xref: /openbmc/qemu/target/i386/cpu.c (revision 86044b24)
1 /*
2  *  i386 CPUID helper functions
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/units.h"
22 #include "qemu/cutils.h"
23 #include "qemu/bitops.h"
24 #include "qemu/qemu-print.h"
25 
26 #include "cpu.h"
27 #include "exec/exec-all.h"
28 #include "sysemu/kvm.h"
29 #include "sysemu/reset.h"
30 #include "sysemu/hvf.h"
31 #include "sysemu/cpus.h"
32 #include "kvm_i386.h"
33 #include "sev_i386.h"
34 
35 #include "qemu/error-report.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/config-file.h"
39 #include "qapi/error.h"
40 #include "qapi/qapi-visit-machine.h"
41 #include "qapi/qapi-visit-run-state.h"
42 #include "qapi/qmp/qdict.h"
43 #include "qapi/qmp/qerror.h"
44 #include "qapi/visitor.h"
45 #include "qom/qom-qobject.h"
46 #include "sysemu/arch_init.h"
47 #include "qapi/qapi-commands-machine-target.h"
48 
49 #include "standard-headers/asm-x86/kvm_para.h"
50 
51 #include "sysemu/sysemu.h"
52 #include "sysemu/tcg.h"
53 #include "hw/qdev-properties.h"
54 #include "hw/i386/topology.h"
55 #ifndef CONFIG_USER_ONLY
56 #include "exec/address-spaces.h"
57 #include "hw/xen/xen.h"
58 #include "hw/i386/apic_internal.h"
59 #include "hw/boards.h"
60 #endif
61 
62 #include "disas/capstone.h"
63 
64 /* Helpers for building CPUID[2] descriptors: */
65 
66 struct CPUID2CacheDescriptorInfo {
67     enum CacheType type;
68     int level;
69     int size;
70     int line_size;
71     int associativity;
72 };
73 
74 /*
75  * Known CPUID 2 cache descriptors.
76  * From Intel SDM Volume 2A, CPUID instruction
77  */
78 struct CPUID2CacheDescriptorInfo cpuid2_cache_descriptors[] = {
79     [0x06] = { .level = 1, .type = INSTRUCTION_CACHE, .size =   8 * KiB,
80                .associativity = 4,  .line_size = 32, },
81     [0x08] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  16 * KiB,
82                .associativity = 4,  .line_size = 32, },
83     [0x09] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  32 * KiB,
84                .associativity = 4,  .line_size = 64, },
85     [0x0A] = { .level = 1, .type = DATA_CACHE,        .size =   8 * KiB,
86                .associativity = 2,  .line_size = 32, },
87     [0x0C] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
88                .associativity = 4,  .line_size = 32, },
89     [0x0D] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
90                .associativity = 4,  .line_size = 64, },
91     [0x0E] = { .level = 1, .type = DATA_CACHE,        .size =  24 * KiB,
92                .associativity = 6,  .line_size = 64, },
93     [0x1D] = { .level = 2, .type = UNIFIED_CACHE,     .size = 128 * KiB,
94                .associativity = 2,  .line_size = 64, },
95     [0x21] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
96                .associativity = 8,  .line_size = 64, },
97     /* lines per sector is not supported cpuid2_cache_descriptor(),
98     * so descriptors 0x22, 0x23 are not included
99     */
100     [0x24] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
101                .associativity = 16, .line_size = 64, },
102     /* lines per sector is not supported cpuid2_cache_descriptor(),
103     * so descriptors 0x25, 0x20 are not included
104     */
105     [0x2C] = { .level = 1, .type = DATA_CACHE,        .size =  32 * KiB,
106                .associativity = 8,  .line_size = 64, },
107     [0x30] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  32 * KiB,
108                .associativity = 8,  .line_size = 64, },
109     [0x41] = { .level = 2, .type = UNIFIED_CACHE,     .size = 128 * KiB,
110                .associativity = 4,  .line_size = 32, },
111     [0x42] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
112                .associativity = 4,  .line_size = 32, },
113     [0x43] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
114                .associativity = 4,  .line_size = 32, },
115     [0x44] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
116                .associativity = 4,  .line_size = 32, },
117     [0x45] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
118                .associativity = 4,  .line_size = 32, },
119     [0x46] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
120                .associativity = 4,  .line_size = 64, },
121     [0x47] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
122                .associativity = 8,  .line_size = 64, },
123     [0x48] = { .level = 2, .type = UNIFIED_CACHE,     .size =   3 * MiB,
124                .associativity = 12, .line_size = 64, },
125     /* Descriptor 0x49 depends on CPU family/model, so it is not included */
126     [0x4A] = { .level = 3, .type = UNIFIED_CACHE,     .size =   6 * MiB,
127                .associativity = 12, .line_size = 64, },
