* [PULL 00/10] pc, target/i486 changes for 2024-02-27
@ 2024-02-28 8:06 Paolo Bonzini
2024-02-28 8:06 ` [PULL 01/10] vl, pc: turn -no-fd-bootchk into a machine property Paolo Bonzini
` (10 more replies)
0 siblings, 11 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel
The following changes since commit dd88d696ccecc0f3018568f8e281d3d526041e6f:
Merge tag 'pull-request-2024-02-23' of https://gitlab.com/thuth/qemu into staging (2024-02-24 16:12:51 +0000)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to e7028c36f0e4cb8e357b627eabfe6efee5cb4ed9:
ide, vl: turn -win2k-hack into a property on IDE devices (2024-02-26 10:17:16 +0100)
----------------------------------------------------------------
* target/i386: Fix physical address truncation on 32-bit PAE
* Remove globals for options -no-fd-bootchk and -win2k-hack
----------------------------------------------------------------
Paolo Bonzini (10):
vl, pc: turn -no-fd-bootchk into a machine property
target/i386: mask high bits of CR3 in 32-bit mode
target/i386: check validity of VMCB addresses
target/i386: introduce function to query MMU indices
target/i386: use separate MMU indexes for 32-bit accesses
target/i386: Fix physical address truncation
target/i386: remove unnecessary/wrong application of the A20 mask
target/i386: leave the A20 bit set in the final NPT walk
ide: collapse parameters to ide_init_drive
ide, vl: turn -win2k-hack into a property on IDE devices
include/hw/i386/pc.h | 2 +-
include/hw/ide/ide-dev.h | 2 ++
include/hw/ide/internal.h | 6 +----
include/sysemu/sysemu.h | 1 -
target/i386/cpu.h | 46 +++++++++++++++++++++++++------
hw/i386/pc.c | 31 +++++++++++++++++----
hw/ide/core.c | 43 ++++++++++++++---------------
hw/ide/ide-dev.c | 6 ++---
system/globals.c | 2 --
system/vl.c | 4 +--
target/i386/cpu.c | 9 ++++---
target/i386/tcg/sysemu/excp_helper.c | 52 +++++++++++++++++-------------------
target/i386/tcg/sysemu/misc_helper.c | 3 +++
target/i386/tcg/sysemu/svm_helper.c | 27 ++++++++++++++-----
qemu-options.hx | 5 ++--
15 files changed, 149 insertions(+), 90 deletions(-)
--
2.43.2
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PULL 01/10] vl, pc: turn -no-fd-bootchk into a machine property
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 02/10] target/i386: mask high bits of CR3 in 32-bit mode Paolo Bonzini
` (9 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: Philippe Mathieu-Daudé
Add a fd-bootchk property to PC machine types, so that -no-fd-bootchk
returns an error if the machine does not support booting from floppies
and checking for boot signatures therein.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/i386/pc.h | 2 +-
hw/i386/pc.c | 31 ++++++++++++++++++++++++++-----
system/globals.c | 1 -
system/vl.c | 2 +-
qemu-options.hx | 2 +-
5 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index e88468131a5..034bef25f58 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -50,6 +50,7 @@ typedef struct PCMachineState {
bool hpet_enabled;
bool i8042_enabled;
bool default_bus_bypass_iommu;
+ bool fd_bootchk;
uint64_t max_fw_size;
/* ACPI Memory hotplug IO base address */
@@ -147,7 +148,6 @@ OBJECT_DECLARE_TYPE(PCMachineState, PCMachineClass, PC_MACHINE)
GSIState *pc_gsi_create(qemu_irq **irqs, bool pci_enabled);
/* pc.c */
-extern int fd_bootchk;
void pc_acpi_smi_interrupt(void *opaque, int irq, int level);
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index f8eb684a492..ea3607452af 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -399,8 +399,8 @@ static int boot_device2nibble(char boot_device)
return 0;
}
-static void set_boot_dev(MC146818RtcState *s, const char *boot_device,
- Error **errp)
+static void set_boot_dev(PCMachineState *pcms, MC146818RtcState *s,
+ const char *boot_device, Error **errp)
{
#define PC_MAX_BOOT_DEVICES 3
int nbds, bds[3] = { 0, };
@@ -420,12 +420,14 @@ static void set_boot_dev(MC146818RtcState *s, const char *boot_device,
}
}
mc146818rtc_set_cmos_data(s, 0x3d, (bds[1] << 4) | bds[0]);
- mc146818rtc_set_cmos_data(s, 0x38, (bds[2] << 4) | (fd_bootchk ? 0x0 : 0x1));
+ mc146818rtc_set_cmos_data(s, 0x38, (bds[2] << 4) | !pcms->fd_bootchk);
}
static void pc_boot_set(void *opaque, const char *boot_device, Error **errp)
{
- set_boot_dev(opaque, boot_device, errp);
+ PCMachineState *pcms = PC_MACHINE(current_machine);
+
+ set_boot_dev(pcms, opaque, boot_device, errp);
}
static void pc_cmos_init_floppy(MC146818RtcState *rtc_state, ISADevice *floppy)
@@ -619,7 +621,7 @@ void pc_cmos_init(PCMachineState *pcms,
object_property_set_link(OBJECT(pcms), "rtc_state", OBJECT(s),
&error_abort);
- set_boot_dev(s, MACHINE(pcms)->boot_config.order, &error_fatal);
