From nobody Mon Nov 25 06:56:57 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1717485591; cv=none; d=zohomail.com; s=zohoarc; b=nUBMWiAxjK8iHssn1dvel2HZaB2kV+yGCqs2vYt0XA99YiNFZDaV8jqfzMa3wyxMFNY/PtDZBimaWQVlO49Xi+W0JWmo2dmTFfDDTGLqm5ynMnDAyGvM5fNqIaaCw3YCD2YyuRI727YBsLKY7lreA1ZiTCVK6skbah2MYT8XjIY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1717485591; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jd1l2qesW2ZIZOnZQq5rLZIMm8vL0i3PnwLlc9wF0HE=; b=dqF1pQl/nGXjaY5W6EEFzGCXwr5roS2UUvt8tqDAA15nXJt9FGDegCAMhRrp3yKpxbLXJGjFFxDNw5bXQqTbS6pPXLsexCdj0TqMChj7wBGddVjXUm03eqROH4yBgs5ZEIVuiUykTh5iBXW+dnLO7rk9z0PoEYZaLVWK3ULsXfg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1717485591570224.66580962425314; Tue, 4 Jun 2024 00:19:51 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sEORp-0003JG-UV; Tue, 04 Jun 2024 03:19:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sEORo-0003Ii-54 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 03:19:08 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sEORm-0005e8-Ec for qemu-devel@nongnu.org; Tue, 04 Jun 2024 03:19:07 -0400 Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-172-qKODYWeuMCy_Ew_yBHChpQ-1; Tue, 04 Jun 2024 03:19:01 -0400 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-57a4d24a479so625961a12.2 for ; Tue, 04 Jun 2024 00:19:01 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a81f1dbd9sm633269a12.93.2024.06.04.00.18.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jun 2024 00:18:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717485545; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jd1l2qesW2ZIZOnZQq5rLZIMm8vL0i3PnwLlc9wF0HE=; b=aZGB/hjyP+6ZeapqcoLTRbLarwWO9j9lF9j4QIsHeC+pNNc4vxCLgli/VNr3JxKoGKePNo Y+Cr/cd7xLRaXo74ptJidhTYWV7TYKxzkntV169PlEizcTRnKH3uk0DZz1HTHcFw8mWwlJ F/F+ApIXUT+c8XERQV34Kg3OIlYbHY0= X-MC-Unique: qKODYWeuMCy_Ew_yBHChpQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717485539; x=1718090339; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jd1l2qesW2ZIZOnZQq5rLZIMm8vL0i3PnwLlc9wF0HE=; b=Wl0fiimJ7ObZW9rZ1zCZsxRWQZC6LFGSOZWX/2lUCaMmmwHgTLNsQ2KaRIy8wDodRj Nfsxbyv5akaI/qBfRVSUYc1ord5wL+iC0bDSGVZZQQO5o/aCSyF5liMOAwDKqZgLN1aW VHLz+U8yTbm/Zb1fgkLe8tJqUtUz9/wjOQkQTAP69Ctka+1im9HHkFCS3JtmWeLukLjd FrzwiDaiuzM3m3ib5IxmQcXEWjHjav8210ZtVksdZvFFgjaZZlzfUk/hv6hEPJRTr3HK UepM6ZtmEHlkzd2RgHSVqnJRB9Geu/IIcJkSvKEnSNfUVilq84o8R9EtMbZU8c1OucX6 SjbA== X-Gm-Message-State: AOJu0YxPdBoWBjqYZviLdqS+Geomzp8tEdY/s3wSswdii9JOs9LJH3Ey RnOl7pPJSrmHtRxiY6aCKi9MuVfV3akaitYqhhgt4wfPWO0/290frJGvFD5ZsQGc9Ajqt2neeWc DAXXoQ9Fos0p95OTcor7aHATof4npnjYvzHduLfegUuJJOdOlz0S/g/Gw8fY7riraI9OcADgXOd yGoj7YGUaUJMIqM11XEwr+NUSrpwYZwKYpfoWv X-Received: by 2002:a50:9b19:0:b0:56e:238e:372c with SMTP id 4fb4d7f45d1cf-57a3653a3d7mr6317057a12.26.1717485539453; Tue, 04 Jun 2024 00:18:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEO0u2buUys//GDCQkPASoTC85cdAxlXiBbEDw9TLP/QXn/YYBULWdqRoYv2d33dS4yPgCfKw== X-Received: by 2002:a50:9b19:0:b0:56e:238e:372c with SMTP id 4fb4d7f45d1cf-57a3653a3d7mr6317043a12.26.1717485538985; Tue, 04 Jun 2024 00:18:58 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: richard.henderson@linaro.org Subject: [PATCH 07/11] target/i386: fix INHIBIT_IRQ/TF/RF handling for VMRUN Date: Tue, 4 Jun 2024 09:18:29 +0200 Message-ID: <20240604071833.962574-8-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604071833.962574-1-pbonzini@redhat.com> References: <20240604071833.962574-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1717485593437100004 Content-Type: text/plain; charset="utf-8" From vm entry to exit, VMRUN is handled as a single instruction. It uses DISAS_NORETURN in order to avoid processing TF or RF before the first instruction executes in the guest. However, the corresponding handling is missing in vmexit. Add it, and at the same time reorganize the comments with quotes from the manual about the tasks performed by a #VMEXIT. Another gen_eob() task that is missing in VMRUN is preparing the HF_INHIBIT_IRQ flag for the next instruction, in this case by loading it from the VMCB control state. Signed-off-by: Paolo Bonzini Reviewed-by: Richard Henderson --- target/i386/tcg/sysemu/svm_helper.c | 46 +++++++++++++++++++++-------- target/i386/tcg/translate.c | 5 ++++ 2 files changed, 38 insertions(+), 13 deletions(-) diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/s= vm_helper.c index 922d8964f8e..9db8ad62a01 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -254,6 +254,13 @@ void helper_vmrun(CPUX86State *env, int aflag, int nex= t_eip_addend) control.intercept_except= ions )); =20 + env->hflags &=3D ~HF_INHIBIT_IRQ_MASK; + if (x86_ldl_phys(cs, env->vm_vmcb + + offsetof(struct vmcb, control.int_state)) & + SVM_INTERRUPT_SHADOW_MASK) { + env->hflags |=3D HF_INHIBIT_IRQ_MASK; + } + nested_ctl =3D x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.nested_c= tl)); asid =3D x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, @@ -815,8 +822,12 @@ void do_vmexit(CPUX86State *env) env->hflags &=3D ~HF_GUEST_MASK; env->intercept =3D 0; env->intercept_exceptions =3D 0; + + /* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */ cs->interrupt_request &=3D ~CPU_INTERRUPT_VIRQ; env->int_ctl =3D 0; + + /* Clears the TSC_OFFSET inside the processor. */ env->tsc_offset =3D 0; =20 env->gdt.base =3D x86_ldq_phys(cs, env->vm_hsave + offsetof(struct vm= cb, @@ -836,6 +847,15 @@ void do_vmexit(CPUX86State *env) cpu_x86_update_cr4(env, x86_ldq_phys(cs, env->vm_hsave + offsetof(struct vmcb, save.cr4))); + + /* + * Resets the current ASID register to zero (host ASID; TLB flush). + * + * If the host is in PAE mode, the processor reloads the host's PDPEs + * from the page table indicated the host's CR3. FIXME: If the PDPEs + * contain illegal state, the processor causes a shutdown (QEMU does + * not implement PDPTRs). + */ cpu_x86_update_cr3(env, x86_ldq_phys(cs, env->vm_hsave + offsetof(struct vmcb, save.cr3))); @@ -843,12 +863,14 @@ void do_vmexit(CPUX86State *env) set properly */ cpu_load_efer(env, x86_ldq_phys(cs, env->vm_hsave + offsetof(struct vm= cb, save.efer))); + + /* Completion of the VMRUN instruction clears the host EFLAGS.RF bit. = */ env->eflags =3D 0; cpu_load_eflags(env, x86_ldq_phys(cs, env->vm_hsave + offsetof(struct vmcb, save.rflags)), ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK | - VM_MASK)); + RF_MASK | VM_MASK)); =20 svm_load_seg_cache(env, MMU_PHYS_IDX, env->vm_hsave + offsetof(struct vmcb, save.es), R_E= S); @@ -888,19 +910,17 @@ void do_vmexit(CPUX86State *env) =20 env->hflags2 &=3D ~HF2_GIF_MASK; env->hflags2 &=3D ~HF2_VGIF_MASK; - /* FIXME: Resets the current ASID register to zero (host ASID). */ =20 - /* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */ =20 - /* Clears the TSC_OFFSET inside the processor. */ + /* FIXME: Checks the reloaded host state for consistency. */ =20 - /* If the host is in PAE mode, the processor reloads the host's PDPEs - from the page table indicated the host's CR3. If the PDPEs contain - illegal state, the processor causes a shutdown. */ - - /* Checks the reloaded host state for consistency. */ - - /* If the host's rIP reloaded by #VMEXIT is outside the limit of the - host's code segment or non-canonical (in the case of long mode), a - #GP fault is delivered inside the host. */ + /* + * EFLAGS.TF causes a #DB trap after the VMRUN completes on the host + * side (i.e., after the #VMEXIT from the guest). Since we're running + * in the main loop, call do_interrupt_all directly. + */ + if ((env->eflags & TF_MASK) !=3D 0) { + env->dr[6] |=3D DR6_BS; + do_interrupt_all(X86_CPU(cs), EXCP01_DB, 0, 0, env->eip, 0); + } } diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 77ed9c1db47..a9c6424c7df 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -3745,6 +3745,11 @@ static void disas_insn_old(DisasContext *s, CPUState= *cpu, int b) } gen_update_cc_op(s); gen_update_eip_cur(s); + /* + * Reloads INHIBIT_IRQ mask as well as TF and RF with guest st= ate. + * The usual gen_eob() handling is performed on vmexit after + * host state is reloaded. + */ gen_helper_vmrun(tcg_env, tcg_constant_i32(s->aflag - 1), cur_insn_len_i32(s)); tcg_gen_exit_tb(NULL, 0); --=20 2.45.1