]> git.proxmox.com Git - mirror_qemu.git/blame - target/i386/hvf-all.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
i386: hvf: implement vga dirty page tracking
[mirror_qemu.git] / target / i386 / hvf-all.c
CommitLineData
c97d6d2c
SAGDR		 1/* Copyright 2008 IBM Corporation
2 * 2008 Red Hat, Inc.
3 * Copyright 2011 Intel Corporation
4 * Copyright 2016 Veertu, Inc.
5 * Copyright 2017 The Android Open Source Project
6 *
7 * QEMU Hypervisor.framework support
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of version 2 of the GNU General Public
11 * License as published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
20 */
21#include "qemu/osdep.h"
22#include "qemu-common.h"
23#include "qemu/error-report.h"
24
25#include "sysemu/hvf.h"
26#include "hvf-i386.h"
27#include "hvf-utils/vmcs.h"
28#include "hvf-utils/vmx.h"
29#include "hvf-utils/x86.h"
30#include "hvf-utils/x86_descr.h"
31#include "hvf-utils/x86_mmu.h"
32#include "hvf-utils/x86_decode.h"
33#include "hvf-utils/x86_emu.h"
996feed4 34#include "hvf-utils/x86_task.h"
c97d6d2c
SAGDR		 35#include "hvf-utils/x86hvf.h"
36
37#include <Hypervisor/hv.h>
38#include <Hypervisor/hv_vmx.h>
39
40#include "exec/address-spaces.h"
41#include "exec/exec-all.h"
42#include "exec/ioport.h"
43#include "hw/i386/apic_internal.h"
44#include "hw/boards.h"
45#include "qemu/main-loop.h"
46#include "strings.h"
47#include "trace.h"
48#include "sysemu/accel.h"
49#include "sysemu/sysemu.h"
50#include "target/i386/cpu.h"
51
52pthread_rwlock_t mem_lock = PTHREAD_RWLOCK_INITIALIZER;
53HVFState *hvf_state;
54int hvf_disabled = 1;
55
56static void assert_hvf_ok(hv_return_t ret)
57{
58 if (ret == HV_SUCCESS) {
59 return;
60 }
61
62 switch (ret) {
63 case HV_ERROR:
64 error_report("Error: HV_ERROR\n");
65 break;
66 case HV_BUSY:
67 error_report("Error: HV_BUSY\n");
68 break;
69 case HV_BAD_ARGUMENT:
70 error_report("Error: HV_BAD_ARGUMENT\n");
71 break;
72 case HV_NO_RESOURCES:
73 error_report("Error: HV_NO_RESOURCES\n");
74 break;
75 case HV_NO_DEVICE:
76 error_report("Error: HV_NO_DEVICE\n");
77 break;
78 case HV_UNSUPPORTED:
79 error_report("Error: HV_UNSUPPORTED\n");
80 break;
81 default:
82 error_report("Unknown Error\n");
83 }
84
85 abort();
86}
87
88/* Memory slots */
89hvf_slot *hvf_find_overlap_slot(uint64_t start, uint64_t end)
90{
91 hvf_slot *slot;
92 int x;
93 for (x = 0; x < hvf_state->num_slots; ++x) {
94 slot = &hvf_state->slots[x];
95 if (slot->size && start < (slot->start + slot->size) &&
96 end > slot->start) {
97 return slot;
98 }
99 }
100 return NULL;
101}
102
103struct mac_slot {
104 int present;
105 uint64_t size;
106 uint64_t gpa_start;
107 uint64_t gva;
108};
109
110struct mac_slot mac_slots[32];
111#define ALIGN(x, y) (((x) + (y) - 1) & ~((y) - 1))
112
113static int do_hvf_set_memory(hvf_slot *slot)
114{
115 struct mac_slot *macslot;
116 hv_memory_flags_t flags;
117 hv_return_t ret;
118
119 macslot = &mac_slots[slot->slot_id];
120
121 if (macslot->present) {
122 if (macslot->size != slot->size) {
123 macslot->present = 0;
124 ret = hv_vm_unmap(macslot->gpa_start, macslot->size);
125 assert_hvf_ok(ret);
126 }
127 }
128
129 if (!slot->size) {
130 return 0;
131 }
132
133 flags = HV_MEMORY_READ | HV_MEMORY_WRITE | HV_MEMORY_EXEC;
134
