[PULL 13/19] target/i386: emulate: segmentation rework

public inbox for qemu-devel@nongnu.org
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Mohamed Mediouni <mohamed@unpredictable.fr>
Subject: [PULL 13/19] target/i386: emulate: segmentation rework
Date: Wed, 25 Mar 2026 17:44:47 +0100	[thread overview]
Message-ID: <20260325164453.72127-14-pbonzini@redhat.com> (raw)
In-Reply-To: <20260325164453.72127-1-pbonzini@redhat.com>

From: Mohamed Mediouni <mohamed@unpredictable.fr>

Make accesses to segments all go through read_segment_descriptor
to be able to fetch segment state on-demand.

Switch away from SegmentCache to the x86_segment_descriptor
that is already used by read_segment_descriptor.

Signed-off-by: Mohamed Mediouni <mohamed@unpredictable.fr>
Link: https://lore.kernel.org/r/20260324151323.74473-11-mohamed@unpredictable.fr
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/emulate/x86_helpers.c | 50 ++++++++++++-------------------
 1 file changed, 19 insertions(+), 31 deletions(-)

diff --git a/target/i386/emulate/x86_helpers.c b/target/i386/emulate/x86_helpers.c
index c817015ef92..63bae3582fe 100644
--- a/target/i386/emulate/x86_helpers.c
+++ b/target/i386/emulate/x86_helpers.c
@@ -43,49 +43,37 @@ static CpuMode cpu_mode(CPUState *cpu)
     return m;
 }
 
-static bool segment_type_ro(const SegmentCache *seg)
+static bool segment_type_ro(const x86_segment_descriptor desc)
 {
-    uint32_t type_ = (seg->flags >> DESC_TYPE_SHIFT) & 15;
+    uint32_t type_ = desc.type;
     return (type_ & (~RWRX_SEGMENT_TYPE)) == 0;
 }
 
-static bool segment_type_code(const SegmentCache *seg)
+static bool segment_type_code(const x86_segment_descriptor desc)
 {
-    uint32_t type_ = (seg->flags >> DESC_TYPE_SHIFT) & 15;
+    uint32_t type_ = desc.type;
     return (type_ & CODE_SEGMENT_TYPE) != 0;
 }
 
-static bool segment_expands_down(const SegmentCache *seg)
+static bool segment_expands_down(const x86_segment_descriptor desc)
 {
-    uint32_t type_ = (seg->flags >> DESC_TYPE_SHIFT) & 15;
+    uint32_t type_ = desc.type;
 
-    if (segment_type_code(seg)) {
+    if (segment_type_code(desc)) {
         return false;
     }
 
     return (type_ & EXPAND_DOWN_SEGMENT_TYPE) != 0;
 }
 
-static uint32_t segment_limit(const SegmentCache *seg)
+static uint8_t segment_db(const x86_segment_descriptor desc)
 {
-    uint32_t limit = seg->limit;
-    uint32_t granularity = (seg->flags & DESC_G_MASK) != 0;
-
-    if (granularity != 0) {
-        limit = (limit << 12) | 0xFFF;
-    }
-
-    return limit;
+    return desc.db;
 }
 
-static uint8_t segment_db(const SegmentCache *seg)
+static uint32_t segment_max_limit(const x86_segment_descriptor desc)
 {
-    return (seg->flags >> DESC_B_SHIFT) & 1;
-}
-
-static uint32_t segment_max_limit(const SegmentCache *seg)
-{
-    if (segment_db(seg) != 0) {
+    if (segment_db(desc) != 0) {
         return 0xFFFFFFFF;
     }
     return 0xFFFF;
@@ -96,15 +84,15 @@ static int linearize(CPUState *cpu,
                      X86Seg seg_idx)
 {
     enum CpuMode mode;
-    X86CPU *x86_cpu = X86_CPU(cpu);
-    CPUX86State *env = &x86_cpu->env;
-    SegmentCache *seg = &env->segs[seg_idx];
-    target_ulong base = seg->base;
+    struct x86_segment_descriptor desc;
+    target_ulong base;
     target_ulong logical_addr_32b;
     uint32_t limit;
     /* TODO: the emulator will not pass us "write" indicator yet */
     bool write = false;
 
