From 3ca592908b32474cc4173c66f6184f01d896d5eb Mon Sep 17 00:00:00 2001 From: Jason Zeng Date: Tue, 11 Mar 2025 16:55:43 +0800 Subject: [PATCH] [Intel-SIG] Dependency patches for Intel ClearwaterForest platform - Description This is to backport dependency commits from upstream for Intel CWF platform. - Test - Sanity test, build and run VM with stress memory tests. PASS - Run VM on SRF platform, LAM feature can be seen in cpuid output in VM. - Run Qemu scripts/kvm/vmxcap utility in VM on EMR platform, we can see "user wait pause", and "tertiary processor-based controls" section can be seen in VM. - Run VM on EMR platform, speculation control bits of CPUID.7.2.EDX that can be seen on host can also be seen in VM. - Run VM on EMR platform, with this PR, bit 6 and bit 13 of CPUID.7.0.EBX can be seen in VM, while without this PR, these 2 bits can't be seen in VM. - Run VM migration on EMR platform. Migrate VM with "-cpu host,tsc-freq=950000000", the destination VM can see a stable tsc, while without the "tsc-freq" parameter, the destination VM prints a warning "tsc: Marking TSC unstable due to clocksource watchdog" after migration. Signed-off-by: Jason Zeng --- ...-i386-Allow-MCDT_NO-if-host-supports.patch | 41 ++++ ...xcap-add-tertiary-execution-controls.patch | 69 +++++++ ...support-for-VMX_SECONDARY_EXEC_ENABL.patch | 72 +++++++ ...umerate-bit-56-of-MSR_IA32_VMX_BASIC.patch | 60 ++++++ ...6-fix-feature-dependency-for-WAITPKG.patch | 39 ++++ ...support-for-LAM-in-CPUID-enumeration.patch | 67 +++++++ ...386-add-control-bits-support-for-LAM.patch | 96 +++++++++ ...support-for-FRED-in-CPUID-enumeratio.patch | 109 ++++++++++ ...rget-i386-mark-CR4.FRED-not-reserved.patch | 67 +++++++ ...ap-add-support-for-VMX-FRED-controls.patch | 66 ++++++ ...umerate-VMX-nested-exception-support.patch | 62 ++++++ ...get-set-migrate-support-for-FRED-MSR.patch | 189 ++++++++++++++++++ ...te-duplicated-macro-definition-CR4_F.patch | 40 ++++ ...VMX-control-bits-for-nested-FRED-sup.patch | 49 +++++ ...e-the-highest-index-value-used-for-a.patch | 66 ++++++ ...more-features-enumerated-by-CPUID.7..patch | 64 ++++++ ...-X86CPU-to-x86_cpu_get_supported_fea.patch | 103 ++++++++++ ...e-subleaf-constraint-on-CPUID-leaf-1.patch | 39 ++++ ...t-construct-a-all-zero-entry-for-CPU.patch | 57 ++++++ ...ble-fdp-excptn-only-and-zero-fcs-fds.patch | 71 +++++++ ...truct-CPUID-2-as-stateful-iff-times-.patch | 42 ++++ ...-invtsc-migratable-when-user-sets-ts.patch | 66 ++++++ ...et-i386-cpu-Fix-notes-for-CPU-models.patch | 43 ++++ qemu-kvm.spec | 51 ++++- 24 files changed, 1627 insertions(+), 1 deletion(-) create mode 100644 1140-target-i386-Allow-MCDT_NO-if-host-supports.patch create mode 100644 1141-vmxcap-add-tertiary-execution-controls.patch create mode 100644 1142-target-i386-add-support-for-VMX_SECONDARY_EXEC_ENABL.patch create mode 100644 1143-target-i386-enumerate-bit-56-of-MSR_IA32_VMX_BASIC.patch create mode 100644 1144-target-i386-fix-feature-dependency-for-WAITPKG.patch create mode 100644 1145-target-i386-add-support-for-LAM-in-CPUID-enumeration.patch create mode 100644 1146-target-i386-add-control-bits-support-for-LAM.patch create mode 100644 1147-target-i386-add-support-for-FRED-in-CPUID-enumeratio.patch create mode 100644 1148-target-i386-mark-CR4.FRED-not-reserved.patch create mode 100644 1149-vmxcap-add-support-for-VMX-FRED-controls.patch create mode 100644 1150-target-i386-enumerate-VMX-nested-exception-support.patch create mode 100644 1151-target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch create mode 100644 1152-target-i386-Delete-duplicated-macro-definition-CR4_F.patch create mode 100644 1153-target-i386-Add-VMX-control-bits-for-nested-FRED-sup.patch create mode 100644 1154-target-i386-Raise-the-highest-index-value-used-for-a.patch create mode 100644 1155-target-i386-Add-more-features-enumerated-by-CPUID.7..patch create mode 100644 1156-target-i386-pass-X86CPU-to-x86_cpu_get_supported_fea.patch create mode 100644 1157-i386-cpuid-Remove-subleaf-constraint-on-CPUID-leaf-1.patch create mode 100644 1158-target-i386-Don-t-construct-a-all-zero-entry-for-CPU.patch create mode 100644 1159-target-i386-Enable-fdp-excptn-only-and-zero-fcs-fds.patch create mode 100644 1160-target-i386-Construct-CPUID-2-as-stateful-iff-times-.patch create mode 100644 1161-target-i386-Make-invtsc-migratable-when-user-sets-ts.patch create mode 100644 1162-target-i386-cpu-Fix-notes-for-CPU-models.patch diff --git a/1140-target-i386-Allow-MCDT_NO-if-host-supports.patch b/1140-target-i386-Allow-MCDT_NO-if-host-supports.patch new file mode 100644 index 0000000..07e670c --- /dev/null +++ b/1140-target-i386-Allow-MCDT_NO-if-host-supports.patch @@ -0,0 +1,41 @@ +From e517f341bbdf6a1617082310ddb69e7f3084aeae Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 6 Jul 2023 13:49:46 +0800 +Subject: [PATCH 1140/1162] target/i386: Allow MCDT_NO if host supports + +commit ba3709feaab44631315e02cd793cfccae4c6bd2a upstream. + +MCDT_NO bit indicates HW contains the security fix and doesn't need to +be mitigated to avoid data-dependent behaviour for certain instructions. +It needs no hypervisor support. Treat it as supported regardless of what +KVM reports. + +Intel-SIG: commit ba3709feaab4 target/i386: Allow MCDT_NO if host supports + +Signed-off-by: Tao Su +Reviewed-by: Xiaoyao Li +Message-ID: <20230706054949.66556-4-tao1.su@linux.intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/kvm/kvm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index f12011cb42f6..e70178234fba 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -422,6 +422,10 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, + uint32_t eax; + host_cpuid(7, 1, &eax, &unused, &unused, &unused); + ret |= eax & (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS | CPUID_7_1_EAX_FSRC); ++ } else if (function == 7 && index == 2 && reg == R_EDX) { ++ uint32_t edx; ++ host_cpuid(7, 2, &unused, &unused, &unused, &edx); ++ ret |= edx & CPUID_7_2_EDX_MCDT_NO; + } else if (function == 0xd && index == 0 && + (reg == R_EAX || reg == R_EDX)) { + /* +-- +2.33.0 + diff --git a/1141-vmxcap-add-tertiary-execution-controls.patch b/1141-vmxcap-add-tertiary-execution-controls.patch new file mode 100644 index 0000000..7288704 --- /dev/null +++ b/1141-vmxcap-add-tertiary-execution-controls.patch @@ -0,0 +1,69 @@ +From 81d809005fe6955cfefb340f187ff85140ba1dcf Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 11 May 2022 18:39:12 +0200 +Subject: [PATCH 1141/1162] vmxcap: add tertiary execution controls + +commit 333dbac358acc6cc174029263d633a22f66584b4 upstream. + + + +Intel-SIG: commit 333dbac358ac vmxcap: add tertiary execution controls + +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + scripts/kvm/vmxcap | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap +index f140040104bf..ce27f5e635af 100755 +--- a/scripts/kvm/vmxcap ++++ b/scripts/kvm/vmxcap +@@ -23,6 +23,7 @@ MSR_IA32_VMX_TRUE_PROCBASED_CTLS = 0x48E + MSR_IA32_VMX_TRUE_EXIT_CTLS = 0x48F + MSR_IA32_VMX_TRUE_ENTRY_CTLS = 0x490 + MSR_IA32_VMX_VMFUNC = 0x491 ++MSR_IA32_VMX_PROCBASED_CTLS3 = 0x492 + + class msr(object): + def __init__(self): +@@ -71,6 +72,13 @@ class Control(object): + s = 'yes' + print(' %-40s %s' % (self.bits[bit], s)) + ++# All 64 bits in the tertiary controls MSR are allowed-1 ++class Allowed1Control(Control): ++ def read2(self, nr): ++ m = msr() ++ val = m.read(nr, 0) ++ return (0, val) ++ + class Misc(object): + def __init__(self, name, bits, msr): + self.name = name +@@ -135,6 +143,7 @@ controls = [ + 12: 'RDTSC exiting', + 15: 'CR3-load exiting', + 16: 'CR3-store exiting', ++ 17: 'Activate tertiary controls', + 19: 'CR8-load exiting', + 20: 'CR8-store exiting', + 21: 'Use TPR shadow', +@@ -186,6 +195,14 @@ controls = [ + cap_msr = MSR_IA32_VMX_PROCBASED_CTLS2, + ), + ++ Allowed1Control( ++ name = 'tertiary processor-based controls', ++ bits = { ++ 4: 'Enable IPI virtualization' ++ }, ++ cap_msr = MSR_IA32_VMX_PROCBASED_CTLS3, ++ ), ++ + Control( + name = 'VM-Exit controls', + bits = { +-- +2.33.0 + diff --git a/1142-target-i386-add-support-for-VMX_SECONDARY_EXEC_ENABL.patch b/1142-target-i386-add-support-for-VMX_SECONDARY_EXEC_ENABL.patch