xref: /openbmc/qemu/target/i386/cpu.c (revision 5aa62804)
1 /*
2  *  i386 CPUID helper functions
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/units.h"
22 #include "qemu/cutils.h"
23 #include "qemu/bitops.h"
24 #include "qemu/qemu-print.h"
25 
26 #include "cpu.h"
27 #include "exec/exec-all.h"
28 #include "sysemu/kvm.h"
29 #include "sysemu/reset.h"
30 #include "sysemu/hvf.h"
31 #include "sysemu/cpus.h"
32 #include "kvm_i386.h"
33 #include "sev_i386.h"
34 
35 #include "qemu/error-report.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/config-file.h"
39 #include "qapi/error.h"
40 #include "qapi/qapi-visit-machine.h"
41 #include "qapi/qapi-visit-run-state.h"
42 #include "qapi/qmp/qdict.h"
43 #include "qapi/qmp/qerror.h"
44 #include "qapi/visitor.h"
45 #include "qom/qom-qobject.h"
46 #include "sysemu/arch_init.h"
47 #include "qapi/qapi-commands-machine-target.h"
48 
49 #include "standard-headers/asm-x86/kvm_para.h"
50 
51 #include "sysemu/sysemu.h"
52 #include "sysemu/tcg.h"
53 #include "hw/qdev-properties.h"
54 #include "hw/i386/topology.h"
55 #ifndef CONFIG_USER_ONLY
56 #include "exec/address-spaces.h"
57 #include "hw/xen/xen.h"
58 #include "hw/i386/apic_internal.h"
59 #include "hw/boards.h"
60 #endif
61 
62 #include "disas/capstone.h"
63 
64 /* Helpers for building CPUID[2] descriptors: */
65 
66 struct CPUID2CacheDescriptorInfo {
67     enum CacheType type;
68     int level;
69     int size;
70     int line_size;
71     int associativity;
72 };
73 
74 /*
75  * Known CPUID 2 cache descriptors.
76  * From Intel SDM Volume 2A, CPUID instruction
77  */
78 struct CPUID2CacheDescriptorInfo cpuid2_cache_descriptors[] = {
79     [0x06] = { .level = 1, .type = INSTRUCTION_CACHE, .size =   8 * KiB,
80                .associativity = 4,  .line_size = 32, },
81     [0x08] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  16 * KiB,
82                .associativity = 4,  .line_size = 32, },
83     [0x09] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  32 * KiB,
84                .associativity = 4,  .line_size = 64, },
85     [0x0A] = { .level = 1, .type = DATA_CACHE,        .size =   8 * KiB,
86                .associativity = 2,  .line_size = 32, },
87     [0x0C] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
88                .associativity = 4,  .line_size = 32, },
89     [0x0D] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
90                .associativity = 4,  .line_size = 64, },
91     [0x0E] = { .level = 1, .type = DATA_CACHE,        .size =  24 * KiB,
92                .associativity = 6,  .line_size = 64, },
93     [0x1D] = { .level = 2, .type = UNIFIED_CACHE,     .size = 128 * KiB,
94                .associativity = 2,  .line_size = 64, },
95     [0x21] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
96                .associativity = 8,  .line_size = 64, },
97     /* lines per sector is not supported cpuid2_cache_descriptor(),
98     * so descriptors 0x22, 0x23 are not included
99     */
100     [0x24] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
101                .associativity = 16, .line_size = 64, },
102     /* lines per sector is not supported cpuid2_cache_descriptor(),
103     * so descriptors 0x25, 0x20 are not included
104     */
105     [0x2C] = { .level = 1, .type = DATA_CACHE,        .size =  32 * KiB,
106                .associativity = 8,  .line_size = 64, },
107     [0x30] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  32 * KiB,
108                .associativity = 8,  .line_size = 64, },
109     [0x41] = { .level = 2, .type = UNIFIED_CACHE,     .size = 128 * KiB,
110                .associativity = 4,  .line_size = 32, },
111     [0x42] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
112                .associativity = 4,  .line_size = 32, },
113     [0x43] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
114                .associativity = 4,  .line_size = 32, },
115     [0x44] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
116                .associativity = 4,  .line_size = 32, },
117     [0x45] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
118                .associativity = 4,  .line_size = 32, },
119     [0x46] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
120                .associativity = 4,  .line_size = 64, },
121     [0x47] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
122                .associativity = 8,  .line_size = 64, },
123     [0x48] = { .level = 2, .type = UNIFIED_CACHE,     .size =   3 * MiB,
124                .associativity = 12, .line_size = 64, },
125     /* Descriptor 0x49 depends on CPU family/model, so it is not included */
126     [0x4A] = { .level = 3, .type = UNIFIED_CACHE,     .size =   6 * MiB,
127                .associativity = 12, .line_size = 64, },
128     [0x4B] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
129                .associativity = 16, .line_size = 64, },
130     [0x4C] = { .level = 3, .type = UNIFIED_CACHE,     .size =  12 * MiB,
131                .associativity = 12, .line_size = 64, },
132     [0x4D] = { .level = 3, .type = UNIFIED_CACHE,     .size =  16 * MiB,
133                .associativity = 16, .line_size = 64, },
134     [0x4E] = { .level = 2, .type = UNIFIED_CACHE,     .size =   6 * MiB,
135                .associativity = 24, .line_size = 64, },
136     [0x60] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
137                .associativity = 8,  .line_size = 64, },
138     [0x66] = { .level = 1, .type = DATA_CACHE,        .size =   8 * KiB,
139                .associativity = 4,  .line_size = 64, },
140     [0x67] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
141                .associativity = 4,  .line_size = 64, },
142     [0x68] = { .level = 1, .type = DATA_CACHE,        .size =  32 * KiB,
143                .associativity = 4,  .line_size = 64, },
144     [0x78] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
145                .associativity = 4,  .line_size = 64, },
146     /* lines per sector is not supported cpuid2_cache_descriptor(),
147     * so descriptors 0x79, 0x7A, 0x7B, 0x7C are not included.
148     */
149     [0x7D] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
150                .associativity = 8,  .line_size = 64, },
151     [0x7F] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
152                .associativity = 2,  .line_size = 64, },
153     [0x80] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
154                .associativity = 8,  .line_size = 64, },
155     [0x82] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
156                .associativity = 8,  .line_size = 32, },
157     [0x83] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
158                .associativity = 8,  .line_size = 32, },
159     [0x84] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
160                .associativity = 8,  .line_size = 32, },
161     [0x85] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
162                .associativity = 8,  .line_size = 32, },
163     [0x86] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
164                .associativity = 4,  .line_size = 64, },
165     [0x87] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
166                .associativity = 8,  .line_size = 64, },
167     [0xD0] = { .level = 3, .type = UNIFIED_CACHE,     .size = 512 * KiB,
168                .associativity = 4,  .line_size = 64, },
169     [0xD1] = { .level = 3, .type = UNIFIED_CACHE,     .size =   1 * MiB,
170                .associativity = 4,  .line_size = 64, },
171     [0xD2] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
172                .associativity = 4,  .line_size = 64, },
173     [0xD6] = { .level = 3, .type = UNIFIED_CACHE,     .size =   1 * MiB,
174                .associativity = 8,  .line_size = 64, },
175     [0xD7] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
176                .associativity = 8,  .line_size = 64, },
177     [0xD8] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
178                .associativity = 8,  .line_size = 64, },
179     [0xDC] = { .level = 3, .type = UNIFIED_CACHE,     .size = 1.5 * MiB,
180                .associativity = 12, .line_size = 64, },
181     [0xDD] = { .level = 3, .type = UNIFIED_CACHE,     .size =   3 * MiB,
182                .associativity = 12, .line_size = 64, },
183     [0xDE] = { .level = 3, .type = UNIFIED_CACHE,     .size =   6 * MiB,
184                .associativity = 12, .line_size = 64, },
185     [0xE2] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
186                .associativity = 16, .line_size = 64, },
187     [0xE3] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
188                .associativity = 16, .line_size = 64, },
189     [0xE4] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
190                .associativity = 16, .line_size = 64, },
191     [0xEA] = { .level = 3, .type = UNIFIED_CACHE,     .size =  12 * MiB,
192                .associativity = 24, .line_size = 64, },
193     [0xEB] = { .level = 3, .type = UNIFIED_CACHE,     .size =  18 * MiB,
194                .associativity = 24, .line_size = 64, },
195     [0xEC] = { .level = 3, .type = UNIFIED_CACHE,     .size =  24 * MiB,
196                .associativity = 24, .line_size = 64, },
197 };
198 
199 /*
200  * "CPUID leaf 2 does not report cache descriptor information,
201  * use CPUID leaf 4 to query cache parameters"
202  */
203 #define CACHE_DESCRIPTOR_UNAVAILABLE 0xFF
204 
205 /*
206  * Return a CPUID 2 cache descriptor for a given cache.
207  * If no known descriptor is found, return CACHE_DESCRIPTOR_UNAVAILABLE
208  */
209 static uint8_t cpuid2_cache_descriptor(CPUCacheInfo *cache)
210 {
211     int i;
212 
213     assert(cache->size > 0);
214     assert(cache->level > 0);
215     assert(cache->line_size > 0);
216     assert(cache->associativity > 0);
217     for (i = 0; i < ARRAY_SIZE(cpuid2_cache_descriptors); i++) {
218         struct CPUID2CacheDescriptorInfo *d = &cpuid2_cache_descriptors[i];
219         if (d->level == cache->level && d->type == cache->type &&
220             d->size == cache->size && d->line_size == cache->line_size &&
221             d->associativity == cache->associativity) {
222                 return i;
223             }
224     }
225 
226     return CACHE_DESCRIPTOR_UNAVAILABLE;
227 }
228 
229 /* CPUID Leaf 4 constants: */
230 
231 /* EAX: */
232 #define CACHE_TYPE_D    1
233 #define CACHE_TYPE_I    2
234 #define CACHE_TYPE_UNIFIED   3
235 
236 #define CACHE_LEVEL(l)        (l << 5)
237 
238 #define CACHE_SELF_INIT_LEVEL (1 << 8)
239 
240 /* EDX: */
241 #define CACHE_NO_INVD_SHARING   (1 << 0)
242 #define CACHE_INCLUSIVE       (1 << 1)
243 #define CACHE_COMPLEX_IDX     (1 << 2)
244 
245 /* Encode CacheType for CPUID[4].EAX */
246 #define CACHE_TYPE(t) (((t) == DATA_CACHE) ? CACHE_TYPE_D : \
247                        ((t) == INSTRUCTION_CACHE) ? CACHE_TYPE_I : \
248                        ((t) == UNIFIED_CACHE) ? CACHE_TYPE_UNIFIED : \
249                        0 /* Invalid value */)
250 
251 
252 /* Encode cache info for CPUID[4] */
253 static void encode_cache_cpuid4(CPUCacheInfo *cache,
254                                 int num_apic_ids, int num_cores,
255                                 uint32_t *eax, uint32_t *ebx,
256                                 uint32_t *ecx, uint32_t *edx)
257 {
258     assert(cache->size == cache->line_size * cache->associativity *
259                           cache->partitions * cache->sets);
260 
261     assert(num_apic_ids > 0);
262     *eax = CACHE_TYPE(cache->type) |
263            CACHE_LEVEL(cache->level) |
264            (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0) |
265            ((num_cores - 1) << 26) |
266            ((num_apic_ids - 1) << 14);
267 
268     assert(cache->line_size > 0);
269     assert(cache->partitions > 0);
270     assert(cache->associativity > 0);
271     /* We don't implement fully-associative caches */
272     assert(cache->associativity < cache->sets);
273     *ebx = (cache->line_size - 1) |
274            ((cache->partitions - 1) << 12) |
275            ((cache->associativity - 1) << 22);
276 
277     assert(cache->sets > 0);
278     *ecx = cache->sets - 1;
279 
280     *edx = (cache->no_invd_sharing ? CACHE_NO_INVD_SHARING : 0) |
281            (cache->inclusive ? CACHE_INCLUSIVE : 0) |
282            (cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
283 }
284 
285 /* Encode cache info for CPUID[0x80000005].ECX or CPUID[0x80000005].EDX */
286 static uint32_t encode_cache_cpuid80000005(CPUCacheInfo *cache)
287 {
288     assert(cache->size % 1024 == 0);
289     assert(cache->lines_per_tag > 0);
290     assert(cache->associativity > 0);
291     assert(cache->line_size > 0);
292     return ((cache->size / 1024) << 24) | (cache->associativity << 16) |
293            (cache->lines_per_tag << 8) | (cache->line_size);
294 }
295 
296 #define ASSOC_FULL 0xFF
297 
298 /* AMD associativity encoding used on CPUID Leaf 0x80000006: */
299 #define AMD_ENC_ASSOC(a) (a <=   1 ? a   : \
300                           a ==   2 ? 0x2 : \
301                           a ==   4 ? 0x4 : \
302                           a ==   8 ? 0x6 : \
303                           a ==  16 ? 0x8 : \
304                           a ==  32 ? 0xA : \
305                           a ==  48 ? 0xB : \
306                           a ==  64 ? 0xC : \
307                           a ==  96 ? 0xD : \
308                           a == 128 ? 0xE : \
309                           a == ASSOC_FULL ? 0xF : \
310                           0 /* invalid value */)
311 
312 /*
313  * Encode cache info for CPUID[0x80000006].ECX and CPUID[0x80000006].EDX
314  * @l3 can be NULL.
315  */
316 static void encode_cache_cpuid80000006(CPUCacheInfo *l2,
317                                        CPUCacheInfo *l3,
318                                        uint32_t *ecx, uint32_t *edx)
319 {
320     assert(l2->size % 1024 == 0);
321     assert(l2->associativity > 0);
322     assert(l2->lines_per_tag > 0);
323     assert(l2->line_size > 0);
324     *ecx = ((l2->size / 1024) << 16) |
325            (AMD_ENC_ASSOC(l2->associativity) << 12) |
326            (l2->lines_per_tag << 8) | (l2->line_size);
327 
328     if (l3) {
329         assert(l3->size % (512 * 1024) == 0);
330         assert(l3->associativity > 0);
331         assert(l3->lines_per_tag > 0);
332         assert(l3->line_size > 0);
333         *edx = ((l3->size / (512 * 1024)) << 18) |
334                (AMD_ENC_ASSOC(l3->associativity) << 12) |
335                (l3->lines_per_tag << 8) | (l3->line_size);
336     } else {
337         *edx = 0;
338     }
339 }
340 
341 /* Encode cache info for CPUID[8000001D] */
342 static void encode_cache_cpuid8000001d(CPUCacheInfo *cache,
343                                        X86CPUTopoInfo *topo_info,
344                                        uint32_t *eax, uint32_t *ebx,
345                                        uint32_t *ecx, uint32_t *edx)
346 {
347     uint32_t l3_cores;
348     unsigned nodes = MAX(topo_info->nodes_per_pkg, 1);
349 
350     assert(cache->size == cache->line_size * cache->associativity *
351                           cache->partitions * cache->sets);
352 
353     *eax = CACHE_TYPE(cache->type) | CACHE_LEVEL(cache->level) |
354                (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0);
355 
356     /* L3 is shared among multiple cores */
357     if (cache->level == 3) {
358         l3_cores = DIV_ROUND_UP((topo_info->dies_per_pkg *
359                                  topo_info->cores_per_die *
360                                  topo_info->threads_per_core),
361                                  nodes);
362         *eax |= (l3_cores - 1) << 14;
363     } else {
364         *eax |= ((topo_info->threads_per_core - 1) << 14);
365     }
366 
367     assert(cache->line_size > 0);
368     assert(cache->partitions > 0);
369     assert(cache->associativity > 0);
370     /* We don't implement fully-associative caches */
371     assert(cache->associativity < cache->sets);
372     *ebx = (cache->line_size - 1) |
373            ((cache->partitions - 1) << 12) |
374            ((cache->associativity - 1) << 22);
375 
376     assert(cache->sets > 0);
377     *ecx = cache->sets - 1;
378 
379     *edx = (cache->no_invd_sharing ? CACHE_NO_INVD_SHARING : 0) |
380            (cache->inclusive ? CACHE_INCLUSIVE : 0) |
381            (cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
382 }
383 
384 /* Encode cache info for CPUID[8000001E] */
385 static void encode_topo_cpuid8000001e(X86CPUTopoInfo *topo_info, X86CPU *cpu,
386                                        uint32_t *eax, uint32_t *ebx,
387                                        uint32_t *ecx, uint32_t *edx)
388 {
389     X86CPUTopoIDs topo_ids = {0};
390     unsigned long nodes = MAX(topo_info->nodes_per_pkg, 1);
391     int shift;
392 
393     x86_topo_ids_from_apicid_epyc(cpu->apic_id, topo_info, &topo_ids);
394 
395     *eax = cpu->apic_id;
396     /*
397      * CPUID_Fn8000001E_EBX
398      * 31:16 Reserved
399      * 15:8  Threads per core (The number of threads per core is
400      *       Threads per core + 1)
401      *  7:0  Core id (see bit decoding below)
402      *       SMT:
403      *           4:3 node id
404      *             2 Core complex id
405      *           1:0 Core id
406      *       Non SMT:
407      *           5:4 node id
408      *             3 Core complex id
409      *           1:0 Core id
410      */
411     *ebx = ((topo_info->threads_per_core - 1) << 8) | (topo_ids.node_id << 3) |
412             (topo_ids.core_id);
413     /*
414      * CPUID_Fn8000001E_ECX
415      * 31:11 Reserved
416      * 10:8  Nodes per processor (Nodes per processor is number of nodes + 1)
417      *  7:0  Node id (see bit decoding below)
418      *         2  Socket id
419      *       1:0  Node id
420      */
421     if (nodes <= 4) {
422         *ecx = ((nodes - 1) << 8) | (topo_ids.pkg_id << 2) | topo_ids.node_id;
423     } else {
424         /*
425          * Node id fix up. Actual hardware supports up to 4 nodes. But with
426          * more than 32 cores, we may end up with more than 4 nodes.
427          * Node id is a combination of socket id and node id. Only requirement
428          * here is that this number should be unique accross the system.
429          * Shift the socket id to accommodate more nodes. We dont expect both
430          * socket id and node id to be big number at the same time. This is not
431          * an ideal config but we need to to support it. Max nodes we can have
432          * is 32 (255/8) with 8 cores per node and 255 max cores. We only need
433          * 5 bits for nodes. Find the left most set bit to represent the total
434          * number of nodes. find_last_bit returns last set bit(0 based). Left
435          * shift(+1) the socket id to represent all the nodes.
436          */
437         nodes -= 1;
438         shift = find_last_bit(&nodes, 8);
439         *ecx = (nodes << 8) | (topo_ids.pkg_id << (shift + 1)) |
440                topo_ids.node_id;
441     }
442     *edx = 0;
443 }
444 
445 /*
446  * Definitions of the hardcoded cache entries we expose:
447  * These are legacy cache values. If there is a need to change any
448  * of these values please use builtin_x86_defs
449  */
450 
451 /* L1 data cache: */
452 static CPUCacheInfo legacy_l1d_cache = {
453     .type = DATA_CACHE,
454     .level = 1,
455     .size = 32 * KiB,
456     .self_init = 1,
457     .line_size = 64,
458     .associativity = 8,
459     .sets = 64,
460     .partitions = 1,
461     .no_invd_sharing = true,
462 };
463 
464 /*FIXME: CPUID leaf 0x80000005 is inconsistent with leaves 2 & 4 */
465 static CPUCacheInfo legacy_l1d_cache_amd = {
466     .type = DATA_CACHE,
467     .level = 1,
468     .size = 64 * KiB,
469     .self_init = 1,
470     .line_size = 64,
471     .associativity = 2,
472     .sets = 512,
473     .partitions = 1,
474     .lines_per_tag = 1,
475     .no_invd_sharing = true,
476 };
477 
478 /* L1 instruction cache: */
479 static CPUCacheInfo legacy_l1i_cache = {
480     .type = INSTRUCTION_CACHE,
481     .level = 1,
482     .size = 32 * KiB,
483     .self_init = 1,
484     .line_size = 64,
485     .associativity = 8,
486     .sets = 64,
487     .partitions = 1,
488     .no_invd_sharing = true,
489 };
490 
491 /*FIXME: CPUID leaf 0x80000005 is inconsistent with leaves 2 & 4 */
492 static CPUCacheInfo legacy_l1i_cache_amd = {
493     .type = INSTRUCTION_CACHE,
494     .level = 1,
495     .size = 64 * KiB,
496     .self_init = 1,
497     .line_size = 64,
498     .associativity = 2,
499     .sets = 512,
500     .partitions = 1,
501     .lines_per_tag = 1,
502     .no_invd_sharing = true,
503 };
504 
505 /* Level 2 unified cache: */
506 static CPUCacheInfo legacy_l2_cache = {
507     .type = UNIFIED_CACHE,
508     .level = 2,
509     .size = 4 * MiB,
510     .self_init = 1,
511     .line_size = 64,
512     .associativity = 16,
513     .sets = 4096,
514     .partitions = 1,
515     .no_invd_sharing = true,
516 };
517 
518 /*FIXME: CPUID leaf 2 descriptor is inconsistent with CPUID leaf 4 */
519 static CPUCacheInfo legacy_l2_cache_cpuid2 = {
520     .type = UNIFIED_CACHE,
521     .level = 2,
522     .size = 2 * MiB,
523     .line_size = 64,
524     .associativity = 8,
525 };
526 
527 
528 /*FIXME: CPUID leaf 0x80000006 is inconsistent with leaves 2 & 4 */
529 static CPUCacheInfo legacy_l2_cache_amd = {
530     .type = UNIFIED_CACHE,
531     .level = 2,
532     .size = 512 * KiB,
533     .line_size = 64,
534     .lines_per_tag = 1,
535     .associativity = 16,
536     .sets = 512,
537     .partitions = 1,
538 };
539 
540 /* Level 3 unified cache: */
541 static CPUCacheInfo legacy_l3_cache = {
542     .type = UNIFIED_CACHE,
543     .level = 3,
544     .size = 16 * MiB,
545     .line_size = 64,
546     .associativity = 16,
547     .sets = 16384,
548     .partitions = 1,
549     .lines_per_tag = 1,
550     .self_init = true,
551     .inclusive = true,
552     .complex_indexing = true,
553 };
554 
555 /* TLB definitions: */
556 
557 #define L1_DTLB_2M_ASSOC       1
558 #define L1_DTLB_2M_ENTRIES   255
559 #define L1_DTLB_4K_ASSOC       1
560 #define L1_DTLB_4K_ENTRIES   255
561 
562 #define L1_ITLB_2M_ASSOC       1
563 #define L1_ITLB_2M_ENTRIES   255
564 #define L1_ITLB_4K_ASSOC       1
565 #define L1_ITLB_4K_ENTRIES   255
566 
567 #define L2_DTLB_2M_ASSOC       0 /* disabled */
568 #define L2_DTLB_2M_ENTRIES     0 /* disabled */
569 #define L2_DTLB_4K_ASSOC       4
570 #define L2_DTLB_4K_ENTRIES   512
571 
572 #define L2_ITLB_2M_ASSOC       0 /* disabled */
573 #define L2_ITLB_2M_ENTRIES     0 /* disabled */
574 #define L2_ITLB_4K_ASSOC       4
575 #define L2_ITLB_4K_ENTRIES   512
576 
577 /* CPUID Leaf 0x14 constants: */
578 #define INTEL_PT_MAX_SUBLEAF     0x1
579 /*
580  * bit[00]: IA32_RTIT_CTL.CR3 filter can be set to 1 and IA32_RTIT_CR3_MATCH
581  *          MSR can be accessed;
582  * bit[01]: Support Configurable PSB and Cycle-Accurate Mode;
583  * bit[02]: Support IP Filtering, TraceStop filtering, and preservation
584  *          of Intel PT MSRs across warm reset;
585  * bit[03]: Support MTC timing packet and suppression of COFI-based packets;
586  */
587 #define INTEL_PT_MINIMAL_EBX     0xf
588 /*
589  * bit[00]: Tracing can be enabled with IA32_RTIT_CTL.ToPA = 1 and
590  *          IA32_RTIT_OUTPUT_BASE and IA32_RTIT_OUTPUT_MASK_PTRS MSRs can be
591  *          accessed;
592  * bit[01]: ToPA tables can hold any number of output entries, up to the
593  *          maximum allowed by the MaskOrTableOffset field of
594  *          IA32_RTIT_OUTPUT_MASK_PTRS;
595  * bit[02]: Support Single-Range Output scheme;
596  */
597 #define INTEL_PT_MINIMAL_ECX     0x7
598 /* generated packets which contain IP payloads have LIP values */
599 #define INTEL_PT_IP_LIP          (1 << 31)
600 #define INTEL_PT_ADDR_RANGES_NUM 0x2 /* Number of configurable address ranges */
601 #define INTEL_PT_ADDR_RANGES_NUM_MASK 0x3
602 #define INTEL_PT_MTC_BITMAP      (0x0249 << 16) /* Support ART(0,3,6,9) */
603 #define INTEL_PT_CYCLE_BITMAP    0x1fff         /* Support 0,2^(0~11) */
604 #define INTEL_PT_PSB_BITMAP      (0x003f << 16) /* Support 2K,4K,8K,16K,32K,64K */
605 
606 static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
607                                      uint32_t vendor2, uint32_t vendor3)
608 {
609     int i;
610     for (i = 0; i < 4; i++) {
611         dst[i] = vendor1 >> (8 * i);
612         dst[i + 4] = vendor2 >> (8 * i);
613         dst[i + 8] = vendor3 >> (8 * i);
614     }
615     dst[CPUID_VENDOR_SZ] = '\0';
616 }
617 
618 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
619 #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
620           CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
621 #define PENTIUM2_FEATURES (PENTIUM_FEATURES | CPUID_PAE | CPUID_SEP | \
622           CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
623           CPUID_PSE36 | CPUID_FXSR)
624 #define PENTIUM3_FEATURES (PENTIUM2_FEATURES | CPUID_SSE)
625 #define PPRO_FEATURES (CPUID_FP87 | CPUID_DE | CPUID_PSE | CPUID_TSC | \
626           CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_PGE | CPUID_CMOV | \
627           CPUID_PAT | CPUID_FXSR | CPUID_MMX | CPUID_SSE | CPUID_SSE2 | \
628           CPUID_PAE | CPUID_SEP | CPUID_APIC)
629 
630 #define TCG_FEATURES (CPUID_FP87 | CPUID_PSE | CPUID_TSC | CPUID_MSR | \
631           CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
632           CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
633           CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
634           CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE)
635           /* partly implemented:
636           CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64) */
637           /* missing:
638           CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
639 #define TCG_EXT_FEATURES (CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | \
640           CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
641           CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
642           CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */   \
643           CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
644           CPUID_EXT_RDRAND)
645           /* missing:
646           CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
647           CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
648           CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
649           CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
650           CPUID_EXT_F16C */
651 
652 #ifdef TARGET_X86_64
653 #define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
654 #else
655 #define TCG_EXT2_X86_64_FEATURES 0
656 #endif
657 
658 #define TCG_EXT2_FEATURES ((TCG_FEATURES & CPUID_EXT2_AMD_ALIASES) | \
659           CPUID_EXT2_NX | CPUID_EXT2_MMXEXT | CPUID_EXT2_RDTSCP | \
660           CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | CPUID_EXT2_PDPE1GB | \
661           TCG_EXT2_X86_64_FEATURES)
662 #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
663           CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
664 #define TCG_EXT4_FEATURES 0
665 #define TCG_SVM_FEATURES CPUID_SVM_NPT
666 #define TCG_KVM_FEATURES 0
667 #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
668           CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
669           CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
670           CPUID_7_0_EBX_CLWB | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_FSGSBASE | \
671           CPUID_7_0_EBX_ERMS)
672           /* missing:
673           CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
674           CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
675           CPUID_7_0_EBX_RDSEED */
676 #define TCG_7_0_ECX_FEATURES (CPUID_7_0_ECX_PKU | \
677           /* CPUID_7_0_ECX_OSPKE is dynamic */ \
678           CPUID_7_0_ECX_LA57)
679 #define TCG_7_0_EDX_FEATURES 0
680 #define TCG_7_1_EAX_FEATURES 0
681 #define TCG_APM_FEATURES 0
682 #define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT
683 #define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1)
684           /* missing:
685           CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
686 
687 typedef enum FeatureWordType {
688    CPUID_FEATURE_WORD,
689    MSR_FEATURE_WORD,
690 } FeatureWordType;
691 
692 typedef struct FeatureWordInfo {
693     FeatureWordType type;
694     /* feature flags names are taken from "Intel Processor Identification and
695      * the CPUID Instruction" and AMD's "CPUID Specification".
696      * In cases of disagreement between feature naming conventions,
697      * aliases may be added.
698      */
699     const char *feat_names[64];
700     union {
701         /* If type==CPUID_FEATURE_WORD */
702         struct {
703             uint32_t eax;   /* Input EAX for CPUID */
704             bool needs_ecx; /* CPUID instruction uses ECX as input */
705             uint32_t ecx;   /* Input ECX value for CPUID */
706             int reg;        /* output register (R_* constant) */
707         } cpuid;
708         /* If type==MSR_FEATURE_WORD */
709         struct {
710             uint32_t index;
711         } msr;
712     };
713     uint64_t tcg_features; /* Feature flags supported by TCG */
714     uint64_t unmigratable_flags; /* Feature flags known to be unmigratable */
715     uint64_t migratable_flags; /* Feature flags known to be migratable */
716     /* Features that shouldn't be auto-enabled by "-cpu host" */
717     uint64_t no_autoenable_flags;
718 } FeatureWordInfo;
719 
720 static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
721     [FEAT_1_EDX] = {
722         .type = CPUID_FEATURE_WORD,
723         .feat_names = {
724             "fpu", "vme", "de", "pse",
725             "tsc", "msr", "pae", "mce",
726             "cx8", "apic", NULL, "sep",
727             "mtrr", "pge", "mca", "cmov",
728             "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
729             NULL, "ds" /* Intel dts */, "acpi", "mmx",
730             "fxsr", "sse", "sse2", "ss",
731             "ht" /* Intel htt */, "tm", "ia64", "pbe",
732         },
733         .cpuid = {.eax = 1, .reg = R_EDX, },
734         .tcg_features = TCG_FEATURES,
735     },
736     [FEAT_1_ECX] = {
737         .type = CPUID_FEATURE_WORD,
738         .feat_names = {
739             "pni" /* Intel,AMD sse3 */, "pclmulqdq", "dtes64", "monitor",
740             "ds-cpl", "vmx", "smx", "est",
741             "tm2", "ssse3", "cid", NULL,
742             "fma", "cx16", "xtpr", "pdcm",
743             NULL, "pcid", "dca", "sse4.1",
744             "sse4.2", "x2apic", "movbe", "popcnt",
745             "tsc-deadline", "aes", "xsave", NULL /* osxsave */,
746             "avx", "f16c", "rdrand", "hypervisor",
747         },
748         .cpuid = { .eax = 1, .reg = R_ECX, },
749         .tcg_features = TCG_EXT_FEATURES,
750     },
751     /* Feature names that are already defined on feature_name[] but
752      * are set on CPUID[8000_0001].EDX on AMD CPUs don't have their
753      * names on feat_names below. They are copied automatically
754      * to features[FEAT_8000_0001_EDX] if and only if CPU vendor is AMD.
755      */
756     [FEAT_8000_0001_EDX] = {
757         .type = CPUID_FEATURE_WORD,
758         .feat_names = {
759             NULL /* fpu */, NULL /* vme */, NULL /* de */, NULL /* pse */,
760             NULL /* tsc */, NULL /* msr */, NULL /* pae */, NULL /* mce */,
761             NULL /* cx8 */, NULL /* apic */, NULL, "syscall",
762             NULL /* mtrr */, NULL /* pge */, NULL /* mca */, NULL /* cmov */,
763             NULL /* pat */, NULL /* pse36 */, NULL, NULL /* Linux mp */,
764             "nx", NULL, "mmxext", NULL /* mmx */,
765             NULL /* fxsr */, "fxsr-opt", "pdpe1gb", "rdtscp",
766             NULL, "lm", "3dnowext", "3dnow",
767         },
768         .cpuid = { .eax = 0x80000001, .reg = R_EDX, },
769         .tcg_features = TCG_EXT2_FEATURES,
770     },
771     [FEAT_8000_0001_ECX] = {
772         .type = CPUID_FEATURE_WORD,
773         .feat_names = {
774             "lahf-lm", "cmp-legacy", "svm", "extapic",
775             "cr8legacy", "abm", "sse4a", "misalignsse",
776             "3dnowprefetch", "osvw", "ibs", "xop",
777             "skinit", "wdt", NULL, "lwp",
778             "fma4", "tce", NULL, "nodeid-msr",
779             NULL, "tbm", "topoext", "perfctr-core",
780             "perfctr-nb", NULL, NULL, NULL,
781             NULL, NULL, NULL, NULL,
782         },
783         .cpuid = { .eax = 0x80000001, .reg = R_ECX, },
784         .tcg_features = TCG_EXT3_FEATURES,
785         /*
786          * TOPOEXT is always allowed but can't be enabled blindly by
787          * "-cpu host", as it requires consistent cache topology info
788          * to be provided so it doesn't confuse guests.
