* [PATCH v3 1/5] hvf: non-RAM, non-ROMD memory ranges are now correctly mapped in
2019-12-02 23:55 [PATCH v3 0/5] hvf: stability fixes for HVF Cameron Esfahani via
@ 2019-12-02 23:55 ` Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 2/5] hvf: remove TSC synchronization code because it isn't fully complete Cameron Esfahani via
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Cameron Esfahani via @ 2019-12-02 23:55 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini
If an area is non-RAM and non-ROMD, then remove mappings so accesses
will trap and can be emulated. Change hvf_find_overlap_slot() to take
a size instead of an end address: it wouldn't return a slot because
callers would pass the same address for start and end. Don't always
map area as read/write/execute, respect area flags.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/hvf/hvf.c | 50 ++++++++++++++++++++++++++++++-------------
1 file changed, 35 insertions(+), 15 deletions(-)
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 231732aaf7..0b50cfcbc6 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -107,14 +107,14 @@ static void assert_hvf_ok(hv_return_t ret)
}
/* Memory slots */
-hvf_slot *hvf_find_overlap_slot(uint64_t start, uint64_t end)
+hvf_slot *hvf_find_overlap_slot(uint64_t start, uint64_t size)
{
hvf_slot *slot;
int x;
for (x = 0; x < hvf_state->num_slots; ++x) {
slot = &hvf_state->slots[x];
if (slot->size && start < (slot->start + slot->size) &&
- end > slot->start) {
+ (start + size) > slot->start) {
return slot;
}
}
@@ -129,12 +129,10 @@ struct mac_slot {
};
struct mac_slot mac_slots[32];
-#define ALIGN(x, y) (((x) + (y) - 1) & ~((y) - 1))
-static int do_hvf_set_memory(hvf_slot *slot)
+static int do_hvf_set_memory(hvf_slot *slot, hv_memory_flags_t flags)
{
struct mac_slot *macslot;
- hv_memory_flags_t flags;
hv_return_t ret;
macslot = &mac_slots[slot->slot_id];
@@ -151,8 +149,6 @@ static int do_hvf_set_memory(hvf_slot *slot)
return 0;
}
- flags = HV_MEMORY_READ | HV_MEMORY_WRITE | HV_MEMORY_EXEC;
-
macslot->present = 1;
macslot->gpa_start = slot->start;
macslot->size = slot->size;
@@ -165,14 +161,24 @@ void hvf_set_phys_mem(MemoryRegionSection *section, bool add)
{
hvf_slot *mem;
MemoryRegion *area = section->mr;
+ bool writeable = !area->readonly && !area->rom_device;
+ hv_memory_flags_t flags;
if (!memory_region_is_ram(area)) {
- return;
+ if (writeable) {
+ return;
+ } else if (!memory_region_is_romd(area)) {
+ /*
+ * If the memory device is not in romd_mode, then we actually want
+ * to remove the hvf memory slot so all accesses will trap.
+ */
+ add = false;
+ }
}
mem = hvf_find_overlap_slot(
section->offset_within_address_space,
- section->offset_within_address_space + int128_get64(section->size));
+ int128_get64(section->size));
if (mem && add) {
if (mem->size == int128_get64(section->size) &&
@@ -186,7 +192,7 @@ void hvf_set_phys_mem(MemoryRegionSection *section, bool add)
/* Region needs to be reset. set the size to 0 and remap it. */
if (mem) {
mem->size = 0;
- if (do_hvf_set_memory(mem)) {
+ if (do_hvf_set_memory(mem, 0)) {
error_report("Failed to reset overlapping slot");
abort();
}
@@ -196,6 +202,13 @@ void hvf_set_phys_mem(MemoryRegionSection *section, bool add)
return;
}
+ if (area->readonly ||
+ (!memory_region_is_ram(area) && memory_region_is_romd(area))) {
+ flags = HV_MEMORY_READ | HV_MEMORY_EXEC;
+ } else {
+ flags = HV_MEMORY_READ | HV_MEMORY_WRITE | HV_MEMORY_EXEC;
+ }
+
/* Now make a new slot. */
int x;
@@ -216,7 +229,7 @@ void hvf_set_phys_mem(MemoryRegionSection *section, bool add)
mem->start = section->offset_within_address_space;
