Re: [PATCH 9/9] KVM: x86: smsw emulation is incorrect in 64-bit mode

2014-06-05 Thread Nadav Amit
On Jun 5, 2014, at 5:53 PM, Paolo Bonzini pbonz...@redhat.com wrote: Il 02/06/2014 17:34, Nadav Amit ha scritto: In 64-bit mode, when the destination is a register, the assignment is done according to the operand size. Otherwise (memory operand or no 64-bit mode), a 16-bit assignment

[PATCH kvm-unit-tests 2/2] x86: realmode: test smsw behavior with register operand

2014-06-05 Thread Nadav Amit
is disabled or unsupported. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/realmode.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/x86/realmode.c b/x86/realmode.c index 839ac34..6e74883 100644 --- a/x86/realmode.c +++ b/x86/realmode.c @@ -1646,6 +1646,20 @@ void

[PATCH kvm-unit-tests 0/2] x86: Additional smsw tests

2014-06-05 Thread Nadav Amit
was added just for additional coverage. The realmode smsw test covers the recent patch that saves the high 16-bits to 32-bit register operand. Implementing a long-mode test is difficult since we need to cause an invalid guest state in long-mode. Nadav Amit (2): x86: emulator: additional smsw test

[PATCH kvm-unit-tests1/2] x86: emulator: additional smsw test-case

2014-06-05 Thread Nadav Amit
An additional test case for the emulator was added to test smsw which is trapped by the emulator. The other existing test-cases occur in the guest (at least on VMX), since the values are read directly from the CR0 read shadow. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/emulator.c

[PATCH kvm-unit-tests v2] x86: emulator: long mode smsw tests

2014-06-08 Thread Nadav Amit
, the result is zero-extended to qword on long-mode. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/emulator.c | 21 + 1 file changed, 21 insertions(+) diff --git a/x86/emulator.c b/x86/emulator.c index 033f246..f653127 100644 --- a/x86/emulator.c +++ b/x86/emulator.c

[PATCH 5/5] KVM: x86: Fix wrong masking on relative jump/call

2014-05-07 Thread Nadav Amit
is used, bits 63:32 are unmodified. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 6833b41..e406705 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch

[PATCH 2/5] KVM: vmx: handle_dr does not handle RSP correctly

2014-05-07 Thread Nadav Amit
The RSP register is not automatically cached, causing mov DR instruction with RSP to fail. Instead the regular register accessing interface should be used. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[PATCH 4/5] KVM: x86: Wrong register masking in 64-bit mode

2014-05-07 Thread Nadav Amit
high half is zeroed even if ECX was zero on the first iteration (as if an assignment was performed to ECX). Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 38 +++--- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/arch

[PATCH 1/5] KVM: x86: Emulator does not calculate address correctly

2014-05-07 Thread Nadav Amit
are added and the effective address is truncated ... before adding the full 64-bit segment base. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index

[PATCH 0/5] KVM: x86: Fix exit handler and emulation bugs

2014-05-07 Thread Nadav Amit
sumbitted patch that fixed the wrong reserved page table masks. Patches #3 and #5 were not tested in a manner that actually checks the modified behavior. Not all the pathes in patch #4 were tested. Thanks for reviewing the patches. Nadav Amit (5): KVM: x86: Emulator does not calculate address

[PATCH 3/5] KVM: x86: Mark bit 7 in long-mode PDPTE according to 1GB pages support

2014-05-07 Thread Nadav Amit
In long-mode, bit 7 in the PDPTE is not reserved only if 1GB pages are supported by the CPU. Currently the bit is considered by KVM as always reserved. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/cpuid.h | 7 +++ arch/x86/kvm/mmu.c | 8 ++-- 2 files changed, 13

Re: [PATCH 1/5] KVM: x86: Emulator does not calculate address correctly

2014-05-07 Thread Nadav Amit
On 5/7/14, 4:57 PM, Paolo Bonzini wrote: Il 07/05/2014 14:32, Nadav Amit ha scritto: In long-mode, when the address size is 4 bytes, the linear address is not truncated as the emulator mistakenly does. Instead, the offset within the segment (the ea field) should be truncated according

Re: [PATCH 5/5] KVM: x86: Fix wrong masking on relative jump/call

2014-05-07 Thread Nadav Amit
On 5/7/14, 5:43 PM, Bandan Das wrote: Nadav Amit na...@cs.technion.ac.il writes: Relative jumps and calls do the masking according to the operand size, and not according to the address size as the KVM emulator does today. In 64-bit mode, the resulting RIP is always 64-bit. Otherwise

