Experimental fork of QEMU with video encoding patches https://git.openslx.org/bwlp/qemu.git/atom/target/i386?h=spice_video_codecs 2022-12-01T08:53:24+00:00 2022-12-01T08:53:24+00:00 Richard Henderson 2022-12-01T07:45:22+00:00 urn:sha1:8218c048be1567db9dfd3cf1e19fbff76bce8cfd In get_physical_address, the canonical address check failed to set TranslateFault.stage2, which resulted in an uninitialized read from the struct when reporting the fault in x86_cpu_tlb_fill. Adjust all error paths to use structure assignment so that the entire struct is always initialized. Reported-by: Daniel Hoffman <dhoff749@gmail.com> Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-12-01T08:05:05+00:00 Paolo Bonzini 2022-11-30T14:16:57+00:00 urn:sha1:38e65936a8df1c9e7f5d19eae38a42133fab844b MMX state is saved/restored by FSAVE/FRSTOR so the instructions are not illegal opcodes even if CR4.OSFXSR=0. Make sure that validate_vex takes into account the prefix and only checks HF_OSFXSR_MASK in the presence of an SSE instruction. Fixes: 20581aadec5e ("target/i386: validate VEX prefixes via the instructions' exception classes", 2022-10-18) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1350 Reported-by: Helge Konetzka (@hejko on gitlab.com) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-11-14T23:34:42+00:00 Paolo Bonzini 2022-09-15T00:14:31+00:00 urn:sha1:35d95e4126d83c0bb0de83007494d184f6111b3d When translating code that is using LAHF and SAHF in combination with the REX prefix, the instructions should not use any other register than AH; however, QEMU selects SPL (SP being register 4, just like AH) if the REX prefix is present. To fix this, use deposit directly without going through gen_op_mov_v_reg and gen_op_mov_reg_v. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/130 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-11-14T23:34:42+00:00 Paolo Bonzini 2022-09-11T12:04:36+00:00 urn:sha1:d1bb978ba1654ddc6e927621b554eebb216fb9dd Unlike the memory case, where "the destination operand receives a write cycle without regard to the result of the comparison", rm must not be touched altogether if the write fails, including not zero-extending it on 64-bit processors. This is not how the movcond currently works, because it is always followed by a gen_op_mov_reg_v to rm. To fix it, introduce a new function that is similar to gen_op_mov_reg_v but writes to a TCG temporary. Considering that gen_extu(ot, oldv) is not needed in the memory case either, the two cases for register and memory destinations are different enough that one might as well fuse the two "if (mod == 3)" into one. So do that too. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/508 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [rth: Add a test case ] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-11-03T14:54:37+00:00 Stefan Hajnoczi 2022-11-03T14:54:37+00:00 urn:sha1:7f5acfcb662d32a736d0db41211cc7f340193bdd * bug fixes * reduced memory footprint for IPI virtualization on Intel processors * asynchronous teardown support (Linux only) # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNiVykUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroN0Swf/YxjphCtFgYYSO14WP+7jAnfRZLhm # 0xWChWP8rco5I352OBFeFU64Av5XoLGNn6SZLl8lcg86lQ/G0D27jxu6wOcDDHgw # 0yTDO1gevj51UKsbxoC66OWSZwKTEo398/BHPDcI2W41yOFycSdtrPgspOrFRVvf # 7M3nNjuNPsQorZeuu8NGr3jakqbt99ZDXcyDEWbrEAcmy2JBRMbGgT0Kdnc6aZfW # CvL+1ljxzldNwGeNBbQW2QgODbfHx5cFZcy4Daze35l5Ra7K/FrgAzr6o/HXptya # 9fEs5LJQ1JWI6JtpaWwFy7fcIIOsJ0YW/hWWQZSDt9JdAJFE5/+vF+Kz5Q== # =CgrO # -----END PGP SIGNATURE----- # gpg: Signature made Wed 02 Nov 2022 07:40:25 EDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: target/i386: Fix test for paging enabled util/log: Close per-thread log file on thread termination target/i386: Set maximum APIC ID to KVM prior to vCPU creation os-posix: asynchronous teardown for shutdown on Linux target/i386: Fix calculation of LOCK NEG eflags Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> 2022-11-02T11:35:16+00:00 Richard Henderson 2022-11-02T09:12:32+00:00 urn:sha1:03a60ae9cac546d05b076676491ed1606f9d9066 If CR0.PG is unset, pg_mode will be zero, but it will also be zero for non-PAE/non-PSE page tables with CR0.WP=0. Restore the correct test for paging enabled. Fixes: 98281984a37 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269 Reported-by: Andreas Gustafsson <gson@gson.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221102091232.1092552-1-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-10-31T21:31:41+00:00 Richard Henderson 2022-10-24T06:16:30+00:00 urn:sha1:631793308679cf0436cd7145a9ff318331c982c9 The helpers for reset_rf, cli, sti, clac, stac are completely trivial; implement them inline. Drop some nearby #if 0 code. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-10-31T21:31:41+00:00 Richard Henderson 2022-10-24T13:09:57+00:00 urn:sha1:3d419a4dd227f174447e0b3978028a1cd52ccc5e The value passed is always true, and if the target's synchronize_from_tb hook is non-trivial, not exiting may be erroneous. Reviewed-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-10-31T21:31:37+00:00 Richard Henderson 2022-10-24T12:45:29+00:00 urn:sha1:f484f213c9f4ae1cd30ebdaadc7b539d745d39fb Avoid cpu_restore_state, and modifying env->eip out from underneath the translator with TARGET_TB_PCREL. There is some slight duplication from x86_restore_state_to_opc, but it's just a few lines. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269 Reviewed-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-10-31T08:46:34+00:00 Zeng Guang 2022-08-25T02:52:46+00:00 urn:sha1:19e2a9fb9da067acba95b3be83588bda5a3f6a99 Specify maximum possible APIC ID assigned for current VM session to KVM prior to the creation of vCPUs. By this setting, KVM can set up VM-scoped data structure indexed by the APIC ID, e.g. Posted-Interrupt Descriptor pointer table to support Intel IPI virtualization, with the most optimal memory footprint. It can be achieved by calling KVM_ENABLE_CAP for KVM_CAP_MAX_VCPU_ID capability once KVM has enabled it. Ignoring the return error if KVM doesn't support this capability yet. Signed-off-by: Zeng Guang <guang.zeng@intel.com> Acked-by: Peter Xu <peterx@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20220825025246.26618-1-guang.zeng@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>