The following instructions are changed to use opcode::execute.

Group 1 (80-83)
  ADD (00-05), OR (08-0D), ADC (10-15), SBB (18-1D), AND (20-25),
  SUB (28-2D), XOR (30-35), CMP (38-3D)

CMPS (A6-A7), SCAS (AE-AF)

The last two do the same as CMP in the emulator, so em_cmp() is used.
Signed-off-by: NTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: NAvi Kivity <avi@redhat.com>

This patch optimizes the guest page table walk by using get_user()
instead of copy_from_user().

With this patch applied, paging64_walk_addr_generic() has become
about 0.5us to 1.0us faster on my Phenom II machine with NPT on.
Signed-off-by: NTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: NAvi Kivity <avi@redhat.com>

By reserving 0 as an invalid x86_intercept_stage, we no longer
need to store a valid flag in x86_intercept_map.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Signed-off-by: NAvi Kivity <avi@redhat.com>

While it isn't defined, no need to force a #UD.  If it becomes defined
in the future this can cause wierd problems for the guest.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Signed-off-by: NAvi Kivity <avi@redhat.com>

arch/x86/kvm/emulate.c:2598: warning: integer constant is too large for 'long' type
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Commit 0b56652e33c72092956c651ab6ceb9f0ad081153 fails to build:

  CC [M]  arch/x86/kvm/emulate.o
arch/x86/kvm/emulate.c: In function 'x86_emulate_insn':
arch/x86/kvm/emulate.c:4095:25: error: macro "wbinvd" passed 1 arguments, but takes just 0
arch/x86/kvm/emulate.c:4095:3: warning: statement with no effect
make[2]: *** [arch/x86/kvm/emulate.o] Error 1
make[1]: *** [arch/x86/kvm] Error 2
make: *** [arch/x86] Error 2

Work around this for now.
Signed-off-by: NClemens Noss <cnoss@gmx.de>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Function ioapic_debug() in the ioapic_deliver() misnames
one filed by reference. This patch correct it.
Signed-off-by: NLiu Yuan <tailai.ly@taobao.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

This patch makes the cmpxchg_gpte() function aware of the
difference between l1-gfns and l2-gfns when nested
virtualization is in use.  This fixes a potential
data-corruption problem in the l1-guest and makes the code
work correct (at least as correct as the hardware which is
emulated in this code) again.

Cc: stable@kernel.org
Signed-off-by: NJoerg Roedel <joerg.roedel@amd.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

No longer used.
Signed-off-by: NAvi Kivity <avi@redhat.com>

We can use container_of() instead.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Instead of calling kvm_emulate_wbinvd() directly.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Artificial, but needed to remove direct calls to KVM.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Instead of reaching into vcpu internals.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Removing direct calls to KVM.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Avoid using ctxt->vcpu; we can do everything with ->get_cr() and ->set_cr().

A side effect is that we no longer activate the fpu on emulated CLTS; but that
should be very rare.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Avoid use of ctxt->vcpu.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Requires ctxt->vcpu, which is to be abolished.  Replace with open calls
to get_msr().
Signed-off-by: NAvi Kivity <avi@redhat.com>

Replacing direct calls to realmode_lgdt(), realmode_lidt().
Signed-off-by: NAvi Kivity <avi@redhat.com>

Unneeded for register access.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Making the emulator caller agnostic.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Making the emulator caller agnostic.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Making the emulator caller agnostic.

[Takuya Yoshikawa: fix typo leading to LDT failures]
Signed-off-by: NTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Making the emulator caller agnostic.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Making the emulator caller agnostic.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Clean up lines longer than 80 columns.  No code changes.
Signed-off-by: NAvi Kivity <avi@redhat.com>

Since segments need to be handled slightly differently when fetching
instructions, we add a __linearize helper that accepts a new 'fetch' boolean.

