xref: /openbmc/qemu/linux-user/main.c (revision f764718d)
1 /*
2  *  qemu user main
3  *
4  *  Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "qemu-version.h"
21 #include <sys/syscall.h>
22 #include <sys/resource.h>
23 
24 #include "qapi/error.h"
25 #include "qemu.h"
26 #include "qemu/path.h"
27 #include "qemu/config-file.h"
28 #include "qemu/cutils.h"
29 #include "qemu/help_option.h"
30 #include "cpu.h"
31 #include "exec/exec-all.h"
32 #include "tcg.h"
33 #include "qemu/timer.h"
34 #include "qemu/envlist.h"
35 #include "elf.h"
36 #include "exec/log.h"
37 #include "trace/control.h"
38 
39 char *exec_path;
40 
41 int singlestep;
42 static const char *filename;
43 static const char *argv0;
44 static int gdbstub_port;
45 static envlist_t *envlist;
46 static const char *cpu_model;
47 unsigned long mmap_min_addr;
48 unsigned long guest_base;
49 int have_guest_base;
50 
51 #define EXCP_DUMP(env, fmt, ...)                                        \
52 do {                                                                    \
53     CPUState *cs = ENV_GET_CPU(env);                                    \
54     fprintf(stderr, fmt , ## __VA_ARGS__);                              \
55     cpu_dump_state(cs, stderr, fprintf, 0);                             \
56     if (qemu_log_separate()) {                                          \
57         qemu_log(fmt, ## __VA_ARGS__);                                  \
58         log_cpu_state(cs, 0);                                           \
59     }                                                                   \
60 } while (0)
61 
62 /*
63  * When running 32-on-64 we should make sure we can fit all of the possible
64  * guest address space into a contiguous chunk of virtual host memory.
65  *
66  * This way we will never overlap with our own libraries or binaries or stack
67  * or anything else that QEMU maps.
68  *
69  * Many cpus reserve the high bit (or more than one for some 64-bit cpus)
70  * of the address for the kernel.  Some cpus rely on this and user space
71  * uses the high bit(s) for pointer tagging and the like.  For them, we
72  * must preserve the expected address space.
73  */
74 #ifndef MAX_RESERVED_VA
75 # if HOST_LONG_BITS > TARGET_VIRT_ADDR_SPACE_BITS
76 #  if TARGET_VIRT_ADDR_SPACE_BITS == 32 && \
77       (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
78 /* There are a number of places where we assign reserved_va to a variable
79    of type abi_ulong and expect it to fit.  Avoid the last page.  */
80 #   define MAX_RESERVED_VA  (0xfffffffful & TARGET_PAGE_MASK)
81 #  else
82 #   define MAX_RESERVED_VA  (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
83 #  endif
84 # else
85 #  define MAX_RESERVED_VA  0
86 # endif
87 #endif
88 
89 /* That said, reserving *too* much vm space via mmap can run into problems
90    with rlimits, oom due to page table creation, etc.  We will still try it,
91    if directed by the command-line option, but not by default.  */
92 #if HOST_LONG_BITS == 64 && TARGET_VIRT_ADDR_SPACE_BITS <= 32
93 unsigned long reserved_va = MAX_RESERVED_VA;
94 #else
95 unsigned long reserved_va;
96 #endif
97 
98 static void usage(int exitcode);
99 
100 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
101 const char *qemu_uname_release;
102 
103 /* XXX: on x86 MAP_GROWSDOWN only works if ESP <= address + 32, so
104    we allocate a bigger stack. Need a better solution, for example
105    by remapping the process stack directly at the right place */
106 unsigned long guest_stack_size = 8 * 1024 * 1024UL;
107 
108 void gemu_log(const char *fmt, ...)
109 {
110     va_list ap;
111 
112     va_start(ap, fmt);
113     vfprintf(stderr, fmt, ap);
114     va_end(ap);
115 }
116 
117 #if defined(TARGET_I386)
118 int cpu_get_pic_interrupt(CPUX86State *env)
119 {
120     return -1;
121 }
122 #endif
123 
124 /***********************************************************/
125 /* Helper routines for implementing atomic operations.  */
126 
127 /* Make sure everything is in a consistent state for calling fork().  */
128 void fork_start(void)
129 {
130     cpu_list_lock();
131     qemu_mutex_lock(&tb_ctx.tb_lock);
132     mmap_fork_start();
133 }
134 
135 void fork_end(int child)
136 {
137     mmap_fork_end(child);
138     if (child) {
139         CPUState *cpu, *next_cpu;
140         /* Child processes created by fork() only have a single thread.
141            Discard information about the parent threads.  */
142         CPU_FOREACH_SAFE(cpu, next_cpu) {
143             if (cpu != thread_cpu) {
144                 QTAILQ_REMOVE(&cpus, cpu, node);
145             }
146         }
147         qemu_mutex_init(&tb_ctx.tb_lock);
148         qemu_init_cpu_list();
149         gdbserver_fork(thread_cpu);
150     } else {
151         qemu_mutex_unlock(&tb_ctx.tb_lock);
152         cpu_list_unlock();
153     }
154 }
155 
156 #ifdef TARGET_I386
157 /***********************************************************/
158 /* CPUX86 core interface */
159 
160 uint64_t cpu_get_tsc(CPUX86State *env)
161 {
162     return cpu_get_host_ticks();
163 }
164 
165 static void write_dt(void *ptr, unsigned long addr, unsigned long limit,
166                      int flags)
167 {
168     unsigned int e1, e2;
169     uint32_t *p;
170     e1 = (addr << 16) | (limit & 0xffff);
171     e2 = ((addr >> 16) & 0xff) | (addr & 0xff000000) | (limit & 0x000f0000);
172     e2 |= flags;
173     p = ptr;
174     p[0] = tswap32(e1);
175     p[1] = tswap32(e2);
176 }
177 
178 static uint64_t *idt_table;
179 #ifdef TARGET_X86_64
180 static void set_gate64(void *ptr, unsigned int type, unsigned int dpl,
181                        uint64_t addr, unsigned int sel)
182 {
183     uint32_t *p, e1, e2;
184     e1 = (addr & 0xffff) | (sel << 16);
185     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
186     p = ptr;
187     p[0] = tswap32(e1);
188     p[1] = tswap32(e2);
189     p[2] = tswap32(addr >> 32);
190     p[3] = 0;
191 }
192 /* only dpl matters as we do only user space emulation */
193 static void set_idt(int n, unsigned int dpl)
194 {
195     set_gate64(idt_table + n * 2, 0, dpl, 0, 0);
196 }
197 #else
198 static void set_gate(void *ptr, unsigned int type, unsigned int dpl,
199                      uint32_t addr, unsigned int sel)
200 {
201     uint32_t *p, e1, e2;
202     e1 = (addr & 0xffff) | (sel << 16);
203     e2 = (addr & 0xffff0000) | 0x8000 | (dpl << 13) | (type << 8);
204     p = ptr;
205     p[0] = tswap32(e1);
206     p[1] = tswap32(e2);
207 }
208 
209 /* only dpl matters as we do only user space emulation */
210 static void set_idt(int n, unsigned int dpl)
211 {
212     set_gate(idt_table + n, 0, dpl, 0, 0);
213 }
214 #endif
215 
216 void cpu_loop(CPUX86State *env)
217 {
218     CPUState *cs = CPU(x86_env_get_cpu(env));
219     int trapnr;
220     abi_ulong pc;
221     abi_ulong ret;
222     target_siginfo_t info;
223 
224     for(;;) {
225         cpu_exec_start(cs);
226         trapnr = cpu_exec(cs);
227         cpu_exec_end(cs);
228         process_queued_cpu_work(cs);
229 
230         switch(trapnr) {
231         case 0x80:
232             /* linux syscall from int $0x80 */
233             ret = do_syscall(env,
234                              env->regs[R_EAX],
235                              env->regs[R_EBX],
236                              env->regs[R_ECX],
237                              env->regs[R_EDX],
238                              env->regs[R_ESI],
239                              env->regs[R_EDI],
240                              env->regs[R_EBP],
241                              0, 0);
242             if (ret == -TARGET_ERESTARTSYS) {
243                 env->eip -= 2;
244             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
245                 env->regs[R_EAX] = ret;
246             }
247             break;
248 #ifndef TARGET_ABI32
249         case EXCP_SYSCALL:
250             /* linux syscall from syscall instruction */
251             ret = do_syscall(env,
252                              env->regs[R_EAX],
253                              env->regs[R_EDI],
254                              env->regs[R_ESI],
255                              env->regs[R_EDX],
256                              env->regs[10],
257                              env->regs[8],
258                              env->regs[9],
259                              0, 0);
260             if (ret == -TARGET_ERESTARTSYS) {
261                 env->eip -= 2;
262             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
263                 env->regs[R_EAX] = ret;
264             }
265             break;
266 #endif
267         case EXCP0B_NOSEG:
268         case EXCP0C_STACK:
269             info.si_signo = TARGET_SIGBUS;
270             info.si_errno = 0;
271             info.si_code = TARGET_SI_KERNEL;
272             info._sifields._sigfault._addr = 0;
273             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
274             break;
275         case EXCP0D_GPF:
276             /* XXX: potential problem if ABI32 */
277 #ifndef TARGET_X86_64
278             if (env->eflags & VM_MASK) {
279                 handle_vm86_fault(env);
280             } else
281 #endif
282             {
283                 info.si_signo = TARGET_SIGSEGV;
284                 info.si_errno = 0;
285                 info.si_code = TARGET_SI_KERNEL;
286                 info._sifields._sigfault._addr = 0;
287                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
288             }
289             break;
290         case EXCP0E_PAGE:
291             info.si_signo = TARGET_SIGSEGV;
292             info.si_errno = 0;
293             if (!(env->error_code & 1))
294                 info.si_code = TARGET_SEGV_MAPERR;
295             else
296                 info.si_code = TARGET_SEGV_ACCERR;
297             info._sifields._sigfault._addr = env->cr[2];
298             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
299             break;
300         case EXCP00_DIVZ:
301 #ifndef TARGET_X86_64
302             if (env->eflags & VM_MASK) {
303                 handle_vm86_trap(env, trapnr);
304             } else
305 #endif
306             {
307                 /* division by zero */
308                 info.si_signo = TARGET_SIGFPE;
309                 info.si_errno = 0;
310                 info.si_code = TARGET_FPE_INTDIV;
311                 info._sifields._sigfault._addr = env->eip;
312                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
313             }
314             break;
315         case EXCP01_DB:
316         case EXCP03_INT3:
317 #ifndef TARGET_X86_64
318             if (env->eflags & VM_MASK) {
319                 handle_vm86_trap(env, trapnr);
320             } else
321 #endif
322             {
323                 info.si_signo = TARGET_SIGTRAP;
324                 info.si_errno = 0;
325                 if (trapnr == EXCP01_DB) {
326                     info.si_code = TARGET_TRAP_BRKPT;
327                     info._sifields._sigfault._addr = env->eip;
328                 } else {
329                     info.si_code = TARGET_SI_KERNEL;
330                     info._sifields._sigfault._addr = 0;
331                 }
332                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
333             }
334             break;
335         case EXCP04_INTO:
336         case EXCP05_BOUND:
337 #ifndef TARGET_X86_64
338             if (env->eflags & VM_MASK) {
339                 handle_vm86_trap(env, trapnr);
340             } else
341 #endif
342             {
343                 info.si_signo = TARGET_SIGSEGV;
344                 info.si_errno = 0;
345                 info.si_code = TARGET_SI_KERNEL;
346                 info._sifields._sigfault._addr = 0;
347                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
348             }
349             break;
350         case EXCP06_ILLOP:
351             info.si_signo = TARGET_SIGILL;
352             info.si_errno = 0;
353             info.si_code = TARGET_ILL_ILLOPN;
354             info._sifields._sigfault._addr = env->eip;
355             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
356             break;
357         case EXCP_INTERRUPT:
358             /* just indicate that signals should be handled asap */
359             break;
360         case EXCP_DEBUG:
361             {
362                 int sig;
363 
364                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
365                 if (sig)
366                   {
367                     info.si_signo = sig;
368                     info.si_errno = 0;
369                     info.si_code = TARGET_TRAP_BRKPT;
370                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
371                   }
372             }
373             break;
374         case EXCP_ATOMIC:
375             cpu_exec_step_atomic(cs);
376             break;
377         default:
378             pc = env->segs[R_CS].base + env->eip;
379             EXCP_DUMP(env, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n",
380                       (long)pc, trapnr);
381             abort();
382         }
383         process_pending_signals(env);
384     }
385 }
386 #endif
387 
388 #ifdef TARGET_ARM
389 
390 #define get_user_code_u32(x, gaddr, env)                \
391     ({ abi_long __r = get_user_u32((x), (gaddr));       \
392         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
393             (x) = bswap32(x);                           \
394         }                                               \
395         __r;                                            \
396     })
397 
398 #define get_user_code_u16(x, gaddr, env)                \
399     ({ abi_long __r = get_user_u16((x), (gaddr));       \
400         if (!__r && bswap_code(arm_sctlr_b(env))) {     \
401             (x) = bswap16(x);                           \
402         }                                               \
403         __r;                                            \
404     })
405 
406 #define get_user_data_u32(x, gaddr, env)                \
407     ({ abi_long __r = get_user_u32((x), (gaddr));       \
408         if (!__r && arm_cpu_bswap_data(env)) {          \
409             (x) = bswap32(x);                           \
410         }                                               \
411         __r;                                            \
412     })
413 
414 #define get_user_data_u16(x, gaddr, env)                \
415     ({ abi_long __r = get_user_u16((x), (gaddr));       \
416         if (!__r && arm_cpu_bswap_data(env)) {          \
417             (x) = bswap16(x);                           \
418         }                                               \
419         __r;                                            \
420     })
421 
422 #define put_user_data_u32(x, gaddr, env)                \
423     ({ typeof(x) __x = (x);                             \
424         if (arm_cpu_bswap_data(env)) {                  \
425             __x = bswap32(__x);                         \
426         }                                               \
427         put_user_u32(__x, (gaddr));                     \
428     })
429 
430 #define put_user_data_u16(x, gaddr, env)                \
431     ({ typeof(x) __x = (x);                             \
432         if (arm_cpu_bswap_data(env)) {                  \
433             __x = bswap16(__x);                         \
434         }                                               \
435         put_user_u16(__x, (gaddr));                     \
436     })
437 
438 #ifdef TARGET_ABI32
439 /* Commpage handling -- there is no commpage for AArch64 */
440 
441 /*
442  * See the Linux kernel's Documentation/arm/kernel_user_helpers.txt
443  * Input:
444  * r0 = pointer to oldval
445  * r1 = pointer to newval
446  * r2 = pointer to target value
447  *
448  * Output:
449  * r0 = 0 if *ptr was changed, non-0 if no exchange happened
450  * C set if *ptr was changed, clear if no exchange happened
451  *
452  * Note segv's in kernel helpers are a bit tricky, we can set the
453  * data address sensibly but the PC address is just the entry point.
454  */
455 static void arm_kernel_cmpxchg64_helper(CPUARMState *env)
456 {
457     uint64_t oldval, newval, val;
458     uint32_t addr, cpsr;
459     target_siginfo_t info;
460 
461     /* Based on the 32 bit code in do_kernel_trap */
462 
463     /* XXX: This only works between threads, not between processes.
464        It's probably possible to implement this with native host
465        operations. However things like ldrex/strex are much harder so
466        there's not much point trying.  */
467     start_exclusive();
468     cpsr = cpsr_read(env);
469     addr = env->regs[2];
470 
471     if (get_user_u64(oldval, env->regs[0])) {
472         env->exception.vaddress = env->regs[0];
473         goto segv;
474     };
475 
476     if (get_user_u64(newval, env->regs[1])) {
477         env->exception.vaddress = env->regs[1];
478         goto segv;
479     };
480 
481     if (get_user_u64(val, addr)) {
482         env->exception.vaddress = addr;
483         goto segv;
484     }
485 
486     if (val == oldval) {
487         val = newval;
488 
489         if (put_user_u64(val, addr)) {
490             env->exception.vaddress = addr;
491             goto segv;
492         };
493 
494         env->regs[0] = 0;
495         cpsr |= CPSR_C;
496     } else {
497         env->regs[0] = -1;
498         cpsr &= ~CPSR_C;
499     }
500     cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
501     end_exclusive();
502     return;
503 
504 segv:
505     end_exclusive();
506     /* We get the PC of the entry address - which is as good as anything,
507        on a real kernel what you get depends on which mode it uses. */
508     info.si_signo = TARGET_SIGSEGV;
509     info.si_errno = 0;
510     /* XXX: check env->error_code */
511     info.si_code = TARGET_SEGV_MAPERR;
512     info._sifields._sigfault._addr = env->exception.vaddress;
513     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
514 }
515 
516 /* Handle a jump to the kernel code page.  */
517 static int
518 do_kernel_trap(CPUARMState *env)
519 {
520     uint32_t addr;
521     uint32_t cpsr;
522     uint32_t val;
523 
524     switch (env->regs[15]) {
525     case 0xffff0fa0: /* __kernel_memory_barrier */
526         /* ??? No-op. Will need to do better for SMP.  */
527         break;
528     case 0xffff0fc0: /* __kernel_cmpxchg */
529          /* XXX: This only works between threads, not between processes.
530             It's probably possible to implement this with native host
531             operations. However things like ldrex/strex are much harder so
532             there's not much point trying.  */
533         start_exclusive();
534         cpsr = cpsr_read(env);
535         addr = env->regs[2];
536         /* FIXME: This should SEGV if the access fails.  */
537         if (get_user_u32(val, addr))
538             val = ~env->regs[0];
539         if (val == env->regs[0]) {
540             val = env->regs[1];
541             /* FIXME: Check for segfaults.  */
542             put_user_u32(val, addr);
543             env->regs[0] = 0;
544             cpsr |= CPSR_C;
545         } else {
546             env->regs[0] = -1;
547             cpsr &= ~CPSR_C;
548         }
549         cpsr_write(env, cpsr, CPSR_C, CPSRWriteByInstr);
550         end_exclusive();
551         break;
552     case 0xffff0fe0: /* __kernel_get_tls */
553         env->regs[0] = cpu_get_tls(env);
554         break;
555     case 0xffff0f60: /* __kernel_cmpxchg64 */
556         arm_kernel_cmpxchg64_helper(env);
557         break;
558 
559     default:
560         return 1;
561     }
562     /* Jump back to the caller.  */
563     addr = env->regs[14];
564     if (addr & 1) {
565         env->thumb = 1;
566         addr &= ~1;
567     }
568     env->regs[15] = addr;
569 
570     return 0;
571 }
572 
573 void cpu_loop(CPUARMState *env)
574 {
575     CPUState *cs = CPU(arm_env_get_cpu(env));
576     int trapnr;
577     unsigned int n, insn;
578     target_siginfo_t info;
579     uint32_t addr;
580     abi_ulong ret;
581 
582     for(;;) {
583         cpu_exec_start(cs);
584         trapnr = cpu_exec(cs);
585         cpu_exec_end(cs);
586         process_queued_cpu_work(cs);
587 
588         switch(trapnr) {
589         case EXCP_UDEF:
590         case EXCP_NOCP:
591         case EXCP_INVSTATE:
592             {
593                 TaskState *ts = cs->opaque;
594                 uint32_t opcode;
595                 int rc;
596 
597                 /* we handle the FPU emulation here, as Linux */
598                 /* we get the opcode */
599                 /* FIXME - what to do if get_user() fails? */
600                 get_user_code_u32(opcode, env->regs[15], env);
601 
602                 rc = EmulateAll(opcode, &ts->fpa, env);
603                 if (rc == 0) { /* illegal instruction */
604                     info.si_signo = TARGET_SIGILL;
605                     info.si_errno = 0;
606                     info.si_code = TARGET_ILL_ILLOPN;
607                     info._sifields._sigfault._addr = env->regs[15];
608                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
609                 } else if (rc < 0) { /* FP exception */
610                     int arm_fpe=0;
611 
612                     /* translate softfloat flags to FPSR flags */
613                     if (-rc & float_flag_invalid)
614                       arm_fpe |= BIT_IOC;
615                     if (-rc & float_flag_divbyzero)
616                       arm_fpe |= BIT_DZC;
617                     if (-rc & float_flag_overflow)
618                       arm_fpe |= BIT_OFC;
619                     if (-rc & float_flag_underflow)
620                       arm_fpe |= BIT_UFC;
621                     if (-rc & float_flag_inexact)
622                       arm_fpe |= BIT_IXC;
623 
624                     FPSR fpsr = ts->fpa.fpsr;
625                     //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
626 
627                     if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
628                       info.si_signo = TARGET_SIGFPE;
629                       info.si_errno = 0;
630 
631                       /* ordered by priority, least first */
632                       if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
633                       if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
634                       if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
635                       if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
636                       if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
637 
638                       info._sifields._sigfault._addr = env->regs[15];
639                       queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
640                     } else {
641                       env->regs[15] += 4;
642                     }
643 
644                     /* accumulate unenabled exceptions */
645                     if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
646                       fpsr |= BIT_IXC;
647                     if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
648                       fpsr |= BIT_UFC;
649                     if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
650                       fpsr |= BIT_OFC;
651                     if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
652                       fpsr |= BIT_DZC;
653                     if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
654                       fpsr |= BIT_IOC;
655                     ts->fpa.fpsr=fpsr;
656                 } else { /* everything OK */
657                     /* increment PC */
658                     env->regs[15] += 4;
659                 }
660             }
661             break;
662         case EXCP_SWI:
663         case EXCP_BKPT:
664             {
665                 env->eabi = 1;
666                 /* system call */
667                 if (trapnr == EXCP_BKPT) {
668                     if (env->thumb) {
669                         /* FIXME - what to do if get_user() fails? */
670                         get_user_code_u16(insn, env->regs[15], env);
671                         n = insn & 0xff;
672                         env->regs[15] += 2;
673                     } else {
674                         /* FIXME - what to do if get_user() fails? */
675                         get_user_code_u32(insn, env->regs[15], env);
676                         n = (insn & 0xf) | ((insn >> 4) & 0xff0);
677                         env->regs[15] += 4;
678                     }
679                 } else {
680                     if (env->thumb) {
681                         /* FIXME - what to do if get_user() fails? */
682                         get_user_code_u16(insn, env->regs[15] - 2, env);
683                         n = insn & 0xff;
684                     } else {
685                         /* FIXME - what to do if get_user() fails? */
686                         get_user_code_u32(insn, env->regs[15] - 4, env);
687                         n = insn & 0xffffff;
688                     }
689                 }
690 
691                 if (n == ARM_NR_cacheflush) {
692                     /* nop */
693                 } else if (n == ARM_NR_semihosting
694                            || n == ARM_NR_thumb_semihosting) {
695                     env->regs[0] = do_arm_semihosting (env);
696                 } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
697                     /* linux syscall */
698                     if (env->thumb || n == 0) {
699                         n = env->regs[7];
700                     } else {
701                         n -= ARM_SYSCALL_BASE;
702                         env->eabi = 0;
703                     }
704                     if ( n > ARM_NR_BASE) {
705                         switch (n) {
706                         case ARM_NR_cacheflush:
707                             /* nop */
708                             break;
709                         case ARM_NR_set_tls:
710                             cpu_set_tls(env, env->regs[0]);
711                             env->regs[0] = 0;
712                             break;
713                         case ARM_NR_breakpoint:
714                             env->regs[15] -= env->thumb ? 2 : 4;
715                             goto excp_debug;
716                         default:
717                             gemu_log("qemu: Unsupported ARM syscall: 0x%x\n",
718                                      n);
719                             env->regs[0] = -TARGET_ENOSYS;
720                             break;
721                         }
722                     } else {
723                         ret = do_syscall(env,
724                                          n,
725                                          env->regs[0],
726                                          env->regs[1],
727                                          env->regs[2],
728                                          env->regs[3],
729                                          env->regs[4],
730                                          env->regs[5],
731                                          0, 0);
732                         if (ret == -TARGET_ERESTARTSYS) {
733                             env->regs[15] -= env->thumb ? 2 : 4;
734                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
735                             env->regs[0] = ret;
736                         }
737                     }
738                 } else {
739                     goto error;
740                 }
741             }
742             break;
743         case EXCP_SEMIHOST:
744             env->regs[0] = do_arm_semihosting(env);
745             break;
746         case EXCP_INTERRUPT:
747             /* just indicate that signals should be handled asap */
748             break;
749         case EXCP_PREFETCH_ABORT:
750         case EXCP_DATA_ABORT:
751             addr = env->exception.vaddress;
752             {
753                 info.si_signo = TARGET_SIGSEGV;
754                 info.si_errno = 0;
755                 /* XXX: check env->error_code */
756                 info.si_code = TARGET_SEGV_MAPERR;
757                 info._sifields._sigfault._addr = addr;
758                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
759             }
760             break;
761         case EXCP_DEBUG:
762         excp_debug:
763             {
764                 int sig;
765 
766                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
767                 if (sig)
768                   {
769                     info.si_signo = sig;
770                     info.si_errno = 0;
771                     info.si_code = TARGET_TRAP_BRKPT;
772                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
773                   }
774             }
775             break;
776         case EXCP_KERNEL_TRAP:
777             if (do_kernel_trap(env))
778               goto error;
779             break;
780         case EXCP_YIELD:
781             /* nothing to do here for user-mode, just resume guest code */
782             break;
783         case EXCP_ATOMIC:
784             cpu_exec_step_atomic(cs);
785             break;
786         default:
787         error:
788             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
789             abort();
790         }
791         process_pending_signals(env);
792     }
793 }
794 
795 #else
796 
797 /* AArch64 main loop */
798 void cpu_loop(CPUARMState *env)
799 {
800     CPUState *cs = CPU(arm_env_get_cpu(env));
801     int trapnr, sig;
802     abi_long ret;
803     target_siginfo_t info;
804 
805     for (;;) {
806         cpu_exec_start(cs);
807         trapnr = cpu_exec(cs);
808         cpu_exec_end(cs);
809         process_queued_cpu_work(cs);
810 
811         switch (trapnr) {
812         case EXCP_SWI:
813             ret = do_syscall(env,
814                              env->xregs[8],
815                              env->xregs[0],
816                              env->xregs[1],
817                              env->xregs[2],
818                              env->xregs[3],
819                              env->xregs[4],
820                              env->xregs[5],
821                              0, 0);
822             if (ret == -TARGET_ERESTARTSYS) {
823                 env->pc -= 4;
824             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
825                 env->xregs[0] = ret;
826             }
827             break;
828         case EXCP_INTERRUPT:
829             /* just indicate that signals should be handled asap */
830             break;
831         case EXCP_UDEF:
832             info.si_signo = TARGET_SIGILL;
833             info.si_errno = 0;
834             info.si_code = TARGET_ILL_ILLOPN;
835             info._sifields._sigfault._addr = env->pc;
836             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
837             break;
838         case EXCP_PREFETCH_ABORT:
839         case EXCP_DATA_ABORT:
840             info.si_signo = TARGET_SIGSEGV;
841             info.si_errno = 0;
842             /* XXX: check env->error_code */
843             info.si_code = TARGET_SEGV_MAPERR;
844             info._sifields._sigfault._addr = env->exception.vaddress;
845             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
846             break;
847         case EXCP_DEBUG:
848         case EXCP_BKPT:
849             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
850             if (sig) {
851                 info.si_signo = sig;
852                 info.si_errno = 0;
853                 info.si_code = TARGET_TRAP_BRKPT;
854                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
855             }
856             break;
857         case EXCP_SEMIHOST:
858             env->xregs[0] = do_arm_semihosting(env);
859             break;
860         case EXCP_YIELD:
861             /* nothing to do here for user-mode, just resume guest code */
862             break;
863         case EXCP_ATOMIC:
864             cpu_exec_step_atomic(cs);
865             break;
866         default:
867             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
868             abort();
869         }
870         process_pending_signals(env);
871         /* Exception return on AArch64 always clears the exclusive monitor,
872          * so any return to running guest code implies this.