Re: [PATCH 4/5] KVM: x86: Wrong register masking in 64-bit mode

2014-05-07 Thread Nadav Amit
On 5/7/14, 5:50 PM, Bandan Das wrote: Nadav Amit na...@cs.technion.ac.il writes: 32-bit operations are zero extended in 64-bit mode. Currently, the code does not handle them correctly and keeps the high bits. In 16-bit mode, the high 32-bits are kept intact. In addition, although

Re: [PATCH 4/5] KVM: x86: Wrong register masking in 64-bit mode

2014-05-08 Thread Nadav Amit
On 5/7/14, 6:52 PM, Paolo Bonzini wrote: Il 07/05/2014 14:32, Nadav Amit ha scritto: 32-bit operations are zero extended in 64-bit mode. Currently, the code does not handle them correctly and keeps the high bits. In 16-bit mode, the high 32-bits are kept intact. In addition, although

[PATCH] KVM: vmx: DR7 masking on task switch emulation is wrong

2014-05-19 Thread Nadav Amit
The DR7 masking which is done on task switch emulation should be in hex format (clearing the local breakpoints enable bits 0,2,4 and 6). Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx.c

[PATCH] KVM: x86: MOV CR/DR emulation should ignore mod

2014-05-25 Thread Nadav Amit
not equal 3, it expects the second operand to be in memory. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 2fa7ab0..e4e833d 100644

[PATCH kvm-unit-tests] x86: test mov DR with ignored mod bits

2014-05-26 Thread Nadav Amit
in realmode and is only expected to fail if the CPU does not support unrestricted mode. Note that mov-CR/DR in protected mode are usually not handled by the emulator, as their data is available in the exit information fields. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/realmode.c | 11

[PATCH 6/6] KVM: x86: check DR6/7 high-bits are clear only on long-mode

2014-06-15 Thread Nadav Amit
From: Nadav Amit nadav.a...@gmail.com When the guest sets DR6 and DR7, KVM asserts the high 32-bits are clear, and otherwise injects a #GP exception. This exception should only be injected only if running in long-mode. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/x86.c

[PATCH 5/6] KVM: x86: NOP emulation clears (incorrectly) the high 32-bits of RAX

2014-06-15 Thread Nadav Amit
On long-mode the current NOP (0x90) emulation still writes back to RAX. As a result, EAX is zero-extended and the high 32-bits of RAX are cleared. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git

[PATCH 1/6] KVM: x86: bit-ops emulation ignores offset on 64-bit

2014-06-15 Thread Nadav Amit
The current emulation of bit operations ignores the offset from the destination on 64-bit target memory operands. This patch fixes this behavior. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git

[PATCH 2/6] KVM: x86: Wrong emulation on 'xadd X, X'

2014-06-15 Thread Nadav Amit
instruction which should be affected is xadd, as the other instructions that perform writeback to the source use the extended accumlator (e.g., RAX:RDX). Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions

[PATCH 4/6] KVM: x86: emulation of dword cmov on long-mode should clear [63:32]

2014-06-15 Thread Nadav Amit
-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 0183350..b354531 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -3905,7

[PATCH 0/6] KVM: x86: More emulator bugs

2014-06-15 Thread Nadav Amit
This patch-set resolves several emulator bugs. Each fix is independent of the others. The DR6/7 bug can occur during DR-access exit (regardless to unrestricted mode, MMIO and SPT). Thanks for reviewing the patches, Nadav Nadav Amit (6): KVM: x86: bit-ops emulation ignores offset on 64-bit

[PATCH 3/6] KVM: x86: Inter privilage level ret emulation is not implemeneted

2014-06-15 Thread Nadav Amit
Return unhandlable error on inter-privilage level ret instruction. This is since the current emulation does not check the privilage level correctly when loading the CS, and does not pop RSP/SS as needed. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 4 1

Re: [PATCH 6/6] KVM: x86: check DR6/7 high-bits are clear only on long-mode

2014-06-16 Thread Nadav Amit
On 6/16/14, 1:17 PM, Paolo Bonzini wrote: Il 15/06/2014 15:13, Nadav Amit ha scritto: From: Nadav Amit nadav.a...@gmail.com When the guest sets DR6 and DR7, KVM asserts the high 32-bits are clear, and otherwise injects a #GP exception. This exception should only be injected only if running

