4 * Copyright IBM, Corp. 2008
8 * Anthony Liguori <aliguori@us.ibm.com>
9 * Glauber Costa <gcosta@redhat.com>
11 * Copyright (c) 2011 Intel Corporation
13 * Jiang Yunhong<yunhong.jiang@intel.com>
14 * Xin Xiaohui<xiaohui.xin@intel.com>
15 * Zhang Xiantao<xiantao.zhang@intel.com>
17 * This work is licensed under the terms of the GNU GPL, version 2 or later.
18 * See the COPYING file in the top-level directory.
23 * HAX common code for both windows and darwin
24 * some code from KVM side
29 #include "sysemu/kvm.h"
30 #include "exec/address-spaces.h"
31 #include "qemu/main-loop.h"
33 #define HAX_EMUL_ONE 0x1
34 #define HAX_EMUL_REAL 0x2
35 #define HAX_EMUL_HLT 0x4
36 #define HAX_EMUL_EXITLOOP 0x5
38 #define HAX_EMULATE_STATE_MMIO 0x1
39 #define HAX_EMULATE_STATE_REAL 0x2
40 #define HAX_EMULATE_STATE_NONE 0x3
41 #define HAX_EMULATE_STATE_INITIAL 0x4
43 struct hax_state hax_global;
45 static int hax_disabled = 1;
49 /* Called after hax_init */
52 return (!hax_disabled && hax_support);
55 void hax_disable(int disable)
57 hax_disabled = disable;
60 /* Currently non-PG modes are emulated by QEMU */
61 int hax_vcpu_emulation_mode(CPUArchState *env)
63 // Tcg is single-thread, so we need haxm to run smp.
64 // If the host has no UG, we always run tcg.
72 static int hax_prepare_emulation(CPUArchState *env)
74 /* Flush all emulation states */
75 tlb_flush(ENV_GET_CPU(env), 1);
77 /* Sync the vcpu state from hax kernel module */
78 hax_vcpu_sync_state(env, 0);
83 * Check whether to break the translation block loop
84 * break tbloop after one MMIO emulation, or after finish emulation mode
86 static int hax_stop_tbloop(CPUArchState *env)
88 CPUState *cpu = ENV_GET_CPU(env);
89 switch (cpu->hax_vcpu->emulation_state)
91 case HAX_EMULATE_STATE_MMIO:
92 if (cpu->hax_vcpu->resync) {
93 hax_prepare_emulation(env);
94 cpu->hax_vcpu->resync = 0;
99 case HAX_EMULATE_STATE_INITIAL:
100 case HAX_EMULATE_STATE_REAL:
101 if (!hax_vcpu_emulation_mode(env))
105 dprint("Invalid emulation state in hax_sto_tbloop state %x\n",
106 cpu->hax_vcpu->emulation_state);
113 int hax_stop_emulation(CPUArchState *env)
115 CPUState *cpu = ENV_GET_CPU(env);
116 if (hax_stop_tbloop(env))
118 cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_NONE;
120 * QEMU emulation changes vcpu state,
121 * Sync the vcpu state to HAX kernel module
123 hax_vcpu_sync_state(env, 1);
130 int hax_stop_translate(CPUArchState *env)
132 struct hax_vcpu_state *vstate;
134 vstate = ENV_GET_CPU(env)->hax_vcpu;
135 assert(vstate->emulation_state);
136 if (vstate->emulation_state == HAX_EMULATE_STATE_MMIO )
142 int valid_hax_tunnel_size(uint16_t size)
144 return size >= sizeof(struct hax_tunnel);
147 hax_fd hax_vcpu_get_fd(CPUArchState *env)
149 struct hax_vcpu_state *vcpu = ENV_GET_CPU(env)->hax_vcpu;
151 return HAX_INVALID_FD;
155 /* Current version */
156 uint32_t hax_cur_version = 0x2; // ver 2.0: support fast mmio
157 /* Least HAX kernel version */
158 uint32_t hax_lest_version = 0x1;
160 static int hax_get_capability(struct hax_state *hax)
163 struct hax_capabilityinfo capinfo, *cap = &capinfo;
165 ret = hax_capability(hax, cap);
169 if ( ((cap->wstatus & HAX_CAP_WORKSTATUS_MASK) ==
170 HAX_CAP_STATUS_NOTWORKING ))
