qga: escape cmdline args when registering win32 service (CVE-2013-2231)
[qemu/qmp-unstable.git] / target-cris / helper.c
blobd274b388b818c32d17956f08940689b241b68549
1 /*
2 * CRIS helper routines.
4 * Copyright (c) 2007 AXIS Communications AB
5 * Written by Edgar E. Iglesias.
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "cpu.h"
22 #include "mmu.h"
23 #include "qemu/host-utils.h"
26 //#define CRIS_HELPER_DEBUG
29 #ifdef CRIS_HELPER_DEBUG
30 #define D(x) x
31 #define D_LOG(...) qemu_log(__VA_ARGS__)
32 #else
33 #define D(x)
34 #define D_LOG(...) do { } while (0)
35 #endif
37 #if defined(CONFIG_USER_ONLY)
39 void cris_cpu_do_interrupt(CPUState *cs)
41 CRISCPU *cpu = CRIS_CPU(cs);
42 CPUCRISState *env = &cpu->env;
44 env->exception_index = -1;
45 env->pregs[PR_ERP] = env->pc;
48 void crisv10_cpu_do_interrupt(CPUState *cs)
50 cris_cpu_do_interrupt(cs);
53 int cpu_cris_handle_mmu_fault(CPUCRISState * env, target_ulong address, int rw,
54 int mmu_idx)
56 CRISCPU *cpu = cris_env_get_cpu(env);
58 env->exception_index = 0xaa;
59 env->pregs[PR_EDA] = address;
60 cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
61 return 1;
64 #else /* !CONFIG_USER_ONLY */
67 static void cris_shift_ccs(CPUCRISState *env)
69 uint32_t ccs;
70 /* Apply the ccs shift. */
71 ccs = env->pregs[PR_CCS];
72 ccs = ((ccs & 0xc0000000) | ((ccs << 12) >> 2)) & ~0x3ff;
73 env->pregs[PR_CCS] = ccs;
76 int cpu_cris_handle_mmu_fault(CPUCRISState *env, target_ulong address, int rw,
77 int mmu_idx)
79 D(CPUState *cpu = CPU(cris_env_get_cpu(env)));
80 struct cris_mmu_result res;
81 int prot, miss;
82 int r = -1;
83 target_ulong phy;
85 D(printf("%s addr=%x pc=%x rw=%x\n", __func__, address, env->pc, rw));
86 miss = cris_mmu_translate(&res, env, address & TARGET_PAGE_MASK,
87 rw, mmu_idx, 0);
88 if (miss) {
89 if (env->exception_index == EXCP_BUSFAULT) {
90 cpu_abort(env,
91 "CRIS: Illegal recursive bus fault."
92 "addr=%x rw=%d\n",
93 address, rw);
96 env->pregs[PR_EDA] = address;
97 env->exception_index = EXCP_BUSFAULT;
98 env->fault_vector = res.bf_vec;
99 r = 1;
100 } else {
102 * Mask off the cache selection bit. The ETRAX busses do not
103 * see the top bit.
105 phy = res.phy & ~0x80000000;
106 prot = res.prot;
107 tlb_set_page(env, address & TARGET_PAGE_MASK, phy,
108 prot, mmu_idx, TARGET_PAGE_SIZE);
109 r = 0;
111 if (r > 0) {
112 D_LOG("%s returns %d irqreq=%x addr=%x phy=%x vec=%x pc=%x\n",
113 __func__, r, cpu->interrupt_request, address, res.phy,
114 res.bf_vec, env->pc);
116 return r;
119 void crisv10_cpu_do_interrupt(CPUState *cs)
121 CRISCPU *cpu = CRIS_CPU(cs);
122 CPUCRISState *env = &cpu->env;
123 int ex_vec = -1;
125 D_LOG("exception index=%d interrupt_req=%d\n",
126 env->exception_index,
127 cs->interrupt_request);
129 assert(!(env->pregs[PR_CCS] & PFIX_FLAG));
130 switch (env->exception_index) {
131 case EXCP_BREAK:
132 /* These exceptions are genereated by the core itself.
