2710                 if (sig)
2711                   {
2712                     info.si_signo = sig;
2713                     info.si_errno = 0;
2714                     info.si_code = TARGET_TRAP_BRKPT;
2715                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2716                   }
2717             }
2718             break;
2719 	case 0xa0:
2720 	case 0xc0:
2721             info.si_signo = TARGET_SIGSEGV;
2722             info.si_errno = 0;
2723             info.si_code = TARGET_SEGV_MAPERR;
2724             info._sifields._sigfault._addr = env->tea;
2725             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2726 	    break;
2727 
2728         case EXCP_ATOMIC:
2729             cpu_exec_step_atomic(cs);
2730             break;
2731         default:
2732             printf ("Unhandled trap: 0x%x\n", trapnr);
2733             cpu_dump_state(cs, stderr, fprintf, 0);
2734             exit(EXIT_FAILURE);
2735         }
2736         process_pending_signals (env);
2737     }
2738 }
2739 #endif
2740 
2741 #ifdef TARGET_CRIS
2742 void cpu_loop(CPUCRISState *env)
2743 {
2744     CPUState *cs = CPU(cris_env_get_cpu(env));
2745     int trapnr, ret;
2746     target_siginfo_t info;
2747 
2748     while (1) {
2749         cpu_exec_start(cs);
2750         trapnr = cpu_exec(cs);
2751         cpu_exec_end(cs);
2752         process_queued_cpu_work(cs);
2753 
2754         switch (trapnr) {
2755         case 0xaa:
2756             {
2757                 info.si_signo = TARGET_SIGSEGV;
2758                 info.si_errno = 0;
2759                 /* XXX: check env->error_code */
2760                 info.si_code = TARGET_SEGV_MAPERR;
2761                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
2762                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2763             }
2764             break;
2765 	case EXCP_INTERRUPT:
2766 	  /* just indicate that signals should be handled asap */
2767 	  break;
2768         case EXCP_BREAK:
2769             ret = do_syscall(env,
2770                              env->regs[9],
2771                              env->regs[10],
2772                              env->regs[11],
2773                              env->regs[12],
2774                              env->regs[13],
2775                              env->pregs[7],
2776                              env->pregs[11],
2777                              0, 0);
2778             if (ret == -TARGET_ERESTARTSYS) {
2779                 env->pc -= 2;
2780             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2781                 env->regs[10] = ret;
2782             }
2783             break;
2784         case EXCP_DEBUG:
2785             {
2786                 int sig;
2787 
2788                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2789                 if (sig)
2790                   {
2791                     info.si_signo = sig;
2792                     info.si_errno = 0;
2793                     info.si_code = TARGET_TRAP_BRKPT;
2794                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2795                   }
2796             }
2797             break;
2798         case EXCP_ATOMIC:
2799             cpu_exec_step_atomic(cs);
2800             break;
2801         default:
2802             printf ("Unhandled trap: 0x%x\n", trapnr);
2803             cpu_dump_state(cs, stderr, fprintf, 0);
2804             exit(EXIT_FAILURE);
2805         }
2806         process_pending_signals (env);
2807     }
2808 }
2809 #endif
2810 
2811 #ifdef TARGET_MICROBLAZE
2812 void cpu_loop(CPUMBState *env)
2813 {
2814     CPUState *cs = CPU(mb_env_get_cpu(env));
2815     int trapnr, ret;
2816     target_siginfo_t info;
2817 
2818     while (1) {
2819         cpu_exec_start(cs);
2820         trapnr = cpu_exec(cs);
2821         cpu_exec_end(cs);
2822         process_queued_cpu_work(cs);
2823 
2824         switch (trapnr) {
2825         case 0xaa:
2826             {
2827                 info.si_signo = TARGET_SIGSEGV;
2828                 info.si_errno = 0;
2829                 /* XXX: check env->error_code */
2830                 info.si_code = TARGET_SEGV_MAPERR;
2831                 info._sifields._sigfault._addr = 0;
2832                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2833             }
2834             break;
2835 	case EXCP_INTERRUPT:
2836 	  /* just indicate that signals should be handled asap */
2837 	  break;
2838         case EXCP_BREAK:
2839             /* Return address is 4 bytes after the call.  */
2840             env->regs[14] += 4;
2841             env->sregs[SR_PC] = env->regs[14];
2842             ret = do_syscall(env,
2843                              env->regs[12],
2844                              env->regs[5],
2845                              env->regs[6],
2846                              env->regs[7],
2847                              env->regs[8],
2848                              env->regs[9],
2849                              env->regs[10],
2850                              0, 0);
2851             if (ret == -TARGET_ERESTARTSYS) {
2852                 /* Wind back to before the syscall. */
2853                 env->sregs[SR_PC] -= 4;
2854             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2855                 env->regs[3] = ret;
2856             }
2857             /* All syscall exits result in guest r14 being equal to the
2858              * PC we return to, because the kernel syscall exit "rtbd" does
2859              * this. (This is true even for sigreturn(); note that r14 is
2860              * not a userspace-usable register, as the kernel may clobber it
2861              * at any point.)
2862              */
2863             env->regs[14] = env->sregs[SR_PC];
2864             break;
2865         case EXCP_HW_EXCP:
2866             env->regs[17] = env->sregs[SR_PC] + 4;
2867             if (env->iflags & D_FLAG) {
2868                 env->sregs[SR_ESR] |= 1 << 12;
2869                 env->sregs[SR_PC] -= 4;
2870                 /* FIXME: if branch was immed, replay the imm as well.  */
2871             }
2872 
2873             env->iflags &= ~(IMM_FLAG | D_FLAG);
2874 
2875             switch (env->sregs[SR_ESR] & 31) {
2876                 case ESR_EC_DIVZERO:
2877                     info.si_signo = TARGET_SIGFPE;
2878                     info.si_errno = 0;
2879                     info.si_code = TARGET_FPE_FLTDIV;
2880                     info._sifields._sigfault._addr = 0;
2881                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2882                     break;
2883                 case ESR_EC_FPU:
2884                     info.si_signo = TARGET_SIGFPE;
2885                     info.si_errno = 0;
2886                     if (env->sregs[SR_FSR] & FSR_IO) {
2887                         info.si_code = TARGET_FPE_FLTINV;
2888                     }
2889                     if (env->sregs[SR_FSR] & FSR_DZ) {
2890                         info.si_code = TARGET_FPE_FLTDIV;
2891                     }
2892                     info._sifields._sigfault._addr = 0;
2893                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2894                     break;
2895                 default:
2896                     printf ("Unhandled hw-exception: 0x%x\n",
2897                             env->sregs[SR_ESR] & ESR_EC_MASK);
2898                     cpu_dump_state(cs, stderr, fprintf, 0);
2899                     exit(EXIT_FAILURE);
2900                     break;
2901             }
2902             break;
2903         case EXCP_DEBUG:
2904             {
2905                 int sig;
2906 
2907                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2908                 if (sig)
2909                   {
2910                     info.si_signo = sig;
2911                     info.si_errno = 0;
2912                     info.si_code = TARGET_TRAP_BRKPT;
2913                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2914                   }
2915             }
2916             break;
2917         case EXCP_ATOMIC:
2918             cpu_exec_step_atomic(cs);
2919             break;
2920         default:
2921             printf ("Unhandled trap: 0x%x\n", trapnr);
2922             cpu_dump_state(cs, stderr, fprintf, 0);
2923             exit(EXIT_FAILURE);
2924         }
2925         process_pending_signals (env);
2926     }
2927 }
2928 #endif
2929 
2930 #ifdef TARGET_M68K
2931 
2932 void cpu_loop(CPUM68KState *env)
2933 {
2934     CPUState *cs = CPU(m68k_env_get_cpu(env));
2935     int trapnr;
2936     unsigned int n;
2937     target_siginfo_t info;
2938     TaskState *ts = cs->opaque;
2939 
2940     for(;;) {
2941         cpu_exec_start(cs);
2942         trapnr = cpu_exec(cs);
2943         cpu_exec_end(cs);
2944         process_queued_cpu_work(cs);
2945 
2946         switch(trapnr) {
2947         case EXCP_ILLEGAL:
2948             {
2949                 if (ts->sim_syscalls) {
2950                     uint16_t nr;
2951                     get_user_u16(nr, env->pc + 2);
2952                     env->pc += 4;
2953                     do_m68k_simcall(env, nr);
2954                 } else {
2955                     goto do_sigill;
2956                 }
2957             }
2958             break;
2959         case EXCP_HALT_INSN:
2960             /* Semihosing syscall.  */
2961             env->pc += 4;
2962             do_m68k_semihosting(env, env->dregs[0]);
2963             break;
2964         case EXCP_LINEA:
2965         case EXCP_LINEF:
2966         case EXCP_UNSUPPORTED:
2967         do_sigill:
2968             info.si_signo = TARGET_SIGILL;
