aboutsummaryrefslogtreecommitdiff
path: root/target/i386/tcg/sysemu
AgeCommit message (Collapse)Author
2023-10-04accel/tcg: Replace CPUState.env_ptr with cpu_env()Richard Henderson
Reviewed-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-26target/i386/svm_helper: eliminate duplicate local variablePaolo Bonzini
This shadows an outer "cs" variable that is initialized to the same expression. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-09-07Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi
* only build util/async-teardown.c when system build is requested * target/i386: fix BQL handling of the legacy FERR interrupts * target/i386: fix memory operand size for CVTPS2PD * target/i386: Add support for AMX-COMPLEX in CPUID enumeration * compile plugins on Darwin * configure and meson cleanups * drop mkvenv support for Python 3.7 and Debian10 * add wrap file for libblkio * tweak KVM stubs # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmT5t6UUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroMmjwf+MpvVuq+nn+3PqGUXgnzJx5ccA5ne # O9Xy8+1GdlQPzBw/tPovxXDSKn3HQtBfxObn2CCE1tu/4uHWpBA1Vksn++NHdUf2 # P0yoHxGskJu5iYYTtIcNw5cH2i+AizdiXuEjhfNjqD5Y234cFoHnUApt9e3zBvVO # cwGD7WpPuSb4g38hHkV6nKcx72o7b4ejDToqUVZJ2N+RkddSqB03fSdrOru0hR7x # V+lay0DYdFszNDFm05LJzfDbcrHuSryGA91wtty7Fzj6QhR/HBHQCUZJxMB5PI7F # Zy4Zdpu60zxtSxUqeKgIi7UhNFgMcax2Hf9QEqdc/B4ARoBbboh4q4u8kQ== # =dH7/ # -----END PGP SIGNATURE----- # gpg: Signature made Thu 07 Sep 2023 07:44:37 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (51 commits) docs/system/replay: do not show removed command line option subprojects: add wrap file for libblkio sysemu/kvm: Restrict kvm_pc_setup_irq_routing() to x86 targets sysemu/kvm: Restrict kvm_has_pit_state2() to x86 targets sysemu/kvm: Restrict kvm_get_apic_state() to x86 targets sysemu/kvm: Restrict kvm_arch_get_supported_cpuid/msr() to x86 targets target/i386: Restrict declarations specific to CONFIG_KVM target/i386: Allow elision of kvm_hv_vpindex_settable() target/i386: Allow elision of kvm_enable_x2apic() target/i386: Remove unused KVM stubs target/i386/cpu-sysemu: Inline kvm_apic_in_kernel() target/i386/helper: Restrict KVM declarations to system emulation hw/i386/fw_cfg: Include missing 'cpu.h' header hw/i386/pc: Include missing 'cpu.h' header hw/i386/pc: Include missing 'sysemu/tcg.h' header Revert "mkvenv: work around broken pip installations on Debian 10" mkvenv: assume presence of importlib.metadata Python: Drop support for Python 3.7 configure: remove dead code meson: list leftover CONFIG_* symbols ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-09-01target/i386: raise FERR interrupt with iothread lockedPaolo Bonzini
Otherwise tcg_handle_interrupt() triggers an assertion failure: #5 0x0000555555c97369 in tcg_handle_interrupt (cpu=0x555557434cb0, mask=2) at ../accel/tcg/tcg-accel-ops.c:83 #6 tcg_handle_interrupt (cpu=0x555557434cb0, mask=2) at ../accel/tcg/tcg-accel-ops.c:81 #7 0x0000555555b4d58b in pic_irq_request (opaque=<optimized out>, irq=<optimized out>, level=1) at ../hw/i386/x86.c:555 #8 0x0000555555b4f218 in gsi_handler (opaque=0x5555579423d0, n=13, level=1) at ../hw/i386/x86.c:611 #9 0x00007fffa42bde14 in code_gen_buffer () #10 0x0000555555c724bb in cpu_tb_exec (cpu=cpu@entry=0x555557434cb0, itb=<optimized out>, tb_exit=tb_exit@entry=0x7fffe9bfd658) at ../accel/tcg/cpu-exec.c:457 Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1808 Reported-by: NyanCatTW1 <https://gitlab.com/a0939712328> Co-developed-by: Richard Henderson <richard.henderson@linaro.org>' Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-08-31target/translate: Include missing 'exec/cpu_ldst.h' headerPhilippe Mathieu-Daudé
All these files access the CPU LD/ST API declared in "exec/cpu_ldst.h". Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230828221314.18435-4-philmd@linaro.org>
2023-06-26target/i386: implement SYSCALL/SYSRET in 32-bit emulatorsPaolo Bonzini
AMD supports both 32-bit and 64-bit SYSCALL/SYSRET, but the TCG only exposes it for 64-bit targets. For system emulation just reuse the helper; for user-mode emulation the ABI is the same as "int $80". The BSDs does not support any fast system call mechanism in 32-bit mode so add to bsd-user the same stub that FreeBSD has for 64-bit compatibility mode. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-06-20meson: Replace softmmu_ss -> system_ssPhilippe Mathieu-Daudé
We use the user_ss[] array to hold the user emulation sources, and the softmmu_ss[] array to hold the system emulation ones. Hold the latter in the 'system_ss[]' array for parity with user emulation. Mechanical change doing: $ sed -i -e s/softmmu_ss/system_ss/g $(git grep -l softmmu_ss) Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230613133347.82210-10-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-06-20meson: Replace CONFIG_SOFTMMU -> CONFIG_SYSTEM_ONLYPhilippe Mathieu-Daudé
