xref: /openbmc/qemu/linux-user/main.c (revision d0a28415e674ec0fee9375a800fb2250e6e0612a)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "qemu-version.h"
21 #include <sys/syscall.h>
22 #include <sys/resource.h>
23 
24 #include "qapi/error.h"
25 #include "qemu.h"
26 #include "qemu/path.h"
27 #include "qemu/config-file.h"
28 #include "qemu/cutils.h"
29 #include "qemu/help_option.h"
30 #include "cpu.h"
31 #include "exec/exec-all.h"
32 #include "tcg.h"
33 #include "qemu/timer.h"
34 #include "qemu/envlist.h"
35 #include "elf.h"
36 #include "trace/control.h"
37 #include "target_elf.h"
38 #include "cpu_loop-common.h"
39 
40 char *exec_path;
41 
42 int singlestep;
43 static const char *filename;
44 static const char *argv0;
45 static int gdbstub_port;
46 static envlist_t *envlist;
47 static const char *cpu_model;
48 static const char *cpu_type;
49 unsigned long mmap_min_addr;
50 unsigned long guest_base;
51 int have_guest_base;
52 
53 /*
54  * When running 32-on-64 we should make sure we can fit all of the possible
55  * guest address space into a contiguous chunk of virtual host memory.
56  *
57  * This way we will never overlap with our own libraries or binaries or stack
58  * or anything else that QEMU maps.
59  *
60  * Many cpus reserve the high bit (or more than one for some 64-bit cpus)
61  * of the address for the kernel.  Some cpus rely on this and user space
62  * uses the high bit(s) for pointer tagging and the like.  For them, we
63  * must preserve the expected address space.
64  */
65 #ifndef MAX_RESERVED_VA
66 # if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
67 #  if TARGET_VIRT_ADDR_SPACE_BITS == 32 && \
68       (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
69 /* There are a number of places where we assign reserved_va to a variable
70    of type abi_ulong and expect it to fit.  Avoid the last page.  */
71 #   define MAX_RESERVED_VA  (0xfffffffful & TARGET_PAGE_MASK)
72 #  else
73 #   define MAX_RESERVED_VA  (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
74 #  endif
75 # else
76 #  define MAX_RESERVED_VA  0
77 # endif
78 #endif
79 
80 /* That said, reserving *too* much vm space via mmap can run into problems
81    with rlimits, oom due to page table creation, etc.  We will still try it,
82    if directed by the command-line option, but not by default.  */
83 #if HOST_LONG_BITS == 64 && TARGET_VIRT_ADDR_SPACE_BITS <= 32
84 unsigned long reserved_va = MAX_RESERVED_VA;
85 #else
86 unsigned long reserved_va;
87 #endif
88 
89 static void usage(int exitcode);
90 
91 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
92 const char *qemu_uname_release;
93 
94 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
95    we allocate a bigger stack. Need a better solution, for example
96    by remapping the process stack directly at the right place */
97 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
98 
99 void gemu_log(const char *fmt, ...)
100 {
101     va_list ap;
102 
103     va_start(ap, fmt);
104     vfprintf(stderr, fmt, ap);
105     va_end(ap);
106 }
107 
108 #if defined(TARGET_I386)
109 int cpu_get_pic_interrupt(CPUX86State *env)
110 {
111     return -1;
112 }
113 #endif
114 
115 /***********************************************************/
116 /* Helper routines for implementing atomic operations.  */
117 
118 /* Make sure everything is in a consistent state for calling fork().  */
119 void fork_start(void)
120 {
121     start_exclusive();
122     mmap_fork_start();
123     qemu_mutex_lock(&tb_ctx.tb_lock);
124     cpu_list_lock();
125 }
126 
127 void fork_end(int child)
128 {
129     mmap_fork_end(child);
130     if (child) {
131         CPUState *cpu, *next_cpu;
132         /* Child processes created by fork() only have a single thread.
133            Discard information about the parent threads.  */
134         CPU_FOREACH_SAFE(cpu, next_cpu) {
135             if (cpu != thread_cpu) {
136                 QTAILQ_REMOVE(&cpus, cpu, node);
137             }
138         }
139         qemu_mutex_init(&tb_ctx.tb_lock);
140         qemu_init_cpu_list();
141         gdbserver_fork(thread_cpu);
142         /* qemu_init_cpu_list() takes care of reinitializing the
143          * exclusive state, so we don't need to end_exclusive() here.
144          */
145     } else {
146         qemu_mutex_unlock(&tb_ctx.tb_lock);
147         cpu_list_unlock();
148         end_exclusive();
149     }
150 }
151 
152 #ifdef TARGET_PPC
153 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
154 {
155     return cpu_get_host_ticks();
156 }
157 
158 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
159 {
160     return cpu_ppc_get_tb(env);
161 }
162 
163 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
164 {
165     return cpu_ppc_get_tb(env) >> 32;
166 }
167 
168 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
169 {
170     return cpu_ppc_get_tb(env);
171 }
172 
173 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
174 {
175     return cpu_ppc_get_tb(env) >> 32;
176 }
177 
178 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
179 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
180 
181 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
182 {
183     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
184 }
185 
186 /* XXX: to be fixed */
187 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
188 {
189     return -1;
190 }
191 
192 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
193 {
194     return -1;
195 }
196 
197 static int do_store_exclusive(CPUPPCState *env)
198 {
199     target_ulong addr;
200     target_ulong page_addr;
201     target_ulong val, val2 __attribute__((unused)) = 0;
202     int flags;
203     int segv = 0;
204 
205     addr = env->reserve_ea;
206     page_addr = addr & TARGET_PAGE_MASK;
207     start_exclusive();
208     mmap_lock();
209     flags = page_get_flags(page_addr);
210     if ((flags & PAGE_READ) == 0) {
211         segv = 1;
212     } else {
213         int reg = env->reserve_info & 0x1f;
214         int size = env->reserve_info >> 5;
215         int stored = 0;
216 
217         if (addr == env->reserve_addr) {
218             switch (size) {
219             case 1: segv = get_user_u8(val, addr); break;
220             case 2: segv = get_user_u16(val, addr); break;
221             case 4: segv = get_user_u32(val, addr); break;
222 #if defined(TARGET_PPC64)
223             case 8: segv = get_user_u64(val, addr); break;
224             case 16: {
225                 segv = get_user_u64(val, addr);
226                 if (!segv) {
227                     segv = get_user_u64(val2, addr + 8);
228                 }
229                 break;
230             }
231 #endif
232             default: abort();
233             }
234             if (!segv && val == env->reserve_val) {
235                 val = env->gpr[reg];
236                 switch (size) {
237                 case 1: segv = put_user_u8(val, addr); break;
238                 case 2: segv = put_user_u16(val, addr); break;
239                 case 4: segv = put_user_u32(val, addr); break;
240 #if defined(TARGET_PPC64)
241                 case 8: segv = put_user_u64(val, addr); break;
242                 case 16: {
243                     if (val2 == env->reserve_val2) {
244                         if (msr_le) {
245                             val2 = val;
246                             val = env->gpr[reg+1];
247                         } else {
248                             val2 = env->gpr[reg+1];
249                         }
250                         segv = put_user_u64(val, addr);
251                         if (!segv) {
252                             segv = put_user_u64(val2, addr + 8);
253                         }
254                     }
255                     break;
256                 }
257 #endif
258                 default: abort();
259                 }
260                 if (!segv) {
261                     stored = 1;
262                 }
263             }
264         }
265         env->crf[0] = (stored << 1) | xer_so;
266         env->reserve_addr = (target_ulong)-1;
267     }
268     if (!segv) {
269         env->nip += 4;
270     }
271     mmap_unlock();
272     end_exclusive();
273     return segv;
274 }
275 
276 void cpu_loop(CPUPPCState *env)
277 {
278     CPUState *cs = CPU(ppc_env_get_cpu(env));
279     target_siginfo_t info;
280     int trapnr;
281     target_ulong ret;
282 
283     for(;;) {
284         cpu_exec_start(cs);
285         trapnr = cpu_exec(cs);
286         cpu_exec_end(cs);
287         process_queued_cpu_work(cs);
288 
289         switch(trapnr) {
290         case POWERPC_EXCP_NONE:
291             /* Just go on */
292             break;
293         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
294             cpu_abort(cs, "Critical interrupt while in user mode. "
295                       "Aborting\n");
296             break;
297         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
298             cpu_abort(cs, "Machine check exception while in user mode. "
299                       "Aborting\n");
300             break;
301         case POWERPC_EXCP_DSI:      /* Data storage exception                */
302             /* XXX: check this. Seems bugged */
303             switch (env->error_code & 0xFF000000) {
304             case 0x40000000:
305             case 0x42000000:
306                 info.si_signo = TARGET_SIGSEGV;
307                 info.si_errno = 0;
308                 info.si_code = TARGET_SEGV_MAPERR;
309                 break;
310             case 0x04000000:
311                 info.si_signo = TARGET_SIGILL;
312                 info.si_errno = 0;
313                 info.si_code = TARGET_ILL_ILLADR;
314                 break;
315             case 0x08000000:
316                 info.si_signo = TARGET_SIGSEGV;
317                 info.si_errno = 0;
318                 info.si_code = TARGET_SEGV_ACCERR;
319                 break;
320             default:
321                 /* Let's send a regular segfault... */
322                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
323                           env->error_code);
324                 info.si_signo = TARGET_SIGSEGV;
325                 info.si_errno = 0;
326                 info.si_code = TARGET_SEGV_MAPERR;
327                 break;
328             }
329             info._sifields._sigfault._addr = env->spr[SPR_DAR];
330             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
331             break;
332         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
333             /* XXX: check this */
334             switch (env->error_code & 0xFF000000) {
335             case 0x40000000:
336                 info.si_signo = TARGET_SIGSEGV;
337             info.si_errno = 0;
338                 info.si_code = TARGET_SEGV_MAPERR;
339                 break;
340             case 0x10000000:
341             case 0x08000000:
342                 info.si_signo = TARGET_SIGSEGV;
343                 info.si_errno = 0;
344                 info.si_code = TARGET_SEGV_ACCERR;
345                 break;
346             default:
347                 /* Let's send a regular segfault... */
348                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
349                           env->error_code);
350                 info.si_signo = TARGET_SIGSEGV;
351                 info.si_errno = 0;
352                 info.si_code = TARGET_SEGV_MAPERR;
353                 break;
354             }
355             info._sifields._sigfault._addr = env->nip - 4;
356             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
357             break;
358         case POWERPC_EXCP_EXTERNAL: /* External input                        */
359             cpu_abort(cs, "External interrupt while in user mode. "
360                       "Aborting\n");
361             break;
362         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
363             /* XXX: check this */
364             info.si_signo = TARGET_SIGBUS;
365             info.si_errno = 0;
366             info.si_code = TARGET_BUS_ADRALN;
367             info._sifields._sigfault._addr = env->nip;
368             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
369             break;
370         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
371         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
372             /* XXX: check this */
373             switch (env->error_code & ~0xF) {
374             case POWERPC_EXCP_FP:
375                 info.si_signo = TARGET_SIGFPE;
376                 info.si_errno = 0;
377                 switch (env->error_code & 0xF) {
378                 case POWERPC_EXCP_FP_OX:
379                     info.si_code = TARGET_FPE_FLTOVF;
380                     break;
381                 case POWERPC_EXCP_FP_UX:
382                     info.si_code = TARGET_FPE_FLTUND;
383                     break;
384                 case POWERPC_EXCP_FP_ZX:
385                 case POWERPC_EXCP_FP_VXZDZ:
386                     info.si_code = TARGET_FPE_FLTDIV;
387                     break;
388                 case POWERPC_EXCP_FP_XX:
389                     info.si_code = TARGET_FPE_FLTRES;
390                     break;
391                 case POWERPC_EXCP_FP_VXSOFT:
392                     info.si_code = TARGET_FPE_FLTINV;
393                     break;
394                 case POWERPC_EXCP_FP_VXSNAN:
395                 case POWERPC_EXCP_FP_VXISI:
396                 case POWERPC_EXCP_FP_VXIDI:
397                 case POWERPC_EXCP_FP_VXIMZ:
398                 case POWERPC_EXCP_FP_VXVC:
399                 case POWERPC_EXCP_FP_VXSQRT:
400                 case POWERPC_EXCP_FP_VXCVI:
401                     info.si_code = TARGET_FPE_FLTSUB;
402                     break;
403                 default:
404                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
405                               env->error_code);
406                     break;
407                 }
408                 break;
409             case POWERPC_EXCP_INVAL:
410                 info.si_signo = TARGET_SIGILL;
411                 info.si_errno = 0;
412                 switch (env->error_code & 0xF) {
413                 case POWERPC_EXCP_INVAL_INVAL:
414                     info.si_code = TARGET_ILL_ILLOPC;
415                     break;
416                 case POWERPC_EXCP_INVAL_LSWX:
417                     info.si_code = TARGET_ILL_ILLOPN;
418                     break;
419                 case POWERPC_EXCP_INVAL_SPR:
420                     info.si_code = TARGET_ILL_PRVREG;
421                     break;
422                 case POWERPC_EXCP_INVAL_FP:
423                     info.si_code = TARGET_ILL_COPROC;
424                     break;
425                 default:
426                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
427                               env->error_code & 0xF);
428                     info.si_code = TARGET_ILL_ILLADR;
429                     break;
430                 }
431                 break;
432             case POWERPC_EXCP_PRIV:
433                 info.si_signo = TARGET_SIGILL;
434                 info.si_errno = 0;
435                 switch (env->error_code & 0xF) {
436                 case POWERPC_EXCP_PRIV_OPC:
437                     info.si_code = TARGET_ILL_PRVOPC;
438                     break;
439                 case POWERPC_EXCP_PRIV_REG:
440                     info.si_code = TARGET_ILL_PRVREG;
441                     break;
442                 default:
443                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
444                               env->error_code & 0xF);
445                     info.si_code = TARGET_ILL_PRVOPC;
446                     break;
447                 }
448                 break;
449             case POWERPC_EXCP_TRAP:
450                 cpu_abort(cs, "Tried to call a TRAP\n");
451                 break;
452             default:
453                 /* Should not happen ! */
454                 cpu_abort(cs, "Unknown program exception (%02x)\n",
455                           env->error_code);
456                 break;
457             }
458             info._sifields._sigfault._addr = env->nip;
459             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
460             break;
461         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
462             info.si_signo = TARGET_SIGILL;
463             info.si_errno = 0;
464             info.si_code = TARGET_ILL_COPROC;
465             info._sifields._sigfault._addr = env->nip;
466             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
467             break;
468         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
469             cpu_abort(cs, "Syscall exception while in user mode. "
470                       "Aborting\n");
471             break;
472         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
473             info.si_signo = TARGET_SIGILL;
474             info.si_errno = 0;
475             info.si_code = TARGET_ILL_COPROC;
476             info._sifields._sigfault._addr = env->nip;
477             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
478             break;
479         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
480             cpu_abort(cs, "Decrementer interrupt while in user mode. "
481                       "Aborting\n");
482             break;
483         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
484             cpu_abort(cs, "Fix interval timer interrupt while in user mode. "
485                       "Aborting\n");
486             break;
487         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
488             cpu_abort(cs, "Watchdog timer interrupt while in user mode. "
489                       "Aborting\n");
490             break;
491         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
492             cpu_abort(cs, "Data TLB exception while in user mode. "
493                       "Aborting\n");
494             break;
495         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
496             cpu_abort(cs, "Instruction TLB exception while in user mode. "
497                       "Aborting\n");
498             break;
499         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
500             info.si_signo = TARGET_SIGILL;
501             info.si_errno = 0;
502             info.si_code = TARGET_ILL_COPROC;
503             info._sifields._sigfault._addr = env->nip;
504             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
505             break;
506         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
507             cpu_abort(cs, "Embedded floating-point data IRQ not handled\n");
508             break;
509         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
510             cpu_abort(cs, "Embedded floating-point round IRQ not handled\n");
511             break;
512         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
513             cpu_abort(cs, "Performance monitor exception not handled\n");
514             break;
515         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
516             cpu_abort(cs, "Doorbell interrupt while in user mode. "
517                        "Aborting\n");
518             break;
519         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
520             cpu_abort(cs, "Doorbell critical interrupt while in user mode. "
521                       "Aborting\n");
522             break;
523         case POWERPC_EXCP_RESET:    /* System reset exception                */
524             cpu_abort(cs, "Reset interrupt while in user mode. "
525                       "Aborting\n");
526             break;
527         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
528             cpu_abort(cs, "Data segment exception while in user mode. "
529                       "Aborting\n");
530             break;
531         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
532             cpu_abort(cs, "Instruction segment exception "
533                       "while in user mode. Aborting\n");
534             break;
535         /* PowerPC 64 with hypervisor mode support */
536         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
537             cpu_abort(cs, "Hypervisor decrementer interrupt "
538                       "while in user mode. Aborting\n");
539             break;
540         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
541             /* Nothing to do:
542              * we use this exception to emulate step-by-step execution mode.