873          */
874         env->exclusive_addr = -1;
875     }
876 }
877 #endif /* ndef TARGET_ABI32 */
878 
879 #endif
880 
881 #ifdef TARGET_UNICORE32
882 
883 void cpu_loop(CPUUniCore32State *env)
884 {
885     CPUState *cs = CPU(uc32_env_get_cpu(env));
886     int trapnr;
887     unsigned int n, insn;
888     target_siginfo_t info;
889 
890     for (;;) {
891         cpu_exec_start(cs);
892         trapnr = cpu_exec(cs);
893         cpu_exec_end(cs);
894         process_queued_cpu_work(cs);
895 
896         switch (trapnr) {
897         case UC32_EXCP_PRIV:
898             {
899                 /* system call */
900                 get_user_u32(insn, env->regs[31] - 4);
901                 n = insn & 0xffffff;
902 
903                 if (n >= UC32_SYSCALL_BASE) {
904                     /* linux syscall */
905                     n -= UC32_SYSCALL_BASE;
906                     if (n == UC32_SYSCALL_NR_set_tls) {
907                             cpu_set_tls(env, env->regs[0]);
908                             env->regs[0] = 0;
909                     } else {
910                         abi_long ret = do_syscall(env,
911                                                   n,
912                                                   env->regs[0],
913                                                   env->regs[1],
914                                                   env->regs[2],
915                                                   env->regs[3],
916                                                   env->regs[4],
917                                                   env->regs[5],
918                                                   0, 0);
919                         if (ret == -TARGET_ERESTARTSYS) {
920                             env->regs[31] -= 4;
921                         } else if (ret != -TARGET_QEMU_ESIGRETURN) {
922                             env->regs[0] = ret;
923                         }
924                     }
925                 } else {
926                     goto error;
927                 }
928             }
929             break;
930         case UC32_EXCP_DTRAP:
931         case UC32_EXCP_ITRAP:
932             info.si_signo = TARGET_SIGSEGV;
933             info.si_errno = 0;
934             /* XXX: check env->error_code */
935             info.si_code = TARGET_SEGV_MAPERR;
936             info._sifields._sigfault._addr = env->cp0.c4_faultaddr;
937             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
938             break;
939         case EXCP_INTERRUPT:
940             /* just indicate that signals should be handled asap */
941             break;
942         case EXCP_DEBUG:
943             {
944                 int sig;
945 
946                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
947                 if (sig) {
948                     info.si_signo = sig;
949                     info.si_errno = 0;
950                     info.si_code = TARGET_TRAP_BRKPT;
951                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
952                 }
953             }
954             break;
955         case EXCP_ATOMIC:
956             cpu_exec_step_atomic(cs);
957             break;
958         default:
959             goto error;
960         }
961         process_pending_signals(env);
962     }
963 
964 error:
965     EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
966     abort();
967 }
968 #endif
969 
970 #ifdef TARGET_SPARC
971 #define SPARC64_STACK_BIAS 2047
972 
973 //#define DEBUG_WIN
974 
975 /* WARNING: dealing with register windows _is_ complicated. More info
976    can be found at http://www.sics.se/~psm/sparcstack.html */
977 static inline int get_reg_index(CPUSPARCState *env, int cwp, int index)
978 {
979     index = (index + cwp * 16) % (16 * env->nwindows);
980     /* wrap handling : if cwp is on the last window, then we use the
981        registers 'after' the end */
982     if (index < 8 && env->cwp == env->nwindows - 1)
983         index += 16 * env->nwindows;
984     return index;
985 }
986 
987 /* save the register window 'cwp1' */
988 static inline void save_window_offset(CPUSPARCState *env, int cwp1)
989 {
990     unsigned int i;
991     abi_ulong sp_ptr;
992 
993     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
994 #ifdef TARGET_SPARC64
995     if (sp_ptr & 3)
996         sp_ptr += SPARC64_STACK_BIAS;
997 #endif
998 #if defined(DEBUG_WIN)
999     printf("win_overflow: sp_ptr=0x" TARGET_ABI_FMT_lx " save_cwp=%d\n",
1000            sp_ptr, cwp1);
1001 #endif
1002     for(i = 0; i < 16; i++) {
1003         /* FIXME - what to do if put_user() fails? */
1004         put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1005         sp_ptr += sizeof(abi_ulong);
1006     }
1007 }
1008 
1009 static void save_window(CPUSPARCState *env)
1010 {
1011 #ifndef TARGET_SPARC64
1012     unsigned int new_wim;
1013     new_wim = ((env->wim >> 1) | (env->wim << (env->nwindows - 1))) &
1014         ((1LL << env->nwindows) - 1);
1015     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1016     env->wim = new_wim;
1017 #else
1018     save_window_offset(env, cpu_cwp_dec(env, env->cwp - 2));
1019     env->cansave++;
1020     env->canrestore--;
1021 #endif
1022 }
1023 
1024 static void restore_window(CPUSPARCState *env)
1025 {
1026 #ifndef TARGET_SPARC64
1027     unsigned int new_wim;
1028 #endif
1029     unsigned int i, cwp1;
1030     abi_ulong sp_ptr;
1031 
1032 #ifndef TARGET_SPARC64
1033     new_wim = ((env->wim << 1) | (env->wim >> (env->nwindows - 1))) &
1034         ((1LL << env->nwindows) - 1);
1035 #endif
1036 
1037     /* restore the invalid window */
1038     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1039     sp_ptr = env->regbase[get_reg_index(env, cwp1, 6)];
1040 #ifdef TARGET_SPARC64
1041     if (sp_ptr & 3)
1042         sp_ptr += SPARC64_STACK_BIAS;
1043 #endif
1044 #if defined(DEBUG_WIN)
1045     printf("win_underflow: sp_ptr=0x" TARGET_ABI_FMT_lx " load_cwp=%d\n",
1046            sp_ptr, cwp1);
1047 #endif
1048     for(i = 0; i < 16; i++) {
1049         /* FIXME - what to do if get_user() fails? */
1050         get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
1051         sp_ptr += sizeof(abi_ulong);
1052     }
1053 #ifdef TARGET_SPARC64
1054     env->canrestore++;
1055     if (env->cleanwin < env->nwindows - 1)
1056         env->cleanwin++;
1057     env->cansave--;
1058 #else
1059     env->wim = new_wim;
1060 #endif
1061 }
1062 
1063 static void flush_windows(CPUSPARCState *env)
1064 {
1065     int offset, cwp1;
1066 
1067     offset = 1;
1068     for(;;) {
1069         /* if restore would invoke restore_window(), then we can stop */
1070         cwp1 = cpu_cwp_inc(env, env->cwp + offset);
1071 #ifndef TARGET_SPARC64
1072         if (env->wim & (1 << cwp1))
1073             break;
1074 #else
1075         if (env->canrestore == 0)
1076             break;
1077         env->cansave++;
1078         env->canrestore--;
1079 #endif
1080         save_window_offset(env, cwp1);
1081         offset++;
1082     }
1083     cwp1 = cpu_cwp_inc(env, env->cwp + 1);
1084 #ifndef TARGET_SPARC64
1085     /* set wim so that restore will reload the registers */
1086     env->wim = 1 << cwp1;
1087 #endif
1088 #if defined(DEBUG_WIN)
1089     printf("flush_windows: nb=%d\n", offset - 1);
1090 #endif
1091 }
1092 
1093 void cpu_loop (CPUSPARCState *env)
1094 {
1095     CPUState *cs = CPU(sparc_env_get_cpu(env));
1096     int trapnr;
1097     abi_long ret;
1098     target_siginfo_t info;
1099 
1100     while (1) {
1101         cpu_exec_start(cs);
1102         trapnr = cpu_exec(cs);
1103         cpu_exec_end(cs);
1104         process_queued_cpu_work(cs);
1105 
1106         /* Compute PSR before exposing state.  */
1107         if (env->cc_op != CC_OP_FLAGS) {
1108             cpu_get_psr(env);
1109         }
1110 
1111         switch (trapnr) {
1112 #ifndef TARGET_SPARC64
1113         case 0x88:
1114         case 0x90:
1115 #else
1116         case 0x110:
1117         case 0x16d:
1118 #endif
1119             ret = do_syscall (env, env->gregs[1],
1120                               env->regwptr[0], env->regwptr[1],
1121                               env->regwptr[2], env->regwptr[3],
1122                               env->regwptr[4], env->regwptr[5],
1123                               0, 0);
1124             if (ret == -TARGET_ERESTARTSYS || ret == -TARGET_QEMU_ESIGRETURN) {
1125                 break;
1126             }
1127             if ((abi_ulong)ret >= (abi_ulong)(-515)) {
1128 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1129                 env->xcc |= PSR_CARRY;
1130 #else
1131                 env->psr |= PSR_CARRY;
1132 #endif
1133                 ret = -ret;
1134             } else {
1135 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
1136                 env->xcc &= ~PSR_CARRY;
1137 #else
1138                 env->psr &= ~PSR_CARRY;
1139 #endif
1140             }
1141             env->regwptr[0] = ret;
1142             /* next instruction */
1143             env->pc = env->npc;
1144             env->npc = env->npc + 4;
1145             break;
1146         case 0x83: /* flush windows */
1147 #ifdef TARGET_ABI32
1148         case 0x103:
1149 #endif
1150             flush_windows(env);
1151             /* next instruction */
1152             env->pc = env->npc;
1153             env->npc = env->npc + 4;
1154             break;
1155 #ifndef TARGET_SPARC64
1156         case TT_WIN_OVF: /* window overflow */
1157             save_window(env);
1158             break;
1159         case TT_WIN_UNF: /* window underflow */
1160             restore_window(env);
1161             break;
1162         case TT_TFAULT:
1163         case TT_DFAULT:
1164             {
1165                 info.si_signo = TARGET_SIGSEGV;
1166                 info.si_errno = 0;
1167                 /* XXX: check env->error_code */
1168                 info.si_code = TARGET_SEGV_MAPERR;
1169                 info._sifields._sigfault._addr = env->mmuregs[4];
1170                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1171             }
1172             break;
1173 #else
1174         case TT_SPILL: /* window overflow */
1175             save_window(env);
1176             break;
1177         case TT_FILL: /* window underflow */
1178             restore_window(env);
1179             break;
1180         case TT_TFAULT:
1181         case TT_DFAULT:
1182             {
1183                 info.si_signo = TARGET_SIGSEGV;
1184                 info.si_errno = 0;
1185                 /* XXX: check env->error_code */
1186                 info.si_code = TARGET_SEGV_MAPERR;
1187                 if (trapnr == TT_DFAULT)
1188                     info._sifields._sigfault._addr = env->dmmu.mmuregs[4];
1189                 else
1190                     info._sifields._sigfault._addr = cpu_tsptr(env)->tpc;
1191                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1192             }
1193             break;
1194 #ifndef TARGET_ABI32
1195         case 0x16e:
1196             flush_windows(env);
1197             sparc64_get_context(env);
1198             break;
1199         case 0x16f:
1200             flush_windows(env);
1201             sparc64_set_context(env);
1202             break;
1203 #endif
1204 #endif
1205         case EXCP_INTERRUPT:
1206             /* just indicate that signals should be handled asap */
1207             break;
1208         case TT_ILL_INSN:
1209             {
1210                 info.si_signo = TARGET_SIGILL;
1211                 info.si_errno = 0;
1212                 info.si_code = TARGET_ILL_ILLOPC;
1213                 info._sifields._sigfault._addr = env->pc;
1214                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1215             }
1216             break;
1217         case EXCP_DEBUG:
1218             {
1219                 int sig;
1220 
1221                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1222                 if (sig)
1223                   {
1224                     info.si_signo = sig;
1225                     info.si_errno = 0;
1226                     info.si_code = TARGET_TRAP_BRKPT;
1227                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1228                   }
1229             }
1230             break;
1231         case EXCP_ATOMIC:
1232             cpu_exec_step_atomic(cs);
1233             break;
1234         default:
1235             printf ("Unhandled trap: 0x%x\n", trapnr);
1236             cpu_dump_state(cs, stderr, fprintf, 0);
1237             exit(EXIT_FAILURE);
1238         }
1239         process_pending_signals (env);
1240     }
1241 }
1242 
1243 #endif
1244 
1245 #ifdef TARGET_PPC
1246 static inline uint64_t cpu_ppc_get_tb(CPUPPCState *env)
1247 {
1248     return cpu_get_host_ticks();
1249 }
1250 
1251 uint64_t cpu_ppc_load_tbl(CPUPPCState *env)
1252 {
1253     return cpu_ppc_get_tb(env);
1254 }
1255 
1256 uint32_t cpu_ppc_load_tbu(CPUPPCState *env)
1257 {
1258     return cpu_ppc_get_tb(env) >> 32;
1259 }
1260 
1261 uint64_t cpu_ppc_load_atbl(CPUPPCState *env)
1262 {
1263     return cpu_ppc_get_tb(env);
1264 }
1265 
1266 uint32_t cpu_ppc_load_atbu(CPUPPCState *env)
1267 {
1268     return cpu_ppc_get_tb(env) >> 32;
1269 }
1270 
1271 uint32_t cpu_ppc601_load_rtcu(CPUPPCState *env)
1272 __attribute__ (( alias ("cpu_ppc_load_tbu") ));
1273 
1274 uint32_t cpu_ppc601_load_rtcl(CPUPPCState *env)
1275 {
1276     return cpu_ppc_load_tbl(env) & 0x3FFFFF80;
1277 }
1278 
1279 /* XXX: to be fixed */
1280 int ppc_dcr_read (ppc_dcr_t *dcr_env, int dcrn, uint32_t *valp)
1281 {
1282     return -1;
1283 }
1284 
1285 int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn, uint32_t val)
1286 {
1287     return -1;
1288 }
1289 
1290 static int do_store_exclusive(CPUPPCState *env)
1291 {
1292     target_ulong addr;
1293     target_ulong page_addr;
1294     target_ulong val, val2 __attribute__((unused)) = 0;
1295     int flags;
1296     int segv = 0;
1297 
1298     addr = env->reserve_ea;
1299     page_addr = addr & TARGET_PAGE_MASK;
1300     start_exclusive();
1301     mmap_lock();
1302     flags = page_get_flags(page_addr);
1303     if ((flags & PAGE_READ) == 0) {
1304         segv = 1;
1305     } else {
1306         int reg = env->reserve_info & 0x1f;
1307         int size = env->reserve_info >> 5;
1308         int stored = 0;
1309 
1310         if (addr == env->reserve_addr) {
1311             switch (size) {
1312             case 1: segv = get_user_u8(val, addr); break;
1313             case 2: segv = get_user_u16(val, addr); break;
1314             case 4: segv = get_user_u32(val, addr); break;
1315 #if defined(TARGET_PPC64)
1316             case 8: segv = get_user_u64(val, addr); break;
1317             case 16: {
1318                 segv = get_user_u64(val, addr);
1319                 if (!segv) {
1320                     segv = get_user_u64(val2, addr + 8);
1321                 }
1322                 break;
1323             }
1324 #endif
1325             default: abort();
1326             }
1327             if (!segv && val == env->reserve_val) {
1328                 val = env->gpr[reg];
1329                 switch (size) {
1330                 case 1: segv = put_user_u8(val, addr); break;
1331                 case 2: segv = put_user_u16(val, addr); break;
1332                 case 4: segv = put_user_u32(val, addr); break;
1333 #if defined(TARGET_PPC64)
1334                 case 8: segv = put_user_u64(val, addr); break;
1335                 case 16: {
1336                     if (val2 == env->reserve_val2) {
1337                         if (msr_le) {
1338                             val2 = val;
1339                             val = env->gpr[reg+1];
1340                         } else {
1341                             val2 = env->gpr[reg+1];
1342                         }
1343                         segv = put_user_u64(val, addr);
1344                         if (!segv) {
1345                             segv = put_user_u64(val2, addr + 8);
1346                         }
1347                     }
1348                     break;
1349                 }
1350 #endif
1351                 default: abort();
1352                 }
1353                 if (!segv) {
1354                     stored = 1;
1355                 }
1356             }
1357         }
1358         env->crf[0] = (stored << 1) | xer_so;
1359         env->reserve_addr = (target_ulong)-1;
1360     }
1361     if (!segv) {
1362         env->nip += 4;
1363     }
1364     mmap_unlock();
1365     end_exclusive();
1366     return segv;
1367 }
1368 
1369 void cpu_loop(CPUPPCState *env)
1370 {
1371     CPUState *cs = CPU(ppc_env_get_cpu(env));
1372     target_siginfo_t info;
1373     int trapnr;
1374     target_ulong ret;
1375 
1376     for(;;) {
1377         cpu_exec_start(cs);
1378         trapnr = cpu_exec(cs);
1379         cpu_exec_end(cs);
1380         process_queued_cpu_work(cs);
1381 
1382         switch(trapnr) {
1383         case POWERPC_EXCP_NONE:
1384             /* Just go on */
1385             break;
1386         case POWERPC_EXCP_CRITICAL: /* Critical input                        */
1387             cpu_abort(cs, "Critical interrupt while in user mode. "
1388                       "Aborting\n");
1389             break;
1390         case POWERPC_EXCP_MCHECK:   /* Machine check exception               */
1391             cpu_abort(cs, "Machine check exception while in user mode. "
1392                       "Aborting\n");
1393             break;
1394         case POWERPC_EXCP_DSI:      /* Data storage exception                */
1395             /* XXX: check this. Seems bugged */
1396             switch (env->error_code & 0xFF000000) {
1397             case 0x40000000:
1398             case 0x42000000:
1399                 info.si_signo = TARGET_SIGSEGV;
1400                 info.si_errno = 0;
1401                 info.si_code = TARGET_SEGV_MAPERR;
1402                 break;
1403             case 0x04000000:
1404                 info.si_signo = TARGET_SIGILL;
1405                 info.si_errno = 0;
1406                 info.si_code = TARGET_ILL_ILLADR;
1407                 break;
1408             case 0x08000000:
1409                 info.si_signo = TARGET_SIGSEGV;
1410                 info.si_errno = 0;
1411                 info.si_code = TARGET_SEGV_ACCERR;
1412                 break;
1413             default:
1414                 /* Let's send a regular segfault... */
1415                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1416                           env->error_code);
1417                 info.si_signo = TARGET_SIGSEGV;
1418                 info.si_errno = 0;
1419                 info.si_code = TARGET_SEGV_MAPERR;
1420                 break;
1421             }
1422             info._sifields._sigfault._addr = env->spr[SPR_DAR];