172 if (cap->winfo & HAX_CAP_FAILREASON_VT)
173 dprint("VTX feature is not enabled. which will cause HAX driver not working.\n");
174 else if (cap->winfo & HAX_CAP_FAILREASON_NX)
175 dprint("NX feature is not enabled, which will cause HAX driver not working.\n");
179 if (!(cap->winfo & HAX_CAP_UG))
181 dprint("UG feature is not available on platform needed to support HAXM.\n");
185 if (cap->wstatus & HAX_CAP_MEMQUOTA)
187 if (cap->mem_quota < hax->mem_quota)
189 dprint("The memory needed by this VM exceeds the driver limit.\n");
196 static int hax_version_support(struct hax_state *hax)
199 struct hax_module_version version;
201 ret = hax_mod_version(hax, &version);
205 if ( (hax_lest_version > version.cur_version) ||
206 (hax_cur_version < version.compat_version) )
212 int hax_vcpu_create(int id)
214 struct hax_vcpu_state *vcpu = NULL;
219 dprint("vcpu %x created failed, vm is null\n", id);
223 if (hax_global.vm->vcpus[id])
225 dprint("vcpu %x allocated already\n", id);
229 vcpu = g_malloc(sizeof(struct hax_vcpu_state));
232 dprint("Failed to alloc vcpu state\n");
236 memset(vcpu, 0, sizeof(struct hax_vcpu_state));
238 ret = hax_host_create_vcpu(hax_global.vm->fd, id);
241 dprint("Failed to create vcpu %x\n", id);
246 vcpu->fd = hax_host_open_vcpu(hax_global.vm->id, id);
247 if (hax_invalid_fd(vcpu->fd))
249 dprint("Failed to open the vcpu\n");
254 hax_global.vm->vcpus[id] = vcpu;
256 ret = hax_host_setup_vcpu_channel(vcpu);
259 dprint("Invalid hax tunnel size \n");
266 /* vcpu and tunnel will be closed automatically */
267 if (vcpu && !hax_invalid_fd(vcpu->fd))
268 hax_close_fd(vcpu->fd);
270 hax_global.vm->vcpus[id] = NULL;
275 int hax_vcpu_destroy(CPUArchState *env)
277 struct hax_vcpu_state *vcpu = ENV_GET_CPU(env)->hax_vcpu;
281 dprint("vcpu %x destroy failed, vm is null\n", vcpu->vcpu_id);
289 * 1. The hax_tunnel is also destroied when vcpu destroy
290 * 2. close fd will cause hax module vcpu be cleaned
292 hax_close_fd(vcpu->fd);
293 hax_global.vm->vcpus[vcpu->vcpu_id] = NULL;
298 int hax_init_vcpu(CPUArchState *env)
301 CPUState *cpu = ENV_GET_CPU(env);
303 ret = hax_vcpu_create(cpu->cpu_index);
306 dprint("Failed to create HAX vcpu\n");
310 cpu->hax_vcpu = hax_global.vm->vcpus[cpu->cpu_index];
311 cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_INITIAL;
312 cpu->hax_vcpu_dirty = 1;
313 qemu_register_reset(hax_reset_vcpu_state, env);
318 struct hax_vm *hax_vm_create(struct hax_state *hax)
322 char *vm_name = NULL;
324 if (hax_invalid_fd(hax->fd))
330 vm = g_malloc(sizeof(struct hax_vm));
333 memset(vm, 0, sizeof(struct hax_vm));
334 ret = hax_host_create_vm(hax, &vm_id);
336 dprint("Failed to create vm %x\n", ret);
340 vm->fd = hax_host_open_vm(hax, vm_id);
341 if (hax_invalid_fd(vm->fd))
343 dprint("Open the vm devcie error:%s\n", vm_name);
348 dprint("End of VM create, id %d\n", vm->id);
357 int hax_vm_destroy(struct hax_vm *vm)
361 for (i = 0; i < HAX_MAX_VCPU; i++)
364 dprint("VCPU should be cleaned before vm clean\n");
367 hax_close_fd(vm->fd);
369 hax_global.vm = NULL;
374 hax_region_add(MemoryListener *listener, MemoryRegionSection *section)
376 hax_set_phys_mem(section);
380 hax_region_del(MemoryListener *listener, MemoryRegionSection *section)