2969             info.si_errno = 0;
2970             info.si_code = TARGET_ILL_ILLOPN;
2971             info._sifields._sigfault._addr = env->pc;
2972             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2973             break;
2974         case EXCP_DIV0:
2975             info.si_signo = TARGET_SIGFPE;
2976             info.si_errno = 0;
2977             info.si_code = TARGET_FPE_INTDIV;
2978             info._sifields._sigfault._addr = env->pc;
2979             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2980             break;
2981         case EXCP_TRAP0:
2982             {
2983                 abi_long ret;
2984                 ts->sim_syscalls = 0;
2985                 n = env->dregs[0];
2986                 env->pc += 2;
2987                 ret = do_syscall(env,
2988                                  n,
2989                                  env->dregs[1],
2990                                  env->dregs[2],
2991                                  env->dregs[3],
2992                                  env->dregs[4],
2993                                  env->dregs[5],
2994                                  env->aregs[0],
2995                                  0, 0);
2996                 if (ret == -TARGET_ERESTARTSYS) {
2997                     env->pc -= 2;
2998                 } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2999                     env->dregs[0] = ret;
3000                 }
3001             }
3002             break;
3003         case EXCP_INTERRUPT:
3004             /* just indicate that signals should be handled asap */
3005             break;
3006         case EXCP_ACCESS:
3007             {
3008                 info.si_signo = TARGET_SIGSEGV;
3009                 info.si_errno = 0;
3010                 /* XXX: check env->error_code */
3011                 info.si_code = TARGET_SEGV_MAPERR;
3012                 info._sifields._sigfault._addr = env->mmu.ar;
3013                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3014             }
3015             break;
3016         case EXCP_DEBUG:
3017             {
3018                 int sig;
3019 
3020                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3021                 if (sig)
3022                   {
3023                     info.si_signo = sig;
3024                     info.si_errno = 0;
3025                     info.si_code = TARGET_TRAP_BRKPT;
3026                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3027                   }
3028             }
3029             break;
3030         case EXCP_ATOMIC:
3031             cpu_exec_step_atomic(cs);
3032             break;
3033         default:
3034             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
3035             abort();
3036         }
3037         process_pending_signals(env);
3038     }
3039 }
3040 #endif /* TARGET_M68K */
3041 
3042 #ifdef TARGET_ALPHA
3043 void cpu_loop(CPUAlphaState *env)
3044 {
3045     CPUState *cs = CPU(alpha_env_get_cpu(env));
3046     int trapnr;
3047     target_siginfo_t info;
3048     abi_long sysret;
3049 
3050     while (1) {
3051         cpu_exec_start(cs);
3052         trapnr = cpu_exec(cs);
3053         cpu_exec_end(cs);
3054         process_queued_cpu_work(cs);
3055 
3056         /* All of the traps imply a transition through PALcode, which
3057            implies an REI instruction has been executed.  Which means
3058            that the intr_flag should be cleared.  */
3059         env->intr_flag = 0;
3060 
3061         switch (trapnr) {
3062         case EXCP_RESET:
3063             fprintf(stderr, "Reset requested. Exit\n");
3064             exit(EXIT_FAILURE);
3065             break;
3066         case EXCP_MCHK:
3067             fprintf(stderr, "Machine check exception. Exit\n");
3068             exit(EXIT_FAILURE);
3069             break;
3070         case EXCP_SMP_INTERRUPT:
3071         case EXCP_CLK_INTERRUPT:
3072         case EXCP_DEV_INTERRUPT:
3073             fprintf(stderr, "External interrupt. Exit\n");
3074             exit(EXIT_FAILURE);
3075             break;
3076         case EXCP_MMFAULT:
3077             env->lock_addr = -1;
3078             info.si_signo = TARGET_SIGSEGV;
3079             info.si_errno = 0;
3080             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
3081                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
3082             info._sifields._sigfault._addr = env->trap_arg0;
3083             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3084             break;
3085         case EXCP_UNALIGN:
3086             env->lock_addr = -1;
3087             info.si_signo = TARGET_SIGBUS;
3088             info.si_errno = 0;
3089             info.si_code = TARGET_BUS_ADRALN;
3090             info._sifields._sigfault._addr = env->trap_arg0;
3091             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3092             break;
3093         case EXCP_OPCDEC:
3094         do_sigill:
3095             env->lock_addr = -1;
3096             info.si_signo = TARGET_SIGILL;
3097             info.si_errno = 0;
3098             info.si_code = TARGET_ILL_ILLOPC;
3099             info._sifields._sigfault._addr = env->pc;
3100             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3101             break;
3102         case EXCP_ARITH:
3103             env->lock_addr = -1;
3104             info.si_signo = TARGET_SIGFPE;
3105             info.si_errno = 0;
3106             info.si_code = TARGET_FPE_FLTINV;
3107             info._sifields._sigfault._addr = env->pc;
3108             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3109             break;
3110         case EXCP_FEN:
3111             /* No-op.  Linux simply re-enables the FPU.  */
3112             break;
3113         case EXCP_CALL_PAL:
3114             env->lock_addr = -1;
3115             switch (env->error_code) {
3116             case 0x80:
3117                 /* BPT */
3118                 info.si_signo = TARGET_SIGTRAP;
3119                 info.si_errno = 0;
3120                 info.si_code = TARGET_TRAP_BRKPT;
3121                 info._sifields._sigfault._addr = env->pc;
3122                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3123                 break;
3124             case 0x81:
3125                 /* BUGCHK */
3126                 info.si_signo = TARGET_SIGTRAP;
3127                 info.si_errno = 0;
3128                 info.si_code = 0;
3129                 info._sifields._sigfault._addr = env->pc;
3130                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3131                 break;
3132             case 0x83:
3133                 /* CALLSYS */
3134                 trapnr = env->ir[IR_V0];
3135                 sysret = do_syscall(env, trapnr,
3136                                     env->ir[IR_A0], env->ir[IR_A1],
3137                                     env->ir[IR_A2], env->ir[IR_A3],
3138                                     env->ir[IR_A4], env->ir[IR_A5],
3139                                     0, 0);
3140                 if (sysret == -TARGET_ERESTARTSYS) {
3141                     env->pc -= 4;
3142                     break;
3143                 }
3144                 if (sysret == -TARGET_QEMU_ESIGRETURN) {
3145                     break;
3146                 }
3147                 /* Syscall writes 0 to V0 to bypass error check, similar
3148                    to how this is handled internal to Linux kernel.
3149                    (Ab)use trapnr temporarily as boolean indicating error.  */
3150                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
3151                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
3152                 env->ir[IR_A3] = trapnr;
3153                 break;
3154             case 0x86:
3155                 /* IMB */
3156                 /* ??? We can probably elide the code using page_unprotect
3157                    that is checking for self-modifying code.  Instead we
3158                    could simply call tb_flush here.  Until we work out the
3159                    changes required to turn off the extra write protection,
3160                    this can be a no-op.  */
3161                 break;
3162             case 0x9E:
3163                 /* RDUNIQUE */
3164                 /* Handled in the translator for usermode.  */
3165                 abort();
3166             case 0x9F:
3167                 /* WRUNIQUE */
3168                 /* Handled in the translator for usermode.  */
3169                 abort();
3170             case 0xAA:
3171                 /* GENTRAP */
3172                 info.si_signo = TARGET_SIGFPE;
3173                 switch (env->ir[IR_A0]) {
3174                 case TARGET_GEN_INTOVF:
3175                     info.si_code = TARGET_FPE_INTOVF;
3176                     break;
3177                 case TARGET_GEN_INTDIV:
3178                     info.si_code = TARGET_FPE_INTDIV;
3179                     break;
3180                 case TARGET_GEN_FLTOVF:
3181                     info.si_code = TARGET_FPE_FLTOVF;
3182                     break;
3183                 case TARGET_GEN_FLTUND:
3184                     info.si_code = TARGET_FPE_FLTUND;
3185                     break;
3186                 case TARGET_GEN_FLTINV:
3187                     info.si_code = TARGET_FPE_FLTINV;
3188                     break;
3189                 case TARGET_GEN_FLTINE:
3190                     info.si_code = TARGET_FPE_FLTRES;
3191                     break;
3192                 case TARGET_GEN_ROPRAND:
3193                     info.si_code = 0;
3194                     break;
3195                 default:
