From nobody Sat Nov 15 14:53:47 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linux.microsoft.com ARC-Seal: i=1; a=rsa-sha256; t=1751391258; cv=none; d=zohomail.com; s=zohoarc; b=Ws5L67L1NLESlcT7BoUM/KXKFCoMLgwTh1aT/V6h5vNHKDAuRUiN2T8Hk6beR4DG6w8dWuUxfzJoOG5VZ/N4/CYhF5OY4MAGwbiZY0JcjpMvyPBdZIK7Axere9LUK2h9AQ8oBJIZG1XRuzewE+QYc+lzV1PXYbtcB1WG3RWe624= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1751391258; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=74QqBYYVDLmh00uPX2tb/zHhMNGHChVTPpJto0oEgZY=; b=oLha1lKgk0FhjgpUpyPrgBwN54nJkxbe/Jswt0w/BfPZlNHcNZ1rIrbcu+YDG1T0/LGCU2RNx6w+0zP4HRc6uD12B5zsotDP1AM9YUc9xOc+KRKiygyDIEXXF014tuxlnht1QluSxgs6xdk8eGEp2KPJspi44EBCovq0OEWp3uI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1751391258330784.6167514479464; Tue, 1 Jul 2025 10:34:18 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uWepi-0007Eh-A7; Tue, 01 Jul 2025 13:31:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uWeoq-0006Q5-12 for qemu-devel@nongnu.org; Tue, 01 Jul 2025 13:30:59 -0400 Received: from linux.microsoft.com ([13.77.154.182]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uWeok-0007Kb-Tm for qemu-devel@nongnu.org; Tue, 01 Jul 2025 13:30:55 -0400 Received: from localhost.localdomain (unknown [167.220.208.67]) by linux.microsoft.com (Postfix) with ESMTPSA id 595402119397; Tue, 1 Jul 2025 10:30:35 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 595402119397 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1751391038; bh=74QqBYYVDLmh00uPX2tb/zHhMNGHChVTPpJto0oEgZY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UtNGClOHKkNc/XTPZodlvTdd//tkXNjb8LH8Yl8CXKAP38CUgFn9GXMZ5Jzz2Ru/f KDgn4ixKkB2/7oFofJKDcwnb4FOlXSFbyJi3ym2eR2ey6pOOp+BdSKUMoVMOEDmiAK dFWpKFOLro0n5wKszzQNP7w6XcqhnS+hEI2lXFwI= From: Magnus Kulke To: qemu-devel@nongnu.org Cc: Cameron Esfahani , Phil Dennis-Jordan , Roman Bolshakov , Thomas Huth , Zhao Liu , Wei Liu , Paolo Bonzini , Wei Liu , Richard Henderson , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Markus Armbruster , Cornelia Huck , Magnus Kulke , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Alex=20Benn=C3=A9e?= Subject: [PATCH v2 24/27] target/i386/mshv: Implement mshv_vcpu_run() Date: Tue, 1 Jul 2025 19:28:31 +0200 Message-Id: <20250701172834.44849-25-magnuskulke@linux.microsoft.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250701172834.44849-1-magnuskulke@linux.microsoft.com> References: <20250701172834.44849-1-magnuskulke@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=13.77.154.182; envelope-from=magnuskulke@linux.microsoft.com; helo=linux.microsoft.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linux.microsoft.com) X-ZM-MESSAGEID: 1751391258839116600 Content-Type: text/plain; charset="utf-8" Add the main vCPU execution loop for MSHV using the MSHV_RUN_VP ioctl. A translate_gva() hypercall is implemented. The execution loop handles guest entry and VM exits. There are handlers for memory r/w, PIO and MMIO to which the exit events are dispatched. In case of MMIO the i386 instruction decoder/emulator is invoked to perform the operation in user space. Signed-off-by: Magnus Kulke --- target/i386/mshv/mshv-cpu.c | 463 +++++++++++++++++++++++++++++++++++- 1 file changed, 461 insertions(+), 2 deletions(-) diff --git a/target/i386/mshv/mshv-cpu.c b/target/i386/mshv/mshv-cpu.c index 8def964862..353073ed50 100644 --- a/target/i386/mshv/mshv-cpu.c +++ b/target/i386/mshv/mshv-cpu.c @@ -984,10 +984,469 @@ void mshv_arch_amend_proc_features( features->access_guest_idle_reg =3D 1; } =20 +static int set_memory_info(const struct hyperv_message *msg, + struct hv_x64_memory_intercept_message *info) +{ + if (msg->header.message_type !=3D HVMSG_GPA_INTERCEPT + && msg->header.message_type !