mem->region = area;
- if (do_hvf_set_memory(mem)) {
+ if (do_hvf_set_memory(mem, flags)) {
error_report("Error registering new memory slot");
abort();
}
@@ -345,7 +358,14 @@ static bool ept_emulation_fault(hvf_slot *slot, uint64_t gpa, uint64_t ept_qual)
return false;
}
- return !slot;
+ if (!slot) {
+ return true;
+ }
+ if (!memory_region_is_ram(slot->region) &&
+ !(read && memory_region_is_romd(slot->region))) {
+ return true;
+ }
+ return false;
}
static void hvf_set_dirty_tracking(MemoryRegionSection *section, bool on)
@@ -354,7 +374,7 @@ static void hvf_set_dirty_tracking(MemoryRegionSection *section, bool on)
slot = hvf_find_overlap_slot(
section->offset_within_address_space,
- section->offset_within_address_space + int128_get64(section->size));
+ int128_get64(section->size));
/* protect region against writes; begin tracking it */
if (on) {
@@ -720,7 +740,7 @@ int hvf_vcpu_exec(CPUState *cpu)
ret = EXCP_INTERRUPT;
break;
}
- /* Need to check if MMIO or unmmaped fault */
+ /* Need to check if MMIO or unmapped fault */
case EXIT_REASON_EPT_FAULT:
{
hvf_slot *slot;
@@ -731,7 +751,7 @@ int hvf_vcpu_exec(CPUState *cpu)
vmx_set_nmi_blocking(cpu);
}
- slot = hvf_find_overlap_slot(gpa, gpa);
+ slot = hvf_find_overlap_slot(gpa, 1);
/* mmio */
if (ept_emulation_fault(slot, gpa, exit_qual)) {
struct x86_decode decode;
--
2.24.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH v3 2/5] hvf: remove TSC synchronization code because it isn't fully complete
2019-12-02 23:55 [PATCH v3 0/5] hvf: stability fixes for HVF Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 1/5] hvf: non-RAM, non-ROMD memory ranges are now correctly mapped in Cameron Esfahani via
@ 2019-12-02 23:55 ` Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 3/5] hvf: correctly handle REX prefix in relation to legacy prefixes Cameron Esfahani via
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Cameron Esfahani via @ 2019-12-02 23:55 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini
The existing code in QEMU's HVF support to attempt to synchronize TSC
across multiple cores is not sufficient. TSC value on other cores
can go backwards. Until implementation is fixed, remove calls to
hv_vm_sync_tsc(). Pass through TSC to guest OS.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/hvf/hvf.c | 3 +--
target/i386/hvf/x86_emu.c | 3 ---
target/i386/hvf/x86hvf.c | 4 ----
3 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 0b50cfcbc6..90fd50acfc 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -518,7 +518,6 @@ void hvf_reset_vcpu(CPUState *cpu) {
wreg(cpu->hvf_fd, HV_X86_R8 + i, 0x0);
}
- hv_vm_sync_tsc(0);
hv_vcpu_invalidate_tlb(cpu->hvf_fd);
hv_vcpu_flush(cpu->hvf_fd);
}
@@ -612,7 +611,7 @@ int hvf_init_vcpu(CPUState *cpu)
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_GSBASE, 1);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_KERNELGSBASE, 1);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_TSC_AUX, 1);
- /*hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_TSC, 1);*/
+ hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_TSC, 1);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_SYSENTER_CS, 1);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_SYSENTER_EIP, 1);
hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_SYSENTER_ESP, 1);
diff --git a/target/i386/hvf/x86_emu.c b/target/i386/hvf/x86_emu.c
index 1b04bd7e94..3df767209d 100644
--- a/target/i386/hvf/x86_emu.c
+++ b/target/i386/hvf/x86_emu.c
@@ -772,9 +772,6 @@ void simulate_wrmsr(struct CPUState *cpu)
switch (msr) {
case MSR_IA32_TSC:
- /* if (!osx_is_sierra())
- wvmcs(cpu->hvf_fd, VMCS_TSC_OFFSET, data - rdtscp());