382 hax_set_phys_mem(section);
386 /* currently we fake the dirty bitmap sync, always dirty */
387 // avoid implicit declaration warning on Windows
388 int ffsl(long value);
389 static void hax_log_sync(MemoryListener *listener, MemoryRegionSection *section)
391 MemoryRegion *mr = section->mr;
393 unsigned int len = ((int128_get64(section->size) / TARGET_PAGE_SIZE) + HOST_LONG_BITS - 1) /
395 unsigned long bitmap[len];
398 for (i = 0; i < len; i++) {
400 c = leul_to_cpu(bitmap[i]);
404 memory_region_set_dirty(mr, (i * HOST_LONG_BITS + j) *
405 TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
410 static void hax_log_global_start(struct MemoryListener *listener)
414 static void hax_log_global_stop(struct MemoryListener *listener)
418 static void hax_log_start(MemoryListener *listener,
419 MemoryRegionSection *section)
423 static void hax_log_stop(MemoryListener *listener,
424 MemoryRegionSection *section)
428 static void hax_begin(MemoryListener *listener)
432 static void hax_commit(MemoryListener *listener)
436 static void hax_region_nop(MemoryListener *listener,
437 MemoryRegionSection *section)
441 static MemoryListener hax_memory_listener = {
443 .commit = hax_commit,
444 .region_add = hax_region_add,
445 .region_del = hax_region_del,
446 .region_nop = hax_region_nop,
447 .log_start = hax_log_start,
448 .log_stop = hax_log_stop,
449 .log_sync = hax_log_sync,
450 .log_global_start = hax_log_global_start,
451 .log_global_stop = hax_log_global_stop,
454 static void hax_handle_interrupt(CPUState *cpu, int mask)
456 cpu->interrupt_request |= mask;
458 if (!qemu_cpu_is_self(cpu)) {
463 int hax_pre_init(uint64_t ram_size)
465 struct hax_state *hax = NULL;
467 dprint("hax_disabled %d\n", hax_disabled);
471 memset(hax, 0, sizeof(struct hax_state));
472 hax->mem_quota = ram_size;
473 dprint("ram_size %lx\n", ram_size);
478 static int hax_init(void)
480 struct hax_state *hax = NULL;
481 struct hax_qemu_version qversion;
489 hax->fd = hax_mod_open();
490 if (hax_invalid_fd(hax->fd))
497 ret = hax_get_capability(hax);
506 if (!hax_version_support(hax))
508 dprint("Incompat Hax version. Qemu current version %x ", hax_cur_version );
509 dprint("requires least HAX version %x\n", hax_lest_version);
514 hax->vm = hax_vm_create(hax);
517 dprint("Failed to create HAX VM\n");
522 memory_listener_register(&hax_memory_listener, &address_space_memory);
524 qversion.cur_version = hax_cur_version;
525 qversion.least_version = hax_lest_version;
526 hax_notify_qemu_version(hax->vm->fd, &qversion);
527 cpu_interrupt_handler = hax_handle_interrupt;
533 hax_vm_destroy(hax->vm);
540 int hax_accel_init(void)
543 dprint("HAX is disabled and emulator runs in emulation mode.\n");
547 ret_hax_init = hax_init();
548 if (ret_hax_init && (ret_hax_init != -ENOSPC)) {
549 dprint("No accelerator found.\n");
552 dprint("HAX is %s and emulator runs in %s mode.\n",
553 !ret_hax_init ? "working" : "not working",
554 !ret_hax_init ? "fast virt" : "emulation");
559 int hax_handle_fastmmio(CPUArchState *env, struct hax_fastmmio *hft)
563 * With fast MMIO, QEMU need not sync vCPU state with HAXM
564 * driver because it will only invoke MMIO handler