3196                     info.si_signo = TARGET_SIGTRAP;
3197                     info.si_code = 0;
3198                     break;
3199                 }
3200                 info.si_errno = 0;
3201                 info._sifields._sigfault._addr = env->pc;
3202                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3203                 break;
3204             default:
3205                 goto do_sigill;
3206             }
3207             break;
3208         case EXCP_DEBUG:
3209             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
3210             if (info.si_signo) {
3211                 env->lock_addr = -1;
3212                 info.si_errno = 0;
3213                 info.si_code = TARGET_TRAP_BRKPT;
3214                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3215             }
3216             break;
3217         case EXCP_INTERRUPT:
3218             /* Just indicate that signals should be handled asap.  */
3219             break;
3220         case EXCP_ATOMIC:
3221             cpu_exec_step_atomic(cs);
3222             break;
3223         default:
3224             printf ("Unhandled trap: 0x%x\n", trapnr);
3225             cpu_dump_state(cs, stderr, fprintf, 0);
3226             exit(EXIT_FAILURE);
3227         }
3228         process_pending_signals (env);
3229     }
3230 }
3231 #endif /* TARGET_ALPHA */
3232 
3233 #ifdef TARGET_S390X
3234 void cpu_loop(CPUS390XState *env)
3235 {
3236     CPUState *cs = CPU(s390_env_get_cpu(env));
3237     int trapnr, n, sig;
3238     target_siginfo_t info;
3239     target_ulong addr;
3240     abi_long ret;
3241 
3242     while (1) {
3243         cpu_exec_start(cs);
3244         trapnr = cpu_exec(cs);
3245         cpu_exec_end(cs);
3246         process_queued_cpu_work(cs);
3247 
3248         switch (trapnr) {
3249         case EXCP_INTERRUPT:
3250             /* Just indicate that signals should be handled asap.  */
3251             break;
3252 
3253         case EXCP_SVC:
3254             n = env->int_svc_code;
3255             if (!n) {
3256                 /* syscalls > 255 */
3257                 n = env->regs[1];
3258             }
3259             env->psw.addr += env->int_svc_ilen;
3260             ret = do_syscall(env, n, env->regs[2], env->regs[3],
3261                              env->regs[4], env->regs[5],
3262                              env->regs[6], env->regs[7], 0, 0);
3263             if (ret == -TARGET_ERESTARTSYS) {
3264                 env->psw.addr -= env->int_svc_ilen;
3265             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3266                 env->regs[2] = ret;
3267             }
3268             break;
3269 
3270         case EXCP_DEBUG:
3271             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3272             if (sig) {
3273                 n = TARGET_TRAP_BRKPT;
3274                 goto do_signal_pc;
3275             }
3276             break;
3277         case EXCP_PGM:
3278             n = env->int_pgm_code;
3279             switch (n) {
3280             case PGM_OPERATION:
3281             case PGM_PRIVILEGED:
3282                 sig = TARGET_SIGILL;
3283                 n = TARGET_ILL_ILLOPC;
3284                 goto do_signal_pc;
3285             case PGM_PROTECTION:
3286             case PGM_ADDRESSING:
3287                 sig = TARGET_SIGSEGV;
3288                 /* XXX: check env->error_code */
3289                 n = TARGET_SEGV_MAPERR;
3290                 addr = env->__excp_addr;
3291                 goto do_signal;
3292             case PGM_EXECUTE:
3293             case PGM_SPECIFICATION:
3294             case PGM_SPECIAL_OP:
3295             case PGM_OPERAND:
3296             do_sigill_opn:
3297                 sig = TARGET_SIGILL;
3298                 n = TARGET_ILL_ILLOPN;
3299                 goto do_signal_pc;
3300 
3301             case PGM_FIXPT_OVERFLOW:
3302                 sig = TARGET_SIGFPE;
3303                 n = TARGET_FPE_INTOVF;
3304                 goto do_signal_pc;
3305             case PGM_FIXPT_DIVIDE:
3306                 sig = TARGET_SIGFPE;
3307                 n = TARGET_FPE_INTDIV;
3308                 goto do_signal_pc;
3309 
3310             case PGM_DATA:
3311                 n = (env->fpc >> 8) & 0xff;
3312                 if (n == 0xff) {
3313                     /* compare-and-trap */
3314                     goto do_sigill_opn;
3315                 } else {
3316                     /* An IEEE exception, simulated or otherwise.  */
3317                     if (n & 0x80) {
3318                         n = TARGET_FPE_FLTINV;
3319                     } else if (n & 0x40) {
3320                         n = TARGET_FPE_FLTDIV;
3321                     } else if (n & 0x20) {
3322                         n = TARGET_FPE_FLTOVF;
3323                     } else if (n & 0x10) {
3324                         n = TARGET_FPE_FLTUND;
3325                     } else if (n & 0x08) {
3326                         n = TARGET_FPE_FLTRES;
3327                     } else {
3328                         /* ??? Quantum exception; BFP, DFP error.  */
3329                         goto do_sigill_opn;
3330                     }
3331                     sig = TARGET_SIGFPE;
3332                     goto do_signal_pc;
3333                 }
3334 
3335             default:
3336                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
3337                 cpu_dump_state(cs, stderr, fprintf, 0);
3338                 exit(EXIT_FAILURE);
3339             }
3340             break;
3341 
3342         do_signal_pc:
3343             addr = env->psw.addr;
3344         do_signal:
3345             info.si_signo = sig;
3346             info.si_errno = 0;
3347             info.si_code = n;
3348             info._sifields._sigfault._addr = addr;
3349             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3350             break;
3351 
3352         case EXCP_ATOMIC:
3353             cpu_exec_step_atomic(cs);
3354             break;
3355         default:
3356             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
3357             cpu_dump_state(cs, stderr, fprintf, 0);
3358             exit(EXIT_FAILURE);
3359         }
3360         process_pending_signals (env);
3361     }
3362 }
3363 
3364 #endif /* TARGET_S390X */
3365 
3366 #ifdef TARGET_TILEGX
3367 
3368 static void gen_sigill_reg(CPUTLGState *env)
3369 {
3370     target_siginfo_t info;
3371 
3372     info.si_signo = TARGET_SIGILL;
3373     info.si_errno = 0;
3374     info.si_code = TARGET_ILL_PRVREG;
3375     info._sifields._sigfault._addr = env->pc;
3376     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3377 }
3378 
3379 static void do_signal(CPUTLGState *env, int signo, int sigcode)
3380 {
3381     target_siginfo_t info;
3382 
3383     info.si_signo = signo;
3384     info.si_errno = 0;
3385     info._sifields._sigfault._addr = env->pc;
3386 
3387     if (signo == TARGET_SIGSEGV) {
3388         /* The passed in sigcode is a dummy; check for a page mapping
3389            and pass either MAPERR or ACCERR.  */
3390         target_ulong addr = env->excaddr;
3391         info._sifields._sigfault._addr = addr;
3392         if (page_check_range(addr, 1, PAGE_VALID) < 0) {
3393             sigcode = TARGET_SEGV_MAPERR;
3394         } else {
3395             sigcode = TARGET_SEGV_ACCERR;
3396         }
3397     }
3398     info.si_code = sigcode;
3399 
3400     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3401 }
3402 
3403 static void gen_sigsegv_maperr(CPUTLGState *env, target_ulong addr)
3404 {
3405     env->excaddr = addr;
3406     do_signal(env, TARGET_SIGSEGV, 0);
3407 }
3408 
3409 static void set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
3410 {
3411     if (unlikely(reg >= TILEGX_R_COUNT)) {
3412         switch (reg) {
3413         case TILEGX_R_SN:
3414         case TILEGX_R_ZERO:
3415             return;
3416         case TILEGX_R_IDN0:
3417         case TILEGX_R_IDN1:
3418         case TILEGX_R_UDN0:
3419         case TILEGX_R_UDN1:
3420         case TILEGX_R_UDN2:
3421         case TILEGX_R_UDN3:
3422             gen_sigill_reg(env);
3423             return;
3424         default:
3425             g_assert_not_reached();
3426         }
3427     }
3428     env->regs[reg] = val;
3429 }
3430 
3431 /*
3432  * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
3433  * memory at the address held in the first source register. If the values are
3434  * not equal, then no memory operation is performed. If the values are equal,
3435  * the 8-byte quantity from the second source register is written into memory
3436  * at the address held in the first source register. In either case, the result
3437  * of the instruction is the value read from memory. The compare and write to
3438  * memory are atomic and thus can be used for synchronization purposes. This
3439  * instruction only operates for addresses aligned to a 8-byte boundary.
3440  * Unaligned memory access causes an Unaligned Data Reference interrupt.
3441  *
3442  * Functional Description (64-bit)
3443  *       uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
3444  *       rf[Dest] = memVal;
3445  *       if (memVal == SPR[CmpValueSPR])
3446  *           memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
3447  *
3448  * Functional Description (32-bit)
3449  *       uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
3450  *       rf[Dest] = memVal;
3451  *       if (memVal == signExtend32 (SPR[CmpValueSPR]))
3452  *           memoryWriteWord (rf[SrcA], rf[SrcB]);
3453  *
3454  *
3455  * This function also processes exch and exch4 which need not process SPR.