new file mode 100644 index 0000000..2252ec2 --- /dev/null +++ b/1142-target-i386-add-support-for-VMX_SECONDARY_EXEC_ENABL.patch @@ -0,0 +1,72 @@ +From 7842ecd87c682c5035ec9ef2bc9a0975702fb332 Mon Sep 17 00:00:00 2001 +From: Ake Koomsin +Date: Mon, 7 Aug 2023 18:33:40 +0900 +Subject: [PATCH 1142/1162] target/i386: add support for + VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE + +commit 33cc88261c352445d31599054653d759f20531c1 upstream. + +Current QEMU can expose waitpkg to guests when it is available. However, +VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE is still not recognized and +masked by QEMU. This can lead to an unexpected situation when a L1 +hypervisor wants to expose waitpkg to a L2 guest. The L1 hypervisor can +assume that VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE exists as waitpkg is +available. The L1 hypervisor then can accidentally expose waitpkg to the +L2 guest. This will cause invalid opcode exception in the L2 guest when +it executes waitpkg related instructions. + +This patch adds VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE support, and +sets up dependency between the bit and CPUID_7_0_ECX_WAITPKG. QEMU should +not expose waitpkg feature if VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE is +not available to avoid unexpected invalid opcode exception in L2 guests. + +Intel-SIG: commit 33cc88261c35 target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE + +Signed-off-by: Ake Koomsin +Message-ID: <20230807093339.32091-2-ake@igel.co.jp> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 6 +++++- + target/i386/cpu.h | 1 + + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 923fa99b6e06..19c01eaa413b 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1119,7 +1119,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "vmx-invpcid-exit", "vmx-vmfunc", "vmx-shadow-vmcs", "vmx-encls-exit", + "vmx-rdseed-exit", "vmx-pml", NULL, NULL, + "vmx-xsaves", NULL, NULL, NULL, +- NULL, "vmx-tsc-scaling", NULL, NULL, ++ NULL, "vmx-tsc-scaling", "vmx-enable-user-wait-pause", NULL, + NULL, NULL, NULL, NULL, + }, + .msr = { +@@ -1436,6 +1436,10 @@ static FeatureDep feature_dependencies[] = { + .from = { FEAT_8000_0001_ECX, CPUID_EXT3_SVM }, + .to = { FEAT_SVM, ~0ull }, + }, ++ { ++ .from = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE }, ++ .to = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG }, ++ }, + }; + + typedef struct X86RegisterInfo32 { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index b0d79a1519b5..9b463b41eb78 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1082,6 +1082,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define VMX_SECONDARY_EXEC_ENABLE_PML 0x00020000 + #define VMX_SECONDARY_EXEC_XSAVES 0x00100000 + #define VMX_SECONDARY_EXEC_TSC_SCALING 0x02000000 ++#define VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE 0x04000000 + + #define VMX_PIN_BASED_EXT_INTR_MASK 0x00000001 + #define VMX_PIN_BASED_NMI_EXITING 0x00000008 +-- +2.33.0 + diff --git a/1143-target-i386-enumerate-bit-56-of-MSR_IA32_VMX_BASIC.patch b/1143-target-i386-enumerate-bit-56-of-MSR_IA32_VMX_BASIC.patch new file mode 100644 index 0000000..3f81b36 --- /dev/null +++ b/1143-target-i386-enumerate-bit-56-of-MSR_IA32_VMX_BASIC.patch @@ -0,0 +1,60 @@ +From c9aa6106ed554d8f870d5518620f2ae3cca29e3e Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 20 Sep 2023 17:41:17 +0200 +Subject: [PATCH 1143/1162] target/i386: enumerate bit 56 of MSR_IA32_VMX_BASIC + +commit 0c49c9180c5498bcd55edc1bfb12b0466e08575c upstream. + +On parts that enumerate IA32_VMX_BASIC MSR bit as 1, any exception vector +can be delivered with or without an error code if the other consistency +checks are satisfied. + +Intel-SIG: commit 0c49c9180c54 target/i386: enumerate bit 56 of MSR_IA32_VMX_BASIC + +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + scripts/kvm/vmxcap | 1 + + target/i386/cpu.c | 1 + + target/i386/cpu.h | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap +index ce27f5e635af..3fb4d5b3425c 100755 +--- a/scripts/kvm/vmxcap ++++ b/scripts/kvm/vmxcap +@@ -115,6 +115,7 @@ controls = [ + (50, 53): 'VMCS memory type', + 54: 'INS/OUTS instruction information', + 55: 'IA32_VMX_TRUE_*_CTLS support', ++ 56: 'Skip checks on event error code', + }, + msr = MSR_IA32_VMX_BASIC, + ), +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 19c01eaa413b..29e80320c353 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1231,6 +1231,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .feat_names = { + [54] = "vmx-ins-outs", + [55] = "vmx-true-ctls", ++ [56] = "vmx-any-errcode", + }, + .msr = { + .index = MSR_IA32_VMX_BASIC, +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 9b463b41eb78..965db37c71c6 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1008,6 +1008,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define MSR_VMX_BASIC_DUAL_MONITOR (1ULL << 49) + #define MSR_VMX_BASIC_INS_OUTS (1ULL << 54) + #define MSR_VMX_BASIC_TRUE_CTLS (1ULL << 55) ++#define MSR_VMX_BASIC_ANY_ERRCODE (1ULL << 56) + + #define MSR_VMX_MISC_PREEMPTION_TIMER_SHIFT_MASK 0x1Full + #define MSR_VMX_MISC_STORE_LMA (1ULL << 5) +-- +2.33.0 + diff --git a/1144-target-i386-fix-feature-dependency-for-WAITPKG.patch b/1144-target-i386-fix-feature-dependency-for-WAITPKG.patch new file mode 100644 index 0000000..17a6265 --- /dev/null +++ b/1144-target-i386-fix-feature-dependency-for-WAITPKG.patch @@ -0,0 +1,39 @@ +From 8c92ae76d997eaee640c44673a39e07d8dc88baf Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 8 May 2024 11:10:54 +0200 +Subject: [PATCH 1144/1162] target/i386: fix feature dependency for WAITPKG + +commit fe01af5d47d4cf7fdf90c54d43f784e5068c8d72 upstream. + +The VMX feature bit depends on general availability of WAITPKG, +not the other way round. + +Intel-SIG: commit fe01af5d47d4 target/i386: fix feature dependency for WAITPKG + +Fixes: 33cc88261c3 ("target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE", 2023-08-28) +Cc: qemu-stable@nongnu.org +Reviewed-by: Zhao Liu +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 29e80320c353..b80e2a2880a4 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1438,8 +1438,8 @@ static FeatureDep feature_dependencies[] = { + .to = { FEAT_SVM, ~0ull }, + }, + { +- .from = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE }, +- .to = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG }, ++ .from = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG }, ++ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE }, + }, + }; + +-- +2.33.0 + diff --git a/1145-target-i386-add-support-for-LAM-in-CPUID-enumeration.patch b/1145-target-i386-add-support-for-LAM-in-CPUID-enumeration.patch new file mode 100644 index 0000000..82e6c9d --- /dev/null +++ b/1145-target-i386-add-support-for-LAM-in-CPUID-enumeration.patch @@ -0,0 +1,67 @@ +From 976ac808664928723db3e437a4d9e992cc5c78cc Mon Sep 17 00:00:00 2001 +From: Robert Hoo +Date: Fri, 12 Jan 2024 14:00:41 +0800 +Subject: [PATCH 1145/1162] target/i386: add support for LAM in CPUID + enumeration + +commit ba6780905943696d790cc880c8e5684b51f027fe upstream. + +Linear Address Masking (LAM) is a new Intel CPU feature, which allows +software to use of the untranslated address bits for metadata. + +The bit definition: +CPUID.