Commit graph

3345 commits

Author SHA1 Message Date
Daniel P. Berrange 83a5bf2d25
qapi: rename QmpOutputVisitor to QObjectOutputVisitor
The QmpOutputVisitor has no direct dependency on QMP. It is
valid to use it anywhere that one wants a QObject. Rename it
to better reflect its functionality as a generic QAPI
to QObject converter.

The commit before previous renamed the files, this one renames C
identifiers.

Backports commit 7d5e199ade76c53ec316ab6779800581bb47c50a from qemu
2018-02-27 08:05:33 -05:00
Daniel P. Berrange 2949a90977
qapi: rename QmpInputVisitor to QObjectInputVisitor
The QmpInputVisitor has no direct dependency on QMP. It is
valid to use it anywhere that one has a QObject. Rename it
to better reflect its functionality as a generic QObject
to QAPI converter.

The previous commit renamed the files, this one renames C identifiers.

Backports commit 09e68369a88d7de0f988972bf28eec1b80cc47f9 from qemu
2018-02-26 15:54:15 -05:00
Daniel P. Berrange 228f122248
qapi: rename *qmp-*-visitor* to *qobject-*-visitor*
The QMP visitors have no direct dependency on QMP. It is
valid to use them anywhere that one has a QObject. Rename them
to better reflect their functionality as a generic QObject
to QAPI converter.

This is the first of three parts: rename the files. The next two
parts will rename C identifiers. The split is necessary to make git
rename detection work.

Backports commit b3db211f3c80bb996a704d665fe275619f728bd4 from qemu
2018-02-26 15:42:37 -05:00
Peter Maydell 1a850bcb19
target-arm: Implement new HLT trap for semihosting
Version 2.0 of the semihosting specification introduces new trap
instructions for AArch32: HLT 0xF000 for A32 and HLT 0x3C for T32.
Implement these (in the same way we implement the existing HLT
semihosting trap for A64).

The old traps via SVC and BKPT are unaffected.

Backports commit 19a6e31c9d2701ef648b70ddcfc3bf64cec8c37e from qemu
2018-02-26 15:28:45 -05:00
Peter Maydell db8b0a82b1
cpu: Support a target CPU having a variable page size
Support target CPUs having a page size which isn't knownn
at compile time. To use this, the CPU implementation should:
* define TARGET_PAGE_BITS_VARY
* not define TARGET_PAGE_BITS
* define TARGET_PAGE_BITS_MIN to the smallest value it
might possibly want for TARGET_PAGE_BITS
* call set_preferred_target_page_bits() in its realize
function to indicate the actual preferred target page
size for the CPU (and report any error from it)

In CONFIG_USER_ONLY, the CPU implementation should continue
to define TARGET_PAGE_BITS appropriately for the guest
OS page size.

Machines which want to take advantage of having the page
size something larger than TARGET_PAGE_BITS_MIN must
set the MachineClass minimum_page_bits field to a value
which they guarantee will be no greater than the preferred
page size for any CPU they create.

Note that changing the target page size by setting
minimum_page_bits is a migration compatibility break
for that machine.

For debugging purposes, attempts to use TARGET_PAGE_SIZE
before it has been finally confirmed will assert.

Backports commit 20bccb82ff3ea09bcb7c4ee226d3160cab15f7da from qemu
2018-02-26 12:29:08 -05:00
Vijaya Kumar K a7229cc08a
translate-all.c: Compute L1 page table properties at runtime
Remove L1 page mapping table properties computing
statically using macros which is dependent on
TARGET_PAGE_BITS. Drop macros V_L1_SIZE, V_L1_SHIFT,
V_L1_BITS macros and replace with variables which are
computed at early stage of VM boot.

Removing dependency can help to make TARGET_PAGE_BITS
dynamic.

Backports commit 66ec9f49399f0a9fa13ee77c472caba0de2773fc from qemu
2018-02-26 11:46:58 -05:00
Vijaya Kumar K 3082b4e4ec
exec.c: Remove static allocation of sub_section of sub_page
Allocate sub_section dynamically. Remove dependency
on TARGET_PAGE_SIZE to make run-time page size detection
for arm platforms.