543              */
544             break;
545         /* PowerPC 64 with hypervisor mode support */
546         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
547             cpu_abort(cs, "Hypervisor data storage exception "
548                       "while in user mode. Aborting\n");
549             break;
550         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
551             cpu_abort(cs, "Hypervisor instruction storage exception "
552                       "while in user mode. Aborting\n");
553             break;
554         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
555             cpu_abort(cs, "Hypervisor data segment exception "
556                       "while in user mode. Aborting\n");
557             break;
558         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
559             cpu_abort(cs, "Hypervisor instruction segment exception "
560                       "while in user mode. Aborting\n");
561             break;
562         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
563             info.si_signo = TARGET_SIGILL;
564             info.si_errno = 0;
565             info.si_code = TARGET_ILL_COPROC;
566             info._sifields._sigfault._addr = env->nip;
567             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
568             break;
569         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
570             cpu_abort(cs, "Programmable interval timer interrupt "
571                       "while in user mode. Aborting\n");
572             break;
573         case POWERPC_EXCP_IO:       /* IO error exception                    */
574             cpu_abort(cs, "IO error exception while in user mode. "
575                       "Aborting\n");
576             break;
577         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
578             cpu_abort(cs, "Run mode exception while in user mode. "
579                       "Aborting\n");
580             break;
581         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
582             cpu_abort(cs, "Emulation trap exception not handled\n");
583             break;
584         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
585             cpu_abort(cs, "Instruction fetch TLB exception "
586                       "while in user-mode. Aborting");
587             break;
588         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
589             cpu_abort(cs, "Data load TLB exception while in user-mode. "
590                       "Aborting");
591             break;
592         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
593             cpu_abort(cs, "Data store TLB exception while in user-mode. "
594                       "Aborting");
595             break;
596         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
597             cpu_abort(cs, "Floating-point assist exception not handled\n");
598             break;
599         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
600             cpu_abort(cs, "Instruction address breakpoint exception "
601                       "not handled\n");
602             break;
603         case POWERPC_EXCP_SMI:      /* System management interrupt           */
604             cpu_abort(cs, "System management interrupt while in user mode. "
605                       "Aborting\n");
606             break;
607         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
608             cpu_abort(cs, "Thermal interrupt interrupt while in user mode. "
609                       "Aborting\n");
610             break;
611         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
612             cpu_abort(cs, "Performance monitor exception not handled\n");
613             break;
614         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
615             cpu_abort(cs, "Vector assist exception not handled\n");
616             break;
617         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
618             cpu_abort(cs, "Soft patch exception not handled\n");
619             break;
620         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
621             cpu_abort(cs, "Maintenance exception while in user mode. "
622                       "Aborting\n");
623             break;
624         case POWERPC_EXCP_STOP:     /* stop translation                      */
625             /* We did invalidate the instruction cache. Go on */
626             break;
627         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
628             /* We just stopped because of a branch. Go on */
629             break;
630         case POWERPC_EXCP_SYSCALL_USER:
631             /* system call in user-mode emulation */
632             /* WARNING:
633              * PPC ABI uses overflow flag in cr0 to signal an error
634              * in syscalls.
635              */
636             env->crf[0] &= ~0x1;
637             env->nip += 4;
638             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
639                              env->gpr[5], env->gpr[6], env->gpr[7],
640                              env->gpr[8], 0, 0);
641             if (ret == -TARGET_ERESTARTSYS) {
642                 env->nip -= 4;
643                 break;
644             }
645             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
646                 /* Returning from a successful sigreturn syscall.
647                    Avoid corrupting register state.  */
648                 break;
649             }
650             if (ret > (target_ulong)(-515)) {
651                 env->crf[0] |= 0x1;
652                 ret = -ret;
653             }
654             env->gpr[3] = ret;
655             break;
656         case POWERPC_EXCP_STCX:
657             if (do_store_exclusive(env)) {
658                 info.si_signo = TARGET_SIGSEGV;
659                 info.si_errno = 0;
660                 info.si_code = TARGET_SEGV_MAPERR;
661                 info._sifields._sigfault._addr = env->nip;
662                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
663             }
664             break;
665         case EXCP_DEBUG:
666             {
667                 int sig;
668 
669                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
670                 if (sig) {
671                     info.si_signo = sig;
672                     info.si_errno = 0;
673                     info.si_code = TARGET_TRAP_BRKPT;
674                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
675                   }
676             }
677             break;
678         case EXCP_INTERRUPT:
679             /* just indicate that signals should be handled asap */
680             break;
681         case EXCP_ATOMIC:
682             cpu_exec_step_atomic(cs);
683             break;
684         default:
685             cpu_abort(cs, "Unknown exception 0x%x. Aborting\n", trapnr);
686             break;
687         }
688         process_pending_signals(env);
689     }
690 }
691 #endif
692 
693 #ifdef TARGET_MIPS
694 
695 # ifdef TARGET_ABI_MIPSO32
696 #  define MIPS_SYS(name, args) args,
697 static const uint8_t mips_syscall_args[] = {
698 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
699 	MIPS_SYS(sys_exit	, 1)
700 	MIPS_SYS(sys_fork	, 0)
701 	MIPS_SYS(sys_read	, 3)
702 	MIPS_SYS(sys_write	, 3)
703 	MIPS_SYS(sys_open	, 3)	/* 4005 */
704 	MIPS_SYS(sys_close	, 1)
705 	MIPS_SYS(sys_waitpid	, 3)
706 	MIPS_SYS(sys_creat	, 2)
707 	MIPS_SYS(sys_link	, 2)
708 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
709 	MIPS_SYS(sys_execve	, 0)
710 	MIPS_SYS(sys_chdir	, 1)
711 	MIPS_SYS(sys_time	, 1)
712 	MIPS_SYS(sys_mknod	, 3)
713 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
714 	MIPS_SYS(sys_lchown	, 3)
715 	MIPS_SYS(sys_ni_syscall	, 0)
716 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
717 	MIPS_SYS(sys_lseek	, 3)
718 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
719 	MIPS_SYS(sys_mount	, 5)
720 	MIPS_SYS(sys_umount	, 1)
721 	MIPS_SYS(sys_setuid	, 1)
722 	MIPS_SYS(sys_getuid	, 0)
723 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
724 	MIPS_SYS(sys_ptrace	, 4)
725 	MIPS_SYS(sys_alarm	, 1)
726 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
727 	MIPS_SYS(sys_pause	, 0)
728 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
729 	MIPS_SYS(sys_ni_syscall	, 0)
730 	MIPS_SYS(sys_ni_syscall	, 0)
731 	MIPS_SYS(sys_access	, 2)
732 	MIPS_SYS(sys_nice	, 1)
733 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
734 	MIPS_SYS(sys_sync	, 0)
735 	MIPS_SYS(sys_kill	, 2)
736 	MIPS_SYS(sys_rename	, 2)
737 	MIPS_SYS(sys_mkdir	, 2)
738 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
739 	MIPS_SYS(sys_dup		, 1)
740 	MIPS_SYS(sys_pipe	, 0)
741 	MIPS_SYS(sys_times	, 1)
742 	MIPS_SYS(sys_ni_syscall	, 0)
743 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
744 	MIPS_SYS(sys_setgid	, 1)
745 	MIPS_SYS(sys_getgid	, 0)
746 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
747 	MIPS_SYS(sys_geteuid	, 0)
748 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
749 	MIPS_SYS(sys_acct	, 0)
750 	MIPS_SYS(sys_umount2	, 2)
751 	MIPS_SYS(sys_ni_syscall	, 0)
752 	MIPS_SYS(sys_ioctl	, 3)
753 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
754 	MIPS_SYS(sys_ni_syscall	, 2)
755 	MIPS_SYS(sys_setpgid	, 2)
756 	MIPS_SYS(sys_ni_syscall	, 0)
757 	MIPS_SYS(sys_olduname	, 1)
758 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
759 	MIPS_SYS(sys_chroot	, 1)
760 	MIPS_SYS(sys_ustat	, 2)
761 	MIPS_SYS(sys_dup2	, 2)
762 	MIPS_SYS(sys_getppid	, 0)
763 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
764 	MIPS_SYS(sys_setsid	, 0)
765 	MIPS_SYS(sys_sigaction	, 3)
766 	MIPS_SYS(sys_sgetmask	, 0)
767 	MIPS_SYS(sys_ssetmask	, 1)
768 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
769 	MIPS_SYS(sys_setregid	, 2)
770 	MIPS_SYS(sys_sigsuspend	, 0)
771 	MIPS_SYS(sys_sigpending	, 1)
772 	MIPS_SYS(sys_sethostname	, 2)
773 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
774 	MIPS_SYS(sys_getrlimit	, 2)
775 	MIPS_SYS(sys_getrusage	, 2)
776 	MIPS_SYS(sys_gettimeofday, 2)
777 	MIPS_SYS(sys_settimeofday, 2)
778 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
779 	MIPS_SYS(sys_setgroups	, 2)
780 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
781 	MIPS_SYS(sys_symlink	, 2)
782 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
783 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
784 	MIPS_SYS(sys_uselib	, 1)
785 	MIPS_SYS(sys_swapon	, 2)
786 	MIPS_SYS(sys_reboot	, 3)
787 	MIPS_SYS(old_readdir	, 3)
788 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
789 	MIPS_SYS(sys_munmap	, 2)
790 	MIPS_SYS(sys_truncate	, 2)
791 	MIPS_SYS(sys_ftruncate	, 2)
792 	MIPS_SYS(sys_fchmod	, 2)
793 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
794 	MIPS_SYS(sys_getpriority	, 2)
795 	MIPS_SYS(sys_setpriority	, 3)
796 	MIPS_SYS(sys_ni_syscall	, 0)
797 	MIPS_SYS(sys_statfs	, 2)
798 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
799 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
800 	MIPS_SYS(sys_socketcall	, 2)
801 	MIPS_SYS(sys_syslog	, 3)
802 	MIPS_SYS(sys_setitimer	, 3)
803 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
804 	MIPS_SYS(sys_newstat	, 2)
805 	MIPS_SYS(sys_newlstat	, 2)
806 	MIPS_SYS(sys_newfstat	, 2)
807 	MIPS_SYS(sys_uname	, 1)
808 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
809 	MIPS_SYS(sys_vhangup	, 0)
810 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
811 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
812 	MIPS_SYS(sys_wait4	, 4)
813 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
814 	MIPS_SYS(sys_sysinfo	, 1)
815 	MIPS_SYS(sys_ipc		, 6)
816 	MIPS_SYS(sys_fsync	, 1)
817 	MIPS_SYS(sys_sigreturn	, 0)
818 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
819 	MIPS_SYS(sys_setdomainname, 2)
820 	MIPS_SYS(sys_newuname	, 1)
821 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
822 	MIPS_SYS(sys_adjtimex	, 1)
823 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
824 	MIPS_SYS(sys_sigprocmask	, 3)
825 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
826 	MIPS_SYS(sys_init_module	, 5)
827 	MIPS_SYS(sys_delete_module, 1)
828 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
829 	MIPS_SYS(sys_quotactl	, 0)
830 	MIPS_SYS(sys_getpgid	, 1)
831 	MIPS_SYS(sys_fchdir	, 1)
832 	MIPS_SYS(sys_bdflush	, 2)
833 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
834 	MIPS_SYS(sys_personality	, 1)
835 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
836 	MIPS_SYS(sys_setfsuid	, 1)
837 	MIPS_SYS(sys_setfsgid	, 1)
838 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
839 	MIPS_SYS(sys_getdents	, 3)
840 	MIPS_SYS(sys_select	, 5)
841 	MIPS_SYS(sys_flock	, 2)
842 	MIPS_SYS(sys_msync	, 3)
843 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
844 	MIPS_SYS(sys_writev	, 3)
845 	MIPS_SYS(sys_cacheflush	, 3)
846 	MIPS_SYS(sys_cachectl	, 3)
847 	MIPS_SYS(sys_sysmips	, 4)
848 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
849 	MIPS_SYS(sys_getsid	, 1)
850 	MIPS_SYS(sys_fdatasync	, 0)
851 	MIPS_SYS(sys_sysctl	, 1)
852 	MIPS_SYS(sys_mlock	, 2)
853 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
854 	MIPS_SYS(sys_mlockall	, 1)
855 	MIPS_SYS(sys_munlockall	, 0)
856 	MIPS_SYS(sys_sched_setparam, 2)
857 	MIPS_SYS(sys_sched_getparam, 2)
858 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
859 	MIPS_SYS(sys_sched_getscheduler, 1)
860 	MIPS_SYS(sys_sched_yield	, 0)
861 	MIPS_SYS(sys_sched_get_priority_max, 1)
862 	MIPS_SYS(sys_sched_get_priority_min, 1)
863 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
864 	MIPS_SYS(sys_nanosleep,	2)
865 	MIPS_SYS(sys_mremap	, 5)
866 	MIPS_SYS(sys_accept	, 3)
867 	MIPS_SYS(sys_bind	, 3)
868 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
869 	MIPS_SYS(sys_getpeername	, 3)
870 	MIPS_SYS(sys_getsockname	, 3)
871 	MIPS_SYS(sys_getsockopt	, 5)
872 	MIPS_SYS(sys_listen	, 2)
873 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
874 	MIPS_SYS(sys_recvfrom	, 6)
875 	MIPS_SYS(sys_recvmsg	, 3)
876 	MIPS_SYS(sys_send	, 4)
877 	MIPS_SYS(sys_sendmsg	, 3)
878 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
879 	MIPS_SYS(sys_setsockopt	, 5)
880 	MIPS_SYS(sys_shutdown	, 2)
881 	MIPS_SYS(sys_socket	, 3)
882 	MIPS_SYS(sys_socketpair	, 4)
883 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
884 	MIPS_SYS(sys_getresuid	, 3)
885 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
886 	MIPS_SYS(sys_poll	, 3)
887 	MIPS_SYS(sys_nfsservctl	, 3)
888 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
889 	MIPS_SYS(sys_getresgid	, 3)
890 	MIPS_SYS(sys_prctl	, 5)
891 	MIPS_SYS(sys_rt_sigreturn, 0)
892 	MIPS_SYS(sys_rt_sigaction, 4)
893 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
894 	MIPS_SYS(sys_rt_sigpending, 2)
895 	MIPS_SYS(sys_rt_sigtimedwait, 4)
896 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
897 	MIPS_SYS(sys_rt_sigsuspend, 0)
898 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
899 	MIPS_SYS(sys_pwrite64	, 6)
900 	MIPS_SYS(sys_chown	, 3)
901 	MIPS_SYS(sys_getcwd	, 2)
902 	MIPS_SYS(sys_capget	, 2)
903 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
904 	MIPS_SYS(sys_sigaltstack	, 2)
905 	MIPS_SYS(sys_sendfile	, 4)
906 	MIPS_SYS(sys_ni_syscall	, 0)
907 	MIPS_SYS(sys_ni_syscall	, 0)
908 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
909 	MIPS_SYS(sys_truncate64	, 4)
910 	MIPS_SYS(sys_ftruncate64	, 4)
911 	MIPS_SYS(sys_stat64	, 2)
912 	MIPS_SYS(sys_lstat64	, 2)
913 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
914 	MIPS_SYS(sys_pivot_root	, 2)
915 	MIPS_SYS(sys_mincore	, 3)
916 	MIPS_SYS(sys_madvise	, 3)
917 	MIPS_SYS(sys_getdents64	, 3)
918 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
919 	MIPS_SYS(sys_ni_syscall	, 0)
920 	MIPS_SYS(sys_gettid	, 0)
921 	MIPS_SYS(sys_readahead	, 5)
922 	MIPS_SYS(sys_setxattr	, 5)
923 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
924 	MIPS_SYS(sys_fsetxattr	, 5)
925 	MIPS_SYS(sys_getxattr	, 4)
