From nobody Sun Apr 12 00:56:40 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1772441351; cv=none; d=zohomail.com; s=zohoarc; b=aOK8YT7qSw8oDMuMMr3sMfT9wBULOINYP+sHNvXldrSOOVucHzhGM/HYWjHXSFUXEQqTvwueCcXwZQpDJ0CjPZdwiw4lzC0p8mQI5zWRu4CC2QEPK3UbhW/2LfQ7bJj72hg2iM7CVFz0vKfoVMdyaUZrjgd5iZTGNTdVsjF6dvY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1772441351; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=efG39ehvTXHsHgsUkk8khNEEn/y1C14CuxY6g8oqngM=; b=l/PoKubFylpSyLxHyZTTSnvx5iU+AGwzjwEWz1XIa/a6B5HZ6+t2OE9J/h6VR+NLyUSxDGd7v/lUw39WLu1SChv/PP19spNo5FsKJGF3ZXK3u0zFXfOe7KiFVx5XoAw6p26DoGBYQV0kCjVZvT2VpGqyNFZPJdwv8X70+UXL/bE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1772441351765398.3029447582227; Mon, 2 Mar 2026 00:49:11 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vwytq-0002zV-G4; Mon, 02 Mar 2026 03:45:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vwytR-0001w7-DC for qemu-devel@nongnu.org; Mon, 02 Mar 2026 03:44:48 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vwytN-0001af-6c for qemu-devel@nongnu.org; Mon, 02 Mar 2026 03:44:45 -0500 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-657-E6X_o8wCObuVduBo4mwCvw-1; Mon, 02 Mar 2026 03:44:37 -0500 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4837a718f41so23625585e9.2 for ; Mon, 02 Mar 2026 00:44:37 -0800 (PST) Received: from [192.168.10.48] ([151.95.144.138]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-439b503425asm7934880f8f.25.2026.03.02.00.44.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Mar 2026 00:44:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1772441078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=efG39ehvTXHsHgsUkk8khNEEn/y1C14CuxY6g8oqngM=; b=Irr6U1hqYCFizdHfkmzMIMN+Lqumffg7Fx4ZxPCPAYOeGobKov5+yEjNQZOL3EQFLIm0+F NwGy+xG+FZdSkYYMR1xGMPrVK5xE+p3ibXMolLqj92fn+tFh/WAbvnxl7cjfwZsh4D0MMc bDN3x4vBxbgjf/9aiHqTu3VFXjuSu+E= X-MC-Unique: E6X_o8wCObuVduBo4mwCvw-1 X-Mimecast-MFC-AGG-ID: E6X_o8wCObuVduBo4mwCvw_1772441076 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1772441076; x=1773045876; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=efG39ehvTXHsHgsUkk8khNEEn/y1C14CuxY6g8oqngM=; b=BlDq+lfC1bAzQDjZPj65cQQR/pxKRmluYyon52KoTH+f5OH8jJW0VSFh8Br/DUGotz oWIuFaErFAZMrZIOfGBj2QHaw6dShVoMBoWuUskdtBLPbIH8n0/BS8IcXpXRriB0R6+X hqYaGPY+EKQveF6HttGNGc5KeMZJGDdmQFfypPX+KtkDCCt7zhzK3OUUr9GM0VBT5R0k R9Q0LXWrdwvSYtRzwFou7aE4E6xw8naoDH29DiPCh/oPkhVDMFtFdYz5DQ8D/8Ft4naj lmqkw2HOtxCxXQ+ilBUSEsf7tPv17J1VtDUhJhGA6vfCiZvZvyFVXBVwfIHBbuz5QsU/ Ut+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772441076; x=1773045876; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=efG39ehvTXHsHgsUkk8khNEEn/y1C14CuxY6g8oqngM=; b=E5k1a+VAm9ia+jj3/XMWtqJBghQvvlF2V97Mv8oxIC7I+XiH7TWNxoj0+e9fzh8NY9 6uUQPC9eBoEIrGDgDF2tET0SwjdhTORYJo9+bIumTf0vVytmwspsGioZTx+iVN8zN5Ll 8uaJw2bPYlZmCbQgPVmhuMiLaqM8yqpuvFPWQQnl851+EFTeafkrWTJQN29k25/gc+wx URTWutP7K0NsqYcaifSQbfb6rXdBQtjfRaSp2BEo1tdxqVYHGezzM9qBN5iKK7EZRGYw 0TSpvOtRsjVmG210GneSQGrLYpFHM4n53Xd0/85+zPs/IcnYIlu1jTGIjL6Xm+t1dW6t Khsg== X-Gm-Message-State: AOJu0YwEFEakIGWKLLHXNMnbs6nnbemeXIDK7r/eP3tH1xuQvwT4Qatd vn5ZzuYo26r/oAZsdFmSTe4f9enJaHbInAmdQz7SjsR4kfhB8KDB6WaYSuwzIdBVGRiQ4sjIHnw lg1bzdVtck5nNL+5Js3hjybGCU/1+mE0GacUmnuMO5hYOmCZdrJMAxqAr5LTDzZb24AwzVYM6Gr kBLOJSwf/VZKgjjzSYBqsSs+bArijdv9Gqh71V5vA/ X-Gm-Gg: ATEYQzyBZxgsT8LJZGK2ld9CK59CJT7c/uQW/YBAyE8ek4AAW0Xd+G2uKCfjtwRkhGk 2iz+s+TlrOervBG5PNElPoo+6r7AOlSFybap3I5YFtxmpkRM6lEXT+i4rjCUQwaA8l6FdvcgjuC uOiA4Zx7lkp4IyuFkYzRn4JWtdpIOywDyzAtnQ2z6X0g6TKgj+9iLv3iZcEtgPcQppSlqIS9iJv /bRxOzoaRO8PhYtZeaxYrWsvisIESsdmDnne8Ty51QN7HJLlIEypMz5C9qRQzND53bVWsCmBj4s 