x86: realmode: mark exec_in_big_real_mode as noinline

exec_in_big_real_mode() uses inline asm that defines labels that are
globally visible. Clang decides that it can inline this function,
which cau

x86: realmode: mark exec_in_big_real_mode as noinline

exec_in_big_real_mode() uses inline asm that defines labels that are
globally visible. Clang decides that it can inline this function,
which causes the assembler to complain about duplicate symbols. Mark
the function as "noinline" to prevent this.

Signed-off-by: Bill Wendling <morbo@google.com>
[sean: use noinline from compiler.h, call out the globally visible aspect]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210909183207.2228273-5-seanjc@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

lib/x86: report result through serial console when no test device

If there are no test devices, we might be running on bare-metal or other
environment, in which port 0xF4, which reports the test res

lib/x86: report result through serial console when no test device

If there are no test devices, we might be running on bare-metal or other
environment, in which port 0xF4, which reports the test result, is not
monitored. In such environments, print also the result of the test to
the serial console.

For realmode: just give a simple indication whether the test passed or
failed in a similar fashion.

This can allow automation tools to figure out the test is done and its
result.

Signed-off-by: Nadav Amit <nadav.amit@gmail.com>
Message-Id: <20210609182945.36849-2-nadav.amit@gmail.com>

show more ...

x86: realmode: Workaround clang issues

clang doesn't properly support .code16gcc and generates wrong machine
code [1][2][3][4]. But the test works if object file is compiled with -m16 and
explicit s

x86: realmode: Workaround clang issues

clang doesn't properly support .code16gcc and generates wrong machine
code [1][2][3][4]. But the test works if object file is compiled with -m16 and
explicit suffixes are added for instructions.

1. https://lore.kernel.org/kvm/4d20fbce-d247-abf4-3ceb-da2c0d48fc50@redhat.com/
2. https://lore.kernel.org/kvm/20200915155959.GF52559@SPB-NB-133.local/
3. https://lore.kernel.org/kvm/788b7191-6987-9399-f352-2e661255157e@redhat.com/
4. https://lore.kernel.org/kvm/20200922212507.GA11460@SPB-NB-133.local/

Suggested-by: Thomas Huth <thuth@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200924120516.77299-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: fix serial_init()

In some setups serial output from the real-mode tests is corrupted.

I do not know the serial port initialization code well, but the
protected mode initialization co

x86: realmode: fix serial_init()

In some setups serial output from the real-mode tests is corrupted.

I do not know the serial port initialization code well, but the
protected mode initialization code is different than the real-mode code.
Using the protected mode serial port initialization fixes the problem.

Keeping the tradition of code duplication between real-mode and
protected mode, this patch copies the missing initialization into
real-mode serial port initialization.

Signed-off-by: Nadav Amit <namit@vmware.com>
Message-Id: <20200701193045.31247-1-namit@vmware.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: fix lss test

Running lss with some random descriptor and then performing pop does not
work so well. Use mov instructions instead of push/pop pair.

Signed-off-by: Nadav Amit <namit@vm

x86: realmode: fix lss test

Running lss with some random descriptor and then performing pop does not
work so well. Use mov instructions instead of push/pop pair.

Signed-off-by: Nadav Amit <namit@vmware.com>
Message-Id: <20200626092333.2830-4-namit@vmware.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: hlt loop as fallback on exit

For systems without emulated devices (e.g., bare-metal), use halt-loop
when exiting the realmode test.

Signed-off-by: Nadav Amit <namit@vmware.com>
Messa

x86: realmode: hlt loop as fallback on exit

For systems without emulated devices (e.g., bare-metal), use halt-loop
when exiting the realmode test.

Signed-off-by: Nadav Amit <namit@vmware.com>
Message-Id: <20200626092333.2830-3-namit@vmware.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: initialize idtr

The realmode test does not initialize the IDTR, assuming that its base
is zero and its limit 0x3ff. Initialize it, as the bootloader might not
set it as such.

Signed-

x86: realmode: initialize idtr

The realmode test does not initialize the IDTR, assuming that its base
is zero and its limit 0x3ff. Initialize it, as the bootloader might not
set it as such.