128     [0x4B] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
129                .associativity = 16, .line_size = 64, },
130     [0x4C] = { .level = 3, .type = UNIFIED_CACHE,     .size =  12 * MiB,
131                .associativity = 12, .line_size = 64, },
132     [0x4D] = { .level = 3, .type = UNIFIED_CACHE,     .size =  16 * MiB,
133                .associativity = 16, .line_size = 64, },
134     [0x4E] = { .level = 2, .type = UNIFIED_CACHE,     .size =   6 * MiB,
135                .associativity = 24, .line_size = 64, },
136     [0x60] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
137                .associativity = 8,  .line_size = 64, },
138     [0x66] = { .level = 1, .type = DATA_CACHE,        .size =   8 * KiB,
139                .associativity = 4,  .line_size = 64, },
140     [0x67] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
141                .associativity = 4,  .line_size = 64, },
142     [0x68] = { .level = 1, .type = DATA_CACHE,        .size =  32 * KiB,
143                .associativity = 4,  .line_size = 64, },
144     [0x78] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
145                .associativity = 4,  .line_size = 64, },
146     /* lines per sector is not supported cpuid2_cache_descriptor(),
147     * so descriptors 0x79, 0x7A, 0x7B, 0x7C are not included.
148     */
149     [0x7D] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
150                .associativity = 8,  .line_size = 64, },
151     [0x7F] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
152                .associativity = 2,  .line_size = 64, },
153     [0x80] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
154                .associativity = 8,  .line_size = 64, },
155     [0x82] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
156                .associativity = 8,  .line_size = 32, },
157     [0x83] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
158                .associativity = 8,  .line_size = 32, },
159     [0x84] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
160                .associativity = 8,  .line_size = 32, },
161     [0x85] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
162                .associativity = 8,  .line_size = 32, },
163     [0x86] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
164                .associativity = 4,  .line_size = 64, },
165     [0x87] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
166                .associativity = 8,  .line_size = 64, },
167     [0xD0] = { .level = 3, .type = UNIFIED_CACHE,     .size = 512 * KiB,
168                .associativity = 4,  .line_size = 64, },
169     [0xD1] = { .level = 3, .type = UNIFIED_CACHE,     .size =   1 * MiB,
170                .associativity = 4,  .line_size = 64, },
171     [0xD2] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
172                .associativity = 4,  .line_size = 64, },
173     [0xD6] = { .level = 3, .type = UNIFIED_CACHE,     .size =   1 * MiB,
174                .associativity = 8,  .line_size = 64, },
175     [0xD7] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
176                .associativity = 8,  .line_size = 64, },
177     [0xD8] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
178                .associativity = 8,  .line_size = 64, },
179     [0xDC] = { .level = 3, .type = UNIFIED_CACHE,     .size = 1.5 * MiB,
180                .associativity = 12, .line_size = 64, },
181     [0xDD] = { .level = 3, .type = UNIFIED_CACHE,     .size =   3 * MiB,
182                .associativity = 12, .line_size = 64, },
183     [0xDE] = { .level = 3, .type = UNIFIED_CACHE,     .size =   6 * MiB,
184                .associativity = 12, .line_size = 64, },
185     [0xE2] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
186                .associativity = 16, .line_size = 64, },
187     [0xE3] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
188                .associativity = 16, .line_size = 64, },
189     [0xE4] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
190                .associativity = 16, .line_size = 64, },
191     [0xEA] = { .level = 3, .type = UNIFIED_CACHE,     .size =  12 * MiB,
192                .associativity = 24, .line_size = 64, },
193     [0xEB] = { .level = 3, .type = UNIFIED_CACHE,     .size =  18 * MiB,
194                .associativity = 24, .line_size = 64, },
195     [0xEC] = { .level = 3, .type = UNIFIED_CACHE,     .size =  24 * MiB,
196                .associativity = 24, .line_size = 64, },
197 };
198 
199 /*
200  * "CPUID leaf 2 does not report cache descriptor information,
201  * use CPUID leaf 4 to query cache parameters"
202  */
203 #define CACHE_DESCRIPTOR_UNAVAILABLE 0xFF
204 
205 /*
206  * Return a CPUID 2 cache descriptor for a given cache.