+ set_boot_dev(pcms, s, MACHINE(pcms)->boot_config.order, &error_fatal);
val = 0;
val |= 0x02; /* FPU is there */
@@ -1543,6 +1545,20 @@ static void pc_machine_set_vmport(Object *obj, Visitor *v, const char *name,
visit_type_OnOffAuto(v, name, &pcms->vmport, errp);
}
+static bool pc_machine_get_fd_bootchk(Object *obj, Error **errp)
+{
+ PCMachineState *pcms = PC_MACHINE(obj);
+
+ return pcms->fd_bootchk;
+}
+
+static void pc_machine_set_fd_bootchk(Object *obj, bool value, Error **errp)
+{
+ PCMachineState *pcms = PC_MACHINE(obj);
+
+ pcms->fd_bootchk = value;
+}
+
static bool pc_machine_get_smbus(Object *obj, Error **errp)
{
PCMachineState *pcms = PC_MACHINE(obj);
@@ -1731,6 +1747,7 @@ static void pc_machine_initfn(Object *obj)
#ifdef CONFIG_HPET
pcms->hpet_enabled = true;
#endif
+ pcms->fd_bootchk = true;
pcms->default_bus_bypass_iommu = false;
pcms->pcspk = isa_new(TYPE_PC_SPEAKER);
@@ -1878,6 +1895,10 @@ static void pc_machine_class_init(ObjectClass *oc, void *data)
NULL, NULL);
object_class_property_set_description(oc, PC_MACHINE_SMBIOS_EP,
"SMBIOS Entry Point type [32, 64]");
+
+ object_class_property_add_bool(oc, "fd-bootchk",
+ pc_machine_get_fd_bootchk,
+ pc_machine_set_fd_bootchk);
}
static const TypeInfo pc_machine_info = {
diff --git a/system/globals.c b/system/globals.c
index b6d4e72530e..5d0046ba105 100644
--- a/system/globals.c
+++ b/system/globals.c
@@ -41,7 +41,6 @@ int vga_interface_type = VGA_NONE;
bool vga_interface_created;
Chardev *parallel_hds[MAX_PARALLEL_PORTS];
int win2k_install_hack;
-int fd_bootchk = 1;
int graphic_rotate;
QEMUOptionRom option_rom[MAX_OPTION_ROMS];
int nb_option_roms;
diff --git a/system/vl.c b/system/vl.c
index b8469d9965d..98bf0c386b4 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -2927,7 +2927,7 @@ void qemu_init(int argc, char **argv)
optarg, FD_OPTS);
break;
case QEMU_OPTION_no_fd_bootchk:
- fd_bootchk = 0;
+ qdict_put_str(machine_opts_dict, "fd-bootchk", "off");
break;
case QEMU_OPTION_netdev:
default_net = 0;
diff --git a/qemu-options.hx b/qemu-options.hx
index 9be1e5817c7..1136642c21d 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2650,7 +2650,7 @@ DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk,
SRST
``-no-fd-bootchk``
Disable boot signature checking for floppy disks in BIOS. May be
- needed to boot from old floppy disks.
+ needed to boot from old floppy disks. Synonym of ``-m fd-bootchk=off``.
ERST
DEF("acpitable", HAS_ARG, QEMU_OPTION_acpitable,
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 02/10] target/i386: mask high bits of CR3 in 32-bit mode
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
2024-02-28 8:06 ` [PULL 01/10] vl, pc: turn -no-fd-bootchk into a machine property Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 03/10] target/i386: check validity of VMCB addresses Paolo Bonzini
` (8 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: qemu-stable, Richard Henderson
CR3 bits 63:32 are ignored in 32-bit mode (either legacy 2-level
paging or PAE paging). Do this in mmu_translate() to remove
the last where get_physical_address() meaningfully drops the high
bits of the address.
Cc: qemu-stable@nongnu.org
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/sysemu/excp_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 5b86f439add..11126c860d4 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -238,7 +238,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 3
*/
- pte_addr = ((in->cr3 & ~0x1f) + ((addr >> 27) & 0x18)) & a20_mask;
+ pte_addr = ((in->cr3 & 0xffffffe0ULL) + ((addr >> 27) & 0x18)) & a20_mask;
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -306,7 +306,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 2
*/
- pte_addr = ((in->cr3 & ~0xfff) + ((addr >> 20) & 0xffc)) & a20_mask;
+ pte_addr = ((in->cr3 & 0xfffff000ULL) + ((addr >> 20) & 0xffc)) & a20_mask;
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 03/10] target/i386: check validity of VMCB addresses
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
2024-02-28 8:06 ` [PULL 01/10] vl, pc: turn -no-fd-bootchk into a machine property Paolo Bonzini
2024-02-28 8:06 ` [PULL 02/10] target/i386: mask high bits of CR3 in 32-bit mode Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 04/10] target/i386: introduce function to query MMU indices Paolo Bonzini
` (7 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: qemu-stable
MSR_VM_HSAVE_PA bits 0-11 are reserved, as are the bits above the
maximum physical address width of the processor. Setting them to
1 causes a #GP (see "15.30.4 VM_HSAVE_PA MSR" in the AMD manual).
The same is true of VMCB addresses passed to VMRUN/VMLOAD/VMSAVE,
even though the manual is not clear on that.
Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/sysemu/misc_helper.c | 3 +++
target/i386/tcg/sysemu/svm_helper.c | 27 +++++++++++++++++++++------
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c
index 7de0a6e866d..edb7c3d8940 100644
--- a/target/i386/tcg/sysemu/misc_helper.c
+++ b/target/i386/tcg/sysemu/misc_helper.c
@@ -212,6 +212,9 @@ void helper_wrmsr(CPUX86State *env)
tlb_flush(cs);
break;
case MSR_VM_HSAVE_PA:
+ if (val & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) {
+ goto error;
+ }
env->vm_hsave = val;
break;
#ifdef TARGET_X86_64
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 32ff0dbb13c..5d6de2294fa 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -164,14 +164,19 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
uint64_t new_cr3;
uint64_t new_cr4;
- cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0, GETPC());
-
if (aflag == 2) {
addr = env->regs[R_EAX];
} else {
addr = (uint32_t)env->regs[R_EAX];
}
+ /* Exceptions are checked before the intercept. */
+ if (addr & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) {
+ raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
+ }
+
+ cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0, GETPC());
+
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmrun! " TARGET_FMT_lx "\n", addr);
env->vm_vmcb = addr;
@@ -463,14 +468,19 @@ void helper_vmload(CPUX86State *env, int aflag)
int mmu_idx = MMU_PHYS_IDX;
target_ulong addr;
- cpu_svm_check_intercept_param(env, SVM_EXIT_VMLOAD, 0, GETPC());
-
if (aflag == 2) {
addr = env->regs[R_EAX];
} else {
addr = (uint32_t)env->regs[R_EAX];
}
+ /* Exceptions are checked before the intercept. */
+ if (addr & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) {
+ raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
+ }
+
+ cpu_svm_check_intercept_param(env, SVM_EXIT_VMLOAD, 0, GETPC());
+
if (virtual_vm_load_save_enabled(env, SVM_EXIT_VMLOAD, GETPC())) {
mmu_idx = MMU_NESTED_IDX;
}
@@ -519,14 +529,19 @@ void helper_vmsave(CPUX86State *env, int aflag)
int mmu_idx = MMU_PHYS_IDX;
target_ulong addr;
- cpu_svm_check_intercept_param(env, SVM_EXIT_VMSAVE, 0, GETPC());
-
if (aflag == 2) {
addr = env->regs[R_EAX];
} else {
addr = (uint32_t)env->regs[R_EAX];
}
+ /* Exceptions are checked before the intercept. */
+ if (addr & (0xfff | ((~0ULL) << env_archcpu(env)->phys_bits))) {
+ raise_exception_err_ra(env, EXCP0D_GPF, 0, GETPC());
+ }
+
+ cpu_svm_check_intercept_param(env, SVM_EXIT_VMSAVE, 0, GETPC());
+
if (virtual_vm_load_save_enabled(env, SVM_EXIT_VMSAVE, GETPC())) {
mmu_idx = MMU_NESTED_IDX;
}
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 04/10] target/i386: introduce function to query MMU indices
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (2 preceding siblings ...)
2024-02-28 8:06 ` [PULL 03/10] target/i386: check validity of VMCB addresses Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 05/10] target/i386: use separate MMU indexes for 32-bit accesses Paolo Bonzini
` (6 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel
Remove knowledge of specific MMU indexes (other than MMU_NESTED_IDX and
MMU_PHYS_IDX) from mmu_translate(). This will make it possible to split
32-bit and 64-bit MMU indexes.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 10 ++++++++++
target/i386/tcg/sysemu/excp_helper.c | 4 ++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index dfe43b82042..8c271ca62e5 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2305,6 +2305,16 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define MMU_NESTED_IDX 3
#define MMU_PHYS_IDX 4
+static inline bool is_mmu_index_smap(int mmu_index)
+{
+ return mmu_index == MMU_KSMAP_IDX;
+}
+
+static inline bool is_mmu_index_user(int mmu_index)
+{
+ return mmu_index == MMU_USER_IDX;
+}
+
static inline int cpu_mmu_index_kernel(CPUX86State *env)
{
return !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP_IDX :
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 11126c860d4..a0d5ce39300 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -137,7 +137,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
const int32_t a20_mask = x86_get_a20_mask(env);
const target_ulong addr = in->addr;
const int pg_mode = in->pg_mode;
- const bool is_user = (in->mmu_idx == MMU_USER_IDX);
+ const bool is_user = is_mmu_index_user(in->mmu_idx);
const MMUAccessType access_type = in->access_type;
uint64_t ptep, pte, rsvd_mask;
PTETranslate pte_trans = {
@@ -363,7 +363,7 @@ do_check_protect_pse36:
}
int prot = 0;
- if (in->mmu_idx != MMU_KSMAP_IDX || !(ptep & PG_USER_MASK)) {
+ if (!is_mmu_index_smap(in->mmu_idx) || !(ptep & PG_USER_MASK)) {
prot |= PAGE_READ;
if ((ptep & PG_RW_MASK) || !(is_user || (pg_mode & PG_MODE_WP))) {
prot |= PAGE_WRITE;
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 05/10] target/i386: use separate MMU indexes for 32-bit accesses
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (3 preceding siblings ...)
