aboutsummaryrefslogtreecommitdiff
path: root/target/i386/cpu.c
AgeCommit message (Collapse)Author
2023-07-07target/i386: Add new CPU model GraniteRapidsTao Su
The GraniteRapids CPU model mainly adds the following new features based on SapphireRapids: - PREFETCHITI CPUID.(EAX=7,ECX=1):EDX[bit 14] - AMX-FP16 CPUID.(EAX=7,ECX=1):EAX[bit 21] And adds the following security fix for corresponding vulnerabilities: - MCDT_NO CPUID.(EAX=7,ECX=2):EDX[bit 5] - SBDR_SSDP_NO MSR_IA32_ARCH_CAPABILITIES[bit 13] - FBSDP_NO MSR_IA32_ARCH_CAPABILITIES[bit 14] - PSDP_NO MSR_IA32_ARCH_CAPABILITIES[bit 15] - PBRSB_NO MSR_IA32_ARCH_CAPABILITIES[bit 24] Signed-off-by: Tao Su <tao1.su@linux.intel.com> Tested-by: Xuelian Guo <xuelian.guo@intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-ID: <20230706054949.66556-7-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07target/i386: Add few security fix bits in ARCH_CAPABILITIES into ↵Lei Wang
SapphireRapids CPU model SapphireRapids has bit 13, 14 and 15 of MSR_IA32_ARCH_CAPABILITIES enabled, which are related to some security fixes. Add version 2 of SapphireRapids CPU model with those bits enabled also. Signed-off-by: Lei Wang <lei4.wang@intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Message-ID: <20230706054949.66556-6-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07target/i386: Add support for MCDT_NO in CPUID enumerationTao Su
CPUID.(EAX=7,ECX=2):EDX[bit 5] enumerates MCDT_NO. Processors enumerate this bit as 1 do not exhibit MXCSR Configuration Dependent Timing (MCDT) behavior and do not need to be mitigated to avoid data-dependent behavior for certain instructions. Since MCDT_NO is in a new sub-leaf, add a new CPUID feature word FEAT_7_2_EDX. Also update cpuid_level_func7 by FEAT_7_2_EDX. Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-ID: <20230706054949.66556-3-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07target/i386: Adjust feature level according to FEAT_7_1_EDXTao Su
If FEAT_7_1_EAX is 0 and FEAT_7_1_EDX is non-zero, as is the case with a Granite Rapids host and '-cpu host,-avx-vnni,-avx512-bf16,-fzrm,-fsrs,-fsrc,-amx-fp16', we can't get CPUID_7_1 leaf even though CPUID_7_1_EDX has non-zero value. Update cpuid_level_func7 according to CPUID_7_1_EDX, otherwise guest may report wrong maximum number sub-leaves in leaf 07H. Fixes: eaaa197d5b11 ("target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration") Cc: qemu-stable@nongnu.org Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-ID: <20230706054949.66556-2-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-29target/i386: emulate 64-bit ring 0 for linux-user if LM feature is setPaolo Bonzini
32-bit binaries can run on a long mode processor even if the kernel is 64-bit, of course, and this can have slightly different behavior; for example, SYSCALL is allowed on Intel processors. Allow reporting LM to programs running under user mode emulation, so that "-cpu" can be used with named CPU models even for qemu-i386 and even without disabling LM by hand. Fortunately, most of the runtime code in QEMU has to depend on HF_LMA_MASK or on HF_CS64_MASK (which is anyway false for qemu-i386's 32-bit code segment) rather than TARGET_X86_64, therefore all that is needed is an update of linux-user's ring 0 setup. Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1534 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-29target/i386: ignore CPL0-specific features in user mode emulationPaolo Bonzini
Features such as PCID are only accessible through privileged operations, and therefore have no impact on any user-mode operation. Allow reporting them to programs running under user mode emulation, so that "-cpu" can be used with more named CPU models. XSAVES would be similar, but it doesn't make sense to provide it until XSAVEC is implemented. With this change, all CPUs up to Broadwell-v4 can be emulate. Skylake-Client requires XSAVEC, while EPYC also requires SHA-NI, MISALIGNSSE and TOPOEXT. MISALIGNSSE is not hard to implement, but I am not sure it is worth using a precious hflags bit for it. Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1534 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-29target/i386: ignore ARCH_CAPABILITIES features in user mode emulationPaolo Bonzini