Backports commit 2615fabd42ea0078dd9e659bdb21a5b7a1f87a9a from qemu
2018-02-26 10:50:04 -05:00
Paolo Bonzini eb75004013
memory: add a per-AddressSpace list of listeners
This speeds up MEMORY_LISTENER_CALL noticeably. Right now,
with many PCI devices you have N regions added to M AddressSpaces
(M = # PCI devices with bus-master enabled) and each call looks
up the whole listener list, with at least M listeners in it.
Because most of the regions in N are BARs, which are also roughly
proportional to M, the whole thing is O(M^3). This changes it
to O(M^2), which is the best we can do without rewriting the
whole thing.

Backports commit 9a54635dcb51a3fcf7507af630168f514a8cd4e7 from qemu
2018-02-26 10:46:50 -05:00
Paolo Bonzini 4b06e8bbb7
memory: eliminate global MemoryListeners
There is none, so just drop the code.

Backports commit d45fa784cd0c111131696808d1168259d66b7519 from qemu
2018-02-26 10:19:28 -05:00
Paolo Bonzini 8734e13a73
tcg: try sti when moving a constant into a dead memory temp
This comes from free from unifying tcg_reg_alloc_mov and
tcg_reg_alloc_movi's handling of TEMP_VAL_CONST. It triggers
often on moves to cc_dst, such as the following translation
of "sub $0x3c,%esp":

before: after:
subl $0x3c,%ebp subl $0x3c,%ebp
movl %ebp,0x10(%r14) movl %ebp,0x10(%r14)
movl $0x3c,%ebx movl $0x3c,0x2c(%r14)
movl %ebx,0x2c(%r14)

Backports commit 0fe4fca4e1a5e06a270127dd80bb753d4dda61c6 from qemu
2018-02-26 10:08:47 -05:00
Paolo Bonzini be00a3e100
target-i386: fix 32-bit addresses in LEA
This was found with test-i386. The issue is that instructions
such as

addr32 lea (%eax), %rax

did not perform a 32-bit extension, because the LEA translation
skipped the gen_lea_v_seg step. That step does not just add
segments, it also takes care of extending from address size to
pointer size.

Backports commit 620abfb004543404bef1953e25da2ad77352941a from qemu
2018-02-26 10:06:08 -05:00
Paolo Bonzini 8b239bd48b
atomic: base mb_read/mb_set on load-acquire and store-release
This introduces load-acquire and store-release operations in QEMU.
For now, just use them as an implementation detail of atomic_mb_read
and atomic_mb_set.

Since docs/atomics.txt documents that atomic_mb_read only synchronizes
with an atomic_mb_set of the same variable, we can use the new implementation
everywhere instead of seq-cst loads and stores.

Backports commit 803cf26a9e019b5d2256a8edeb22e3538c4f3261 from qemu
2018-02-26 10:02:46 -05:00
Paolo Bonzini fd7ef4c184
atomic: introduce smp_mb_acquire and smp_mb_release 2018-02-26 09:58:22 -05:00
Eduardo Habkost b41bb81737
target-i386: Don't use cpu->migratable when filtering features
When explicitly enabling unmigratable flags using "-cpu host"
(e.g. "-cpu host,+invtsc"), the requested feature won't be
enabled because cpu->migratable is true by default.

This is inconsistent with all other CPU models, which don't have
the "migratable" option, making "+invtsc" work without the need
for extra options.

This happens because x86_cpu_filter_features() uses
cpu->migratable as an argument for
x86_cpu_get_supported_feature_word(). This is not useful
because:
2) on "-cpu host" it only makes QEMU disable features that were
explicitly enabled in the command-line;
1) on all the other CPU models, cpu->migratable is already false.

The fix is to just use 'false' as an argument to
x86_cpu_get_supported_feature_word() in
x86_cpu_filter_features().

