#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
271659 |
|
16-Sep-2014 |
grehan |
MFC r270689: Implement the 0x2B SUB instruction, and the OR variant of 0x81.
Found with local APIC accesses from bitrig/amd64 bsd.rd, 07/15-snap.
Approved by: re (rodrigc)
|
#
270159 |
|
18-Aug-2014 |
grehan |
MFC r267921, r267934, r267949, r267959, r267966, r268202, r268276, r268427, r268428, r268521, r268638, r268639, r268701, r268777, r268889, r268922, r269008, r269042, r269043, r269080, r269094, r269108, r269109, r269281, r269317, r269700, r269896, r269962, r269989.
Catch bhyve up to CURRENT.
Lightly tested with FreeBSD i386/amd64, Linux i386/amd64, and OpenBSD/amd64. Still resolving an issue with OpenBSD/i386.
Many thanks to jhb@ for all the hard work on the prior MFCs !
r267921 - support the "mov r/m8, imm8" instruction r267934 - document options r267949 - set DMI vers/date to fixed values r267959 - doc: sort cmd flags r267966 - EPT misconf post-mortem info r268202 - use correct flag for event index r268276 - 64-bit virtio capability api r268427 - invalidate guest TLB when cr3 is updated, needed for TSS r268428 - identify vcpu's operating mode r268521 - use correct offset in guest logical-to-linear translation r268638 - chs value r268639 - chs fake values r268701 - instr emul operand/address size override prefix support r268777 - emulation for legacy x86 task switching r268889 - nested exception support r268922 - fix INVARIANTS build r269008 - emulate instructions found in the OpenBSD/i386 5.5 kernel r269042 - fix fault injection r269043 - Reduce VMEXIT_RESTARTs in task_switch.c r269080 - fix issues in PUSH emulation r269094 - simplify return values from the inout handlers r269108 - don't return -1 from the push emulation handler r269109 - avoid permanent sleep in vm_handle_hlt() r269281 - list VT-x features in base kernel dmesg r269317 - Mark AHCI fatal errors as not completed r269700 - Support PCI extended config space in bhyve r269896 - Minor cleanup r269962 - use max guest memory when creating IOMMU domain r269989 - fix interrupt mode names
|
#
268976 |
|
22-Jul-2014 |
jhb |
MFC 266424,266476,266524,266573,266595,266626,266627,266633,266641,266642, 266708,266724,266934,266935,268521: Emulation of the "ins" and "outs" instructions.
Various fixes for translating guest linear addresses to guest physical addresses.
|
#
267399 |
|
12-Jun-2014 |
jhb |
MFC 261504: Add support for FreeBSD/i386 guests under bhyve.
|
#
267396 |
|
12-Jun-2014 |
jhb |
MFC 261503,264501: Emulate the byte move and zero/sign extend instructions.
|
#
262349 |
|
22-Feb-2014 |
jhb |
MFC 257297: Remove unnecessary includes of <machine/pmap.h>
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
256072 |
|
05-Oct-2013 |
neel |
Merge projects/bhyve_npt_pmap into head.
Make the amd64/pmap code aware of nested page table mappings used by bhyve guests. This allows bhyve to associate each guest with its own vmspace and deal with nested page faults in the context of that vmspace. This also enables features like accessed/dirty bit tracking, swapping to disk and transparent superpage promotions of guest memory.
Guest vmspace: Each bhyve guest has a unique vmspace to represent the physical memory allocated to the guest. Each memory segment allocated by the guest is mapped into the guest's address space via the 'vmspace->vm_map' and is backed by an object of type OBJT_DEFAULT.
pmap types: The amd64/pmap now understands two types of pmaps: PT_X86 and PT_EPT.
The PT_X86 pmap type is used by the vmspace associated with the host kernel as well as user processes executing on the host. The PT_EPT pmap is used by the vmspace associated with a bhyve guest.
Page Table Entries: The EPT page table entries as mostly similar in functionality to regular page table entries although there are some differences in terms of what bits are used to express that functionality. For e.g. the dirty bit is represented by bit 9 in the nested PTE as opposed to bit 6 in the regular x86 PTE. Therefore the bitmask representing the dirty bit is now computed at runtime based on the type of the pmap. Thus PG_M that was previously a macro now becomes a local variable that is initialized at runtime using 'pmap_modified_bit(pmap)'.
An additional wrinkle associated with EPT mappings is that older Intel processors don't have hardware support for tracking accessed/dirty bits in the PTE. This means that the amd64/pmap code needs to emulate these bits to provide proper accounting to the VM subsystem. This is achieved by using the following mapping for EPT entries that need emulation of A/D bits: Bit Position Interpreted By PG_V 52 software (accessed bit emulation handler) PG_RW 53 software (dirty bit emulation handler) PG_A 0 hardware (aka EPT_PG_RD) PG_M 1 hardware (aka EPT_PG_WR)
The idea to use the mapping listed above for A/D bit emulation came from Alan Cox (alc@).
The final difference with respect to x86 PTEs is that some EPT implementations do not support superpage mappings. This is recorded in the 'pm_flags' field of the pmap.
TLB invalidation: The amd64/pmap code has a number of ways to do invalidation of mappings that may be cached in the TLB: single page, multiple pages in a range or the entire TLB. All of these funnel into a single EPT invalidation routine called 'pmap_invalidate_ept()'. This routine bumps up the EPT generation number and sends an IPI to the host cpus that are executing the guest's vcpus. On a subsequent entry into the guest it will detect that the EPT has changed and invalidate the mappings from the TLB.
Guest memory access: Since the guest memory is no longer wired we need to hold the host physical page that backs the guest physical page before we can access it. The helper functions 'vm_gpa_hold()/vm_gpa_release()' are available for this purpose.
