[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 0723cc: target/i386: add VMX features to name
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 0723cc: target/i386: add VMX features to named CPU models |
|
Date: |
Thu, 21 Nov 2019 10:25:08 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 0723cc8a5558c94388db75ae1f4991314914edd3
https://github.com/qemu/qemu/commit/0723cc8a5558c94388db75ae1f4991314914edd3
Author: Paolo Bonzini <address@hidden>
Date: 2019-11-21 (Thu, 21 Nov 2019)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
target/i386: add VMX features to named CPU models
This allows using "-cpu Haswell,+vmx", which we did not really want to
support in QEMU but was produced by Libvirt when using the "host-model"
CPU model. Without this patch, no VMX feature is _actually_ supported
(only the basic instruction set extensions are) and KVM fails to load
in the guest.
This was produced from the output of scripts/kvm/vmxcap using the following
very ugly Python script:
bits = {
'INS/OUTS instruction information': ['FEAT_VMX_BASIC',
'MSR_VMX_BASIC_INS_OUTS'],
'IA32_VMX_TRUE_*_CTLS support': ['FEAT_VMX_BASIC',
'MSR_VMX_BASIC_TRUE_CTLS'],
'External interrupt exiting': ['FEAT_VMX_PINBASED_CTLS',
'VMX_PIN_BASED_EXT_INTR_MASK'],
'NMI exiting': ['FEAT_VMX_PINBASED_CTLS',
'VMX_PIN_BASED_NMI_EXITING'],
'Virtual NMIs': ['FEAT_VMX_PINBASED_CTLS',
'VMX_PIN_BASED_VIRTUAL_NMIS'],
'Activate VMX-preemption timer': ['FEAT_VMX_PINBASED_CTLS',
'VMX_PIN_BASED_VMX_PREEMPTION_TIMER'],
'Process posted interrupts': ['FEAT_VMX_PINBASED_CTLS',
'VMX_PIN_BASED_POSTED_INTR'],
'Interrupt window exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_VIRTUAL_INTR_PENDING'],
'Use TSC offsetting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_USE_TSC_OFFSETING'],
'HLT exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_HLT_EXITING'],
'INVLPG exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_INVLPG_EXITING'],
'MWAIT exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_MWAIT_EXITING'],
'RDPMC exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_RDPMC_EXITING'],
'RDTSC exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_RDTSC_EXITING'],
'CR3-load exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_CR3_LOAD_EXITING'],
'CR3-store exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_CR3_STORE_EXITING'],
'CR8-load exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_CR8_LOAD_EXITING'],
'CR8-store exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_CR8_STORE_EXITING'],
'Use TPR shadow': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_TPR_SHADOW'],
'NMI-window exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_VIRTUAL_NMI_PENDING'],
'MOV-DR exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_MOV_DR_EXITING'],
'Unconditional I/O exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_UNCOND_IO_EXITING'],
'Use I/O bitmaps': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_USE_IO_BITMAPS'],
'Monitor trap flag': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_MONITOR_TRAP_FLAG'],
'Use MSR bitmaps': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_USE_MSR_BITMAPS'],
'MONITOR exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_MONITOR_EXITING'],
'PAUSE exiting': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_PAUSE_EXITING'],
'Activate secondary control': ['FEAT_VMX_PROCBASED_CTLS',
'VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS'],
'Virtualize APIC accesses': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES'],
'Enable EPT': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_ENABLE_EPT'],
'Descriptor-table exiting': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_DESC'],
'Enable RDTSCP': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_RDTSCP'],
'Virtualize x2APIC mode': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE'],
'Enable VPID': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_ENABLE_VPID'],
'WBINVD exiting': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_WBINVD_EXITING'],
'Unrestricted guest': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST'],
'APIC register emulation': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT'],
'Virtual interrupt delivery': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY'],
