* [PULL v3 00/22] QEMU changes for 7.0 soft freeze
@ 2022-03-15 10:54 Paolo Bonzini
2022-03-15 10:54 ` [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST Paolo Bonzini
2022-03-15 16:28 ` [PULL v3 00/22] QEMU changes for 7.0 soft freeze Peter Maydell
0 siblings, 2 replies; 3+ messages in thread
From: Paolo Bonzini @ 2022-03-15 10:54 UTC (permalink / raw)
To: qemu-devel
The following changes since commit 6f4fe14b46f0a161f94e3f6e98690ac38184b0be:
Merge tag 'pull-tcg-20220314' of https://gitlab.com/rth7680/qemu into staging (2022-03-14 18:11:36 +0000)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 8a5606f6449c90a0731790ed03eebedcf7045070:
gitlab-ci: do not run tests with address sanitizer (2022-03-15 11:50:50 +0100)
----------------------------------------------------------------
* whpx fixes in preparation for GDB support (Ivan)
* VSS header fixes (Marc-André)
* 5-level EPT support (Vitaly)
* AMX support (Jing Liu & Yang Zhong)
* Bundle changes to MSI routes (Longpeng)
* More precise emulation of #SS
* Disable ASAN testing
----------------------------------------------------------------
Sorry for this being so late. If you want to delay it to 7.1 I won't complain.
v3->v4: fix sign extension in "target/i386: Throw a
#SS when loading a non-canonical IST"
Gareth Webb (1):
target/i386: Throw a #SS when loading a non-canonical IST
Ivan Shcherbakov (2):
whpx: Fixed reporting of the CPU context to GDB for 64-bit
whpx: Fixed incorrect CR8/TPR synchronization
Jing Liu (5):
x86: Fix the 64-byte boundary enumeration for extended state
x86: Add AMX XTILECFG and XTILEDATA components
x86: Add XFD faulting bit for state components
x86: Add AMX CPUIDs enumeration
x86: add support for KVM_CAP_XSAVE2 and AMX state migration
Longpeng (Mike) (2):
kvm-irqchip: introduce new API to support route change
kvm/msi: do explicit commit when adding msi routes
Marc-André Lureau (3):
meson: fix generic location of vss headers
qga/vss-win32: check old VSS SDK headers
qga/vss: update informative message about MinGW
Maxim Levitsky (1):
KVM: SVM: always set MSR_AMD64_TSC_RATIO to default value
Paolo Bonzini (4):
update meson-buildoptions.sh
target/i386: only include bits in pg_mode if they are not ignored
linux-headers: include missing changes from 5.17
gitlab-ci: do not run tests with address sanitizer
Vitaly Kuznetsov (2):
vmxcap: Add 5-level EPT bit
i386: Add Icelake-Server-v6 CPU model with 5-level EPT support
Yang Zhong (1):
x86: Grant AMX permission for guest
Zeng Guang (1):
x86: Support XFD and AMX xsave data migration
.gitlab-ci.d/buildtest.yml | 2 -
accel/kvm/kvm-all.c | 7 +-
accel/stubs/kvm-stub.c | 2 +-
hw/misc/ivshmem.c | 5 +-
hw/vfio/pci.c | 5 +-
hw/virtio/virtio-pci.c | 4 +-
include/sysemu/kvm.h | 23 ++++++-
linux-headers/asm-x86/kvm.h | 3 +
linux-headers/linux/kvm.h | 4 ++
meson.build | 5 +-
qga/meson.build | 2 +-
qga/vss-win32/install.cpp | 4 ++
qga/vss-win32/provider.cpp | 4 ++
qga/vss-win32/vss-common.h | 3 +-
scripts/kvm/vmxcap | 1 +
scripts/meson-buildoptions.sh | 2 +-
target/i386/cpu.c | 84 +++++++++++++++++++++--