- hv_vm_sync_tsc(data);*/
break;
case MSR_IA32_APICBASE:
cpu_set_apic_base(X86_CPU(cpu)->apic_state, data);
diff --git a/target/i386/hvf/x86hvf.c b/target/i386/hvf/x86hvf.c
index e0ea02d631..1485b95776 100644
--- a/target/i386/hvf/x86hvf.c
+++ b/target/i386/hvf/x86hvf.c
@@ -152,10 +152,6 @@ void hvf_put_msrs(CPUState *cpu_state)
hv_vcpu_write_msr(cpu_state->hvf_fd, MSR_GSBASE, env->segs[R_GS].base);
hv_vcpu_write_msr(cpu_state->hvf_fd, MSR_FSBASE, env->segs[R_FS].base);
-
- /* if (!osx_is_sierra())
- wvmcs(cpu_state->hvf_fd, VMCS_TSC_OFFSET, env->tsc - rdtscp());*/
- hv_vm_sync_tsc(env->tsc);
}
--
2.24.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH v3 3/5] hvf: correctly handle REX prefix in relation to legacy prefixes
2019-12-02 23:55 [PATCH v3 0/5] hvf: stability fixes for HVF Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 1/5] hvf: non-RAM, non-ROMD memory ranges are now correctly mapped in Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 2/5] hvf: remove TSC synchronization code because it isn't fully complete Cameron Esfahani via
@ 2019-12-02 23:55 ` Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 4/5] hvf: more accurately match SDM when setting CR0 and PDPTE registers Cameron Esfahani via
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Cameron Esfahani via @ 2019-12-02 23:55 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini
In real x86 processors, the REX prefix must come after legacy prefixes.
REX before legacy is ignored. Update the HVF emulation code to properly
handle this. Fix some spelling errors in constants. Fix some decoder
table initialization issues found by Coverity.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/hvf/x86_decode.c | 64 ++++++++++++++++++++----------------
target/i386/hvf/x86_decode.h | 20 +++++------
2 files changed, 46 insertions(+), 38 deletions(-)
diff --git a/target/i386/hvf/x86_decode.c b/target/i386/hvf/x86_decode.c
index 822fa1866e..77c346605f 100644
--- a/target/i386/hvf/x86_decode.c
+++ b/target/i386/hvf/x86_decode.c
@@ -122,7 +122,8 @@ static void decode_rax(CPUX86State *env, struct x86_decode *decode,
{
op->type = X86_VAR_REG;
op->reg = R_EAX;
- op->ptr = get_reg_ref(env, op->reg, decode->rex.rex, 0,
+ /* Since reg is always AX, REX prefix has no impact. */
+ op->ptr = get_reg_ref(env, op->reg, false, 0,
decode->operand_size);
}
@@ -1687,40 +1688,37 @@ calc_addr:
}
}
-target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
- int size)
+target_ulong get_reg_ref(CPUX86State *env, int reg, int rex_present,
+ int is_extended, int size)
{
target_ulong ptr = 0;
- int which = 0;
if (is_extended) {
reg |= R_R8;
}
-
switch (size) {
case 1:
- if (is_extended || reg < 4 || rex) {
- which = 1;
+ if (is_extended || reg < 4 || rex_present) {
ptr = (target_ulong)&RL(env, reg);
} else {
- which = 2;
ptr = (target_ulong)&RH(env, reg - 4);
}
break;
default:
- which = 3;
ptr = (target_ulong)&RRX(env, reg);
break;
}
return ptr;
}
-target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
- int size)
+target_ulong get_reg_val(CPUX86State *env, int reg, int rex_present,
+ int is_extended, int size)
{
target_ulong val = 0;
- memcpy(&val, (void *)get_reg_ref(env, reg, rex, is_extended, size), size);
+ memcpy(&val,
+ (void *)get_reg_ref(env, reg, rex_present, is_extended, size),
+ size);
return val;
}
@@ -1853,28 +1851,38 @@ void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
static void decode_prefix(CPUX86State *env, struct x86_decode *decode)
{
while (1) {
+ /*
+ * REX prefix must come after legacy prefixes.
+ * REX before legacy is ignored.
+ * Clear rex to simulate this.