=3D HVMSG_UNMAPPED_GPA + && msg->header.message_type !=3D HVMSG_UNACCEPTED_GPA) { + error_report("invalid message type"); + return -1; + } + memcpy(info, msg->payload, sizeof(*info)); + + return 0; +} + +static int emulate_instruction(CPUState *cpu, + const uint8_t *insn_bytes, size_t insn_len, + uint64_t gva, uint64_t gpa) +{ + X86CPU *x86_cpu =3D X86_CPU(cpu); + CPUX86State *env =3D &x86_cpu->env; + struct x86_decode decode =3D { 0 }; + int ret; + x86_insn_stream stream =3D { .bytes =3D insn_bytes, .len =3D insn_len = }; + + ret =3D mshv_load_regs(cpu); + if (ret < 0) { + error_report("failed to load registers"); + return -1; + } + + decode_instruction_stream(env, &decode, &stream); + exec_instruction(env, &decode); + + ret =3D mshv_store_regs(cpu); + if (ret < 0) { + error_report("failed to store registers"); + return -1; + } + + return 0; +} + +static int handle_mmio(CPUState *cpu, const struct hyperv_message *msg, + MshvVmExit *exit_reason) +{ + struct hv_x64_memory_intercept_message info =3D { 0 }; + size_t insn_len; + uint8_t access_type; + uint8_t *instruction_bytes; + int ret; + + ret =3D set_memory_info(msg, &info); + if (ret < 0) { + error_report("failed to convert message to memory info"); + return -1; + } + insn_len =3D info.instruction_byte_count; + access_type =3D info.header.intercept_access_type; + + if (access_type =3D=3D HV_X64_INTERCEPT_ACCESS_TYPE_EXECUTE) { + error_report("invalid intercept access type: execute"); + return -1; + } + + if (insn_len > 16) { + error_report("invalid mmio instruction length: %zu", insn_len); + return -1; + } + + trace_mshv_handle_mmio(info.guest_virtual_address, + info.guest_physical_address, + info.instruction_byte_count, access_type); + + instruction_bytes =3D info.instruction_bytes; + + ret =3D emulate_instruction(cpu, instruction_bytes, insn_len, + info.guest_virtual_address, + info.guest_physical_address); + if (ret < 0) { + error_report("failed to emulate mmio"); + return -1; + } + + *exit_reason =3D MshvVmExitIgnore; + + return 0; +} + +static int set_ioport_info(const struct hyperv_message *msg, + hv_x64_io_port_intercept_message *info) +{ + if (msg->header.message_type !=3D HVMSG_X64_IO_PORT_INTERCEPT) { + error_report("Invalid message type"); + return -1; + } + memcpy(info, msg->payload, sizeof(*info)); + + return 0; +} + +typedef struct X64Registers { + const uint32_t *names; + const uint64_t *values; + uintptr_t count; +} X64Registers; + +static int set_x64_registers(int cpu_fd, const X64Registers *regs) +{ + size_t n_regs =3D regs->count; + struct hv_register_assoc *assocs; + + assocs =3D g_new0(hv_register_assoc, n_regs); + for (size_t i =3D 0; i < n_regs; i++) { + assocs[i].name =3D regs->names[i]; + assocs[i].value.reg64 =3D regs->values[i]; + } + int ret; + + ret =3D mshv_set_generic_regs(cpu_fd, assocs, n_regs); + g_free(assocs); + if (ret < 0) { + error_report("failed to set x64 registers"); + return -1; + } + + return 0; +} + +static inline MemTxAttrs get_mem_attrs(bool is_secure_mode) +{ + MemTxAttrs memattr =3D {0}; + memattr.secure =3D is_secure_mode; + return memattr; +} + +static void pio_read(uint64_t port, uint8_t *data, uintptr_t size, + bool is_secure_mode) +{ + int ret =3D 0; + MemTxAttrs memattr =3D get_mem_attrs(is_secure_mode); + ret =3D address_space_rw(&address_space_io, port, memattr, (void *)dat= a, size, + false); + if (ret !