Re: [PATCH 6/6] KVM: x86: check DR6/7 high-bits are clear only on long-mode

2014-06-16 Thread Nadav Amit
On 6/16/14, 2:09 PM, Paolo Bonzini wrote: Il 16/06/2014 12:33, Nadav Amit ha scritto: Do you get this if the input register has bit 31 set? No. To be frank, the scenario may be considered a bit synthetic: the guest assigns a value to a general-purpose register in 64-bit mode, setting the high

Re: [PATCH 6/6] KVM: x86: check DR6/7 high-bits are clear only on long-mode

2014-06-16 Thread Nadav Amit
On 6/16/14, 5:56 PM, Paolo Bonzini wrote: Il 16/06/2014 13:53, Nadav Amit ha scritto: On 6/16/14, 2:09 PM, Paolo Bonzini wrote: Il 16/06/2014 12:33, Nadav Amit ha scritto: Do you get this if the input register has bit 31 set? No. To be frank, the scenario may be considered a bit synthetic

[PATCH 0/3] Correct monitor-mwait emulation as nop

2014-06-18 Thread Nadav Amit
their execution in either real-mode or protected-mode. It tries to follow the SDM in checking the preconditions and generating the necassary exceptions. Thanks for reviewing the patch. Please try it with OS X to make sure it works properly without generating unnecassary exception. Nadav Amit (3

[PATCH v2 9/9] KVM: vmx: vmx instructions handling does not consider cs.l

2014-06-18 Thread Nadav Amit
it ignores cs.l. This patch fixes this behavior. The field of vmread/vmwrite is kept intentionally as 64-bit read since if bits [63:32] are not cleared the instruction should fail, according to Intel SDM. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/vmx.c | 8 arch/x86

[PATCH 2/3] KVM: x86: Emulator support for #UD on CPL0

2014-06-18 Thread Nadav Amit
place before interception, a flag has been added. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index f90194d..ef7a5a0 100644 --- a/arch/x86/kvm

[PATCH] KVM: x86: Increase the number of fixed MTRR regs to 10

2014-06-18 Thread Nadav Amit
Recent Intel CPUs have 10 variable range MTRRs. Since operating systems sometime make assumptions on CPUs while they ignore capability MSRs, it is better for KVM to be consistent with recent CPUs. Reporting more MTRRs than actually supported has no functional implications. Signed-off-by: Nadav

[PATCH kvm-unit-tests 2/5] x86: test xadd with two identical operands

2014-06-18 Thread Nadav Amit
-by: Nadav Amit na...@cs.technion.ac.il --- x86/realmode.c | 9 + 1 file changed, 9 insertions(+) diff --git a/x86/realmode.c b/x86/realmode.c index dc4a1d3..10c3e03 100644 --- a/x86/realmode.c +++ b/x86/realmode.c @@ -1663,6 +1663,14 @@ void test_smsw(void) report(smsw, R_AX

[PATCH 1/3] KVM: x86: Emulator flag for instruction with no big real mode

2014-06-18 Thread Nadav Amit
Certain instructions, such as monitor and xsave do not support big real mode and cause a #GP exception if any of the accessed bytes effective address are not within [0, 0x]. This patch introduces a flag to mark these instructions, including the necassary checks. Signed-off-by: Nadav Amit na

[PATCH 3/3] KVM: x86: correct mwait and monitor emulation

2014-06-18 Thread Nadav Amit
the emulation of monitor-mwait according to Intel SDM (other than checking whether interrupt can be used as a break event). Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 41 +++-- arch/x86/kvm/svm.c | 22

[PATCH v2 1/9] KVM: x86: bit-ops emulation ignores offset on 64-bit

2014-06-18 Thread Nadav Amit
The current emulation of bit operations ignores the offset from the destination on 64-bit target memory operands. This patch fixes this behavior. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git

[PATCH v2 7/9] KVM: x86: Hypercall handling does not considers opsize correctly

2014-06-18 Thread Nadav Amit
for that matter. In addition, the result is masked in respect to the guest execution mode. Last, it changes kvm_hv_hypercall to use is_64_bit_mode as well to simplify the code. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/x86.c | 11 ++- 1 file changed, 6 insertions(+), 5

[PATCH v2 8/9] KVM: vmx: handle_cr ignores 32/64-bit mode

2014-06-18 Thread Nadav Amit
the CR value correctly as well. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/vmx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c0f53a0..cbfbb8b 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c

[PATCH v2 5/9] KVM: x86: NOP emulation clears (incorrectly) the high 32-bits of RAX

2014-06-18 Thread Nadav Amit
On long-mode the current NOP (0x90) emulation still writes back to RAX. As a result, EAX is zero-extended and the high 32-bits of RAX are cleared. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git