ARCH_CAPABILITIES is only accessible through a read-only MSR, so it has no impact on any user-mode operation (user-mode cannot read the MSR). So do not bother printing warnings about it in user mode emulation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-29target/i386: Export MSR_ARCH_CAPABILITIES bits to guestsPawan Gupta
On Intel CPUs there are certain bits in MSR_ARCH_CAPABILITIES that indicates if the CPU is not affected by a vulnerability. Without these bits guests may try to deploy the mitigation even if the CPU is not affected. Export the bits to guests that indicate immunity to hardware vulnerabilities. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Message-ID: <63d85cc76d4cdc51e6c732478b81d8f13be11e5a.1687551881.git.pawan.kumar.gupta@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: implement SYSCALL/SYSRET in 32-bit emulatorsPaolo Bonzini
AMD supports both 32-bit and 64-bit SYSCALL/SYSRET, but the TCG only exposes it for 64-bit targets. For system emulation just reuse the helper; for user-mode emulation the ABI is the same as "int $80". The BSDs does not support any fast system call mechanism in 32-bit mode so add to bsd-user the same stub that FreeBSD has for 64-bit compatibility mode. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: implement RDPID in TCGPaolo Bonzini
RDPID corresponds to a RDMSR(TSC_AUX); however, it is unprivileged so for user-mode emulation we must provide the value that the kernel places in the MSR. For Linux, it is a combination of the current CPU and the current NUMA node, both of which can be retrieved with getcpu(2). Also try sched_getcpu(), which might be there on the BSDs. If there is no portable way to retrieve the current CPU id from userspace, return 0. RDTSCP is reimplemented as RDTSC + RDPID ECX; the differences in terms of serializability are not relevant to QEMU. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: Intel only supports SYSCALL/SYSRET in long modePaolo Bonzini
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: TCG supports WBNOINVDPaolo Bonzini
WBNOINVD is the same as INVD or WBINVD as far as TCG is concerned, since there is no cache in TCG and therefore no invalidation side effect in WBNOINVD. With respect to SVM emulation, processors that do not support WBNOINVD will ignore the prefix and treat it as WBINVD, while those that support it will generate exactly the same vmexit. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: TCG supports XSAVEERPTRPaolo Bonzini
XSAVEERPTR is actually a fix for an errata; TCG does not have the issue. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: TCG supports RDSEEDPaolo Bonzini
TCG implements RDSEED, and in fact uses qcrypto_random_bytes which is secure enough to match hardware behavior. Expose it to guests. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-26target/i386: TCG supports 3DNow! prefetch(w)Paolo Bonzini
The AMD prefetch(w) instructions have not been deprecated together with the rest of 3DNow!, and in fact are even supported by newer Intel processor. Mark them as supported by TCG, as it supports all of 3DNow!. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-25target/i386: EPYC-Rome model without XSAVESMaksim Davydov
Based on the kernel commit "b0563468ee x86/CPU/AMD: Disable XSAVES on AMD family 0x17", host system with EPYC-Rome can clear XSAVES capability bit. In another words, EPYC-Rome host without XSAVES can occur. Thus, we need an EPYC-Rome cpu model (without this feature) that matches the solution of fixing this erratum Signed-off-by: Maksim Davydov <davydov-max@yandex-team.ru> Message-Id: <20230524213748.8918-1-davydov-max@yandex-team.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: add support for FB_CLEAR featureEmanuele Giuseppe Esposito
As reported by the Intel's doc: "FB_CLEAR: The processor will overwrite fill buffer values as part of MD_CLEAR operations with the VERW instruction. On these processors, L1D_FLUSH does not overwrite fill buffer values." If this cpu feature is present in host, allow QEMU to choose whether to show it to the guest too. One disadvantage of not exposing it is that the guest will report a non existing vulnerability in /sys/devices/system/cpu/vulnerabilities/mmio_stale_data because the mitigation is present only when the cpu has (FLUSH_L1D and MD_CLEAR) or FB_CLEAR features enabled. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20230201135759.555607-3-eesposit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: add support for FLUSH_L1D featureEmanuele Giuseppe Esposito