'PAUSE-loop exiting': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_PAUSE_LOOP_EXITING'],
'RDRAND exiting': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_RDRAND_EXITING'],
'Enable INVPCID': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_ENABLE_INVPCID'],
'Enable VM functions': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_ENABLE_VMFUNC'],
'VMCS shadowing': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_SHADOW_VMCS'],
'RDSEED exiting': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_RDSEED_EXITING'],
'Enable PML': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_ENABLE_PML'],
'Enable XSAVES/XRSTORS': ['FEAT_VMX_SECONDARY_CTLS',
'VMX_SECONDARY_EXEC_XSAVES'],
'Save debug controls': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_SAVE_DEBUG_CONTROLS'],
'Load IA32_PERF_GLOBAL_CTRL': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL'],
'Acknowledge interrupt on exit': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_ACK_INTR_ON_EXIT'],
'Save IA32_PAT': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_SAVE_IA32_PAT'],
'Load IA32_PAT': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_LOAD_IA32_PAT'],
'Save IA32_EFER': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_SAVE_IA32_EFER'],
'Load IA32_EFER': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_LOAD_IA32_EFER'],
'Save VMX-preemption timer value': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER'],
'Clear IA32_BNDCFGS': ['FEAT_VMX_EXIT_CTLS',
'VMX_VM_EXIT_CLEAR_BNDCFGS'],
'Load debug controls': ['FEAT_VMX_ENTRY_CTLS',
'VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS'],
'IA-32e mode guest': ['FEAT_VMX_ENTRY_CTLS',
'VMX_VM_ENTRY_IA32E_MODE'],
'Load IA32_PERF_GLOBAL_CTRL': ['FEAT_VMX_ENTRY_CTLS',
'VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL'],
'Load IA32_PAT': ['FEAT_VMX_ENTRY_CTLS',
'VMX_VM_ENTRY_LOAD_IA32_PAT'],
'Load IA32_EFER': ['FEAT_VMX_ENTRY_CTLS',
'VMX_VM_ENTRY_LOAD_IA32_EFER'],
'Load IA32_BNDCFGS': ['FEAT_VMX_ENTRY_CTLS',
'VMX_VM_ENTRY_LOAD_BNDCFGS'],
'Store EFER.LMA into IA-32e mode guest control': ['FEAT_VMX_MISC',
'MSR_VMX_MISC_STORE_LMA'],
'HLT activity state': ['FEAT_VMX_MISC',
'MSR_VMX_MISC_ACTIVITY_HLT'],
'VMWRITE to VM-exit information fields': ['FEAT_VMX_MISC',
'MSR_VMX_MISC_VMWRITE_VMEXIT'],
'Inject event with insn length=0': ['FEAT_VMX_MISC',
'MSR_VMX_MISC_ZERO_LEN_INJECT'],
'Execute-only EPT translations': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_EXECONLY'],
'Page-walk length 4': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_PAGE_WALK_LENGTH_4'],
'Paging-structure memory type WB': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_WB'],
'2MB EPT pages': ['FEAT_VMX_EPT_VPID_CAPS', 'MSR_VMX_EPT_2MB |
MSR_VMX_EPT_1GB'],
'INVEPT supported': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVEPT'],
'EPT accessed and dirty flags': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_AD_BITS'],
'Single-context INVEPT': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT'],
'All-context INVEPT': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVEPT_ALL_CONTEXT'],
'INVVPID supported': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVVPID'],
'Individual-address INVVPID': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVVPID_SINGLE_ADDR'],
'Single-context INVVPID': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT'],
'All-context INVVPID': ['FEAT_VMX_EPT_VPID_CAPS',
'MSR_VMX_EPT_INVVPID_ALL_CONTEXT'],
'Single-context-retaining-globals INVVPID':
['FEAT_VMX_EPT_VPID_CAPS', 'MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS'],
'EPTP Switching': ['FEAT_VMX_VMFUNC',
'MSR_VMX_VMFUNC_EPT_SWITCHING']
}
import sys
import textwrap
out = {}
for l in sys.stdin.readlines():
l = l.rstrip()
if l.endswith('!!'):
l = l[:-2].rstrip()
if l.startswith(' ') and (l.endswith('default') or
l.endswith('yes')):
l = l[4:]
for key, value in bits.items():
if l.startswith(key):
ctl, bit = value
if ctl in out:
out[ctl] = out[ctl] + ' | '
else:
out[ctl] = ' [%s] = ' % ctl
out[ctl] = out[ctl] + bit
for x in sorted(out.keys()):
print("\n ".join(textwrap.wrap(out[x] + ",")))
Note that the script has a bug in that some keys apply to both VM entry
and VM exit controls ("load IA32_PERF_GLOBAL_CTRL", "load IA32_EFER",
"load IA32_PAT". Those have to be fixed by hand.
