From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Wei Liu <wl@xen.org>, Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH v8 08/12] x86emul: support FLDENV and FRSTOR
Date: Fri, 8 May 2020 15:37:20 +0200 [thread overview]
Message-ID: <20200508133720.GH1353@Air-de-Roger> (raw)
In-Reply-To: <09fe2c18-0037-af71-93be-87261051e2a2@suse.com>
On Tue, May 05, 2020 at 10:16:20AM +0200, Jan Beulich wrote:
> While the Intel SDM claims that FRSTOR itself may raise #MF upon
> completion, this was confirmed by Intel to be a doc error which will be
> corrected in due course; behavior is like FLDENV, and like old hard copy
> manuals describe it. Otherwise we'd have to emulate the insn by filling
> st(N) in suitable order, followed by FLDENV.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> ---
> v7: New.
>
> --- a/tools/tests/x86_emulator/test_x86_emulator.c
> +++ b/tools/tests/x86_emulator/test_x86_emulator.c
> @@ -2442,6 +2442,27 @@ int main(int argc, char **argv)
> else
> printf("skipped\n");
>
> + printf("%-40s", "Testing fldenv 8(%edx)...");
Likely a stupid question, but why the added 8? edx will contain the
memory address used to save the sate by fnstenv, so I would expect
fldenv to just load from there?
> + if ( stack_exec && cpu_has_fpu )
> + {
> + asm volatile ( "fnstenv %0\n\t"
> + "fninit"
> + : "=m" (res[2]) :: "memory" );
Why do you need the memory clobber here? I assume it's because res is
of type unsigned int and hence doesn't have the right size that
fnstenv will actually write to?
> + zap_fpsel(&res[2], true);
> + instr[0] = 0xd9; instr[1] = 0x62; instr[2] = 0x08;
> + regs.eip = (unsigned long)&instr[0];
> + regs.edx = (unsigned long)res;
> + rc = x86_emulate(&ctxt, &emulops);
> + asm volatile ( "fnstenv %0" : "=m" (res[9]) :: "memory" );
> + if ( (rc != X86EMUL_OKAY) ||
> + memcmp(res + 2, res + 9, 28) ||
> + (regs.eip != (unsigned long)&instr[3]) )
> + goto fail;
> + printf("okay\n");
> + }
> + else
> + printf("skipped\n");
> +
> printf("%-40s", "Testing 16-bit fnsave (%ecx)...");
> if ( stack_exec && cpu_has_fpu )
> {
> @@ -2468,6 +2489,31 @@ int main(int argc, char **argv)
> goto fail;
> printf("okay\n");
> }
> + else
> + printf("skipped\n");
> +
> + printf("%-40s", "Testing frstor (%edx)...");
> + if ( stack_exec && cpu_has_fpu )
> + {
> + const uint16_t seven = 7;
> +
> + asm volatile ( "fninit\n\t"
> + "fld1\n\t"
> + "fidivs %1\n\t"
> + "fnsave %0\n\t"
> + : "=&m" (res[0]) : "m" (seven) : "memory" );
> + zap_fpsel(&res[0], true);
> + instr[0] = 0xdd; instr[1] = 0x22;
> + regs.eip = (unsigned long)&instr[0];
> + regs.edx = (unsigned long)res;
> + rc = x86_emulate(&ctxt, &emulops);
> + asm volatile ( "fnsave %0" : "=m" (res[27]) :: "memory" );
> + if ( (rc != X86EMUL_OKAY) ||
> + memcmp(res, res + 27, 108) ||
> + (regs.eip != (unsigned long)&instr[2]) )
> + goto fail;
> + printf("okay\n");
> + }
> else
> printf("skipped\n");
>
> --- a/xen/arch/x86/x86_emulate/x86_emulate.c
> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c
> @@ -857,6 +857,7 @@ struct x86_emulate_state {
> blk_NONE,
> blk_enqcmd,
> #ifndef X86EMUL_NO_FPU
> + blk_fld, /* FLDENV, FRSTOR */
> blk_fst, /* FNSTENV, FNSAVE */
> #endif
> blk_movdir,
> @@ -4948,21 +4949,14 @@ x86_emulate(
> dst.bytes = 4;
> emulate_fpu_insn_memdst(b, modrm_reg & 7, dst.val);
> break;
> - case 4: /* fldenv - TODO */
> - state->fpu_ctrl = true;
> - goto unimplemented_insn;
> - case 5: /* fldcw m2byte */
> - state->fpu_ctrl = true;
> - fpu_memsrc16:
> - if ( (rc = ops->read(ea.mem.seg, ea.mem.off, &src.val,
> - 2, ctxt)) != X86EMUL_OKAY )
> - goto done;
> - emulate_fpu_insn_memsrc(b, modrm_reg & 7, src.val);
> - break;
> + case 4: /* fldenv */
> + /* Raise #MF now if there are pending unmasked exceptions. */
> + emulate_fpu_insn_stub(0xd9, 0xd0 /* fnop */);
Maybe it would make sense to have a wrapper for fnop?