3456  */
3457 static void do_exch(CPUTLGState *env, bool quad, bool cmp)
3458 {
3459     target_ulong addr;
3460     target_long val, sprval;
3461 
3462     start_exclusive();
3463 
3464     addr = env->atomic_srca;
3465     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3466         goto sigsegv_maperr;
3467     }
3468 
3469     if (cmp) {
3470         if (quad) {
3471             sprval = env->spregs[TILEGX_SPR_CMPEXCH];
3472         } else {
3473             sprval = sextract64(env->spregs[TILEGX_SPR_CMPEXCH], 0, 32);
3474         }
3475     }
3476 
3477     if (!cmp || val == sprval) {
3478         target_long valb = env->atomic_srcb;
3479         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3480             goto sigsegv_maperr;
3481         }
3482     }
3483 
3484     set_regval(env, env->atomic_dstr, val);
3485     end_exclusive();
3486     return;
3487 
3488  sigsegv_maperr:
3489     end_exclusive();
3490     gen_sigsegv_maperr(env, addr);
3491 }
3492 
3493 static void do_fetch(CPUTLGState *env, int trapnr, bool quad)
3494 {
3495     int8_t write = 1;
3496     target_ulong addr;
3497     target_long val, valb;
3498 
3499     start_exclusive();
3500 
3501     addr = env->atomic_srca;
3502     valb = env->atomic_srcb;
3503     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3504         goto sigsegv_maperr;
3505     }
3506 
3507     switch (trapnr) {
3508     case TILEGX_EXCP_OPCODE_FETCHADD:
3509     case TILEGX_EXCP_OPCODE_FETCHADD4:
3510         valb += val;
3511         break;
3512     case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3513         valb += val;
3514         if (valb < 0) {
3515             write = 0;
3516         }
3517         break;
3518     case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3519         valb += val;
3520         if ((int32_t)valb < 0) {
3521             write = 0;
3522         }
3523         break;
3524     case TILEGX_EXCP_OPCODE_FETCHAND:
3525     case TILEGX_EXCP_OPCODE_FETCHAND4:
3526         valb &= val;
3527         break;
3528     case TILEGX_EXCP_OPCODE_FETCHOR:
3529     case TILEGX_EXCP_OPCODE_FETCHOR4:
3530         valb |= val;
3531         break;
3532     default:
3533         g_assert_not_reached();
3534     }
3535 
3536     if (write) {
3537         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3538             goto sigsegv_maperr;
3539         }
3540     }
3541 
3542     set_regval(env, env->atomic_dstr, val);
3543     end_exclusive();
3544     return;
3545 
3546  sigsegv_maperr:
3547     end_exclusive();
3548     gen_sigsegv_maperr(env, addr);
3549 }
3550 
3551 void cpu_loop(CPUTLGState *env)
3552 {
3553     CPUState *cs = CPU(tilegx_env_get_cpu(env));
3554     int trapnr;
3555 
3556     while (1) {
3557         cpu_exec_start(cs);
3558         trapnr = cpu_exec(cs);
3559         cpu_exec_end(cs);
3560         process_queued_cpu_work(cs);
3561 
3562         switch (trapnr) {
3563         case TILEGX_EXCP_SYSCALL:
3564         {
3565             abi_ulong ret = do_syscall(env, env->regs[TILEGX_R_NR],
3566                                        env->regs[0], env->regs[1],
3567                                        env->regs[2], env->regs[3],
3568                                        env->regs[4], env->regs[5],
3569                                        env->regs[6], env->regs[7]);
3570             if (ret == -TARGET_ERESTARTSYS) {
3571                 env->pc -= 8;
3572             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3573                 env->regs[TILEGX_R_RE] = ret;
3574                 env->regs[TILEGX_R_ERR] = TILEGX_IS_ERRNO(ret) ? -ret : 0;
3575             }
3576             break;
3577         }
3578         case TILEGX_EXCP_OPCODE_EXCH:
3579             do_exch(env, true, false);
3580             break;
3581         case TILEGX_EXCP_OPCODE_EXCH4:
3582             do_exch(env, false, false);
3583             break;
3584         case TILEGX_EXCP_OPCODE_CMPEXCH:
3585             do_exch(env, true, true);
3586             break;
3587         case TILEGX_EXCP_OPCODE_CMPEXCH4:
3588             do_exch(env, false, true);
3589             break;
3590         case TILEGX_EXCP_OPCODE_FETCHADD:
3591         case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3592         case TILEGX_EXCP_OPCODE_FETCHAND:
3593         case TILEGX_EXCP_OPCODE_FETCHOR:
3594             do_fetch(env, trapnr, true);
3595             break;
3596         case TILEGX_EXCP_OPCODE_FETCHADD4:
3597         case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3598         case TILEGX_EXCP_OPCODE_FETCHAND4:
3599         case TILEGX_EXCP_OPCODE_FETCHOR4:
3600             do_fetch(env, trapnr, false);
3601             break;
3602         case TILEGX_EXCP_SIGNAL:
3603             do_signal(env, env->signo, env->sigcode);
3604             break;
3605         case TILEGX_EXCP_REG_IDN_ACCESS:
3606         case TILEGX_EXCP_REG_UDN_ACCESS:
3607             gen_sigill_reg(env);
3608             break;
3609         case EXCP_ATOMIC:
3610             cpu_exec_step_atomic(cs);
3611             break;
3612         default:
3613             fprintf(stderr, "trapnr is %d[0x%x].\n", trapnr, trapnr);
3614             g_assert_not_reached();
3615         }
3616         process_pending_signals(env);
3617     }
3618 }
3619 
3620 #endif
3621 
3622 #ifdef TARGET_HPPA
3623 
3624 static abi_ulong hppa_lws(CPUHPPAState *env)
3625 {
3626     uint32_t which = env->gr[20];
3627     abi_ulong addr = env->gr[26];
3628     abi_ulong old = env->gr[25];
3629     abi_ulong new = env->gr[24];
3630     abi_ulong size, ret;
3631 
3632     switch (which) {
3633     default:
3634         return -TARGET_ENOSYS;
3635 
3636     case 0: /* elf32 atomic 32bit cmpxchg */
3637         if ((addr & 3) || !access_ok(VERIFY_WRITE, addr, 4)) {
3638             return -TARGET_EFAULT;
3639         }
3640         old = tswap32(old);
3641         new = tswap32(new);
3642         ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3643         ret = tswap32(ret);
3644         break;
3645 
3646     case 2: /* elf32 atomic "new" cmpxchg */
3647         size = env->gr[23];
3648         if (size >= 4) {
3649             return -TARGET_ENOSYS;
3650         }
3651         if (((addr | old | new) & ((1 << size) - 1))
3652             || !access_ok(VERIFY_WRITE, addr, 1 << size)
3653             || !access_ok(VERIFY_READ, old, 1 << size)
3654             || !access_ok(VERIFY_READ, new, 1 << size)) {
3655             return -TARGET_EFAULT;
3656         }
3657         /* Note that below we use host-endian loads so that the cmpxchg
3658            can be host-endian as well.  */
3659         switch (size) {
3660         case 0:
3661             old = *(uint8_t *)g2h(old);
3662             new = *(uint8_t *)g2h(new);
3663             ret = atomic_cmpxchg((uint8_t *)g2h(addr), old, new);
3664             ret = ret != old;
3665             break;
3666         case 1:
3667             old = *(uint16_t *)g2h(old);
3668             new = *(uint16_t *)g2h(new);
3669             ret = atomic_cmpxchg((uint16_t *)g2h(addr), old, new);
3670             ret = ret != old;
3671             break;
3672         case 2:
3673             old = *(uint32_t *)g2h(old);
3674             new = *(uint32_t *)g2h(new);
3675             ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3676             ret = ret != old;
3677             break;
3678         case 3:
3679             {
3680                 uint64_t o64, n64, r64;
3681                 o64 = *(uint64_t *)g2h(old);
3682                 n64 = *(uint64_t *)g2h(new);
3683 #ifdef CONFIG_ATOMIC64
3684                 r64 = atomic_cmpxchg__nocheck((uint64_t *)g2h(addr), o64, n64);
3685                 ret = r64 != o64;
3686 #else
3687                 start_exclusive();
3688                 r64 = *(uint64_t *)g2h(addr);
3689                 ret = 1;
3690                 if (r64 == o64) {
3691                     *(uint64_t *)g2h(addr) = n64;
3692                     ret = 0;
3693                 }
3694                 end_exclusive();
3695 #endif
3696             }
3697             break;
3698         }
3699         break;
3700     }
3701 
3702     env->gr[28] = ret;
3703     return 0;
3704 }
3705 
3706 void cpu_loop(CPUHPPAState *env)
3707 {
3708     CPUState *cs = CPU(hppa_env_get_cpu(env));
3709     target_siginfo_t info;
3710     abi_ulong ret;
3711     int trapnr;
3712 
3713     while (1) {
3714         cpu_exec_start(cs);
3715         trapnr = cpu_exec(cs);
3716         cpu_exec_end(cs);
3717         process_queued_cpu_work(cs);
3718 
3719         switch (trapnr) {
3720         case EXCP_SYSCALL:
3721             ret = do_syscall(env, env->gr[20],
3722                              env->gr[26], env->gr[25],
3723                              env->gr[24], env->gr[23],
3724                              env->gr[22], env->gr[21], 0, 0);
3725             switch (ret) {
3726             default:
3727                 env->gr[28] = ret;
3728                 /* We arrived here by faking the gateway page.  Return.  */
3729                 env->iaoq_f = env->gr[31];
3730                 env->iaoq_b = env->gr[31] + 4;
3731                 break;
3732             case -TARGET_ERESTARTSYS:
3733             case -TARGET_QEMU_ESIGRETURN:
3734                 break;
3735             }
3736             break;
3737         case EXCP_SYSCALL_LWS:
3738             env->gr[21] = hppa_lws(env);
3739             /* We arrived here by faking the gateway page.  Return.  */
3740             env->iaoq_f = env->gr[31];
3741             env->iaoq_b = env->gr[31] + 4;
3742             break;
3743         case EXCP_SIGSEGV:
3744             info.si_signo = TARGET_SIGSEGV;
3745             info.si_errno = 0;
3746             info.si_code = TARGET_SEGV_ACCERR;
3747             info._sifields._sigfault._addr = env->ior;
3748             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3749             break;
3750         case EXCP_SIGILL:
3751             info.si_signo = TARGET_SIGILL;
3752             info.si_errno = 0;
3753             info.si_code = TARGET_ILL_ILLOPN;
3754             info._sifields._sigfault._addr = env->iaoq_f;
3755             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3756             break;
3757         case EXCP_SIGFPE:
3758             info.si_signo = TARGET_SIGFPE;
3759             info.si_errno = 0;
3760             info.si_code = 0;
3761             info._sifields._sigfault._addr = env->iaoq_f;
3762             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3763             break;
3764         case EXCP_DEBUG:
3765             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
3766             if (trapnr) {
3767                 info.si_signo = trapnr;
3768                 info.si_errno = 0;
3769                 info.si_code = TARGET_TRAP_BRKPT;
3770                 queue_signal(env, trapnr, QEMU_SI_FAULT, &info);
3771             }
3772             break;
3773         case EXCP_INTERRUPT:
3774             /* just indicate that signals should be handled asap */
3775             break;
3776         default:
3777             g_assert_not_reached();
3778         }
3779         process_pending_signals(env);
3780     }
3781 }
3782 
3783 #endif /* TARGET_HPPA */
3784 
3785 THREAD CPUState *thread_cpu;
3786 
3787 bool qemu_cpu_is_self(CPUState *cpu)
3788 {
3789     return thread_cpu == cpu;
3790 }
3791 
3792 void qemu_cpu_kick(CPUState *cpu)
3793 {
3794     cpu_exit(cpu);
3795 }
3796 
3797 void task_settid(TaskState *ts)
3798 {
3799     if (ts->ts_tid == 0) {
3800         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3801     }
3802 }
3803 
3804 void stop_all_tasks(void)
3805 {
3806     /*
3807      * We trust that when using NPTL, start_exclusive()
3808      * handles thread stopping correctly.
