ICEBP generates a trap-like exception, while gen_exception() produces
a fault. Resurrect gen_update_eip_next() to implement the desired
semantics.
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/helper.h | 1 +
target/i386/tcg/helper-tcg.h | 12 ++
DR7.GD triggers a #DB exception on any access to debug registers.
The GD bit is cleared so that the #DB handler itself can access
the debug registers.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/sysemu/bpt_helper.c | 12
1 file changed, 12 insertions(+)
diff --git a/target/i38
From: Mark Cave-Ayland
This will make subsequent changes a little easier to read.
Signed-off-by: Mark Cave-Ayland
Message-ID: <20240606095319.229650-2-mark.cave-ayl...@ilande.co.uk>
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/emit.c.inc | 6 --
1 file changed, 4 insertions(+), 2 dele
HLT uses DISAS_NORETURN because the corresponding helper calls
cpu_loop_exit(). However, while gen_eob() clears HF_RF_MASK and
synthesizes a #DB exception if single-step is active, none of this is
done by HLT. Note that the single-step trap is generated after the halt
is finished.
Signed-off-by:
When preparing an exception stack frame for a fault exception, the value
pushed for RF is 1. Take that into account. The same should be true
of interrupts for repeated string instructions, but the situation there
is complicated.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/seg_helper.c | 4
>From vm entry to exit, VMRUN is handled as a single instruction. It
uses DISAS_NORETURN in order to avoid processing TF or RF before
the first instruction executes in the guest. However, the corresponding
handling is missing in vmexit. Add it, and at the same time reorganize
the comments with q
Use decode.c's support for intercepts, doing the check in TCG-generated
code rather than the helper. This is cleaner because it allows removing
the eip_addend argument to helper_hlt().
Signed-off-by: Paolo Bonzini
---
target/i386/helper.h | 2 +-
target/i386/tcg/sysemu/misc_hel
The following changes since commit f1572ab94738bd5787b7badcd4bd93a3657f0680:
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
(2024-06-05 07:45:23 -0700)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch c
From: Mark Cave-Ayland
Instead of directly implementing the writeback using gen_op_st_v(), use the
existing gen_writeback() function.
Suggested-by: Paolo Bonzini
Signed-off-by: Mark Cave-Ayland
Message-ID: <20240606095319.229650-3-mark.cave-ayl...@ilande.co.uk>
Signed-off-by: Paolo Bonzini
--
From: Xin Li
Report secondary vm-exit controls and the VMX controls used to
save/load FRED MSRs.
Tested-by: Shan Kang
Signed-off-by: Xin Li
Message-ID: <20231109072012.8078-5-xin3...@intel.com>
Signed-off-by: Paolo Bonzini
---
scripts/kvm/vmxcap | 12
1 file changed, 12 insertio
Use decode.c's support for intercepts, doing the check in TCG-generated
code rather than the helper. This is cleaner because it allows removing
the eip_addend argument to helper_pause(), even though it adds a bit of
bloat for opcode 0x90's new decoding function.
Signed-off-by: Paolo Bonzini
---
PAUSE uses DISAS_NORETURN because the corresponding helper
calls cpu_loop_exit(). However, while HLT clear HF_INHIBIT_IRQ_MASK
to correctly handle "STI; HLT", the same is missing from PAUSE.
And also gen_eob() clears HF_RF_MASK and synthesizes a #DB exception
if single-step is active; none of this
Now that Ubuntu 20.04 is not included anymore, there is no need to ship
it as part of QEMU; Ubuntu 22.04 includes it and Leap users anyway
need to install all the required dependencies from PyPI.
This mostly reverts commit ec77ee7634de123b7c899739711000fd21dab68b,
with just some changes to the wor
From: Xin Li
The CR4.FRED bit, i.e., CR4[32], is no longer a reserved bit when FRED
is exposed to guests, otherwise it is still a reserved bit.