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 2a9758c51e2c2d13fc3845c3d603c11df98b8823
https://github.com/qemu/qemu/commit/2a9758c51e2c2d13fc3845c3d603c11df98b8823
Author: Paolo Bonzini <address@hidden>
Date: 2019-11-21 (Thu, 21 Nov 2019)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/kvm.c
M target/i386/machine.c
Log Message:
-----------
target/i386: add support for MSR_IA32_TSX_CTRL
The MSR_IA32_TSX_CTRL MSR can be used to hide TSX (also known as the
Trusty Side-channel Extension). By virtualizing the MSR, KVM guests
can disable TSX and avoid paying the price of mitigating TSX-based
attacks on microarchitectural side channels.
Reviewed-by: Eduardo Habkost <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 9ab2237f1979f31de228b2a73b56925dbde938d1
https://github.com/qemu/qemu/commit/9ab2237f1979f31de228b2a73b56925dbde938d1
Author: Eduardo Habkost <address@hidden>
Date: 2019-11-21 (Thu, 21 Nov 2019)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386: Add new versions of Skylake/Cascadelake/Icelake without TSX
One of the mitigation methods for TAA[1] is to disable TSX
support on the host system. Linux added a mechanism to disable
TSX globally through the kernel command line, and many Linux
distributions now default to tsx=off. This makes existing CPU
models that have HLE and RTM enabled not usable anymore.
Add new versions of all CPU models that have the HLE and RTM
features enabled, that can be used when TSX is disabled in the
host system.
References:
[1] TAA, TSX asynchronous Abort:
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html
Signed-off-by: Eduardo Habkost <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 02fa60d10137ed2ef17534718d7467e0d2170142
https://github.com/qemu/qemu/commit/02fa60d10137ed2ef17534718d7467e0d2170142
Author: Eduardo Habkost <address@hidden>
Date: 2019-11-21 (Thu, 21 Nov 2019)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386: Add -noTSX aliases for hle=off, rtm=off CPU models
We have been trying to avoid adding new aliases for CPU model
versions, but in the case of changes in defaults introduced by
the TAA mitigation patches, the aliases might help avoid user
confusion when applying host software updates.
Signed-off-by: Eduardo Habkost <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Commit: 2061735ff09f9d5e67c501a96227b470e7de69b1
https://github.com/qemu/qemu/commit/2061735ff09f9d5e67c501a96227b470e7de69b1
Author: Peter Maydell <address@hidden>
Date: 2019-11-21 (Thu, 21 Nov 2019)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/kvm.c
M target/i386/machine.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* x86 updates for Intel errata (myself, Eduardo)
* the big ugly list of x86 VMX features, which was targeted for 5.0 but
caused a Libvirt regression (myself)
# gpg: Signature made Thu 21 Nov 2019 15:35:13 GMT
# gpg: using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <address@hidden>" [full]
# gpg: aka "Paolo Bonzini <address@hidden>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
i386: Add -noTSX aliases for hle=off, rtm=off CPU models
i386: Add new versions of Skylake/Cascadelake/Icelake without TSX
target/i386: add support for MSR_IA32_TSX_CTRL
target/i386: add VMX features to named CPU models
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/996970236c00...2061735ff09f
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 0723cc: target/i386: add VMX features to named CPU models,
Peter Maydell <=