+ */
uint8_t byte = decode_byte(env, decode);
switch (byte) {
case PREFIX_LOCK:
decode->lock = byte;
+ decode->rex.rex = 0;
break;
case PREFIX_REPN:
case PREFIX_REP:
decode->rep = byte;
+ decode->rex.rex = 0;
break;
- case PREFIX_CS_SEG_OVEERIDE:
- case PREFIX_SS_SEG_OVEERIDE:
- case PREFIX_DS_SEG_OVEERIDE:
- case PREFIX_ES_SEG_OVEERIDE:
- case PREFIX_FS_SEG_OVEERIDE:
- case PREFIX_GS_SEG_OVEERIDE:
+ case PREFIX_CS_SEG_OVERRIDE:
+ case PREFIX_SS_SEG_OVERRIDE:
+ case PREFIX_DS_SEG_OVERRIDE:
+ case PREFIX_ES_SEG_OVERRIDE:
+ case PREFIX_FS_SEG_OVERRIDE:
+ case PREFIX_GS_SEG_OVERRIDE:
decode->segment_override = byte;
+ decode->rex.rex = 0;
break;
case PREFIX_OP_SIZE_OVERRIDE:
decode->op_size_override = byte;
+ decode->rex.rex = 0;
break;
case PREFIX_ADDR_SIZE_OVERRIDE:
decode->addr_size_override = byte;
+ decode->rex.rex = 0;
break;
case PREFIX_REX ... (PREFIX_REX + 0xf):
if (x86_is_long_mode(env_cpu(env))) {
@@ -2111,14 +2119,14 @@ void init_decoder()
{
int i;
- for (i = 0; i < ARRAY_SIZE(_decode_tbl2); i++) {
- memcpy(_decode_tbl1, &invl_inst, sizeof(invl_inst));
+ for (i = 0; i < ARRAY_SIZE(_decode_tbl1); i++) {
+ memcpy(&_decode_tbl1[i], &invl_inst, sizeof(invl_inst));
}
for (i = 0; i < ARRAY_SIZE(_decode_tbl2); i++) {
- memcpy(_decode_tbl2, &invl_inst, sizeof(invl_inst));
+ memcpy(&_decode_tbl2[i], &invl_inst, sizeof(invl_inst));
}
for (i = 0; i < ARRAY_SIZE(_decode_tbl3); i++) {
- memcpy(_decode_tbl3, &invl_inst, sizeof(invl_inst_x87));
+ memcpy(&_decode_tbl3[i], &invl_inst_x87, sizeof(invl_inst_x87));
}
for (i = 0; i < ARRAY_SIZE(_1op_inst); i++) {
@@ -2167,22 +2175,22 @@ target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode,
target_ulong addr, X86Seg seg)
{
switch (decode->segment_override) {
- case PREFIX_CS_SEG_OVEERIDE:
+ case PREFIX_CS_SEG_OVERRIDE:
seg = R_CS;
break;
- case PREFIX_SS_SEG_OVEERIDE:
+ case PREFIX_SS_SEG_OVERRIDE:
seg = R_SS;
break;
- case PREFIX_DS_SEG_OVEERIDE:
+ case PREFIX_DS_SEG_OVERRIDE:
seg = R_DS;
break;
- case PREFIX_ES_SEG_OVEERIDE:
+ case PREFIX_ES_SEG_OVERRIDE:
seg = R_ES;
break;
- case PREFIX_FS_SEG_OVEERIDE:
+ case PREFIX_FS_SEG_OVERRIDE:
seg = R_FS;
break;
- case PREFIX_GS_SEG_OVEERIDE:
+ case PREFIX_GS_SEG_OVERRIDE:
seg = R_GS;
break;
default:
diff --git a/target/i386/hvf/x86_decode.h b/target/i386/hvf/x86_decode.h
index bc574a7a44..ef7960113f 100644
--- a/target/i386/hvf/x86_decode.h
+++ b/target/i386/hvf/x86_decode.h
@@ -27,12 +27,12 @@ typedef enum x86_prefix {
PREFIX_REPN = 0xf2,
PREFIX_REP = 0xf3,
/* group 2 */
- PREFIX_CS_SEG_OVEERIDE = 0x2e,
- PREFIX_SS_SEG_OVEERIDE = 0x36,
- PREFIX_DS_SEG_OVEERIDE = 0x3e,