[PATCH v2 6/9] KVM: x86: check DR6/7 high-bits are clear only on long-mode

2014-06-18 Thread Nadav Amit
From: Nadav Amit nadav.a...@gmail.com When the guest sets DR6 and DR7, KVM asserts the high 32-bits are clear, and otherwise injects a #GP exception. This exception should only be injected only if running in long-mode. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/vmx.c

[PATCH kvm-unit-tests 5/5] x86: Test monitor and mwait on real-mode

2014-06-18 Thread Nadav Amit
monitor and mwait are now considered to behave as nop. New patch enables monitor and mwait in realmode as well. This test checks whether they are handled as nop in realmode as well. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/realmode.c | 11 +++ 1 file changed, 11

[PATCH kvm-unit-tests 4/5] x86: check cmov instruction on 64-bit

2014-06-18 Thread Nadav Amit
cmov instruction on 64-bit with dword destination register operand should clear bits [63:32]. This test checks this behavior due to previous KVM bug. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/emulator.c | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff

[PATCH v2 3/9] KVM: x86: Inter privilage level ret emulation is not implemeneted

2014-06-18 Thread Nadav Amit
Return unhandlable error on inter-privilage level ret instruction. This is since the current emulation does not check the privilage level correctly when loading the CS, and does not pop RSP/SS as needed. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 4 1

[PATCH v2 2/9] KVM: x86: Wrong emulation on 'xadd X, X'

2014-06-18 Thread Nadav Amit
instruction which should be affected is xadd, as the other instructions that perform writeback to the source use the extended accumlator (e.g., RAX:RDX). Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions

[PATCH v2 4/9] KVM: x86: emulation of dword cmov on long-mode should clear [63:32]

2014-06-18 Thread Nadav Amit
-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 0183350..b354531 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -3905,7

[PATCH v2 0/9] KVM: x86: More emulator bugs

2014-06-18 Thread Nadav Amit
reading the registers. Fixing the register read to respect 32/64 bit in hypercall handling, CR exit handling and VMX instructions handling. Thanks for re-reviewing the patch Nadav Amit (9): KVM: x86: bit-ops emulation ignores offset on 64-bit KVM: x86: Wrong emulation on 'xadd X, X' KVM: x86

[PATCH kvm-unit-tests 0/5] x86: Tests for recent emulator bugs

2014-06-18 Thread Nadav Amit
This patch-set checks recent emulator bugs as well as monitor-mwait emulation in real-mode. Nadav Amit (5): x86: Testing nop instruction on 64-bit x86: test xadd with two identical operands x86: Test btcq with operand larger than 64 x86: check cmov instruction on 64-bit x86: Test

[PATCH kvm-unit-tests 3/5] x86: Test btcq with operand larger than 64

2014-06-18 Thread Nadav Amit
Previously, KVM did not calculate the offset for bit-operations correctly when quad-word operands were used. This test checks btcq when operand is larger than 64 in order to check this scenario. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/emulator.c | 6 +- 1 file changed, 5

[PATCH kvm-unit-tests 1/5] x86: Testing nop instruction on 64-bit

2014-06-18 Thread Nadav Amit
Previously, nop instruction emulation on 64-bit caused RAX bits [63:32] to be cleared. This test checks the behavior is correct and RAX is unmodified. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/emulator.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/x86

[PATCH 6/9] KVM: x86: movnti minimum op size of 32-bit is not kept

2014-06-02 Thread Nadav Amit
If the operand-size prefix (0x66) is used in 64-bit mode, the emulator would assume the destination operand is 64-bit, when it should be 32-bit. Reminder: movnti does not support 16-bit operands and its default operand size is 32-bit. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch

[PATCH 7/9] KVM: x86: rdpmc emulation checks the counter incorrectly

2014-06-02 Thread Nadav Amit
The rdpmc emulation checks that the counter (ECX) is not higher than 2, without taking into considerations bits 30:31 role (e.g., bit 30 marks whether the counter is fixed). The fix uses the pmu information for checking the validity of the pmu counter. Signed-off-by: Nadav Amit na

[PATCH 1/9] KVM: x86: Mark VEX-prefix instructions emulation as unimplemented

2014-06-02 Thread Nadav Amit
Currently the emulator does not recognize vex-prefix instructions. However, it may incorrectly decode lgdt/lidt instructions and try to execute them. This patch returns unhandlable error on their emulation. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 7

[PATCH 8/9] KVM: x86: Return error on cmpxchg16b emulation

2014-06-02 Thread Nadav Amit
cmpxchg16b is currently unimplemented in the emulator. The least we can do is return error upon the emulation of this instruction. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm

[PATCH 2/9] KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR

2014-06-02 Thread Nadav Amit
The current implementation ignores the LDTR/TR base high 32-bits on long-mode. As a result the loaded segment descriptor may be incorrect. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch

[PATCH 4/9] KVM: x86: sgdt and sidt are not privilaged

2014-06-02 Thread Nadav Amit
The SGDT and SIDT instructions are not privilaged, i.e. they can be executed with CPL0. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index

[PATCH 9/9] KVM: x86: smsw emulation is incorrect in 64-bit mode

2014-06-02 Thread Nadav Amit
In 64-bit mode, when the destination is a register, the assignment is done according to the operand size. Otherwise (memory operand or no 64-bit mode), a 16-bit assignment is performed. Currently, 16-bit assignment is always done to the destination. Signed-off-by: Nadav Amit na

[PATCH 5/9] KVM: x86: cmpxchg emulation should compare in reverse order

2014-06-02 Thread Nadav Amit
The current implementation of cmpxchg does not update the flags correctly, since the accumulator should be compared with the destination and not the other way around. The current implementation does not update the flags correctly. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86

[PATCH 0/9] KVM: x86: Fixes for various emulator bugs

2014-06-02 Thread Nadav Amit
(VEX-prefix and cmpxchg16b). The fix for rdpmc is a bit intrusive to keep SVM behavior intact. Thanks for reviewing the patches. Nadav Amit (9): KVM: x86: Mark VEX-prefix instructions emulation as unimplemented KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR KVM: x86: Loading

[PATCH 3/9] KVM: x86: Loading segments on 64-bit mode may be wrong

2014-06-02 Thread Nadav Amit
The current emulator implementation ignores the high 32 bits of the base in long-mode. During segment load from the LDT, the base of the LDT is calculated incorrectly and may cause the wrong segment to be loaded. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 6

Re: [PATCH] KVM: x86: Fix page-tables reserved bits

2014-04-28 Thread Nadav Amit
On Apr 28, 2014, at 1:41 PM, Paolo Bonzini pbonz...@redhat.com wrote: Il 17/04/2014 00:04, Marcelo Tosatti ha scritto: @@ -3550,9 +3550,9 @@ static void reset_rsvds_bits_mask(struct kvm_vcpu *vcpu, break; case PT64_ROOT_LEVEL:

[PATCH] KVM: x86: Fix page-tables reserved bits

2014-04-03 Thread Nadav Amit
KVM does not handle the reserved bits of x86 page tables correctly: In PAE, bits 5:8 are reserved in the PDPTE. In IA-32e, bit 8 is not reserved. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/mmu.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git

[PATCH] KVM: x86: Fix CR3 and LDT sel should not be saved in TSS

2014-04-07 Thread Nadav Amit
According to Intel specifications, only general purpose registers and segment selectors should are saved in the old TSS during 32-bit task-switch. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff

Re: [PATCH 4/5] KVM: x86: RSI/RDI/RCX are zero-extended when affected by string ops

2014-04-23 Thread Nadav Amit
On 4/23/14, 11:11 PM, Marcelo Tosatti wrote: On Wed, Apr 23, 2014 at 04:58:32PM -0300, Marcelo Tosatti wrote: On Tue, Apr 22, 2014 at 09:04:45AM +0300, Nadav Amit wrote: Gleb, On 4/20/14, 12:26 PM, Gleb Natapov wrote: On Fri, Apr 18, 2014 at 07:11:33AM +0300, Nadav Amit wrote: When using

Re: [PATCH 4/5] KVM: x86: RSI/RDI/RCX are zero-extended when affected by string ops

2014-04-22 Thread Nadav Amit
Gleb, On 4/20/14, 12:26 PM, Gleb Natapov wrote: On Fri, Apr 18, 2014 at 07:11:33AM +0300, Nadav Amit wrote: When using address-size override prefix with string instructions in long-mode, ESI/EDI/ECX are zero extended if they are affected by the instruction (incremented/decremented). Currently

[PATCH 0/5] KVM: x86: Fix KVM behavior that does not follow spec

2014-04-17 Thread Nadav Amit
. As a result guest OS can potentially fail. Thanks for reviewing the patches. Nadav Amit (5): KVM: x86: Fix wrong/stuck PMU when guest does not use PMI KVM: x86: Fix CR3 reserved bits KVM: x86: IN instruction emulation should ignore REP-prefix KVM: x86: RSI/RDI/RCX are zero-extended when

