1 /* 2 ** Copyright (c) 2011, Intel Corporation 3 ** 4 ** This software is licensed under the terms of the GNU General Public 5 ** License version 2, as published by the Free Software Foundation, and 6 ** may be copied, distributed, and modified under those terms. 7 ** 8 ** This program is distributed in the hope that it will be useful, 9 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 10 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 ** GNU General Public License for more details. 12 */ 13 14 /* 15 * HAX common code for both Windows and Darwin 16 * Some portion of code from KVM is used in this file. 17 */ 18 19 #include "hw/hw.h" 20 #include "target-i386/hax-i386.h" 21 22 #define HAX_EMUL_ONE 0x1 23 #define HAX_EMUL_REAL 0x2 24 #define HAX_EMUL_HLT 0x4 25 #define HAX_EMUL_EXITLOOP 0x5 26 27 #define HAX_EMULATE_STATE_MMIO 0x1 28 #define HAX_EMULATE_STATE_REAL 0x2 29 #define HAX_EMULATE_STATE_NONE 0x3 30 #define HAX_EMULATE_STATE_INITIAL 0x4 31 32 struct hax_state hax_global; 33 34 int hax_support = -1; 35 36 /* Called after hax_init */ 37 int hax_enabled() 38 { 39 return (!hax_disabled && hax_support); 40 } 41 42 /* Currently non-PG modes are emulated by QEMU */ 43 int hax_vcpu_emulation_mode(CPUState *cpu) 44 { 45 CPUX86State *env = cpu->env_ptr; 46 return !(env->cr[0] & CR0_PG_MASK); 47 } 48 49 static int hax_prepare_emulation(CPUX86State *env) 50 { 51 /* Flush all emulation states */ 52 tlb_flush(env, 1); 53 tb_flush(env); 54 /* Sync the vcpu state from hax kernel module */ 55 hax_vcpu_sync_state(ENV_GET_CPU(env), 0); 56 return 0; 57 } 58 59 /* 60 * Check whether to break the translation block loop 61 * Break tbloop after one MMIO emulation, or after finish emulation mode 62 */ 63 static int hax_stop_tbloop(CPUState *cpu) 64 { 65 switch (cpu->hax_vcpu->emulation_state) 66 { 67 case HAX_EMULATE_STATE_MMIO: 68 return 1; 69 case HAX_EMULATE_STATE_INITIAL: 70 case HAX_EMULATE_STATE_REAL: 71 if (!hax_vcpu_emulation_mode(cpu)) 72 return 1; 73 break; 74 default: 75 dprint("Invalid emulation state in hax_sto_tbloop state %x\n", 76 cpu->hax_vcpu->emulation_state); 77 break; 78 } 79 80 return 0; 81 } 82 83 int hax_stop_emulation(CPUState *cpu) 84 { 85 if (hax_stop_tbloop(cpu)) 86 { 87 cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_NONE; 88 /* 89 * QEMU emulation changes vcpu state, 90 * Sync the vcpu state to HAX kernel module 91 */ 92 hax_vcpu_sync_state(cpu, 1); 93 return 1; 94 } 95 96 return 0; 97 } 98 99 int hax_stop_translate(CPUState *cpu) 100 { 101 struct hax_vcpu_state *vstate; 102 103 vstate = cpu->hax_vcpu; 104 assert(vstate->emulation_state); 105 if (vstate->emulation_state == HAX_EMULATE_STATE_MMIO ) 106 return 1; 107 108 return 0; 109 } 110 111 int valid_hax_tunnel_size(uint16_t size) 112 { 113 return size >= sizeof(struct hax_tunnel); 114 } 115 116 hax_fd hax_vcpu_get_fd(CPUState *cpu) 117 { 118 struct hax_vcpu_state *vcpu = cpu->hax_vcpu; 119 if (!vcpu) 120 return HAX_INVALID_FD; 121 return vcpu->fd; 122 } 123 124 /* Current version */ 125 uint32_t hax_cur_version = 0x2; 126 /* Least HAX kernel version */ 127 uint32_t hax_lest_version = 0x1; 128 129 static int hax_get_capability(struct hax_state *hax) 130 { 131 int ret; 132 struct hax_capabilityinfo capinfo, *cap = &capinfo; 133 134 ret = hax_capability(hax, cap); 135 if (ret) 136 return -ENOSYS; 137 138 if ( ((cap->wstatus & HAX_CAP_WORKSTATUS_MASK) == 139 HAX_CAP_STATUS_NOTWORKING )) 140 { 141 if (cap->winfo & HAX_CAP_FAILREASON_VT) 142 dprint("VT feature is not enabled, HAXM not working.