- PREFIX_ES_SEG_OVEERIDE = 0x26,
- PREFIX_FS_SEG_OVEERIDE = 0x64,
- PREFIX_GS_SEG_OVEERIDE = 0x65,
+ PREFIX_CS_SEG_OVERRIDE = 0x2e,
+ PREFIX_SS_SEG_OVERRIDE = 0x36,
+ PREFIX_DS_SEG_OVERRIDE = 0x3e,
+ PREFIX_ES_SEG_OVERRIDE = 0x26,
+ PREFIX_FS_SEG_OVERRIDE = 0x64,
+ PREFIX_GS_SEG_OVERRIDE = 0x65,
/* group 3 */
PREFIX_OP_SIZE_OVERRIDE = 0x66,
/* group 4 */
@@ -303,10 +303,10 @@ uint64_t sign(uint64_t val, int size);
uint32_t decode_instruction(CPUX86State *env, struct x86_decode *decode);
-target_ulong get_reg_ref(CPUX86State *env, int reg, int rex, int is_extended,
- int size);
-target_ulong get_reg_val(CPUX86State *env, int reg, int rex, int is_extended,
- int size);
+target_ulong get_reg_ref(CPUX86State *env, int reg, int rex_present,
+ int is_extended, int size);
+target_ulong get_reg_val(CPUX86State *env, int reg, int rex_present,
+ int is_extended, int size);
void calc_modrm_operand(CPUX86State *env, struct x86_decode *decode,
struct x86_decode_op *op);
target_ulong decode_linear_addr(CPUX86State *env, struct x86_decode *decode,
--
2.24.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH v3 4/5] hvf: more accurately match SDM when setting CR0 and PDPTE registers
2019-12-02 23:55 [PATCH v3 0/5] hvf: stability fixes for HVF Cameron Esfahani via
` (2 preceding siblings ...)
2019-12-02 23:55 ` [PATCH v3 3/5] hvf: correctly handle REX prefix in relation to legacy prefixes Cameron Esfahani via
@ 2019-12-02 23:55 ` Cameron Esfahani via
2019-12-02 23:55 ` [PATCH v3 5/5] hvf: correctly inject VMCS_INTR_T_HWINTR versus VMCS_INTR_T_SWINTR Cameron Esfahani via
2019-12-03 9:14 ` [PATCH v3 0/5] hvf: stability fixes for HVF Paolo Bonzini
5 siblings, 0 replies; 7+ messages in thread
From: Cameron Esfahani via @ 2019-12-02 23:55 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini
More accurately match SDM when setting CR0 and PDPTE registers.
Clear PDPTE registers when resetting vcpus.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/hvf/hvf.c | 8 ++++++++
target/i386/hvf/vmx.h | 18 ++++++++++--------
2 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 90fd50acfc..784e67d77e 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -441,12 +441,20 @@ static MemoryListener hvf_memory_listener = {
};
void hvf_reset_vcpu(CPUState *cpu) {
+ uint64_t pdpte[4] = {0, 0, 0, 0};
+ int i;
/* TODO: this shouldn't be needed; there is already a call to
* cpu_synchronize_all_post_reset in vl.c
*/
wvmcs(cpu->hvf_fd, VMCS_ENTRY_CTLS, 0);
wvmcs(cpu->hvf_fd, VMCS_GUEST_IA32_EFER, 0);
+
+ /* Initialize PDPTE */
+ for (i = 0; i < 4; i++) {
