* [PULL v3 00/22] QEMU changes for 7.0 soft freeze
@ 2022-03-15 10:54 Paolo Bonzini
2022-03-15 10:54 ` [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST Paolo Bonzini
2022-03-15 16:28 ` [PULL v3 00/22] QEMU changes for 7.0 soft freeze Peter Maydell
0 siblings, 2 replies; 3+ messages in thread
From: Paolo Bonzini @ 2022-03-15 10:54 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 6f4fe14b46f0a161f94e3f6e98690ac38184b0be:
Merge tag 'pull-tcg-20220314' of https://gitlab.com/rth7680/qemu into staging (2022-03-14 18:11:36 +0000)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 8a5606f6449c90a0731790ed03eebedcf7045070:
gitlab-ci: do not run tests with address sanitizer (2022-03-15 11:50:50 +0100)
----------------------------------------------------------------
* whpx fixes in preparation for GDB support (Ivan)
* VSS header fixes (Marc-André)
* 5-level EPT support (Vitaly)
* AMX support (Jing Liu & Yang Zhong)
* Bundle changes to MSI routes (Longpeng)
* More precise emulation of #SS
* Disable ASAN testing
----------------------------------------------------------------
Sorry for this being so late. If you want to delay it to 7.1 I won't complain.
v3->v4: fix sign extension in "target/i386: Throw a
#SS when loading a non-canonical IST"
Gareth Webb (1):
target/i386: Throw a #SS when loading a non-canonical IST
Ivan Shcherbakov (2):
whpx: Fixed reporting of the CPU context to GDB for 64-bit
whpx: Fixed incorrect CR8/TPR synchronization
Jing Liu (5):
x86: Fix the 64-byte boundary enumeration for extended state
x86: Add AMX XTILECFG and XTILEDATA components
x86: Add XFD faulting bit for state components
x86: Add AMX CPUIDs enumeration
x86: add support for KVM_CAP_XSAVE2 and AMX state migration
Longpeng (Mike) (2):
kvm-irqchip: introduce new API to support route change
kvm/msi: do explicit commit when adding msi routes
Marc-André Lureau (3):
meson: fix generic location of vss headers
qga/vss-win32: check old VSS SDK headers
qga/vss: update informative message about MinGW
Maxim Levitsky (1):
KVM: SVM: always set MSR_AMD64_TSC_RATIO to default value
Paolo Bonzini (4):
update meson-buildoptions.sh
target/i386: only include bits in pg_mode if they are not ignored
linux-headers: include missing changes from 5.17
gitlab-ci: do not run tests with address sanitizer
Vitaly Kuznetsov (2):
vmxcap: Add 5-level EPT bit
i386: Add Icelake-Server-v6 CPU model with 5-level EPT support
Yang Zhong (1):
x86: Grant AMX permission for guest
Zeng Guang (1):
x86: Support XFD and AMX xsave data migration
.gitlab-ci.d/buildtest.yml | 2 -
accel/kvm/kvm-all.c | 7 +-
accel/stubs/kvm-stub.c | 2 +-
hw/misc/ivshmem.c | 5 +-
hw/vfio/pci.c | 5 +-
hw/virtio/virtio-pci.c | 4 +-
include/sysemu/kvm.h | 23 ++++++-
linux-headers/asm-x86/kvm.h | 3 +
linux-headers/linux/kvm.h | 4 ++
meson.build | 5 +-
qga/meson.build | 2 +-
qga/vss-win32/install.cpp | 4 ++
qga/vss-win32/provider.cpp | 4 ++
qga/vss-win32/vss-common.h | 3 +-
scripts/kvm/vmxcap | 1 +
scripts/meson-buildoptions.sh | 2 +-
target/i386/cpu.c | 84 +++++++++++++++++++++--
target/i386/cpu.h | 43 +++++++++++-
target/i386/kvm/kvm-cpu.c | 11 +--