135 macslot->present = 1;
136 macslot->gpa_start = slot->start;
137 macslot->size = slot->size;
138 ret = hv_vm_map((hv_uvaddr_t)slot->mem, slot->start, slot->size, flags);
139 assert_hvf_ok(ret);
140 return 0;
141}
142
143void hvf_set_phys_mem(MemoryRegionSection *section, bool add)
144{
145 hvf_slot *mem;
146 MemoryRegion *area = section->mr;
147
148 if (!memory_region_is_ram(area)) {
149 return;
150 }
151
152 mem = hvf_find_overlap_slot(
153 section->offset_within_address_space,
154 section->offset_within_address_space + int128_get64(section->size));
155
156 if (mem && add) {
157 if (mem->size == int128_get64(section->size) &&
158 mem->start == section->offset_within_address_space &&
159 mem->mem == (memory_region_get_ram_ptr(area) +
160 section->offset_within_region)) {
161 return; /* Same region was attempted to register, go away. */
162 }
163 }
164
165 /* Region needs to be reset. set the size to 0 and remap it. */
166 if (mem) {
167 mem->size = 0;
168 if (do_hvf_set_memory(mem)) {
169 error_report("Failed to reset overlapping slot\n");
170 abort();
171 }
172 }
173
174 if (!add) {
175 return;
176 }
177
178 /* Now make a new slot. */
179 int x;
180
181 for (x = 0; x < hvf_state->num_slots; ++x) {
182 mem = &hvf_state->slots[x];
183 if (!mem->size) {
184 break;
185 }
186 }
187
188 if (x == hvf_state->num_slots) {
189 error_report("No free slots\n");
190 abort();
191 }
192
193 mem->size = int128_get64(section->size);
194 mem->mem = memory_region_get_ram_ptr(area) + section->offset_within_region;
195 mem->start = section->offset_within_address_space;
babfa20c 196 mem->region = area;
c97d6d2c
SAGDR		 197
198 if (do_hvf_set_memory(mem)) {
199 error_report("Error registering new memory slot\n");
200 abort();
201 }
202}
203
204void vmx_update_tpr(CPUState *cpu)
205{
206 /* TODO: need integrate APIC handling */
207 X86CPU *x86_cpu = X86_CPU(cpu);
208 int tpr = cpu_get_apic_tpr(x86_cpu->apic_state) << 4;
209 int irr = apic_get_highest_priority_irr(x86_cpu->apic_state);
210
211 wreg(cpu->hvf_fd, HV_X86_TPR, tpr);
212 if (irr == -1) {
213 wvmcs(cpu->hvf_fd, VMCS_TPR_THRESHOLD, 0);
214 } else {
215 wvmcs(cpu->hvf_fd, VMCS_TPR_THRESHOLD, (irr > tpr) ? tpr >> 4 :
216 irr >> 4);
217 }
218}
219
220void update_apic_tpr(CPUState *cpu)
221{
222 X86CPU *x86_cpu = X86_CPU(cpu);
223 int tpr = rreg(cpu->hvf_fd, HV_X86_TPR) >> 4;
224 cpu_set_apic_tpr(x86_cpu->apic_state, tpr);
225}
226
227#define VECTORING_INFO_VECTOR_MASK 0xff
228
c97d6d2c
SAGDR		 229static void hvf_handle_interrupt(CPUState * cpu, int mask)
230{
231 cpu->interrupt_request |= mask;
232 if (!qemu_cpu_is_self(cpu)) {
233 qemu_cpu_kick(cpu);
234 }
235}
236
237void hvf_handle_io(CPUArchState *env, uint16_t port, void *buffer,
238 int direction, int size, int count)
239{
240 int i;
241 uint8_t *ptr = buffer;
242
243 for (i = 0; i < count; i++) {
244 address_space_rw(&address_space_io, port, MEMTXATTRS_UNSPECIFIED,
245 ptr, size,
246 direction);
247 ptr += size;
248 }
249}
250
251/* TODO: synchronize vcpu state */
252static void do_hvf_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data arg)
253{
254 CPUState *cpu_state = cpu;
255 if (cpu_state->vcpu_dirty == 0) {
256 hvf_get_registers(cpu_state);
257 }
258
259 cpu_state->vcpu_dirty = 1;
260}
261