[PATCH 1/5] KVM: x86: Fix wrong/stuck PMU when guest does not use PMI

2014-04-17 Thread Nadav Amit
is to reprogram the counter even if the guest does not use PMI. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- :100644 100644 5c4f631... cbecaa9... M arch/x86/kvm/pmu.c arch/x86/kvm/pmu.c |7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm

[PATCH 3/5] KVM: x86: IN instruction emulation should ignore REP-prefix

2014-04-17 Thread Nadav Amit
#GP exception to be injected to the guest. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- :100644 100644 1d60374... 69e2636... M arch/x86/kvm/emulate.c arch/x86/kvm/emulate.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm

[PATCH 2/5] KVM: x86: Fix CR3 reserved bits

2014-04-17 Thread Nadav Amit
According to Intel specifications, PAE and non-PAE does not have any reserved bits. In long-mode, regardless to PCIDE, only the high bits (above the physical address) are reserved. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- :100644 100644 7de069af.. e21aee9... M arch/x86/include/asm

[PATCH 5/5] KVM: x86: Processor mode may be determined incorrectly

2014-04-17 Thread Nadav Amit
If EFER.LMA is off, cs.l does not determine execution mode. Currently, the emulation engine assumes differently. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- :100644 100644 f4d9839... c99f7eb... M arch/x86/kvm/x86.c arch/x86/kvm/x86.c |2 +- 1 file changed, 1 insertion(+), 1

[PATCH 4/5] KVM: x86: RSI/RDI/RCX are zero-extended when affected by string ops

2014-04-17 Thread Nadav Amit
prefix is used with REP-string instruction, RCX high half is zeroed even if ECX was zero on the first iteration. Therefore, the emulator should clear the upper part of RCX in this case, as x86 CPUs do. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- :100644 100644 69e2636... a69ed67... M arch/x86

Re: [PATCH v2 9/9] KVM: vmx: vmx instructions handling does not consider cs.l

2014-06-18 Thread Nadav Amit
On 6/18/14, 6:41 PM, Paolo Bonzini wrote: Il 18/06/2014 16:19, Nadav Amit ha scritto: VMX instructions use 32-bit operands in 32-bit mode, and 64-bit operands in 64-bit mode. The current implementation is broken since it does not use the register operands correctly, and always uses 64-bit

Re: [PATCH v2 9/9] KVM: vmx: vmx instructions handling does not consider cs.l

2014-06-18 Thread Nadav Amit
On Jun 18, 2014, at 7:06 PM, Paolo Bonzini pbonz...@redhat.com wrote: Il 18/06/2014 18:01, Nadav Amit ha scritto: Perhaps I am missing something, but I don't see where my mistake is. The VMREAD source operand is always read as 64-bits and I made no changes there. Therefore, if bits 63:32

Re: [PATCH 3/3] KVM: x86: correct mwait and monitor emulation

2014-06-18 Thread Nadav Amit
On 6/18/14, 8:59 PM, Eric Northup wrote: On Wed, Jun 18, 2014 at 7:19 AM, Nadav Amit na...@cs.technion.ac.il wrote: mwait and monitor are currently handled as nop. Considering this behavior, they should still be handled correctly, i.e., check execution conditions and generate exceptions when

Re: [PATCH 3/3] KVM: x86: correct mwait and monitor emulation

2014-06-19 Thread Nadav Amit
On 6/19/14, 2:23 PM, Gleb Natapov wrote: On Thu, Jun 19, 2014 at 01:53:36PM +0300, Nadav Amit wrote: On Jun 19, 2014, at 1:18 PM, Michael S. Tsirkin m...@redhat.com wrote: On Wed, Jun 18, 2014 at 02:46:01PM -0400, Gabriel L. Somlo wrote: On Wed, Jun 18, 2014 at 10:59:14AM -0700, Eric

Re: [PATCH 3/3] KVM: x86: correct mwait and monitor emulation

2014-06-19 Thread Nadav Amit
On 6/19/14, 3:07 PM, Gleb Natapov wrote: On Thu, Jun 19, 2014 at 02:52:20PM +0300, Nadav Amit wrote: On 6/19/14, 2:23 PM, Gleb Natapov wrote: On Thu, Jun 19, 2014 at 01:53:36PM +0300, Nadav Amit wrote: On Jun 19, 2014, at 1:18 PM, Michael S. Tsirkin m...@redhat.com wrote: On Wed, Jun 18