> + /* fall through */
> case 6: /* fnstenv */
> fail_if(!ops->blk);
> - state->blk = blk_fst;
> - /* REX is meaningless for this insn by this point. */
> + state->blk = modrm_reg & 2 ? blk_fst : blk_fld;
> + /* REX is meaningless for these insns by this point. */
> rex_prefix = in_protmode(ctxt, ops);
> if ( (rc = ops->blk(ea.mem.seg, ea.mem.off, NULL,
> op_bytes > 2 ? sizeof(struct x87_env32)
> @@ -4972,6 +4966,14 @@ x86_emulate(
> goto done;
> state->fpu_ctrl = true;
> break;
> + case 5: /* fldcw m2byte */
> + state->fpu_ctrl = true;
> + fpu_memsrc16:
> + if ( (rc = ops->read(ea.mem.seg, ea.mem.off, &src.val,
> + 2, ctxt)) != X86EMUL_OKAY )
> + goto done;
> + emulate_fpu_insn_memsrc(b, modrm_reg & 7, src.val);
> + break;
> case 7: /* fnstcw m2byte */
> state->fpu_ctrl = true;
> fpu_memdst16:
> @@ -5124,13 +5126,14 @@ x86_emulate(
> dst.bytes = 8;
> emulate_fpu_insn_memdst(b, modrm_reg & 7, dst.val);
> break;
> - case 4: /* frstor - TODO */
> - state->fpu_ctrl = true;
> - goto unimplemented_insn;
> + case 4: /* frstor */
> + /* Raise #MF now if there are pending unmasked exceptions. */
> + emulate_fpu_insn_stub(0xd9, 0xd0 /* fnop */);
> + /* fall through */
> case 6: /* fnsave */
> fail_if(!ops->blk);
> - state->blk = blk_fst;
> - /* REX is meaningless for this insn by this point. */
> + state->blk = modrm_reg & 2 ? blk_fst : blk_fld;
> + /* REX is meaningless for these insns by this point. */
> rex_prefix = in_protmode(ctxt, ops);
> if ( (rc = ops->blk(ea.mem.seg, ea.mem.off, NULL,
> op_bytes > 2 ? sizeof(struct x87_env32) + 80
> @@ -11648,6 +11651,89 @@ int x86_emul_blk(
>
> #ifndef X86EMUL_NO_FPU
>
> + case blk_fld:
> + ASSERT(!data);
> +
> + /* state->rex_prefix carries CR0.PE && !EFLAGS.VM setting */
> + switch ( bytes )
> + {
> + case sizeof(fpstate.env):
> + case sizeof(fpstate):
> + memcpy(&fpstate.env, ptr, sizeof(fpstate.env));
> + if ( !state->rex_prefix )
> + {
> + unsigned int fip = fpstate.env.mode.real.fip_lo +
> + (fpstate.env.mode.real.fip_hi << 16);
> + unsigned int fdp = fpstate.env.mode.real.fdp_lo +
> + (fpstate.env.mode.real.fdp_hi << 16);
> + unsigned int fop = fpstate.env.mode.real.fop;
> +
> + fpstate.env.mode.prot.fip = fip & 0xf;
> + fpstate.env.mode.prot.fcs = fip >> 4;
> + fpstate.env.mode.prot.fop = fop;
> + fpstate.env.mode.prot.fdp = fdp & 0xf;
> + fpstate.env.mode.prot.fds = fdp >> 4;
I've found the layouts in the SDM vol. 1, but I haven't been able to
found the translation mechanism from real to protected. Could you
maybe add a reference here?
> + }
> +
> + if ( bytes == sizeof(fpstate.env) )
> + ptr = NULL;
> + else
> + ptr += sizeof(fpstate.env);
> + break;
> +
> + case sizeof(struct x87_env16):
> + case sizeof(struct x87_env16) + sizeof(fpstate.freg):
> + {
> + const struct x87_env16 *env = ptr;
> +
> + fpstate.env.fcw = env->fcw;
> + fpstate.env.fsw = env->fsw;
> + fpstate.env.ftw = env->ftw;
> +
> + if ( state->rex_prefix )
> + {
> + fpstate.env.mode.prot.fip = env->mode.prot.fip;
> + fpstate.env.mode.prot.fcs = env->mode.prot.fcs;
> + fpstate.env.mode.prot.fdp = env->mode.prot.fdp;
> + fpstate.env.mode.prot.fds = env->mode.prot.fds;
> + fpstate.env.mode.prot.fop = 0; /* unknown */
> + }
> + else
> + {
> + unsigned int fip = env->mode.real.fip_lo +
> + (env->mode.real.fip_hi << 16);
> + unsigned int fdp = env->mode.real.fdp_lo +
> + (env->mode.real.fdp_hi << 16);
> + unsigned int fop = env->mode.real.fop;
> +
> + fpstate.env.mode.prot.fip = fip & 0xf;
> + fpstate.env.mode.prot.fcs = fip >> 4;
> + fpstate.env.mode.prot.fop = fop;
> + fpstate.env.mode.prot.fdp = fdp & 0xf;
> + fpstate.env.mode.prot.fds = fdp >> 4;
This looks mostly the same as the translation done above, so maybe
could be abstracted anyway in a macro to avoid the code repetition?