5YmxVQNiQXPnVP7SvJul/PQeUb9DraYDcjsm/2o1/9eo7WfILyh2pNkW74+lZXqKiJNOl/6zN6v GQBrqs3kQcsKfoE7dM5W0emKhEBFLFPoVDXnDJTIAUOcJOU68n0ae/b2UXYb2jUDajxWBActHfX AoM3F+w/6YGZz9f68QIwoQHQBCatk= X-Received: by 2002:a05:600c:1d12:b0:483:9cdc:8ac1 with SMTP id 5b1f17b1804b1-483c9b9eb7amr184474735e9.11.1772441075338; Mon, 02 Mar 2026 00:44:35 -0800 (PST) X-Received: by 2002:a05:600c:1d12:b0:483:9cdc:8ac1 with SMTP id 5b1f17b1804b1-483c9b9eb7amr184474055e9.11.1772441074567; Mon, 02 Mar 2026 00:44:34 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Mohamed Mediouni Subject: [PULL 020/102] target/i386: emulate, hvf, mshv: rework MMU code Date: Mon, 2 Mar 2026 09:42:15 +0100 Message-ID: <20260302084338.473368-21-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260302084338.473368-1-pbonzini@redhat.com> References: <20260302084338.473368-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.012, RCVD_IN_VALIDITY_RPBL_BLOCKED=1.188, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1772441352664158500 Content-Type: text/plain; charset="utf-8" From: Mohamed Mediouni target/i386/emulate doesn't currently properly emulate instructions which might cause a page fault during their execution. Notably, REP STOS/MO= VS from MMIO to an address which is unmapped until a page fault exception is r= aised causes an abort() in vmx_write_mem. Change the interface between the HW accel backend and target/i386/emulate a= s a first step towards addressing that. Adapt the page table walker code to give actionable errors, while leaving a possibility for backends to provide their own walker. This removes the usage of the Hyper-V page walker in the mshv backend. Signed-off-by: Mohamed Mediouni Link: https://lore.kernel.org/r/20260223233950.96076-20-mohamed@unpredictab= le.fr Signed-off-by: Paolo Bonzini --- target/i386/emulate/x86_emu.h | 4 +- target/i386/emulate/x86_mmu.h | 31 +++++-- target/i386/emulate/x86_decode.c | 2 +- target/i386/emulate/x86_emu.c | 14 +-- target/i386/emulate/x86_helpers.c | 5 +- target/i386/emulate/x86_mmu.c | 146 +++++++++++++++++++----------- target/i386/hvf/hvf.c | 31 +++---- target/i386/hvf/x86.c | 6 +- target/i386/hvf/x86_task.c | 8 +- target/i386/mshv/mshv-cpu.c | 71 --------------- target/i386/whpx/whpx-all.c | 12 --- 11 files changed, 146 insertions(+), 184 deletions(-) diff --git a/target/i386/emulate/x86_emu.h b/target/i386/emulate/x86_emu.h index 05686b162f6..3e485b8ca36 100644 --- a/target/i386/emulate/x86_emu.h +++ b/target/i386/emulate/x86_emu.h @@ -21,13 +21,13 @@ =20 #include "x86.h" #include "x86_decode.h" +#include "x86_mmu.h" #include "cpu.h" =20 struct x86_emul_ops { void (*fetch_instruction)(CPUState *cpu, void *data, target_ulong addr, int bytes); - void (*read_mem)(CPUState *cpu, void *data, target_ulong addr, int byt= es); - void (*write_mem)(CPUState *cpu, void *data, target_ulong addr, int by= tes); + MMUTranslateResult (*mmu_gva_to_gpa) (CPUState *cpu, target_ulong gva,= uint64_t *gpa, MMUTranslateFlags flags); void (*read_segment_descriptor)(CPUState *cpu, struct x86_segment_desc= riptor *desc, enum X86Seg seg); void (*handle_io)(CPUState *cpu, uint16_t port, void *data, int direct= ion, diff --git a/target/i386/emulate/x86_mmu.h b/target/i386/emulate/x86_mmu.h index 9447ae072cd..190bd272a23 100644 --- a/target/i386/emulate/x86_mmu.h +++ b/target/i386/emulate/x86_mmu.h @@ -30,15 +30,30 @@ #define PT_GLOBAL (1 << 8) #define PT_NX (1llu << 63) =20 -/* error codes */ -#define MMU_PAGE_PT (1 << 0) -#define MMU_PAGE_WT (1 << 1) -#define MMU_PAGE_US (1 << 2) -#define MMU_PAGE_NX (1 << 3) +typedef enum MMUTranslateFlags { + MMU_TRANSLATE_VALIDATE_WRITE =3D BIT(1), + MMU_TRANSLATE_VALIDATE_EXECUTE =3D BIT(2), + MMU_TRANSLATE_PRIV_CHECKS_EXEMPT =3D BIT(3) +} MMUTranslateFlags; =20 -bool mmu_gva_to_gpa(CPUState *cpu, target_ulong gva, uint64_t *gpa); +typedef enum MMUTranslateResult { + MMU_TRANSLATE_SUCCESS =3D 0, + MMU_TRANSLATE_PAGE_NOT_MAPPED =3D 1, + MMU_TRANSLATE_PRIV_VIOLATION =3D 2, + MMU_TRANSLATE_INVALID_PT_FLAGS =3D 3, + MMU_TRANSLATE_GPA_UNMAPPED =3D 4, + MMU_TRANSLATE_GPA_NO_READ_ACCESS =3D 5, + MMU_TRANSLATE_GPA_NO_WRITE_ACCESS =3D 6 +} MMUTranslateResult; + +MMUTranslateResult mmu_gva_to_gpa(CPUState *cpu, target_ulong gva, uint64_= t *gpa, MMUTranslateFlags flags); + +/* Thin wrappers x86_write_mem_ex/x86_read_mem_ex for code readability */ +MMUTranslateResult x86_write_mem(CPUState *cpu, void *data, target_ulong g= va, int bytes); +MMUTranslateResult x86_read_mem(CPUState *cpu, void *data, target_ulong gv= a, int bytes); + +MMUTranslateResult x86_write_mem_priv(CPUState *cpu, void *data, target_ul= ong gva, int bytes); +MMUTranslateResult x86_read_mem_priv(CPUState *cpu, void *data, target_ulo= ng gva, int bytes); =20 -void vmx_write_mem(CPUState *cpu, target_ulong gva, void *data, int bytes); -void vmx_read_mem(CPUState *cpu, void *data, target_ulong gva, int bytes); =20 #endif /* X86_MMU_H */ diff --git a/target/i386/emulate/x86_decode.c b/target/i386/emulate/x86_dec= ode.c index 7bbcd2a9a2a..9faa65a5797 100644 --- a/target/i386/emulate/x86_decode.c +++ b/target/i386/emulate/x86_decode.c @@ -80,7 +80,7 @@ static inline uint64_t decode_bytes(CPUX86State *env, str= uct x86_decode *decode, if (emul_ops->fetch_instruction) { emul_ops->fetch_instruction(env_cpu(env), &val, va, size); } else { - emul_ops->read_mem(env_cpu(env), &val, va, size); + x86_read_mem(env_cpu(env), &val, va, size); } } decode->len +=3D size; diff --git a/target/i386/emulate/x86_emu.c b/target/i386/emulate/x86_emu.c index bf96fe06b45..cfa35561dd5 100644 --- a/target/i386/emulate/x86_emu.c +++ b/target/i386/emulate/x86_emu.c @@ -166,7 +166,7 @@ void write_val_to_reg(void *reg_ptr, target_ulong val, = int size) =20 static void write_val_to_mem(CPUX86State *env, target_ulong ptr, target_ul= ong val, int size) { - emul_ops->write_mem(env_cpu(env), &val, ptr, size); + x86_write_mem(env_cpu(env), &val, ptr, size); } =20 void write_val_ext(CPUX86State *env, struct x86_decode_op *decode, target_= ulong val, int size) @@ -180,7 +180,7 @@ void write_val_ext(CPUX86State *env, struct x86_decode_= op *decode, target_ulong =20 uint8_t *read_mmio(CPUX86State *env, target_ulong ptr, int bytes) { - emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes); + x86_read_mem(env_cpu(env), env->emu_mmio_buf, ptr, bytes); return env->emu_mmio_buf; } =20 @@ -497,7 +497,7 @@ static void exec_ins_single(CPUX86State *env, struct x8= 6_decode *decode) =20 emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 0, decode->operand_size, 1); - emul_ops->write_mem(env_cpu(env), env->emu_mmio_buf, addr, + x86_write_mem(env_cpu(env), env->emu_mmio_buf, addr, decode->operand_size); =20 string_increment_reg(env, R_EDI, decode); @@ -518,7 +518,7 @@ static void exec_outs_single(CPUX86State *env, struct x= 86_decode *decode) { target_ulong addr =3D decode_linear_addr(env, decode, RSI(env), R_DS); =20 - emul_ops->read_mem(env_cpu(env), env->emu_mmio_buf, addr, + x86_read_mem(env_cpu(env), env->emu_mmio_buf, addr, decode->operand_size); emul_ops->handle_io(env_cpu(env), DX(env), env->emu_mmio_buf, 1, decode->operand_size, 1); @@ -604,7 +604,7 @@ static void exec_stos_single(CPUX86State *env, struct x= 86_decode *decode) addr =3D linear_addr_size(env_cpu(env), RDI(env), decode->addressing_size, R_ES); val =3D read_reg(env, R_EAX, decode->operand_size); - emul_ops->write_mem(env_cpu(env), &val, addr, decode->operand_size); + x86_write_mem(env_cpu(env), &val, addr, decode->operand_size); =20 string_increment_reg(env, R_EDI, decode); } @@ -628,7 +628,7 @@ static void exec_scas_single(CPUX86State *env, struct x= 86_decode *decode) addr =3D linear_addr_size(env_cpu(env), RDI(env), decode->addressing_size, R_ES); decode->op[1].type =3D X86_VAR_IMMEDIATE; - emul_ops->read_mem(env_cpu(env), &decode->op[1].val, addr, decode->ope= rand_size); + x86_read_mem(env_cpu(env), &decode->op[1].val, addr, decode->operand_s= ize); =20 EXEC_2OP_FLAGS_CMD(env, decode, -, SET_FLAGS_OSZAPC_SUB, false); string_increment_reg(env, R_EDI, decode); @@ -653,7 +653,7 @@ static void exec_lods_single(CPUX86State *env, struct x= 86_decode *decode) target_ulong val =3D 0; =20 addr =3D decode_linear_addr(env, decode, RSI(env), R_DS); - emul_ops->read_mem(env_cpu(env), &val, addr, decode->operand_size); + x86_read_mem(env_cpu(env), &val, addr, decode->operand_size); write_reg(env, R_EAX, val, decode->operand_size); =20 string_increment_reg(env, R_ESI, decode); diff --git a/target/i386/emulate/x86_helpers.c b/target/i386/emulate/x86_he= lpers.c index 7bdd7e4c2a1..024f9a2afcf 100644 --- a/target/i386/emulate/x86_helpers.c +++ b/target/i386/emulate/x86_helpers.c @@ -13,6 +13,7 @@ #include "cpu.h" #include "emulate/x86_decode.h" #include "emulate/x86_emu.h" +#include "emulate/x86_mmu.h" #include "qemu/error-report.h" #include "system/mshv.h" =20 @@ -176,7 +177,7 @@ bool x86_read_segment_descriptor(CPUState *cpu, } =20 gva =3D base + sel.index * 8; - emul_ops->read_mem(cpu, desc, gva, sizeof(*desc)); + x86_read_mem_priv(cpu, desc, gva, sizeof(*desc)); =20 return true; } @@ -200,7 +201,7 @@ bool x86_read_call_gate(CPUState *cpu, struct x86_call_= gate *idt_desc, } =20 gva =3D base + gate * 8; - emul_ops->read_mem(cpu, idt_desc, gva, sizeof(*idt_desc)); + x86_read_mem_priv(cpu, idt_desc, gva, sizeof(*idt_desc)); =20 return true; } diff --git a/target/i386/emulate/x86_mmu.c b/target/i386/emulate/x86_mmu.c index 35987a897aa..11e17c2db1d 100644 --- a/target/i386/emulate/x86_mmu.c +++ b/target/i386/emulate/x86_mmu.c @@ -21,7 +21,9 @@ #include "cpu.h" #include "system/address-spaces.h" #include "system/memory.h" +#include "qemu/error-report.h" #include "emulate/x86.h" +#include "emulate/x86_emu.h" #include "emulate/x86_mmu.h" =20 #define pte_present(pte) (pte & PT_PRESENT) @@ -32,6 +34,11 @@ #define pte_large_page(pte) (pte & PT_PS) #define pte_global_access(pte) (pte & PT_GLOBAL) =20 +#define mmu_validate_write(flags) (flags & MMU_TRANSLATE_VALIDATE_WRITE) +#define mmu_validate_execute(flags) (flags & MMU_TRANSLATE_VALIDATE_EXECUT= E) +#define mmu_priv_checks_exempt(flags) (flags & MMU_TRANSLATE_PRIV_CHECKS_E= XEMPT) + + #define PAE_CR3_MASK (~0x1fllu) #define LEGACY_CR3_MASK (0xffffffff) =20 @@ -40,14 +47,16 @@ #define PAE_PTE_LARGE_PAGE_MASK ((-1llu << (21)) & ((1llu << 52) - 1)) #define PAE_PTE_SUPER_PAGE_MASK ((-1llu << (30)) & ((1llu << 52) - 1)) =20 +static bool is_user(CPUState *cpu) +{ + return false; +} + + struct gpt_translation { target_ulong gva; uint64_t gpa; - int err_code; uint64_t pte[5]; - bool write_access; - bool user_access; - bool exec_access; }; =20 static int gpt_top_level(CPUState *cpu, bool pae) @@ -99,25 +108,15 @@ static bool get_pt_entry(CPUState *cpu, struct gpt_tra= nslation *pt, } =20 /* test page table entry */ -static bool test_pt_entry(CPUState *cpu, struct gpt_translation *pt, - int level, int *largeness, bool pae) +static MMUTranslateResult test_pt_entry(CPUState *cpu, struct gpt_translat= ion *pt, + int level, int *largeness, bool pae, MMUTranslat= eFlags flags) { X86CPU *x86_cpu =3D X86_CPU(cpu); CPUX86State *env =3D &x86_cpu->env; uint64_t pte =3D pt->pte[level]; =20 - if (pt->write_access) { - pt->err_code |=3D MMU_PAGE_WT; - } - if (pt->user_access) { - pt->err_code |=3D MMU_PAGE_US; - } - if (pt->exec_access) { - pt->err_code |=3D MMU_PAGE_NX; - } - if (!pte_present(pte)) { - return false; + return MMU_TRANSLATE_PAGE_NOT_MAPPED; } =20 if (pae && !x86_is_long_mode(cpu) && 2 =3D=3D level) { @@ -125,32 +124,30 @@ static bool test_pt_entry(CPUState *cpu, struct gpt_t= ranslation *pt, } =20 if (level && pte_large_page(pte)) { - pt->err_code |=3D MMU_PAGE_PT; *largeness =3D level; } - if (!level) { - pt->err_code |=3D MMU_PAGE_PT; - } =20 uint32_t cr0 =3D env->cr[0]; /* check protection */ if (cr0 & CR0_WP_MASK) { - if (pt->write_access && !pte_write_access(pte)) { - return false; + if (mmu_validate_write(flags) && !pte_write_access(pte)) { + return MMU_TRANSLATE_PRIV_VIOLATION; } } =20 - if (pt->user_access && !pte_user_access(pte)) { - return false; + if (!mmu_priv_checks_exempt(flags)) { + if (is_user(cpu) && !pte_user_access(pte)) { + return MMU_TRANSLATE_PRIV_VIOLATION; + } } =20 - if (pae && pt->exec_access && !pte_exec_access(pte)) { - return false; + if (pae && mmu_validate_execute(flags) && !pte_exec_access(pte)) { + return MMU_TRANSLATE_PRIV_VIOLATION; } =20 exit: /* TODO: check reserved bits */ - return true; + return MMU_TRANSLATE_SUCCESS; } =20 static inline uint64_t pse_pte_to_page(uint64_t pte) @@ -181,7 +178,7 @@ static inline uint64_t large_page_gpa(struct gpt_transl= ation *pt, bool pae, =20 =20 =20 -static bool walk_gpt(CPUState *cpu, target_ulong addr, int err_code, +static MMUTranslateResult walk_gpt(CPUState *cpu, target_ulong addr, MMUTr= anslateFlags flags, struct gpt_translation *pt, bool pae) { X86CPU *x86_cpu =3D X86_CPU(cpu); @@ -190,21 +187,20 @@ static bool walk_gpt(CPUState *cpu, target_ulong addr= , int err_code, int largeness =3D 0; target_ulong cr3 =3D env->cr[3]; uint64_t page_mask =3D pae ? PAE_PTE_PAGE_MASK : LEGACY_PTE_PAGE_MASK; + MMUTranslateResult res; =20 memset(pt, 0, sizeof(*pt)); top_level =3D gpt_top_level(cpu, pae); =20 pt->pte[top_level] =3D pae ? (cr3 & PAE_CR3_MASK) : (cr3 & LEGACY_CR3_= MASK); pt->gva =3D addr; - pt->user_access =3D (err_code & MMU_PAGE_US); - pt->write_access =3D (err_code & MMU_PAGE_WT); - pt->exec_access =3D (err_code & MMU_PAGE_NX); =20 for (level =3D top_level; level > 0; level--) { get_pt_entry(cpu, pt, level, pae); + res =3D test_pt_entry(cpu, pt, level - 1, &largeness, pae, flags); =20 - if (!test_pt_entry(cpu, pt, level - 1, &largeness, pae)) { - return false; + if (res) { + return res; } =20 if (largeness) { @@ -218,69 +214,111 @@ static bool walk_gpt(CPUState *cpu, target_ulong add= r, int err_code, pt->gpa =3D large_page_gpa(pt, pae, largeness); } =20 - return true; + return res; } =20 =20 -bool mmu_gva_to_gpa(CPUState *cpu, target_ulong gva, uint64_t *gpa) +MMUTranslateResult mmu_gva_to_gpa(CPUState *cpu, target_ulong gva, uint64_= t *gpa, MMUTranslateFlags flags) { + if (emul_ops->mmu_gva_to_gpa) { + return emul_ops->mmu_gva_to_gpa(cpu, gva, gpa, flags); + } + bool res; struct gpt_translation pt; - int err_code =3D 0; =20 if (!x86_is_paging_mode(cpu)) { *gpa =3D gva; - return true; + return MMU_TRANSLATE_SUCCESS; } =20 - res =3D walk_gpt(cpu, gva, err_code, &pt, x86_is_pae_enabled(cpu)); - if (res) { + res =3D