Re: [PATCH 3/3] KVM: x86: correct mwait and monitor emulation

2014-06-19 Thread Nadav Amit
On 6/19/14, 3:17 PM, Michael S. Tsirkin wrote: On Thu, Jun 19, 2014 at 03:10:21PM +0300, Nadav Amit wrote: On 6/19/14, 3:07 PM, Gleb Natapov wrote: On Thu, Jun 19, 2014 at 02:52:20PM +0300, Nadav Amit wrote: On 6/19/14, 2:23 PM, Gleb Natapov wrote: On Thu, Jun 19, 2014 at 01:53:36PM +0300

[PATCH 0/7] KVM: x86: Additional rflags.rf fixes

2014-07-21 Thread Nadav Amit
. Thanks for reviewing the patches. Nadav Amit (7): KVM: x86: Defining missing x86 vectors KVM: x86: Function for determining exception type KVM: x86: Clearing rflags.rf upon skipped emulated instruction KVM: vmx: set rflags.rf during fault injection KVM: x86: popf emulation should

[PATCH 4/7] KVM: vmx: set rflags.rf during fault injection

2014-07-21 Thread Nadav Amit
the guest instruction before interrupt injection. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/vmx.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 0c9569b..8edb785 100644 --- a/arch/x86/kvm/vmx.c

[PATCH 3/7] KVM: x86: Clearing rflags.rf upon skipped emulated instruction

2014-07-21 Thread Nadav Amit
When skipping an emulated instruction, rflags.rf should be cleared as it would be on real x86 CPU. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c2aa58e..120ee83 100644

[PATCH 1/7] KVM: x86: Defining missing x86 vectors

2014-07-21 Thread Nadav Amit
Defining XE, XM and VE vector numbers. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/include/uapi/asm/kvm.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index d3a8778..d7dcef5 100644 --- a/arch/x86

[PATCH 5/7] KVM: x86: popf emulation should not change RF

2014-07-21 Thread Nadav Amit
RFLAGS.RF is always zero after popf. Therefore, popf should not updated RF, as anyhow emulating popf, just as any other instruction should clear RFLAGS.RF. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[PATCH 7/7] KVM: x86: Cleanup of rflags.rf cleaning

2014-07-21 Thread Nadav Amit
RFLAGS.RF was cleaned in several functions (e.g., syscall) in the x86 emulator. Now that we clear it before the execution of an instruction in the emulator, we can remove the specific cleanup of RFLAGS.RF. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 8

[PATCH 2/7] KVM: x86: Function for determining exception type

2014-07-21 Thread Nadav Amit
New function for determining the x86 exception type: fault, abort, trap, etc. This function is used by the next patch for setting rflags.rf upon faults. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/x86.c | 35 +++ arch/x86/kvm/x86.h | 9

[PATCH 6/7] KVM: x86: Clear rflags.rf on emulated instructions

2014-07-21 Thread Nadav Amit
rep-strings. Traps are only expected to occur on debug watchpoints, and those are anyhow not handled by the emulator. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c

[PATCH kvm-unit-tests 3/3] x86: Check RFLAGS.RF on interrupt during REP-str

2014-07-21 Thread Nadav Amit
no indication whether any iteration was executed. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/eventinj.c | 16 1 file changed, 16 insertions(+) diff --git a/x86/eventinj.c b/x86/eventinj.c index 32de6f0..8fa4d84 100644 --- a/x86/eventinj.c +++ b/x86/eventinj.c @@ -54,6

[PATCH kvm-unit-tests 2/3] x86: Test rflags.rf is set upon faults

2014-07-21 Thread Nadav Amit
This patch tests whether rflags.rf is set upon #UD and #GP faults as it should, according to Intel SDM 17.3.1.1. The patch saves rflags.rf in an unused bit of the value which is saved during exception handling to save rflags.rf. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- lib/x86

[PATCH kvm-unit-tests 1/3] x86: Check rflags.rf is cleared after emulation

2014-07-21 Thread Nadav Amit
instructions after IRET is executed, RF should be cleared. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- x86/realmode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x86/realmode.c b/x86/realmode.c index 10c3e03..09e6aa7 100644 --- a/x86/realmode.c +++ b/x86/realmode.c

[PATCH kvm-unit-tests 0/3] x86: Test rflags.rf clearing/setting

2014-07-21 Thread Nadav Amit
should be cleared before the first iteration, and set otherwise. Nadav Amit (3): x86: Check rflags.rf is cleared after emulation x86: Test rflags.rf is set upon faults x86: Check RFLAGS.RF on interrupt during REP-str lib/x86/desc.c | 14 +++--- lib/x86/desc.h | 1 + x86/eventinj.c