target/i386/kvm/kvm.c | 125 ++++++++++++++++++++++++++++++-----
target/i386/kvm/kvm_i386.h | 1 +
target/i386/machine.c | 46 +++++++++++++
target/i386/tcg/seg_helper.c | 52 ++++++++++++++-
target/i386/tcg/sysemu/excp_helper.c | 40 +----------
target/i386/whpx/whpx-all.c | 30 ++++++++-
target/i386/xsave_helper.c | 28 ++++++++
26 files changed, 451 insertions(+), 85 deletions(-)
--
2.35.1
^ permalink raw reply [flat|nested] 3+ messages in thread* [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST 2022-03-15 10:54 [PULL v3 00/22] QEMU changes for 7.0 soft freeze Paolo Bonzini @ 2022-03-15 10:54 ` Paolo Bonzini 2022-03-15 16:28 ` [PULL v3 00/22] QEMU changes for 7.0 soft freeze Peter Maydell 1 sibling, 0 replies; 3+ messages in thread From: Paolo Bonzini @ 2022-03-15 10:54 UTC (permalink / raw) To: qemu-devel; +Cc: Gareth Webb From: Gareth Webb <gareth.webb@umbralsoftware.co.uk> Loading a non-canonical address into rsp when handling an interrupt or performing a far call should raise a #SS not a #GP. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/870 Signed-off-by: Gareth Webb <gareth.webb@umbralsoftware.co.uk> Message-Id: <164529651121.25406.15337137068584246397-0@git.sr.ht> [Move get_pg_mode to seg_helper.c for user-mode emulators. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- target/i386/tcg/seg_helper.c | 52 ++++++++++++++++++++++++++-- target/i386/tcg/sysemu/excp_helper.c | 36 ------------------- 2 files changed, 50 insertions(+), 38 deletions(-) diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index baa905a0cd..bffd82923f 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -28,6 +28,42 @@ #include "helper-tcg.h" #include "seg_helper.h" +int get_pg_mode(CPUX86State *env) +{ + int pg_mode = 0; + if (!(env->cr[0] & CR0_PG_MASK)) { + return 0; + } + if (env->cr[0] & CR0_WP_MASK) { + pg_mode |= PG_MODE_WP; + } + if (env->cr[4] & CR4_PAE_MASK) { + pg_mode |= PG_MODE_PAE; + if (env->efer & MSR_EFER_NXE) { + pg_mode |= PG_MODE_NXE; + } + } + if (env->cr[4] & CR4_PSE_MASK) { + pg_mode |= PG_MODE_PSE; + } + if (env->cr[4] & CR4_SMEP_MASK) { + pg_mode |= PG_MODE_SMEP; + } + if (env->hflags & HF_LMA_MASK) { + pg_mode |= PG_MODE_LMA; + if (env->cr[4] & CR4_PKE_MASK) { + pg_mode |= PG_MODE_PKE; + } + if (env->cr[4] & CR4_PKS_MASK) { + pg_mode |= PG_MODE_PKS; + } + if (env->cr[4] & CR4_LA57_MASK) { + pg_mode |= PG_MODE_LA57; + } + } + return pg_mode; +} + /* return non zero if error */ static inline int load_segment_ra(CPUX86State *env, uint32_t *e1_ptr, uint32_t *e2_ptr, int selector, @@ -794,7 +830,9 @@ static void do_interrupt_protected(CPUX86State *env, int intno, int is_int, static inline target_ulong get_rsp_from_tss(CPUX86State *env, int level) { X86CPU *cpu = env_archcpu(env); - int index; + int index, pg_mode; + target_ulong rsp; + int32_t sext; #if 0 printf("TR: base=" TARGET_FMT_lx " limit=%x\n", @@ -808,7 +846,17 @@ static inline target_ulong get_rsp_from_tss(CPUX86State *env, int level) if ((index + 7) > env->tr.limit) { raise_exception_err(env, EXCP0A_TSS, env->tr.selector & 0xfffc); } - return cpu_ldq_kernel(env, env->tr.base + index); + + rsp = cpu_ldq_kernel(env, env->tr.base + index); + + /* test virtual address sign extension */ + pg_mode = get_pg_mode(env); + sext = (int64_t)rsp >> (pg_mode & PG_MODE_LA57 ? 