262void hvf_cpu_synchronize_state(CPUState *cpu_state)
263{
264 if (cpu_state->vcpu_dirty == 0) {
265 run_on_cpu(cpu_state, do_hvf_cpu_synchronize_state, RUN_ON_CPU_NULL);
266 }
267}
268
269static void do_hvf_cpu_synchronize_post_reset(CPUState *cpu, run_on_cpu_data arg)
270{
271 CPUState *cpu_state = cpu;
272 hvf_put_registers(cpu_state);
273 cpu_state->vcpu_dirty = false;
274}
275
276void hvf_cpu_synchronize_post_reset(CPUState *cpu_state)
277{
278 run_on_cpu(cpu_state, do_hvf_cpu_synchronize_post_reset, RUN_ON_CPU_NULL);
279}
280
281void _hvf_cpu_synchronize_post_init(CPUState *cpu, run_on_cpu_data arg)
282{
283 CPUState *cpu_state = cpu;
284 hvf_put_registers(cpu_state);
285 cpu_state->vcpu_dirty = false;
286}
287
288void hvf_cpu_synchronize_post_init(CPUState *cpu_state)
289{
290 run_on_cpu(cpu_state, _hvf_cpu_synchronize_post_init, RUN_ON_CPU_NULL);
291}
292
babfa20c 293static bool ept_emulation_fault(hvf_slot *slot, addr_t gpa, uint64_t ept_qual)
c97d6d2c
SAGDR		 294{
295 int read, write;
296
297 /* EPT fault on an instruction fetch doesn't make sense here */
298 if (ept_qual & EPT_VIOLATION_INST_FETCH) {
299 return false;
300 }
301
302 /* EPT fault must be a read fault or a write fault */
303 read = ept_qual & EPT_VIOLATION_DATA_READ ? 1 : 0;
304 write = ept_qual & EPT_VIOLATION_DATA_WRITE ? 1 : 0;
305 if ((read | write) == 0) {
306 return false;
307 }
308
babfa20c
SAGDR		 309 if (write && slot) {
310 if (slot->flags & HVF_SLOT_LOG) {
311 memory_region_set_dirty(slot->region, gpa - slot->start, 1);
312 hv_vm_protect((hv_gpaddr_t)slot->start, (size_t)slot->size,
313 HV_MEMORY_READ | HV_MEMORY_WRITE);
314 }
315 }
316
c97d6d2c
SAGDR		 317 /*
318 * The EPT violation must have been caused by accessing a
319 * guest-physical address that is a translation of a guest-linear
320 * address.
321 */
322 if ((ept_qual & EPT_VIOLATION_GLA_VALID) == 0 ||
323 (ept_qual & EPT_VIOLATION_XLAT_VALID) == 0) {
324 return false;
325 }
326
babfa20c
SAGDR		 327 return !slot;
328}
329
330static void hvf_set_dirty_tracking(MemoryRegionSection *section, bool on)
331{
332 hvf_slot *slot;
333
334 slot = hvf_find_overlap_slot(
335 section->offset_within_address_space,
336 section->offset_within_address_space + int128_get64(section->size));
337
338 /* protect region against writes; begin tracking it */
339 if (on) {
340 slot->flags |= HVF_SLOT_LOG;
341 hv_vm_protect((hv_gpaddr_t)slot->start, (size_t)slot->size,
342 HV_MEMORY_READ);
343 /* stop tracking region*/
344 } else {
345 slot->flags &= ~HVF_SLOT_LOG;
346 hv_vm_protect((hv_gpaddr_t)slot->start, (size_t)slot->size,
347 HV_MEMORY_READ | HV_MEMORY_WRITE);
348 }
349}
350
351static void hvf_log_start(MemoryListener *listener,
352 MemoryRegionSection *section, int old, int new)
353{
354 if (old != 0) {
355 return;
356 }
357
358 hvf_set_dirty_tracking(section, 1);
359}
360
361static void hvf_log_stop(MemoryListener *listener,
362 MemoryRegionSection *section, int old, int new)
363{
364 if (new != 0) {
365 return;
366 }
367
368 hvf_set_dirty_tracking(section, 0);
369}
370
371static void hvf_log_sync(MemoryListener *listener,
372 MemoryRegionSection *section)
373{
374 /*
375 * sync of dirty pages is handled elsewhere; just make sure we keep
376 * tracking the region.