1423             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1424             break;
1425         case POWERPC_EXCP_ISI:      /* Instruction storage exception         */
1426             /* XXX: check this */
1427             switch (env->error_code & 0xFF000000) {
1428             case 0x40000000:
1429                 info.si_signo = TARGET_SIGSEGV;
1430             info.si_errno = 0;
1431                 info.si_code = TARGET_SEGV_MAPERR;
1432                 break;
1433             case 0x10000000:
1434             case 0x08000000:
1435                 info.si_signo = TARGET_SIGSEGV;
1436                 info.si_errno = 0;
1437                 info.si_code = TARGET_SEGV_ACCERR;
1438                 break;
1439             default:
1440                 /* Let's send a regular segfault... */
1441                 EXCP_DUMP(env, "Invalid segfault errno (%02x)\n",
1442                           env->error_code);
1443                 info.si_signo = TARGET_SIGSEGV;
1444                 info.si_errno = 0;
1445                 info.si_code = TARGET_SEGV_MAPERR;
1446                 break;
1447             }
1448             info._sifields._sigfault._addr = env->nip - 4;
1449             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1450             break;
1451         case POWERPC_EXCP_EXTERNAL: /* External input                        */
1452             cpu_abort(cs, "External interrupt while in user mode. "
1453                       "Aborting\n");
1454             break;
1455         case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
1456             /* XXX: check this */
1457             info.si_signo = TARGET_SIGBUS;
1458             info.si_errno = 0;
1459             info.si_code = TARGET_BUS_ADRALN;
1460             info._sifields._sigfault._addr = env->nip;
1461             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1462             break;
1463         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
1464         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
1465             /* XXX: check this */
1466             switch (env->error_code & ~0xF) {
1467             case POWERPC_EXCP_FP:
1468                 info.si_signo = TARGET_SIGFPE;
1469                 info.si_errno = 0;
1470                 switch (env->error_code & 0xF) {
1471                 case POWERPC_EXCP_FP_OX:
1472                     info.si_code = TARGET_FPE_FLTOVF;
1473                     break;
1474                 case POWERPC_EXCP_FP_UX:
1475                     info.si_code = TARGET_FPE_FLTUND;
1476                     break;
1477                 case POWERPC_EXCP_FP_ZX:
1478                 case POWERPC_EXCP_FP_VXZDZ:
1479                     info.si_code = TARGET_FPE_FLTDIV;
1480                     break;
1481                 case POWERPC_EXCP_FP_XX:
1482                     info.si_code = TARGET_FPE_FLTRES;
1483                     break;
1484                 case POWERPC_EXCP_FP_VXSOFT:
1485                     info.si_code = TARGET_FPE_FLTINV;
1486                     break;
1487                 case POWERPC_EXCP_FP_VXSNAN:
1488                 case POWERPC_EXCP_FP_VXISI:
1489                 case POWERPC_EXCP_FP_VXIDI:
1490                 case POWERPC_EXCP_FP_VXIMZ:
1491                 case POWERPC_EXCP_FP_VXVC:
1492                 case POWERPC_EXCP_FP_VXSQRT:
1493                 case POWERPC_EXCP_FP_VXCVI:
1494                     info.si_code = TARGET_FPE_FLTSUB;
1495                     break;
1496                 default:
1497                     EXCP_DUMP(env, "Unknown floating point exception (%02x)\n",
1498                               env->error_code);
1499                     break;
1500                 }
1501                 break;
1502             case POWERPC_EXCP_INVAL:
1503                 info.si_signo = TARGET_SIGILL;
1504                 info.si_errno = 0;
1505                 switch (env->error_code & 0xF) {
1506                 case POWERPC_EXCP_INVAL_INVAL:
1507                     info.si_code = TARGET_ILL_ILLOPC;
1508                     break;
1509                 case POWERPC_EXCP_INVAL_LSWX:
1510                     info.si_code = TARGET_ILL_ILLOPN;
1511                     break;
1512                 case POWERPC_EXCP_INVAL_SPR:
1513                     info.si_code = TARGET_ILL_PRVREG;
1514                     break;
1515                 case POWERPC_EXCP_INVAL_FP:
1516                     info.si_code = TARGET_ILL_COPROC;
1517                     break;
1518                 default:
1519                     EXCP_DUMP(env, "Unknown invalid operation (%02x)\n",
1520                               env->error_code & 0xF);
1521                     info.si_code = TARGET_ILL_ILLADR;
1522                     break;
1523                 }
1524                 break;
1525             case POWERPC_EXCP_PRIV:
1526                 info.si_signo = TARGET_SIGILL;
1527                 info.si_errno = 0;
1528                 switch (env->error_code & 0xF) {
1529                 case POWERPC_EXCP_PRIV_OPC:
1530                     info.si_code = TARGET_ILL_PRVOPC;
1531                     break;
1532                 case POWERPC_EXCP_PRIV_REG:
1533                     info.si_code = TARGET_ILL_PRVREG;
1534                     break;
1535                 default:
1536                     EXCP_DUMP(env, "Unknown privilege violation (%02x)\n",
1537                               env->error_code & 0xF);
1538                     info.si_code = TARGET_ILL_PRVOPC;
1539                     break;
1540                 }
1541                 break;
1542             case POWERPC_EXCP_TRAP:
1543                 cpu_abort(cs, "Tried to call a TRAP\n");
1544                 break;
1545             default:
1546                 /* Should not happen ! */
1547                 cpu_abort(cs, "Unknown program exception (%02x)\n",
1548                           env->error_code);
1549                 break;
1550             }
1551             info._sifields._sigfault._addr = env->nip;
1552             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1553             break;
1554         case POWERPC_EXCP_FPU:      /* Floating-point unavailable exception  */
1555             info.si_signo = TARGET_SIGILL;
1556             info.si_errno = 0;
1557             info.si_code = TARGET_ILL_COPROC;
1558             info._sifields._sigfault._addr = env->nip;
1559             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1560             break;
1561         case POWERPC_EXCP_SYSCALL:  /* System call exception                 */
1562             cpu_abort(cs, "Syscall exception while in user mode. "
1563                       "Aborting\n");
1564             break;
1565         case POWERPC_EXCP_APU:      /* Auxiliary processor unavailable       */
1566             info.si_signo = TARGET_SIGILL;
1567             info.si_errno = 0;
1568             info.si_code = TARGET_ILL_COPROC;
1569             info._sifields._sigfault._addr = env->nip;
1570             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1571             break;
1572         case POWERPC_EXCP_DECR:     /* Decrementer exception                 */
1573             cpu_abort(cs, "Decrementer interrupt while in user mode. "
1574                       "Aborting\n");
1575             break;
1576         case POWERPC_EXCP_FIT:      /* Fixed-interval timer interrupt        */
1577             cpu_abort(cs, "Fix interval timer interrupt while in user mode. "
1578                       "Aborting\n");
1579             break;
1580         case POWERPC_EXCP_WDT:      /* Watchdog timer interrupt              */
1581             cpu_abort(cs, "Watchdog timer interrupt while in user mode. "
1582                       "Aborting\n");
1583             break;
1584         case POWERPC_EXCP_DTLB:     /* Data TLB error                        */
1585             cpu_abort(cs, "Data TLB exception while in user mode. "
1586                       "Aborting\n");
1587             break;
1588         case POWERPC_EXCP_ITLB:     /* Instruction TLB error                 */
1589             cpu_abort(cs, "Instruction TLB exception while in user mode. "
1590                       "Aborting\n");
1591             break;
1592         case POWERPC_EXCP_SPEU:     /* SPE/embedded floating-point unavail.  */
1593             info.si_signo = TARGET_SIGILL;
1594             info.si_errno = 0;
1595             info.si_code = TARGET_ILL_COPROC;
1596             info._sifields._sigfault._addr = env->nip;
1597             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1598             break;
1599         case POWERPC_EXCP_EFPDI:    /* Embedded floating-point data IRQ      */
1600             cpu_abort(cs, "Embedded floating-point data IRQ not handled\n");
1601             break;
1602         case POWERPC_EXCP_EFPRI:    /* Embedded floating-point round IRQ     */
1603             cpu_abort(cs, "Embedded floating-point round IRQ not handled\n");
1604             break;
1605         case POWERPC_EXCP_EPERFM:   /* Embedded performance monitor IRQ      */
1606             cpu_abort(cs, "Performance monitor exception not handled\n");
1607             break;
1608         case POWERPC_EXCP_DOORI:    /* Embedded doorbell interrupt           */
1609             cpu_abort(cs, "Doorbell interrupt while in user mode. "
1610                        "Aborting\n");
1611             break;
1612         case POWERPC_EXCP_DOORCI:   /* Embedded doorbell critical interrupt  */
1613             cpu_abort(cs, "Doorbell critical interrupt while in user mode. "
1614                       "Aborting\n");
1615             break;
1616         case POWERPC_EXCP_RESET:    /* System reset exception                */
1617             cpu_abort(cs, "Reset interrupt while in user mode. "
1618                       "Aborting\n");
1619             break;
1620         case POWERPC_EXCP_DSEG:     /* Data segment exception                */
1621             cpu_abort(cs, "Data segment exception while in user mode. "
1622                       "Aborting\n");
1623             break;
1624         case POWERPC_EXCP_ISEG:     /* Instruction segment exception         */
1625             cpu_abort(cs, "Instruction segment exception "
1626                       "while in user mode. Aborting\n");
1627             break;
1628         /* PowerPC 64 with hypervisor mode support */
1629         case POWERPC_EXCP_HDECR:    /* Hypervisor decrementer exception      */
1630             cpu_abort(cs, "Hypervisor decrementer interrupt "
1631                       "while in user mode. Aborting\n");
1632             break;
1633         case POWERPC_EXCP_TRACE:    /* Trace exception                       */
1634             /* Nothing to do:
1635              * we use this exception to emulate step-by-step execution mode.
1636              */
1637             break;
1638         /* PowerPC 64 with hypervisor mode support */
1639         case POWERPC_EXCP_HDSI:     /* Hypervisor data storage exception     */
1640             cpu_abort(cs, "Hypervisor data storage exception "
1641                       "while in user mode. Aborting\n");
1642             break;
1643         case POWERPC_EXCP_HISI:     /* Hypervisor instruction storage excp   */
1644             cpu_abort(cs, "Hypervisor instruction storage exception "
1645                       "while in user mode. Aborting\n");
1646             break;
1647         case POWERPC_EXCP_HDSEG:    /* Hypervisor data segment exception     */
1648             cpu_abort(cs, "Hypervisor data segment exception "
1649                       "while in user mode. Aborting\n");
1650             break;
1651         case POWERPC_EXCP_HISEG:    /* Hypervisor instruction segment excp   */
1652             cpu_abort(cs, "Hypervisor instruction segment exception "
1653                       "while in user mode. Aborting\n");
1654             break;
1655         case POWERPC_EXCP_VPU:      /* Vector unavailable exception          */
1656             info.si_signo = TARGET_SIGILL;
1657             info.si_errno = 0;
1658             info.si_code = TARGET_ILL_COPROC;
1659             info._sifields._sigfault._addr = env->nip;
1660             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1661             break;
1662         case POWERPC_EXCP_PIT:      /* Programmable interval timer IRQ       */
1663             cpu_abort(cs, "Programmable interval timer interrupt "
1664                       "while in user mode. Aborting\n");
1665             break;
1666         case POWERPC_EXCP_IO:       /* IO error exception                    */
1667             cpu_abort(cs, "IO error exception while in user mode. "
1668                       "Aborting\n");
1669             break;
1670         case POWERPC_EXCP_RUNM:     /* Run mode exception                    */
1671             cpu_abort(cs, "Run mode exception while in user mode. "
1672                       "Aborting\n");
1673             break;
1674         case POWERPC_EXCP_EMUL:     /* Emulation trap exception              */
1675             cpu_abort(cs, "Emulation trap exception not handled\n");
1676             break;
1677         case POWERPC_EXCP_IFTLB:    /* Instruction fetch TLB error           */
1678             cpu_abort(cs, "Instruction fetch TLB exception "
1679                       "while in user-mode. Aborting");
1680             break;
1681         case POWERPC_EXCP_DLTLB:    /* Data load TLB miss                    */
1682             cpu_abort(cs, "Data load TLB exception while in user-mode. "
1683                       "Aborting");
1684             break;
1685         case POWERPC_EXCP_DSTLB:    /* Data store TLB miss                   */
1686             cpu_abort(cs, "Data store TLB exception while in user-mode. "
1687                       "Aborting");
1688             break;
1689         case POWERPC_EXCP_FPA:      /* Floating-point assist exception       */
1690             cpu_abort(cs, "Floating-point assist exception not handled\n");
1691             break;
1692         case POWERPC_EXCP_IABR:     /* Instruction address breakpoint        */
1693             cpu_abort(cs, "Instruction address breakpoint exception "
1694                       "not handled\n");
1695             break;
1696         case POWERPC_EXCP_SMI:      /* System management interrupt           */
1697             cpu_abort(cs, "System management interrupt while in user mode. "
1698                       "Aborting\n");
1699             break;
1700         case POWERPC_EXCP_THERM:    /* Thermal interrupt                     */
1701             cpu_abort(cs, "Thermal interrupt interrupt while in user mode. "
1702                       "Aborting\n");
1703             break;
1704         case POWERPC_EXCP_PERFM:   /* Embedded performance monitor IRQ      */
1705             cpu_abort(cs, "Performance monitor exception not handled\n");
1706             break;
1707         case POWERPC_EXCP_VPUA:     /* Vector assist exception               */
1708             cpu_abort(cs, "Vector assist exception not handled\n");
1709             break;
1710         case POWERPC_EXCP_SOFTP:    /* Soft patch exception                  */
1711             cpu_abort(cs, "Soft patch exception not handled\n");
1712             break;
1713         case POWERPC_EXCP_MAINT:    /* Maintenance exception                 */
1714             cpu_abort(cs, "Maintenance exception while in user mode. "
1715                       "Aborting\n");
1716             break;
1717         case POWERPC_EXCP_STOP:     /* stop translation                      */
1718             /* We did invalidate the instruction cache. Go on */
1719             break;
1720         case POWERPC_EXCP_BRANCH:   /* branch instruction:                   */
1721             /* We just stopped because of a branch. Go on */
1722             break;
1723         case POWERPC_EXCP_SYSCALL_USER:
1724             /* system call in user-mode emulation */
1725             /* WARNING:
1726              * PPC ABI uses overflow flag in cr0 to signal an error
1727              * in syscalls.
1728              */
1729             env->crf[0] &= ~0x1;
1730             env->nip += 4;
1731             ret = do_syscall(env, env->gpr[0], env->gpr[3], env->gpr[4],
1732                              env->gpr[5], env->gpr[6], env->gpr[7],
1733                              env->gpr[8], 0, 0);
1734             if (ret == -TARGET_ERESTARTSYS) {
1735                 env->nip -= 4;
1736                 break;
1737             }
1738             if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
1739                 /* Returning from a successful sigreturn syscall.
1740                    Avoid corrupting register state.  */
1741                 break;
1742             }
1743             if (ret > (target_ulong)(-515)) {
1744                 env->crf[0] |= 0x1;
1745                 ret = -ret;
1746             }
1747             env->gpr[3] = ret;
1748             break;
1749         case POWERPC_EXCP_STCX:
1750             if (do_store_exclusive(env)) {
1751                 info.si_signo = TARGET_SIGSEGV;
1752                 info.si_errno = 0;
1753                 info.si_code = TARGET_SEGV_MAPERR;
1754                 info._sifields._sigfault._addr = env->nip;
1755                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1756             }
1757             break;
1758         case EXCP_DEBUG:
1759             {
1760                 int sig;
1761 
1762                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
1763                 if (sig) {
1764                     info.si_signo = sig;
1765                     info.si_errno = 0;
1766                     info.si_code = TARGET_TRAP_BRKPT;
1767                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
1768                   }
1769             }
1770             break;
1771         case EXCP_INTERRUPT:
1772             /* just indicate that signals should be handled asap */
1773             break;
1774         case EXCP_ATOMIC:
1775             cpu_exec_step_atomic(cs);
1776             break;
1777         default:
1778             cpu_abort(cs, "Unknown exception 0x%x. Aborting\n", trapnr);
1779             break;
1780         }
1781         process_pending_signals(env);
1782     }
1783 }
1784 #endif
1785 
1786 #ifdef TARGET_MIPS
1787 
1788 # ifdef TARGET_ABI_MIPSO32
1789 #  define MIPS_SYS(name, args) args,
1790 static const uint8_t mips_syscall_args[] = {
1791 	MIPS_SYS(sys_syscall	, 8)	/* 4000 */
1792 	MIPS_SYS(sys_exit	, 1)
1793 	MIPS_SYS(sys_fork	, 0)
1794 	MIPS_SYS(sys_read	, 3)
1795 	MIPS_SYS(sys_write	, 3)
1796 	MIPS_SYS(sys_open	, 3)	/* 4005 */
1797 	MIPS_SYS(sys_close	, 1)
1798 	MIPS_SYS(sys_waitpid	, 3)
1799 	MIPS_SYS(sys_creat	, 2)
1800 	MIPS_SYS(sys_link	, 2)
1801 	MIPS_SYS(sys_unlink	, 1)	/* 4010 */
1802 	MIPS_SYS(sys_execve	, 0)