Since we *might* have user emulation with softmmu, use the clearer 'CONFIG_SYSTEM_ONLY' key to check for system emulation. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230613133347.82210-9-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-04-20target/i386: Avoid unreachable variable declaration in mmu_translate()Peter Maydell
Coverity complains (CID 1507880) that the declaration "int error_code;" in mmu_translate() is unreachable code. Since this is only a declaration, this isn't actually a bug, but: * it's a bear-trap for future changes, because if it was changed to include an initialization 'int error_code = foo;' then the initialization wouldn't actually happen (being dead code) * it's against our coding style, which wants declarations to be at the start of blocks * it means that anybody reading the code has to go and look up exactly what the C rules are for skipping over variable declarations using a goto Move the declaration to the top of the function. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20230406155946.3362077-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-02-28accel/tcg: Add 'size' param to probe_access_fullRichard Henderson
Change to match the recent change to probe_access_flags. All existing callers updated to supply 0, so no change in behaviour. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-01target/i386: Always completely initialize TranslateFaultRichard Henderson
In get_physical_address, the canonical address check failed to set TranslateFault.stage2, which resulted in an uninitialized read from the struct when reporting the fault in x86_cpu_tlb_fill. Adjust all error paths to use structure assignment so that the entire struct is always initialized. Reported-by: Daniel Hoffman <dhoff749@gmail.com> Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-03Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi
* bug fixes * reduced memory footprint for IPI virtualization on Intel processors * asynchronous teardown support (Linux only) # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNiVykUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroN0Swf/YxjphCtFgYYSO14WP+7jAnfRZLhm # 0xWChWP8rco5I352OBFeFU64Av5XoLGNn6SZLl8lcg86lQ/G0D27jxu6wOcDDHgw # 0yTDO1gevj51UKsbxoC66OWSZwKTEo398/BHPDcI2W41yOFycSdtrPgspOrFRVvf # 7M3nNjuNPsQorZeuu8NGr3jakqbt99ZDXcyDEWbrEAcmy2JBRMbGgT0Kdnc6aZfW # CvL+1ljxzldNwGeNBbQW2QgODbfHx5cFZcy4Daze35l5Ra7K/FrgAzr6o/HXptya # 9fEs5LJQ1JWI6JtpaWwFy7fcIIOsJ0YW/hWWQZSDt9JdAJFE5/+vF+Kz5Q== # =CgrO # -----END PGP SIGNATURE----- # gpg: Signature made Wed 02 Nov 2022 07:40:25 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: target/i386: Fix test for paging enabled util/log: Close per-thread log file on thread termination target/i386: Set maximum APIC ID to KVM prior to vCPU creation os-posix: asynchronous teardown for shutdown on Linux target/i386: Fix calculation of LOCK NEG eflags Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-02target/i386: Fix test for paging enabledRichard Henderson
If CR0.PG is unset, pg_mode will be zero, but it will also be zero for non-PAE/non-PSE page tables with CR0.WP=0. Restore the correct test for paging enabled. Fixes: 98281984a37 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269 Reported-by: Andreas Gustafsson <gson@gson.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221102091232.1092552-1-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-01accel/tcg: Remove will_exit argument from cpu_restore_stateRichard Henderson
The value passed is always true, and if the target's synchronize_from_tb hook is non-trivial, not exiting may be erroneous. Reviewed-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-18target/i386: Use probe_access_full for final stage2 translationRichard Henderson
Rather than recurse directly on mmu_translate, go through the same softmmu lookup that we did for the page table walk. This centralizes all knowledge of MMU_NESTED_IDX, with respect to setup of TranslationParams, to get_physical_address. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-10-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Use atomic operations for pte updatesRichard Henderson
Use probe_access_full in order to resolve to a host address, which then lets us use a host cmpxchg to update the pte. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/279 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-9-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Combine 5 sets of variables in mmu_translateRichard Henderson