377 */
378 hvf_set_dirty_tracking(section, 1);
c97d6d2c
SAGDR		 379}
380
381static void hvf_region_add(MemoryListener *listener,
382 MemoryRegionSection *section)
383{
384 hvf_set_phys_mem(section, true);
385}
386
387static void hvf_region_del(MemoryListener *listener,
388 MemoryRegionSection *section)
389{
390 hvf_set_phys_mem(section, false);
391}
392
393static MemoryListener hvf_memory_listener = {
394 .priority = 10,
395 .region_add = hvf_region_add,
396 .region_del = hvf_region_del,
babfa20c
SAGDR		 397 .log_start = hvf_log_start,
398 .log_stop = hvf_log_stop,
399 .log_sync = hvf_log_sync,
c97d6d2c
SAGDR		 400};
401
402void hvf_reset_vcpu(CPUState *cpu) {
403
404 /* TODO: this shouldn't be needed; there is already a call to
405 * cpu_synchronize_all_post_reset in vl.c
406 */
407 wvmcs(cpu->hvf_fd, VMCS_ENTRY_CTLS, 0);
408 wvmcs(cpu->hvf_fd, VMCS_GUEST_IA32_EFER, 0);
409 macvm_set_cr0(cpu->hvf_fd, 0x60000010);
410
411 wvmcs(cpu->hvf_fd, VMCS_CR4_MASK, CR4_VMXE_MASK);
412 wvmcs(cpu->hvf_fd, VMCS_CR4_SHADOW, 0x0);
413 wvmcs(cpu->hvf_fd, VMCS_GUEST_CR4, CR4_VMXE_MASK);
414
415 /* set VMCS guest state fields */
416 wvmcs(cpu->hvf_fd, VMCS_GUEST_CS_SELECTOR, 0xf000);
417 wvmcs(cpu->hvf_fd, VMCS_GUEST_CS_LIMIT, 0xffff);
418 wvmcs(cpu->hvf_fd, VMCS_GUEST_CS_ACCESS_RIGHTS, 0x9b);
419 wvmcs(cpu->hvf_fd, VMCS_GUEST_CS_BASE, 0xffff0000);
420
421 wvmcs(cpu->hvf_fd, VMCS_GUEST_DS_SELECTOR, 0);
422 wvmcs(cpu->hvf_fd, VMCS_GUEST_DS_LIMIT, 0xffff);
423 wvmcs(cpu->hvf_fd, VMCS_GUEST_DS_ACCESS_RIGHTS, 0x93);
424 wvmcs(cpu->hvf_fd, VMCS_GUEST_DS_BASE, 0);
425
426 wvmcs(cpu->hvf_fd, VMCS_GUEST_ES_SELECTOR, 0);
427 wvmcs(cpu->hvf_fd, VMCS_GUEST_ES_LIMIT, 0xffff);
428 wvmcs(cpu->hvf_fd, VMCS_GUEST_ES_ACCESS_RIGHTS, 0x93);
429 wvmcs(cpu->hvf_fd, VMCS_GUEST_ES_BASE, 0);
430
431 wvmcs(cpu->hvf_fd, VMCS_GUEST_FS_SELECTOR, 0);
432 wvmcs(cpu->hvf_fd, VMCS_GUEST_FS_LIMIT, 0xffff);
433 wvmcs(cpu->hvf_fd, VMCS_GUEST_FS_ACCESS_RIGHTS, 0x93);
434 wvmcs(cpu->hvf_fd, VMCS_GUEST_FS_BASE, 0);
435
436 wvmcs(cpu->hvf_fd, VMCS_GUEST_GS_SELECTOR, 0);
437 wvmcs(cpu->hvf_fd, VMCS_GUEST_GS_LIMIT, 0xffff);
438 wvmcs(cpu->hvf_fd, VMCS_GUEST_GS_ACCESS_RIGHTS, 0x93);
439 wvmcs(cpu->hvf_fd, VMCS_GUEST_GS_BASE, 0);
440
441 wvmcs(cpu->hvf_fd, VMCS_GUEST_SS_SELECTOR, 0);
442 wvmcs(cpu->hvf_fd, VMCS_GUEST_SS_LIMIT, 0xffff);
443 wvmcs(cpu->hvf_fd, VMCS_GUEST_SS_ACCESS_RIGHTS, 0x93);
444 wvmcs(cpu->hvf_fd, VMCS_GUEST_SS_BASE, 0);
445
446 wvmcs(cpu->hvf_fd, VMCS_GUEST_LDTR_SELECTOR, 0);
447 wvmcs(cpu->hvf_fd, VMCS_GUEST_LDTR_LIMIT, 0);
448 wvmcs(cpu->hvf_fd, VMCS_GUEST_LDTR_ACCESS_RIGHTS, 0x10000);
449 wvmcs(cpu->hvf_fd, VMCS_GUEST_LDTR_BASE, 0);
450
451 wvmcs(cpu->hvf_fd, VMCS_GUEST_TR_SELECTOR, 0);
452 wvmcs(cpu->hvf_fd, VMCS_GUEST_TR_LIMIT, 0);
453 wvmcs(cpu->hvf_fd, VMCS_GUEST_TR_ACCESS_RIGHTS, 0x83);
454 wvmcs(cpu->hvf_fd, VMCS_GUEST_TR_BASE, 0);
455
456 wvmcs(cpu->hvf_fd, VMCS_GUEST_GDTR_LIMIT, 0);
457 wvmcs(cpu->hvf_fd, VMCS_GUEST_GDTR_BASE, 0);
458
459 wvmcs(cpu->hvf_fd, VMCS_GUEST_IDTR_LIMIT, 0);
460 wvmcs(cpu->hvf_fd, VMCS_GUEST_IDTR_BASE, 0);
461
462 /*wvmcs(cpu->hvf_fd, VMCS_GUEST_CR2, 0x0);*/