133 ERP should point to the insn following the brk. */
134 ex_vec = env->trap_vector;
135 env->pregs[PRV10_BRP] = env->pc;
136 break;
138 case EXCP_NMI:
139 /* NMI is hardwired to vector zero. */
140 ex_vec = 0;
141 env->pregs[PR_CCS] &= ~M_FLAG_V10;
142 env->pregs[PRV10_BRP] = env->pc;
143 break;
145 case EXCP_BUSFAULT:
146 cpu_abort(env, "Unhandled busfault");
147 break;
149 default:
150 /* The interrupt controller gives us the vector. */
151 ex_vec = env->interrupt_vector;
152 /* Normal interrupts are taken between
153 TB's. env->pc is valid here. */
154 env->pregs[PR_ERP] = env->pc;
155 break;
158 if (env->pregs[PR_CCS] & U_FLAG) {
159 /* Swap stack pointers. */
160 env->pregs[PR_USP] = env->regs[R_SP];
161 env->regs[R_SP] = env->ksp;
164 /* Now that we are in kernel mode, load the handlers address. */
165 env->pc = cpu_ldl_code(env, env->pregs[PR_EBP] + ex_vec * 4);
166 env->locked_irq = 1;
167 env->pregs[PR_CCS] |= F_FLAG_V10; /* set F. */
169 qemu_log_mask(CPU_LOG_INT, "%s isr=%x vec=%x ccs=%x pid=%d erp=%x\n",
170 __func__, env->pc, ex_vec,
171 env->pregs[PR_CCS],
172 env->pregs[PR_PID],
173 env->pregs[PR_ERP]);
176 void cris_cpu_do_interrupt(CPUState *cs)
178 CRISCPU *cpu = CRIS_CPU(cs);
179 CPUCRISState *env = &cpu->env;
180 int ex_vec = -1;
182 D_LOG("exception index=%d interrupt_req=%d\n",
183 env->exception_index,
184 cs->interrupt_request);
186 switch (env->exception_index) {
187 case EXCP_BREAK:
188 /* These exceptions are genereated by the core itself.
189 ERP should point to the insn following the brk. */
190 ex_vec = env->trap_vector;
191 env->pregs[PR_ERP] = env->pc;
192 break;
194 case EXCP_NMI:
195 /* NMI is hardwired to vector zero. */
196 ex_vec = 0;
197 env->pregs[PR_CCS] &= ~M_FLAG_V32;
198 env->pregs[PR_NRP] = env->pc;
199 break;
201 case EXCP_BUSFAULT:
202 ex_vec = env->fault_vector;
203 env->pregs[PR_ERP] = env->pc;
204 break;
206 default:
207 /* The interrupt controller gives us the vector. */
208 ex_vec = env->interrupt_vector;
209 /* Normal interrupts are taken between
210 TB's. env->pc is valid here. */
211 env->pregs[PR_ERP] = env->pc;
212 break;
215 /* Fill in the IDX field. */
216 env->pregs[PR_EXS] = (ex_vec & 0xff) << 8;
218 if (env->dslot) {
219 D_LOG("excp isr=%x PC=%x ds=%d SP=%x"
220 " ERP=%x pid=%x ccs=%x cc=%d %x\n",
221 ex_vec, env->pc, env->dslot,
222 env->regs[R_SP],
223 env->pregs[PR_ERP], env->pregs[PR_PID],
224 env->pregs[PR_CCS],
225 env->cc_op, env->cc_mask);
226 /* We loose the btarget, btaken state here so rexec the
227 branch. */
228 env->pregs[PR_ERP] -= env->dslot;
229 /* Exception starts with dslot cleared. */
230 env->dslot = 0;
233 if (env->pregs[PR_CCS] & U_FLAG) {
234 /* Swap stack pointers. */
235 env->pregs[PR_USP] = env->regs[R_SP];
236 env->regs[R_SP] = env->ksp;
239 /* Apply the CRIS CCS shift. Clears U if set. */
240 cris_shift_ccs(env);
242 /* Now that we are in kernel mode, load the handlers address.
243 This load may not fault, real hw leaves that behaviour as
244 undefined. */
245 env->pc = cpu_ldl_code(env, env->pregs[PR_EBP] + ex_vec * 4);
247 /* Clear the excption_index to avoid spurios hw_aborts for recursive
248 bus faults. */
249 env->exception_index = -1;
251 D_LOG("%s isr=%x vec=%x ccs=%x pid=%d erp=%x\n",
252 __func__, env->pc, ex_vec,
253 env->pregs[PR_CCS],
254 env->pregs[PR_PID],
255 env->pregs[PR_ERP]);
258 hwaddr cris_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
260 CRISCPU *cpu = CRIS_CPU(cs);
261 uint32_t phy = addr;
262 struct cris_mmu_result res;
263 int miss;
265 miss = cris_mmu_translate(&res, &cpu->env, addr, 0, 0, 1);
266 /* If D TLB misses, try I TLB. */
267 if (miss) {
268 miss = cris_mmu_translate(&res, &cpu->env, addr, 2, 0, 1);
271 if (!miss) {
272 phy = res.phy;
274 D(fprintf(stderr, "%s %x -> %x\n", __func__, addr, phy));
275 return phy;
277 #endif