We don't need one variable set per translation level, which requires copying into pte/pte_addr for huge pages. Standardize on pte/pte_addr for all levels. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-8-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Use MMU_NESTED_IDX for vmload/vmsaveRichard Henderson
Use MMU_NESTED_IDX for each memory access, rather than just a single translation to physical. Adjust svm_save_seg and svm_load_seg to pass in mmu_idx. This removes the last use of get_hphys so remove it. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-7-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDXRichard Henderson
These new mmu indexes will be helpful for improving paging and code throughout the target. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-6-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Reorg GET_HPHYSRichard Henderson
Replace with PTE_HPHYS for the page table walk, and a direct call to mmu_translate for the final stage2 translation. Hoist the check for HF2_NPT_MASK out to get_physical_address, which avoids the recursive call when stage2 is disabled. We can now return all the way out to x86_cpu_tlb_fill before raising an exception, which means probe works. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-5-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Introduce structures for mmu_translateRichard Henderson
Create TranslateParams for inputs, TranslateResults for successful outputs, and TranslateFault for error outputs; return true on success. Move stage1 error paths from handle_mmu_fault to x86_cpu_tlb_fill; reorg the rest of handle_mmu_fault into get_physical_address. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-4-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Direct call get_hphys from mmu_translateRichard Henderson
Use a boolean to control the call to get_hphys instead of passing a null function pointer. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-3-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-18target/i386: Use MMUAccessType across excp_helper.cRichard Henderson
Replace int is_write1 and magic numbers with the proper MMUAccessType access_type and enumerators. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221002172956.265735-2-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-10-11x86: Implement MSR_CORE_THREAD_COUNT MSRAlexander Graf
Intel CPUs starting with Haswell-E implement a new MSR called MSR_CORE_THREAD_COUNT which exposes the number of threads and cores inside of a package. This MSR is used by XNU to populate internal data structures and not implementing it prevents virtual machines with more than 1 vCPU from booting if the emulated CPU generation is at least Haswell-E. This patch propagates the existing hvf logic from patch 027ac0cb516 ("target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT") to TCG. Signed-off-by: Alexander Graf <agraf@csgraf.de> Message-Id: <20221004225643.65036-2-agraf@csgraf.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-18target/i386: Raise #GP on unaligned m128 accesses when required.Paolo Bonzini
Many instructions which load/store 128-bit values are supposed to raise #GP when the memory operand isn't 16-byte aligned. This includes: - Instructions explicitly requiring memory alignment (Exceptions Type 1 in the "AVX and SSE Instruction Exception Specification" section of the SDM) - Legacy SSE instructions that load/store 128-bit values (Exceptions Types 2 and 4). This change sets MO_ALIGN_16 on 128-bit memory accesses that require 16-byte alignment. It adds cpu_record_sigbus and cpu_do_unaligned_access hooks that simulate a #GP exception in qemu-user and qemu-system, respectively. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/217 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ricky Zhou <ricky@rzhou.org> Message-Id: <20220830034816.57091-2-ricky@rzhou.org> [Do not bother checking PREFIX_VEX, since AVX is not supported. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-06-06target/i386/tcg: Fix masking of real-mode addresses with A20 bitStephen Michael Jothen
The correct A20 masking is done if paging is enabled (protected mode) but it seems to have been forgotten in real mode. For example from the AMD64 APM Vol. 2 section 1.2.4: > If the sum of the segment base and effective address carries over into bit 20, > that bit can be optionally truncated to mimic the 20-bit address wrapping of the > 8086 processor by using the A20M# input signal to mask the A20 address bit. Most BIOSes will enable the A20 line on boot, but I found by disabling the A20 line afterwards, the correct wrapping wasn't taking place. `handle_mmu_fault' in target/i386/tcg/sysemu/excp_helper.c seems to be the culprit. In real mode, it fills the TLB with the raw unmasked address. However, for the protected mode, the `mmu_translate' function does the correct A20 masking. The fix then should be to just apply the A20 mask in the first branch of the if statement. Signed-off-by: Stephen Michael Jothen <sjothen@gmail.com> Message-Id: <Yo5MUMSz80jXtvt9@air-old.local> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-21compiler.h: replace QEMU_NORETURN with G_NORETURNMarc-André Lureau