3809      */
3810     start_exclusive();
3811 }
3812 
3813 /* Assumes contents are already zeroed.  */
3814 void init_task_state(TaskState *ts)
3815 {
3816     ts->used = 1;
3817 }
3818 
3819 CPUArchState *cpu_copy(CPUArchState *env)
3820 {
3821     CPUState *cpu = ENV_GET_CPU(env);
3822     CPUState *new_cpu = cpu_init(cpu_model);
3823     CPUArchState *new_env = new_cpu->env_ptr;
3824     CPUBreakpoint *bp;
3825     CPUWatchpoint *wp;
3826 
3827     /* Reset non arch specific state */
3828     cpu_reset(new_cpu);
3829 
3830     memcpy(new_env, env, sizeof(CPUArchState));
3831 
3832     /* Clone all break/watchpoints.
3833        Note: Once we support ptrace with hw-debug register access, make sure
3834        BP_CPU break/watchpoints are handled correctly on clone. */
3835     QTAILQ_INIT(&new_cpu->breakpoints);
3836     QTAILQ_INIT(&new_cpu->watchpoints);
3837     QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
3838         cpu_breakpoint_insert(new_cpu, bp->pc, bp->flags, NULL);
3839     }
3840     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
3841         cpu_watchpoint_insert(new_cpu, wp->vaddr, wp->len, wp->flags, NULL);
3842     }
3843 
3844     return new_env;
3845 }
3846 
3847 static void handle_arg_help(const char *arg)
3848 {
3849     usage(EXIT_SUCCESS);
3850 }
3851 
3852 static void handle_arg_log(const char *arg)
3853 {
3854     int mask;
3855 
3856     mask = qemu_str_to_log_mask(arg);
3857     if (!mask) {
3858         qemu_print_log_usage(stdout);
3859         exit(EXIT_FAILURE);
3860     }
3861     qemu_log_needs_buffers();
3862     qemu_set_log(mask);
3863 }
3864 
3865 static void handle_arg_log_filename(const char *arg)
3866 {
3867     qemu_set_log_filename(arg, &error_fatal);
3868 }
3869 
3870 static void handle_arg_set_env(const char *arg)
3871 {
3872     char *r, *p, *token;
3873     r = p = strdup(arg);
3874     while ((token = strsep(&p, ",")) != NULL) {
3875         if (envlist_setenv(envlist, token) != 0) {
3876             usage(EXIT_FAILURE);
3877         }
3878     }
3879     free(r);
3880 }
3881 
3882 static void handle_arg_unset_env(const char *arg)
3883 {
3884     char *r, *p, *token;
3885     r = p = strdup(arg);
3886     while ((token = strsep(&p, ",")) != NULL) {
3887         if (envlist_unsetenv(envlist, token) != 0) {
3888             usage(EXIT_FAILURE);
3889         }
3890     }
3891     free(r);
3892 }
3893 
3894 static void handle_arg_argv0(const char *arg)
3895 {
3896     argv0 = strdup(arg);
3897 }
3898 
3899 static void handle_arg_stack_size(const char *arg)
3900 {
3901     char *p;
3902     guest_stack_size = strtoul(arg, &p, 0);
3903     if (guest_stack_size == 0) {
3904         usage(EXIT_FAILURE);
3905     }
3906 
3907     if (*p == 'M') {
3908         guest_stack_size *= 1024 * 1024;
3909     } else if (*p == 'k' || *p == 'K') {
3910         guest_stack_size *= 1024;
3911     }
3912 }
3913 
3914 static void handle_arg_ld_prefix(const char *arg)
3915 {
3916     interp_prefix = strdup(arg);
3917 }
3918 
3919 static void handle_arg_pagesize(const char *arg)
3920 {
3921     qemu_host_page_size = atoi(arg);
3922     if (qemu_host_page_size == 0 ||
3923         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
3924         fprintf(stderr, "page size must be a power of two\n");
3925         exit(EXIT_FAILURE);
3926     }
3927 }
3928 
3929 static void handle_arg_randseed(const char *arg)
3930 {
3931     unsigned long long seed;
3932 
3933     if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
3934         fprintf(stderr, "Invalid seed number: %s\n", arg);
3935         exit(EXIT_FAILURE);
3936     }
3937     srand(seed);
3938 }
3939 
3940 static void handle_arg_gdb(const char *arg)
3941 {
3942     gdbstub_port = atoi(arg);
3943 }
3944 
3945 static void handle_arg_uname(const char *arg)
3946 {
3947     qemu_uname_release = strdup(arg);
3948 }
3949 
3950 static void handle_arg_cpu(const char *arg)
3951 {
3952     cpu_model = strdup(arg);
3953     if (cpu_model == NULL || is_help_option(cpu_model)) {
3954         /* XXX: implement xxx_cpu_list for targets that still miss it */
3955 #if defined(cpu_list)
3956         cpu_list(stdout, &fprintf);
3957 #endif
3958         exit(EXIT_FAILURE);
3959     }
3960 }
3961 
3962 static void handle_arg_guest_base(const char *arg)
3963 {
3964     guest_base = strtol(arg, NULL, 0);
3965     have_guest_base = 1;
3966 }
3967 
3968 static void handle_arg_reserved_va(const char *arg)
3969 {
3970     char *p;
3971     int shift = 0;
3972     reserved_va = strtoul(arg, &p, 0);
3973     switch (*p) {
3974     case 'k':
3975     case 'K':
3976         shift = 10;
3977         break;
3978     case 'M':
3979         shift = 20;
3980         break;
3981     case 'G':
3982         shift = 30;
3983         break;
3984     }
3985     if (shift) {
3986         unsigned long unshifted = reserved_va;
3987         p++;
3988         reserved_va <<= shift;
3989         if (((reserved_va >> shift) != unshifted)
3990 #if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
3991             || (reserved_va > (1ul << TARGET_VIRT_ADDR_SPACE_BITS))
3992 #endif
3993             ) {
3994             fprintf(stderr, "Reserved virtual address too big\n");
3995             exit(EXIT_FAILURE);
3996         }
3997     }
3998     if (*p) {
3999         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
4000         exit(EXIT_FAILURE);
4001     }
4002 }
4003 
4004 static void handle_arg_singlestep(const char *arg)
4005 {
4006     singlestep = 1;
4007 }
4008 
4009 static void handle_arg_strace(const char *arg)
4010 {
4011     do_strace = 1;
4012 }
4013 
4014 static void handle_arg_version(const char *arg)
4015 {
4016     printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
4017            "\n" QEMU_COPYRIGHT "\n");
4018     exit(EXIT_SUCCESS);
4019 }
4020 
4021 static char *trace_file;
4022 static void handle_arg_trace(const char *arg)
4023 {
4024     g_free(trace_file);
4025     trace_file = trace_opt_parse(arg);
4026 }
4027 
4028 struct qemu_argument {
4029     const char *argv;
4030     const char *env;
4031     bool has_arg;
4032     void (*handle_opt)(const char *arg);
4033     const char *example;
4034     const char *help;
4035 };
4036 
4037 static const struct qemu_argument arg_table[] = {
4038     {"h",          "",                 false, handle_arg_help,
4039      "",           "print this help"},
4040     {"help",       "",                 false, handle_arg_help,
4041      "",           ""},
4042     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
4043      "port",       "wait gdb connection to 'port'"},
4044     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
4045      "path",       "set the elf interpreter prefix to 'path'"},
4046     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
4047      "size",       "set the stack size to 'size' bytes"},
4048     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
4049      "model",      "select CPU (-cpu help for list)"},
4050     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
4051      "var=value",  "sets targets environment variable (see below)"},
4052     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
4053      "var",        "unsets targets environment variable (see below)"},
4054     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
4055      "argv0",      "forces target process argv[0] to be 'argv0'"},
4056     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
4057      "uname",      "set qemu uname release string to 'uname'"},
4058     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
4059      "address",    "set guest_base address to 'address'"},
4060     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
4061      "size",       "reserve 'size' bytes for guest virtual address space"},
4062     {"d",          "QEMU_LOG",         true,  handle_arg_log,
4063      "item[,...]", "enable logging of specified items "
4064      "(use '-d help' for a list of items)"},
4065     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
4066      "logfile",     "write logs to 'logfile' (default stderr)"},
4067     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
4068      "pagesize",   "set the host page size to 'pagesize'"},
4069     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
4070      "",           "run in singlestep mode"},
4071     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
4072      "",           "log system calls"},
4073     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
4074      "",           "Seed for pseudo-random number generator"},
4075     {"trace",      "QEMU_TRACE",       true,  handle_arg_trace,
4076      "",           "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
4077     {"version",    "QEMU_VERSION",     false, handle_arg_version,
4078      "",           "display version information and exit"},
4079     {NULL, NULL, false, NULL, NULL, NULL}
4080 };
4081 
4082 static void usage(int exitcode)
4083 {
4084     const struct qemu_argument *arginfo;
4085     int maxarglen;
4086     int maxenvlen;
4087 
4088     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
4089            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
4090            "\n"
4091            "Options and associated environment variables:\n"
4092            "\n");
4093 
4094     /* Calculate column widths. We must always have at least enough space
4095      * for the column header.