565 * However, some MMIO operations utilize virtual address like qemu_pipe
566 * Thus we need to sync the CR0, CR3 and CR4 so that QEMU
567 * can translate the guest virtual address to guest physical
570 env->cr[0] = hft->_cr0;
571 env->cr[2] = hft->_cr2;
572 env->cr[3] = hft->_cr3;
573 env->cr[4] = hft->_cr4;
577 cpu_physical_memory_rw(hft->gpa, (uint8_t *)&buf, hft->size, hft->direction);
578 if (hft->direction == 0)
584 int hax_handle_io(CPUArchState *env, uint32_t df, uint16_t port, int direction,
585 int size, int count, void *buffer)
591 ptr = (uint8_t *)buffer;
593 ptr = buffer + size * count - size;
594 for (i = 0; i < count; i++)
596 if (direction == HAX_EXIT_IO_IN) {
599 stb_p(ptr, cpu_inb(port));
602 stw_p(ptr, cpu_inw(port));
605 stl_p(ptr, cpu_inl(port));
611 cpu_outb(port, ldub_p(ptr));
614 cpu_outw(port, lduw_p(ptr));
617 cpu_outl(port, ldl_p(ptr));
630 static int hax_vcpu_interrupt(CPUArchState *env)
632 CPUState *cpu = ENV_GET_CPU(env);
633 struct hax_vcpu_state *vcpu = cpu->hax_vcpu;
634 struct hax_tunnel *ht = vcpu->tunnel;
637 * Try to inject an interrupt if the guest can accept it
638 * Unlike KVM, HAX kernel check for the eflags, instead of qemu
640 if (ht->ready_for_interrupt_injection /*&&
641 (cpu->interrupt_request & CPU_INTERRUPT_HARD)*/)
645 cpu->interrupt_request &= ~CPU_INTERRUPT_HARD;
646 irq = cpu_get_pic_interrupt(env);
648 hax_inject_interrupt(env, irq);
652 /* If we have an interrupt but the guest is not ready to receive an
653 * interrupt, request an interrupt window exit. This will
654 * cause a return to userspace as soon as the guest is ready to
655 * receive interrupts. */
656 if ((cpu->interrupt_request & CPU_INTERRUPT_HARD))
657 ht->request_interrupt_window = 1;
659 ht->request_interrupt_window = 0;
663 void hax_raise_event(CPUArchState *env)
665 struct hax_vcpu_state *vcpu = ENV_GET_CPU(env)->hax_vcpu;
669 vcpu->tunnel->user_event_pending = 1;
673 * Ask hax kernel module to run the CPU for us till:
674 * 1. Guest crash or shutdown
675 * 2. Need QEMU's emulation like guest execute MMIO instruction or guest
676 * enter emulation mode (non-PG mode)
677 * 3. Guest execute HLT
678 * 4. Qemu have Signal/event pending
679 * 5. An unknown VMX exit happens
681 extern void qemu_system_reset_request(void);
682 static int hax_vcpu_hax_exec(CPUArchState *env)
685 CPUState *cpu = ENV_GET_CPU(env);
686 struct hax_vcpu_state *vcpu = cpu->hax_vcpu;
687 struct hax_tunnel *ht = vcpu->tunnel;
689 if (hax_vcpu_emulation_mode(env))
691 dprint("Trying to vcpu execute at eip:%lx\n", env->eip);
692 return HAX_EMUL_EXITLOOP;
695 if (cpu->interrupt_request & CPU_INTERRUPT_INIT) {
696 fprintf(stderr, "\nhax_vcpu_hax_exec: handling INIT for %d \n", cpu->cpu_index);
698 hax_vcpu_sync_state(env, 1);
700 if (cpu->interrupt_request & CPU_INTERRUPT_SIPI) {
701 fprintf(stderr, "hax_vcpu_hax_exec: handling SIPI for %d \n", cpu->cpu_index);
702 hax_vcpu_sync_state(env, 0);
704 hax_vcpu_sync_state(env, 1);
707 //hax_cpu_synchronize_state(env);
712 if (cpu->exit_request) {
713 ret = HAX_EMUL_EXITLOOP ;
718 if (env->hax_vcpu_dirty) {
719 hax_vcpu_sync_state(env, 1);
720 env->hax_vcpu_dirty = 0;
724 hax_vcpu_interrupt(env);
725 qemu_mutex_unlock_iothread();
726 hax_ret = hax_vcpu_run(vcpu);