207  * If no known descriptor is found, return CACHE_DESCRIPTOR_UNAVAILABLE
208  */
209 static uint8_t cpuid2_cache_descriptor(CPUCacheInfo *cache)
210 {
211     int i;
212 
213     assert(cache->size > 0);
214     assert(cache->level > 0);
215     assert(cache->line_size > 0);
216     assert(cache->associativity > 0);
217     for (i = 0; i < ARRAY_SIZE(cpuid2_cache_descriptors); i++) {
218         struct CPUID2CacheDescriptorInfo *d = &cpuid2_cache_descriptors[i];
219         if (d->level == cache->level && d->type == cache->type &&
220             d->size == cache->size && d->line_size == cache->line_size &&
221             d->associativity == cache->associativity) {
222                 return i;
223             }
224     }
225 
226     return CACHE_DESCRIPTOR_UNAVAILABLE;
227 }
228 
229 /* CPUID Leaf 4 constants: */
230 
231 /* EAX: */
232 #define CACHE_TYPE_D    1
233 #define CACHE_TYPE_I    2
234 #define CACHE_TYPE_UNIFIED   3
235 
236 #define CACHE_LEVEL(l)        (l << 5)
237 
238 #define CACHE_SELF_INIT_LEVEL (1 << 8)
239 
240 /* EDX: */
241 #define CACHE_NO_INVD_SHARING   (1 << 0)
242 #define CACHE_INCLUSIVE       (1 << 1)
243 #define CACHE_COMPLEX_IDX     (1 << 2)
244 
245 /* Encode CacheType for CPUID[4].EAX */
246 #define CACHE_TYPE(t) (((t) == DATA_CACHE) ? CACHE_TYPE_D : \
247                        ((t) == INSTRUCTION_CACHE) ? CACHE_TYPE_I : \
248                        ((t) == UNIFIED_CACHE) ? CACHE_TYPE_UNIFIED : \
249                        0 /* Invalid value */)
250 
251 
252 /* Encode cache info for CPUID[4] */
253 static void encode_cache_cpuid4(CPUCacheInfo *cache,
254                                 int num_apic_ids, int num_cores,
255                                 uint32_t *eax, uint32_t *ebx,
256                                 uint32_t *ecx, uint32_t *edx)
257 {
258     assert(cache->size == cache->line_size * cache->associativity *
259                           cache->partitions * cache->sets);
260 
261     assert(num_apic_ids > 0);
262     *eax = CACHE_TYPE(cache->type) |
263            CACHE_LEVEL(cache->level) |
264            (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0) |
265            ((num_cores - 1) << 26) |
266            ((num_apic_ids - 1) << 14);
267 
268     assert(cache->line_size > 0);
269     assert(cache->partitions > 0);
270     assert(cache->associativity > 0);
271     /* We don't implement fully-associative caches */
272     assert(cache->associativity < cache->sets);
273     *ebx = (cache->line_size - 1) |
274            ((cache->partitions - 1) << 12) |
275            ((cache->associativity - 1) << 22);
276 
277     assert(cache->sets > 0);
278     *ecx = cache->sets - 1;
279 
280     *edx = (cache->no_invd_sharing ? CACHE_NO_INVD_SHARING : 0) |
281            (cache->inclusive ? CACHE_INCLUSIVE : 0) |
282            (cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
283 }
284 
285 /* Encode cache info for CPUID[0x80000005].ECX or CPUID[0x80000005].EDX */
286 static uint32_t encode_cache_cpuid80000005(CPUCacheInfo *cache)
287 {
288     assert(cache->size % 1024 == 0);
289     assert(cache->lines_per_tag > 0);
290     assert(cache->associativity > 0);
291     assert(cache->line_size > 0);
292     return ((cache->size / 1024) << 24) | (cache->associativity << 16) |