(EAX=7,ECX=1):EAX[26] + +Add CPUID definition for LAM. + +Note LAM feature is not supported for TCG of target-i386, LAM CPIUD bit +will not be added to TCG_7_1_EAX_FEATURES. + +More info can be found in Intel ISE Chapter "LINEAR ADDRESS MASKING(LAM)" +https://cdrdv2.intel.com/v1/dl/getContent/671368 + +Intel-SIG: commit ba6780905943 target/i386: add support for LAM in CPUID enumeration + +Signed-off-by: Robert Hoo +Co-developed-by: Binbin Wu +Signed-off-by: Binbin Wu +Tested-by: Xuelian Guo +Reviewed-by: Xiaoyao Li +Reviewed-by: Zhao Liu +Message-ID: <20240112060042.19925-2-binbin.wu@linux.intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 2 +- + target/i386/cpu.h | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index b80e2a2880a4..b02ff6c61fcd 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -879,7 +879,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "fsrc", NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, "amx-fp16", NULL, "avx-ifma", +- NULL, NULL, NULL, NULL, ++ NULL, NULL, "lam", NULL, + NULL, NULL, NULL, NULL, + }, + .cpuid = { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 965db37c71c6..ce5ae68bbe70 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -907,6 +907,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define CPUID_7_1_EAX_AMX_FP16 (1U << 21) + /* Support for VPMADD52[H,L]UQ */ + #define CPUID_7_1_EAX_AVX_IFMA (1U << 23) ++/* Linear Address Masking */ ++#define CPUID_7_1_EAX_LAM (1U << 26) + + /* Support for VPDPB[SU,UU,SS]D[,S] */ + #define CPUID_7_1_EDX_AVX_VNNI_INT8 (1U << 4) +-- +2.33.0 + diff --git a/1146-target-i386-add-control-bits-support-for-LAM.patch b/1146-target-i386-add-control-bits-support-for-LAM.patch new file mode 100644 index 0000000..e0af4f8 --- /dev/null +++ b/1146-target-i386-add-control-bits-support-for-LAM.patch @@ -0,0 +1,96 @@ +From b2e8792de9b34f3dc698b79cd872d4d48514350b Mon Sep 17 00:00:00 2001 +From: Binbin Wu +Date: Fri, 12 Jan 2024 14:00:42 +0800 +Subject: [PATCH 1146/1162] target/i386: add control bits support for LAM + +commit 0117067131f99acaab4f4d2cca0290c5510e37cf upstream. + +LAM uses CR3[61] and CR3[62] to configure/enable LAM on user pointers. +LAM uses CR4[28] to configure/enable LAM on supervisor pointers. + +For CR3 LAM bits, no additional handling needed: +- TCG + LAM is not supported for TCG of target-i386. helper_write_crN() and + helper_vmrun() check max physical address bits before calling + cpu_x86_update_cr3(), no change needed, i.e. CR3 LAM bits are not allowed + to be set in TCG. +- gdbstub + x86_cpu_gdb_write_register() will call cpu_x86_update_cr3() to update cr3. + Allow gdb to set the LAM bit(s) to CR3, if vcpu doesn't support LAM, + KVM_SET_SREGS will fail as other reserved bits. + +For CR4 LAM bit, its reservation depends on vcpu supporting LAM feature or +not. +- TCG + LAM is not supported for TCG of target-i386. helper_write_crN() and + helper_vmrun() check CR4 reserved bit before calling cpu_x86_update_cr4(), + i.e. CR4 LAM bit is not allowed to be set in TCG. +- gdbstub + x86_cpu_gdb_write_register() will call cpu_x86_update_cr4() to update cr4. + Mask out LAM bit on CR4 if vcpu doesn't support LAM. +- x86_cpu_reset_hold() doesn't need special handling. + +Intel-SIG: commit 0117067131f9 target/i386: add control bits support for LAM + +Signed-off-by: Binbin Wu +Tested-by: Xuelian Guo +Reviewed-by: Xiaoyao Li +Reviewed-by: Zhao Liu +Message-ID: <20240112060042.19925-3-binbin.wu@linux.intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.h | 7 ++++++- + target/i386/helper.c | 4 ++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index ce5ae68bbe70..76c38c533fa0 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -253,6 +253,7 @@ typedef enum X86Seg { + #define CR4_SMAP_MASK (1U << 21) + #define CR4_PKE_MASK (1U << 22) + #define CR4_PKS_MASK (1U << 24) ++#define CR4_LAM_SUP_MASK (1U << 28) + + #define CR4_RESERVED_MASK \ + (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \ +@@ -261,7 +262,8 @@ typedef enum X86Seg { + | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK |CR4_UMIP_MASK \ + | CR4_LA57_MASK \ + | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \ +- | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK)) ++ | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK \ ++ | CR4_LAM_SUP_MASK)) + + #define DR6_BD (1 << 13) + #define DR6_BS (1 << 14) +@@ -2369,6 +2371,9 @@ static inline uint64_t cr4_reserved_bits(CPUX86State *env) + if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)) { + reserved_bits |= CR4_PKS_MASK; + } ++ if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) { ++ reserved_bits |= CR4_LAM_SUP_MASK; ++ } + return reserved_bits; + } + +diff --git a/target/i386/helper.c b/target/i386/helper.c +index 533b29cb91b6..4215be8b51b1 100644 +--- a/target/i386/helper.c ++++ b/target/i386/helper.c +@@ -198,6 +198,10 @@ void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4) + new_cr4 &= ~CR4_PKS_MASK; + } + ++ if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) { ++ new_cr4 &= ~CR4_LAM_SUP_MASK; ++ } ++ + env->cr[4] = new_cr4; + env->hflags = hflags; + +-- +2.33.0 + diff --git a/1147-target-i386-add-support-for-FRED-in-CPUID-enumeratio.patch b/1147-target-i386-add-support-for-FRED-in-CPUID-enumeratio.patch new file mode 100644 index 0000000..a83ba32 --- /dev/null +++ b/1147-target-i386-add-support-for-FRED-in-CPUID-enumeratio.patch @@ -0,0 +1,109 @@ +From 11ea5db2c3b6f5db99faf40b9096c0a74381bb75 Mon Sep 17 00:00:00 2001 +From: Xin Li +Date: Wed, 8 Nov 2023 23:20:07 -0800 +Subject: [PATCH 1147/1162] target/i386: add support for FRED in CPUID + enumeration + +commit c1acad9f72d14daf918563eb77d2b31c39fbd06a upstream. + +FRED, i.e., the Intel flexible return and event delivery architecture, +defines simple new transitions that change privilege level (ring +transitions). + +The new transitions defined by the FRED architecture are FRED event +delivery and, for returning from events, two FRED return instructions. +FRED event delivery can effect a transition from ring 3 to ring 0, but +it is used also to deliver events incident to ring 0. One FRED +instruction (ERETU) effects a return from ring 0 to ring 3, while the +other (ERETS) returns while remaining in ring 0. Collectively, FRED +event delivery and the FRED return instructions are FRED transitions. + +In addition to these transitions, the FRED architecture defines a new +instruction (LKGS) for managing the state of the GS segment register. +The LKGS instruction can be used by 64-bit operating systems that do +not use the new FRED transitions. + +WRMSRNS is an instruction that behaves exactly like WRMSR, with the +only difference being that it is not a serializing instruction by +default. Under certain conditions, WRMSRNS may replace WRMSR to improve +performance. FRED uses it to switch RSP0 in a faster manner. + +Search for the latest FRED spec in most search engines with this search +pattern: + + site:intel.com FRED (flexible return and event delivery) specification + +The CPUID feature flag CPUID.(EAX=7,ECX=1):EAX[17] enumerates FRED, and +the CPUID feature flag CPUID.(EAX=7,ECX=1):EAX[18] enumerates LKGS, and +the CPUID feature flag CPUID.(EAX=7,ECX=1):EAX[19] enumerates WRMSRNS. + +Add CPUID definitions for FRED/LKGS/WRMSRNS, and expose them to KVM guests. + +Because FRED relies on LKGS and WRMSRNS, add that to feature dependency +map. + +Intel-SIG: commit c1acad9f72d1 target/i386: add support for FRED in CPUID enumeration + +Tested-by: Shan Kang +Signed-off-by: Xin Li +Message-ID: <20231109072012.8078-2-xin3.li@intel.com> +[Fix order of dependencies, add dependencies from LM to FRED. - Paolo] +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 14 +++++++++++++- + target/i386/cpu.h | 6 ++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index b02ff6c61fcd..40347d4c9bcd 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -877,7 +877,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "avx-vnni", "avx512-bf16", NULL, "cmpccxadd", + NULL, NULL, "fzrm", "fsrs", + "fsrc", NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, ++ NULL, "fred", "lkgs", "wrmsrns", + NULL, "amx-fp16", NULL, "avx-ifma", + NULL, NULL, "lam", NULL, + NULL, NULL, NULL, NULL, +@@ -1441,6 +1441,18 @@ static FeatureDep feature_dependencies[] = { + .from = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG }, + .