727 qemu_mutex_lock_iothread();
732 /* Simply continue the vcpu_run if system call interrupted */
733 if (hax_ret == -EINTR || hax_ret == -EAGAIN) {
734 dprint("io window interrupted\n");
740 dprint("vcpu run failed for vcpu %x\n", vcpu->vcpu_id);
743 switch (ht->_exit_status)
747 ret = hax_handle_io(env, ht->pio._df, ht->pio._port,
749 ht->pio._size, ht->pio._count, vcpu->iobuf);
755 case HAX_EXIT_FAST_MMIO:
756 ret = hax_handle_fastmmio(env,
757 (struct hax_fastmmio *)vcpu->iobuf);
762 /* Guest state changed, currently only for shutdown */
763 case HAX_EXIT_STATECHANGE:
764 dprint("VCPU shutdown request\n");
765 qemu_system_reset_request();
766 hax_prepare_emulation(env);
767 cpu_dump_state(cpu, stderr, fprintf, 0);
768 ret = HAX_EMUL_EXITLOOP;
770 case HAX_EXIT_UNKNOWN_VMEXIT:
771 dprint("Unknown VMX exit %x from guest\n", ht->_exit_reason);
772 qemu_system_reset_request();
773 hax_prepare_emulation(env);
774 cpu_dump_state(cpu, stderr, fprintf, 0);
775 ret = HAX_EMUL_EXITLOOP;
778 if (!(cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
779 !(cpu->interrupt_request & CPU_INTERRUPT_NMI)) {
780 /* hlt instruction with interrupt disabled is shutdown */
781 env->eflags |= IF_MASK;
783 cpu->exception_index = EXCP_HLT;
787 /* these situation will continue to hax module */
788 case HAX_EXIT_INTERRUPT:
789 case HAX_EXIT_PAUSED:
792 dprint("Unknow exit %x from hax\n", ht->_exit_status);
793 qemu_system_reset_request();
794 hax_prepare_emulation(env);
795 cpu_dump_state(cpu, stderr, fprintf, 0);
796 ret = HAX_EMUL_EXITLOOP;
801 if (cpu->exit_request) {
802 cpu->exit_request = 0;
803 cpu->exception_index = EXCP_INTERRUPT;
809 static void do_hax_cpu_synchronize_state(void *_env)
811 CPUArchState *env = _env;
812 CPUState *cpu = ENV_GET_CPU(env);
813 if (!cpu->hax_vcpu_dirty) {
814 hax_vcpu_sync_state(env, 0);
815 cpu->hax_vcpu_dirty = 1;
819 void hax_cpu_synchronize_state(CPUState *cpu)
821 if (!cpu->hax_vcpu_dirty) {
822 run_on_cpu(cpu, do_hax_cpu_synchronize_state, cpu);
827 void hax_cpu_synchronize_post_reset(CPUArchState *env)
829 hax_vcpu_sync_state(env, 1);
830 ENV_GET_CPU(env)->hax_vcpu_dirty = 0;
833 void hax_cpu_synchronize_post_init(CPUArchState *env)
835 hax_vcpu_sync_state(env, 1);
836 ENV_GET_CPU(env)->hax_vcpu_dirty = 0;
840 * return 1 when need emulate, 0 when need exit loop
842 int hax_vcpu_exec(CPUArchState *env)
844 int next = 0, ret = 0;
845 struct hax_vcpu_state *vcpu;
846 CPUState *cpu = ENV_GET_CPU(env);
848 if (cpu->hax_vcpu->emulation_state != HAX_EMULATE_STATE_NONE)
851 vcpu = cpu->hax_vcpu;
852 next = hax_vcpu_hax_exec(env);
857 vcpu->emulation_state = HAX_EMULATE_STATE_MMIO;
858 hax_prepare_emulation(env);
862 vcpu->emulation_state =
863 HAX_EMULATE_STATE_REAL;
864 hax_prepare_emulation(env);
867 case HAX_EMUL_EXITLOOP:
870 dprint("Unknown hax vcpu exec return %x\n", next);
877 int hax_smp_cpu_exec(CPUArchState *env)
879 CPUState *cpu = ENV_GET_CPU(env);
884 if (cpu->exception_index >= EXCP_INTERRUPT) {
885 ret = cpu->exception_index;
886 cpu->exception_index = -1;
890 why = hax_vcpu_hax_exec(env);
892 if ((why != HAX_EMUL_HLT) && (why != HAX_EMUL_EXITLOOP))
894 dprint("Unknown hax vcpu return %x\n", why);
