From nobody Sat Oct 25 11:10:44 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1521469776168462.47736231020315;
 Mon, 19 Mar 2018 07:29:36 -0700 (PDT)
Received: from localhost ([::1]:42266 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1exvmw-0006HP-T9
	for importer@patchew.org; Mon, 19 Mar 2018 10:29:26 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58232)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chao.qin@linux.intel.com>) id 1exqze-0006lP-9E
	for qemu-devel@nongnu.org; Mon, 19 Mar 2018 05:22:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <chao.qin@linux.intel.com>) id 1exqzZ-0003pJ-Dp
	for qemu-devel@nongnu.org; Mon, 19 Mar 2018 05:22:14 -0400
Received: from mga11.intel.com ([192.55.52.93]:48368)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <chao.qin@linux.intel.com>)
	id 1exqzZ-0003eg-2V
	for qemu-devel@nongnu.org; Mon, 19 Mar 2018 05:22:09 -0400
Received: from orsmga003.jf.intel.com ([10.7.209.27])
	by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	19 Mar 2018 02:22:02 -0700
Received: from chaoqin-bj.bj.intel.com ([10.238.135.157])
	by orsmga003.jf.intel.com with ESMTP; 19 Mar 2018 02:22:00 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,329,1517904000"; d="scan'208";a="36183144"
From: chao.qin@linux.intel.com
To: qemu-devel@nongnu.org
Date: Mon, 19 Mar 2018 17:04:49 +0800
Message-Id: <1521450289-5005-1-git-send-email-chao.qin@linux.intel.com>
X-Mailer: git-send-email 1.9.1
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 192.55.52.93
X-Mailman-Approved-At: Mon, 19 Mar 2018 10:27:25 -0400
Subject: [Qemu-devel] [PATCH] hax: Properly handle IA32_APIC_BASE MSR
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: yu.ning@linux.intel.com, Qin Chao <chao.qin@intel.com>,
	Richard Henderson <rth@twiddle.net>, Eduardo Habkost <ehabkost@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

From: Qin Chao <chao.qin@intel.com>

Emulation of IA32_APIC_BASE MSR in HAXM is not correct, such as bit
8, which is BSP flag and should be set to 1 for the bootstrap
processor and set to 0 for the application processors, but it's set
to 0 for all processors in HAXM. So guest OSes that expect a valid
BSP flag, such as Zircon (the core of Google Fuchsia OS), cannot
boot with "-accel hax". To solve this problem, HAXM (which lacks
APIC virtualization) and QEMU must notify each other of any change
to guest IA32_APIC_BASE MSR. The HAXM patch has been merged into
HAXM source. QEMU needs to use the new HAXM API (apic_base in
"struct hax_tunnel") to initialize the guest IA32_APIC_BASE MSR,
and then, update its own copy at every return from
HAX_VCPU_IOCTL_RUN.

There will be a backward compatility issue caused by the new field
"apic_base" added into "struct hax_tunnel". In order to fix the
problem, the validation for size of "struct hax_tunnel" is removed
and a new capability flag "HAX_CAP_TUNNEL_PAGE" is added, which
means that one page (4KB) is allocated in HAXM kernel to store
"struct hax_tunnel", instead of the size of "struct hax_tunnel".