target/i386/cpu.h | 43 +++++++++++-
target/i386/kvm/kvm-cpu.c | 11 +--
target/i386/kvm/kvm.c | 125 ++++++++++++++++++++++++++++++-----
target/i386/kvm/kvm_i386.h | 1 +
target/i386/machine.c | 46 +++++++++++++
target/i386/tcg/seg_helper.c | 52 ++++++++++++++-
target/i386/tcg/sysemu/excp_helper.c | 40 +----------
target/i386/whpx/whpx-all.c | 30 ++++++++-
target/i386/xsave_helper.c | 28 ++++++++
26 files changed, 451 insertions(+), 85 deletions(-)
--
2.35.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST
2022-03-15 10:54 [PULL v3 00/22] QEMU changes for 7.0 soft freeze Paolo Bonzini
@ 2022-03-15 10:54 ` Paolo Bonzini
2022-03-15 16:28 ` [PULL v3 00/22] QEMU changes for 7.0 soft freeze Peter Maydell
1 sibling, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2022-03-15 10:54 UTC (permalink / raw)
To: qemu-devel; +Cc: Gareth Webb
From: Gareth Webb <gareth.webb@umbralsoftware.co.uk>
Loading a non-canonical address into rsp when handling an interrupt or
performing a far call should raise a #SS not a #GP.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/870
Signed-off-by: Gareth Webb <gareth.webb@umbralsoftware.co.uk>
Message-Id: <164529651121.25406.15337137068584246397-0@git.sr.ht>
[Move get_pg_mode to seg_helper.c for user-mode emulators. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/seg_helper.c | 52 ++++++++++++++++++++++++++--
target/i386/tcg/sysemu/excp_helper.c | 36 -------------------
2 files changed, 50 insertions(+), 38 deletions(-)
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index baa905a0cd..bffd82923f 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -28,6 +28,42 @@
#include "helper-tcg.h"
#include "seg_helper.h"
+int get_pg_mode(CPUX86State *env)
+{
+ int pg_mode = 0;
+ if (!(env->cr[0] & CR0_PG_MASK)) {
+ return 0;
+ }
+ if (env->cr[0] & CR0_WP_MASK) {
+ pg_mode |= PG_MODE_WP;
+ }
+ if (env->cr[4] & CR4_PAE_MASK) {
+ pg_mode |= PG_MODE_PAE;
+ if (env->efer & MSR_EFER_NXE) {
+ pg_mode |= PG_MODE_NXE;
+ }
+ }
+ if (env->cr[4] & CR4_PSE_MASK) {
+ pg_mode |= PG_MODE_PSE;
+ }
+ if (env->cr[4] & CR4_SMEP_MASK) {
+ pg_mode |= PG_MODE_SMEP;
+ }
+ if (env->hflags & HF_LMA_MASK) {
+ pg_mode |= PG_MODE_LMA;
+ if (env->cr[4] & CR4_PKE_MASK) {
+ pg_mode |= PG_MODE_PKE;
+ }
+ if (env->cr[4] & CR4_PKS_MASK) {
+ pg_mode |= PG_MODE_PKS;
+ }
+ if (env->cr[4] & CR4_LA57_MASK) {
+ pg_mode |= PG_MODE_LA57;
+ }
+ }
+ return pg_mode;
+}
+
/* return non zero if error */
static inline int load_segment_ra(CPUX86State *env, uint32_t *e1_ptr,
uint32_t *e2_ptr, int selector,
@@ -794,7 +830,9 @@ static void do_interrupt_protected(CPUX86State *env, int intno, int is_int,
static inline target_ulong get_rsp_from_tss(CPUX86State *env, int level)
{
X86CPU *cpu = env_archcpu(env);
- int index;
+ int index, pg_mode;
+ target_ulong rsp;
+ int32_t sext;
#if 0
printf("TR: base=" TARGET_FMT_lx " limit=%x\n",
@@ -808,7 +846,17 @@ static inline target_ulong get_rsp_from_tss(CPUX86State *env, int level)
if ((index + 7) > env->tr.limit) {
raise_exception_err(env, EXCP0A_TSS, env->tr.selector & 0xfffc);
}
- return cpu_ldq_kernel(env, env->tr.base + index);
