[PATCH v3 25/28] target/i386: Convert do_xrstor to X86Access

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: pbonzini@redhat.com, laurent@vivier.eu
Subject: [PATCH v3 25/28] target/i386: Convert do_xrstor to X86Access
Date: Wed, 15 May 2024 17:08:34 +0200	[thread overview]
Message-ID: <20240515150837.259747-26-richard.henderson@linaro.org> (raw)
In-Reply-To: <20240515150837.259747-1-richard.henderson@linaro.org>

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/tcg/fpu_helper.c | 106 +++++++++++++++++++++--------------
 1 file changed, 64 insertions(+), 42 deletions(-)

diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index f5748b72b8..1ac61c5d7d 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -2903,51 +2903,38 @@ void helper_fxrstor(CPUX86State *env, target_ulong ptr)
     do_fxrstor(&ac, ptr);
 }
 
-static void do_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm, uintptr_t ra)
+static bool valid_xrstor_header(X86Access *ac, uint64_t *pxsbv,
+                                target_ulong ptr)
 {
     uint64_t xstate_bv, xcomp_bv, reserve0;
-    X86Access ac;
-    unsigned size, size_ext;
 
-    rfbm &= env->xcr0;
+    xstate_bv = access_ldq(ac, ptr + XO(header.xstate_bv));
+    xcomp_bv = access_ldq(ac, ptr + XO(header.xcomp_bv));
+    reserve0 = access_ldq(ac, ptr + XO(header.reserve0));
+    *pxsbv = xstate_bv;
 
-    size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader);
-    access_prepare(&ac, env, ptr, size, MMU_DATA_LOAD, ra);
-
-    xstate_bv = access_ldq(&ac, ptr + XO(header.xstate_bv));
-
-    if ((int64_t)xstate_bv < 0) {
-        /* FIXME: Compact form.  */
-        raise_exception_ra(env, EXCP0D_GPF, ra);
+    /*
+     * XCOMP_BV bit 63 indicates compact form, which we do not support,
+     * and thus must raise #GP.  That leaves us in standard form.
+     * In standard form, bytes 23:8 must be zero -- which is both
+     * XCOMP_BV and the following 64-bit field.
+     */
+    if (xcomp_bv || reserve0) {
+        return false;
     }
 
-    /* Standard form.  */
-
     /* The XSTATE_BV field must not set bits not present in XCR0.  */
-    if (xstate_bv & ~env->xcr0) {
-        raise_exception_ra(env, EXCP0D_GPF, ra);
-    }
+    return (xstate_bv & ~ac->env->xcr0) == 0;
+}
 
-    /* The XCOMP_BV field must be zero.  Note that, as of the April 2016
-       revision, the description of the XSAVE Header (Vol 1, Sec 13.4.2)
-       describes only XCOMP_BV, but the description of the standard form
-       of XRSTOR (Vol 1, Sec 13.8.1) checks bytes 23:8 for zero, which
-       includes the next 64-bit field.  */
-    xcomp_bv = access_ldq(&ac, ptr + XO(header.xcomp_bv));
-    reserve0 = access_ldq(&ac, ptr + XO(header.reserve0));
-    if (xcomp_bv || reserve0) {
-        raise_exception_ra(env, EXCP0D_GPF, ra);
-    }
-
-    size_ext = xsave_area_size(rfbm & xstate_bv, false);
-    if (size < size_ext) {
-        /* TODO: See if existing page probe has covered extra size. */
-        access_prepare(&ac, env, ptr, size_ext, MMU_DATA_LOAD, ra);
-    }
+static void do_xrstor(X86Access *ac, target_ulong ptr,
+                      uint64_t rfbm, uint64_t xstate_bv)
+{
+    CPUX86State *env = ac->env;
 
