[PATCH 0/9] Misc patches for x86 CPUID

[PATCH 0/9] Misc patches for x86 CPUID

[Xiaoyao Li]

This series is a misc collection of patches for x86 CPUID. It contains
patches to add support for new CPUID bit, to fix the construction of
some CPUID leaves, to not expose AMD defined bits on Intel guest, and to
make invtsc migratable contioned on user_tsc_khz.

All of them are found during TDX development and testing. However, they
issues they aim to address are not TDX specific and the patches are not
TDX specific.

Xiaoyao Li (9):
  i386/cpu: Don't construct a all-zero entry for CPUID[0xD 0x3f]
  i386/cpu: Enable fdp-excptn-only and zero-fcs-fds
  i386/cpu: Add support for bits in CPUID.7_2.EDX
  i386/cpu: Construct valid CPUID leaf 5 iff CPUID_EXT_MONITOR
  i386/cpu: Construct CPUID 2 as stateful iff times > 1
  i386/cpu: Set topology info in 0x80000008.ECX only for AMD CPUs
  i386/cpu: Suppress CPUID values not defined by Intel
  i386/cpu: Drop AMD alias bits in FEAT_8000_0001_EDX for non-AMD guests
  i386/cpu: Make invtsc migratable when user sets tsc-khz explicitly

 target/i386/cpu.c     | 50 ++++++++++++++++++++++++++++++-------------
 target/i386/cpu.h     |  4 ++++
 target/i386/kvm/kvm.c | 17 +++++++++------
 3 files changed, 49 insertions(+), 22 deletions(-)

-- 
2.34.1

[PATCH 1/9] i386/cpu: Don't construct a all-zero entry for CPUID[0xD 0x3f]

[Xiaoyao Li]

Currently, QEMU always constructs a all-zero CPUID entry for
CPUID[0xD 0x3f].

It's meaningless to construct such a leaf as the end of leaf 0xD. Rework
the logic of how subleaves of 0xD are constructed to get rid of such
all-zero value of subleaf 0x3f.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/kvm/kvm.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 31f149c9902c..c168ff5691df 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1844,10 +1844,6 @@ static uint32_t kvm_x86_build_cpuid(CPUX86State *env,
         case 0xb:
         case 0xd:
             for (j = 0; ; j++) {
-                if (i == 0xd && j == 64) {
-                    break;
-                }
-
                 c->function = i;
                 c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
                 c->index = j;
@@ -1863,7 +1859,12 @@ static uint32_t kvm_x86_build_cpuid(CPUX86State *env,
                     break;
                 }
                 if (i == 0xd && c->eax == 0) {
-                    continue;
+                    if (j < 63) {
+                        continue;
+                    } else {
+                        cpuid_i--;
+                        break;
+                    }
                 }
                 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
                     goto full;
-- 
2.34.1

[PATCH 2/9] i386/cpu: Enable fdp-excptn-only and zero-fcs-fds

[Xiaoyao Li]

- CPUID.(EAX=07H,ECX=0H):EBX[bit 6]: x87 FPU Data Pointer updated only
  on x87 exceptions if 1.

- CPUID.(EAX=07H,ECX=0H):EBX[bit 13]: Deprecates FPU CS and FPU DS
  values if 1. i.e., X87 FCS and FDS are always zero.

Define names for them so that they can be exposed to guest with -cpu host.

Also define the bit field MACROs so that named cpu models can add it as
well in the future.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 4 ++--
 target/i386/cpu.h | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 85ef7452c04e..e60d9dd58b60 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1054,9 +1054,9 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         .type = CPUID_FEATURE_WORD,
         .feat_names = {
             "fsgsbase", "tsc-adjust", "sgx", "bmi1",
-            "hle", "avx2", NULL, "smep",
+            "hle", "avx2", "fdp-excptn-only", "smep",
             "bmi2", "erms", "invpcid", "rtm",
-            NULL, NULL, "mpx", NULL,
+            NULL, "zero-fcs-fds", "mpx", NULL,
             "avx512f", "avx512dq", "rdseed", "adx",
             "smap", "avx512ifma", "pcommit", "clflushopt",
             "clwb", "intel-pt", "avx512pf", "avx512er",
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index c6cc035df3d8..542512f65dec 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -826,6 +826,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_7_0_EBX_HLE               (1U << 4)
 /* Intel Advanced Vector Extensions 2 */
 #define CPUID_7_0_EBX_AVX2              (1U << 5)
+/* FPU data pointer updated only on x87 exceptions */
+#define CPUID_7_0_EBX_FDP_EXCPTN_ONLY (1u << 6)
 /* Supervisor-mode Execution Prevention */
 #define CPUID_7_0_EBX_SMEP              (1U << 7)
 /* 2nd Group of Advanced Bit Manipulation Extensions */
@@ -836,6 +838,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
 #define CPUID_7_0_EBX_INVPCID           (1U << 10)
 /* Restricted Transactional Memory */
 #define CPUID_7_0_EBX_RTM               (1U << 11)
+/* Zero out FPU CS and FPU DS */
+#define CPUID_7_0_EBX_ZERO_FCS_FDS      (1U << 13)
 /* Memory Protection Extension */
 #define CPUID_7_0_EBX_MPX               (1U << 14)
 /* AVX-512 Foundation */
-- 
2.34.1