Tested-by: Shan Kang
Signed-off-by: Xin Li
Reviewed-by: Zhao Liu
Message-ID: <20231109072012.8078-3-xin3...@intel.com>
Signed-off-by: Paolo Bonzini
From: Zhao Liu
Compiling without system, user, tools or guest-agent fails with the
following error message:
./configure --disable-system --disable-user --disable-tools \
--disable-guest-agent
error message:
/usr/bin/ld: libqemuutil.a.p/util_error-report.c.o: in function `error_printf':
/media/
If the required DR7 (either from the VMCB or from the host save
area) disables a breakpoint that was enabled prior to vmentry
or vmexit, it is left enabled and will trigger EXCP_DEBUG.
This causes a spurious #DB on the next crossing of the breakpoint.
To disable it, vmentry/vmexit must use cpu_x86
From: Kevin Wolf
Before this commit, scsi-disk accepts a string of arbitrary length for
its "serial" property. However, the value visible on the guest is
actually truncated to 36 characters. This limitation doesn't come from
the SCSI specification, it is an arbitrary limit that was initially
pick
From: Phil Dennis-Jordan
When interrupting a vCPU thread, this patch actually tells the hypervisor to
stop running guest code on that vCPU.
Calling hv_vcpu_interrupt actually forces a vCPU exit, analogously to
hv_vcpus_exit on aarch64. Alternatively, if the vCPU thread
is not
running the VM, it
Otherwise, starting any guest on a non-Linux guests results in
qemu-system-arm: Couldn't set property 'merge' on 'memory-backend-ram': Invalid
argument
Cc: Michal Privoznik
Signed-off-by: Paolo Bonzini
---
hw/core/machine.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a
From: Xin Li
FRED, i.e., the Intel flexible return and event delivery architecture,
defines simple new transitions that change privilege level (ring
transitions).
The new transitions defined by the FRED architecture are FRED event
delivery and, for returning from events, two FRED return instruct
No semantic change, just simpler control flow.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Paolo Bonzini
---
backends/hostmem.c | 22 --
1 file changed, 8 insertions(+), 14 deletions(-)
diff --git a/backends/hostmem.c b/backends/hostmem.c
index 6da3d7383e3..4e5576a4a
From: Zhao Liu
Different versions of PC machine support different maximum vCPUs, and
even different features have limits on the maximum number of vCPUs (
For example, if x2apic is not enabled in the TCG case, the maximum of
255 vCPUs are supported).
It is difficult to list the maximum vCPUs unde
From: Mark Cave-Ayland
When OS/2 Warp configures its segment descriptors, many of them are configured
with
the P flag clear to allow for a fault-on-demand implementation. In the case
where
the stack value is POPped into the segment registers, the SP is incremented
before
calling gen_helper_loa
From: Michal Privoznik
Not every OS is capable of madvise() or posix_madvise() even. In
that case, errno should be set to ENOSYS as it reflects the cause
better.
Signed-off-by: Michal Privoznik
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: David Hildenbrand
Message-ID:
Signed-off-by: Pao
From: Michal Privoznik
The unspoken premise of qemu_madvise() is that errno is set on
error. And it is mostly the case except for posix_madvise() which
is documented to return either zero (on success) or a positive
error number. This means, we must set errno ourselves. And while
at it, make the f
This was used to bootstrap the venv with a TOML parser, after which
ensuregroup is used. Now that we expect it to be present as a system
package (either tomli or, for Python 3.11, tomllib), it is not needed
anymore.
Note that this means that, when implemented, the hypothetical "isolated"
mode tha
From: Xin Li
FRED CPU states are managed in 9 new FRED MSRs, in addtion to a few
existing CPU registers and MSRs, e.g., CR4.FRED and MSR_IA32_PL0_SSP.
Save/restore/migrate FRED MSRs if FRED is exposed to the guest.