902 #define HAX_RAM_INFO_ROM 0x1
904 static void set_v8086_seg(struct segment_desc_t *lhs, const SegmentCache *rhs)
906 memset(lhs, 0, sizeof(struct segment_desc_t ));
907 lhs->selector = rhs->selector;
908 lhs->base = rhs->base;
909 lhs->limit = rhs->limit;
913 lhs->operand_size = 0;
916 lhs->granularity = 0;
920 static void get_seg(SegmentCache *lhs, const struct segment_desc_t *rhs)
922 lhs->selector = rhs->selector;
923 lhs->base = rhs->base;
924 lhs->limit = rhs->limit;
926 (rhs->type << DESC_TYPE_SHIFT)
927 | (rhs->present * DESC_P_MASK)
928 | (rhs->dpl << DESC_DPL_SHIFT)
929 | (rhs->operand_size << DESC_B_SHIFT)
930 | (rhs->desc * DESC_S_MASK)
931 | (rhs->long_mode << DESC_L_SHIFT)
932 | (rhs->granularity * DESC_G_MASK)
933 | (rhs->available * DESC_AVL_MASK);
936 static void set_seg(struct segment_desc_t *lhs, const SegmentCache *rhs)
938 unsigned flags = rhs->flags;
940 memset(lhs, 0, sizeof(struct segment_desc_t));
941 lhs->selector = rhs->selector;
942 lhs->base = rhs->base;
943 lhs->limit = rhs->limit;
944 lhs->type = (flags >> DESC_TYPE_SHIFT) & 15;
945 lhs->present = (flags & DESC_P_MASK) != 0;
946 lhs->dpl = rhs->selector & 3;
947 lhs->operand_size = (flags >> DESC_B_SHIFT) & 1;
948 lhs->desc = (flags & DESC_S_MASK) != 0;
949 lhs->long_mode = (flags >> DESC_L_SHIFT) & 1;
950 lhs->granularity = (flags & DESC_G_MASK) != 0;
951 lhs->available = (flags & DESC_AVL_MASK) != 0;
954 static void hax_getput_reg(uint64_t *hax_reg, target_ulong *qemu_reg, int set)
956 target_ulong reg = *hax_reg;
959 *hax_reg = *qemu_reg;
964 /* The sregs has been synced with HAX kernel already before this call */
965 static int hax_get_segments(CPUArchState *env, struct vcpu_state_t *sregs)
967 get_seg(&env->segs[R_CS], &sregs->_cs);
968 get_seg(&env->segs[R_DS], &sregs->_ds);
969 get_seg(&env->segs[R_ES], &sregs->_es);
970 get_seg(&env->segs[R_FS], &sregs->_fs);
971 get_seg(&env->segs[R_GS], &sregs->_gs);
972 get_seg(&env->segs[R_SS], &sregs->_ss);
974 get_seg(&env->tr, &sregs->_tr);
975 get_seg(&env->ldt, &sregs->_ldt);
976 env->idt.limit = sregs->_idt.limit;
977 env->idt.base = sregs->_idt.base;
978 env->gdt.limit = sregs->_gdt.limit;
979 env->gdt.base = sregs->_gdt.base;
983 static int hax_set_segments(CPUArchState *env, struct vcpu_state_t *sregs)
985 if ((env->eflags & VM_MASK)) {
986 set_v8086_seg(&sregs->_cs, &env->segs[R_CS]);
987 set_v8086_seg(&sregs->_ds, &env->segs[R_DS]);
988 set_v8086_seg(&sregs->_es, &env->segs[R_ES]);
989 set_v8086_seg(&sregs->_fs, &env->segs[R_FS]);
990 set_v8086_seg(&sregs->_gs, &env->segs[R_GS]);
991 set_v8086_seg(&sregs->_ss, &env->segs[R_SS]);
993 set_seg(&sregs->_cs, &env->segs[R_CS]);
994 set_seg(&sregs->_ds, &env->segs[R_DS]);
995 set_seg(&sregs->_es, &env->segs[R_ES]);
996 set_seg(&sregs->_fs, &env->segs[R_FS]);
997 set_seg(&sregs->_gs, &env->segs[R_GS]);
998 set_seg(&sregs->_ss, &env->segs[R_SS]);
1000 if (env->cr[0] & CR0_PE_MASK) {
1001 /* force ss cpl to cs cpl */
1002 sregs->_ss.selector = (sregs->_ss.selector & ~3) |
1003 (sregs->_cs.selector & 3);
1004 sregs->_ss.dpl = sregs->_ss.selector & 3;
1008 set_seg(&sregs->_tr, &env->tr);
1009 set_seg(&sregs->_ldt, &env->ldt);
1010 sregs->_idt.limit = env->idt.limit;
1011 sregs->_idt.base = env->idt.base;