789          */
790         .no_autoenable_flags = CPUID_EXT3_TOPOEXT,
791     },
792     [FEAT_C000_0001_EDX] = {
793         .type = CPUID_FEATURE_WORD,
794         .feat_names = {
795             NULL, NULL, "xstore", "xstore-en",
796             NULL, NULL, "xcrypt", "xcrypt-en",
797             "ace2", "ace2-en", "phe", "phe-en",
798             "pmm", "pmm-en", NULL, NULL,
799             NULL, NULL, NULL, NULL,
800             NULL, NULL, NULL, NULL,
801             NULL, NULL, NULL, NULL,
802             NULL, NULL, NULL, NULL,
803         },
804         .cpuid = { .eax = 0xC0000001, .reg = R_EDX, },
805         .tcg_features = TCG_EXT4_FEATURES,
806     },
807     [FEAT_KVM] = {
808         .type = CPUID_FEATURE_WORD,
809         .feat_names = {
810             "kvmclock", "kvm-nopiodelay", "kvm-mmu", "kvmclock",
811             "kvm-asyncpf", "kvm-steal-time", "kvm-pv-eoi", "kvm-pv-unhalt",
812             NULL, "kvm-pv-tlb-flush", NULL, "kvm-pv-ipi",
813             "kvm-poll-control", "kvm-pv-sched-yield", NULL, NULL,
814             NULL, NULL, NULL, NULL,
815             NULL, NULL, NULL, NULL,
816             "kvmclock-stable-bit", NULL, NULL, NULL,
817             NULL, NULL, NULL, NULL,
818         },
819         .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EAX, },
820         .tcg_features = TCG_KVM_FEATURES,
821     },
822     [FEAT_KVM_HINTS] = {
823         .type = CPUID_FEATURE_WORD,
824         .feat_names = {
825             "kvm-hint-dedicated", NULL, NULL, NULL,
826             NULL, NULL, NULL, NULL,
827             NULL, NULL, NULL, NULL,
828             NULL, NULL, NULL, NULL,
829             NULL, NULL, NULL, NULL,
830             NULL, NULL, NULL, NULL,
831             NULL, NULL, NULL, NULL,
832             NULL, NULL, NULL, NULL,
833         },
834         .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EDX, },
835         .tcg_features = TCG_KVM_FEATURES,
836         /*
837          * KVM hints aren't auto-enabled by -cpu host, they need to be
838          * explicitly enabled in the command-line.
839          */
840         .no_autoenable_flags = ~0U,
841     },
842     /*
843      * .feat_names are commented out for Hyper-V enlightenments because we
844      * don't want to have two different ways for enabling them on QEMU command
845      * line. Some features (e.g. "hyperv_time", "hyperv_vapic", ...) require
846      * enabling several feature bits simultaneously, exposing these bits
847      * individually may just confuse guests.
848      */
849     [FEAT_HYPERV_EAX] = {
850         .type = CPUID_FEATURE_WORD,
851         .feat_names = {
852             NULL /* hv_msr_vp_runtime_access */, NULL /* hv_msr_time_refcount_access */,
853             NULL /* hv_msr_synic_access */, NULL /* hv_msr_stimer_access */,
854             NULL /* hv_msr_apic_access */, NULL /* hv_msr_hypercall_access */,
855             NULL /* hv_vpindex_access */, NULL /* hv_msr_reset_access */,
856             NULL /* hv_msr_stats_access */, NULL /* hv_reftsc_access */,
857             NULL /* hv_msr_idle_access */, NULL /* hv_msr_frequency_access */,
858             NULL /* hv_msr_debug_access */, NULL /* hv_msr_reenlightenment_access */,
859             NULL, NULL,
860             NULL, NULL, NULL, NULL,
861             NULL, NULL, NULL, NULL,
862             NULL, NULL, NULL, NULL,
863             NULL, NULL, NULL, NULL,
864         },
865         .cpuid = { .eax = 0x40000003, .reg = R_EAX, },
866     },
867     [FEAT_HYPERV_EBX] = {
868         .type = CPUID_FEATURE_WORD,
869         .feat_names = {
870             NULL /* hv_create_partitions */, NULL /* hv_access_partition_id */,
871             NULL /* hv_access_memory_pool */, NULL /* hv_adjust_message_buffers */,
872             NULL /* hv_post_messages */, NULL /* hv_signal_events */,
873             NULL /* hv_create_port */, NULL /* hv_connect_port */,
874             NULL /* hv_access_stats */, NULL, NULL, NULL /* hv_debugging */,
875             NULL /* hv_cpu_power_management */, NULL /* hv_configure_profiler */,
876             NULL, NULL,
877             NULL, NULL, NULL, NULL,
878             NULL, NULL, NULL, NULL,
879             NULL, NULL, NULL, NULL,
880             NULL, NULL, NULL, NULL,
881         },
882         .cpuid = { .eax = 0x40000003, .reg = R_EBX, },
883     },
884     [FEAT_HYPERV_EDX] = {
885         .type = CPUID_FEATURE_WORD,
886         .feat_names = {
887             NULL /* hv_mwait */, NULL /* hv_guest_debugging */,
888             NULL /* hv_perf_monitor */, NULL /* hv_cpu_dynamic_part */,
889             NULL /* hv_hypercall_params_xmm */, NULL /* hv_guest_idle_state */,
890             NULL, NULL,
891             NULL, NULL, NULL /* hv_guest_crash_msr */, NULL,
892             NULL, NULL, NULL, NULL,
893             NULL, NULL, NULL, NULL,
894             NULL, NULL, NULL, NULL,
895             NULL, NULL, NULL, NULL,
896             NULL, NULL, NULL, NULL,
897         },
898         .cpuid = { .eax = 0x40000003, .reg = R_EDX, },
899     },
900     [FEAT_HV_RECOMM_EAX] = {
901         .type = CPUID_FEATURE_WORD,
902         .feat_names = {
903             NULL /* hv_recommend_pv_as_switch */,
904             NULL /* hv_recommend_pv_tlbflush_local */,
905             NULL /* hv_recommend_pv_tlbflush_remote */,
906             NULL /* hv_recommend_msr_apic_access */,
907             NULL /* hv_recommend_msr_reset */,
908             NULL /* hv_recommend_relaxed_timing */,
909             NULL /* hv_recommend_dma_remapping */,
910             NULL /* hv_recommend_int_remapping */,
911             NULL /* hv_recommend_x2apic_msrs */,
912             NULL /* hv_recommend_autoeoi_deprecation */,
913             NULL /* hv_recommend_pv_ipi */,
914             NULL /* hv_recommend_ex_hypercalls */,
915             NULL /* hv_hypervisor_is_nested */,
916             NULL /* hv_recommend_int_mbec */,
917             NULL /* hv_recommend_evmcs */,
918             NULL,
919             NULL, NULL, NULL, NULL,
920             NULL, NULL, NULL, NULL,
921             NULL, NULL, NULL, NULL,
922             NULL, NULL, NULL, NULL,
923         },
924         .cpuid = { .eax = 0x40000004, .reg = R_EAX, },
925     },
926     [FEAT_HV_NESTED_EAX] = {
927         .type = CPUID_FEATURE_WORD,
928         .cpuid = { .eax = 0x4000000A, .reg = R_EAX, },
929     },
930     [FEAT_SVM] = {
931         .type = CPUID_FEATURE_WORD,
932         .feat_names = {
933             "npt", "lbrv", "svm-lock", "nrip-save",
934             "tsc-scale", "vmcb-clean",  "flushbyasid", "decodeassists",
935             NULL, NULL, "pause-filter", NULL,
936             "pfthreshold", NULL, NULL, NULL,
937             NULL, NULL, NULL, NULL,
938             NULL, NULL, NULL, NULL,
939             NULL, NULL, NULL, NULL,
940             NULL, NULL, NULL, NULL,
941         },
942         .cpuid = { .eax = 0x8000000A, .reg = R_EDX, },
943         .tcg_features = TCG_SVM_FEATURES,
944     },
945     [FEAT_7_0_EBX] = {
946         .type = CPUID_FEATURE_WORD,
947         .feat_names = {
948             "fsgsbase", "tsc-adjust", NULL, "bmi1",
949             "hle", "avx2", NULL, "smep",
950             "bmi2", "erms", "invpcid", "rtm",
951             NULL, NULL, "mpx", NULL,
952             "avx512f", "avx512dq", "rdseed", "adx",
953             "smap", "avx512ifma", "pcommit", "clflushopt",
954             "clwb", "intel-pt", "avx512pf", "avx512er",
955             "avx512cd", "sha-ni", "avx512bw", "avx512vl",
956         },
957         .cpuid = {
958             .eax = 7,
959             .needs_ecx = true, .ecx = 0,
960             .reg = R_EBX,
961         },
962         .tcg_features = TCG_7_0_EBX_FEATURES,
963     },
964     [FEAT_7_0_ECX] = {
965         .type = CPUID_FEATURE_WORD,
966         .feat_names = {
967             NULL, "avx512vbmi", "umip", "pku",
968             NULL /* ospke */, "waitpkg", "avx512vbmi2", NULL,
969             "gfni", "vaes", "vpclmulqdq", "avx512vnni",
970             "avx512bitalg", NULL, "avx512-vpopcntdq", NULL,
971             "la57", NULL, NULL, NULL,
972             NULL, NULL, "rdpid", NULL,
973             NULL, "cldemote", NULL, "movdiri",
974             "movdir64b", NULL, NULL, NULL,
975         },
976         .cpuid = {
977             .eax = 7,
978             .needs_ecx = true, .ecx = 0,
979             .reg = R_ECX,
980         },
981         .tcg_features = TCG_7_0_ECX_FEATURES,
982     },
983     [FEAT_7_0_EDX] = {
984         .type = CPUID_FEATURE_WORD,
985         .feat_names = {
986             NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
987             NULL, NULL, NULL, NULL,
988             NULL, NULL, "md-clear", NULL,
989             NULL, NULL, NULL, NULL,
990             NULL, NULL, NULL /* pconfig */, NULL,
991             NULL, NULL, NULL, NULL,
992             NULL, NULL, "spec-ctrl", "stibp",
993             NULL, "arch-capabilities", "core-capability", "ssbd",
994         },
995         .cpuid = {
996             .eax = 7,
997             .needs_ecx = true, .ecx = 0,
998             .reg = R_EDX,
999         },
1000         .tcg_features = TCG_7_0_EDX_FEATURES,
1001     },
1002     [FEAT_7_1_EAX] = {
1003         .type = CPUID_FEATURE_WORD,
1004         .feat_names = {
1005             NULL, NULL, NULL, NULL,
1006             NULL, "avx512-bf16", NULL, NULL,
1007             NULL, NULL, NULL, NULL,
1008             NULL, NULL, NULL, NULL,
1009             NULL, NULL, NULL, NULL,
1010             NULL, NULL, NULL, NULL,
1011             NULL, NULL, NULL, NULL,
1012             NULL, NULL, NULL, NULL,
1013         },
1014         .cpuid = {
1015             .eax = 7,
1016             .needs_ecx = true, .ecx = 1,
1017             .reg = R_EAX,
1018         },
1019         .tcg_features = TCG_7_1_EAX_FEATURES,
1020     },
1021     [FEAT_8000_0007_EDX] = {
1022         .type = CPUID_FEATURE_WORD,
1023         .feat_names = {
1024             NULL, NULL, NULL, NULL,
1025             NULL, NULL, NULL, NULL,
1026             "invtsc", NULL, NULL, NULL,
1027             NULL, NULL, NULL, NULL,
1028             NULL, NULL, NULL, NULL,
1029             NULL, NULL, NULL, NULL,
1030             NULL, NULL, NULL, NULL,
1031             NULL, NULL, NULL, NULL,
1032         },
1033         .cpuid = { .eax = 0x80000007, .reg = R_EDX, },
1034         .tcg_features = TCG_APM_FEATURES,
1035         .unmigratable_flags = CPUID_APM_INVTSC,
1036     },
1037     [FEAT_8000_0008_EBX] = {
1038         .type = CPUID_FEATURE_WORD,
1039         .feat_names = {
1040             "clzero", NULL, "xsaveerptr", NULL,
1041             NULL, NULL, NULL, NULL,
1042             NULL, "wbnoinvd", NULL, NULL,
1043             "ibpb", NULL, NULL, "amd-stibp",
1044             NULL, NULL, NULL, NULL,
1045             NULL, NULL, NULL, NULL,
1046             "amd-ssbd", "virt-ssbd", "amd-no-ssb", NULL,
1047             NULL, NULL, NULL, NULL,
1048         },
1049         .cpuid = { .eax = 0x80000008, .reg = R_EBX, },
1050         .tcg_features = 0,
1051         .unmigratable_flags = 0,
1052     },
1053     [FEAT_XSAVE] = {
1054         .type = CPUID_FEATURE_WORD,
1055         .feat_names = {
1056             "xsaveopt", "xsavec", "xgetbv1", "xsaves",
1057             NULL, NULL, NULL, NULL,
1058             NULL, NULL, NULL, NULL,
1059             NULL, NULL, NULL, NULL,
1060             NULL, NULL, NULL, NULL,
1061             NULL, NULL, NULL, NULL,
1062             NULL, NULL, NULL, NULL,
1063             NULL, NULL, NULL, NULL,
1064         },
1065         .cpuid = {
1066             .eax = 0xd,
1067             .needs_ecx = true, .ecx = 1,
1068             .reg = R_EAX,
1069         },
1070         .tcg_features = TCG_XSAVE_FEATURES,
1071     },
1072     [FEAT_6_EAX] = {
1073         .type = CPUID_FEATURE_WORD,
1074         .feat_names = {
1075             NULL, NULL, "arat", NULL,
1076             NULL, NULL, NULL, NULL,
1077             NULL, NULL, NULL, NULL,
1078             NULL, NULL, NULL, NULL,
1079             NULL, NULL, NULL, NULL,
1080             NULL, NULL, NULL, NULL,
1081             NULL, NULL, NULL, NULL,
1082             NULL, NULL, NULL, NULL,
1083         },
1084         .cpuid = { .eax = 6, .reg = R_EAX, },
1085         .tcg_features = TCG_6_EAX_FEATURES,
1086     },
1087     [FEAT_XSAVE_COMP_LO] = {
1088         .type = CPUID_FEATURE_WORD,
1089         .cpuid = {
1090             .eax = 0xD,
1091             .needs_ecx = true, .ecx = 0,
1092             .reg = R_EAX,
1093         },
1094         .tcg_features = ~0U,
1095         .migratable_flags = XSTATE_FP_MASK | XSTATE_SSE_MASK |
1096             XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK |
1097             XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | XSTATE_Hi16_ZMM_MASK |
1098             XSTATE_PKRU_MASK,
1099     },
1100     [FEAT_XSAVE_COMP_HI] = {
1101         .type = CPUID_FEATURE_WORD,
1102         .cpuid = {
1103             .eax = 0xD,
1104             .needs_ecx = true, .ecx = 0,
1105             .reg = R_EDX,
1106         },
1107         .tcg_features = ~0U,
1108     },
1109     /*Below are MSR exposed features*/
1110     [FEAT_ARCH_CAPABILITIES] = {
1111         .type = MSR_FEATURE_WORD,
1112         .feat_names = {
1113             "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
1114             "ssb-no", "mds-no", "pschange-mc-no", "tsx-ctrl",
1115             "taa-no", NULL, NULL, NULL,
1116             NULL, NULL, NULL, NULL,
1117             NULL, NULL, NULL, NULL,
1118             NULL, NULL, NULL, NULL,
1119             NULL, NULL, NULL, NULL,
1120             NULL, NULL, NULL, NULL,
1121         },
1122         .msr = {
1123             .index = MSR_IA32_ARCH_CAPABILITIES,
1124         },
1125     },
1126     [FEAT_CORE_CAPABILITY] = {
1127         .type = MSR_FEATURE_WORD,
1128         .feat_names = {
1129             NULL, NULL, NULL, NULL,
1130             NULL, "split-lock-detect", NULL, NULL,
1131             NULL, NULL, NULL, NULL,
1132             NULL, NULL, NULL, NULL,
1133             NULL, NULL, NULL, NULL,
1134             NULL, NULL, NULL, NULL,
1135             NULL, NULL, NULL, NULL,
1136             NULL, NULL, NULL, NULL,
1137         },
1138         .msr = {
1139             .index = MSR_IA32_CORE_CAPABILITY,
1140         },
1141     },
1142 
1143     [FEAT_VMX_PROCBASED_CTLS] = {
1144         .type = MSR_FEATURE_WORD,
1145         .feat_names = {
1146             NULL, NULL, "vmx-vintr-pending", "vmx-tsc-offset",
1147             NULL, NULL, NULL, "vmx-hlt-exit",
1148             NULL, "vmx-invlpg-exit", "vmx-mwait-exit", "vmx-rdpmc-exit",
1149             "vmx-rdtsc-exit", NULL, NULL, "vmx-cr3-load-noexit",
1150             "vmx-cr3-store-noexit", NULL, NULL, "vmx-cr8-load-exit",
1151             "vmx-cr8-store-exit", "vmx-flexpriority", "vmx-vnmi-pending", "vmx-movdr-exit",
1152             "vmx-io-exit", "vmx-io-bitmap", NULL, "vmx-mtf",
1153             "vmx-msr-bitmap", "vmx-monitor-exit", "vmx-pause-exit", "vmx-secondary-ctls",
1154         },
1155         .msr = {
1156             .index = MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
1157         }
1158     },
1159 
1160     [FEAT_VMX_SECONDARY_CTLS] = {
1161         .type = MSR_FEATURE_WORD,
1162         .feat_names = {
1163             "vmx-apicv-xapic", "vmx-ept", "vmx-desc-exit", "vmx-rdtscp-exit",
1164             "vmx-apicv-x2apic", "vmx-vpid", "vmx-wbinvd-exit", "vmx-unrestricted-guest",
1165             "vmx-apicv-register", "vmx-apicv-vid", "vmx-ple", "vmx-rdrand-exit",
1166             "vmx-invpcid-exit", "vmx-vmfunc", "vmx-shadow-vmcs", "vmx-encls-exit",
1167             "vmx-rdseed-exit", "vmx-pml", NULL, NULL,
1168             "vmx-xsaves", NULL, NULL, NULL,
1169             NULL, NULL, NULL, NULL,
1170             NULL, NULL, NULL, NULL,
1171         },
1172         .msr = {
1173             .index = MSR_IA32_VMX_PROCBASED_CTLS2,
1174         }
1175     },
1176 
1177     [FEAT_VMX_PINBASED_CTLS] = {
1178         .type = MSR_FEATURE_WORD,
1179         .feat_names = {
1180             "vmx-intr-exit", NULL, NULL, "vmx-nmi-exit",
1181             NULL, "vmx-vnmi", "vmx-preemption-timer", "vmx-posted-intr",
1182             NULL, NULL, NULL, NULL,
1183             NULL, NULL, NULL, NULL,
1184             NULL, NULL, NULL, NULL,
1185             NULL, NULL, NULL, NULL,
1186             NULL, NULL, NULL, NULL,
1187             NULL, NULL, NULL, NULL,
1188         },
1189         .msr = {
1190             .index = MSR_IA32_VMX_TRUE_PINBASED_CTLS,
1191         }
1192     },
1193 
1194     [FEAT_VMX_EXIT_CTLS] = {
1195         .type = MSR_FEATURE_WORD,
1196         /*
1197          * VMX_VM_EXIT_HOST_ADDR_SPACE_SIZE is copied from
1198          * the LM CPUID bit.
1199          */
1200         .feat_names = {
1201             NULL, NULL, "vmx-exit-nosave-debugctl", NULL,
1202             NULL, NULL, NULL, NULL,
1203             NULL, NULL /* vmx-exit-host-addr-space-size */, NULL, NULL,
1204             "vmx-exit-load-perf-global-ctrl", NULL, NULL, "vmx-exit-ack-intr",
1205             NULL, NULL, "vmx-exit-save-pat", "vmx-exit-load-pat",
1206             "vmx-exit-save-efer", "vmx-exit-load-efer",
1207                 "vmx-exit-save-preemption-timer", "vmx-exit-clear-bndcfgs",
1208             NULL, "vmx-exit-clear-rtit-ctl", NULL, NULL,
1209             NULL, NULL, NULL, NULL,
1210         },
1211         .msr = {
1212             .index = MSR_IA32_VMX_TRUE_EXIT_CTLS,
1213         }
1214     },
1215 
1216     [FEAT_VMX_ENTRY_CTLS] = {
1217         .type = MSR_FEATURE_WORD,
1218         .feat_names = {
1219             NULL, NULL, "vmx-entry-noload-debugctl", NULL,
1220             NULL, NULL, NULL, NULL,
1221             NULL, "vmx-entry-ia32e-mode", NULL, NULL,
1222             NULL, "vmx-entry-load-perf-global-ctrl", "vmx-entry-load-pat", "vmx-entry-load-efer",
1223             "vmx-entry-load-bndcfgs", NULL, "vmx-entry-load-rtit-ctl", NULL,
1224             NULL, NULL, NULL, NULL,
1225             NULL, NULL, NULL, NULL,
1226             NULL, NULL, NULL, NULL,
1227         },
1228         .msr = {
1229             .index = MSR_IA32_VMX_TRUE_ENTRY_CTLS,
1230         }
1231     },
1232 
1233     [FEAT_VMX_MISC] = {
1234         .type = MSR_FEATURE_WORD,
1235         .feat_names = {
1236             NULL, NULL, NULL, NULL,
1237             NULL, "vmx-store-lma", "vmx-activity-hlt", "vmx-activity-shutdown",
1238             "vmx-activity-wait-sipi", NULL, NULL, NULL,
1239             NULL, NULL, NULL, NULL,
1240             NULL, NULL, NULL, NULL,
1241             NULL, NULL, NULL, NULL,
1242             NULL, NULL, NULL, NULL,
1243             NULL, "vmx-vmwrite-vmexit-fields", "vmx-zero-len-inject", NULL,
1244         },
1245         .msr = {
1246             .index = MSR_IA32_VMX_MISC,
1247         }
1248     },
1249 
1250     [FEAT_VMX_EPT_VPID_CAPS] = {
1251         .type = MSR_FEATURE_WORD,
1252         .feat_names = {
1253             "vmx-ept-execonly", NULL, NULL, NULL,
1254             NULL, NULL, "vmx-page-walk-4", "vmx-page-walk-5",
1255             NULL, NULL, NULL, NULL,
1256             NULL, NULL, NULL, NULL,
1257             "vmx-ept-2mb", "vmx-ept-1gb", NULL, NULL,
1258             "vmx-invept", "vmx-eptad", "vmx-ept-advanced-exitinfo", NULL,
1259             NULL, "vmx-invept-single-context", "vmx-invept-all-context", NULL,
1260             NULL, NULL, NULL, NULL,
1261             "vmx-invvpid", NULL, NULL, NULL,
1262             NULL, NULL, NULL, NULL,
1263             "vmx-invvpid-single-addr", "vmx-invept-single-context",
1264                 "vmx-invvpid-all-context", "vmx-invept-single-context-noglobals",
1265             NULL, NULL, NULL, NULL,
1266             NULL, NULL, NULL, NULL,
1267             NULL, NULL, NULL, NULL,
1268             NULL, NULL, NULL, NULL,
1269             NULL, NULL, NULL, NULL,
1270         },
1271         .msr = {
1272             .index = MSR_IA32_VMX_EPT_VPID_CAP,
1273         }
1274     },
1275 
1276     [FEAT_VMX_BASIC] = {
1277         .type = MSR_FEATURE_WORD,
1278         .feat_names = {
1279             [54] = "vmx-ins-outs",
1280             [55] = "vmx-true-ctls",
1281         },
1282         .msr = {
1283             .index = MSR_IA32_VMX_BASIC,
1284         },
1285         /* Just to be safe - we don't support setting the MSEG version field.  */
1286         .no_autoenable_flags = MSR_VMX_BASIC_DUAL_MONITOR,
1287     },
1288 
1289     [FEAT_VMX_VMFUNC] = {
1290         .type = MSR_FEATURE_WORD,
1291         .feat_names = {
1292             [0] = "vmx-eptp-switching",
1293         },
1294         .msr = {
1295             .index = MSR_IA32_VMX_VMFUNC,
1296         }
1297     },
1298 
1299 };
1300 
1301 typedef struct FeatureMask {
1302     FeatureWord index;
1303     uint64_t mask;
1304 } FeatureMask;
1305 
1306 typedef struct FeatureDep {
1307     FeatureMask from, to;
1308 } FeatureDep;
1309 
1310 static FeatureDep feature_dependencies[] = {
1311     {
1312         .from = { FEAT_7_0_EDX,             CPUID_7_0_EDX_ARCH_CAPABILITIES },
1313         .to = { FEAT_ARCH_CAPABILITIES,     ~0ull },
1314     },
1315     {
1316         .from = { FEAT_7_0_EDX,             CPUID_7_0_EDX_CORE_CAPABILITY },
1317         .to = { FEAT_CORE_CAPABILITY,       ~0ull },
1318     },
1319     {
1320         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1321         .to = { FEAT_VMX_PROCBASED_CTLS,    ~0ull },
1322     },
1323     {
1324         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1325         .to = { FEAT_VMX_PINBASED_CTLS,     ~0ull },
1326     },
1327     {
1328         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1329         .to = { FEAT_VMX_EXIT_CTLS,         ~0ull },
1330     },
1331     {
1332         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1333         .to = { FEAT_VMX_ENTRY_CTLS,        ~0ull },
1334     },
1335     {
1336         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1337         .to = { FEAT_VMX_MISC,              ~0ull },
1338     },
1339     {
1340         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1341         .to = { FEAT_VMX_BASIC,             ~0ull },
1342     },
1343     {
1344         .from = { FEAT_8000_0001_EDX,       CPUID_EXT2_LM },
1345         .to = { FEAT_VMX_ENTRY_CTLS,        VMX_VM_ENTRY_IA32E_MODE },
1346     },
1347     {
1348         .from = { FEAT_VMX_PROCBASED_CTLS,  VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS },
1349         .to = { FEAT_VMX_SECONDARY_CTLS,    ~0ull },
1350     },
1351     {
1352         .from = { FEAT_XSAVE,               CPUID_XSAVE_XSAVES },
1353         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_XSAVES },
1354     },
1355     {
1356         .from = { FEAT_1_ECX,               CPUID_EXT_RDRAND },
1357         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDRAND_EXITING },
1358     },
1359     {
1360         .from = { FEAT_7_0_EBX,             CPUID_7_0_EBX_INVPCID },
1361         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_ENABLE_INVPCID },
1362     },
1363     {
1364         .from = { FEAT_7_0_EBX,             CPUID_7_0_EBX_RDSEED },
1365         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDSEED_EXITING },
1366     },
1367     {
1368         .from = { FEAT_8000_0001_EDX,       CPUID_EXT2_RDTSCP },
1369         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDTSCP },
1370     },
1371     {
1372         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_EPT },
1373         .to = { FEAT_VMX_EPT_VPID_CAPS,     0xffffffffull },
1374     },
1375     {
1376         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_EPT },
1377         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST },
1378     },
1379     {
1380         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_VPID },
1381         .to = { FEAT_VMX_EPT_VPID_CAPS,     0xffffffffull << 32 },
1382     },
1383     {
1384         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_VMFUNC },
1385         .to = { FEAT_VMX_VMFUNC,            ~0ull },
1386     },
1387 };
1388 
1389 typedef struct X86RegisterInfo32 {
1390     /* Name of register */
1391     const char *name;
1392     /* QAPI enum value register */
1393     X86CPURegister32 qapi_enum;
1394 } X86RegisterInfo32;
1395 
1396 #define REGISTER(reg) \
1397     [R_##reg] = { .name = #reg, .qapi_enum = X86_CPU_REGISTER32_##reg }
1398 static const X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
1399     REGISTER(EAX),
1400     REGISTER(ECX),
1401     REGISTER(EDX),
1402     REGISTER(EBX),
1403     REGISTER(ESP),
1404     REGISTER(EBP),
1405     REGISTER(ESI),
1406     REGISTER(EDI),
1407 };
1408 #undef REGISTER
1409 
1410 typedef struct ExtSaveArea {
1411     uint32_t feature, bits;
1412     uint32_t offset, size;
1413 } ExtSaveArea;
1414 
1415 static const ExtSaveArea x86_ext_save_areas[] = {
1416     [XSTATE_FP_BIT] = {
1417         /* x87 FP state component is always enabled if XSAVE is supported */
1418         .feature = FEAT_1_ECX, .bits = CPUID_EXT_XSAVE,
1419         /* x87 state is in the legacy region of the XSAVE area */
1420         .offset = 0,
1421         .size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader),
1422     },
1423     [XSTATE_SSE_BIT] = {
1424         /* SSE state component is always enabled if XSAVE is supported */
1425         .feature = FEAT_1_ECX, .bits = CPUID_EXT_XSAVE,
1426         /* SSE state is in the legacy region of the XSAVE area */
1427         .offset = 0,
1428         .size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader),
1429     },
1430     [XSTATE_YMM_BIT] =
1431           { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX,
1432             .offset = offsetof(X86XSaveArea, avx_state),
1433             .size = sizeof(XSaveAVX) },
1434     [XSTATE_BNDREGS_BIT] =
1435           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_MPX,
1436             .offset = offsetof(X86XSaveArea, bndreg_state),
1437             .size = sizeof(XSaveBNDREG)  },
1438     [XSTATE_BNDCSR_BIT] =
1439           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_MPX,
1440             .offset = offsetof(X86XSaveArea, bndcsr_state),
1441             .size = sizeof(XSaveBNDCSR)  },
1442     [XSTATE_OPMASK_BIT] =
1443           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1444             .offset = offsetof(X86XSaveArea, opmask_state),
1445             .size = sizeof(XSaveOpmask) },
1446     [XSTATE_ZMM_Hi256_BIT] =
1447           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1448             .offset = offsetof(X86XSaveArea, zmm_hi256_state),
1449             .size = sizeof(XSaveZMM_Hi256) },
1450     [XSTATE_Hi16_ZMM_BIT] =
1451           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1452             .offset = offsetof(X86XSaveArea, hi16_zmm_state),
1453             .size = sizeof(XSaveHi16_ZMM) },
1454     [XSTATE_PKRU_BIT] =
1455           { .feature = FEAT_7_0_ECX, .bits = CPUID_7_0_ECX_PKU,
1456             .offset = offsetof(X86XSaveArea, pkru_state),
1457             .size = sizeof(XSavePKRU) },
1458 };
1459 
1460 static uint32_t xsave_area_size(uint64_t mask)
1461 {
1462     int i;
1463     uint64_t ret = 0;
1464 
1465     for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
1466         const ExtSaveArea *esa = &x86_ext_save_areas[i];
1467         if ((mask >> i) & 1) {
1468             ret = MAX(ret, esa->offset + esa->size);
1469         }
1470     }
1471     return ret;
1472 }
1473 
1474 static inline bool accel_uses_host_cpuid(void)
1475 {
1476     return kvm_enabled() || hvf_enabled();
1477 }
1478 
1479 static inline uint64_t x86_cpu_xsave_components(X86CPU *cpu)
1480 {
1481     return ((uint64_t)cpu->env.features[FEAT_XSAVE_COMP_HI]) << 32 |
1482            cpu->env.features[FEAT_XSAVE_COMP_LO];
1483 }
1484 
1485 const char *get_register_name_32(unsigned int reg)
1486 {
1487     if (reg >= CPU_NB_REGS32) {
1488         return NULL;
1489     }
1490     return x86_reg_info_32[reg].name;
1491 }
1492 
1493 /*
1494  * Returns the set of feature flags that are supported and migratable by
1495  * QEMU, for a given FeatureWord.
1496  */
1497 static uint64_t x86_cpu_get_migratable_flags(FeatureWord w)
1498 {
1499     FeatureWordInfo *wi = &feature_word_info[w];
1500     uint64_t r = 0;
1501     int i;
1502 
1503     for (i = 0; i < 64; i++) {
1504         uint64_t f = 1ULL << i;
1505 
1506         /* If the feature name is known, it is implicitly considered migratable,
1507          * unless it is explicitly set in unmigratable_flags */
1508         if ((wi->migratable_flags & f) ||
1509             (wi->feat_names[i] && !(wi->unmigratable_flags & f))) {
1510             r |= f;
1511         }
1512     }
1513     return r;
1514 }
1515 
1516 void host_cpuid(uint32_t function, uint32_t count,
1517                 uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx)
1518 {
1519     uint32_t vec[4];
1520 
1521 #ifdef __x86_64__
1522     asm volatile("cpuid"
1523                  : "=a"(vec[0]), "=b"(vec[1]),
1524                    "=c"(vec[2]), "=d"(vec[3])
1525                  : "0"(function), "c"(count) : "cc");
1526 #elif defined(__i386__)
1527     asm volatile("pusha \n\t"
1528                  "cpuid \n\t"
1529                  "mov %%eax, 0(%2) \n\t"
1530                  "mov %%ebx, 4(%2) \n\t"
1531                  "mov %%ecx, 8(%2) \n\t"
1532                  "mov %%edx, 12(%2) \n\t"
1533                  "popa"
1534                  : : "a"(function), "c"(count), "S"(vec)
1535                  : "memory", "cc");
1536 #else
1537     abort();
1538 #endif
1539 
1540     if (eax)
1541         *eax = vec[0];
1542     if (ebx)
1543         *ebx = vec[1];
1544     if (ecx)
1545         *ecx = vec[2];
1546     if (edx)
1547         *edx = vec[3];
1548 }
1549 
1550 void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
1551 {
1552     uint32_t eax, ebx, ecx, edx;
1553 
1554     host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
1555     x86_cpu_vendor_words2str(vendor, ebx, edx, ecx);
1556 
1557     host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx);
1558     if (family) {
1559         *family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
1560     }
1561     if (model) {
1562         *model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12);
1563     }
1564     if (stepping) {
1565         *stepping = eax & 0x0F;
1566     }
1567 }
1568 
1569 /* CPU class name definitions: */
1570 
1571 /* Return type name for a given CPU model name
1572  * Caller is responsible for freeing the returned string.
