diff options
| author |   Avi Kivity <avi@redhat.com> | 2010-07-08 16:06:59 +0300 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2010-07-08 16:06:59 +0300 |
| commit | 3dfce997a594182bbffeb8d9bdeed776c73bec2d (patch) | |
| tree | 3e4044b64aa0835a7230620d7eba6a47a13d0f44 | |
| parent | 4b1b0617b6f454b368a7f04786c0bc842253f849 (diff) | |
| parent | 3dbe0714dd24392aca8a86128acebc17316d452c (diff) | |
Merge branch 'stable-0.12' of git://git.sv.gnu.org/qemu into stable-0.12
* 'stable-0.12' of git://git.sv.gnu.org/qemu: (29 commits)
target-arm : fix parallel saturated subtraction implementation
target-arm : fix thumb2 parallel add/sub opcode decoding
target-arm: fix addsub/subadd implementation
target-i386: fix xchg rax,r8
block/vvfat.c: fix warnings with _FORTIFY_SOURCE
audio/alsa: Spelling typo (paramters)
target-mips: fix DINSU instruction
Correct definitions for FD_CMD_SAVE and FD_CMD_RESTORE
qcow2: Fix corruption after error in update_refcount
qcow2: Fix corruption after refblock allocation
block: Fix multiwrite with overlapping requests
qcow2: Fix error handling in l2_allocate
qcow2: Clear L2 table cache after write error
ide: Fix ide_dma_cancel
usb-bus: fix no params
Avoid crash on '-usbdevice <device>' without parameters
Fix -usbdevice crash
Fix multiboot compilation
Fix missing symbols in .rel/.rela.plt sections
target-ppc: fix RFI by clearing some bits of MSR
...
Signed-off-by: Avi Kivity <avi@redhat.com>
| -rw-r--r-- | aio.c | 4 | ||||
| -rw-r--r-- | audio/alsaaudio.c | 2 | ||||
| -rw-r--r-- | block.c | 16 | ||||
| -rw-r--r-- | block/qcow2-cluster.c | 26 | ||||
| -rw-r--r-- | block/qcow2-refcount.c | 15 | ||||
| -rw-r--r-- | block/vvfat.c | 9 | ||||
| -rw-r--r-- | hw/arm_timer.c | 4 | ||||
| -rw-r--r-- | hw/fdc.c | 4 | ||||
| -rw-r--r-- | hw/ide/core.c | 8 | ||||
| -rw-r--r-- | hw/pci.c | 4 | ||||
| -rw-r--r-- | hw/usb-bus.c | 9 | ||||
| -rw-r--r-- | hw/usb-msd.c | 3 | ||||
| -rw-r--r-- | hw/usb-net.c | 3 | ||||
| -rw-r--r-- | hw/usb-serial.c | 3 | ||||
| -rw-r--r-- | hw/virtio-blk.c | 15 | ||||
| -rw-r--r-- | i386.ld | 16 | ||||
| -rw-r--r-- | pc-bios/optionrom/linuxboot.S | 8 | ||||
| -rw-r--r-- | pc-bios/optionrom/optionrom.h | 32 | ||||
| -rw-r--r-- | qemu-img.c | 4 | ||||
| -rw-r--r-- | qemu-monitor.hx | 2 | ||||
| -rw-r--r-- | qemu-sockets.c | 3 | ||||
| -rw-r--r-- | target-arm/helper.c | 4 | ||||
| -rw-r--r-- | target-arm/op_addsub.h | 8 | ||||
| -rw-r--r-- | target-arm/translate.c | 4 | ||||
| -rw-r--r-- | target-i386/translate.c | 9 | ||||
| -rw-r--r-- | target-mips/translate.c | 2 | ||||
| -rw-r--r-- | target-ppc/helper.c | 1 | ||||
| -rw-r--r-- | target-ppc/op_helper.c | 6 | ||||
| -rw-r--r-- | x86_64.ld | 16 |
29 files changed, 173 insertions, 67 deletions
@@ -113,7 +113,9 @@ void qemu_aio_flush(void) qemu_aio_wait(); QLIST_FOREACH(node, &aio_handlers, node) { - ret |= node->io_flush(node->opaque); + if (node->io_flush) { + ret |= node->io_flush(node->opaque); + } } } while (qemu_bh_poll() || ret > 0); } diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c index 7698d1010..6a9b87aa7 100644 --- a/audio/alsaaudio.c +++ b/audio/alsaaudio.c @@ -665,7 +665,7 @@ static int alsa_open (int in, struct alsa_params_req *req, (obt->fmt != req->fmt || obt->nchannels != req->nchannels || obt->freq != req->freq)) { - dolog ("Audio