Changes v2 -> v3;
  - Check for kvm_enabled() before setting cpuid_7_0_ebx_features

Changes v1 -> v2:
  - Use kvm_arch_get_supported_cpuid() instead of host_cpuid() on
    cpu_x86_fill_host().

  We should use GET_SUPPORTED_CPUID for all bits on "-cpu host"
  eventually, but I am not changing all the other CPUID leaves because
  we may not be able to test such an intrusive change in time for 1.1.

Description of the bug:

Since QEMU 0.15, the CPUID information on CPUID[EAX=7,ECX=0] is being
returned unfiltered to the guest, directly from the GET_SUPPORTED_CPUID
return value.

The problem is that this makes the resulting CPU feature flags
unpredictable and dependent on the host CPU and kernel version. This
breaks live-migration badly if migrating from a host CPU that supports
some features on that CPUID leaf (running a recent kernel) to a kernel
or host CPU that doesn't support it.

Migration also is incorrect (the virtual CPU changes under the guest's
feet) if you migrate in the opposite direction (from an old CPU/kernel
to a new CPU/kernel), but with less serious consequences (guests
normally query CPUID information only once on boot).

Fortunately, the bug affects only users using cpudefs with level >= 7.

The right behavior should be to explicitly enable those features on
[cpudef] config sections or on the "-cpu" command-line arguments. Right
now there is no predefined CPU model on QEMU that has those features:
the latest Intel model we have is Sandy Bridge.

I would like to get this fixed on 1.1, so I am submitting this patch,
that enables those features only if "-cpu host" is being used (as we
don't have any pre-defined CPU model that actually have those features).
After 1.1 is released, we can make those features properly configurable
on [cpudef] and -cpu configuration.

One problem is: with this patch, users with the following setup:
- Running QEMU 1.0;
- Using a cpudef having level >= 7;
- Running a kernel that supports the features on CPUID leaf 7; and
- Running on a CPU that supports some features on CPUID leaf 7
won't be able to live-migrate to QEMU 1.1. But for these users
live-migration is already broken (they can't live-migrate to hosts with
older CPUs or older kernels, already), I don't see how to avoid this
problem.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Commit de024815 (target-i386: QOM'ify
CPU init) moved mce_init() call from helper.c:cpu_x86_init() into
X86CPU's cpu.c:x86_cpu_initfn().
mce_init() checks for a family >= 6 though, so we could end up with a
sequence such as for -cpu somecpu,family=6:

  x86_cpu_initfn => X86CPU::family == 5
    mce_init => no-op
  cpu_x86_register => X86CPU::family = 6
  => MCE unexpectedly not init'ed

or for -cpu someothercpu,family=5:

  x86_cpu_initfn => X86CPU::family == 6
    mce_init => init'ed
  cpu_x86_register => X86CPU::family = 5
  => MCE unexpectedly init'ed

Therefore partially revert the above commit. To avoid moving
mce_init() back into helper.c, foresightedly move it into a
new x86_cpu_realize() function and, in lack of ObjectClass::realize,
call it directly from cpu_x86_init().

While at it, move the qemu_init_vcpu() call that used to follow
mce_init() in cpu_x86_init() into the new realizefn as well.
Reported-by: NIgor Mammedov <imammedo@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Don't assume zeroed cpuid_model[] fields.

This didn't break anything yet but QOM properties should be able to set
the value to something else without setting an intermediate zero string.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Use Hz as unit.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Using it now would incur converting the three x86_def_t vendor words
into a string for object_property_set_str(), then back to three words
in the "vendor" setter.
The built-in CPU definitions use numeric preprocessor defines to
initialize the three words in a charset-safe way, so do not change the
fields to char[12] just to use the setter.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Add the property early in the initfn so that it can be used in helpers
such as mce_init().
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
[AF: Add an error_free(), spotted by Michael Roth]
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

A family field value of 0xf and extended family field value of 0xff is
the maximum representable unsigned family number.
All other CPUID property values are bounds-checked, so add a check here
for symmetry before we adopt it in a property setter.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Avoids an x86_env_get_cpu() call there, to work with QOM properties.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

Don't assume zeroed cpuid_model[] fields.