walk_gpt(cpu, gva, flags, &pt, x86_is_pae_enabled(cpu)); + if (res =3D=3D MMU_TRANSLATE_SUCCESS) { *gpa =3D pt.gpa; - return true; } =20 - return false; + return res; } =20 -void vmx_write_mem(CPUState *cpu, target_ulong gva, void *data, int bytes) +static MMUTranslateResult x86_write_mem_ex(CPUState *cpu, void *data, targ= et_ulong gva, int bytes, bool priv_check_exempt) { + MMUTranslateResult translate_res =3D MMU_TRANSLATE_SUCCESS; + MemTxResult mem_tx_res; uint64_t gpa; =20 while (bytes > 0) { /* copy page */ int copy =3D MIN(bytes, 0x1000 - (gva & 0xfff)); =20 - if (!mmu_gva_to_gpa(cpu, gva, &gpa)) { - VM_PANIC_EX("%s: mmu_gva_to_gpa " TARGET_FMT_lx " failed\n", - __func__, gva); - } else { - address_space_write(&address_space_memory, gpa, - MEMTXATTRS_UNSPECIFIED, data, copy); + translate_res =3D mmu_gva_to_gpa(cpu, gva, &gpa, MMU_TRANSLATE_VAL= IDATE_WRITE); + if (translate_res) { + return translate_res; + } + + mem_tx_res =3D address_space_write(&address_space_memory, gpa, + MEMTXATTRS_UNSPECIFIED, data, copy); + + if (mem_tx_res =3D=3D MEMTX_DECODE_ERROR) { + warn_report("write to unmapped mmio region gpa=3D0x%" PRIx64 "= size=3D%i", gpa, bytes); + return MMU_TRANSLATE_GPA_UNMAPPED; + } else if (mem_tx_res =3D=3D MEMTX_ACCESS_ERROR) { + return MMU_TRANSLATE_GPA_NO_WRITE_ACCESS; } =20 bytes -=3D copy; gva +=3D copy; data +=3D copy; } + return translate_res; } =20 -void vmx_read_mem(CPUState *cpu, void *data, target_ulong gva, int bytes) +MMUTranslateResult x86_write_mem(CPUState *cpu, void *data, target_ulong g= va, int bytes) { + return x86_write_mem_ex(cpu, data, gva, bytes, false); +} + +MMUTranslateResult x86_write_mem_priv(CPUState *cpu, void *data, target_ul= ong gva, int bytes) +{ + return x86_write_mem_ex(cpu, data, gva, bytes, true); +} + +static MMUTranslateResult x86_read_mem_ex(CPUState *cpu, void *data, targe= t_ulong gva, int bytes, bool priv_check_exempt) +{ + MMUTranslateResult translate_res =3D MMU_TRANSLATE_SUCCESS; + MemTxResult mem_tx_res; uint64_t gpa; =20 while (bytes > 0) { /* copy page */ int copy =3D MIN(bytes, 0x1000 - (gva & 0xfff)); =20 - if (!mmu_gva_to_gpa(cpu, gva, &gpa)) { - VM_PANIC_EX("%s: mmu_gva_to_gpa " TARGET_FMT_lx " failed\n", - __func__, gva); + translate_res =3D mmu_gva_to_gpa(cpu, gva, &gpa, 0); + if (translate_res) { + return translate_res; } - address_space_read(&address_space_memory, gpa, MEMTXATTRS_UNSPECIF= IED, + mem_tx_res =3D address_space_read(&address_space_memory, gpa, MEMT= XATTRS_UNSPECIFIED, data, copy); =20 + if (mem_tx_res =3D=3D MEMTX_DECODE_ERROR) { + warn_report("read from unmapped mmio region gpa=3D0x%" PRIx64 = " size=3D%i", gpa, bytes); + return MMU_TRANSLATE_GPA_UNMAPPED; + } else if (mem_tx_res =3D=3D MEMTX_ACCESS_ERROR) { + return MMU_TRANSLATE_GPA_NO_READ_ACCESS; + } + bytes -=3D copy; gva +=3D copy; data +=3D copy; } + return translate_res; +} + +MMUTranslateResult x86_read_mem(CPUState *cpu, void *data, target_ulong gv= a, int bytes) +{ + return x86_read_mem_ex(cpu, data, gva, bytes, false); +} + +MMUTranslateResult x86_read_mem_priv(CPUState *cpu, void *data, target_ulo= ng gva, int bytes) +{ + return x86_read_mem_ex(cpu, data, gva, bytes, true); } diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c index 0b3674ad33d..fb039ff7bd5 100644 --- a/target/i386/hvf/hvf.c +++ b/target/i386/hvf/hvf.c @@ -252,27 +252,7 @@ static void hvf_read_segment_descriptor(CPUState *s, s= truct x86_segment_descript vmx_segment_to_x86_descriptor(s, &vmx_segment, desc); } =20 -static void hvf_read_mem(CPUState *cpu, void *data, target_ulong gva, int = bytes) -{ - X86CPU *x86_cpu =3D