\n"); 143 else if (cap->winfo & HAX_CAP_FAILREASON_NX) 144 dprint("NX feature is not enabled, HAXM not working.\n"); 145 return -ENXIO; 146 } 147 148 if (cap->wstatus & HAX_CAP_MEMQUOTA) 149 { 150 if (cap->mem_quota < hax->mem_quota) 151 { 152 dprint("The memory needed by this VM exceeds the driver limit.\n"); 153 return -ENOSPC; 154 } 155 } 156 157 return 0; 158 } 159 160 static int hax_version_support(struct hax_state *hax) 161 { 162 int ret; 163 struct hax_module_version version; 164 165 ret = hax_mod_version(hax, &version); 166 if (ret < 0) 167 return 0; 168 169 if ( (hax_lest_version > version.cur_version) || 170 (hax_cur_version < version.compat_version) ) 171 return 0; 172 173 return 1; 174 } 175 176 int hax_vcpu_create(int id) 177 { 178 struct hax_vcpu_state *vcpu = NULL; 179 int ret; 180 181 if (!hax_global.vm) 182 { 183 dprint("vcpu %x created failed, vm is null\n", id); 184 return -1; 185 } 186 187 if (hax_global.vm->vcpus[id]) 188 { 189 dprint("vcpu %x allocated already\n", id); 190 return 0; 191 } 192 193 vcpu = g_malloc(sizeof(struct hax_vcpu_state)); 194 if (!vcpu) 195 { 196 dprint("Failed to alloc vcpu state\n"); 197 return -ENOMEM; 198 } 199 200 memset(vcpu, 0, sizeof(struct hax_vcpu_state)); 201 202 ret = hax_host_create_vcpu(hax_global.vm->fd, id); 203 if (ret) 204 { 205 dprint("Failed to create vcpu %x\n", id); 206 goto error; 207 } 208 209 vcpu->fd = hax_host_open_vcpu(hax_global.vm->id, id); 210 if (hax_invalid_fd(vcpu->fd)) 211 { 212 dprint("Failed to open the vcpu\n"); 213 ret = -ENODEV; 214 goto error; 215 } 216 217 hax_global.vm->vcpus[id] = vcpu; 218 219 ret = hax_host_setup_vcpu_channel(vcpu); 220 if (ret) 221 { 222 dprint("Invalid HAX tunnel size \n"); 223 ret = -EINVAL; 224 goto error; 225 } 226 return 0; 227 228 error: 229 /* vcpu and tunnel will be closed automatically */ 230 if (vcpu && !hax_invalid_fd(vcpu->fd)) 231 hax_close_fd(vcpu->fd); 232 233 hax_global.vm->vcpus[id] = NULL; 234 g_free(vcpu); 235 return -1; 236 } 237 238 int hax_vcpu_destroy(CPUState *cpu) 239 { 240 struct hax_vcpu_state *vcpu = cpu->hax_vcpu; 241 242 if (!hax_global.vm) 243 { 244 dprint("vcpu %x destroy failed, vm is null\n", vcpu->vcpu_id); 245 return -1; 246 } 247 248 if (!vcpu) 249 return 0; 250 251 /* 252 * 1. The hax_tunnel is also destroyed at vcpu_destroy 253 * 2. hax_close_fd will require the HAX kernel module to free vcpu 254 */ 255 hax_close_fd(vcpu->fd); 256 hax_global.vm->vcpus[vcpu->vcpu_id] = NULL; 257 g_free(vcpu); 258 return 0; 259 } 260 261 int hax_init_vcpu(CPUState *cpu) 262 { 263 int ret; 264 265 ret = hax_vcpu_create(cpu->cpu_index); 266 if (ret < 0) 267 { 268 dprint("Failed to create HAX vcpu\n"); 269 exit(-1); 270 } 271 272 cpu->hax_vcpu = hax_global.vm->vcpus[cpu->cpu_index]; 273 cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_INITIAL; 274 275 return ret; 276 } 277 278 struct hax_vm *hax_vm_create(struct hax_state *hax) 279 { 280 struct hax_vm *vm; 281 int vm_id = 0, ret; 282 char *vm_name = NULL; 283 284 if (hax_invalid_fd(hax->fd)) 285 return NULL; 286 287 if (hax->vm) 288 return hax->vm; 289 290 vm = g_malloc(sizeof(struct hax_vm)); 291 if (!vm) 292 return NULL; 293 memset(vm, 0, sizeof(struct hax_vm)); 294 ret = hax_host_create_vm(hax, &vm_id); 295 if (ret) { 296 dprint("Failed to create vm %x\n", ret); 297 goto error; 298 } 299 vm->id = vm_id; 300 vm->fd = hax_host_open_vm(hax, vm_id); 301 if (hax_invalid_fd(vm->fd)) 302 { 303 dprint("Open vm device error:%s\n", vm_name); 304 goto error; 305 } 306 307 hax->vm = vm; 308 return vm; 