1012 sregs->_gdt.limit = env->gdt.limit;
1013 sregs->_gdt.base = env->gdt.base;
1018 * After get the state from the kernel module, some
1019 * qemu emulator state need be updated also
1021 static int hax_setup_qemu_emulator(CPUArchState *env)
1024 #define HFLAG_COPY_MASK ~( \
1025 HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
1026 HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
1027 HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
1028 HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
1032 hflags = (env->segs[R_CS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
1033 hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
1034 hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
1035 (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
1036 hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
1037 hflags |= (env->cr[4] & CR4_OSFXSR_MASK) <<
1038 (HF_OSFXSR_SHIFT - CR4_OSFXSR_SHIFT);
1040 if (env->efer & MSR_EFER_LMA) {
1041 hflags |= HF_LMA_MASK;
1044 if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
1045 hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
1047 hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
1048 (DESC_B_SHIFT - HF_CS32_SHIFT);
1049 hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
1050 (DESC_B_SHIFT - HF_SS32_SHIFT);
1051 if (!(env->cr[0] & CR0_PE_MASK) ||
1052 (env->eflags & VM_MASK) ||
1053 !(hflags & HF_CS32_MASK)) {
1054 hflags |= HF_ADDSEG_MASK;
1056 hflags |= ((env->segs[R_DS].base |
1057 env->segs[R_ES].base |
1058 env->segs[R_SS].base) != 0) <<
1062 env->hflags = (env->hflags & HFLAG_COPY_MASK) | hflags;
1066 static int hax_sync_vcpu_register(CPUArchState *env, int set)
1068 struct vcpu_state_t regs;
1070 memset(®s, 0, sizeof(struct vcpu_state_t));
1074 ret = hax_sync_vcpu_state(env, ®s, 0);
1079 /*generic register */
1080 hax_getput_reg(®s._rax, &env->regs[R_EAX], set);
1081 hax_getput_reg(®s._rbx, &env->regs[R_EBX], set);
1082 hax_getput_reg(®s._rcx, &env->regs[R_ECX], set);
1083 hax_getput_reg(®s._rdx, &env->regs[R_EDX], set);
1084 hax_getput_reg(®s._rsi, &env->regs[R_ESI], set);
1085 hax_getput_reg(®s._rdi, &env->regs[R_EDI], set);
1086 hax_getput_reg(®s._rsp, &env->regs[R_ESP], set);
1087 hax_getput_reg(®s._rbp, &env->regs[R_EBP], set);
1089 hax_getput_reg(®s._rflags, &env->eflags, set);
1090 hax_getput_reg(®s._rip, &env->eip, set);
1095 regs._cr0 = env->cr[0];
1096 regs._cr2 = env->cr[2];
1097 regs._cr3 = env->cr[3];
1098 regs._cr4 = env->cr[4];
1099 hax_set_segments(env, ®s);
1103 env->cr[0] = regs._cr0;
1104 env->cr[2] = regs._cr2;
1105 env->cr[3] = regs._cr3;
1106 env->cr[4] = regs._cr4;
1107 hax_get_segments(env, ®s);
1112 ret = hax_sync_vcpu_state(env, ®s, 1);
1117 hax_setup_qemu_emulator(env);
1121 static void hax_msr_entry_set(struct vmx_msr *item,
1122 uint32_t index, uint64_t value)
1124 item->entry = index;
1125 item->value = value;
1128 static int hax_get_msrs(CPUArchState *env)
1130 struct hax_msr_data md;
1131 struct vmx_msr *msrs = md.entries;
1135 msrs[n++].entry = MSR_IA32_SYSENTER_CS;
1136 msrs[n++].entry = MSR_IA32_SYSENTER_ESP;
1137 msrs[n++].entry = MSR_IA32_SYSENTER_EIP;
1138 msrs[n++].entry = MSR_IA32_TSC;
1140 ret = hax_sync_msr(env, &md, 0);
