diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-07-11 22:20:51 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-07-11 22:20:51 +0100 |
| commit | d1987c8114921eb30859854de664f879b5626da7 (patch) | |
| tree | fc52e32918b955c996e73018e31f26caf119cc92 /target/i386/tcg | |
| parent | 86108e23d798bcd3fce35ad271b198f8a8611746 (diff) | |
| parent | 411ad8dd80077e98ed465775b044caf1a9482f6c (diff) | |
| download | qemu-d1987c8114921eb30859854de664f879b5626da7.zip qemu-d1987c8114921eb30859854de664f879b5626da7.tar.gz qemu-d1987c8114921eb30859854de664f879b5626da7.tar.bz2 | |
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* More SVM fixes (Lara)
* Module annotation database (Gerd)
* Memory leak fixes (myself)
* Build fixes (myself)
* --with-devices-* support (Alex)
# gpg: Signature made Fri 09 Jul 2021 17:23:52 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (48 commits)
meson: Use input/output for entitlements target
configure: allow the selection of alternate config in the build
configs: rename default-configs to configs and reorganise
hw/arm: move CONFIG_V7M out of default-devices
hw/arm: add dependency on OR_IRQ for XLNX_VERSAL
meson: Introduce target-specific Kconfig
meson: switch function tests from compilation to linking
vl: fix leak of qdict_crumple return value
target/i386: fix exceptions for MOV to DR
target/i386: Added DR6 and DR7 consistency checks
target/i386: Added MSRPM and IOPM size check
monitor/tcg: move tcg hmp commands to accel/tcg, register them dynamically
usb: build usb-host as module
monitor/usb: register 'info usbhost' dynamically
usb: drop usb_host_dev_is_scsi_storage hook
monitor: allow register hmp commands
accel: build tcg modular
accel: add tcg module annotations
accel: build qtest modular
accel: add qtest module annotations
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target/i386/tcg')
| -rw-r--r-- | target/i386/tcg/bpt_helper.c | 21 | ||||
| -rw-r--r-- | target/i386/tcg/sysemu/bpt_helper.c | 47 | ||||
| -rw-r--r-- | target/i386/tcg/sysemu/svm_helper.c | 24 | ||||
| -rw-r--r-- | target/i386/tcg/translate.c | 1 |
4 files changed, 53 insertions, 40 deletions
diff --git a/target/i386/tcg/bpt_helper.c b/target/i386/tcg/bpt_helper.c index 83cd895..b6c1fff 100644 --- a/target/i386/tcg/bpt_helper.c +++ b/target/i386/tcg/bpt_helper.c @@ -37,24 +37,3 @@ void helper_rechecking_single_step(CPUX86State *env) helper_single_step(env); } } - -target_ulong helper_get_dr(CPUX86State *env, int reg) -{ - switch (reg) { - case 0: case 1: case 2: case 3: case 6: case 7: - return env->dr[reg]; - case 4: - if (env->cr[4] & CR4_DE_MASK) { - break; - } else { - return env->dr[6]; - } - case 5: - if (env->cr[4] & CR4_DE_MASK) { - break; - } else { - return env->dr[7]; - } - } - raise_exception_err_ra(env, EXCP06_ILLOP, 0, GETPC()); -} diff --git a/target/i386/tcg/sysemu/bpt_helper.c b/target/i386/tcg/sysemu/bpt_helper.c index 9bdf7e1..805118c 100644 --- a/target/i386/tcg/sysemu/bpt_helper.c +++ b/target/i386/tcg/sysemu/bpt_helper.c @@ -234,10 +234,30 @@ void breakpoint_handler(CPUState *cs) } } +target_ulong helper_get_dr(CPUX86State *env, int reg) +{ + if (reg >= 4 && reg < 6) { + if (env->cr[4] & CR4_DE_MASK) { + raise_exception_ra(env, EXCP06_ILLOP, GETPC()); + } else { + reg += 2; + } + } + + return env->dr[reg]; +} + void helper_set_dr(CPUX86State *env, int reg, target_ulong t0) { - switch (reg) { - case 0: case 1: case 2: case 3: + if (reg >= 4 && reg < 6) { + if (env->cr[4] & CR4_DE_MASK) { + raise_exception_ra(env, EXCP06_ILLOP, GETPC()); + } else { + reg += 2; + } + } + + if (reg < 4) { if (hw_breakpoint_enabled(env->dr[7], reg) && hw_breakpoint_type(env->dr[7], reg) != DR7_TYPE_IO_RW) { hw_breakpoint_remove(env, reg); @@ -246,25 +266,16 @@ void helper_set_dr(CPUX86State *env, int reg, target_ulong t0) } else { env->dr[reg] = t0; } - return; - case 4: - if (env->cr[4] & CR4_DE_MASK) { - break; + } else { + if (t0 & DR_RESERVED_MASK) { + raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC()); } - /* fallthru */ - case 6: - env->dr[6] = t0 | DR6_FIXED_1; - return; - case 5: - if (env->cr[4] & CR4_DE_MASK) { - break; + if (reg == 6) { + env->dr[6] = t0 | DR6_FIXED_1; + } else { + cpu_x86_update_dr7(env, t0); } - /* fallthru */ - case 7: - cpu_x86_update_dr7(env, t0); - return; } - raise_exception_err_ra(env, EXCP06_ILLOP, 0, GETPC()); } /* Check if Port I/O is trapped by a breakpoint. */ diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c index 1c2dbc1..00618cf 100644 --- a/target/i386/tcg/sysemu/svm_helper.c +++ b/target/i386/tcg/sysemu/svm_helper.c @@ -68,6 +68,7 @@ static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr, void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) { CPUState *cs = env_cpu(env); + X86CPU *cpu = env_archcpu(env); target_ulong addr; uint64_t nested_ctl; uint32_t event_inj; @@ -159,6 +160,20 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) asid = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.asid)); + uint64_t msrpm_base_pa = x86_ldq_phys(cs, env->vm_vmcb + + offsetof(struct vmcb, + control.msrpm_base_pa)); + uint64_t iopm_base_pa = x86_ldq_phys(cs, env->vm_vmcb + + offsetof(struct vmcb, control.iopm_base_pa)); + + if ((msrpm_base_pa & ~0xfff) >= (1ull << cpu->phys_bits) - SVM_MSRPM_SIZE) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } + + if ((iopm_base_pa & ~0xfff) >= (1ull << cpu->phys_bits) - SVM_IOPM_SIZE) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } + env->nested_pg_mode = 0; if (!cpu_svm_has_intercept(env, SVM_EXIT_VMRUN)) { @@ -254,7 +269,14 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend) env->dr[6] = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, save.dr6)); - /* FIXME: guest state consistency checks */ +#ifdef TARGET_X86_64 + if (env->dr[6] & DR_RESERVED_MASK) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } + if (env->dr[7] & DR_RESERVED_MASK) { + cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC()); + } +#endif switch (x86_ldub_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) { diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index b21873e..9e445b9 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -206,6 +206,7 @@ STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val) STUB_HELPER(rdmsr, TCGv_env env) STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) +STUB_HELPER(get_dr, TCGv ret, TCGv_env env, TCGv_i32 reg) STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) STUB_HELPER(stgi, TCGv_env env) STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) |