1803 	MIPS_SYS(sys_chdir	, 1)
1804 	MIPS_SYS(sys_time	, 1)
1805 	MIPS_SYS(sys_mknod	, 3)
1806 	MIPS_SYS(sys_chmod	, 2)	/* 4015 */
1807 	MIPS_SYS(sys_lchown	, 3)
1808 	MIPS_SYS(sys_ni_syscall	, 0)
1809 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_stat */
1810 	MIPS_SYS(sys_lseek	, 3)
1811 	MIPS_SYS(sys_getpid	, 0)	/* 4020 */
1812 	MIPS_SYS(sys_mount	, 5)
1813 	MIPS_SYS(sys_umount	, 1)
1814 	MIPS_SYS(sys_setuid	, 1)
1815 	MIPS_SYS(sys_getuid	, 0)
1816 	MIPS_SYS(sys_stime	, 1)	/* 4025 */
1817 	MIPS_SYS(sys_ptrace	, 4)
1818 	MIPS_SYS(sys_alarm	, 1)
1819 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_fstat */
1820 	MIPS_SYS(sys_pause	, 0)
1821 	MIPS_SYS(sys_utime	, 2)	/* 4030 */
1822 	MIPS_SYS(sys_ni_syscall	, 0)
1823 	MIPS_SYS(sys_ni_syscall	, 0)
1824 	MIPS_SYS(sys_access	, 2)
1825 	MIPS_SYS(sys_nice	, 1)
1826 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4035 */
1827 	MIPS_SYS(sys_sync	, 0)
1828 	MIPS_SYS(sys_kill	, 2)
1829 	MIPS_SYS(sys_rename	, 2)
1830 	MIPS_SYS(sys_mkdir	, 2)
1831 	MIPS_SYS(sys_rmdir	, 1)	/* 4040 */
1832 	MIPS_SYS(sys_dup		, 1)
1833 	MIPS_SYS(sys_pipe	, 0)
1834 	MIPS_SYS(sys_times	, 1)
1835 	MIPS_SYS(sys_ni_syscall	, 0)
1836 	MIPS_SYS(sys_brk		, 1)	/* 4045 */
1837 	MIPS_SYS(sys_setgid	, 1)
1838 	MIPS_SYS(sys_getgid	, 0)
1839 	MIPS_SYS(sys_ni_syscall	, 0)	/* was signal(2) */
1840 	MIPS_SYS(sys_geteuid	, 0)
1841 	MIPS_SYS(sys_getegid	, 0)	/* 4050 */
1842 	MIPS_SYS(sys_acct	, 0)
1843 	MIPS_SYS(sys_umount2	, 2)
1844 	MIPS_SYS(sys_ni_syscall	, 0)
1845 	MIPS_SYS(sys_ioctl	, 3)
1846 	MIPS_SYS(sys_fcntl	, 3)	/* 4055 */
1847 	MIPS_SYS(sys_ni_syscall	, 2)
1848 	MIPS_SYS(sys_setpgid	, 2)
1849 	MIPS_SYS(sys_ni_syscall	, 0)
1850 	MIPS_SYS(sys_olduname	, 1)
1851 	MIPS_SYS(sys_umask	, 1)	/* 4060 */
1852 	MIPS_SYS(sys_chroot	, 1)
1853 	MIPS_SYS(sys_ustat	, 2)
1854 	MIPS_SYS(sys_dup2	, 2)
1855 	MIPS_SYS(sys_getppid	, 0)
1856 	MIPS_SYS(sys_getpgrp	, 0)	/* 4065 */
1857 	MIPS_SYS(sys_setsid	, 0)
1858 	MIPS_SYS(sys_sigaction	, 3)
1859 	MIPS_SYS(sys_sgetmask	, 0)
1860 	MIPS_SYS(sys_ssetmask	, 1)
1861 	MIPS_SYS(sys_setreuid	, 2)	/* 4070 */
1862 	MIPS_SYS(sys_setregid	, 2)
1863 	MIPS_SYS(sys_sigsuspend	, 0)
1864 	MIPS_SYS(sys_sigpending	, 1)
1865 	MIPS_SYS(sys_sethostname	, 2)
1866 	MIPS_SYS(sys_setrlimit	, 2)	/* 4075 */
1867 	MIPS_SYS(sys_getrlimit	, 2)
1868 	MIPS_SYS(sys_getrusage	, 2)
1869 	MIPS_SYS(sys_gettimeofday, 2)
1870 	MIPS_SYS(sys_settimeofday, 2)
1871 	MIPS_SYS(sys_getgroups	, 2)	/* 4080 */
1872 	MIPS_SYS(sys_setgroups	, 2)
1873 	MIPS_SYS(sys_ni_syscall	, 0)	/* old_select */
1874 	MIPS_SYS(sys_symlink	, 2)
1875 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_lstat */
1876 	MIPS_SYS(sys_readlink	, 3)	/* 4085 */
1877 	MIPS_SYS(sys_uselib	, 1)
1878 	MIPS_SYS(sys_swapon	, 2)
1879 	MIPS_SYS(sys_reboot	, 3)
1880 	MIPS_SYS(old_readdir	, 3)
1881 	MIPS_SYS(old_mmap	, 6)	/* 4090 */
1882 	MIPS_SYS(sys_munmap	, 2)
1883 	MIPS_SYS(sys_truncate	, 2)
1884 	MIPS_SYS(sys_ftruncate	, 2)
1885 	MIPS_SYS(sys_fchmod	, 2)
1886 	MIPS_SYS(sys_fchown	, 3)	/* 4095 */
1887 	MIPS_SYS(sys_getpriority	, 2)
1888 	MIPS_SYS(sys_setpriority	, 3)
1889 	MIPS_SYS(sys_ni_syscall	, 0)
1890 	MIPS_SYS(sys_statfs	, 2)
1891 	MIPS_SYS(sys_fstatfs	, 2)	/* 4100 */
1892 	MIPS_SYS(sys_ni_syscall	, 0)	/* was ioperm(2) */
1893 	MIPS_SYS(sys_socketcall	, 2)
1894 	MIPS_SYS(sys_syslog	, 3)
1895 	MIPS_SYS(sys_setitimer	, 3)
1896 	MIPS_SYS(sys_getitimer	, 2)	/* 4105 */
1897 	MIPS_SYS(sys_newstat	, 2)
1898 	MIPS_SYS(sys_newlstat	, 2)
1899 	MIPS_SYS(sys_newfstat	, 2)
1900 	MIPS_SYS(sys_uname	, 1)
1901 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4110 was iopl(2) */
1902 	MIPS_SYS(sys_vhangup	, 0)
1903 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_idle() */
1904 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_vm86 */
1905 	MIPS_SYS(sys_wait4	, 4)
1906 	MIPS_SYS(sys_swapoff	, 1)	/* 4115 */
1907 	MIPS_SYS(sys_sysinfo	, 1)
1908 	MIPS_SYS(sys_ipc		, 6)
1909 	MIPS_SYS(sys_fsync	, 1)
1910 	MIPS_SYS(sys_sigreturn	, 0)
1911 	MIPS_SYS(sys_clone	, 6)	/* 4120 */
1912 	MIPS_SYS(sys_setdomainname, 2)
1913 	MIPS_SYS(sys_newuname	, 1)
1914 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_modify_ldt */
1915 	MIPS_SYS(sys_adjtimex	, 1)
1916 	MIPS_SYS(sys_mprotect	, 3)	/* 4125 */
1917 	MIPS_SYS(sys_sigprocmask	, 3)
1918 	MIPS_SYS(sys_ni_syscall	, 0)	/* was create_module */
1919 	MIPS_SYS(sys_init_module	, 5)
1920 	MIPS_SYS(sys_delete_module, 1)
1921 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4130	was get_kernel_syms */
1922 	MIPS_SYS(sys_quotactl	, 0)
1923 	MIPS_SYS(sys_getpgid	, 1)
1924 	MIPS_SYS(sys_fchdir	, 1)
1925 	MIPS_SYS(sys_bdflush	, 2)
1926 	MIPS_SYS(sys_sysfs	, 3)	/* 4135 */
1927 	MIPS_SYS(sys_personality	, 1)
1928 	MIPS_SYS(sys_ni_syscall	, 0)	/* for afs_syscall */
1929 	MIPS_SYS(sys_setfsuid	, 1)
1930 	MIPS_SYS(sys_setfsgid	, 1)
1931 	MIPS_SYS(sys_llseek	, 5)	/* 4140 */
1932 	MIPS_SYS(sys_getdents	, 3)
1933 	MIPS_SYS(sys_select	, 5)
1934 	MIPS_SYS(sys_flock	, 2)
1935 	MIPS_SYS(sys_msync	, 3)
1936 	MIPS_SYS(sys_readv	, 3)	/* 4145 */
1937 	MIPS_SYS(sys_writev	, 3)
1938 	MIPS_SYS(sys_cacheflush	, 3)
1939 	MIPS_SYS(sys_cachectl	, 3)
1940 	MIPS_SYS(sys_sysmips	, 4)
1941 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4150 */
1942 	MIPS_SYS(sys_getsid	, 1)
1943 	MIPS_SYS(sys_fdatasync	, 0)
1944 	MIPS_SYS(sys_sysctl	, 1)
1945 	MIPS_SYS(sys_mlock	, 2)
1946 	MIPS_SYS(sys_munlock	, 2)	/* 4155 */
1947 	MIPS_SYS(sys_mlockall	, 1)
1948 	MIPS_SYS(sys_munlockall	, 0)
1949 	MIPS_SYS(sys_sched_setparam, 2)
1950 	MIPS_SYS(sys_sched_getparam, 2)
1951 	MIPS_SYS(sys_sched_setscheduler, 3)	/* 4160 */
1952 	MIPS_SYS(sys_sched_getscheduler, 1)
1953 	MIPS_SYS(sys_sched_yield	, 0)
1954 	MIPS_SYS(sys_sched_get_priority_max, 1)
1955 	MIPS_SYS(sys_sched_get_priority_min, 1)
1956 	MIPS_SYS(sys_sched_rr_get_interval, 2)	/* 4165 */
1957 	MIPS_SYS(sys_nanosleep,	2)
1958 	MIPS_SYS(sys_mremap	, 5)
1959 	MIPS_SYS(sys_accept	, 3)
1960 	MIPS_SYS(sys_bind	, 3)
1961 	MIPS_SYS(sys_connect	, 3)	/* 4170 */
1962 	MIPS_SYS(sys_getpeername	, 3)
1963 	MIPS_SYS(sys_getsockname	, 3)
1964 	MIPS_SYS(sys_getsockopt	, 5)
1965 	MIPS_SYS(sys_listen	, 2)
1966 	MIPS_SYS(sys_recv	, 4)	/* 4175 */
1967 	MIPS_SYS(sys_recvfrom	, 6)
1968 	MIPS_SYS(sys_recvmsg	, 3)
1969 	MIPS_SYS(sys_send	, 4)
1970 	MIPS_SYS(sys_sendmsg	, 3)
1971 	MIPS_SYS(sys_sendto	, 6)	/* 4180 */
1972 	MIPS_SYS(sys_setsockopt	, 5)
1973 	MIPS_SYS(sys_shutdown	, 2)
1974 	MIPS_SYS(sys_socket	, 3)
1975 	MIPS_SYS(sys_socketpair	, 4)
1976 	MIPS_SYS(sys_setresuid	, 3)	/* 4185 */
1977 	MIPS_SYS(sys_getresuid	, 3)
1978 	MIPS_SYS(sys_ni_syscall	, 0)	/* was sys_query_module */
1979 	MIPS_SYS(sys_poll	, 3)
1980 	MIPS_SYS(sys_nfsservctl	, 3)
1981 	MIPS_SYS(sys_setresgid	, 3)	/* 4190 */
1982 	MIPS_SYS(sys_getresgid	, 3)
1983 	MIPS_SYS(sys_prctl	, 5)
1984 	MIPS_SYS(sys_rt_sigreturn, 0)
1985 	MIPS_SYS(sys_rt_sigaction, 4)
1986 	MIPS_SYS(sys_rt_sigprocmask, 4)	/* 4195 */
1987 	MIPS_SYS(sys_rt_sigpending, 2)
1988 	MIPS_SYS(sys_rt_sigtimedwait, 4)
1989 	MIPS_SYS(sys_rt_sigqueueinfo, 3)
1990 	MIPS_SYS(sys_rt_sigsuspend, 0)
1991 	MIPS_SYS(sys_pread64	, 6)	/* 4200 */
1992 	MIPS_SYS(sys_pwrite64	, 6)
1993 	MIPS_SYS(sys_chown	, 3)
1994 	MIPS_SYS(sys_getcwd	, 2)
1995 	MIPS_SYS(sys_capget	, 2)
1996 	MIPS_SYS(sys_capset	, 2)	/* 4205 */
1997 	MIPS_SYS(sys_sigaltstack	, 2)
1998 	MIPS_SYS(sys_sendfile	, 4)
1999 	MIPS_SYS(sys_ni_syscall	, 0)
2000 	MIPS_SYS(sys_ni_syscall	, 0)
2001 	MIPS_SYS(sys_mmap2	, 6)	/* 4210 */
2002 	MIPS_SYS(sys_truncate64	, 4)
2003 	MIPS_SYS(sys_ftruncate64	, 4)
2004 	MIPS_SYS(sys_stat64	, 2)
2005 	MIPS_SYS(sys_lstat64	, 2)
2006 	MIPS_SYS(sys_fstat64	, 2)	/* 4215 */
2007 	MIPS_SYS(sys_pivot_root	, 2)
2008 	MIPS_SYS(sys_mincore	, 3)
2009 	MIPS_SYS(sys_madvise	, 3)
2010 	MIPS_SYS(sys_getdents64	, 3)
2011 	MIPS_SYS(sys_fcntl64	, 3)	/* 4220 */
2012 	MIPS_SYS(sys_ni_syscall	, 0)
2013 	MIPS_SYS(sys_gettid	, 0)
2014 	MIPS_SYS(sys_readahead	, 5)
2015 	MIPS_SYS(sys_setxattr	, 5)
2016 	MIPS_SYS(sys_lsetxattr	, 5)	/* 4225 */
2017 	MIPS_SYS(sys_fsetxattr	, 5)
2018 	MIPS_SYS(sys_getxattr	, 4)
2019 	MIPS_SYS(sys_lgetxattr	, 4)
2020 	MIPS_SYS(sys_fgetxattr	, 4)
2021 	MIPS_SYS(sys_listxattr	, 3)	/* 4230 */
2022 	MIPS_SYS(sys_llistxattr	, 3)
2023 	MIPS_SYS(sys_flistxattr	, 3)
2024 	MIPS_SYS(sys_removexattr	, 2)
2025 	MIPS_SYS(sys_lremovexattr, 2)
2026 	MIPS_SYS(sys_fremovexattr, 2)	/* 4235 */
2027 	MIPS_SYS(sys_tkill	, 2)
2028 	MIPS_SYS(sys_sendfile64	, 5)
2029 	MIPS_SYS(sys_futex	, 6)
2030 	MIPS_SYS(sys_sched_setaffinity, 3)
2031 	MIPS_SYS(sys_sched_getaffinity, 3)	/* 4240 */
2032 	MIPS_SYS(sys_io_setup	, 2)
2033 	MIPS_SYS(sys_io_destroy	, 1)
2034 	MIPS_SYS(sys_io_getevents, 5)
2035 	MIPS_SYS(sys_io_submit	, 3)
2036 	MIPS_SYS(sys_io_cancel	, 3)	/* 4245 */
2037 	MIPS_SYS(sys_exit_group	, 1)
2038 	MIPS_SYS(sys_lookup_dcookie, 3)
2039 	MIPS_SYS(sys_epoll_create, 1)
2040 	MIPS_SYS(sys_epoll_ctl	, 4)
2041 	MIPS_SYS(sys_epoll_wait	, 3)	/* 4250 */
2042 	MIPS_SYS(sys_remap_file_pages, 5)
2043 	MIPS_SYS(sys_set_tid_address, 1)
2044 	MIPS_SYS(sys_restart_syscall, 0)
2045 	MIPS_SYS(sys_fadvise64_64, 7)
2046 	MIPS_SYS(sys_statfs64	, 3)	/* 4255 */
2047 	MIPS_SYS(sys_fstatfs64	, 2)
2048 	MIPS_SYS(sys_timer_create, 3)
2049 	MIPS_SYS(sys_timer_settime, 4)
2050 	MIPS_SYS(sys_timer_gettime, 2)
2051 	MIPS_SYS(sys_timer_getoverrun, 1)	/* 4260 */
2052 	MIPS_SYS(sys_timer_delete, 1)
2053 	MIPS_SYS(sys_clock_settime, 2)
2054 	MIPS_SYS(sys_clock_gettime, 2)
2055 	MIPS_SYS(sys_clock_getres, 2)
2056 	MIPS_SYS(sys_clock_nanosleep, 4)	/* 4265 */
2057 	MIPS_SYS(sys_tgkill	, 3)
2058 	MIPS_SYS(sys_utimes	, 2)
2059 	MIPS_SYS(sys_mbind	, 4)
2060 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_get_mempolicy */
2061 	MIPS_SYS(sys_ni_syscall	, 0)	/* 4270 sys_set_mempolicy */
2062 	MIPS_SYS(sys_mq_open	, 4)
2063 	MIPS_SYS(sys_mq_unlink	, 1)
2064 	MIPS_SYS(sys_mq_timedsend, 5)
2065 	MIPS_SYS(sys_mq_timedreceive, 5)
2066 	MIPS_SYS(sys_mq_notify	, 2)	/* 4275 */
2067 	MIPS_SYS(sys_mq_getsetattr, 3)
2068 	MIPS_SYS(sys_ni_syscall	, 0)	/* sys_vserver */
2069 	MIPS_SYS(sys_waitid	, 4)
2070 	MIPS_SYS(sys_ni_syscall	, 0)	/* available, was setaltroot */
2071 	MIPS_SYS(sys_add_key	, 5)
2072 	MIPS_SYS(sys_request_key, 4)
2073 	MIPS_SYS(sys_keyctl	, 5)
2074 	MIPS_SYS(sys_set_thread_area, 1)
2075 	MIPS_SYS(sys_inotify_init, 0)
2076 	MIPS_SYS(sys_inotify_add_watch, 3) /* 4285 */
2077 	MIPS_SYS(sys_inotify_rm_watch, 2)
2078 	MIPS_SYS(sys_migrate_pages, 4)
2079 	MIPS_SYS(sys_openat, 4)
2080 	MIPS_SYS(sys_mkdirat, 3)
2081 	MIPS_SYS(sys_mknodat, 4)	/* 4290 */
2082 	MIPS_SYS(sys_fchownat, 5)
2083 	MIPS_SYS(sys_futimesat, 3)
2084 	MIPS_SYS(sys_fstatat64, 4)
2085 	MIPS_SYS(sys_unlinkat, 3)
2086 	MIPS_SYS(sys_renameat, 4)	/* 4295 */
2087 	MIPS_SYS(sys_linkat, 5)
2088 	MIPS_SYS(sys_symlinkat, 3)
2089 	MIPS_SYS(sys_readlinkat, 4)
2090 	MIPS_SYS(sys_fchmodat, 3)
2091 	MIPS_SYS(sys_faccessat, 3)	/* 4300 */
2092 	MIPS_SYS(sys_pselect6, 6)
2093 	MIPS_SYS(sys_ppoll, 5)
2094 	MIPS_SYS(sys_unshare, 1)
2095 	MIPS_SYS(sys_splice, 6)
2096 	MIPS_SYS(sys_sync_file_range, 7) /* 4305 */
2097 	MIPS_SYS(sys_tee, 4)
2098 	MIPS_SYS(sys_vmsplice, 4)
2099 	MIPS_SYS(sys_move_pages, 6)
2100 	MIPS_SYS(sys_set_robust_list, 2)
2101 	MIPS_SYS(sys_get_robust_list, 3) /* 4310 */
2102 	MIPS_SYS(sys_kexec_load, 4)
2103 	MIPS_SYS(sys_getcpu, 3)
2104 	MIPS_SYS(sys_epoll_pwait, 6)
2105 	MIPS_SYS(sys_ioprio_set, 3)
2106 	MIPS_SYS(sys_ioprio_get, 2)
2107         MIPS_SYS(sys_utimensat, 4)
2108         MIPS_SYS(sys_signalfd, 3)
2109         MIPS_SYS(sys_ni_syscall, 0)     /* was timerfd */
2110         MIPS_SYS(sys_eventfd, 1)
2111         MIPS_SYS(sys_fallocate, 6)      /* 4320 */
2112         MIPS_SYS(sys_timerfd_create, 2)
2113         MIPS_SYS(sys_timerfd_gettime, 2)
2114         MIPS_SYS(sys_timerfd_settime, 4)
2115         MIPS_SYS(sys_signalfd4, 4)
2116         MIPS_SYS(sys_eventfd2, 2)       /* 4325 */
2117         MIPS_SYS(sys_epoll_create1, 1)
2118         MIPS_SYS(sys_dup3, 3)
2119         MIPS_SYS(sys_pipe2, 2)
2120         MIPS_SYS(sys_inotify_init1, 1)
2121         MIPS_SYS(sys_preadv, 5)         /* 4330 */
2122         MIPS_SYS(sys_pwritev, 5)
2123         MIPS_SYS(sys_rt_tgsigqueueinfo, 4)
2124         MIPS_SYS(sys_perf_event_open, 5)
2125         MIPS_SYS(sys_accept4, 4)
2126         MIPS_SYS(sys_recvmmsg, 5)       /* 4335 */
2127         MIPS_SYS(sys_fanotify_init, 2)
2128         MIPS_SYS(sys_fanotify_mark, 6)
2129         MIPS_SYS(sys_prlimit64, 4)
2130         MIPS_SYS(sys_name_to_handle_at, 5)
2131         MIPS_SYS(sys_open_by_handle_at, 3) /* 4340 */
2132         MIPS_SYS(sys_clock_adjtime, 2)
2133         MIPS_SYS(sys_syncfs, 1)
2134         MIPS_SYS(sys_sendmmsg, 4)
2135         MIPS_SYS(sys_setns, 2)
2136         MIPS_SYS(sys_process_vm_readv, 6) /* 345 */
2137         MIPS_SYS(sys_process_vm_writev, 6)
2138         MIPS_SYS(sys_kcmp, 5)
2139         MIPS_SYS(sys_finit_module, 3)
2140         MIPS_SYS(sys_sched_setattr, 2)
2141         MIPS_SYS(sys_sched_getattr, 3)  /* 350 */
2142         MIPS_SYS(sys_renameat2, 5)
2143         MIPS_SYS(sys_seccomp, 3)
2144         MIPS_SYS(sys_getrandom, 3)
2145         MIPS_SYS(sys_memfd_create, 2)
2146         MIPS_SYS(sys_bpf, 3)            /* 355 */
2147         MIPS_SYS(sys_execveat, 5)
2148         MIPS_SYS(sys_userfaultfd, 1)
2149         MIPS_SYS(sys_membarrier, 2)
2150         MIPS_SYS(sys_mlock2, 3)
2151         MIPS_SYS(sys_copy_file_range, 6) /* 360 */
2152         MIPS_SYS(sys_preadv2, 6)
2153         MIPS_SYS(sys_pwritev2, 6)
2154 };
2155 #  undef MIPS_SYS
2156 # endif /* O32 */
2157 
2158 static int do_store_exclusive(CPUMIPSState *env)
2159 {
2160     target_ulong addr;
2161     target_ulong page_addr;
2162     target_ulong val;
2163     int flags;
2164     int segv = 0;
2165     int reg;
2166     int d;
2167 
2168     addr = env->lladdr;
2169     page_addr = addr & TARGET_PAGE_MASK;
2170     start_exclusive();
2171     mmap_lock();
2172     flags = page_get_flags(page_addr);
2173     if ((flags & PAGE_READ) == 0) {
2174         segv = 1;
2175     } else {
2176         reg = env->llreg & 0x1f;
2177         d = (env->llreg & 0x20) != 0;
2178         if (d) {
2179             segv = get_user_s64(val, addr);
2180         } else {
2181             segv = get_user_s32(val, addr);
2182         }
2183         if (!segv) {
2184             if (val != env->llval) {
2185                 env->active_tc.gpr[reg] = 0;
2186             } else {
2187                 if (d) {
2188                     segv = put_user_u64(env->llnewval, addr);
2189                 } else {
2190                     segv = put_user_u32(env->llnewval, addr);
2191                 }
2192                 if (!segv) {
2193                     env->active_tc.gpr[reg] = 1;
2194                 }
2195             }
2196         }
2197     }
2198     env->lladdr = -1;
2199     if (!segv) {
2200         env->active_tc.PC += 4;
2201     }
2202     mmap_unlock();
2203     end_exclusive();
2204     return segv;
2205 }
2206 
2207 /* Break codes */
2208 enum {
2209     BRK_OVERFLOW = 6,
2210     BRK_DIVZERO = 7
2211 };
2212 
2213 static int do_break(CPUMIPSState *env, target_siginfo_t *info,
2214                     unsigned int code)
2215 {
2216     int ret = -1;
2217 
2218     switch (code) {
2219     case BRK_OVERFLOW:
2220     case BRK_DIVZERO:
2221         info->si_signo = TARGET_SIGFPE;
2222         info->si_errno = 0;
2223         info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV;
2224         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2225         ret = 0;
2226         break;
2227     default:
2228         info->si_signo = TARGET_SIGTRAP;
2229         info->si_errno = 0;
2230         queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info);
2231         ret = 0;
2232         break;
2233     }
2234 
2235     return ret;
2236 }
2237 
2238 void cpu_loop(CPUMIPSState *env)
2239 {
2240     CPUState *cs = CPU(mips_env_get_cpu(env));
2241     target_siginfo_t info;
2242     int trapnr;
2243     abi_long ret;
2244 # ifdef TARGET_ABI_MIPSO32
2245     unsigned int syscall_num;
2246 # endif
2247 
2248     for(;;) {
2249         cpu_exec_start(cs);
2250         trapnr = cpu_exec(cs);
2251         cpu_exec_end(cs);
2252         process_queued_cpu_work(cs);
2253 
2254         switch(trapnr) {
2255         case EXCP_SYSCALL:
2256             env->active_tc.PC += 4;
2257 # ifdef TARGET_ABI_MIPSO32
2258             syscall_num = env->active_tc.gpr[2] - 4000;
2259             if (syscall_num >= sizeof(mips_syscall_args)) {
2260                 ret = -TARGET_ENOSYS;
2261             } else {
2262                 int nb_args;
2263                 abi_ulong sp_reg;
2264                 abi_ulong arg5 = 0, arg6 = 0, arg7 = 0, arg8 = 0;
2265 
2266                 nb_args = mips_syscall_args[syscall_num];
2267                 sp_reg = env->active_tc.gpr[29];
2268                 switch (nb_args) {
2269                 /* these arguments are taken from the stack */
2270                 case 8:
2271                     if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) {
2272                         goto done_syscall;
2273                     }
2274                 case 7:
2275                     if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) {
2276                         goto done_syscall;
2277                     }
2278                 case 6:
2279                     if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) {
2280                         goto done_syscall;
2281                     }
2282                 case 5:
2283                     if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) {
2284                         goto done_syscall;
2285                     }
2286                 default:
2287                     break;
2288                 }
2289                 ret = do_syscall(env, env->active_tc.gpr[2],
2290                                  env->active_tc.gpr[4],
2291                                  env->active_tc.gpr[5],
2292                                  env->active_tc.gpr[6],
2293                                  env->active_tc.gpr[7],
2294                                  arg5, arg6, arg7, arg8);
2295             }
2296 done_syscall:
2297 # else
2298             ret = do_syscall(env, env->active_tc.gpr[2],
2299                              env->active_tc.gpr[4], env->active_tc.gpr[5],
2300                              env->active_tc.gpr[6], env->active_tc.gpr[7],
2301                              env->active_tc.gpr[8], env->active_tc.gpr[9],
2302                              env->active_tc.gpr[10], env->active_tc.gpr[11]);
2303 # endif /* O32 */
2304             if (ret == -TARGET_ERESTARTSYS) {
2305                 env->active_tc.PC -= 4;
2306                 break;
2307             }
2308             if (ret == -TARGET_QEMU_ESIGRETURN) {
2309                 /* Returning from a successful sigreturn syscall.