56 : 47); + if (sext != 0 && sext != -1) { + raise_exception_err(env, EXCP0C_STACK, 0); + } + + return rsp; } /* 64 bit interrupt */ diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c index 6f1fbe667b..e1b6d88683 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -22,42 +22,6 @@ #include "exec/exec-all.h" #include "tcg/helper-tcg.h" -int get_pg_mode(CPUX86State *env) -{ - int pg_mode = 0; - if (!(env->cr[0] & CR0_PG_MASK)) { - return 0; - } - if (env->cr[0] & CR0_WP_MASK) { - pg_mode |= PG_MODE_WP; - } - if (env->cr[4] & CR4_PAE_MASK) { - pg_mode |= PG_MODE_PAE; - if (env->efer & MSR_EFER_NXE) { - pg_mode |= PG_MODE_NXE; - } - } - if (env->cr[4] & CR4_PSE_MASK) { - pg_mode |= PG_MODE_PSE; - } - if (env->cr[4] & CR4_SMEP_MASK) { - pg_mode |= PG_MODE_SMEP; - } - if (env->hflags & HF_LMA_MASK) { - pg_mode |= PG_MODE_LMA; - if (env->cr[4] & CR4_PKE_MASK) { - pg_mode |= PG_MODE_PKE; - } - if (env->cr[4] & CR4_PKS_MASK) { - pg_mode |= PG_MODE_PKS; - } - if (env->cr[4] & CR4_LA57_MASK) { - pg_mode |= PG_MODE_LA57; - } - } - return pg_mode; -} - #define PG_ERROR_OK (-1) typedef hwaddr (*MMUTranslateFunc)(CPUState *cs, hwaddr gphys, MMUAccessType access_type, -- 2.35.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PULL v3 00/22] QEMU changes for 7.0 soft freeze 2022-03-15 10:54 [PULL v3 00/22] QEMU changes for 7.0 soft freeze Paolo Bonzini 2022-03-15 10:54 ` [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST Paolo Bonzini @ 2022-03-15 16:28 ` Peter Maydell 1 sibling, 0 replies; 3+ messages in thread From: Peter Maydell @ 2022-03-15 16:28 UTC (permalink / raw) To: Paolo Bonzini; +Cc: qemu-devel On Tue, 15 Mar 2022 at 11:04, Paolo Bonzini <pbonzini@redhat.com> wrote: > > The following changes since commit 6f4fe14b46f0a161f94e3f6e98690ac38184b0be: > > Merge tag 'pull-tcg-20220314' of https://gitlab.com/rth7680/qemu into staging (2022-03-14 18:11:36 +0000) > > are available in the Git repository at: > > https://gitlab.com/bonzini/qemu.git tags/for-upstream > > for you to fetch changes up to 8a5606f6449c90a0731790ed03eebedcf7045070: > > gitlab-ci: do not run tests with address sanitizer (2022-03-15 11:50:50 +0100) > > ---------------------------------------------------------------- > * whpx fixes in preparation for GDB support (Ivan) > * VSS header fixes (Marc-André) > * 5-level EPT support (Vitaly) > * AMX support (Jing Liu & Yang Zhong) > * Bundle changes to MSI routes (Longpeng) > * More precise emulation of #SS > * Disable ASAN testing > Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0 for any user-visible changes. -- PMM ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-15 16:29 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-03-15 10:54 [PULL v3 00/22] QEMU changes for 7.0 soft freeze Paolo Bonzini 2022-03-15 10:54 ` [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST Paolo Bonzini 2022-03-15 16:28 ` [PULL v3 00/22] QEMU changes for 7.0 soft freeze Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).