aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony Liguori <aliguori@amazon.com>2013-10-18 10:03:24 -0700
committerAnthony Liguori <aliguori@amazon.com>2013-10-18 10:03:24 -0700
commitfc8ead74674b7129e8f31c2595c76658e5622197 (patch)
tree8d80bc72b7c3a5839069595a729873d5b09603e1
parent3551643eb7198398017829a7d26646de1710b0b6 (diff)
parent7174e54cf14290233f4ae3e989ebc7b507636e77 (diff)
downloadqemu-fc8ead74674b7129e8f31c2595c76658e5622197.zip
qemu-fc8ead74674b7129e8f31c2595c76658e5622197.tar.gz
qemu-fc8ead74674b7129e8f31c2595c76658e5622197.tar.bz2
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
# By Paolo Bonzini (2) and Jan Kiszka (1) # Via Gleb Natapov * qemu-kvm/uq/master: kvmvapic: Prevent reading beyond the end of guest RAM x86: cpuid: reconstruct leaf 0Dh data x86: fix migration from pre-version 12 Message-id: 1382108641-4862-1-git-send-email-pbonzini@redhat.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
-rw-r--r--hw/i386/kvmvapic.c3
-rw-r--r--target-i386/cpu.c66
-rw-r--r--target-i386/cpu.h4
3 files changed, 56 insertions, 17 deletions
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index 1c2dbf5..2d87600 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -596,6 +596,9 @@ static int vapic_map_rom_writable(VAPICROMState *s)
section = memory_region_find(as, 0, 1);
/* read ROM size from RAM region */
+ if (rom_paddr + 2 >= memory_region_size(section.mr)) {
+ return -1;
+ }
ram = memory_region_get_ram_ptr(section.mr);
rom_size = ram[rom_paddr + 2] * ROM_BLOCK_SIZE;
if (rom_size == 0) {
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index d0c9bdb..864c80e 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -328,6 +328,15 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
};
#undef REGISTER
+typedef struct ExtSaveArea {
+ uint32_t feature, bits;
+ uint32_t offset, size;
+} ExtSaveArea;
+
+static const ExtSaveArea ext_save_areas[] = {
+ [2] = { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX,
+ .offset = 0x100, .size = 0x240 },
+};
const char *get_register_name_32(unsigned int reg)
{
@@ -2177,29 +2186,51 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
*edx = 0;
}
break;
- case 0xD:
+ case 0xD: {
+ KVMState *s = cs->kvm_state;
+ uint64_t kvm_mask;
+ int i;
+
/* Processor Extended State */
- if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
- *eax = 0;
- *ebx = 0;
- *ecx = 0;
- *edx = 0;
+ *eax = 0;
+ *ebx = 0;
+ *ecx = 0;
+ *edx = 0;
+ if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) || !kvm_enabled()) {
break;
}
- if (kvm_enabled()) {
- KVMState *s = cs->kvm_state;
+ kvm_mask =
+ kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EAX) |
+ ((uint64_t)kvm_arch_get_supported_cpuid(s, 0xd, 0, R_EDX) << 32);
- *eax = kvm_arch_get_supported_cpuid(s, 0xd, count, R_EAX);
- *ebx = kvm_arch_get_supported_cpuid(s, 0xd, count, R_EBX);
- *ecx = kvm_arch_get_supported_cpuid(s, 0xd, count, R_ECX);
- *edx = kvm_arch_get_supported_cpuid(s, 0xd, count, R_EDX);
- } else {
- *eax = 0;
- *ebx = 0;
- *ecx = 0;
- *edx = 0;
+ if (count == 0) {
+ *ecx = 0x240;
+ for (i = 2; i < ARRAY_SIZE(ext_save_areas); i++) {
+ const ExtSaveArea *esa = &ext_save_areas[i];
+ if ((env->features[esa->feature] & esa->bits) == esa->bits &&
+ (kvm_mask & (1 << i)) != 0) {
+ if (i < 32) {
+ *eax |= 1 << i;
+ } else {
+ *edx |= 1 << (i - 32);
+ }
+ *ecx = MAX(*ecx, esa->offset + esa->size);
+ }
+ }
+ *eax |= kvm_mask & (XSTATE_FP | XSTATE_SSE);
+ *ebx = *ecx;
+ } else if (count == 1) {
+ *eax = kvm_arch_get_supported_cpuid(s, 0xd, 1, R_EAX);
+ } else if (count < ARRAY_SIZE(ext_save_areas)) {
+ const ExtSaveArea *esa = &ext_save_areas[count];
+ if ((env->features[esa->feature] & esa->bits) == esa->bits &&
+ (kvm_mask & (1 << count)) != 0) {
+ *eax = esa->offset;
+ *ebx = esa->size;
+ }
}
break;
+ }
case 0x80000000:
*eax = env->cpuid_xlevel;
*ebx = env->cpuid_vendor1;
@@ -2402,6 +2433,7 @@ static void x86_cpu_reset(CPUState *s)
env->fpuc = 0x37f;
env->mxcsr = 0x1f80;
+ env->xstate_bv = XSTATE_FP | XSTATE_SSE;
env->pat = 0x0007040600070406ULL;
env->msr_ia32_misc_enable = MSR_IA32_MISC_ENABLE_DEFAULT;
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 5723eff..ea373e8 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -380,6 +380,10 @@
#define MSR_VM_HSAVE_PA 0xc0010117
+#define XSTATE_FP 1
+#define XSTATE_SSE 2
+#define XSTATE_YMM 4
+
/* CPUID feature words */
typedef enum FeatureWord {
FEAT_1_EDX, /* CPUID[1].EDX */