Signed-off-by: Nadav Amit <namit@vmware.com>
Message-Id: <20200626092333.2830-2-namit@vmware.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: Add suffixes for push, pop and iret

binutils 2.33 and 2.34 changed generation of PUSH and POP for segment
registers and IRET in '.code16gcc' [1][2][3][4]. gas also yields the
followin

x86: realmode: Add suffixes for push, pop and iret

binutils 2.33 and 2.34 changed generation of PUSH and POP for segment
registers and IRET in '.code16gcc' [1][2][3][4]. gas also yields the
following warnings during the build of realmode.c:

snip.s: Assembler messages:
snip.s:2279: Warning: generating 32-bit `push', unlike earlier gas versions
snip.s:2296: Warning: generating 32-bit `pop', unlike earlier gas versions
snip.s:3633: Warning: generating 16-bit `iret' for .code16gcc directive

This change fixes warnings and failures of the tests:

push/pop 3
push/pop 4
iret 1
iret 3

1. https://sourceware.org/bugzilla/show_bug.cgi?id=24485
2. https://sourceware.org/git/?p=binutils-gdb.git;h=7cb22ff84745
3. https://sourceware.org/git/?p=binutils-gdb.git;h=06f74c5cb868
4. https://sourceware.org/git/?p=binutils-gdb.git;h=13e600d0f560

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200529212637.5034-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: Test interrupt delivery after STI

If interrupts are disabled, STI is inhibiting interrupts for the
instruction following it. If STI is followed by HLT, the CPU is going to
handle all

x86: realmode: Test interrupt delivery after STI

If interrupts are disabled, STI is inhibiting interrupts for the
instruction following it. If STI is followed by HLT, the CPU is going to
handle all pending or new interrupts as soon as HLT is executed.

Test if emulator properly clears inhibition state and allows the
scenario outlined above.

Cc: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200329071125.79253-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: syscall: add explicit size suffix to ambiguous instructions

Clang requires explicit size suffixes for potentially ambiguous
instructions:

x86/realmode.c:1647:2: error: ambiguous inst

x86: realmode: syscall: add explicit size suffix to ambiguous instructions

Clang requires explicit size suffixes for potentially ambiguous
instructions:

x86/realmode.c:1647:2: error: ambiguous instructions require an explicit suffix (could be 'cmpb', 'cmpw', or 'cmpl')
MK_INSN_PERF(perf_memory_load, "cmp $0, (%edi)");
^
x86/realmode.c:1591:10: note: expanded from macro 'MK_INSN_PERF'
"1:" insn "\n" \
^
<inline asm>:8:3: note: instantiated into assembly here
1:cmp $0, (%edi)
^

The 'w' and 'l' suffixes generate code that's identical to the gcc
version without them.

Signed-off-by: Bill Wendling <morbo@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: initialize inregs with a stack

Tests may use the stack during execution. It's easy to miss allocating
one, so automatically point %esp to the stack when initializing
"inregs". Also re

x86: realmode: initialize inregs with a stack

Tests may use the stack during execution. It's easy to miss allocating
one, so automatically point %esp to the stack when initializing
"inregs". Also remove the initialization of ".esp" in "test_movzx_movsx"
as it doesn't appear to be required.

Signed-off-by: Bill Wendling <morbo@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: save and restore %es

Some of the code test sequences (e.g. push_es, pop_es) clobber ES. That
causes trouble for future rep string instructions. So save and restore
ES around the test

x86: realmode: save and restore %es

Some of the code test sequences (e.g. push_es, pop_es) clobber ES. That
causes trouble for future rep string instructions. So save and restore
ES around the test code sequence in exec_in_big_real_mode.

Signed-off-by: Bill Wendling <morbo@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: use ARRAY_SIZE in test_long_jmp

Make the code a little bit more robust and self-explanatory.

Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@red

x86: realmode: use ARRAY_SIZE in test_long_jmp

Make the code a little bit more robust and self-explanatory.

Reviewed-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: fix esp in call test

esp needs to point at the end of the stack, or it will corrupt memory.

Signed-off-by: Bill Wendling <morbo@google.com>

This is a port of Avi Kivity patch for th

x86: realmode: fix esp in call test

esp needs to point at the end of the stack, or it will corrupt memory.

Signed-off-by: Bill Wendling <morbo@google.com>

This is a port of Avi Kivity patch for the long jump test:
4aa229495b0e4159642b4a77e9adfdc81501c095.

Signed-off-by: Bill Wendling <morbo@google.com>
Message-Id: <20191017012502.186146-3-morbo@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Make realmode.c compilable with -Wmissing-prototypes and -Wstrict-prototypes

... to make sure that we're calling the functions with the right
parameters everywhere...

Signed-off-by: Thomas Huth <th

Make realmode.c compilable with -Wmissing-prototypes and -Wstrict-prototypes

... to make sure that we're calling the functions with the right
parameters everywhere...