paramters for %s\n", typ); + dolog ("Audio parameters for %s\n", typ); alsa_dump_info (req, obt); } @@ -1636,7 +1636,19 @@ static void multiwrite_cb(void *opaque, int ret) static int multiwrite_req_compare(const void *a, const void *b) { - return (((BlockRequest*) a)->sector - ((BlockRequest*) b)->sector); + const BlockRequest *req1 = a, *req2 = b; + + /* + * Note that we can't simply subtract req2->sector from req1->sector + * here as that could overflow the return value. + */ + if (req1->sector > req2->sector) { + return 1; + } else if (req1->sector < req2->sector) { + return -1; + } else { + return 0; + } } /* @@ -1699,7 +1711,7 @@ static int multiwrite_merge(BlockDriverState *bs, BlockRequest *reqs, // Add the second request qemu_iovec_concat(qiov, reqs[i].qiov, reqs[i].qiov->size); - reqs[outidx].nb_sectors += reqs[i].nb_sectors; + reqs[outidx].nb_sectors = qiov->size >> 9; reqs[outidx].qiov = qiov; mcb->callbacks[i].free_qiov = reqs[outidx].qiov; diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index c7057b166..b7a5b35f4 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -231,13 +231,6 @@ static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index) return NULL; } - /* update the L1 entry */ - - s->l1_table[l1_index] = l2_offset | QCOW_OFLAG_COPIED; - if (write_l1_entry(s, l1_index) < 0) { - return NULL; - } - /* allocate a new entry in the l2 cache */ min_index = l2_cache_new_entry(bs); @@ -251,13 +244,19 @@ static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index) if (bdrv_pread(s->hd, old_l2_offset, l2_table, s->l2_size * sizeof(uint64_t)) != s->l2_size * sizeof(uint64_t)) - return NULL; + goto fail; } /* write the l2 table to the file */ if (bdrv_pwrite(s->hd, l2_offset, l2_table, s->l2_size * sizeof(uint64_t)) != s->l2_size * sizeof(uint64_t)) - return NULL; + goto fail; + + /* update the L1 entry */ + s->l1_table[l1_index] = l2_offset | QCOW_OFLAG_COPIED; + if (write_l1_entry(s, l1_index) < 0) { + goto fail; + } /* update the l2 cache entry */ @@ -265,6 +264,10 @@ static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index) s->l2_cache_counts[min_index] = 1; return l2_table; + +fail: + qcow2_l2_cache_reset(bs); + return NULL; } static int count_contiguous_clusters(uint64_t nb_clusters, int cluster_size, @@ -672,8 +675,9 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m) (i << s->cluster_bits)) | QCOW_OFLAG_COPIED); } - if (write_l2_entries(s, l2_table, l2_offset, l2_index, m->nb_clusters) < 0) { - ret = -1; + ret = write_l2_entries(s, l2_table, l2_offset, l2_index, m->nb_clusters); + if (ret < 0) { + qcow2_l2_cache_reset(bs); goto err; } diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 5ebbcb63d..465d5d36e 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -215,8 +215,6 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index) /* Allocate the refcount block itself and mark it as used */ uint64_t new_block = alloc_clusters_noref(bs, s->cluster_size); - memset(s->refcount_block_cache, 0, s->cluster_size); - s->refcount_block_cache_offset = new_block; #ifdef DEBUG_ALLOC2 fprintf(stderr, "qcow2: Allocate refcount block %d for %" PRIx64 @@ -225,6 +223,10 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index) #endif if (in_same_refcount_block(s, new_block, cluster_index << s->cluster_bits)) { + /* Zero