926 	MIPS_SYS(sys_lgetxattr	, 4)
927 	MIPS_SYS(sys_fgetxattr	, 4)
928 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
929 	MIPS_SYS(sys_llistxattr	, 3)
930 	MIPS_SYS(sys_flistxattr	, 3)
931 	MIPS_SYS(sys_removexattr	, 2)
932 	MIPS_SYS(sys_lremovexattr, 2)
933 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
934 	MIPS_SYS(sys_tkill	, 2)
935 	MIPS_SYS(sys_sendfile64	, 5)
936 	MIPS_SYS(sys_futex	, 6)
937 	MIPS_SYS(sys_sched_setaffinity, 3)
938 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
939 	MIPS_SYS(sys_io_setup	, 2)
940 	MIPS_SYS(sys_io_destroy	, 1)
941 	MIPS_SYS(sys_io_getevents, 5)
942 	MIPS_SYS(sys_io_submit	, 3)
943 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
944 	MIPS_SYS(sys_exit_group	, 1)
945 	MIPS_SYS(sys_lookup_dcookie, 3)
946 	MIPS_SYS(sys_epoll_create, 1)
947 	MIPS_SYS(sys_epoll_ctl	, 4)
948 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
949 	MIPS_SYS(sys_remap_file_pages, 5)
950 	MIPS_SYS(sys_set_tid_address, 1)
951 	MIPS_SYS(sys_restart_syscall, 0)
952 	MIPS_SYS(sys_fadvise64_64, 7)
953 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
954 	MIPS_SYS(sys_fstatfs64	, 2)
955 	MIPS_SYS(sys_timer_create, 3)
956 	MIPS_SYS(sys_timer_settime, 4)
957 	MIPS_SYS(sys_timer_gettime, 2)
958 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
959 	MIPS_SYS(sys_timer_delete, 1)
960 	MIPS_SYS(sys_clock_settime, 2)
961 	MIPS_SYS(sys_clock_gettime, 2)
962 	MIPS_SYS(sys_clock_getres, 2)
963 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
964 	MIPS_SYS(sys_tgkill	, 3)
965 	MIPS_SYS(sys_utimes	, 2)
966 	MIPS_SYS(sys_mbind	, 4)
967 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
968 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
969 	MIPS_SYS(sys_mq_open	, 4)
970 	MIPS_SYS(sys_mq_unlink	, 1)
971 	MIPS_SYS(sys_mq_timedsend, 5)
972 	MIPS_SYS(sys_mq_timedreceive, 5)
973 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
974 	MIPS_SYS(sys_mq_getsetattr, 3)
975 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
976 	MIPS_SYS(sys_waitid	, 4)
977 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
978 	MIPS_SYS(sys_add_key	, 5)
979 	MIPS_SYS(sys_request_key, 4)
980 	MIPS_SYS(sys_keyctl	, 5)
981 	MIPS_SYS(sys_set_thread_area, 1)
982 	MIPS_SYS(sys_inotify_init, 0)
983 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
984 	MIPS_SYS(sys_inotify_rm_watch, 2)
985 	MIPS_SYS(sys_migrate_pages, 4)
986 	MIPS_SYS(sys_openat, 4)
987 	MIPS_SYS(sys_mkdirat, 3)
988 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
989 	MIPS_SYS(sys_fchownat, 5)
990 	MIPS_SYS(sys_futimesat, 3)
991 	MIPS_SYS(sys_fstatat64, 4)
992 	MIPS_SYS(sys_unlinkat, 3)
993 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
994 	MIPS_SYS(sys_linkat, 5)
995 	MIPS_SYS(sys_symlinkat, 3)
996 	MIPS_SYS(sys_readlinkat, 4)
997 	MIPS_SYS(sys_fchmodat, 3)
998 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
999 	MIPS_SYS(sys_pselect6, 6)
1000 	MIPS_SYS(sys_ppoll, 5)
1001 	MIPS_SYS(sys_unshare, 1)
1002 	MIPS_SYS(sys_splice, 6)
1003 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
1004 	MIPS_SYS(sys_tee, 4)
1005 	MIPS_SYS(sys_vmsplice, 4)
1006 	MIPS_SYS(sys_move_pages, 6)
1007 	MIPS_SYS(sys_set_robust_list, 2)
1008 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
1009 	MIPS_SYS(sys_kexec_load, 4)
1010 	MIPS_SYS(sys_getcpu, 3)
1011 	MIPS_SYS(sys_epoll_pwait, 6)
1012 	MIPS_SYS(sys_ioprio_set, 3)
1013 	MIPS_SYS(sys_ioprio_get, 2)
1014         MIPS_SYS(sys_utimensat, 4)
1015         MIPS_SYS(sys_signalfd, 3)
1016         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
1017         MIPS_SYS(sys_eventfd, 1)
1018         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
1019         MIPS_SYS(sys_timerfd_create, 2)
1020         MIPS_SYS(sys_timerfd_gettime, 2)
1021         MIPS_SYS(sys_timerfd_settime, 4)
1022         MIPS_SYS(sys_signalfd4, 4)
1023         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
1024         MIPS_SYS(sys_epoll_create1, 1)
1025         MIPS_SYS(sys_dup3, 3)
1026         MIPS_SYS(sys_pipe2, 2)
1027         MIPS_SYS(sys_inotify_init1, 1)
1028         MIPS_SYS(sys_preadv, 5)         /* 4330 */
1029         MIPS_SYS(sys_pwritev, 5)
1030         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
1031         MIPS_SYS(sys_perf_event_open, 5)
1032         MIPS_SYS(sys_accept4, 4)
1033         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
1034         MIPS_SYS(sys_fanotify_init, 2)
1035         MIPS_SYS(sys_fanotify_mark, 6)
1036         MIPS_SYS(sys_prlimit64, 4)
1037         MIPS_SYS(sys_name_to_handle_at, 5)
1038         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
1039         MIPS_SYS(sys_clock_adjtime, 2)
1040         MIPS_SYS(sys_syncfs, 1)
1041         MIPS_SYS(sys_sendmmsg, 4)
1042         MIPS_SYS(sys_setns, 2)
1043         MIPS_SYS(sys_process_vm_readv, 6) /* 345 */
1044         MIPS_SYS(sys_process_vm_writev, 6)
1045         MIPS_SYS(sys_kcmp, 5)
1046         MIPS_SYS(sys_finit_module, 3)
1047         MIPS_SYS(sys_sched_setattr, 2)
1048         MIPS_SYS(sys_sched_getattr, 3)  /* 350 */
1049         MIPS_SYS(sys_renameat2, 5)
1050         MIPS_SYS(sys_seccomp, 3)
1051         MIPS_SYS(sys_getrandom, 3)
1052         MIPS_SYS(sys_memfd_create, 2)
1053         MIPS_SYS(sys_bpf, 3)            /* 355 */
1054         MIPS_SYS(sys_execveat, 5)
1055         MIPS_SYS(sys_userfaultfd, 1)
1056         MIPS_SYS(sys_membarrier, 2)
1057         MIPS_SYS(sys_mlock2, 3)
1058         MIPS_SYS(sys_copy_file_range, 6) /* 360 */
1059         MIPS_SYS(sys_preadv2, 6)
1060         MIPS_SYS(sys_pwritev2, 6)
1061 };
1062 #  undef MIPS_SYS
1063 # endif /* O32 */
1064 
1065 static int do_store_exclusive(CPUMIPSState *env)
1066 {
1067     target_ulong addr;
1068     target_ulong page_addr;
1069     target_ulong val;
1070     int flags;
1071     int segv = 0;
1072     int reg;
1073     int d;
1074 
1075     addr = env->lladdr;
1076     page_addr = addr & TARGET_PAGE_MASK;
1077     start_exclusive();
1078     mmap_lock();
1079     flags = page_get_flags(page_addr);
1080     if ((flags & PAGE_READ) == 0) {
1081         segv = 1;
1082     } else {
1083         reg = env->llreg & 0x1f;
1084         d = (env->llreg & 0x20) != 0;
1085         if (d) {
1086             segv = get_user_s64(val, addr);
1087         } else {
1088             segv = get_user_s32(val, addr);
1089         }
1090         if (!segv) {
1091             if (val != env->llval) {
1092                 env->active_tc.gpr[reg] = 0;
1093             } else {
1094                 if (d) {
1095                     segv = put_user_u64(env->llnewval, addr);
1096                 } else {
1097                     segv = put_user_u32(env->llnewval, addr);
1098                 }
1099                 if (!segv) {
1100                     env->active_tc.gpr[reg] = 1;
1101                 }
1102             }
1103         }
1104     }
1105     env->lladdr = -1;
1106     if (!segv) {
1107         env->active_tc.PC += 4;
1108     }
1109     mmap_unlock();
1110     end_exclusive();
1111     return segv;
1112 }
1113 
1114 /* Break codes */
1115 enum {
1116     BRK_OVERFLOW = 6,
1117     BRK_DIVZERO = 7
1118 };
1119 
1120 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
1121                     unsigned int code)
1122 {
1123     int ret = -1;
1124 
1125     switch (code) {
1126     case BRK_OVERFLOW:
1127     case BRK_DIVZERO:
1128         info->si_signo = TARGET_SIGFPE;
1129         info->si_errno = 0;
1130         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
1131         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
1132         ret = 0;
1133         break;
1134     default:
1135         info->si_signo = TARGET_SIGTRAP;
1136         info->si_errno = 0;
1137         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
1138         ret = 0;
1139         break;
1140     }
1141 
1142     return ret;
1143 }
1144 
1145 void cpu_loop(CPUMIPSState *env)
1146 {
1147     CPUState *cs = CPU(mips_env_get_cpu(env));
1148     target_siginfo_t info;
1149     int trapnr;
1150     abi_long ret;
1151 # ifdef TARGET_ABI_MIPSO32
1152     unsigned int syscall_num;
1153 # endif
1154 
1155     for(;;) {
1156         cpu_exec_start(cs);
1157         trapnr = cpu_exec(cs);
1158         cpu_exec_end(cs);
1159         process_queued_cpu_work(cs);
1160 
1161         switch(trapnr) {
1162         case EXCP_SYSCALL:
1163             env->active_tc.PC += 4;
1164 # ifdef TARGET_ABI_MIPSO32
1165             syscall_num = env->active_tc.gpr[2] - 4000;
1166             if (syscall_num >= sizeof(mips_syscall_args)) {
1167                 ret = -TARGET_ENOSYS;
1168             } else {
1169                 int nb_args;
1170                 abi_ulong sp_reg;
1171                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
1172 
1173                 nb_args = mips_syscall_args[syscall_num];
1174                 sp_reg = env->active_tc.gpr[29];
1175                 switch (nb_args) {
1176                 /* these arguments are taken from the stack */
1177                 case 8:
1178                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
1179                         goto done_syscall;
1180                     }
1181                 case 7:
1182                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
1183                         goto done_syscall;
1184                     }
1185                 case 6:
1186                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
1187                         goto done_syscall;
1188                     }
1189                 case 5:
1190                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
1191                         goto done_syscall;
1192                     }
1193                 default:
1194                     break;
1195                 }
1196                 ret = do_syscall(env, env->active_tc.gpr[2],
1197                                  env->active_tc.gpr[4],
1198                                  env->active_tc.gpr[5],
1199                                  env->active_tc.gpr[6],
1200                                  env->active_tc.gpr[7],
1201                                  arg5, arg6, arg7, arg8);
1202             }
1203 done_syscall:
1204 # else
1205             ret = do_syscall(env, env->active_tc.gpr[2],
1206                              env->active_tc.gpr[4], env->active_tc.gpr[5],
1207                              env->active_tc.gpr[6], env->active_tc.gpr[7],
1208                              env->active_tc.gpr[8], env->active_tc.gpr[9],
1209                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
1210 # endif /* O32 */
1211             if (ret == -TARGET_ERESTARTSYS) {
1212                 env->active_tc.PC -= 4;
1213                 break;
1214             }
1215             if (ret == -TARGET_QEMU_ESIGRETURN) {
1216                 /* Returning from a successful sigreturn syscall.
1217                    Avoid clobbering register state.  */
1218                 break;
1219             }
1220             if ((abi_ulong)ret >= (abi_ulong)-1133) {
1221                 env->active_tc.gpr[7] = 1; /* error flag */
1222                 ret = -ret;
1223             } else {
1224                 env->active_tc.gpr[7] = 0; /* error flag */
1225             }
1226             env->active_tc.gpr[2] = ret;
1227             break;
1228         case EXCP_TLBL:
1229         case EXCP_TLBS:
1230         case EXCP_AdEL:
1231         case EXCP_AdES:
1232             info.si_signo = TARGET_SIGSEGV;
1233             info.si_errno = 0;
1234             /* XXX: check env->error_code */
1235             info.si_code = TARGET_SEGV_MAPERR;
1236             info._sifields._sigfault._addr = env->CP0_BadVAddr;
1237             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1238             break;
1239         case EXCP_CpU:
1240         case EXCP_RI:
1241             info.si_signo = TARGET_SIGILL;
1242             info.si_errno = 0;
1243             info.si_code = 0;
1244             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1245             break;
1246         case EXCP_INTERRUPT:
1247             /* just indicate that signals should be handled asap */
1248             break;
1249         case EXCP_DEBUG:
1250             {
1251                 int sig;
1252 
1253                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1254                 if (sig)
1255                   {
1256                     info.si_signo = sig;
1257                     info.si_errno = 0;
1258                     info.si_code = TARGET_TRAP_BRKPT;
1259                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1260                   }
1261             }
1262             break;
1263         case EXCP_SC:
1264             if (do_store_exclusive(env)) {
1265                 info.si_signo = TARGET_SIGSEGV;
1266                 info.si_errno = 0;
1267                 info.si_code = TARGET_SEGV_MAPERR;
1268                 info._sifields._sigfault._addr = env->active_tc.PC;
1269                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1270             }
1271             break;
1272         case EXCP_DSPDIS:
1273             info.si_signo = TARGET_SIGILL;
1274             info.si_errno = 0;
1275             info.si_code = TARGET_ILL_ILLOPC;
1276             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1277             break;
1278         /* The code below was inspired by the MIPS Linux kernel trap
1279          * handling code in arch/mips/kernel/traps.c.
1280          */
1281         case EXCP_BREAK:
1282             {
1283                 abi_ulong trap_instr;
1284                 unsigned int code;
1285 
1286                 if (env->hflags & MIPS_HFLAG_M16) {
1287                     if (env->insn_flags & ASE_MICROMIPS) {
1288                         /* microMIPS mode */
1289                         ret = get_user_u16(trap_instr, env->active_tc.PC);
1290                         if (ret != 0) {
1291                             goto error;
1292                         }
1293 
1294                         if ((trap_instr >> 10) == 0x11) {
1295                             /* 16-bit instruction */
1296                             code = trap_instr & 0xf;
1297                         } else {
1298                             /* 32-bit instruction */
1299                             abi_ulong instr_lo;
1300 
1301                             ret = get_user_u16(instr_lo,
1302                                                env->active_tc.PC + 2);
1303                             if (ret != 0) {
1304                                 goto error;
1305                             }
1306                             trap_instr = (trap_instr << 16) | instr_lo;
1307                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
1308                             /* Unfortunately, microMIPS also suffers from
1309                                the old assembler bug...  */
1310                             if (code >= (1 << 10)) {
1311                                 code >>= 10;
1312                             }
1313                         }
1314                     } else {
1315                         /* MIPS16e mode */
1316                         ret = get_user_u16(trap_instr, env->active_tc.PC);
1317                         if (ret != 0) {
1318                             goto error;
1319                         }
1320                         code = (trap_instr >> 6) & 0x3f;
1321                     }
1322                 } else {
1323                     ret = get_user_u32(trap_instr, env->active_tc.PC);
1324                     if (ret != 0) {
1325                         goto error;
1326                     }
1327 
1328                     /* As described in the original Linux kernel code, the
1329                      * below checks on 'code' are to work around an old
1330                      * assembly bug.