=3D MEMTX_OK) { + error_report("Failed to read from port %lx: %d", port, ret); + abort(); + } +} + +static int pio_write(uint64_t port, const uint8_t *data, uintptr_t size, + bool is_secure_mode) +{ + int ret =3D 0; + MemTxAttrs memattr =3D get_mem_attrs(is_secure_mode); + ret =3D address_space_rw(&address_space_io, port, memattr, (void *)dat= a, size, + true); + return ret; +} + +static int handle_pio_non_str(const CPUState *cpu, + hv_x64_io_port_intercept_message *info) { + size_t len =3D info->access_info.access_size; + uint8_t access_type =3D info->header.intercept_access_type; + int ret; + uint32_t val, eax; + const uint32_t eax_mask =3D 0xffffffffu >> (32 - len * 8); + size_t insn_len; + uint64_t rip, rax; + uint32_t reg_names[2]; + uint64_t reg_values[2]; + struct X64Registers x64_regs =3D { 0 }; + uint16_t port =3D info->port_number; + int cpu_fd =3D mshv_vcpufd(cpu); + + if (access_type =3D=3D HV_X64_INTERCEPT_ACCESS_TYPE_WRITE) { + union { + uint32_t u32; + uint8_t bytes[4]; + } conv; + + /* convert the first 4 bytes of rax to bytes */ + conv.u32 =3D (uint32_t)info->rax; + /* secure mode is set to false */ + ret =3D pio_write(port, conv.bytes, len, false); + if (ret < 0) { + error_report("Failed to write to io port"); + return -1; + } + } else { + uint8_t data[4] =3D { 0 }; + /* secure mode is set to false */ + pio_read(info->port_number, data, len, false); + + /* Preserve high bits in EAX, but clear out high bits in RAX */ + val =3D *(uint32_t *)data; + eax =3D (((uint32_t)info->rax) & ~eax_mask) | (val & eax_mask); + info->rax =3D (uint64_t)eax; + } + + insn_len =3D info->header.instruction_length; + + /* Advance RIP and update RAX */ + rip =3D info->header.rip + insn_len; + rax =3D info->rax; + + reg_names[0] =3D HV_X64_REGISTER_RIP; + reg_values[0] =3D rip; + reg_names[1] =3D HV_X64_REGISTER_RAX; + reg_values[1] =3D rax; + + x64_regs.names =3D reg_names; + x64_regs.values =3D reg_values; + x64_regs.count =3D 2; + + ret =3D set_x64_registers(cpu_fd, &x64_regs); + if (ret < 0) { + error_report("Failed to set x64 registers"); + return -1; + } + + cpu->accel->dirty =3D false; + + return 0; +} + +static int fetch_guest_state(CPUState *cpu) +{ + int ret; + + ret =3D mshv_get_standard_regs(cpu); + if (ret < 0) { + error_report("Failed to get standard registers"); + return -1; + } + + ret =3D mshv_get_special_regs(cpu); + if (ret < 0) { + error_report("Failed to get special registers"); + return -1; + } + + return 0; +} + +static int read_memory(int cpu_fd, uint64_t initial_gva, uint64_t initial_= gpa, + uint64_t gva, uint8_t *data, size_t len) +{ + int ret; + uint64_t gpa, flags; + + if (gva =3D=3D initial_gva) { + gpa =3D initial_gpa; + } else { + flags =3D HV_TRANSLATE_GVA_VALIDATE_READ; + ret =3D translate_gva(cpu_fd, gva, &gpa, flags); + if (ret < 0) { + return -1; + } + + ret =3D mshv_guest_mem_read(gpa, data, len, false, false); + if (ret < 0) { + error_report("failed to read guest mem"); + return -1; + } + } + + return 0; +} + +static int write_memory(int cpu_fd, uint64_t initial_gva, uint64_t initial= _gpa, + uint64_t gva, const uint8_t *data, size_t len) +{ + int ret; + uint64_t gpa, flags; + + if (gva =3D=3D initial_gva) { + gpa =3D initial_gpa; + } else { + flags =3D HV_TRANSLATE_GVA_VALIDATE_WRITE; + ret =3D translate_gva(cpu_fd, gva, &gpa, flags); + if (ret < 0) { + error_report("failed to translate gva to gpa"); + return -1; + } + } + ret =3D mshv_guest_mem_write(gpa, data, len, false); + if (ret !=3D MEMTX_OK) { + error_report("failed to write to mmio"); + return -1; + } + + return 0; +} + +static int handle_pio_str_write(CPUState *cpu, + hv_x64_io_port_intercept_message *info, + size_t repeat, uint16_t port, + bool direction_flag) +{ + int ret; + uint64_t src; + uint8_t data[4] =3D { 0 }; + size_t len =3D info->access_info.access_size; + int cpu_fd =3D mshv_vcpufd(cpu); + + src =3D linear_addr(cpu, info->rsi, R_DS); + + for (size_t i =3D 0; i < repeat; i++) { + ret =3D read_memory(cpu_fd, 0, 0, src, data, len); + if (ret < 0) { + error_report("Failed to read memory"); + return -1; + } + ret =3D pio_write(port, data, len, false); + if (ret < 