Tested-by: Shan Kang
Signed-off-by: Xin Li
Message-ID: <20231109072012.8078-7-
From: Phil Dennis-Jordan
macOS 10.15 introduced the more efficient hv_vcpu_run_until() function
to supersede hv_vcpu_run(). According to the documentation, there is no
longer any reason to use the latter on modern host OS versions, especially
after 11.0 added support for an indefinite deadline.
From: Michal Privoznik
On Darwin, posix_madvise() has the same return semantics as plain
madvise() [1]. That's not really what our usage expects.
Fortunately, madvise() is available and preferred anyways so we
may stop detecting posix_madvise() on Darwin.
1:
https://opensource.apple.com/source/
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/sysemu/bpt_helper.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/target/i386/tcg/sysemu/bpt_helper.c
b/target/i386/tcg/sysemu/bpt_helper.c
index c1d5fce250c..b29acf41c38 100644
--- a/target/i386/tcg/sysemu/bpt_helper.c
+++ b/target/i3
From: John Allen
Add cpuid bit definition for the SUCCOR feature. This cpuid bit is required to
be exposed to guests to allow them to handle machine check exceptions on AMD
hosts.
v2:
- Add "succor" feature word.
- Add case to kvm_arch_get_supported_cpuid for the SUCCOR feature.
Report
From: Xin Li
Allow VMX nested-exception support to be exposed in KVM guests, thus
nested KVM guests can enumerate it.
Tested-by: Shan Kang
Signed-off-by: Xin Li
Message-ID: <20231109072012.8078-6-xin3...@intel.com>
Signed-off-by: Paolo Bonzini
---
target/i386/cpu.h | 1 +
target/i386/cpu.c
From: Mark Cave-Ayland
The calculation of FrameTemp is done using the size indicated by mo_pushpop()
before being written back to EBP, but the final writeback to EBP is done using
the size indicated by mo_stacksize().
In the case where mo_pushpop() is MO_32 and mo_stacksize() is MO_16 then the
f
Detect early unsupported MADV_MERGEABLE and MADV_DONTDUMP, and print a clearer
error message that points to the deficiency of the host.
Cc: Michal Privoznik
Signed-off-by: Paolo Bonzini
---
backends/hostmem.c | 16
hw/core/machine.c | 8
2 files changed, 24 insertion
From: Michal Privoznik
If memory-backend-{file,ram} has a size that's not aligned to
underlying page size it is not only wasteful, but also may lead
to hard to debug behaviour. For instance, in case
memory-backend-file and hugepages, madvise() and mbind() fail.
Rightfully so, page is the smallest
From: Phil Dennis-Jordan
When a macOS Hypervisor.framework call fails which is checked by
assert_hvf_ok(), Qemu exits printing the error value, but not the
location
in the code, as regular assert() macro expansions would.
