diff --git a/i386-Add-MSR-feature-bit-for-MDS-NO.patch b/i386-Add-MSR-feature-bit-for-MDS-NO.patch new file mode 100644 index 0000000000000000000000000000000000000000..42c8fde4fa144b0bffa6a1b65d3aadc60d9b009c --- /dev/null +++ b/i386-Add-MSR-feature-bit-for-MDS-NO.patch @@ -0,0 +1,34 @@ +From 986fcd107eb251d11bae70a2777f950f06fdafa4 Mon Sep 17 00:00:00 2001 +From: Cathy Zhang +Date: Tue, 22 Oct 2019 15:35:26 +0800 +Subject: [PATCH] i386: Add MSR feature bit for MDS-NO + +Define MSR_ARCH_CAP_MDS_NO in the IA32_ARCH_CAPABILITIES MSR to allow +CPU models to report the feature when host supports it. + +Signed-off-by: Cathy Zhang +Reviewed-by: Xiaoyao Li +Reviewed-by: Tao Xu +Message-Id: <1571729728-23284-2-git-send-email-cathy.zhang@intel.com> +Signed-off-by: Eduardo Habkost + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 488b4dc778..9ef868eb71 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -747,6 +747,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define MSR_ARCH_CAP_RSBA (1U << 2) + #define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3) + #define MSR_ARCH_CAP_SSB_NO (1U << 4) ++#define MSR_ARCH_CAP_MDS_NO (1U << 5) + + #define MSR_CORE_CAP_SPLIT_LOCK_DETECT (1U << 5) + +-- +2.27.0 + diff --git a/i386-Add-macro-for-stibp.patch b/i386-Add-macro-for-stibp.patch new file mode 100644 index 0000000000000000000000000000000000000000..6be044eaa2945085848c000436b8f468944a8f4f --- /dev/null +++ b/i386-Add-macro-for-stibp.patch @@ -0,0 +1,36 @@ +From 1e7b66433eaef14948869a39dbda3debe0a70eb0 Mon Sep 17 00:00:00 2001 +From: Cathy Zhang +Date: Tue, 22 Oct 2019 15:35:27 +0800 +Subject: [PATCH] i386: Add macro for stibp + +stibp feature is already added through the following commit. +https://github.com/qemu/qemu/commit/0e8916582991b9fd0b94850a8444b8b80d0a0955 + +Add a macro for it to allow CPU models to report it when host supports. + +Signed-off-by: Cathy Zhang +Reviewed-by: Xiaoyao Li +Reviewed-by: Tao Xu +Message-Id: <1571729728-23284-3-git-send-email-cathy.zhang@intel.com> +Signed-off-by: Eduardo Habkost + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 9ef868eb71..58d8c48964 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -689,6 +689,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */ + #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */ + #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */ ++#define CPUID_7_0_EDX_STIBP (1U << 27) /* Single Thread Indirect Branch Predictors */ + #define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29) /*Arch Capabilities*/ + #define CPUID_7_0_EDX_CORE_CAPABILITY (1U << 30) /*Core Capability*/ + #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ +-- +2.27.0 + diff --git a/i386-Add-new-CPU-model-Cooperlake.patch b/i386-Add-new-CPU-model-Cooperlake.patch new file mode 100644 index 0000000000000000000000000000000000000000..dbd048c7b7f6711ea1070e8179b9be5801c2b183 --- /dev/null +++ b/i386-Add-new-CPU-model-Cooperlake.patch @@ -0,0 +1,96 @@ +From f22c307bb6d7dc17ab1757af4dba78761b1959e8 Mon Sep 17 00:00:00 2001 +From: Cathy Zhang +Date: Tue, 22 Oct 2019 15:35:28 +0800 +Subject: [PATCH] i386: Add new CPU model Cooperlake + +Cooper Lake is intel's successor to Cascade Lake, the new +CPU model inherits features from Cascadelake-Server, while +add one platform associated new feature: AVX512_BF16. Meanwhile, +add STIBP for speculative execution. + +Signed-off-by: Cathy Zhang +Reviewed-by: Xiaoyao Li +Reviewed-by: Tao Xu +Message-Id: <1571729728-23284-4-git-send-email-cathy.zhang@intel.com> +Reviewed-by: Bruce Rogers +Signed-off-by: Eduardo Habkost + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 60 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 1ade90c28b..5329d73316 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2378,6 +2378,66 @@ static X86CPUDefinition builtin_x86_defs[] = { + { /* end of list */ } + } + }, ++ { ++ .name = "Cooperlake", ++ .level = 0xd, ++ .vendor = CPUID_VENDOR_INTEL, ++ .family = 6, ++ .model = 85, ++ .stepping = 10, ++ .features[FEAT_1_EDX] = ++ CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | ++ CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | ++ CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | ++ CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | ++ CPUID_DE | CPUID_FP87, ++ .features[FEAT_1_ECX] = ++ CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES | ++ CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | ++ CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | ++ CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 | ++ CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE | ++ CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND, ++ .features[FEAT_8000_0001_EDX] = ++ CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP | ++ CPUID_EXT2_NX | CPUID_EXT2_SYSCALL, ++ .features[FEAT_8000_0001_ECX] = ++ CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH, ++ .features[FEAT_7_0_EBX] = ++ CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | ++ CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP | ++ CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID | ++ CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | ++ CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB | ++ CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ | ++ CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD | ++ CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT, ++ .features[FEAT_7_0_ECX] = ++ CPUID_7_0_ECX_PKU | ++ CPUID_7_0_ECX_AVX512VNNI, ++ .features[FEAT_7_0_EDX] = ++ CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_STIBP | ++ CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES, ++ .features[FEAT_ARCH_CAPABILITIES] = ++ MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL | ++ MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO, ++ .features[FEAT_7_1_EAX] = ++ CPUID_7_1_EAX_AVX512_BF16, ++ /* ++ * Missing: XSAVES (not supported by some Linux versions, ++ * including v4.1 to v4.12). ++ * KVM doesn't yet expose any XSAVES state save component, ++ * and the only one defined in Skylake (processor tracing) ++ * probably will block migration anyway. ++ */ ++ .features[FEAT_XSAVE] = ++ CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | ++ CPUID_XSAVE_XGETBV1, ++ .features[FEAT_6_EAX] = ++ CPUID_6_EAX_ARAT, ++ .xlevel = 0x80000008, ++ .model_id = "Intel Xeon Processor (Cooperlake)", ++ }, + { + .name = "Icelake-Client", + .level = 0xd, +-- +2.27.0 + diff --git a/qemu.spec b/qemu.spec index 7ce6725e453e0230c14c7a343ddaa3808deea8da..73cfc345e15e59e0d69586403d27be9d7a43680c 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,6 +1,6 @@ Name: qemu Version: 4.1.0 -Release: 52 +Release: 53 Epoch: 2 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -322,6 +322,14 @@ Patch0309: ide-ahci-add-check-to-avoid-null-dereference-CVE-201.patch Patch0310: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD_SGIR-regist.patch Patch0311: usb-limit-combined-packets-to-1-MiB-CVE-2021-3527.patch Patch0312: hw-net-rocker_of_dpa-fix-double-free-bug-of-rocker-d.patch +Patch0313: x86-Intel-AVX512_BF16-feature-enabling.patch +Patch0314: i386-Add-MSR-feature-bit-for-MDS-NO.patch +Patch0315: i386-Add-macro-for-stibp.patch +Patch0316: i386-Add-new-CPU-model-Cooperlake.patch +Patch0317: target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch +Patch0318: target-i386-Add-missed-security-features-to-Cooperla.patch +Patch0319: target-i386-add-PSCHANGE_NO-bit-for-the-ARCH_CAPABIL.patch +Patch0320: target-i386-Export-TAA_NO-bit-to-guests.patch BuildRequires: flex BuildRequires: bison @@ -710,6 +718,16 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Fri Jul 16 2021 Chen Qun +- x86: Intel AVX512_BF16 feature enabling +- i386: Add MSR feature bit for MDS-NO +- i386: Add macro for stibp +- i386: Add new CPU model Cooperlake +- target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES +- target/i386: Add missed security features to Cooperlake CPU model +- target/i386: add PSCHANGE_NO bit for the ARCH_CAPABILITIES MSR +- target/i386: Export TAA_NO bit to guests + * Wed Jul 14 2021 Chen Qun - hw/net/rocker_of_dpa: fix double free bug of rocker device diff --git a/target-i386-Add-missed-security-features-to-Cooperla.patch b/target-i386-Add-missed-security-features-to-Cooperla.patch new file mode 100644 index 0000000000000000000000000000000000000000..42e90c6152728f35717440409bb6543352500857 --- /dev/null +++ b/target-i386-Add-missed-security-features-to-Cooperla.patch @@ -0,0 +1,35 @@ +From da65efa79676baad4d3377ebeae578481753e991 Mon Sep 17 00:00:00 2001 +From: Jingyi Wang +Date: Fri, 9 Jul 2021 11:17:19 +0800 +Subject: [PATCH] target/i386: Add missed security features to Cooperlake CPU + model + +It lacks two security feature bits in MSR_IA32_ARCH_CAPABILITIES in +current Cooperlake CPU model, so add them. + +This is part of uptream commit 2dea9d9 + +Signed-off-by: Xiaoyao Li +Signed-off-by: Paolo Bonzini +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 5329d73316..50d6ef9de4 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -2420,7 +2420,8 @@ static X86CPUDefinition builtin_x86_defs[] = { + CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES, + .features[FEAT_ARCH_CAPABILITIES] = + MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL | +- MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO, ++ MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO | ++ MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO, + .features[FEAT_7_1_EAX] = + CPUID_7_1_EAX_AVX512_BF16, + /* +-- +2.27.0 + diff --git a/target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch b/target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch new file mode 100644 index 0000000000000000000000000000000000000000..ff65bb8cded9430ad1bbd80273c6368cd10cb130 --- /dev/null +++ b/target-i386-Add-new-bit-definitions-of-MSR_IA32_ARCH.patch @@ -0,0 +1,47 @@ +From 69aa3c3d8f57b4219ff6d725ac212a4940355be9 Mon Sep 17 00:00:00 2001 +From: Xiaoyao Li +Date: Wed, 25 Dec 2019 14:30:17 +0800 +Subject: [PATCH] target/i386: Add new bit definitions of + MSR_IA32_ARCH_CAPABILITIES + +The bit 6, 7 and 8 of MSR_IA32_ARCH_CAPABILITIES are recently disclosed +for some security issues. Add the definitions for them to be used by named +CPU models. + +Signed-off-by: Xiaoyao Li +Message-Id: <20191225063018.20038-2-xiaoyao.li@intel.com> +Signed-off-by: Paolo Bonzini + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.h | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 58d8c48964..7ff8ddd464 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -743,12 +743,15 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_TOPOLOGY_LEVEL_DIE (5U << 8) + + /* MSR Feature Bits */ +-#define MSR_ARCH_CAP_RDCL_NO (1U << 0) +-#define MSR_ARCH_CAP_IBRS_ALL (1U << 1) +-#define MSR_ARCH_CAP_RSBA (1U << 2) ++#define MSR_ARCH_CAP_RDCL_NO (1U << 0) ++#define MSR_ARCH_CAP_IBRS_ALL (1U << 1) ++#define MSR_ARCH_CAP_RSBA (1U << 2) + #define MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY (1U << 3) +-#define MSR_ARCH_CAP_SSB_NO (1U << 4) +-#define MSR_ARCH_CAP_MDS_NO (1U << 5) ++#define MSR_ARCH_CAP_SSB_NO (1U << 4) ++#define MSR_ARCH_CAP_MDS_NO (1U << 5) ++#define MSR_ARCH_CAP_PSCHANGE_MC_NO (1U << 6) ++#define MSR_ARCH_CAP_TSX_CTRL_MSR (1U << 7) ++#define MSR_ARCH_CAP_TAA_NO (1U << 8) + + #define MSR_CORE_CAP_SPLIT_LOCK_DETECT (1U << 5) + +-- +2.27.0 + diff --git a/target-i386-Export-TAA_NO-bit-to-guests.patch b/target-i386-Export-TAA_NO-bit-to-guests.patch new file mode 100644 index 0000000000000000000000000000000000000000..68cf05c73dd55d5ff521c6a8201d12096ab48869 --- /dev/null +++ b/target-i386-Export-TAA_NO-bit-to-guests.patch @@ -0,0 +1,36 @@ +From 2ad9cf5be62515469e9c58dc2a2ef8703cefd5a6 Mon Sep 17 00:00:00 2001 +From: Pawan Gupta +Date: Mon, 18 Nov 2019 23:23:27 -0800 +Subject: [PATCH] target/i386: Export TAA_NO bit to guests + +TSX Async Abort (TAA) is a side channel attack on internal buffers in +some Intel processors similar to Microachitectural Data Sampling (MDS). + +Some future Intel processors will use the ARCH_CAP_TAA_NO bit in the +IA32_ARCH_CAPABILITIES MSR to report that they are not vulnerable to +TAA. Make