As reported by Intel's doc: "L1D_FLUSH: Writeback and invalidate the L1 data cache" If this cpu feature is present in host, allow QEMU to choose whether to show it to the guest too. One disadvantage of not exposing it is that the guest will report a non existing vulnerability in /sys/devices/system/cpu/vulnerabilities/mmio_stale_data because the mitigation is present only when the cpu has (FLUSH_L1D and MD_CLEAR) or FB_CLEAR features enabled. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20230201135759.555607-2-eesposit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add EPYC-Genoa model to support Zen 4 processor seriesBabu Moger
Adds the support for AMD EPYC Genoa generation processors. The model display for the new processor will be EPYC-Genoa. Adds the following new feature bits on top of the feature bits from the previous generation EPYC models. avx512f : AVX-512 Foundation instruction avx512dq : AVX-512 Doubleword & Quadword Instruction avx512ifma : AVX-512 Integer Fused Multiply Add instruction avx512cd : AVX-512 Conflict Detection instruction avx512bw : AVX-512 Byte and Word Instructions avx512vl : AVX-512 Vector Length Extension Instructions avx512vbmi : AVX-512 Vector Byte Manipulation Instruction avx512_vbmi2 : AVX-512 Additional Vector Byte Manipulation Instruction gfni : AVX-512 Galois Field New Instructions avx512_vnni : AVX-512 Vector Neural Network Instructions avx512_bitalg : AVX-512 Bit Algorithms, add bit algorithms Instructions avx512_vpopcntdq: AVX-512 AVX-512 Vector Population Count Doubleword and Quadword Instructions avx512_bf16 : AVX-512 BFLOAT16 instructions la57 : 57-bit virtual address support (5-level Page Tables) vnmi : Virtual NMI (VNMI) allows the hypervisor to inject the NMI into the guest without using Event Injection mechanism meaning not required to track the guest NMI and intercepting the IRET. auto-ibrs : The AMD Zen4 core supports a new feature called Automatic IBRS. It is a "set-and-forget" feature that means that, unlike e.g., s/w-toggled SPEC_CTRL.IBRS, h/w manages its IBRS mitigation resources automatically across CPL transitions. Signed-off-by: Babu Moger <babu.moger@amd.com> Message-Id: <20230504205313.225073-8-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add VNMI and automatic IBRS feature bitsBabu Moger
Add the following featute bits. vnmi: Virtual NMI (VNMI) allows the hypervisor to inject the NMI into the guest without using Event Injection mechanism meaning not required to track the guest NMI and intercepting the IRET. The presence of this feature is indicated via the CPUID function 0x8000000A_EDX[25]. automatic-ibrs : The AMD Zen4 core supports a new feature called Automatic IBRS. It is a "set-and-forget" feature that means that, unlike e.g., s/w-toggled SPEC_CTRL.IBRS, h/w manages its IBRS mitigation resources automatically across CPL transitions. The presence of this feature is indicated via the CPUID function 0x80000021_EAX[8]. The documention for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. AMD64 Architecture Programmer’s Manual Volumes 1–5 Publication No. Revision 40332 4.05 Date October 2022 Signed-off-by: Santosh Shukla <santosh.shukla@amd.com> Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Babu Moger <babu.moger@amd.com> Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Link: https://www.amd.com/system/files/TechDocs/40332_4.05.pdf Message-Id: <20230504205313.225073-7-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add missing feature bits in EPYC-Milan modelBabu Moger
Add the following feature bits for EPYC-Milan model and bump the version. vaes : Vector VAES(ENC|DEC), VAES(ENC|DEC)LAST instruction support vpclmulqdq : Vector VPCLMULQDQ instruction support stibp-always-on : Single Thread Indirect Branch Prediction Mode has enhanced performance and may be left Always on amd-psfd : Predictive Store Forward Disable no-nested-data-bp : Processor ignores nested data breakpoints lfence-always-serializing : LFENCE instruction is always serializing null-sel-clr-base : Null Selector Clears Base. When this bit is set, a null segment load clears the segment base These new features will be added in EPYC-Milan-v2. The "-cpu help" output after the change will be. x86 EPYC-Milan (alias configured by machine type) x86 EPYC-Milan-v1 AMD EPYC-Milan Processor x86 EPYC-Milan-v2 AMD EPYC-Milan Processor The documentation for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. SECURITY ANALYSIS OF AMD PREDICTIVE STORE FORWARDING c. AMD64 Architecture Programmer’s Manual Volumes 1–5 Publication No. Revision 40332 4.05 Date October 2022 Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Link: https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf Link: https://www.amd.com/system/files/TechDocs/40332_4.05.pdf Message-Id: <20230504205313.225073-6-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add feature bits for CPUID_Fn80000021_EAXBabu Moger