This change turns assert_hvf_ok() into a macro similar to other
assertions
DISAS_NORETURN suppresses the work normally done by gen_eob(), and therefore
must be used in special cases only. Document them.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/target/i386/tcg/translate.c b/target/i386
From: John Allen
Add cpuid bit definition for overflow recovery. This is needed in the case
where a deferred error has been sent to the guest, a guest process accesses the
poisoned memory, but the machine_check_poll function has not yet handled the
original deferred error. If overflow recovery is
From: John Allen
For the most part, AMD hosts can use the same MCE injection code as Intel, but
there are instances where the qemu implementation is Intel specific. First, MCE
delivery works differently on AMD and does not support broadcast. Second,
kvm_mce_inject generates MCEs that include a nu
Avoid using set_cc_op() in preparation for implementing APX; treat
CC_OP_EFLAGS similar to the case where we have the "opposite" cc_op
(CC_OP_ADOX for ADCX and CC_OP_ADCX for ADOX), except the resulting
cc_op is not CC_OP_ADCOX. This is written easily as two "if"s, whose
conditions are both false f
Just like in previous installments, this series ends with a specific
thing that is now done entirely in the new decoder. After removing
the legacy prefix decoding in the previous series, now it's _all_ decoding
that is done by decode-new.c.inc. Most two byte opcodes are converted,
leaving out onl
This makes for easier cpu_cc_* setup, and not using set_cc_op()
should come in handy if QEMU ever implements APX.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.c.inc | 4 ++--
target/i386/tcg/emit.c.inc | 24 +---
2 files changed, 11 insertions(+), 17 del
Aesthetic change only.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.c.inc | 93
1 file changed, 46 insertions(+), 47 deletions(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 4c567911f41..4e745f10dd8 10064
SYSENTER is allowed in VM86 mode, but not in real mode. Split the check
so that PE and !VM86 are covered by separate bits.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 8 ++--
target/i386/tcg/decode-new.c.inc | 9 +++--
2 files changed, 13 insertions(+), 4 deletio
This is a bit more generic, as it can be applied to MPX as well.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 5 +++--
target/i386/tcg/decode-new.c.inc | 12
target/i386/tcg/emit.c.inc | 3 ++-
3 files changed, 9 insertions(+), 11 deletions(-)
diff --
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/translate.c | 74
target/i386/tcg/decode-new.c.inc | 51 +++-
target/i386/tcg/emit.c.inc | 82
4 files changed, 132 in
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 35
target/i386/tcg/decode-new.c.inc | 3 ++-
target/i386/tcg/emit.c.inc | 24 ++
3 files changed, 26 insertions(+), 36 deletions(-)
diff --git a/target/i386/tcg/transl
CPUX86State argument would only be used to fetch bytes, but that has to be
done before the generator function is called. So remove it, and all
temptation together with it.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 2 +-
target/i386/tcg/decode-new.c.inc | 4 +-
targ
Complete implementation of C and D operand types, then the operations
are just MOVs.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 79
target/i386/tcg/decode-new.c.inc | 53 +++--
target/i386/tcg/emit.c.inc | 20 +++
All other control registers are stored plainly in CPUX86State.
Signed-off-by: Paolo Bonzini
---
target/i386/helper.h | 2 +-
target/i386/tcg/sysemu/misc_helper.c | 20 +---
target/i386/tcg/emit.c.inc | 2 +-
3 files changed, 7 insertions(+), 17 deletio
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 79
target/i386/tcg/decode-new.c.inc | 3 +-
target/i386/tcg/emit.c.inc | 51 +
3 files changed, 53 insertions(+), 80 deletions(-)
diff --git a/target/i386/tcg/translat
There are now relatively few unconverted opcodes in translate.c (there
are 13 of them including 8 for x87), and all of them have the same
format with a mod/rm byte and no immediate. A good next step is
to remove the early bail out to disas_insn_x87/disas_insn_old,
instead giving these legacy trans
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/decode-new.c.inc | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index 46a96b220d0..8465717ea21 100644
--- a/target/i386/tc
I am not sure why I made it use T1. It is a bit more symmetric with
respect to X86_ENTRYwr (which uses T0 for the "w"ritten operand
and T1 for the "r"ead operand), but it is also less flexible because it
does not let you apply zextT0/sextT0.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/deco
Use gen_ld_modrm/gen_st_modrm, moving them and gen_shift_flags to the
caller. This way, gen_shiftd_rm_T1 becomes something that the new
decoder can call.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 55 ++---
1 file changed, 14 insertions(+), 41
This is already partly implemented due to VLDMXCSR and VSTMXCSR; finish
the job.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 7 ++
target/i386/tcg/translate.c | 188 ---
target/i386/tcg/decode-new.c.inc | 48 +++-
target/i386/tcg/em
It is already checked before getting there.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 26 --
1 file changed, 8 insertions(+), 18 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 67f2e792166..ee5ef3ccbc6 100644
Group them so that it is easier to figure out which two-byte opcodes to
tackle together.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.c.inc | 18 ++
1 file changed, 18 insertions(+)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
i
Use the same flag generation code as SHL and SHR, but use
the existing gen_shiftd_rm_T1 function to compute the result
as well as CC_SRC.