1573  */
1574 static char *x86_cpu_type_name(const char *model_name)
1575 {
1576     return g_strdup_printf(X86_CPU_TYPE_NAME("%s"), model_name);
1577 }
1578 
1579 static ObjectClass *x86_cpu_class_by_name(const char *cpu_model)
1580 {
1581     g_autofree char *typename = x86_cpu_type_name(cpu_model);
1582     return object_class_by_name(typename);
1583 }
1584 
1585 static char *x86_cpu_class_get_model_name(X86CPUClass *cc)
1586 {
1587     const char *class_name = object_class_get_name(OBJECT_CLASS(cc));
1588     assert(g_str_has_suffix(class_name, X86_CPU_TYPE_SUFFIX));
1589     return g_strndup(class_name,
1590                      strlen(class_name) - strlen(X86_CPU_TYPE_SUFFIX));
1591 }
1592 
1593 typedef struct PropValue {
1594     const char *prop, *value;
1595 } PropValue;
1596 
1597 typedef struct X86CPUVersionDefinition {
1598     X86CPUVersion version;
1599     const char *alias;
1600     const char *note;
1601     PropValue *props;
1602 } X86CPUVersionDefinition;
1603 
1604 /* Base definition for a CPU model */
1605 typedef struct X86CPUDefinition {
1606     const char *name;
1607     uint32_t level;
1608     uint32_t xlevel;
1609     /* vendor is zero-terminated, 12 character ASCII string */
1610     char vendor[CPUID_VENDOR_SZ + 1];
1611     int family;
1612     int model;
1613     int stepping;
1614     FeatureWordArray features;
1615     const char *model_id;
1616     CPUCaches *cache_info;
1617 
1618     /* Use AMD EPYC encoding for apic id */
1619     bool use_epyc_apic_id_encoding;
1620 
1621     /*
1622      * Definitions for alternative versions of CPU model.
1623      * List is terminated by item with version == 0.
1624      * If NULL, version 1 will be registered automatically.
1625      */
1626     const X86CPUVersionDefinition *versions;
1627 } X86CPUDefinition;
1628 
1629 /* Reference to a specific CPU model version */
1630 struct X86CPUModel {
1631     /* Base CPU definition */
1632     X86CPUDefinition *cpudef;
1633     /* CPU model version */
1634     X86CPUVersion version;
1635     const char *note;
1636     /*
1637      * If true, this is an alias CPU model.
1638      * This matters only for "-cpu help" and query-cpu-definitions
1639      */
1640     bool is_alias;
1641 };
1642 
1643 /* Get full model name for CPU version */
1644 static char *x86_cpu_versioned_model_name(X86CPUDefinition *cpudef,
1645                                           X86CPUVersion version)
1646 {
1647     assert(version > 0);
1648     return g_strdup_printf("%s-v%d", cpudef->name, (int)version);
1649 }
1650 
1651 static const X86CPUVersionDefinition *x86_cpu_def_get_versions(X86CPUDefinition *def)
1652 {
1653     /* When X86CPUDefinition::versions is NULL, we register only v1 */
1654     static const X86CPUVersionDefinition default_version_list[] = {
1655         { 1 },
1656         { /* end of list */ }
1657     };
1658 
1659     return def->versions ?: default_version_list;
1660 }
1661 
1662 bool cpu_x86_use_epyc_apic_id_encoding(const char *cpu_type)
1663 {
1664     X86CPUClass *xcc = X86_CPU_CLASS(object_class_by_name(cpu_type));
1665 
1666     assert(xcc);
1667     if (xcc->model && xcc->model->cpudef) {
1668         return xcc->model->cpudef->use_epyc_apic_id_encoding;
1669     } else {
1670         return false;
1671     }
1672 }
1673 
1674 static CPUCaches epyc_cache_info = {
1675     .l1d_cache = &(CPUCacheInfo) {
1676         .type = DATA_CACHE,
1677         .level = 1,
1678         .size = 32 * KiB,
1679         .line_size = 64,
1680         .associativity = 8,
1681         .partitions = 1,
1682         .sets = 64,
1683         .lines_per_tag = 1,
1684         .self_init = 1,
1685         .no_invd_sharing = true,
1686     },
1687     .l1i_cache = &(CPUCacheInfo) {
1688         .type = INSTRUCTION_CACHE,
1689         .level = 1,
1690         .size = 64 * KiB,
1691         .line_size = 64,
1692         .associativity = 4,
1693         .partitions = 1,
1694         .sets = 256,
1695         .lines_per_tag = 1,
1696         .self_init = 1,
1697         .no_invd_sharing = true,
1698     },
1699     .l2_cache = &(CPUCacheInfo) {
1700         .type = UNIFIED_CACHE,
1701         .level = 2,
1702         .size = 512 * KiB,
1703         .line_size = 64,
1704         .associativity = 8,
1705         .partitions = 1,
1706         .sets = 1024,
1707         .lines_per_tag = 1,
1708     },
1709     .l3_cache = &(CPUCacheInfo) {
1710         .type = UNIFIED_CACHE,
1711         .level = 3,
1712         .size = 8 * MiB,
1713         .line_size = 64,
1714         .associativity = 16,
1715         .partitions = 1,
1716         .sets = 8192,
1717         .lines_per_tag = 1,
1718         .self_init = true,
1719         .inclusive = true,
1720         .complex_indexing = true,
1721     },
1722 };
1723 
1724 static CPUCaches epyc_rome_cache_info = {
1725     .l1d_cache = &(CPUCacheInfo) {
1726         .type = DATA_CACHE,
1727         .level = 1,
1728         .size = 32 * KiB,
1729         .line_size = 64,
1730         .associativity = 8,
1731         .partitions = 1,
1732         .sets = 64,
1733         .lines_per_tag = 1,
1734         .self_init = 1,
1735         .no_invd_sharing = true,
1736     },
1737     .l1i_cache = &(CPUCacheInfo) {
1738         .type = INSTRUCTION_CACHE,
1739         .level = 1,
1740         .size = 32 * KiB,
1741         .line_size = 64,
1742         .associativity = 8,
1743         .partitions = 1,
1744         .sets = 64,
1745         .lines_per_tag = 1,
1746         .self_init = 1,
1747         .no_invd_sharing = true,
1748     },
1749     .l2_cache = &(CPUCacheInfo) {
1750         .type = UNIFIED_CACHE,
1751         .level = 2,
1752         .size = 512 * KiB,
1753         .line_size = 64,
1754         .associativity = 8,
1755         .partitions = 1,
1756         .sets = 1024,
1757         .lines_per_tag = 1,
1758     },
1759     .l3_cache = &(CPUCacheInfo) {
1760         .type = UNIFIED_CACHE,
1761         .level = 3,
1762         .size = 16 * MiB,
1763         .line_size = 64,
1764         .associativity = 16,
1765         .partitions = 1,
1766         .sets = 16384,
1767         .lines_per_tag = 1,
1768         .self_init = true,
1769         .inclusive = true,
1770         .complex_indexing = true,
1771     },
1772 };
1773 
1774 /* The following VMX features are not supported by KVM and are left out in the
1775  * CPU definitions:
1776  *
1777  *  Dual-monitor support (all processors)
1778  *  Entry to SMM
1779  *  Deactivate dual-monitor treatment
1780  *  Number of CR3-target values
1781  *  Shutdown activity state
1782  *  Wait-for-SIPI activity state
1783  *  PAUSE-loop exiting (Westmere and newer)
1784  *  EPT-violation #VE (Broadwell and newer)
1785  *  Inject event with insn length=0 (Skylake and newer)
1786  *  Conceal non-root operation from PT
1787  *  Conceal VM exits from PT
1788  *  Conceal VM entries from PT
1789  *  Enable ENCLS exiting
1790  *  Mode-based execute control (XS/XU)
1791  s  TSC scaling (Skylake Server and newer)
1792  *  GPA translation for PT (IceLake and newer)
1793  *  User wait and pause
1794  *  ENCLV exiting
1795  *  Load IA32_RTIT_CTL
1796  *  Clear IA32_RTIT_CTL
1797  *  Advanced VM-exit information for EPT violations
1798  *  Sub-page write permissions
1799  *  PT in VMX operation
1800  */
1801 
1802 static X86CPUDefinition builtin_x86_defs[] = {
1803     {
1804         .name = "qemu64",
1805         .level = 0xd,
1806         .vendor = CPUID_VENDOR_AMD,
1807         .family = 6,
1808         .model = 6,
1809         .stepping = 3,
1810         .features[FEAT_1_EDX] =
1811             PPRO_FEATURES |
1812             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1813             CPUID_PSE36,
1814         .features[FEAT_1_ECX] =
1815             CPUID_EXT_SSE3 | CPUID_EXT_CX16,
1816         .features[FEAT_8000_0001_EDX] =
1817             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1818         .features[FEAT_8000_0001_ECX] =
1819             CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM,
1820         .xlevel = 0x8000000A,
1821         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
1822     },
1823     {
1824         .name = "phenom",
1825         .level = 5,
1826         .vendor = CPUID_VENDOR_AMD,
1827         .family = 16,
1828         .model = 2,
1829         .stepping = 3,
1830         /* Missing: CPUID_HT */
1831         .features[FEAT_1_EDX] =
1832             PPRO_FEATURES |
1833             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1834             CPUID_PSE36 | CPUID_VME,
1835         .features[FEAT_1_ECX] =
1836             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_CX16 |
1837             CPUID_EXT_POPCNT,
1838         .features[FEAT_8000_0001_EDX] =
1839             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX |
1840             CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | CPUID_EXT2_MMXEXT |
1841             CPUID_EXT2_FFXSR | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP,
1842         /* Missing: CPUID_EXT3_CMP_LEG, CPUID_EXT3_EXTAPIC,
1843                     CPUID_EXT3_CR8LEG,
1844                     CPUID_EXT3_MISALIGNSSE, CPUID_EXT3_3DNOWPREFETCH,
1845                     CPUID_EXT3_OSVW, CPUID_EXT3_IBS */
1846         .features[FEAT_8000_0001_ECX] =
1847             CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM |
1848             CPUID_EXT3_ABM | CPUID_EXT3_SSE4A,
1849         /* Missing: CPUID_SVM_LBRV */
1850         .features[FEAT_SVM] =
1851             CPUID_SVM_NPT,
1852         .xlevel = 0x8000001A,
1853         .model_id = "AMD Phenom(tm) 9550 Quad-Core Processor"
1854     },
1855     {
1856         .name = "core2duo",
1857         .level = 10,
1858         .vendor = CPUID_VENDOR_INTEL,
1859         .family = 6,
1860         .model = 15,
1861         .stepping = 11,
1862         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
1863         .features[FEAT_1_EDX] =
1864             PPRO_FEATURES |
1865             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1866             CPUID_PSE36 | CPUID_VME | CPUID_ACPI | CPUID_SS,
1867         /* Missing: CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_EST,
1868          * CPUID_EXT_TM2, CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_VMX */
1869         .features[FEAT_1_ECX] =
1870             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
1871             CPUID_EXT_CX16,
1872         .features[FEAT_8000_0001_EDX] =
1873             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1874         .features[FEAT_8000_0001_ECX] =
1875             CPUID_EXT3_LAHF_LM,
1876         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS,
1877         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
1878         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
1879         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
1880         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
1881              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS,
1882         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
1883              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
1884              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
1885              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
1886              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
1887              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
1888              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
1889              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
1890              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
1891              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
1892         .features[FEAT_VMX_SECONDARY_CTLS] =
1893              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES,
1894         .xlevel = 0x80000008,
1895         .model_id = "Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz",
1896     },
1897     {
1898         .name = "kvm64",
1899         .level = 0xd,
1900         .vendor = CPUID_VENDOR_INTEL,
1901         .family = 15,
1902         .model = 6,
1903         .stepping = 1,
1904         /* Missing: CPUID_HT */
1905         .features[FEAT_1_EDX] =
1906             PPRO_FEATURES | CPUID_VME |
1907             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1908             CPUID_PSE36,
1909         /* Missing: CPUID_EXT_POPCNT, CPUID_EXT_MONITOR */
1910         .features[FEAT_1_ECX] =
1911             CPUID_EXT_SSE3 | CPUID_EXT_CX16,
1912         /* Missing: CPUID_EXT2_PDPE1GB, CPUID_EXT2_RDTSCP */
1913         .features[FEAT_8000_0001_EDX] =
1914             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1915         /* Missing: CPUID_EXT3_LAHF_LM, CPUID_EXT3_CMP_LEG, CPUID_EXT3_EXTAPIC,
1916                     CPUID_EXT3_CR8LEG, CPUID_EXT3_ABM, CPUID_EXT3_SSE4A,
1917                     CPUID_EXT3_MISALIGNSSE, CPUID_EXT3_3DNOWPREFETCH,
1918                     CPUID_EXT3_OSVW, CPUID_EXT3_IBS, CPUID_EXT3_SVM */
1919         .features[FEAT_8000_0001_ECX] =
1920             0,
1921         /* VMX features from Cedar Mill/Prescott */
1922         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
1923         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
1924         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
1925         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
1926              VMX_PIN_BASED_NMI_EXITING,
1927         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
1928              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
1929              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
1930              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
1931              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
1932              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
1933              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
1934              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING,
1935         .xlevel = 0x80000008,
1936         .model_id = "Common KVM processor"
1937     },
1938     {
1939         .name = "qemu32",
1940         .level = 4,
1941         .vendor = CPUID_VENDOR_INTEL,
1942         .family = 6,
1943         .model = 6,
1944         .stepping = 3,
1945         .features[FEAT_1_EDX] =
1946             PPRO_FEATURES,
1947         .features[FEAT_1_ECX] =
1948             CPUID_EXT_SSE3,
1949         .xlevel = 0x80000004,
1950         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
1951     },
1952     {
1953         .name = "kvm32",
1954         .level = 5,
1955         .vendor = CPUID_VENDOR_INTEL,
1956         .family = 15,
1957         .model = 6,
1958         .stepping = 1,
1959         .features[FEAT_1_EDX] =
1960             PPRO_FEATURES | CPUID_VME |
1961             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_PSE36,
1962         .features[FEAT_1_ECX] =
1963             CPUID_EXT_SSE3,
1964         .features[FEAT_8000_0001_ECX] =
1965             0,
1966         /* VMX features from Yonah */
1967         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
1968         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
1969         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
1970         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
1971              VMX_PIN_BASED_NMI_EXITING,
1972         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
1973              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
1974              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
1975              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
1976              VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING |
1977              VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING |
1978              VMX_CPU_BASED_PAUSE_EXITING | VMX_CPU_BASED_USE_MSR_BITMAPS,
1979         .xlevel = 0x80000008,
1980         .model_id = "Common 32-bit KVM processor"
1981     },
1982     {
1983         .name = "coreduo",
1984         .level = 10,
1985         .vendor = CPUID_VENDOR_INTEL,
1986         .family = 6,
1987         .model = 14,
1988         .stepping = 8,
1989         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
1990         .features[FEAT_1_EDX] =
1991             PPRO_FEATURES | CPUID_VME |
1992             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_ACPI |
1993             CPUID_SS,
1994         /* Missing: CPUID_EXT_EST, CPUID_EXT_TM2 , CPUID_EXT_XTPR,
1995          * CPUID_EXT_PDCM, CPUID_EXT_VMX */
1996         .features[FEAT_1_ECX] =
1997             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR,
1998         .features[FEAT_8000_0001_EDX] =
1999             CPUID_EXT2_NX,
2000         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
2001         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
2002         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2003         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2004              VMX_PIN_BASED_NMI_EXITING,
2005         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2006              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2007              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2008              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2009              VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING |
2010              VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING |
2011              VMX_CPU_BASED_PAUSE_EXITING | VMX_CPU_BASED_USE_MSR_BITMAPS,
2012         .xlevel = 0x80000008,
2013         .model_id = "Genuine Intel(R) CPU           T2600  @ 2.16GHz",
2014     },
2015     {
2016         .name = "486",
2017         .level = 1,
2018         .vendor = CPUID_VENDOR_INTEL,
2019         .family = 4,
2020         .model = 8,
2021         .stepping = 0,
2022         .features[FEAT_1_EDX] =
2023             I486_FEATURES,
2024         .xlevel = 0,
2025         .model_id = "",
2026     },
2027     {
2028         .name = "pentium",
2029         .level = 1,
2030         .vendor = CPUID_VENDOR_INTEL,
2031         .family = 5,
2032         .model = 4,
2033         .stepping = 3,
2034         .features[FEAT_1_EDX] =
2035             PENTIUM_FEATURES,
2036         .xlevel = 0,
2037         .model_id = "",
2038     },
2039     {
2040         .name = "pentium2",
2041         .level = 2,
2042         .vendor = CPUID_VENDOR_INTEL,
2043         .family = 6,
2044         .model = 5,
2045         .stepping = 2,
2046         .features[FEAT_1_EDX] =
2047             PENTIUM2_FEATURES,
2048         .xlevel = 0,
2049         .model_id = "",
2050     },
2051     {
2052         .name = "pentium3",
2053         .level = 3,
2054         .vendor = CPUID_VENDOR_INTEL,
2055         .family = 6,
2056         .model = 7,
2057         .stepping = 3,
2058         .features[FEAT_1_EDX] =
2059             PENTIUM3_FEATURES,
2060         .xlevel = 0,
2061         .model_id = "",
2062     },
2063     {
2064         .name = "athlon",
2065         .level = 2,
2066         .vendor = CPUID_VENDOR_AMD,
2067         .family = 6,
2068         .model = 2,
2069         .stepping = 3,
2070         .features[FEAT_1_EDX] =
2071             PPRO_FEATURES | CPUID_PSE36 | CPUID_VME | CPUID_MTRR |
2072             CPUID_MCA,
2073         .features[FEAT_8000_0001_EDX] =
2074             CPUID_EXT2_MMXEXT | CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT,
2075         .xlevel = 0x80000008,
2076         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
2077     },
2078     {
2079         .name = "n270",
2080         .level = 10,
2081         .vendor = CPUID_VENDOR_INTEL,
2082         .family = 6,
2083         .model = 28,
2084         .stepping = 2,
2085         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
2086         .features[FEAT_1_EDX] =
2087             PPRO_FEATURES |
2088             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_VME |
2089             CPUID_ACPI | CPUID_SS,
2090             /* Some CPUs got no CPUID_SEP */
2091         /* Missing: CPUID_EXT_DSCPL, CPUID_EXT_EST, CPUID_EXT_TM2,
2092          * CPUID_EXT_XTPR */
2093         .features[FEAT_1_ECX] =
2094             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
2095             CPUID_EXT_MOVBE,
2096         .features[FEAT_8000_0001_EDX] =
2097             CPUID_EXT2_NX,
2098         .features[FEAT_8000_0001_ECX] =
2099             CPUID_EXT3_LAHF_LM,
2100         .xlevel = 0x80000008,
2101         .model_id = "Intel(R) Atom(TM) CPU N270   @ 1.60GHz",
2102     },
2103     {
2104         .name = "Conroe",
2105         .level = 10,
2106         .vendor = CPUID_VENDOR_INTEL,
2107         .family = 6,
2108         .model = 15,
2109         .stepping = 3,
2110         .features[FEAT_1_EDX] =
2111             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2112             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2113             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2114             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2115             CPUID_DE | CPUID_FP87,
2116         .features[FEAT_1_ECX] =
2117             CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
2118         .features[FEAT_8000_0001_EDX] =
2119             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2120         .features[FEAT_8000_0001_ECX] =
2121             CPUID_EXT3_LAHF_LM,
2122         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS,
2123         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
2124         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
2125         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2126         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2127              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS,
2128         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2129              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2130              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2131              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2132              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2133              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2134              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2135              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2136              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2137              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2138         .features[FEAT_VMX_SECONDARY_CTLS] =
2139              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES,
2140         .xlevel = 0x80000008,
2141         .model_id = "Intel Celeron_4x0 (Conroe/Merom Class Core 2)",
2142     },
2143     {
2144         .name = "Penryn",
2145         .level = 10,
2146         .vendor = CPUID_VENDOR_INTEL,
2147         .family = 6,
2148         .model = 23,
2149         .stepping = 3,
2150         .features[FEAT_1_EDX] =
2151             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2152             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2153             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2154             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2155             CPUID_DE | CPUID_FP87,
2156         .features[FEAT_1_ECX] =
2157             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2158             CPUID_EXT_SSE3,
2159         .features[FEAT_8000_0001_EDX] =
2160             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2161         .features[FEAT_8000_0001_ECX] =
2162             CPUID_EXT3_LAHF_LM,
2163         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS,
2164         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2165              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
2166         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT |
2167              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL,
2168         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2169         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2170              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS,
2171         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2172              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2173              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2174              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2175              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2176              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2177              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2178              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2179              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2180              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2181         .features[FEAT_VMX_SECONDARY_CTLS] =
2182              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2183              VMX_SECONDARY_EXEC_WBINVD_EXITING,
2184         .xlevel = 0x80000008,
2185         .model_id = "Intel Core 2 Duo P9xxx (Penryn Class Core 2)",
2186     },
2187     {
2188         .name = "Nehalem",
2189         .level = 11,
2190         .vendor = CPUID_VENDOR_INTEL,
2191         .family = 6,
2192         .model = 26,
2193         .stepping = 3,
2194         .features[FEAT_1_EDX] =
2195             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2196             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2197             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2198             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2199             CPUID_DE | CPUID_FP87,
2200         .features[FEAT_1_ECX] =
2201             CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2202             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
2203         .features[FEAT_8000_0001_EDX] =
2204             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2205         .features[FEAT_8000_0001_ECX] =
2206             CPUID_EXT3_LAHF_LM,
2207         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2208              MSR_VMX_BASIC_TRUE_CTLS,
2209         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2210              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2211              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2212         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2213              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2214              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2215              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2216              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2217              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2218              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2219         .features[FEAT_VMX_EXIT_CTLS] =
2220              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2221              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2222              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2223              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2224              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2225         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2226         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2227              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2228              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2229         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2230              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2231              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2232              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2233              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2234              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2235              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2236              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2237              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2238              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2239              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2240              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2241         .features[FEAT_VMX_SECONDARY_CTLS] =
2242              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2243              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2244              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2245              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2246              VMX_SECONDARY_EXEC_ENABLE_VPID,
2247         .xlevel = 0x80000008,
2248         .model_id = "Intel Core i7 9xx (Nehalem Class Core i7)",
2249         .versions = (X86CPUVersionDefinition[]) {
2250             { .version = 1 },
2251             {
2252                 .version = 2,
2253                 .alias = "Nehalem-IBRS",
2254                 .props = (PropValue[]) {
2255                     { "spec-ctrl", "on" },
2256                     { "model-id",
2257                       "Intel Core i7 9xx (Nehalem Core i7, IBRS update)" },
2258                     { /* end of list */ }
2259                 }
2260             },
2261             { /* end of list */ }
2262         }
2263     },
2264     {
2265         .name = "Westmere",
2266         .level = 11,
2267         .vendor = CPUID_VENDOR_INTEL,
2268         .family = 6,
2269         .model = 44,
2270         .stepping = 1,
2271         .features[FEAT_1_EDX] =
2272             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2273             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2274             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2275             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2276             CPUID_DE | CPUID_FP87,
2277         .features[FEAT_1_ECX] =
2278             CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
2279             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2280             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
2281         .features[FEAT_8000_0001_EDX] =
2282             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2283         .features[FEAT_8000_0001_ECX] =
2284             CPUID_EXT3_LAHF_LM,
2285         .features[FEAT_6_EAX] =
2286             CPUID_6_EAX_ARAT,
2287         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2288              MSR_VMX_BASIC_TRUE_CTLS,
2289         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2290              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2291              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2292         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2293              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2294              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2295              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2296              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2297              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2298              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2299         .features[FEAT_VMX_EXIT_CTLS] =
2300              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2301              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2302              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2303              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2304              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2305         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2306              MSR_VMX_MISC_STORE_LMA,
2307         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2308              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2309              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2310         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2311              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2312              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2313              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2314              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2315              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2316              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2317              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2318              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2319              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2320              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2321              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2322         .features[FEAT_VMX_SECONDARY_CTLS] =
2323              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2324              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2325              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2326              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2327              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST,
2328         .xlevel = 0x80000008,
2329         .model_id = "Westmere E56xx/L56xx/X56xx (Nehalem-C)",
2330         .versions = (X86CPUVersionDefinition[]) {
2331             { .version = 1 },
2332             {
2333                 .version = 2,
2334                 .alias = "Westmere-IBRS",
2335                 .props = (PropValue[]) {
2336                     { "spec-ctrl", "on" },
2337                     { "model-id",
2338                       "Westmere E56xx/L56xx/X56xx (IBRS update)" },
2339                     { /* end of list */ }
2340                 }
2341             },
2342             { /* end of list */ }
2343         }
2344     },
2345     {
2346         .name = "SandyBridge",
2347         .level = 0xd,
2348         .vendor = CPUID_VENDOR_INTEL,
2349         .family = 6,
2350         .model = 42,
2351         .stepping = 1,
2352         .features[FEAT_1_EDX] =
2353             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2354             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2355             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2356             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2357             CPUID_DE | CPUID_FP87,
2358         .features[FEAT_1_ECX] =
2359             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2360             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
2361             CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2362             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2363             CPUID_EXT_SSE3,
2364         .features[FEAT_8000_0001_EDX] =
2365             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2366             CPUID_EXT2_SYSCALL,
2367         .features[FEAT_8000_0001_ECX] =
2368             CPUID_EXT3_LAHF_LM,
2369         .features[FEAT_XSAVE] =
2370             CPUID_XSAVE_XSAVEOPT,
2371         .features[FEAT_6_EAX] =
2372             CPUID_6_EAX_ARAT,
2373         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2374              MSR_VMX_BASIC_TRUE_CTLS,
2375         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2376              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2377              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2378         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2379              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2380              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2381              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2382              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2383              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2384              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2385         .features[FEAT_VMX_EXIT_CTLS] =
2386              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2387              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2388              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2389              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2390              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2391         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2392              MSR_VMX_MISC_STORE_LMA,
2393         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2394              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2395              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2396         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2397              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2398              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2399              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2400              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2401              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2402              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2403              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2404              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2405              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2406              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2407              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2408         .features[FEAT_VMX_SECONDARY_CTLS] =
2409              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2410              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2411              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2412              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2413              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST,
2414         .xlevel = 0x80000008,
2415         .model_id = "Intel Xeon E312xx (Sandy Bridge)",
2416         .versions = (X86CPUVersionDefinition[]) {
2417             { .version = 1 },
2418             {
2419                 .version = 2,
2420                 .alias = "SandyBridge-IBRS",
2421                 .props = (PropValue[]) {
2422                     { "spec-ctrl", "on" },
2423                     { "model-id",
2424                       "Intel Xeon E312xx (Sandy Bridge, IBRS update)" },
2425                     { /* end of list */ }
2426                 }
2427             },
2428             { /* end of list */ }
2429         }
2430     },
2431     {
2432         .name = "IvyBridge",
2433         .level = 0xd,
2434         .vendor = CPUID_VENDOR_INTEL,
2435         .family = 6,
2436         .model = 58,
2437         .stepping = 9,
2438         .features[FEAT_1_EDX] =
2439             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2440             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2441             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2442             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2443             CPUID_DE | CPUID_FP87,
2444         .features[FEAT_1_ECX] =
2445             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2446             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
2447             CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2448             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2449             CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2450         .features[FEAT_7_0_EBX] =
2451             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
2452             CPUID_7_0_EBX_ERMS,
2453         .features[FEAT_8000_0001_EDX] =
2454             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2455             CPUID_EXT2_SYSCALL,
2456         .features[FEAT_8000_0001_ECX] =
2457             CPUID_EXT3_LAHF_LM,
2458         .features[FEAT_XSAVE] =
2459             CPUID_XSAVE_XSAVEOPT,
2460         .features[FEAT_6_EAX] =
2461             CPUID_6_EAX_ARAT,
2462         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2463              MSR_VMX_BASIC_TRUE_CTLS,
2464         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2465              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2466              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2467         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2468              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2469              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2470              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2471              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2472              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2473              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2474         .features[FEAT_VMX_EXIT_CTLS] =
2475              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2476              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2477              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2478              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2479              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2480         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2481              MSR_VMX_MISC_STORE_LMA,
2482         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2483              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2484              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2485         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2486              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2487              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2488              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2489              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2490              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2491              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2492              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2493              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2494              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2495              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2496              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2497         .features[FEAT_VMX_SECONDARY_CTLS] =
2498              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2499              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2500              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2501              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2502              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2503              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2504              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2505              VMX_SECONDARY_EXEC_RDRAND_EXITING,
2506         .xlevel = 0x80000008,
2507         .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge)",
2508         .versions = (X86CPUVersionDefinition[]) {
2509             { .version = 1 },
2510             {
2511                 .version = 2,
2512                 .alias = "IvyBridge-IBRS",
2513                 .props = (PropValue[]) {
2514                     { "spec-ctrl", "on" },
2515                     { "model-id",
2516                       "Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)" },
2517                     { /* end of list */ }
2518                 }
2519             },
2520             { /* end of list */ }
2521         }
2522     },
2523     {
2524         .name = "Haswell",
2525         .level = 0xd,
2526         .vendor = CPUID_VENDOR_INTEL,
2527         .family = 6,
2528         .model = 60,
2529         .stepping = 4,
2530         .features[FEAT_1_EDX] =
2531             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2532             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2533             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2534             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2535             CPUID_DE | CPUID_FP87,
2536         .features[FEAT_1_ECX] =
2537             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2538             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2539             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2540             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2541             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2542             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2543         .features[FEAT_8000_0001_EDX] =
2544             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2545             CPUID_EXT2_SYSCALL,
2546         .features[FEAT_8000_0001_ECX] =
2547             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM,
2548         .features[FEAT_7_0_EBX] =
2549             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2550             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2551             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2552             CPUID_7_0_EBX_RTM,
2553         .features[FEAT_XSAVE] =
2554             CPUID_XSAVE_XSAVEOPT,
2555         .features[FEAT_6_EAX] =
2556             CPUID_6_EAX_ARAT,
2557         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2558              MSR_VMX_BASIC_TRUE_CTLS,
2559         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2560              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2561              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2562         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2563              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2564              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2565              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2566              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2567              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2568              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2569         .features[FEAT_VMX_EXIT_CTLS] =
2570              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2571              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2572              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2573              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2574              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2575         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2576              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2577         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2578              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2579              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2580         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2581              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2582              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2583              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2584              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2585              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2586              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2587              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2588              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2589              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2590              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2591              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2592         .features[FEAT_VMX_SECONDARY_CTLS] =
2593              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2594              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2595              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2596              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2597              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2598              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2599              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2600              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2601              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS,
2602         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
2603         .xlevel = 0x80000008,
2604         .model_id = "Intel Core Processor (Haswell)",
2605         .versions = (X86CPUVersionDefinition[]) {
2606             { .version = 1 },
2607             {
2608                 .version = 2,
2609                 .alias = "Haswell-noTSX",
2610                 .props = (PropValue[]) {
2611                     { "hle", "off" },
2612                     { "rtm", "off" },
2613                     { "stepping", "1" },
2614                     { "model-id", "Intel Core Processor (Haswell, no TSX)", },
2615                     { /* end of list */ }
2616                 },
2617             },
2618             {
2619                 .version = 3,
2620                 .alias = "Haswell-IBRS",
2621                 .props = (PropValue[]) {
2622                     /* Restore TSX features removed by -v2 above */
2623                     { "hle", "on" },
2624                     { "rtm", "on" },
2625                     /*
2626                      * Haswell and Haswell-IBRS had stepping=4 in
2627                      * QEMU 4.0 and older
2628                      */
2629                     { "stepping", "4" },
2630                     { "spec-ctrl", "on" },
2631                     { "model-id",
2632                       "Intel Core Processor (Haswell, IBRS)" },
2633                     { /* end of list */ }
2634                 }
2635             },
2636             {
2637                 .version = 4,
2638                 .alias = "Haswell-noTSX-IBRS",
2639                 .props = (PropValue[]) {
2640                     { "hle", "off" },
2641                     { "rtm", "off" },
2642                     /* spec-ctrl was already enabled by -v3 above */
2643                     { "stepping", "1" },
2644                     { "model-id",
2645                       "Intel Core Processor (Haswell, no TSX, IBRS)" },
2646                     { /* end of list */ }
2647                 }
2648             },
2649             { /* end of list */ }
2650         }
2651     },
2652     {
2653         .name = "Broadwell",
2654         .level = 0xd,
2655         .vendor = CPUID_VENDOR_INTEL,
2656         .family = 6,
2657         .model = 61,
2658         .stepping = 2,
2659         .features[FEAT_1_EDX] =
2660             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2661             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2662             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2663             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2664             CPUID_DE | CPUID_FP87,
2665         .features[FEAT_1_ECX] =
2666             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2667             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2668             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2669             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2670             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2671             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2672         .features[FEAT_8000_0001_EDX] =
2673             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2674             CPUID_EXT2_SYSCALL,
2675         .features[FEAT_8000_0001_ECX] =
2676             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2677         .features[FEAT_7_0_EBX] =
2678             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2679             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2680             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2681             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2682             CPUID_7_0_EBX_SMAP,
2683         .features[FEAT_XSAVE] =
2684             CPUID_XSAVE_XSAVEOPT,
2685         .features[FEAT_6_EAX] =
2686             CPUID_6_EAX_ARAT,
2687         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2688              MSR_VMX_BASIC_TRUE_CTLS,
2689         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2690              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2691              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2692         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2693              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2694              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2695              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2696              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2697              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2698              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2699         .features[FEAT_VMX_EXIT_CTLS] =
2700              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2701              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2702              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2703              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2704              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2705         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2706              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2707         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2708              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2709              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2710         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2711              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2712              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2713              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2714              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2715              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2716              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2717              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2718              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2719              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2720              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2721              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2722         .features[FEAT_VMX_SECONDARY_CTLS] =
2723              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2724              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2725              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2726              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2727              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2728              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2729              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2730              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2731              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
2732              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
2733         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
2734         .xlevel = 0x80000008,
2735         .model_id = "Intel Core Processor (Broadwell)",
2736         .versions = (X86CPUVersionDefinition[]) {
2737             { .version = 1 },
2738             {
2739                 .version = 2,
2740                 .alias = "Broadwell-noTSX",
2741                 .props = (PropValue[]) {
2742                     { "hle", "off" },
2743                     { "rtm", "off" },
2744                     { "model-id", "Intel Core Processor (Broadwell, no TSX)", },
2745                     { /* end of list */ }
2746                 },
2747             },
2748             {
2749                 .version = 3,
2750                 .alias = "Broadwell-IBRS",
2751                 .props = (PropValue[]) {
2752                     /* Restore TSX features removed by -v2 above */
2753                     { "hle", "on" },
2754                     { "rtm", "on" },
2755                     { "spec-ctrl", "on" },
2756                     { "model-id",
2757                       "Intel Core Processor (Broadwell, IBRS)" },
2758                     { /* end of list */ }
2759                 }
2760             },
2761             {
2762                 .version = 4,
2763                 .alias = "Broadwell-noTSX-IBRS",
2764                 .props = (PropValue[]) {
2765                     { "hle", "off" },
2766                     { "rtm", "off" },
2767                     /* spec-ctrl was already enabled by -v3 above */
2768                     { "model-id",
2769                       "Intel Core Processor (Broadwell, no TSX, IBRS)" },
2770                     { /* end of list */ }
2771                 }
2772             },
2773             { /* end of list */ }
2774         }
2775     },
2776     {
2777         .name = "Skylake-Client",
2778         .level = 0xd,
2779         .vendor = CPUID_VENDOR_INTEL,
2780         .family = 6,
2781         .model = 94,
2782         .stepping = 3,
2783         .features[FEAT_1_EDX] =
2784             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2785             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2786             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2787             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2788             CPUID_DE | CPUID_FP87,
2789         .features[FEAT_1_ECX] =
2790             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2791             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2792             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2793             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2794             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2795             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2796         .features[FEAT_8000_0001_EDX] =
2797             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2798             CPUID_EXT2_SYSCALL,
2799         .features[FEAT_8000_0001_ECX] =
2800             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2801         .features[FEAT_7_0_EBX] =
2802             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2803             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2804             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2805             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2806             CPUID_7_0_EBX_SMAP,
2807         /* Missing: XSAVES (not supported by some Linux versions,
2808          * including v4.1 to v4.12).