463 wvmcs(cpu->hvf_fd, VMCS_GUEST_CR3, 0x0);
464
465 wreg(cpu->hvf_fd, HV_X86_RIP, 0xfff0);
466 wreg(cpu->hvf_fd, HV_X86_RDX, 0x623);
467 wreg(cpu->hvf_fd, HV_X86_RFLAGS, 0x2);
468 wreg(cpu->hvf_fd, HV_X86_RSP, 0x0);
469 wreg(cpu->hvf_fd, HV_X86_RAX, 0x0);
470 wreg(cpu->hvf_fd, HV_X86_RBX, 0x0);
471 wreg(cpu->hvf_fd, HV_X86_RCX, 0x0);
472 wreg(cpu->hvf_fd, HV_X86_RSI, 0x0);
473 wreg(cpu->hvf_fd, HV_X86_RDI, 0x0);
474 wreg(cpu->hvf_fd, HV_X86_RBP, 0x0);
475
476 for (int i = 0; i < 8; i++) {
477 wreg(cpu->hvf_fd, HV_X86_R8 + i, 0x0);
478 }
479
480 hv_vm_sync_tsc(0);
481 cpu->halted = 0;
482 hv_vcpu_invalidate_tlb(cpu->hvf_fd);
483 hv_vcpu_flush(cpu->hvf_fd);
484}
485
486void hvf_vcpu_destroy(CPUState *cpu)
487{
488 hv_return_t ret = hv_vcpu_destroy((hv_vcpuid_t)cpu->hvf_fd);
489 assert_hvf_ok(ret);
490}
491
492static void dummy_signal(int sig)
493{
494}
495
496int hvf_init_vcpu(CPUState *cpu)
497{
498
499 X86CPU *x86cpu = X86_CPU(cpu);
500 CPUX86State *env = &x86cpu->env;
501 int r;
502
503 /* init cpu signals */
504 sigset_t set;
505 struct sigaction sigact;
506
507 memset(&sigact, 0, sizeof(sigact));
508 sigact.sa_handler = dummy_signal;
509 sigaction(SIG_IPI, &sigact, NULL);
510
511 pthread_sigmask(SIG_BLOCK, NULL, &set);
512 sigdelset(&set, SIG_IPI);
513
514 init_emu();
515 init_decoder();
516
517 hvf_state->hvf_caps = g_new0(struct hvf_vcpu_caps, 1);
518 env->hvf_emul = g_new0(HVFX86EmulatorState, 1);
519
520 r = hv_vcpu_create((hv_vcpuid_t *)&cpu->hvf_fd, HV_VCPU_DEFAULT);
521 cpu->vcpu_dirty = 1;
522 assert_hvf_ok(r);
523
524 if (hv_vmx_read_capability(HV_VMX_CAP_PINBASED,
525 &hvf_state->hvf_caps->vmx_cap_pinbased)) {
526 abort();
527 }
528 if (hv_vmx_read_capability(HV_VMX_CAP_PROCBASED,
529 &hvf_state->hvf_caps->vmx_cap_procbased)) {
530 abort();
531 }
532 if (hv_vmx_read_capability(HV_VMX_CAP_PROCBASED2,
533 &hvf_state->hvf_caps->vmx_cap_procbased2)) {
534 abort();
535 }
536 if (hv_vmx_read_capability(HV_VMX_CAP_ENTRY,
537 &hvf_state->hvf_caps->vmx_cap_entry)) {
538 abort();
539 }
540
541 /* set VMCS control fields */
542 wvmcs(cpu->hvf_fd, VMCS_PIN_BASED_CTLS,
543 cap2ctrl(hvf_state->hvf_caps->vmx_cap_pinbased,
544 VMCS_PIN_BASED_CTLS_EXTINT |
545 VMCS_PIN_BASED_CTLS_NMI |
546 VMCS_PIN_BASED_CTLS_VNMI));
547 wvmcs(cpu->hvf_fd, VMCS_PRI_PROC_BASED_CTLS,
548 cap2ctrl(hvf_state->hvf_caps->vmx_cap_procbased,
549 VMCS_PRI_PROC_BASED_CTLS_HLT |
550 VMCS_PRI_PROC_BASED_CTLS_MWAIT |
551 VMCS_PRI_PROC_BASED_CTLS_TSC_OFFSET |
552 VMCS_PRI_PROC_BASED_CTLS_TPR_SHADOW) |
553 VMCS_PRI_PROC_BASED_CTLS_SEC_CONTROL);
554 wvmcs(cpu->hvf_fd, VMCS_SEC_PROC_BASED_CTLS,
555 cap2ctrl(hvf_state->hvf_caps->vmx_cap_procbased2,
556 VMCS_PRI_PROC_BASED2_CTLS_APIC_ACCESSES));
557
558 wvmcs(cpu->hvf_fd, VMCS_ENTRY_CTLS, cap2ctrl(hvf_state->hvf_caps->vmx_cap_entry,
559 0));
560 wvmcs(cpu->hvf_fd, VMCS_EXCEPTION_BITMAP, 0); /* Double fault */
561
562 wvmcs(cpu->hvf_fd, VMCS_TPR_THRESHOLD, 0);
563
564 hvf_reset_vcpu(cpu);
565
566 x86cpu = X86_CPU(cpu);
f585195e 567 x86cpu->env.kvm_xsave_buf = qemu_memalign(4096, 4096);
c97d6d2c
SAGDR		 568