309 310 error: 311 g_free(vm); 312 hax->vm = NULL; 313 return NULL; 314 } 315 316 int hax_vm_destroy(struct hax_vm *vm) 317 { 318 int i; 319 320 for (i = 0; i < HAX_MAX_VCPU; i++) 321 if (vm->vcpus[i]) 322 { 323 dprint("VCPU should be cleaned before vm clean\n"); 324 return -1; 325 } 326 hax_close_fd(vm->fd); 327 g_free(vm); 328 hax_global.vm = NULL; 329 return 0; 330 } 331 332 int hax_set_ramsize(uint64_t ramsize) 333 { 334 struct hax_state *hax = &hax_global; 335 336 memset(hax, 0, sizeof(struct hax_state)); 337 hax->mem_quota = ram_size; 338 339 return 0; 340 } 341 342 int hax_init(int smp_cpus) 343 { 344 struct hax_state *hax = NULL; 345 struct hax_qemu_version qversion; 346 int ret; 347 348 hax_support = 0; 349 350 hax = &hax_global; 351 352 hax->fd = hax_mod_open(); 353 if (hax_invalid_fd(hax->fd)) 354 { 355 hax->fd = 0; 356 ret = -ENODEV; 357 goto error; 358 } 359 360 ret = hax_get_capability(hax); 361 /* In case HAXM have no such capability support */ 362 if (ret && (ret != -ENOSYS)) 363 { 364 ret = -EINVAL; 365 goto error; 366 } 367 368 if (!hax_version_support(hax)) 369 { 370 dprint("Incompatible HAX version. Qemu current version %x ", hax_cur_version ); 371 dprint("requires least HAX version %x\n", hax_lest_version); 372 ret = -EINVAL; 373 goto error; 374 } 375 376 hax->vm = hax_vm_create(hax); 377 if (!hax->vm) 378 { 379 dprint("Failed to create HAX VM\n"); 380 ret = -EINVAL; 381 goto error; 382 } 383 384 qversion.cur_version = hax_cur_version; 385 qversion.least_version = hax_lest_version; 386 hax_notify_qemu_version(hax->vm->fd, &qversion); 387 hax_support = 1; 388 qemu_register_reset( hax_reset_vcpu_state, 0, NULL); 389 390 return 0; 391 error: 392 if (hax->vm) 393 hax_vm_destroy(hax->vm); 394 if (hax->fd) 395 hax_mod_close(hax); 396 397 return ret; 398 } 399 400 int hax_handle_fastmmio(CPUX86State *env, struct hax_fastmmio *hft) 401 { 402 uint64_t buf = 0; 403 404 /* 405 * With fast MMIO, QEMU need not sync vCPU state with HAXM 406 * driver because it will only invoke MMIO handler 407 * However, some MMIO operations utilize virtual address like qemu_pipe 408 * Thus we need to sync the CR0, CR3 and CR4 so that QEMU 409 * can translate the guest virtual address to guest physical 410 * address 411 */ 412 env->cr[0] = hft->_cr0; 413 env->cr[2] = hft->_cr2; 414 env->cr[3] = hft->_cr3; 415 env->cr[4] = hft->_cr4; 416 417 buf = hft->value; 418 cpu_physical_memory_rw(hft->gpa, &buf, hft->size, hft->direction); 419 if (hft->direction == 0) 420 hft->value = buf; 421 422 return 0; 423 } 424 425 int hax_handle_io(CPUX86State *env, uint32_t df, uint16_t port, int direction, 426 int size, int count, void *buffer) 427 { 428 uint8_t *ptr; 429 int i; 430 431 if (!df) 432 ptr = (uint8_t *)buffer; 433 else 434 ptr = buffer + size * count - size; 435 for (i = 0; i < count; i++) 436 { 437 if (direction == HAX_EXIT_IO_IN) { 438 switch (size) { 439 case 1: 440 stb_p(ptr, cpu_inb(port)); 441 break; 442 case 2: 443 stw_p(ptr, cpu_inw(port)); 444 break; 445 case 4: 446 stl_p(ptr, cpu_inl(port)); 447 break; 448 } 449 } else { 450 switch (size) { 451 case 1: 452 cpu_outb(port, ldub_p(ptr)); 453 break; 454 case 2: 455 cpu_outw(port, lduw_p(ptr)); 456 break; 457 case 4: 458 cpu_outl(port, ldl_p(ptr)); 459 break; 460 } 461 } 462 if (!df) 463 ptr += size; 464 else 465 ptr -= size; 466 } 467 468 return 0; 469 } 470 471 static int hax_vcpu_interrupt(CPUState *cpu) 472 { 473 struct hax_vcpu_state *vcpu = cpu->hax_vcpu; 474 struct hax_tunnel *ht = vcpu->tunnel; 475 CPUX86State *env = cpu->env_ptr; 476 477 /* 478 * Try to inject an interrupt if the guest can accept it 479 * Unlike KVM, the HAX kernel module checks the eflags, instead. 