2809          * KVM doesn't yet expose any XSAVES state save component,
2810          * and the only one defined in Skylake (processor tracing)
2811          * probably will block migration anyway.
2812          */
2813         .features[FEAT_XSAVE] =
2814             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2815             CPUID_XSAVE_XGETBV1,
2816         .features[FEAT_6_EAX] =
2817             CPUID_6_EAX_ARAT,
2818         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
2819         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2820              MSR_VMX_BASIC_TRUE_CTLS,
2821         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2822              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2823              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2824         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2825              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2826              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2827              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2828              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2829              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2830              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2831         .features[FEAT_VMX_EXIT_CTLS] =
2832              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2833              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2834              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2835              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2836              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2837         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2838              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2839         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2840              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2841              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2842         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2843              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2844              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2845              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2846              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2847              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2848              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2849              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2850              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2851              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2852              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2853              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2854         .features[FEAT_VMX_SECONDARY_CTLS] =
2855              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2856              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2857              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2858              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2859              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2860              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
2861              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
2862         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
2863         .xlevel = 0x80000008,
2864         .model_id = "Intel Core Processor (Skylake)",
2865         .versions = (X86CPUVersionDefinition[]) {
2866             { .version = 1 },
2867             {
2868                 .version = 2,
2869                 .alias = "Skylake-Client-IBRS",
2870                 .props = (PropValue[]) {
2871                     { "spec-ctrl", "on" },
2872                     { "model-id",
2873                       "Intel Core Processor (Skylake, IBRS)" },
2874                     { /* end of list */ }
2875                 }
2876             },
2877             {
2878                 .version = 3,
2879                 .alias = "Skylake-Client-noTSX-IBRS",
2880                 .props = (PropValue[]) {
2881                     { "hle", "off" },
2882                     { "rtm", "off" },
2883                     { "model-id",
2884                       "Intel Core Processor (Skylake, IBRS, no TSX)" },
2885                     { /* end of list */ }
2886                 }
2887             },
2888             { /* end of list */ }
2889         }
2890     },
2891     {
2892         .name = "Skylake-Server",
2893         .level = 0xd,
2894         .vendor = CPUID_VENDOR_INTEL,
2895         .family = 6,
2896         .model = 85,
2897         .stepping = 4,
2898         .features[FEAT_1_EDX] =
2899             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2900             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2901             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2902             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2903             CPUID_DE | CPUID_FP87,
2904         .features[FEAT_1_ECX] =
2905             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2906             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2907             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2908             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2909             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2910             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2911         .features[FEAT_8000_0001_EDX] =
2912             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
2913             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2914         .features[FEAT_8000_0001_ECX] =
2915             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2916         .features[FEAT_7_0_EBX] =
2917             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2918             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2919             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2920             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2921             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
2922             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
2923             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
2924             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
2925         .features[FEAT_7_0_ECX] =
2926             CPUID_7_0_ECX_PKU,
2927         /* Missing: XSAVES (not supported by some Linux versions,
2928          * including v4.1 to v4.12).
2929          * KVM doesn't yet expose any XSAVES state save component,
2930          * and the only one defined in Skylake (processor tracing)
2931          * probably will block migration anyway.
2932          */
2933         .features[FEAT_XSAVE] =
2934             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2935             CPUID_XSAVE_XGETBV1,
2936         .features[FEAT_6_EAX] =
2937             CPUID_6_EAX_ARAT,
2938         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
2939         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2940              MSR_VMX_BASIC_TRUE_CTLS,
2941         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2942              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2943              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2944         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2945              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2946              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2947              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2948              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2949              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2950              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2951         .features[FEAT_VMX_EXIT_CTLS] =
2952              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2953              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2954              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2955              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2956              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2957         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2958              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2959         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2960              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2961              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2962         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2963              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2964              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2965              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2966              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2967              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2968              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2969              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2970              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2971              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2972              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2973              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2974         .features[FEAT_VMX_SECONDARY_CTLS] =
2975              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2976              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2977              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2978              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2979              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2980              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2981              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2982              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2983              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
2984              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
2985         .xlevel = 0x80000008,
2986         .model_id = "Intel Xeon Processor (Skylake)",
2987         .versions = (X86CPUVersionDefinition[]) {
2988             { .version = 1 },
2989             {
2990                 .version = 2,
2991                 .alias = "Skylake-Server-IBRS",
2992                 .props = (PropValue[]) {
2993                     /* clflushopt was not added to Skylake-Server-IBRS */
2994                     /* TODO: add -v3 including clflushopt */
2995                     { "clflushopt", "off" },
2996                     { "spec-ctrl", "on" },
2997                     { "model-id",
2998                       "Intel Xeon Processor (Skylake, IBRS)" },
2999                     { /* end of list */ }
3000                 }
3001             },
3002             {
3003                 .version = 3,
3004                 .alias = "Skylake-Server-noTSX-IBRS",
3005                 .props = (PropValue[]) {
3006                     { "hle", "off" },
3007                     { "rtm", "off" },
3008                     { "model-id",
3009                       "Intel Xeon Processor (Skylake, IBRS, no TSX)" },
3010                     { /* end of list */ }
3011                 }
3012             },
3013             { /* end of list */ }
3014         }
3015     },
3016     {
3017         .name = "Cascadelake-Server",
3018         .level = 0xd,
3019         .vendor = CPUID_VENDOR_INTEL,
3020         .family = 6,
3021         .model = 85,
3022         .stepping = 6,
3023         .features[FEAT_1_EDX] =
3024             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3025             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3026             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3027             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3028             CPUID_DE | CPUID_FP87,
3029         .features[FEAT_1_ECX] =
3030             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3031             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3032             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3033             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3034             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3035             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3036         .features[FEAT_8000_0001_EDX] =
3037             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3038             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3039         .features[FEAT_8000_0001_ECX] =
3040             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3041         .features[FEAT_7_0_EBX] =
3042             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3043             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3044             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3045             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3046             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3047             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3048             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3049             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3050         .features[FEAT_7_0_ECX] =
3051             CPUID_7_0_ECX_PKU |
3052             CPUID_7_0_ECX_AVX512VNNI,
3053         .features[FEAT_7_0_EDX] =
3054             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3055         /* Missing: XSAVES (not supported by some Linux versions,
3056                 * including v4.1 to v4.12).
3057                 * KVM doesn't yet expose any XSAVES state save component,
3058                 * and the only one defined in Skylake (processor tracing)
3059                 * probably will block migration anyway.
3060                 */
3061         .features[FEAT_XSAVE] =
3062             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3063             CPUID_XSAVE_XGETBV1,
3064         .features[FEAT_6_EAX] =
3065             CPUID_6_EAX_ARAT,
3066         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3067         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3068              MSR_VMX_BASIC_TRUE_CTLS,
3069         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3070              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3071              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3072         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3073              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3074              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3075              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3076              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3077              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3078              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3079         .features[FEAT_VMX_EXIT_CTLS] =
3080              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3081              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3082              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3083              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3084              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3085         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3086              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3087         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3088              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3089              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3090         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3091              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3092              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3093              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3094              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3095              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3096              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3097              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3098              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3099              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3100              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3101              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3102         .features[FEAT_VMX_SECONDARY_CTLS] =
3103              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3104              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3105              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3106              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3107              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3108              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3109              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3110              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3111              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3112              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3113         .xlevel = 0x80000008,
3114         .model_id = "Intel Xeon Processor (Cascadelake)",
3115         .versions = (X86CPUVersionDefinition[]) {
3116             { .version = 1 },
3117             { .version = 2,
3118               .props = (PropValue[]) {
3119                   { "arch-capabilities", "on" },
3120                   { "rdctl-no", "on" },
3121                   { "ibrs-all", "on" },
3122                   { "skip-l1dfl-vmentry", "on" },
3123                   { "mds-no", "on" },
3124                   { /* end of list */ }
3125               },
3126             },
3127             { .version = 3,
3128               .alias = "Cascadelake-Server-noTSX",
3129               .props = (PropValue[]) {
3130                   { "hle", "off" },
3131                   { "rtm", "off" },
3132                   { /* end of list */ }
3133               },
3134             },
3135             { /* end of list */ }
3136         }
3137     },
3138     {
3139         .name = "Cooperlake",
3140         .level = 0xd,
3141         .vendor = CPUID_VENDOR_INTEL,
3142         .family = 6,
3143         .model = 85,
3144         .stepping = 10,
3145         .features[FEAT_1_EDX] =
3146             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3147             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3148             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3149             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3150             CPUID_DE | CPUID_FP87,
3151         .features[FEAT_1_ECX] =
3152             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3153             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3154             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3155             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3156             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3157             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3158         .features[FEAT_8000_0001_EDX] =
3159             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3160             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3161         .features[FEAT_8000_0001_ECX] =
3162             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3163         .features[FEAT_7_0_EBX] =
3164             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3165             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3166             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3167             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3168             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3169             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3170             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3171             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3172         .features[FEAT_7_0_ECX] =
3173             CPUID_7_0_ECX_PKU |
3174             CPUID_7_0_ECX_AVX512VNNI,
3175         .features[FEAT_7_0_EDX] =
3176             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_STIBP |
3177             CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES,
3178         .features[FEAT_ARCH_CAPABILITIES] =
3179             MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL |
3180             MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
3181             MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
3182         .features[FEAT_7_1_EAX] =
3183             CPUID_7_1_EAX_AVX512_BF16,
3184         /*
3185          * Missing: XSAVES (not supported by some Linux versions,
3186          * including v4.1 to v4.12).
3187          * KVM doesn't yet expose any XSAVES state save component,
3188          * and the only one defined in Skylake (processor tracing)
3189          * probably will block migration anyway.
3190          */
3191         .features[FEAT_XSAVE] =
3192             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3193             CPUID_XSAVE_XGETBV1,
3194         .features[FEAT_6_EAX] =
3195             CPUID_6_EAX_ARAT,
3196         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3197         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3198              MSR_VMX_BASIC_TRUE_CTLS,
3199         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3200              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3201              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3202         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3203              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3204              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3205              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3206              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3207              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3208              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3209         .features[FEAT_VMX_EXIT_CTLS] =
3210              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3211              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3212              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3213              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3214              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3215         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3216              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3217         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3218              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3219              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3220         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3221              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3222              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3223              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3224              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3225              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3226              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3227              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3228              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3229              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3230              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3231              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3232         .features[FEAT_VMX_SECONDARY_CTLS] =
3233              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3234              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3235              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3236              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3237              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3238              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3239              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3240              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3241              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3242              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3243         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3244         .xlevel = 0x80000008,
3245         .model_id = "Intel Xeon Processor (Cooperlake)",
3246     },
3247     {
3248         .name = "Icelake-Client",
3249         .level = 0xd,
3250         .vendor = CPUID_VENDOR_INTEL,
3251         .family = 6,
3252         .model = 126,
3253         .stepping = 0,
3254         .features[FEAT_1_EDX] =
3255             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3256             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3257             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3258             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3259             CPUID_DE | CPUID_FP87,
3260         .features[FEAT_1_ECX] =
3261             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3262             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3263             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3264             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3265             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3266             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3267         .features[FEAT_8000_0001_EDX] =
3268             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
3269             CPUID_EXT2_SYSCALL,
3270         .features[FEAT_8000_0001_ECX] =
3271             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3272         .features[FEAT_8000_0008_EBX] =
3273             CPUID_8000_0008_EBX_WBNOINVD,
3274         .features[FEAT_7_0_EBX] =
3275             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3276             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3277             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3278             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3279             CPUID_7_0_EBX_SMAP,
3280         .features[FEAT_7_0_ECX] =
3281             CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
3282             CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
3283             CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
3284             CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
3285             CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
3286         .features[FEAT_7_0_EDX] =
3287             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3288         /* Missing: XSAVES (not supported by some Linux versions,
3289                 * including v4.1 to v4.12).
3290                 * KVM doesn't yet expose any XSAVES state save component,
3291                 * and the only one defined in Skylake (processor tracing)
3292                 * probably will block migration anyway.
3293                 */
3294         .features[FEAT_XSAVE] =
3295             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3296             CPUID_XSAVE_XGETBV1,
3297         .features[FEAT_6_EAX] =
3298             CPUID_6_EAX_ARAT,
3299         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3300         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3301              MSR_VMX_BASIC_TRUE_CTLS,
3302         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3303              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3304              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3305         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3306              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3307              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3308              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3309              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3310              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3311              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3312         .features[FEAT_VMX_EXIT_CTLS] =
3313              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3314              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3315              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3316              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3317              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3318         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3319              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3320         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3321              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3322              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
3323         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3324              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3325              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3326              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3327              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3328              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3329              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3330              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3331              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3332              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3333              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3334              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3335         .features[FEAT_VMX_SECONDARY_CTLS] =
3336              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3337              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3338              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3339              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3340              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3341              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3342              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3343         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3344         .xlevel = 0x80000008,
3345         .model_id = "Intel Core Processor (Icelake)",
3346         .versions = (X86CPUVersionDefinition[]) {
3347             { .version = 1 },
3348             {
3349                 .version = 2,
3350                 .alias = "Icelake-Client-noTSX",
3351                 .props = (PropValue[]) {
3352                     { "hle", "off" },
3353                     { "rtm", "off" },
3354                     { /* end of list */ }
3355                 },
3356             },
3357             { /* end of list */ }
3358         }
3359     },
3360     {
3361         .name = "Icelake-Server",
3362         .level = 0xd,
3363         .vendor = CPUID_VENDOR_INTEL,
3364         .family = 6,
3365         .model = 134,
3366         .stepping = 0,
3367         .features[FEAT_1_EDX] =
3368             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3369             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3370             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3371             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3372             CPUID_DE | CPUID_FP87,
3373         .features[FEAT_1_ECX] =
3374             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3375             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3376             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3377             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3378             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3379             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3380         .features[FEAT_8000_0001_EDX] =
3381             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3382             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3383         .features[FEAT_8000_0001_ECX] =
3384             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3385         .features[FEAT_8000_0008_EBX] =
3386             CPUID_8000_0008_EBX_WBNOINVD,
3387         .features[FEAT_7_0_EBX] =
3388             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3389             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3390             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3391             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3392             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3393             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3394             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3395             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3396         .features[FEAT_7_0_ECX] =
3397             CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
3398             CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
3399             CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
3400             CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
3401             CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57,
3402         .features[FEAT_7_0_EDX] =
3403             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3404         /* Missing: XSAVES (not supported by some Linux versions,
3405                 * including v4.1 to v4.12).
3406                 * KVM doesn't yet expose any XSAVES state save component,
3407                 * and the only one defined in Skylake (processor tracing)
3408                 * probably will block migration anyway.
3409                 */
3410         .features[FEAT_XSAVE] =
3411             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3412             CPUID_XSAVE_XGETBV1,
3413         .features[FEAT_6_EAX] =
3414             CPUID_6_EAX_ARAT,
3415         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3416         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3417              MSR_VMX_BASIC_TRUE_CTLS,
3418         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3419              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3420              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3421         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3422              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3423              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3424              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3425              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3426              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3427              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3428         .features[FEAT_VMX_EXIT_CTLS] =
3429              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3430              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3431              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3432              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3433              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3434         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3435              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3436         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3437              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3438              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3439         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3440              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3441              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3442              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3443              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3444              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3445              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3446              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3447              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3448              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3449              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3450              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3451         .features[FEAT_VMX_SECONDARY_CTLS] =
3452              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3453              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3454              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3455              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3456              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3457              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3458              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3459              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3460              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS,
3461         .xlevel = 0x80000008,
3462         .model_id = "Intel Xeon Processor (Icelake)",
3463         .versions = (X86CPUVersionDefinition[]) {
3464             { .version = 1 },
3465             {
3466                 .version = 2,
3467                 .alias = "Icelake-Server-noTSX",
3468                 .props = (PropValue[]) {
3469                     { "hle", "off" },
3470                     { "rtm", "off" },
3471                     { /* end of list */ }
3472                 },
3473             },
3474             {
3475                 .version = 3,
3476                 .props = (PropValue[]) {
3477                     { "arch-capabilities", "on" },
3478                     { "rdctl-no", "on" },
3479                     { "ibrs-all", "on" },
3480                     { "skip-l1dfl-vmentry", "on" },
3481                     { "mds-no", "on" },
3482                     { "pschange-mc-no", "on" },
3483                     { "taa-no", "on" },
3484                     { /* end of list */ }
3485                 },
3486             },
3487             { /* end of list */ }
3488         }
3489     },
3490     {
3491         .name = "Denverton",
3492         .level = 21,
3493         .vendor = CPUID_VENDOR_INTEL,
3494         .family = 6,
3495         .model = 95,
3496         .stepping = 1,
3497         .features[FEAT_1_EDX] =
3498             CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC |
3499             CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC |
3500             CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
3501             CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX | CPUID_FXSR |
3502             CPUID_SSE | CPUID_SSE2,
3503         .features[FEAT_1_ECX] =
3504             CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_MONITOR |
3505             CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | CPUID_EXT_SSE41 |
3506             CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
3507             CPUID_EXT_POPCNT | CPUID_EXT_TSC_DEADLINE_TIMER |
3508             CPUID_EXT_AES | CPUID_EXT_XSAVE | CPUID_EXT_RDRAND,
3509         .features[FEAT_8000_0001_EDX] =
3510             CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB |
3511             CPUID_EXT2_RDTSCP | CPUID_EXT2_LM,
3512         .features[FEAT_8000_0001_ECX] =
3513             CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3514         .features[FEAT_7_0_EBX] =
3515             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_ERMS |
3516             CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_SMAP |
3517             CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_SHA_NI,
3518         .features[FEAT_7_0_EDX] =
3519             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
3520             CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3521         /*
3522          * Missing: XSAVES (not supported by some Linux versions,
3523          * including v4.1 to v4.12).
3524          * KVM doesn't yet expose any XSAVES state save component,
3525          * and the only one defined in Skylake (processor tracing)
3526          * probably will block migration anyway.
3527          */
3528         .features[FEAT_XSAVE] =
3529             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | CPUID_XSAVE_XGETBV1,
3530         .features[FEAT_6_EAX] =
3531             CPUID_6_EAX_ARAT,
3532         .features[FEAT_ARCH_CAPABILITIES] =
3533             MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY,
3534         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3535              MSR_VMX_BASIC_TRUE_CTLS,
3536         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3537              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3538              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3539         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3540              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3541              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3542              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3543              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3544              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3545              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3546         .features[FEAT_VMX_EXIT_CTLS] =
3547              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3548              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3549              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3550              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3551              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3552         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3553              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3554         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3555              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3556              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3557         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3558              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3559              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3560              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3561              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3562              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3563              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3564              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3565              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3566              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3567              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3568              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3569         .features[FEAT_VMX_SECONDARY_CTLS] =
3570              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3571              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3572              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3573              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3574              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3575              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3576              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3577              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3578              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3579              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3580         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3581         .xlevel = 0x80000008,
3582         .model_id = "Intel Atom Processor (Denverton)",
3583         .versions = (X86CPUVersionDefinition[]) {
3584             { .version = 1 },
3585             {
3586                 .version = 2,
3587                 .props = (PropValue[]) {
3588                     { "monitor", "off" },
3589                     { "mpx", "off" },
3590                     { /* end of list */ },
3591                 },
3592             },
3593             { /* end of list */ },
3594         },
3595     },
3596     {
3597         .name = "Snowridge",
3598         .level = 27,
3599         .vendor = CPUID_VENDOR_INTEL,
3600         .family = 6,
3601         .model = 134,
3602         .stepping = 1,
3603         .features[FEAT_1_EDX] =
3604             /* missing: CPUID_PN CPUID_IA64 */
3605             /* missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
3606             CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE |
3607             CPUID_TSC | CPUID_MSR | CPUID_PAE | CPUID_MCE |
3608             CPUID_CX8 | CPUID_APIC | CPUID_SEP |
3609             CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
3610             CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH |
3611             CPUID_MMX |
3612             CPUID_FXSR | CPUID_SSE | CPUID_SSE2,
3613         .features[FEAT_1_ECX] =
3614             CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_MONITOR |
3615             CPUID_EXT_SSSE3 |
3616             CPUID_EXT_CX16 |
3617             CPUID_EXT_SSE41 |
3618             CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
3619             CPUID_EXT_POPCNT |
3620             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_AES | CPUID_EXT_XSAVE |
3621             CPUID_EXT_RDRAND,
3622         .features[FEAT_8000_0001_EDX] =
3623             CPUID_EXT2_SYSCALL |
3624             CPUID_EXT2_NX |
3625             CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3626             CPUID_EXT2_LM,
3627         .features[FEAT_8000_0001_ECX] =
3628             CPUID_EXT3_LAHF_LM |
3629             CPUID_EXT3_3DNOWPREFETCH,
3630         .features[FEAT_7_0_EBX] =
3631             CPUID_7_0_EBX_FSGSBASE |
3632             CPUID_7_0_EBX_SMEP |
3633             CPUID_7_0_EBX_ERMS |
3634             CPUID_7_0_EBX_MPX |  /* missing bits 13, 15 */
3635             CPUID_7_0_EBX_RDSEED |
3636             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
3637             CPUID_7_0_EBX_CLWB |
3638             CPUID_7_0_EBX_SHA_NI,
3639         .features[FEAT_7_0_ECX] =
3640             CPUID_7_0_ECX_UMIP |
3641             /* missing bit 5 */
3642             CPUID_7_0_ECX_GFNI |
3643             CPUID_7_0_ECX_MOVDIRI | CPUID_7_0_ECX_CLDEMOTE |
3644             CPUID_7_0_ECX_MOVDIR64B,
3645         .features[FEAT_7_0_EDX] =
3646             CPUID_7_0_EDX_SPEC_CTRL |
3647             CPUID_7_0_EDX_ARCH_CAPABILITIES | CPUID_7_0_EDX_SPEC_CTRL_SSBD |
3648             CPUID_7_0_EDX_CORE_CAPABILITY,
3649         .features[FEAT_CORE_CAPABILITY] =
3650             MSR_CORE_CAP_SPLIT_LOCK_DETECT,
3651         /*
3652          * Missing: XSAVES (not supported by some Linux versions,
3653          * including v4.1 to v4.12).
3654          * KVM doesn't yet expose any XSAVES state save component,
3655          * and the only one defined in Skylake (processor tracing)
3656          * probably will block migration anyway.
3657          */
3658         .features[FEAT_XSAVE] =
3659             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3660             CPUID_XSAVE_XGETBV1,
3661         .features[FEAT_6_EAX] =
3662             CPUID_6_EAX_ARAT,
3663         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3664              MSR_VMX_BASIC_TRUE_CTLS,
3665         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3666              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3667              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3668         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3669              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3670              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3671              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3672              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3673              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3674              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3675         .features[FEAT_VMX_EXIT_CTLS] =
3676              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3677              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3678              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3679              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3680              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3681         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3682              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3683         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3684              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3685              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3686         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3687              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3688              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3689              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3690              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3691              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3692              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3693              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3694              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3695              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3696              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3697              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3698         .features[FEAT_VMX_SECONDARY_CTLS] =
3699              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3700              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3701              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3702              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3703              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3704              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3705              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3706              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3707              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3708              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3709         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3710         .xlevel = 0x80000008,
3711         .model_id = "Intel Atom Processor (SnowRidge)",
3712         .versions = (X86CPUVersionDefinition[]) {
3713             { .version = 1 },
3714             {
3715                 .version = 2,
3716                 .props = (PropValue[]) {
3717                     { "mpx", "off" },
3718                     { "model-id", "Intel Atom Processor (Snowridge, no MPX)" },
3719                     { /* end of list */ },
3720                 },
3721             },
3722             { /* end of list */ },
3723         },
3724     },
3725     {
3726         .name = "KnightsMill",
3727         .level = 0xd,
3728         .vendor = CPUID_VENDOR_INTEL,
3729         .family = 6,
3730         .model = 133,
3731         .stepping = 0,
3732         .features[FEAT_1_EDX] =
3733             CPUID_VME | CPUID_SS | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR |
3734             CPUID_MMX | CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV |
3735             CPUID_MCA | CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC |
3736             CPUID_CX8 | CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC |
3737             CPUID_PSE | CPUID_DE | CPUID_FP87,
3738         .features[FEAT_1_ECX] =
3739             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3740             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3741             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3742             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3743             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3744             CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3745         .features[FEAT_8000_0001_EDX] =
3746             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3747             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3748         .features[FEAT_8000_0001_ECX] =
3749             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3750         .features[FEAT_7_0_EBX] =
3751             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
3752             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS |
3753             CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_AVX512F |
3754             CPUID_7_0_EBX_AVX512CD | CPUID_7_0_EBX_AVX512PF |
3755             CPUID_7_0_EBX_AVX512ER,
3756         .features[FEAT_7_0_ECX] =
3757             CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
3758         .features[FEAT_7_0_EDX] =
3759             CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS,
3760         .features[FEAT_XSAVE] =
3761             CPUID_XSAVE_XSAVEOPT,
3762         .features[FEAT_6_EAX] =
3763             CPUID_6_EAX_ARAT,
3764         .xlevel = 0x80000008,
3765         .model_id = "Intel Xeon Phi Processor (Knights Mill)",
3766     },
3767     {
3768         .name = "Opteron_G1",
3769         .level = 5,
3770         .vendor = CPUID_VENDOR_AMD,
3771         .family = 15,
3772         .model = 6,
3773         .stepping = 1,
3774         .features[FEAT_1_EDX] =
3775             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3776             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3777             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3778             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3779             CPUID_DE | CPUID_FP87,
3780         .features[FEAT_1_ECX] =
3781             CPUID_EXT_SSE3,
3782         .features[FEAT_8000_0001_EDX] =
3783             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3784         .xlevel = 0x80000008,
3785         .model_id = "AMD Opteron 240 (Gen 1 Class Opteron)",
3786     },
3787     {
3788         .name = "Opteron_G2",
3789         .level = 5,
3790         .vendor = CPUID_VENDOR_AMD,
3791         .family = 15,
3792         .model = 6,
3793         .stepping = 1,
3794         .features[FEAT_1_EDX] =
3795             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3796             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3797             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3798             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3799             CPUID_DE | CPUID_FP87,
3800         .features[FEAT_1_ECX] =
3801             CPUID_EXT_CX16 | CPUID_EXT_SSE3,
3802         .features[FEAT_8000_0001_EDX] =
3803             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3804         .features[FEAT_8000_0001_ECX] =
3805             CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
3806         .xlevel = 0x80000008,
3807         .model_id = "AMD Opteron 22xx (Gen 2 Class Opteron)",
3808     },
3809     {
3810         .name = "Opteron_G3",
3811         .level = 5,
3812         .vendor = CPUID_VENDOR_AMD,
3813         .family = 16,
3814         .model = 2,
3815         .stepping = 3,
3816         .features[FEAT_1_EDX] =
3817             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3818             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3819             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3820             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3821             CPUID_DE | CPUID_FP87,
3822         .features[FEAT_1_ECX] =
3823             CPUID_EXT_POPCNT | CPUID_EXT_CX16 | CPUID_EXT_MONITOR |
3824             CPUID_EXT_SSE3,
3825         .features[FEAT_8000_0001_EDX] =
3826             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL |
3827             CPUID_EXT2_RDTSCP,
3828         .features[FEAT_8000_0001_ECX] =
3829             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A |
3830             CPUID_EXT3_ABM | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
3831         .xlevel = 0x80000008,
3832         .model_id = "AMD Opteron 23xx (Gen 3 Class Opteron)",
3833     },
3834     {
3835         .name = "Opteron_G4",
3836         .level = 0xd,
3837         .vendor = CPUID_VENDOR_AMD,
3838         .family = 21,
3839         .model = 1,
3840         .stepping = 2,
3841         .features[FEAT_1_EDX] =
3842             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3843             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3844             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3845             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3846             CPUID_DE | CPUID_FP87,
3847         .features[FEAT_1_ECX] =
3848             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3849             CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
3850             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
3851             CPUID_EXT_SSE3,
3852         .features[FEAT_8000_0001_EDX] =
3853             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_NX |
3854             CPUID_EXT2_SYSCALL | CPUID_EXT2_RDTSCP,
3855         .features[FEAT_8000_0001_ECX] =
3856             CPUID_EXT3_FMA4 | CPUID_EXT3_XOP |
3857             CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_MISALIGNSSE |
3858             CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | CPUID_EXT3_SVM |
3859             CPUID_EXT3_LAHF_LM,
3860         .features[FEAT_SVM] =
3861             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3862         /* no xsaveopt! */
3863         .xlevel = 0x8000001A,
3864         .model_id = "AMD Opteron 62xx class CPU",
3865     },
3866     {
3867         .name = "Opteron_G5",
3868         .level = 0xd,
3869         .vendor = CPUID_VENDOR_AMD,
3870         .family = 21,
3871         .model = 2,
3872         .stepping = 0,
3873         .features[FEAT_1_EDX] =
3874             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3875             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3876             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3877             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3878             CPUID_DE | CPUID_FP87,
3879         .features[FEAT_1_ECX] =
3880             CPUID_EXT_F16C | CPUID_EXT_AVX | CPUID_EXT_XSAVE |
3881             CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
3882             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_FMA |
3883             CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
3884         .features[FEAT_8000_0001_EDX] =
3885             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_NX |
3886             CPUID_EXT2_SYSCALL | CPUID_EXT2_RDTSCP,
3887         .features[FEAT_8000_0001_ECX] =
3888             CPUID_EXT3_TBM | CPUID_EXT3_FMA4 | CPUID_EXT3_XOP |
3889             CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_MISALIGNSSE |
3890             CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | CPUID_EXT3_SVM |
3891             CPUID_EXT3_LAHF_LM,
3892         .features[FEAT_SVM] =
3893             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3894         /* no xsaveopt! */
3895         .xlevel = 0x8000001A,
3896         .model_id = "AMD Opteron 63xx class CPU",
3897     },
3898     {
3899         .name = "EPYC",
3900         .level = 0xd,
3901         .vendor = CPUID_VENDOR_AMD,
3902         .family = 23,
3903         .model = 1,
3904         .stepping = 2,
3905         .features[FEAT_1_EDX] =
3906             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
3907             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
3908             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
3909             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
3910             CPUID_VME | CPUID_FP87,
3911         .features[FEAT_1_ECX] =
3912             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
3913             CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
3914             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
3915             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
3916             CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
3917         .features[FEAT_8000_0001_EDX] =
3918             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
3919             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
3920             CPUID_EXT2_SYSCALL,
3921         .features[FEAT_8000_0001_ECX] =
3922             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
3923             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
3924             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
3925             CPUID_EXT3_TOPOEXT,
3926         .features[FEAT_7_0_EBX] =
3927             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
3928             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
3929             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
3930             CPUID_7_0_EBX_SHA_NI,
3931         .features[FEAT_XSAVE] =
3932             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3933             CPUID_XSAVE_XGETBV1,
3934         .features[FEAT_6_EAX] =
3935             CPUID_6_EAX_ARAT,
3936         .features[FEAT_SVM] =
3937             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3938         .xlevel = 0x8000001E,
3939         .model_id = "AMD EPYC Processor",
3940         .cache_info = &epyc_cache_info,
3941         .use_epyc_apic_id_encoding = 1,
3942         .versions = (X86CPUVersionDefinition[]) {
3943             { .version = 1 },
3944             {
3945                 .version = 2,
3946                 .alias = "EPYC-IBPB",
3947                 .props = (PropValue[]) {
3948                     { "ibpb", "on" },
3949                     { "model-id",
3950                       "AMD EPYC Processor (with IBPB)" },
3951                     { /* end of list */ }
3952                 }
3953             },
3954             {
3955                 .version = 3,
3956                 .props = (PropValue[]) {
3957                     { "ibpb", "on" },
3958                     { "perfctr-core", "on" },
3959                     { "clzero", "on" },
3960                     { "xsaveerptr", "on" },
3961                     { "xsaves", "on" },
3962                     { "model-id",
3963                       "AMD EPYC Processor" },
3964                     { /* end of list */ }
3965                 }
3966             },
3967             { /* end of list */ }
3968         }
3969     },
3970     {
3971         .name = "Dhyana",
3972         .level = 0xd,
3973         .vendor = CPUID_VENDOR_HYGON,
3974         .family = 24,
3975         .model = 0,
3976         .stepping = 1,
3977         .features[FEAT_1_EDX] =
3978             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
3979             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
3980             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
3981             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
3982             CPUID_VME | CPUID_FP87,
3983         .features[FEAT_1_ECX] =
3984             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
3985             CPUID_EXT_XSAVE | CPUID_EXT_POPCNT |
3986             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
3987             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
3988             CPUID_EXT_MONITOR | CPUID_EXT_SSE3,
3989         .features[FEAT_8000_0001_EDX] =
3990             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
3991             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
3992             CPUID_EXT2_SYSCALL,
3993         .features[FEAT_8000_0001_ECX] =
3994             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
3995             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
3996             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
3997             CPUID_EXT3_TOPOEXT,
3998         .features[FEAT_8000_0008_EBX] =
3999             CPUID_8000_0008_EBX_IBPB,
4000         .features[FEAT_7_0_EBX] =
4001             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
4002             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
4003             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT,
4004         /*
4005          * Missing: XSAVES (not supported by some Linux versions,
4006          * including v4.1 to v4.12).