     if (rfbm & XSTATE_FP_MASK) {
         if (xstate_bv & XSTATE_FP_MASK) {
-            do_xrstor_fpu(&ac, ptr);
+            do_xrstor_fpu(ac, ptr);
         } else {
             do_fninit(env);
             memset(env->fpregs, 0, sizeof(env->fpregs));
@@ -2956,23 +2943,23 @@ static void do_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm, uintptr
     if (rfbm & XSTATE_SSE_MASK) {
         /* Note that the standard form of XRSTOR loads MXCSR from memory
            whether or not the XSTATE_BV bit is set.  */
-        do_xrstor_mxcsr(&ac, ptr);
+        do_xrstor_mxcsr(ac, ptr);
         if (xstate_bv & XSTATE_SSE_MASK) {
-            do_xrstor_sse(&ac, ptr);
+            do_xrstor_sse(ac, ptr);
         } else {
             do_clear_sse(env);
         }
     }
     if (rfbm & XSTATE_YMM_MASK) {
         if (xstate_bv & XSTATE_YMM_MASK) {
-            do_xrstor_ymmh(&ac, ptr + XO(avx_state));
+            do_xrstor_ymmh(ac, ptr + XO(avx_state));
         } else {
             do_clear_ymmh(env);
         }
     }
     if (rfbm & XSTATE_BNDREGS_MASK) {
         if (xstate_bv & XSTATE_BNDREGS_MASK) {
-            do_xrstor_bndregs(&ac, ptr + XO(bndreg_state));
+            do_xrstor_bndregs(ac, ptr + XO(bndreg_state));
             env->hflags |= HF_MPX_IU_MASK;
         } else {
             memset(env->bnd_regs, 0, sizeof(env->bnd_regs));
@@ -2981,7 +2968,7 @@ static void do_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm, uintptr
     }
     if (rfbm & XSTATE_BNDCSR_MASK) {
         if (xstate_bv & XSTATE_BNDCSR_MASK) {
-            do_xrstor_bndcsr(&ac, ptr + XO(bndcsr_state));
+            do_xrstor_bndcsr(ac, ptr + XO(bndcsr_state));
         } else {
             memset(&env->bndcs_regs, 0, sizeof(env->bndcs_regs));
         }
@@ -2990,7 +2977,7 @@ static void do_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm, uintptr
     if (rfbm & XSTATE_PKRU_MASK) {
         uint64_t old_pkru = env->pkru;
         if (xstate_bv & XSTATE_PKRU_MASK) {
-            do_xrstor_pkru(&ac, ptr + XO(pkru_state));
+            do_xrstor_pkru(ac, ptr + XO(pkru_state));
         } else {
             env->pkru = 0;
         }
@@ -3006,9 +2993,27 @@ static void do_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm, uintptr
 void helper_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm)
 {
     uintptr_t ra = GETPC();
+    X86Access ac;
+    uint64_t xstate_bv;
+    unsigned size, size_ext;
 
     do_xsave_chk(env, ptr, ra);
-    do_xrstor(env, ptr, rfbm, ra);
+
+    /* Begin with just the minimum size to validate the header. */
+    size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader);
+    access_prepare(&ac, env, ptr, size, MMU_DATA_LOAD, ra);
+    if (!valid_xrstor_header(&ac, &xstate_bv, ptr)) {
+        raise_exception_ra(env, EXCP0D_GPF, ra);
+    }
+
+    rfbm &= env->xcr0;
+    size_ext = xsave_area_size(rfbm & xstate_bv, false);
+    if (size < size_ext) {
+        /* TODO: See if existing page probe has covered extra size. */
+        access_prepare(&ac, env, ptr, size_ext, MMU_DATA_LOAD, ra);
+    }
+
+    do_xrstor(&ac, ptr, rfbm, xstate_bv);
 }
 
 #if defined(CONFIG_USER_ONLY)
@@ -3066,7 +3071,24 @@ void cpu_x86_xsave(CPUX86State *env, target_ulong ptr, uint64_t rfbm)
 
 void cpu_x86_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm)
 {
-    do_xrstor(env, ptr, rfbm, 0);
+    X86Access ac;
+    uint64_t xstate_bv;
+    unsigned size;
+
+    /*
+     * Since this is only called from user-level signal handling,
+     * we should have done the job correctly there.
+     */
+    assert((rfbm & ~env->xcr0) == 0);
+    size = xsave_area_size(rfbm, false);
+    access_prepare(&ac, env, ptr, size, MMU_DATA_LOAD, 0);
+
+    if (!valid_xrstor_header(&ac, &xstate_bv, ptr)) {
+        /* TODO: Report failure to caller. */
+        xstate_bv &= env->xcr0;
+    }
+
+    do_xrstor(&ac, ptr, rfbm, xstate_bv);
 }
 #endif
 