1144 for (i = 0; i < md.done; i++) {
1145 switch (msrs[i].entry) {
1146 case MSR_IA32_SYSENTER_CS:
1147 env->sysenter_cs = msrs[i].value;
1149 case MSR_IA32_SYSENTER_ESP:
1150 env->sysenter_esp = msrs[i].value;
1152 case MSR_IA32_SYSENTER_EIP:
1153 env->sysenter_eip = msrs[i].value;
1156 env->tsc = msrs[i].value;
1164 static int hax_set_msrs(CPUArchState *env)
1166 struct hax_msr_data md;
1167 struct vmx_msr *msrs;
1171 memset(&md, 0, sizeof(struct hax_msr_data));
1172 hax_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_CS, env->sysenter_cs);
1173 hax_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_ESP, env->sysenter_esp);
1174 hax_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip);
1175 hax_msr_entry_set(&msrs[n++], MSR_IA32_TSC, env->tsc);
1179 return hax_sync_msr(env, &md, 1);
1183 static int hax_get_fpu(CPUArchState *env)
1185 struct fx_layout fpu;
1188 ret = hax_sync_fpu(env, &fpu, 0);
1192 env->fpstt = (fpu.fsw >> 11) & 7;
1193 env->fpus = fpu.fsw;
1194 env->fpuc = fpu.fcw;
1195 for (i = 0; i < 8; ++i)
1196 env->fptags[i] = !((fpu.ftw >> i) & 1);
1197 memcpy(env->fpregs, fpu.st_mm, sizeof(env->fpregs));
1199 memcpy(env->xmm_regs, fpu.mmx_1, sizeof(fpu.mmx_1));
1200 memcpy((XMMReg *)(env->xmm_regs) + 8, fpu.mmx_2, sizeof(fpu.mmx_2));
1201 env->mxcsr = fpu.mxcsr;
1206 static int hax_set_fpu(CPUArchState *env)
1208 struct fx_layout fpu;
1211 memset(&fpu, 0, sizeof(fpu));
1212 fpu.fsw = env->fpus & ~(7 << 11);
1213 fpu.fsw |= (env->fpstt & 7) << 11;
1214 fpu.fcw = env->fpuc;
1216 for (i = 0; i < 8; ++i)
1217 fpu.ftw |= (!env->fptags[i]) << i;
1219 memcpy(fpu.st_mm, env->fpregs, sizeof (env->fpregs));
1220 memcpy(fpu.mmx_1, env->xmm_regs, sizeof (fpu.mmx_1));
1221 memcpy(fpu.mmx_2, (XMMReg *)(env->xmm_regs) + 8, sizeof (fpu.mmx_2));
1223 fpu.mxcsr = env->mxcsr;
1225 return hax_sync_fpu(env, &fpu, 1);
1228 int hax_arch_get_registers(CPUArchState *env)
1232 ret = hax_sync_vcpu_register(env, 0);
1236 ret = hax_get_fpu(env);
1240 ret = hax_get_msrs(env);
1247 static int hax_arch_set_registers(CPUArchState *env)
1250 ret = hax_sync_vcpu_register(env, 1);
1254 dprint("Failed to sync vcpu reg\n");
1257 ret = hax_set_fpu(env);
1260 dprint("FPU failed\n");
1263 ret = hax_set_msrs(env);
1266 dprint("MSR failed\n");
1273 void hax_vcpu_sync_state(CPUArchState *env, int modified)
1275 if (hax_enabled()) {
1277 hax_arch_set_registers(env);
1279 hax_arch_get_registers(env);
1284 * much simpler than kvm, at least in first stage because:
1285 * We don't need consider the device pass-through, we don't need
1286 * consider the framebuffer, and we may even remove the bios at all
1288 int hax_sync_vcpus(void)
1298 for (; cpu != NULL; cpu = CPU_NEXT(cpu)) {
1301 ret = hax_arch_set_registers(cpu->env_ptr);
1304 dprint("Failed to sync HAX vcpu context\n");
1312 void hax_reset_vcpu_state(void *opaque)
1315 for (cpu = first_cpu; cpu != NULL; cpu = CPU_NEXT(cpu))
1317 dprint("*********ReSet hax_vcpu->emulation_state \n");
1318 cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_INITIAL;
1319 cpu->hax_vcpu->tunnel->user_event_pending = 0;
1320 cpu->hax_vcpu->tunnel->ready_for_interrupt_injection = 0;
projects / sdk / emulator / qemu.git / blob