PCI passthru: Guest's with PCI passthru devices will wire the entire guest physical address space. The MMIO BAR associated with the passthru device is backed by a vm_object of type OBJT_SG. An IOMMU domain is created only for guest's that have one or more PCI passthru devices attached to them.
Limitations: There isn't a way to map a guest physical page without execute permissions. This is because the amd64/pmap code interprets the guest physical mappings as user mappings since they are numerically below VM_MAXUSER_ADDRESS. Since PG_U shares the same bit position as EPT_PG_EXECUTE all guest mappings become automatically executable.
Thanks to Alan Cox and Konstantin Belousov for their rigorous code reviews as well as their support and encouragement.
Thanks for John Baldwin for reviewing the use of OBJT_SG as the backing object for pci passthru mmio regions.
Special thanks to Peter Holm for testing the patch on short notice.
Approved by: re Discussed with: grehan Reviewed by: alc, kib Tested by: pho
|
#
255638 |
|
17-Sep-2013 |
neel |
Fix a bug in decoding an instruction that has an SIB byte as well as an immediate operand. The presence of an SIB byte in decoding the ModR/M field would cause 'imm_bytes' to not be set to the correct value.
Fix this by initializing 'imm_bytes' independent of the ModR/M decoding.
Reported by: grehan@ Approved by: re@
|
#
254964 |
|
27-Aug-2013 |
neel |
Add support for emulating the byte move instruction "mov r/m8, r8".
This emulation is required when dumping MMIO space via the ddb "examine" command.
|
#
253585 |
|
23-Jul-2013 |
neel |
Add support for emulation of the "or r/m, imm8" instruction.
Submitted by: Zhixiang Yu (zxyu.core@gmail.com) Obtained from: GSoC 2013 (AHCI device emulation for bhyve)
|
#
252641 |
|
03-Jul-2013 |
neel |
Verify that all bytes in the instruction buffer are consumed during decoding.
Suggested by: grehan
|
#
250175 |
|
02-May-2013 |
emaste |
Switch to standard copyright license text
The initial version of this came from Sandvine but had "PROVIDED BY NETAPP, INC" in the copyright text, presuambly because the license block was copied from another file. Replace it with standard "AUTHOR AND CONTRIBUTORS" form.
Approvided by: grehan@
|
#
249879 |
|
25-Apr-2013 |
grehan |
Add RIP-relative addressing to the instruction decoder. Rework the guest register fetch code to allow the RIP to be extracted from the VMCS while the kernel decoder is functioning.
Hit by the OpenBSD local-apic code.
Submitted by: neel Reviewed by: grehan Obtained from: NetApp
|
#
248855 |
|
28-Mar-2013 |
neel |
Allow caller to skip 'guest linear address' validation when doing instruction decode. This is to accomodate hardware assist implementations that do not provide the 'guest linear address' as part of nested page fault collateral.
Submitted by: Anish Gupta (akgupt3 at gmail dot com)
|
#
246108 |
|
30-Jan-2013 |
neel |
Add emulation support for instruction "88/r: mov r/m8, r8".
This instruction moves a byte from a register to a memory location.
Tested by: tycho nightingale at pluribusnetworks com
|
#
245652 |
|
19-Jan-2013 |
neel |
Merge projects/bhyve to head.
'bhyve' was developed by grehan@ and myself at NetApp (thanks!).
Special thanks to Peter Snyder, Joe Caradonna and Michael Dexter for their support and encouragement.
Obtained from: NetApp
|
#
243703 |
|
30-Nov-2012 |
grehan |
Properly screen for the AND 0x81 instruction from the set of group1 0x81 instructions that use the reg bits as an extended opcode.
Still todo: properly update rflags.
Pointed out by: jilles@
|
#
243675 |
|
29-Nov-2012 |
grehan |
Remove debug printf.
Pointed out by: emaste
|
#
243667 |
|
29-Nov-2012 |
grehan |
Add support for the 0x81 AND instruction, now generated by clang in the local APIC code.
0x81 is a read-modify-write instruction - the EPT check that only allowed read or write and not both has been relaxed to allow read and write.
Reviewed by: neel Obtained from: NetApp
|
#
243640 |
|
27-Nov-2012 |
neel |
Revamp the x86 instruction emulation in bhyve.
On a nested page table fault the hypervisor will: - fetch the instruction using the guest %rip and %cr3 - decode the instruction in 'struct vie' - emulate the instruction in host kernel context for local apic accesses - any other type of mmio access is punted up to user-space (e.g. ioapic)
The decoded instruction is passed as collateral to the user-space process that is handling the PAGING exit.
The emulation code is fleshed out to include more addressing modes (e.g. SIB) and more types of operands (e.g. imm8). The source code is unified into a single file (vmm_instruction_emul.c) that is compiled into vmm.ko as well as /usr/sbin/bhyve.
Reviewed by: grehan Obtained from: NetApp
|
#
241148 |
|
02-Oct-2012 |
neel |
Get rid of assumptions in the hypervisor that the host physical memory associated with guest physical memory is contiguous.
Add check to vm_gpa2hpa() that the range indicated by [gpa,gpa+len) is all contained within a single 4KB page.
|
#
240978 |
|
26-Sep-2012 |
neel |
Intel VT-x provides the length of the instruction at the time of the nested page table fault. Use this when fetching the instruction bytes from the guest memory.
Also modify the lapic_mmio() API so that a decoded instruction is fed into it instead of having it fetch the instruction bytes from the guest. This is useful for hardware assists like SVM that provide the faulting instruction as part of the vmexit.
|
#
240941 |
|
25-Sep-2012 |
neel |
Add support for trapping MMIO writes to local apic registers and emulating them.
The default behavior is still to present the local apic to the guest in the x2apic mode.
|