2310                    Avoid clobbering register state.  */
2311                 break;
2312             }
2313             if ((abi_ulong)ret >= (abi_ulong)-1133) {
2314                 env->active_tc.gpr[7] = 1; /* error flag */
2315                 ret = -ret;
2316             } else {
2317                 env->active_tc.gpr[7] = 0; /* error flag */
2318             }
2319             env->active_tc.gpr[2] = ret;
2320             break;
2321         case EXCP_TLBL:
2322         case EXCP_TLBS:
2323         case EXCP_AdEL:
2324         case EXCP_AdES:
2325             info.si_signo = TARGET_SIGSEGV;
2326             info.si_errno = 0;
2327             /* XXX: check env->error_code */
2328             info.si_code = TARGET_SEGV_MAPERR;
2329             info._sifields._sigfault._addr = env->CP0_BadVAddr;
2330             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2331             break;
2332         case EXCP_CpU:
2333         case EXCP_RI:
2334             info.si_signo = TARGET_SIGILL;
2335             info.si_errno = 0;
2336             info.si_code = 0;
2337             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2338             break;
2339         case EXCP_INTERRUPT:
2340             /* just indicate that signals should be handled asap */
2341             break;
2342         case EXCP_DEBUG:
2343             {
2344                 int sig;
2345 
2346                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2347                 if (sig)
2348                   {
2349                     info.si_signo = sig;
2350                     info.si_errno = 0;
2351                     info.si_code = TARGET_TRAP_BRKPT;
2352                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2353                   }
2354             }
2355             break;
2356         case EXCP_SC:
2357             if (do_store_exclusive(env)) {
2358                 info.si_signo = TARGET_SIGSEGV;
2359                 info.si_errno = 0;
2360                 info.si_code = TARGET_SEGV_MAPERR;
2361                 info._sifields._sigfault._addr = env->active_tc.PC;
2362                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2363             }
2364             break;
2365         case EXCP_DSPDIS:
2366             info.si_signo = TARGET_SIGILL;
2367             info.si_errno = 0;
2368             info.si_code = TARGET_ILL_ILLOPC;
2369             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2370             break;
2371         /* The code below was inspired by the MIPS Linux kernel trap
2372          * handling code in arch/mips/kernel/traps.c.
2373          */
2374         case EXCP_BREAK:
2375             {
2376                 abi_ulong trap_instr;
2377                 unsigned int code;
2378 
2379                 if (env->hflags & MIPS_HFLAG_M16) {
2380                     if (env->insn_flags & ASE_MICROMIPS) {
2381                         /* microMIPS mode */
2382                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2383                         if (ret != 0) {
2384                             goto error;
2385                         }
2386 
2387                         if ((trap_instr >> 10) == 0x11) {
2388                             /* 16-bit instruction */
2389                             code = trap_instr & 0xf;
2390                         } else {
2391                             /* 32-bit instruction */
2392                             abi_ulong instr_lo;
2393 
2394                             ret = get_user_u16(instr_lo,
2395                                                env->active_tc.PC + 2);
2396                             if (ret != 0) {
2397                                 goto error;
2398                             }
2399                             trap_instr = (trap_instr << 16) | instr_lo;
2400                             code = ((trap_instr >> 6) & ((1 << 20) - 1));
2401                             /* Unfortunately, microMIPS also suffers from
2402                                the old assembler bug...  */
2403                             if (code >= (1 << 10)) {
2404                                 code >>= 10;
2405                             }
2406                         }
2407                     } else {
2408                         /* MIPS16e mode */
2409                         ret = get_user_u16(trap_instr, env->active_tc.PC);
2410                         if (ret != 0) {
2411                             goto error;
2412                         }
2413                         code = (trap_instr >> 6) & 0x3f;
2414                     }
2415                 } else {
2416                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2417                     if (ret != 0) {
2418                         goto error;
2419                     }
2420 
2421                     /* As described in the original Linux kernel code, the
2422                      * below checks on 'code' are to work around an old
2423                      * assembly bug.
2424                      */
2425                     code = ((trap_instr >> 6) & ((1 << 20) - 1));
2426                     if (code >= (1 << 10)) {
2427                         code >>= 10;
2428                     }
2429                 }
2430 
2431                 if (do_break(env, &info, code) != 0) {
2432                     goto error;
2433                 }
2434             }
2435             break;
2436         case EXCP_TRAP:
2437             {
2438                 abi_ulong trap_instr;
2439                 unsigned int code = 0;
2440 
2441                 if (env->hflags & MIPS_HFLAG_M16) {
2442                     /* microMIPS mode */
2443                     abi_ulong instr[2];
2444 
2445                     ret = get_user_u16(instr[0], env->active_tc.PC) ||
2446                           get_user_u16(instr[1], env->active_tc.PC + 2);
2447 
2448                     trap_instr = (instr[0] << 16) | instr[1];
2449                 } else {
2450                     ret = get_user_u32(trap_instr, env->active_tc.PC);
2451                 }
2452 
2453                 if (ret != 0) {
2454                     goto error;
2455                 }
2456 
2457                 /* The immediate versions don't provide a code.  */
2458                 if (!(trap_instr & 0xFC000000)) {
2459                     if (env->hflags & MIPS_HFLAG_M16) {
2460                         /* microMIPS mode */
2461                         code = ((trap_instr >> 12) & ((1 << 4) - 1));
2462                     } else {
2463                         code = ((trap_instr >> 6) & ((1 << 10) - 1));
2464                     }
2465                 }
2466 
2467                 if (do_break(env, &info, code) != 0) {
2468                     goto error;
2469                 }
2470             }
2471             break;
2472         case EXCP_ATOMIC:
2473             cpu_exec_step_atomic(cs);
2474             break;
2475         default:
2476 error:
2477             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
2478             abort();
2479         }
2480         process_pending_signals(env);
2481     }
2482 }
2483 #endif
2484 
2485 #ifdef TARGET_NIOS2
2486 
2487 void cpu_loop(CPUNios2State *env)
2488 {
2489     CPUState *cs = ENV_GET_CPU(env);
2490     Nios2CPU *cpu = NIOS2_CPU(cs);
2491     target_siginfo_t info;
2492     int trapnr, gdbsig, ret;
2493 
2494     for (;;) {
2495         cpu_exec_start(cs);
2496         trapnr = cpu_exec(cs);
2497         cpu_exec_end(cs);
2498         gdbsig = 0;
2499 
2500         switch (trapnr) {
2501         case EXCP_INTERRUPT:
2502             /* just indicate that signals should be handled asap */
2503             break;
2504         case EXCP_TRAP:
2505             if (env->regs[R_AT] == 0) {
2506                 abi_long ret;
2507                 qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
2508 
2509                 ret = do_syscall(env, env->regs[2],
2510                                  env->regs[4], env->regs[5], env->regs[6],
2511                                  env->regs[7], env->regs[8], env->regs[9],
2512                                  0, 0);
2513 
2514                 if (env->regs[2] == 0) {    /* FIXME: syscall 0 workaround */
2515                     ret = 0;
2516                 }
2517 
2518                 env->regs[2] = abs(ret);
2519                 /* Return value is 0..4096 */
2520                 env->regs[7] = (ret > 0xfffffffffffff000ULL);
2521                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2522                 env->regs[CR_STATUS] &= ~0x3;
2523                 env->regs[R_EA] = env->regs[R_PC] + 4;
2524                 env->regs[R_PC] += 4;
2525                 break;
2526             } else {
2527                 qemu_log_mask(CPU_LOG_INT, "\nTrap\n");
2528 
2529                 env->regs[CR_ESTATUS] = env->regs[CR_STATUS];
2530                 env->regs[CR_STATUS] &= ~0x3;
2531                 env->regs[R_EA] = env->regs[R_PC] + 4;
2532                 env->regs[R_PC] = cpu->exception_addr;
2533 
2534                 gdbsig = TARGET_SIGTRAP;
2535                 break;
2536             }
2537         case 0xaa:
2538             switch (env->regs[R_PC]) {
2539             /*case 0x1000:*/  /* TODO:__kuser_helper_version */
2540             case 0x1004:      /* __kuser_cmpxchg */
2541                 start_exclusive();
2542                 if (env->regs[4] & 0x3) {
2543                     goto kuser_fail;
2544                 }
2545                 ret = get_user_u32(env->regs[2], env->regs[4]);
2546                 if (ret) {
2547                     end_exclusive();
2548                     goto kuser_fail;
2549                 }
2550                 env->regs[2] -= env->regs[5];
2551                 if (env->regs[2] == 0) {
2552                     put_user_u32(env->regs[6], env->regs[4]);
2553                 }
2554                 end_exclusive();
2555                 env->regs[R_PC] = env->regs[R_RA];
2556                 break;
2557             /*case 0x1040:*/  /* TODO:__kuser_sigtramp */
2558             default:
2559                 ;
2560 kuser_fail:
2561                 info.si_signo = TARGET_SIGSEGV;
2562                 info.si_errno = 0;
2563                 /* TODO: check env->error_code */
2564                 info.si_code = TARGET_SEGV_MAPERR;
2565                 info._sifields._sigfault._addr = env->regs[R_PC];
2566                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2567             }
2568             break;
2569         default:
2570             EXCP_DUMP(env, "\nqemu: unhandled CPU exception %#x - aborting\n",
2571                      trapnr);
2572             gdbsig = TARGET_SIGILL;
2573             break;
2574         }
2575         if (gdbsig) {
2576             gdb_handlesig(cs, gdbsig);
2577             if (gdbsig != TARGET_SIGTRAP) {
2578                 exit(EXIT_FAILURE);
2579             }
2580         }
2581 
2582         process_pending_signals(env);
2583     }
2584 }
2585 
2586 #endif /* TARGET_NIOS2 */
2587 
2588 #ifdef TARGET_OPENRISC
2589 
2590 void cpu_loop(CPUOpenRISCState *env)
2591 {
2592     CPUState *cs = CPU(openrisc_env_get_cpu(env));
2593     int trapnr;
2594     abi_long ret;
2595     target_siginfo_t info;
2596 
2597     for (;;) {
2598         cpu_exec_start(cs);
2599         trapnr = cpu_exec(cs);
2600         cpu_exec_end(cs);
2601         process_queued_cpu_work(cs);
2602 
2603         switch (trapnr) {
2604         case EXCP_SYSCALL:
2605             env->pc += 4;   /* 0xc00; */
2606             ret = do_syscall(env,
2607                              cpu_get_gpr(env, 11), /* return value       */
2608                              cpu_get_gpr(env, 3),  /* r3 - r7 are params */
2609                              cpu_get_gpr(env, 4),
2610                              cpu_get_gpr(env, 5),
2611                              cpu_get_gpr(env, 6),
2612                              cpu_get_gpr(env, 7),
2613                              cpu_get_gpr(env, 8), 0, 0);
2614             if (ret == -TARGET_ERESTARTSYS) {
2615                 env->pc -= 4;
2616             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2617                 cpu_set_gpr(env, 11, ret);
2618             }
2619             break;
2620         case EXCP_DPF:
2621         case EXCP_IPF:
2622         case EXCP_RANGE:
2623             info.si_signo = TARGET_SIGSEGV;
2624             info.si_errno = 0;
2625             info.si_code = TARGET_SEGV_MAPERR;
2626             info._sifields._sigfault._addr = env->pc;
2627             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2628             break;
2629         case EXCP_ALIGN:
2630             info.si_signo = TARGET_SIGBUS;
2631             info.si_errno = 0;
2632             info.si_code = TARGET_BUS_ADRALN;
2633             info._sifields._sigfault._addr = env->pc;
2634             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2635             break;
2636         case EXCP_ILLEGAL:
2637             info.si_signo = TARGET_SIGILL;
2638             info.si_errno = 0;
2639             info.si_code = TARGET_ILL_ILLOPC;
2640             info._sifields._sigfault._addr = env->pc;
2641             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2642             break;
2643         case EXCP_FPE:
2644             info.si_signo = TARGET_SIGFPE;
2645             info.si_errno = 0;
2646             info.si_code = 0;
2647             info._sifields._sigfault._addr = env->pc;
2648             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2649             break;
2650         case EXCP_INTERRUPT:
2651             /* We processed the pending cpu work above.  */
2652             break;
2653         case EXCP_DEBUG:
2654             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
2655             if (trapnr) {
2656                 info.si_signo = trapnr;
2657                 info.si_errno = 0;
2658                 info.si_code = TARGET_TRAP_BRKPT;
2659                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2660             }
2661             break;
2662         case EXCP_ATOMIC:
2663             cpu_exec_step_atomic(cs);
2664             break;
2665         default:
2666             g_assert_not_reached();
2667         }
2668         process_pending_signals(env);
2669     }
2670 }
2671 
2672 #endif /* TARGET_OPENRISC */
2673 
2674 #ifdef TARGET_SH4
2675 void cpu_loop(CPUSH4State *env)
2676 {
2677     CPUState *cs = CPU(sh_env_get_cpu(env));
2678     int trapnr, ret;
2679     target_siginfo_t info;
2680 
2681     while (1) {
2682         bool arch_interrupt = true;
2683 
2684         cpu_exec_start(cs);
2685         trapnr = cpu_exec(cs);
2686         cpu_exec_end(cs);
2687         process_queued_cpu_work(cs);
2688 
2689         switch (trapnr) {
2690         case 0x160:
2691             env->pc += 2;
2692             ret = do_syscall(env,
2693                              env->gregs[3],
2694                              env->gregs[4],
2695                              env->gregs[5],
2696                              env->gregs[6],
2697                              env->gregs[7],
2698                              env->gregs[0],
2699                              env->gregs[1],
2700                              0, 0);
2701             if (ret == -TARGET_ERESTARTSYS) {
2702                 env->pc -= 2;
2703             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2704                 env->gregs[0] = ret;
2705             }
2706             break;
2707         case EXCP_INTERRUPT:
2708             /* just indicate that signals should be handled asap */
2709             break;
2710         case EXCP_DEBUG:
2711             {
2712                 int sig;
2713 
2714                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2715                 if (sig) {
2716                     info.si_signo = sig;
2717                     info.si_errno = 0;
2718                     info.si_code = TARGET_TRAP_BRKPT;
2719                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2720                 } else {
2721                     arch_interrupt = false;
2722                 }
2723             }
2724             break;
2725 	case 0xa0:
2726 	case 0xc0:
2727             info.si_signo = TARGET_SIGSEGV;
2728             info.si_errno = 0;
2729             info.si_code = TARGET_SEGV_MAPERR;
2730             info._sifields._sigfault._addr = env->tea;
2731             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2732 	    break;
2733         case EXCP_ATOMIC:
2734             cpu_exec_step_atomic(cs);
2735             arch_interrupt = false;
2736             break;
2737         default:
2738             printf ("Unhandled trap: 0x%x\n", trapnr);
2739             cpu_dump_state(cs, stderr, fprintf, 0);
2740             exit(EXIT_FAILURE);
2741         }
2742         process_pending_signals (env);
2743 
2744         /* Most of the traps imply an exception or interrupt, which
2745            implies an REI instruction has been executed.  Which means
2746            that LDST (aka LOK_ADDR) should be cleared.  But there are
2747            a few exceptions for traps internal to QEMU.  */
2748         if (arch_interrupt) {
2749             env->lock_addr = -1;
2750         }
2751     }
2752 }
2753 #endif
2754 
2755 #ifdef TARGET_CRIS
2756 void cpu_loop(CPUCRISState *env)
2757 {
2758     CPUState *cs = CPU(cris_env_get_cpu(env));
2759     int trapnr, ret;
2760     target_siginfo_t info;
2761 
2762     while (1) {
2763         cpu_exec_start(cs);
2764         trapnr = cpu_exec(cs);
2765         cpu_exec_end(cs);
2766         process_queued_cpu_work(cs);
2767 
2768         switch (trapnr) {
2769         case 0xaa:
2770             {
2771                 info.si_signo = TARGET_SIGSEGV;
2772                 info.si_errno = 0;
2773                 /* XXX: check env->error_code */
2774                 info.si_code = TARGET_SEGV_MAPERR;
2775                 info._sifields._sigfault._addr = env->pregs[PR_EDA];
2776                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2777             }
2778             break;
2779 	case EXCP_INTERRUPT:
2780 	  /* just indicate that signals should be handled asap */
2781 	  break;
2782         case EXCP_BREAK:
2783             ret = do_syscall(env,
2784                              env->regs[9],
2785                              env->regs[10],
2786                              env->regs[11],
2787                              env->regs[12],
2788                              env->regs[13],
2789                              env->pregs[7],
2790                              env->pregs[11],
2791                              0, 0);
2792             if (ret == -TARGET_ERESTARTSYS) {
2793                 env->pc -= 2;
2794             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2795                 env->regs[10] = ret;
2796             }
2797             break;
2798         case EXCP_DEBUG:
2799             {
2800                 int sig;
2801 
2802                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2803                 if (sig)
2804                   {
2805                     info.si_signo = sig;
2806                     info.si_errno = 0;
2807                     info.si_code = TARGET_TRAP_BRKPT;
2808                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2809                   }
2810             }
2811             break;
2812         case EXCP_ATOMIC:
2813             cpu_exec_step_atomic(cs);
2814             break;
2815         default:
2816             printf ("Unhandled trap: 0x%x\n", trapnr);
2817             cpu_dump_state(cs, stderr, fprintf, 0);
2818             exit(EXIT_FAILURE);
2819         }
2820         process_pending_signals (env);
2821     }
2822 }
2823 #endif
2824 
2825 #ifdef TARGET_MICROBLAZE
2826 void cpu_loop(CPUMBState *env)
2827 {
2828     CPUState *cs = CPU(mb_env_get_cpu(env));
2829     int trapnr, ret;
2830     target_siginfo_t info;
2831 
2832     while (1) {
2833         cpu_exec_start(cs);
2834         trapnr = cpu_exec(cs);
2835         cpu_exec_end(cs);
2836         process_queued_cpu_work(cs);
2837 
2838         switch (trapnr) {
2839         case 0xaa:
2840             {
2841                 info.si_signo = TARGET_SIGSEGV;
2842                 info.si_errno = 0;
2843                 /* XXX: check env->error_code */
2844                 info.si_code = TARGET_SEGV_MAPERR;
2845                 info._sifields._sigfault._addr = 0;
2846                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2847             }
2848             break;
2849 	case EXCP_INTERRUPT:
2850 	  /* just indicate that signals should be handled asap */
2851 	  break;
2852         case EXCP_BREAK:
2853             /* Return address is 4 bytes after the call.  */
2854             env->regs[14] += 4;
2855             env->sregs[SR_PC] = env->regs[14];
2856             ret = do_syscall(env,
2857                              env->regs[12],
2858                              env->regs[5],
2859                              env->regs[6],
2860                              env->regs[7],
2861                              env->regs[8],
2862                              env->regs[9],
2863                              env->regs[10],
2864                              0, 0);
2865             if (ret == -TARGET_ERESTARTSYS) {
2866                 /* Wind back to before the syscall. */
2867                 env->sregs[SR_PC] -= 4;
2868             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
2869                 env->regs[3] = ret;
2870             }
2871             /* All syscall exits result in guest r14 being equal to the
2872              * PC we return to, because the kernel syscall exit "rtbd" does
2873              * this. (This is true even for sigreturn(); note that r14 is
2874              * not a userspace-usable register, as the kernel may clobber it
2875              * at any point.)
2876              */
2877             env->regs[14] = env->sregs[SR_PC];
2878             break;
2879         case EXCP_HW_EXCP:
2880             env->regs[17] = env->sregs[SR_PC] + 4;
2881             if (env->iflags & D_FLAG) {
2882                 env->sregs[SR_ESR] |= 1 << 12;
2883                 env->sregs[SR_PC] -= 4;
2884                 /* FIXME: if branch was immed, replay the imm as well.  */
2885             }
2886 
2887             env->iflags &= ~(IMM_FLAG | D_FLAG);
2888 
2889             switch (env->sregs[SR_ESR] & 31) {
2890                 case ESR_EC_DIVZERO:
2891                     info.si_signo = TARGET_SIGFPE;
2892                     info.si_errno = 0;
2893                     info.si_code = TARGET_FPE_FLTDIV;
2894                     info._sifields._sigfault._addr = 0;
2895                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2896                     break;
2897                 case ESR_EC_FPU:
2898                     info.si_signo = TARGET_SIGFPE;
2899                     info.si_errno = 0;
2900                     if (env->sregs[SR_FSR] & FSR_IO) {
2901                         info.si_code = TARGET_FPE_FLTINV;
2902                     }
2903                     if (env->sregs[SR_FSR] & FSR_DZ) {
2904                         info.si_code = TARGET_FPE_FLTDIV;
2905                     }
2906                     info._sifields._sigfault._addr = 0;
2907                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2908                     break;
2909                 default:
2910                     printf ("Unhandled hw-exception: 0x%x\n",
2911                             env->sregs[SR_ESR] & ESR_EC_MASK);
2912                     cpu_dump_state(cs, stderr, fprintf, 0);
2913                     exit(EXIT_FAILURE);
2914                     break;
2915             }
2916             break;
2917         case EXCP_DEBUG:
2918             {
2919                 int sig;
2920 
2921                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
2922                 if (sig)
2923                   {
2924                     info.si_signo = sig;
2925                     info.si_errno = 0;
2926                     info.si_code = TARGET_TRAP_BRKPT;
2927                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2928                   }
2929             }
2930             break;
2931         case EXCP_ATOMIC:
2932             cpu_exec_step_atomic(cs);
2933             break;
2934         default:
2935             printf ("Unhandled trap: 0x%x\n", trapnr);
2936             cpu_dump_state(cs, stderr, fprintf, 0);
2937             exit(EXIT_FAILURE);
2938         }
2939         process_pending_signals (env);
2940     }
2941 }
2942 #endif
2943 
2944 #ifdef TARGET_M68K
2945 
2946 void cpu_loop(CPUM68KState *env)
2947 {
2948     CPUState *cs = CPU(m68k_env_get_cpu(env));
2949     int trapnr;
2950     unsigned int n;
2951     target_siginfo_t info;
2952     TaskState *ts = cs->opaque;
2953 
2954     for(;;) {
2955         cpu_exec_start(cs);
2956         trapnr = cpu_exec(cs);
2957         cpu_exec_end(cs);
2958         process_queued_cpu_work(cs);
2959 
2960         switch(trapnr) {
2961         case EXCP_ILLEGAL:
2962             {
2963                 if (ts->sim_syscalls) {
2964                     uint16_t nr;
2965                     get_user_u16(nr, env->pc + 2);
2966                     env->pc += 4;
2967                     do_m68k_simcall(env, nr);
2968                 } else {
2969                     goto do_sigill;
2970                 }
2971             }
2972             break;
2973         case EXCP_HALT_INSN:
2974             /* Semihosing syscall.  */
2975             env->pc += 4;
2976             do_m68k_semihosting(env, env->dregs[0]);
2977             break;
2978         case EXCP_LINEA:
2979         case EXCP_LINEF:
2980         case EXCP_UNSUPPORTED:
2981         do_sigill:
2982             info.si_signo = TARGET_SIGILL;
2983             info.si_errno = 0;
2984             info.si_code = TARGET_ILL_ILLOPN;
2985             info._sifields._sigfault._addr = env->pc;
2986             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2987             break;
2988         case EXCP_DIV0:
2989             info.si_signo = TARGET_SIGFPE;
2990             info.si_errno = 0;
2991             info.si_code = TARGET_FPE_INTDIV;
2992             info._sifields._sigfault._addr = env->pc;
2993             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
2994             break;
2995         case EXCP_TRAP0:
2996             {
2997                 abi_long ret;
2998                 ts->sim_syscalls = 0;
2999                 n = env->dregs[0];
3000                 env->pc += 2;
3001                 ret = do_syscall(env,
3002                                  n,
3003                                  env->dregs[1],
3004                                  env->dregs[2],
3005                                  env->dregs[3],
3006                                  env->dregs[4],
3007                                  env->dregs[5],
3008                                  env->aregs[0],
3009                                  0, 0);
3010                 if (ret == -TARGET_ERESTARTSYS) {
3011                     env->pc -= 2;
3012                 } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3013                     env->dregs[0] = ret;
3014                 }
3015             }
3016             break;
3017         case EXCP_INTERRUPT:
3018             /* just indicate that signals should be handled asap */
3019             break;
3020         case EXCP_ACCESS:
3021             {
3022                 info.si_signo = TARGET_SIGSEGV;
3023                 info.si_errno = 0;
3024                 /* XXX: check env->error_code */
3025                 info.si_code = TARGET_SEGV_MAPERR;
3026                 info._sifields._sigfault._addr = env->mmu.ar;
3027                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3028             }
3029             break;
3030         case EXCP_DEBUG:
3031             {
3032                 int sig;
3033 
3034                 sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3035                 if (sig)
3036                   {
3037                     info.si_signo = sig;
3038                     info.si_errno = 0;
3039                     info.si_code = TARGET_TRAP_BRKPT;
3040                     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3041                   }
3042             }
3043             break;
3044         case EXCP_ATOMIC:
3045             cpu_exec_step_atomic(cs);
3046             break;
3047         default:
3048             EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
3049             abort();
3050         }
3051         process_pending_signals(env);
3052     }
3053 }
3054 #endif /* TARGET_M68K */
3055 
3056 #ifdef TARGET_ALPHA
3057 void cpu_loop(CPUAlphaState *env)
3058 {
3059     CPUState *cs = CPU(alpha_env_get_cpu(env));
3060     int trapnr;
3061     target_siginfo_t info;
3062     abi_long sysret;
3063 
3064     while (1) {
3065         bool arch_interrupt = true;
3066 
3067         cpu_exec_start(cs);
3068         trapnr = cpu_exec(cs);
3069         cpu_exec_end(cs);
3070         process_queued_cpu_work(cs);
3071 
3072         switch (trapnr) {
3073         case EXCP_RESET:
3074             fprintf(stderr, "Reset requested. Exit\n");
3075             exit(EXIT_FAILURE);
3076             break;
3077         case EXCP_MCHK:
3078             fprintf(stderr, "Machine check exception. Exit\n");
3079             exit(EXIT_FAILURE);
3080             break;
3081         case EXCP_SMP_INTERRUPT:
3082         case EXCP_CLK_INTERRUPT:
3083         case EXCP_DEV_INTERRUPT:
3084             fprintf(stderr, "External interrupt. Exit\n");
3085             exit(EXIT_FAILURE);
3086             break;
3087         case EXCP_MMFAULT:
3088             info.si_signo = TARGET_SIGSEGV;
3089             info.si_errno = 0;
3090             info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
3091                             ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
3092             info._sifields._sigfault._addr = env->trap_arg0;
3093             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3094             break;
3095         case EXCP_UNALIGN:
3096             info.si_signo = TARGET_SIGBUS;
3097             info.si_errno = 0;
3098             info.si_code = TARGET_BUS_ADRALN;
3099             info._sifields._sigfault._addr = env->trap_arg0;
3100             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3101             break;
3102         case EXCP_OPCDEC:
3103         do_sigill:
3104             info.si_signo = TARGET_SIGILL;
3105             info.si_errno = 0;
3106             info.si_code = TARGET_ILL_ILLOPC;
3107             info._sifields._sigfault._addr = env->pc;
3108             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3109             break;
3110         case EXCP_ARITH:
3111             info.si_signo = TARGET_SIGFPE;
3112             info.si_errno = 0;
3113             info.si_code = TARGET_FPE_FLTINV;
3114             info._sifields._sigfault._addr = env->pc;
3115             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3116             break;
3117         case EXCP_FEN:
3118             /* No-op.  Linux simply re-enables the FPU.  */
3119             break;
3120         case EXCP_CALL_PAL:
3121             switch (env->error_code) {
3122             case 0x80:
3123                 /* BPT */
3124                 info.si_signo = TARGET_SIGTRAP;
3125                 info.si_errno = 0;
3126                 info.si_code = TARGET_TRAP_BRKPT;
3127                 info._sifields._sigfault._addr = env->pc;
3128                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3129                 break;
3130             case 0x81:
3131                 /* BUGCHK */
3132                 info.si_signo = TARGET_SIGTRAP;
3133                 info.si_errno = 0;
3134                 info.si_code = 0;
3135                 info._sifields._sigfault._addr = env->pc;
3136                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3137                 break;
3138             case 0x83:
3139                 /* CALLSYS */
3140                 trapnr = env->ir[IR_V0];
3141                 sysret = do_syscall(env, trapnr,
3142                                     env->ir[IR_A0], env->ir[IR_A1],
3143                                     env->ir[IR_A2], env->ir[IR_A3],
3144                                     env->ir[IR_A4], env->ir[IR_A5],
3145                                     0, 0);
3146                 if (sysret == -TARGET_ERESTARTSYS) {
3147                     env->pc -= 4;
3148                     break;
3149                 }
3150                 if (sysret == -TARGET_QEMU_ESIGRETURN) {
3151                     break;
3152                 }
3153                 /* Syscall writes 0 to V0 to bypass error check, similar
3154                    to how this is handled internal to Linux kernel.