293            (cache->lines_per_tag << 8) | (cache->line_size);
294 }
295 
296 #define ASSOC_FULL 0xFF
297 
298 /* AMD associativity encoding used on CPUID Leaf 0x80000006: */
299 #define AMD_ENC_ASSOC(a) (a <=   1 ? a   : \
300                           a ==   2 ? 0x2 : \
301                           a ==   4 ? 0x4 : \
302                           a ==   8 ? 0x6 : \
303                           a ==  16 ? 0x8 : \
304                           a ==  32 ? 0xA : \
305                           a ==  48 ? 0xB : \
306                           a ==  64 ? 0xC : \
307                           a ==  96 ? 0xD : \
308                           a == 128 ? 0xE : \
309                           a == ASSOC_FULL ? 0xF : \
310                           0 /* invalid value */)
311 
312 /*
313  * Encode cache info for CPUID[0x80000006].ECX and CPUID[0x80000006].EDX
314  * @l3 can be NULL.
315  */
316 static void encode_cache_cpuid80000006(CPUCacheInfo *l2,
317                                        CPUCacheInfo *l3,
318                                        uint32_t *ecx, uint32_t *edx)
319 {
320     assert(l2->size % 1024 == 0);
321     assert(l2->associativity > 0);
322     assert(l2->lines_per_tag > 0);
323     assert(l2->line_size > 0);
324     *ecx = ((l2->size / 1024) << 16) |
325            (AMD_ENC_ASSOC(l2->associativity) << 12) |
326            (l2->lines_per_tag << 8) | (l2->line_size);
327 
328     if (l3) {
329         assert(l3->size % (512 * 1024) == 0);
330         assert(l3->associativity > 0);
331         assert(l3->lines_per_tag > 0);
332         assert(l3->line_size > 0);
333         *edx = ((l3->size / (512 * 1024)) << 18) |
334                (AMD_ENC_ASSOC(l3->associativity) << 12) |
335                (l3->lines_per_tag << 8) | (l3->line_size);
336     } else {
337         *edx = 0;
338     }
339 }
340 
341 /*
342  * Definitions used for building CPUID Leaf 0x8000001D and 0x8000001E
343  * Please refer to the AMD64 Architecture Programmer’s Manual Volume 3.
344  * Define the constants to build the cpu topology. Right now, TOPOEXT
345  * feature is enabled only on EPYC. So, these constants are based on
346  * EPYC supported configurations. We may need to handle the cases if
347  * these values change in future.
348  */
349 /* Maximum core complexes in a node */
350 #define MAX_CCX 2
351 /* Maximum cores in a core complex */
352 #define MAX_CORES_IN_CCX 4
353 /* Maximum cores in a node */
354 #define MAX_CORES_IN_NODE 8
355 /* Maximum nodes in a socket */
356 #define MAX_NODES_PER_SOCKET 4
357 
358 /*
359  * Figure out the number of nodes required to build this config.
360  * Max cores in a node is 8
361  */
362 static int nodes_in_socket(int nr_cores)
363 {
364     int nodes;
365 
366     nodes = DIV_ROUND_UP(nr_cores, MAX_CORES_IN_NODE);
367 
368    /* Hardware does not support config with 3 nodes, return 4 in that case */
369     return (nodes == 3) ? 4 : nodes;
370 }
371 
372 /*
373  * Decide the number of cores in a core complex with the given nr_cores using
374  * following set constants MAX_CCX, MAX_CORES_IN_CCX, MAX_CORES_IN_NODE and
375  * MAX_NODES_PER_SOCKET. Maintain symmetry as much as possible
376  * L3 cache is shared across all cores in a core complex. So, this will also
377  * tell us how many cores are sharing the L3 cache.