569 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_STAR, 1);
570 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_LSTAR, 1);
571 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_CSTAR, 1);
572 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_FMASK, 1);
573 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_FSBASE, 1);
574 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_GSBASE, 1);
575 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_KERNELGSBASE, 1);
576 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_TSC_AUX, 1);
577 /*hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_TSC, 1);*/
578 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_SYSENTER_CS, 1);
579 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_SYSENTER_EIP, 1);
580 hv_vcpu_enable_native_msr(cpu->hvf_fd, MSR_IA32_SYSENTER_ESP, 1);
581
582 return 0;
583}
584
585void hvf_disable(int shouldDisable)
586{
587 hvf_disabled = shouldDisable;
588}
589
590int hvf_vcpu_exec(CPUState *cpu)
591{
592 X86CPU *x86_cpu = X86_CPU(cpu);
593 CPUX86State *env = &x86_cpu->env;
594 int ret = 0;
595 uint64_t rip = 0;
596
597 cpu->halted = 0;
598
599 if (hvf_process_events(cpu)) {
600 return EXCP_HLT;
601 }
602
603 do {
604 if (cpu->vcpu_dirty) {
605 hvf_put_registers(cpu);
606 cpu->vcpu_dirty = false;
607 }
608
609 env->hvf_emul->interruptable =
610 !(rvmcs(cpu->hvf_fd, VMCS_GUEST_INTERRUPTIBILITY) &
611 (VMCS_INTERRUPTIBILITY_STI_BLOCKING |
612 VMCS_INTERRUPTIBILITY_MOVSS_BLOCKING));
613
614 hvf_inject_interrupts(cpu);
615 vmx_update_tpr(cpu);
616
617 qemu_mutex_unlock_iothread();
618 if (!cpu_is_bsp(X86_CPU(cpu)) && cpu->halted) {
619 qemu_mutex_lock_iothread();
620 return EXCP_HLT;
621 }
622
623 hv_return_t r = hv_vcpu_run(cpu->hvf_fd);
624 assert_hvf_ok(r);
625
626 /* handle VMEXIT */
627 uint64_t exit_reason = rvmcs(cpu->hvf_fd, VMCS_EXIT_REASON);
628 uint64_t exit_qual = rvmcs(cpu->hvf_fd, VMCS_EXIT_QUALIFICATION);
629 uint32_t ins_len = (uint32_t)rvmcs(cpu->hvf_fd,
630 VMCS_EXIT_INSTRUCTION_LENGTH);
631 uint64_t idtvec_info = rvmcs(cpu->hvf_fd, VMCS_IDT_VECTORING_INFO);
632 rip = rreg(cpu->hvf_fd, HV_X86_RIP);
633 RFLAGS(env) = rreg(cpu->hvf_fd, HV_X86_RFLAGS);
634 env->eflags = RFLAGS(env);
635
636 qemu_mutex_lock_iothread();
637
638 update_apic_tpr(cpu);
639 current_cpu = cpu;
640
641 ret = 0;
642 switch (exit_reason) {
643 case EXIT_REASON_HLT: {
644 macvm_set_rip(cpu, rip + ins_len);
645 if (!((cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
646 (EFLAGS(env) & IF_MASK))
647 && !(cpu->interrupt_request & CPU_INTERRUPT_NMI) &&
648 !(idtvec_info & VMCS_IDT_VEC_VALID)) {
649 cpu->halted = 1;
650 ret = EXCP_HLT;
651 }
652 ret = EXCP_INTERRUPT;
653 break;
654 }
655 case EXIT_REASON_MWAIT: {
656 ret = EXCP_INTERRUPT;
657 break;
658 }
659 /* Need to check if MMIO or unmmaped fault */
660 case EXIT_REASON_EPT_FAULT:
661 {
662 hvf_slot *slot;
663 addr_t gpa = rvmcs(cpu->hvf_fd, VMCS_GUEST_PHYSICAL_ADDRESS);
664
665 if (((idtvec_info & VMCS_IDT_VEC_VALID) == 0) &&
666 ((exit_qual & EXIT_QUAL_NMIUDTI) != 0)) {
667 vmx_set_nmi_blocking(cpu);