3155                    (Ab)use trapnr temporarily as boolean indicating error.  */
3156                 trapnr = (env->ir[IR_V0] != 0 && sysret < 0);
3157                 env->ir[IR_V0] = (trapnr ? -sysret : sysret);
3158                 env->ir[IR_A3] = trapnr;
3159                 break;
3160             case 0x86:
3161                 /* IMB */
3162                 /* ??? We can probably elide the code using page_unprotect
3163                    that is checking for self-modifying code.  Instead we
3164                    could simply call tb_flush here.  Until we work out the
3165                    changes required to turn off the extra write protection,
3166                    this can be a no-op.  */
3167                 break;
3168             case 0x9E:
3169                 /* RDUNIQUE */
3170                 /* Handled in the translator for usermode.  */
3171                 abort();
3172             case 0x9F:
3173                 /* WRUNIQUE */
3174                 /* Handled in the translator for usermode.  */
3175                 abort();
3176             case 0xAA:
3177                 /* GENTRAP */
3178                 info.si_signo = TARGET_SIGFPE;
3179                 switch (env->ir[IR_A0]) {
3180                 case TARGET_GEN_INTOVF:
3181                     info.si_code = TARGET_FPE_INTOVF;
3182                     break;
3183                 case TARGET_GEN_INTDIV:
3184                     info.si_code = TARGET_FPE_INTDIV;
3185                     break;
3186                 case TARGET_GEN_FLTOVF:
3187                     info.si_code = TARGET_FPE_FLTOVF;
3188                     break;
3189                 case TARGET_GEN_FLTUND:
3190                     info.si_code = TARGET_FPE_FLTUND;
3191                     break;
3192                 case TARGET_GEN_FLTINV:
3193                     info.si_code = TARGET_FPE_FLTINV;
3194                     break;
3195                 case TARGET_GEN_FLTINE:
3196                     info.si_code = TARGET_FPE_FLTRES;
3197                     break;
3198                 case TARGET_GEN_ROPRAND:
3199                     info.si_code = 0;
3200                     break;
3201                 default:
3202                     info.si_signo = TARGET_SIGTRAP;
3203                     info.si_code = 0;
3204                     break;
3205                 }
3206                 info.si_errno = 0;
3207                 info._sifields._sigfault._addr = env->pc;
3208                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3209                 break;
3210             default:
3211                 goto do_sigill;
3212             }
3213             break;
3214         case EXCP_DEBUG:
3215             info.si_signo = gdb_handlesig(cs, TARGET_SIGTRAP);
3216             if (info.si_signo) {
3217                 info.si_errno = 0;
3218                 info.si_code = TARGET_TRAP_BRKPT;
3219                 queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3220             } else {
3221                 arch_interrupt = false;
3222             }
3223             break;
3224         case EXCP_INTERRUPT:
3225             /* Just indicate that signals should be handled asap.  */
3226             break;
3227         case EXCP_ATOMIC:
3228             cpu_exec_step_atomic(cs);
3229             arch_interrupt = false;
3230             break;
3231         default:
3232             printf ("Unhandled trap: 0x%x\n", trapnr);
3233             cpu_dump_state(cs, stderr, fprintf, 0);
3234             exit(EXIT_FAILURE);
3235         }
3236         process_pending_signals (env);
3237 
3238         /* Most of the traps imply a transition through PALcode, which
3239            implies an REI instruction has been executed.  Which means
3240            that RX and LOCK_ADDR should be cleared.  But there are a
3241            few exceptions for traps internal to QEMU.  */
3242         if (arch_interrupt) {
3243             env->flags &= ~ENV_FLAG_RX_FLAG;
3244             env->lock_addr = -1;
3245         }
3246     }
3247 }
3248 #endif /* TARGET_ALPHA */
3249 
3250 #ifdef TARGET_S390X
3251 
3252 /* s390x masks the fault address it reports in si_addr for SIGSEGV and SIGBUS */
3253 #define S390X_FAIL_ADDR_MASK -4096LL
3254 
3255 void cpu_loop(CPUS390XState *env)
3256 {
3257     CPUState *cs = CPU(s390_env_get_cpu(env));
3258     int trapnr, n, sig;
3259     target_siginfo_t info;
3260     target_ulong addr;
3261     abi_long ret;
3262 
3263     while (1) {
3264         cpu_exec_start(cs);
3265         trapnr = cpu_exec(cs);
3266         cpu_exec_end(cs);
3267         process_queued_cpu_work(cs);
3268 
3269         switch (trapnr) {
3270         case EXCP_INTERRUPT:
3271             /* Just indicate that signals should be handled asap.  */
3272             break;
3273 
3274         case EXCP_SVC:
3275             n = env->int_svc_code;
3276             if (!n) {
3277                 /* syscalls > 255 */
3278                 n = env->regs[1];
3279             }
3280             env->psw.addr += env->int_svc_ilen;
3281             ret = do_syscall(env, n, env->regs[2], env->regs[3],
3282                              env->regs[4], env->regs[5],
3283                              env->regs[6], env->regs[7], 0, 0);
3284             if (ret == -TARGET_ERESTARTSYS) {
3285                 env->psw.addr -= env->int_svc_ilen;
3286             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3287                 env->regs[2] = ret;
3288             }
3289             break;
3290 
3291         case EXCP_DEBUG:
3292             sig = gdb_handlesig(cs, TARGET_SIGTRAP);
3293             if (sig) {
3294                 n = TARGET_TRAP_BRKPT;
3295                 goto do_signal_pc;
3296             }
3297             break;
3298         case EXCP_PGM:
3299             n = env->int_pgm_code;
3300             switch (n) {
3301             case PGM_OPERATION:
3302             case PGM_PRIVILEGED:
3303                 sig = TARGET_SIGILL;
3304                 n = TARGET_ILL_ILLOPC;
3305                 goto do_signal_pc;
3306             case PGM_PROTECTION:
3307             case PGM_ADDRESSING:
3308                 sig = TARGET_SIGSEGV;
3309                 /* XXX: check env->error_code */
3310                 n = TARGET_SEGV_MAPERR;
3311                 addr = env->__excp_addr & S390X_FAIL_ADDR_MASK;
3312                 goto do_signal;
3313             case PGM_EXECUTE:
3314             case PGM_SPECIFICATION:
3315             case PGM_SPECIAL_OP:
3316             case PGM_OPERAND:
3317             do_sigill_opn:
3318                 sig = TARGET_SIGILL;
3319                 n = TARGET_ILL_ILLOPN;
3320                 goto do_signal_pc;
3321 
3322             case PGM_FIXPT_OVERFLOW:
3323                 sig = TARGET_SIGFPE;
3324                 n = TARGET_FPE_INTOVF;
3325                 goto do_signal_pc;
3326             case PGM_FIXPT_DIVIDE:
3327                 sig = TARGET_SIGFPE;
3328                 n = TARGET_FPE_INTDIV;
3329                 goto do_signal_pc;
3330 
3331             case PGM_DATA:
3332                 n = (env->fpc >> 8) & 0xff;
3333                 if (n == 0xff) {
3334                     /* compare-and-trap */
3335                     goto do_sigill_opn;
3336                 } else {
3337                     /* An IEEE exception, simulated or otherwise.  */
3338                     if (n & 0x80) {
3339                         n = TARGET_FPE_FLTINV;
3340                     } else if (n & 0x40) {
3341                         n = TARGET_FPE_FLTDIV;
3342                     } else if (n & 0x20) {
3343                         n = TARGET_FPE_FLTOVF;
3344                     } else if (n & 0x10) {
3345                         n = TARGET_FPE_FLTUND;
3346                     } else if (n & 0x08) {
3347                         n = TARGET_FPE_FLTRES;
3348                     } else {
3349                         /* ??? Quantum exception; BFP, DFP error.  */
3350                         goto do_sigill_opn;
3351                     }
3352                     sig = TARGET_SIGFPE;
3353                     goto do_signal_pc;
3354                 }
3355 
3356             default:
3357                 fprintf(stderr, "Unhandled program exception: %#x\n", n);
3358                 cpu_dump_state(cs, stderr, fprintf, 0);
3359                 exit(EXIT_FAILURE);
3360             }
3361             break;
3362 
3363         do_signal_pc:
3364             addr = env->psw.addr;
3365         do_signal:
3366             info.si_signo = sig;
3367             info.si_errno = 0;
3368             info.si_code = n;
3369             info._sifields._sigfault._addr = addr;
3370             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3371             break;
3372 
3373         case EXCP_ATOMIC:
3374             cpu_exec_step_atomic(cs);
3375             break;
3376         default:
3377             fprintf(stderr, "Unhandled trap: 0x%x\n", trapnr);
3378             cpu_dump_state(cs, stderr, fprintf, 0);
3379             exit(EXIT_FAILURE);
3380         }
3381         process_pending_signals (env);
3382     }
3383 }
3384 
3385 #endif /* TARGET_S390X */
3386 
3387 #ifdef TARGET_TILEGX
3388 
3389 static void gen_sigill_reg(CPUTLGState *env)
3390 {
3391     target_siginfo_t info;
3392 
3393     info.si_signo = TARGET_SIGILL;
3394     info.si_errno = 0;
3395     info.si_code = TARGET_ILL_PRVREG;
3396     info._sifields._sigfault._addr = env->pc;
3397     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3398 }
3399 
3400 static void do_signal(CPUTLGState *env, int signo, int sigcode)
3401 {
3402     target_siginfo_t info;
3403 
3404     info.si_signo = signo;
3405     info.si_errno = 0;
3406     info._sifields._sigfault._addr = env->pc;
3407 
3408     if (signo == TARGET_SIGSEGV) {
3409         /* The passed in sigcode is a dummy; check for a page mapping
3410            and pass either MAPERR or ACCERR.  */
3411         target_ulong addr = env->excaddr;
3412         info._sifields._sigfault._addr = addr;
3413         if (page_check_range(addr, 1, PAGE_VALID) < 0) {
3414             sigcode = TARGET_SEGV_MAPERR;
3415         } else {
3416             sigcode = TARGET_SEGV_ACCERR;
3417         }
3418     }
3419     info.si_code = sigcode;
3420 
3421     queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3422 }
3423 
3424 static void gen_sigsegv_maperr(CPUTLGState *env, target_ulong addr)
3425 {
3426     env->excaddr = addr;
3427     do_signal(env, TARGET_SIGSEGV, 0);
3428 }
3429 
3430 static void set_regval(CPUTLGState *env, uint8_t reg, uint64_t val)
3431 {
3432     if (unlikely(reg >= TILEGX_R_COUNT)) {
3433         switch (reg) {
3434         case TILEGX_R_SN:
3435         case TILEGX_R_ZERO:
3436             return;
3437         case TILEGX_R_IDN0:
3438         case TILEGX_R_IDN1:
3439         case TILEGX_R_UDN0:
3440         case TILEGX_R_UDN1:
3441         case TILEGX_R_UDN2:
3442         case TILEGX_R_UDN3:
3443             gen_sigill_reg(env);
3444             return;
3445         default:
3446             g_assert_not_reached();
3447         }
3448     }
3449     env->regs[reg] = val;
3450 }
3451 
3452 /*
3453  * Compare the 8-byte contents of the CmpValue SPR with the 8-byte value in
3454  * memory at the address held in the first source register. If the values are
3455  * not equal, then no memory operation is performed. If the values are equal,
3456  * the 8-byte quantity from the second source register is written into memory
3457  * at the address held in the first source register. In either case, the result
3458  * of the instruction is the value read from memory. The compare and write to
3459  * memory are atomic and thus can be used for synchronization purposes. This
3460  * instruction only operates for addresses aligned to a 8-byte boundary.
3461  * Unaligned memory access causes an Unaligned Data Reference interrupt.
3462  *
3463  * Functional Description (64-bit)
3464  *       uint64_t memVal = memoryReadDoubleWord (rf[SrcA]);
3465  *       rf[Dest] = memVal;
3466  *       if (memVal == SPR[CmpValueSPR])
3467  *           memoryWriteDoubleWord (rf[SrcA], rf[SrcB]);
3468  *
3469  * Functional Description (32-bit)
3470  *       uint64_t memVal = signExtend32 (memoryReadWord (rf[SrcA]));
3471  *       rf[Dest] = memVal;
3472  *       if (memVal == signExtend32 (SPR[CmpValueSPR]))
3473  *           memoryWriteWord (rf[SrcA], rf[SrcB]);
3474  *
3475  *
3476  * This function also processes exch and exch4 which need not process SPR.