Re: [PATCH 0/7] KVM: x86: Additional rflags.rf fixes

2014-07-21 Thread Nadav Amit
On 7/21/14, 3:19 PM, Paolo Bonzini wrote: Il 21/07/2014 13:37, Nadav Amit ha scritto: RFLAGS.RF is not handled well by kvm, in both the x86 emulator and vmx code. This flag should be cleared after every instruction emulation (other than IRETD/IRETQ). It should be set in various conditions

Re: [PATCH 2/7] KVM: x86: Function for determining exception type

2014-07-21 Thread Nadav Amit
Few comments to see we are on the same page: On 7/21/14, 3:18 PM, Paolo Bonzini wrote: Il 21/07/2014 13:37, Nadav Amit ha scritto: +int kvm_exception_type(unsigned int nr) The manual calls this the exception class. Yes, but it also calls it exception type (see table 6-1 Protected-Mode

[PATCH] KVM: x86: Fix lapic.c debug prints

2014-06-29 Thread Nadav Amit
In two cases lapic.c does not use the apic_debug macro correctly. This patch fixes them. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/lapic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 0069118

Re: [PATCH] KVM: x86: Fix lapic.c debug prints

2014-06-29 Thread Nadav Amit
On 6/30/14, 3:48 AM, Bandan Das wrote: Nadav Amit na...@cs.technion.ac.il writes: In two cases lapic.c does not use the apic_debug macro correctly. This patch fixes them. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/lapic.c | 4 ++-- 1 file changed, 2 insertions(+), 2

[PATCH] KVM: x86: Pending interrupt may be delivered after INIT

2014-06-30 Thread Nadav Amit
. This patch clears upon reset (and INIT) the pending interrupts; and at the same occassion clears the pending exceptions, since they may cause a similar issue. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm

[PATCH v2] KVM: x86: Pending interrupt may be delivered after INIT

2014-06-30 Thread Nadav Amit
. This patch clears upon reset (and INIT) the pending interrupts; and at the same occassion clears the pending exceptions, since they may cause a similar issue. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm

Re: [PATCH 4/4] kvm, mem-hotplug: Update apic access page when it is migrated.

2014-07-07 Thread Nadav Amit
Tang, Running some (unrelated) tests I see that KVM does not handle APIC base relocation correctly. When the base is changed, kvm_lapic_set_base just changes lapic-base_address without taking further action (i.e., modifying the VMCS apic address in VMX). This patch follows KVM bad behavior

Re: [PATCH 4/4] kvm, mem-hotplug: Update apic access page when it is migrated.

2014-07-07 Thread Nadav Amit
On 7/7/14, 2:54 PM, Gleb Natapov wrote: On Mon, Jul 07, 2014 at 02:42:27PM +0300, Nadav Amit wrote: Tang, Running some (unrelated) tests I see that KVM does not handle APIC base relocation correctly. When the base is changed, kvm_lapic_set_base just changes lapic-base_address without taking

Re: [PATCH 4/4] kvm, mem-hotplug: Update apic access page when it is migrated.

2014-07-08 Thread Nadav Amit
(from the default address to another guest physical address). My answers to your questions are below. On 7/8/14, 4:44 AM, Tang Chen wrote: Hi Nadav, Thanks for the reply, please see below. On 07/07/2014 08:10 PM, Nadav Amit wrote: On 7/7/14, 2:54 PM, Gleb Natapov wrote: On Mon, Jul 07, 2014

[PATCH kvm-unit-tests] x86: Check DR6.RTM is writable

2014-07-15 Thread Nadav Amit
Recently discovered bug shows DR6.RTM is fixed to one. The bug is only apparent when the host emulates the MOV-DR instruction or when the host debugs the guest kernel. This patch tests whether DR6.RTM is indeed accessible according to RTM support as reported by cpuid. Signed-off-by: Nadav Amit na

[PATCH] KVM: x86: DR6/7.RTM cannot be written

2014-07-15 Thread Nadav Amit
is a partial fix which enables DR6.RTM and DR7.RTM to be cleared and set respectively. It also sets DR6.RTM upon every debug exception. Obviously, it is not a complete fix, as debugging of RTM is still unsupported. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/include/asm/kvm_host.h

[PATCH] KVM: x86: Remove redundant and incorrect cpl check on task-switch

2014-07-30 Thread Nadav Amit
was involved) have been checked for correctness. This patch removes the CPL checks for CALL and JMP. Signed-off-by: Nadav Amit na...@cs.technion.ac.il --- arch/x86/kvm/emulate.c | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm

  1   2   3   4   5   >