2 * tpr optimization for qemu/kvm
4 * Copyright (C) 2007-2008 Qumranet Technologies
6 * Licensed under the terms of the GNU GPL version 2 or higher.
10 #include "config-host.h"
22 static uint64_t map_addr(CPUState
*env
, target_ulong virt
, unsigned *perms
)
24 uint64_t mask
= ((1ull << 48) - 1) & ~4095ull;
28 if (env
->cr
[4] & 0x20) {
30 p
= ldq_phys(p
+ 8 * (virt
>> 30));
34 p
= ldq_phys(p
+ 8 * ((virt
>> 21) & 511));
39 p
+= ((virt
>> 12) & 511) << 12;
42 p
= ldq_phys(p
+ 8 * ((virt
>> 12) & 511));
49 p
= ldl_phys(p
+ 4 * ((virt
>> 22) & 1023));
54 p
+= ((virt
>> 12) & 1023) << 12;
57 p
= ldl_phys(p
+ 4 * ((virt
>> 12) & 1023));
66 return p
+ (virt
& 4095);
69 static uint8_t read_byte_virt(CPUState
*env
, target_ulong virt
)
71 return ldub_phys(map_addr(env
, virt
, NULL
));
74 static void write_byte_virt(CPUState
*env
, target_ulong virt
, uint8_t b
)
76 cpu_physical_memory_write_rom(map_addr(env
, virt
, NULL
), &b
, 1);
88 struct vapic_patches
{
92 uint32_t get_tpr_stack
;
93 } __attribute__((packed
)) up
, mp
;
94 } __attribute__((packed
));
96 static struct vapic_bios vapic_bios
;
98 static uint32_t real_tpr
;
99 static uint32_t bios_addr
;
100 static uint32_t vapic_phys
;
101 static uint32_t bios_enabled
;
102 static uint32_t vbios_desc_phys
;
103 static uint32_t vapic_bios_addr
;
105 static void update_vbios_real_tpr(void)
107 cpu_physical_memory_rw(vbios_desc_phys
, (void *)&vapic_bios
, sizeof vapic_bios
, 0);
108 vapic_bios
.real_tpr
= real_tpr
;
109 vapic_bios
.vcpu_shift
= 7;
110 cpu_physical_memory_write_rom(vbios_desc_phys
, (void *)&vapic_bios
, sizeof vapic_bios
);
113 static unsigned modrm_reg(uint8_t modrm
)
115 return (modrm
>> 3) & 7;
118 static int is_abs_modrm(uint8_t modrm
)
120 return (modrm
& 0xc7) == 0x05;
123 static int instruction_is_ok(CPUState
*env
, uint64_t rip
, int is_write
)
126 unsigned addr_offset
;
130 if ((rip
& 0xf0000000) != 0x80000000 && (rip
& 0xf0000000) != 0xe0000000)
132 if (env
->regs
[R_ESP
] == 0)
134 b1
= read_byte_virt(env
, rip
);
135 b2
= read_byte_virt(env
, rip
+ 1);
137 case 0xc7: /* mov imm32, r/m32 (c7/0) */
138 if (modrm_reg(b2
) != 0)
141 case 0x89: /* mov r32 to r/m32 */
142 case 0x8b: /* mov r/m32 to r32 */
143 if (!is_abs_modrm(b2
))
147 case 0xa1: /* mov abs to eax */
148 case 0xa3: /* mov eax to abs */
151 case 0xff: /* push r/m32 */
152 if (modrm_reg(b2
) != 6 || !is_abs_modrm(b2
))
158 p
= rip
+ addr_offset
;
159 addr
= read_byte_virt(env
, p
++);
160 addr
|= read_byte_virt(env
, p
++) << 8;
161 addr
|= read_byte_virt(env
, p
++) << 16;
162 addr
|= read_byte_virt(env
, p
++) << 24;
163 if ((addr
& 0xfff) != 0x80)
166 update_vbios_real_tpr();
170 static int bios_is_mapped(CPUState
*env
, uint64_t rip
)
176 uint32_t offset
, fixup
, start
= vapic_bios_addr
? : 0xe0000;
182 probe
= (rip
& 0xf0000000) + start
;
183 phys
= map_addr(env
, probe
, &perms
);
187 for (i
= 0; i
< 64; ++i
) {
188 cpu_physical_memory_read(phys
, (void *)&vapic_bios
, sizeof(vapic_bios
));
189 if (memcmp(vapic_bios
.signature
, "kvm aPiC", 8) == 0)
196 if (bios_addr
== vapic_bios
.virt_base
)
198 vbios_desc_phys
= phys
;
199 for (i
= vapic_bios
.fixup_start
; i
< vapic_bios
.fixup_end
; i
+= 4) {
200 offset
= ldl_phys(phys
+ i
- vapic_bios
.virt_base
);
201 fixup
= phys
+ offset
;
202 patch
= ldl_phys(fixup
) + bios_addr
- vapic_bios
.virt_base
;
203 cpu_physical_memory_write_rom(fixup
, (uint8_t *)&patch
, 4);
205 vapic_phys
= vapic_bios
.vapic
- vapic_bios
.virt_base
+ phys
;
209 static int get_pcr_cpu(CPUState
*env
)
213 cpu_synchronize_state(env
);
215 if (cpu_memory_rw_debug(env
, env
->segs
[R_FS
].base
+ 0x51, &b
, 1, 0) < 0)
221 static int tpr_enable_vapic(CPUState
*env
)
223 static uint8_t one
= 1;
224 int pcr_cpu
= get_pcr_cpu(env
);
229 kvm_enable_vapic(env
, vapic_phys
+ (pcr_cpu
<< 7));
230 cpu_physical_memory_write_rom(vapic_phys