Add the following feature bits. no-nested-data-bp : Processor ignores nested data breakpoints. lfence-always-serializing : LFENCE instruction is always serializing. null-sel-cls-base : Null Selector Clears Base. When this bit is set, a null segment load clears the segment base. The documentation for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. AMD64 Architecture Programmer’s Manual Volumes 1–5 Publication No. Revision 40332 4.05 Date October 2022 Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Link: https://www.amd.com/system/files/TechDocs/40332_4.05.pdf Message-Id: <20230504205313.225073-5-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add a couple of feature bits in 8000_0008_EBXBabu Moger
Add the following feature bits. amd-psfd : Predictive Store Forwarding Disable: PSF is a hardware-based micro-architectural optimization designed to improve the performance of code execution by predicting address dependencies between loads and stores. While SSBD (Speculative Store Bypass Disable) disables both PSF and speculative store bypass, PSFD only disables PSF. PSFD may be desirable for the software which is concerned with the speculative behavior of PSF but desires a smaller performance impact than setting SSBD. Depends on the following kernel commit: b73a54321ad8 ("KVM: x86: Expose Predictive Store Forwarding Disable") stibp-always-on : Single Thread Indirect Branch Prediction mode has enhanced performance and may be left always on. The documentation for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. SECURITY ANALYSIS OF AMD PREDICTIVE STORE FORWARDING Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Message-Id: <20230504205313.225073-4-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add new EPYC CPU versions with updated cache_infoMichael Roth
Introduce new EPYC cpu versions: EPYC-v4 and EPYC-Rome-v3. The only difference vs. older models is an updated cache_info with the 'complex_indexing' bit unset, since this bit is not currently defined for AMD and may cause problems should it be used for something else in the future. Setting this bit will also cause CPUID validation failures when running SEV-SNP guests. Signed-off-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230504205313.225073-3-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: allow versioned CPUs to specify new cache_infoMichael Roth
New EPYC CPUs versions require small changes to their cache_info's. Because current QEMU x86 CPU definition does not support versioned cach_info, we would have to declare a new CPU type for each such case. To avoid the dup work, add "cache_info" in X86CPUVersionDefinition", to allow new cache_info pointers to be specified for a new CPU version. Co-developed-by: Wei Huang <wei.huang2@amd.com> Signed-off-by: Wei Huang <wei.huang2@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230504205313.225073-2-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28target/i386: Add support for PREFETCHIT0/1 in CPUID enumerationJiaxi Chen
Latest Intel platform Granite Rapids has introduced a new instruction - PREFETCHIT0/1, which moves code to memory (cache) closer to the processor depending on specific hints. The bit definition: CPUID.(EAX=7,ECX=1):EDX[bit 14] Add CPUID definition for PREFETCHIT0/1. Signed-off-by: Jiaxi Chen <jiaxi.chen@linux.intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-Id: <20230303065913.1246327-7-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28target/i386: Add support for AVX-NE-CONVERT in CPUID enumerationJiaxi Chen
AVX-NE-CONVERT is a new set of instructions which can convert low precision floating point like BF16/FP16 to high precision floating point FP32, as well as convert FP32 elements to BF16. This instruction allows the platform to have improved AI capabilities and better compatibility. The bit definition: CPUID.(EAX=7,ECX=1):EDX[bit 5] Add CPUID definition for AVX-NE-CONVERT. Signed-off-by: Jiaxi Chen <jiaxi.chen@linux.intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-Id: <20230303065913.1246327-6-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28target/i386: Add support for AVX-VNNI-INT8 in CPUID enumerationJiaxi Chen