+
+ rsp = cpu_ldq_kernel(env, env->tr.base + index);
+
+ /* test virtual address sign extension */
+ pg_mode = get_pg_mode(env);
+ sext = (int64_t)rsp >> (pg_mode & PG_MODE_LA57 ? 56 : 47);
+ if (sext != 0 && sext != -1) {
+ raise_exception_err(env, EXCP0C_STACK, 0);
+ }
+
+ return rsp;
}
/* 64 bit interrupt */
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 6f1fbe667b..e1b6d88683 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -22,42 +22,6 @@
#include "exec/exec-all.h"
#include "tcg/helper-tcg.h"
-int get_pg_mode(CPUX86State *env)
-{
- int pg_mode = 0;
- if (!(env->cr[0] & CR0_PG_MASK)) {
- return 0;
- }
- if (env->cr[0] & CR0_WP_MASK) {
- pg_mode |= PG_MODE_WP;
- }
- if (env->cr[4] & CR4_PAE_MASK) {
- pg_mode |= PG_MODE_PAE;
- if (env->efer & MSR_EFER_NXE) {
- pg_mode |= PG_MODE_NXE;
- }
- }
- if (env->cr[4] & CR4_PSE_MASK) {
- pg_mode |= PG_MODE_PSE;
- }
- if (env->cr[4] & CR4_SMEP_MASK) {
- pg_mode |= PG_MODE_SMEP;
- }
- if (env->hflags & HF_LMA_MASK) {
- pg_mode |= PG_MODE_LMA;
- if (env->cr[4] & CR4_PKE_MASK) {
- pg_mode |= PG_MODE_PKE;
- }
- if (env->cr[4] & CR4_PKS_MASK) {
- pg_mode |= PG_MODE_PKS;
- }
- if (env->cr[4] & CR4_LA57_MASK) {
- pg_mode |= PG_MODE_LA57;
- }
- }
- return pg_mode;
-}
-
#define PG_ERROR_OK (-1)
typedef hwaddr (*MMUTranslateFunc)(CPUState *cs, hwaddr gphys, MMUAccessType access_type,
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PULL v3 00/22] QEMU changes for 7.0 soft freeze
2022-03-15 10:54 [PULL v3 00/22] QEMU changes for 7.0 soft freeze Paolo Bonzini
2022-03-15 10:54 ` [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST Paolo Bonzini
@ 2022-03-15 16:28 ` Peter Maydell
1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2022-03-15 16:28 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: qemu-devel
On Tue, 15 Mar 2022 at 11:04, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit 6f4fe14b46f0a161f94e3f6e98690ac38184b0be:
>
> Merge tag 'pull-tcg-20220314' of https://gitlab.com/rth7680/qemu into staging (2022-03-14 18:11:36 +0000)
>
> are available in the Git repository at:
>
> https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 8a5606f6449c90a0731790ed03eebedcf7045070:
>
> gitlab-ci: do not run tests with address sanitizer (2022-03-15 11:50:50 +0100)
>
> ----------------------------------------------------------------
> * whpx fixes in preparation for GDB support (Ivan)
> * VSS header fixes (Marc-André)
> * 5-level EPT support (Vitaly)
> * AMX support (Jing Liu & Yang Zhong)
> * Bundle changes to MSI routes (Longpeng)
> * More precise emulation of #SS
> * Disable ASAN testing
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/7.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-15 16:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-15 10:54 [PULL v3 00/22] QEMU changes for 7.0 soft freeze Paolo Bonzini
2022-03-15 10:54 ` [PULL v3 11/22] target/i386: Throw a #SS when loading a non-canonical IST Paolo Bonzini
2022-03-15 16:28 ` [PULL v3 00/22] QEMU changes for 7.0 soft freeze Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).