2024-02-28 8:06 ` [PULL 04/10] target/i386: introduce function to query MMU indices Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 06/10] target/i386: Fix physical address truncation Paolo Bonzini
` (5 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel
Accesses from a 32-bit environment (32-bit code segment for instruction
accesses, EFER.LMA==0 for processor accesses) have to mask away the
upper 32 bits of the address. While a bit wasteful, the easiest way
to do so is to use separate MMU indexes. These days, QEMU anyway is
compiled with a fixed value for NB_MMU_MODES. Split MMU_USER_IDX,
MMU_KSMAP_IDX and MMU_KNOSMAP_IDX in two.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 34 ++++++++++++++++++++--------
target/i386/cpu.c | 11 +++++----
target/i386/tcg/sysemu/excp_helper.c | 3 ++-
3 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 8c271ca62e5..ee4ad372021 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2299,27 +2299,41 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define cpu_list x86_cpu_list
/* MMU modes definitions */
-#define MMU_KSMAP_IDX 0
-#define MMU_USER_IDX 1
-#define MMU_KNOSMAP_IDX 2
-#define MMU_NESTED_IDX 3
-#define MMU_PHYS_IDX 4
+#define MMU_KSMAP64_IDX 0
+#define MMU_KSMAP32_IDX 1
+#define MMU_USER64_IDX 2
+#define MMU_USER32_IDX 3
+#define MMU_KNOSMAP64_IDX 4
+#define MMU_KNOSMAP32_IDX 5
+#define MMU_PHYS_IDX 6
+#define MMU_NESTED_IDX 7
+
+#ifdef CONFIG_USER_ONLY
+#ifdef TARGET_X86_64
+#define MMU_USER_IDX MMU_USER64_IDX
+#else
+#define MMU_USER_IDX MMU_USER32_IDX
+#endif
+#endif
static inline bool is_mmu_index_smap(int mmu_index)
{
- return mmu_index == MMU_KSMAP_IDX;
+ return (mmu_index & ~1) == MMU_KSMAP64_IDX;
}
static inline bool is_mmu_index_user(int mmu_index)
{
- return mmu_index == MMU_USER_IDX;
+ return (mmu_index & ~1) == MMU_USER64_IDX;
}
static inline int cpu_mmu_index_kernel(CPUX86State *env)
{
- return !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP_IDX :
- ((env->hflags & HF_CPL_MASK) < 3 && (env->eflags & AC_MASK))
- ? MMU_KNOSMAP_IDX : MMU_KSMAP_IDX;
+ int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 1 : 0;
+ int mmu_index_base =
+ !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP64_IDX :
+ ((env->hflags & HF_CPL_MASK) < 3 && (env->eflags & AC_MASK)) ? MMU_KNOSMAP64_IDX : MMU_KSMAP64_IDX;
+
+ return mmu_index_base + mmu_index_32;
}
#define CC_DST (env->cc_dst)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 7f908236767..647371198c7 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -7732,13 +7732,16 @@ static bool x86_cpu_has_work(CPUState *cs)
return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
}
-static int x86_cpu_mmu_index(CPUState *cs, bool ifetch)
+static int x86_cpu_mmu_index(CPUState *env, bool ifetch)
{
CPUX86State *env = cpu_env(cs);
+ int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 1 : 0;
+ int mmu_index_base =
+ (env->hflags & HF_CPL_MASK) == 3 ? MMU_USER64_IDX :
+ !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP64_IDX :
+ (env->eflags & AC_MASK) ? MMU_KNOSMAP64_IDX : MMU_KSMAP64_IDX;
- return (env->hflags & HF_CPL_MASK) == 3 ? MMU_USER_IDX :
- (!(env->hflags & HF_SMAP_MASK) || (env->eflags & AC_MASK))
- ? MMU_KNOSMAP_IDX : MMU_KSMAP_IDX;
+ return mmu_index_base + mmu_index_32;
}
static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index a0d5ce39300..b2c525e1a92 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -545,7 +545,8 @@ static bool get_physical_address(CPUX86State *env, vaddr addr,
if (likely(use_stage2)) {
in.cr3 = env->nested_cr3;
in.pg_mode = env->nested_pg_mode;
- in.mmu_idx = MMU_USER_IDX;
+ in.mmu_idx =
+ env->nested_pg_mode & PG_MODE_LMA ? MMU_USER64_IDX : MMU_USER32_IDX;
in.ptw_idx = MMU_PHYS_IDX;
if (!mmu_translate(env, &in, out, err)) {
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 06/10] target/i386: Fix physical address truncation
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (4 preceding siblings ...)
2024-02-28 8:06 ` [PULL 05/10] target/i386: use separate MMU indexes for 32-bit accesses Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 18:13 ` Michael Tokarev
2024-02-28 8:06 ` [PULL 07/10] target/i386: remove unnecessary/wrong application of the A20 mask Paolo Bonzini
` (4 subsequent siblings)
10 siblings, 1 reply; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: qemu-stable, Michael Brown
The address translation logic in get_physical_address() will currently
truncate physical addresses to 32 bits unless long mode is enabled.
This is incorrect when using physical address extensions (PAE) outside
of long mode, with the result that a 32-bit operating system using PAE
to access memory above 4G will experience undefined behaviour.
The truncation code was originally introduced in commit 33dfdb5 ("x86:
only allow real mode to access 32bit without LMA"), where it applied
only to translations performed while paging is disabled (and so cannot
affect guests using PAE).
Commit 9828198 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX")
rearranged the code such that the truncation also applied to the use
of MMU_PHYS_IDX and MMU_NESTED_IDX. Commit 4a1e9d4 ("target/i386: Use
atomic operations for pte updates") brought this truncation into scope
for page table entry accesses, and is the first commit for which a
Windows 10 32-bit guest will reliably fail to boot if memory above 4G
is present.
The truncation code however is not completely redundant. Even though the
maximum address size for any executed instruction is 32 bits, helpers for
operations such as BOUND, FSAVE or XSAVE may ask get_physical_address()
to translate an address outside of the 32-bit range, if invoked with an
argument that is close to the 4G boundary. Likewise for processor
accesses, for example TSS or IDT accesses, when EFER.LMA==0.