480 */ 481 if (ht->ready_for_interrupt_injection && 482 (cpu->interrupt_request & CPU_INTERRUPT_HARD)) 483 { 484 int irq; 485 486 cpu->interrupt_request &= ~CPU_INTERRUPT_HARD; 487 irq = cpu_get_pic_interrupt(env); 488 if (irq >= 0) { 489 hax_inject_interrupt(cpu, irq); 490 } 491 } 492 493 /* 494 * If we have an interrupt pending but the guest is not ready to 495 * receive it, request an interrupt window exit. This will cause 496 * a return to userspace as soon as the guest is ready to receive 497 * an interrupt. 498 */ 499 if ((cpu->interrupt_request & CPU_INTERRUPT_HARD)) 500 ht->request_interrupt_window = 1; 501 else 502 ht->request_interrupt_window = 0; 503 return 0; 504 } 505 506 void hax_raise_event(CPUState *cpu) 507 { 508 struct hax_vcpu_state *vcpu = cpu->hax_vcpu; 509 510 if (!vcpu) 511 return; 512 vcpu->tunnel->user_event_pending = 1; 513 } 514 515 /* 516 * Request the HAX kernel module to run the CPU for us until one of 517 * the following occurs: 518 * 1. Guest crashes or is shut down 519 * 2. We need QEMU's emulation like when the guest executes a MMIO 520 * instruction or guest enters emulation mode (non-PG mode) 521 * 3. Guest executes HLT 522 * 4. Qemu has Signal/event pending 523 * 5. An unknown VMX-exit happens 524 */ 525 extern void qemu_system_reset_request(void); 526 static int hax_vcpu_hax_exec(CPUState *cpu) 527 { 528 int ret = 0; 529 CPUX86State *env = cpu->env_ptr; 530 struct hax_vcpu_state *vcpu = cpu->hax_vcpu; 531 struct hax_tunnel *ht = vcpu->tunnel; 532 533 if (hax_vcpu_emulation_mode(cpu)) 534 { 535 dprint("Trying to vcpu execute at eip:%lx\n", env->eip); 536 return HAX_EMUL_EXITLOOP; 537 } 538 539 do { 540 int hax_ret; 541 542 if (cpu->exit_request) { 543 ret = HAX_EMUL_EXITLOOP ; 544 break; 545 } 546 547 hax_vcpu_interrupt(cpu); 548 549 hax_ret = hax_vcpu_run(vcpu); 550 551 /* Simply continue the vcpu_run if system call interrupted */ 552 if (hax_ret == -EINTR || hax_ret == -EAGAIN) { 553 dprint("io window interrupted\n"); 554 continue; 555 } 556 557 if (hax_ret < 0) 558 { 559 dprint("vcpu run failed for vcpu %x\n", vcpu->vcpu_id); 560 abort(); 561 } 562 switch (ht->_exit_status) 563 { 564 case HAX_EXIT_IO: 565 { 566 ret = hax_handle_io(env, ht->pio._df, ht->pio._port, 567 ht->pio._direction, 568 ht->pio._size, ht->pio._count, vcpu->iobuf); 569 } 570 break; 571 case HAX_EXIT_MMIO: 572 ret = HAX_EMUL_ONE; 573 break; 574 case HAX_EXIT_FAST_MMIO: 575 ret = hax_handle_fastmmio(env, 576 (struct hax_fastmmio *)vcpu->iobuf); 577 break; 578 case HAX_EXIT_REAL: 579 ret = HAX_EMUL_REAL; 580 break; 581 /* Guest state changed, currently only for shutdown */ 582 case HAX_EXIT_STATECHANGE: 583 dprint("VCPU shutdown request\n"); 584 qemu_system_reset_request(); 585 hax_prepare_emulation(env); 586 cpu_dump_state(cpu, stderr, fprintf, 0); 587 ret = HAX_EMUL_EXITLOOP; 588 break; 589 case HAX_EXIT_UNKNOWN_VMEXIT: 590 dprint("Unknown VMX exit %x from guest\n", ht->_exit_reason); 591 qemu_system_reset_request(); 592 hax_prepare_emulation(env); 593 cpu_dump_state(cpu, stderr, fprintf, 0); 594 ret = HAX_EMUL_EXITLOOP; 595 break; 596 case HAX_EXIT_HLT: 597 if (!(cpu->interrupt_request & CPU_INTERRUPT_HARD) && 598 !