+    emul_ops->read_segment_descriptor(cpu, &desc, seg_idx);
+    base = x86_segment_base(&desc);
     mode = cpu_mode(cpu);
 
     switch (mode) {
@@ -116,21 +104,21 @@ static int linearize(CPUState *cpu,
         break;
     case PROTECTED_MODE:
     case REAL_MODE:
-        if (segment_type_ro(seg) && write) {
+        if (segment_type_ro(desc) && write) {
             error_report("Cannot write to read-only segment");
             return -1;
         }
 
         logical_addr_32b = logical_addr & 0xFFFFFFFF;
-        limit = segment_limit(seg);
+        limit = x86_segment_limit(&desc);
 
-        if (segment_expands_down(seg)) {
+        if (segment_expands_down(desc)) {
             if (logical_addr_32b >= limit) {
                 error_report("Address exceeds limit (expands down)");
                 return -1;
             }
 
-            limit = segment_max_limit(seg);
+            limit = segment_max_limit(desc);
         }
 
         if (logical_addr_32b > limit) {
-- 
2.53.0

next prev parent reply	other threads:[~2026-03-25 16:47 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-25 16:44 [PULL 00/19] Fixes (including big i386/emulate performance improvement) for 11.0-rc Paolo Bonzini
2026-03-25 16:44 ` [PULL 01/19] tests/functional: preserve PYTHONPATH entries Paolo Bonzini
2026-03-25 16:44 ` [PULL 02/19] tdx: fix use-after-free in tdx_fetch_cpuid Paolo Bonzini
2026-03-25 16:44 ` [PULL 03/19] treewide: replace qemu_hw_version() with QEMU_HW_VERSION Paolo Bonzini
2026-03-25 16:44 ` [PULL 04/19] whpx: i386: workaround for Windows 10 support Paolo Bonzini
2026-03-25 16:44 ` [PULL 05/19] whpx: i386: enable exceptions VM exit only when needed Paolo Bonzini
2026-03-25 16:44 ` [PULL 06/19] whpx: i386: skip TSC read for MMIO exits Paolo Bonzini
2026-03-25 16:44 ` [PULL 07/19] whpx: i386: skip XCRs " Paolo Bonzini
2026-03-25 16:44 ` [PULL 08/19] whpx: i386: don't restore segment registers after MMIO handling Paolo Bonzini
2026-03-25 16:44 ` [PULL 09/19] target/i386: emulate: add new callbacks Paolo Bonzini
2026-03-25 16:44 ` [PULL 10/19] whpx: i386: add implementation of new x86_emul_ops Paolo Bonzini
2026-03-25 16:44 ` [PULL 11/19] target/i386: emulate: indirect access to CRs Paolo Bonzini
2026-03-25 16:44 ` [PULL 12/19] whpx: i386: " Paolo Bonzini
2026-03-25 16:44 ` Paolo Bonzini [this message]
2026-03-25 16:44 ` [PULL 14/19] whpx: i386: fetch segments on-demand Paolo Bonzini
2026-03-25 16:44 ` [PULL 15/19] whpx: i386: fast runtime state reads Paolo Bonzini
2026-03-25 16:44 ` [PULL 16/19] hw/audio/sb16: validate VMState fields in post_load Paolo Bonzini
2026-03-25 16:44 ` [PULL 17/19] target/i386: expose AMD GMET feature Paolo Bonzini
2026-03-25 16:44 ` [PULL 18/19] target/i386: emulate: set PG_ERROR_W_MASK as expected Paolo Bonzini
2026-03-25 16:44 ` [PULL 19/19] target/i386: emulate: follow priv_check_exempt Paolo Bonzini
2026-03-25 16:53 ` [PULL 00/19] Fixes (including big i386/emulate performance improvement) for 11.0-rc Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c817015ef9 dfblob:63bae3582f )
 OR (
bs:"[PULL 13/19] target/i386: emulate: segmentation rework" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260325164453.72127-14-pbonzini@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=mohamed@unpredictable.fr \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox