From patchwork Thu Oct 13 06:41:15 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Beulich <JBeulich@suse.com>
X-Patchwork-Id: 9374437
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7CFE460839 for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu, 13 Oct 2016 06:43:58 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 71C772988B
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu, 13 Oct 2016 06:43:58 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6639829892; Thu, 13 Oct 2016 06:43:58 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A9C412988B
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu, 13 Oct 2016 06:43:57 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1buZhi-00037T-7o; Thu, 13 Oct 2016 06:41:22 +0000
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <JBeulich@suse.com>) id 1buZhh-00037N-Db
	for xen-devel@lists.xenproject.org; Thu, 13 Oct 2016 06:41:21 +0000
Received: from [85.158.137.68] by server-1.bemta-3.messagelabs.com id
	8B/69-12967-09C2FF75; Thu, 13 Oct 2016 06:41:20 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCIsWRWlGSWpSXmKPExsXS6fjDS7df53+
	4wdkJFhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa0bnzH3sBWs8Kq7ca2ZqYDyh38XIySEkkCex
	4+cRdhCbV8BOYtf548wgtoSAocTT99fZQGwWAVWJY80NTCA2m4C6RNuz7axdjBwcIgIGEueOJ
	oGYzAL6EtvWsYBUCAu4Sfxt7WIDCfMKCEr83SEMEmYGGt746xX7BEauWQiZWUgyELaWxMNft1
	ggbG2JZQtfM88Cmy8tsfwfB0TYXmLam5toSkBsL4ldM/4xL2DkWMWoUZxaVJZapGtkqZdUlJm
	eUZKbmJmja2hgrJebWlycmJ6ak5hUrJecn7uJERh69QwMjDsYm/b6HWKU5GBSEuW9dvdfuBBf
	Un5KZUZicUZ8UWlOavEhRhkODiUJ3hDt/+FCgkWp6akVaZk5wCiASUtw8CiJ8N4HSfMWFyTmF
	memQ6ROMSpKifOGgSQEQBIZpXlwbbDIu8QoKyXMy8jAwCDEU5BalJtZgir/ilGcg1FJmNcTZA
	pPZl4J3PRXQIuZgBbbTPoDsrgkESEl1cC4uO73Ma2Y9MO/RdtkZvYwuV21Lrm05jl/4SXWjxN
	OBwc/bOJ6de3BQqGXN5tdHIoePP90+fz27Gh+yUNHLuuerpSQTy2W/DOtz/Vtpurk+dekY8OO
	czNfz360+cuZWu+U05uvyD5JLXNrVA00ceIR6fNdu+oLr+b7U5bfJgZnqi5rcztdLvVTiaU4I
	9FQi7moOBEAESl0KLcCAAA=
X-Env-Sender: JBeulich@suse.com
X-Msg-Ref: server-9.tower-31.messagelabs.com!1476340877!10395326!1
X-Originating-IP: [137.65.248.74]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.84; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 58280 invoked from network); 13 Oct 2016 06:41:19 -0000
Received: from prv-mh.provo.novell.com (HELO prv-mh.provo.novell.com)
	(137.65.248.74)
	by server-9.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 13 Oct 2016 06:41:19 -0000
Received: from INET-PRV-MTA by prv-mh.provo.novell.com
	with Novell_GroupWise; Thu, 13 Oct 2016 00:41:16 -0600
Message-Id: <57FF48AB0200007800116EEC@prv-mh.provo.novell.com>
X-Mailer: Novell GroupWise Internet Agent 14.2.1 
Date: Thu, 13 Oct 2016 00:41:15 -0600
From: "Jan Beulich" <JBeulich@suse.com>
To: "xen-devel" <xen-devel@lists.xenproject.org>
Mime-Version: 1.0
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [Xen-devel] [PATCH] x86emul: correct {, F}CMOV and F{, U}COMI{,
	P} emulation
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The FPU ones need to be executed with guest EFLAGS.{C,P,Z}F in context.

We also can't exclude someone wanting to hide the feature from (32-bit)
guests.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
x86emul: correct {,F}CMOV and F{,U}COMI{,P} emulation

The FPU ones need to be executed with guest EFLAGS.{C,P,Z}F in context.

We also can't exclude someone wanting to hide the feature from (32-bit)
guests.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -879,6 +879,24 @@ do {
     put_stub(stub);                                                     \
 } while (0)
 
+#define emulate_fpu_insn_stub_eflags(bytes...)                          \
+do {                                                                    \
+    unsigned int nr_ = sizeof((uint8_t[]){ bytes });                    \
+    struct fpu_insn_ctxt fic_ = { .insn_bytes = nr_ };                  \
+    unsigned long tmp_;                                                 \
+    memcpy(get_stub(stub), ((uint8_t[]){ bytes, 0xc3 }), nr_ + 1);      \
+    get_fpu(X86EMUL_FPU_fpu, &fic_);                                    \
+    asm volatile ( _PRE_EFLAGS("[eflags]", "[mask]", "[tmp]")           \
+                   "call *%[func];"                                     \
+                   _POST_EFLAGS("[eflags]", "[mask]", "[tmp]")          \
+                   : [eflags] "+g" (_regs.eflags),                      \
+                     [tmp] "=&r" (tmp_)                                 \
+                   : [func] "rm" (stub.func),                           \
+                     [mask] "i" (EFLG_ZF|EFLG_PF|EFLG_CF) );            \
+    put_fpu(&fic_);                                                     \
+    put_stub(stub);                                                     \
+} while (0)
+
 static unsigned long _get_rep_prefix(
     const struct cpu_user_regs *int_regs,
     int ad_bytes)
@@ -1242,6 +1260,7 @@ static bool_t vcpu_has(
 #define vcpu_must_have(leaf, reg, bit) \
     generate_exception_if(!vcpu_has(leaf, reg, bit, ctxt, ops), EXC_UD, -1)
 #define vcpu_must_have_fpu()  vcpu_must_have(0x00000001, EDX, 0)
+#define vcpu_must_have_cmov() vcpu_must_have(0x00000001, EDX, 15)
 #define vcpu_must_have_mmx()  vcpu_must_have(0x00000001, EDX, 23)
 #define vcpu_must_have_sse()  vcpu_must_have(0x00000001, EDX, 25)
 #define vcpu_must_have_sse2() vcpu_must_have(0x00000001, EDX, 26)
@@ -3573,6 +3592,9 @@ x86_emulate(
         case 0xc8 ... 0xcf: /* fcmove %stN */
         case 0xd0 ... 0xd7: /* fcmovbe %stN */
         case 0xd8 ... 0xdf: /* fcmovu %stN */
+            vcpu_must_have_cmov();
+            emulate_fpu_insn_stub_eflags(0xda, modrm);
+            break;
         case 0xe9:          /* fucompp */
             emulate_fpu_insn_stub(0xda, modrm);
             break;
@@ -3621,7 +3643,10 @@ x86_emulate(
         case 0xc8 ... 0xcf: /* fcmovne %stN */
         case 0xd0 ... 0xd7: /* fcmovnbe %stN */
         case 0xd8 ... 0xdf: /* fcmovnu %stN */
-            emulate_fpu_insn_stub(0xdb, modrm);
+        case 0xe8 ... 0xef: /* fucomi %stN */
+        case 0xf0 ... 0xf7: /* fcomi %stN */
+            vcpu_must_have_cmov();
+            emulate_fpu_insn_stub_eflags(0xdb, modrm);
             break;
         case 0xe2: /* fnclex */
             emulate_fpu_insn("fnclex");
@@ -3631,10 +3656,6 @@ x86_emulate(
             break;
         case 0xe4: /* fsetpm - 287 only, ignored by 387 */
             break;
-        case 0xe8 ... 0xef: /* fucomi %stN */
-        case 0xf0 ... 0xf7: /* fcomi %stN */
-            emulate_fpu_insn_stub(0xdb, modrm);
-            break;
         default:
             fail_if(modrm >= 0xc0);
             switch ( modrm_reg & 7 )
@@ -3852,7 +3873,8 @@ x86_emulate(
             break;
         case 0xe8 ... 0xef: /* fucomip %stN */
         case 0xf0 ... 0xf7: /* fcomip %stN */
-            emulate_fpu_insn_stub(0xdf, modrm);
+            vcpu_must_have_cmov();
+            emulate_fpu_insn_stub_eflags(0xdf, modrm);
             break;
         default:
             fail_if(modrm >= 0xc0);
@@ -4760,6 +4782,7 @@ x86_emulate(
     }
 
     case X86EMUL_OPC(0x0f, 0x40) ... X86EMUL_OPC(0x0f, 0x4f): /* cmovcc */
+        vcpu_must_have_cmov();
         dst.val = src.val;
         if ( !test_cc(b, _regs.eflags) )
             dst.type = OP_NONE;
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -879,6 +879,24 @@ do {
     put_stub(stub);                                                     \
 } while (0)
 
+#define emulate_fpu_insn_stub_eflags(bytes...)                          \
+do {                                                                    \
+    unsigned int nr_ = sizeof((uint8_t[]){ bytes });                    \
+    struct fpu_insn_ctxt fic_ = { .insn_bytes = nr_ };                  \
+    unsigned long tmp_;                                                 \
+    memcpy(get_stub(stub), ((uint8_t[]){ bytes, 0xc3 }), nr_ + 1);      \
+    get_fpu(X86EMUL_FPU_fpu, &fic_);                                    \
+    asm volatile ( _PRE_EFLAGS("[eflags]", "[mask]", "[tmp]")           \
+                   "call *%[func];"                                     \
+                   _POST_EFLAGS("[eflags]", "[mask]", "[tmp]")          \
+                   : [eflags] "+g" (_regs.eflags),                      \
+                     [tmp] "=&r" (tmp_)                                 \
+                   : [func] "rm" (stub.func),                           \
+                     [mask] "i" (EFLG_ZF|EFLG_PF|EFLG_CF) );            \
+    put_fpu(&fic_);                                                     \
+    put_stub(stub);                                                     \
+} while (0)
+
 static unsigned long _get_rep_prefix(
     const struct cpu_user_regs *int_regs,
     int ad_bytes)
@@ -1242,6 +1260,7 @@ static bool_t vcpu_has(
 #define vcpu_must_have(leaf, reg, bit) \
     generate_exception_if(!vcpu_has(leaf, reg, bit, ctxt, ops), EXC_UD, -1)
 #define vcpu_must_have_fpu()  vcpu_must_have(0x00000001, EDX, 0)
+#define vcpu_must_have_cmov() vcpu_must_have(0x00000001, EDX, 15)
 #define vcpu_must_have_mmx()  vcpu_must_have(0x00000001, EDX, 23)
 #define vcpu_must_have_sse()  vcpu_must_have(0x00000001, EDX, 25)
 #define vcpu_must_have_sse2() vcpu_must_have(0x00000001, EDX, 26)
@@ -3573,6 +3592,9 @@ x86_emulate(
         case 0xc8 ... 0xcf: /* fcmove %stN */
         case 0xd0 ... 0xd7: /* fcmovbe %stN */
         case 0xd8 ... 0xdf: /* fcmovu %stN */
+            vcpu_must_have_cmov();
+            emulate_fpu_insn_stub_eflags(0xda, modrm);
+            break;
         case 0xe9:          /* fucompp */
             emulate_fpu_insn_stub(0xda, modrm);
             break;
@@ -3621,7 +3643,10 @@ x86_emulate(
         case 0xc8 ... 0xcf: /* fcmovne %stN */
         case 0xd0 ... 0xd7: /* fcmovnbe %stN */
         case 0xd8 ... 0xdf: /* fcmovnu %stN */
-            emulate_fpu_insn_stub(0xdb, modrm);
+        case 0xe8 ... 0xef: /* fucomi %stN */
+        case 0xf0 ... 0xf7: /* fcomi %stN */
+            vcpu_must_have_cmov();
+            emulate_fpu_insn_stub_eflags(0xdb, modrm);
             break;
         case 0xe2: /* fnclex */
             emulate_fpu_insn("fnclex");
@@ -3631,10 +3656,6 @@ x86_emulate(
             break;
         case 0xe4: /* fsetpm - 287 only, ignored by 387 */
             break;
-        case 0xe8 ... 0xef: /* fucomi %stN */
-        case 0xf0 ... 0xf7: /* fcomi %stN */
-            emulate_fpu_insn_stub(0xdb, modrm);
-            break;
         default:
             fail_if(modrm >= 0xc0);
             switch ( modrm_reg & 7 )
@@ -3852,7 +3873,8 @@ x86_emulate(
             break;
         case 0xe8 ... 0xef: /* fucomip %stN */
         case 0xf0 ... 0xf7: /* fcomip %stN */
-            emulate_fpu_insn_stub(0xdf, modrm);
+            vcpu_must_have_cmov();
+            emulate_fpu_insn_stub_eflags(0xdf, modrm);
             break;
         default:
             fail_if(modrm >= 0xc0);
@@ -4760,6 +4782,7 @@ x86_emulate(
     }
 
     case X86EMUL_OPC(0x0f, 0x40) ... X86EMUL_OPC(0x0f, 0x4f): /* cmovcc */
+        vcpu_must_have_cmov();
         dst.val = src.val;
         if ( !test_cc(b, _regs.eflags) )
             dst.type = OP_NONE;