3477  */
3478 static void do_exch(CPUTLGState *env, bool quad, bool cmp)
3479 {
3480     target_ulong addr;
3481     target_long val, sprval;
3482 
3483     start_exclusive();
3484 
3485     addr = env->atomic_srca;
3486     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3487         goto sigsegv_maperr;
3488     }
3489 
3490     if (cmp) {
3491         if (quad) {
3492             sprval = env->spregs[TILEGX_SPR_CMPEXCH];
3493         } else {
3494             sprval = sextract64(env->spregs[TILEGX_SPR_CMPEXCH], 0, 32);
3495         }
3496     }
3497 
3498     if (!cmp || val == sprval) {
3499         target_long valb = env->atomic_srcb;
3500         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3501             goto sigsegv_maperr;
3502         }
3503     }
3504 
3505     set_regval(env, env->atomic_dstr, val);
3506     end_exclusive();
3507     return;
3508 
3509  sigsegv_maperr:
3510     end_exclusive();
3511     gen_sigsegv_maperr(env, addr);
3512 }
3513 
3514 static void do_fetch(CPUTLGState *env, int trapnr, bool quad)
3515 {
3516     int8_t write = 1;
3517     target_ulong addr;
3518     target_long val, valb;
3519 
3520     start_exclusive();
3521 
3522     addr = env->atomic_srca;
3523     valb = env->atomic_srcb;
3524     if (quad ? get_user_s64(val, addr) : get_user_s32(val, addr)) {
3525         goto sigsegv_maperr;
3526     }
3527 
3528     switch (trapnr) {
3529     case TILEGX_EXCP_OPCODE_FETCHADD:
3530     case TILEGX_EXCP_OPCODE_FETCHADD4:
3531         valb += val;
3532         break;
3533     case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3534         valb += val;
3535         if (valb < 0) {
3536             write = 0;
3537         }
3538         break;
3539     case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3540         valb += val;
3541         if ((int32_t)valb < 0) {
3542             write = 0;
3543         }
3544         break;
3545     case TILEGX_EXCP_OPCODE_FETCHAND:
3546     case TILEGX_EXCP_OPCODE_FETCHAND4:
3547         valb &= val;
3548         break;
3549     case TILEGX_EXCP_OPCODE_FETCHOR:
3550     case TILEGX_EXCP_OPCODE_FETCHOR4:
3551         valb |= val;
3552         break;
3553     default:
3554         g_assert_not_reached();
3555     }
3556 
3557     if (write) {
3558         if (quad ? put_user_u64(valb, addr) : put_user_u32(valb, addr)) {
3559             goto sigsegv_maperr;
3560         }
3561     }
3562 
3563     set_regval(env, env->atomic_dstr, val);
3564     end_exclusive();
3565     return;
3566 
3567  sigsegv_maperr:
3568     end_exclusive();
3569     gen_sigsegv_maperr(env, addr);
3570 }
3571 
3572 void cpu_loop(CPUTLGState *env)
3573 {
3574     CPUState *cs = CPU(tilegx_env_get_cpu(env));
3575     int trapnr;
3576 
3577     while (1) {
3578         cpu_exec_start(cs);
3579         trapnr = cpu_exec(cs);
3580         cpu_exec_end(cs);
3581         process_queued_cpu_work(cs);
3582 
3583         switch (trapnr) {
3584         case TILEGX_EXCP_SYSCALL:
3585         {
3586             abi_ulong ret = do_syscall(env, env->regs[TILEGX_R_NR],
3587                                        env->regs[0], env->regs[1],
3588                                        env->regs[2], env->regs[3],
3589                                        env->regs[4], env->regs[5],
3590                                        env->regs[6], env->regs[7]);
3591             if (ret == -TARGET_ERESTARTSYS) {
3592                 env->pc -= 8;
3593             } else if (ret != -TARGET_QEMU_ESIGRETURN) {
3594                 env->regs[TILEGX_R_RE] = ret;
3595                 env->regs[TILEGX_R_ERR] = TILEGX_IS_ERRNO(ret) ? -ret : 0;
3596             }
3597             break;
3598         }
3599         case TILEGX_EXCP_OPCODE_EXCH:
3600             do_exch(env, true, false);
3601             break;
3602         case TILEGX_EXCP_OPCODE_EXCH4:
3603             do_exch(env, false, false);
3604             break;
3605         case TILEGX_EXCP_OPCODE_CMPEXCH:
3606             do_exch(env, true, true);
3607             break;
3608         case TILEGX_EXCP_OPCODE_CMPEXCH4:
3609             do_exch(env, false, true);
3610             break;
3611         case TILEGX_EXCP_OPCODE_FETCHADD:
3612         case TILEGX_EXCP_OPCODE_FETCHADDGEZ:
3613         case TILEGX_EXCP_OPCODE_FETCHAND:
3614         case TILEGX_EXCP_OPCODE_FETCHOR:
3615             do_fetch(env, trapnr, true);
3616             break;
3617         case TILEGX_EXCP_OPCODE_FETCHADD4:
3618         case TILEGX_EXCP_OPCODE_FETCHADDGEZ4:
3619         case TILEGX_EXCP_OPCODE_FETCHAND4:
3620         case TILEGX_EXCP_OPCODE_FETCHOR4:
3621             do_fetch(env, trapnr, false);
3622             break;
3623         case TILEGX_EXCP_SIGNAL:
3624             do_signal(env, env->signo, env->sigcode);
3625             break;
3626         case TILEGX_EXCP_REG_IDN_ACCESS:
3627         case TILEGX_EXCP_REG_UDN_ACCESS:
3628             gen_sigill_reg(env);
3629             break;
3630         case EXCP_ATOMIC:
3631             cpu_exec_step_atomic(cs);
3632             break;
3633         default:
3634             fprintf(stderr, "trapnr is %d[0x%x].\n", trapnr, trapnr);
3635             g_assert_not_reached();
3636         }
3637         process_pending_signals(env);
3638     }
3639 }
3640 
3641 #endif
3642 
3643 #ifdef TARGET_HPPA
3644 
3645 static abi_ulong hppa_lws(CPUHPPAState *env)
3646 {
3647     uint32_t which = env->gr[20];
3648     abi_ulong addr = env->gr[26];
3649     abi_ulong old = env->gr[25];
3650     abi_ulong new = env->gr[24];
3651     abi_ulong size, ret;
3652 
3653     switch (which) {
3654     default:
3655         return -TARGET_ENOSYS;
3656 
3657     case 0: /* elf32 atomic 32bit cmpxchg */
3658         if ((addr & 3) || !access_ok(VERIFY_WRITE, addr, 4)) {
3659             return -TARGET_EFAULT;
3660         }
3661         old = tswap32(old);
3662         new = tswap32(new);
3663         ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3664         ret = tswap32(ret);
3665         break;
3666 
3667     case 2: /* elf32 atomic "new" cmpxchg */
3668         size = env->gr[23];
3669         if (size >= 4) {
3670             return -TARGET_ENOSYS;
3671         }
3672         if (((addr | old | new) & ((1 << size) - 1))
3673             || !access_ok(VERIFY_WRITE, addr, 1 << size)
3674             || !access_ok(VERIFY_READ, old, 1 << size)
3675             || !access_ok(VERIFY_READ, new, 1 << size)) {
3676             return -TARGET_EFAULT;
3677         }
3678         /* Note that below we use host-endian loads so that the cmpxchg
3679            can be host-endian as well.  */
3680         switch (size) {
3681         case 0:
3682             old = *(uint8_t *)g2h(old);
3683             new = *(uint8_t *)g2h(new);
3684             ret = atomic_cmpxchg((uint8_t *)g2h(addr), old, new);
3685             ret = ret != old;
3686             break;
3687         case 1:
3688             old = *(uint16_t *)g2h(old);
3689             new = *(uint16_t *)g2h(new);
3690             ret = atomic_cmpxchg((uint16_t *)g2h(addr), old, new);
3691             ret = ret != old;
3692             break;
3693         case 2:
3694             old = *(uint32_t *)g2h(old);
3695             new = *(uint32_t *)g2h(new);
3696             ret = atomic_cmpxchg((uint32_t *)g2h(addr), old, new);
3697             ret = ret != old;
3698             break;
3699         case 3:
3700             {
3701                 uint64_t o64, n64, r64;
3702                 o64 = *(uint64_t *)g2h(old);
3703                 n64 = *(uint64_t *)g2h(new);
3704 #ifdef CONFIG_ATOMIC64
3705                 r64 = atomic_cmpxchg__nocheck((uint64_t *)g2h(addr), o64, n64);
3706                 ret = r64 != o64;
3707 #else
3708                 start_exclusive();
3709                 r64 = *(uint64_t *)g2h(addr);
3710                 ret = 1;
3711                 if (r64 == o64) {
3712                     *(uint64_t *)g2h(addr) = n64;
3713                     ret = 0;
3714                 }
3715                 end_exclusive();
3716 #endif
3717             }
3718             break;
3719         }
3720         break;
3721     }
3722 
3723     env->gr[28] = ret;
3724     return 0;
3725 }
3726 
3727 void cpu_loop(CPUHPPAState *env)
3728 {
3729     CPUState *cs = CPU(hppa_env_get_cpu(env));
3730     target_siginfo_t info;
3731     abi_ulong ret;
3732     int trapnr;
3733 
3734     while (1) {
3735         cpu_exec_start(cs);
3736         trapnr = cpu_exec(cs);
3737         cpu_exec_end(cs);
3738         process_queued_cpu_work(cs);
3739 
3740         switch (trapnr) {
3741         case EXCP_SYSCALL:
3742             ret = do_syscall(env, env->gr[20],
3743                              env->gr[26], env->gr[25],
3744                              env->gr[24], env->gr[23],
3745                              env->gr[22], env->gr[21], 0, 0);
3746             switch (ret) {
3747             default:
3748                 env->gr[28] = ret;
3749                 /* We arrived here by faking the gateway page.  Return.  */
3750                 env->iaoq_f = env->gr[31];
3751                 env->iaoq_b = env->gr[31] + 4;
3752                 break;
3753             case -TARGET_ERESTARTSYS:
3754             case -TARGET_QEMU_ESIGRETURN:
3755                 break;
3756             }
3757             break;
3758         case EXCP_SYSCALL_LWS:
3759             env->gr[21] = hppa_lws(env);
3760             /* We arrived here by faking the gateway page.  Return.  */
3761             env->iaoq_f = env->gr[31];
3762             env->iaoq_b = env->gr[31] + 4;
3763             break;
3764         case EXCP_SIGSEGV:
3765             info.si_signo = TARGET_SIGSEGV;
3766             info.si_errno = 0;
3767             info.si_code = TARGET_SEGV_ACCERR;
3768             info._sifields._sigfault._addr = env->ior;
3769             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3770             break;
3771         case EXCP_SIGILL:
3772             info.si_signo = TARGET_SIGILL;
3773             info.si_errno = 0;
3774             info.si_code = TARGET_ILL_ILLOPN;
3775             info._sifields._sigfault._addr = env->iaoq_f;
3776             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3777             break;
3778         case EXCP_SIGFPE:
3779             info.si_signo = TARGET_SIGFPE;
3780             info.si_errno = 0;
3781             info.si_code = 0;
3782             info._sifields._sigfault._addr = env->iaoq_f;
3783             queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
3784             break;
3785         case EXCP_DEBUG:
3786             trapnr = gdb_handlesig(cs, TARGET_SIGTRAP);
3787             if (trapnr) {
3788                 info.si_signo = trapnr;
3789                 info.si_errno = 0;
3790                 info.si_code = TARGET_TRAP_BRKPT;
3791                 queue_signal(env, trapnr, QEMU_SI_FAULT, &info);
3792             }
3793             break;
3794         case EXCP_INTERRUPT:
3795             /* just indicate that signals should be handled asap */
3796             break;
3797         default:
3798             g_assert_not_reached();
3799         }
3800         process_pending_signals(env);
3801     }
3802 }
3803 
3804 #endif /* TARGET_HPPA */
3805 
3806 THREAD CPUState *thread_cpu;
3807 
3808 bool qemu_cpu_is_self(CPUState *cpu)
3809 {
3810     return thread_cpu == cpu;
3811 }
3812 
3813 void qemu_cpu_kick(CPUState *cpu)
3814 {
3815     cpu_exit(cpu);
3816 }
3817 
3818 void task_settid(TaskState *ts)
3819 {
3820     if (ts->ts_tid == 0) {
3821         ts->ts_tid = (pid_t)syscall(SYS_gettid);
3822     }
3823 }
3824 
3825 void stop_all_tasks(void)
3826 {
3827     /*
3828      * We trust that when using NPTL, start_exclusive()
3829      * handles thread stopping correctly.
3830      */
3831     start_exclusive();
3832 }
3833 
3834 /* Assumes contents are already zeroed.  */
3835 void init_task_state(TaskState *ts)
3836 {
3837     ts->used = 1;
3838 }
3839 
3840 CPUArchState *cpu_copy(CPUArchState *env)
3841 {
3842     CPUState *cpu = ENV_GET_CPU(env);
3843     CPUState *new_cpu = cpu_init(cpu_model);
3844     CPUArchState *new_env = new_cpu->env_ptr;
3845     CPUBreakpoint *bp;
3846     CPUWatchpoint *wp;
3847 
3848     /* Reset non arch specific state */
3849     cpu_reset(new_cpu);
3850 
3851     memcpy(new_env, env, sizeof(CPUArchState));
3852 
3853     /* Clone all break/watchpoints.
3854        Note: Once we support ptrace with hw-debug register access, make sure
3855        BP_CPU break/watchpoints are handled correctly on clone. */
3856     QTAILQ_INIT(&new_cpu->breakpoints);
3857     QTAILQ_INIT(&new_cpu->watchpoints);
3858     QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
3859         cpu_breakpoint_insert(new_cpu, bp->pc, bp->flags, NULL);
3860     }
3861     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
3862         cpu_watchpoint_insert(new_cpu, wp->vaddr, wp->len, wp->flags, NULL);
3863     }
3864 
3865     return new_env;
3866 }
3867 
3868 static void handle_arg_help(const char *arg)
3869 {
3870     usage(EXIT_SUCCESS);
3871 }
3872 
3873 static void handle_arg_log(const char *arg)
3874 {
3875     int mask;
3876 
3877     mask = qemu_str_to_log_mask(arg);
3878     if (!mask) {
3879         qemu_print_log_usage(stdout);
3880         exit(EXIT_FAILURE);
3881     }
3882     qemu_log_needs_buffers();
3883     qemu_set_log(mask);
3884 }
3885 
3886 static void handle_arg_dfilter(const char *arg)
3887 {
3888     qemu_set_dfilter_ranges(arg, NULL);
3889 }
3890 
3891 static void handle_arg_log_filename(const char *arg)
3892 {
3893     qemu_set_log_filename(arg, &error_fatal);
3894 }
3895 
3896 static void handle_arg_set_env(const char *arg)
3897 {
3898     char *r, *p, *token;
3899     r = p = strdup(arg);
3900     while ((token = strsep(&p, ",")) != NULL) {
3901         if (envlist_setenv(envlist, token) != 0) {
3902             usage(EXIT_FAILURE);
3903         }
3904     }
3905     free(r);
3906 }
3907 
3908 static void handle_arg_unset_env(const char *arg)
3909 {
3910     char *r, *p, *token;
3911     r = p = strdup(arg);
3912     while ((token = strsep(&p, ",")) != NULL) {
3913         if (envlist_unsetenv(envlist, token) != 0) {
3914             usage(EXIT_FAILURE);
3915         }
3916     }
3917     free(r);
3918 }
3919 
3920 static void handle_arg_argv0(const char *arg)
3921 {
3922     argv0 = strdup(arg);
3923 }
3924 
3925 static void handle_arg_stack_size(const char *arg)
3926 {
3927     char *p;
3928     guest_stack_size = strtoul(arg, &p, 0);
3929     if (guest_stack_size == 0) {
3930         usage(EXIT_FAILURE);
3931     }
3932 
3933     if (*p == 'M') {
3934         guest_stack_size *= 1024 * 1024;
3935     } else if (*p == 'k' || *p == 'K') {
3936         guest_stack_size *= 1024;
3937     }
3938 }
3939 
3940 static void handle_arg_ld_prefix(const char *arg)
3941 {
3942     interp_prefix = strdup(arg);
3943 }
3944 
3945 static void handle_arg_pagesize(const char *arg)
3946 {
3947     qemu_host_page_size = atoi(arg);
3948     if (qemu_host_page_size == 0 ||
3949         (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
3950         fprintf(stderr, "page size must be a power of two\n");
3951         exit(EXIT_FAILURE);
3952     }
3953 }
3954 
3955 static void handle_arg_randseed(const char *arg)
3956 {
3957     unsigned long long seed;
3958 
3959     if (parse_uint_full(arg, &seed, 0) != 0 || seed > UINT_MAX) {
3960         fprintf(stderr, "Invalid seed number: %s\n", arg);
3961         exit(EXIT_FAILURE);
3962     }
3963     srand(seed);
3964 }
3965 
3966 static void handle_arg_gdb(const char *arg)
3967 {
3968     gdbstub_port = atoi(arg);
3969 }
3970 
3971 static void handle_arg_uname(const char *arg)
3972 {
3973     qemu_uname_release = strdup(arg);
3974 }
3975 
3976 static void handle_arg_cpu(const char *arg)
3977 {
3978     cpu_model = strdup(arg);
3979     if (cpu_model == NULL || is_help_option(cpu_model)) {
3980         /* XXX: implement xxx_cpu_list for targets that still miss it */
3981 #if defined(cpu_list)
3982         cpu_list(stdout, &fprintf);
3983 #endif
3984         exit(EXIT_FAILURE);
3985     }
3986 }
3987 
3988 static void handle_arg_guest_base(const char *arg)
3989 {
3990     guest_base = strtol(arg, NULL, 0);
3991     have_guest_base = 1;
3992 }
3993 
3994 static void handle_arg_reserved_va(const char *arg)
3995 {
3996     char *p;
3997     int shift = 0;
3998     reserved_va = strtoul(arg, &p, 0);
3999     switch (*p) {
4000     case 'k':
4001     case 'K':
4002         shift = 10;
4003         break;
4004     case 'M':
4005         shift = 20;
4006         break;
4007     case 'G':
4008         shift = 30;
4009         break;
4010     }
4011     if (shift) {
4012         unsigned long unshifted = reserved_va;
4013         p++;
4014         reserved_va <<= shift;
4015         if (reserved_va >> shift != unshifted
4016             || (MAX_RESERVED_VA && reserved_va > MAX_RESERVED_VA)) {
4017             fprintf(stderr, "Reserved virtual address too big\n");
4018             exit(EXIT_FAILURE);
4019         }
4020     }
4021     if (*p) {
4022         fprintf(stderr, "Unrecognised -R size suffix '%s'\n", p);
4023         exit(EXIT_FAILURE);
4024     }
4025 }
4026 
4027 static void handle_arg_singlestep(const char *arg)
4028 {
4029     singlestep = 1;
4030 }
4031 
4032 static void handle_arg_strace(const char *arg)
4033 {
4034     do_strace = 1;
4035 }
4036 
4037 static void handle_arg_version(const char *arg)
4038 {
4039     printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
4040            "\n" QEMU_COPYRIGHT "\n");
4041     exit(EXIT_SUCCESS);
4042 }
4043 
4044 static char *trace_file;
4045 static void handle_arg_trace(const char *arg)
4046 {
4047     g_free(trace_file);
4048     trace_file = trace_opt_parse(arg);
4049 }
4050 
4051 struct qemu_argument {
4052     const char *argv;
4053     const char *env;
4054     bool has_arg;
4055     void (*handle_opt)(const char *arg);
4056     const char *example;
4057     const char *help;
4058 };
4059 
4060 static const struct qemu_argument arg_table[] = {
4061     {"h",          "",                 false, handle_arg_help,
4062      "",           "print this help"},
4063     {"help",       "",                 false, handle_arg_help,
4064      "",           ""},
4065     {"g",          "QEMU_GDB",         true,  handle_arg_gdb,
4066      "port",       "wait gdb connection to 'port'"},
4067     {"L",          "QEMU_LD_PREFIX",   true,  handle_arg_ld_prefix,
4068      "path",       "set the elf interpreter prefix to 'path'"},
4069     {"s",          "QEMU_STACK_SIZE",  true,  handle_arg_stack_size,
4070      "size",       "set the stack size to 'size' bytes"},
4071     {"cpu",        "QEMU_CPU",         true,  handle_arg_cpu,
4072      "model",      "select CPU (-cpu help for list)"},
4073     {"E",          "QEMU_SET_ENV",     true,  handle_arg_set_env,
4074      "var=value",  "sets targets environment variable (see below)"},
4075     {"U",          "QEMU_UNSET_ENV",   true,  handle_arg_unset_env,
4076      "var",        "unsets targets environment variable (see below)"},
4077     {"0",          "QEMU_ARGV0",       true,  handle_arg_argv0,
4078      "argv0",      "forces target process argv[0] to be 'argv0'"},
4079     {"r",          "QEMU_UNAME",       true,  handle_arg_uname,
4080      "uname",      "set qemu uname release string to 'uname'"},
4081     {"B",          "QEMU_GUEST_BASE",  true,  handle_arg_guest_base,
4082      "address",    "set guest_base address to 'address'"},
4083     {"R",          "QEMU_RESERVED_VA", true,  handle_arg_reserved_va,
4084      "size",       "reserve 'size' bytes for guest virtual address space"},
4085     {"d",          "QEMU_LOG",         true,  handle_arg_log,
4086      "item[,...]", "enable logging of specified items "
4087      "(use '-d help' for a list of items)"},
4088     {"dfilter",    "QEMU_DFILTER",     true,  handle_arg_dfilter,
4089      "range[,...]","filter logging based on address range"},
4090     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
4091      "logfile",     "write logs to 'logfile' (default stderr)"},
4092     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
4093      "pagesize",   "set the host page size to 'pagesize'"},
4094     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
4095      "",           "run in singlestep mode"},
4096     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
4097      "",           "log system calls"},
4098     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,
4099      "",           "Seed for pseudo-random number generator"},
4100     {"trace",      "QEMU_TRACE",       true,  handle_arg_trace,
4101      "",           "[[enable=]<pattern>][,events=<file>][,file=<file>]"},
4102     {"version",    "QEMU_VERSION",     false, handle_arg_version,
4103      "",           "display version information and exit"},
4104     {NULL, NULL, false, NULL, NULL, NULL}
4105 };
4106 
4107 static void usage(int exitcode)
4108 {
4109     const struct qemu_argument *arginfo;
4110     int maxarglen;
4111     int maxenvlen;
4112 
4113     printf("usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
4114            "Linux CPU emulator (compiled for " TARGET_NAME " emulation)\n"
4115            "\n"
4116            "Options and associated environment variables:\n"
4117            "\n");
4118 
4119     /* Calculate column widths. We must always have at least enough space
4120      * for the column header.
4121      */
4122     maxarglen = strlen("Argument");
4123     maxenvlen = strlen("Env-variable");
4124 
4125     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4126         int arglen = strlen(arginfo->argv);
4127         if (arginfo->has_arg) {
4128             arglen += strlen(arginfo->example) + 1;
4129         }
4130         if (strlen(arginfo->env) > maxenvlen) {
4131             maxenvlen = strlen(arginfo->env);
4132         }
4133         if (arglen > maxarglen) {
4134             maxarglen = arglen;
4135         }
4136     }
4137 
4138     printf("%-*s %-*s Description\n", maxarglen+1, "Argument",
4139             maxenvlen, "Env-variable");
4140 
4141     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4142         if (arginfo->has_arg) {
4143             printf("-%s %-*s %-*s %s\n", arginfo->argv,
4144                    (int)(maxarglen - strlen(arginfo->argv) - 1),
4145                    arginfo->example, maxenvlen, arginfo->env, arginfo->help);
4146         } else {
4147             printf("-%-*s %-*s %s\n", maxarglen, arginfo->argv,
4148                     maxenvlen, arginfo->env,
4149                     arginfo->help);
4150         }
4151     }
4152 
4153     printf("\n"
4154            "Defaults:\n"
4155            "QEMU_LD_PREFIX  = %s\n"
4156            "QEMU_STACK_SIZE = %ld byte\n",
4157            interp_prefix,
4158            guest_stack_size);
4159 
4160     printf("\n"
4161            "You can use -E and -U options or the QEMU_SET_ENV and\n"
4162            "QEMU_UNSET_ENV environment variables to set and unset\n"
4163            "environment variables for the target process.\n"
4164            "It is possible to provide several variables by separating them\n"
4165            "by commas in getsubopt(3) style. Additionally it is possible to\n"
4166            "provide the -E and -U options multiple times.\n"
4167            "The following lines are equivalent:\n"
4168            "    -E var1=val2 -E var2=val2 -U LD_PRELOAD -U LD_DEBUG\n"
4169            "    -E var1=val2,var2=val2 -U LD_PRELOAD,LD_DEBUG\n"
4170            "    QEMU_SET_ENV=var1=val2,var2=val2 QEMU_UNSET_ENV=LD_PRELOAD,LD_DEBUG\n"
4171            "Note that if you provide several changes to a single variable\n"
4172            "the last change will stay in effect.\n"
4173            "\n"
4174            QEMU_HELP_BOTTOM "\n");
4175 
4176     exit(exitcode);
4177 }
4178 
4179 static int parse_args(int argc, char **argv)
4180 {
4181     const char *r;
4182     int optind;
4183     const struct qemu_argument *arginfo;
4184 
4185     for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4186         if (arginfo->env == NULL) {
4187             continue;
4188         }
4189 
4190         r = getenv(arginfo->env);
4191         if (r != NULL) {
4192             arginfo->handle_opt(r);
4193         }
4194     }
4195 
4196     optind = 1;
4197     for (;;) {
4198         if (optind >= argc) {
4199             break;
4200         }
4201         r = argv[optind];
4202         if (r[0] != '-') {
4203             break;
4204         }
4205         optind++;
4206         r++;
4207         if (!strcmp(r, "-")) {
4208             break;
4209         }
4210         /* Treat --foo the same as -foo.  */
4211         if (r[0] == '-') {
4212             r++;
4213         }
4214 
4215         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
4216             if (!strcmp(r, arginfo->argv)) {
4217                 if (arginfo->has_arg) {
4218                     if (optind >= argc) {
4219                         (void) fprintf(stderr,
4220                             "qemu: missing argument for option '%s'\n", r);
4221                         exit(EXIT_FAILURE);
4222                     }
4223                     arginfo->handle_opt(argv[optind]);
4224                     optind++;
4225                 } else {
4226                     arginfo->handle_opt(NULL);
4227                 }
4228                 break;
4229             }
4230         }
4231 
4232         /* no option matched the current argv */
4233         if (arginfo->handle_opt == NULL) {
4234             (void) fprintf(stderr, "qemu: unknown option '%s'\n", r);
4235             exit(EXIT_FAILURE);
4236         }
4237     }
4238 
4239     if (optind >= argc) {
4240         (void) fprintf(stderr, "qemu: no user program specified\n");
4241         exit(EXIT_FAILURE);
4242     }
4243 
4244     filename = argv[optind];
4245     exec_path = argv[optind];
4246 
4247     return optind;
4248 }
4249 
4250 int main(int argc, char **argv, char **envp)
4251 {
4252     struct target_pt_regs regs1, *regs = &regs1;
4253     struct image_info info1, *info = &info1;
4254     struct linux_binprm bprm;
4255     TaskState *ts;
4256     CPUArchState *env;
4257     CPUState *cpu;
4258     int optind;
4259     char **target_environ, **wrk;
4260     char **target_argv;
4261     int target_argc;
4262     int i;
4263     int ret;
4264     int execfd;
4265 
4266     module_call_init(MODULE_INIT_TRACE);
4267     qemu_init_cpu_list();
4268     module_call_init(MODULE_INIT_QOM);
4269 
4270     envlist = envlist_create();
4271 
4272     /* add current environment into the list */
4273     for (wrk = environ; *wrk != NULL; wrk++) {
4274         (void) envlist_setenv(envlist, *wrk);
4275     }
4276 
4277     /* Read the stack limit from the kernel.  If it's "unlimited",
4278        then we can do little else besides use the default.  */
4279     {
4280         struct rlimit lim;
4281         if (getrlimit(RLIMIT_STACK, &lim) == 0
4282             && lim.rlim_cur != RLIM_INFINITY
4283             && lim.rlim_cur == (target_long)lim.rlim_cur) {
4284             guest_stack_size = lim.rlim_cur;
4285         }
4286     }
4287 
4288     cpu_model = NULL;
4289 
4290     srand(time(NULL));
4291 
4292     qemu_add_opts(&qemu_trace_opts);
4293 
4294     optind = parse_args(argc, argv);
4295 
4296     if (!trace_init_backends()) {
4297         exit(1);
4298     }
4299     trace_init_file(trace_file);
4300 
4301     /* Zero out regs */
4302     memset(regs, 0, sizeof(struct target_pt_regs));
4303 
4304     /* Zero out image_info */
4305     memset(info, 0, sizeof(struct image_info));
4306 
4307     memset(&bprm, 0, sizeof (bprm));
4308 
4309     /* Scan interp_prefix dir for replacement files. */
4310     init_paths(interp_prefix);
4311 
4312     init_qemu_uname_release();
4313 
4314     if (cpu_model == NULL) {
4315 #if defined(TARGET_I386)
4316 #ifdef TARGET_X86_64
4317         cpu_model = "qemu64";
4318 #else
4319         cpu_model = "qemu32";
4320 #endif
4321 #elif defined(TARGET_ARM)
4322         cpu_model = "any";
4323 #elif defined(TARGET_UNICORE32)
4324         cpu_model = "any";
4325 #elif defined(TARGET_M68K)
4326         cpu_model = "any";
4327 #elif defined(TARGET_SPARC)
4328 #ifdef TARGET_SPARC64
4329         cpu_model = "TI UltraSparc II";
4330 #else
4331         cpu_model = "Fujitsu MB86904";
4332 #endif
4333 #elif defined(TARGET_MIPS)
4334 #if defined(TARGET_ABI_MIPSN32) || defined(TARGET_ABI_MIPSN64)
4335         cpu_model = "5KEf";
4336 #else
4337         cpu_model = "24Kf";
4338 #endif
4339 #elif defined TARGET_OPENRISC
4340         cpu_model = "or1200";
4341 #elif defined(TARGET_PPC)
4342 # ifdef TARGET_PPC64
4343         cpu_model = "POWER8";
4344 # else
4345         cpu_model = "750";
4346 # endif
4347 #elif defined TARGET_SH4
4348         cpu_model = "sh7785";
4349 #elif defined TARGET_S390X
4350         cpu_model = "qemu";
4351 #else
4352         cpu_model = "any";
4353 #endif
4354     }
4355     tcg_exec_init(0);
4356     /* NOTE: we need to init the CPU at this stage to get
4357        qemu_host_page_size */
4358     cpu = cpu_init(cpu_model);
4359     env = cpu->env_ptr;
4360     cpu_reset(cpu);
4361 
4362     thread_cpu = cpu;
4363 
4364     if (getenv("QEMU_STRACE")) {
4365         do_strace = 1;
4366     }
4367 
4368     if (getenv("QEMU_RAND_SEED")) {
4369         handle_arg_randseed(getenv("QEMU_RAND_SEED"));
4370     }
4371 
4372     target_environ = envlist_to_environ(envlist, NULL);
4373     envlist_free(envlist);
4374 
4375     /*
4376      * Now that page sizes are configured in cpu_init() we can do
4377      * proper page alignment for guest_base.