378  */
379 static int cores_in_core_complex(int nr_cores)
380 {
381     int nodes;
382 
383     /* Check if we can fit all the cores in one core complex */
384     if (nr_cores <= MAX_CORES_IN_CCX) {
385         return nr_cores;
386     }
387     /* Get the number of nodes required to build this config */
388     nodes = nodes_in_socket(nr_cores);
389 
390     /*
391      * Divide the cores accros all the core complexes
392      * Return rounded up value
393      */
394     return DIV_ROUND_UP(nr_cores, nodes * MAX_CCX);
395 }
396 
397 /* Encode cache info for CPUID[8000001D] */
398 static void encode_cache_cpuid8000001d(CPUCacheInfo *cache, CPUState *cs,
399                                 uint32_t *eax, uint32_t *ebx,
400                                 uint32_t *ecx, uint32_t *edx)
401 {
402     uint32_t l3_cores;
403     assert(cache->size == cache->line_size * cache->associativity *
404                           cache->partitions * cache->sets);
405 
406     *eax = CACHE_TYPE(cache->type) | CACHE_LEVEL(cache->level) |
407                (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0);
408 
409     /* L3 is shared among multiple cores */
410     if (cache->level == 3) {
411         l3_cores = cores_in_core_complex(cs->nr_cores);
412         *eax |= ((l3_cores * cs->nr_threads) - 1) << 14;
413     } else {
414         *eax |= ((cs->nr_threads - 1) << 14);
415     }
416 
417     assert(cache->line_size > 0);
418     assert(cache->partitions > 0);
419     assert(cache->associativity > 0);
420     /* We don't implement fully-associative caches */
421     assert(cache->associativity < cache->sets);
422     *ebx = (cache->line_size - 1) |
423            ((cache->partitions - 1) << 12) |
424            ((cache->associativity - 1) << 22);
425 
426     assert(cache->sets > 0);
427     *ecx = cache->sets - 1;
428 
429     *edx = (cache->no_invd_sharing ? CACHE_NO_INVD_SHARING : 0) |
430            (cache->inclusive ? CACHE_INCLUSIVE : 0) |
431            (cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
432 }
433 
434 /* Data structure to hold the configuration info for a given core index */
435 struct core_topology {
436     /* core complex id of the current core index */
437     int ccx_id;
438     /*
439      * Adjusted core index for this core in the topology
440      * This can be 0,1,2,3 with max 4 cores in a core complex
441      */
442     int core_id;
443     /* Node id for this core index */
444     int node_id;
445     /* Number of nodes in this config */
446     int num_nodes;
447 };
448 
449 /*
450  * Build the configuration closely match the EPYC hardware. Using the EPYC
451  * hardware configuration values (MAX_CCX, MAX_CORES_IN_CCX, MAX_CORES_IN_NODE)
452  * right now. This could change in future.