1331                      */
1332                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
1333                     if (code >= (1 << 10)) {
1334                         code >>= 10;
1335                     }
1336                 }
1337 
1338                 if (do_break(env, &info, code) != 0) {
1339                     goto error;
1340                 }
1341             }
1342             break;
1343         case EXCP_TRAP:
1344             {
1345                 abi_ulong trap_instr;
1346                 unsigned int code = 0;
1347 
1348                 if (env->hflags & MIPS_HFLAG_M16) {
1349                     /* microMIPS mode */
1350                     abi_ulong instr[2];
1351 
1352                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
1353                           get_user_u16(instr[1], env->active_tc.PC + 2);
1354 
1355                     trap_instr = (instr[0] << 16) | instr[1];
1356                 } else {
1357                     ret = get_user_u32(trap_instr, env->active_tc.PC);
1358                 }
1359 
1360                 if (ret != 0) {
1361                     goto error;
1362                 }
1363 
1364                 /* The immediate versions don't provide a code.  */
1365                 if (!(trap_instr & 0xFC000000)) {
1366                     if (env->hflags & MIPS_HFLAG_M16) {
1367                         /* microMIPS mode */
1368                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
1369                     } else {
1370                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
1371                     }
1372                 }
1373 
1374                 if (do_break(env, &info, code) != 0) {
1375                     goto error;
1376                 }
1377             }
1378             break;
1379         case EXCP_ATOMIC:
1380             cpu_exec_step_atomic(cs);
1381             break;
1382         default:
1383 error:
1384             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
1385             abort();
1386         }
1387         process_pending_signals(env);
1388     }
1389 }
1390 #endif
1391 
1392 #ifdef TARGET_NIOS2
1393 
1394 void cpu_loop(CPUNios2State *env)
1395 {
1396     CPUState *cs = ENV_GET_CPU(env);
1397     Nios2CPU *cpu = NIOS2_CPU(cs);
1398     target_siginfo_t info;
1399     int trapnr, gdbsig, ret;
1400 
1401     for (;;) {
1402         cpu_exec_start(cs);
1403         trapnr = cpu_exec(cs);
1404         cpu_exec_end(cs);
1405         gdbsig = 0;
1406 
1407         switch (trapnr) {
1408         case EXCP_INTERRUPT:
1409             /* just indicate that signals should be handled asap */
1410             break;
1411         case EXCP_TRAP:
1412             if (env->regs[R_AT] == 0) {
1413                 abi_long ret;
1414                 qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
1415 
1416                 ret = do_syscall(env, env->regs[2],
1417                                  env->regs[4], env->regs[5], env->regs[6],
1418                                  env->regs[7], env->regs[8], env->regs[9],
1419                                  0, 0);
1420 
1421                 if (env->regs[2] == 0) {    /* FIXME: syscall 0 workaround */
1422                     ret = 0;
1423                 }
1424 
1425                 env->regs[2] = abs(ret);
1426                 /* Return value is 0..4096 */
1427                 env->regs[7] = (ret > 0xfffffffffffff000ULL);
1428                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
1429                 env->regs[CR_STATUS] &= ~0x3;
1430                 env->regs[R_EA] = env->regs[R_PC] + 4;
1431                 env->regs[R_PC] += 4;
1432                 break;
1433             } else {
1434                 qemu_log_mask(CPU_LOG_INT, "\nTrap\n");
1435 
1436                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
1437                 env->regs[CR_STATUS] &= ~0x3;
1438                 env->regs[R_EA] = env->regs[R_PC] + 4;
1439                 env->regs[R_PC] = cpu->exception_addr;
1440 
1441                 gdbsig = TARGET_SIGTRAP;
1442                 break;
1443             }
1444         case 0xaa:
1445             switch (env->regs[R_PC]) {
1446             /*case 0x1000:*/  /* TODO:__kuser_helper_version */
1447             case 0x1004:      /* __kuser_cmpxchg */
1448                 start_exclusive();
1449                 if (env->regs[4] & 0x3) {
1450                     goto kuser_fail;
1451                 }
1452                 ret = get_user_u32(env->regs[2], env->regs[4]);
1453                 if (ret) {
1454                     end_exclusive();
1455                     goto kuser_fail;
1456                 }
1457                 env->regs[2] -= env->regs[5];
1458                 if (env->regs[2] == 0) {
1459                     put_user_u32(env->regs[6], env->regs[4]);
1460                 }
1461                 end_exclusive();
1462                 env->regs[R_PC] = env->regs[R_RA];
1463                 break;
1464             /*case 0x1040:*/  /* TODO:__kuser_sigtramp */
1465             default:
1466                 ;
1467 kuser_fail:
1468                 info.si_signo = TARGET_SIGSEGV;
1469                 info.si_errno = 0;
1470                 /* TODO: check env->error_code */
1471                 info.si_code = TARGET_SEGV_MAPERR;
1472                 info._sifields._sigfault._addr = env->regs[R_PC];
1473                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1474             }
1475             break;
1476         default:
1477             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
1478                      trapnr);
1479             gdbsig = TARGET_SIGILL;
1480             break;
1481         }
1482         if (gdbsig) {
1483             gdb_handlesig(cs, gdbsig);
1484             if (gdbsig != TARGET_SIGTRAP) {
1485                 exit(EXIT_FAILURE);
1486             }
1487         }
1488 
1489         process_pending_signals(env);
1490     }
1491 }
1492 
1493 #endif /* TARGET_NIOS2 */
1494 
1495 #ifdef TARGET_OPENRISC
1496 
1497 void cpu_loop(CPUOpenRISCState *env)
1498 {
1499     CPUState *cs = CPU(openrisc_env_get_cpu(env));
1500     int trapnr;
1501     abi_long ret;
1502     target_siginfo_t info;
1503 
1504     for (;;) {
1505         cpu_exec_start(cs);
1506         trapnr = cpu_exec(cs);
1507         cpu_exec_end(cs);
1508         process_queued_cpu_work(cs);
1509 
1510         switch (trapnr) {
1511         case EXCP_SYSCALL:
1512             env->pc += 4;   /* 0xc00; */
1513             ret = do_syscall(env,
1514                              cpu_get_gpr(env, 11), /* return value       */
1515                              cpu_get_gpr(env, 3),  /* r3 - r7 are params */
1516                              cpu_get_gpr(env, 4),
1517                              cpu_get_gpr(env, 5),
1518                              cpu_get_gpr(env, 6),
1519                              cpu_get_gpr(env, 7),
1520                              cpu_get_gpr(env, 8), 0, 0);
1521             if (ret == -TARGET_ERESTARTSYS) {
1522                 env->pc -= 4;
1523             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
1524                 cpu_set_gpr(env, 11, ret);
1525             }
1526             break;
1527         case EXCP_DPF:
1528         case EXCP_IPF:
1529         case EXCP_RANGE:
1530             info.si_signo = TARGET_SIGSEGV;
1531             info.si_errno = 0;
1532             info.si_code = TARGET_SEGV_MAPERR;
1533             info._sifields._sigfault._addr = env->pc;
1534             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1535             break;
1536         case EXCP_ALIGN:
1537             info.si_signo = TARGET_SIGBUS;
1538             info.si_errno = 0;
1539             info.si_code = TARGET_BUS_ADRALN;
1540             info._sifields._sigfault._addr = env->pc;
1541             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1542             break;
1543         case EXCP_ILLEGAL:
1544             info.si_signo = TARGET_SIGILL;
1545             info.si_errno = 0;
1546             info.si_code = TARGET_ILL_ILLOPC;
1547             info._sifields._sigfault._addr = env->pc;
1548             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1549             break;
1550         case EXCP_FPE:
1551             info.si_signo = TARGET_SIGFPE;
1552             info.si_errno = 0;
1553             info.si_code = 0;
1554             info._sifields._sigfault._addr = env->pc;
1555             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1556             break;
1557         case EXCP_INTERRUPT:
1558             /* We processed the pending cpu work above.  */
1559             break;
1560         case EXCP_DEBUG:
1561             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
1562             if (trapnr) {
1563                 info.si_signo = trapnr;
1564                 info.si_errno = 0;
1565                 info.si_code = TARGET_TRAP_BRKPT;
1566                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1567             }
1568             break;
1569         case EXCP_ATOMIC:
1570             cpu_exec_step_atomic(cs);
1571             break;
1572         default:
1573             g_assert_not_reached();
1574         }
1575         process_pending_signals(env);
1576     }
1577 }
1578 
1579 #endif /* TARGET_OPENRISC */
1580 
1581 #ifdef TARGET_SH4
1582 void cpu_loop(CPUSH4State *env)
1583 {
1584     CPUState *cs = CPU(sh_env_get_cpu(env));
1585     int trapnr, ret;
1586     target_siginfo_t info;
1587 
1588     while (1) {
1589         bool arch_interrupt = true;
1590 
1591         cpu_exec_start(cs);
1592         trapnr = cpu_exec(cs);
1593         cpu_exec_end(cs);
1594         process_queued_cpu_work(cs);
1595 
1596         switch (trapnr) {
1597         case 0x160:
1598             env->pc += 2;
1599             ret = do_syscall(env,
1600                              env->gregs[3],
1601                              env->gregs[4],
1602                              env->gregs[5],
1603                              env->gregs[6],
1604                              env->gregs[7],
1605                              env->gregs[0],
1606                              env->gregs[1],
1607                              0, 0);
1608             if (ret == -TARGET_ERESTARTSYS) {
1609                 env->pc -= 2;
1610             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
1611                 env->gregs[0] = ret;
1612             }
1613             break;
1614         case EXCP_INTERRUPT:
1615             /* just indicate that signals should be handled asap */
1616             break;
1617         case EXCP_DEBUG:
1618             {
1619                 int sig;
1620 
1621                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1622                 if (sig) {
1623                     info.si_signo = sig;
1624                     info.si_errno = 0;
1625                     info.si_code = TARGET_TRAP_BRKPT;
1626                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1627                 } else {
1628                     arch_interrupt = false;
1629                 }
1630             }
1631             break;
1632 	case 0xa0:
1633 	case 0xc0:
1634             info.si_signo = TARGET_SIGSEGV;
1635             info.si_errno = 0;
1636             info.si_code = TARGET_SEGV_MAPERR;
1637             info._sifields._sigfault._addr = env->tea;
1638             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1639 	    break;
1640         case EXCP_ATOMIC:
1641             cpu_exec_step_atomic(cs);
1642             arch_interrupt = false;
1643             break;
1644         default:
1645             printf ("Unhandled trap: 0x%x\n", trapnr);
1646             cpu_dump_state(cs, stderr, fprintf, 0);
1647             exit(EXIT_FAILURE);
1648         }
1649         process_pending_signals (env);
1650 
1651         /* Most of the traps imply an exception or interrupt, which
1652            implies an REI instruction has been executed.  Which means
1653            that LDST (aka LOK_ADDR) should be cleared.  But there are
1654            a few exceptions for traps internal to QEMU.  */
1655         if (arch_interrupt) {
1656             env->lock_addr = -1;
1657         }
1658     }
1659 }
1660 #endif
1661 
1662 #ifdef TARGET_CRIS
1663 void cpu_loop(CPUCRISState *env)
1664 {
1665     CPUState *cs = CPU(cris_env_get_cpu(env));
1666     int trapnr, ret;
1667     target_siginfo_t info;
1668 
1669     while (1) {
1670         cpu_exec_start(cs);
1671         trapnr = cpu_exec(cs);
1672         cpu_exec_end(cs);
1673         process_queued_cpu_work(cs);
1674 
1675         switch (trapnr) {
1676         case 0xaa:
1677             {
1678                 info.si_signo = TARGET_SIGSEGV;
1679                 info.si_errno = 0;
1680                 /* XXX: check env->error_code */
1681                 info.si_code = TARGET_SEGV_MAPERR;
1682                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
1683                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1684             }
1685             break;
1686 	case EXCP_INTERRUPT:
1687 	  /* just indicate that signals should be handled asap */
1688 	  break;
1689         case EXCP_BREAK:
1690             ret = do_syscall(env,
1691                              env->regs[9],
1692                              env->regs[10],
1693                              env->regs[11],
1694                              env->regs[12],
1695                              env->regs[13],
1696                              env->pregs[7],
1697                              env->pregs[11],
1698                              0, 0);
1699             if (ret == -TARGET_ERESTARTSYS) {
1700                 env->pc -= 2;
1701             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
1702                 env->regs[10] = ret;
1703             }
1704             break;
1705         case EXCP_DEBUG:
1706             {
1707                 int sig;
1708 
1709                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1710                 if (sig)
1711                   {
1712                     info.si_signo = sig;
1713                     info.si_errno = 0;
1714                     info.si_code = TARGET_TRAP_BRKPT;
1715                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1716                   }
1717             }
1718             break;
1719         case EXCP_ATOMIC:
1720             cpu_exec_step_atomic(cs);
1721             break;
1722         default:
1723             printf ("Unhandled trap: 0x%x\n", trapnr);
1724             cpu_dump_state(cs, stderr, fprintf, 0);
1725             exit(EXIT_FAILURE);
1726         }
1727         process_pending_signals (env);
1728     }
1729 }
1730 #endif
1731 
1732 #ifdef TARGET_MICROBLAZE
1733 void cpu_loop(CPUMBState *env)
1734 {
1735     CPUState *cs = CPU(mb_env_get_cpu(env));
1736     int trapnr, ret;
1737     target_siginfo_t info;
1738 
1739     while (1) {
1740         cpu_exec_start(cs);
1741         trapnr = cpu_exec(cs);
1742         cpu_exec_end(cs);
1743         process_queued_cpu_work(cs);
1744 
1745         switch (trapnr) {
1746         case 0xaa:
1747             {
1748                 info.si_signo = TARGET_SIGSEGV;
1749                 info.si_errno = 0;
1750                 /* XXX: check env->error_code */
1751                 info.si_code = TARGET_SEGV_MAPERR;
1752                 info._sifields._sigfault._addr = 0;
1753                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1754             }
1755             break;
1756 	case EXCP_INTERRUPT:
1757 	  /* just indicate that signals should be handled asap */
1758 	  break;
1759         case EXCP_BREAK:
1760             /* Return address is 4 bytes after the call.  */
1761             env->regs[14] += 4;
1762             env->sregs[SR_PC] = env->regs[14];
1763             ret = do_syscall(env,
1764                              env->regs[12],
1765                              env->regs[5],
1766                              env->regs[6],
1767                              env->regs[7],
1768                              env->regs[8],
1769                              env->regs[9],
1770                              env->regs[10],
1771                              0, 0);
1772             if (ret == -TARGET_ERESTARTSYS) {
1773                 /* Wind back to before the syscall. */
1774                 env->sregs[SR_PC] -= 4;
1775             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
1776                 env->regs[3] = ret;
1777             }
1778             /* All syscall exits result in guest r14 being equal to the
1779              * PC we return to, because the kernel syscall exit "rtbd" does
1780              * this. (This is true even for sigreturn(); note that r14 is
1781              * not a userspace-usable register, as the kernel may clobber it
1782              * at any point.)
1783              */
1784             env->regs[14] = env->sregs[SR_PC];
1785             break;
1786         case EXCP_HW_EXCP:
1787             env->regs[17] = env->sregs[SR_PC] + 4;
1788             if (env->iflags & D_FLAG) {
1789                 env->sregs[SR_ESR] |= 1 << 12;
1790                 env->sregs[SR_PC] -= 4;
1791                 /* FIXME: if branch was immed, replay the imm as well.  */
1792             }
1793 
1794             env->iflags &= ~(IMM_FLAG | D_FLAG);
1795 
1796             switch (env->sregs[SR_ESR] & 31) {
1797                 case ESR_EC_DIVZERO:
1798                     info.si_signo = TARGET_SIGFPE;
1799                     info.si_errno = 0;
1800                     info.si_code = TARGET_FPE_FLTDIV;
1801                     info._sifields._sigfault._addr = 0;
1802                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1803                     break;
1804                 case ESR_EC_FPU:
1805                     info.si_signo = TARGET_SIGFPE;
1806                     info.si_errno = 0;
1807                     if (env->sregs[SR_FSR] & FSR_IO) {
1808                         info.si_code = TARGET_FPE_FLTINV;
1809                     }
1810                     if (env->sregs[SR_FSR] & FSR_DZ) {
1811                         info.si_code = TARGET_FPE_FLTDIV;
1812                     }
1813                     info._sifields._sigfault._addr = 0;
1814                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1815                     break;
1816                 default:
1817                     printf ("Unhandled hw-exception: 0x%x\n",
1818                             env->sregs[SR_ESR] & ESR_EC_MASK);
1819                     cpu_dump_state(cs, stderr, fprintf, 0);
1820                     exit(EXIT_FAILURE);
1821                     break;
1822             }
1823             break;
1824         case EXCP_DEBUG:
1825             {
1826                 int sig;
1827 
1828                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1829                 if (sig)
1830                   {
1831                     info.si_signo = sig;
1832                     info.si_errno = 0;
1833                     info.si_code = TARGET_TRAP_BRKPT;
1834                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1835                   }
1836             }
1837             break;
1838         case EXCP_ATOMIC:
1839             cpu_exec_step_atomic(cs);
1840             break;
1841         default:
1842             printf ("Unhandled trap: 0x%x\n", trapnr);
1843             cpu_dump_state(cs, stderr, fprintf, 0);
1844             exit(EXIT_FAILURE);
1845         }
1846         process_pending_signals (env);
1847     }
1848 }
1849 #endif
1850 
1851 #ifdef TARGET_M68K
1852 
1853 void cpu_loop(CPUM68KState *env)
1854 {
1855     CPUState *cs = CPU(m68k_env_get_cpu(env));
1856     int trapnr;
1857     unsigned int n;
1858     target_siginfo_t info;
1859     TaskState *ts = cs->opaque;
1860 
1861     for(;;) {
1862         cpu_exec_start(cs);
1863         trapnr = cpu_exec(cs);
1864         cpu_exec_end(cs);
1865         process_queued_cpu_work(cs);
1866 
1867         switch(trapnr) {
1868         case EXCP_ILLEGAL:
1869             {
1870                 if (ts->sim_syscalls) {
1871                     uint16_t nr;
1872                     get_user_u16(nr, env->pc + 2);
1873                     env->pc += 4;
1874                     do_m68k_simcall(env, nr);
1875                 } else {
1876                     goto do_sigill;
1877                 }
1878             }
1879             break;
1880         case EXCP_HALT_INSN:
1881             /* Semihosing syscall.  */
1882             env->pc += 4;
1883             do_m68k_semihosting(env, env->dregs[0]);
1884             break;
1885         case EXCP_LINEA:
1886         case EXCP_LINEF:
1887         case EXCP_UNSUPPORTED:
1888         do_sigill:
1889             info.si_signo = TARGET_SIGILL;
1890             info.si_errno = 0;
1891             info.si_code = TARGET_ILL_ILLOPN;
1892             info._sifields._sigfault._addr = env->pc;
1893             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1894             break;
1895         case EXCP_CHK:
1896             info.si_signo = TARGET_SIGFPE;
1897             info.si_errno = 0;
1898             info.si_code = TARGET_FPE_INTOVF;
1899             info._sifields._sigfault._addr = env->pc;
1900             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1901             break;
1902         case EXCP_DIV0:
1903             info.si_signo = TARGET_SIGFPE;
1904             info.si_errno = 0;
1905             info.si_code = TARGET_FPE_INTDIV;
1906             info._sifields._sigfault._addr = env->pc;
1907             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1908             break;
1909         case EXCP_TRAP0:
1910             {
1911                 abi_long ret;
1912                 ts->sim_syscalls = 0;
1913                 n = env->dregs[0];
1914                 env->pc += 2;
1915                 ret = do_syscall(env,
1916                                  n,
1917                                  env->dregs[1],
1918                                  env->dregs[2],
1919                                  env->dregs[3],
1920                                  env->dregs[4],
1921                                  env->dregs[5],
1922                                  env->aregs[0],
1923                                  0, 0);
1924                 if (ret == -TARGET_ERESTARTSYS) {
1925                     env->pc -= 2;
1926                 } else if (ret != -TARGET_QEMU_ESIGRETURN) {
1927                     env->dregs[0] = ret;
1928                 }
1929             }
1930             break;
1931         case EXCP_INTERRUPT:
1932             /* just indicate that signals should be handled asap */
1933             break;
1934         case EXCP_ACCESS:
1935             {
1936                 info.si_signo = TARGET_SIGSEGV;
1937                 info.si_errno = 0;
1938                 /* XXX: check env->error_code */
1939                 info.si_code = TARGET_SEGV_MAPERR;
1940                 info._sifields._sigfault._addr = env->mmu.ar;
1941                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1942             }
1943             break;
1944         case EXCP_DEBUG:
1945             {
1946                 int sig;
1947 
1948                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1949                 if (sig)
1950                   {
1951                     info.si_signo = sig;
1952                     info.si_errno = 0;
1953                     info.si_code = TARGET_TRAP_BRKPT;
1954                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1955                   }
1956             }
1957             break;
1958         case EXCP_ATOMIC:
1959             cpu_exec_step_atomic(cs);
1960             break;
1961         default:
1962             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
1963             abort();
1964         }
1965         process_pending_signals(env);
1966     }
1967 }
1968 #endif /* TARGET_M68K */
1969 
1970 #ifdef TARGET_ALPHA
1971 void cpu_loop(CPUAlphaState *env)
1972 {
1973     CPUState *cs = CPU(alpha_env_get_cpu(env));
1974     int trapnr;
1975     target_siginfo_t info;
1976     abi_long sysret;
1977 
1978     while (1) {
1979         bool arch_interrupt = true;
1980 
1981         cpu_exec_start(cs);
1982         trapnr = cpu_exec(cs);
1983         cpu_exec_end(cs);
1984         process_queued_cpu_work(cs);
1985 
1986         switch (trapnr) {
1987         case EXCP_RESET:
1988             fprintf(stderr, "Reset requested. Exit\n");
1989             exit(EXIT_FAILURE);
1990             break;
1991         case EXCP_MCHK:
1992             fprintf(stderr, "Machine check exception. Exit\n");
1993             exit(EXIT_FAILURE);
1994             break;
1995         case EXCP_SMP_INTERRUPT:
1996         case EXCP_CLK_INTERRUPT:
1997         case EXCP_DEV_INTERRUPT:
1998             fprintf(stderr, "External interrupt. Exit\n");
1999             exit(EXIT_FAILURE);
2000             break;
2001         case EXCP_MMFAULT:
2002             info.si_signo = TARGET_SIGSEGV;
2003             info.si_errno = 0;
2004             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
2005                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
2006             info._sifields._sigfault._addr = env->trap_arg0;
2007             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2008             break;
2009         case EXCP_UNALIGN:
2010             info.si_signo = TARGET_SIGBUS;
2011             info.si_errno = 0;
2012             info.si_code = TARGET_BUS_ADRALN;
2013             info._sifields._sigfault._addr = env->trap_arg0;
2014             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2015             break;
2016         case EXCP_OPCDEC:
2017         do_sigill:
2018             info.si_signo = TARGET_SIGILL;
2019             info.si_errno = 0;
2020             info.si_code = TARGET_ILL_ILLOPC;
2021             info._sifields._sigfault._addr = env->pc;
2022             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2023             break;
2024         case EXCP_ARITH:
2025             info.si_signo = TARGET_SIGFPE;
2026             info.si_errno = 0;
2027             info.si_code = TARGET_FPE_FLTINV;
2028             info._sifields._sigfault._addr = env->pc;
2029             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2030             break;
2031         case EXCP_FEN:
2032             /* No-op.  Linux simply re-enables the FPU.  */
2033             break;
2034         case EXCP_CALL_PAL:
2035             switch (env->error_code) {
2036             case 0x80:
2037                 /* BPT */
2038                 info.si_signo = TARGET_SIGTRAP;
2039                 info.si_errno = 0;
2040                 info.si_code = TARGET_TRAP_BRKPT;
2041                 info._sifields._sigfault._addr = env->pc;
2042                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2043                 break;
2044             case 0x81:
2045                 /* BUGCHK */
2046                 info.si_signo = TARGET_SIGTRAP;
2047                 info.si_errno = 0;
2048                 info.si_code = 0;
2049                 info._sifields._sigfault._addr = env->pc;
2050                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2051                 break;
2052             case 0x83:
2053                 /* CALLSYS */
2054                 trapnr = env->ir[IR_V0];
2055                 sysret = do_syscall(env, trapnr,
2056                                     env->ir[IR_A0], env->ir[IR_A1],
2057                                     env->ir[IR_A2], env->ir[IR_A3],
2058                                     env->ir[IR_A4], env->ir[IR_A5],
2059                                     0, 0);
2060                 if (sysret == -TARGET_ERESTARTSYS) {
2061                     env->pc -= 4;
2062                     break;
2063                 }
2064                 if (sysret == -TARGET_QEMU_ESIGRETURN) {
2065                     break;
2066                 }
2067                 /* Syscall writes 0 to V0 to bypass error check, similar
2068                    to how this is handled internal to Linux kernel.