X86_CPU(cpu); - CPUX86State *env =3D &x86_cpu->env; - env->cr[0] =3D rvmcs(cpu->accel->fd, VMCS_GUEST_CR0); - env->cr[3] =3D rvmcs(cpu->accel->fd, VMCS_GUEST_CR3); - vmx_read_mem(cpu, data, gva, bytes); -} - -static void hvf_write_mem(CPUState *cpu, void *data, target_ulong gva, int= bytes) -{ - X86CPU *x86_cpu =3D X86_CPU(cpu); - CPUX86State *env =3D &x86_cpu->env; - env->cr[0] =3D rvmcs(cpu->accel->fd, VMCS_GUEST_CR0); - env->cr[3] =3D rvmcs(cpu->accel->fd, VMCS_GUEST_CR3); - vmx_write_mem(cpu, gva, data, bytes); -} - static const struct x86_emul_ops hvf_x86_emul_ops =3D { - .read_mem =3D hvf_read_mem, - .write_mem =3D hvf_write_mem, .read_segment_descriptor =3D hvf_read_segment_descriptor, .handle_io =3D hvf_handle_io, .simulate_rdmsr =3D hvf_simulate_rdmsr, @@ -490,6 +470,14 @@ static void hvf_cpu_x86_cpuid(CPUX86State *env, uint32= _t index, uint32_t count, } } =20 +static void hvf_load_crs(CPUState *cs) +{ + X86CPU *x86_cpu =3D X86_CPU(cpu); + CPUX86State *env =3D &x86_cpu->env; + + env->cr[0] =3D rvmcs(cpu->accel->fd, VMCS_GUEST_CR0); + env->cr[3] =3D rvmcs(cpu->accel->fd, VMCS_GUEST_CR3); +} void hvf_load_regs(CPUState *cs) { X86CPU *cpu =3D X86_CPU(cs); @@ -802,6 +790,7 @@ static int hvf_handle_vmexit(CPUState *cpu) struct x86_decode decode; =20 hvf_load_regs(cpu); + hvf_load_crs(cpu); decode_instruction(env, &decode); exec_instruction(env, &decode); hvf_store_regs(cpu); @@ -843,6 +832,7 @@ static int hvf_handle_vmexit(CPUState *cpu) } =20 hvf_load_regs(cpu); + hvf_load_crs(cpu); decode_instruction(env, &decode); assert(ins_len =3D=3D decode.len); exec_instruction(env, &decode); @@ -948,6 +938,7 @@ static int hvf_handle_vmexit(CPUState *cpu) struct x86_decode decode; =20 hvf_load_regs(cpu); + hvf_load_crs(cpu); decode_instruction(env, &decode); exec_instruction(env, &decode); hvf_store_regs(cpu); diff --git a/target/i386/hvf/x86.c b/target/i386/hvf/x86.c index e98f480f411..7fe710aca3b 100644 --- a/target/i386/hvf/x86.c +++ b/target/i386/hvf/x86.c @@ -72,7 +72,7 @@ bool x86_read_segment_descriptor(CPUState *cpu, return false; } =20 - vmx_read_mem(cpu, desc, base + sel.index * 8, sizeof(*desc)); + x86_read_mem_priv(cpu, desc, base + sel.index * 8, sizeof(*desc)); return true; } =20 @@ -95,7 +95,7 @@ bool x86_write_segment_descriptor(CPUState *cpu, printf("%s: gdt limit\n", __func__); return false; } - vmx_write_mem(cpu, base + sel.index * 8, desc, sizeof(*desc)); + x86_write_mem_priv(cpu, desc, base + sel.index * 8, sizeof(*desc)); return true; } =20 @@ -111,7 +111,7 @@ bool x86_read_call_gate(CPUState *cpu, struct x86_call_= gate *idt_desc, return false; } =20 - vmx_read_mem(cpu, idt_desc, base + gate * 8, sizeof(*idt_desc)); + x86_read_mem_priv(cpu, idt_desc, base + gate * 8, sizeof(*idt_desc)); return true; } =20 diff --git a/target/i386/hvf/x86_task.c b/target/i386/hvf/x86_task.c index b1e541a6420..64e30e970d9 100644 --- a/target/i386/hvf/x86_task.c +++ b/target/i386/hvf/x86_task.c @@ -93,16 +93,16 @@ static int task_switch_32(CPUState *cpu, x86_segment_se= lector tss_sel, x86_segme uint32_t eip_offset =3D offsetof(struct x86_tss_segment32, eip); uint32_t ldt_sel_offset =3D offsetof(struct x86_tss_segment32, ldt); =20 - vmx_read_mem(cpu, &tss_seg, old_tss_base, sizeof(tss_seg)); + x86_read_mem_priv(cpu, &tss_seg, old_tss_base, sizeof(tss_seg)); save_state_to_tss32(cpu, &tss_seg); =20 - vmx_write_mem(cpu, old_tss_base + eip_offset, &tss_seg.eip, ldt_sel_of= fset - eip_offset); - vmx_read_mem(cpu, &tss_seg, new_tss_base, sizeof(tss_seg)); + x86_write_mem_priv(cpu, &tss_seg.eip, old_tss_base + eip_offset, ldt_s= el_offset - eip_offset); + x86_read_mem_priv(cpu, &tss_seg, new_tss_base, sizeof(tss_seg)); =20 if (old_tss_sel.sel !