From 7e79bb0dc6af82413c9c5b153f18ce91146e0e53 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <ehabkost@redhat.com>
Date: Wed, 9 Oct 2019 17:51:39 +0200
Subject: [PATCH 01/10] target-i386: Merge feature filtering/checking functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Eduardo Habkost <ehabkost@redhat.com>
Message-id: <20191009175148.1361-2-ehabkost@redhat.com>
Patchwork-id: 91357
O-Subject: [RHEL-7.7.z qemu-kvm PATCH 01/10] target-i386: Merge feature filtering/checking functions
Bugzilla: 1730606
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
RH-Acked-by: Igor Mammedov <imammedo@redhat.com>
Merge filter_features_for_kvm() and kvm_check_features_against_host().
Both functions made exactly the same calculations, the only difference
was that filter_features_for_kvm() changed the bits on cpu->features[],
and kvm_check_features_against_host() did error reporting.
7.8 backport notes (plai):
* unavailable_host_feature() removed due to lack of references.
* report_unavailable_features() from 51f63aed3 to make things compile.
7.7.z backport notes (ehabkost):
* cherry-pick from 7.8 with no conflicts
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 51f63aed32314479065207ff2fb28255de4dbda4)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
target-i386/cpu.c | 91 ++++++++++++++-----------------------------------------
1 file changed, 22 insertions(+), 69 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index c2fcd1e..c9d7557 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1754,11 +1754,11 @@ static void kvm_cpu_fill_host(x86_def_t *x86_cpu_def)
#endif /* CONFIG_KVM */
}
-static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask)
+static void report_unavailable_features(FeatureWordInfo *f, uint32_t mask)
{
int i;
- for (i = 0; i < 32; ++i)
+ for (i = 0; i < 32; ++i) {
if (1 << i & mask) {
const char *reg = get_register_name_32(f->cpuid_reg);
assert(reg);
@@ -1767,40 +1767,8 @@ static int unavailable_host_feature(FeatureWordInfo *f, uint32_t mask)
f->cpuid_eax, reg,
f->feat_names[i] ? "." : "",
f->feat_names[i] ? f->feat_names[i] : "", i);
- break;
- }
- return 0;
-}
-
-/* Check if all requested cpu flags are making their way to the guest
- *
- * Returns 0 if all flags are supported by the host, non-zero otherwise.
- *
- * This function may be called only if KVM is enabled.
- */
-static int kvm_check_features_against_host(KVMState *s, X86CPU *cpu)
-{
- CPUX86State *env = &cpu->env;
- int rv = 0;
- FeatureWord w;
-
- assert(kvm_enabled());
-
- for (w = 0; w < FEATURE_WORDS; w++) {
- FeatureWordInfo *wi = &feature_word_info[w];
- uint32_t guest_feat = env->features[w];
- uint32_t host_feat = kvm_arch_get_supported_cpuid(s, wi->cpuid_eax,
- wi->cpuid_ecx,
- wi->cpuid_reg);
- uint32_t mask;
- for (mask = 1; mask; mask <<= 1) {
- if (guest_feat & mask && !(host_feat & mask)) {
- unavailable_host_feature(wi, mask);
- rv = 1;
- }
}
}
- return rv;
}
static void x86_cpuid_version_get_family(Object *obj, Visitor *v, void *opaque,
@@ -2399,12 +2367,21 @@ CpuDefinitionInfoList *arch_query_cpu_definitions(Error **errp)
return cpu_list;
}
-#ifdef CONFIG_KVM
-static void filter_features_for_kvm(X86CPU *cpu)
+/*
+ * Filters CPU feature words based on host availability of each feature.
+ *
+ * This function may be called only if KVM is enabled.
+ *
+ * Returns: 0 if all flags are supported by the host, non-zero otherwise.
+ */
+static int filter_features_for_kvm(X86CPU *cpu)
{
CPUX86State *env = &cpu->env;
KVMState *s = kvm_state;
FeatureWord w;
+ int rv = 0;
+
+ assert(kvm_enabled());
for (w = 0; w < FEATURE_WORDS; w++) {
FeatureWordInfo *wi = &feature_word_info[w];
@@ -2414,9 +2391,16 @@ static void filter_features_for_kvm(X86CPU *cpu)
uint32_t requested_features = env->features[w];
env->features[w] &= host_feat;
cpu->filtered_features[w] = requested_features & ~env->features[w];
+ if (cpu->filtered_features[w]) {
+ if (cpu->check_cpuid || cpu->enforce_cpuid) {
+ report_unavailable_features(wi, cpu->filtered_features[w]);
+ }
+ rv = 1;
+ }
}
+
+ return rv;
}
-#endif
static void cpu_x86_register(X86CPU *cpu, const char *name, Error **errp)
{
@@ -3086,42 +3070,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
env->features[w] &= feature_word_info[w].tcg_features;
}
} else {
- KVMState *s = kvm_state;
- if ((cpu->check_cpuid || cpu->enforce_cpuid)
- && kvm_check_features_against_host(s, cpu) && cpu->enforce_cpuid) {
+ if (filter_features_for_kvm(cpu) && cpu->enforce_cpuid) {
error_setg(&local_err,
"Host's CPU doesn't support requested features");
goto out;
}
-#ifdef CONFIG_KVM
- filter_features_for_kvm(cpu);
-#endif
- }
-
- /*
- * RHEL-only:
- *
- * The arch-facilities feature flag is deprecated because it was never
- * supported upstream. The upstream property is "arch-capabilities",
- * but it was not backported to this QEMU version. Note that
- * arch-capabilities is not required for mitigation of CVE-2017-5715.
- *
- * In addition to being deprecated, arch-facilities blocks live migration
- * because the value of MSR_IA32_ARCH_CAPABILITIES is host-dependent and
- * not migration-safe.
- */
- if (cpu->env.features[FEAT_7_0_EDX] & CPUID_7_0_EDX_ARCH_CAPABILITIES) {
- static bool warned = false;
- static Error *arch_facilities_blocker;
- if (!warned) {
- error_setg(&arch_facilities_blocker,
- "The arch-facilities CPU feature is deprecated and "
- "does not support live migration");
- migrate_add_blocker(arch_facilities_blocker);
- error_report("WARNING: the arch-facilities CPU feature is "
- "deprecated and does not support live migration");
- warned = true;
- }
}
#ifndef CONFIG_USER_ONLY
--
1.8.3.1