2069                    (Ab)use trapnr temporarily as boolean indicating error.  */
2070                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
2071                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
2072                 env->ir[IR_A3] = trapnr;
2073                 break;
2074             case 0x86:
2075                 /* IMB */
2076                 /* ??? We can probably elide the code using page_unprotect
2077                    that is checking for self-modifying code.  Instead we
2078                    could simply call tb_flush here.  Until we work out the
2079                    changes required to turn off the extra write protection,
2080                    this can be a no-op.  */
2081                 break;
2082             case 0x9E:
2083                 /* RDUNIQUE */
2084                 /* Handled in the translator for usermode.  */
2085                 abort();
2086             case 0x9F:
2087                 /* WRUNIQUE */
2088                 /* Handled in the translator for usermode.  */
2089                 abort();
2090             case 0xAA:
2091                 /* GENTRAP */
2092                 info.si_signo = TARGET_SIGFPE;
2093                 switch (env->ir[IR_A0]) {
2094                 case TARGET_GEN_INTOVF:
2095                     info.si_code = TARGET_FPE_INTOVF;
2096                     break;
2097                 case TARGET_GEN_INTDIV:
2098                     info.si_code = TARGET_FPE_INTDIV;
2099                     break;
2100                 case TARGET_GEN_FLTOVF:
2101                     info.si_code = TARGET_FPE_FLTOVF;
2102                     break;
2103                 case TARGET_GEN_FLTUND:
2104                     info.si_code = TARGET_FPE_FLTUND;
2105                     break;
2106                 case TARGET_GEN_FLTINV:
2107                     info.si_code = TARGET_FPE_FLTINV;
2108                     break;
2109                 case TARGET_GEN_FLTINE:
2110                     info.si_code = TARGET_FPE_FLTRES;
2111                     break;
2112                 case TARGET_GEN_ROPRAND:
2113                     info.si_code = 0;
2114                     break;
2115                 default:
2116                     info.si_signo = TARGET_SIGTRAP;
2117                     info.si_code = 0;
2118                     break;
2119                 }
2120                 info.si_errno = 0;
2121                 info._sifields._sigfault._addr = env->pc;
2122                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2123                 break;
2124             default:
2125                 goto do_sigill;
2126             }
2127             break;
2128         case EXCP_DEBUG:
2129             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
2130             if (info.si_signo) {
2131                 info.si_errno = 0;
2132                 info.si_code = TARGET_TRAP_BRKPT;
2133                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2134             } else {
2135                 arch_interrupt = false;
2136             }
2137             break;
2138         case EXCP_INTERRUPT:
2139             /* Just indicate that signals should be handled asap.  */
2140             break;
2141         case EXCP_ATOMIC:
2142             cpu_exec_step_atomic(cs);
2143             arch_interrupt = false;
2144             break;
2145         default:
2146             printf ("Unhandled trap: 0x%x\n", trapnr);
2147             cpu_dump_state(cs, stderr, fprintf, 0);
2148             exit(EXIT_FAILURE);
2149         }
2150         process_pending_signals (env);
2151 
2152         /* Most of the traps imply a transition through PALcode, which
2153            implies an REI instruction has been executed.  Which means
2154            that RX and LOCK_ADDR should be cleared.  But there are a
2155            few exceptions for traps internal to QEMU.  */
2156         if (arch_interrupt) {
2157             env->flags &= ~ENV_FLAG_RX_FLAG;
2158             env->lock_addr = -1;
2159         }
2160     }
2161 }
2162 #endif /* TARGET_ALPHA */
2163 
2164 #ifdef TARGET_S390X
2165 
2166 /* s390x masks the fault address it reports in si_addr for SIGSEGV and SIGBUS */
2167 #define S390X_FAIL_ADDR_MASK -4096LL
2168 
2169 void cpu_loop(CPUS390XState *env)
2170 {
2171     CPUState *cs = CPU(s390_env_get_cpu(env));
2172     int trapnr, n, sig;
2173     target_siginfo_t info;
2174     target_ulong addr;
2175     abi_long ret;
2176 
2177     while (1) {
2178         cpu_exec_start(cs);
2179         trapnr = cpu_exec(cs);
2180         cpu_exec_end(cs);
2181         process_queued_cpu_work(cs);
2182 
2183         switch (trapnr) {
2184         case EXCP_INTERRUPT:
2185             /* Just indicate that signals should be handled asap.  */
2186             break;
2187 
2188         case EXCP_SVC:
2189             n = env->int_svc_code;
2190             if (!n) {
2191                 /* syscalls > 255 */
2192                 n = env->regs[1];
2193             }
2194             env->psw.addr += env->int_svc_ilen;
2195             ret = do_syscall(env, n, env->regs[2], env->regs[3],
2196                              env->regs[4], env->regs[5],
2197                              env->regs[6], env->regs[7], 0, 0);
2198             if (ret == -TARGET_ERESTARTSYS) {
2199                 env->psw.addr -= env->int_svc_ilen;
2200             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2201                 env->regs[2] = ret;
2202             }
2203             break;
2204 
2205         case EXCP_DEBUG:
2206             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2207             if (sig) {
2208                 n = TARGET_TRAP_BRKPT;
2209                 goto do_signal_pc;
2210             }
2211             break;
2212         case EXCP_PGM:
2213             n = env->int_pgm_code;
2214             switch (n) {
2215             case PGM_OPERATION:
2216             case PGM_PRIVILEGED:
2217                 sig = TARGET_SIGILL;
2218                 n = TARGET_ILL_ILLOPC;
2219                 goto do_signal_pc;
2220             case PGM_PROTECTION:
2221             case PGM_ADDRESSING:
2222                 sig = TARGET_SIGSEGV;
2223                 /* XXX: check env->error_code */
2224                 n = TARGET_SEGV_MAPERR;
2225                 addr = env->__excp_addr & S390X_FAIL_ADDR_MASK;
2226                 goto do_signal;
2227             case PGM_EXECUTE:
2228             case PGM_SPECIFICATION:
2229             case PGM_SPECIAL_OP:
2230             case PGM_OPERAND:
2231             do_sigill_opn:
2232                 sig = TARGET_SIGILL;
2233                 n = TARGET_ILL_ILLOPN;
2234                 goto do_signal_pc;
2235 
2236             case PGM_FIXPT_OVERFLOW:
2237                 sig = TARGET_SIGFPE;
2238                 n = TARGET_FPE_INTOVF;
2239                 goto do_signal_pc;
2240             case PGM_FIXPT_DIVIDE:
2241                 sig = TARGET_SIGFPE;
2242                 n = TARGET_FPE_INTDIV;
2243                 goto do_signal_pc;
2244 
2245             case PGM_DATA:
2246                 n = (env->fpc >> 8) & 0xff;
2247                 if (n == 0xff) {
2248                     /* compare-and-trap */
2249                     goto do_sigill_opn;
2250                 } else {
2251                     /* An IEEE exception, simulated or otherwise.  */
2252                     if (n & 0x80) {
2253                         n = TARGET_FPE_FLTINV;
2254                     } else if (n & 0x40) {
2255                         n = TARGET_FPE_FLTDIV;
2256                     } else if (n & 0x20) {
2257                         n = TARGET_FPE_FLTOVF;
2258                     } else if (n & 0x10) {
2259                         n = TARGET_FPE_FLTUND;
2260                     } else if (n & 0x08) {
2261                         n = TARGET_FPE_FLTRES;
2262                     } else {
2263                         /* ??? Quantum exception; BFP, DFP error.  */
2264                         goto do_sigill_opn;
2265                     }
2266                     sig = TARGET_SIGFPE;
2267                     goto do_signal_pc;
2268                 }
2269 
2270             default:
2271                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
2272                 cpu_dump_state(cs, stderr, fprintf, 0);
2273                 exit(EXIT_FAILURE);
2274             }
2275             break;
2276 
2277         do_signal_pc:
2278             addr = env->psw.addr;
2279         do_signal:
2280             info.si_signo = sig;
2281             info.si_errno = 0;
2282             info.si_code = n;
2283             info._sifields._sigfault._addr = addr;
2284             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2285             break;
2286 
2287         case EXCP_ATOMIC:
2288             cpu_exec_step_atomic(cs);
2289             break;
2290         default:
2291             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
2292             cpu_dump_state(cs, stderr, fprintf, 0);
2293             exit(EXIT_FAILURE);
2294         }
2295         process_pending_signals (env);
2296     }
2297 }
2298 
2299 #endif /* TARGET_S390X */
2300 
2301 #ifdef TARGET_TILEGX
2302 
2303 static void gen_sigill_reg(CPUTLGState *env)
2304 {
2305     target_siginfo_t info;
2306 
2307     info.si_signo = TARGET_SIGILL;
2308     info.si_errno = 0;
2309     info.si_code = TARGET_ILL_PRVREG;
2310     info._sifields._sigfault._addr = env->pc;
2311     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2312 }
2313 
2314 static void do_signal(CPUTLGState *env, int signo, int sigcode)
2315 {
2316     target_siginfo_t info;
2317 
2318     info.si_signo = signo;
2319     info.si_errno = 0;
2320     info._sifields._sigfault._addr = env->pc;
2321 
2322     if (signo == TARGET_SIGSEGV) {
2323         /* The passed in sigcode is a dummy; check for a page mapping
2324            and pass either MAPERR or ACCERR.  */
2325         target_ulong addr = env->excaddr;
2326         info._sifields._sigfault._addr = addr;
2327         if (page_check_range(addr, 1, PAGE_VALID) < 0) {
2328             sigcode = TARGET_SEGV_MAPERR;
2329         } else {
2330             sigcode = TARGET_SEGV_ACCERR;
2331         }
2332     }
2333     info.si_code = sigcode;
2334 
2335     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2336 }
2337 
2338 static void gen_sigsegv_maperr(CPUTLGState *env, target_ulong addr)
2339 {
2340     env->excaddr = addr;
2341     do_signal(env, TARGET_SIGSEGV, 0);
2342 }
2343 
2344 static void set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
2345 {
2346     if (unlikely(reg >= TILEGX_R_COUNT)) {
2347         switch (reg) {
2348         case TILEGX_R_SN:
2349         case TILEGX_R_ZERO:
2350             return;
2351         case TILEGX_R_IDN0:
2352         case TILEGX_R_IDN1:
2353         case TILEGX_R_UDN0:
2354         case TILEGX_R_UDN1:
2355         case TILEGX_R_UDN2:
2356         case TILEGX_R_UDN3:
2357             gen_sigill_reg(env);
2358             return;
2359         default:
2360             g_assert_not_reached();
2361         }
2362     }
2363     env->regs[reg] = val;
2364 }
2365 
2366 /*
2367  * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
2368  * memory at the address held in the first source register. If the values are
2369  * not equal, then no memory operation is performed. If the values are equal,
2370  * the 8-byte quantity from the second source register is written into memory
2371  * at the address held in the first source register. In either case, the result
2372  * of the instruction is the value read from memory. The compare and write to
2373  * memory are atomic and thus can be used for synchronization purposes. This
2374  * instruction only operates for addresses aligned to a 8-byte boundary.
2375  * Unaligned memory access causes an Unaligned Data Reference interrupt.
2376  *
2377  * Functional Description (64-bit)
2378  *       uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
2379  *       rf[Dest] = memVal;
2380  *       if (memVal == SPR[CmpValueSPR])
2381  *           memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
2382  *
2383  * Functional Description (32-bit)
2384  *       uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
2385  *       rf[Dest] = memVal;
2386  *       if (memVal == signExtend32 (SPR[CmpValueSPR]))
2387  *           memoryWriteWord (rf[SrcA], rf[SrcB]);
2388  *
2389  *
2390  * This function also processes exch and exch4 which need not process SPR.