453  * nr_cores : Total number of cores in the config
454  * core_id  : Core index of the current CPU
455  * topo     : Data structure to hold all the config info for this core index
456  */
457 static void build_core_topology(int nr_cores, int core_id,
458                                 struct core_topology *topo)
459 {
460     int nodes, cores_in_ccx;
461 
462     /* First get the number of nodes required */
463     nodes = nodes_in_socket(nr_cores);
464 
465     cores_in_ccx = cores_in_core_complex(nr_cores);
466 
467     topo->node_id = core_id / (cores_in_ccx * MAX_CCX);
468     topo->ccx_id = (core_id % (cores_in_ccx * MAX_CCX)) / cores_in_ccx;
469     topo->core_id = core_id % cores_in_ccx;
470     topo->num_nodes = nodes;
471 }
472 
473 /* Encode cache info for CPUID[8000001E] */
474 static void encode_topo_cpuid8000001e(CPUState *cs, X86CPU *cpu,
475                                        uint32_t *eax, uint32_t *ebx,
476                                        uint32_t *ecx, uint32_t *edx)
477 {
478     struct core_topology topo = {0};
479     unsigned long nodes;
480     int shift;
481 
482     build_core_topology(cs->nr_cores, cpu->core_id, &topo);
483     *eax = cpu->apic_id;
484     /*
485      * CPUID_Fn8000001E_EBX
486      * 31:16 Reserved
487      * 15:8  Threads per core (The number of threads per core is
488      *       Threads per core + 1)
489      *  7:0  Core id (see bit decoding below)
490      *       SMT:
491      *           4:3 node id
492      *             2 Core complex id
493      *           1:0 Core id
494      *       Non SMT:
495      *           5:4 node id
496      *             3 Core complex id
497      *           1:0 Core id
498      */
499     if (cs->nr_threads - 1) {
500         *ebx = ((cs->nr_threads - 1) << 8) | (topo.node_id << 3) |
501                 (topo.ccx_id << 2) | topo.core_id;
502     } else {
503         *ebx = (topo.node_id << 4) | (topo.ccx_id << 3) | topo.core_id;
504     }
505     /*
506      * CPUID_Fn8000001E_ECX
507      * 31:11 Reserved
508      * 10:8  Nodes per processor (Nodes per processor is number of nodes + 1)
509      *  7:0  Node id (see bit decoding below)
510      *         2  Socket id
511      *       1:0  Node id
512      */
513     if (topo.num_nodes <= 4) {
514         *ecx = ((topo.num_nodes - 1) << 8) | (cpu->socket_id << 2) |
515                 topo.node_id;
516     } else {
517         /*
518          * Node id fix up. Actual hardware supports up to 4 nodes. But with
519          * more than 32 cores, we may end up with more than 4 nodes.
520          * Node id is a combination of socket id and node id. Only requirement
521          * here is that this number should be unique accross the system.
522          * Shift the socket id to accommodate more nodes. We dont expect both
523          * socket id and node id to be big number at the same time. This is not
524          * an ideal config but we need to to support it. Max nodes we can have
525          * is 32 (255/8) with 8 cores per node and 255 max cores. We only need
526          * 5 bits for nodes. Find the left most set bit to represent the total
527          * number of nodes. find_last_bit returns last set bit(0 based). Left
528          * shift(+1) the socket id to represent all the nodes.
529          */
530         nodes = topo.num_nodes - 1;
531         shift = find_last_bit(&nodes, 8);
532         *ecx = ((topo.num_nodes - 1) << 8) | (cpu->socket_id << (shift + 1)) |
533                 topo.node_id;
534     }
535     *edx = 0;
536 }
537 
538 /*
539  * Definitions of the hardcoded cache entries we expose:
540  * These are legacy cache values. If there is a need to change any
541  * of these values please use builtin_x86_defs
542  */
543 
544 /* L1 data cache: */
545 static CPUCacheInfo legacy_l1d_cache = {
546     .type = DATA_CACHE,