G_NORETURN was introduced in glib 2.68, fallback to G_GNUC_NORETURN in glib-compat. Note that this attribute must be placed before the function declaration (bringing a bit of consistency in qemu codebase usage). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Warner Losh <imp@bsdimp.com> Message-Id: <20220420132624.2439741-20-marcandre.lureau@redhat.com>
2022-03-15target/i386: Throw a #SS when loading a non-canonical ISTGareth Webb
Loading a non-canonical address into rsp when handling an interrupt or performing a far call should raise a #SS not a #GP. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/870 Signed-off-by: Gareth Webb <gareth.webb@umbralsoftware.co.uk> Message-Id: <164529651121.25406.15337137068584246397-0@git.sr.ht> [Move get_pg_mode to seg_helper.c for user-mode emulators. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-15target/i386: only include bits in pg_mode if they are not ignoredPaolo Bonzini
LA57/PKE/PKS is only relevant in 64-bit mode, and NXE is only relevant if PAE is in use. Since there is code that checks PG_MODE_LA57 to determine the canonicality of addresses, make sure that the bit is not set by mistake in 32-bit mode. While it would not be a problem because 32-bit addresses by definition fit in both 48-bit and 57-bit address spaces, it is nicer if get_pg_mode() actually returns whether a feature is enabled, and it allows a few simplifications in the page table walker. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-06target/i386/tcg/sysemu: Include missing 'exec/exec-all.h' headerPhilippe Mathieu-Daudé
excp_helper.c requires "exec/exec-all.h" for tlb_set_page_with_attrs() and misc_helper.c for tlb_flush(). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220214183144.27402-8-f4bug@amsat.org>
2022-02-21exec/exec-all: Move 'qemu/log.h' include in units requiring itPhilippe Mathieu-Daudé
Many files use "qemu/log.h" declarations but neglect to include it (they inherit it via "exec/exec-all.h"). "exec/exec-all.h" is a core component and shouldn't be used that way. Move the "qemu/log.h" inclusion locally to each unit requiring it. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20220207082756.82600-10-f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-02-09target/i386: use CPU_LOG_INT for IRQ servicingAlex Bennée
I think these have been wrong since f193c7979c (do not depend on thunk.h - more log items). Fix them so as not to confuse other debugging. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220204204335.1689602-26-alex.bennee@linaro.org>
2021-11-08target-i386: mmu: fix handling of noncanonical virtual addressesPaolo Bonzini
mmu_translate is supposed to return an error code for page faults; it is not able to handle other exceptions. The #GP case for noncanonical virtual addresses is not handled correctly, and incorrectly raised as a page fault with error code 1. Since it cannot happen for nested page tables, move it directly to handle_mmu_fault, even before the invocation of mmu_translate. Fixes: #676 Fixes: 661ff4879e ("target/i386: extract mmu_translate", 2021-05-11) Cc: qemu-stable@nongnu.org Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-08target-i386: mmu: use pg_mode instead of HF_LMA_MASKPaolo Bonzini
Correctly look up the paging mode of the hypervisor when it is using 64-bit mode but the guest is not. Fixes: 68746930ae ("target/i386: use mmu_translate for NPT walk", 2021-05-11) Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-14target/i386: Move x86_cpu_exec_interrupt() under sysemu/ folderPhilippe Mathieu-Daudé
Following the logic of commit 30493a030ff ("i386: split seg_helper into user-only and sysemu parts"), move x86_cpu_exec_interrupt() under sysemu/seg_helper.c. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-By: Warner Losh <imp@bsdimp.com> Message-Id: <20210911165434.531552-12-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-09-13target/i386: Added vVMLOAD and vVMSAVE featureLara Lazier
The feature allows the VMSAVE and VMLOAD instructions to execute in guest mode without causing a VMEXIT. (APM2 15.33.1) Signed-off-by: Lara Lazier <laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-13target/i386: Added changed priority check for VIRQLara Lazier