668 }
669
670 slot = hvf_find_overlap_slot(gpa, gpa);
671 /* mmio */
babfa20c 672 if (ept_emulation_fault(slot, gpa, exit_qual)) {
c97d6d2c
SAGDR		 673 struct x86_decode decode;
674
675 load_regs(cpu);
676 env->hvf_emul->fetch_rip = rip;
677
678 decode_instruction(env, &decode);
679 exec_instruction(env, &decode);
680 store_regs(cpu);
681 break;
682 }
c97d6d2c
SAGDR		 683 break;
684 }
685 case EXIT_REASON_INOUT:
686 {
687 uint32_t in = (exit_qual & 8) != 0;
688 uint32_t size = (exit_qual & 7) + 1;
689 uint32_t string = (exit_qual & 16) != 0;
690 uint32_t port = exit_qual >> 16;
691 /*uint32_t rep = (exit_qual & 0x20) != 0;*/
692
693#if 1
694 if (!string && in) {
695 uint64_t val = 0;
696 load_regs(cpu);
697 hvf_handle_io(env, port, &val, 0, size, 1);
698 if (size == 1) {
699 AL(env) = val;
700 } else if (size == 2) {
701 AX(env) = val;
702 } else if (size == 4) {
703 RAX(env) = (uint32_t)val;
704 } else {
705 VM_PANIC("size");
706 }
707 RIP(env) += ins_len;
708 store_regs(cpu);
709 break;
710 } else if (!string && !in) {
711 RAX(env) = rreg(cpu->hvf_fd, HV_X86_RAX);
712 hvf_handle_io(env, port, &RAX(env), 1, size, 1);
713 macvm_set_rip(cpu, rip + ins_len);
714 break;
715 }
716#endif
717 struct x86_decode decode;
718
719 load_regs(cpu);
720 env->hvf_emul->fetch_rip = rip;
721
722 decode_instruction(env, &decode);
723 VM_PANIC_ON(ins_len != decode.len);
724 exec_instruction(env, &decode);
725 store_regs(cpu);
726
727 break;
728 }
729 case EXIT_REASON_CPUID: {
730 uint32_t rax = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RAX);
731 uint32_t rbx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RBX);
732 uint32_t rcx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RCX);
733 uint32_t rdx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RDX);
734
735 cpu_x86_cpuid(env, rax, rcx, &rax, &rbx, &rcx, &rdx);
736
737 wreg(cpu->hvf_fd, HV_X86_RAX, rax);
738 wreg(cpu->hvf_fd, HV_X86_RBX, rbx);
739 wreg(cpu->hvf_fd, HV_X86_RCX, rcx);
740 wreg(cpu->hvf_fd, HV_X86_RDX, rdx);
741
742 macvm_set_rip(cpu, rip + ins_len);
743 break;
744 }
745 case EXIT_REASON_XSETBV: {
746 X86CPU *x86_cpu = X86_CPU(cpu);
747 CPUX86State *env = &x86_cpu->env;
748 uint32_t eax = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RAX);
749 uint32_t ecx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RCX);
750 uint32_t edx = (uint32_t)rreg(cpu->hvf_fd, HV_X86_RDX);
751
752 if (ecx) {
753 macvm_set_rip(cpu, rip + ins_len);
754 break;
755 }
756 env->xcr0 = ((uint64_t)edx << 32) | eax;
757 wreg(cpu->hvf_fd, HV_X86_XCR0, env->xcr0 | 1);
758 macvm_set_rip(cpu, rip + ins_len);
759 break;
760 }
761 case EXIT_REASON_INTR_WINDOW:
762 vmx_clear_int_window_exiting(cpu);
763 ret = EXCP_INTERRUPT;
764 break;
765 case EXIT_REASON_NMI_WINDOW:
766 vmx_clear_nmi_window_exiting(cpu);
767 ret = EXCP_INTERRUPT;
768 break;
769 case EXIT_REASON_EXT_INTR:
770 /* force exit and allow io handling */
771 ret = EXCP_INTERRUPT;
772 break;
773 case EXIT_REASON_RDMSR:
774 case EXIT_REASON_WRMSR:
775 {
776 load_regs(cpu);
777 if (exit_reason == EXIT_REASON_RDMSR) {
778 simulate_rdmsr(cpu);
