> On 24. Feb 2026, at 00:39, Mohamed Mediouni <mohamed@unpredictable.fr> wrote:
>
> It's a bit of a misnomer, but didn't rename this series to not cause more confusion... should
> probably have been named more like:
>
> whpx, target/i386/emulate: fixes for target/i386/emulate and move WHPX x86 to it + WHPX misc fixes
>
> Should have probably put a bit less faith in the state of target/i386/emulate from the get-go...
>
> In guest OSes compatibility: Win9x works now (but is not too stable...). I probably recommend using -M kernel-irqchip=off
> for that case though as it apparently raises stability (a bit). Win9x didn't work with winhvemulate.
>
> 32-bit Haiku didn't work for me with or without this, with an invalid bit being there in the PTEs, but 64-bit Haiku works.
>
> On the bright side, this series should fix a lot on x86 HVF too…
Tests on x86 HVF would be nice to have.
> Some questions/notes for mshv:
> - On the model of the "whpx: i386: inject exceptions" commit, also have injection of raised exceptions for
> the MSHV backend for this all to work as expected.
> - I removed the reliance on the Hyper-V GVA translate call, which is a very slow one. If you want to add it
> back instead of using the QEMU target/i386/emulate page table walker, there probably ought to be a way to reduce
> the number of calls to that...
> - but emul_ops has a new mmu_gva_to_gpa call to enable this case to be implemented
> - la57 code is not exactly tested
>
> And in missing things that are probably a better fit for a separate patch (series) instead of this continously-growing one:
> - I don't handle privileges for the page walker in target/i386/emulate
> - and SMAP/SMEP for it, with complexity they might add to the picture
> - and the same applies to putting the reserved bit on error_code for erroneous PTEs
>
> Git: https://github.com/mediouni-m/qemu (tag for this revision: whpx-x86-202502-v5, and yeah the 2025 is a typo…)
v6 instead of v5.
I should perhaps send revisions a bit less often…
And the patchew link: https://patchew.org/QEMU/20260223233950.96076-1-mohamed@unpredictable.fr/
> This series contains:
>
> - target/i386/emulate fixes
> - move HVF x86_mmu code to common code
> - fixing debug support, which was broken since around: "gdbstub: move guest debug support check to ops"
> a48e7d9e52f8fe8b47f4c74f3e99d9d677b87fe5
> - switch over from winhvemulation to common x86 VM exit emulation code
> - remove some log lines
> - Remove WHPX CPUID traps as they're currently quite broken
> - Reworked implementation of the REP prefix for string instructions
> - page table walker rework, error propagation for target/i386/emulate,
> and injecting exceptions too
> - bump the exposed interrupt controller to an X2APIC
> - preemptively ignore interrupt requests to vector 0 instead of making the HV do it
>
> Changes added since v5:
> - Thorough propagation of memory error reads across target/i386/emulate
> - target/i386/emulate: warn on read/write from/to unmapped MMIO
> - for an unmapped GPA, continue and 0xff the register
>
> Changes added since v4:
> - MMU code rework
> - page table walker rework, (some) error propagation for target/i386/emulate,
> and injecting exceptions too...
> - all around cleanups around target/i386/emulate...