(cpu->interrupt_request & CPU_INTERRUPT_NMI)) { 599 /* hlt instruction with interrupt disabled is shutdown */ 600 env->eflags |= IF_MASK; 601 cpu->halted = 1; 602 env->exception_index = EXCP_HLT; 603 ret = HAX_EMUL_HLT; 604 } 605 break; 606 /* these situation will continue to hax module */ 607 case HAX_EXIT_INTERRUPT: 608 case HAX_EXIT_PAUSED: 609 break; 610 default: 611 dprint("Unknow exit %x from hax\n", ht->_exit_status); 612 qemu_system_reset_request(); 613 hax_prepare_emulation(env); 614 cpu_dump_state(cpu, stderr, fprintf, 0); 615 ret = HAX_EMUL_EXITLOOP; 616 break; 617 } 618 }while (!ret); 619 620 if (cpu->exit_request) { 621 cpu->exit_request = 0; 622 env->exception_index = EXCP_INTERRUPT; 623 } 624 return ret; 625 } 626 627 /* 628 * return 1 when need to emulate, 0 when need to exit loop 629 */ 630 int hax_vcpu_exec(CPUState *cpu) 631 { 632 int next = 0, ret = 0; 633 struct hax_vcpu_state *vcpu; 634 CPUX86State *env = cpu->env_ptr; 635 636 if (cpu->hax_vcpu->emulation_state != HAX_EMULATE_STATE_NONE) 637 return 1; 638 639 vcpu = cpu->hax_vcpu; 640 next = hax_vcpu_hax_exec(cpu); 641 switch (next) 642 { 643 case HAX_EMUL_ONE: 644 ret = 1; 645 vcpu->emulation_state = HAX_EMULATE_STATE_MMIO; 646 hax_prepare_emulation(env); 647 break; 648 case HAX_EMUL_REAL: 649 ret = 1; 650 vcpu->emulation_state = HAX_EMULATE_STATE_REAL; 651 hax_prepare_emulation(env); 652 break; 653 case HAX_EMUL_HLT: 654 case HAX_EMUL_EXITLOOP: 655 break; 656 default: 657 dprint("Unknown hax vcpu exec return %x\n", next); 658 abort(); 659 } 660 661 return ret; 662 } 663 664 #define HAX_RAM_INFO_ROM 0x1 665 666 static void set_v8086_seg(struct segment_desc_t *lhs, const SegmentCache *rhs) 667 { 668 memset(lhs, 0, sizeof(struct segment_desc_t )); 669 lhs->selector = rhs->selector; 670 lhs->base = rhs->base; 671 lhs->limit = rhs->limit; 672 lhs->type = 3; 673 lhs->present = 1; 674 lhs->dpl = 3; 675 lhs->operand_size = 0; 676 lhs->desc = 1; 677 lhs->long_mode = 0; 678 lhs->granularity = 0; 679 lhs->available = 0; 680 } 681 682 static void get_seg(SegmentCache *lhs, const struct segment_desc_t *rhs) 683 { 684 lhs->selector = rhs->selector; 685 lhs->base = rhs->base; 686 lhs->limit = rhs->limit; 687 lhs->flags = 688 (rhs->type << DESC_TYPE_SHIFT) 689 | (rhs->present * DESC_P_MASK) 690 | (rhs->dpl << DESC_DPL_SHIFT) 691 | (rhs->operand_size << DESC_B_SHIFT) 692 | (rhs->desc * DESC_S_MASK) 693 | (rhs->long_mode << DESC_L_SHIFT) 694 | (rhs->granularity * DESC_G_MASK) 695 | (rhs->available * DESC_AVL_MASK); 696 } 697 698 static void set_seg(struct segment_desc_t *lhs, const SegmentCache *rhs) 699 { 700 unsigned flags = rhs->flags; 701 702 memset(lhs, 0, sizeof(struct segment_desc_t)); 703 lhs->selector = rhs->selector; 704 lhs->base = rhs->base; 705 lhs->limit = rhs->limit; 706 lhs->type = (flags >> DESC_TYPE_SHIFT) & 15; 707 lhs->present = (flags & DESC_P_MASK) != 0; 708 lhs->dpl = rhs->selector & 3; 709 lhs->operand_size = (flags >> DESC_B_SHIFT) & 1; 710 lhs->desc = (flags & DESC_S_MASK) != 0; 711 lhs->long_mode = (flags >> DESC_L_SHIFT) & 1; 712 lhs->granularity = (flags & DESC_G_MASK) != 0; 713 lhs->available = (flags & DESC_AVL_MASK) != 0; 714 } 715 716 static void hax_getput_reg(uint64_t *hax_reg, target_ulong *qemu_reg, int set) 717 { 718 target_ulong reg = *hax_reg; 719 720 if (set) 721 *hax_reg = *qemu_reg; 722 else 723 *qemu_reg = reg; 724 } 725 726 /* The sregs has been synced with HAX kernel already before this call */ 727 static int hax_get_segments(CPUX86State *env, struct vcpu_state_t *sregs) 728 { 729 get_seg(&env->segs[R_CS], &sregs->_cs); 730 get_seg(&env->segs[R_DS], &sregs->_ds); 731 get_seg(&env->segs[R_ES], &sregs->_es); 732 get_seg(&env->segs[R_FS], &sregs->_fs); 733 