779 } else {
780 simulate_wrmsr(cpu);
781 }
782 RIP(env) += rvmcs(cpu->hvf_fd, VMCS_EXIT_INSTRUCTION_LENGTH);
783 store_regs(cpu);
784 break;
785 }
786 case EXIT_REASON_CR_ACCESS: {
787 int cr;
788 int reg;
789
790 load_regs(cpu);
791 cr = exit_qual & 15;
792 reg = (exit_qual >> 8) & 15;
793
794 switch (cr) {
795 case 0x0: {
796 macvm_set_cr0(cpu->hvf_fd, RRX(env, reg));
797 break;
798 }
799 case 4: {
800 macvm_set_cr4(cpu->hvf_fd, RRX(env, reg));
801 break;
802 }
803 case 8: {
804 X86CPU *x86_cpu = X86_CPU(cpu);
805 if (exit_qual & 0x10) {
806 RRX(env, reg) = cpu_get_apic_tpr(x86_cpu->apic_state);
807 } else {
808 int tpr = RRX(env, reg);
809 cpu_set_apic_tpr(x86_cpu->apic_state, tpr);
810 ret = EXCP_INTERRUPT;
811 }
812 break;
813 }
814 default:
815 error_report("Unrecognized CR %d\n", cr);
816 abort();
817 }
818 RIP(env) += ins_len;
819 store_regs(cpu);
820 break;
821 }
822 case EXIT_REASON_APIC_ACCESS: { /* TODO */
823 struct x86_decode decode;
824
825 load_regs(cpu);
826 env->hvf_emul->fetch_rip = rip;
827
828 decode_instruction(env, &decode);
829 exec_instruction(env, &decode);
830 store_regs(cpu);
831 break;
832 }
833 case EXIT_REASON_TPR: {
834 ret = 1;
835 break;
836 }
837 case EXIT_REASON_TASK_SWITCH: {
838 uint64_t vinfo = rvmcs(cpu->hvf_fd, VMCS_IDT_VECTORING_INFO);
839 x68_segment_selector sel = {.sel = exit_qual & 0xffff};
840 vmx_handle_task_switch(cpu, sel, (exit_qual >> 30) & 0x3,
841 vinfo & VMCS_INTR_VALID, vinfo & VECTORING_INFO_VECTOR_MASK, vinfo
842 & VMCS_INTR_T_MASK);
843 break;
844 }
845 case EXIT_REASON_TRIPLE_FAULT: {
846 qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
847 ret = EXCP_INTERRUPT;
848 break;
849 }
850 case EXIT_REASON_RDPMC:
851 wreg(cpu->hvf_fd, HV_X86_RAX, 0);
852 wreg(cpu->hvf_fd, HV_X86_RDX, 0);
853 macvm_set_rip(cpu, rip + ins_len);
854 break;
855 case VMX_REASON_VMCALL:
856 /* TODO: inject #GP fault */
857 break;
858 default:
859 error_report("%llx: unhandled exit %llx\n", rip, exit_reason);
860 }
861 } while (ret == 0);
862
863 return ret;
864}
865
866static bool hvf_allowed;
867
868static int hvf_accel_init(MachineState *ms)
869{
870 int x;
871 hv_return_t ret;
872 HVFState *s;
873
874 hvf_disable(0);
875 ret = hv_vm_create(HV_VM_DEFAULT);
876 assert_hvf_ok(ret);
877
878 s = g_new0(HVFState, 1);
879
880 s->num_slots = 32;
881 for (x = 0; x < s->num_slots; ++x) {
882 s->slots[x].size = 0;
883 s->slots[x].slot_id = x;
884 }
885
886 hvf_state = s;
887 cpu_interrupt_handler = hvf_handle_interrupt;
888 memory_listener_register(&hvf_memory_listener, &address_space_memory);
889 return 0;
890}
891
892static void hvf_accel_class_init(ObjectClass *oc, void *data)
893{
894 AccelClass *ac = ACCEL_CLASS(oc);
895 ac->name = "HVF";
896 ac->init_machine = hvf_accel_init;
897 ac->allowed = &hvf_allowed;
898}
899
900static const TypeInfo hvf_accel_type = {
901 .name = TYPE_HVF_ACCEL,
902 .parent = TYPE_ACCEL,
903 .class_init = hvf_accel_class_init,
904};
905
906static void hvf_type_init(void)
907{
908 type_register_static(&hvf_accel_type);
909}
910
911type_init(hvf_type_init);
QEMU mirror