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1530086528-21665-3-git-send-email-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: fix test_sgdt_sidt overflow

In real mode, both sgdt and sidt write 6 bytes to the given memory
address: 2 byte limit, 3 byte address, 1 zero byte. However, the test
was only allocatin

x86: realmode: fix test_sgdt_sidt overflow

In real mode, both sgdt and sidt write 6 bytes to the given memory
address: 2 byte limit, 3 byte address, 1 zero byte. However, the test
was only allocating 4 bytes. Given an inopportune stack layout, the
output was being overwritten and the assertion failed.

I discovered this problem when compiling with -fno-omit-stack-pointer.

Signed-off-by: Peter Feiner <pfeiner@google.com>
Message-Id: <1456967378-6367-4-git-send-email-pfeiner@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: Check rflags.rf is cleared after emulation

RFLAGS.RF should be cleared after every instruction emulation. Recently
discovered bug indicated this is not the case. This patch adds a test to check

x86: Check rflags.rf is cleared after emulation

RFLAGS.RF should be cleared after every instruction emulation. Recently
discovered bug indicated this is not the case. This patch adds a test to check
this behavior. It is done by setting RF, executing IRET and checking whether
the saved RF is cleared. Since the flags are saved several instructions after
IRET is executed, RF should be cleared.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: test xadd with two identical operands

Previously, KVM emulated xadd incorrectly when the source and destination
operands were identical. The expected result is that the register would hold
the

x86: test xadd with two identical operands

Previously, KVM emulated xadd incorrectly when the source and destination
operands were identical. The expected result is that the register would hold
the sum (2x) and not the previous value (x). This test checks this behavior.
It should be executed with a disabled unrestricted mode.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: test smsw behavior with register operand

The smsw instruction has an undocumented behavior, in which the high-order
16-bits of CR0 are also saved in a 32-bit destination register. Th

x86: realmode: test smsw behavior with register operand

The smsw instruction has an undocumented behavior, in which the high-order
16-bits of CR0 are also saved in a 32-bit destination register. This is
similar to the way smsw behaves in long-mode. However, it is hard to test the
long-mode case, since we need to cause an "invalid guest state" in long-mode.

The test works as follows: it sets CR0.CD (bit 30), so any of the high 16-bits
would be set. It then executes smsw to register destination and compares the
register value with that of CR0. CR0 value is restored when the test is done.

This test is expected to fail only when unrestricted mode is disabled or
unsupported.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: realmode: report failures

The current realmode tests always report success when done, regardless to
whether any of the tests failed. Although the log includes the individual test
results, this

x86: realmode: report failures

The current realmode tests always report success when done, regardless to
whether any of the tests failed. Although the log includes the individual test
results, this behavior complicates the life of the tester.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

x86: test mov DR with ignored mod bits

Tests whether the emulator ignores the mod bits on mov DR instruction. The
test performs regular mov to DR0 and reads back the data using custom mov from
DR0

x86: test mov DR with ignored mod bits

Tests whether the emulator ignores the mod bits on mov DR instruction. The
test performs regular mov to DR0 and reads back the data using custom mov from
DR0 while mod bits are set to zero. The expected result is obviously the value
which was written to DR0 before.

The test is performed in realmode and is only expected to fail if the CPU does
not support unrestricted mode. Note that mov-CR/DR in protected mode are
usually not handled by the emulator, as their data is available in the exit
information fields.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

realmode: make performance test run longer and fix result

We need a prefix to loop on ECX.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

realmode: add memory store performance test

Missed this in the previous commit.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

realmode: fix typo in test_cpuid

ECX is initialized to 0 in case the highest CPUID leaf has
sub-functions (as is the case for 0xD on processors with XSAVE).
However, this was only happening in the b

realmode: fix typo in test_cpuid

ECX is initialized to 0 in case the highest CPUID leaf has
sub-functions (as is the case for 0xD on processors with XSAVE).
However, this was only happening in the big real mode case due
to a typo in the asm constraint.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

realmode: add performance test

There's room for speeding up emulation of invalid guest state. Let's
track our progress by adding a few small performance tests.

Current results on a Xeon E5 (Sandy

realmode: add performance test

There's room for speeding up emulation of invalid guest state. Let's
track our progress by adding a few small performance tests.

Current results on a Xeon E5 (Sandy Bridge) with unrestricted_guest=0:

739 cycles/emulated jump instruction
925 cycles/emulated move instruction
887 cycles/emulated arithmetic instruction
916 cycles/emulated memory load instruction
1109 cycles/emulated memory RMW instruction

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...