+ wvmcs(cpu->hvf_fd, VMCS_GUEST_PDPTE0 + i * 2, pdpte[i]);
+ }
+
macvm_set_cr0(cpu->hvf_fd, 0x60000010);
wvmcs(cpu->hvf_fd, VMCS_CR4_MASK, CR4_VMXE_MASK);
diff --git a/target/i386/hvf/vmx.h b/target/i386/hvf/vmx.h
index 5dc52ecad6..eb8894cd58 100644
--- a/target/i386/hvf/vmx.h
+++ b/target/i386/hvf/vmx.h
@@ -121,6 +121,7 @@ static inline void macvm_set_cr0(hv_vcpuid_t vcpu, uint64_t cr0)
uint64_t pdpte[4] = {0, 0, 0, 0};
uint64_t efer = rvmcs(vcpu, VMCS_GUEST_IA32_EFER);
uint64_t old_cr0 = rvmcs(vcpu, VMCS_GUEST_CR0);
+ uint64_t mask = CR0_PG | CR0_CD | CR0_NW | CR0_NE | CR0_ET;
if ((cr0 & CR0_PG) && (rvmcs(vcpu, VMCS_GUEST_CR4) & CR4_PAE) &&
!(efer & MSR_EFER_LME)) {
@@ -128,18 +129,15 @@ static inline void macvm_set_cr0(hv_vcpuid_t vcpu, uint64_t cr0)
rvmcs(vcpu, VMCS_GUEST_CR3) & ~0x1f,
MEMTXATTRS_UNSPECIFIED,
(uint8_t *)pdpte, 32, 0);
+ /* Only set PDPTE when appropriate. */
+ for (i = 0; i < 4; i++) {
+ wvmcs(vcpu, VMCS_GUEST_PDPTE0 + i * 2, pdpte[i]);
+ }
}
- for (i = 0; i < 4; i++) {
- wvmcs(vcpu, VMCS_GUEST_PDPTE0 + i * 2, pdpte[i]);
- }
-
- wvmcs(vcpu, VMCS_CR0_MASK, CR0_CD | CR0_NE | CR0_PG);
+ wvmcs(vcpu, VMCS_CR0_MASK, mask);
wvmcs(vcpu, VMCS_CR0_SHADOW, cr0);
- cr0 &= ~CR0_CD;
- wvmcs(vcpu, VMCS_GUEST_CR0, cr0 | CR0_NE | CR0_ET);
-
if (efer & MSR_EFER_LME) {
if (!(old_cr0 & CR0_PG) && (cr0 & CR0_PG)) {
enter_long_mode(vcpu, cr0, efer);
@@ -149,6 +147,10 @@ static inline void macvm_set_cr0(hv_vcpuid_t vcpu, uint64_t cr0)
}
}
+ /* Filter new CR0 after we are finished examining it above. */
+ cr0 = (cr0 & ~(mask & ~CR0_PG));
+ wvmcs(vcpu, VMCS_GUEST_CR0, cr0 | CR0_NE | CR0_ET);
+
hv_vcpu_invalidate_tlb(vcpu);
hv_vcpu_flush(vcpu);
}
--
2.24.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH v3 5/5] hvf: correctly inject VMCS_INTR_T_HWINTR versus VMCS_INTR_T_SWINTR.
2019-12-02 23:55 [PATCH v3 0/5] hvf: stability fixes for HVF Cameron Esfahani via
` (3 preceding siblings ...)
2019-12-02 23:55 ` [PATCH v3 4/5] hvf: more accurately match SDM when setting CR0 and PDPTE registers Cameron Esfahani via
@ 2019-12-02 23:55 ` Cameron Esfahani via
2019-12-03 9:14 ` [PATCH v3 0/5] hvf: stability fixes for HVF Paolo Bonzini
5 siblings, 0 replies; 7+ messages in thread
From: Cameron Esfahani via @ 2019-12-02 23:55 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini
Previous implementation in hvf_inject_interrupts() would always inject
VMCS_INTR_T_SWINTR even when VMCS_INTR_T_HWINTR was required. Now
correctly determine when VMCS_INTR_T_HWINTR is appropriate versus
VMCS_INTR_T_SWINTR.
Make sure to clear ins_len and has_error_code when ins_len isn't
valid and error_code isn't set.