get_seg(&env->segs[R_GS], &sregs->_gs); 734 get_seg(&env->segs[R_SS], &sregs->_ss); 735 736 get_seg(&env->tr, &sregs->_tr); 737 get_seg(&env->ldt, &sregs->_ldt); 738 env->idt.limit = sregs->_idt.limit; 739 env->idt.base = sregs->_idt.base; 740 env->gdt.limit = sregs->_gdt.limit; 741 env->gdt.base = sregs->_gdt.base; 742 return 0; 743 } 744 745 static int hax_set_segments(CPUX86State *env, struct vcpu_state_t *sregs) 746 { 747 if ((env->eflags & VM_MASK)) { 748 set_v8086_seg(&sregs->_cs, &env->segs[R_CS]); 749 set_v8086_seg(&sregs->_ds, &env->segs[R_DS]); 750 set_v8086_seg(&sregs->_es, &env->segs[R_ES]); 751 set_v8086_seg(&sregs->_fs, &env->segs[R_FS]); 752 set_v8086_seg(&sregs->_gs, &env->segs[R_GS]); 753 set_v8086_seg(&sregs->_ss, &env->segs[R_SS]); 754 } else { 755 set_seg(&sregs->_cs, &env->segs[R_CS]); 756 set_seg(&sregs->_ds, &env->segs[R_DS]); 757 set_seg(&sregs->_es, &env->segs[R_ES]); 758 set_seg(&sregs->_fs, &env->segs[R_FS]); 759 set_seg(&sregs->_gs, &env->segs[R_GS]); 760 set_seg(&sregs->_ss, &env->segs[R_SS]); 761 762 if (env->cr[0] & CR0_PE_MASK) { 763 /* force ss cpl to cs cpl */ 764 sregs->_ss.selector = (sregs->_ss.selector & ~3) | 765 (sregs->_cs.selector & 3); 766 sregs->_ss.dpl = sregs->_ss.selector & 3; 767 } 768 } 769 770 set_seg(&sregs->_tr, &env->tr); 771 set_seg(&sregs->_ldt, &env->ldt); 772 sregs->_idt.limit = env->idt.limit; 773 sregs->_idt.base = env->idt.base; 774 sregs->_gdt.limit = env->gdt.limit; 775 sregs->_gdt.base = env->gdt.base; 776 return 0; 777 } 778 779 /* 780 * After get the state from the kernel module, some 781 * qemu emulator state need be updated also 782 */ 783 static int hax_setup_qemu_emulator(CPUX86State *env) 784 { 785 786 #define HFLAG_COPY_MASK ~( \ 787 HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \ 788 HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \ 789 HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \ 790 HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK) 791 792 uint32_t hflags; 793 794 hflags = (env->segs[R_CS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK; 795 hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT); 796 hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) & 797 (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK); 798 hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK)); 799 hflags |= (env->cr[4] & CR4_OSFXSR_MASK) << 800 (HF_OSFXSR_SHIFT - CR4_OSFXSR_SHIFT); 801 802 if (env->efer & MSR_EFER_LMA) { 803 hflags |= HF_LMA_MASK; 804 } 805 806 if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) { 807 hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK; 808 } else { 809 hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >> 810 (DESC_B_SHIFT - HF_CS32_SHIFT); 811 hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >> 812 (DESC_B_SHIFT - HF_SS32_SHIFT); 813 if (!(env->cr[0] & CR0_PE_MASK) || 814 (env->eflags & VM_MASK) || 815 !(hflags & HF_CS32_MASK)) { 816 hflags |= HF_ADDSEG_MASK; 817 } else { 818 hflags |= ((env->segs[R_DS].base | 819 env->segs[R_ES].base | 820 env->segs[R_SS].base) != 0) << 821 HF_ADDSEG_SHIFT; 822 } 823 } 824 env->hflags = (env->hflags & HFLAG_COPY_MASK) | hflags; 825 return 0; 826 } 827 828 static int hax_sync_vcpu_register(CPUX86State *env, int set) 829 { 830 CPUState *cpu = ENV_GET_CPU(env); 831 struct vcpu_state_t regs; 832 int ret; 833 memset(®s, 0, sizeof(struct vcpu_state_t)); 834 835 if (!set) 836 { 837 ret = hax_sync_vcpu_state(cpu, ®s, 0); 838 if (ret < 0) 839 return -1; 840 } 841 842 /*generic register */ 843 