AVX-VNNI-INT8 is a new set of instructions in the latest Intel platform Sierra Forest, aims for the platform to have superior AI capabilities. This instruction multiplies the individual bytes of two unsigned or unsigned source operands, then adds and accumulates the results into the destination dword element size operand. The bit definition: CPUID.(EAX=7,ECX=1):EDX[bit 4] AVX-VNNI-INT8 is on a new feature bits leaf. Add a CPUID feature word FEAT_7_1_EDX for this leaf. Add CPUID definition for AVX-VNNI-INT8. Signed-off-by: Jiaxi Chen <jiaxi.chen@linux.intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-Id: <20230303065913.1246327-5-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28target/i386: Add support for AVX-IFMA in CPUID enumerationJiaxi Chen
AVX-IFMA is a new instruction in the latest Intel platform Sierra Forest. This instruction packed multiplies unsigned 52-bit integers and adds the low/high 52-bit products to Qword Accumulators. The bit definition: CPUID.(EAX=7,ECX=1):EAX[bit 23] Add CPUID definition for AVX-IFMA. Signed-off-by: Jiaxi Chen <jiaxi.chen@linux.intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-Id: <20230303065913.1246327-4-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28target/i386: Add support for AMX-FP16 in CPUID enumerationJiaxi Chen
Latest Intel platform Granite Rapids has introduced a new instruction - AMX-FP16, which performs dot-products of two FP16 tiles and accumulates the results into a packed single precision tile. AMX-FP16 adds FP16 capability and allows a FP16 GPU trained model to run faster without loss of accuracy or added SW overhead. The bit definition: CPUID.(EAX=7,ECX=1):EAX[bit 21] Add CPUID definition for AMX-FP16. Signed-off-by: Jiaxi Chen <jiaxi.chen@linux.intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-Id: <20230303065913.1246327-3-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28target/i386: Add support for CMPCCXADD in CPUID enumerationJiaxi Chen
CMPccXADD is a new set of instructions in the latest Intel platform Sierra Forest. This new instruction set includes a semaphore operation that can compare and add the operands if condition is met, which can improve database performance. The bit definition: CPUID.(EAX=7,ECX=1):EAX[bit 7] Add CPUID definition for CMPCCXADD. Signed-off-by: Jiaxi Chen <jiaxi.chen@linux.intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Message-Id: <20230303065913.1246327-2-tao1.su@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-28i386/cpu: Update how the EBX register of CPUID 0x8000001F is setTom Lendacky
Update the setting of CPUID 0x8000001F EBX to clearly document the ranges associated with fields being set. Fixes: 6cb8f2a663 ("cpu/i386: populate CPUID 0x8000_001F when SEV is active") Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <5822fd7d02b575121380e1f493a8f6d9eba2b11a.1664550870.git.thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-04-22Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingRichard Henderson
* Optional use of Meson wrap for slirp * Coverity fixes * Avoid -Werror=maybe-uninitialized * Mark coroutine QMP command functions as coroutine_fn * Mark functions that suspend as coroutine_mixed_fn * target/i386: Fix SGX CPUID leaf * First batch of qatomic_mb_read() removal * Small atomic.rst improvement * NBD cleanup * Update libvirt-ci submodule # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmRBAzwUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroP64gf+NzLW95tylCfhKuuLq/TjuOTQqHCD # KVLlA1I3pwJfk4SUuigrnaJtwfa/tBiWxfaivUdPAzPzeXyxcVSOps0neohrmFBh # 2e3ylBWWz22K0gkLtrFwJT99TVy6w6Xhj9SX8HPRfxl4k8yMPrUJNW78hh6APAwq # /etZY6+ieHC7cwG4xluhxsHnxnBYBYD+18hUd+b5LchD/yvCSCNNiursutpa0Ar/ # r/HtDwNFKlaApO3sU4R3yYgdS1Fvcas4tDZaumADsQlSG5z+UeJldc98LiRlFrAA # gnskBSaaly/NgWqY3hVCYaBGyjD4lWPkX/FEChi0XX6Fl1P0umQAv/7z3w== # =XSAs # -----END PGP SIGNATURE----- # gpg: Signature made Thu 20 Apr 2023 10:17:48 AM BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (25 commits) tests: lcitool: Switch to OpenSUSE Leap 15.4 tests: libvirt-ci: Update to commit '2fa24dce8bc' configure: Honour cross-prefix when finding ObjC compiler coverity: unify Fedora dockerfiles nbd: a BlockExport always has a BlockBackend docs: explain effect of smp_read_barrier_depends() on