- 17 May, 2010 40 commits
-
-
Gleb Natapov authored
Decode CMPXCHG8B destination operand in decoding stage. Fixes regression introduced by "If LOCK prefix is used dest arg should be memory" commit. This commit relies on dst operand be decoded at the beginning of an instruction emulation. Signed-off-by:
Gleb Natapov <gleb@redhat.com> Signed-off-by:
Avi Kivity <avi@redhat.com>
-
Gleb Natapov authored
Make sure that rflags is committed only after successful instruction emulation. Signed-off-by:
-
Jan Kiszka authored
Signed-off-by:
Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by:
-
Gleb Natapov authored
Unify all conditions that get us back into emulator after returning from userspace. Signed-off-by:
Marcelo Tosatti <mtosatti@redhat.com>
-
Gleb Natapov authored
To optimize "rep ins" instruction do IO in big chunks ahead of time instead of doing it only when required during instruction emulation. Signed-off-by:
-
Gleb Natapov authored
Currently when string instruction is only partially complete we go back to a guest mode, guest tries to reexecute instruction and exits again and at this point emulation continues. Avoid all of this by restarting instruction without going back to a guest mode, but return to a guest mode each 1024 iterations to allow interrupt injection. Pending exception causes immediate guest entry too. Signed-off-by:
-
Gleb Natapov authored
c->eip is never written back in case of emulation failure, so no need to set it to old value. Signed-off-by:
-
Gleb Natapov authored
Currently emulation is done outside of emulator so things like doing ins/outs to/from mmio are broken it also makes it hard (if not impossible) to implement single stepping in the future. The implementation in this patch is not efficient since it exits to userspace for each IO while previous implementation did 'ins' in batches. Further patch that implements pio in string read ahead address this problem. Signed-off-by:
-
Gleb Natapov authored
in/out emulation is broken now. The breakage is different depending on where IO device resides. If it is in userspace emulator reports emulation failure since it incorrectly interprets kvm_emulate_pio() return value. If IO device is in the kernel emulation of 'in' will do nothing since kvm_emulate_pio() stores result directly into vcpu registers, so emulator will overwrite result of emulation during commit of shadowed register. Signed-off-by:
-
Gleb Natapov authored
Signed-off-by:
-
Gleb Natapov authored
Add decoding of X,Y parameters from Intel SDM which are used by string instruction to specify source and destination. Use this new decoding to implement movs, cmps, stos, lods in a generic way. Signed-off-by:
-
Gleb Natapov authored
All struct operand fields are initialized during decoding for all operand types except OP_MEM, but there is no reason for that. Move OP_MEM operand initialization into decoding stage for consistency. Signed-off-by:
-
Gleb Natapov authored
Remove old task switch code from x86.c Signed-off-by:
-
Gleb Natapov authored
Signed-off-by:
-
Gleb Natapov authored
Implement emulation of 16/32 bit task switch in emulator.c Signed-off-by:
-
Gleb Natapov authored
Provide get_cached_descriptor(), set_cached_descriptor(), get_segment_selector(), set_segment_selector(), get_gdt(), write_std() callbacks. Signed-off-by:
-
Gleb Natapov authored
When x86_emulate_insn() does not know how to emulate instruction it exits via cannot_emulate label in all cases except when emulating grp3. Fix that. Signed-off-by:
-
Gleb Natapov authored
If LOCK prefix is used dest arg should be memory, otherwise instruction should generate #UD. Signed-off-by:
-
Gleb Natapov authored
Signed-off-by:
-
Gleb Natapov authored
Return X86EMUL_PROPAGATE_FAULT is fault was injected. Also inject #UD for those instruction when appropriate. Signed-off-by:
-
Gleb Natapov authored
If CR4.DE=1 access to registers DR4/DR5 cause #UD. Signed-off-by:
-
Gleb Natapov authored
Signed-off-by:
-
Gleb Natapov authored
Resent spec says that for 0f (20|21|22|23) the 2 bits in the mod field are ignored. Interestingly enough older spec says that 11 is only valid encoding. Signed-off-by:
-
Gleb Natapov authored
It is undefined and should generate #UD. Signed-off-by:
-
Gleb Natapov authored
mov r/m, sreg generates #UD ins sreg is incorrect. Signed-off-by:
-
Gleb Natapov authored
Eliminate the need to call back into KVM to get it from emulator. Signed-off-by:
-
Gleb Natapov authored
Signed-off-by:
-
Gleb Natapov authored
Use (get|set)_cr callback to emulate lmsw inside emulator. Signed-off-by:
-
Gleb Natapov authored
Use this callback instead of directly call kvm function. Also rename realmode_(set|get)_cr to emulator_(set|get)_cr since function has nothing to do with real mode. Signed-off-by:
-
Takuya Yoshikawa authored
kvm_coalesced_mmio_init() keeps to hold the addresses of a coalesced mmio ring page and dev even after it has freed them. Also, if this function fails, though it might be rare, it seems to be suggesting the system's serious state: so we'd better stop the works following the kvm_creat_vm(). This patch clears these problems. We move the coalesced mmio's initialization out of kvm_create_vm(). This seems to be natural because it includes a registration which can be done only when vm is successfully created. Signed-off-by:
Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp> Signed-off-by:
-
Gui Jianfeng authored
Make use of bool as return values, and remove some useless bool value converting. Thanks Avi to point this out. Signed-off-by:
Gui Jianfeng <guijianfeng@cn.fujitsu.com> Signed-off-by:
-
Gleb Natapov authored
Mov reg, cr instruction doesn't change flags in any meaningful way, so no need to update rflags after instruction execution. Signed-off-by:
-
Gleb Natapov authored
Check return value against correct define instead of open code the value. Signed-off-by:
-
Gleb Natapov authored
During rep emulation access length to RCX depends on current address mode. Signed-off-by:
-
Gleb Natapov authored
Set correct operation length. Add RAX (64bit) handling. Signed-off-by:
-
Avi Kivity authored
Commit fb341f57 removed the pte prefetch on guest invlpg, citing guest races. However, the SDM is adamant that prefetch is allowed: "The processor may create entries in paging-structure caches for translations required for prefetches and for accesses that are a result of speculative execution that would never actually occur in the executed code path." And, in fact, there was a race in the prefetch code: we picked up the pte without the mmu lock held, so an older invlpg could install the pte over a newer invlpg. Reinstate the prefetch logic, but this time note whether another invlpg has executed using a counter. If a race occured, do not install the pte. Signed-off-by:
-
Avi Kivity authored
The update_pte() path currently uses a nontrapping spte when a nonpresent (or nonaccessed) gpte is written. This is fine since at present it is only used on sync pages. However, on an unsync page this will cause an endless fault loop as the guest is under no obligation to invlpg a gpte that transitions from nonpresent to present. Needed for the next patch which reinstates update_pte() on invlpg. Signed-off-by:
-
Avi Kivity authored
Currently emulated atomic operations are immediately followed by a non-atomic operation, so that kvm_mmu_pte_write() can be invoked. This updates the mmu but undoes the whole point of doing things atomically. Fix by only performing the atomic operation and the mmu update, and avoiding the non-atomic write. Signed-off-by:
-
Avi Kivity authored
Once upon a time, locked operations were emulated while holding the mmu mutex. Since mmu pages were write protected, it was safe to emulate the writes in a non-atomic manner, since there could be no other writer, either in the guest or in the kernel. These days emulation takes place without holding the mmu spinlock, so the write could be preempted by an unshadowing event, which exposes the page to writes by the guest. This may cause corruption of guest page tables. Fix by using an atomic cmpxchg for these operations. Signed-off-by:
-
Avi Kivity authored
kvm_mmu_pte_write() reads guest ptes in two different occasions, both to allow a 32-bit pae guest to update a pte with 4-byte writes. Consolidate these into a single read, which also allows us to consolidate another read from an invlpg speculating a gpte into the shadow page table. Signed-off-by:
-