So, move the address truncation in get_physical_address() so that it
applies to 32-bit MMU indexes, but not to MMU_PHYS_IDX and MMU_NESTED_IDX.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2040
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18)
Cc: qemu-stable@nongnu.org
Co-developed-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 6 ++++++
target/i386/cpu.c | 2 +-
target/i386/tcg/sysemu/excp_helper.c | 12 +++++-------
3 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index ee4ad372021..952174bb6f5 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2326,6 +2326,12 @@ static inline bool is_mmu_index_user(int mmu_index)
return (mmu_index & ~1) == MMU_USER64_IDX;
}
+static inline bool is_mmu_index_32(int mmu_index)
+{
+ assert(mmu_index < MMU_PHYS_IDX);
+ return mmu_index & 1;
+}
+
static inline int cpu_mmu_index_kernel(CPUX86State *env)
{
int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 1 : 0;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 647371198c7..ba6d7b80a7f 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -7732,7 +7732,7 @@ static bool x86_cpu_has_work(CPUState *cs)
return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
}
-static int x86_cpu_mmu_index(CPUState *env, bool ifetch)
+static int x86_cpu_mmu_index(CPUState *cs, bool ifetch)
{
CPUX86State *env = cpu_env(cs);
int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 1 : 0;
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index b2c525e1a92..8bcdd2906d5 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -558,6 +558,10 @@ static bool get_physical_address(CPUX86State *env, vaddr addr,
break;
default:
+ if (is_mmu_index_32(mmu_idx)) {
+ addr = (uint32_t)addr;
+ }
+
if (likely(env->cr[0] & CR0_PG_MASK)) {
in.cr3 = env->cr[3];
in.mmu_idx = mmu_idx;
@@ -581,14 +585,8 @@ static bool get_physical_address(CPUX86State *env, vaddr addr,
break;
}
- /* Translation disabled. */
+ /* No translation needed. */
out->paddr = addr & x86_get_a20_mask(env);
-#ifdef TARGET_X86_64
- if (!(env->hflags & HF_LMA_MASK)) {
- /* Without long mode we can only address 32bits in real mode */
- out->paddr = (uint32_t)out->paddr;
- }
-#endif
out->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
out->page_size = TARGET_PAGE_SIZE;
return true;
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 07/10] target/i386: remove unnecessary/wrong application of the A20 mask
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (5 preceding siblings ...)
2024-02-28 8:06 ` [PULL 06/10] target/i386: Fix physical address truncation Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 08/10] target/i386: leave the A20 bit set in the final NPT walk Paolo Bonzini
` (3 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: qemu-stable
If ptw_translate() does a MMU_PHYS_IDX access, the A20 mask is already
applied in get_physical_address(), which is called via probe_access_full()
and x86_cpu_tlb_fill().
If ptw_translate() on the other hand does a MMU_NESTED_IDX access,
the A20 mask must not be applied to the address that is looked up in
the nested page tables; it must be applied only to the addresses that
hold the NPT entries (which is achieved via MMU_PHYS_IDX, per the
previous paragraph).
Therefore, we can remove A20 masking from the computation of the page
table entry's address, and let get_physical_address() or mmu_translate()
apply it when they know they are returning a host-physical address.
Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/sysemu/excp_helper.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 8bcdd2906d5..2ddc08b4bb6 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -164,8 +164,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 5
*/
- pte_addr = ((in->cr3 & ~0xfff) +
- (((addr >> 48) & 0x1ff) << 3)) & a20_mask;
+ pte_addr = (in->cr3 & ~0xfff) + (((addr >> 48) & 0x1ff) << 3);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -189,8 +188,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 4
*/
- pte_addr = ((pte & PG_ADDRESS_MASK) +
- (((addr >> 39) & 0x1ff) << 3)) & a20_mask;
+ pte_addr = (pte & PG_ADDRESS_MASK) + (((addr >> 39) & 0x1ff) << 3);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -210,8 +208,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 3
*/
- pte_addr = ((pte & PG_ADDRESS_MASK) +
- (((addr >> 30) & 0x1ff) << 3)) & a20_mask;
+ pte_addr = (pte & PG_ADDRESS_MASK) + (((addr >> 30) & 0x1ff) << 3);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -238,7 +235,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 3
*/
- pte_addr = ((in->cr3 & 0xffffffe0ULL) + ((addr >> 27) & 0x18)) & a20_mask;
+ pte_addr = (in->cr3 & 0xffffffe0ULL) + ((addr >> 27) & 0x18);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -260,8 +257,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 2
*/
- pte_addr = ((pte & PG_ADDRESS_MASK) +
- (((addr >> 21) & 0x1ff) << 3)) & a20_mask;
+ pte_addr = (pte & PG_ADDRESS_MASK) + (((addr >> 21) & 0x1ff) << 3);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -287,8 +283,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 1
*/
- pte_addr = ((pte & PG_ADDRESS_MASK) +
- (((addr >> 12) & 0x1ff) << 3)) & a20_mask;
+ pte_addr = (pte & PG_ADDRESS_MASK) + (((addr >> 12) & 0x1ff) << 3);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -306,7 +301,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 2
*/
- pte_addr = ((in->cr3 & 0xfffff000ULL) + ((addr >> 20) & 0xffc)) & a20_mask;
+ pte_addr = (in->cr3 & 0xfffff000ULL) + ((addr >> 20) & 0xffc);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
@@ -335,7 +330,7 @@ static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
/*
* Page table level 1
*/
- pte_addr = ((pte & ~0xfffu) + ((addr >> 10) & 0xffc)) & a20_mask;
+ pte_addr = (pte & ~0xfffu) + ((addr >> 10) & 0xffc);
if (!ptw_translate(&pte_trans, pte_addr)) {
return false;
}
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 08/10] target/i386: leave the A20 bit set in the final NPT walk
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (6 preceding siblings ...)
2024-02-28 8:06 ` [PULL 07/10] target/i386: remove unnecessary/wrong application of the A20 mask Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 09/10] ide: collapse parameters to ide_init_drive Paolo Bonzini
` (2 subsequent siblings)
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: qemu-stable
The A20 mask is only applied to the final memory access. Nested
page tables are always walked with the raw guest-physical address.
Unlike the previous patch, in this one the masking must be kept, but
it was done too early.
Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/sysemu/excp_helper.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index 2ddc08b4bb6..8f7011d9663 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -134,7 +134,6 @@ static inline bool ptw_setl(const PTETranslate *in, uint32_t old, uint32_t set)
static bool mmu_translate(CPUX86State *env, const TranslateParams *in,
TranslateResult *out, TranslateFault *err)
{
- const int32_t a20_mask = x86_get_a20_mask(env);
const target_ulong addr = in->addr;
const int pg_mode = in->pg_mode;
const bool is_user = is_mmu_index_user(in->mmu_idx);
@@ -417,10 +416,13 @@ do_check_protect_pse36:
}
}
- /* align to page_size */
- paddr = (pte & a20_mask & PG_ADDRESS_MASK & ~(page_size - 1))
- | (addr & (page_size - 1));
+ /* merge offset within page */
+ paddr = (pte & PG_ADDRESS_MASK & ~(page_size - 1)) | (addr & (page_size - 1));
+ /*
+ * Note that NPT is walked (for both paging structures and final guest
+ * addresses) using the address with the A20 bit set.
+ */
if (in->ptw_idx == MMU_NESTED_IDX) {
CPUTLBEntryFull *full;
int flags, nested_page_size;
@@ -459,7 +461,7 @@ do_check_protect_pse36:
}
}
- out->paddr = paddr;
+ out->paddr = paddr & x86_get_a20_mask(env);
out->prot = prot;
out->page_size = page_size;
return true;
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 09/10] ide: collapse parameters to ide_init_drive
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (7 preceding siblings ...)
2024-02-28 8:06 ` [PULL 08/10] target/i386: leave the A20 bit set in the final NPT walk Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 10/10] ide, vl: turn -win2k-hack into a property on IDE devices Paolo Bonzini
2024-02-28 17:26 ` [PULL 00/10] pc, target/i486 changes for 2024-02-27 Peter Maydell
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: Philippe Mathieu-Daudé
All calls to ide_init_drive comes from ide_dev_initfn. Just pass down the
IDEDevice (IDEState is kinda obsolete and should be merged into IDEDevice).
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/ide/internal.h | 6 +-----
hw/ide/core.c | 40 ++++++++++++++++++---------------------
hw/ide/ide-dev.c | 5 +----
3 files changed, 20 insertions(+), 31 deletions(-)
diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h
index 20dde37f458..0d64805da20 100644
--- a/include/hw/ide/internal.h
+++ b/include/hw/ide/internal.h
@@ -416,11 +416,7 @@ uint32_t ide_data_readw(void *opaque, uint32_t addr);
void ide_data_writel(void *opaque, uint32_t addr, uint32_t val);
uint32_t ide_data_readl(void *opaque, uint32_t addr);
-int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
- const char *version, const char *serial, const char *model,
- uint64_t wwn,
- uint32_t cylinders, uint32_t heads, uint32_t secs,
- int chs_trans, Error **errp);
+int ide_init_drive(IDEState *s, IDEDevice *dev, IDEDriveKind kind, Error **errp);
void ide_exit(IDEState *s);
void ide_bus_init_output_irq(IDEBus *bus, qemu_irq irq_out);
int ide_init_ioport(IDEBus *bus, ISADevice *isa, int iobase, int iobase2);
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 9c4a8129028..3c42d72ac25 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2589,24 +2589,20 @@ static const BlockDevOps ide_hd_block_ops = {
.resize_cb = ide_resize_cb,
};
-int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
- const char *version, const char *serial, const char *model,
- uint64_t wwn,
- uint32_t cylinders, uint32_t heads, uint32_t secs,
- int chs_trans, Error **errp)
+int ide_init_drive(IDEState *s, IDEDevice *dev, IDEDriveKind kind, Error **errp)
{
uint64_t nb_sectors;
- s->blk = blk;
+ s->blk = dev->conf.blk;
s->drive_kind = kind;
- blk_get_geometry(blk, &nb_sectors);
- s->cylinders = cylinders;
- s->heads = s->drive_heads = heads;
- s->sectors = s->drive_sectors = secs;
- s->chs_trans = chs_trans;
+ blk_get_geometry(s->blk, &nb_sectors);
+ s->cylinders = dev->conf.cyls;
+ s->heads = s->drive_heads = dev->conf.heads;
+ s->sectors = s->drive_sectors = dev->conf.secs;
+ s->chs_trans = dev->chs_trans;
s->nb_sectors = nb_sectors;
- s->wwn = wwn;
+ s->wwn = dev->wwn;
/* The SMART values should be preserved across power cycles
but they aren't. */
s->smart_enabled = 1;
@@ -2614,26 +2610,26 @@ int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
s->smart_errors = 0;
s->smart_selftest_count = 0;
if (kind == IDE_CD) {
- blk_set_dev_ops(blk, &ide_cd_block_ops, s);
+ blk_set_dev_ops(s->blk, &ide_cd_block_ops, s);
} else {
if (!blk_is_inserted(s->blk)) {
error_setg(errp, "Device needs media, but drive is empty");
return -1;
}
- if (!blk_is_writable(blk)) {
+ if (!blk_is_writable(s->blk)) {
error_setg(errp, "Can't use a read-only drive");
return -1;
}
- blk_set_dev_ops(blk, &ide_hd_block_ops, s);
+ blk_set_dev_ops(s->blk, &ide_hd_block_ops, s);
}
- if (serial) {
- pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), serial);
+ if (dev->serial) {
+ pstrcpy(s->drive_serial_str, sizeof(s->drive_serial_str), dev->serial);
} else {
snprintf(s->drive_serial_str, sizeof(s->drive_serial_str),
"QM%05d", s->drive_serial);
}
- if (model) {
- pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), model);
+ if (dev->model) {
+ pstrcpy(s->drive_model_str, sizeof(s->drive_model_str), dev->model);
} else {
switch (kind) {
case IDE_CD:
@@ -2648,14 +2644,14 @@ int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind,
}
}
- if (version) {
- pstrcpy(s->version, sizeof(s->version), version);
+ if (dev->version) {
+ pstrcpy(s->version, sizeof(s->version), dev->version);
} else {
pstrcpy(s->version, sizeof(s->version), qemu_hw_version());
}
ide_reset(s);
- blk_iostatus_enable(blk);
+ blk_iostatus_enable(s->blk);
return 0;
}
diff --git a/hw/ide/ide-dev.c b/hw/ide/ide-dev.c
index c8e2033469c..900f80faf19 100644
--- a/hw/ide/ide-dev.c
+++ b/hw/ide/ide-dev.c
@@ -118,10 +118,7 @@ void ide_dev_initfn(IDEDevice *dev, IDEDriveKind kind, Error **errp)
return;
}
- if (ide_init_drive(s, dev->conf.blk, kind,
- dev->version, dev->serial, dev->model, dev->wwn,
- dev->conf.cyls, dev->conf.heads, dev->conf.secs,
- dev->chs_trans, errp) < 0) {
+ if (ide_init_drive(s, dev, kind, errp) < 0) {
return;
}
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 10/10] ide, vl: turn -win2k-hack into a property on IDE devices
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (8 preceding siblings ...)