Note that:

* This won't change anything for people using using
"-cpu host" or "-cpu host,migratable=<on|off>" (with no extra
features) because the x86_cpu_get_supported_feature_word() call
on the cpu->host_features check uses cpu->migratable as
argument.
* This won't change anything for any CPU model except "host"
because they all have cpu->migratable == false (and only "host"
has the "migratable" property that allows it to be changed).
* This will only change things for people using "-cpu host,+<feature>",
where <feature> is a non-migratable feature. The only existing
named non-migratable feature is "invtsc".

In other words, this change will only affect people using
"-cpu host,+invtsc" (that will now get what they asked for: the
invtsc flag will be enabled). All other use cases are unaffected.

Backports commit 46c032f3afcc05a0123914609f1003906ba63fda from qemu
2018-02-26 09:51:14 -05:00
Eduardo Habkost 4096ce0184
target-i386: x86_cpu_load_features() function
When probing for CPU model information, we need to reuse the code
that initializes CPUID fields, but not the remaining side-effects
of x86_cpu_realizefn(). Move that code to a separate function
that can be reused later.

Backports commit 41f3d4d69a423dadb8431fda65d8d7c68c0de0fc from qemu
2018-02-26 09:49:34 -05:00
Eduardo Habkost aa98c8a93f
target-i386: Move warning code outside x86_cpu_filter_features()
x86_cpu_filter_features() will be reused by code that shouldn't
print any warning. Move the warning code to a new
x86_cpu_report_filtered_features() function, and call it from
x86_cpu_realizefn().

Backports commit 8ca30e8673aff9bfcf8f969f8db4266b5f62e49c from qemu
2018-02-26 09:40:11 -05:00
Eduardo Habkost 08bfa41e1b
target-i386: xsave: Add FP and SSE bits to x86_ext_save_areas
Instead of treating the FP and SSE bits as special cases, add
them to the x86_ext_save_areas array. This will simplify the code
that calculates the supported xsave components and the size of
the xsave area.

Backports commit e3c9022b4e2b6a4deb6518361d2bbf33522b9198 from qemu
2018-02-26 09:37:48 -05:00
Eduardo Habkost 54bd827472
target-i386: Register properties for feature aliases manually
Instead of keeping the aliases inside the feature name arrays and
require parsing the strings, just register alias properties
manually. This simplifies the code for property registration and
lookup.

Backports commit 16d2fcaa509b1ca56eb2fcd8fe877279cf65cccc from qemu
2018-02-26 09:34:52 -05:00
Eduardo Habkost b508b9e02a
target-i386: Remove underscores from feat_names arrays
Instead of translating the feature name entries when adding
property names, store the actual property names in the feature
name array.

For reference, here is the full list of functions that use
FeatureWordInfo::feat_names:

* x86_cpu_get_migratable_flags(): not affected, as it just
check for non-NULL values.
* report_unavailable_features(): informative only. It will
start printing feature names with hyphens.
* x86_cpu_list(): informative only. It will start printing
feature names with hyphens
* x86_cpu_register_feature_bit_props(): not affected, as it
was already calling feat2prop(). Now we can remove the
feat2prop() calls safely.

So, the only user-visible effect of this patch are the new names
being used in help and error messages for users.

Backports commit fc7dfd205f3287893c436d932a167bffa30579c8 from qemu
2018-02-26 09:33:15 -05:00
Eduardo Habkost 6d1a7bccb5
target-i386: Disable VME by default with TCG
VME is already disabled automatically when using TCG. So, instead
of pretending it is there when reporting CPU model data on
query-cpu-* QMP commands (making every CPU model to be reported
as not runnable), we can disable it by default on all CPU models
when using TCG.

Do that by adding a tcg_default_props array that will work like
kvm_default_props.

