From: Gleb Natapov <gleb@redhat.com>
To: Lluís <xscript@gmx.net>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v2 5/6] backdoor: [i386] provide and implement intruction-based backdoor interface
Date: Sun, 7 Nov 2010 14:36:06 +0200 [thread overview]
Message-ID: <20101107123606.GE30855@redhat.com> (raw)
In-Reply-To: <20101104223614.16669.69856.stgit@ginnungagap.bsc.es>
On Thu, Nov 04, 2010 at 11:36:15PM +0100, Lluís wrote:
> Take the unused CPUID 0x40001xxx range as the backdoor instruction.
>
In KVM (and it fits the spec nicely) cpuid is defined in terms of
tables. There is no callback that is called when particular cpuid is
queried, so such backdoor interface will be impossible to implement
in KVM. Furthermore any interface that changes/looks at vcpu state in
userspace is broken for KVM. Look at vmware backdoor interface for
instance. KVM has a hack in emulator code to make it work.
> Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
> ---
> backdoor/guest.h | 21 +++++++++++++++++++++
> target-i386/cpuid.c | 27 +++++++++++++++++++++++++++
> target-i386/helper.h | 4 ++++
> target-i386/translate.c | 4 ++++
> 4 files changed, 56 insertions(+), 0 deletions(-)
>
> diff --git a/backdoor/guest.h b/backdoor/guest.h
> index 8373762..3edcbc6 100644
> --- a/backdoor/guest.h
> +++ b/backdoor/guest.h
> @@ -26,8 +26,29 @@
> * - v32: value of 32 bits
> */
>
> +#include <stdint.h>
> +
> +#if __i386__ || __i486__ || __x86_64__
> +
> +#define _BACKDOOR(t, i8, v32) \
> + ({ \
> + uint32_t eax, ebx, ecx, edx; \
> + uint32_t index = (uint32_t)0x40001000 + (t<<8) + (uint8_t)i8; \
> + uint32_t count = (uint32_t)v32; \
> + asm volatile ("cpuid" \
> + : "=a"(eax), "=b"(ebx), "=c"(ecx), "=d"(edx) \
> + : "0"(index), "2"(count) \
> + ); \
> + eax; \
> + })
> +
> +#define BACKDOOR_i8(i) _BACKDOOR(0, i, 0)
> +#define BACKDOOR_i8_v32(i, v) _BACKDOOR(1, i, v)
> +
> +#else
>
> #error Undefined instruction-based backdoor interface for guest architecture
>
> +#endif
>
> #endif /* BACKDOOR__GUEST_H */
> diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
> index 650a719..03fc973 100644
> --- a/target-i386/cpuid.c
> +++ b/target-i386/cpuid.c
> @@ -27,6 +27,9 @@
> #include "qemu-option.h"
> #include "qemu-config.h"
>
> +#include "helper.h"
> +
> +
> /* feature flags taken from "Intel Processor Identification and the CPUID
> * Instruction" and AMD's "CPUID Specification". In cases of disagreement
> * between feature naming conventions, aliases may be added.
> @@ -1033,6 +1036,30 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
> uint32_t *eax, uint32_t *ebx,
> uint32_t *ecx, uint32_t *edx)
> {
> +#if defined(CONFIG_BACKDOOR) /* synched with "backdoor/guest.h" */
> + if ((index & ~0xfff) == 0x40001000) {
> + int type = (index >> 8) & 0xf;
> + uint8_t i8 = index & 0x0ff;
> + uint32_t v32 = count;
> + switch (type) {
> + case 0:
> + helper_backdoor_i8(i8);
> + break;
> + case 1:
> + helper_backdoor_i8_v32(i8, v32);
> + break;
> + default:
> + printf("invalid backdoor request\n");
> + abort();
> + }
> + *eax = 0;
> + *ebx = 0;
> + *ecx = 0;
> + *edx = 0;
> + return;
> + }
> +#endif
> +
> /* test if maximum index reached */
> if (index & 0x80000000) {
> if (index > env->cpuid_xlevel)
> diff --git a/target-i386/helper.h b/target-i386/helper.h
> index 6b518ad..979d94e 100644
> --- a/target-i386/helper.h
> +++ b/target-i386/helper.h
> @@ -217,4 +217,8 @@ DEF_HELPER_2(rclq, tl, tl, tl)
> DEF_HELPER_2(rcrq, tl, tl, tl)
> #endif
>
> +#if defined(CONFIG_BACKDOOR)
> +#include "backdoor/helper.h"
> +#endif
> +
> #include "def-helper.h"
> diff --git a/target-i386/translate.c b/target-i386/translate.c
> index 7b6e3c2..dfdc2f0 100644
> --- a/target-i386/translate.c
> +++ b/target-i386/translate.c
> @@ -6941,6 +6941,10 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
> gen_op_set_cc_op(s->cc_op);
> gen_jmp_im(pc_start - s->cs_base);
> gen_helper_cpuid();
> +#if defined(CONFIG_BACKDOOR)
> + gen_jmp_im(s->pc);
> + gen_eob(s);
> +#endif
> break;
> case 0xf4: /* hlt */
> if (s->cpl != 0) {
>
--
Gleb.
next prev parent reply other threads:[~2010-11-07 12:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-04 22:34 [Qemu-devel] [RFC][PATCH v2 0/6] backdoor: instruction-based guest-to-QEMU backdoor communication channel Lluís
2010-11-04 22:35 ` [Qemu-devel] [PATCH v2 1/6] [arm m68k] move helpers.h to helper.h Lluís
2010-11-04 22:35 ` [Qemu-devel] [PATCH v2 2/6] backdoor: handle config-time activation Lluís
2010-11-04 22:35 ` [Qemu-devel] [PATCH v2 3/6] backdoor: declare host-side backdoor helpers Lluís
2010-11-04 22:35 ` [Qemu-devel] [PATCH v2 4/6] backdoor: declare guest-side interface macros Lluís
2010-11-04 22:36 ` [Qemu-devel] [PATCH v2 5/6] backdoor: [i386] provide and implement intruction-based backdoor interface Lluís
2010-11-07 12:36 ` Gleb Natapov [this message]
2010-11-08 14:16 ` Lluís
2010-11-04 22:36 ` [Qemu-devel] [PATCH v2 6/6] backdoor: add a simple example Lluís
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101107123606.GE30855@redhat.com \
--to=gleb@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=xscript@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).