4007          * KVM doesn't yet expose any XSAVES state save component.
4008          */
4009         .features[FEAT_XSAVE] =
4010             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
4011             CPUID_XSAVE_XGETBV1,
4012         .features[FEAT_6_EAX] =
4013             CPUID_6_EAX_ARAT,
4014         .features[FEAT_SVM] =
4015             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
4016         .xlevel = 0x8000001E,
4017         .model_id = "Hygon Dhyana Processor",
4018         .cache_info = &epyc_cache_info,
4019     },
4020     {
4021         .name = "EPYC-Rome",
4022         .level = 0xd,
4023         .vendor = CPUID_VENDOR_AMD,
4024         .family = 23,
4025         .model = 49,
4026         .stepping = 0,
4027         .features[FEAT_1_EDX] =
4028             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
4029             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
4030             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
4031             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
4032             CPUID_VME | CPUID_FP87,
4033         .features[FEAT_1_ECX] =
4034             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
4035             CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
4036             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
4037             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
4038             CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
4039         .features[FEAT_8000_0001_EDX] =
4040             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
4041             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
4042             CPUID_EXT2_SYSCALL,
4043         .features[FEAT_8000_0001_ECX] =
4044             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
4045             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
4046             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
4047             CPUID_EXT3_TOPOEXT | CPUID_EXT3_PERFCORE,
4048         .features[FEAT_8000_0008_EBX] =
4049             CPUID_8000_0008_EBX_CLZERO | CPUID_8000_0008_EBX_XSAVEERPTR |
4050             CPUID_8000_0008_EBX_WBNOINVD | CPUID_8000_0008_EBX_IBPB |
4051             CPUID_8000_0008_EBX_STIBP,
4052         .features[FEAT_7_0_EBX] =
4053             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
4054             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
4055             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
4056             CPUID_7_0_EBX_SHA_NI | CPUID_7_0_EBX_CLWB,
4057         .features[FEAT_7_0_ECX] =
4058             CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_RDPID,
4059         .features[FEAT_XSAVE] =
4060             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
4061             CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES,
4062         .features[FEAT_6_EAX] =
4063             CPUID_6_EAX_ARAT,
4064         .features[FEAT_SVM] =
4065             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
4066         .xlevel = 0x8000001E,
4067         .model_id = "AMD EPYC-Rome Processor",
4068         .cache_info = &epyc_rome_cache_info,
4069         .use_epyc_apic_id_encoding = 1,
4070     },
4071 };
4072 
4073 /* KVM-specific features that are automatically added/removed
4074  * from all CPU models when KVM is enabled.
4075  */
4076 static PropValue kvm_default_props[] = {
4077     { "kvmclock", "on" },
4078     { "kvm-nopiodelay", "on" },
4079     { "kvm-asyncpf", "on" },
4080     { "kvm-steal-time", "on" },
4081     { "kvm-pv-eoi", "on" },
4082     { "kvmclock-stable-bit", "on" },
4083     { "x2apic", "on" },
4084     { "acpi", "off" },
4085     { "monitor", "off" },
4086     { "svm", "off" },
4087     { NULL, NULL },
4088 };
4089 
4090 /* TCG-specific defaults that override all CPU models when using TCG
4091  */
4092 static PropValue tcg_default_props[] = {
4093     { "vme", "off" },
4094     { NULL, NULL },
4095 };
4096 
4097 
4098 /*
4099  * We resolve CPU model aliases using -v1 when using "-machine
4100  * none", but this is just for compatibility while libvirt isn't
4101  * adapted to resolve CPU model versions before creating VMs.
4102  * See "Runnability guarantee of CPU models" at * qemu-deprecated.texi.
4103  */
4104 X86CPUVersion default_cpu_version = 1;
4105 
4106 void x86_cpu_set_default_version(X86CPUVersion version)
4107 {
4108     /* Translating CPU_VERSION_AUTO to CPU_VERSION_AUTO doesn't make sense */
4109     assert(version != CPU_VERSION_AUTO);
4110     default_cpu_version = version;
4111 }
4112 
4113 static X86CPUVersion x86_cpu_model_last_version(const X86CPUModel *model)
4114 {
4115     int v = 0;
4116     const X86CPUVersionDefinition *vdef =
4117         x86_cpu_def_get_versions(model->cpudef);
4118     while (vdef->version) {
4119         v = vdef->version;
4120         vdef++;
4121     }
4122     return v;
4123 }
4124 
4125 /* Return the actual version being used for a specific CPU model */
4126 static X86CPUVersion x86_cpu_model_resolve_version(const X86CPUModel *model)
4127 {
4128     X86CPUVersion v = model->version;
4129     if (v == CPU_VERSION_AUTO) {
4130         v = default_cpu_version;
4131     }
4132     if (v == CPU_VERSION_LATEST) {
4133         return x86_cpu_model_last_version(model);
4134     }
4135     return v;
4136 }
4137 
4138 void x86_cpu_change_kvm_default(const char *prop, const char *value)
4139 {
4140     PropValue *pv;
4141     for (pv = kvm_default_props; pv->prop; pv++) {
4142         if (!strcmp(pv->prop, prop)) {
4143             pv->value = value;
4144             break;
4145         }
4146     }
4147 
4148     /* It is valid to call this function only for properties that
4149      * are already present in the kvm_default_props table.
4150      */
4151     assert(pv->prop);
4152 }
4153 
4154 static uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
4155                                                    bool migratable_only);
4156 
4157 static bool lmce_supported(void)
4158 {
4159     uint64_t mce_cap = 0;
4160 
4161 #ifdef CONFIG_KVM
4162     if (kvm_ioctl(kvm_state, KVM_X86_GET_MCE_CAP_SUPPORTED, &mce_cap) < 0) {
4163         return false;
4164     }
4165 #endif
4166 
4167     return !!(mce_cap & MCG_LMCE_P);
4168 }
4169 
4170 #define CPUID_MODEL_ID_SZ 48
4171 
4172 /**
4173  * cpu_x86_fill_model_id:
4174  * Get CPUID model ID string from host CPU.
4175  *
4176  * @str should have at least CPUID_MODEL_ID_SZ bytes
4177  *
4178  * The function does NOT add a null terminator to the string
4179  * automatically.
4180  */
4181 static int cpu_x86_fill_model_id(char *str)
4182 {
4183     uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
4184     int i;
4185 
4186     for (i = 0; i < 3; i++) {
4187         host_cpuid(0x80000002 + i, 0, &eax, &ebx, &ecx, &edx);
4188         memcpy(str + i * 16 +  0, &eax, 4);
4189         memcpy(str + i * 16 +  4, &ebx, 4);
4190         memcpy(str + i * 16 +  8, &ecx, 4);
4191         memcpy(str + i * 16 + 12, &edx, 4);
4192     }
4193     return 0;
4194 }
4195 
4196 static Property max_x86_cpu_properties[] = {
4197     DEFINE_PROP_BOOL("migratable", X86CPU, migratable, true),
4198     DEFINE_PROP_BOOL("host-cache-info", X86CPU, cache_info_passthrough, false),
4199     DEFINE_PROP_END_OF_LIST()
4200 };
4201 
4202 static void max_x86_cpu_class_init(ObjectClass *oc, void *data)
4203 {
4204     DeviceClass *dc = DEVICE_CLASS(oc);
4205     X86CPUClass *xcc = X86_CPU_CLASS(oc);
4206 
4207     xcc->ordering = 9;
4208 
4209     xcc->model_description =
4210         "Enables all features supported by the accelerator in the current host";
4211 
4212     device_class_set_props(dc, max_x86_cpu_properties);
4213 }
4214 
4215 static void max_x86_cpu_initfn(Object *obj)
4216 {
4217     X86CPU *cpu = X86_CPU(obj);
4218     CPUX86State *env = &cpu->env;
4219     KVMState *s = kvm_state;
4220 
4221     /* We can't fill the features array here because we don't know yet if
4222      * "migratable" is true or false.
4223      */
4224     cpu->max_features = true;
4225 
4226     if (accel_uses_host_cpuid()) {
4227         char vendor[CPUID_VENDOR_SZ + 1] = { 0 };
4228         char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 };
4229         int family, model, stepping;
4230 
4231         host_vendor_fms(vendor, &family, &model, &stepping);
4232         cpu_x86_fill_model_id(model_id);
4233 
4234         object_property_set_str(OBJECT(cpu), vendor, "vendor", &error_abort);
4235         object_property_set_int(OBJECT(cpu), family, "family", &error_abort);
4236         object_property_set_int(OBJECT(cpu), model, "model", &error_abort);
4237         object_property_set_int(OBJECT(cpu), stepping, "stepping",
4238                                 &error_abort);
4239         object_property_set_str(OBJECT(cpu), model_id, "model-id",
4240                                 &error_abort);
4241 
4242         if (kvm_enabled()) {
4243             env->cpuid_min_level =
4244                 kvm_arch_get_supported_cpuid(s, 0x0, 0, R_EAX);
4245             env->cpuid_min_xlevel =
4246                 kvm_arch_get_supported_cpuid(s, 0x80000000, 0, R_EAX);
4247             env->cpuid_min_xlevel2 =
4248                 kvm_arch_get_supported_cpuid(s, 0xC0000000, 0, R_EAX);
4249         } else {
4250             env->cpuid_min_level =
4251                 hvf_get_supported_cpuid(0x0, 0, R_EAX);
4252             env->cpuid_min_xlevel =
4253                 hvf_get_supported_cpuid(0x80000000, 0, R_EAX);
4254             env->cpuid_min_xlevel2 =
4255                 hvf_get_supported_cpuid(0xC0000000, 0, R_EAX);
4256         }
4257 
4258         if (lmce_supported()) {
4259             object_property_set_bool(OBJECT(cpu), true, "lmce", &error_abort);
4260         }
4261     } else {
4262         object_property_set_str(OBJECT(cpu), CPUID_VENDOR_AMD,
4263                                 "vendor", &error_abort);
4264         object_property_set_int(OBJECT(cpu), 6, "family", &error_abort);
4265         object_property_set_int(OBJECT(cpu), 6, "model", &error_abort);
4266         object_property_set_int(OBJECT(cpu), 3, "stepping", &error_abort);
4267         object_property_set_str(OBJECT(cpu),
4268                                 "QEMU TCG CPU version " QEMU_HW_VERSION,
4269                                 "model-id", &error_abort);
4270     }
4271 
4272     object_property_set_bool(OBJECT(cpu), true, "pmu", &error_abort);
4273 }
4274 
4275 static const TypeInfo max_x86_cpu_type_info = {
4276     .name = X86_CPU_TYPE_NAME("max"),
4277     .parent = TYPE_X86_CPU,
4278     .instance_init = max_x86_cpu_initfn,
4279     .class_init = max_x86_cpu_class_init,
4280 };
4281 
4282 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
4283 static void host_x86_cpu_class_init(ObjectClass *oc, void *data)
4284 {
4285     X86CPUClass *xcc = X86_CPU_CLASS(oc);
4286 
4287     xcc->host_cpuid_required = true;
4288     xcc->ordering = 8;
4289 
4290 #if defined(CONFIG_KVM)
4291     xcc->model_description =
4292         "KVM processor with all supported host features ";
4293 #elif defined(CONFIG_HVF)
4294     xcc->model_description =
4295         "HVF processor with all supported host features ";
4296 #endif
4297 }
4298 
4299 static const TypeInfo host_x86_cpu_type_info = {
4300     .name = X86_CPU_TYPE_NAME("host"),
4301     .parent = X86_CPU_TYPE_NAME("max"),
4302     .class_init = host_x86_cpu_class_init,
4303 };
4304 
4305 #endif
4306 
4307 static char *feature_word_description(FeatureWordInfo *f, uint32_t bit)
4308 {
4309     assert(f->type == CPUID_FEATURE_WORD || f->type == MSR_FEATURE_WORD);
4310 
4311     switch (f->type) {
4312     case CPUID_FEATURE_WORD:
4313         {
4314             const char *reg = get_register_name_32(f->cpuid.reg);
4315             assert(reg);
4316             return g_strdup_printf("CPUID.%02XH:%s",
4317                                    f->cpuid.eax, reg);
4318         }
4319     case MSR_FEATURE_WORD:
4320         return g_strdup_printf("MSR(%02XH)",
4321                                f->msr.index);
4322     }
4323 
4324     return NULL;
4325 }
4326 
4327 static bool x86_cpu_have_filtered_features(X86CPU *cpu)
4328 {
4329     FeatureWord w;
4330 
4331     for (w = 0; w < FEATURE_WORDS; w++) {
4332         if (cpu->filtered_features[w]) {
4333             return true;
4334         }
4335     }
4336 
4337     return false;
4338 }
4339 
4340 static void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask,
4341                                       const char *verbose_prefix)
4342 {
4343     CPUX86State *env = &cpu->env;
4344     FeatureWordInfo *f = &feature_word_info[w];
4345     int i;
4346 
4347     if (!cpu->force_features) {
4348         env->features[w] &= ~mask;
4349     }
4350     cpu->filtered_features[w] |= mask;
4351 
4352     if (!verbose_prefix) {
4353         return;
4354     }
4355 
4356     for (i = 0; i < 64; ++i) {
4357         if ((1ULL << i) & mask) {
4358             g_autofree char *feat_word_str = feature_word_description(f, i);
4359             warn_report("%s: %s%s%s [bit %d]",
4360                         verbose_prefix,
4361                         feat_word_str,
4362                         f->feat_names[i] ? "." : "",
4363                         f->feat_names[i] ? f->feat_names[i] : "", i);
4364         }
4365     }
4366 }
4367 
4368 static void x86_cpuid_version_get_family(Object *obj, Visitor *v,
4369                                          const char *name, void *opaque,
4370                                          Error **errp)
4371 {
4372     X86CPU *cpu = X86_CPU(obj);
4373     CPUX86State *env = &cpu->env;
4374     int64_t value;
4375 
4376     value = (env->cpuid_version >> 8) & 0xf;
4377     if (value == 0xf) {
4378         value += (env->cpuid_version >> 20) & 0xff;
4379     }
4380     visit_type_int(v, name, &value, errp);
4381 }
4382 
4383 static void x86_cpuid_version_set_family(Object *obj, Visitor *v,
4384                                          const char *name, void *opaque,
4385                                          Error **errp)
4386 {
4387     X86CPU *cpu = X86_CPU(obj);
4388     CPUX86State *env = &cpu->env;
4389     const int64_t min = 0;
4390     const int64_t max = 0xff + 0xf;
4391     Error *local_err = NULL;
4392     int64_t value;
4393 
4394     visit_type_int(v, name, &value, &local_err);
4395     if (local_err) {
4396         error_propagate(errp, local_err);
4397         return;
4398     }
4399     if (value < min || value > max) {
4400         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4401                    name ? name : "null", value, min, max);
4402         return;
4403     }
4404 
4405     env->cpuid_version &= ~0xff00f00;
4406     if (value > 0x0f) {
4407         env->cpuid_version |= 0xf00 | ((value - 0x0f) << 20);
4408     } else {
4409         env->cpuid_version |= value << 8;
4410     }
4411 }
4412 
4413 static void x86_cpuid_version_get_model(Object *obj, Visitor *v,
4414                                         const char *name, void *opaque,
4415                                         Error **errp)
4416 {
4417     X86CPU *cpu = X86_CPU(obj);
4418     CPUX86State *env = &cpu->env;
4419     int64_t value;
4420 
4421     value = (env->cpuid_version >> 4) & 0xf;
4422     value |= ((env->cpuid_version >> 16) & 0xf) << 4;
4423     visit_type_int(v, name, &value, errp);
4424 }
4425 
4426 static void x86_cpuid_version_set_model(Object *obj, Visitor *v,
4427                                         const char *name, void *opaque,
4428                                         Error **errp)
4429 {
4430     X86CPU *cpu = X86_CPU(obj);
4431     CPUX86State *env = &cpu->env;
4432     const int64_t min = 0;
4433     const int64_t max = 0xff;
4434     Error *local_err = NULL;
4435     int64_t value;
4436 
4437     visit_type_int(v, name, &value, &local_err);
4438     if (local_err) {
4439         error_propagate(errp, local_err);
4440         return;
4441     }
4442     if (value < min || value > max) {
4443         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4444                    name ? name : "null", value, min, max);
4445         return;
4446     }
4447 
4448     env->cpuid_version &= ~0xf00f0;
4449     env->cpuid_version |= ((value & 0xf) << 4) | ((value >> 4) << 16);
4450 }
4451 
4452 static void x86_cpuid_version_get_stepping(Object *obj, Visitor *v,
4453                                            const char *name, void *opaque,
4454                                            Error **errp)
4455 {
4456     X86CPU *cpu = X86_CPU(obj);
4457     CPUX86State *env = &cpu->env;
4458     int64_t value;
4459 
4460     value = env->cpuid_version & 0xf;
4461     visit_type_int(v, name, &value, errp);
4462 }
4463 
4464 static void x86_cpuid_version_set_stepping(Object *obj, Visitor *v,
4465                                            const char *name, void *opaque,
4466                                            Error **errp)
4467 {
4468     X86CPU *cpu = X86_CPU(obj);
4469     CPUX86State *env = &cpu->env;
4470     const int64_t min = 0;
4471     const int64_t max = 0xf;
4472     Error *local_err = NULL;
4473     int64_t value;
4474 
4475     visit_type_int(v, name, &value, &local_err);
4476     if (local_err) {
4477         error_propagate(errp, local_err);
4478         return;
4479     }
4480     if (value < min || value > max) {
4481         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4482                    name ? name : "null", value, min, max);
4483         return;
4484     }
4485 
4486     env->cpuid_version &= ~0xf;
4487     env->cpuid_version |= value & 0xf;
4488 }
4489 
4490 static char *x86_cpuid_get_vendor(Object *obj, Error **errp)
4491 {
4492     X86CPU *cpu = X86_CPU(obj);
4493     CPUX86State *env = &cpu->env;
4494     char *value;
4495 
4496     value = g_malloc(CPUID_VENDOR_SZ + 1);
4497     x86_cpu_vendor_words2str(value, env->cpuid_vendor1, env->cpuid_vendor2,
4498                              env->cpuid_vendor3);
4499     return value;
4500 }
4501 
4502 static void x86_cpuid_set_vendor(Object *obj, const char *value,
4503                                  Error **errp)
4504 {
4505     X86CPU *cpu = X86_CPU(obj);
4506     CPUX86State *env = &cpu->env;
4507     int i;
4508 
4509     if (strlen(value) != CPUID_VENDOR_SZ) {
4510         error_setg(errp, QERR_PROPERTY_VALUE_BAD, "", "vendor", value);
4511         return;
4512     }
4513 
4514     env->cpuid_vendor1 = 0;
4515     env->cpuid_vendor2 = 0;
4516     env->cpuid_vendor3 = 0;
4517     for (i = 0; i < 4; i++) {
4518         env->cpuid_vendor1 |= ((uint8_t)value[i    ]) << (8 * i);
4519         env->cpuid_vendor2 |= ((uint8_t)value[i + 4]) << (8 * i);
4520         env->cpuid_vendor3 |= ((uint8_t)value[i + 8]) << (8 * i);
4521     }
4522 }
4523 
4524 static char *x86_cpuid_get_model_id(Object *obj, Error **errp)
4525 {
4526     X86CPU *cpu = X86_CPU(obj);
4527     CPUX86State *env = &cpu->env;
4528     char *value;
4529     int i;
4530 
4531     value = g_malloc(48 + 1);
4532     for (i = 0; i < 48; i++) {
4533         value[i] = env->cpuid_model[i >> 2] >> (8 * (i & 3));
4534     }
4535     value[48] = '\0';
4536     return value;
4537 }
4538 
4539 static void x86_cpuid_set_model_id(Object *obj, const char *model_id,
4540                                    Error **errp)
4541 {
4542     X86CPU *cpu = X86_CPU(obj);
4543     CPUX86State *env = &cpu->env;
4544     int c, len, i;
4545 
4546     if (model_id == NULL) {
4547         model_id = "";
4548     }
4549     len = strlen(model_id);
4550     memset(env->cpuid_model, 0, 48);
4551     for (i = 0; i < 48; i++) {
4552         if (i >= len) {
4553             c = '\0';
4554         } else {
4555             c = (uint8_t)model_id[i];
4556         }
4557         env->cpuid_model[i >> 2] |= c << (8 * (i & 3));
4558     }
4559 }
4560 
4561 static void x86_cpuid_get_tsc_freq(Object *obj, Visitor *v, const char *name,
4562                                    void *opaque, Error **errp)
4563 {
4564     X86CPU *cpu = X86_CPU(obj);
4565     int64_t value;
4566 
4567     value = cpu->env.tsc_khz * 1000;
4568     visit_type_int(v, name, &value, errp);
4569 }
4570 
4571 static void x86_cpuid_set_tsc_freq(Object *obj, Visitor *v, const char *name,
4572                                    void *opaque, Error **errp)
4573 {
4574     X86CPU *cpu = X86_CPU(obj);
4575     const int64_t min = 0;
4576     const int64_t max = INT64_MAX;
4577     Error *local_err = NULL;
4578     int64_t value;
4579 
4580     visit_type_int(v, name, &value, &local_err);
4581     if (local_err) {
4582         error_propagate(errp, local_err);
4583         return;
4584     }
4585     if (value < min || value > max) {
4586         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4587                    name ? name : "null", value, min, max);
4588         return;
4589     }
4590 
4591     cpu->env.tsc_khz = cpu->env.user_tsc_khz = value / 1000;
4592 }
4593 
4594 /* Generic getter for "feature-words" and "filtered-features" properties */
4595 static void x86_cpu_get_feature_words(Object *obj, Visitor *v,
4596                                       const char *name, void *opaque,
4597                                       Error **errp)
4598 {
4599     uint64_t *array = (uint64_t *)opaque;
4600     FeatureWord w;
4601     X86CPUFeatureWordInfo word_infos[FEATURE_WORDS] = { };
4602     X86CPUFeatureWordInfoList list_entries[FEATURE_WORDS] = { };
4603     X86CPUFeatureWordInfoList *list = NULL;
4604 
4605     for (w = 0; w < FEATURE_WORDS; w++) {
4606         FeatureWordInfo *wi = &feature_word_info[w];
4607         /*
4608                 * We didn't have MSR features when "feature-words" was
4609                 *  introduced. Therefore skipped other type entries.
4610                 */
4611         if (wi->type != CPUID_FEATURE_WORD) {
4612             continue;
4613         }
4614         X86CPUFeatureWordInfo *qwi = &word_infos[w];
4615         qwi->cpuid_input_eax = wi->cpuid.eax;
4616         qwi->has_cpuid_input_ecx = wi->cpuid.needs_ecx;
4617         qwi->cpuid_input_ecx = wi->cpuid.ecx;
4618         qwi->cpuid_register = x86_reg_info_32[wi->cpuid.reg].qapi_enum;
4619         qwi->features = array[w];
4620 
4621         /* List will be in reverse order, but order shouldn't matter */
4622         list_entries[w].next = list;
4623         list_entries[w].value = &word_infos[w];
4624         list = &list_entries[w];
4625     }
4626 
4627     visit_type_X86CPUFeatureWordInfoList(v, "feature-words", &list, errp);
4628 }
4629 
4630 /* Convert all '_' in a feature string option name to '-', to make feature
4631  * name conform to QOM property naming rule, which uses '-' instead of '_'.
4632  */
4633 static inline void feat2prop(char *s)
4634 {
4635     while ((s = strchr(s, '_'))) {
4636         *s = '-';
4637     }
4638 }
4639 
4640 /* Return the feature property name for a feature flag bit */
4641 static const char *x86_cpu_feature_name(FeatureWord w, int bitnr)
4642 {
4643     const char *name;
4644     /* XSAVE components are automatically enabled by other features,
4645      * so return the original feature name instead
4646      */
4647     if (w == FEAT_XSAVE_COMP_LO || w == FEAT_XSAVE_COMP_HI) {
4648         int comp = (w == FEAT_XSAVE_COMP_HI) ? bitnr + 32 : bitnr;
4649 
4650         if (comp < ARRAY_SIZE(x86_ext_save_areas) &&
4651             x86_ext_save_areas[comp].bits) {
4652             w = x86_ext_save_areas[comp].feature;
4653             bitnr = ctz32(x86_ext_save_areas[comp].bits);
4654         }
4655     }
4656 
4657     assert(bitnr < 64);
4658     assert(w < FEATURE_WORDS);
4659     name = feature_word_info[w].feat_names[bitnr];
4660     assert(bitnr < 32 || !(name && feature_word_info[w].type == CPUID_FEATURE_WORD));
4661     return name;
4662 }
4663 
4664 /* Compatibily hack to maintain legacy +-feat semantic,
4665  * where +-feat overwrites any feature set by
4666  * feat=on|feat even if the later is parsed after +-feat
4667  * (i.e. "-x2apic,x2apic=on" will result in x2apic disabled)
4668  */
4669 static GList *plus_features, *minus_features;
4670 
4671 static gint compare_string(gconstpointer a, gconstpointer b)
4672 {
4673     return g_strcmp0(a, b);
4674 }
4675 
4676 /* Parse "+feature,-feature,feature=foo" CPU feature string
4677  */
4678 static void x86_cpu_parse_featurestr(const char *typename, char *features,
4679                                      Error **errp)
4680 {
4681     char *featurestr; /* Single 'key=value" string being parsed */
4682     static bool cpu_globals_initialized;
4683     bool ambiguous = false;
4684 
4685     if (cpu_globals_initialized) {
4686         return;
4687     }
4688     cpu_globals_initialized = true;
4689 
4690     if (!features) {
4691         return;
4692     }
4693 
4694     for (featurestr = strtok(features, ",");
4695          featurestr;
4696          featurestr = strtok(NULL, ",")) {
4697         const char *name;
4698         const char *val = NULL;
4699         char *eq = NULL;
4700         char num[32];
4701         GlobalProperty *prop;
4702 
4703         /* Compatibility syntax: */
4704         if (featurestr[0] == '+') {
4705             plus_features = g_list_append(plus_features,
4706                                           g_strdup(featurestr + 1));
4707             continue;
4708         } else if (featurestr[0] == '-') {
4709             minus_features = g_list_append(minus_features,
4710                                            g_strdup(featurestr + 1));
4711             continue;
4712         }
4713 
4714         eq = strchr(featurestr, '=');
4715         if (eq) {
4716             *eq++ = 0;
4717             val = eq;
4718         } else {
4719             val = "on";
4720         }
4721 
4722         feat2prop(featurestr);
4723         name = featurestr;
4724 
4725         if (g_list_find_custom(plus_features, name, compare_string)) {
4726             warn_report("Ambiguous CPU model string. "
4727                         "Don't mix both \"+%s\" and \"%s=%s\"",
4728                         name, name, val);
4729             ambiguous = true;
4730         }
4731         if (g_list_find_custom(minus_features, name, compare_string)) {
4732             warn_report("Ambiguous CPU model string. "
4733                         "Don't mix both \"-%s\" and \"%s=%s\"",
4734                         name, name, val);
4735             ambiguous = true;
4736         }
4737 
4738         /* Special case: */
4739         if (!strcmp(name, "tsc-freq")) {
4740             int ret;
4741             uint64_t tsc_freq;
4742 
4743             ret = qemu_strtosz_metric(val, NULL, &tsc_freq);
4744             if (ret < 0 || tsc_freq > INT64_MAX) {
4745                 error_setg(errp, "bad numerical value %s", val);
4746                 return;
4747             }
4748             snprintf(num, sizeof(num), "%" PRId64, tsc_freq);
4749             val = num;
4750             name = "tsc-frequency";
4751         }
4752 
4753         prop = g_new0(typeof(*prop), 1);
4754         prop->driver = typename;
4755         prop->property = g_strdup(name);
4756         prop->value = g_strdup(val);
4757         qdev_prop_register_global(prop);
4758     }
4759 
4760     if (ambiguous) {
4761         warn_report("Compatibility of ambiguous CPU model "
4762                     "strings won't be kept on future QEMU versions");
4763     }
4764 }
4765 
4766 static void x86_cpu_expand_features(X86CPU *cpu, Error **errp);
4767 static void x86_cpu_filter_features(X86CPU *cpu, bool verbose);
4768 
4769 /* Build a list with the name of all features on a feature word array */
4770 static void x86_cpu_list_feature_names(FeatureWordArray features,
4771                                        strList **feat_names)
4772 {
4773     FeatureWord w;
4774     strList **next = feat_names;
4775 
4776     for (w = 0; w < FEATURE_WORDS; w++) {
4777         uint64_t filtered = features[w];
4778         int i;
4779         for (i = 0; i < 64; i++) {
4780             if (filtered & (1ULL << i)) {
4781                 strList *new = g_new0(strList, 1);
4782                 new->value = g_strdup(x86_cpu_feature_name(w, i));
4783                 *next = new;
4784                 next = &new->next;
4785             }
4786         }
4787     }
4788 }
4789 
4790 static void x86_cpu_get_unavailable_features(Object *obj, Visitor *v,
4791                                              const char *name, void *opaque,
4792                                              Error **errp)
4793 {
4794     X86CPU *xc = X86_CPU(obj);
4795     strList *result = NULL;
4796 
4797     x86_cpu_list_feature_names(xc->filtered_features, &result);
4798     visit_type_strList(v, "unavailable-features", &result, errp);
4799 }
4800 
4801 /* Check for missing features that may prevent the CPU class from
4802  * running using the current machine and accelerator.
4803  */
4804 static void x86_cpu_class_check_missing_features(X86CPUClass *xcc,
4805                                                  strList **missing_feats)
4806 {
4807     X86CPU *xc;
4808     Error *err = NULL;
4809     strList **next = missing_feats;
4810 
4811     if (xcc->host_cpuid_required && !accel_uses_host_cpuid()) {
4812         strList *new = g_new0(strList, 1);
4813         new->value = g_strdup("kvm");
4814         *missing_feats = new;
4815         return;
4816     }
4817 
4818     xc = X86_CPU(object_new_with_class(OBJECT_CLASS(xcc)));
4819 
4820     x86_cpu_expand_features(xc, &err);
4821     if (err) {
4822         /* Errors at x86_cpu_expand_features should never happen,
4823          * but in case it does, just report the model as not
4824          * runnable at all using the "type" property.