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE }, + }, ++ { ++ .from = { FEAT_8000_0001_EDX, CPUID_EXT2_LM }, ++ .to = { FEAT_7_1_EAX, CPUID_7_1_EAX_FRED }, ++ }, ++ { ++ .from = { FEAT_7_1_EAX, CPUID_7_1_EAX_LKGS }, ++ .to = { FEAT_7_1_EAX, CPUID_7_1_EAX_FRED }, ++ }, ++ { ++ .from = { FEAT_7_1_EAX, CPUID_7_1_EAX_WRMSRNS }, ++ .to = { FEAT_7_1_EAX, CPUID_7_1_EAX_FRED }, ++ }, + }; + + typedef struct X86RegisterInfo32 { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 76c38c533fa0..aa35d594bd3f 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -920,6 +920,12 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define CPUID_7_1_EDX_AMX_COMPLEX (1U << 8) + /* PREFETCHIT0/1 Instructions */ + #define CPUID_7_1_EDX_PREFETCHITI (1U << 14) ++/* Flexible return and event delivery (FRED) */ ++#define CPUID_7_1_EAX_FRED (1U << 17) ++/* Load into IA32_KERNEL_GS_BASE (LKGS) */ ++#define CPUID_7_1_EAX_LKGS (1U << 18) ++/* Non-Serializing Write to Model Specific Register (WRMSRNS) */ ++#define CPUID_7_1_EAX_WRMSRNS (1U << 19) + + /* Do not exhibit MXCSR Configuration Dependent Timing (MCDT) behavior */ + #define CPUID_7_2_EDX_MCDT_NO (1U << 5) +-- +2.33.0 + diff --git a/1148-target-i386-mark-CR4.FRED-not-reserved.patch b/1148-target-i386-mark-CR4.FRED-not-reserved.patch new file mode 100644 index 0000000..014be1c --- /dev/null +++ b/1148-target-i386-mark-CR4.FRED-not-reserved.patch @@ -0,0 +1,67 @@ +From a149632d132dd1eb2790e8167e2f3b20033d5370 Mon Sep 17 00:00:00 2001 +From: Xin Li +Date: Wed, 8 Nov 2023 23:20:08 -0800 +Subject: [PATCH 1148/1162] target/i386: mark CR4.FRED not reserved + +commit f88ddc40c6d8b591a357108feec52cea13796d2d upstream. + +The CR4.FRED bit, i.e., CR4[32], is no longer a reserved bit when FRED +is exposed to guests, otherwise it is still a reserved bit. + +Intel-SIG: commit f88ddc40c6d8 target/i386: mark CR4.FRED not reserved + +Tested-by: Shan Kang +Signed-off-by: Xin Li +Reviewed-by: Zhao Liu +Message-ID: <20231109072012.8078-3-xin3.li@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.h | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index aa35d594bd3f..ea1b47a788f3 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -255,6 +255,18 @@ typedef enum X86Seg { + #define CR4_PKS_MASK (1U << 24) + #define CR4_LAM_SUP_MASK (1U << 28) + ++#ifdef TARGET_X86_64 ++#define CR4_FRED_MASK (1ULL << 32) ++#else ++#define CR4_FRED_MASK 0 ++#endif ++ ++#ifdef TARGET_X86_64 ++#define CR4_FRED_MASK (1ULL << 32) ++#else ++#define CR4_FRED_MASK 0 ++#endif ++ + #define CR4_RESERVED_MASK \ + (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \ + | CR4_DE_MASK | CR4_PSE_MASK | CR4_PAE_MASK \ +@@ -263,7 +275,7 @@ typedef enum X86Seg { + | CR4_LA57_MASK \ + | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \ + | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK \ +- | CR4_LAM_SUP_MASK)) ++ | CR4_LAM_SUP_MASK | CR4_FRED_MASK)) + + #define DR6_BD (1 << 13) + #define DR6_BS (1 << 14) +@@ -2380,6 +2392,9 @@ static inline uint64_t cr4_reserved_bits(CPUX86State *env) + if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) { + reserved_bits |= CR4_LAM_SUP_MASK; + } ++ if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED)) { ++ reserved_bits |= CR4_FRED_MASK; ++ } + return reserved_bits; + } + +-- +2.33.0 + diff --git a/1149-vmxcap-add-support-for-VMX-FRED-controls.patch b/1149-vmxcap-add-support-for-VMX-FRED-controls.patch new file mode 100644 index 0000000..054d303 --- /dev/null +++ b/1149-vmxcap-add-support-for-VMX-FRED-controls.patch @@ -0,0 +1,66 @@ +From ccf3d10371f24b632e6696d2af0b367996c9b5c7 Mon Sep 17 00:00:00 2001 +From: Xin Li +Date: Wed, 8 Nov 2023 23:20:10 -0800 +Subject: [PATCH 1149/1162] vmxcap: add support for VMX FRED controls + +commit 2e641870170e28df28c5d9914e76ea7cab141516 upstream. + +Report secondary vm-exit controls and the VMX controls used to +save/load FRED MSRs. + +Intel-SIG: commit 2e641870170e vmxcap: add support for VMX FRED controls + +Tested-by: Shan Kang +Signed-off-by: Xin Li +Message-ID: <20231109072012.8078-5-xin3.li@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + scripts/kvm/vmxcap | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap +index 3fb4d5b3425c..44898d73c2ef 100755 +--- a/scripts/kvm/vmxcap ++++ b/scripts/kvm/vmxcap +@@ -24,6 +24,7 @@ MSR_IA32_VMX_TRUE_EXIT_CTLS = 0x48F + MSR_IA32_VMX_TRUE_ENTRY_CTLS = 0x490 + MSR_IA32_VMX_VMFUNC = 0x491 + MSR_IA32_VMX_PROCBASED_CTLS3 = 0x492 ++MSR_IA32_VMX_EXIT_CTLS2 = 0x493 + + class msr(object): + def __init__(self): +@@ -219,11 +220,21 @@ controls = [ + 23: 'Clear IA32_BNDCFGS', + 24: 'Conceal VM exits from PT', + 25: 'Clear IA32_RTIT_CTL', ++ 31: 'Activate secondary VM-exit controls', + }, + cap_msr = MSR_IA32_VMX_EXIT_CTLS, + true_cap_msr = MSR_IA32_VMX_TRUE_EXIT_CTLS, + ), + ++ Allowed1Control( ++ name = 'secondary VM-Exit controls', ++ bits = { ++ 0: 'Save IA32 FRED MSRs', ++ 1: 'Load IA32 FRED MSRs', ++ }, ++ cap_msr = MSR_IA32_VMX_EXIT_CTLS2, ++ ), ++ + Control( + name = 'VM-Entry controls', + bits = { +@@ -237,6 +248,7 @@ controls = [ + 16: 'Load IA32_BNDCFGS', + 17: 'Conceal VM entries from PT', + 18: 'Load IA32_RTIT_CTL', ++ 23: 'Load IA32 FRED MSRs', + }, + cap_msr = MSR_IA32_VMX_ENTRY_CTLS, + true_cap_msr = MSR_IA32_VMX_TRUE_ENTRY_CTLS, +-- +2.33.0 + diff --git a/1150-target-i386-enumerate-VMX-nested-exception-support.patch b/1150-target-i386-enumerate-VMX-nested-exception-support.patch new file mode 100644 index 0000000..618d15a --- /dev/null +++ b/1150-target-i386-enumerate-VMX-nested-exception-support.patch @@ -0,0 +1,62 @@ +From b953dcf8e1c814e058d185af8c8bac5b4d3ebdd6 Mon Sep 17 00:00:00 2001 +From: Xin Li +Date: Wed, 8 Nov 2023 23:20:11 -0800 +Subject: [PATCH 1150/1162] target/i386: enumerate VMX nested-exception support + +commit ef202d64c3020f3df03c39d3ad688732d81aaae8 upstream. + +Allow VMX nested-exception support to be exposed in KVM guests, thus +nested KVM guests can enumerate it. + +Intel-SIG: commit ef202d64c302 target/i386: enumerate VMX nested-exception support + +Tested-by: Shan Kang +Signed-off-by: Xin Li +Message-ID: <20231109072012.8078-6-xin3.li@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + scripts/kvm/vmxcap | 1 + + target/i386/cpu.c | 1 + + target/i386/cpu.h | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/scripts/kvm/vmxcap b/scripts/kvm/vmxcap +index 44898d73c2ef..508be19c7581 100755 +--- a/scripts/kvm/vmxcap ++++ b/scripts/kvm/vmxcap +@@ -117,6 +117,7 @@ controls = [ + 54: 'INS/OUTS instruction information', + 55: 'IA32_VMX_TRUE_*_CTLS support', + 56: 'Skip checks on event error code', ++ 58: 'VMX nested exception support', + }, + msr = MSR_IA32_VMX_BASIC, + ), +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 40347d4c9bcd..c5ce107ba5e8 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1232,6 +1232,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + [54] = "vmx-ins-outs", + [55] = "vmx-true-ctls", + [56] = "vmx-any-errcode", ++ [58] = "vmx-nested-exception", + }, + .msr = { + .index = MSR_IA32_VMX_BASIC, +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index ea1b47a788f3..04e32919f356 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1031,6 +1031,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define MSR_VMX_BASIC_INS_OUTS (1ULL << 54) + #define MSR_VMX_BASIC_TRUE_CTLS (1ULL << 55) + #define MSR_VMX_BASIC_ANY_ERRCODE (1ULL << 56) ++#define MSR_VMX_BASIC_NESTED_EXCEPTION (1ULL << 58) + + #define MSR_VMX_MISC_PREEMPTION_TIMER_SHIFT_MASK 0x1Full + #define MSR_VMX_MISC_STORE_LMA (1ULL << 5) +-- +2.33.0 + diff --git a/1151-target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch b/1151-target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch new file mode 100644 index 0000000..0de9920 --- /dev/null +++ b/1151-target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch @@ -0,0 +1,189 @@ +From f554a3ed9889f5e866d85218f2e49e799b562c2f Mon Sep 17 00:00:00 2001 +From: Xin Li +Date: Wed, 8 Nov 2023 23:20:12 -0800 +Subject: [PATCH 1151/1162] target/i386: Add get/set/migrate support for FRED + MSRs + +commit 4ebd98eb3ade5957a842da1420bda012eeeaab9c upstream. + +FRED CPU states are managed in 9 new FRED MSRs, in addtion to a few +existing CPU registers and MSRs, e.g., CR4.FRED and MSR_IA32_PL0_SSP. + +Save/restore/migrate FRED MSRs if FRED is exposed to the guest. + +Intel-SIG: commit 4ebd98eb3ade target/i386: Add get/set/migrate support for FRED MSRs + +Tested-by: Shan Kang +Signed-off-by: Xin Li +Message-ID: <20231109072012.8078-7-xin3.li@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.h | 22 +++++++++++++++++++ + target/i386/kvm/kvm.c | 49 +++++++++++++++++++++++++++++++++++++++++++ + target/i386/machine.c | 28 +++++++++++++++++++++++++ + 3 files changed, 99 insertions(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 04e32919f356..164ede65b1ed 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -524,6 +524,17 @@ typedef enum X86Seg { + #define MSR_IA32_XFD 0x000001c4 + #define MSR_IA32_XFD_ERR 0x000001c5 + ++/* FRED MSRs */ ++#define MSR_IA32_FRED_RSP0 0x000001cc /* Stack level 0 regular stack pointer */ ++#define MSR_IA32_FRED_RSP1 0x000001cd /* Stack level 1 regular stack pointer */ ++#define MSR_IA32_FRED_RSP2 0x000001ce /* Stack level 2 regular stack pointer */ ++#define MSR_IA32_FRED_RSP3 0x000001cf /* Stack level 3 regular stack pointer */ ++#define MSR_IA32_FRED_STKLVLS 0x000001d0 /* FRED exception stack levels */ ++#define MSR_IA32_FRED_SSP1 0x000001d1 /* Stack level 1 shadow stack pointer in ring 0 */ ++#define MSR_IA32_FRED_SSP2 0x000001d2 /* Stack level 2 shadow stack pointer in ring 0 */ ++#define MSR_IA32_FRED_SSP3 0x000001d3 /* Stack level 3 shadow stack pointer in ring 0 */ ++#define MSR_IA32_FRED_CONFIG 0x000001d4 /* FRED Entrypoint and interrupt stack level */ ++ + #define MSR_IA32_BNDCFGS 0x00000d90 + #define MSR_IA32_XSS 0x00000da0 + #define MSR_IA32_UMWAIT_CONTROL 0xe1 +@@ -1622,6 +1633,17 @@ typedef struct CPUX86State { + target_ulong cstar; + target_ulong fmask; + target_ulong kernelgsbase; ++ ++ /* FRED MSRs */ ++ uint64_t fred_rsp0; ++ uint64_t fred_rsp1; ++ uint64_t fred_rsp2; ++ uint64_t fred_rsp3; ++ uint64_t fred_stklvls; ++ uint64_t fred_ssp1; ++ uint64_t fred_ssp2; ++ uint64_t fred_ssp3; ++ uint64_t fred_config; + #endif + + uint64_t tsc_adjust; +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index e70178234fba..60d2edb78800 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -3201,6 +3201,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level) + kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, env->kernelgsbase); + kvm_msr_entry_add(cpu, MSR_FMASK, env->fmask); + kvm_msr_entry_add(cpu, MSR_LSTAR, env->lstar); ++ if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) { ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP0, env->fred_rsp0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP1, env->fred_rsp1); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP2, env->fred_rsp2); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP3, env->fred_rsp3); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_STKLVLS, env->fred_stklvls); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP1, env->fred_ssp1); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP2, env->fred_ssp2); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP3, env->fred_ssp3); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_CONFIG, env->fred_config); ++ } + } + #endif + +@@ -3627,6 +3638,17 @@ static int kvm_get_msrs(X86CPU *cpu) + kvm_msr_entry_add(cpu, MSR_KERNELGSBASE, 0); + kvm_msr_entry_add(cpu, MSR_FMASK, 0); + kvm_msr_entry_add(cpu, MSR_LSTAR, 0); ++ if (env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) { ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP0, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP1, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP2, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_RSP3, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_STKLVLS, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP1, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP2, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_SSP3, 0); ++ kvm_msr_entry_add(cpu, MSR_IA32_FRED_CONFIG, 0); ++ } + } + #endif + kvm_msr_entry_add(cpu, MSR_KVM_SYSTEM_TIME, 0); +@@ -3832,6 +3854,33 @@ static int kvm_get_msrs(X86CPU *cpu) + case MSR_LSTAR: + env->lstar = msrs[i].data; + break; ++ case MSR_IA32_FRED_RSP0: ++ env->fred_rsp0 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_RSP1: ++ env->fred_rsp1 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_RSP2: ++ env->fred_rsp2 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_RSP3: ++ env->fred_rsp3 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_STKLVLS: ++ env->fred_stklvls = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_SSP1: ++ env->fred_ssp1 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_SSP2: ++ env->fred_ssp2 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_SSP3: ++ env->fred_ssp3 = msrs[i].data; ++ break; ++ case MSR_IA32_FRED_CONFIG: ++ env->fred_config = msrs[i].data; ++ break; + #endif + case MSR_IA32_TSC: + env->tsc = msrs[i].data; +diff --git a/target/i386/machine.c b/target/i386/machine.c +index 7fe80e1aa01f..fa5342a716ea 100644 +--- a/target/i386/machine.c ++++ b/target/i386/machine.c +@@ -1476,6 +1476,33 @@ static const VMStateDescription vmstate_msr_xfd = { + }; + + #ifdef TARGET_X86_64 ++static bool intel_fred_msrs_needed(void *opaque) ++{ ++ X86CPU *cpu = opaque; ++ CPUX86State *env = &cpu->env; ++ ++ return !!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED); ++} ++ ++static const VMStateDescription vmstate_msr_fred = { ++ .name = "cpu/fred", ++ .version_id = 1, ++ .minimum_version_id = 1, ++ .needed = intel_fred_msrs_needed, ++ .fields = (VMStateField[]) { ++ VMSTATE_UINT64(env.fred_rsp0, X86CPU), ++ VMSTATE_UINT64(env.fred_rsp1, X86CPU), ++ VMSTATE_UINT64(env.fred_rsp2, X86CPU), ++ VMSTATE_UINT64(env.fred_rsp3, X86CPU), ++ VMSTATE_UINT64(env.fred_stklvls, X86CPU), ++ VMSTATE_UINT64(env.fred_ssp1, X86CPU), ++ VMSTATE_UINT64(env.fred_ssp2, X86CPU), ++ VMSTATE_UINT64(env.fred_ssp3, X86CPU), ++ VMSTATE_UINT64(env.fred_config, X86CPU), ++ VMSTATE_END_OF_LIST() ++ } ++ }; ++ + static bool amx_xtile_needed(void *opaque) + { + X86CPU *cpu = opaque; +@@ -1677,6 +1704,7 @@ const VMStateDescription vmstate_x86_cpu = { + &vmstate_msr_intel_sgx, + &vmstate_msr_xfd, + #ifdef TARGET_X86_64 ++ &vmstate_msr_fred, + &vmstate_amx_xtile, + #endif + #if defined(CONFIG_KVM) && defined(TARGET_X86_64) +-- +2.33.0 + diff --git a/1152-target-i386-Delete-duplicated-macro-definition-CR4_F.patch b/1152-target-i386-Delete-duplicated-macro-definition-CR4_F.patch new file mode 100644 index 0000000..4efc4b7 --- /dev/null +++ b/1152-target-i386-Delete-duplicated-macro-definition-CR4_F.patch @@ -0,0 +1,40 @@ +From c9d8367286ea400fdd5efa52f2c169e177fd5024 Mon Sep 17 00:00:00 2001 +From: "Xin Li (Intel)" +Date: Wed, 7 Aug 2024 01:18:10 -0700 +Subject: [PATCH 1152/1162] target/i386: Delete duplicated macro definition + CR4_FRED_MASK + +commit a23bc6539890d8b27458cf56bc4ed0e0d3c2de3e upstream. + +Macro CR4_FRED_MASK is defined twice, delete one. + +Intel-SIG: commit a23bc6539890 target/i386: Delete duplicated macro definition CR4_FRED_MASK + +Signed-off-by: Xin Li (Intel) +Link: https://lore.kernel.org/r/20240807081813.735158-2-xin@zytor.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.h | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 164ede65b1ed..cfbb9cb4d0fa 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -261,12 +261,6 @@ typedef enum X86Seg { + #define CR4_FRED_MASK 0 + #endif + +-#ifdef TARGET_X86_64 +-#define CR4_FRED_MASK (1ULL << 32) +-#else +-#define CR4_FRED_MASK 0 +-#endif +- + #define CR4_RESERVED_MASK \ + (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \ + | CR4_DE_MASK | CR4_PSE_MASK | CR4_PAE_MASK \ +-- +2.33.0 + diff --git a/1153-target-i386-Add-VMX-control-bits-for-nested-FRED-sup.patch b/1153-target-i386-Add-VMX-control-bits-for-nested-FRED-sup.patch new file mode 100644 index 0000000..96fe0ab --- /dev/null +++ b/1153-target-i386-Add-VMX-control-bits-for-nested-FRED-sup.patch @@ -0,0 +1,49 @@ +From 892bf2a0ca0b16ba7226f14af7b6d4d497337c48 Mon Sep 17 00:00:00 2001 +From: "Xin Li (Intel)" +Date: Wed, 7 Aug 2024 01:18:11 -0700 +Subject: [PATCH 1153/1162] target/i386: Add VMX control bits for nested FRED + support + +commit 7c6ec5bc5fea92a4ddea3f0189e3a7e7588e1d19 upstream. + +Add definitions of + 1) VM-exit activate secondary controls bit + 2) VM-entry load FRED bit +which are required to enable nested FRED. + +Intel-SIG: commit 7c6ec5bc5fea target/i386: Add VMX control bits for nested FRED support + +Reviewed-by: Zhao Liu +Signed-off-by: Xin Li (Intel) +Link: https://lore.kernel.org/r/20240807081813.735158-3-xin@zytor.