Backports commit 04d99c3c61f4bdc0450dbeb6512b6dd743baca65 from qemu
2018-02-26 08:23:44 -05:00
Eduardo Habkost 594cbeaa06
target-i386: List CPU models using subclass list
Instead of using the builtin_x86_defs array, use the QOM subclass
list to list CPU models on "-cpu ?" and "query-cpu-definitions".

Backports commit ee465a3ef77c2b2975ffa71c72208c05b3f3970d from qemu
2018-02-26 08:17:04 -05:00
Peter Maydell 200771d0ba
target-arm: Add trace events for the generic timers
Backports commit 194cbc492bcc8f3f1868ec97a35146bc99c3c71c from qemu
2018-02-26 08:15:42 -05:00
Peter Maydell 158bfc109a
target-arm: Implement dummy MDCCINT_EL1
MDCCINT_EL1 is part of the DCC debugger communication
channel between the CPU and an attached external debugger.
QEMU doesn't implement this, but since Linux may try
to access this register we need to provide at least
a dummy implementation.

Backports commit 5dbdc4342f479d799a1970dd5fd22e64c9dcd50d from qemu
2018-02-26 08:11:54 -05:00
Peter Maydell f2dcb81b27
Fix masking of PC lower bits when doing exception returns
In commit 9b6a3ea7a699594 store_reg() was changed to mask
both bits 0 and 1 of the new PC value when in ARM mode.
Unfortunately this broke the exception return code paths
when doing a return from ARM mode to Thumb mode: in some
of these we write a new CPSR including new Thumb mode
bit via gen_helper_cpsr_write_eret(), and then use store_reg()
to write the new PC. In this case if the new CPSR specified
Thumb mode then masking bit 1 of the PC is incorrect
(these code paths correspond to the v8 ARM ARM pseudocode
function AArch32.ExceptionReturn(), which always aligns the
new PC appropriately for the new instruction set state).

Instead of using store_reg() in exception-return code paths,
call a new store_pc_exc_ret() which stores the raw new PC
value to env->regs[15], and then mask it appropriately in
the subsequent helper_cpsr_write_eret() where the new
env->thumb state is available.

This fixes a bug introduced by 9b6a3ea7a699594 which caused
crashes/hangs or otherwise bad behaviour for Linux when
userspace was using Thumb.

Backports commit fb0e8e79a9d77ee240dbca036fa8698ce654e5d1 from qemu
2018-02-26 08:09:28 -05:00
Thomas Hanson c69ae10ca7
target-arm: Comments added to identify cases in a switch
3 cases in a switch in disas_exc() require reference to the
ARM ARM spec in order to determine what case they're handling.

Backports commit 957956b3013c8122a749dfe61a41aef8b4100e31 from qemu
2018-02-26 08:05:49 -05:00
Thomas Hanson 00d1803436
target-arm: Code changes to implement overwrite of tag field on PC load
For BR, BLR and RET instructions, if tagged addresses are enabled, the
tag field in the address must be cleared out prior to loading the
address into the PC. Depending on the current EL, it will be set to
either all 0's or all 1's.

Backports commit 6feecb8b941f2d21e5645d0b6e0cdb776998121b from qemu
2018-02-26 08:04:00 -05:00
Thomas Hanson 2af4ca54e9
target-arm: Infrastucture changes to enable handling of tagged address loading into PC
When capturing the current CPU state for the TB, extract the TBI0 and TBI1
values from the correct TCR for the current EL and then add them to the TB
flags field.

Then, at the start of code generation for the block, copy the TBI fields
into the DisasContext structure.

Backports commit 86fb3fa4ed5873b021a362ea26a021f4aeab1bb4 from qemu
2018-02-26 07:58:17 -05:00
Marc-André Lureau be6e25bcc7
qapi: return a 'missing parameter' error
The 'old' dispatch code returned a QERR_MISSING_PARAMETER for missing
parameters, but the qapi qmp_dispatch() code uses
QERR_INVALID_PARAMETER_TYPE.

Improve qapi code to return QERR_MISSING_PARAMETER where
appropriate.

Fix expected error message in iotests.