modern architectures qemu-coroutine: remove qatomic_mb_read() postcopy-ram: do not use qatomic_mb_read block-backend: remove qatomic_mb_read() target/i386: Change wrong XFRM value in SGX CPUID leaf monitor: mark mixed functions that can suspend migration: mark mixed functions that can suspend io: mark mixed functions that can suspend qapi-gen: mark coroutine QMP command functions as coroutine_fn target/mips: tcg: detect out-of-bounds accesses to cpu_gpr and cpu_gpr_hi coverity: update COMPONENTS.md lasi: fix RTC migration target/i386: Avoid unreachable variable declaration in mmu_translate() configure: Avoid -Werror=maybe-uninitialized tests: bios-tables-test: replace memset with initializer ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-04-20target/i386: Set family/model/stepping of the "max" CPU according to LM bitThomas Huth
We want to get rid of the "#ifdef TARGET_X86_64" compile-time switch in the long run, so we can drop the separate compilation of the "qemu-system-i386" binary one day - but we then still need a way to run a guest with max. CPU settings in 32-bit mode. So the "max" CPU should determine its family/model/stepping settings according to the "large mode" (LM) CPU feature bit during runtime, so that it is possible to run "qemu-system-x86_64 -cpu max,lm=off" and still get a sane family/model/stepping setting for the guest CPU. To be able to check the LM bit, we have to move the code that sets up these properties to a "realize" function, since the LM setting is not available yet when the "instance_init" function is being called. Message-Id: <20230306154311.476458-1-thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-20target/i386: Change wrong XFRM value in SGX CPUID leafYang Zhong
The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result, SGX enclaves only supported SSE and x87 feature (xfrm=0x3). Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features") Signed-off-by: Yang Zhong <yang.zhong@linux.intel.com> Reviewed-by: Yang Weijiang <weijiang.yang@intel.com> Reviewed-by: Kai Huang <kai.huang@intel.com> Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-03-22*: Add missing includes of qemu/error-report.hRichard Henderson
This had been pulled in via qemu/plugin.h from hw/core/cpu.h, but that will be removed. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230310195252.210956-5-richard.henderson@linaro.org> [AJB: add various additional cases shown by CI] Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20230315174331.2959-15-alex.bennee@linaro.org> Reviewed-by: Emilio Cota <cota@braap.org>
2023-03-02Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingPeter Maydell
* bugfixes * show machine ACPI support in QAPI * Core Xen emulation support for KVM/x86 # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmQAlrYUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroONWwf/fxDUMcZUvvatNxiVMhNfqEt/cL0F # Durv1PmbbeVh9PP0W7XFkEXO3LCIRDyR4rtmCs7gHGdmzDOWQ+QIWgQijQ/y7ElQ # bTVsvs0+s/6H3csP3dJTJaXSHshbQvrAZTsyk5KcAB6xdL1KqulfLUoGvXJhAmRs # NKZN8un+nuAhFhL0VBWA9eQaP+BVHQI5ItAj8PaoBby4+Q9fNnat6j1/G4iLly8J # dxIwCnuRHLiB3melWtadwbv6ddLJFeZNa50HUIsynqoItTzmRVr+oXz1yfq087dB # 9uksmoqb+icGEdwqs0iYbQ/dhVnIrMDpn/n2Us28S5VdIMVvxr1JEbEkSQ== # =0jY8 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 02 Mar 2023 12:29:42 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (62 commits) Makefile: qemu-bundle is a directory qapi: Add 'acpi' field to 'query-machines' output hw/xen: Subsume xen_be_register_common() into xen_be_init() i386/xen: Document Xen HVM emulation kvm/i386: Add xen-evtchn-max-pirq property hw/xen: Support MSI mapping to PIRQ hw/xen: Support GSI mapping to PIRQ hw/xen: Implement emulated PIRQ hypercall support i386/xen: Implement HYPERVISOR_physdev_op hw/xen: Automatically add xen-platform PCI device for emulated Xen guests hw/xen: Add basic ring handling to xenstore hw/xen: Add xen_xenstore device for xenstore emulation hw/xen: Add backend implementation of interdomain event channel support i386/xen: handle HVMOP_get_param i386/xen: Reserve Xen special pages for console, xenstore rings i386/xen: handle PV timer hypercalls hw/xen: Implement GNTTABOP_query_size i386/xen: Implement HYPERVISOR_grant_table_op and GNTTABOP_[gs]et_verson hw/xen: Support mapping grant frames hw/xen: Add xen_gnttab device for grant table emulation ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-02Merge tag 'pull-monitor-2023-03-02' of https://repo.or.cz/qemu/armbru into ↵Peter Maydell