(ie: fpstate_real_to_prot(src, dst) or some such).
Thanks, Roger.
next prev parent reply other threads:[~2020-05-08 13:38 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 8:10 [PATCH v8 00/12] x86emul: further work Jan Beulich
2020-05-05 8:12 ` [PATCH v8 01/12] x86emul: disable FPU/MMX/SIMD insn emulation when !HVM Jan Beulich
2020-05-07 18:11 ` Andrew Cooper
2020-05-08 8:10 ` Jan Beulich
2020-05-05 8:13 ` [PATCH v8 02/12] x86emul: support MOVDIR{I,64B} insns Jan Beulich
2020-05-07 18:30 ` Andrew Cooper
2020-05-08 7:19 ` Jan Beulich
2020-05-05 8:13 ` [PATCH v8 03/12] x86emul: support ENQCMD insns Jan Beulich
2020-05-07 18:59 ` Andrew Cooper
2020-05-08 7:32 ` Jan Beulich
2020-05-05 8:14 ` [PATCH v8 04/12] x86emul: support SERIALIZE Jan Beulich
2020-05-07 19:32 ` Andrew Cooper
2020-05-08 7:34 ` Jan Beulich
2020-05-08 13:00 ` Andrew Cooper
2020-05-08 13:59 ` Jan Beulich
2020-05-08 15:05 ` Andrew Cooper
2020-05-05 8:14 ` [PATCH v8 05/12] x86emul: support X{SUS,RES}LDTRK Jan Beulich
2020-05-07 20:13 ` Andrew Cooper
2020-05-08 7:38 ` Jan Beulich
2020-05-08 13:15 ` Andrew Cooper
2020-05-08 14:42 ` Jan Beulich
2020-05-05 8:15 ` [PATCH v8 06/12] x86/HVM: make hvmemul_blk() capable of handling r/o operations Jan Beulich
2020-05-05 14:20 ` Paul Durrant
2020-05-07 20:34 ` Andrew Cooper
2020-05-08 7:13 ` Jan Beulich
2020-05-05 8:15 ` [PATCH v8 07/12] x86emul: support FNSTENV and FNSAVE Jan Beulich
2020-05-05 12:36 ` Jan Beulich
2020-05-08 17:58 ` Andrew Cooper
2020-05-13 12:07 ` Jan Beulich
2020-05-05 8:16 ` [PATCH v8 08/12] x86emul: support FLDENV and FRSTOR Jan Beulich
2020-05-08 13:37 ` Roger Pau Monné [this message]
2020-05-08 15:04 ` Jan Beulich
2020-05-08 16:21 ` Roger Pau Monné
2020-05-11 7:29 ` Jan Beulich
2020-05-11 9:22 ` Roger Pau Monné
2020-05-08 18:29 ` Andrew Cooper
2020-05-11 7:25 ` Jan Beulich
2020-05-11 8:02 ` Roger Pau Monné
2020-05-08 18:19 ` Andrew Cooper
2020-05-05 8:16 ` [PATCH v8 09/12] x86emul: support FXSAVE/FXRSTOR Jan Beulich
2020-05-08 19:31 ` Andrew Cooper
2020-05-13 13:24 ` Jan Beulich
2020-05-05 8:17 ` [PATCH v8 09/12] x86/HVM: scale MPERF values reported to guests (on AMD) Jan Beulich
2020-05-05 8:19 ` Jan Beulich
2020-05-05 8:18 ` [PATCH v8 10/12] " Jan Beulich
2020-05-08 20:32 ` Andrew Cooper
2020-05-05 8:19 ` [PATCH v8 11/12] x86emul: support RDPRU Jan Beulich
2020-05-05 8:20 ` [PATCH v8 12/12] x86/HVM: don't needlessly intercept APERF/MPERF/TSC MSR reads Jan Beulich
2020-05-08 21:04 ` Andrew Cooper
2020-05-13 13:35 ` Jan Beulich
2020-05-14 8:52 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200508133720.GH1353@Air-de-Roger \
--to=roger.pau@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.