+ (pcr_cpu
<< 7) + 4, &one
, 1);
235 void kvm_tpr_enable_vapic(CPUState
*env
)
239 tpr_enable_vapic(env
);
242 static void patch_call(CPUState
*env
, uint64_t rip
, uint32_t target
)
246 offset
= target
- vapic_bios
.virt_base
+ bios_addr
- rip
- 5;
247 write_byte_virt(env
, rip
, 0xe8); /* call near */
248 write_byte_virt(env
, rip
+ 1, offset
);
249 write_byte_virt(env
, rip
+ 2, offset
>> 8);
250 write_byte_virt(env
, rip
+ 3, offset
>> 16);
251 write_byte_virt(env
, rip
+ 4, offset
>> 24);
254 static void patch_instruction(CPUState
*env
, uint64_t rip
)
257 struct vapic_patches
*vp
;
259 vp
= smp_cpus
== 1 ? &vapic_bios
.up
: &vapic_bios
.mp
;
260 b1
= read_byte_virt(env
, rip
);
261 b2
= read_byte_virt(env
, rip
+ 1);
263 case 0x89: /* mov r32 to r/m32 */
264 write_byte_virt(env
, rip
, 0x50 + modrm_reg(b2
)); /* push reg */
265 patch_call(env
, rip
+ 1, vp
->set_tpr
);
267 case 0x8b: /* mov r/m32 to r32 */
268 write_byte_virt(env
, rip
, 0x90);
269 patch_call(env
, rip
+ 1, vp
->get_tpr
[modrm_reg(b2
)]);
271 case 0xa1: /* mov abs to eax */
272 patch_call(env
, rip
, vp
->get_tpr
[0]);
274 case 0xa3: /* mov eax to abs */
275 patch_call(env
, rip
, vp
->set_tpr_eax
);
277 case 0xc7: /* mov imm32, r/m32 (c7/0) */
278 write_byte_virt(env
, rip
, 0x68); /* push imm32 */
279 write_byte_virt(env
, rip
+ 1, read_byte_virt(env
, rip
+6));
280 write_byte_virt(env
, rip
+ 2, read_byte_virt(env
, rip
+7));
281 write_byte_virt(env
, rip
+ 3, read_byte_virt(env
, rip
+8));
282 write_byte_virt(env
, rip
+ 4, read_byte_virt(env
, rip
+9));
283 patch_call(env
, rip
+ 5, vp
->set_tpr
);
285 case 0xff: /* push r/m32 */
286 printf("patching push\n");
287 write_byte_virt(env
, rip
, 0x50); /* push eax */
288 patch_call(env
, rip
+ 1, vp
->get_tpr_stack
);
291 printf("funny insn %02x %02x\n", b1
, b2
);
295 void kvm_tpr_access_report(CPUState
*env
, uint64_t rip
, int is_write
)
297 cpu_synchronize_state(env
);
298 if (!instruction_is_ok(env
, rip
, is_write
))
300 if (!bios_is_mapped(env
, rip
))
302 if (!tpr_enable_vapic(env
))
304 patch_instruction(env
, rip
);
307 static void tpr_save(QEMUFile
*f
, void *s
)
311 for (i
= 0; i
< (sizeof vapic_bios
) / 4; ++i
)
312 qemu_put_be32s(f
, &((uint32_t *)&vapic_bios
)[i
]);
313 qemu_put_be32s(f
, &bios_enabled
);
314 qemu_put_be32s(f
, &real_tpr
);
315 qemu_put_be32s(f
, &bios_addr
);
316 qemu_put_be32s(f
, &vapic_phys
);
317 qemu_put_be32s(f
, &vbios_desc_phys
);
320 static int tpr_load(QEMUFile
*f
, void *s
, int version_id
)
327 for (i
= 0; i
< (sizeof vapic_bios
) / 4; ++i
)
328 qemu_get_be32s(f
, &((uint32_t *)&vapic_bios
)[i
]);
329 qemu_get_be32s(f
, &bios_enabled
);
330 qemu_get_be32s(f
, &real_tpr
);
331 qemu_get_be32s(f
, &bios_addr
);
332 qemu_get_be32s(f
, &vapic_phys
);
333 qemu_get_be32s(f
, &vbios_desc_phys
);
338 static void vtpr_ioport_write16(void *opaque
, uint32_t addr
, uint32_t val
)
340 CPUState
*env
= cpu_single_env
;
342 cpu_synchronize_state(env
);
344 vapic_bios_addr
= ((env
->segs
[R_CS
].base
+ env
->eip
) & ~(512 - 1)) + val
;
348 static void vtpr_ioport_write(void *opaque
, uint32_t addr
, uint32_t val
)
350 CPUState
*env
= cpu_single_env
;
353 cpu_synchronize_state(env
);
356 write_byte_virt(env
, rip
, 0x66);
357 write_byte_virt(env
, rip
+ 1, 0x90);
360 if (!bios_is_mapped(env
, rip
))
361 printf("bios not mapped?\n");
362 for (addr
= 0xfffff000u
; addr
>= 0x80000000u
; addr
-= 4096)
363 if (map_addr(env
, addr
, NULL
) == 0xfee00000u
) {
364 real_tpr
= addr
+ 0x80;
368 update_vbios_real_tpr();
369 tpr_enable_vapic(env
);
372 static void kvm_tpr_opt_setup(void)
374 register_savevm(NULL
, "kvm-tpr-opt", 0, 1, tpr_save
, tpr_load
, NULL
);
375 register_ioport_write(0x7e, 1, 1, vtpr_ioport_write
, NULL
);
376 register_ioport_write(0x7e, 2, 2, vtpr_ioport_write16
, NULL
);
379 device_init(kvm_tpr_opt_setup
);