[PATCH 3/9] i386/cpu: Add support for bits in CPUID.7_2.EDX

[Xiaoyao Li]

KVM started to report the support of bit 0-5 since commit eefe5e668209
("Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace")

Allow them to be exposed to guest in QEMU.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e60d9dd58b60..03376ccf3e75 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1148,8 +1148,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
     [FEAT_7_2_EDX] = {
         .type = CPUID_FEATURE_WORD,
         .feat_names = {
-            NULL, NULL, NULL, NULL,
-            NULL, "mcdt-no", NULL, NULL,
+            "psfd", "ipred-ctrl", "rrsba-ctrl", "ddpd-u",
+            "bhi-ctrl", "mcdt-no", NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
-- 
2.34.1

[PATCH 4/9] i386/cpu: Construct valid CPUID leaf 5 iff CPUID_EXT_MONITOR

[Xiaoyao Li]

When CPUID_EXT_MONITOR is not set, it means no support of MONITOR/MWAIT
leaf, i.e., CPUID leaf 5.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 03376ccf3e75..5bee84333089 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6553,10 +6553,14 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         break;
     case 5:
         /* MONITOR/MWAIT Leaf */
-        *eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
-        *ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
-        *ecx = cpu->mwait.ecx; /* flags */
-        *edx = cpu->mwait.edx; /* mwait substates */
+        if (env->features[FEAT_1_ECX] & CPUID_EXT_MONITOR) {
+            *eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
+            *ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
+            *ecx = cpu->mwait.ecx; /* flags */
+            *edx = cpu->mwait.edx; /* mwait substates */
+        } else {
+            *eax = *ebx = *ecx = *edx = 0;
+        }
         break;
     case 6:
         /* Thermal and Power Leaf */
-- 
2.34.1

[PATCH 5/9] i386/cpu: Construct CPUID 2 as stateful iff times > 1

[Xiaoyao Li]

When times == 1, the CPUID leaf 2 is not stateful.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/kvm/kvm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index c168ff5691df..6618259f265c 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1818,10 +1818,12 @@ static uint32_t kvm_x86_build_cpuid(CPUX86State *env,
             int times;
 
             c->function = i;
-            c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC |
-                       KVM_CPUID_FLAG_STATE_READ_NEXT;
             cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
             times = c->eax & 0xff;
+            if (times > 1) {
+                c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC |
+                           KVM_CPUID_FLAG_STATE_READ_NEXT;
+            }
 
             for (j = 1; j < times; ++j) {
                 if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
-- 
2.34.1

[PATCH 6/9] i386/cpu: Set topology info in 0x80000008.ECX only for AMD CPUs

[Xiaoyao Li]

The whole ECX of CPUID 0x80000008 is reserved for Intel.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5bee84333089..7a4835289760 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6944,7 +6944,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
              *eax |= (cpu->guest_phys_bits << 16);
         }
         *ebx = env->features[FEAT_8000_0008_EBX];
-        if (threads_per_pkg > 1) {
+        if (threads_per_pkg > 1 && IS_AMD_CPU(env)) {
             /*
              * Bits 15:12 is "The number of bits in the initial
              * Core::X86::Apic::ApicId[ApicId] value that indicate
-- 
2.34.1

Re: [PATCH 6/9] i386/cpu: Set topology info in 0x80000008.ECX only for AMD CPUs

[Chenyi Qiang]

On 8/14/2024 3:54 PM, Xiaoyao Li wrote:
> The whole ECX of CPUID 0x80000008 is reserved for Intel.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  target/i386/cpu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 5bee84333089..7a4835289760 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -6944,7 +6944,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>               *eax |= (cpu->guest_phys_bits << 16);
>          }
>          *ebx = env->features[FEAT_8000_0008_EBX];
> -        if (threads_per_pkg > 1) {
> +        if (threads_per_pkg > 1 && IS_AMD_CPU(env)) {

Is it necessary to add the check like:

if (thread_per_pkg > 1 &&
    (IS_AMD_CPU(env) || !cpu->vendor_cpuid_only))

for compatibility with older machine types?