4096      */
4097     maxarglen = strlen("Argument");
4098     maxenvlen = strlen("Env-variable");
4099 
4100     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4101         int arglen = strlen(arginfo->argv);
4102         if (arginfo->has_arg) {
4103             arglen += strlen(arginfo->example) + 1;
4104         }
4105         if (strlen(arginfo->env) > maxenvlen) {
4106             maxenvlen = strlen(arginfo->env);
4107         }
4108         if (arglen > maxarglen) {
4109             maxarglen = arglen;
4110         }
4111     }
4112 
4113     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
4114             maxenvlen, "Env-variable");
4115 
4116     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4117         if (arginfo->has_arg) {
4118             printf("-%s %-*s %-*s %s\n", arginfo->argv,
4119                    (int)(maxarglen - strlen(arginfo->argv) - 1),
4120                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
4121         } else {
4122             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
4123                     maxenvlen, arginfo->env,
4124                     arginfo->help);
4125         }
4126     }
4127 
4128     printf("\n"
4129            "Defaults:\n"
4130            "QEMU_LD_PREFIX  = %s\n"
4131            "QEMU_STACK_SIZE = %ld byte\n",
4132            interp_prefix,
4133            guest_stack_size);
4134 
4135     printf("\n"
4136            "You can use -E and -U options or the QEMU_SET_ENV and\n"
4137            "QEMU_UNSET_ENV environment variables to set and unset\n"
4138            "environment variables for the target process.\n"
4139            "It is possible to provide several variables by separating them\n"
4140            "by commas in getsubopt(3) style. Additionally it is possible to\n"
4141            "provide the -E and -U options multiple times.\n"
4142            "The following lines are equivalent:\n"
4143            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
4144            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
4145            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
4146            "Note that if you provide several changes to a single variable\n"
4147            "the last change will stay in effect.\n");
4148 
4149     exit(exitcode);
4150 }
4151 
4152 static int parse_args(int argc, char **argv)
4153 {
4154     const char *r;
4155     int optind;
4156     const struct qemu_argument *arginfo;
4157 
4158     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4159         if (arginfo->env == NULL) {
4160             continue;
4161         }
4162 
4163         r = getenv(arginfo->env);
4164         if (r != NULL) {
4165             arginfo->handle_opt(r);
4166         }
4167     }
4168 
4169     optind = 1;
4170     for (;;) {
4171         if (optind >= argc) {
4172             break;
4173         }
4174         r = argv[optind];
4175         if (r[0] != '-') {
4176             break;
4177         }
4178         optind++;
4179         r++;
4180         if (!strcmp(r, "-")) {
4181             break;
4182         }
4183         /* Treat --foo the same as -foo.  */
4184         if (r[0] == '-') {
4185             r++;
4186         }
4187 
4188         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4189             if (!strcmp(r, arginfo->argv)) {
4190                 if (arginfo->has_arg) {
4191                     if (optind >= argc) {
4192                         (void) fprintf(stderr,
4193                             "qemu: missing argument for option '%s'\n", r);
4194                         exit(EXIT_FAILURE);
4195                     }
4196                     arginfo->handle_opt(argv[optind]);
4197                     optind++;
4198                 } else {
4199                     arginfo->handle_opt(NULL);
4200                 }
4201                 break;
4202             }
4203         }
4204 
4205         /* no option matched the current argv */
4206         if (arginfo->handle_opt == NULL) {
4207             (void) fprintf(stderr, "qemu: unknown option '%s'\n", r);
4208             exit(EXIT_FAILURE);
4209         }
4210     }
4211 
4212     if (optind >= argc) {
4213         (void) fprintf(stderr, "qemu: no user program specified\n");
4214         exit(EXIT_FAILURE);
4215     }
4216 
4217     filename = argv[optind];
4218     exec_path = argv[optind];
4219 
4220     return optind;
4221 }
4222 
4223 int main(int argc, char **argv, char **envp)
4224 {
4225     struct target_pt_regs regs1, *regs = &regs1;
4226     struct image_info info1, *info = &info1;
4227     struct linux_binprm bprm;
4228     TaskState *ts;
4229     CPUArchState *env;
4230     CPUState *cpu;
4231     int optind;
4232     char **target_environ, **wrk;
4233     char **target_argv;
4234     int target_argc;
4235     int i;
4236     int ret;
4237     int execfd;
4238 
4239     module_call_init(MODULE_INIT_TRACE);
4240     qemu_init_cpu_list();
4241     module_call_init(MODULE_INIT_QOM);
4242 
4243     if ((envlist = envlist_create()) == NULL) {
4244         (void) fprintf(stderr, "Unable to allocate envlist\n");
4245         exit(EXIT_FAILURE);
4246     }
4247 
4248     /* add current environment into the list */
4249     for (wrk = environ; *wrk != NULL; wrk++) {
4250         (void) envlist_setenv(envlist, *wrk);
4251     }
4252 
4253     /* Read the stack limit from the kernel.  If it's "unlimited",
4254        then we can do little else besides use the default.  */
4255     {
4256         struct rlimit lim;
4257         if (getrlimit(RLIMIT_STACK, &lim) == 0
4258             && lim.rlim_cur != RLIM_INFINITY
4259             && lim.rlim_cur == (target_long)lim.rlim_cur) {
4260             guest_stack_size = lim.rlim_cur;
4261         }
4262     }
4263 
4264     cpu_model = NULL;
4265 
4266     srand(time(NULL));
4267 
4268     qemu_add_opts(&qemu_trace_opts);
4269 
4270     optind = parse_args(argc, argv);
4271 
4272     if (!trace_init_backends()) {
4273         exit(1);
4274     }
4275     trace_init_file(trace_file);
4276 
4277     /* Zero out regs */
4278     memset(regs, 0, sizeof(struct target_pt_regs));
4279 
4280     /* Zero out image_info */
4281     memset(info, 0, sizeof(struct image_info));
4282 
4283     memset(&bprm, 0, sizeof (bprm));
4284 
4285     /* Scan interp_prefix dir for replacement files. */
4286     init_paths(interp_prefix);
4287 
4288     init_qemu_uname_release();
4289 
4290     if (cpu_model == NULL) {
4291 #if defined(TARGET_I386)
4292 #ifdef TARGET_X86_64
4293         cpu_model = "qemu64";
4294 #else
4295         cpu_model = "qemu32";
4296 #endif
4297 #elif defined(TARGET_ARM)
4298         cpu_model = "any";
4299 #elif defined(TARGET_UNICORE32)
4300         cpu_model = "any";
4301 #elif defined(TARGET_M68K)
4302         cpu_model = "any";
4303 #elif defined(TARGET_SPARC)
4304 #ifdef TARGET_SPARC64
4305         cpu_model = "TI UltraSparc II";
4306 #else
4307         cpu_model = "Fujitsu MB86904";
4308 #endif
4309 #elif defined(TARGET_MIPS)
4310 #if defined(TARGET_ABI_MIPSN32) || defined(TARGET_ABI_MIPSN64)
4311         cpu_model = "5KEf";
4312 #else
4313         cpu_model = "24Kf";
4314 #endif
4315 #elif defined TARGET_OPENRISC
4316         cpu_model = "or1200";
4317 #elif defined(TARGET_PPC)
4318 # ifdef TARGET_PPC64
4319         cpu_model = "POWER8";
4320 # else
4321         cpu_model = "750";
4322 # endif
4323 #elif defined TARGET_SH4
4324         cpu_model = TYPE_SH7785_CPU;
4325 #elif defined TARGET_S390X
4326         cpu_model = "qemu";
4327 #else
4328         cpu_model = "any";
4329 #endif
4330     }
4331     tcg_exec_init(0);
4332     /* NOTE: we need to init the CPU at this stage to get
4333        qemu_host_page_size */
4334     cpu = cpu_init(cpu_model);
4335     if (!cpu) {
4336         fprintf(stderr, "Unable to find CPU definition\n");
4337         exit(EXIT_FAILURE);
4338     }
4339     env = cpu->env_ptr;
4340     cpu_reset(cpu);
4341 
4342     thread_cpu = cpu;
4343 
4344     if (getenv("QEMU_STRACE")) {
4345         do_strace = 1;
4346     }
4347 
4348     if (getenv("QEMU_RAND_SEED")) {
4349         handle_arg_randseed(getenv("QEMU_RAND_SEED"));
4350     }
4351 
4352     target_environ = envlist_to_environ(envlist, NULL);
4353     envlist_free(envlist);
4354 
4355     /*
4356      * Now that page sizes are configured in cpu_init() we can do
4357      * proper page alignment for guest_base.