0) { + error_report("Failed to write to io port"); + return -1; + } + src +=3D direction_flag ? -len : len; + info->rsi +=3D direction_flag ? -len : len; + } + + return 0; +} + +static int handle_pio_str_read(CPUState *cpu, + hv_x64_io_port_intercept_message *info, + size_t repeat, uint16_t port, + bool direction_flag) +{ + int ret; + uint64_t dst; + size_t len =3D info->access_info.access_size; + uint8_t data[4] =3D { 0 }; + int cpu_fd =3D mshv_vcpufd(cpu); + + dst =3D linear_addr(cpu, info->rdi, R_ES); + + for (size_t i =3D 0; i < repeat; i++) { + pio_read(port, data, len, false); + + ret =3D write_memory(cpu_fd, 0, 0, dst, data, len); + if (ret < 0) { + error_report("Failed to write memory"); + return -1; + } + dst +=3D direction_flag ? -len : len; + info->rdi +=3D direction_flag ? -len : len; + } + + return 0; +} + +static int handle_pio_str(CPUState *cpu, + hv_x64_io_port_intercept_message *info) +{ + uint8_t access_type =3D info->header.intercept_access_type; + uint16_t port =3D info->port_number; + bool repop =3D info->access_info.rep_prefix =3D=3D 1; + size_t repeat =3D repop ? info->rcx : 1; + size_t insn_len =3D info->header.instruction_length; + bool direction_flag; + uint32_t reg_names[3]; + uint64_t reg_values[3]; + int ret; + struct X64Registers x64_regs =3D { 0 }; + X86CPU *x86_cpu =3D X86_CPU(cpu); + CPUX86State *env =3D &x86_cpu->env; + int cpu_fd =3D mshv_vcpufd(cpu); + + ret =3D fetch_guest_state(cpu); + if (ret < 0) { + error_report("Failed to fetch guest state"); + return -1; + } + + direction_flag =3D (env->eflags & DESC_E_MASK) !=3D 0; + + if (access_type =3D=3D HV_X64_INTERCEPT_ACCESS_TYPE_WRITE) { + ret =3D handle_pio_str_write(cpu, info, repeat, port, direction_fl= ag); + if (ret < 0) { + error_report("Failed to handle pio str write"); + return -1; + } + reg_names[0] =3D HV_X64_REGISTER_RSI; + reg_values[0] =3D info->rsi; + } else { + ret =3D handle_pio_str_read(cpu, info, repeat, port, direction_fla= g); + reg_names[0] =3D HV_X64_REGISTER_RDI; + reg_values[0] =3D info->rdi; + } + + reg_names[1] =3D HV_X64_REGISTER_RIP; + reg_values[1] =3D info->header.rip + insn_len; + reg_names[2] =3D HV_X64_REGISTER_RAX; + reg_values[2] =3D info->rax; + + x64_regs.names =3D reg_names; + x64_regs.values =3D reg_values; + x64_regs.count =3D 2; + + ret =3D set_x64_registers(cpu_fd, &x64_regs); + if (ret < 0) { + error_report("Failed to set x64 registers"); + return -1; + } + + cpu->accel->dirty =3D false; + + return 0; +} + +static int handle_pio(CPUState *cpu, const struct hyperv_message *msg) +{ + struct hv_x64_io_port_intercept_message info =3D { 0 }; + int ret; + + ret =3D set_ioport_info(msg, &info); + if (ret < 0) { + error_report("Failed to convert message to ioport info"); + return -1; + } + + if (info.access_info.string_op) { + return handle_pio_str(cpu, &info); + } + + return handle_pio_non_str(cpu, &info); +} + int mshv_run_vcpu(int vm_fd, CPUState *cpu, hv_message *msg, MshvVmExit *e= xit) { - error_report("unimplemented"); - abort(); + int ret; + enum MshvVmExit exit_reason; + int cpu_fd =3D mshv_vcpufd(cpu); + + ret =3D ioctl(cpu_fd, MSHV_RUN_VP, msg); + if (ret < 0) { + return MshvVmExitShutdown; + } + + switch (msg->header.message_type) { + case HVMSG_UNRECOVERABLE_EXCEPTION: + return MshvVmExitShutdown; + case HVMSG_UNMAPPED_GPA: + case HVMSG_GPA_INTERCEPT: + ret =3D handle_mmio(cpu, msg, &exit_reason); + if (ret < 0) { + error_report("failed to handle mmio"); + return -1; + } + return exit_reason; + case HVMSG_X64_IO_PORT_INTERCEPT: + ret =3D handle_pio(cpu, msg); + if (ret < 0) { + return MshvVmExitSpecial; + } + return MshvVmExitIgnore; + default: + break; + } + + *exit =3D MshvVmExitIgnore; + return 0; } =20 void mshv_remove_vcpu(int vm_fd, int cpu_fd) --=20 2.34.1