Backports commit 1382d4abdf9619985e4078e37e49e487cea9935e from qemu
2018-02-26 05:19:53 -05:00
Marc-André Lureau ddc25c8aaf
qapi: assert list entry has a value
This helps to figure out the expectations.

Backports commit eac8e79ff749fc15e1dca4caccf1f38664ab4915 from qemu
2018-02-26 05:15:32 -05:00
Marc-André Lureau bd469af15f
qapi: add assert about root value
qiv->root should not be null, make that clearer with some assert.

Backports commit 5d0cbbcfeb59e1e3f5ee7d26b8a215382f6d9abd from qemu
2018-02-26 05:15:01 -05:00
Marc-André Lureau 1a138915a5
qapi: Fix crash when 'any' or 'null' parameter is missing
Unlike the other visit methods, visit_type_any() and visit_type_null()
neglect to check whether qmp_input_get_object() succeeded. They crash
when it fails. Reproducer:

{ "execute": "qom-set",
"arguments": { "path": "/machine", "property": "rtc-time" } }

Will crash with:

qapi/qapi-visit-core.c:277: visit_type_any: Assertion `!err != !*obj'
failed

Broken in commit 5c678ee. Fix by adding the missing error checks.

Backports commit c489780203f9b22aca5539ec7589b7140bdc951f from qemu
2018-02-26 05:13:54 -05:00
Alex Bennée fbf6fb1e25
atomic.h: fix __SANITIZE_THREAD__ build
Only very modern GCC's actually set this define when building with the
ThreadSanitizer so this little typo slipped though.

Backports commit 23ea7f57949f2f5934f4d5bbc29fe321b3a7067b from qemu
2018-02-26 05:12:17 -05:00
Alex Bennée d4cb954102
cpu: atomically modify cpu->exit_request
ThreadSanitizer picks up potential races although we already use
barriers to ensure things are in the correct order when processing exit
requests. For true C11 defined behaviour across threads we need to use
relaxed atomic_set/atomic_read semantics to reassure tsan.

Backports commit 027d9a7d2911e993cdcbd21c7c35d1dd058f05bb from qemu
2018-02-26 05:11:18 -05:00
Alex Bennée e1cf9ca84a
qom/cpu: atomically clear the tb_jmp_cache
The ThreadSanitizer rightly complains that something initialised with a
normal access is later updated and read atomically.

Backports commit ce7cf6a973f4b614162b9518954d441fa5e32fc6 from qemu
2018-02-26 05:09:05 -05:00
Alex Bennée 12d7e946a1
qom/object: update class cache atomically
The idiom CPU_GET_CLASS(cpu) is fairly extensively used in various
threads and trips of ThreadSanitizer due to the fact it updates
obj->class->object_cast_cache behind the scenes. As this is just a
fast-path cache there is no need to lock updates.

However to ensure defined C11 behaviour across threads we need to use
the plain atomic_read/set primitives and keep the sanitizer happy.

Backports commit b6b3ccfda015dcd5ab50f70c189ee5cc6c622e91 from qemu
2018-02-26 05:06:40 -05:00
Alex Bennée bf72733576
tcg/optimize: move default return out of if statement
This is to appease sanitizer builds which complain that:

"error: control reaches end of non-void function"

Backports commit 550276ae0a88851edda2cb7fcdd64256dbb8e314 from qemu
2018-02-26 05:05:21 -05:00
Alex Bennée 4046235e92
atomic.h: comment on use of atomic_read/set
Add some notes on the use of the relaxed atomic access helpers and their
importance for defined behaviour in C11's multi-threaded memory model.

Backports commit e653bc6b0ff645c25b8a2eb607c18a5c98b59db6 from qemu
2018-02-26 05:03:59 -05:00
Peter Maydell f48d1fe391
target-arm: Correctly handle 'sub pc, pc, 1' for ARMv6
In the ARM v6 architecture, 'sub pc, pc, 1' is not an interworking
branch, so the computed new value is written to r15 as a normal
value. The architecture says that in this case, bits [1:0] of
the value written must be ignored if we are in ARM mode (or
bit [0] ignored if in Thumb mode); this is a change from the
ARMv4/v5 specification that behaviour is UNPREDICTABLE.
Use the correct mask on the PC value when doing a non-interworking
store to PC.