4358      */
4359     guest_base = HOST_PAGE_ALIGN(guest_base);
4360 
4361     if (reserved_va || have_guest_base) {
4362         guest_base = init_guest_space(guest_base, reserved_va, 0,
4363                                       have_guest_base);
4364         if (guest_base == (unsigned long)-1) {
4365             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
4366                     "space for use as guest address space (check your virtual "
4367                     "memory ulimit setting or reserve less using -R option)\n",
4368                     reserved_va);
4369             exit(EXIT_FAILURE);
4370         }
4371 
4372         if (reserved_va) {
4373             mmap_next_start = reserved_va;
4374         }
4375     }
4376 
4377     /*
4378      * Read in mmap_min_addr kernel parameter.  This value is used
4379      * When loading the ELF image to determine whether guest_base
4380      * is needed.  It is also used in mmap_find_vma.
4381      */
4382     {
4383         FILE *fp;
4384 
4385         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
4386             unsigned long tmp;
4387             if (fscanf(fp, "%lu", &tmp) == 1) {
4388                 mmap_min_addr = tmp;
4389                 qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", mmap_min_addr);
4390             }
4391             fclose(fp);
4392         }
4393     }
4394 
4395     /*
4396      * Prepare copy of argv vector for target.
4397      */
4398     target_argc = argc - optind;
4399     target_argv = calloc(target_argc + 1, sizeof (char *));
4400     if (target_argv == NULL) {
4401 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
4402 	exit(EXIT_FAILURE);
4403     }
4404 
4405     /*
4406      * If argv0 is specified (using '-0' switch) we replace
4407      * argv[0] pointer with the given one.
4408      */
4409     i = 0;
4410     if (argv0 != NULL) {
4411         target_argv[i++] = strdup(argv0);
4412     }
4413     for (; i < target_argc; i++) {
4414         target_argv[i] = strdup(argv[optind + i]);
4415     }
4416     target_argv[target_argc] = NULL;
4417 
4418     ts = g_new0(TaskState, 1);
4419     init_task_state(ts);
4420     /* build Task State */
4421     ts->info = info;
4422     ts->bprm = &bprm;
4423     cpu->opaque = ts;
4424     task_settid(ts);
4425 
4426     execfd = qemu_getauxval(AT_EXECFD);
4427     if (execfd == 0) {
4428         execfd = open(filename, O_RDONLY);
4429         if (execfd < 0) {
4430             printf("Error while loading %s: %s\n", filename, strerror(errno));
4431             _exit(EXIT_FAILURE);
4432         }
4433     }
4434 
4435     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
4436         info, &bprm);
4437     if (ret != 0) {
4438         printf("Error while loading %s: %s\n", filename, strerror(-ret));
4439         _exit(EXIT_FAILURE);
4440     }
4441 
4442     for (wrk = target_environ; *wrk; wrk++) {
4443         free(*wrk);
4444     }
4445 
4446     free(target_environ);
4447 
4448     if (qemu_loglevel_mask(CPU_LOG_PAGE)) {
4449         qemu_log("guest_base  0x%lx\n", guest_base);
4450         log_page_dump();
4451 
4452         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
4453         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
4454         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n", info->start_code);
4455         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n", info->start_data);
4456         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
4457         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n", info->start_stack);
4458         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
4459         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
4460         qemu_log("argv_start  0x" TARGET_ABI_FMT_lx "\n", info->arg_start);
4461         qemu_log("env_start   0x" TARGET_ABI_FMT_lx "\n",
4462                  info->arg_end + (abi_ulong)sizeof(abi_ulong));
4463         qemu_log("auxv_start  0x" TARGET_ABI_FMT_lx "\n", info->saved_auxv);
4464     }
4465 
4466     target_set_brk(info->brk);
4467     syscall_init();
4468     signal_init();
4469 
4470     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
4471        generating the prologue until now so that the prologue can take
4472        the real value of GUEST_BASE into account.  */
4473     tcg_prologue_init(&tcg_ctx);
4474 
4475 #if defined(TARGET_I386)
4476     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
4477     env->hflags |= HF_PE_MASK | HF_CPL_MASK;
4478     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
4479         env->cr[4] |= CR4_OSFXSR_MASK;
4480         env->hflags |= HF_OSFXSR_MASK;
4481     }
4482 #ifndef TARGET_ABI32
4483     /* enable 64 bit mode if possible */
4484     if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
4485         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
4486         exit(EXIT_FAILURE);
4487     }
4488     env->cr[4] |= CR4_PAE_MASK;
4489     env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
4490     env->hflags |= HF_LMA_MASK;
4491 #endif
4492 
4493     /* flags setup : we activate the IRQs by default as in user mode */
4494     env->eflags |= IF_MASK;
4495 
4496     /* linux register setup */
4497 #ifndef TARGET_ABI32
4498     env->regs[R_EAX] = regs->rax;
4499     env->regs[R_EBX] = regs->rbx;
4500     env->regs[R_ECX] = regs->rcx;
4501     env->regs[R_EDX] = regs->rdx;
4502     env->regs[R_ESI] = regs->rsi;
4503     env->regs[R_EDI] = regs->rdi;
4504     env->regs[R_EBP] = regs->rbp;
4505     env->regs[R_ESP] = regs->rsp;
4506     env->eip = regs->rip;
4507 #else
4508     env->regs[R_EAX] = regs->eax;
4509     env->regs[R_EBX] = regs->ebx;
4510     env->regs[R_ECX] = regs->ecx;
4511     env->regs[R_EDX] = regs->edx;
4512     env->regs[R_ESI] = regs->esi;
4513     env->regs[R_EDI] = regs->edi;
4514     env->regs[R_EBP] = regs->ebp;
4515     env->regs[R_ESP] = regs->esp;
4516     env->eip = regs->eip;
4517 #endif
4518 
4519     /* linux interrupt setup */
4520 #ifndef TARGET_ABI32
4521     env->idt.limit = 511;
4522 #else
4523     env->idt.limit = 255;
4524 #endif
4525     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
4526                                 PROT_READ|PROT_WRITE,
4527                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4528     idt_table = g2h(env->idt.base);
4529     set_idt(0, 0);
4530     set_idt(1, 0);
4531     set_idt(2, 0);
4532     set_idt(3, 3);
4533     set_idt(4, 3);
4534     set_idt(5, 0);
4535     set_idt(6, 0);
4536     set_idt(7, 0);
4537     set_idt(8, 0);
4538     set_idt(9, 0);
4539     set_idt(10, 0);
4540     set_idt(11, 0);
4541     set_idt(12, 0);
4542     set_idt(13, 0);
4543     set_idt(14, 0);
4544     set_idt(15, 0);
4545     set_idt(16, 0);
4546     set_idt(17, 0);
4547     set_idt(18, 0);
4548     set_idt(19, 0);
4549     set_idt(0x80, 3);
4550 
4551     /* linux segment setup */
4552     {
4553         uint64_t *gdt_table;
4554         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
4555                                     PROT_READ|PROT_WRITE,
4556                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4557         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
4558         gdt_table = g2h(env->gdt.base);
4559 #ifdef TARGET_ABI32
4560         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4561                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4562                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4563 #else
4564         /* 64 bit code segment */
4565         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4566                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4567                  DESC_L_MASK |
4568                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4569 #endif
4570         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
4571                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4572                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
4573     }
4574     cpu_x86_load_seg(env, R_CS, __USER_CS);
4575     cpu_x86_load_seg(env, R_SS, __USER_DS);
4576 #ifdef TARGET_ABI32
4577     cpu_x86_load_seg(env, R_DS, __USER_DS);
4578     cpu_x86_load_seg(env, R_ES, __USER_DS);
4579     cpu_x86_load_seg(env, R_FS, __USER_DS);
4580     cpu_x86_load_seg(env, R_GS, __USER_DS);
4581     /* This hack makes Wine work... */
4582     env->segs[R_FS].selector = 0;
4583 #else
4584     cpu_x86_load_seg(env, R_DS, 0);
4585     cpu_x86_load_seg(env, R_ES, 0);
4586     cpu_x86_load_seg(env, R_FS, 0);
4587     cpu_x86_load_seg(env, R_GS, 0);
4588 #endif
4589 #elif defined(TARGET_AARCH64)
4590     {
4591         int i;
4592 
4593         if (!(arm_feature(env, ARM_FEATURE_AARCH64))) {
4594             fprintf(stderr,
4595                     "The selected ARM CPU does not support 64 bit mode\n");
4596             exit(EXIT_FAILURE);
4597         }
4598 
4599         for (i = 0; i < 31; i++) {
4600             env->xregs[i] = regs->regs[i];
4601         }
4602         env->pc = regs->pc;