Change-Id: I8505bc1d75c495dd2765e581d6014125dcb538f3
Signed-off-by: Qin Chao <chao.qin@intel.com>
---
 target/i386/hax-all.c       | 24 +++++++++++++++++++-----
 target/i386/hax-darwin.c    |  6 ------
 target/i386/hax-i386.h      |  2 +-
 target/i386/hax-interface.h |  3 +++
 target/i386/hax-windows.c   |  5 -----
 5 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index cad7531..6a840d9 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -62,11 +62,6 @@ int hax_enabled(void)
     return hax_allowed;
 }
=20
-int valid_hax_tunnel_size(uint16_t size)
-{
-    return size >=3D sizeof(struct hax_tunnel);
-}
-
 hax_fd hax_vcpu_get_fd(CPUArchState *env)
 {
     struct hax_vcpu_state *vcpu =3D ENV_GET_CPU(env)->hax_vcpu;
@@ -104,6 +99,7 @@ static int hax_get_capability(struct hax_state *hax)
     }
=20
     hax->supports_64bit_ramblock =3D !!(cap->winfo & HAX_CAP_64BIT_RAMBLOC=
K);
+    hax->supports_tunnel_page =3D !!(cap->winfo & HAX_CAP_TUNNEL_PAGE);
=20
     if (cap->wstatus & HAX_CAP_MEMQUOTA) {
         if (cap->mem_quota < hax->mem_quota) {
@@ -520,6 +516,21 @@ static int hax_vcpu_hax_exec(CPUArchState *env)
         cpu_exec_end(cpu);
         qemu_mutex_lock_iothread();
=20
+        /*
+         * Every time HAXM exits to QEMU, sync IA32_APIC_BASE MSR from HAX=
M and
+         * pass it to the emulated APIC.
+         */
+        if (hax_global.supports_tunnel_page) {
+            /*
+             * ht->apic_base is not available in HAXM kernel module if HAX=
M does
+             * not support HAX_CAP_SUPPORT_TUNNEL_PAGE.
+             * TODO: HAX_CAP_SUPPORT_TUNNEL_PAGE is used for backward
+             * compatibility with HAXM kernel module. Remove this check wh=
en we
+             * drop support for HAXM versions that lack this feature.
+             */
+            cpu_set_apic_base(x86_cpu->apic_state, ht->apic_base);
+        }
+
         /* Simply continue the vcpu_run if system call interrupted */
         if (hax_ret =3D=3D -EINTR || hax_ret =3D=3D -EAGAIN) {
             DPRINTF("io window interrupted\n");
@@ -933,6 +944,9 @@ static int hax_set_msrs(CPUArchState *env)
     hax_msr_entry_set(&msrs[n++], MSR_FMASK, env->fmask);
     hax_msr_entry_set(&msrs[n++], MSR_KERNELGSBASE, env->kernelgsbase);
 #endif
+    hax_msr_entry_set(&msrs[n++], MSR_IA32_APICBASE, \
+                      cpu_get_apic_base(x86_env_get_cpu(env)->apic_state));
+
     md.nr_msr =3D n;
     md.done =3D 0;
=20
diff --git a/target/i386/hax-darwin.c b/target/i386/hax-darwin.c
index acdde47..3e2fd4f 100644
--- a/target/i386/hax-darwin.c
+++ b/target/i386/hax-darwin.c
@@ -244,12 +244,6 @@ int hax_host_setup_vcpu_channel(struct hax_vcpu_state =
*vcpu)
         return ret;
     }
=20
-    if (!valid_hax_tunnel_size(info.size)) {
-        fprintf(stderr, "Invalid hax tunnel size %x\n", info.size);
-        ret =3D -EINVAL;
-        return ret;
-    }
-
     vcpu->tunnel =3D (struct hax_tunnel *) (intptr_t) (info.va);
     vcpu->iobuf =3D (unsigned char *) (intptr_t) (info.io_va);
     return 0;
diff --git a/target/i386/hax-i386.h b/target/i386/hax-i386.h
index 6abc156..b04bf24 100644
--- a/target/i386/hax-i386.h
+++ b/target/i386/hax-i386.h
@@ -38,6 +38,7 @@ struct hax_state {
     struct hax_vm *vm;
     uint64_t mem_quota;
     bool supports_64bit_ramblock;
+    bool supports_tunnel_page;
 };
=20
 #define HAX_MAX_VCPU 0x10
@@ -53,7 +54,6 @@ struct hax_vm {
 #ifdef NEED_CPU_H
 /* Functions exported to host specific mode */
 hax_fd hax_vcpu_get_fd(CPUArchState *env);
-int valid_hax_tunnel_size(uint16_t size);
=20
 /* Host specific functions */
 int hax_mod_version(struct hax_state *hax, struct hax_module_version *vers=
ion);
diff --git a/target/i386/hax-interface.h b/target/i386/hax-interface.h
index 93d5fcb..715a64a 100644
--- a/target/i386/hax-interface.h
+++ b/target/i386/hax-interface.h
@@ -280,6 +280,7 @@ struct hax_tunnel {
         struct {
         } state;
     };
+    uint64_t apic_base;
 } __attribute__ ((__packed__));
=20
 struct hax_module_version {
@@ -335,6 +336,8 @@ struct hax_set_ram_info {
 #define HAX_CAP_MEMQUOTA           0x2
 #define HAX_CAP_UG                 0x4
 #define HAX_CAP_64BIT_RAMBLOCK     0x8
+#define HAX_CAP_TUNNEL_PAGE        0x20
+
=20
 struct hax_capabilityinfo {
     /* bit 0: 1 - working
diff --git a/target/i386/hax-windows.c b/target/i386/hax-windows.c
index b1ac737..6ed4f22 100644
--- a/target/i386/hax-windows.c
+++ b/target/i386/hax-windows.c
@@ -347,11 +347,6 @@ int hax_host_setup_vcpu_channel(struct hax_vcpu_state =
*vcpu)
         return -1;
     }
=20
-    if (!valid_hax_tunnel_size(info.size)) {
-        fprintf(stderr, "Invalid hax tunnel size %x\n", info.size);
-        ret =3D -EINVAL;
-        return ret;
-    }
     vcpu->tunnel =3D (struct hax_tunnel *) (intptr_t) (info.va);
     vcpu->iobuf =3D (unsigned char *) (intptr_t) (info.io_va);
     return 0;
--=20
1.9.1