>              /*
>               * Bits 15:12 is "The number of bits in the initial
>               * Core::X86::Apic::ApicId[ApicId] value that indicate

[PATCH 7/9] i386/cpu: Suppress CPUID values not defined by Intel

[Xiaoyao Li]

Some CPUID leaves are defined by AMD while it also gets exposed to Intel
VMs by QEMU. It causes no issue with current VMs however it will not work
with Intel TDX because these CPUID leaves are enforced by TDX module as
reserved.

Stop to advertise them to Intel VMs when vendor_cpuid_only is true.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 7a4835289760..fed805e04aeb 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6863,12 +6863,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         break;
     case 0x80000000:
         *eax = env->cpuid_xlevel;
-        *ebx = env->cpuid_vendor1;
-        *edx = env->cpuid_vendor2;
-        *ecx = env->cpuid_vendor3;
+        if (cpu->vendor_cpuid_only && IS_INTEL_CPU(env)) {
+            *ebx = *ecx = *edx = 0;
+        } else {
+            *ebx = env->cpuid_vendor1;
+            *edx = env->cpuid_vendor2;
+            *ecx = env->cpuid_vendor3;
+        }
         break;
     case 0x80000001:
-        *eax = env->cpuid_version;
+        *eax = (cpu->vendor_cpuid_only && IS_INTEL_CPU(env)) ? 0 : env->cpuid_version;
         *ebx = 0;
         *ecx = env->features[FEAT_8000_0001_ECX];
         *edx = env->features[FEAT_8000_0001_EDX];
-- 
2.34.1

[PATCH 8/9] i386/cpu: Drop AMD alias bits in FEAT_8000_0001_EDX for non-AMD guests

[Xiaoyao Li]

The AMD alias bits are reserved for Intel.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fed805e04aeb..85ce405ece80 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6118,6 +6118,11 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w)
 #endif
         break;
 
+    case FEAT_8000_0001_EDX:
+        if (cpu && !IS_AMD_CPU(&cpu->env)) {
+            unavail = CPUID_EXT2_AMD_ALIASES;
+        }
+        break;
     default:
         break;
     }
-- 
2.34.1

[PATCH 9/9] i386/cpu: Make invtsc migratable when user sets tsc-khz explicitly

[Xiaoyao Li]

When user sets tsc-frequency explicitly, the invtsc feature is actually
migratable because the tsc-frequency is supposed to be fixed during the
migration.

See commit d99569d9d856 ("kvm: Allow invtsc migration if tsc-khz
is set explicitly") for referrence.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/cpu.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 85ce405ece80..fb3519fc6836 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1865,9 +1865,10 @@ static inline uint64_t x86_cpu_xsave_xss_components(X86CPU *cpu)
  * Returns the set of feature flags that are supported and migratable by
  * QEMU, for a given FeatureWord.
  */
-static uint64_t x86_cpu_get_migratable_flags(FeatureWord w)
+static uint64_t x86_cpu_get_migratable_flags(X86CPU *cpu, FeatureWord w)
 {
     FeatureWordInfo *wi = &feature_word_info[w];
+    CPUX86State *env = &cpu->env;
     uint64_t r = 0;
     int i;
 
@@ -1881,6 +1882,12 @@ static uint64_t x86_cpu_get_migratable_flags(FeatureWord w)
             r |= f;
         }
     }
+
+    /* when tsc-khz is set explicitly, invtsc is migratable */
+    if ((w == FEAT_8000_0007_EDX) && env->user_tsc_khz) {
+        r |= CPUID_APM_INVTSC;
+    }
+
     return r;
 }
 
@@ -6129,7 +6136,7 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w)
 
     r &= ~unavail;
     if (cpu && cpu->migratable) {
-        r &= x86_cpu_get_migratable_flags(w);
+        r &= x86_cpu_get_migratable_flags(cpu, w);
     }
     return r;
 }
-- 
2.34.1