A popular library used on RaspberryPi uses this instruction
as part of a trick to determine whether it is running on
ARMv6 or ARMv7, and we were mishandling the sequence.

Fixes bug: https://bugs.launchpad.net/bugs/1625295

Backports commit 9b6a3ea7a699594162ed3d11e4e04b98568dc5c0 from qemu
2018-02-26 05:02:32 -05:00
Edgar E. Iglesias dedab81d68
target-arm: A64: Fix decoding of iss_sf in disas_ld_lit
Fix the decoding of iss_sf in disas_ld_lit.
The SF (Sixty-Four) field in the ISS (Instruction Specific Syndrome)
is a bit that specifies the width of the register that the
instruction loads to.

If cleared it specifies 32 bits.
If set it specifies 64 bits.

Backports commit 173ff58580b383a7841b18fddb293038c9d40d1c from qemu
2018-02-26 05:01:33 -05:00
Evgeny Yakovlev fa9d708fbd
target-i386: Correct family/model/stepping for Opteron_G3
Current CPU definition for AMD Opteron third generation includes
features like SSE4a and LAHF_LM support in emulated CPUID. These
features are present in K8 rev.E or K10 CPUs and later. However,
current G3 family and model describe 2nd generation K8 cores instead.

This is incorrect but was considered harmless until our tests found a
problem with linux kernels >= 3.10 (and maybe earlier) which specifically
check for Opteron K8 model when parsing CPUID leaf 0x80000001:
http://lxr.free-electrons.com/source/arch/x86/kernel/cpu/amd.c?v=3.16#L552
This code will disable LAHF_LM feature in /proc/cpuinfo if model number
is inconsistent.

This change sets Opteron_G3 family/model/stepping to 16/2/3 which is
a proper Opteron 3rd generation 2350 CPU.

Backports commit 339892d758efb2d0954160d41736a0eac9875d67 from qemu
2018-02-26 04:59:18 -05:00
Eduardo Habkost b7f434373b
target-i386: Report known CPUID[EAX=0xD,ECX=0]:EAX bits as migratable
A regression was introduced by commit 96193c22a "target-i386:
Move xsave component mask to features array": all
CPUID[EAX=0xD,ECX=0]:EAX bits were being reported as unmigratable
because they don't have feature names defined. This broke
"-cpu host" because it enables only migratable features by
default.

This adds a new field to FeatureWordInfo: migratable_flags, which
will make those features be reported as migratable even if they
don't have a property name defined.

Backports commit 6fb2fff75dceed1716e757882a6dfbadd9042407 from qemu
2018-02-26 04:58:05 -05:00
Alex Bennée 33589eb75f
cpus: pass CPUState to run_on_cpu helpers
CPUState is a fairly common pointer to pass to these helpers. This means
if you need other arguments for the async_run_on_cpu case you end up
having to do a g_malloc to stuff additional data into the routine. For
the current users this isn't a massive deal but for MTTCG this gets
cumbersome when the only other parameter is often an address.

This adds the typedef run_on_cpu_func for helper functions which has an
explicit CPUState * passed as the first parameter. All the users of
run_on_cpu and async_run_on_cpu have had their helpers updated to use
CPUState where available.

Backports commit e0eeb4a21a3ca4b296220ce4449d8acef9de9049 from qemu
2018-02-26 04:54:55 -05:00
Felipe Franciosi 0ed8880525
compiler: Swap 'public domain' header for license
As discussed on the list [1], having a comment stating that this file
is "public domain" is arguably wrong and not legally binding. This patch
replaces that comment with a clear GPLv2+ license as proposed in [2].