staging Monitor patches for 2023-03-02 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmQASV0SHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZT4mEQALkbu0i/Y2B2XKpGyp9Z/uf0zoHmL6fA # UEy2S8yn3K1uPPDmzWsQ7PgxDnirVzePa88UzuW3iUiiHBcQp0IsFOP6LZ47NTTz # UM146odlDtn50bHWr6vHtToNU+PcKOw8ELX28eDE+ihtg+8B+B6cBgLa14VKGSJ4 # 4oBJbsNMG8U3qJgqrIMomBeP38TorTdKq05jEE9txqsiw5uYO6jQE9owNkLQP76U # 8T/99sgQzyQjJ7VjOdyu2ZveUwGIpmGzmeA26CcwYP8uhYTRY+Lk+5gZnC15pad9 # TMimrq+7vwuzqKQpZw5rZO25ryQmKgQX49hSt/dKZEFNvb9vtKq693VhRoP4EMCz # 136suIATRkXHTw2FhjC2l3lnN+rQEfTr+zuGvazQ9ZOibHFPhxOAR4RNPTFXbfk6 # fOM7wW2Y3lhlQdhLc+0Ar2N/GzjEHi4WJhk4nV0V1PK79dLPYA5kuYGUuqzeA04P # Fu1EvpNWgHpQd3m8oFxjfozn9LMDohUrdHknrF0+VncAfzcPic1z4VhKDg+kMLJx # 1WePIMdMMS/aIYpNCMevLm11GQXhd2B4GG3xhNpM/BfHQ9KLM1dfoTEGfG9ZpKNv # Qyi1ofpgKzX5mpSHrdACK/rm45KIJRbprGgAe3fZFh65iGQ51wwZd16MUV/c8exN # ouu3jimfHWWG # =RuRo # -----END PGP SIGNATURE----- # gpg: Signature made Thu 02 Mar 2023 06:59:41 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-monitor-2023-03-02' of https://repo.or.cz/qemu/armbru: target/ppc: Restrict 'qapi-commands-machine.h' to system emulation target/loongarch: Restrict 'qapi-commands-machine.h' to system emulation target/i386: Restrict 'qapi-commands-machine.h' to system emulation target/arm: Restrict 'qapi-commands-machine.h' to system emulation readline: fix hmp completion issue Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-02target/i386: Restrict 'qapi-commands-machine.h' to system emulationPhilippe Mathieu-Daudé
Since commit a0e61807a3 ("qapi: Remove QMP events and commands from user-mode builds") we don't generate the "qapi-commands-machine.h" header in a user-emulation-only build. Guard qmp_query_cpu_definitions() within CONFIG_USER_ONLY; move x86_cpu_class_check_missing_features() closer since it is only used by this QMP command handler. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230223155540.30370-3-philmd@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-03-01target/i386: set `CF_PCREL` in `x86_cpu_realizefn`Anton Johansson
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230227135202.9710-3-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-03-01i386/kvm: handle Xen HVM cpuid leavesJoao Martins
Introduce support for emulating CPUID for Xen HVM guests. It doesn't make sense to advertise the KVM leaves to a Xen guest, so do Xen unconditionally when the xen-version machine property is set. Signed-off-by: Joao Martins <joao.m.martins@oracle.com> [dwmw2: Obtain xen_version from KVM property, make it automatic] Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-02-27i386: Add new CPU model SapphireRapidsWang, Lei
The new CPU model mostly inherits features from Icelake-Server, while adding new features: - AMX (Advance Matrix eXtensions) - Bus Lock Debug Exception and new instructions: - AVX VNNI (Vector Neural Network Instruction): - VPDPBUS: Multiply and Add Unsigned and Signed Bytes - VPDPBUSDS: Multiply and Add Unsigned and Signed Bytes with Saturation - VPDPWSSD: Multiply and Add Signed Word Integers - VPDPWSSDS: Multiply and Add Signed Integers with Saturation - FP16: Replicates existing AVX512 computational SP (FP32) instructions using FP16 instead of FP32 for ~2X performance gain - SERIALIZE: Provide software with a simple way to force the processor to complete all modifications, faster, allowed in all privilege levels and not causing an unconditional VM exit - TSX Suspend Load Address Tracking: Allows programmers to choose which memory accesses do not need to be tracked in the TSX read set - AVX512_BF16: Vector Neural Network Instructions supporting BFLOAT16 inputs and conversion instructions from IEEE single precision - fast zero-length MOVSB (KVM doesn't support yet) - fast short STOSB (KVM doesn't support yet) - fast short CMPSB, SCASB (KVM doesn't support yet) Features that may be added in future versions: - CET (virtualization support hasn't been merged) Signed-off-by: Wang, Lei <lei4.wang@intel.com> Reviewed-by: Robert Hoo <robert.hu@linux.intel.com> Message-Id: <20220812055751.14553-1-lei4.wang@intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-02-27target/i386: add FZRM, FSRS, FSRCPaolo Bonzini
These are three more markers for string operation optimizations. They can all be added to TCG, whose string operations are more or less as fast as they can be for short lengths. Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-02-27target/i386: add FSRM to TCGPaolo Bonzini