[avi: fix oops caused by wrong segmented_address initialization order]
Signed-off-by: NNelson Elhage <nelhage@ksplice.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

The last_guest_tsc is used in vcpu_load to adjust the
tsc_offset since tsc-scaling is merged. So the
last_guest_tsc needs to be updated in vcpu_put instead of
the the last_host_tsc. This is fixed with this patch.
Reported-by: NJan Kiszka <jan.kiszka@web.de>
Tested-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NJoerg Roedel <joerg.roedel@amd.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

This patch fixes a bug in the nested-svm path when
decode-assists is available on the machine. After a
selective-cr0 intercept is detected the rip is advanced
unconditionally. This causes the l1-guest to continue
running with an l2-rip.
This bug was with the sel_cr0 unit-test on decode-assists
capable hardware.
Signed-off-by: NJoerg Roedel <joerg.roedel@amd.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Currently, setting a large (i.e. negative) base address for %cs does not work on
a 64-bit host. The "JOS" teaching operating system, used by MIT and other
universities, relies on such segments while bootstrapping its way to full
virtual memory management.
Signed-off-by: NNelson Elhage <nelhage@ksplice.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Just remove useless function define kvm_inject_pit_timer_irqs() from
file arch/x86/kvm/i8254.h

Signed-off-by:Duan Jiong<djduanjiong@gmail.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Just remove useless function define kvm_pic_clear_isr_ack() and
pit_has_pending_timer()

Signed-off-by: Duan Jiong<djduanjiong@gmail.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

This patch avoids gcc issuing the following warning when KVM_MAX_VCPUS=1:
warning: array subscript is above array bounds

kvm_for_each_vcpu currently checks to see if the index for the vcpu is
valid /after/ loading it. We don't run into problems because the address
is still inside the enclosing struct kvm and we never deference or write
to it, so this isn't a security issue.

The warning occurs when KVM_MAX_VCPUS=1 because the increment portion of
the loop will *always* cause the loop to load an invalid location since
++idx will always be > 0.

This patch moves the load so that the check occurs before the load and
we don't run into the compiler warning.
Signed-off-by: NNeil Brown <neilb@suse.de>
Signed-off-by: NJeff Mahoney <jeffm@suse.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

When doing a soft int, we need to bump eip before pushing it to
the stack.  Otherwise we'll do the int a second time.

[apw@canonical.com: merged eip update as per Jan's recommendation.]
Signed-off-by: NSerge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: NAndy Whitcroft <apw@canonical.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

em_push() is a simple wrapper of emulate_push().  So this patch replaces
emulate_push() with em_push() and removes the unnecessary former.

In addition, the unused ops arguments are removed from emulate_pusha()
and emulate_grp45().
Signed-off-by: NTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: NAvi Kivity <avi@redhat.com>

PUSH emulation stores the value by calling writeback() after setting
the dst operand appropriately in emulate_push().

This writeback() using dst is not needed at all because we know the
target is the stack.  So this patch makes emulate_push() call, newly
introduced, segmented_write() directly.

By this, many inlined writeback()'s are removed.
Signed-off-by: NTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: NAvi Kivity <avi@redhat.com>

This stops "CMP r/m, reg" to write back the data into memory.
Pointed out by Avi.

The writeback suppression now covers CMP, CMPS, SCAS.
Signed-off-by: NTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: NAvi Kivity <avi@redhat.com>

In case certain allocations fail, vmx_create_vcpu may return 0 as error
instead of a negative value encoded via ERR_PTR. This causes a NULL
pointer dereferencing later on in kvm_vm_ioctl_vcpu_create.
Reported-by: NSasha Levin <levinsasha928@gmail.com>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Currently we sync registers back and forth before/after exiting
to userspace for IO, but during IO device model shouldn't need to
read/write the registers, so we can as well skip those sync points. The
only exaception is broken vmware backdor interface. The new code sync
registers content during IO only if registers are read from/written to
by userspace in the middle of the IO operation and this almost never
happens in practise.
Signed-off-by: NGleb Natapov <gleb@redhat.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>