2391  */
2392 static void do_exch(CPUTLGState *env, bool quad, bool cmp)
2393 {
2394     target_ulong addr;
2395     target_long val, sprval;
2396 
2397     start_exclusive();
2398 
2399     addr = env->atomic_srca;
2400     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
2401         goto sigsegv_maperr;
2402     }
2403 
2404     if (cmp) {
2405         if (quad) {
2406             sprval = env->spregs[TILEGX_SPR_CMPEXCH];
2407         } else {
2408             sprval = sextract64(env->spregs[TILEGX_SPR_CMPEXCH], 0, 32);
2409         }
2410     }
2411 
2412     if (!cmp || val == sprval) {
2413         target_long valb = env->atomic_srcb;
2414         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
2415             goto sigsegv_maperr;
2416         }
2417     }
2418 
2419     set_regval(env, env->atomic_dstr, val);
2420     end_exclusive();
2421     return;
2422 
2423  sigsegv_maperr:
2424     end_exclusive();
2425     gen_sigsegv_maperr(env, addr);
2426 }
2427 
2428 static void do_fetch(CPUTLGState *env, int trapnr, bool quad)
2429 {
2430     int8_t write = 1;
2431     target_ulong addr;
2432     target_long val, valb;
2433 
2434     start_exclusive();
2435 
2436     addr = env->atomic_srca;
2437     valb = env->atomic_srcb;
2438     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
2439         goto sigsegv_maperr;
2440     }
2441 
2442     switch (trapnr) {
2443     case TILEGX_EXCP_OPCODE_FETCHADD:
2444     case TILEGX_EXCP_OPCODE_FETCHADD4:
2445         valb += val;
2446         break;
2447     case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
2448         valb += val;
2449         if (valb < 0) {
2450             write = 0;
2451         }
2452         break;
2453     case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
2454         valb += val;
2455         if ((int32_t)valb < 0) {
2456             write = 0;
2457         }
2458         break;
2459     case TILEGX_EXCP_OPCODE_FETCHAND:
2460     case TILEGX_EXCP_OPCODE_FETCHAND4:
2461         valb &= val;
2462         break;
2463     case TILEGX_EXCP_OPCODE_FETCHOR:
2464     case TILEGX_EXCP_OPCODE_FETCHOR4:
2465         valb |= val;
2466         break;
2467     default:
2468         g_assert_not_reached();
2469     }
2470 
2471     if (write) {
2472         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
2473             goto sigsegv_maperr;
2474         }
2475     }
2476 
2477     set_regval(env, env->atomic_dstr, val);
2478     end_exclusive();
2479     return;
2480 
2481  sigsegv_maperr:
2482     end_exclusive();
2483     gen_sigsegv_maperr(env, addr);
2484 }
2485 
2486 void cpu_loop(CPUTLGState *env)
2487 {
2488     CPUState *cs = CPU(tilegx_env_get_cpu(env));
2489     int trapnr;
2490 
2491     while (1) {
2492         cpu_exec_start(cs);
2493         trapnr = cpu_exec(cs);
2494         cpu_exec_end(cs);
2495         process_queued_cpu_work(cs);
2496 
2497         switch (trapnr) {
2498         case TILEGX_EXCP_SYSCALL:
2499         {
2500             abi_ulong ret = do_syscall(env, env->regs[TILEGX_R_NR],
2501                                        env->regs[0], env->regs[1],
2502                                        env->regs[2], env->regs[3],
2503                                        env->regs[4], env->regs[5],
2504                                        env->regs[6], env->regs[7]);
2505             if (ret == -TARGET_ERESTARTSYS) {
2506                 env->pc -= 8;
2507             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2508                 env->regs[TILEGX_R_RE] = ret;
2509                 env->regs[TILEGX_R_ERR] = TILEGX_IS_ERRNO(ret) ? -ret : 0;
2510             }
2511             break;
2512         }
2513         case TILEGX_EXCP_OPCODE_EXCH:
2514             do_exch(env, true, false);
2515             break;
2516         case TILEGX_EXCP_OPCODE_EXCH4:
2517             do_exch(env, false, false);
2518             break;
2519         case TILEGX_EXCP_OPCODE_CMPEXCH:
2520             do_exch(env, true, true);
2521             break;
2522         case TILEGX_EXCP_OPCODE_CMPEXCH4:
2523             do_exch(env, false, true);
2524             break;
2525         case TILEGX_EXCP_OPCODE_FETCHADD:
2526         case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
2527         case TILEGX_EXCP_OPCODE_FETCHAND:
2528         case TILEGX_EXCP_OPCODE_FETCHOR:
2529             do_fetch(env, trapnr, true);
2530             break;
2531         case TILEGX_EXCP_OPCODE_FETCHADD4:
2532         case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
2533         case TILEGX_EXCP_OPCODE_FETCHAND4:
2534         case TILEGX_EXCP_OPCODE_FETCHOR4:
2535             do_fetch(env, trapnr, false);
2536             break;
2537         case TILEGX_EXCP_SIGNAL:
2538             do_signal(env, env->signo, env->sigcode);
2539             break;
2540         case TILEGX_EXCP_REG_IDN_ACCESS:
2541         case TILEGX_EXCP_REG_UDN_ACCESS:
2542             gen_sigill_reg(env);
2543             break;
2544         case EXCP_ATOMIC:
2545             cpu_exec_step_atomic(cs);
2546             break;
2547         default:
2548             fprintf(stderr, "trapnr is %d[0x%x].\n", trapnr, trapnr);
2549             g_assert_not_reached();
2550         }
2551         process_pending_signals(env);
2552     }
2553 }
2554 
2555 #endif
2556 
2557 #ifdef TARGET_RISCV
2558 
2559 void cpu_loop(CPURISCVState *env)
2560 {
2561     CPUState *cs = CPU(riscv_env_get_cpu(env));
2562     int trapnr, signum, sigcode;
2563     target_ulong sigaddr;
2564     target_ulong ret;
2565 
2566     for (;;) {
2567         cpu_exec_start(cs);
2568         trapnr = cpu_exec(cs);
2569         cpu_exec_end(cs);
2570         process_queued_cpu_work(cs);
2571 
2572         signum = 0;
2573         sigcode = 0;
2574         sigaddr = 0;
2575 
2576         switch (trapnr) {
2577         case EXCP_INTERRUPT:
2578             /* just indicate that signals should be handled asap */
2579             break;
2580         case EXCP_ATOMIC:
2581             cpu_exec_step_atomic(cs);
2582             break;
2583         case RISCV_EXCP_U_ECALL:
2584             env->pc += 4;
2585             if (env->gpr[xA7] == TARGET_NR_arch_specific_syscall + 15) {
2586                 /* riscv_flush_icache_syscall is a no-op in QEMU as
2587                    self-modifying code is automatically detected */
2588                 ret = 0;
2589             } else {
2590                 ret = do_syscall(env,
2591                                  env->gpr[xA7],
2592                                  env->gpr[xA0],
2593                                  env->gpr[xA1],
2594                                  env->gpr[xA2],
2595                                  env->gpr[xA3],
2596                                  env->gpr[xA4],
2597                                  env->gpr[xA5],
2598                                  0, 0);
2599             }
2600             if (ret == -TARGET_ERESTARTSYS) {
2601                 env->pc -= 4;
2602             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2603                 env->gpr[xA0] = ret;
2604             }
2605             if (cs->singlestep_enabled) {
2606                 goto gdbstep;
2607             }
2608             break;
2609         case RISCV_EXCP_ILLEGAL_INST:
2610             signum = TARGET_SIGILL;
2611             sigcode = TARGET_ILL_ILLOPC;
2612             break;
2613         case RISCV_EXCP_BREAKPOINT:
2614             signum = TARGET_SIGTRAP;
2615             sigcode = TARGET_TRAP_BRKPT;
2616             sigaddr = env->pc;
2617             break;
2618         case RISCV_EXCP_INST_PAGE_FAULT:
2619         case RISCV_EXCP_LOAD_PAGE_FAULT:
2620         case RISCV_EXCP_STORE_PAGE_FAULT:
2621             signum = TARGET_SIGSEGV;
2622             sigcode = TARGET_SEGV_MAPERR;
2623             break;
2624         case EXCP_DEBUG:
2625         gdbstep:
2626             signum = gdb_handlesig(cs, TARGET_SIGTRAP);
2627             sigcode = TARGET_TRAP_BRKPT;
2628             break;
2629         default:
2630             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
2631                      trapnr);
2632             exit(EXIT_FAILURE);
2633         }
2634 
2635         if (signum) {
2636             target_siginfo_t info = {
2637                 .si_signo = signum,
2638                 .si_errno = 0,
2639                 .si_code = sigcode,
2640                 ._sifields._sigfault._addr = sigaddr
2641             };
2642             queue_signal(env, info.si_signo, QEMU_SI_KILL, &info);
2643         }
2644 
2645         process_pending_signals(env);
2646     }
2647 }
2648 
2649 #endif /* TARGET_RISCV */
2650 
2651 #ifdef TARGET_HPPA
2652 
2653 static abi_ulong hppa_lws(CPUHPPAState *env)
2654 {
2655     uint32_t which = env->gr[20];
2656     abi_ulong addr = env->gr[26];
2657     abi_ulong old = env->gr[25];
2658     abi_ulong new = env->gr[24];
2659     abi_ulong size, ret;
2660 
2661     switch (which) {
2662     default:
2663         return -TARGET_ENOSYS;
2664 
2665     case 0: /* elf32 atomic 32bit cmpxchg */
2666         if ((addr & 3) || !access_ok(VERIFY_WRITE, addr, 4)) {
2667             return -TARGET_EFAULT;
2668         }
2669         old = tswap32(old);
2670         new = tswap32(new);
2671         ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
2672         ret = tswap32(ret);
2673         break;
2674 
2675     case 2: /* elf32 atomic "new" cmpxchg */
2676         size = env->gr[23];
2677         if (size >= 4) {
2678             return -TARGET_ENOSYS;
2679         }
2680         if (((addr | old | new) & ((1 << size) - 1))
2681             || !access_ok(VERIFY_WRITE, addr, 1 << size)
2682             || !access_ok(VERIFY_READ, old, 1 << size)
2683             || !access_ok(VERIFY_READ, new, 1 << size)) {
2684             return -TARGET_EFAULT;
2685         }
2686         /* Note that below we use host-endian loads so that the cmpxchg
2687            can be host-endian as well.  */
2688         switch (size) {
2689         case 0:
2690             old = *(uint8_t *)g2h(old);
2691             new = *(uint8_t *)g2h(new);
2692             ret = atomic_cmpxchg((uint8_t *)g2h(addr), old, new);
2693             ret = ret != old;
2694             break;
2695         case 1:
2696             old = *(uint16_t *)g2h(old);
2697             new = *(uint16_t *)g2h(new);
2698             ret = atomic_cmpxchg((uint16_t *)g2h(addr), old, new);
2699             ret = ret != old;
2700             break;
2701         case 2:
2702             old = *(uint32_t *)g2h(old);
2703             new = *(uint32_t *)g2h(new);
2704             ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
2705             ret = ret != old;
2706             break;
2707         case 3:
2708             {
2709                 uint64_t o64, n64, r64;
2710                 o64 = *(uint64_t *)g2h(old);
2711                 n64 = *(uint64_t *)g2h(new);
2712 #ifdef CONFIG_ATOMIC64
2713                 r64 = atomic_cmpxchg__nocheck((uint64_t *)g2h(addr), o64, n64);
2714                 ret = r64 != o64;
2715 #else
2716                 start_exclusive();
2717                 r64 = *(uint64_t *)g2h(addr);
2718                 ret = 1;
2719                 if (r64 == o64) {
2720                     *(uint64_t *)g2h(addr) = n64;
2721                     ret = 0;
2722                 }
2723                 end_exclusive();
2724 #endif
2725             }
2726             break;
2727         }
2728         break;
2729     }
2730 
2731     env->gr[28] = ret;
2732     return 0;
2733 }
2734 
2735 void cpu_loop(CPUHPPAState *env)
2736 {
2737     CPUState *cs = CPU(hppa_env_get_cpu(env));
2738     target_siginfo_t info;
2739     abi_ulong ret;
2740     int trapnr;
2741 
2742     while (1) {
2743         cpu_exec_start(cs);
2744         trapnr = cpu_exec(cs);
2745         cpu_exec_end(cs);
2746         process_queued_cpu_work(cs);
2747 
2748         switch (trapnr) {
2749         case EXCP_SYSCALL:
2750             ret = do_syscall(env, env->gr[20],
2751                              env->gr[26], env->gr[25],
2752                              env->gr[24], env->gr[23],
2753                              env->gr[22], env->gr[21], 0, 0);
2754             switch (ret) {
2755             default:
2756                 env->gr[28] = ret;
2757                 /* We arrived here by faking the gateway page.  Return.  */
2758                 env->iaoq_f = env->gr[31];
2759                 env->iaoq_b = env->gr[31] + 4;
2760                 break;
2761             case -TARGET_ERESTARTSYS:
2762             case -TARGET_QEMU_ESIGRETURN:
2763                 break;
2764             }
2765             break;
2766         case EXCP_SYSCALL_LWS:
2767             env->gr[21] = hppa_lws(env);
2768             /* We arrived here by faking the gateway page.  Return.  */
2769             env->iaoq_f = env->gr[31];
2770             env->iaoq_b = env->gr[31] + 4;
2771             break;
2772         case EXCP_ITLB_MISS:
2773         case EXCP_DTLB_MISS:
2774         case EXCP_NA_ITLB_MISS:
2775         case EXCP_NA_DTLB_MISS:
2776         case EXCP_IMP:
2777         case EXCP_DMP:
2778         case EXCP_DMB:
2779         case EXCP_PAGE_REF:
2780         case EXCP_DMAR:
2781         case EXCP_DMPI:
2782             info.si_signo = TARGET_SIGSEGV;
2783             info.si_errno = 0;
2784             info.si_code = TARGET_SEGV_ACCERR;
2785             info._sifields._sigfault._addr = env->cr[CR_IOR];
2786             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2787             break;
2788         case EXCP_UNALIGN:
2789             info.si_signo = TARGET_SIGBUS;
2790             info.si_errno = 0;
2791             info.si_code = 0;
2792             info._sifields._sigfault._addr = env->cr[CR_IOR];
2793             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2794             break;
2795         case EXCP_ILL:
2796         case EXCP_PRIV_OPR:
2797         case EXCP_PRIV_REG:
2798             info.si_signo = TARGET_SIGILL;
2799             info.si_errno = 0;
2800             info.si_code = TARGET_ILL_ILLOPN;
2801             info._sifields._sigfault._addr = env->iaoq_f;
2802             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2803             break;
2804         case EXCP_OVERFLOW:
2805         case EXCP_COND:
2806         case EXCP_ASSIST:
2807             info.si_signo = TARGET_SIGFPE;
2808             info.si_errno = 0;
2809             info.si_code = 0;
2810             info._sifields._sigfault._addr = env->iaoq_f;
2811             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2812             break;
2813         case EXCP_DEBUG:
2814             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
2815             if (trapnr) {
2816                 info.si_signo = trapnr;
2817                 info.si_errno = 0;
2818                 info.si_code = TARGET_TRAP_BRKPT;
2819                 queue_signal(env, trapnr, QEMU_SI_FAULT, &info);
2820             }
2821             break;
2822         case EXCP_INTERRUPT:
2823             /* just indicate that signals should be handled asap */
2824             break;
2825         default:
2826             g_assert_not_reached();
2827         }
2828         process_pending_signals(env);
2829     }
2830 }
2831 
2832 #endif /* TARGET_HPPA */
2833 
2834 #ifdef TARGET_XTENSA
2835 
2836 static void xtensa_rfw(CPUXtensaState *env)
2837 {
2838     xtensa_restore_owb(env);
2839     env->pc = env->sregs[EPC1];
2840 }
2841 
2842 static void xtensa_rfwu(CPUXtensaState *env)
2843 {
2844     env->sregs[WINDOW_START] |= (1 << env->sregs[WINDOW_BASE]);
2845     xtensa_rfw(env);
2846 }
2847 
2848 static void xtensa_rfwo(CPUXtensaState *env)
2849 {
2850     env->sregs[WINDOW_START] &= ~(1 << env->sregs[WINDOW_BASE]);
2851     xtensa_rfw(env);
2852 }
2853 
2854 static void xtensa_overflow4(CPUXtensaState *env)
2855 {
2856     put_user_ual(env->regs[0], env->regs[5] - 16);
2857     put_user_ual(env->regs[1], env->regs[5] - 12);
2858     put_user_ual(env->regs[2], env->regs[5] -  8);
2859     put_user_ual(env->regs[3], env->regs[5] -  4);
2860     xtensa_rfwo(env);
2861 }
2862 
2863 static void xtensa_underflow4(CPUXtensaState *env)
2864 {
2865     get_user_ual(env->regs[0], env->regs[5] - 16);
2866     get_user_ual(env->regs[1], env->regs[5] - 12);
2867     get_user_ual(env->regs[2], env->regs[5] -  8);
2868     get_user_ual(env->regs[3], env->regs[5] -  4);
2869     xtensa_rfwu(env);
2870 }
2871 
2872 static void xtensa_overflow8(CPUXtensaState *env)
2873 {
2874     put_user_ual(env->regs[0], env->regs[9] - 16);
2875     get_user_ual(env->regs[0], env->regs[1] - 12);
2876     put_user_ual(env->regs[1], env->regs[9] - 12);
2877     put_user_ual(env->regs[2], env->regs[9] -  8);
2878     put_user_ual(env->regs[3], env->regs[9] -  4);
2879     put_user_ual(env->regs[4], env->regs[0] - 32);
2880     put_user_ual(env->regs[5], env->regs[0] - 28);
2881     put_user_ual(env->regs[6], env->regs[0] - 24);
2882     put_user_ual(env->regs[7], env->regs[0] - 20);
2883     xtensa_rfwo(env);
2884 }
2885 
2886 static void xtensa_underflow8(CPUXtensaState *env)
2887 {
2888     get_user_ual(env->regs[0], env->regs[9] - 16);
2889     get_user_ual(env->regs[1], env->regs[9] - 12);
2890     get_user_ual(env->regs[2], env->regs[9] -  8);
2891     get_user_ual(env->regs[7], env->regs[1] - 12);
2892     get_user_ual(env->regs[3], env->regs[9] -  4);
2893     get_user_ual(env->regs[4], env->regs[7] - 32);
2894     get_user_ual(env->regs[5], env->regs[7] - 28);
2895     get_user_ual(env->regs[6], env->regs[7] - 24);
2896     get_user_ual(env->regs[7], env->regs[7] - 20);
2897     xtensa_rfwu(env);
2898 }
2899 
2900 static void xtensa_overflow12(CPUXtensaState *env)
2901 {
2902     put_user_ual(env->regs[0],  env->regs[13] - 16);
2903     get_user_ual(env->regs[0],  env->regs[1]  - 12);
2904     put_user_ual(env->regs[1],  env->regs[13] - 12);
2905     put_user_ual(env->regs[2],  env->regs[13] -  8);
2906     put_user_ual(env->regs[3],  env->regs[13] -  4);
2907     put_user_ual(env->regs[4],  env->regs[0]  - 48);
2908     put_user_ual(env->regs[5],  env->regs[0]  - 44);
2909     put_user_ual(env->regs[6],  env->regs[0]  - 40);
2910     put_user_ual(env->regs[7],  env->regs[0]  - 36);
2911     put_user_ual(env->regs[8],  env->regs[0]  - 32);
2912     put_user_ual(env->regs[9],  env->regs[0]  - 28);
2913     put_user_ual(env->regs[10], env->regs[0]  - 24);
2914     put_user_ual(env->regs[11], env->regs[0]  - 20);
2915     xtensa_rfwo(env);
2916 }
2917 
2918 static void xtensa_underflow12(CPUXtensaState *env)
2919 {
2920     get_user_ual(env->regs[0],  env->regs[13] - 16);
2921     get_user_ual(env->regs[1],  env->regs[13] - 12);
2922     get_user_ual(env->regs[2],  env->regs[13] -  8);
2923     get_user_ual(env->regs[11], env->regs[1]  - 12);
2924     get_user_ual(env->regs[3],  env->regs[13] -  4);
2925     get_user_ual(env->regs[4],  env->regs[11] - 48);
2926     get_user_ual(env->regs[5],  env->regs[11] - 44);
2927     get_user_ual(env->regs[6],  env->regs[11] - 40);
2928     get_user_ual(env->regs[7],  env->regs[11] - 36);
2929     get_user_ual(env->regs[8],  env->regs[11] - 32);
2930     get_user_ual(env->regs[9],  env->regs[11] - 28);
2931     get_user_ual(env->regs[10], env->regs[11] - 24);
2932     get_user_ual(env->regs[11], env->regs[11] - 20);
2933     xtensa_rfwu(env);
2934 }
2935 
2936 void cpu_loop(CPUXtensaState *env)
2937 {
2938     CPUState *cs = CPU(xtensa_env_get_cpu(env));
2939     target_siginfo_t info;
2940     abi_ulong ret;
2941     int trapnr;
2942 
2943     while (1) {
2944         cpu_exec_start(cs);
2945         trapnr = cpu_exec(cs);
2946         cpu_exec_end(cs);
2947         process_queued_cpu_work(cs);
2948 
2949         env->sregs[PS] &= ~PS_EXCM;
2950         switch (trapnr) {
2951         case EXCP_INTERRUPT:
2952             break;
2953 
2954         case EXC_WINDOW_OVERFLOW4:
2955             xtensa_overflow4(env);
2956             break;
2957         case EXC_WINDOW_UNDERFLOW4:
2958             xtensa_underflow4(env);
2959             break;
2960         case EXC_WINDOW_OVERFLOW8:
2961             xtensa_overflow8(env);
2962             break;
2963         case EXC_WINDOW_UNDERFLOW8:
2964             xtensa_underflow8(env);
2965             break;
2966         case EXC_WINDOW_OVERFLOW12:
2967             xtensa_overflow12(env);
2968             break;
2969         case EXC_WINDOW_UNDERFLOW12:
2970             xtensa_underflow12(env);
2971             break;
2972 
2973         case EXC_USER:
2974             switch (env->sregs[EXCCAUSE]) {
2975             case ILLEGAL_INSTRUCTION_CAUSE:
2976             case PRIVILEGED_CAUSE:
2977                 info.si_signo = TARGET_SIGILL;
2978                 info.si_errno = 0;
2979                 info.si_code =
2980                     env->sregs[EXCCAUSE] == ILLEGAL_INSTRUCTION_CAUSE ?