2024-02-28 8:06 ` [PULL 09/10] ide: collapse parameters to ide_init_drive Paolo Bonzini
@ 2024-02-28 8:06 ` Paolo Bonzini
2024-02-28 17:26 ` [PULL 00/10] pc, target/i486 changes for 2024-02-27 Peter Maydell
10 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 8:06 UTC (permalink / raw
To: qemu-devel; +Cc: Philippe Mathieu-Daudé
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/ide/ide-dev.h | 2 ++
include/sysemu/sysemu.h | 1 -
hw/ide/core.c | 3 ++-
hw/ide/ide-dev.c | 1 +
system/globals.c | 1 -
system/vl.c | 2 +-
qemu-options.hx | 3 ++-
7 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/include/hw/ide/ide-dev.h b/include/hw/ide/ide-dev.h
index 708cc0fda34..9a0d71db4e1 100644
--- a/include/hw/ide/ide-dev.h
+++ b/include/hw/ide/ide-dev.h
@@ -65,6 +65,7 @@ struct IDEState {
int drive_serial;
char drive_serial_str[21];
char drive_model_str[41];
+ bool win2k_install_hack;
uint64_t wwn;
/* ide regs */
uint8_t feature;
@@ -163,6 +164,7 @@ struct IDEDevice {
* 0xffff - reserved
*/
uint16_t rotation_rate;
+ bool win2k_install_hack;
};
typedef struct IDEDrive {
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 73a37949c24..eb1dc1e4eda 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -41,7 +41,6 @@ extern int graphic_height;
extern int graphic_depth;
extern int display_opengl;
extern const char *keyboard_layout;
-extern int win2k_install_hack;
extern int graphic_rotate;
extern int old_param;
extern uint8_t *boot_splash_filedata;
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 3c42d72ac25..3f8c0ede2a1 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1059,7 +1059,7 @@ static void ide_sector_write_cb(void *opaque, int ret)
ide_sector_write);
}
- if (win2k_install_hack && ((++s->irq_count % 16) == 0)) {
+ if (s->win2k_install_hack && ((++s->irq_count % 16) == 0)) {
/* It seems there is a bug in the Windows 2000 installer HDD
IDE driver which fills the disk with empty logs when the
IDE write IRQ comes too early. This hack tries to correct
@@ -2597,6 +2597,7 @@ int ide_init_drive(IDEState *s, IDEDevice *dev, IDEDriveKind kind, Error **errp)
s->drive_kind = kind;
blk_get_geometry(s->blk, &nb_sectors);
+ s->win2k_install_hack = dev->win2k_install_hack;
s->cylinders = dev->conf.cyls;
s->heads = s->drive_heads = dev->conf.heads;
s->sectors = s->drive_sectors = dev->conf.secs;
diff --git a/hw/ide/ide-dev.c b/hw/ide/ide-dev.c
index 900f80faf19..99f2f1226cf 100644
--- a/hw/ide/ide-dev.c
+++ b/hw/ide/ide-dev.c
@@ -31,6 +31,7 @@
static Property ide_props[] = {
DEFINE_PROP_UINT32("unit", IDEDevice, unit, -1),
+ DEFINE_PROP_BOOL("win2k-install-hack", IDEDevice, win2k_install_hack, false),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/system/globals.c b/system/globals.c
index 5d0046ba105..e3535842010 100644
--- a/system/globals.c
+++ b/system/globals.c
@@ -40,7 +40,6 @@ int autostart = 1;
int vga_interface_type = VGA_NONE;
bool vga_interface_created;
Chardev *parallel_hds[MAX_PARALLEL_PORTS];
-int win2k_install_hack;
int graphic_rotate;
QEMUOptionRom option_rom[MAX_OPTION_ROMS];
int nb_option_roms;
diff --git a/system/vl.c b/system/vl.c
index 98bf0c386b4..e480afd7a00 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -3265,7 +3265,7 @@ void qemu_init(int argc, char **argv)
pid_file = optarg;
break;
case QEMU_OPTION_win2k_hack:
- win2k_install_hack = 1;
+ object_register_sugar_prop("ide-device", "win2k-install-hack", "true", true);
break;
case QEMU_OPTION_acpitable:
opts = qemu_opts_parse_noisily(qemu_find_opts("acpi"),
diff --git a/qemu-options.hx b/qemu-options.hx
index 1136642c21d..9a47385c157 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2641,7 +2641,8 @@ SRST
``-win2k-hack``
Use it when installing Windows 2000 to avoid a disk full bug. After
Windows 2000 is installed, you no longer need this option (this
- option slows down the IDE transfers).