4825          */
4826         strList *new = g_new0(strList, 1);
4827         new->value = g_strdup("type");
4828         *next = new;
4829         next = &new->next;
4830     }
4831 
4832     x86_cpu_filter_features(xc, false);
4833 
4834     x86_cpu_list_feature_names(xc->filtered_features, next);
4835 
4836     object_unref(OBJECT(xc));
4837 }
4838 
4839 /* Print all cpuid feature names in featureset
4840  */
4841 static void listflags(GList *features)
4842 {
4843     size_t len = 0;
4844     GList *tmp;
4845 
4846     for (tmp = features; tmp; tmp = tmp->next) {
4847         const char *name = tmp->data;
4848         if ((len + strlen(name) + 1) >= 75) {
4849             qemu_printf("\n");
4850             len = 0;
4851         }
4852         qemu_printf("%s%s", len == 0 ? "  " : " ", name);
4853         len += strlen(name) + 1;
4854     }
4855     qemu_printf("\n");
4856 }
4857 
4858 /* Sort alphabetically by type name, respecting X86CPUClass::ordering. */
4859 static gint x86_cpu_list_compare(gconstpointer a, gconstpointer b)
4860 {
4861     ObjectClass *class_a = (ObjectClass *)a;
4862     ObjectClass *class_b = (ObjectClass *)b;
4863     X86CPUClass *cc_a = X86_CPU_CLASS(class_a);
4864     X86CPUClass *cc_b = X86_CPU_CLASS(class_b);
4865     int ret;
4866 
4867     if (cc_a->ordering != cc_b->ordering) {
4868         ret = cc_a->ordering - cc_b->ordering;
4869     } else {
4870         g_autofree char *name_a = x86_cpu_class_get_model_name(cc_a);
4871         g_autofree char *name_b = x86_cpu_class_get_model_name(cc_b);
4872         ret = strcmp(name_a, name_b);
4873     }
4874     return ret;
4875 }
4876 
4877 static GSList *get_sorted_cpu_model_list(void)
4878 {
4879     GSList *list = object_class_get_list(TYPE_X86_CPU, false);
4880     list = g_slist_sort(list, x86_cpu_list_compare);
4881     return list;
4882 }
4883 
4884 static char *x86_cpu_class_get_model_id(X86CPUClass *xc)
4885 {
4886     Object *obj = object_new_with_class(OBJECT_CLASS(xc));
4887     char *r = object_property_get_str(obj, "model-id", &error_abort);
4888     object_unref(obj);
4889     return r;
4890 }
4891 
4892 static char *x86_cpu_class_get_alias_of(X86CPUClass *cc)
4893 {
4894     X86CPUVersion version;
4895 
4896     if (!cc->model || !cc->model->is_alias) {
4897         return NULL;
4898     }
4899     version = x86_cpu_model_resolve_version(cc->model);
4900     if (version <= 0) {
4901         return NULL;
4902     }
4903     return x86_cpu_versioned_model_name(cc->model->cpudef, version);
4904 }
4905 
4906 static void x86_cpu_list_entry(gpointer data, gpointer user_data)
4907 {
4908     ObjectClass *oc = data;
4909     X86CPUClass *cc = X86_CPU_CLASS(oc);
4910     g_autofree char *name = x86_cpu_class_get_model_name(cc);
4911     g_autofree char *desc = g_strdup(cc->model_description);
4912     g_autofree char *alias_of = x86_cpu_class_get_alias_of(cc);
4913     g_autofree char *model_id = x86_cpu_class_get_model_id(cc);
4914 
4915     if (!desc && alias_of) {
4916         if (cc->model && cc->model->version == CPU_VERSION_AUTO) {
4917             desc = g_strdup("(alias configured by machine type)");
4918         } else {
4919             desc = g_strdup_printf("(alias of %s)", alias_of);
4920         }
4921     }
4922     if (!desc && cc->model && cc->model->note) {
4923         desc = g_strdup_printf("%s [%s]", model_id, cc->model->note);
4924     }
4925     if (!desc) {
4926         desc = g_strdup_printf("%s", model_id);
4927     }
4928 
4929     qemu_printf("x86 %-20s  %-58s\n", name, desc);
4930 }
4931 
4932 /* list available CPU models and flags */
4933 void x86_cpu_list(void)
4934 {
4935     int i, j;
4936     GSList *list;
4937     GList *names = NULL;
4938 
4939     qemu_printf("Available CPUs:\n");
4940     list = get_sorted_cpu_model_list();
4941     g_slist_foreach(list, x86_cpu_list_entry, NULL);
4942     g_slist_free(list);
4943 
4944     names = NULL;
4945     for (i = 0; i < ARRAY_SIZE(feature_word_info); i++) {
4946         FeatureWordInfo *fw = &feature_word_info[i];
4947         for (j = 0; j < 64; j++) {
4948             if (fw->feat_names[j]) {
4949                 names = g_list_append(names, (gpointer)fw->feat_names[j]);
4950             }
4951         }
4952     }
4953 
4954     names = g_list_sort(names, (GCompareFunc)strcmp);
4955 
4956     qemu_printf("\nRecognized CPUID flags:\n");
4957     listflags(names);
4958     qemu_printf("\n");
4959     g_list_free(names);
4960 }
4961 
4962 static void x86_cpu_definition_entry(gpointer data, gpointer user_data)
4963 {
4964     ObjectClass *oc = data;
4965     X86CPUClass *cc = X86_CPU_CLASS(oc);
4966     CpuDefinitionInfoList **cpu_list = user_data;
4967     CpuDefinitionInfoList *entry;
4968     CpuDefinitionInfo *info;
4969 
4970     info = g_malloc0(sizeof(*info));
4971     info->name = x86_cpu_class_get_model_name(cc);
4972     x86_cpu_class_check_missing_features(cc, &info->unavailable_features);
4973     info->has_unavailable_features = true;
4974     info->q_typename = g_strdup(object_class_get_name(oc));
4975     info->migration_safe = cc->migration_safe;
4976     info->has_migration_safe = true;
4977     info->q_static = cc->static_model;
4978     /*
4979      * Old machine types won't report aliases, so that alias translation
4980      * doesn't break compatibility with previous QEMU versions.
4981      */
4982     if (default_cpu_version != CPU_VERSION_LEGACY) {
4983         info->alias_of = x86_cpu_class_get_alias_of(cc);
4984         info->has_alias_of = !!info->alias_of;
4985     }
4986 
4987     entry = g_malloc0(sizeof(*entry));
4988     entry->value = info;
4989     entry->next = *cpu_list;
4990     *cpu_list = entry;
4991 }
4992 
4993 CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
4994 {
4995     CpuDefinitionInfoList *cpu_list = NULL;
4996     GSList *list = get_sorted_cpu_model_list();
4997     g_slist_foreach(list, x86_cpu_definition_entry, &cpu_list);
4998     g_slist_free(list);
4999     return cpu_list;
5000 }
5001 
5002 static uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
5003                                                    bool migratable_only)
5004 {
5005     FeatureWordInfo *wi = &feature_word_info[w];
5006     uint64_t r = 0;
5007 
5008     if (kvm_enabled()) {
5009         switch (wi->type) {
5010         case CPUID_FEATURE_WORD:
5011             r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid.eax,
5012                                                         wi->cpuid.ecx,
5013                                                         wi->cpuid.reg);
5014             break;
5015         case MSR_FEATURE_WORD:
5016             r = kvm_arch_get_supported_msr_feature(kvm_state,
5017                         wi->msr.index);
5018             break;
5019         }
5020     } else if (hvf_enabled()) {
5021         if (wi->type != CPUID_FEATURE_WORD) {
5022             return 0;
5023         }
5024         r = hvf_get_supported_cpuid(wi->cpuid.eax,
5025                                     wi->cpuid.ecx,
5026                                     wi->cpuid.reg);
5027     } else if (tcg_enabled()) {
5028         r = wi->tcg_features;
5029     } else {
5030         return ~0;
5031     }
5032     if (migratable_only) {
5033         r &= x86_cpu_get_migratable_flags(w);
5034     }
5035     return r;
5036 }
5037 
5038 static void x86_cpu_apply_props(X86CPU *cpu, PropValue *props)
5039 {
5040     PropValue *pv;
5041     for (pv = props; pv->prop; pv++) {
5042         if (!pv->value) {
5043             continue;
5044         }
5045         object_property_parse(OBJECT(cpu), pv->value, pv->prop,
5046                               &error_abort);
5047     }
5048 }
5049 
5050 /* Apply properties for the CPU model version specified in model */
5051 static void x86_cpu_apply_version_props(X86CPU *cpu, X86CPUModel *model)
5052 {
5053     const X86CPUVersionDefinition *vdef;
5054     X86CPUVersion version = x86_cpu_model_resolve_version(model);
5055 
5056     if (version == CPU_VERSION_LEGACY) {
5057         return;
5058     }
5059 
5060     for (vdef = x86_cpu_def_get_versions(model->cpudef); vdef->version; vdef++) {
5061         PropValue *p;
5062 
5063         for (p = vdef->props; p && p->prop; p++) {
5064             object_property_parse(OBJECT(cpu), p->value, p->prop,
5065                                   &error_abort);
5066         }
5067 
5068         if (vdef->version == version) {
5069             break;
5070         }
5071     }
5072 
5073     /*
5074      * If we reached the end of the list, version number was invalid
5075      */
5076     assert(vdef->version == version);
5077 }
5078 
5079 /* Load data from X86CPUDefinition into a X86CPU object
5080  */
5081 static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel *model)
5082 {
5083     X86CPUDefinition *def = model->cpudef;
5084     CPUX86State *env = &cpu->env;
5085     const char *vendor;
5086     char host_vendor[CPUID_VENDOR_SZ + 1];
5087     FeatureWord w;
5088 
5089     /*NOTE: any property set by this function should be returned by
5090      * x86_cpu_static_props(), so static expansion of
5091      * query-cpu-model-expansion is always complete.
5092      */
5093 
5094     /* CPU models only set _minimum_ values for level/xlevel: */
5095     object_property_set_uint(OBJECT(cpu), def->level, "min-level",
5096                              &error_abort);
5097     object_property_set_uint(OBJECT(cpu), def->xlevel, "min-xlevel",
5098                              &error_abort);
5099 
5100     object_property_set_int(OBJECT(cpu), def->family, "family",
5101                             &error_abort);
5102     object_property_set_int(OBJECT(cpu), def->model, "model",
5103                             &error_abort);
5104     object_property_set_int(OBJECT(cpu), def->stepping, "stepping",
5105                             &error_abort);
5106     object_property_set_str(OBJECT(cpu), def->model_id, "model-id",
5107                             &error_abort);
5108     for (w = 0; w < FEATURE_WORDS; w++) {
5109         env->features[w] = def->features[w];
5110     }
5111 
5112     /* legacy-cache defaults to 'off' if CPU model provides cache info */
5113     cpu->legacy_cache = !def->cache_info;
5114 
5115     /* Special cases not set in the X86CPUDefinition structs: */
5116     /* TODO: in-kernel irqchip for hvf */
5117     if (kvm_enabled()) {
5118         if (!kvm_irqchip_in_kernel()) {
5119             x86_cpu_change_kvm_default("x2apic", "off");
5120         }
5121 
5122         x86_cpu_apply_props(cpu, kvm_default_props);
5123     } else if (tcg_enabled()) {
5124         x86_cpu_apply_props(cpu, tcg_default_props);
5125     }
5126 
5127     env->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR;
5128 
5129     /* sysenter isn't supported in compatibility mode on AMD,
5130      * syscall isn't supported in compatibility mode on Intel.
5131      * Normally we advertise the actual CPU vendor, but you can
5132      * override this using the 'vendor' property if you want to use
5133      * KVM's sysenter/syscall emulation in compatibility mode and
5134      * when doing cross vendor migration
5135      */
5136     vendor = def->vendor;
5137     if (accel_uses_host_cpuid()) {
5138         uint32_t  ebx = 0, ecx = 0, edx = 0;
5139         host_cpuid(0, 0, NULL, &ebx, &ecx, &edx);
5140         x86_cpu_vendor_words2str(host_vendor, ebx, edx, ecx);
5141         vendor = host_vendor;
5142     }
5143 
5144     object_property_set_str(OBJECT(cpu), vendor, "vendor",
5145                             &error_abort);
5146 
5147     x86_cpu_apply_version_props(cpu, model);
5148 }
5149 
5150 #ifndef CONFIG_USER_ONLY
5151 /* Return a QDict containing keys for all properties that can be included
5152  * in static expansion of CPU models. All properties set by x86_cpu_load_model()
5153  * must be included in the dictionary.
5154  */
5155 static QDict *x86_cpu_static_props(void)
5156 {
5157     FeatureWord w;
5158     int i;
5159     static const char *props[] = {
5160         "min-level",
5161         "min-xlevel",
5162         "family",
5163         "model",
5164         "stepping",
5165         "model-id",
5166         "vendor",
5167         "lmce",
5168         NULL,
5169     };
5170     static QDict *d;
5171 
5172     if (d) {
5173         return d;
5174     }
5175 
5176     d = qdict_new();
5177     for (i = 0; props[i]; i++) {
5178         qdict_put_null(d, props[i]);
5179     }
5180 
5181     for (w = 0; w < FEATURE_WORDS; w++) {
5182         FeatureWordInfo *fi = &feature_word_info[w];
5183         int bit;
5184         for (bit = 0; bit < 64; bit++) {
5185             if (!fi->feat_names[bit]) {
5186                 continue;
5187             }
5188             qdict_put_null(d, fi->feat_names[bit]);
5189         }
5190     }
5191 
5192     return d;
5193 }
5194 
5195 /* Add an entry to @props dict, with the value for property. */
5196 static void x86_cpu_expand_prop(X86CPU *cpu, QDict *props, const char *prop)
5197 {
5198     QObject *value = object_property_get_qobject(OBJECT(cpu), prop,
5199                                                  &error_abort);
5200 
5201     qdict_put_obj(props, prop, value);
5202 }
5203 
5204 /* Convert CPU model data from X86CPU object to a property dictionary
5205  * that can recreate exactly the same CPU model.
5206  */
5207 static void x86_cpu_to_dict(X86CPU *cpu, QDict *props)
5208 {
5209     QDict *sprops = x86_cpu_static_props();
5210     const QDictEntry *e;
5211 
5212     for (e = qdict_first(sprops); e; e = qdict_next(sprops, e)) {
5213         const char *prop = qdict_entry_key(e);
5214         x86_cpu_expand_prop(cpu, props, prop);
5215     }
5216 }
5217 
5218 /* Convert CPU model data from X86CPU object to a property dictionary
5219  * that can recreate exactly the same CPU model, including every
5220  * writeable QOM property.
5221  */
5222 static void x86_cpu_to_dict_full(X86CPU *cpu, QDict *props)
5223 {
5224     ObjectPropertyIterator iter;
5225     ObjectProperty *prop;
5226 
5227     object_property_iter_init(&iter, OBJECT(cpu));
5228     while ((prop = object_property_iter_next(&iter))) {
5229         /* skip read-only or write-only properties */
5230         if (!prop->get || !prop->set) {
5231             continue;
5232         }
5233 
5234         /* "hotplugged" is the only property that is configurable
5235          * on the command-line but will be set differently on CPUs
5236          * created using "-cpu ... -smp ..." and by CPUs created
5237          * on the fly by x86_cpu_from_model() for querying. Skip it.
5238          */
5239         if (!strcmp(prop->name, "hotplugged")) {
5240             continue;
5241         }
5242         x86_cpu_expand_prop(cpu, props, prop->name);
5243     }
5244 }
5245 
5246 static void object_apply_props(Object *obj, QDict *props, Error **errp)
5247 {
5248     const QDictEntry *prop;
5249     Error *err = NULL;
5250 
5251     for (prop = qdict_first(props); prop; prop = qdict_next(props, prop)) {
5252         object_property_set_qobject(obj, qdict_entry_value(prop),
5253                                          qdict_entry_key(prop), &err);
5254         if (err) {
5255             break;
5256         }
5257     }
5258 
5259     error_propagate(errp, err);
5260 }
5261 
5262 /* Create X86CPU object according to model+props specification */
5263 static X86CPU *x86_cpu_from_model(const char *model, QDict *props, Error **errp)
5264 {
5265     X86CPU *xc = NULL;
5266     X86CPUClass *xcc;
5267     Error *err = NULL;
5268 
5269     xcc = X86_CPU_CLASS(cpu_class_by_name(TYPE_X86_CPU, model));
5270     if (xcc == NULL) {
5271         error_setg(&err, "CPU model '%s' not found", model);
5272         goto out;
5273     }
5274 
5275     xc = X86_CPU(object_new_with_class(OBJECT_CLASS(xcc)));
5276     if (props) {
5277         object_apply_props(OBJECT(xc), props, &err);
5278         if (err) {
5279             goto out;
5280         }
5281     }
5282 
5283     x86_cpu_expand_features(xc, &err);
5284     if (err) {
5285         goto out;
5286     }
5287 
5288 out:
5289     if (err) {
5290         error_propagate(errp, err);
5291         object_unref(OBJECT(xc));
5292         xc = NULL;
5293     }
5294     return xc;
5295 }
5296 
5297 CpuModelExpansionInfo *
5298 qmp_query_cpu_model_expansion(CpuModelExpansionType type,
5299                                                       CpuModelInfo *model,
5300                                                       Error **errp)
5301 {
5302     X86CPU *xc = NULL;
5303     Error *err = NULL;
5304     CpuModelExpansionInfo *ret = g_new0(CpuModelExpansionInfo, 1);
5305     QDict *props = NULL;
5306     const char *base_name;
5307 
5308     xc = x86_cpu_from_model(model->name,
5309                             model->has_props ?
5310                                 qobject_to(QDict, model->props) :
5311                                 NULL, &err);
5312     if (err) {
5313         goto out;
5314     }
5315 
5316     props = qdict_new();
5317     ret->model = g_new0(CpuModelInfo, 1);
5318     ret->model->props = QOBJECT(props);
5319     ret->model->has_props = true;
5320 
5321     switch (type) {
5322     case CPU_MODEL_EXPANSION_TYPE_STATIC:
5323         /* Static expansion will be based on "base" only */
5324         base_name = "base";
5325         x86_cpu_to_dict(xc, props);
5326     break;
5327     case CPU_MODEL_EXPANSION_TYPE_FULL:
5328         /* As we don't return every single property, full expansion needs
5329          * to keep the original model name+props, and add extra
5330          * properties on top of that.
5331          */
5332         base_name = model->name;
5333         x86_cpu_to_dict_full(xc, props);
5334     break;
5335     default:
5336         error_setg(&err, "Unsupported expansion type");
5337         goto out;
5338     }
5339 
5340     x86_cpu_to_dict(xc, props);
5341 
5342     ret->model->name = g_strdup(base_name);
5343 
5344 out:
5345     object_unref(OBJECT(xc));
5346     if (err) {
5347         error_propagate(errp, err);
5348         qapi_free_CpuModelExpansionInfo(ret);
5349         ret = NULL;
5350     }
5351     return ret;
5352 }
5353 #endif  /* !CONFIG_USER_ONLY */
5354 
5355 static gchar *x86_gdb_arch_name(CPUState *cs)
5356 {
5357 #ifdef TARGET_X86_64
5358     return g_strdup("i386:x86-64");
5359 #else
5360     return g_strdup("i386");
5361 #endif
5362 }
5363 
5364 static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
5365 {
5366     X86CPUModel *model = data;
5367     X86CPUClass *xcc = X86_CPU_CLASS(oc);
5368 
5369     xcc->model = model;
5370     xcc->migration_safe = true;
5371 }
5372 
5373 static void x86_register_cpu_model_type(const char *name, X86CPUModel *model)
5374 {
5375     g_autofree char *typename = x86_cpu_type_name(name);
5376     TypeInfo ti = {
5377         .name = typename,
5378         .parent = TYPE_X86_CPU,
5379         .class_init = x86_cpu_cpudef_class_init,
5380         .class_data = model,
5381     };
5382 
5383     type_register(&ti);
5384 }
5385 
5386 static void x86_register_cpudef_types(X86CPUDefinition *def)
5387 {
5388     X86CPUModel *m;
5389     const X86CPUVersionDefinition *vdef;
5390 
5391     /* AMD aliases are handled at runtime based on CPUID vendor, so
5392      * they shouldn't be set on the CPU model table.
5393      */
5394     assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
5395     /* catch mistakes instead of silently truncating model_id when too long */
5396     assert(def->model_id && strlen(def->model_id) <= 48);
5397 
5398     /* Unversioned model: */
5399     m = g_new0(X86CPUModel, 1);
5400     m->cpudef = def;
5401     m->version = CPU_VERSION_AUTO;
5402     m->is_alias = true;
5403     x86_register_cpu_model_type(def->name, m);
5404 
5405     /* Versioned models: */
5406 
5407     for (vdef = x86_cpu_def_get_versions(def); vdef->version; vdef++) {
5408         X86CPUModel *m = g_new0(X86CPUModel, 1);
5409         g_autofree char *name =
5410             x86_cpu_versioned_model_name(def, vdef->version);
5411         m->cpudef = def;
5412         m->version = vdef->version;
5413         m->note = vdef->note;
5414         x86_register_cpu_model_type(name, m);
5415 
5416         if (vdef->alias) {
5417             X86CPUModel *am = g_new0(X86CPUModel, 1);
5418             am->cpudef = def;
5419             am->version = vdef->version;
5420             am->is_alias = true;
5421             x86_register_cpu_model_type(vdef->alias, am);
5422         }
5423     }
5424 
5425 }
5426 
5427 #if !defined(CONFIG_USER_ONLY)
5428 
5429 void cpu_clear_apic_feature(CPUX86State *env)
5430 {
5431     env->features[FEAT_1_EDX] &= ~CPUID_APIC;
5432 }
5433 
5434 #endif /* !CONFIG_USER_ONLY */
5435 
5436 void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
5437                    uint32_t *eax, uint32_t *ebx,
5438                    uint32_t *ecx, uint32_t *edx)
5439 {
5440     X86CPU *cpu = env_archcpu(env);
5441     CPUState *cs = env_cpu(env);
5442     uint32_t die_offset;
5443     uint32_t limit;
5444     uint32_t signature[3];
5445     X86CPUTopoInfo topo_info;
5446 
5447     topo_info.nodes_per_pkg = env->nr_nodes;
5448     topo_info.dies_per_pkg = env->nr_dies;
5449     topo_info.cores_per_die = cs->nr_cores;
5450     topo_info.threads_per_core = cs->nr_threads;
5451 
5452     /* Calculate & apply limits for different index ranges */
5453     if (index >= 0xC0000000) {
5454         limit = env->cpuid_xlevel2;
5455     } else if (index >= 0x80000000) {
5456         limit = env->cpuid_xlevel;
5457     } else if (index >= 0x40000000) {
5458         limit = 0x40000001;
5459     } else {
5460         limit = env->cpuid_level;
5461     }
5462 
5463     if (index > limit) {
5464         /* Intel documentation states that invalid EAX input will
5465          * return the same information as EAX=cpuid_level
5466          * (Intel SDM Vol. 2A - Instruction Set Reference - CPUID)
5467          */
5468         index = env->cpuid_level;
5469     }
5470 
5471     switch(index) {
5472     case 0:
5473         *eax = env->cpuid_level;
5474         *ebx = env->cpuid_vendor1;
5475         *edx = env->cpuid_vendor2;
5476         *ecx = env->cpuid_vendor3;
5477         break;
5478     case 1:
5479         *eax = env->cpuid_version;
5480         *ebx = (cpu->apic_id << 24) |
5481                8 << 8; /* CLFLUSH size in quad words, Linux wants it. */
5482         *ecx = env->features[FEAT_1_ECX];
5483         if ((*ecx & CPUID_EXT_XSAVE) && (env->cr[4] & CR4_OSXSAVE_MASK)) {
5484             *ecx |= CPUID_EXT_OSXSAVE;
5485         }
5486         *edx = env->features[FEAT_1_EDX];
5487         if (cs->nr_cores * cs->nr_threads > 1) {
5488             *ebx |= (cs->nr_cores * cs->nr_threads) << 16;
5489             *edx |= CPUID_HT;
5490         }
5491         break;
5492     case 2:
5493         /* cache info: needed for Pentium Pro compatibility */
5494         if (cpu->cache_info_passthrough) {
5495             host_cpuid(index, 0, eax, ebx, ecx, edx);
5496             break;
5497         }
5498         *eax = 1; /* Number of CPUID[EAX=2] calls required */
5499         *ebx = 0;
5500         if (!cpu->enable_l3_cache) {
5501             *ecx = 0;
5502         } else {
5503             *ecx = cpuid2_cache_descriptor(env->cache_info_cpuid2.l3_cache);
5504         }
5505         *edx = (cpuid2_cache_descriptor(env->cache_info_cpuid2.l1d_cache) << 16) |
5506                (cpuid2_cache_descriptor(env->cache_info_cpuid2.l1i_cache) <<  8) |
5507                (cpuid2_cache_descriptor(env->cache_info_cpuid2.l2_cache));
5508         break;
5509     case 4:
5510         /* cache info: needed for Core compatibility */
5511         if (cpu->cache_info_passthrough) {
5512             host_cpuid(index, count, eax, ebx, ecx, edx);
5513             /* QEMU gives out its own APIC IDs, never pass down bits 31..26.  */
5514             *eax &= ~0xFC000000;
5515             if ((*eax & 31) && cs->nr_cores > 1) {
5516                 *eax |= (cs->nr_cores - 1) << 26;
5517             }
5518         } else {
5519             *eax = 0;
5520             switch (count) {
5521             case 0: /* L1 dcache info */
5522                 encode_cache_cpuid4(env->cache_info_cpuid4.l1d_cache,
5523                                     1, cs->nr_cores,
5524                                     eax, ebx, ecx, edx);
5525                 break;
5526             case 1: /* L1 icache info */
5527                 encode_cache_cpuid4(env->cache_info_cpuid4.l1i_cache,
5528                                     1, cs->nr_cores,
5529                                     eax, ebx, ecx, edx);
5530                 break;
5531             case 2: /* L2 cache info */
5532                 encode_cache_cpuid4(env->cache_info_cpuid4.l2_cache,
5533                                     cs->nr_threads, cs->nr_cores,
5534                                     eax, ebx, ecx, edx);
5535                 break;
5536             case 3: /* L3 cache info */
5537                 die_offset = apicid_die_offset(&topo_info);
5538                 if (cpu->enable_l3_cache) {
5539                     encode_cache_cpuid4(env->cache_info_cpuid4.l3_cache,
5540                                         (1 << die_offset), cs->nr_cores,
5541                                         eax, ebx, ecx, edx);
5542                     break;
5543                 }
5544                 /* fall through */
5545             default: /* end of info */
5546                 *eax = *ebx = *ecx = *edx = 0;
5547                 break;
5548             }
5549         }
5550         break;
5551     case 5:
5552         /* MONITOR/MWAIT Leaf */
5553         *eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
5554         *ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
5555         *ecx = cpu->mwait.ecx; /* flags */
5556         *edx = cpu->mwait.edx; /* mwait substates */
5557         break;
5558     case 6:
5559         /* Thermal and Power Leaf */
5560         *eax = env->features[FEAT_6_EAX];
5561         *ebx = 0;
5562         *ecx = 0;
5563         *edx = 0;
5564         break;
5565     case 7:
5566         /* Structured Extended Feature Flags Enumeration Leaf */
5567         if (count == 0) {
5568             /* Maximum ECX value for sub-leaves */
5569             *eax = env->cpuid_level_func7;
5570             *ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */
5571             *ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */
5572             if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) {
5573                 *ecx |= CPUID_7_0_ECX_OSPKE;
5574             }
5575             *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
5576         } else if (count == 1) {
5577             *eax = env->features[FEAT_7_1_EAX];
5578             *ebx = 0;
5579             *ecx = 0;
5580             *edx = 0;
5581         } else {
5582             *eax = 0;
5583             *ebx = 0;
5584             *ecx = 0;
5585             *edx = 0;
5586         }
5587         break;
5588     case 9:
5589         /* Direct Cache Access Information Leaf */
5590         *eax = 0; /* Bits 0-31 in DCA_CAP MSR */
5591         *ebx = 0;
5592         *ecx = 0;
5593         *edx = 0;
5594         break;
5595     case 0xA:
5596         /* Architectural Performance Monitoring Leaf */
5597         if (kvm_enabled() && cpu->enable_pmu) {
5598             KVMState *s = cs->kvm_state;
5599 
5600             *eax = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EAX);
5601             *ebx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EBX);
5602             *ecx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_ECX);
5603             *edx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EDX);
5604         } else if (hvf_enabled() && cpu->enable_pmu) {
5605             *eax = hvf_get_supported_cpuid(0xA, count, R_EAX);
5606             *ebx = hvf_get_supported_cpuid(0xA, count, R_EBX);
5607             *ecx = hvf_get_supported_cpuid(0xA, count, R_ECX);
5608             *edx = hvf_get_supported_cpuid(0xA, count, R_EDX);
5609         } else {
5610             *eax = 0;
5611             *ebx = 0;
5612             *ecx = 0;
5613             *edx = 0;
5614         }
5615         break;
5616     case 0xB:
5617         /* Extended Topology Enumeration Leaf */
5618         if (!cpu->enable_cpuid_0xb) {
5619                 *eax = *ebx = *ecx = *edx = 0;
5620                 break;
5621         }
5622 
5623         *ecx = count & 0xff;
5624         *edx = cpu->apic_id;
5625 
5626         switch (count) {
5627         case 0:
5628             *eax = apicid_core_offset(&topo_info);
5629             *ebx = cs->nr_threads;
5630             *ecx |= CPUID_TOPOLOGY_LEVEL_SMT;
5631             break;
5632         case 1:
5633             *eax = env->pkg_offset;
5634             *ebx = cs->nr_cores * cs->nr_threads;
5635             *ecx |= CPUID_TOPOLOGY_LEVEL_CORE;
5636             break;
5637         default:
5638             *eax = 0;
5639             *ebx = 0;
5640             *ecx |= CPUID_TOPOLOGY_LEVEL_INVALID;
5641         }
5642 
5643         assert(!(*eax & ~0x1f));
5644         *ebx &= 0xffff; /* The count doesn't need to be reliable. */
5645         break;
5646     case 0x1F:
5647         /* V2 Extended Topology Enumeration Leaf */
5648         if (env->nr_dies < 2) {
5649             *eax = *ebx = *ecx = *edx = 0;
5650             break;
5651         }
5652 
5653         *ecx = count & 0xff;
5654         *edx = cpu->apic_id;
5655         switch (count) {
5656         case 0:
5657             *eax = apicid_core_offset(&topo_info);
5658             *ebx = cs->nr_threads;
5659             *ecx |= CPUID_TOPOLOGY_LEVEL_SMT;
5660             break;
5661         case 1:
5662             *eax = apicid_die_offset(&topo_info);
5663             *ebx = cs->nr_cores * cs->nr_threads;
5664             *ecx |= CPUID_TOPOLOGY_LEVEL_CORE;
5665             break;
5666         case 2:
5667             *eax = env->pkg_offset;
5668             *ebx = env->nr_dies * cs->nr_cores * cs->nr_threads;
5669             *ecx |= CPUID_TOPOLOGY_LEVEL_DIE;
5670             break;
5671         default:
5672             *eax = 0;
5673             *ebx = 0;
5674             *ecx |= CPUID_TOPOLOGY_LEVEL_INVALID;
5675         }
5676         assert(!(*eax & ~0x1f));
5677         *ebx &= 0xffff; /* The count doesn't need to be reliable. */
5678         break;
5679     case 0xD: {
5680         /* Processor Extended State */
5681         *eax = 0;
5682         *ebx = 0;
5683         *ecx = 0;
5684         *edx = 0;
5685         if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
5686             break;
5687         }
5688 
5689         if (count == 0) {
5690             *ecx = xsave_area_size(x86_cpu_xsave_components(cpu));
5691             *eax = env->features[FEAT_XSAVE_COMP_LO];
5692             *edx = env->features[FEAT_XSAVE_COMP_HI];
5693             /*
5694              * The initial value of xcr0 and ebx == 0, On host without kvm
5695              * commit 412a3c41(e.g., CentOS 6), the ebx's value always == 0
5696              * even through guest update xcr0, this will crash some legacy guest
5697              * (e.g., CentOS 6), So set ebx == ecx to workaroud it.
5698              */
5699             *ebx = kvm_enabled() ? *ecx : xsave_area_size(env->xcr0);
5700         } else if (count == 1) {
5701             *eax = env->features[FEAT_XSAVE];
5702         } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
5703             if ((x86_cpu_xsave_components(cpu) >> count) & 1) {
5704                 const ExtSaveArea *esa = &x86_ext_save_areas[count];
5705                 *eax = esa->size;
5706                 *ebx = esa->offset;
5707             }
5708         }
5709         break;
5710     }
5711     case 0x14: {
5712         /* Intel Processor Trace Enumeration */
5713         *eax = 0;
5714         *ebx = 0;
5715         *ecx = 0;
5716         *edx = 0;
5717         if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) ||
5718             !kvm_enabled()) {
5719             break;
5720         }
5721 
5722         if (count == 0) {
5723             *eax = INTEL_PT_MAX_SUBLEAF;
5724             *ebx = INTEL_PT_MINIMAL_EBX;
5725             *ecx = INTEL_PT_MINIMAL_ECX;
5726         } else if (count == 1) {
5727             *eax = INTEL_PT_MTC_BITMAP | INTEL_PT_ADDR_RANGES_NUM;
5728             *ebx = INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP;
5729         }
5730         break;
5731     }
5732     case 0x40000000:
5733         /*
5734          * CPUID code in kvm_arch_init_vcpu() ignores stuff
5735          * set here, but we restrict to TCG none the less.
5736          */
5737         if (tcg_enabled() && cpu->expose_tcg) {
5738             memcpy(signature, "TCGTCGTCGTCG", 12);
5739             *eax = 0x40000001;
5740             *ebx = signature[0];
5741             *ecx = signature[1];
5742             *edx = signature[2];
5743         } else {
5744             *eax = 0;
5745             *ebx = 0;
5746             *ecx = 0;
5747             *edx = 0;
5748         }
5749         break;
5750     case 0x40000001:
5751         *eax = 0;
5752         *ebx = 0;
5753         *ecx = 0;
5754         *edx = 0;
5755         break;
5756     case 0x80000000:
5757         *eax = env->cpuid_xlevel;
5758         *ebx = env->cpuid_vendor1;
5759         *edx = env->cpuid_vendor2;
5760         *ecx = env->cpuid_vendor3;
5761         break;
5762     case 0x80000001:
5763         *eax = env->cpuid_version;
5764         *ebx = 0;
5765         *ecx = env->features[FEAT_8000_0001_ECX];
5766         *edx = env->features[FEAT_8000_0001_EDX];
5767 
5768         /* The Linux kernel checks for the CMPLegacy bit and
5769          * discards multiple thread information if it is set.
5770          * So don't set it here for Intel to make Linux guests happy.