2981                     TARGET_ILL_ILLOPC : TARGET_ILL_PRVOPC;
2982                 info._sifields._sigfault._addr = env->sregs[EPC1];
2983                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2984                 break;
2985 
2986             case SYSCALL_CAUSE:
2987                 env->pc += 3;
2988                 ret = do_syscall(env, env->regs[2],
2989                                  env->regs[6], env->regs[3],
2990                                  env->regs[4], env->regs[5],
2991                                  env->regs[8], env->regs[9], 0, 0);
2992                 switch (ret) {
2993                 default:
2994                     env->regs[2] = ret;
2995                     break;
2996 
2997                 case -TARGET_ERESTARTSYS:
2998                     env->pc -= 3;
2999                     break;
3000 
3001                 case -TARGET_QEMU_ESIGRETURN:
3002                     break;
3003                 }
3004                 break;
3005 
3006             case ALLOCA_CAUSE:
3007                 env->sregs[PS] = deposit32(env->sregs[PS],
3008                                            PS_OWB_SHIFT,
3009                                            PS_OWB_LEN,
3010                                            env->sregs[WINDOW_BASE]);
3011 
3012                 switch (env->regs[0] & 0xc0000000) {
3013                 case 0x00000000:
3014                 case 0x40000000:
3015                     xtensa_rotate_window(env, -1);
3016                     xtensa_underflow4(env);
3017                     break;
3018 
3019                 case 0x80000000:
3020                     xtensa_rotate_window(env, -2);
3021                     xtensa_underflow8(env);
3022                     break;
3023 
3024                 case 0xc0000000:
3025                     xtensa_rotate_window(env, -3);
3026                     xtensa_underflow12(env);
3027                     break;
3028                 }
3029                 break;
3030 
3031             case INTEGER_DIVIDE_BY_ZERO_CAUSE:
3032                 info.si_signo = TARGET_SIGFPE;
3033                 info.si_errno = 0;
3034                 info.si_code = TARGET_FPE_INTDIV;
3035                 info._sifields._sigfault._addr = env->sregs[EPC1];
3036                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3037                 break;
3038 
3039             case LOAD_PROHIBITED_CAUSE:
3040             case STORE_PROHIBITED_CAUSE:
3041                 info.si_signo = TARGET_SIGSEGV;
3042                 info.si_errno = 0;
3043                 info.si_code = TARGET_SEGV_ACCERR;
3044                 info._sifields._sigfault._addr = env->sregs[EXCVADDR];
3045                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3046                 break;
3047 
3048             default:
3049                 fprintf(stderr, "exccause = %d\n", env->sregs[EXCCAUSE]);
3050                 g_assert_not_reached();
3051             }
3052             break;
3053         case EXCP_DEBUG:
3054             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
3055             if (trapnr) {
3056                 info.si_signo = trapnr;
3057                 info.si_errno = 0;
3058                 info.si_code = TARGET_TRAP_BRKPT;
3059                 queue_signal(env, trapnr, QEMU_SI_FAULT, &info);
3060             }
3061             break;
3062         case EXC_DEBUG:
3063         default:
3064             fprintf(stderr, "trapnr = %d\n", trapnr);
3065             g_assert_not_reached();
3066         }
3067         process_pending_signals(env);
3068     }
3069 }
3070 
3071 #endif /* TARGET_XTENSA */
3072 
3073 __thread CPUState *thread_cpu;
3074 
3075 bool qemu_cpu_is_self(CPUState *cpu)
3076 {
3077     return thread_cpu == cpu;
3078 }
3079 
3080 void qemu_cpu_kick(CPUState *cpu)
3081 {
3082     cpu_exit(cpu);
3083 }
3084 
3085 void task_settid(TaskState *ts)
3086 {
3087     if (ts->ts_tid == 0) {
3088         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3089     }
3090 }
3091 
3092 void stop_all_tasks(void)
3093 {
3094     /*
3095      * We trust that when using NPTL, start_exclusive()
3096      * handles thread stopping correctly.
3097      */
3098     start_exclusive();
3099 }
3100 
3101 /* Assumes contents are already zeroed.  */
3102 void init_task_state(TaskState *ts)
3103 {
3104     ts->used = 1;
3105 }
3106 
3107 CPUArchState *cpu_copy(CPUArchState *env)
3108 {
3109     CPUState *cpu = ENV_GET_CPU(env);
3110     CPUState *new_cpu = cpu_create(cpu_type);
3111     CPUArchState *new_env = new_cpu->env_ptr;
3112     CPUBreakpoint *bp;
3113     CPUWatchpoint *wp;
3114 
3115     /* Reset non arch specific state */
3116     cpu_reset(new_cpu);
3117 
3118     memcpy(new_env, env, sizeof(CPUArchState));
3119 
3120     /* Clone all break/watchpoints.
3121        Note: Once we support ptrace with hw-debug register access, make sure
3122        BP_CPU break/watchpoints are handled correctly on clone. */
3123     QTAILQ_INIT(&new_cpu->breakpoints);
3124     QTAILQ_INIT(&new_cpu->watchpoints);
3125     QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
3126         cpu_breakpoint_insert(new_cpu, bp->pc, bp->flags, NULL);
3127     }
3128     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
3129         cpu_watchpoint_insert(new_cpu, wp->vaddr, wp->len, wp->flags, NULL);
3130     }
3131 
3132     return new_env;
3133 }
3134 
3135 static void handle_arg_help(const char *arg)
3136 {
3137     usage(EXIT_SUCCESS);
3138 }
3139 
3140 static void handle_arg_log(const char *arg)
3141 {
3142     int mask;
3143 
3144     mask = qemu_str_to_log_mask(arg);
3145     if (!mask) {
3146         qemu_print_log_usage(stdout);
3147         exit(EXIT_FAILURE);
3148     }
3149     qemu_log_needs_buffers();
3150     qemu_set_log(mask);
3151 }
3152 
3153 static void handle_arg_dfilter(const char *arg)
3154 {
3155     qemu_set_dfilter_ranges(arg, NULL);
3156 }
3157 
3158 static void handle_arg_log_filename(const char *arg)
3159 {
3160     qemu_set_log_filename(arg, &error_fatal);
3161 }
3162 
3163 static void handle_arg_set_env(const char *arg)
3164 {
3165     char *r, *p, *token;
3166     r = p = strdup(arg);
3167     while ((token = strsep(&p, ",")) != NULL) {
3168         if (envlist_setenv(envlist, token) != 0) {
3169             usage(EXIT_FAILURE);
3170         }
3171     }
3172     free(r);
3173 }
3174 
3175 static void handle_arg_unset_env(const char *arg)
3176 {
3177     char *r, *p, *token;
3178     r = p = strdup(arg);
3179     while ((token = strsep(&p, ",")) != NULL) {
3180         if (envlist_unsetenv(envlist, token) != 0) {
3181             usage(EXIT_FAILURE);
3182         }
3183     }
3184     free(r);
3185 }
3186 
3187 static void handle_arg_argv0(const char *arg)
3188 {
3189     argv0 = strdup(arg);
3190 }
3191 
3192 static void handle_arg_stack_size(const char *arg)
3193 {
3194     char *p;
3195     guest_stack_size = strtoul(arg, &p, 0);
3196     if (guest_stack_size == 0) {
3197         usage(EXIT_FAILURE);
3198     }
3199 
3200     if (*p == 'M') {
3201         guest_stack_size *= 1024 * 1024;
3202     } else if (*p == 'k' || *p == 'K') {
3203         guest_stack_size *= 1024;
3204     }
3205 }
3206 
3207 static void handle_arg_ld_prefix(const char *arg)
3208 {
3209     interp_prefix = strdup(arg);
3210 }
3211 
3212 static void handle_arg_pagesize(const char *arg)
3213 {
3214     qemu_host_page_size = atoi(arg);
3215     if (qemu_host_page_size == 0 ||
3216         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
3217         fprintf(stderr, "page size must be a power of two\n");
3218         exit(EXIT_FAILURE);
3219     }
3220 }
3221 
3222 static void handle_arg_randseed(const char *arg)
3223 {
3224     unsigned long long seed;
3225 
3226     if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
3227         fprintf(stderr, "Invalid seed number: %s\n", arg);
3228         exit(EXIT_FAILURE);
3229     }
3230     srand(seed);
3231 }
3232 
3233 static void handle_arg_gdb(const char *arg)
3234 {
3235     gdbstub_port = atoi(arg);
3236 }
3237 
3238 static void handle_arg_uname(const char *arg)
3239 {
3240     qemu_uname_release = strdup(arg);
3241 }
3242 
3243 static void handle_arg_cpu(const char *arg)
3244 {
3245     cpu_model = strdup(arg);
3246     if (cpu_model == NULL || is_help_option(cpu_model)) {
3247         /* XXX: implement xxx_cpu_list for targets that still miss it */
3248 #if defined(cpu_list)
3249         cpu_list(stdout, &fprintf);
3250 #endif
3251         exit(EXIT_FAILURE);
3252     }
3253 }
3254 
3255 static void handle_arg_guest_base(const char *arg)
3256 {
3257     guest_base = strtol(arg, NULL, 0);
3258     have_guest_base = 1;
3259 }
3260 
3261 static void handle_arg_reserved_va(const char *arg)
3262 {
3263     char *p;
3264     int shift = 0;
3265     reserved_va = strtoul(arg, &p, 0);
3266     switch (*p) {
3267     case 'k':
3268     case 'K':
3269         shift = 10;
3270         break;
3271     case 'M':
3272         shift = 20;
3273         break;
3274     case 'G':
3275         shift = 30;
3276         break;
3277     }
3278     if (shift) {
3279         unsigned long unshifted = reserved_va;
3280         p++;
3281         reserved_va <<= shift;
3282         if (reserved_va >> shift != unshifted
3283             || (MAX_RESERVED_VA && reserved_va > MAX_RESERVED_VA)) {
3284             fprintf(stderr, "Reserved virtual address too big\n");
3285             exit(EXIT_FAILURE);
3286         }
3287     }
3288     if (*p) {
3289         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
3290         exit(EXIT_FAILURE);
3291     }
3292 }
3293 
3294 static void handle_arg_singlestep(const char *arg)
3295 {
3296     singlestep = 1;
3297 }
3298 
3299 static void handle_arg_strace(const char *arg)
3300 {
3301     do_strace = 1;
3302 }
3303 
3304 static void handle_arg_version(const char *arg)
3305 {
3306     printf("qemu-" TARGET_NAME " version " QEMU_FULL_VERSION
3307            "\n" QEMU_COPYRIGHT "\n");
3308     exit(EXIT_SUCCESS);
3309 }
3310 
3311 static char *trace_file;
3312 static void handle_arg_trace(const char *arg)
3313 {
3314     g_free(trace_file);
3315     trace_file = trace_opt_parse(arg);
3316 }
3317 
3318 struct qemu_argument {
3319     const char *argv;
3320     const char *env;
3321     bool has_arg;
3322     void (*handle_opt)(const char *arg);
3323     const char *example;
3324     const char *help;
3325 };
3326 
3327 static const struct qemu_argument arg_table[] = {
3328     {"h",          "",                 false, handle_arg_help,
3329      "",           "print this help"},
3330     {"help",       "",                 false, handle_arg_help,
3331      "",           ""},
3332     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
3333      "port",       "wait gdb connection to 'port'"},
3334     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
3335      "path",       "set the elf interpreter prefix to 'path'"},
3336     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
3337      "size",       "set the stack size to 'size' bytes"},
3338     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
3339      "model",      "select CPU (-cpu help for list)"},
3340     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
3341      "var=value",  "sets targets environment variable (see below)"},
3342     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
3343      "var",        "unsets targets environment variable (see below)"},
3344     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
3345      "argv0",      "forces target process argv[0] to be 'argv0'"},
3346     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
3347      "uname",      "set qemu uname release string to 'uname'"},
3348     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
3349      "address",    "set guest_base address to 'address'"},
3350     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
3351      "size",       "reserve 'size' bytes for guest virtual address space"},
3352     {"d",          "QEMU_LOG",         true,  handle_arg_log,
3353      "item[,...]", "enable logging of specified items "
3354      "(use '-d help' for a list of items)"},
3355     {"dfilter",    "QEMU_DFILTER",     true,  handle_arg_dfilter,
3356      "range[,...]","filter logging based on address range"},
3357     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
3358      "logfile",     "write logs to 'logfile' (default stderr)"},
3359     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
3360      "pagesize",   "set the host page size to 'pagesize'"},
3361     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
3362      "",           "run in singlestep mode"},
3363     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
3364      "",           "log system calls"},
3365     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
3366      "",           "Seed for pseudo-random number generator"},
3367     {"trace",      "QEMU_TRACE",       true,  handle_arg_trace,
3368      "",           "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
3369     {"version",    "QEMU_VERSION",     false, handle_arg_version,
3370      "",           "display version information and exit"},
3371     {NULL, NULL, false, NULL, NULL, NULL}
3372 };
3373 
3374 static void usage(int exitcode)
3375 {
3376     const struct qemu_argument *arginfo;
3377     int maxarglen;
3378     int maxenvlen;
3379 
3380     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
3381            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
3382            "\n"
3383            "Options and associated environment variables:\n"
3384            "\n");
3385 
3386     /* Calculate column widths. We must always have at least enough space
3387      * for the column header.