+ option slows down the IDE transfers). Synonym of ``-global
+ ide-device.win2k-install-hack=on``.
ERST
DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk,
--
2.43.2
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PULL 00/10] pc, target/i486 changes for 2024-02-27
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
` (9 preceding siblings ...)
2024-02-28 8:06 ` [PULL 10/10] ide, vl: turn -win2k-hack into a property on IDE devices Paolo Bonzini
@ 2024-02-28 17:26 ` Peter Maydell
10 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2024-02-28 17:26 UTC (permalink / raw
To: Paolo Bonzini; +Cc: qemu-devel
On Wed, 28 Feb 2024 at 08:07, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit dd88d696ccecc0f3018568f8e281d3d526041e6f:
>
> Merge tag 'pull-request-2024-02-23' of https://gitlab.com/thuth/qemu into staging (2024-02-24 16:12:51 +0000)
>
> are available in the Git repository at:
>
> https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to e7028c36f0e4cb8e357b627eabfe6efee5cb4ed9:
>
> ide, vl: turn -win2k-hack into a property on IDE devices (2024-02-26 10:17:16 +0100)
>
> ----------------------------------------------------------------
> * target/i386: Fix physical address truncation on 32-bit PAE
> * Remove globals for options -no-fd-bootchk and -win2k-hack
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/9.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PULL 06/10] target/i386: Fix physical address truncation
2024-02-28 8:06 ` [PULL 06/10] target/i386: Fix physical address truncation Paolo Bonzini
@ 2024-02-28 18:13 ` Michael Tokarev
2024-02-28 20:18 ` Paolo Bonzini
0 siblings, 1 reply; 14+ messages in thread
From: Michael Tokarev @ 2024-02-28 18:13 UTC (permalink / raw
To: Paolo Bonzini, qemu-devel; +Cc: qemu-stable, Michael Brown
28.02.2024 11:06, Paolo Bonzini:
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 647371198c7..ba6d7b80a7f 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -7732,7 +7732,7 @@ static bool x86_cpu_has_work(CPUState *cs)
> return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
> }
>
> -static int x86_cpu_mmu_index(CPUState *env, bool ifetch)
> +static int x86_cpu_mmu_index(CPUState *cs, bool ifetch)
> {
> CPUX86State *env = cpu_env(cs);
> int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 1 : 0;
This is an interesting change. It looks like previous patch
broke this very line, and this patch restored it.
This is an unrelated change to the problem at hand.
But the status-quo is restored anyway :)
FWIW.
/mjt
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PULL 06/10] target/i386: Fix physical address truncation
2024-02-28 18:13 ` Michael Tokarev
@ 2024-02-28 20:18 ` Paolo Bonzini
0 siblings, 0 replies; 14+ messages in thread
From: Paolo Bonzini @ 2024-02-28 20:18 UTC (permalink / raw
To: Michael Tokarev; +Cc: qemu-devel, qemu-stable, Michael Brown
On Wed, Feb 28, 2024 at 7:14 PM Michael Tokarev <mjt@tls.msk.ru> wrote:
>
> 28.02.2024 11:06, Paolo Bonzini:
>
> > diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> > index 647371198c7..ba6d7b80a7f 100644
> > --- a/target/i386/cpu.c
> > +++ b/target/i386/cpu.c
> > @@ -7732,7 +7732,7 @@ static bool x86_cpu_has_work(CPUState *cs)
> > return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
> > }
> >
> > -static int x86_cpu_mmu_index(CPUState *env, bool ifetch)
> > +static int x86_cpu_mmu_index(CPUState *cs, bool ifetch)
> > {
> > CPUX86State *env = cpu_env(cs);
> > int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 1 : 0;
>
>
> This is an interesting change. It looks like previous patch
> broke this very line, and this patch restored it.
>
> This is an unrelated change to the problem at hand.
It's a rebase hiccup, indeed. :(
Paolo
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-02-28 20:19 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-28 8:06 [PULL 00/10] pc, target/i486 changes for 2024-02-27 Paolo Bonzini
2024-02-28 8:06 ` [PULL 01/10] vl, pc: turn -no-fd-bootchk into a machine property Paolo Bonzini
2024-02-28 8:06 ` [PULL 02/10] target/i386: mask high bits of CR3 in 32-bit mode Paolo Bonzini
2024-02-28 8:06 ` [PULL 03/10] target/i386: check validity of VMCB addresses Paolo Bonzini
2024-02-28 8:06 ` [PULL 04/10] target/i386: introduce function to query MMU indices Paolo Bonzini
2024-02-28 8:06 ` [PULL 05/10] target/i386: use separate MMU indexes for 32-bit accesses Paolo Bonzini
2024-02-28 8:06 ` [PULL 06/10] target/i386: Fix physical address truncation Paolo Bonzini
2024-02-28 18:13 ` Michael Tokarev
2024-02-28 20:18 ` Paolo Bonzini
2024-02-28 8:06 ` [PULL 07/10] target/i386: remove unnecessary/wrong application of the A20 mask Paolo Bonzini
2024-02-28 8:06 ` [PULL 08/10] target/i386: leave the A20 bit set in the final NPT walk Paolo Bonzini
2024-02-28 8:06 ` [PULL 09/10] ide: collapse parameters to ide_init_drive Paolo Bonzini
2024-02-28 8:06 ` [PULL 10/10] ide, vl: turn -win2k-hack into a property on IDE devices Paolo Bonzini
2024-02-28 17:26 ` [PULL 00/10] pc, target/i486 changes for 2024-02-27 Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.