=3D 0xffff) { tss_seg.prev_tss =3D old_tss_sel.sel; =20 - vmx_write_mem(cpu, new_tss_base, &tss_seg.prev_tss, sizeof(tss_seg= .prev_tss)); + x86_write_mem_priv(cpu, &tss_seg.prev_tss, new_tss_base, sizeof(ts= s_seg.prev_tss)); } load_state_from_tss32(cpu, &tss_seg); return 0; diff --git a/target/i386/mshv/mshv-cpu.c b/target/i386/mshv/mshv-cpu.c index f190e83bd15..2bc978deb25 100644 --- a/target/i386/mshv/mshv-cpu.c +++ b/target/i386/mshv/mshv-cpu.c @@ -1548,74 +1548,6 @@ int mshv_create_vcpu(int vm_fd, uint8_t vp_index, in= t *cpu_fd) return 0; } =20 -static int guest_mem_read_with_gva(const CPUState *cpu, uint64_t gva, - uint8_t *data, uintptr_t size, - bool fetch_instruction) -{ - int ret; - uint64_t gpa, flags; - - flags =3D HV_TRANSLATE_GVA_VALIDATE_READ; - ret =3D translate_gva(cpu, gva, &gpa, flags); - if (ret < 0) { - error_report("failed to translate gva to gpa"); - return -1; - } - - ret =3D mshv_guest_mem_read(gpa, data, size, false, fetch_instruction); - if (ret < 0) { - error_report("failed to read from guest memory"); - return -1; - } - - return 0; -} - -static int guest_mem_write_with_gva(const CPUState *cpu, uint64_t gva, - const uint8_t *data, uintptr_t size) -{ - int ret; - uint64_t gpa, flags; - - flags =3D HV_TRANSLATE_GVA_VALIDATE_WRITE; - ret =3D translate_gva(cpu, gva, &gpa, flags); - if (ret < 0) { - error_report("failed to translate gva to gpa"); - return -1; - } - ret =3D mshv_guest_mem_write(gpa, data, size, false); - if (ret < 0) { - error_report("failed to write to guest memory"); - return -1; - } - return 0; -} - -static void write_mem(CPUState *cpu, void *data, target_ulong addr, int by= tes) -{ - if (guest_mem_write_with_gva(cpu, addr, data, bytes) < 0) { - error_report("failed to write memory"); - abort(); - } -} - -static void fetch_instruction(CPUState *cpu, void *data, - target_ulong addr, int bytes) -{ - if (guest_mem_read_with_gva(cpu, addr, data, bytes, true) < 0) { - error_report("failed to fetch instruction"); - abort(); - } -} - -static void read_mem(CPUState *cpu, void *data, target_ulong addr, int byt= es) -{ - if (guest_mem_read_with_gva(cpu, addr, data, bytes, false) < 0) { - error_report("failed to read memory"); - abort(); - } -} - static void read_segment_descriptor(CPUState *cpu, struct x86_segment_descriptor *desc, enum X86Seg seg_idx) @@ -1634,9 +1566,6 @@ static void read_segment_descriptor(CPUState *cpu, } =20 static const struct x86_emul_ops mshv_x86_emul_ops =3D { - .fetch_instruction =3D fetch_instruction, - .read_mem =3D read_mem, - .write_mem =3D write_mem, .read_segment_descriptor =3D read_segment_descriptor, }; =20 diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c index ab583e922d4..561a48206ca 100644 --- a/target/i386/whpx/whpx-all.c +++ b/target/i386/whpx/whpx-all.c @@ -862,16 +862,6 @@ static int whpx_handle_portio(CPUState *cpu, return 0; } =20 -static void write_mem(CPUState *cpu, void *data, target_ulong addr, int by= tes) -{ - vmx_write_mem(cpu, addr, data, bytes); -} - -static void read_mem(CPUState *cpu, void *data, target_ulong addr, int byt= es) -{ - vmx_read_mem(cpu, data, addr, bytes); -} - static void read_segment_descriptor(CPUState *cpu, struct x86_segment_descriptor *desc, enum X86Seg seg_idx) @@ -891,8 +881,6 @@ static void read_segment_descriptor(CPUState *cpu, =20 =20 static const struct x86_emul_ops whpx_x86_emul_ops =3D { - .read_mem =3D read_mem, - .write_mem =3D write_mem, .read_segment_descriptor =3D read_segment_descriptor, .handle_io =3D handle_io }; --=20 2.53.0