the new refcount block before updating it */ + memset(s->refcount_block_cache, 0, s->cluster_size); + s->refcount_block_cache_offset = new_block; + /* The block describes itself, need to update the cache */ int block_index = (new_block >> s->cluster_bits) & ((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1); @@ -236,6 +238,11 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index) if (ret < 0) { goto fail_block; } + + /* Initialize the new refcount block only after updating its refcount, + * update_refcount uses the refcount cache itself */ + memset(s->refcount_block_cache, 0, s->cluster_size); + s->refcount_block_cache_offset = new_block; } /* Now the new refcount block needs to be written to disk */ @@ -395,6 +402,10 @@ static int write_refcount_block_entries(BDRVQcowState *s, return 0; } + if (first_index < 0) { + return 0; + } + first_index &= ~(REFCOUNTS_PER_SECTOR - 1); last_index = (last_index + REFCOUNTS_PER_SECTOR) & ~(REFCOUNTS_PER_SECTOR - 1); diff --git a/block/vvfat.c b/block/vvfat.c index c1acb3586..592d6e6b6 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -868,7 +868,8 @@ static int init_directories(BDRVVVFATState* s, { direntry_t* entry=array_get_next(&(s->directory)); entry->attributes=0x28; /* archive | volume label */ - snprintf((char*)entry->name,11,"QEMU VVFAT"); + memcpy(entry->name,"QEMU VVF",8); + memcpy(entry->extension,"AT ",3); } /* Now build FAT, and write back information into directory */ @@ -2256,7 +2257,11 @@ static int commit_one_file(BDRVVVFATState* s, c = c1; } - ftruncate(fd, size); + if (ftruncate(fd, size)) { + perror("ftruncate()"); + close(fd); + return -4; + } close(fd); return commit_mappings(s, first_cluster, dir_index); diff --git a/hw/arm_timer.c b/hw/arm_timer.c index 9fef191cb..9073ffc00 100644 --- a/hw/arm_timer.c +++ b/hw/arm_timer.c @@ -71,7 +71,7 @@ static void arm_timer_recalibrate(arm_timer_state *s, int reload) { uint32_t limit; - if ((s->control & TIMER_CTRL_PERIODIC) == 0) { + if ((s->control & (TIMER_CTRL_PERIODIC | TIMER_CTRL_ONESHOT)) == 0) { /* Free running. */ if (s->control & TIMER_CTRL_32BIT) limit = 0xffffffff; @@ -113,7 +113,7 @@ static void arm_timer_write(void *opaque, target_phys_addr_t offset, case 1: freq >>= 4; break; case 2: freq >>= 8; break; } - arm_timer_recalibrate(s, 0); + arm_timer_recalibrate(s, s->control & TIMER_CTRL_ENABLE); ptimer_set_freq(s->timer, freq); if (s->control & TIMER_CTRL_ENABLE) { /* Restart the timer if still enabled. */ @@ -370,9 +370,9 @@ enum { FD_CMD_PART_ID = 0x18, FD_CMD_SCAN_LOW_OR_EQUAL = 0x19, FD_CMD_SCAN_HIGH_OR_EQUAL = 0x1d, - FD_CMD_SAVE = 0x2c, + FD_CMD_SAVE = 0x2e, FD_CMD_OPTION = 0x33, - FD_CMD_RESTORE = 0x4c, + FD_CMD_RESTORE = 0x4e, FD_CMD_DRIVE_SPECIFICATION_COMMAND = 0x8e, FD_CMD_RELATIVE_SEEK_OUT = 0x8f, FD_CMD_FORMAT_AND_WRITE = 0xcd, diff --git a/hw/ide/core.c b/hw/ide/core.c index 64aebc276..f9bb33877 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -2827,10 +2827,6 @@ static void ide_dma_restart(IDEState *s, int is_read) void ide_dma_cancel(BMDMAState *bm) { if (bm->status & BM_STATUS_DMAING) { - bm->status &= ~BM_STATUS_DMAING; - /* cancel DMA request */ - bm->unit = -1; - bm->dma_cb = NULL; if (bm->aiocb) { #ifdef DEBUG_AIO printf("aio_cancel\n"); @@ -2838,6 +2834,10 @@ void ide_dma_cancel(BMDMAState *bm) bdrv_aio_cancel(bm->aiocb); bm->aiocb = NULL; } + bm->status &= ~BM_STATUS_DMAING; + /* cancel DMA request */ + bm->unit = -1; + bm->dma_cb = NULL; } } @@ -320,7 +320,7 @@ static VMStateInfo vmstate_info_pci_config = { static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size) { - PCIDevice *s = container_of(pv, PCIDevice, config); + PCIDevice *s = container_of(pv, PCIDevice, irq_state); uint32_t irq_state[PCI_NUM_PINS]; int i; for (i = 0; i < PCI_NUM_PINS; ++i) { @@ -342,7 +342,7 @@ static int get_pci_irq_state(QEMUFile *f, void *pv, size_t size) static void put_pci_irq_state(QEMUFile *f, void *pv, size_t size) { int i; - PCIDevice *s = container_of(pv, PCIDevice, config); + PCIDevice *s = container_of(pv, PCIDevice, irq_state); for (i = 0; i < PCI_NUM_PINS; ++i) { qemu_put_be32(f, pci_irq_state(s, i)); diff --git a/hw/usb-bus.c b/hw/usb-bus.c index 54027dfc4..aae1fef7f 100644 --- a/hw/usb-bus.c +++ b/hw/usb-bus.c @@ -102,6 +102,9 @@ USBDevice *usb_create(USBBus *bus, const char *name) USBDevice *usb_create_simple(USBBus *bus, const char *name) { USBDevice *dev = usb_create(bus, name); + if (!dev) { + hw_error("Failed to create USB device '%s'\n", name); + } qdev_init_nofail(&dev->qdev); return dev; } @@ -261,7 +264,8 @@ USBDevice *usbdevice_create(const char *cmdline) USBBus *bus = usb_bus_find(-1 /* any */); DeviceInfo *info; USBDeviceInfo *usb; - char driver[32], *params; + char driver[32]; + const char *params; int len; params = strchr(cmdline,':'); @@ -272,6 +276,7 @@ USBDevice *usbdevice_create(const char *cmdline) len = sizeof(driver); pstrcpy(driver, len, cmdline); } else { + params = ""; pstrcpy(driver, sizeof(driver), cmdline); } @@ -294,7 +299,7 @@ USBDevice *usbdevice_create(const char *cmdline) } if (!usb->usbdevice_init) { - if (params) { + if (*params) { qemu_error("usbdevice %s accepts no params\n", driver); return NULL; } diff --git a/hw/usb-msd.c b/hw/usb-msd.c index 1fb62ad13..9d8d0443d 100644 --- a/hw/usb-msd.c +++ b/hw/usb-msd.c @@ -592,6 +592,9 @@ static USBDevice *usb_msd_init(const char *filename) /* create guest device */ dev = usb_create(NULL /* FIXME */, "usb-storage"); + if (!dev) { + return NULL; + } qdev_prop_set_drive(&dev->qdev, "drive", dinfo); if (qdev_init(&dev->qdev) < 0) return NULL; diff --git a/hw/usb-net.c b/hw/usb-net.c index cfd2f62e0..6875f112f 100644 --- a/hw/usb-net.c +++ b/hw/usb-net.c @@ -1491,6 +1491,9 @@ static USBDevice *usb_net_init(const char *cmdline) } dev = usb_create(NULL /* FIXME */, "usb-net"); + if (!dev) { + return NULL; + } qdev_set_nic_properties(&dev->qdev, &nd_table[idx]); qdev_init_nofail(&dev->qdev); return dev; diff --git a/hw/usb-serial.c b/hw/usb-serial.c index c3f340137..1410b11b2 100644 --- a/hw/usb-serial.c +++ b/hw/usb-serial.c @@ -594,6 +594,9 @@ static USBDevice *usb_serial_init(const char *filename) return NULL; dev = usb_create(NULL /* FIXME */, "usb-serial"); + if (!dev) { + return NULL; + } qdev_prop_set_chr(&dev->qdev, "chardev", cdrv); if (vendorid) qdev_prop_set_uint16(&dev->qdev, "vendorid", vendorid); diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c index 2fd9b3fba..0871d2024 100644 --- a/hw/virtio-blk.c +++ b/hw/virtio-blk.c @@ -278,10 +278,20 @@ static void do_multiwrite(BlockDriverState *bs, BlockRequest *blkreq, } } -static void