5771          */
5772         if (cs->nr_cores * cs->nr_threads > 1) {
5773             if (env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1 ||
5774                 env->cpuid_vendor2 != CPUID_VENDOR_INTEL_2 ||
5775                 env->cpuid_vendor3 != CPUID_VENDOR_INTEL_3) {
5776                 *ecx |= 1 << 1;    /* CmpLegacy bit */
5777             }
5778         }
5779         break;
5780     case 0x80000002:
5781     case 0x80000003:
5782     case 0x80000004:
5783         *eax = env->cpuid_model[(index - 0x80000002) * 4 + 0];
5784         *ebx = env->cpuid_model[(index - 0x80000002) * 4 + 1];
5785         *ecx = env->cpuid_model[(index - 0x80000002) * 4 + 2];
5786         *edx = env->cpuid_model[(index - 0x80000002) * 4 + 3];
5787         break;
5788     case 0x80000005:
5789         /* cache info (L1 cache) */
5790         if (cpu->cache_info_passthrough) {
5791             host_cpuid(index, 0, eax, ebx, ecx, edx);
5792             break;
5793         }
5794         *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) |
5795                (L1_ITLB_2M_ASSOC <<  8) | (L1_ITLB_2M_ENTRIES);
5796         *ebx = (L1_DTLB_4K_ASSOC << 24) | (L1_DTLB_4K_ENTRIES << 16) |
5797                (L1_ITLB_4K_ASSOC <<  8) | (L1_ITLB_4K_ENTRIES);
5798         *ecx = encode_cache_cpuid80000005(env->cache_info_amd.l1d_cache);
5799         *edx = encode_cache_cpuid80000005(env->cache_info_amd.l1i_cache);
5800         break;
5801     case 0x80000006:
5802         /* cache info (L2 cache) */
5803         if (cpu->cache_info_passthrough) {
5804             host_cpuid(index, 0, eax, ebx, ecx, edx);
5805             break;
5806         }
5807         *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) |
5808                (L2_DTLB_2M_ENTRIES << 16) |
5809                (AMD_ENC_ASSOC(L2_ITLB_2M_ASSOC) << 12) |
5810                (L2_ITLB_2M_ENTRIES);
5811         *ebx = (AMD_ENC_ASSOC(L2_DTLB_4K_ASSOC) << 28) |
5812                (L2_DTLB_4K_ENTRIES << 16) |
5813                (AMD_ENC_ASSOC(L2_ITLB_4K_ASSOC) << 12) |
5814                (L2_ITLB_4K_ENTRIES);
5815         encode_cache_cpuid80000006(env->cache_info_amd.l2_cache,
5816                                    cpu->enable_l3_cache ?
5817                                    env->cache_info_amd.l3_cache : NULL,
5818                                    ecx, edx);
5819         break;
5820     case 0x80000007:
5821         *eax = 0;
5822         *ebx = 0;
5823         *ecx = 0;
5824         *edx = env->features[FEAT_8000_0007_EDX];
5825         break;
5826     case 0x80000008:
5827         /* virtual & phys address size in low 2 bytes. */
5828         if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
5829             /* 64 bit processor */
5830             *eax = cpu->phys_bits; /* configurable physical bits */
5831             if  (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_LA57) {
5832                 *eax |= 0x00003900; /* 57 bits virtual */
5833             } else {
5834                 *eax |= 0x00003000; /* 48 bits virtual */
5835             }
5836         } else {
5837             *eax = cpu->phys_bits;
5838         }
5839         *ebx = env->features[FEAT_8000_0008_EBX];
5840         *ecx = 0;
5841         *edx = 0;
5842         if (cs->nr_cores * cs->nr_threads > 1) {
5843             *ecx |= (cs->nr_cores * cs->nr_threads) - 1;
5844         }
5845         break;
5846     case 0x8000000A:
5847         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
5848             *eax = 0x00000001; /* SVM Revision */
5849             *ebx = 0x00000010; /* nr of ASIDs */
5850             *ecx = 0;
5851             *edx = env->features[FEAT_SVM]; /* optional features */
5852         } else {
5853             *eax = 0;
5854             *ebx = 0;
5855             *ecx = 0;
5856             *edx = 0;
5857         }
5858         break;
5859     case 0x8000001D:
5860         *eax = 0;
5861         if (cpu->cache_info_passthrough) {
5862             host_cpuid(index, count, eax, ebx, ecx, edx);
5863             break;
5864         }
5865         switch (count) {
5866         case 0: /* L1 dcache info */
5867             encode_cache_cpuid8000001d(env->cache_info_amd.l1d_cache,
5868                                        &topo_info, eax, ebx, ecx, edx);
5869             break;
5870         case 1: /* L1 icache info */
5871             encode_cache_cpuid8000001d(env->cache_info_amd.l1i_cache,
5872                                        &topo_info, eax, ebx, ecx, edx);
5873             break;
5874         case 2: /* L2 cache info */
5875             encode_cache_cpuid8000001d(env->cache_info_amd.l2_cache,
5876                                        &topo_info, eax, ebx, ecx, edx);
5877             break;
5878         case 3: /* L3 cache info */
5879             encode_cache_cpuid8000001d(env->cache_info_amd.l3_cache,
5880                                        &topo_info, eax, ebx, ecx, edx);
5881             break;
5882         default: /* end of info */
5883             *eax = *ebx = *ecx = *edx = 0;
5884             break;
5885         }
5886         break;
5887     case 0x8000001E:
5888         assert(cpu->core_id <= 255);
5889         encode_topo_cpuid8000001e(&topo_info, cpu, eax, ebx, ecx, edx);
5890         break;
5891     case 0xC0000000:
5892         *eax = env->cpuid_xlevel2;
5893         *ebx = 0;
5894         *ecx = 0;
5895         *edx = 0;
5896         break;
5897     case 0xC0000001:
5898         /* Support for VIA CPU's CPUID instruction */
5899         *eax = env->cpuid_version;
5900         *ebx = 0;
5901         *ecx = 0;
5902         *edx = env->features[FEAT_C000_0001_EDX];
5903         break;
5904     case 0xC0000002:
5905     case 0xC0000003:
5906     case 0xC0000004:
5907         /* Reserved for the future, and now filled with zero */
5908         *eax = 0;
5909         *ebx = 0;
5910         *ecx = 0;
5911         *edx = 0;
5912         break;
5913     case 0x8000001F:
5914         *eax = sev_enabled() ? 0x2 : 0;
5915         *ebx = sev_get_cbit_position();
5916         *ebx |= sev_get_reduced_phys_bits() << 6;
5917         *ecx = 0;
5918         *edx = 0;
5919         break;
5920     default:
5921         /* reserved values: zero */
5922         *eax = 0;
5923         *ebx = 0;
5924         *ecx = 0;
5925         *edx = 0;
5926         break;
5927     }
5928 }
5929 
5930 static void x86_cpu_reset(DeviceState *dev)
5931 {
5932     CPUState *s = CPU(dev);
5933     X86CPU *cpu = X86_CPU(s);
5934     X86CPUClass *xcc = X86_CPU_GET_CLASS(cpu);
5935     CPUX86State *env = &cpu->env;
5936     target_ulong cr4;
5937     uint64_t xcr0;
5938     int i;
5939 
5940     xcc->parent_reset(dev);
5941 
5942     memset(env, 0, offsetof(CPUX86State, end_reset_fields));
5943 
5944     env->old_exception = -1;
5945 
5946     /* init to reset state */
5947 
5948     env->hflags2 |= HF2_GIF_MASK;
5949 
5950     cpu_x86_update_cr0(env, 0x60000010);
5951     env->a20_mask = ~0x0;
5952     env->smbase = 0x30000;
5953     env->msr_smi_count = 0;
5954 
5955     env->idt.limit = 0xffff;
5956     env->gdt.limit = 0xffff;
5957     env->ldt.limit = 0xffff;
5958     env->ldt.flags = DESC_P_MASK | (2 << DESC_TYPE_SHIFT);
5959     env->tr.limit = 0xffff;
5960     env->tr.flags = DESC_P_MASK | (11 << DESC_TYPE_SHIFT);
5961 
5962     cpu_x86_load_seg_cache(env, R_CS, 0xf000, 0xffff0000, 0xffff,
5963                            DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
5964                            DESC_R_MASK | DESC_A_MASK);
5965     cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffff,
5966                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5967                            DESC_A_MASK);
5968     cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0xffff,
5969                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5970                            DESC_A_MASK);
5971     cpu_x86_load_seg_cache(env, R_SS, 0, 0, 0xffff,
5972                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5973                            DESC_A_MASK);
5974     cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0xffff,
5975                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5976                            DESC_A_MASK);
5977     cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0xffff,
5978                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5979                            DESC_A_MASK);
5980 
5981     env->eip = 0xfff0;
5982     env->regs[R_EDX] = env->cpuid_version;
5983 
5984     env->eflags = 0x2;
5985 
5986     /* FPU init */
5987     for (i = 0; i < 8; i++) {
5988         env->fptags[i] = 1;
5989     }
5990     cpu_set_fpuc(env, 0x37f);
5991 
5992     env->mxcsr = 0x1f80;
5993     /* All units are in INIT state.  */
5994     env->xstate_bv = 0;
5995 
5996     env->pat = 0x0007040600070406ULL;
5997     env->msr_ia32_misc_enable = MSR_IA32_MISC_ENABLE_DEFAULT;
5998     if (env->features[FEAT_1_ECX] & CPUID_EXT_MONITOR) {
5999         env->msr_ia32_misc_enable |= MSR_IA32_MISC_ENABLE_MWAIT;
6000     }
6001 
6002     memset(env->dr, 0, sizeof(env->dr));
6003     env->dr[6] = DR6_FIXED_1;
6004     env->dr[7] = DR7_FIXED_1;
6005     cpu_breakpoint_remove_all(s, BP_CPU);
6006     cpu_watchpoint_remove_all(s, BP_CPU);
6007 
6008     cr4 = 0;
6009     xcr0 = XSTATE_FP_MASK;
6010 
6011 #ifdef CONFIG_USER_ONLY
6012     /* Enable all the features for user-mode.  */
6013     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
6014         xcr0 |= XSTATE_SSE_MASK;
6015     }
6016     for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
6017         const ExtSaveArea *esa = &x86_ext_save_areas[i];
6018         if (env->features[esa->feature] & esa->bits) {
6019             xcr0 |= 1ull << i;
6020         }
6021     }
6022 
6023     if (env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) {
6024         cr4 |= CR4_OSFXSR_MASK | CR4_OSXSAVE_MASK;
6025     }
6026     if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_FSGSBASE) {
6027         cr4 |= CR4_FSGSBASE_MASK;
6028     }
6029 #endif
6030 
6031     env->xcr0 = xcr0;
6032     cpu_x86_update_cr4(env, cr4);
6033 
6034     /*
6035      * SDM 11.11.5 requires:
6036      *  - IA32_MTRR_DEF_TYPE MSR.E = 0
6037      *  - IA32_MTRR_PHYSMASKn.V = 0
6038      * All other bits are undefined.  For simplification, zero it all.
6039      */
6040     env->mtrr_deftype = 0;
6041     memset(env->mtrr_var, 0, sizeof(env->mtrr_var));
6042     memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
6043 
6044     env->interrupt_injected = -1;
6045     env->exception_nr = -1;
6046     env->exception_pending = 0;
6047     env->exception_injected = 0;
6048     env->exception_has_payload = false;
6049     env->exception_payload = 0;
6050     env->nmi_injected = false;
6051 #if !defined(CONFIG_USER_ONLY)
6052     /* We hard-wire the BSP to the first CPU. */
6053     apic_designate_bsp(cpu->apic_state, s->cpu_index == 0);
6054 
6055     s->halted = !cpu_is_bsp(cpu);
6056 
6057     if (kvm_enabled()) {
6058         kvm_arch_reset_vcpu(cpu);
6059     }
6060     else if (hvf_enabled()) {
6061         hvf_reset_vcpu(s);
6062     }
6063 #endif
6064 }
6065 
6066 #ifndef CONFIG_USER_ONLY
6067 bool cpu_is_bsp(X86CPU *cpu)
6068 {
6069     return cpu_get_apic_base(cpu->apic_state) & MSR_IA32_APICBASE_BSP;
6070 }
6071 
6072 /* TODO: remove me, when reset over QOM tree is implemented */
6073 static void x86_cpu_machine_reset_cb(void *opaque)
6074 {
6075     X86CPU *cpu = opaque;
6076     cpu_reset(CPU(cpu));
6077 }
6078 #endif
6079 
6080 static void mce_init(X86CPU *cpu)
6081 {
6082     CPUX86State *cenv = &cpu->env;
6083     unsigned int bank;
6084 
6085     if (((cenv->cpuid_version >> 8) & 0xf) >= 6
6086         && (cenv->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
6087             (CPUID_MCE | CPUID_MCA)) {
6088         cenv->mcg_cap = MCE_CAP_DEF | MCE_BANKS_DEF |
6089                         (cpu->enable_lmce ? MCG_LMCE_P : 0);
6090         cenv->mcg_ctl = ~(uint64_t)0;
6091         for (bank = 0; bank < MCE_BANKS_DEF; bank++) {
6092             cenv->mce_banks[bank * 4] = ~(uint64_t)0;
6093         }
6094     }
6095 }
6096 
6097 #ifndef CONFIG_USER_ONLY
6098 APICCommonClass *apic_get_class(void)
6099 {
6100     const char *apic_type = "apic";
6101 
6102     /* TODO: in-kernel irqchip for hvf */
6103     if (kvm_apic_in_kernel()) {
6104         apic_type = "kvm-apic";
6105     } else if (xen_enabled()) {
6106         apic_type = "xen-apic";
6107     }
6108 
6109     return APIC_COMMON_CLASS(object_class_by_name(apic_type));
6110 }
6111 
6112 static void x86_cpu_apic_create(X86CPU *cpu, Error **errp)
6113 {
6114     APICCommonState *apic;
6115     ObjectClass *apic_class = OBJECT_CLASS(apic_get_class());
6116 
6117     cpu->apic_state = DEVICE(object_new_with_class(apic_class));
6118 
6119     object_property_add_child(OBJECT(cpu), "lapic",
6120                               OBJECT(cpu->apic_state));
6121     object_unref(OBJECT(cpu->apic_state));
6122 
6123     qdev_prop_set_uint32(cpu->apic_state, "id", cpu->apic_id);
6124     /* TODO: convert to link<> */
6125     apic = APIC_COMMON(cpu->apic_state);
6126     apic->cpu = cpu;
6127     apic->apicbase = APIC_DEFAULT_ADDRESS | MSR_IA32_APICBASE_ENABLE;
6128 }
6129 
6130 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
6131 {
6132     APICCommonState *apic;
6133     static bool apic_mmio_map_once;
6134 
6135     if (cpu->apic_state == NULL) {
6136         return;
6137     }
6138     object_property_set_bool(OBJECT(cpu->apic_state), true, "realized",
6139                              errp);
6140 
6141     /* Map APIC MMIO area */
6142     apic = APIC_COMMON(cpu->apic_state);
6143     if (!apic_mmio_map_once) {
6144         memory_region_add_subregion_overlap(get_system_memory(),
6145                                             apic->apicbase &
6146                                             MSR_IA32_APICBASE_BASE,
6147                                             &apic->io_memory,
6148                                             0x1000);
6149         apic_mmio_map_once = true;
6150      }
6151 }
6152 
6153 static void x86_cpu_machine_done(Notifier *n, void *unused)
6154 {
6155     X86CPU *cpu = container_of(n, X86CPU, machine_done);
6156     MemoryRegion *smram =
6157         (MemoryRegion *) object_resolve_path("/machine/smram", NULL);
6158 
6159     if (smram) {
6160         cpu->smram = g_new(MemoryRegion, 1);
6161         memory_region_init_alias(cpu->smram, OBJECT(cpu), "smram",
6162                                  smram, 0, 1ull << 32);
6163         memory_region_set_enabled(cpu->smram, true);
6164         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->smram, 1);
6165     }
6166 }
6167 #else
6168 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
6169 {
6170 }
6171 #endif
6172 
6173 /* Note: Only safe for use on x86(-64) hosts */
6174 static uint32_t x86_host_phys_bits(void)
6175 {
6176     uint32_t eax;
6177     uint32_t host_phys_bits;
6178 
6179     host_cpuid(0x80000000, 0, &eax, NULL, NULL, NULL);
6180     if (eax >= 0x80000008) {
6181         host_cpuid(0x80000008, 0, &eax, NULL, NULL, NULL);
6182         /* Note: According to AMD doc 25481 rev 2.34 they have a field
6183          * at 23:16 that can specify a maximum physical address bits for
6184          * the guest that can override this value; but I've not seen
6185          * anything with that set.
6186          */
6187         host_phys_bits = eax & 0xff;
6188     } else {
6189         /* It's an odd 64 bit machine that doesn't have the leaf for
6190          * physical address bits; fall back to 36 that's most older
6191          * Intel.
6192          */
6193         host_phys_bits = 36;
6194     }
6195 
6196     return host_phys_bits;
6197 }
6198 
6199 static void x86_cpu_adjust_level(X86CPU *cpu, uint32_t *min, uint32_t value)
6200 {
6201     if (*min < value) {
6202         *min = value;
6203     }
6204 }
6205 
6206 /* Increase cpuid_min_{level,xlevel,xlevel2} automatically, if appropriate */
6207 static void x86_cpu_adjust_feat_level(X86CPU *cpu, FeatureWord w)
6208 {
6209     CPUX86State *env = &cpu->env;
6210     FeatureWordInfo *fi = &feature_word_info[w];
6211     uint32_t eax = fi->cpuid.eax;
6212     uint32_t region = eax & 0xF0000000;
6213 
6214     assert(feature_word_info[w].type == CPUID_FEATURE_WORD);
6215     if (!env->features[w]) {
6216         return;
6217     }
6218 
6219     switch (region) {
6220     case 0x00000000:
6221         x86_cpu_adjust_level(cpu, &env->cpuid_min_level, eax);
6222     break;
6223     case 0x80000000:
6224         x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, eax);
6225     break;
6226     case 0xC0000000:
6227         x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel2, eax);
6228     break;
6229     }
6230 
6231     if (eax == 7) {
6232         x86_cpu_adjust_level(cpu, &env->cpuid_min_level_func7,
6233                              fi->cpuid.ecx);
6234     }
6235 }
6236 
6237 /* Calculate XSAVE components based on the configured CPU feature flags */
6238 static void x86_cpu_enable_xsave_components(X86CPU *cpu)
6239 {
6240     CPUX86State *env = &cpu->env;
6241     int i;
6242     uint64_t mask;
6243 
6244     if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
6245         return;
6246     }
6247 
6248     mask = 0;
6249     for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
6250         const ExtSaveArea *esa = &x86_ext_save_areas[i];
6251         if (env->features[esa->feature] & esa->bits) {
6252             mask |= (1ULL << i);
6253         }
6254     }
6255 
6256     env->features[FEAT_XSAVE_COMP_LO] = mask;
6257     env->features[FEAT_XSAVE_COMP_HI] = mask >> 32;
6258 }
6259 
6260 /***** Steps involved on loading and filtering CPUID data
6261  *
6262  * When initializing and realizing a CPU object, the steps
6263  * involved in setting up CPUID data are:
6264  *
6265  * 1) Loading CPU model definition (X86CPUDefinition). This is
6266  *    implemented by x86_cpu_load_model() and should be completely
6267  *    transparent, as it is done automatically by instance_init.
6268  *    No code should need to look at X86CPUDefinition structs
6269  *    outside instance_init.
6270  *
6271  * 2) CPU expansion. This is done by realize before CPUID
6272  *    filtering, and will make sure host/accelerator data is
6273  *    loaded for CPU models that depend on host capabilities
6274  *    (e.g. "host"). Done by x86_cpu_expand_features().
6275  *
6276  * 3) CPUID filtering. This initializes extra data related to
6277  *    CPUID, and checks if the host supports all capabilities
6278  *    required by the CPU. Runnability of a CPU model is
6279  *    determined at this step. Done by x86_cpu_filter_features().
6280  *
6281  * Some operations don't require all steps to be performed.
6282  * More precisely:
6283  *
6284  * - CPU instance creation (instance_init) will run only CPU
6285  *   model loading. CPU expansion can't run at instance_init-time
6286  *   because host/accelerator data may be not available yet.
6287  * - CPU realization will perform both CPU model expansion and CPUID
6288  *   filtering, and return an error in case one of them fails.
6289  * - query-cpu-definitions needs to run all 3 steps. It needs
6290  *   to run CPUID filtering, as the 'unavailable-features'
6291  *   field is set based on the filtering results.
6292  * - The query-cpu-model-expansion QMP command only needs to run
6293  *   CPU model loading and CPU expansion. It should not filter
6294  *   any CPUID data based on host capabilities.
6295  */
6296 
6297 /* Expand CPU configuration data, based on configured features
6298  * and host/accelerator capabilities when appropriate.
6299  */
6300 static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
6301 {
6302     CPUX86State *env = &cpu->env;
6303     FeatureWord w;
6304     int i;
6305     GList *l;
6306     Error *local_err = NULL;
6307 
6308     for (l = plus_features; l; l = l->next) {
6309         const char *prop = l->data;
6310         object_property_set_bool(OBJECT(cpu), true, prop, &local_err);
6311         if (local_err) {
6312             goto out;
6313         }
6314     }
6315 
6316     for (l = minus_features; l; l = l->next) {
6317         const char *prop = l->data;
6318         object_property_set_bool(OBJECT(cpu), false, prop, &local_err);
6319         if (local_err) {
6320             goto out;
6321         }
6322     }
6323 
6324     /*TODO: Now cpu->max_features doesn't overwrite features
6325      * set using QOM properties, and we can convert
6326      * plus_features & minus_features to global properties
6327      * inside x86_cpu_parse_featurestr() too.
6328      */
6329     if (cpu->max_features) {
6330         for (w = 0; w < FEATURE_WORDS; w++) {
6331             /* Override only features that weren't set explicitly
6332              * by the user.
6333              */
6334             env->features[w] |=
6335                 x86_cpu_get_supported_feature_word(w, cpu->migratable) &
6336                 ~env->user_features[w] &
6337                 ~feature_word_info[w].no_autoenable_flags;
6338         }
6339     }
6340 
6341     for (i = 0; i < ARRAY_SIZE(feature_dependencies); i++) {
6342         FeatureDep *d = &feature_dependencies[i];
6343         if (!(env->features[d->from.index] & d->from.mask)) {
6344             uint64_t unavailable_features = env->features[d->to.index] & d->to.mask;
6345 
6346             /* Not an error unless the dependent feature was added explicitly.  */
6347             mark_unavailable_features(cpu, d->to.index,
6348                                       unavailable_features & env->user_features[d->to.index],
6349                                       "This feature depends on other features that were not requested");
6350 
6351             env->user_features[d->to.index] |= unavailable_features;
6352             env->features[d->to.index] &= ~unavailable_features;
6353         }
6354     }
6355 
6356     if (!kvm_enabled() || !cpu->expose_kvm) {
6357         env->features[FEAT_KVM] = 0;
6358     }
6359 
6360     x86_cpu_enable_xsave_components(cpu);
6361 
6362     /* CPUID[EAX=7,ECX=0].EBX always increased level automatically: */
6363     x86_cpu_adjust_feat_level(cpu, FEAT_7_0_EBX);
6364     if (cpu->full_cpuid_auto_level) {
6365         x86_cpu_adjust_feat_level(cpu, FEAT_1_EDX);
6366         x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX);
6367         x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX);
6368         x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX);
6369         x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX);
6370         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX);
6371         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX);
6372         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX);
6373         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX);
6374         x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
6375         x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
6376         x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
6377 
6378         /* Intel Processor Trace requires CPUID[0x14] */
6379         if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT)) {
6380             if (cpu->intel_pt_auto_level) {
6381                 x86_cpu_adjust_level(cpu, &cpu->env.cpuid_min_level, 0x14);
6382             } else if (cpu->env.cpuid_min_level < 0x14) {
6383                 mark_unavailable_features(cpu, FEAT_7_0_EBX,
6384                     CPUID_7_0_EBX_INTEL_PT,
6385                     "Intel PT need CPUID leaf 0x14, please set by \"-cpu ...,+intel-pt,level=0x14\"");
6386             }
6387         }
6388 
6389         /* CPU topology with multi-dies support requires CPUID[0x1F] */
6390         if (env->nr_dies > 1) {
6391             x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F);
6392         }
6393 
6394         /* SVM requires CPUID[0x8000000A] */
6395         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
6396             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
6397         }
6398 
6399         /* SEV requires CPUID[0x8000001F] */
6400         if (sev_enabled()) {
6401             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
6402         }
6403     }
6404 
6405     /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
6406     if (env->cpuid_level_func7 == UINT32_MAX) {
6407         env->cpuid_level_func7 = env->cpuid_min_level_func7;
6408     }
6409     if (env->cpuid_level == UINT32_MAX) {
6410         env->cpuid_level = env->cpuid_min_level;
6411     }
6412     if (env->cpuid_xlevel == UINT32_MAX) {
6413         env->cpuid_xlevel = env->cpuid_min_xlevel;
6414     }
6415     if (env->cpuid_xlevel2 == UINT32_MAX) {
6416         env->cpuid_xlevel2 = env->cpuid_min_xlevel2;
6417     }
6418 
6419 out:
6420     if (local_err != NULL) {
6421         error_propagate(errp, local_err);
6422     }
6423 }
6424 
6425 /*
6426  * Finishes initialization of CPUID data, filters CPU feature
6427  * words based on host availability of each feature.
6428  *
6429  * Returns: 0 if all flags are supported by the host, non-zero otherwise.
6430  */
6431 static void x86_cpu_filter_features(X86CPU *cpu, bool verbose)
6432 {
6433     CPUX86State *env = &cpu->env;
6434     FeatureWord w;
6435     const char *prefix = NULL;
6436 
6437     if (verbose) {
6438         prefix = accel_uses_host_cpuid()
6439                  ? "host doesn't support requested feature"
6440                  : "TCG doesn't support requested feature";
6441     }
6442 
6443     for (w = 0; w < FEATURE_WORDS; w++) {
6444         uint64_t host_feat =
6445             x86_cpu_get_supported_feature_word(w, false);
6446         uint64_t requested_features = env->features[w];
6447         uint64_t unavailable_features = requested_features & ~host_feat;
6448         mark_unavailable_features(cpu, w, unavailable_features, prefix);
6449     }
6450 
6451     if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) &&
6452         kvm_enabled()) {
6453         KVMState *s = CPU(cpu)->kvm_state;
6454         uint32_t eax_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_EAX);
6455         uint32_t ebx_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_EBX);
6456         uint32_t ecx_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_ECX);
6457         uint32_t eax_1 = kvm_arch_get_supported_cpuid(s, 0x14, 1, R_EAX);
6458         uint32_t ebx_1 = kvm_arch_get_supported_cpuid(s, 0x14, 1, R_EBX);
6459 
6460         if (!eax_0 ||
6461            ((ebx_0 & INTEL_PT_MINIMAL_EBX) != INTEL_PT_MINIMAL_EBX) ||
6462            ((ecx_0 & INTEL_PT_MINIMAL_ECX) != INTEL_PT_MINIMAL_ECX) ||
6463            ((eax_1 & INTEL_PT_MTC_BITMAP) != INTEL_PT_MTC_BITMAP) ||
6464            ((eax_1 & INTEL_PT_ADDR_RANGES_NUM_MASK) <
6465                                            INTEL_PT_ADDR_RANGES_NUM) ||
6466            ((ebx_1 & (INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP)) !=
6467                 (INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP)) ||
6468            (ecx_0 & INTEL_PT_IP_LIP)) {
6469             /*
6470              * Processor Trace capabilities aren't configurable, so if the
6471              * host can't emulate the capabilities we report on
6472              * cpu_x86_cpuid(), intel-pt can't be enabled on the current host.
6473              */
6474             mark_unavailable_features(cpu, FEAT_7_0_EBX, CPUID_7_0_EBX_INTEL_PT, prefix);
6475         }
6476     }
6477 }
6478 
6479 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
6480 {
6481     CPUState *cs = CPU(dev);
6482     X86CPU *cpu = X86_CPU(dev);
6483     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
6484     CPUX86State *env = &cpu->env;
6485     Error *local_err = NULL;
6486     static bool ht_warned;
6487 
6488     if (xcc->host_cpuid_required) {
6489         if (!accel_uses_host_cpuid()) {
6490             g_autofree char *name = x86_cpu_class_get_model_name(xcc);
6491             error_setg(&local_err, "CPU model '%s' requires KVM", name);
6492             goto out;
6493         }
6494     }
6495 
6496     if (cpu->max_features && accel_uses_host_cpuid()) {
6497         if (enable_cpu_pm) {
6498             host_cpuid(5, 0, &cpu->mwait.eax, &cpu->mwait.ebx,
6499                        &cpu->mwait.ecx, &cpu->mwait.edx);
6500             env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR;
6501         }
6502         if (kvm_enabled() && cpu->ucode_rev == 0) {
6503             cpu->ucode_rev = kvm_arch_get_supported_msr_feature(kvm_state,
6504                                                                 MSR_IA32_UCODE_REV);
6505         }
6506     }
6507 
6508     if (cpu->ucode_rev == 0) {
6509         /* The default is the same as KVM's.  */
6510         if (IS_AMD_CPU(env)) {
6511             cpu->ucode_rev = 0x01000065;
6512         } else {
6513             cpu->ucode_rev = 0x100000000ULL;
6514         }
6515     }
6516 
6517     /* mwait extended info: needed for Core compatibility */
6518     /* We always wake on interrupt even if host does not have the capability */
6519     cpu->mwait.ecx |= CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
6520 
6521     if (cpu->apic_id == UNASSIGNED_APIC_ID) {
6522         error_setg(errp, "apic-id property was not initialized properly");
6523         return;
6524     }
6525 
6526     x86_cpu_expand_features(cpu, &local_err);
6527     if (local_err) {
6528         goto out;
6529     }
6530 
6531     x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid);
6532 
6533     if (cpu->enforce_cpuid && x86_cpu_have_filtered_features(cpu)) {
6534         error_setg(&local_err,
6535                    accel_uses_host_cpuid() ?
6536                        "Host doesn't support requested features" :
6537                        "TCG doesn't support requested features");
6538         goto out;
6539     }
6540 
6541     /* On AMD CPUs, some CPUID[8000_0001].EDX bits must match the bits on
6542      * CPUID[1].EDX.
6543      */
6544     if (IS_AMD_CPU(env)) {
6545         env->features[FEAT_8000_0001_EDX] &= ~CPUID_EXT2_AMD_ALIASES;
6546         env->features[FEAT_8000_0001_EDX] |= (env->features[FEAT_1_EDX]
6547            & CPUID_EXT2_AMD_ALIASES);
6548     }
6549 
6550     /* For 64bit systems think about the number of physical bits to present.
6551      * ideally this should be the same as the host; anything other than matching
6552      * the host can cause incorrect guest behaviour.
6553      * QEMU used to pick the magic value of 40 bits that corresponds to
6554      * consumer AMD devices but nothing else.
6555      */
6556     if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
6557         if (accel_uses_host_cpuid()) {
6558             uint32_t host_phys_bits = x86_host_phys_bits();
6559             static bool warned;
6560 
6561             /* Print a warning if the user set it to a value that's not the
6562              * host value.
6563              */
6564             if (cpu->phys_bits != host_phys_bits && cpu->phys_bits != 0 &&
6565                 !warned) {
6566                 warn_report("Host physical bits (%u)"
6567                             " does not match phys-bits property (%u)",
6568                             host_phys_bits, cpu->phys_bits);
6569                 warned = true;
6570             }
6571 
6572             if (cpu->host_phys_bits) {
6573                 /* The user asked for us to use the host physical bits */
6574                 cpu->phys_bits = host_phys_bits;
6575                 if (cpu->host_phys_bits_limit &&
6576                     cpu->phys_bits > cpu->host_phys_bits_limit) {
6577                     cpu->phys_bits = cpu->host_phys_bits_limit;
6578                 }
6579             }
6580 
6581             if (cpu->phys_bits &&
6582                 (cpu->phys_bits > TARGET_PHYS_ADDR_SPACE_BITS ||
6583                 cpu->phys_bits < 32)) {
6584                 error_setg(errp, "phys-bits should be between 32 and %u "
6585                                  " (but is %u)",
6586                                  TARGET_PHYS_ADDR_SPACE_BITS, cpu->phys_bits);
6587                 return;
6588             }
6589         } else {
6590             if (cpu->phys_bits && cpu->phys_bits != TCG_PHYS_ADDR_BITS) {
6591                 error_setg(errp, "TCG only supports phys-bits=%u",
6592                                   TCG_PHYS_ADDR_BITS);
6593                 return;
6594             }
6595         }
6596         /* 0 means it was not explicitly set by the user (or by machine
6597          * compat_props or by the host code above). In this case, the default
6598          * is the value used by TCG (40).
6599          */
6600         if (cpu->phys_bits == 0) {
6601             cpu->phys_bits = TCG_PHYS_ADDR_BITS;
6602         }
6603     } else {
6604         /* For 32 bit systems don't use the user set value, but keep
6605          * phys_bits consistent with what we tell the guest.
