diff --git a/i386-Add-MSR-feature-bit-for-MDS-NO.patch b/i386-Add-MSR-feature-bit-for-MDS-NO.patch new file mode 100644 index 0000000000000000000000000000000000000000..c69618f5ea6d6a09de2c2ff97cb9ec600ba9d79c --- /dev/null +++ b/i386-Add-MSR-feature-bit-for-MDS-NO.patch @@ -0,0 +1,34 @@ +From 4ebd16697ee336f9646ef59ac46df15de9459883 Mon Sep 17 00:00:00 2001 +From: Cathy Zhang +Date: Tue, 22 Oct 2019 15:35:26 +0800 +Subject: [PATCH 2/6] i386: Add MSR feature bit for MDS-NO + +Define MSR_ARCH_CAP_MDS_NO in the IA32_ARCH_CAPABILITIES MSR to allow +CPU models to report the feature when host supports it. + +Signed-off-by: Cathy Zhang +Reviewed-by: Xiaoyao Li +Reviewed-by: Tao Xu +Message-Id: <1571729728-23284-2-git-send-email-cathy.zhang@intel.com> +Signed-off-by: Eduardo Habkost + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 488b4dc7..9ef868eb 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -747,6 +747,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define MSR_ARCH_CAP_RSBA (1U << 2) + #define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3) + #define MSR_ARCH_CAP_SSB_NO (1U << 4) ++#define MSR_ARCH_CAP_MDS_NO (1U << 5) + + #define MSR_CORE_CAP_SPLIT_LOCK_DETECT (1U << 5) + +-- +2.27.0 + diff --git a/i386-Add-macro-for-stibp.patch b/i386-Add-macro-for-stibp.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f1ed2bca26a6ed7246fb35be1dc4112a4583b22 --- /dev/null +++ b/i386-Add-macro-for-stibp.patch @@ -0,0 +1,36 @@ +From 8ebf89539199759ce63a910edce51fe531c27a4e Mon Sep 17 00:00:00 2001 +From: Cathy Zhang +Date: Tue, 22 Oct 2019 15:35:27 +0800 +Subject: [PATCH 3/6] i386: Add macro for stibp + +stibp feature is already added through the following commit. +https://github.com/qemu/qemu/commit/0e8916582991b9fd0b94850a8444b8b80d0a0955 + +Add a macro for it to allow CPU models to report it when host supports. + +Signed-off-by: Cathy Zhang +Reviewed-by: Xiaoyao Li +Reviewed-by: Tao Xu +Message-Id: <1571729728-23284-3-git-send-email-cathy.zhang@intel.com> +Signed-off-by: Eduardo Habkost + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 9ef868eb..58d8c489 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -689,6 +689,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ + #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ + #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ ++#define CPUID_7_0_EDX_STIBP (1U << 27) /* Single Thread Indirect Branch Predictors */ + #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29) /*Arch Capabilities*/ + #define CPUID_7_0_EDX_CORE_CAPABILITY (1U << 30) /*Core Capability*/ + #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ +-- +2.27.0 + diff --git a/i386-Add-new-CPU-model-Cooperlake.patch b/i386-Add-new-CPU-model-Cooperlake.patch new file mode 100644 index 0000000000000000000000000000000000000000..a4b7c36a2cdfba51ef1bffde02b2dd82a4258f4e --- /dev/null +++ b/i386-Add-new-CPU-model-Cooperlake.patch @@ -0,0 +1,96 @@ +From baf0a03c75019b1105e6ac05a7ee104d4dc66467 Mon Sep 17 00:00:00 2001 +From: Cathy Zhang +Date: Tue, 22 Oct 2019 15:35:28 +0800 +Subject: [PATCH 4/6] i386: Add new CPU model Cooperlake + +Cooper Lake is intel's successor to Cascade Lake, the new +CPU model inherits features from Cascadelake-Server, while +add one platform associated new feature: AVX512_BF16. Meanwhile, +add STIBP for speculative execution. + +Signed-off-by: Cathy Zhang +Reviewed-by: Xiaoyao Li +Reviewed-by: Tao Xu +Message-Id: <1571729728-23284-4-git-send-email-cathy.zhang@intel.com> +Reviewed-by: Bruce Rogers +Signed-off-by: Eduardo Habkost + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 60 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 1ade90c2..5329d733 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2378,6 +2378,66 @@ static X86CPUDefinition builtin_x86_defs[] = { + { /* end of list */ } + } + }, ++ { ++ .name = "Cooperlake", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 85, ++ .stepping = 10, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP | ++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ | ++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD | ++ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT, ++ .features[FEAT_7_0_ECX] = ++ CPUID_7_0_ECX_PKU | ++ CPUID_7_0_ECX_AVX512VNNI, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_STIBP | ++ CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES, ++ .features[FEAT_ARCH_CAPABILITIES] = ++ MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL | ++ MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO, ++ .features[FEAT_7_1_EAX] = ++ CPUID_7_1_EAX_AVX512_BF16, ++ /* ++ * Missing: XSAVES (not supported by some Linux versions, ++ * including v4.1 to v4.12). ++ * KVM doesn't yet expose any XSAVES state save component, ++ * and the only one defined in Skylake (processor tracing) ++ * probably will block migration anyway. ++ */ ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon Processor (Cooperlake)", ++ }, + { + .name = "Icelake-Client", + .level = 0xd, +-- +2.27.0 + diff --git a/qemu.spec b/qemu.spec index 78a5b7c1ce43feef0d29ee33b69a6df8d365b548..5c0475fb00b9fbd4ccfddba419ac24088d72f2b6 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 4.1.0 -Release: 50 +Release: 51 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -289,6 +289,12 @@ Patch0276: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch Patch0277: usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch Patch0278: fix-cve-2020-35504.patch Patch0279: fix-cve-2020-35505-esp-ensure-cmdfifo-is-not-empty-a.patch +Patch0280: x86-Intel-AVX512_BF16-feature-enabling.patch +Patch0281: i386-Add-MSR-feature-bit-for-MDS-NO.patch +Patch0282: i386-Add-macro-for-stibp.patch +Patch0283: i386-Add-new-CPU-model-Cooperlake.patch +Patch0284: target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch +Patch0285: target-i386-Add-missed-security-features-to-Cooperla.patch BuildRequires: flex BuildRequires: bison @@ -677,6 +683,9 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Tue Jul 14 2021 Jingyi Wang +- target/i386: add support for AVX512_BF16 and new CPU model Cooperlake + * Mon Jun 21 2021 Chen Qun - fix cve-2020-35504 esp: always check current_req is not NULL before use in DMA callbacks - fix cve-2020-35505 esp: ensure cmdfifo is not empty and current_dev is non-NULL diff --git a/target-i386-Add-missed-security-features-to-Cooperla.patch b/target-i386-Add-missed-security-features-to-Cooperla.patch new file mode 100644 index 0000000000000000000000000000000000000000..17154a5adda6e0106df7cb08b5137d684289f03a --- /dev/null +++ b/target-i386-Add-missed-security-features-to-Cooperla.patch @@ -0,0 +1,44 @@ +From 989c5c586296bf7cce8587a79ef817c67914351d Mon Sep 17 00:00:00 2001 +From: Jingyi Wang +Date: Fri, 9 Jul 2021 11:17:19 +0800 +Subject: [PATCH 6/6] target/i386: Add missed security features to Cooperlake + CPU model + +It lacks two security feature bits in MSR_IA32_ARCH_CAPABILITIES in +current Cooperlake CPU model, so add them. + +This is part of uptream commit 2dea9d9 + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 5329d733..345f7a44 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1208,8 +1208,8 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .type = MSR_FEATURE_WORD, + .feat_names = { + "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", +- "ssb-no", "mds-no", NULL, NULL, +- NULL, NULL, NULL, NULL, ++ "ssb-no", "mds-no", "pschange-mc-no", "tsx-ctrl", ++ "taa-no", NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +@@ -2420,7 +2420,8 @@ static X86CPUDefinition builtin_x86_defs[] = { + CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES, + .features[FEAT_ARCH_CAPABILITIES] = + MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL | +- MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO, ++ MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO | ++ MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO, + .features[FEAT_7_1_EAX] = + CPUID_7_1_EAX_AVX512_BF16, + /* +-- +2.27.0 + diff --git a/target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch b/target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch new file mode 100644 index 0000000000000000000000000000000000000000..25b1711e9ca9fac706d6189b5525f7a64589652b --- /dev/null +++ b/target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch @@ -0,0 +1,47 @@ +From 778a760a3c738e4bd576030381cfc674087251d6 Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 25 Dec 2019 14:30:17 +0800 +Subject: [PATCH 5/6] target/i386: Add new bit definitions of + MSR_IA32_ARCH_CAPABILITIES + +The bit 6, 7 and 8 of MSR_IA32_ARCH_CAPABILITIES are recently disclosed +for some security issues. Add the definitions for them to be used by named +CPU models. + +Signed-off-by: Xiaoyao Li +Message-Id: <20191225063018.20038-2-xiaoyao.li@intel.com> +Signed-off-by: Paolo Bonzini + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.h | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 58d8c489..7ff8ddd4 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -743,12 +743,15 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_TOPOLOGY_LEVEL_DIE (5U << 8) + + /* MSR Feature Bits */ +-#define MSR_ARCH_CAP_RDCL_NO (1U << 0) +-#define MSR_ARCH_CAP_IBRS_ALL (1U << 1) +-#define MSR_ARCH_CAP_RSBA (1U << 2) ++#define MSR_ARCH_CAP_RDCL_NO (1U << 0) ++#define MSR_ARCH_CAP_IBRS_ALL (1U << 1) ++#define MSR_ARCH_CAP_RSBA (1U << 2) + #define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3) +-#define MSR_ARCH_CAP_SSB_NO (1U << 4) +-#define MSR_ARCH_CAP_MDS_NO (1U << 5) ++#define MSR_ARCH_CAP_SSB_NO (1U << 4) ++#define MSR_ARCH_CAP_MDS_NO (1U << 5) ++#define MSR_ARCH_CAP_PSCHANGE_MC_NO (1U << 6) ++#define MSR_ARCH_CAP_TSX_CTRL_MSR (1U << 7) ++#define MSR_ARCH_CAP_TAA_NO (1U << 8) + + #define MSR_CORE_CAP_SPLIT_LOCK_DETECT (1U << 5) + +-- +2.27.0 + diff --git a/x86-Intel-AVX512_BF16-feature-enabling.patch b/x86-Intel-AVX512_BF16-feature-enabling.patch new file mode 100644 index 0000000000000000000000000000000000000000..9969395b243040d3c63ad6f1f62a465caa05de77 --- /dev/null +++ b/x86-Intel-AVX512_BF16-feature-enabling.patch @@ -0,0 +1,179 @@ +From 2bae0ceb38ba019382ea12cf1a46efa50c530f4f Mon Sep 17 00:00:00 2001 +From: Jing Liu +Date: Thu, 25 Jul 2019 14:14:16 +0800 +Subject: [PATCH 1/6] x86: Intel AVX512_BF16 feature enabling + +Intel CooperLake cpu adds AVX512_BF16 instruction, defining as +CPUID.(EAX=7,ECX=1):EAX[bit 05]. + +The patch adds a property for setting the subleaf of CPUID leaf 7 in +case that people would like to specify it. + +The release spec link as follows, +https://software.intel.com/sites/default/files/managed/c5/15/\ +architecture-instruction-set-extensions-programming-reference.pdf + +Signed-off-by: Jing Liu +Signed-off-by: Paolo Bonzini + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 39 ++++++++++++++++++++++++++++++++++++++- + target/i386/cpu.h | 7 +++++++ + target/i386/kvm.c | 3 ++- + 3 files changed, 47 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 19751e37..1ade90c2 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -770,6 +770,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1, + /* CPUID_7_0_ECX_OSPKE is dynamic */ \ + CPUID_7_0_ECX_LA57) + #define TCG_7_0_EDX_FEATURES 0 ++#define TCG_7_1_EAX_FEATURES 0 + #define TCG_APM_FEATURES 0 + #define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT + #define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1) +@@ -1095,6 +1096,25 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + }, + .tcg_features = TCG_7_0_EDX_FEATURES, + }, ++ [FEAT_7_1_EAX] = { ++ .type = CPUID_FEATURE_WORD, ++ .feat_names = { ++ NULL, NULL, NULL, NULL, ++ NULL, "avx512-bf16", NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ }, ++ .cpuid = { ++ .eax = 7, ++ .needs_ecx = true, .ecx = 1, ++ .reg = R_EAX, ++ }, ++ .tcg_features = TCG_7_1_EAX_FEATURES, ++ }, + [FEAT_8000_0007_EDX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +@@ -4292,13 +4312,19 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + case 7: + /* Structured Extended Feature Flags Enumeration Leaf */ + if (count == 0) { +- *eax = 0; /* Maximum ECX value for sub-leaves */ ++ /* Maximum ECX value for sub-leaves */ ++ *eax = env->cpuid_level_func7; + *ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */ + *ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */ + if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) { + *ecx |= CPUID_7_0_ECX_OSPKE; + } + *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */ ++ } else if (count == 1) { ++ *eax = env->features[FEAT_7_1_EAX]; ++ *ebx = 0; ++ *ecx = 0; ++ *edx = 0; + } else { + *eax = 0; + *ebx = 0; +@@ -4948,6 +4974,11 @@ static void x86_cpu_adjust_feat_level(X86CPU *cpu, FeatureWord w) + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel2, eax); + break; + } ++ ++ if (eax == 7) { ++ x86_cpu_adjust_level(cpu, &env->cpuid_min_level_func7, ++ fi->cpuid.ecx); ++ } + } + + /* Calculate XSAVE components based on the configured CPU feature flags */ +@@ -5066,6 +5097,7 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX); + x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX); + x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX); ++ x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX); +@@ -5097,6 +5129,9 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + } + + /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */ ++ if (env->cpuid_level_func7 == UINT32_MAX) { ++ env->cpuid_level_func7 = env->cpuid_min_level_func7; ++ } + if (env->cpuid_level == UINT32_MAX) { + env->cpuid_level = env->cpuid_min_level; + } +@@ -5868,6 +5903,8 @@ static Property x86_cpu_properties[] = { + DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false), + DEFINE_PROP_UINT8("host-phys-bits-limit", X86CPU, host_phys_bits_limit, 0), + DEFINE_PROP_BOOL("fill-mtrr-mask", X86CPU, fill_mtrr_mask, true), ++ DEFINE_PROP_UINT32("level-func7", X86CPU, env.cpuid_level_func7, ++ UINT32_MAX), + DEFINE_PROP_UINT32("level", X86CPU, env.cpuid_level, UINT32_MAX), + DEFINE_PROP_UINT32("xlevel", X86CPU, env.cpuid_xlevel, UINT32_MAX), + DEFINE_PROP_UINT32("xlevel2", X86CPU, env.cpuid_xlevel2, UINT32_MAX), +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 8b3dc553..488b4dc7 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -479,6 +479,7 @@ typedef enum FeatureWord { + FEAT_7_0_EBX, /* CPUID[EAX=7,ECX=0].EBX */ + FEAT_7_0_ECX, /* CPUID[EAX=7,ECX=0].ECX */ + FEAT_7_0_EDX, /* CPUID[EAX=7,ECX=0].EDX */ ++ FEAT_7_1_EAX, /* CPUID[EAX=7,ECX=1].EAX */ + FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */ + FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */ + FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */ +@@ -692,6 +693,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_EDX_CORE_CAPABILITY (1U << 30) /*Core Capability*/ + #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ + ++#define CPUID_7_1_EAX_AVX512_BF16 (1U << 5) /* AVX512 BFloat16 Instruction */ ++ + #define CPUID_8000_0008_EBX_WBNOINVD (1U << 9) /* Write back and + do not invalidate cache */ + #define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */ +@@ -1322,6 +1325,10 @@ typedef struct CPUX86State { + /* Fields after this point are preserved across CPU reset. */ + + /* processor features (e.g. for CPUID insn) */ ++ /* Minimum cpuid leaf 7 value */ ++ uint32_t cpuid_level_func7; ++ /* Actual cpuid leaf 7 value */ ++ uint32_t cpuid_min_level_func7; + /* Minimum level/xlevel/xlevel2, based on CPU model + features */ + uint32_t cpuid_min_level, cpuid_min_xlevel, cpuid_min_xlevel2; + /* Maximum level/xlevel/xlevel2 value for auto-assignment: */ +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index dbbb1377..f55d4b4b 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -1497,6 +1497,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + c = &cpuid_data.entries[cpuid_i++]; + } + break; ++ case 0x7: + case 0x14: { + uint32_t times; + +@@ -1509,7 +1510,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + for (j = 1; j <= times; ++j) { + if (cpuid_i == KVM_MAX_CPUID_ENTRIES) { + fprintf(stderr, "cpuid_data is full, no space for " +- "cpuid(eax:0x14,ecx:0x%x)\n", j); ++ "cpuid(eax:0x%x,ecx:0x%x)\n", i, j); + abort(); + } + c = &cpuid_data.entries[cpuid_i++]; +-- +2.27.0 +