virtio_blk_handle_flush(VirtIOBlockReq *req) +static void virtio_blk_handle_flush(BlockRequest *blkreq, int *num_writes, + VirtIOBlockReq *req, BlockDriverState **old_bs) { BlockDriverAIOCB *acb; + /* + * Make sure all outstanding writes are posted to the backing device. + */ + if (*old_bs != NULL) { + do_multiwrite(*old_bs, blkreq, *num_writes); + } + *num_writes = 0; + *old_bs = req->dev->bs; + acb = bdrv_aio_flush(req->dev->bs, virtio_blk_flush_complete, req); if (!acb) { virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR); @@ -344,7 +354,8 @@ static void virtio_blk_handle_request(VirtIOBlockReq *req, req->in = (void *)req->elem.in_sg[req->elem.in_num - 1].iov_base; if (req->out->type & VIRTIO_BLK_T_FLUSH) { - virtio_blk_handle_flush(req); + virtio_blk_handle_flush(mrb->blkreq, &mrb->num_writes, + req, &mrb->old_bs); } else if (req->out->type & VIRTIO_BLK_T_SCSI_CMD) { virtio_blk_handle_scsi(req); } else if (req->out->type & VIRTIO_BLK_T_OUT) { @@ -39,8 +39,20 @@ SECTIONS .rela.fini : { *(.rela.fini) } .rel.bss : { *(.rel.bss) } .rela.bss : { *(.rela.bss) } - .rel.plt : { *(.rel.plt) } - .rela.plt : { *(.rela.plt) } + .rel.plt : + { + *(.rel.plt) + PROVIDE_HIDDEN (__rel_iplt_start = .); + *(.rel.iplt) + PROVIDE_HIDDEN (__rel_iplt_end = .); + } + .rela.plt : + { + *(.rela.plt) + PROVIDE_HIDDEN (__rela_iplt_start = .); + *(.rela.iplt) + PROVIDE_HIDDEN (__rela_iplt_end = .); + } .init : { *(.init) } =0x47ff041f .text : { diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S index 8aebe51ee..c10936344 100644 --- a/pc-bios/optionrom/linuxboot.S +++ b/pc-bios/optionrom/linuxboot.S @@ -106,10 +106,10 @@ copy_kernel: /* We're now running in 16-bit CS, but 32-bit ES! */ /* Load kernel and initrd */ - read_fw_blob(FW_CFG_KERNEL) - read_fw_blob(FW_CFG_INITRD) - read_fw_blob(FW_CFG_CMDLINE) - read_fw_blob(FW_CFG_SETUP) + read_fw_blob_addr32(FW_CFG_KERNEL) + read_fw_blob_addr32(FW_CFG_INITRD) + read_fw_blob_addr32(FW_CFG_CMDLINE) + read_fw_blob_addr32(FW_CFG_SETUP) /* And now jump into Linux! */ mov $0, %eax diff --git a/pc-bios/optionrom/optionrom.h b/pc-bios/optionrom/optionrom.h index 4dcb90645..fbdd48a02 100644 --- a/pc-bios/optionrom/optionrom.h +++ b/pc-bios/optionrom/optionrom.h @@ -50,13 +50,7 @@ bswap %eax .endm -/* - * Read a blob from the fw_cfg device. - * Requires _ADDR, _SIZE and _DATA values for the parameter. - * - * Clobbers: %eax, %edx, %es, %ecx, %edi - */ -#define read_fw_blob(var) \ +#define read_fw_blob_pre(var) \ read_fw var ## _ADDR; \ mov %eax, %edi; \ read_fw var ## _SIZE; \ @@ -65,10 +59,32 @@ mov $BIOS_CFG_IOPORT_CFG, %edx; \ outw %ax, (%dx); \ mov $BIOS_CFG_IOPORT_DATA, %dx; \ - cld; \ + cld + +/* + * Read a blob from the fw_cfg device. + * Requires _ADDR, _SIZE and _DATA values for the parameter. + * + * Clobbers: %eax, %edx, %es, %ecx, %edi + */ +#define read_fw_blob(var) \ + read_fw_blob_pre(var); \ /* old as(1) doesn't like this insn so emit the bytes instead: \ rep insb (%dx), %es:(%edi); \ */ \ + .dc.b 0xf3,0x6c + +/* + * Read a blob from the fw_cfg device in forced addr32 mode. + * Requires _ADDR, _SIZE and _DATA values for the parameter. + * + * Clobbers: %eax, %edx, %es, %ecx, %edi + */ +#define read_fw_blob_addr32(var) \ + read_fw_blob_pre(var); \ + /* old as(1) doesn't like this insn so emit the bytes