-- 
2.34.1

next prev parent reply	other threads:[~2024-05-15 15:13 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-15 15:08 [PATCH v3 00/28] linux-user/i386: Properly align signal frame Richard Henderson
2024-05-15 15:08 ` [PATCH v3 01/28] target/i386: Add tcg/access.[ch] Richard Henderson
2024-05-15 15:08 ` [PATCH v3 02/28] target/i386: Convert do_fldt, do_fstt to X86Access Richard Henderson
2024-05-15 15:08 ` [PATCH v3 03/28] target/i386: Convert helper_{fbld, fbst}_ST0 " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 04/28] target/i386: Convert do_fldenv " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 05/28] target/i386: Convert do_fstenv " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 06/28] target/i386: Convert do_fsave, do_frstor " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 07/28] target/i386: Convert do_xsave_{fpu, mxcr, sse} " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 08/28] target/i386: Convert do_xrstor_{fpu, " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 09/28] tagret/i386: Convert do_fxsave, do_fxrstor " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 10/28] target/i386: Convert do_xsave_* " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 11/28] target/i386: Convert do_xrstor_* " Richard Henderson
2024-05-15 15:08 ` [PATCH v3 12/28] target/i386: Split out do_xsave_chk Richard Henderson
2024-05-15 15:08 ` [PATCH v3 13/28] target/i386: Add rbfm argument to cpu_x86_{xsave, xrstor} Richard Henderson
2024-05-15 15:08 ` [PATCH v3 14/28] target/i386: Add {hw, sw}_reserved to X86LegacyXSaveArea Richard Henderson
2024-05-15 15:08 ` [PATCH v3 15/28] linux-user/i386: Drop xfeatures_size from sigcontext arithmetic Richard Henderson
2024-05-15 15:08 ` [PATCH v3 16/28] linux-user/i386: Remove xfeatures from target_fpstate_fxsave Richard Henderson
2024-05-15 15:08 ` [PATCH v3 17/28] linux-user/i386: Replace target_fpstate_fxsave with X86LegacyXSaveArea Richard Henderson
2024-05-15 15:08 ` [PATCH v3 18/28] linux-user/i386: Split out struct target_fregs_state Richard Henderson
2024-05-15 15:08 ` [PATCH v3 19/28] linux-user/i386: Fix -mregparm=3 for signal delivery Richard Henderson
2024-05-15 15:08 ` [PATCH v3 20/28] linux-user/i386: Return boolean success from restore_sigcontext Richard Henderson
2024-05-15 15:08 ` [PATCH v3 21/28] linux-user/i386: Return boolean success from xrstor_sigcontext Richard Henderson
2024-05-15 15:08 ` [PATCH v3 22/28] linux-user/i386: Fix allocation and alignment of fp state Richard Henderson
2024-05-15 15:08 ` [PATCH v3 23/28] target/i386: Honor xfeatures in xrstor_sigcontext Richard Henderson
2024-05-15 15:08 ` [PATCH v3 24/28] target/i386: Convert do_xsave to X86Access Richard Henderson
2024-05-15 15:08 ` Richard Henderson [this message]
2024-05-15 15:08 ` [PATCH v3 26/28] target/i386: Pass host pointer and size to cpu_x86_{fsave, frstor} Richard Henderson
2024-05-15 15:08 ` [PATCH v3 27/28] target/i386: Pass host pointer and size to cpu_x86_{fxsave, fxrstor} Richard Henderson
2024-05-15 15:08 ` [PATCH v3 28/28] target/i386: Pass host pointer and size to cpu_x86_{xsave, xrstor} Richard Henderson
2024-06-05 19:06 ` [PATCH v3 00/28] linux-user/i386: Properly align signal frame Philippe Mathieu-Daudé
2024-06-05 19:16   ` Pierrick Bouvier
2024-06-05 19:38     ` Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f5748b72b dfblob:1ac61c5d7 )
 OR (
bs:"[PATCH v3 25/28] target/i386: Convert do_xrstor to X86Access" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240515150837.259747-26-richard.henderson@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=laurent@vivier.eu \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).