> - bump the exposed interrupt controller to an X2APIC
> - preemptively ignore interrupt requests to vector 0 instead of making the HV do it
>
> Changes added since v3:
> - Reworked implementation of the REP prefix for string instructions
> - Pick up flags conversion for WHPX x86 (used by target/i386/emulate)
> - get rid of the goto for the save/restore less state for WHPX patch
>
> Changes added since v2:
> - Take target/i386/emulate patches from Bernhard Beschow
> https://lore.kernel.org/qemu-devel/20260214131659.31378-1-shentey@gmail.com/
> - Rework state levels to an enum
> - Skip some state loading on the registers save path too
>
> Changes added since v1:
> - move HVF x86_mmu code to common code
> - Use x86_mmu in WHPX MMIO exits
> - Remove WHPX CPUID traps as they're currently quite broken
> - Optimise MMIO vmexits by not restoring the full state
>
> Bernhard Beschow (3):
> target/i386/emulate/x86_decode: Fix compiler warning
> target/i386/hvf/x86_mmu: Fix compiler warning
> target/i386/emulate/x86_decode: Actually use stream in
> decode_instruction_stream()
>
> Mohamed Mediouni (25):
> target/i386/emulate: rework string_rep emulation
> target/i386: emulate, hvf: move x86_mmu to common code
> whpx: i386: re-enable guest debug support
> whpx: preparatory changes before switching over from winhvemulation
> whpx: refactor whpx_destroy_vcpu to arch-specific function
> whpx: move whpx_get_reg/whpx_set_reg to generic code
> whpx: i386: switch over from winhvemulation to target/i386/emulate
> whpx: i386: flags conversion for target/i386/emulate internal state
> whpx: i386: remove remaining winhvemulation support code
> whpx: i386: remove messages
> whpx: i386: remove CPUID trapping
> whpx: common, i386, arm: rework state levels
> whpx: i386: saving/restoring less state for
> WHPX_LEVEL_FAST_RUNTIME_STATE
> target/i386: mshv, emulate: move the generic x86 helpers to
> target/i386/emulate
> target/i386: emulate: 5-level paging for the page table walker
> target/i386: emulate, hvf, mshv: rework MMU code
> hvf: i386: save/restore CR0/2/3
> target/i386: emulate: get rid of write_val_to_mem() helper
> target/i386: emulate: raise an exception on translation fault
> target/i386: emulate: remove fetch_instruction helper too
> target/i386: emulate: propagate memory errors on most reads/writes
> whpx: i386: inject exceptions
> whpx: i386: bump to x2apic
> whpx: i386: ignore send_msi to interrupt vector 0
> target/i386: emulate: propagate errors all the way and stop early
>
> accel/whpx/whpx-accel-ops.c | 8 +
> accel/whpx/whpx-common.c | 68 +-
> include/system/whpx-accel-ops.h | 16 +-
> include/system/whpx-all.h | 11 +-
> include/system/whpx-common.h | 6 +-
> include/system/whpx-internal.h | 16 -
> meson.build | 3 +-
> target/arm/whpx/whpx-all.c | 43 +-
> target/i386/cpu.h | 2 +-
> target/i386/emulate/meson.build | 9 +
> target/i386/emulate/x86.h | 1 +
> target/i386/emulate/x86_decode.c | 12 +-
> target/i386/emulate/x86_emu.c | 356 +++++++----
> target/i386/emulate/x86_emu.h | 24 +-
> .../{mshv/x86.c => emulate/x86_helpers.c} | 13 +-
> target/i386/emulate/x86_mmu.c | 354 +++++++++++
> target/i386/{hvf => emulate}/x86_mmu.h | 31 +-
> target/i386/hvf/hvf.c | 40 +-
> target/i386/hvf/meson.build | 1 -
> target/i386/hvf/x86.c | 13 +-
> target/i386/hvf/x86_mmu.c | 277 --------
> target/i386/hvf/x86_task.c | 10 +-
> target/i386/mshv/meson.build | 2 +-
> target/i386/mshv/mshv-cpu.c | 71 ---
> target/i386/whpx/whpx-all.c | 591 ++++++++----------
> target/i386/whpx/whpx-apic.c | 5 +
> 26 files changed, 1031 insertions(+), 952 deletions(-)
> rename target/i386/{mshv/x86.c => emulate/x86_helpers.c} (95%)
> create mode 100644 target/i386/emulate/x86_mmu.c
> rename target/i386/{hvf => emulate}/x86_mmu.h (51%)
> delete mode 100644 target/i386/hvf/x86_mmu.c
>
> --
> 2.50.1 (Apple Git-155)
>