[1] http://lists.nongnu.org/archive/html/qemu-devel/2016-09/msg06151.html
[2] http://lists.nongnu.org/archive/html/qemu-devel/2016-09/msg06217.html

Worth noting, compiler.h was originally created on 5c026320 by splitting
qemu-common.h. At the time, qemu-common.h was already GPLv2+.

Backports commit cc9d8a3b2c41c22fb09f90f3085e6036c199c3ca from qemu
2018-02-26 04:49:45 -05:00
Eduardo Habkost 49c04d7104
target-i386: Clear KVM CPUID features if KVM is disabled
This will ensure all checks for features[FEAT_KVM] in the code
will be correct in case the KVM CPUID leaf is completely
disabled.

Backports commit aec661de86894e914d2d82431d9cefa9a9a40213 from qemu
2018-02-26 04:47:05 -05:00
Eduardo Habkost f29384c810
target-i386: Move xsave component mask to features array
This will reuse the existing check/enforce logic in
x86_cpu_filter_features() to check the xsave component bits
against GET_SUPPORTED_CPUID.

Backports commit 96193c22ab39ea24f81e386ad7883260ff24f5fd from qemu
2018-02-26 04:45:35 -05:00
Eduardo Habkost 3fb3e6672b
target-i386: xsave: Calculate set of xsave components on realize
Instead of doing complex calculations and calling
kvm_arch_get_supported_cpuid() inside cpu_x86_cpuid(), calculate
the set of required XSAVE components earlier, at realize time.

Backports commit 2ca8a8becc2eeb5262e478ce502f5daa53f3d0bc from qemu
2018-02-26 04:40:41 -05:00
Eduardo Habkost 28f002cbaf
target-i386: xsave: Helper function to calculate xsave area size
Move the xsave area size calculation from cpu_x86_cpuid() inside
its own function. While doing it, change it to use the XSAVE area
struct sizes for the initial size, instead of the magic 0x240
number.

Backports commit 1fda6198e4126af9988754c8824cfc9928649890 from qemu
2018-02-26 04:36:27 -05:00
Eduardo Habkost c35e9eb9af
target-i386: xsave: Simplify CPUID[0xD,0].{EAX,EDX} calculation
Instead of assigning individual bits in a loop, just copy the
values from ena_mask.

Backports commit 8057c621b1b17cbcb35fe67d1a09ada9055873a9 from qemu
2018-02-26 04:35:14 -05:00
Eduardo Habkost c7195afd32
target-i386: xsave: Calculate enabled components only once
Instead of checking both env->features and ena_mask at two
different places in the CPUID code, initialize ena_mask based on
the features that are enabled for the CPU, and then clear
unsupported bits based on kvm_arch_get_supported_cpuid().

The results should be exactly the same, but it will make it
easier to move the mask calculation elsewhare, and reuse
x86_cpu_filter_features() for the kvm_arch_get_supported_cpuid()
check.

Backports commit 4928cd6de6b4211a79f98c8dc39115be1e815c2b from qemu
2018-02-26 04:33:18 -05:00
Eduardo Habkost c3a0cba5b1
target-i386: Don't try to enable PT State xsave component
The code that calculates the set of supported XSAVE components on
CPUID looks at ext_save_areas to find out which components should
be enabled. However, if there are zeroed entries in the
ext_save_areas array, the
((env->features[esa->feature] & esa->bits) == esa->bits)
check will always succeed and QEMU will unconditionally try to
enable the component.

Luckily this never caused any problems because the only missing
entry in ext_save_areas is the PT State component (bit 8), and
KVM currently doesn't support it (so it was cleared on ena_mask).
But the code was still incorrect and would break if KVM starts
returning CPUID[EAX=0xD,ECX=0].EAX[bit 8] as supported on
GET_SUPPORTED_CPUID.

Fix the problem by changing the code to not enable a XSAVE
component if ExtSaveArea::bits is zero.

Backports commit 9646f4927faf68e8690588c2fd6dc9834c440b58 from qemu
2018-02-26 04:30:35 -05:00