From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=46207 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PF4Tk-0006z9-Rx for qemu-devel@nongnu.org; Sun, 07 Nov 2010 07:36:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PF4Tj-0008MY-JQ for qemu-devel@nongnu.org; Sun, 07 Nov 2010 07:36:12 -0500 Received: from mx1.redhat.com ([209.132.183.28]:64992) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PF4Tj-0008ML-5K for qemu-devel@nongnu.org; Sun, 07 Nov 2010 07:36:11 -0500 Date: Sun, 7 Nov 2010 14:36:06 +0200 From: Gleb Natapov Subject: Re: [Qemu-devel] [PATCH v2 5/6] backdoor: [i386] provide and implement intruction-based backdoor interface Message-ID: <20101107123606.GE30855@redhat.com> References: <20101104223452.16669.25092.stgit@ginnungagap.bsc.es> <20101104223614.16669.69856.stgit@ginnungagap.bsc.es> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20101104223614.16669.69856.stgit@ginnungagap.bsc.es> List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?utf-8?B?TGx1w61z?= Cc: qemu-devel@nongnu.org On Thu, Nov 04, 2010 at 11:36:15PM +0100, Llu=C3=ADs wrote: > Take the unused CPUID 0x40001xxx range as the backdoor instruction. >=20 In KVM (and it fits the spec nicely) cpuid is defined in terms of tables. There is no callback that is called when particular cpuid is queried, so such backdoor interface will be impossible to implement in KVM. Furthermore any interface that changes/looks at vcpu state in userspace is broken for KVM. Look at vmware backdoor interface for instance. KVM has a hack in emulator code to make it work. > Signed-off-by: Llu=C3=ADs Vilanova > --- > backdoor/guest.h | 21 +++++++++++++++++++++ > target-i386/cpuid.c | 27 +++++++++++++++++++++++++++ > target-i386/helper.h | 4 ++++ > target-i386/translate.c | 4 ++++ > 4 files changed, 56 insertions(+), 0 deletions(-) >=20 > diff --git a/backdoor/guest.h b/backdoor/guest.h > index 8373762..3edcbc6 100644 > --- a/backdoor/guest.h > +++ b/backdoor/guest.h > @@ -26,8 +26,29 @@ > * - v32: value of 32 bits > */ > =20 > +#include > + > +#if __i386__ || __i486__ || __x86_64__ > + > +#define _BACKDOOR(t, i8, v32) \ > + ({ \ > + uint32_t eax, ebx, ecx, edx; \ > + uint32_t index =3D (uint32_t)0x40001000 + (t<<8) + (uint8_t)i8; = \ > + uint32_t count =3D (uint32_t)v32; = \ > + asm volatile ("cpuid" \ > + : "=3Da"(eax), "=3Db"(ebx), "=3Dc"(ecx), "=3Dd"(ed= x) \ > + : "0"(index), "2"(count) \ > + ); \ > + eax; \ > + }) > + > +#define BACKDOOR_i8(i) _BACKDOOR(0, i, 0) > +#define BACKDOOR_i8_v32(i, v) _BACKDOOR(1, i, v) > + > +#else > =20 > #error Undefined instruction-based backdoor interface for guest architec= ture > =20 > +#endif > =20 > #endif /* BACKDOOR__GUEST_H */ > diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c > index 650a719..03fc973 100644 > --- a/target-i386/cpuid.c > +++ b/target-i386/cpuid.c > @@ -27,6 +27,9 @@ > #include "qemu-option.h" > #include "qemu-config.h" > =20 > +#include "helper.h" > + > + > /* feature flags taken from "Intel Processor Identification and the CPUID > * Instruction" and AMD's "CPUID Specification". In cases of disagreeme= nt > * between feature naming conventions, aliases may be added. > @@ -1033,6 +1036,30 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t inde= x, uint32_t count, > uint32_t *eax, uint32_t *ebx, > uint32_t *ecx, uint32_t *edx) > { > +#if defined(CONFIG_BACKDOOR) /* synched with "backdoor/guest.= h" */ > + if ((index & ~0xfff) =3D=3D 0x40001000) { > + int type =3D (index >> 8) & 0xf; > + uint8_t i8 =3D index & 0x0ff; > + uint32_t v32 =3D count; > + switch (type) { > + case 0: > + helper_backdoor_i8(i8); > + break; > + case 1: > + helper_backdoor_i8_v32(i8, v32); > + break; > + default: > + printf("invalid backdoor request\n"); > + abort(); > + } > + *eax =3D 0; > + *ebx =3D 0; > + *ecx =3D 0; > + *edx =3D 0; > + return; > + } > +#endif > + > /* test if maximum index reached */ > if (index & 0x80000000) { > if (index > env->cpuid_xlevel) > diff --git a/target-i386/helper.h b/target-i386/helper.h > index 6b518ad..979d94e 100644 > --- a/target-i386/helper.h > +++ b/target-i386/helper.h > @@ -217,4 +217,8 @@ DEF_HELPER_2(rclq, tl, tl, tl) > DEF_HELPER_2(rcrq, tl, tl, tl) > #endif > =20 > +#if defined(CONFIG_BACKDOOR) > +#include "backdoor/helper.h" > +#endif > + > #include "def-helper.h" > diff --git a/target-i386/translate.c b/target-i386/translate.c > index 7b6e3c2..dfdc2f0 100644 > --- a/target-i386/translate.c > +++ b/target-i386/translate.c > @@ -6941,6 +6941,10 @@ static target_ulong disas_insn(DisasContext *s, ta= rget_ulong pc_start) > gen_op_set_cc_op(s->cc_op); > gen_jmp_im(pc_start - s->cs_base); > gen_helper_cpuid(); > +#if defined(CONFIG_BACKDOOR) > + gen_jmp_im(s->pc); > + gen_eob(s); > +#endif > break; > case 0xf4: /* hlt */ > if (s->cpl !=3D 0) { >=20 -- Gleb.