Decoding-wise, SHLD/SHRD by immediate count as a 4 operand
instruction because s->T0 and s->T1 actually occupy three op
slots. The infrastructure used by opcod
With the introduction of tcg_gen_ext_tl, most uses can be converted directly
because they do not have a NULL destination. tcg_gen_ext_tl is able to drop
no-ops like "tcg_gen_ext_tl(tcgv, tcgv, MO_TL)" just fine, and the only thing
that gen_ext_tl was adding on top was avoiding the creation of a us
SHLD/SHRD can have 3 register operands - s->T0, s->T1 and either
1 or CL - and therefore decode->op[2] is taken by the low part
of the register being shifted. Pass X86_OP_* to gen_shift_count
from its current callers and hardcode cpu_regs[R_ECX] as the
shift count.
Signed-off-by: Paolo Bonzini
-
These have very simple generators and no need for complex group
decoding. Apart from LAR/LSL which are simplified to use
gen_op_deposit_reg_v and movcond, the code is generally lifted
from translate.c into the generators.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 7 +
Just like X86_ENTRYr, X86_ENTRYwr is easily changed to use only T0.
In this case, the motivation is to use it for the MOV instruction
family. The case when you need to preserve the input value is the
odd one, as it is used basically only for BLS* instructions.
Signed-off-by: Paolo Bonzini
---
t
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 3 +
target/i386/tcg/translate.c | 147 +--
target/i386/tcg/decode-new.c.inc | 45 +++---
target/i386/tcg/emit.c.inc | 130 ++-
4 files changed, 166 insertions
Now all decoding has been done before any code generation.
There is no need anymore to save and restore cc_op* and
pc_save but, for the time being, assert that this is indeed
the case.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 12 +++-
1 file changed, 3 insertions(+)
There is a bug reproducer in the attachment.
On 6/7/24 17:00, Alexander Ivanov wrote:
In some cases, the NBD server can be stopped before
nbd_blockdev_client_closed() is called, causing the nbd_server variable
to be nullified. This leads to a NULL pointer dereference when accessing
nbd_server.
On 6/8/24 01:40, Paolo Bonzini wrote:
CPUX86State argument would only be used to fetch bytes, but that has to be
done before the generator function is called. So remove it, and all
temptation together with it.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 2 +-
target
On Fri, Jun 7, 2024 at 8:23 AM Peter Maydell
wrote:
> On Fri, 31 May 2024 at 19:16, Cord Amfmgm wrote:
> > On Fri, May 31, 2024 at 9:03 AM Peter Maydell
> wrote:
> >> What I would like to see is what we could classify under
> >> "rationale", which is to say "what prompted us to make this
> >> c
On 6/8/24 01:40, Paolo Bonzini wrote:
Avoid using set_cc_op() in preparation for implementing APX; treat
CC_OP_EFLAGS similar to the case where we have the "opposite" cc_op
(CC_OP_ADOX for ADCX and CC_OP_ADCX for ADOX), except the resulting
cc_op is not CC_OP_ADCOX. This is written easily as two
On 6/8/24 01:40, Paolo Bonzini wrote:
This makes for easier cpu_cc_* setup, and not using set_cc_op()
should come in handy if QEMU ever implements APX.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.c.inc | 4 ++--
target/i386/tcg/emit.c.inc | 24 +---
On 6/8/24 01:40, Paolo Bonzini wrote:
I am not sure why I made it use T1. It is a bit more symmetric with
respect to X86_ENTRYwr (which uses T0 for the "w"ritten operand
and T1 for the "r"ead operand), but it is also less flexible because it
does not let you apply zextT0/sextT0.