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index c5ce107ba5e8..c62e0211d803 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1159,7 +1159,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "vmx-exit-save-efer", "vmx-exit-load-efer", + "vmx-exit-save-preemption-timer", "vmx-exit-clear-bndcfgs", + NULL, "vmx-exit-clear-rtit-ctl", NULL, NULL, +- NULL, "vmx-exit-load-pkrs", NULL, NULL, ++ NULL, "vmx-exit-load-pkrs", NULL, "vmx-exit-secondary-ctls", + }, + .msr = { + .index = MSR_IA32_VMX_TRUE_EXIT_CTLS, +@@ -1174,7 +1174,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + NULL, "vmx-entry-ia32e-mode", NULL, NULL, + NULL, "vmx-entry-load-perf-global-ctrl", "vmx-entry-load-pat", "vmx-entry-load-efer", + "vmx-entry-load-bndcfgs", NULL, "vmx-entry-load-rtit-ctl", NULL, +- NULL, NULL, "vmx-entry-load-pkrs", NULL, ++ NULL, NULL, "vmx-entry-load-pkrs", "vmx-entry-load-fred", + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }, +-- +2.33.0 + diff --git a/1154-target-i386-Raise-the-highest-index-value-used-for-a.patch b/1154-target-i386-Raise-the-highest-index-value-used-for-a.patch new file mode 100644 index 0000000..ea4b791 --- /dev/null +++ b/1154-target-i386-Raise-the-highest-index-value-used-for-a.patch @@ -0,0 +1,66 @@ +From d941a8ef5b9a277420874a94e5bb938474e21c0e Mon Sep 17 00:00:00 2001 +From: Lei Wang +Date: Wed, 7 Aug 2024 01:18:12 -0700 +Subject: [PATCH 1154/1162] target/i386: Raise the highest index value used for + any VMCS encoding + +commit ab891454ebe82f7e359be721007652556f9f8356 upstream. + +Because the index value of the VMCS field encoding of FRED injected-event +data (one of the newly added VMCS fields for FRED transitions), 0x52, is +larger than any existing index value, raise the highest index value used +for any VMCS encoding to 0x52. + +Because the index value of the VMCS field encoding of Secondary VM-exit +controls, 0x44, is larger than any existing index value, raise the highest +index value used for any VMCS encoding to 0x44. + +Intel-SIG: commit ab891454ebe8 target/i386: Raise the highest index value used for any VMCS encoding + +Co-developed-by: Xin Li +Signed-off-by: Xin Li +Signed-off-by: Lei Wang +Signed-off-by: Xin Li (Intel) +Link: https://lore.kernel.org/r/20240807081813.735158-4-xin@zytor.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.h | 1 + + target/i386/kvm/kvm.c | 9 ++++++++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index cfbb9cb4d0fa..719178b5985a 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1132,6 +1132,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + #define VMX_VM_EXIT_PT_CONCEAL_PIP 0x01000000 + #define VMX_VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 + #define VMX_VM_EXIT_LOAD_IA32_PKRS 0x20000000 ++#define VMX_VM_EXIT_ACTIVATE_SECONDARY_CONTROLS 0x80000000 + + #define VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS 0x00000004 + #define VMX_VM_ENTRY_IA32E_MODE 0x00000200 +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 60d2edb78800..84e1d0b7a1ee 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -3064,7 +3064,14 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f) + kvm_msr_entry_add(cpu, MSR_IA32_VMX_CR4_FIXED0, + CR4_VMXE_MASK); + +- if (f[FEAT_VMX_SECONDARY_CTLS] & VMX_SECONDARY_EXEC_TSC_SCALING) { ++ if (f[FEAT_7_1_EAX] & CPUID_7_1_EAX_FRED) { ++ /* FRED injected-event data (0x2052). */ ++ kvm_msr_entry_add(cpu, MSR_IA32_VMX_VMCS_ENUM, 0x52); ++ } else if (f[FEAT_VMX_EXIT_CTLS] & ++ VMX_VM_EXIT_ACTIVATE_SECONDARY_CONTROLS) { ++ /* Secondary VM-exit controls (0x2044). */ ++ kvm_msr_entry_add(cpu, MSR_IA32_VMX_VMCS_ENUM, 0x44); ++ } else if (f[FEAT_VMX_SECONDARY_CTLS] & VMX_SECONDARY_EXEC_TSC_SCALING) { + /* TSC multiplier (0x2032). */ + kvm_msr_entry_add(cpu, MSR_IA32_VMX_VMCS_ENUM, 0x32); + } else { +-- +2.33.0 + diff --git a/1155-target-i386-Add-more-features-enumerated-by-CPUID.7..patch b/1155-target-i386-Add-more-features-enumerated-by-CPUID.7..patch new file mode 100644 index 0000000..8811012 --- /dev/null +++ b/1155-target-i386-Add-more-features-enumerated-by-CPUID.7..patch @@ -0,0 +1,64 @@ +From d029a70a05e16de6bf8f0fa5e1cac0a4bba9fd34 Mon Sep 17 00:00:00 2001 +From: Chao Gao +Date: Thu, 19 Sep 2024 13:10:11 +0800 +Subject: [PATCH 1155/1162] target/i386: Add more features enumerated by + CPUID.7.2.EDX + +commit 10eaf9c0fb7060f45807becbb2742a9de9bc3632 upstream. + +Following 5 bits in CPUID.7.2.EDX are supported by KVM. Add their +supports in QEMU. Each of them indicates certain bits of IA32_SPEC_CTRL +are supported. Those bits can control CPU speculation behavior which can +be used to defend against side-channel attacks. + +bit0: intel-psfd + if 1, indicates bit 7 of the IA32_SPEC_CTRL MSR is supported. Bit 7 of + this MSR disables Fast Store Forwarding Predictor without disabling + Speculative Store Bypass + +bit1: ipred-ctrl + If 1, indicates bits 3 and 4 of the IA32_SPEC_CTRL MSR are supported. + Bit 3 of this MSR enables IPRED_DIS control for CPL3. Bit 4 of this + MSR enables IPRED_DIS control for CPL0/1/2 + +bit2: rrsba-ctrl + If 1, indicates bits 5 and 6 of the IA32_SPEC_CTRL MSR are supported. + Bit 5 of this MSR disables RRSBA behavior for CPL3. Bit 6 of this MSR + disables RRSBA behavior for CPL0/1/2 + +bit3: ddpd-u + If 1, indicates bit 8 of the IA32_SPEC_CTRL MSR is supported. Bit 8 of + this MSR disables Data Dependent Prefetcher. + +bit4: bhi-ctrl + if 1, indicates bit 10 of the IA32_SPEC_CTRL MSR is supported. Bit 10 + of this MSR enables BHI_DIS_S behavior. + +Intel-SIG: commit 10eaf9c0fb70 target/i386: Add more features enumerated by CPUID.7.2.EDX + +Signed-off-by: Chao Gao +Link: https://lore.kernel.org/r/20240919051011.118309-1-chao.gao@intel.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index c62e0211d803..c89d6e9c9181 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -911,8 +911,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + [FEAT_7_2_EDX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +- NULL, NULL, NULL, NULL, +- NULL, "mcdt-no", NULL, NULL, ++ "intel-psfd", "ipred-ctrl", "rrsba-ctrl", "ddpd-u", ++ "bhi-ctrl", "mcdt-no", NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +-- +2.33.0 + diff --git a/1156-target-i386-pass-X86CPU-to-x86_cpu_get_supported_fea.patch b/1156-target-i386-pass-X86CPU-to-x86_cpu_get_supported_fea.patch new file mode 100644 index 0000000..8907d2b --- /dev/null +++ b/1156-target-i386-pass-X86CPU-to-x86_cpu_get_supported_fea.patch @@ -0,0 +1,103 @@ +From f868af2073f175256c13dba198bd91e208fab095 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 27 Jun 2024 01:12:42 +0200 +Subject: [PATCH 1156/1162] target/i386: pass X86CPU to + x86_cpu_get_supported_feature_word + +commit 8dee38483274bd0fcf3f74dea024d719b958200d upstream. + +This allows modifying the bits in "-cpu max"/"-cpu host" depending on +the guest CPU vendor (which, at least by default, is the host vendor in +the case of KVM). + +For example, machine check architecture differs between Intel and AMD, +and bits from AMD should be dropped when configuring the guest for +an Intel model. + +Intel-SIG: commit 8dee38483274 target/i386: pass X86CPU to x86_cpu_get_supported_feature_word + +Cc: Xiaoyao Li +Cc: John Allen +Signed-off-by: Paolo Bonzini + + Conflicts: + target/i386/cpu.c +[jz: resolve context conflict due to LBR not backported] +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 9 ++++----- + target/i386/cpu.h | 3 +-- + target/i386/kvm/kvm-cpu.c | 2 +- + 3 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index c89d6e9c9181..50f2a2d53d3c 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -5622,8 +5622,7 @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp) + return cpu_list; + } + +-uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, +- bool migratable_only) ++uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w) + { + FeatureWordInfo *wi = &feature_word_info[w]; + uint64_t r = 0; +@@ -5657,7 +5656,7 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, + r &= ~CPUID_EXT2_LM; + } + #endif +- if (migratable_only) { ++ if (cpu && cpu->migratable) { + r &= x86_cpu_get_migratable_flags(w); + } + return r; +@@ -6842,7 +6841,7 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + * by the user. + */ + env->features[w] |= +- x86_cpu_get_supported_feature_word(w, cpu->migratable) & ++ x86_cpu_get_supported_feature_word(cpu, w) & + ~env->user_features[w] & + ~feature_word_info[w].no_autoenable_flags; + } +@@ -6964,7 +6963,7 @@ static void x86_cpu_filter_features(X86CPU *cpu, bool verbose) + + for (w = 0; w < FEATURE_WORDS; w++) { + uint64_t host_feat = +- x86_cpu_get_supported_feature_word(w, false); ++ x86_cpu_get_supported_feature_word(NULL, w); + uint64_t requested_features = env->features[w]; + uint64_t unavailable_features = requested_features & ~host_feat; + mark_unavailable_features(cpu, w, unavailable_features, prefix); +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 719178b5985a..b096c8b98888 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -637,8 +637,7 @@ typedef enum FeatureWord { + } FeatureWord; + + typedef uint64_t FeatureWordArray[FEATURE_WORDS]; +-uint64_t x86_cpu_get_supported_feature_word(FeatureWord w, +- bool migratable_only); ++uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + + /* cpuid_features bits */ + #define CPUID_FP87 (1U << 0) +diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c +index 7b8a3d5af03b..b7f9d08932e4 100644 +--- a/target/i386/kvm/kvm-cpu.c ++++ b/target/i386/kvm/kvm-cpu.c +@@ -102,7 +102,7 @@ static void kvm_cpu_xsave_init(void) + if (!esa->size) { + continue; + } +- if ((x86_cpu_get_supported_feature_word(esa->feature, false) & esa->bits) ++ if ((x86_cpu_get_supported_feature_word(NULL, esa->feature) & esa->bits) + != esa->bits) { + continue; + } +-- +2.33.0 + diff --git a/1157-i386-cpuid-Remove-subleaf-constraint-on-CPUID-leaf-1.patch b/1157-i386-cpuid-Remove-subleaf-constraint-on-CPUID-leaf-1.patch new file mode 100644 index 0000000..8f7a8d0 --- /dev/null +++ b/1157-i386-cpuid-Remove-subleaf-constraint-on-CPUID-leaf-1.patch @@ -0,0 +1,39 @@ +From 266d0b0577050478d97f48c1c2acbdfe0e0bb543 Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 24 Jan 2024 21:40:15 -0500 +Subject: [PATCH 1157/1162] i386/cpuid: Remove subleaf constraint on CPUID leaf + 1F + +commit a3b5376521a0de898440e8d0942b54e628f0949f upstream. + +No such constraint that subleaf index needs to be less than 64. + +Intel-SIG: commit a3b5376521a0 i386/cpuid: Remove subleaf constraint on CPUID leaf 1F + +Signed-off-by: Xiaoyao Li +Reviewed-by:Yang Weijiang +Message-ID: <20240125024016.2521244-3-xiaoyao.li@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/kvm/kvm.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 84e1d0b7a1ee..e5b5b4e2f0d8 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -1799,10 +1799,6 @@ int kvm_arch_init_vcpu(CPUState *cs) + break; + } + +- if (i == 0x1f && j == 64) { +- break; +- } +- + c->function = i; + c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX; + c->index = j; +-- +2.33.0 + diff --git a/1158-target-i386-Don-t-construct-a-all-zero-entry-for-CPU.patch b/1158-target-i386-Don-t-construct-a-all-zero-entry-for-CPU.patch new file mode 100644 index 0000000..f6d8894 --- /dev/null +++ b/1158-target-i386-Don-t-construct-a-all-zero-entry-for-CPU.patch @@ -0,0 +1,57 @@ +From 8210903e825ecab866c1ff762c4e007436f366d4 Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 14 Aug 2024 03:54:23 -0400 +Subject: [PATCH 1158/1162] target/i386: Don't construct a all-zero entry for + CPUID[0xD 0x3f] + +commit 00c8a933d95add3ce4afebbe491ca0fa398a9007 upstream. + +Currently, QEMU always constructs a all-zero CPUID entry for +CPUID[0xD 0x3f]. + +It's meaningless to construct such a leaf as the end of leaf 0xD. Rework +the logic of how subleaves of 0xD are constructed to get rid of such +all-zero value of subleaf 0x3f. + +Intel-SIG: commit 00c8a933d95a target/i386: Don't construct a all-zero entry for CPUID[0xD 0x3f] + +Signed-off-by: Xiaoyao Li +Link: https://lore.kernel.org/r/20240814075431.339209-2-xiaoyao.li@intel.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/kvm/kvm.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index e5b5b4e2f0d8..85e529942c2c 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -1795,10 +1795,6 @@ int kvm_arch_init_vcpu(CPUState *cs) + case 0xb: + case 0xd: + for (j = 0; ; j++) { +- if (i == 0xd && j == 64) { +- break; +- } +- + c->function = i; + c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX; + c->index = j; +@@ -1814,7 +1810,12 @@ int kvm_arch_init_vcpu(CPUState *cs) + break; + } + if (i == 0xd && c->eax == 0) { +- continue; ++ if (j < 63) { ++ continue; ++ } else { ++ cpuid_i--; ++ break; ++ } + } + if (cpuid_i == KVM_MAX_CPUID_ENTRIES) { + fprintf(stderr, "cpuid_data is full, no space for " +-- +2.33.0 + diff --git a/1159-target-i386-Enable-fdp-excptn-only-and-zero-fcs-fds.patch b/1159-target-i386-Enable-fdp-excptn-only-and-zero-fcs-fds.patch new file mode 100644 index 0000000..9a62c2b --- /dev/null +++ b/1159-target-i386-Enable-fdp-excptn-only-and-zero-fcs-fds.patch @@ -0,0 +1,71 @@ +From ce5c3c726463e323d85ce9ba3df824c22841e8d3 Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 14 Aug 2024 03:54:24 -0400 +Subject: [PATCH 1159/1162] target/i386: Enable fdp-excptn-only and + zero-fcs-fds + +commit 7dddc3bb875e7141ab25931d0f30a1c319bc8457 upstream. + +- CPUID.(EAX=07H,ECX=0H):EBX[bit 6]: x87 FPU Data Pointer updated only + on x87 exceptions if 1. + +- CPUID.(EAX=07H,ECX=0H):EBX[bit 13]: Deprecates FPU CS and FPU DS + values if 1. i.e., X87 FCS and FDS are always zero. + +Define names for them so that they can be exposed to guest with -cpu host. + +Also define the bit field MACROs so that named cpu models can add it as +well in the future. + +Intel-SIG: commit 7dddc3bb875e target/i386: Enable fdp-excptn-only and zero-fcs-fds + +Signed-off-by: Xiaoyao Li +Link: https://lore.kernel.org/r/20240814075431.339209-3-xiaoyao.li@intel.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 4 ++-- + target/i386/cpu.h | 4 ++++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 50f2a2d53d3c..ca839596885d 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -817,9 +817,9 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { + "fsgsbase", "tsc-adjust", "sgx", "bmi1", +- "hle", "avx2", NULL, "smep", ++ "hle", "avx2", "fdp-excptn-only", "smep", + "bmi2", "erms", "invpcid", "rtm", +- NULL, NULL, "mpx", NULL, ++ NULL, "zero-fcs-fds", "mpx", NULL, + "avx512f", "avx512dq", "rdseed", "adx", + "smap", "avx512ifma", "pcommit", "clflushopt", + "clwb", "intel-pt", "avx512pf", "avx512er", +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index b096c8b98888..a37221c886f7 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -790,6 +790,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + #define CPUID_7_0_EBX_HLE (1U << 4) + /* Intel Advanced Vector Extensions 2 */ + #define CPUID_7_0_EBX_AVX2 (1U << 5) ++/* FPU data pointer updated only on x87 exceptions */ ++#define CPUID_7_0_EBX_FDP_EXCPTN_ONLY (1u << 6) + /* Supervisor-mode Execution Prevention */ + #define CPUID_7_0_EBX_SMEP (1U << 7) + /* 2nd Group of Advanced Bit Manipulation Extensions */ +@@ -800,6 +802,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + #define CPUID_7_0_EBX_INVPCID (1U << 10) + /* Restricted Transactional Memory */ + #define CPUID_7_0_EBX_RTM (1U << 11) ++/* Zero out FPU CS and FPU DS */ ++#define CPUID_7_0_EBX_ZERO_FCS_FDS (1U << 13) + /* Memory Protection Extension */ + #define CPUID_7_0_EBX_MPX (1U << 14) + /* AVX-512 Foundation */ +-- +2.33.0 + diff --git a/1160-target-i386-Construct-CPUID-2-as-stateful-iff-times-.patch b/1160-target-i386-Construct-CPUID-2-as-stateful-iff-times-.patch new file mode 100644 index 0000000..cd93d8a --- /dev/null +++ b/1160-target-i386-Construct-CPUID-2-as-stateful-iff-times-.patch @@ -0,0 +1,42 @@ +From eb17b79e602e2437162618f88013e0a7d9bf6501 Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 14 Aug 2024 03:54:27 -0400 +Subject: [PATCH 1160/1162] target/i386: Construct CPUID 2 as stateful iff + times > 1 + +commit 5ab639141b6d916a6f4041d4ec46f2f1a1e4a365 upstream. + +When times == 1, the CPUID leaf 2 is not stateful. + +Intel-SIG: commit 5ab639141b6d target/i386: Construct CPUID 2 as stateful iff times > 1 + +Signed-off-by: Xiaoyao Li +Link: https://lore.kernel.org/r/20240814075431.339209-6-xiaoyao.li@intel.