4378      */
4379     guest_base = HOST_PAGE_ALIGN(guest_base);
4380 
4381     if (reserved_va || have_guest_base) {
4382         guest_base = init_guest_space(guest_base, reserved_va, 0,
4383                                       have_guest_base);
4384         if (guest_base == (unsigned long)-1) {
4385             fprintf(stderr, "Unable to reserve 0x%lx bytes of virtual address "
4386                     "space for use as guest address space (check your virtual "
4387                     "memory ulimit setting or reserve less using -R option)\n",
4388                     reserved_va);
4389             exit(EXIT_FAILURE);
4390         }
4391 
4392         if (reserved_va) {
4393             mmap_next_start = reserved_va;
4394         }
4395     }
4396 
4397     /*
4398      * Read in mmap_min_addr kernel parameter.  This value is used
4399      * When loading the ELF image to determine whether guest_base
4400      * is needed.  It is also used in mmap_find_vma.
4401      */
4402     {
4403         FILE *fp;
4404 
4405         if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) {
4406             unsigned long tmp;
4407             if (fscanf(fp, "%lu", &tmp) == 1) {
4408                 mmap_min_addr = tmp;
4409                 qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", mmap_min_addr);
4410             }
4411             fclose(fp);
4412         }
4413     }
4414 
4415     /*
4416      * Prepare copy of argv vector for target.
4417      */
4418     target_argc = argc - optind;
4419     target_argv = calloc(target_argc + 1, sizeof (char *));
4420     if (target_argv == NULL) {
4421 	(void) fprintf(stderr, "Unable to allocate memory for target_argv\n");
4422 	exit(EXIT_FAILURE);
4423     }
4424 
4425     /*
4426      * If argv0 is specified (using '-0' switch) we replace
4427      * argv[0] pointer with the given one.
4428      */
4429     i = 0;
4430     if (argv0 != NULL) {
4431         target_argv[i++] = strdup(argv0);
4432     }
4433     for (; i < target_argc; i++) {
4434         target_argv[i] = strdup(argv[optind + i]);
4435     }
4436     target_argv[target_argc] = NULL;
4437 
4438     ts = g_new0(TaskState, 1);
4439     init_task_state(ts);
4440     /* build Task State */
4441     ts->info = info;
4442     ts->bprm = &bprm;
4443     cpu->opaque = ts;
4444     task_settid(ts);
4445 
4446     execfd = qemu_getauxval(AT_EXECFD);
4447     if (execfd == 0) {
4448         execfd = open(filename, O_RDONLY);
4449         if (execfd < 0) {
4450             printf("Error while loading %s: %s\n", filename, strerror(errno));
4451             _exit(EXIT_FAILURE);
4452         }
4453     }
4454 
4455     ret = loader_exec(execfd, filename, target_argv, target_environ, regs,
4456         info, &bprm);
4457     if (ret != 0) {
4458         printf("Error while loading %s: %s\n", filename, strerror(-ret));
4459         _exit(EXIT_FAILURE);
4460     }
4461 
4462     for (wrk = target_environ; *wrk; wrk++) {
4463         g_free(*wrk);
4464     }
4465 
4466     g_free(target_environ);
4467 
4468     if (qemu_loglevel_mask(CPU_LOG_PAGE)) {
4469         qemu_log("guest_base  0x%lx\n", guest_base);
4470         log_page_dump();
4471 
4472         qemu_log("start_brk   0x" TARGET_ABI_FMT_lx "\n", info->start_brk);
4473         qemu_log("end_code    0x" TARGET_ABI_FMT_lx "\n", info->end_code);
4474         qemu_log("start_code  0x" TARGET_ABI_FMT_lx "\n", info->start_code);
4475         qemu_log("start_data  0x" TARGET_ABI_FMT_lx "\n", info->start_data);
4476         qemu_log("end_data    0x" TARGET_ABI_FMT_lx "\n", info->end_data);
4477         qemu_log("start_stack 0x" TARGET_ABI_FMT_lx "\n", info->start_stack);
4478         qemu_log("brk         0x" TARGET_ABI_FMT_lx "\n", info->brk);
4479         qemu_log("entry       0x" TARGET_ABI_FMT_lx "\n", info->entry);
4480         qemu_log("argv_start  0x" TARGET_ABI_FMT_lx "\n", info->arg_start);
4481         qemu_log("env_start   0x" TARGET_ABI_FMT_lx "\n",
4482                  info->arg_end + (abi_ulong)sizeof(abi_ulong));
4483         qemu_log("auxv_start  0x" TARGET_ABI_FMT_lx "\n", info->saved_auxv);
4484     }
4485 
4486     target_set_brk(info->brk);
4487     syscall_init();
4488     signal_init();
4489 
4490     /* Now that we've loaded the binary, GUEST_BASE is fixed.  Delay
4491        generating the prologue until now so that the prologue can take
4492        the real value of GUEST_BASE into account.  */
4493     tcg_prologue_init(tcg_ctx);
4494     tcg_region_init();
4495 
4496 #if defined(TARGET_I386)
4497     env->cr[0] = CR0_PG_MASK | CR0_WP_MASK | CR0_PE_MASK;
4498     env->hflags |= HF_PE_MASK | HF_CPL_MASK;
4499     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
4500         env->cr[4] |= CR4_OSFXSR_MASK;
4501         env->hflags |= HF_OSFXSR_MASK;
4502     }
4503 #ifndef TARGET_ABI32
4504     /* enable 64 bit mode if possible */
4505     if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM)) {
4506         fprintf(stderr, "The selected x86 CPU does not support 64 bit mode\n");
4507         exit(EXIT_FAILURE);
4508     }
4509     env->cr[4] |= CR4_PAE_MASK;
4510     env->efer |= MSR_EFER_LMA | MSR_EFER_LME;
4511     env->hflags |= HF_LMA_MASK;
4512 #endif
4513 
4514     /* flags setup : we activate the IRQs by default as in user mode */
4515     env->eflags |= IF_MASK;
4516 
4517     /* linux register setup */
4518 #ifndef TARGET_ABI32
4519     env->regs[R_EAX] = regs->rax;
4520     env->regs[R_EBX] = regs->rbx;
4521     env->regs[R_ECX] = regs->rcx;
4522     env->regs[R_EDX] = regs->rdx;
4523     env->regs[R_ESI] = regs->rsi;
4524     env->regs[R_EDI] = regs->rdi;
4525     env->regs[R_EBP] = regs->rbp;
4526     env->regs[R_ESP] = regs->rsp;
4527     env->eip = regs->rip;
4528 #else
4529     env->regs[R_EAX] = regs->eax;
4530     env->regs[R_EBX] = regs->ebx;
4531     env->regs[R_ECX] = regs->ecx;
4532     env->regs[R_EDX] = regs->edx;
4533     env->regs[R_ESI] = regs->esi;
4534     env->regs[R_EDI] = regs->edi;
4535     env->regs[R_EBP] = regs->ebp;
4536     env->regs[R_ESP] = regs->esp;
4537     env->eip = regs->eip;
4538 #endif
4539 
4540     /* linux interrupt setup */
4541 #ifndef TARGET_ABI32
4542     env->idt.limit = 511;
4543 #else
4544     env->idt.limit = 255;
4545 #endif
4546     env->idt.base = target_mmap(0, sizeof(uint64_t) * (env->idt.limit + 1),
4547                                 PROT_READ|PROT_WRITE,
4548                                 MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4549     idt_table = g2h(env->idt.base);
4550     set_idt(0, 0);
4551     set_idt(1, 0);
4552     set_idt(2, 0);
4553     set_idt(3, 3);
4554     set_idt(4, 3);
4555     set_idt(5, 0);
4556     set_idt(6, 0);
4557     set_idt(7, 0);
4558     set_idt(8, 0);
4559     set_idt(9, 0);
4560     set_idt(10, 0);
4561     set_idt(11, 0);
4562     set_idt(12, 0);
4563     set_idt(13, 0);
4564     set_idt(14, 0);
4565     set_idt(15, 0);
4566     set_idt(16, 0);
4567     set_idt(17, 0);
4568     set_idt(18, 0);
4569     set_idt(19, 0);
4570     set_idt(0x80, 3);
4571 
4572     /* linux segment setup */
4573     {
4574         uint64_t *gdt_table;
4575         env->gdt.base = target_mmap(0, sizeof(uint64_t) * TARGET_GDT_ENTRIES,
4576                                     PROT_READ|PROT_WRITE,
4577                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4578         env->gdt.limit = sizeof(uint64_t) * TARGET_GDT_ENTRIES - 1;
4579         gdt_table = g2h(env->gdt.base);
4580 #ifdef TARGET_ABI32
4581         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4582                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4583                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4584 #else
4585         /* 64 bit code segment */
4586         write_dt(&gdt_table[__USER_CS >> 3], 0, 0xfffff,
4587                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4588                  DESC_L_MASK |
4589                  (3 << DESC_DPL_SHIFT) | (0xa << DESC_TYPE_SHIFT));
4590 #endif
4591         write_dt(&gdt_table[__USER_DS >> 3], 0, 0xfffff,
4592                  DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
4593                  (3 << DESC_DPL_SHIFT) | (0x2 << DESC_TYPE_SHIFT));
4594     }
4595     cpu_x86_load_seg(env, R_CS, __USER_CS);
4596     cpu_x86_load_seg(env, R_SS, __USER_DS);
4597 #ifdef TARGET_ABI32
4598     cpu_x86_load_seg(env, R_DS, __USER_DS);
4599     cpu_x86_load_seg(env, R_ES, __USER_DS);
4600     cpu_x86_load_seg(env, R_FS, __USER_DS);
4601     cpu_x86_load_seg(env, R_GS, __USER_DS);
4602     /* This hack makes Wine work... */
4603     env->segs[R_FS].selector = 0;
4604 #else
4605     cpu_x86_load_seg(env, R_DS, 0);
4606     cpu_x86_load_seg(env, R_ES, 0);
4607     cpu_x86_load_seg(env, R_FS, 0);
4608     cpu_x86_load_seg(env, R_GS, 0);
4609 #endif
4610 #elif defined(TARGET_AARCH64)
4611     {
4612         int i;
4613 
4614         if (!(arm_feature(env, ARM_FEATURE_AARCH64))) {
4615             fprintf(stderr,
4616                     "The selected ARM CPU does not support 64 bit mode\n");
4617             exit(EXIT_FAILURE);
4618         }
4619 
4620         for (i = 0; i < 31; i++) {
4621             env->xregs[i] = regs->regs[i];
4622         }
4623         env->pc = regs->pc;
4624         env->xregs[31] = regs->sp;
4625     }
4626 #elif defined(TARGET_ARM)
4627     {
4628         int i;
4629         cpsr_write(env, regs->uregs[16], CPSR_USER | CPSR_EXEC,
4630                    CPSRWriteByInstr);
4631         for(i = 0; i < 16; i++) {
4632             env->regs[i] = regs->uregs[i];
4633         }
4634 #ifdef TARGET_WORDS_BIGENDIAN
4635         /* Enable BE8.  */
4636         if (EF_ARM_EABI_VERSION(info->elf_flags) >= EF_ARM_EABI_VER4
4637             && (info->elf_flags & EF_ARM_BE8)) {
4638             env->uncached_cpsr |= CPSR_E;
4639             env->cp15.sctlr_el[1] |= SCTLR_E0E;
4640         } else {
4641             env->cp15.sctlr_el[1] |= SCTLR_B;
4642         }
4643 #endif
4644     }
4645 #elif defined(TARGET_UNICORE32)
4646     {
4647         int i;
4648         cpu_asr_write(env, regs->uregs[32], 0xffffffff);
4649         for (i = 0; i < 32; i++) {
4650             env->regs[i] = regs->uregs[i];
4651         }
4652     }
4653 #elif defined(TARGET_SPARC)
4654     {
4655         int i;
4656 	env->pc = regs->pc;
4657 	env->npc = regs->npc;
4658         env->y = regs->y;
4659         for(i = 0; i < 8; i++)
4660             env->gregs[i] = regs->u_regs[i];
4661         for(i = 0; i < 8; i++)
4662             env->regwptr[i] = regs->u_regs[i + 8];
4663     }
4664 #elif defined(TARGET_PPC)
4665     {
4666         int i;
4667 
4668 #if defined(TARGET_PPC64)
4669         int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
4670 #if defined(TARGET_ABI32)
4671         env->msr &= ~((target_ulong)1 << flag);
4672 #else
4673         env->msr |= (target_ulong)1 << flag;
4674 #endif
4675 #endif
4676         env->nip = regs->nip;
4677         for(i = 0; i < 32; i++) {
4678             env->gpr[i] = regs->gpr[i];
4679         }
4680     }
4681 #elif defined(TARGET_M68K)
4682     {
4683         env->pc = regs->pc;
4684         env->dregs[0] = regs->d0;
4685         env->dregs[1] = regs->d1;
4686         env->dregs[2] = regs->d2;
4687         env->dregs[3] = regs->d3;
4688         env->dregs[4] = regs->d4;
4689         env->dregs[5] = regs->d5;
4690         env->dregs[6] = regs->d6;
4691         env->dregs[7] = regs->d7;
4692         env->aregs[0] = regs->a0;
4693         env->aregs[1] = regs->a1;
4694         env->aregs[2] = regs->a2;
4695         env->aregs[3] = regs->a3;
4696         env->aregs[4] = regs->a4;
4697         env->aregs[5] = regs->a5;
4698         env->aregs[6] = regs->a6;
4699         env->aregs[7] = regs->usp;
4700         env->sr = regs->sr;
4701         ts->sim_syscalls = 1;
4702     }
4703 #elif defined(TARGET_MICROBLAZE)
4704     {
4705         env->regs[0] = regs->r0;
4706         env->regs[1] = regs->r1;
4707         env->regs[2] = regs->r2;
4708         env->regs[3] = regs->r3;
4709         env->regs[4] = regs->r4;
4710         env->regs[5] = regs->r5;
4711         env->regs[6] = regs->r6;
4712         env->regs[7] = regs->r7;
4713         env->regs[8] = regs->r8;
4714         env->regs[9] = regs->r9;
4715         env->regs[10] = regs->r10;
4716         env->regs[11] = regs->r11;
4717         env->regs[12] = regs->r12;
4718         env->regs[13] = regs->r13;
4719         env->regs[14] = regs->r14;
4720         env->regs[15] = regs->r15;
4721         env->regs[16] = regs->r16;
4722         env->regs[17] = regs->r17;
4723         env->regs[18] = regs->r18;
4724         env->regs[19] = regs->r19;
4725         env->regs[20] = regs->r20;
4726         env->regs[21] = regs->r21;
4727         env->regs[22] = regs->r22;
4728         env->regs[23] = regs->r23;
4729         env->regs[24] = regs->r24;
4730         env->regs[25] = regs->r25;
4731         env->regs[26] = regs->r26;
4732         env->regs[27] = regs->r27;
4733         env->regs[28] = regs->r28;
4734         env->regs[29] = regs->r29;
4735         env->regs[30] = regs->r30;
4736         env->regs[31] = regs->r31;
4737         env->sregs[SR_PC] = regs->pc;
4738     }
4739 #elif defined(TARGET_MIPS)
4740     {
4741         int i;
4742 
4743         for(i = 0; i < 32; i++) {
4744             env->active_tc.gpr[i] = regs->regs[i];
4745         }
4746         env->active_tc.PC = regs->cp0_epc & ~(target_ulong)1;
4747         if (regs->cp0_epc & 1) {
4748             env->hflags |= MIPS_HFLAG_M16;
4749         }
4750         if (((info->elf_flags & EF_MIPS_NAN2008) != 0) !=
4751             ((env->active_fpu.fcr31 & (1 << FCR31_NAN2008)) != 0)) {
4752             if ((env->active_fpu.fcr31_rw_bitmask &
4753                   (1 << FCR31_NAN2008)) == 0) {
4754                 fprintf(stderr, "ELF binary's NaN mode not supported by CPU\n");
4755                 exit(1);
4756             }
4757             if ((info->elf_flags & EF_MIPS_NAN2008) != 0) {
4758                 env->active_fpu.fcr31 |= (1 << FCR31_NAN2008);
4759             } else {
4760                 env->active_fpu.fcr31 &= ~(1 << FCR31_NAN2008);
4761             }
4762             restore_snan_bit_mode(env);
4763         }
4764     }
4765 #elif defined(TARGET_NIOS2)
4766     {
4767         env->regs[0] = 0;
4768         env->regs[1] = regs->r1;
4769         env->regs[2] = regs->r2;
4770         env->regs[3] = regs->r3;
4771         env->regs[4] = regs->r4;
4772         env->regs[5] = regs->r5;
4773         env->regs[6] = regs->r6;
4774         env->regs[7] = regs->r7;
4775         env->regs[8] = regs->r8;
4776         env->regs[9] = regs->r9;
4777         env->regs[10] = regs->r10;
4778         env->regs[11] = regs->r11;
4779         env->regs[12] = regs->r12;
4780         env->regs[13] = regs->r13;
4781         env->regs[14] = regs->r14;
4782         env->regs[15] = regs->r15;
4783         /* TODO: unsigned long  orig_r2; */
4784         env->regs[R_RA] = regs->ra;
4785         env->regs[R_FP] = regs->fp;
4786         env->regs[R_SP] = regs->sp;
4787         env->regs[R_GP] = regs->gp;
4788         env->regs[CR_ESTATUS] = regs->estatus;
4789         env->regs[R_EA] = regs->ea;
4790         /* TODO: unsigned long  orig_r7; */
4791 
4792         /* Emulate eret when starting thread. */
4793         env->regs[R_PC] = regs->ea;
4794     }
4795 #elif defined(TARGET_OPENRISC)
4796     {
4797         int i;
4798 
4799         for (i = 0; i < 32; i++) {
4800             cpu_set_gpr(env, i, regs->gpr[i]);
4801         }
4802         env->pc = regs->pc;
4803         cpu_set_sr(env, regs->sr);
4804     }
4805 #elif defined(TARGET_SH4)
4806     {
4807         int i;
4808 
4809         for(i = 0; i < 16; i++) {
4810             env->gregs[i] = regs->regs[i];
4811         }
4812         env->pc = regs->pc;
4813     }
4814 #elif defined(TARGET_ALPHA)
4815     {
4816         int i;
4817 
4818         for(i = 0; i < 28; i++) {
4819             env->ir[i] = ((abi_ulong *)regs)[i];
4820         }
4821         env->ir[IR_SP] = regs->usp;
4822         env->pc = regs->pc;
4823     }
4824 #elif defined(TARGET_CRIS)
4825     {
4826 	    env->regs[0] = regs->r0;
4827 	    env->regs[1] = regs->r1;
4828 	    env->regs[2] = regs->r2;
4829 	    env->regs[3] = regs->r3;
4830 	    env->regs[4] = regs->r4;
4831 	    env->regs[5] = regs->r5;
4832 	    env->regs[6] = regs->r6;
4833 	    env->regs[7] = regs->r7;
4834 	    env->regs[8] = regs->r8;
4835 	    env->regs[9] = regs->r9;
4836 	    env->regs[10] = regs->r10;
4837 	    env->regs[11] = regs->r11;
4838 	    env->regs[12] = regs->r12;
4839 	    env->regs[13] = regs->r13;
4840 	    env->regs[14] = info->start_stack;
4841 	    env->regs[15] = regs->acr;
4842 	    env->pc = regs->erp;
4843     }
4844 #elif defined(TARGET_S390X)
4845     {
4846             int i;
4847             for (i = 0; i < 16; i++) {
4848                 env->regs[i] = regs->gprs[i];
4849             }
4850             env->psw.mask = regs->psw.mask;
4851             env->psw.addr = regs->psw.addr;
4852     }
4853 #elif defined(TARGET_TILEGX)
4854     {
4855         int i;
4856         for (i = 0; i < TILEGX_R_COUNT; i++) {
4857             env->regs[i] = regs->regs[i];
4858         }
4859         for (i = 0; i < TILEGX_SPR_COUNT; i++) {
4860             env->spregs[i] = 0;
4861         }
4862         env->pc = regs->pc;
4863     }
4864 #elif defined(TARGET_HPPA)
4865     {
4866         int i;
4867         for (i = 1; i < 32; i++) {
4868             env->gr[i] = regs->gr[i];
4869         }
4870         env->iaoq_f = regs->iaoq[0];
4871         env->iaoq_b = regs->iaoq[1];
4872     }
4873 #else
4874 #error unsupported target CPU
4875 #endif
4876 
4877 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
4878     ts->stack_base = info->start_stack;
4879     ts->heap_base = info->brk;
4880     /* This will be filled in on the first SYS_HEAPINFO call.  */
4881     ts->heap_limit = 0;
4882 #endif
4883 
4884     if (gdbstub_port) {
4885         if (gdbserver_start(gdbstub_port) < 0) {
4886             fprintf(stderr, "qemu: could not open gdbserver on port %d\n",
4887                     gdbstub_port);
4888             exit(EXIT_FAILURE);
4889         }
4890         gdb_handlesig(cpu, 0);
4891     }
4892     cpu_loop(env);
4893     /* never exits */
4894     return 0;
4895 }
4896