Signed-off-by:
On 6/8/24 01:40, Paolo Bonzini wrote:
Just like X86_ENTRYr, X86_ENTRYwr is easily changed to use only T0.
In this case, the motivation is to use it for the MOV instruction
family. The case when you need to preserve the input value is the
odd one, as it is used basically only for BLS* instruction
On 6/8/24 01:40, Paolo Bonzini wrote:
This is a bit more generic, as it can be applied to MPX as well.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 5 +++--
target/i386/tcg/decode-new.c.inc | 12
target/i386/tcg/emit.c.inc | 3 ++-
3 files changed
On 6/8/24 01:40, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/decode-new.c.inc | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson
r~
On 6/8/24 01:40, Paolo Bonzini wrote:
Complete implementation of C and D operand types, then the operations
are just MOVs.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 79
target/i386/tcg/decode-new.c.inc | 53 +++--
tar
On 6/8/24 01:40, Paolo Bonzini wrote:
Aesthetic change only.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.c.inc | 93
1 file changed, 46 insertions(+), 47 deletions(-)
Reviewed-by: Richard Henderson
r~
On 6/8/24 01:40, Paolo Bonzini wrote:
+static void gen_FXRSTOR(DisasContext *s, X86DecodedInsn *decode)
+{
+if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
+gen_NM_exception(s);
+}
+gen_helper_fxrstor(tcg_env, s->A0);
+}
+
+static void gen_FXSAVE(DisasContext *s, X86
On 6/8/24 01:40, Paolo Bonzini wrote:
All other control registers are stored plainly in CPUX86State.
s/stored/read/
Reviewed-by: Richard Henderson
r~
On 6/8/24 01:41, Paolo Bonzini wrote:
SYSENTER is allowed in VM86 mode, but not in real mode. Split the check
so that PE and !VM86 are covered by separate bits.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 8 ++--
target/i386/tcg/decode-new.c.inc | 9 +++--
2
On 6/8/24 01:41, Paolo Bonzini wrote:
These have very simple generators and no need for complex group
decoding. Apart from LAR/LSL which are simplified to use
gen_op_deposit_reg_v and movcond, the code is generally lifted
from translate.c into the generators.
Signed-off-by: Paolo Bonzini
---
On 6/8/24 01:41, Paolo Bonzini wrote:
-if (mod != 3) {
-AddressParts a = gen_lea_modrm_0(env, s, modrm);
-/* specific case: we need to add a displacement */
-gen_exts(ot, s->T1);
-tcg_gen_sari_tl(s->tmp0, s->T1, 3 + ot);
-tcg_gen
On 6/8/24 01:41, Paolo Bonzini wrote:
Use gen_ld_modrm/gen_st_modrm, moving them and gen_shift_flags to the
caller. This way, gen_shiftd_rm_T1 becomes something that the new
decoder can call.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 55 ++-
On 6/8/24 01:41, Paolo Bonzini wrote:
SHLD/SHRD can have 3 register operands - s->T0, s->T1 and either
1 or CL - and therefore decode->op[2] is taken by the low part
of the register being shifted. Pass X86_OP_* to gen_shift_count
from its current callers and hardcode cpu_regs[R_ECX] as the
shift
On 6/8/24 01:41, Paolo Bonzini wrote:
Use the same flag generation code as SHL and SHR, but use
the existing gen_shiftd_rm_T1 function to compute the result
as well as CC_SRC.