instead: \ + addr32 rep insb (%dx), %es:(%edi); \ + */ \ .dc.b 0x67,0xf3,0x6c #define OPTION_ROM_START \ diff --git a/qemu-img.c b/qemu-img.c index 1d97f2ebf..2824178ae 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -537,7 +537,7 @@ static int img_convert(int argc, char **argv) BlockDriverState **bs, *out_bs; int64_t total_sectors, nb_sectors, sector_num, bs_offset; uint64_t bs_sectors; - uint8_t buf[IO_BUF_SIZE]; + uint8_t * buf; const uint8_t *buf1; BlockDriverInfo bdi; QEMUOptionParameter *param = NULL; @@ -656,6 +656,7 @@ static int img_convert(int argc, char **argv) bs_i = 0; bs_offset = 0; bdrv_get_geometry(bs[0], &bs_sectors); + buf = qemu_malloc(IO_BUF_SIZE); if (flags & BLOCK_FLAG_COMPRESS) { if (bdrv_get_info(out_bs, &bdi) < 0) @@ -788,6 +789,7 @@ static int img_convert(int argc, char **argv) } } } + qemu_free(buf); bdrv_delete(out_bs); for (bs_i = 0; bs_i < bs_n; bs_i++) bdrv_delete(bs[bs_i]); diff --git a/qemu-monitor.hx b/qemu-monitor.hx index 9e3ea3cfb..58cb0567f 100644 --- a/qemu-monitor.hx +++ b/qemu-monitor.hx @@ -888,7 +888,7 @@ ETEXI .name = "balloon", .args_type = "value:M", .params = "target", - .help = "request VM to change it's memory allocation (in MB)", + .help = "request VM to change its memory allocation (in MB)", .user_print = monitor_user_noop, .mhandler.cmd_new = do_balloon, }, diff --git a/qemu-sockets.c b/qemu-sockets.c index a88b2a77f..993ce1215 100644 --- a/qemu-sockets.c +++ b/qemu-sockets.c @@ -130,7 +130,8 @@ int inet_listen_opts(QemuOpts *opts, int port_offset) ai.ai_family = PF_UNSPEC; ai.ai_socktype = SOCK_STREAM; - if (qemu_opt_get(opts, "port") == NULL) { + if ((qemu_opt_get(opts, "host") == NULL) || + (qemu_opt_get(opts, "port") == NULL)) { fprintf(stderr, "%s: host and/or port not specified\n", __FUNCTION__); return -1; } diff --git a/target-arm/helper.c b/target-arm/helper.c index b3aec9944..9a30ef181 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -2043,7 +2043,7 @@ static inline uint16_t add16_usat(uint16_t a, uint16_t b) static inline uint16_t sub16_usat(uint16_t a, uint16_t b) { - if (a < b) + if (a > b) return a - b; else return 0; @@ -2060,7 +2060,7 @@ static inline uint8_t add8_usat(uint8_t a, uint8_t b) static inline uint8_t sub8_usat(uint8_t a, uint8_t b) { - if (a < b) + if (a > b) return a - b; else return 0; diff --git a/target-arm/op_addsub.h b/target-arm/op_addsub.h index 29f77ba18..c02c92adf 100644 --- a/target-arm/op_addsub.h +++ b/target-arm/op_addsub.h @@ -73,8 +73,8 @@ uint32_t HELPER(glue(PFX,subaddx))(uint32_t a, uint32_t b GE_ARG) uint32_t res = 0; DECLARE_GE; - ADD16(a, b, 0); - SUB16(a >> 16, b >> 16, 1); + ADD16(a, b >> 16, 0); + SUB16(a >> 16, b, 1); SET_GE; return res; } @@ -84,8 +84,8 @@ uint32_t HELPER(glue(PFX,addsubx))(uint32_t a, uint32_t b GE_ARG) uint32_t res = 0; DECLARE_GE; - SUB16(a, b, 0); - ADD16(a >> 16, b >> 16, 1); + SUB16(a, b >> 16, 0); + ADD16(a >> 16, b, 1); SET_GE; return res; } diff --git a/target-arm/translate.c b/target-arm/translate.c index 45bf77256..d910f72fa 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -561,7 +561,7 @@ static void gen_arm_parallel_addsub(int op1, int op2, TCGv a, TCGv b) /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */ #define PAS_OP(pfx) \ - switch (op2) { \ + switch (op1) { \ case 0: gen_pas_helper(glue(pfx,add8)); break; \ case 1: gen_pas_helper(glue(pfx,add16)); break; \ case 2: gen_pas_helper(glue(pfx,addsubx)); break; \ @@ -573,7 +573,7 @@ static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv a, TCGv b) { TCGv_ptr tmp; - switch (op1) { + switch (op2) { #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp) case 0: tmp = tcg_temp_new_ptr(); diff --git a/target-i386/translate.c b/target-i386/translate.c index 3de65bd1d..43aa54f14 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -5296,6 +5296,7 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) break; case 0x91 ... 0x97: /* xchg R, EAX */ + do_xchg_reg_eax: ot = dflag + OT_WORD; reg = (b & 7) | REX_B(s); rm = R_EAX; @@ -6666,10 +6667,14 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) /************************/ /* misc */ case 0x90: /* nop */ - /* XXX: xchg + rex handling */ /* XXX: correct lock test for all insn */ - if (prefixes & PREFIX_LOCK) + if (prefixes & PREFIX_LOCK) { goto illegal_op; + } + /* If REX_B is set, then this is xchg eax, r8d, not a nop. */ + if (REX_B(s)) { + goto do_xchg_reg_eax; + } if (prefixes & PREFIX_REPZ) { gen_svm_check_intercept(s, pc_start, SVM_EXIT_PAUSE); } diff --git a/target-mips/translate.c b/target-mips/translate.c index f811f50c7..43f5bb944 100644 --- a/target-mips/translate.c +++ b/target-mips/translate.c @@ -2761,7 +2761,7 @@ static void gen_bitops (DisasContext *ctx, uint32_t opc, int rt, case OPC_DINSU: if (lsb > msb) goto fail; - mask = ((1ULL << (msb - lsb + 1)) - 1) << lsb; + mask = ((1ULL << (msb - lsb + 1)) - 1) << (lsb + 32); gen_load_gpr(t0, rt); tcg_gen_andi_tl(t0, t0, ~mask); tcg_gen_shli_tl(t1, t1, lsb + 32); diff --git a/target-ppc/helper.c b/target-ppc/helper.c index d6197377b..ba320e317 100644 --- a/target-ppc/helper.c +++ b/target-ppc/helper.c @@ -2067,7 +2067,6 @@ static inline void powerpc_excp(CPUState *env, int excp_model, int excp) srr1 = SPR_SRR1; asrr0 = -1; asrr1 = -1; - msr &= ~((target_ulong)0x783F0000); switch (excp) { case POWERPC_EXCP_NONE: /* Should never happen */ diff --git a/target-ppc/op_helper.c b/target-ppc/op_helper.c index e3bd29cc1..ee8d8bf86 100644 --- a/target-ppc/op_helper.c +++ b/target-ppc/op_helper.c @@ -1646,20 +1646,20 @@ static inline void do_rfi(target_ulong nip, target_ulong msr, void helper_rfi (void) { do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1], - ~((target_ulong)0x0), 1); + ~((target_ulong)0x783F0000), 1); } #if defined(TARGET_PPC64) void helper_rfid (void) { do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1], - ~((target_ulong)0x0), 0); + ~((target_ulong)0x783F0000), 0); } void helper_hrfid (void) { do_rfi(env->spr[SPR_HSRR0], env->spr[SPR_HSRR1], - ~((target_ulong)0x0), 0); + ~((target_ulong)0x783F0000), 0); } #endif #endif @@ -35,8 +35,20 @@ SECTIONS .rela.got : { *(.rela.got) } .rel.bss : { *(.rel.bss .rel.bss.* .rel.gnu.linkonce.b.*) } .rela.bss : { *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) } - .rel.plt : { *(.rel.plt) } - .rela.plt : { *(.rela.plt) } + .rel.plt : + { + *(.rel.plt) + PROVIDE_HIDDEN (__rel_iplt_start = .); + *(.rel.iplt) + PROVIDE_HIDDEN (__rel_iplt_end = .); + } + .rela.plt : + { + *(.rela.plt) + PROVIDE_HIDDEN (__rela_iplt_start = .); + *(.rela.iplt) + PROVIDE_HIDDEN (__rela_iplt_end = .); + } .init : { KEEP (*(.init)) |