Writes to cr8 affect v_tpr. This could set or unset an interrupt request as the priority might have changed. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-13target/i386: Added ignore TPR check in ctl_has_irqLara Lazier
The APM2 states that if V_IGN_TPR is nonzero, the current virtual interrupt ignores the (virtual) TPR. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-13target/i386: Added VGIF V_IRQ masking capabilityLara Lazier
VGIF provides masking capability for when virtual interrupts are taken. (APM2) Signed-off-by: Lara Lazier <laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-13target/i386: Moved int_ctl into CPUX86State structureLara Lazier
Moved int_ctl into the CPUX86State structure. It removes some unnecessary stores and loads, and prepares for tracking the vIRQ state even when it is masked due to vGIF. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-13target/i386: Added VGIF featureLara Lazier
VGIF allows STGI and CLGI to execute in guest mode and control virtual interrupts in guest mode. When the VGIF feature is enabled then: * executing STGI in the guest sets bit 9 of the VMCB offset 60h. * executing CLGI in the guest clears bit 9 of the VMCB offset 60h. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210730070742.9674-1-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-13target/i386: VMRUN and VMLOAD canonicalizationsLara Lazier
APM2 requires that VMRUN and VMLOAD canonicalize (sign extend to 63 from 48/57) all base addresses in the segment registers that have been respectively loaded. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210804113058.45186-1-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-08-13target/i386: Fixed size of constant for WindowsLara Lazier
~0UL has 64 bits on Linux and 32 bits on Windows. Fixes: https://gitlab.com/qemu-project/qemu/-/issues/512 Reported-by: Volker Rümelin <vr_qemu@t-online.de> Signed-off-by: Lara Lazier <laramglazier@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210812111056.26926-1-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-29target/i386: fix typo in ctl_has_irqPaolo Bonzini
The shift constant was incorrect, causing int_prio to always be zero. Signed-off-by: Lara Lazier <laramglazier@gmail.com> [Rewritten commit message since v1 had already been included. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-29target/i386: Added consistency checks for event injectionLara Lazier
VMRUN exits with SVM_EXIT_ERR if either: * The event injected has a reserved type. * When the event injected is of type 3 (exception), and the vector that has been specified does not correspond to an exception. This does not fix the entire exc_inj test in kvm-unit-tests. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210725090855.19713-1-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-23target/i386: Added consistency checks for CR3Lara Lazier
All MBZ in CR3 must be zero (APM2 15.5) Added checks in both helper_vmrun and helper_write_crN. When EFER.LMA is zero the upper 32 bits needs to be zeroed. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210723112740.45962-1-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-22target/i386: Added consistency checks for EFERLara Lazier
EFER.SVME has to be set, and EFER reserved bits must be zero. In addition the combinations * EFER.LMA or EFER.LME is non-zero and the processor does not support LM * non-zero EFER.LME and CR0.PG and zero CR4.PAE * non-zero EFER.LME and CR0.PG and zero CR0.PE * non-zero EFER.LME, CR0.PG, CR4.PAE, CS.L and CS.D are all invalid. (AMD64 Architecture Programmer's Manual, V2, 15.5) Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210721152651.14683-3-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-22target/i386: Added consistency checks for CR4Lara Lazier
All MBZ bits in CR4 must be zero. (APM2 15.5) Added reserved bitmask and added checks in both helper_vmrun and helper_write_crN. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210721152651.14683-2-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-22target/i386: Added V_INTR_PRIO check to virtual interruptsLara Lazier
The APM2 states that The processor takes a virtual INTR interrupt if V_IRQ and V_INTR_PRIO indicate that there is a virtual interrupt pending whose priority is greater than the value in V_TPR. Signed-off-by: Lara Lazier <laramglazier@gmail.com> Message-Id: <20210721152651.14683-1-laramglazier@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-13target/i386: Tidy hw_breakpoint_removeDmitry Voronetskiy
Since cpu_breakpoint and cpu_watchpoint are in a union, the code should access only one of them. Signed-off-by: Dmitry Voronetskiy <davoronetskiy@gmail.com> Message-Id: <20210613180838.21349-1-davoronetskiy@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>