this bit available to guests. + +Signed-off-by: Pawan Gupta +Signed-off-by: Paolo Bonzini + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 29836cb2a5..5af4fca350 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1209,7 +1209,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .feat_names = { + "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", + "ssb-no", "mds-no", "pschange-mc-no", NULL, +- NULL, NULL, NULL, NULL, ++ "taa-no", NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +-- +2.27.0 + diff --git a/target-i386-add-PSCHANGE_NO-bit-for-the-ARCH_CAPABIL.patch b/target-i386-add-PSCHANGE_NO-bit-for-the-ARCH_CAPABIL.patch new file mode 100644 index 0000000000000000000000000000000000000000..df29639a1e8d287bf4b9cd6fb945d865453be5ec --- /dev/null +++ b/target-i386-add-PSCHANGE_NO-bit-for-the-ARCH_CAPABIL.patch @@ -0,0 +1,32 @@ +From 6fdd7126026a19c3292a8106917d901979501d80 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 13 Nov 2019 15:54:35 +0100 +Subject: [PATCH] target/i386: add PSCHANGE_NO bit for the ARCH_CAPABILITIES + MSR + +This is required to disable ITLB multihit mitigations in nested +hypervisors. + +Signed-off-by: Paolo Bonzini + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 50d6ef9de4..29836cb2a5 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1208,7 +1208,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .type = MSR_FEATURE_WORD, + .feat_names = { + "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry", +- "ssb-no", "mds-no", NULL, NULL, ++ "ssb-no", "mds-no", "pschange-mc-no", NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +-- +2.27.0 + diff --git a/x86-Intel-AVX512_BF16-feature-enabling.patch b/x86-Intel-AVX512_BF16-feature-enabling.patch new file mode 100644 index 0000000000000000000000000000000000000000..b1f5c87400a5141234776b6a5f1b6eaefb4249d3 --- /dev/null +++ b/x86-Intel-AVX512_BF16-feature-enabling.patch @@ -0,0 +1,179 @@ +From 858a270c5e4081edd630f6257cb0f5e292591eb7 Mon Sep 17 00:00:00 2001 +From: Jing Liu +Date: Thu, 25 Jul 2019 14:14:16 +0800 +Subject: [PATCH] x86: Intel AVX512_BF16 feature enabling + +Intel CooperLake cpu adds AVX512_BF16 instruction, defining as +CPUID.(EAX=7,ECX=1):EAX[bit 05]. + +The patch adds a property for setting the subleaf of CPUID leaf 7 in +case that people would like to specify it. + +The release spec link as follows, +https://software.intel.com/sites/default/files/managed/c5/15/\ +architecture-instruction-set-extensions-programming-reference.pdf + +Signed-off-by: Jing Liu +Signed-off-by: Paolo Bonzini + +Signed-off-by: Jingyi Wang +--- + target/i386/cpu.c | 39 ++++++++++++++++++++++++++++++++++++++- + target/i386/cpu.h | 7 +++++++ + target/i386/kvm.c | 3 ++- + 3 files changed, 47 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 19751e37a7..1ade90c28b 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -770,6 +770,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1, + /* CPUID_7_0_ECX_OSPKE is dynamic */ \ + CPUID_7_0_ECX_LA57) + #define TCG_7_0_EDX_FEATURES 0 ++#define TCG_7_1_EAX_FEATURES 0 + #define TCG_APM_FEATURES 0 + #define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT + #define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1) +@@ -1095,6 +1096,25 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + }, + .tcg_features = TCG_7_0_EDX_FEATURES, + }, ++ [FEAT_7_1_EAX] = { ++ .type = CPUID_FEATURE_WORD, ++ .feat_names = { ++ NULL, NULL, NULL, NULL, ++ NULL, "avx512-bf16", NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, ++ }, ++ .cpuid = { ++ .eax = 7, ++ .needs_ecx = true, .ecx = 1, ++ .reg = R_EAX, ++ }, ++ .tcg_features = TCG_7_1_EAX_FEATURES, ++ }, + [FEAT_8000_0007_EDX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +@@ -4292,13 +4312,19 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + case 7: + /* Structured Extended Feature Flags Enumeration Leaf */ + if (count == 0) { +- *eax = 0; /* Maximum ECX value for sub-leaves */ ++ /* Maximum ECX value for sub-leaves */ ++ *eax = env->cpuid_level_func7; + *ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */ + *ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */ + if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) { + *ecx |= CPUID_7_0_ECX_OSPKE; + } + *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */ ++ } else if (count == 1) { ++ *eax = env->features[FEAT_7_1_EAX]; ++ *ebx = 0; ++ *ecx = 0; ++ *edx = 0; + } else { + *eax = 0; + *ebx = 0; +@@ -4948,6 +4974,11 @@ static void x86_cpu_adjust_feat_level(X86CPU *cpu, FeatureWord w) + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel2, eax); + break; + } ++ ++ if (eax == 7) { ++ x86_cpu_adjust_level(cpu, &env->cpuid_min_level_func7, ++ fi->cpuid.ecx); ++ } + } + + /* Calculate XSAVE components based on the configured CPU feature flags */ +@@ -5066,6 +5097,7 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX); + x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX); + x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX); ++ x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX); + x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX); +@@ -5097,6 +5129,9 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + } + + /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */ ++ if (env->cpuid_level_func7 == UINT32_MAX) { ++ env->cpuid_level_func7 = env->cpuid_min_level_func7; ++ } + if (env->cpuid_level == UINT32_MAX) { + env->cpuid_level = env->cpuid_min_level; + } +@@ -5868,6 +5903,8 @@ static Property x86_cpu_properties[] = { + DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false), + DEFINE_PROP_UINT8("host-phys-bits-limit", X86CPU, host_phys_bits_limit, 0), + DEFINE_PROP_BOOL("fill-mtrr-mask", X86CPU, fill_mtrr_mask, true), ++ DEFINE_PROP_UINT32("level-func7", X86CPU, env.cpuid_level_func7, ++ UINT32_MAX), + DEFINE_PROP_UINT32("level", X86CPU, env.cpuid_level, UINT32_MAX), + DEFINE_PROP_UINT32("xlevel", X86CPU, env.cpuid_xlevel, UINT32_MAX), + DEFINE_PROP_UINT32("xlevel2", X86CPU, env.cpuid_xlevel2, UINT32_MAX), +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 8b3dc5533e..488b4dc778 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -479,6 +479,7 @@ typedef enum FeatureWord { + FEAT_7_0_EBX, /* CPUID[EAX=7,ECX=0].EBX */ + FEAT_7_0_ECX, /* CPUID[EAX=7,ECX=0].ECX */ + FEAT_7_0_EDX, /* CPUID[EAX=7,ECX=0].EDX */ ++ FEAT_7_1_EAX, /* CPUID[EAX=7,ECX=1].EAX */ + FEAT_8000_0001_EDX, /* CPUID[8000_0001].EDX */ + FEAT_8000_0001_ECX, /* CPUID[8000_0001].ECX */ + FEAT_8000_0007_EDX, /* CPUID[8000_0007].EDX */ +@@ -692,6 +693,8 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_EDX_CORE_CAPABILITY (1U << 30) /*Core Capability*/ + #define CPUID_7_0_EDX_SPEC_CTRL_SSBD (1U << 31) /* Speculative Store Bypass Disable */ + ++#define CPUID_7_1_EAX_AVX512_BF16 (1U << 5) /* AVX512 BFloat16 Instruction */ ++ + #define CPUID_8000_0008_EBX_WBNOINVD (1U << 9) /* Write back and + do not invalidate cache */ + #define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */ +@@ -1322,6 +1325,10 @@ typedef struct CPUX86State { + /* Fields after this point are preserved across CPU reset. */ + + /* processor features (e.g. for CPUID insn) */ ++ /* Minimum cpuid leaf 7 value */ ++ uint32_t cpuid_level_func7; ++ /* Actual cpuid leaf 7 value */ ++ uint32_t cpuid_min_level_func7; + /* Minimum level/xlevel/xlevel2, based on CPU model + features */ + uint32_t cpuid_min_level, cpuid_min_xlevel, cpuid_min_xlevel2; + /* Maximum level/xlevel/xlevel2 value for auto-assignment: */ +diff --git a/target/i386/kvm.c b/target/i386/kvm.c +index dbbb13772a..f55d4b4b97 100644 +--- a/target/i386/kvm.c ++++ b/target/i386/kvm.c +@@ -1497,6 +1497,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + c = &cpuid_data.entries[cpuid_i++]; + } + break; ++ case 0x7: + case 0x14: { + uint32_t times; + +@@ -1509,7 +1510,7 @@ int kvm_arch_init_vcpu(CPUState *cs) + for (j = 1; j <= times; ++j) { + if (cpuid_i == KVM_MAX_CPUID_ENTRIES) { + fprintf(stderr, "cpuid_data is full, no space for " +- "cpuid(eax:0x14,ecx:0x%x)\n", j); ++ "cpuid(eax:0x%x,ecx:0x%x)\n", i, j); + abort(); + } + c = &cpuid_data.entries[cpuid_i++]; +-- +2.27.0 +