Fast short REP MOVS can be added to TCG, since a trivial translation of string operation is a good option for short lengths. Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-01-06target/i386: Add SGX aex-notify and EDECCSSA supportKai Huang
The new SGX Asynchronous Exit (AEX) notification mechanism (AEX-notify) allows one enclave to receive a notification in the ERESUME after the enclave exit due to an AEX. EDECCSSA is a new SGX user leaf function (ENCLU[EDECCSSA]) to facilitate the AEX notification handling. Whether the hardware supports to create enclave with AEX-notify support is enumerated via CPUID.(EAX=0x12,ECX=0x1):EAX[10]. The new EDECCSSA user leaf function is enumerated via CPUID.(EAX=0x12,ECX=0x0):EAX[11]. Add support to allow to expose the new SGX AEX-notify feature and the new EDECCSSA user leaf function to KVM guest. Link: https://lore.kernel.org/lkml/166760360549.4906.809756297092548496.tip-bot2@tip-bot2/ Link: https://lore.kernel.org/lkml/166760360934.4906.2427175408052308969.tip-bot2@tip-bot2/ Reviewed-by: Yang Zhong <yang.zhong@linux.intel.com> Signed-off-by: Kai Huang <kai.huang@intel.com> Message-Id: <20221109024834.172705-1-kai.huang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-12-16target/i386: Convert to 3-phase resetPeter Maydell
Convert the i386 CPU class to use 3-phase reset, so it doesn't need to use device_class_set_parent_reset() any more. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> Reviewed-by: Taylor Simpson <tsimpson@quicinc.com> Message-id: 20221124115023.2437291-7-peter.maydell@linaro.org
2022-12-14qapi machine: Elide redundant has_FOO in generated CMarkus Armbruster
The has_FOO for pointer-valued FOO are redundant, except for arrays. They are also a nuisance to work with. Recent commit "qapi: Start to elide redundant has_FOO in generated C" provided the means to elide them step by step. This is the step for qapi/machine*.json. Said commit explains the transformation in more detail. The invariant violations mentioned there do not occur here. Cc: Eduardo Habkost <eduardo@habkost.net> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Yanan Wang <wangyanan55@huawei.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221104160712.3005652-16-armbru@redhat.com>
2022-10-22target/i386: implement FMA instructionsPaolo Bonzini
The only issue with FMA instructions is that there are _a lot_ of them (30 opcodes, each of which comes in up to 4 versions depending on VEX.W and VEX.L; a total of 96 possibilities). However, they can be implement with only 6 helpers, two for scalar operations and four for packed operations. (Scalar versions do not do any merging; they only affect the bottom 32 or 64 bits of the output operand. Therefore, there is no separate XMM and YMM of the scalar helpers). First, we can reduce the number of helpers to one third by passing four operands (one output and three inputs); the reordering of which operands go to the multiply and which go to the add is done in emit.c. Second, the different instructions also dispatch to the same softfloat function, so the flags for float32_muladd and float64_muladd are passed in the helper as int arguments, with a little extra complication to handle FMADDSUB and FMSUBADD. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-20target/i386: implement F16C instructionsPaolo Bonzini
F16C only consists of two instructions, which are a bit peculiar nevertheless. First, they access only the low half of an YMM or XMM register for the packed-half operand; the exact size still depends on the VEX.L flag. This is similar to the existing avx_movx flag, but not exactly because avx_movx is hardcoded to affect operand 2. To this end I added a "ph" format name; it's possible to reuse this approach for the VPMOVSX and VPMOVZX instructions, though that would also require adding two more formats for the low-quarter and low-eighth of an operand. Second, VCVTPS2PH is somewhat weird because it *stores* the result of the instruction into memory rather than loading it. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Enable AVX cpuid bits when using TCGPaul Brook
Include AVX, AVX2 and VAES in the guest cpuid features supported by TCG. Signed-off-by: Paul Brook <paul@nowt.org> Message-Id: <20220424220204.2493824-40-paul@nowt.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>