Decoding-wise, SHLD/SHRD by immediate count as a 4 operand
instruction because s->T0 and s->T1 actually occupy three op
On 6/8/24 01:41, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/translate.c | 74
target/i386/tcg/decode-new.c.inc | 51 +++-
target/i386/tcg/emit.c.inc | 82 ++
On 6/8/24 01:41, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 35
target/i386/tcg/decode-new.c.inc | 3 ++-
target/i386/tcg/emit.c.inc | 24 ++
3 files changed, 26 insertions(+), 36 deleti
On 6/8/24 01:41, Paolo Bonzini wrote:
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 79
target/i386/tcg/decode-new.c.inc | 3 +-
target/i386/tcg/emit.c.inc | 51 +
3 files changed, 53 insertions(+), 80 deletion
On 6/8/24 01:41, Paolo Bonzini wrote:
There are now relatively few unconverted opcodes in translate.c (there
are 13 of them including 8 for x87), and all of them have the same
format with a mod/rm byte and no immediate. A good next step is
to remove the early bail out to disas_insn_x87/disas_ins
On 6/8/24 01:41, Paolo Bonzini wrote:
Group them so that it is easier to figure out which two-byte opcodes to
tackle together.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.c.inc | 18 ++
1 file changed, 18 insertions(+)
Reviewed-by: Richard Henderson
r~
On 6/8/24 01:41, Paolo Bonzini wrote:
Now all decoding has been done before any code generation.
There is no need anymore to save and restore cc_op* and
pc_save but, for the time being, assert that this is indeed
the case.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 12 +++--
On 6/8/24 01:41, Paolo Bonzini wrote:
It is already checked before getting there.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 26 --
1 file changed, 8 insertions(+), 18 deletions(-)
Reviewed-by: Richard Henderson
r~
On 6/8/24 01:41, Paolo Bonzini wrote:
With the introduction of tcg_gen_ext_tl, most uses can be converted directly
because they do not have a NULL destination. tcg_gen_ext_tl is able to drop
no-ops like "tcg_gen_ext_tl(tcgv, tcgv, MO_TL)" just fine, and the only thing
that gen_ext_tl was adding
On 6/8/24 01:33, Paolo Bonzini wrote:
The following changes since commit f1572ab94738bd5787b7badcd4bd93a3657f0680:
Merge tag 'for-upstream' ofhttps://gitlab.com/bonzini/qemu into staging
(2024-06-05 07:45:23 -0700)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu
This change implements the callbacks dpy_cursor_define and dpy_mouse_set
for the Cocoa UI. The incoming mouse cursor image is converted into an
NSCursor object, allowing the guest mouse cursor to be rendered as the
host's native OS cursor on macOS.
This is straightforward in absolute pointing mode
This series of loosely related changes provides some minor improvements
in mouse cursor usability.
1. This one-liner changes alpha downsampling when using a UI frontend
which does not support alpha-blended mouse cursors. Previously,
any pixel with an alpha value other than 255 was treated
Mouse cursors with 8 bit alpha were downsampled to 1-bit opacity maps by
turning alpha values of 255 into 1 and everything else into 0. This
means that mostly-opaque pixels ended up completely invisible.
This patch changes the behaviour so that only pixels with less than 50%
alpha (0-127) are trea
Both hw/input/hid.c and hw/usb/dev-wacom.c define identical versions
(aside from code formatting) of a clamping function, int_clamp().
(marked inline) To avoid duplication and to enable further re-use, this
change moves the function into qemu/cutils.h.
Signed-off-by: Phil Dennis-Jordan
---
hw/inp
This looks fine to me. I've tested it briefly with a graphical Linux
guest and some tracing in the notifyMouseModeChange on a macOS 13
host. When I hot-unplug the usb-tablet I get an absolute -> relative
notification; everything works in relative mode after hot-adding a USB
mouse. Hot-unplugging an
Hi Joel,
I am away and wont be able to have too much time to look at this.
But have a few comments below and questions.
- You sent this 2 times, is the only change in v2 the sender address?
On Fri, Jun 07, 2024 at 03:29:33PM -0700, Joel Holdsworth via wrote:
> In the existing design, TTCR is p
The following changes since commit 3e246da2c3f85298b52f8a1154b832acf36aa656:
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
(2024-06-08 07:40:08 -0700)
are available in the Git repository at:
https://github.com/quic/qemu tags/pull-hex-20240608
for yo
1 - 100 of 107 matches
Mail list logo