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/kvm/kvm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 85e529942c2c..c04de5589d52 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -1767,10 +1767,12 @@ int kvm_arch_init_vcpu(CPUState *cs) + int times; + + c->function = i; +- c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC | +- KVM_CPUID_FLAG_STATE_READ_NEXT; + cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx); + times = c->eax & 0xff; ++ if (times > 1) { ++ c->flags = KVM_CPUID_FLAG_STATEFUL_FUNC | ++ KVM_CPUID_FLAG_STATE_READ_NEXT; ++ } + + for (j = 1; j < times; ++j) { + if (cpuid_i == KVM_MAX_CPUID_ENTRIES) { +-- +2.33.0 + diff --git a/1161-target-i386-Make-invtsc-migratable-when-user-sets-ts.patch b/1161-target-i386-Make-invtsc-migratable-when-user-sets-ts.patch new file mode 100644 index 0000000..23afc0b --- /dev/null +++ b/1161-target-i386-Make-invtsc-migratable-when-user-sets-ts.patch @@ -0,0 +1,66 @@ +From 63334a1c9031981b02d05744e73f8518518e27dd Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 14 Aug 2024 03:54:31 -0400 +Subject: [PATCH 1161/1162] target/i386: Make invtsc migratable when user sets + tsc-khz explicitly + +commit 87c88db3143e91076d167a62dd7febf49afca8a2 upstream. + +When user sets tsc-frequency explicitly, the invtsc feature is actually +migratable because the tsc-frequency is supposed to be fixed during the +migration. + +See commit d99569d9d856 ("kvm: Allow invtsc migration if tsc-khz +is set explicitly") for referrence. + +Intel-SIG: commit 87c88db3143e target/i386: Make invtsc migratable when user sets tsc-khz explicitly + +Signed-off-by: Xiaoyao Li +Link: https://lore.kernel.org/r/20240814075431.339209-10-xiaoyao.li@intel.com +Signed-off-by: Paolo Bonzini +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index ca839596885d..2922514d3ecf 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1569,9 +1569,10 @@ static inline uint64_t x86_cpu_xsave_xss_components(X86CPU *cpu) + * Returns the set of feature flags that are supported and migratable by + * QEMU, for a given FeatureWord. + */ +-static uint64_t x86_cpu_get_migratable_flags(FeatureWord w) ++static uint64_t x86_cpu_get_migratable_flags(X86CPU *cpu, FeatureWord w) + { + FeatureWordInfo *wi = &feature_word_info[w]; ++ CPUX86State *env = &cpu->env; + uint64_t r = 0; + int i; + +@@ -1585,6 +1586,12 @@ static uint64_t x86_cpu_get_migratable_flags(FeatureWord w) + r |= f; + } + } ++ ++ /* when tsc-khz is set explicitly, invtsc is migratable */ ++ if ((w == FEAT_8000_0007_EDX) && env->user_tsc_khz) { ++ r |= CPUID_APM_INVTSC; ++ } ++ + return r; + } + +@@ -5657,7 +5664,7 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w) + } + #endif + if (cpu && cpu->migratable) { +- r &= x86_cpu_get_migratable_flags(w); ++ r &= x86_cpu_get_migratable_flags(cpu, w); + } + return r; + } +-- +2.33.0 + diff --git a/1162-target-i386-cpu-Fix-notes-for-CPU-models.patch b/1162-target-i386-cpu-Fix-notes-for-CPU-models.patch new file mode 100644 index 0000000..f9dd246 --- /dev/null +++ b/1162-target-i386-cpu-Fix-notes-for-CPU-models.patch @@ -0,0 +1,43 @@ +From ff6e9894f752ea68af2a344b3152d2f951360eef Mon Sep 17 00:00:00 2001 +From: Han Han +Date: Thu, 19 Dec 2024 16:51:38 +0800 +Subject: [PATCH 1162/1162] target/i386/cpu: Fix notes for CPU models + +commit 93dcc9390e5ad0696ae7e9b7b3a5b08c2d1b6de6 upstream. + +Intel-SIG: commit 93dcc9390e5a target/i386/cpu: Fix notes for CPU models + +Fixes: 644e3c5d812 ("missing vmx features for Skylake-Server and Cascadelake-Server") +Signed-off-by: Han Han +Reviewed-by: Chenyi Qiang +Reviewed-by: Michael Tokarev +Signed-off-by: Michael Tokarev +Signed-off-by: Jason Zeng +--- + target/i386/cpu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 2922514d3ecf..b8c5a11a89a2 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -3156,6 +3156,7 @@ static const X86CPUDefinition builtin_x86_defs[] = { + }, + { + .version = 4, ++ .note = "IBRS, EPT switching, no TSX", + .props = (PropValue[]) { + { "vmx-eptp-switching", "on" }, + { /* end of list */ } +@@ -3290,7 +3291,7 @@ static const X86CPUDefinition builtin_x86_defs[] = { + }, + }, + { .version = 4, +- .note = "ARCH_CAPABILITIES, no TSX", ++ .note = "ARCH_CAPABILITIES, EPT switching, no TSX", + .props = (PropValue[]) { + { "vmx-eptp-switching", "on" }, + { /* end of list */ } +-- +2.33.0 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index aa59254..c20cdb7 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.7 +%define anolis_release .0.8 %global SLOF_gittagdate 20191022 %global SLOF_gittagcommit 899d9883 @@ -1045,6 +1045,29 @@ Patch1136: 1136-newfeature-hw-vfio-hct-sharing-CCP-resources-between.patch Patch1137: 1137-bugfix-hw-vfio-hct-exit-once-mdev-deivce-realize-fai.patch Patch1138: 1138-bugfix-hw-vfio-hct-build-hct-device-in-default.patch Patch1139: Repair-CPU-hotplug-object-repeated-release-problem.patch +Patch1140: 1140-target-i386-Allow-MCDT_NO-if-host-supports.patch +Patch1141: 1141-vmxcap-add-tertiary-execution-controls.patch +Patch1142: 1142-target-i386-add-support-for-VMX_SECONDARY_EXEC_ENABL.patch +Patch1143: 1143-target-i386-enumerate-bit-56-of-MSR_IA32_VMX_BASIC.patch +Patch1144: 1144-target-i386-fix-feature-dependency-for-WAITPKG.patch +Patch1145: 1145-target-i386-add-support-for-LAM-in-CPUID-enumeration.patch +Patch1146: 1146-target-i386-add-control-bits-support-for-LAM.patch +Patch1147: 1147-target-i386-add-support-for-FRED-in-CPUID-enumeratio.patch +Patch1148: 1148-target-i386-mark-CR4.FRED-not-reserved.patch +Patch1149: 1149-vmxcap-add-support-for-VMX-FRED-controls.patch +Patch1150: 1150-target-i386-enumerate-VMX-nested-exception-support.patch +Patch1151: 1151-target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch +Patch1152: 1152-target-i386-Delete-duplicated-macro-definition-CR4_F.patch +Patch1153: 1153-target-i386-Add-VMX-control-bits-for-nested-FRED-sup.patch +Patch1154: 1154-target-i386-Raise-the-highest-index-value-used-for-a.patch +Patch1155: 1155-target-i386-Add-more-features-enumerated-by-CPUID.7..patch +Patch1156: 1156-target-i386-pass-X86CPU-to-x86_cpu_get_supported_fea.patch +Patch1157: 1157-i386-cpuid-Remove-subleaf-constraint-on-CPUID-leaf-1.patch +Patch1158: 1158-target-i386-Don-t-construct-a-all-zero-entry-for-CPU.patch +Patch1159: 1159-target-i386-Enable-fdp-excptn-only-and-zero-fcs-fds.patch +Patch1160: 1160-target-i386-Construct-CPUID-2-as-stateful-iff-times-.patch +Patch1161: 1161-target-i386-Make-invtsc-migratable-when-user-sets-ts.patch +Patch1162: 1162-target-i386-cpu-Fix-notes-for-CPU-models.patch BuildRequires: wget BuildRequires: rpm-build @@ -2283,6 +2306,32 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %endif %changelog +* Tue Mar 11 2025 Jason Zeng - 6.2.0-53.0.1.8 +- Dependency patches for Intel CWF platform +- 1140-target-i386-Allow-MCDT_NO-if-host-supports.patch +- 1141-vmxcap-add-tertiary-execution-controls.patch +- 1142-target-i386-add-support-for-VMX_SECONDARY_EXEC_ENABL.patch +- 1143-target-i386-enumerate-bit-56-of-MSR_IA32_VMX_BASIC.patch +- 1144-target-i386-fix-feature-dependency-for-WAITPKG.patch +- 1145-target-i386-add-support-for-LAM-in-CPUID-enumeration.patch +- 1146-target-i386-add-control-bits-support-for-LAM.patch +- 1147-target-i386-add-support-for-FRED-in-CPUID-enumeratio.patch +- 1148-target-i386-mark-CR4.FRED-not-reserved.patch +- 1149-vmxcap-add-support-for-VMX-FRED-controls.patch +- 1150-target-i386-enumerate-VMX-nested-exception-support.patch +- 1151-target-i386-Add-get-set-migrate-support-for-FRED-MSR.patch +- 1152-target-i386-Delete-duplicated-macro-definition-CR4_F.patch +- 1153-target-i386-Add-VMX-control-bits-for-nested-FRED-sup.patch +- 1154-target-i386-Raise-the-highest-index-value-used-for-a.patch +- 1155-target-i386-Add-more-features-enumerated-by-CPUID.7..patch +- 1156-target-i386-pass-X86CPU-to-x86_cpu_get_supported_fea.patch +- 1157-i386-cpuid-Remove-subleaf-constraint-on-CPUID-leaf-1.patch +- 1158-target-i386-Don-t-construct-a-all-zero-entry-for-CPU.patch +- 1159-target-i386-Enable-fdp-excptn-only-and-zero-fcs-fds.patch +- 1160-target-i386-Construct-CPUID-2-as-stateful-iff-times-.patch +- 1161-target-i386-Make-invtsc-migratable-when-user-sets-ts.patch +- 1162-target-i386-cpu-Fix-notes-for-CPU-models.patch + * Thu Mar 6 2025 Xianglai Li - 6.2.0-53.0.1.7 - Repair-CPU-hotplug-object-repeated-release-problem.patch -- Gitee