Signed-off-by: Cameron Esfahani <dirty@apple.com>
---
target/i386/hvf/hvf.c | 4 +++-
target/i386/hvf/x86hvf.c | 14 +++++++++-----
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 784e67d77e..d72543dc31 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -637,6 +637,8 @@ static void hvf_store_events(CPUState *cpu, uint32_t ins_len, uint64_t idtvec_in
env->exception_injected = 0;
env->interrupt_injected = -1;
env->nmi_injected = false;
+ env->ins_len = 0;
+ env->has_error_code = false;
if (idtvec_info & VMCS_IDT_VEC_VALID) {
switch (idtvec_info & VMCS_IDT_VEC_TYPE) {
case VMCS_IDT_VEC_HWINTR:
@@ -659,7 +661,7 @@ static void hvf_store_events(CPUState *cpu, uint32_t ins_len, uint64_t idtvec_in
(idtvec_info & VMCS_IDT_VEC_TYPE) == VMCS_IDT_VEC_SWINTR) {
env->ins_len = ins_len;
}
- if (idtvec_info & VMCS_INTR_DEL_ERRCODE) {
+ if (idtvec_info & VMCS_IDT_VEC_ERRCODE_VALID) {
env->has_error_code = true;
env->error_code = rvmcs(cpu->hvf_fd, VMCS_IDT_VECTORING_ERROR);
}
diff --git a/target/i386/hvf/x86hvf.c b/target/i386/hvf/x86hvf.c
index 1485b95776..edefe5319a 100644
--- a/target/i386/hvf/x86hvf.c
+++ b/target/i386/hvf/x86hvf.c
@@ -345,8 +345,6 @@ void vmx_clear_int_window_exiting(CPUState *cpu)
~VMCS_PRI_PROC_BASED_CTLS_INT_WINDOW_EXITING);
}
-#define NMI_VEC 2
-
bool hvf_inject_interrupts(CPUState *cpu_state)
{
X86CPU *x86cpu = X86_CPU(cpu_state);
@@ -357,7 +355,11 @@ bool hvf_inject_interrupts(CPUState *cpu_state)
bool have_event = true;
if (env->interrupt_injected != -1) {
vector = env->interrupt_injected;
- intr_type = VMCS_INTR_T_SWINTR;
+ if (env->ins_len) {
+ intr_type = VMCS_INTR_T_SWINTR;
+ } else {
+ intr_type = VMCS_INTR_T_HWINTR;
+ }
} else if (env->exception_nr != -1) {
vector = env->exception_nr;
if (vector == EXCP03_INT3 || vector == EXCP04_INTO) {
@@ -366,7 +368,7 @@ bool hvf_inject_interrupts(CPUState *cpu_state)
intr_type = VMCS_INTR_T_HWEXCEPTION;
}
} else if (env->nmi_injected) {
- vector = NMI_VEC;
+ vector = EXCP02_NMI;
intr_type = VMCS_INTR_T_NMI;
} else {
have_event = false;
@@ -390,6 +392,8 @@ bool hvf_inject_interrupts(CPUState *cpu_state)
if (env->has_error_code) {
wvmcs(cpu_state->hvf_fd, VMCS_ENTRY_EXCEPTION_ERROR,
env->error_code);
+ /* Indicate that VMCS_ENTRY_EXCEPTION_ERROR is valid */
+ info |= VMCS_INTR_DEL_ERRCODE;
}
/*printf("reinject %lx err %d\n", info, err);*/
wvmcs(cpu_state->hvf_fd, VMCS_ENTRY_INTR_INFO, info);
@@ -399,7 +403,7 @@ bool hvf_inject_interrupts(CPUState *cpu_state)
if (cpu_state->interrupt_request & CPU_INTERRUPT_NMI) {
if (!(env->hflags2 & HF2_NMI_MASK) && !(info & VMCS_INTR_VALID)) {
cpu_state->interrupt_request &= ~CPU_INTERRUPT_NMI;
- info = VMCS_INTR_VALID | VMCS_INTR_T_NMI | NMI_VEC;
+ info = VMCS_INTR_VALID | VMCS_INTR_T_NMI | EXCP02_NMI;
wvmcs(cpu_state->hvf_fd, VMCS_ENTRY_INTR_INFO, info);
} else {
vmx_set_nmi_window_exiting(cpu_state);
--
2.24.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH v3 0/5] hvf: stability fixes for HVF
2019-12-02 23:55 [PATCH v3 0/5] hvf: stability fixes for HVF Cameron Esfahani via
` (4 preceding siblings ...)
2019-12-02 23:55 ` [PATCH v3 5/5] hvf: correctly inject VMCS_INTR_T_HWINTR versus VMCS_INTR_T_SWINTR Cameron Esfahani via
@ 2019-12-03 9:14 ` Paolo Bonzini
5 siblings, 0 replies; 7+ messages in thread
From: Paolo Bonzini @ 2019-12-03 9:14 UTC (permalink / raw)
To: Cameron Esfahani, qemu-devel
On 03/12/19 00:55, Cameron Esfahani wrote:
> Changes in v3:
> - Change previous code which saved interrupt/exception type in
> hvf_store_events() to inject later in hvf_inject_interrupts().
> Now, hvf_inject_interrupts() will correctly determine when it's appropriate
> to inject VMCS_INTR_T_HWINTR versus VMCS_INTR_T_SWINTR. From feedback by
> Paolo Bonzini to make code more similar to KVM model.
Queued, thanks.
Paolo
^ permalink raw reply [flat|nested] 7+ messages in thread