Added the hmp command to query local apic registers state, may be
usefull after guest crashes to understand IRQ routing in guest.

(qemu) info lapic
dumping local APIC state for CPU 0

LVT0    0x00010700 active-hi edge  masked                      ExtINT (vec 0)
LVT1    0x00000400 active-hi edge                              NMI
LVTPC   0x00010000 active-hi edge  masked                      Fixed  (vec 0)
LVTERR  0x000000fe active-hi edge                              Fixed  (vec 254)
LVTTHMR 0x00010000 active-hi edge  masked                      Fixed  (vec 0)
LVTT    0x000000ef active-hi edge                 one-shot     Fixed  (vec 239)
Timer   DCR=0x3 (divide by 16) initial_count = 61360
SPIV    0x000001ff APIC enabled, focus=off, spurious vec 255
ICR     0x000000fd physical edge de-assert no-shorthand
ICR2    0x00000001 cpu 1 (X2APIC ID)
ESR     0x00000000
ISR     (none)
IRR     239

APR 0x00 TPR 0x00 DFR 0x0f LDR 0x00 PPR 0x00
Signed-off-by: NPavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: NDenis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Andreas Färber <afaerber@suse.de>
Message-Id: <1442927901-1084-7-git-send-email-den@openvz.org>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

These include page table walks, SVM accesses and SMM state save accesses.

The bulk of the patch is obtained with

   sed -i 's/\(\<[a-z_]*_phys\(_notdirty\)\?\>(cs\)->as,/x86_\1,/'
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Running barebox on qemu-system-mips* with '-d unimp' overloads
stderr by very very many mips_cpu_handle_mmu_fault() messages:

  mips_cpu_handle_mmu_fault address=b80003fd ret 0 physical 00000000180003fd prot 3
  mips_cpu_handle_mmu_fault address=a0800884 ret 0 physical 0000000000800884 prot 3
  mips_cpu_handle_mmu_fault pc a080cd80 ad b80003fd rw 0 mmu_idx 0

So it's very difficult to find LOG_UNIMP message.

The mips_cpu_handle_mmu_fault() messages appear on enabling ANY
logging! It's not very handy.

Adding separate log category for *_cpu_handle_mmu_fault()
logging fixes the problem.
Signed-off-by: NAntony Pavlov <antonynpavlov@gmail.com>
Acked-by: NAlexander Graf <agraf@suse.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>
Message-id: 1418489298-1184-1-git-send-email-antonynpavlov@gmail.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Note that the code that was within the "exit" ifdef block
was identical to the cpu_compute_eflags inline, so make that
simplification at the same time.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Message-id: 1410626734-3804-4-git-send-email-rth@twiddle.net
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Make the debug_excp_handler target specific hook into a QOM
CPU method.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Commit e8f6d00c ("target-i386: raise
page fault for reserved physical address bits") added a check that the
NX bit is not set on PAE PDPEs, but it also added it to rsvd_mask for
the rest of the function. This caused any PDEs or PTEs with NX set to be
erroneously rejected, making PAE guests with NX support unusable.
Signed-off-by: NWilliam Grant <wgrant@ubuntu.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Previously, execute would be disabled for all pages with SMEP enabled,
regardless of what mode the access took place in.
Signed-off-by: NRicky Zhou <ricky@rzhou.org>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Make the code a bit more similar to x86_cpu_handle_mmu_fault.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

User pages must be marked as non-executable when running under SMEP;
otherwise, fetching the page first and then calling it will fail.

With this patch, all SMEP testcases in kvm-unit-tests now pass.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

4MB pages can use 40-bit addresses by putting the higher 8 bits in bits
20-13 of the PDE.  Bit 21 is reserved.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

In large pages, bit 12 is for PAT, but bits starting at 13 are reserved.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

They can moved to after the dirty bit processing, and unified between
CR0.PG=1 and CR0.PG=0.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The correct error code is 9 (present, reserved), not 8.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Given the simplifications to the code in the previous patches, this
is now very simple to do.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This will help adding 1GB page support in the next patch.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Remove the tail of the PAE case, so that we can use "goto" in the
next patch to jump to the protection checks.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Do not use this MMU index at all if CR4.SMAP is false, and drop
the SMAP check from x86_cpu_handle_mmu_fault.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

With SMAP, implicit kernel accesses from user mode always behave as
if AC=0.  To do this, kernel mode is not anymore a separate MMU mode.
Instead, KERNEL_IDX is renamed to KSMAP_IDX and the kernel mode accessors
wrap KSMAP_IDX and KNOSMAP_IDX.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

This is the mode where SMAP is overridden, put "NO" in its name.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Most MSRs, plus the FPU, MMX, MXCSR, XMM and YMM registers should not
be zeroed on INIT (Table 9-1 in the Intel SDM).  Copy them out of
CPUX86State and back in, instead of special casing env->pat.

The relevant fields are already consecutive except PAT and SMBASE.
However:

- KVM and Hyper-V MSRs should be reset because they include memory
locations written by the hypervisor.  These MSRs are moved together
at the end of the preserved area.

- SVM state can be moved out of the way since it is written by VMRUN.

Cc: Andreas Faerber <afaerber@suse.de>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Reviewed-by: NGleb Natapov <gnatapov@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Linux guests, when using more than 4GB of RAM, may end up using 1GB pages
to store (kernel) data. When this happens, we're unable to debug a running
Linux kernel with GDB:

(gdb) p node_data[0]->node_id
Cannot access memory at address 0xffff88013fffd3a0
(gdb)

GDB returns this error because x86_cpu_get_phys_page_debug() doesn't support
translating 1GB pages in IA-32e paging mode and returns an error to GDB.

This commit adds support for 1GB page translation for IA32e paging.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Use CPUState. Allows to clean up CPUArchState in gdbstub.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Use CPUState. This lets us drop a few local env usages.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

This lets us drop some local variables in tlb_fill() functions.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Most targets were using offsetof(CPUFooState, breakpoints) to determine
how much of CPUFooState to clear on reset. Use the next field after
CPU_COMMON instead, if any, or sizeof(CPUFooState) otherwise.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Signed-off-by: NAndreas Färber <afaerber@suse.de>

Reset them.
Signed-off-by: NAndreas Färber <afaerber@suse.de>