hax_getput_reg(®s._rax, &env->regs[R_EAX], set); 844 hax_getput_reg(®s._rbx, &env->regs[R_EBX], set); 845 hax_getput_reg(®s._rcx, &env->regs[R_ECX], set); 846 hax_getput_reg(®s._rdx, &env->regs[R_EDX], set); 847 hax_getput_reg(®s._rsi, &env->regs[R_ESI], set); 848 hax_getput_reg(®s._rdi, &env->regs[R_EDI], set); 849 hax_getput_reg(®s._rsp, &env->regs[R_ESP], set); 850 hax_getput_reg(®s._rbp, &env->regs[R_EBP], set); 851 #ifdef TARGET_X86_64 852 hax_getput_reg(®s._r8, &env->regs[8], set); 853 hax_getput_reg(®s._r9, &env->regs[9], set); 854 hax_getput_reg(®s._r10, &env->regs[10], set); 855 hax_getput_reg(®s._r11, &env->regs[11], set); 856 hax_getput_reg(®s._r12, &env->regs[12], set); 857 hax_getput_reg(®s._r13, &env->regs[13], set); 858 hax_getput_reg(®s._r14, &env->regs[14], set); 859 hax_getput_reg(®s._r15, &env->regs[15], set); 860 #endif 861 hax_getput_reg(®s._rflags, &env->eflags, set); 862 hax_getput_reg(®s._rip, &env->eip, set); 863 864 if (set) 865 { 866 867 regs._cr0 = env->cr[0]; 868 regs._cr2 = env->cr[2]; 869 regs._cr3 = env->cr[3]; 870 regs._cr4 = env->cr[4]; 871 hax_set_segments(env, ®s); 872 } 873 else 874 { 875 env->cr[0] = regs._cr0; 876 env->cr[2] = regs._cr2; 877 env->cr[3] = regs._cr3; 878 env->cr[4] = regs._cr4; 879 hax_get_segments(env, ®s); 880 } 881 882 if (set) 883 { 884 ret = hax_sync_vcpu_state(cpu, ®s, 1); 885 if (ret < 0) 886 return -1; 887 } 888 if (!set) 889 hax_setup_qemu_emulator(env); 890 return 0; 891 } 892 893 static void hax_msr_entry_set(struct vmx_msr *item, 894 uint32_t index, uint64_t value) 895 { 896 item->entry = index; 897 item->value = value; 898 } 899 900 static int hax_get_msrs(CPUX86State *env) 901 { 902 struct hax_msr_data md; 903 struct vmx_msr *msrs = md.entries; 904 int ret, i, n; 905 906 n = 0; 907 msrs[n++].entry = MSR_IA32_SYSENTER_CS; 908 msrs[n++].entry = MSR_IA32_SYSENTER_ESP; 909 msrs[n++].entry = MSR_IA32_SYSENTER_EIP; 910 msrs[n++].entry = MSR_IA32_TSC; 911 #ifdef TARGET_X86_64 912 msrs[n++].entry = MSR_STAR; 913 msrs[n++].entry = MSR_LSTAR; 914 msrs[n++].entry = MSR_CSTAR; 915 msrs[n++].entry = MSR_FMASK; 916 msrs[n++].entry = MSR_KERNELGSBASE; 917 #endif 918 919 md.nr_msr = n; 920 ret = hax_sync_msr(ENV_GET_CPU(env), &md, 0); 921 if (ret < 0) 922 return ret; 923 924 for (i = 0; i < md.done; i++) { 925 switch (msrs[i].entry) { 926 case MSR_IA32_SYSENTER_CS: 927 env->sysenter_cs = msrs[i].value; 928 break; 929 case MSR_IA32_SYSENTER_ESP: 930 env->sysenter_esp = msrs[i].value; 931 break; 932 case MSR_IA32_SYSENTER_EIP: 933 env->sysenter_eip = msrs[i].value; 934 break; 935 case MSR_IA32_TSC: 936 env->tsc = msrs[i].value; 937 break; 938 #ifdef TARGET_X86_64 939 case MSR_STAR: 940 env->star = msrs[i].value; 941 break; 942 case MSR_LSTAR: 943 env->lstar = msrs[i].value; 944 break; 945 case MSR_CSTAR: 946 env->cstar = msrs[i].value; 947 break; 948 case MSR_FMASK: 949 env->fmask = msrs[i].value; 950 break; 951 case MSR_KERNELGSBASE: 952 env->kernelgsbase = msrs[i].value; 953 break; 954 #endif 955 } 956 } 957 958 return 0; 959 } 960 961 static int hax_set_msrs(CPUX86State *env) 962 { 963 struct hax_msr_data md; 964 struct vmx_msr *msrs; 965 msrs = md.entries; 966 int n = 0; 967 968 memset(&md, 0, sizeof(struct hax_msr_data)); 969 hax_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_CS, env->sysenter_cs); 970 hax_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_ESP, env->sysenter_esp); 971 hax_msr_entry_set(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip); 972 hax_msr_entry_set(&msrs[n++], MSR_IA32_TSC, env->tsc); 973 #ifdef