This didn't break anything yet but QOM properties should be able to set
the value to something else without setting an intermediate zero string.
Reviewed-by: NEduardo Habhost <ehabkost@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
[AF: Use memset() instead of for loop, suggested by Igor]
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Use uintptr_t instead of void * or unsigned long in
several op related functions, env->mem_io_pc and
GETPC() macro.
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Move code from cpu_state_reset() into QOM x86_cpu_reset(),
fixing style issues for FPU init.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Move code from cpu_x86_init() to new QOM x86_cpu_initfn().
Also move mce_init() to cpu.c since it's used nowhere else.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Embed CPUX86State as first member of X86CPU.
Distinguish between "x86_64-cpu" and "i386-cpu".
Drop cpu_x86_close() in favor of calling object_delete() directly.

For now let CPUClass::reset() call cpu_state_reset().
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Name it cpu.c to align with other QOM'ified targets.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Scripted conversion:
  for file in *.[hc] hw/*.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do
    sed -i "s/CPUState/CPUArchState/g" $file
  done

All occurrences of CPUArchState are expected to be replaced by QOM CPUState,
once all targets are QOM'ified and common fields have been extracted.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>

Scripted conversion:
  sed -i "s/CPUState/CPUX86State/g" target-i386/*.[hc]
  sed -i "s/#define CPUX86State/#define CPUState/" target-i386/cpu.h
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Acked-by: NAnthony Liguori <aliguori@us.ibm.com>

Frees the identifier cpu_reset for QOM CPUs (manual rename).

Don't hide the parameter type behind explicit casts, use static
functions with strongly typed argument to indirect.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This was a long pending bug, now revealed by the assert in
phys_page_find that stumbled over the large page index returned by
cpu_get_phys_page_debug for NX-marked pages: We need to mask out NX and
all user-definable bits 52..62 from PDEs and the final PTE to avoid
corrupting physical addresses.
Reviewed-by: NAvi Kivity <avi@redhat.com>
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

valgrind warns about padding fields which are passed
to vcpu ioctls uninitialized.
This is not an error in practice because kvm ignored padding.
Since the ioctls in question are off data path and
the cost is zero anyway, initialize padding to 0
to suppress these errors.
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Remove some include statements which are not needed.
Signed-off-by: NStefan Weil <sw@weilnetz.de>

Move the logic to transform the 48-char model ID into the 12-word model
value into a helper.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Move the logic for setting the stepping field into a helper function.

To make the function self-contained and to prepare for future
unordered/multiple uses, mask out any previous stepping values first.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Move the logic for setting the model and extended model fields
into a helper function.

To make the function self-contained and to prepare for future
unordered/multiple uses, mask out any previous model values first.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Move the logic for setting the family and extended family into a
helper function.

To make the helper self-contained and in preparation of future
unordered/multiple uses, mask out any previous family values first.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Use 'i64' instead of 'lm' and 'xd' instead of 'nx' on Intel models.

The flags have different names on Intel docs, so use those names for clarity.

This is based on a previous patch from John Cooper where this was introduced
with many other changes at the same time. Original John's patch submission is
at Message-ID: <4DDAD5E7.2020002@redhat.com>, <http://marc.info/?l=qemu-devel&m=130618871926030>.

Changes v1 -> v2:
 - Rebase patch against latest Qemu git tree
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

pclmulqdq: /proc/cpuinfo on Linux and all documentation I have seen uses
pclmulqdq as the flag name. As the only document using pclmuldq seems to
be the Intel CPUID documentation (Application Note 485), it looks like a
typo and not the correct name for the flag.

ffxsr: AMD docs refer to fxsr_opt as ffxsr, so allow this named to be
used too.
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

This will allow the APIC core to file a TPR access report. Depending on
the accelerator and kernel irqchip mode, it will either be delivered
right away or queued for later reporting.

In TCG mode, we can restart the triggering instruction and can therefore
forward the event directly. KVM does not allows us to restart, so we
postpone the delivery of events recording in the user space APIC until
the current instruction is completed.

Note that KVM without in-kernel irqchip will report the address after
the instruction that triggered the access.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>

Call to kvm_cpu_synchronize_state() is missing.
kvm_arch_stop_on_emulation_error may look at outdated registers here.
Signed-off-by: NGleb Natapov <gleb@redhat.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>
Reviewed-by: NJan Kiszka <jan.kiszka@siemens.com>

To both avoid that kvm_irqchip_in_kernel always has to be paired with
kvm_enabled and that the former ends up in a function call, implement it
like the latter. This means keeping the state in a global variable and
defining kvm_irqchip_in_kernel as a preprocessor macro.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>

Introduce the KVM-specific machine option kvm_shadow_mem. It allows to
set a custom shadow MMU size for the virtual machine. This is useful for
stress testing e.g.

Only x86 supports this for now, but it is in principle a generic
concept for all targets with shadow MMUs.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>