3388      */
3389     maxarglen = strlen("Argument");
3390     maxenvlen = strlen("Env-variable");
3391 
3392     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3393         int arglen = strlen(arginfo->argv);
3394         if (arginfo->has_arg) {
3395             arglen += strlen(arginfo->example) + 1;
3396         }
3397         if (strlen(arginfo->env) > maxenvlen) {
3398             maxenvlen = strlen(arginfo->env);
3399         }
3400         if (arglen > maxarglen) {
3401             maxarglen = arglen;
3402         }
3403     }
3404 
3405     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
3406             maxenvlen, "Env-variable");
3407 
3408     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3409         if (arginfo->has_arg) {
3410             printf("-%s %-*s %-*s %s\n", arginfo->argv,
3411                    (int)(maxarglen - strlen(arginfo->argv) - 1),
3412                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
3413         } else {
3414             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
3415                     maxenvlen, arginfo->env,
3416                     arginfo->help);
3417         }
3418     }
3419 
3420     printf("\n"
3421            "Defaults:\n"
3422            "QEMU_LD_PREFIX  = %s\n"
3423            "QEMU_STACK_SIZE = %ld byte\n",
3424            interp_prefix,
3425            guest_stack_size);
3426 
3427     printf("\n"
3428            "You can use -E and -U options or the QEMU_SET_ENV and\n"
3429            "QEMU_UNSET_ENV environment variables to set and unset\n"
3430            "environment variables for the target process.\n"
3431            "It is possible to provide several variables by separating them\n"
3432            "by commas in getsubopt(3) style. Additionally it is possible to\n"
3433            "provide the -E and -U options multiple times.\n"
3434            "The following lines are equivalent:\n"
3435            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
3436            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
3437            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
3438            "Note that if you provide several changes to a single variable\n"
3439            "the last change will stay in effect.\n"
3440            "\n"
3441            QEMU_HELP_BOTTOM "\n");
3442 
3443     exit(exitcode);
3444 }
3445 
3446 static int parse_args(int argc, char **argv)
3447 {
3448     const char *r;
3449     int optind;
3450     const struct qemu_argument *arginfo;
3451 
3452     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3453         if (arginfo->env == NULL) {
3454             continue;
3455         }
3456 
3457         r = getenv(arginfo->env);
3458         if (r != NULL) {
3459             arginfo->handle_opt(r);
3460         }
3461     }
3462 
3463     optind = 1;
3464     for (;;) {
3465         if (optind >= argc) {
3466             break;
3467         }
3468         r = argv[optind];
3469         if (r[0] != '-') {
3470             break;
3471         }
3472         optind++;
3473         r++;
3474         if (!strcmp(r, "-")) {
3475             break;
3476         }
3477         /* Treat --foo the same as -foo.  */
3478         if (r[0] == '-') {
3479             r++;
3480         }
3481 
3482         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
3483             if (!strcmp(r, arginfo->argv)) {
3484                 if (arginfo->has_arg) {
3485                     if (optind >= argc) {
3486                         (void) fprintf(stderr,
3487                             "qemu: missing argument for option '%s'\n", r);
3488                         exit(EXIT_FAILURE);
3489                     }
3490                     arginfo->handle_opt(argv[optind]);
3491                     optind++;
3492                 } else {
3493                     arginfo->handle_opt(NULL);
3494                 }
3495                 break;
3496             }
3497         }
3498 
3499         /* no option matched the current argv */
3500         if (arginfo->handle_opt == NULL) {
3501             (void) fprintf(stderr, "qemu: unknown option '%s'\n", r);
3502             exit(EXIT_FAILURE);
3503         }
3504     }
3505 
3506     if (optind >= argc) {
3507         (void) fprintf(stderr, "qemu: no user program specified\n");
3508         exit(EXIT_FAILURE);
3509     }
3510 
3511     filename = argv[optind];
3512     exec_path = argv[optind];
3513 
3514     return optind;
3515 }
3516 
3517 int main(int argc, char **argv, char **envp)
3518 {
3519     struct target_pt_regs regs1, *regs = &regs1;
3520     struct image_info info1, *info = &info1;
3521     struct linux_binprm bprm;
3522     TaskState *ts;
3523     CPUArchState *env;
3524     CPUState *cpu;
3525     int optind;
3526     char **target_environ, **wrk;
3527     char **target_argv;
3528     int target_argc;
3529     int i;
3530     int ret;
3531     int execfd;
3532 
3533     module_call_init(MODULE_INIT_TRACE);
3534     qemu_init_cpu_list();
3535     module_call_init(MODULE_INIT_QOM);
3536 
3537     envlist = envlist_create();
3538 
3539     /* add current environment into the list */
3540     for (wrk = environ; *wrk != NULL; wrk++) {
3541         (void) envlist_setenv(envlist, *wrk);
3542     }
3543 
3544     /* Read the stack limit from the kernel.  If it's "unlimited",
3545        then we can do little else besides use the default.  */
3546     {
3547         struct rlimit lim;
3548         if (getrlimit(RLIMIT_STACK, &lim) == 0
3549             && lim.rlim_cur != RLIM_INFINITY
3550             && lim.rlim_cur == (target_long)lim.rlim_cur) {
3551             guest_stack_size = lim.rlim_cur;
3552         }
3553     }
3554 
3555     cpu_model = NULL;
3556 
3557     srand(time(NULL));
3558 
3559     qemu_add_opts(&qemu_trace_opts);
3560 
3561     optind = parse_args(argc, argv);
3562 
3563     if (!trace_init_backends()) {
3564         exit(1);
3565     }
3566     trace_init_file(trace_file);
3567 
3568     /* Zero out regs */
3569     memset(regs, 0, sizeof(struct target_pt_regs));
3570 
3571     /* Zero out image_info */
3572     memset(info, 0, sizeof(struct image_info));
3573 
3574     memset(&bprm, 0, sizeof (bprm));
3575 
3576     /* Scan interp_prefix dir for replacement files. */
3577     init_paths(interp_prefix);
3578 
3579     init_qemu_uname_release();
3580 
3581     execfd = qemu_getauxval(AT_EXECFD);
3582     if (execfd == 0) {
3583         execfd = open(filename, O_RDONLY);
3584         if (execfd < 0) {
3585             printf("Error while loading %s: %s\n", filename, strerror(errno));
3586             _exit(EXIT_FAILURE);
3587         }
3588     }
3589 
3590     if (cpu_model == NULL) {
3591         cpu_model = cpu_get_model(get_elf_eflags(execfd));
3592     }
3593     cpu_type = parse_cpu_model(cpu_model);
3594 
3595     tcg_exec_init(0);
3596     /* NOTE: we need to init the CPU at this stage to get
3597        qemu_host_page_size */
3598 
3599     cpu = cpu_create(cpu_type);
3600     env = cpu->env_ptr;
3601     cpu_reset(cpu);
3602 
3603     thread_cpu = cpu;
3604 
3605     if (getenv("QEMU_STRACE")) {
3606         do_strace = 1;
3607     }
3608 
3609     if (getenv("QEMU_RAND_SEED")) {
3610         handle_arg_randseed(getenv("QEMU_RAND_SEED"));
3611     }
3612 
3613     target_environ = envlist_to_environ(envlist, NULL);
3614     envlist_free(envlist);
3615 
3616     /*
3617      * Now that page sizes are configured in cpu_init() we can do
3618      * proper page alignment for guest_base.
3619      */
3620     guest_base = HOST_PAGE_ALIGN(guest_base);
3621 
3622     if (reserved_va || have_guest_base) {
3623         guest_base = init_guest_space(guest_base, reserved_va, 0,
3624                                       have_guest_base);
3625         if (guest_base == (unsigned long)-1) {
3626             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
3627                     "space for use as guest address space (check your virtual "
3628                     "memory ulimit setting or reserve less using -R option)\n",
3629                     reserved_va);
3630             exit(EXIT_FAILURE);
3631         }
3632 
3633         if (reserved_va) {
3634             mmap_next_start = reserved_va;
3635         }
3636     }
3637 
3638     /*
3639      * Read in mmap_min_addr kernel parameter.  This value is used
3640      * When loading the ELF image to determine whether guest_base
3641      * is needed.  It is also used in mmap_find_vma.
3642      */
3643     {
3644         FILE *fp;
3645 
3646         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
3647             unsigned long tmp;
3648             if (fscanf(fp, "%lu", &tmp) == 1) {
3649                 mmap_min_addr = tmp;
3650                 qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", mmap_min_addr);
3651             }
3652             fclose(fp);
3653         }
3654     }
3655 
3656     /*
3657      * Prepare copy of argv vector for target.
3658      */
3659     target_argc = argc - optind;
3660     target_argv = calloc(target_argc + 1, sizeof (char *));
3661     if (target_argv == NULL) {
3662 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
3663 	exit(EXIT_FAILURE);
3664     }
3665 
3666     /*
3667      * If argv0 is specified (using '-0' switch) we replace
3668      * argv[0] pointer with the given one.
3669      */
3670     i = 0;
3671     if (argv0 != NULL) {
3672         target_argv[i++] = strdup(argv0);
3673     }
3674     for (; i < target_argc; i++) {
3675         target_argv[i] = strdup(argv[optind + i]);
3676     }
3677     target_argv[target_argc] = NULL;
3678 
3679     ts = g_new0(TaskState, 1);
3680     init_task_state(ts);
3681     /* build Task State */
3682     ts->info = info;
3683     ts->bprm = &bprm;
3684     cpu->opaque = ts;
3685     task_settid(ts);
3686 
3687     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
3688         info, &bprm);
3689     if (ret != 0) {
3690         printf("Error while loading %s: %s\n", filename, strerror(-ret));
3691         _exit(EXIT_FAILURE);
3692     }
3693 
3694     for (wrk = target_environ; *wrk; wrk++) {
3695         g_free(*wrk);
3696     }
3697 
3698     g_free(target_environ);
3699 
3700     if (qemu_loglevel_mask(CPU_LOG_PAGE)) {
3701         qemu_log("guest_base  0x%lx\n", guest_base);
3702         log_page_dump();
3703 
3704         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
3705         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
3706         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n", info->start_code);
3707         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n", info->start_data);
3708         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
3709         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n", info->start_stack);
3710         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
3711         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
3712         qemu_log("argv_start  0x" TARGET_ABI_FMT_lx "\n", info->arg_start);
3713         qemu_log("env_start   0x" TARGET_ABI_FMT_lx "\n",
3714                  info->arg_end + (abi_ulong)sizeof(abi_ulong));
3715         qemu_log("auxv_start  0x" TARGET_ABI_FMT_lx "\n", info->saved_auxv);
3716     }
3717 
3718     target_set_brk(info->brk);
3719     syscall_init();
3720     signal_init();
3721 
3722     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
3723        generating the prologue until now so that the prologue can take
3724        the real value of GUEST_BASE into account.  */
3725     tcg_prologue_init(tcg_ctx);
3726     tcg_region_init();
3727 
3728     target_cpu_copy_regs(env, regs);
3729 
3730 #if defined(TARGET_PPC)
3731     {
3732         int i;
3733 
3734 #if defined(TARGET_PPC64)
3735         int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
3736 #if defined(TARGET_ABI32)
3737         env->msr &= ~((target_ulong)1 << flag);
3738 #else
3739         env->msr |= (target_ulong)1 << flag;
3740 #endif
3741 #endif
3742         env->nip = regs->nip;
3743         for(i = 0; i < 32; i++) {
3744             env->gpr[i] = regs->gpr[i];
3745         }
3746     }
3747 #elif defined(TARGET_M68K)
3748     {
3749         env->pc = regs->pc;
3750         env->dregs[0] = regs->d0;
3751         env->dregs[1] = regs->d1;
3752         env->dregs[2] = regs->d2;
3753         env->dregs[3] = regs->d3;
3754         env->dregs[4] = regs->d4;
3755         env->dregs[5] = regs->d5;
3756         env->dregs[6] = regs->d6;
3757         env->dregs[7] = regs->d7;
3758         env->aregs[0] = regs->a0;
3759         env->aregs[1] = regs->a1;
3760         env->aregs[2] = regs->a2;
3761         env->aregs[3] = regs->a3;
3762         env->aregs[4] = regs->a4;
3763         env->aregs[5] = regs->a5;
3764         env->aregs[6] = regs->a6;
3765         env->aregs[7] = regs->usp;
3766         env->sr = regs->sr;
3767         ts->sim_syscalls = 1;
3768     }
3769 #elif defined(TARGET_MICROBLAZE)
3770     {
3771         env->regs[0] = regs->r0;
3772         env->regs[1] = regs->r1;
3773         env->regs[2] = regs->r2;
3774         env->regs[3] = regs->r3;
3775         env->regs[4] = regs->r4;
3776         env->regs[5] = regs->r5;
3777         env->regs[6] = regs->r6;
3778         env->regs[7] = regs->r7;
3779         env->regs[8] = regs->r8;
3780         env->regs[9] = regs->r9;
3781         env->regs[10] = regs->r10;
3782         env->regs[11] = regs->r11;
3783         env->regs[12] = regs->r12;
3784         env->regs[13] = regs->r13;
3785         env->regs[14] = regs->r14;
3786         env->regs[15] = regs->r15;
3787         env->regs[16] = regs->r16;
3788         env->regs[17] = regs->r17;
3789         env->regs[18] = regs->r18;
3790         env->regs[19] = regs->r19;
3791         env->regs[20] = regs->r20;
3792         env->regs[21] = regs->r21;
3793         env->regs[22] = regs->r22;
3794         env->regs[23] = regs->r23;
3795         env->regs[24] = regs->r24;
3796         env->regs[25] = regs->r25;
3797         env->regs[26] = regs->r26;
3798         env->regs[27] = regs->r27;
3799         env->regs[28] = regs->r28;
3800         env->regs[29] = regs->r29;
3801         env->regs[30] = regs->r30;
3802         env->regs[31] = regs->r31;
3803         env->sregs[SR_PC] = regs->pc;
3804     }
3805 #elif defined(TARGET_MIPS)
3806     {
3807         int i;
3808 
3809         for(i = 0; i < 32; i++) {
3810             env->active_tc.gpr[i] = regs->regs[i];
3811         }
3812         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
3813         if (regs->cp0_epc & 1) {
3814             env->hflags |= MIPS_HFLAG_M16;
3815         }
3816         if (((info->elf_flags & EF_MIPS_NAN2008) != 0) !=
3817             ((env->active_fpu.fcr31 & (1 << FCR31_NAN2008)) != 0)) {
3818             if ((env->active_fpu.fcr31_rw_bitmask &
3819                   (1 << FCR31_NAN2008)) == 0) {
3820                 fprintf(stderr, "ELF binary's NaN mode not supported by CPU\n");
3821                 exit(1);
3822             }
3823             if ((info->elf_flags & EF_MIPS_NAN2008) != 0) {
3824                 env->active_fpu.fcr31 |= (1 << FCR31_NAN2008);
3825             } else {
3826                 env->active_fpu.fcr31 &= ~(1 << FCR31_NAN2008);
3827             }
3828             restore_snan_bit_mode(env);
3829         }
3830     }
3831 #elif defined(TARGET_NIOS2)
3832     {
3833         env->regs[0] = 0;
3834         env->regs[1] = regs->r1;
3835         env->regs[2] = regs->r2;
3836         env->regs[3] = regs->r3;
3837         env->regs[4] = regs->r4;
3838         env->regs[5] = regs->r5;
3839         env->regs[6] = regs->r6;
3840         env->regs[7] = regs->r7;
3841         env->regs[8] = regs->r8;
3842         env->regs[9] = regs->r9;
3843         env->regs[10] = regs->r10;
3844         env->regs[11] = regs->r11;
3845         env->regs[12] = regs->r12;
3846         env->regs[13] = regs->r13;
3847         env->regs[14] = regs->r14;
3848         env->regs[15] = regs->r15;
3849         /* TODO: unsigned long  orig_r2; */
3850         env->regs[R_RA] = regs->ra;
3851         env->regs[R_FP] = regs->fp;
3852         env->regs[R_SP] = regs->sp;
3853         env->regs[R_GP] = regs->gp;
3854         env->regs[CR_ESTATUS] = regs->estatus;
3855         env->regs[R_EA] = regs->ea;
3856         /* TODO: unsigned long  orig_r7; */
3857 
3858         /* Emulate eret when starting thread. */
3859         env->regs[R_PC] = regs->ea;
3860     }
3861 #elif defined(TARGET_OPENRISC)
3862     {
3863         int i;
3864 
3865         for (i = 0; i < 32; i++) {
3866             cpu_set_gpr(env, i, regs->gpr[i]);
3867         }
3868         env->pc = regs->pc;
3869         cpu_set_sr(env, regs->sr);
3870     }
3871 #elif defined(TARGET_RISCV)
3872     {
3873         env->pc = regs->sepc;
3874         env->gpr[xSP] = regs->sp;
3875     }
3876 #elif defined(TARGET_SH4)
3877     {
3878         int i;
3879 
3880         for(i = 0; i < 16; i++) {
3881             env->gregs[i] = regs->regs[i];
3882         }
3883         env->pc = regs->pc;
3884     }
3885 #elif defined(TARGET_ALPHA)
3886     {
3887         int i;
3888 
3889         for(i = 0; i < 28; i++) {
3890             env->ir[i] = ((abi_ulong *)regs)[i];
3891         }
3892         env->ir[IR_SP] = regs->usp;
3893         env->pc = regs->pc;
3894     }
3895 #elif defined(TARGET_CRIS)
3896     {
3897 	    env->regs[0] = regs->r0;
3898 	    env->regs[1] = regs->r1;
3899 	    env->regs[2] = regs->r2;
3900 	    env->regs[3] = regs->r3;
3901 	    env->regs[4] = regs->r4;
3902 	    env->regs[5] = regs->r5;
3903 	    env->regs[6] = regs->r6;
3904 	    env->regs[7] = regs->r7;
3905 	    env->regs[8] = regs->r8;
3906 	    env->regs[9] = regs->r9;
3907 	    env->regs[10] = regs->r10;
3908 	    env->regs[11] = regs->r11;
3909 	    env->regs[12] = regs->r12;
3910 	    env->regs[13] = regs->r13;
3911 	    env->regs[14] = info->start_stack;
3912 	    env->regs[15] = regs->acr;
3913 	    env->pc = regs->erp;
3914     }
3915 #elif defined(TARGET_S390X)
3916     {
3917             int i;
3918             for (i = 0; i < 16; i++) {
3919                 env->regs[i] = regs->gprs[i];
3920             }
3921             env->psw.mask = regs->psw.mask;
3922             env->psw.addr = regs->psw.addr;
3923     }
3924 #elif defined(TARGET_TILEGX)
3925     {
3926         int i;
3927         for (i = 0; i < TILEGX_R_COUNT; i++) {
3928             env->regs[i] = regs->regs[i];
3929         }
3930         for (i = 0; i < TILEGX_SPR_COUNT; i++) {
3931             env->spregs[i] = 0;
3932         }
3933         env->pc = regs->pc;
3934     }
3935 #elif defined(TARGET_HPPA)
3936     {
3937         int i;
3938         for (i = 1; i < 32; i++) {
3939             env->gr[i] = regs->gr[i];
3940         }
3941         env->iaoq_f = regs->iaoq[0];
3942         env->iaoq_b = regs->iaoq[1];
3943     }
3944 #elif defined(TARGET_XTENSA)
3945     {
3946         int i;
3947         for (i = 0; i < 16; ++i) {
3948             env->regs[i] = regs->areg[i];
3949         }
3950         env->sregs[WINDOW_START] = regs->windowstart;
3951         env->pc = regs->pc;
3952     }
3953 #endif
3954 
3955 #if defined(TARGET_M68K)
3956     ts->stack_base = info->start_stack;
3957     ts->heap_base = info->brk;
3958     /* This will be filled in on the first SYS_HEAPINFO call.  */
3959     ts->heap_limit = 0;
3960 #endif
3961 
3962     if (gdbstub_port) {
3963         if (gdbserver_start(gdbstub_port) < 0) {
3964             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
3965                     gdbstub_port);
3966             exit(EXIT_FAILURE);
3967         }
3968         gdb_handlesig(cpu, 0);
3969     }
3970     cpu_loop(env);
3971     /* never exits */
3972     return 0;
3973 }
3974