TARGET_X86_64 974 hax_msr_entry_set(&msrs[n++], MSR_EFER, env->efer); 975 hax_msr_entry_set(&msrs[n++], MSR_STAR, env->star); 976 hax_msr_entry_set(&msrs[n++], MSR_LSTAR, env->lstar); 977 hax_msr_entry_set(&msrs[n++], MSR_CSTAR, env->cstar); 978 hax_msr_entry_set(&msrs[n++], MSR_FMASK, env->fmask); 979 hax_msr_entry_set(&msrs[n++], MSR_KERNELGSBASE, env->kernelgsbase); 980 #endif 981 982 md.nr_msr = n; 983 md.done = 0; 984 985 return hax_sync_msr(ENV_GET_CPU(env), &md, 1); 986 987 } 988 989 static int hax_get_fpu(CPUX86State *env) 990 { 991 struct fx_layout fpu; 992 int i, ret; 993 994 ret = hax_sync_fpu(ENV_GET_CPU(env), &fpu, 0); 995 if (ret < 0) 996 return ret; 997 998 env->fpstt = (fpu.fsw >> 11) & 7; 999 env->fpus = fpu.fsw; 1000 env->fpuc = fpu.fcw; 1001 for (i = 0; i < 8; ++i) 1002 env->fptags[i] = !((fpu.ftw >> i) & 1); 1003 memcpy(env->fpregs, fpu.st_mm, sizeof(env->fpregs)); 1004 1005 memcpy(env->xmm_regs, fpu.mmx_1, sizeof(fpu.mmx_1)); 1006 memcpy((XMMReg *)(env->xmm_regs) + 8, fpu.mmx_2, sizeof(fpu.mmx_2)); 1007 env->mxcsr = fpu.mxcsr; 1008 1009 return 0; 1010 } 1011 1012 static int hax_set_fpu(CPUX86State *env) 1013 { 1014 struct fx_layout fpu; 1015 int i; 1016 1017 memset(&fpu, 0, sizeof(fpu)); 1018 fpu.fsw = env->fpus & ~(7 << 11); 1019 fpu.fsw |= (env->fpstt & 7) << 11; 1020 fpu.fcw = env->fpuc; 1021 1022 for (i = 0; i < 8; ++i) 1023 fpu.ftw |= (!env->fptags[i]) << i; 1024 1025 memcpy(fpu.st_mm, env->fpregs, sizeof (env->fpregs)); 1026 memcpy(fpu.mmx_1, env->xmm_regs, sizeof (fpu.mmx_1)); 1027 memcpy(fpu.mmx_2, (XMMReg *)(env->xmm_regs) + 8, sizeof (fpu.mmx_2)); 1028 1029 fpu.mxcsr = env->mxcsr; 1030 1031 return hax_sync_fpu(ENV_GET_CPU(env), &fpu, 1); 1032 } 1033 1034 int hax_arch_get_registers(CPUState *cpu) 1035 { 1036 CPUX86State *env = cpu->env_ptr; 1037 int ret; 1038 1039 ret = hax_sync_vcpu_register(env, 0); 1040 if (ret < 0) 1041 return ret; 1042 1043 ret = hax_get_fpu(env); 1044 if (ret < 0) 1045 return ret; 1046 1047 ret = hax_get_msrs(env); 1048 if (ret < 0) 1049 return ret; 1050 1051 return 0; 1052 } 1053 1054 static int hax_arch_set_registers(CPUState *cpu) 1055 { 1056 int ret; 1057 CPUX86State *env = cpu->env_ptr; 1058 ret = hax_sync_vcpu_register(env, 1); 1059 1060 if (ret < 0) 1061 { 1062 dprint("Failed to sync vcpu reg\n"); 1063 return ret; 1064 } 1065 ret = hax_set_fpu(env); 1066 if (ret < 0) 1067 { 1068 dprint("FPU failed\n"); 1069 return ret; 1070 } 1071 ret = hax_set_msrs(env); 1072 if (ret < 0) 1073 { 1074 dprint("MSR failed\n"); 1075 return ret; 1076 } 1077 1078 return 0; 1079 } 1080 1081 void hax_vcpu_sync_state(CPUState *cpu, int modified) 1082 { 1083 if (hax_enabled()) { 1084 if (modified) 1085 hax_arch_set_registers(cpu); 1086 else 1087 hax_arch_get_registers(cpu); 1088 } 1089 } 1090 1091 /* 1092 * This is simpler than the one for KVM because we don't support 1093 * direct I/O device assignment at this point. 1094 */ 1095 int hax_sync_vcpus(void) 1096 { 1097 if (hax_enabled()) { 1098 CPUState *cpu; 1099 1100 CPU_FOREACH(cpu) { 1101 int ret = hax_arch_set_registers(cpu); 1102 if (ret < 0) { 1103 dprint("Failed to sync HAX vcpu context\n"); 1104 exit(1); 1105 } 1106 } 1107 } 1108 1109 return 0; 1110 } 1111 1112 void hax_reset_vcpu_state(void *opaque) 1113 { 1114 CPUState *cpu; 1115 CPU_FOREACH(cpu) { 1116 if (cpu->hax_vcpu) { 1117 cpu->hax_vcpu->emulation_state = HAX_EMULATE_STATE_INITIAL; 1118 cpu->hax_vcpu->tunnel->user_event_pending = 0; 1119 cpu->hax_vcpu->tunnel->ready_for_interrupt_injection = 0; 1120 } 1121 } 1122 } 1123