4603         env->xregs[31] = regs->sp;
4604     }
4605 #elif defined(TARGET_ARM)
4606     {
4607         int i;
4608         cpsr_write(env, regs->uregs[16], CPSR_USER | CPSR_EXEC,
4609                    CPSRWriteByInstr);
4610         for(i = 0; i < 16; i++) {
4611             env->regs[i] = regs->uregs[i];
4612         }
4613 #ifdef TARGET_WORDS_BIGENDIAN
4614         /* Enable BE8.  */
4615         if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4
4616             && (info->elf_flags & EF_ARM_BE8)) {
4617             env->uncached_cpsr |= CPSR_E;
4618             env->cp15.sctlr_el[1] |= SCTLR_E0E;
4619         } else {
4620             env->cp15.sctlr_el[1] |= SCTLR_B;
4621         }
4622 #endif
4623     }
4624 #elif defined(TARGET_UNICORE32)
4625     {
4626         int i;
4627         cpu_asr_write(env, regs->uregs[32], 0xffffffff);
4628         for (i = 0; i < 32; i++) {
4629             env->regs[i] = regs->uregs[i];
4630         }
4631     }
4632 #elif defined(TARGET_SPARC)
4633     {
4634         int i;
4635 	env->pc = regs->pc;
4636 	env->npc = regs->npc;
4637         env->y = regs->y;
4638         for(i = 0; i < 8; i++)
4639             env->gregs[i] = regs->u_regs[i];
4640         for(i = 0; i < 8; i++)
4641             env->regwptr[i] = regs->u_regs[i + 8];
4642     }
4643 #elif defined(TARGET_PPC)
4644     {
4645         int i;
4646 
4647 #if defined(TARGET_PPC64)
4648         int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
4649 #if defined(TARGET_ABI32)
4650         env->msr &= ~((target_ulong)1 << flag);
4651 #else
4652         env->msr |= (target_ulong)1 << flag;
4653 #endif
4654 #endif
4655         env->nip = regs->nip;
4656         for(i = 0; i < 32; i++) {
4657             env->gpr[i] = regs->gpr[i];
4658         }
4659     }
4660 #elif defined(TARGET_M68K)
4661     {
4662         env->pc = regs->pc;
4663         env->dregs[0] = regs->d0;
4664         env->dregs[1] = regs->d1;
4665         env->dregs[2] = regs->d2;
4666         env->dregs[3] = regs->d3;
4667         env->dregs[4] = regs->d4;
4668         env->dregs[5] = regs->d5;
4669         env->dregs[6] = regs->d6;
4670         env->dregs[7] = regs->d7;
4671         env->aregs[0] = regs->a0;
4672         env->aregs[1] = regs->a1;
4673         env->aregs[2] = regs->a2;
4674         env->aregs[3] = regs->a3;
4675         env->aregs[4] = regs->a4;
4676         env->aregs[5] = regs->a5;
4677         env->aregs[6] = regs->a6;
4678         env->aregs[7] = regs->usp;
4679         env->sr = regs->sr;
4680         ts->sim_syscalls = 1;
4681     }
4682 #elif defined(TARGET_MICROBLAZE)
4683     {
4684         env->regs[0] = regs->r0;
4685         env->regs[1] = regs->r1;
4686         env->regs[2] = regs->r2;
4687         env->regs[3] = regs->r3;
4688         env->regs[4] = regs->r4;
4689         env->regs[5] = regs->r5;
4690         env->regs[6] = regs->r6;
4691         env->regs[7] = regs->r7;
4692         env->regs[8] = regs->r8;
4693         env->regs[9] = regs->r9;
4694         env->regs[10] = regs->r10;
4695         env->regs[11] = regs->r11;
4696         env->regs[12] = regs->r12;
4697         env->regs[13] = regs->r13;
4698         env->regs[14] = regs->r14;
4699         env->regs[15] = regs->r15;
4700         env->regs[16] = regs->r16;
4701         env->regs[17] = regs->r17;
4702         env->regs[18] = regs->r18;
4703         env->regs[19] = regs->r19;
4704         env->regs[20] = regs->r20;
4705         env->regs[21] = regs->r21;
4706         env->regs[22] = regs->r22;
4707         env->regs[23] = regs->r23;
4708         env->regs[24] = regs->r24;
4709         env->regs[25] = regs->r25;
4710         env->regs[26] = regs->r26;
4711         env->regs[27] = regs->r27;
4712         env->regs[28] = regs->r28;
4713         env->regs[29] = regs->r29;
4714         env->regs[30] = regs->r30;
4715         env->regs[31] = regs->r31;
4716         env->sregs[SR_PC] = regs->pc;
4717     }
4718 #elif defined(TARGET_MIPS)
4719     {
4720         int i;
4721 
4722         for(i = 0; i < 32; i++) {
4723             env->active_tc.gpr[i] = regs->regs[i];
4724         }
4725         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
4726         if (regs->cp0_epc & 1) {
4727             env->hflags |= MIPS_HFLAG_M16;
4728         }
4729         if (((info->elf_flags & EF_MIPS_NAN2008) != 0) !=
4730             ((env->active_fpu.fcr31 & (1 << FCR31_NAN2008)) != 0)) {
4731             if ((env->active_fpu.fcr31_rw_bitmask &
4732                   (1 << FCR31_NAN2008)) == 0) {
4733                 fprintf(stderr, "ELF binary's NaN mode not supported by CPU\n");
4734                 exit(1);
4735             }
4736             if ((info->elf_flags & EF_MIPS_NAN2008) != 0) {
4737                 env->active_fpu.fcr31 |= (1 << FCR31_NAN2008);
4738             } else {
4739                 env->active_fpu.fcr31 &= ~(1 << FCR31_NAN2008);
4740             }
4741             restore_snan_bit_mode(env);
4742         }
4743     }
4744 #elif defined(TARGET_NIOS2)
4745     {
4746         env->regs[0] = 0;
4747         env->regs[1] = regs->r1;
4748         env->regs[2] = regs->r2;
4749         env->regs[3] = regs->r3;
4750         env->regs[4] = regs->r4;
4751         env->regs[5] = regs->r5;
4752         env->regs[6] = regs->r6;
4753         env->regs[7] = regs->r7;
4754         env->regs[8] = regs->r8;
4755         env->regs[9] = regs->r9;
4756         env->regs[10] = regs->r10;
4757         env->regs[11] = regs->r11;
4758         env->regs[12] = regs->r12;
4759         env->regs[13] = regs->r13;
4760         env->regs[14] = regs->r14;
4761         env->regs[15] = regs->r15;
4762         /* TODO: unsigned long  orig_r2; */
4763         env->regs[R_RA] = regs->ra;
4764         env->regs[R_FP] = regs->fp;
4765         env->regs[R_SP] = regs->sp;
4766         env->regs[R_GP] = regs->gp;
4767         env->regs[CR_ESTATUS] = regs->estatus;
4768         env->regs[R_EA] = regs->ea;
4769         /* TODO: unsigned long  orig_r7; */
4770 
4771         /* Emulate eret when starting thread. */
4772         env->regs[R_PC] = regs->ea;
4773     }
4774 #elif defined(TARGET_OPENRISC)
4775     {
4776         int i;
4777 
4778         for (i = 0; i < 32; i++) {
4779             env->gpr[i] = regs->gpr[i];
4780         }
4781 
4782         env->sr = regs->sr;
4783         env->pc = regs->pc;
4784     }
4785 #elif defined(TARGET_SH4)
4786     {
4787         int i;
4788 
4789         for(i = 0; i < 16; i++) {
4790             env->gregs[i] = regs->regs[i];
4791         }
4792         env->pc = regs->pc;
4793     }
4794 #elif defined(TARGET_ALPHA)
4795     {
4796         int i;
4797 
4798         for(i = 0; i < 28; i++) {
4799             env->ir[i] = ((abi_ulong *)regs)[i];
4800         }
4801         env->ir[IR_SP] = regs->usp;
4802         env->pc = regs->pc;
4803     }
4804 #elif defined(TARGET_CRIS)
4805     {
4806 	    env->regs[0] = regs->r0;
4807 	    env->regs[1] = regs->r1;
4808 	    env->regs[2] = regs->r2;
4809 	    env->regs[3] = regs->r3;
4810 	    env->regs[4] = regs->r4;
4811 	    env->regs[5] = regs->r5;
4812 	    env->regs[6] = regs->r6;
4813 	    env->regs[7] = regs->r7;
4814 	    env->regs[8] = regs->r8;
4815 	    env->regs[9] = regs->r9;
4816 	    env->regs[10] = regs->r10;
4817 	    env->regs[11] = regs->r11;
4818 	    env->regs[12] = regs->r12;
4819 	    env->regs[13] = regs->r13;
4820 	    env->regs[14] = info->start_stack;
4821 	    env->regs[15] = regs->acr;
4822 	    env->pc = regs->erp;
4823     }
4824 #elif defined(TARGET_S390X)
4825     {
4826             int i;
4827             for (i = 0; i < 16; i++) {
4828                 env->regs[i] = regs->gprs[i];
4829             }
4830             env->psw.mask = regs->psw.mask;
4831             env->psw.addr = regs->psw.addr;
4832     }
4833 #elif defined(TARGET_TILEGX)
4834     {
4835         int i;
4836         for (i = 0; i < TILEGX_R_COUNT; i++) {
4837             env->regs[i] = regs->regs[i];
4838         }
4839         for (i = 0; i < TILEGX_SPR_COUNT; i++) {
4840             env->spregs[i] = 0;
4841         }
4842         env->pc = regs->pc;
4843     }
4844 #elif defined(TARGET_HPPA)
4845     {
4846         int i;
4847         for (i = 1; i < 32; i++) {
4848             env->gr[i] = regs->gr[i];
4849         }
4850         env->iaoq_f = regs->iaoq[0];
4851         env->iaoq_b = regs->iaoq[1];
4852     }
4853 #else
4854 #error unsupported target CPU
4855 #endif
4856 
4857 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
4858     ts->stack_base = info->start_stack;
4859     ts->heap_base = info->brk;
4860     /* This will be filled in on the first SYS_HEAPINFO call.  */
4861     ts->heap_limit = 0;
4862 #endif
4863 
4864     if (gdbstub_port) {
4865         if (gdbserver_start(gdbstub_port) < 0) {
4866             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
4867                     gdbstub_port);
4868             exit(EXIT_FAILURE);
4869         }
4870         gdb_handlesig(cpu, 0);
4871     }
4872     cpu_loop(env);
4873     /* never exits */
4874     return 0;
4875 }
4876