6606          */
6607         if (cpu->phys_bits != 0) {
6608             error_setg(errp, "phys-bits is not user-configurable in 32 bit");
6609             return;
6610         }
6611 
6612         if (env->features[FEAT_1_EDX] & CPUID_PSE36) {
6613             cpu->phys_bits = 36;
6614         } else {
6615             cpu->phys_bits = 32;
6616         }
6617     }
6618 
6619     /* Cache information initialization */
6620     if (!cpu->legacy_cache) {
6621         if (!xcc->model || !xcc->model->cpudef->cache_info) {
6622             g_autofree char *name = x86_cpu_class_get_model_name(xcc);
6623             error_setg(errp,
6624                        "CPU model '%s' doesn't support legacy-cache=off", name);
6625             return;
6626         }
6627         env->cache_info_cpuid2 = env->cache_info_cpuid4 = env->cache_info_amd =
6628             *xcc->model->cpudef->cache_info;
6629     } else {
6630         /* Build legacy cache information */
6631         env->cache_info_cpuid2.l1d_cache = &legacy_l1d_cache;
6632         env->cache_info_cpuid2.l1i_cache = &legacy_l1i_cache;
6633         env->cache_info_cpuid2.l2_cache = &legacy_l2_cache_cpuid2;
6634         env->cache_info_cpuid2.l3_cache = &legacy_l3_cache;
6635 
6636         env->cache_info_cpuid4.l1d_cache = &legacy_l1d_cache;
6637         env->cache_info_cpuid4.l1i_cache = &legacy_l1i_cache;
6638         env->cache_info_cpuid4.l2_cache = &legacy_l2_cache;
6639         env->cache_info_cpuid4.l3_cache = &legacy_l3_cache;
6640 
6641         env->cache_info_amd.l1d_cache = &legacy_l1d_cache_amd;
6642         env->cache_info_amd.l1i_cache = &legacy_l1i_cache_amd;
6643         env->cache_info_amd.l2_cache = &legacy_l2_cache_amd;
6644         env->cache_info_amd.l3_cache = &legacy_l3_cache;
6645     }
6646 
6647 
6648     cpu_exec_realizefn(cs, &local_err);
6649     if (local_err != NULL) {
6650         error_propagate(errp, local_err);
6651         return;
6652     }
6653 
6654 #ifndef CONFIG_USER_ONLY
6655     MachineState *ms = MACHINE(qdev_get_machine());
6656     qemu_register_reset(x86_cpu_machine_reset_cb, cpu);
6657 
6658     if (cpu->env.features[FEAT_1_EDX] & CPUID_APIC || ms->smp.cpus > 1) {
6659         x86_cpu_apic_create(cpu, &local_err);
6660         if (local_err != NULL) {
6661             goto out;
6662         }
6663     }
6664 #endif
6665 
6666     mce_init(cpu);
6667 
6668 #ifndef CONFIG_USER_ONLY
6669     if (tcg_enabled()) {
6670         cpu->cpu_as_mem = g_new(MemoryRegion, 1);
6671         cpu->cpu_as_root = g_new(MemoryRegion, 1);
6672 
6673         /* Outer container... */
6674         memory_region_init(cpu->cpu_as_root, OBJECT(cpu), "memory", ~0ull);
6675         memory_region_set_enabled(cpu->cpu_as_root, true);
6676 
6677         /* ... with two regions inside: normal system memory with low
6678          * priority, and...
6679          */
6680         memory_region_init_alias(cpu->cpu_as_mem, OBJECT(cpu), "memory",
6681                                  get_system_memory(), 0, ~0ull);
6682         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0);
6683         memory_region_set_enabled(cpu->cpu_as_mem, true);
6684 
6685         cs->num_ases = 2;
6686         cpu_address_space_init(cs, 0, "cpu-memory", cs->memory);
6687         cpu_address_space_init(cs, 1, "cpu-smm", cpu->cpu_as_root);
6688 
6689         /* ... SMRAM with higher priority, linked from /machine/smram.  */
6690         cpu->machine_done.notify = x86_cpu_machine_done;
6691         qemu_add_machine_init_done_notifier(&cpu->machine_done);
6692     }
6693 #endif
6694 
6695     qemu_init_vcpu(cs);
6696 
6697     /*
6698      * Most Intel and certain AMD CPUs support hyperthreading. Even though QEMU
6699      * fixes this issue by adjusting CPUID_0000_0001_EBX and CPUID_8000_0008_ECX
6700      * based on inputs (sockets,cores,threads), it is still better to give
6701      * users a warning.
6702      *
6703      * NOTE: the following code has to follow qemu_init_vcpu(). Otherwise
6704      * cs->nr_threads hasn't be populated yet and the checking is incorrect.
6705      */
6706     if (IS_AMD_CPU(env) &&
6707         !(env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) &&
6708         cs->nr_threads > 1 && !ht_warned) {
6709             warn_report("This family of AMD CPU doesn't support "
6710                         "hyperthreading(%d)",
6711                         cs->nr_threads);
6712             error_printf("Please configure -smp options properly"
6713                          " or try enabling topoext feature.\n");
6714             ht_warned = true;
6715     }
6716 
6717     x86_cpu_apic_realize(cpu, &local_err);
6718     if (local_err != NULL) {
6719         goto out;
6720     }
6721     cpu_reset(cs);
6722 
6723     xcc->parent_realize(dev, &local_err);
6724 
6725 out:
6726     if (local_err != NULL) {
6727         error_propagate(errp, local_err);
6728         return;
6729     }
6730 }
6731 
6732 static void x86_cpu_unrealizefn(DeviceState *dev)
6733 {
6734     X86CPU *cpu = X86_CPU(dev);
6735     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
6736 
6737 #ifndef CONFIG_USER_ONLY
6738     cpu_remove_sync(CPU(dev));
6739     qemu_unregister_reset(x86_cpu_machine_reset_cb, dev);
6740 #endif
6741 
6742     if (cpu->apic_state) {
6743         object_unparent(OBJECT(cpu->apic_state));
6744         cpu->apic_state = NULL;
6745     }
6746 
6747     xcc->parent_unrealize(dev);
6748 }
6749 
6750 typedef struct BitProperty {
6751     FeatureWord w;
6752     uint64_t mask;
6753 } BitProperty;
6754 
6755 static void x86_cpu_get_bit_prop(Object *obj, Visitor *v, const char *name,
6756                                  void *opaque, Error **errp)
6757 {
6758     X86CPU *cpu = X86_CPU(obj);
6759     BitProperty *fp = opaque;
6760     uint64_t f = cpu->env.features[fp->w];
6761     bool value = (f & fp->mask) == fp->mask;
6762     visit_type_bool(v, name, &value, errp);
6763 }
6764 
6765 static void x86_cpu_set_bit_prop(Object *obj, Visitor *v, const char *name,
6766                                  void *opaque, Error **errp)
6767 {
6768     DeviceState *dev = DEVICE(obj);
6769     X86CPU *cpu = X86_CPU(obj);
6770     BitProperty *fp = opaque;
6771     Error *local_err = NULL;
6772     bool value;
6773 
6774     if (dev->realized) {
6775         qdev_prop_set_after_realize(dev, name, errp);
6776         return;
6777     }
6778 
6779     visit_type_bool(v, name, &value, &local_err);
6780     if (local_err) {
6781         error_propagate(errp, local_err);
6782         return;
6783     }
6784 
6785     if (value) {
6786         cpu->env.features[fp->w] |= fp->mask;
6787     } else {
6788         cpu->env.features[fp->w] &= ~fp->mask;
6789     }
6790     cpu->env.user_features[fp->w] |= fp->mask;
6791 }
6792 
6793 static void x86_cpu_release_bit_prop(Object *obj, const char *name,
6794                                      void *opaque)
6795 {
6796     BitProperty *prop = opaque;
6797     g_free(prop);
6798 }
6799 
6800 /* Register a boolean property to get/set a single bit in a uint32_t field.
6801  *
6802  * The same property name can be registered multiple times to make it affect
6803  * multiple bits in the same FeatureWord. In that case, the getter will return
6804  * true only if all bits are set.
6805  */
6806 static void x86_cpu_register_bit_prop(X86CPU *cpu,
6807                                       const char *prop_name,
6808                                       FeatureWord w,
6809                                       int bitnr)
6810 {
6811     BitProperty *fp;
6812     ObjectProperty *op;
6813     uint64_t mask = (1ULL << bitnr);
6814 
6815     op = object_property_find(OBJECT(cpu), prop_name, NULL);
6816     if (op) {
6817         fp = op->opaque;
6818         assert(fp->w == w);
6819         fp->mask |= mask;
6820     } else {
6821         fp = g_new0(BitProperty, 1);
6822         fp->w = w;
6823         fp->mask = mask;
6824         object_property_add(OBJECT(cpu), prop_name, "bool",
6825                             x86_cpu_get_bit_prop,
6826                             x86_cpu_set_bit_prop,
6827                             x86_cpu_release_bit_prop, fp);
6828     }
6829 }
6830 
6831 static void x86_cpu_register_feature_bit_props(X86CPU *cpu,
6832                                                FeatureWord w,
6833                                                int bitnr)
6834 {
6835     FeatureWordInfo *fi = &feature_word_info[w];
6836     const char *name = fi->feat_names[bitnr];
6837 
6838     if (!name) {
6839         return;
6840     }
6841 
6842     /* Property names should use "-" instead of "_".
6843      * Old names containing underscores are registered as aliases
6844      * using object_property_add_alias()
6845      */
6846     assert(!strchr(name, '_'));
6847     /* aliases don't use "|" delimiters anymore, they are registered
6848      * manually using object_property_add_alias() */
6849     assert(!strchr(name, '|'));
6850     x86_cpu_register_bit_prop(cpu, name, w, bitnr);
6851 }
6852 
6853 static GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs)
6854 {
6855     X86CPU *cpu = X86_CPU(cs);
6856     CPUX86State *env = &cpu->env;
6857     GuestPanicInformation *panic_info = NULL;
6858 
6859     if (env->features[FEAT_HYPERV_EDX] & HV_GUEST_CRASH_MSR_AVAILABLE) {
6860         panic_info = g_malloc0(sizeof(GuestPanicInformation));
6861 
6862         panic_info->type = GUEST_PANIC_INFORMATION_TYPE_HYPER_V;
6863 
6864         assert(HV_CRASH_PARAMS >= 5);
6865         panic_info->u.hyper_v.arg1 = env->msr_hv_crash_params[0];
6866         panic_info->u.hyper_v.arg2 = env->msr_hv_crash_params[1];
6867         panic_info->u.hyper_v.arg3 = env->msr_hv_crash_params[2];
6868         panic_info->u.hyper_v.arg4 = env->msr_hv_crash_params[3];
6869         panic_info->u.hyper_v.arg5 = env->msr_hv_crash_params[4];
6870     }
6871 
6872     return panic_info;
6873 }
6874 static void x86_cpu_get_crash_info_qom(Object *obj, Visitor *v,
6875                                        const char *name, void *opaque,
6876                                        Error **errp)
6877 {
6878     CPUState *cs = CPU(obj);
6879     GuestPanicInformation *panic_info;
6880 
6881     if (!cs->crash_occurred) {
6882         error_setg(errp, "No crash occured");
6883         return;
6884     }
6885 
6886     panic_info = x86_cpu_get_crash_info(cs);
6887     if (panic_info == NULL) {
6888         error_setg(errp, "No crash information");
6889         return;
6890     }
6891 
6892     visit_type_GuestPanicInformation(v, "crash-information", &panic_info,
6893                                      errp);
6894     qapi_free_GuestPanicInformation(panic_info);
6895 }
6896 
6897 static void x86_cpu_initfn(Object *obj)
6898 {
6899     X86CPU *cpu = X86_CPU(obj);
6900     X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
6901     CPUX86State *env = &cpu->env;
6902     FeatureWord w;
6903 
6904     env->nr_dies = 1;
6905     env->nr_nodes = 1;
6906     cpu_set_cpustate_pointers(cpu);
6907 
6908     object_property_add(obj, "family", "int",
6909                         x86_cpuid_version_get_family,
6910                         x86_cpuid_version_set_family, NULL, NULL);
6911     object_property_add(obj, "model", "int",
6912                         x86_cpuid_version_get_model,
6913                         x86_cpuid_version_set_model, NULL, NULL);
6914     object_property_add(obj, "stepping", "int",
6915                         x86_cpuid_version_get_stepping,
6916                         x86_cpuid_version_set_stepping, NULL, NULL);
6917     object_property_add_str(obj, "vendor",
6918                             x86_cpuid_get_vendor,
6919                             x86_cpuid_set_vendor);
6920     object_property_add_str(obj, "model-id",
6921                             x86_cpuid_get_model_id,
6922                             x86_cpuid_set_model_id);
6923     object_property_add(obj, "tsc-frequency", "int",
6924                         x86_cpuid_get_tsc_freq,
6925                         x86_cpuid_set_tsc_freq, NULL, NULL);
6926     object_property_add(obj, "feature-words", "X86CPUFeatureWordInfo",
6927                         x86_cpu_get_feature_words,
6928                         NULL, NULL, (void *)env->features);
6929     object_property_add(obj, "filtered-features", "X86CPUFeatureWordInfo",
6930                         x86_cpu_get_feature_words,
6931                         NULL, NULL, (void *)cpu->filtered_features);
6932     /*
6933      * The "unavailable-features" property has the same semantics as
6934      * CpuDefinitionInfo.unavailable-features on the "query-cpu-definitions"
6935      * QMP command: they list the features that would have prevented the
6936      * CPU from running if the "enforce" flag was set.
6937      */
6938     object_property_add(obj, "unavailable-features", "strList",
6939                         x86_cpu_get_unavailable_features,
6940                         NULL, NULL, NULL);
6941 
6942     object_property_add(obj, "crash-information", "GuestPanicInformation",
6943                         x86_cpu_get_crash_info_qom, NULL, NULL, NULL);
6944 
6945     for (w = 0; w < FEATURE_WORDS; w++) {
6946         int bitnr;
6947 
6948         for (bitnr = 0; bitnr < 64; bitnr++) {
6949             x86_cpu_register_feature_bit_props(cpu, w, bitnr);
6950         }
6951     }
6952 
6953     object_property_add_alias(obj, "sse3", obj, "pni");
6954     object_property_add_alias(obj, "pclmuldq", obj, "pclmulqdq");
6955     object_property_add_alias(obj, "sse4-1", obj, "sse4.1");
6956     object_property_add_alias(obj, "sse4-2", obj, "sse4.2");
6957     object_property_add_alias(obj, "xd", obj, "nx");
6958     object_property_add_alias(obj, "ffxsr", obj, "fxsr-opt");
6959     object_property_add_alias(obj, "i64", obj, "lm");
6960 
6961     object_property_add_alias(obj, "ds_cpl", obj, "ds-cpl");
6962     object_property_add_alias(obj, "tsc_adjust", obj, "tsc-adjust");
6963     object_property_add_alias(obj, "fxsr_opt", obj, "fxsr-opt");
6964     object_property_add_alias(obj, "lahf_lm", obj, "lahf-lm");
6965     object_property_add_alias(obj, "cmp_legacy", obj, "cmp-legacy");
6966     object_property_add_alias(obj, "nodeid_msr", obj, "nodeid-msr");
6967     object_property_add_alias(obj, "perfctr_core", obj, "perfctr-core");
6968     object_property_add_alias(obj, "perfctr_nb", obj, "perfctr-nb");
6969     object_property_add_alias(obj, "kvm_nopiodelay", obj, "kvm-nopiodelay");
6970     object_property_add_alias(obj, "kvm_mmu", obj, "kvm-mmu");
6971     object_property_add_alias(obj, "kvm_asyncpf", obj, "kvm-asyncpf");
6972     object_property_add_alias(obj, "kvm_steal_time", obj, "kvm-steal-time");
6973     object_property_add_alias(obj, "kvm_pv_eoi", obj, "kvm-pv-eoi");
6974     object_property_add_alias(obj, "kvm_pv_unhalt", obj, "kvm-pv-unhalt");
6975     object_property_add_alias(obj, "kvm_poll_control", obj, "kvm-poll-control");
6976     object_property_add_alias(obj, "svm_lock", obj, "svm-lock");
6977     object_property_add_alias(obj, "nrip_save", obj, "nrip-save");
6978     object_property_add_alias(obj, "tsc_scale", obj, "tsc-scale");
6979     object_property_add_alias(obj, "vmcb_clean", obj, "vmcb-clean");
6980     object_property_add_alias(obj, "pause_filter", obj, "pause-filter");
6981     object_property_add_alias(obj, "sse4_1", obj, "sse4.1");
6982     object_property_add_alias(obj, "sse4_2", obj, "sse4.2");
6983 
6984     if (xcc->model) {
6985         x86_cpu_load_model(cpu, xcc->model);
6986     }
6987 }
6988 
6989 static int64_t x86_cpu_get_arch_id(CPUState *cs)
6990 {
6991     X86CPU *cpu = X86_CPU(cs);
6992 
6993     return cpu->apic_id;
6994 }
6995 
6996 static bool x86_cpu_get_paging_enabled(const CPUState *cs)
6997 {
6998     X86CPU *cpu = X86_CPU(cs);
6999 
7000     return cpu->env.cr[0] & CR0_PG_MASK;
7001 }
7002 
7003 static void x86_cpu_set_pc(CPUState *cs, vaddr value)
7004 {
7005     X86CPU *cpu = X86_CPU(cs);
7006 
7007     cpu->env.eip = value;
7008 }
7009 
7010 static void x86_cpu_synchronize_from_tb(CPUState *cs, TranslationBlock *tb)
7011 {
7012     X86CPU *cpu = X86_CPU(cs);
7013 
7014     cpu->env.eip = tb->pc - tb->cs_base;
7015 }
7016 
7017 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
7018 {
7019     X86CPU *cpu = X86_CPU(cs);
7020     CPUX86State *env = &cpu->env;
7021 
7022 #if !defined(CONFIG_USER_ONLY)
7023     if (interrupt_request & CPU_INTERRUPT_POLL) {
7024         return CPU_INTERRUPT_POLL;
7025     }
7026 #endif
7027     if (interrupt_request & CPU_INTERRUPT_SIPI) {
7028         return CPU_INTERRUPT_SIPI;
7029     }
7030 
7031     if (env->hflags2 & HF2_GIF_MASK) {
7032         if ((interrupt_request & CPU_INTERRUPT_SMI) &&
7033             !(env->hflags & HF_SMM_MASK)) {
7034             return CPU_INTERRUPT_SMI;
7035         } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
7036                    !(env->hflags2 & HF2_NMI_MASK)) {
7037             return CPU_INTERRUPT_NMI;
7038         } else if (interrupt_request & CPU_INTERRUPT_MCE) {
7039             return CPU_INTERRUPT_MCE;
7040         } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
7041                    (((env->hflags2 & HF2_VINTR_MASK) &&
7042                      (env->hflags2 & HF2_HIF_MASK)) ||
7043                     (!(env->hflags2 & HF2_VINTR_MASK) &&
7044                      (env->eflags & IF_MASK &&
7045                       !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
7046             return CPU_INTERRUPT_HARD;
7047 #if !defined(CONFIG_USER_ONLY)
7048         } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
7049                    (env->eflags & IF_MASK) &&
7050                    !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
7051             return CPU_INTERRUPT_VIRQ;
7052 #endif
7053         }
7054     }
7055 
7056     return 0;
7057 }
7058 
7059 static bool x86_cpu_has_work(CPUState *cs)
7060 {
7061     return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
7062 }
7063 
7064 static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
7065 {
7066     X86CPU *cpu = X86_CPU(cs);
7067     CPUX86State *env = &cpu->env;
7068 
7069     info->mach = (env->hflags & HF_CS64_MASK ? bfd_mach_x86_64
7070                   : env->hflags & HF_CS32_MASK ? bfd_mach_i386_i386
7071                   : bfd_mach_i386_i8086);
7072     info->print_insn = print_insn_i386;
7073 
7074     info->cap_arch = CS_ARCH_X86;
7075     info->cap_mode = (env->hflags & HF_CS64_MASK ? CS_MODE_64
7076                       : env->hflags & HF_CS32_MASK ? CS_MODE_32
7077                       : CS_MODE_16);
7078     info->cap_insn_unit = 1;
7079     info->cap_insn_split = 8;
7080 }
7081 
7082 void x86_update_hflags(CPUX86State *env)
7083 {
7084    uint32_t hflags;
7085 #define HFLAG_COPY_MASK \
7086     ~( HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
7087        HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
7088        HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
7089        HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
7090 
7091     hflags = env->hflags & HFLAG_COPY_MASK;
7092     hflags |= (env->segs[R_SS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
7093     hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
7094     hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
7095                 (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
7096     hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
7097 
7098     if (env->cr[4] & CR4_OSFXSR_MASK) {
7099         hflags |= HF_OSFXSR_MASK;
7100     }
7101 
7102     if (env->efer & MSR_EFER_LMA) {
7103         hflags |= HF_LMA_MASK;
7104     }
7105 
7106     if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
7107         hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
7108     } else {
7109         hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
7110                     (DESC_B_SHIFT - HF_CS32_SHIFT);
7111         hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
7112                     (DESC_B_SHIFT - HF_SS32_SHIFT);
7113         if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK) ||
7114             !(hflags & HF_CS32_MASK)) {
7115             hflags |= HF_ADDSEG_MASK;
7116         } else {
7117             hflags |= ((env->segs[R_DS].base | env->segs[R_ES].base |
7118                         env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
7119         }
7120     }
7121     env->hflags = hflags;
7122 }
7123 
7124 static Property x86_cpu_properties[] = {
7125 #ifdef CONFIG_USER_ONLY
7126     /* apic_id = 0 by default for *-user, see commit 9886e834 */
7127     DEFINE_PROP_UINT32("apic-id", X86CPU, apic_id, 0),
7128     DEFINE_PROP_INT32("thread-id", X86CPU, thread_id, 0),
7129     DEFINE_PROP_INT32("core-id", X86CPU, core_id, 0),
7130     DEFINE_PROP_INT32("die-id", X86CPU, die_id, 0),
7131     DEFINE_PROP_INT32("socket-id", X86CPU, socket_id, 0),
7132 #else
7133     DEFINE_PROP_UINT32("apic-id", X86CPU, apic_id, UNASSIGNED_APIC_ID),
7134     DEFINE_PROP_INT32("thread-id", X86CPU, thread_id, -1),
7135     DEFINE_PROP_INT32("core-id", X86CPU, core_id, -1),
7136     DEFINE_PROP_INT32("die-id", X86CPU, die_id, -1),
7137     DEFINE_PROP_INT32("socket-id", X86CPU, socket_id, -1),
7138 #endif
7139     DEFINE_PROP_INT32("node-id", X86CPU, node_id, CPU_UNSET_NUMA_NODE_ID),
7140     DEFINE_PROP_BOOL("pmu", X86CPU, enable_pmu, false),
7141 
7142     DEFINE_PROP_UINT32("hv-spinlocks", X86CPU, hyperv_spinlock_attempts,
7143                        HYPERV_SPINLOCK_NEVER_RETRY),
7144     DEFINE_PROP_BIT64("hv-relaxed", X86CPU, hyperv_features,
7145                       HYPERV_FEAT_RELAXED, 0),
7146     DEFINE_PROP_BIT64("hv-vapic", X86CPU, hyperv_features,
7147                       HYPERV_FEAT_VAPIC, 0),
7148     DEFINE_PROP_BIT64("hv-time", X86CPU, hyperv_features,
7149                       HYPERV_FEAT_TIME, 0),
7150     DEFINE_PROP_BIT64("hv-crash", X86CPU, hyperv_features,
7151                       HYPERV_FEAT_CRASH, 0),
7152     DEFINE_PROP_BIT64("hv-reset", X86CPU, hyperv_features,
7153                       HYPERV_FEAT_RESET, 0),
7154     DEFINE_PROP_BIT64("hv-vpindex", X86CPU, hyperv_features,
7155                       HYPERV_FEAT_VPINDEX, 0),
7156     DEFINE_PROP_BIT64("hv-runtime", X86CPU, hyperv_features,
7157                       HYPERV_FEAT_RUNTIME, 0),
7158     DEFINE_PROP_BIT64("hv-synic", X86CPU, hyperv_features,
7159                       HYPERV_FEAT_SYNIC, 0),
7160     DEFINE_PROP_BIT64("hv-stimer", X86CPU, hyperv_features,
7161                       HYPERV_FEAT_STIMER, 0),
7162     DEFINE_PROP_BIT64("hv-frequencies", X86CPU, hyperv_features,
7163                       HYPERV_FEAT_FREQUENCIES, 0),
7164     DEFINE_PROP_BIT64("hv-reenlightenment", X86CPU, hyperv_features,
7165                       HYPERV_FEAT_REENLIGHTENMENT, 0),
7166     DEFINE_PROP_BIT64("hv-tlbflush", X86CPU, hyperv_features,
7167                       HYPERV_FEAT_TLBFLUSH, 0),
7168     DEFINE_PROP_BIT64("hv-evmcs", X86CPU, hyperv_features,
7169                       HYPERV_FEAT_EVMCS, 0),
7170     DEFINE_PROP_BIT64("hv-ipi", X86CPU, hyperv_features,
7171                       HYPERV_FEAT_IPI, 0),
7172     DEFINE_PROP_BIT64("hv-stimer-direct", X86CPU, hyperv_features,
7173                       HYPERV_FEAT_STIMER_DIRECT, 0),
7174     DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU,
7175                             hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF),
7176     DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false),
7177 
7178     DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
7179     DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
7180     DEFINE_PROP_BOOL("x-force-features", X86CPU, force_features, false),
7181     DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
7182     DEFINE_PROP_UINT32("phys-bits", X86CPU, phys_bits, 0),
7183     DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false),
7184     DEFINE_PROP_UINT8("host-phys-bits-limit", X86CPU, host_phys_bits_limit, 0),
7185     DEFINE_PROP_BOOL("fill-mtrr-mask", X86CPU, fill_mtrr_mask, true),
7186     DEFINE_PROP_UINT32("level-func7", X86CPU, env.cpuid_level_func7,
7187                        UINT32_MAX),
7188     DEFINE_PROP_UINT32("level", X86CPU, env.cpuid_level, UINT32_MAX),
7189     DEFINE_PROP_UINT32("xlevel", X86CPU, env.cpuid_xlevel, UINT32_MAX),
7190     DEFINE_PROP_UINT32("xlevel2", X86CPU, env.cpuid_xlevel2, UINT32_MAX),
7191     DEFINE_PROP_UINT32("min-level", X86CPU, env.cpuid_min_level, 0),
7192     DEFINE_PROP_UINT32("min-xlevel", X86CPU, env.cpuid_min_xlevel, 0),
7193     DEFINE_PROP_UINT32("min-xlevel2", X86CPU, env.cpuid_min_xlevel2, 0),
7194     DEFINE_PROP_UINT64("ucode-rev", X86CPU, ucode_rev, 0),
7195     DEFINE_PROP_BOOL("full-cpuid-auto-level", X86CPU, full_cpuid_auto_level, true),
7196     DEFINE_PROP_STRING("hv-vendor-id", X86CPU, hyperv_vendor_id),
7197     DEFINE_PROP_BOOL("cpuid-0xb", X86CPU, enable_cpuid_0xb, true),
7198     DEFINE_PROP_BOOL("lmce", X86CPU, enable_lmce, false),
7199     DEFINE_PROP_BOOL("l3-cache", X86CPU, enable_l3_cache, true),
7200     DEFINE_PROP_BOOL("kvm-no-smi-migration", X86CPU, kvm_no_smi_migration,
7201                      false),
7202     DEFINE_PROP_BOOL("vmware-cpuid-freq", X86CPU, vmware_cpuid_freq, true),
7203     DEFINE_PROP_BOOL("tcg-cpuid", X86CPU, expose_tcg, true),
7204     DEFINE_PROP_BOOL("x-migrate-smi-count", X86CPU, migrate_smi_count,
7205                      true),
7206     /*
7207      * lecacy_cache defaults to true unless the CPU model provides its
7208      * own cache information (see x86_cpu_load_def()).
7209      */
7210     DEFINE_PROP_BOOL("legacy-cache", X86CPU, legacy_cache, true),
7211 
7212     /*
7213      * From "Requirements for Implementing the Microsoft
7214      * Hypervisor Interface":
7215      * https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
7216      *
7217      * "Starting with Windows Server 2012 and Windows 8, if
7218      * CPUID.40000005.EAX contains a value of -1, Windows assumes that
7219      * the hypervisor imposes no specific limit to the number of VPs.
7220      * In this case, Windows Server 2012 guest VMs may use more than
7221      * 64 VPs, up to the maximum supported number of processors applicable
7222      * to the specific Windows version being used."
7223      */
7224     DEFINE_PROP_INT32("x-hv-max-vps", X86CPU, hv_max_vps, -1),
7225     DEFINE_PROP_BOOL("x-hv-synic-kvm-only", X86CPU, hyperv_synic_kvm_only,
7226                      false),
7227     DEFINE_PROP_BOOL("x-intel-pt-auto-level", X86CPU, intel_pt_auto_level,
7228                      true),
7229     DEFINE_PROP_END_OF_LIST()
7230 };
7231 
7232 static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
7233 {
7234     X86CPUClass *xcc = X86_CPU_CLASS(oc);
7235     CPUClass *cc = CPU_CLASS(oc);
7236     DeviceClass *dc = DEVICE_CLASS(oc);
7237 
7238     device_class_set_parent_realize(dc, x86_cpu_realizefn,
7239                                     &xcc->parent_realize);
7240     device_class_set_parent_unrealize(dc, x86_cpu_unrealizefn,
7241                                       &xcc->parent_unrealize);
7242     device_class_set_props(dc, x86_cpu_properties);
7243 
7244     device_class_set_parent_reset(dc, x86_cpu_reset, &xcc->parent_reset);
7245     cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
7246 
7247     cc->class_by_name = x86_cpu_class_by_name;
7248     cc->parse_features = x86_cpu_parse_featurestr;
7249     cc->has_work = x86_cpu_has_work;
7250 #ifdef CONFIG_TCG
7251     cc->do_interrupt = x86_cpu_do_interrupt;
7252     cc->cpu_exec_interrupt = x86_cpu_exec_interrupt;
7253 #endif
7254     cc->dump_state = x86_cpu_dump_state;
7255     cc->get_crash_info = x86_cpu_get_crash_info;
7256     cc->set_pc = x86_cpu_set_pc;
7257     cc->synchronize_from_tb = x86_cpu_synchronize_from_tb;
7258     cc->gdb_read_register = x86_cpu_gdb_read_register;
7259     cc->gdb_write_register = x86_cpu_gdb_write_register;
7260     cc->get_arch_id = x86_cpu_get_arch_id;
7261     cc->get_paging_enabled = x86_cpu_get_paging_enabled;
7262 #ifndef CONFIG_USER_ONLY
7263     cc->asidx_from_attrs = x86_asidx_from_attrs;
7264     cc->get_memory_mapping = x86_cpu_get_memory_mapping;
7265     cc->get_phys_page_attrs_debug = x86_cpu_get_phys_page_attrs_debug;
7266     cc->write_elf64_note = x86_cpu_write_elf64_note;
7267     cc->write_elf64_qemunote = x86_cpu_write_elf64_qemunote;
7268     cc->write_elf32_note = x86_cpu_write_elf32_note;
7269     cc->write_elf32_qemunote = x86_cpu_write_elf32_qemunote;
7270     cc->vmsd = &vmstate_x86_cpu;
7271 #endif
7272     cc->gdb_arch_name = x86_gdb_arch_name;
7273 #ifdef TARGET_X86_64
7274     cc->gdb_core_xml_file = "i386-64bit.xml";
7275     cc->gdb_num_core_regs = 66;
7276 #else
7277     cc->gdb_core_xml_file = "i386-32bit.xml";
7278     cc->gdb_num_core_regs = 50;
7279 #endif
7280 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
7281     cc->debug_excp_handler = breakpoint_handler;
7282 #endif
7283     cc->cpu_exec_enter = x86_cpu_exec_enter;
7284     cc->cpu_exec_exit = x86_cpu_exec_exit;
7285 #ifdef CONFIG_TCG
7286     cc->tcg_initialize = tcg_x86_init;
7287     cc->tlb_fill = x86_cpu_tlb_fill;
7288 #endif
7289     cc->disas_set_info = x86_disas_set_info;
7290 
7291     dc->user_creatable = true;
7292 }
7293 
7294 static const TypeInfo x86_cpu_type_info = {
7295     .name = TYPE_X86_CPU,
7296     .parent = TYPE_CPU,
7297     .instance_size = sizeof(X86CPU),
7298     .instance_init = x86_cpu_initfn,
7299     .abstract = true,
7300     .class_size = sizeof(X86CPUClass),
7301     .class_init = x86_cpu_common_class_init,
7302 };
7303 
7304 
7305 /* "base" CPU model, used by query-cpu-model-expansion */
7306 static void x86_cpu_base_class_init(ObjectClass *oc, void *data)
7307 {
7308     X86CPUClass *xcc = X86_CPU_CLASS(oc);
7309 
7310     xcc->static_model = true;
7311     xcc->migration_safe = true;
7312     xcc->model_description = "base CPU model type with no features enabled";
7313     xcc->ordering = 8;
7314 }
7315 
7316 static const TypeInfo x86_base_cpu_type_info = {
7317         .name = X86_CPU_TYPE_NAME("base"),
7318         .parent = TYPE_X86_CPU,
7319         .class_init = x86_cpu_base_class_init,
7320 };
7321 
7322 static void x86_cpu_register_types(void)
7323 {
7324     int i;
7325 
7326     type_register_static(&x86_cpu_type_info);
7327     for (i = 0; i < ARRAY_SIZE(builtin_x86_defs); i++) {
7328         x86_register_cpudef_types(&builtin_x86_defs[i]);
7329     }
7330     type_register_static(&max_x86_cpu_type_info);
7331     type_register_static(&x86_base_cpu_type_info);
7332 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
7333     type_register_static(&host_x86_cpu_type_info);
7334 #endif
7335 }
7336 
7337 type_init(x86_cpu_register_types)
7338