547     .level = 1,
548     .size = 32 * KiB,
549     .self_init = 1,
550     .line_size = 64,
551     .associativity = 8,
552     .sets = 64,
553     .partitions = 1,
554     .no_invd_sharing = true,
555 };
556 
557 /*FIXME: CPUID leaf 0x80000005 is inconsistent with leaves 2 & 4 */
558 static CPUCacheInfo legacy_l1d_cache_amd = {
559     .type = DATA_CACHE,
560     .level = 1,
561     .size = 64 * KiB,
562     .self_init = 1,
563     .line_size = 64,
564     .associativity = 2,
565     .sets = 512,
566     .partitions = 1,
567     .lines_per_tag = 1,
568     .no_invd_sharing = true,
569 };
570 
571 /* L1 instruction cache: */
572 static CPUCacheInfo legacy_l1i_cache = {
573     .type = INSTRUCTION_CACHE,
574     .level = 1,
575     .size = 32 * KiB,
576     .self_init = 1,
577     .line_size = 64,
578     .associativity = 8,
579     .sets = 64,
580     .partitions = 1,
581     .no_invd_sharing = true,
582 };
583 
584 /*FIXME: CPUID leaf 0x80000005 is inconsistent with leaves 2 & 4 */
585 static CPUCacheInfo legacy_l1i_cache_amd = {
586     .type = INSTRUCTION_CACHE,
587     .level = 1,
588     .size = 64 * KiB,
589     .self_init = 1,
590     .line_size = 64,
591     .associativity = 2,
592     .sets = 512,
593     .partitions = 1,
594     .lines_per_tag = 1,
595     .no_invd_sharing = true,
596 };
597 
598 /* Level 2 unified cache: */
599 static CPUCacheInfo legacy_l2_cache = {
600     .type = UNIFIED_CACHE,
601     .level = 2,
602     .size = 4 * MiB,
603     .self_init = 1,
604     .line_size = 64,
605     .associativity = 16,
606     .sets = 4096,
607     .partitions = 1,
608     .no_invd_sharing = true,
609 };
610 
611 /*FIXME: CPUID leaf 2 descriptor is inconsistent with CPUID leaf 4 */
612 static CPUCacheInfo legacy_l2_cache_cpuid2 = {
613     .type = UNIFIED_CACHE,
614     .level = 2,
615     .size = 2 * MiB,
616     .line_size = 64,
617     .associativity = 8,
618 };
619 
620 
621 /*FIXME: CPUID leaf 0x80000006 is inconsistent with leaves 2 & 4 */
622 static CPUCacheInfo legacy_l2_cache_amd = {
623     .type = UNIFIED_CACHE,
624     .level = 2,
625     .size = 512 * KiB,
626     .line_size = 64,
627     .lines_per_tag = 1,
628     .associativity = 16,
629     .sets = 512,
630     .partitions = 1,
631 };
632 
633 /* Level 3 unified cache: */
634 static CPUCacheInfo legacy_l3_cache = {
635     .type = UNIFIED_CACHE,
636     .level = 3,
637     .size = 16 * MiB,
638     .line_size = 64,
639     .associativity = 16,
640     .sets = 16384,
641     .partitions = 1,
642     .lines_per_tag = 1,
643     .self_init = true,
644     .inclusive = true,
645     .complex_indexing = true,
646 };
647 
648 /* TLB definitions: */
649 
650 #define L1_DTLB_2M_ASSOC       1
651 #define L1_DTLB_2M_ENTRIES   255
652 #define L1_DTLB_4K_ASSOC       1
653 #define L1_DTLB_4K_ENTRIES   255
654 
655 #define L1_ITLB_2M_ASSOC       1
656 #define L1_ITLB_2M_ENTRIES   255
657 #define L1_ITLB_4K_ASSOC       1
658 #define L1_ITLB_4K_ENTRIES   255
659 
660 #define L2_DTLB_2M_ASSOC       0 /* disabled */
661 #define L2_DTLB_2M_ENTRIES     0 /* disabled */
662 #define L2_DTLB_4K_ASSOC       4
663 #define L2_DTLB_4K_ENTRIES   512
664 
665 #define L2_ITLB_2M_ASSOC       0 /* disabled */
666 #define L2_ITLB_2M_ENTRIES     0 /* disabled */
667 #define L2_ITLB_4K_ASSOC       4
668 #define L2_ITLB_4K_ENTRIES   512
669 
670 /* CPUID Leaf 0x14 constants: */
671 #define INTEL_PT_MAX_SUBLEAF     0x1
672 /*
673  * bit[00]: IA32_RTIT_CTL.CR3 filter can be set to 1 and IA32_RTIT_CR3_MATCH
674  *          MSR can be accessed;
675  * bit[01]: Support Configurable PSB and Cycle-Accurate Mode;
676  * bit[02]: Support IP Filtering, TraceStop filtering, and preservation
677  *          of Intel PT MSRs across warm reset;
678  * bit[03]: Support MTC timing packet and suppression of COFI-based packets;
679  */
680 #define INTEL_PT_MINIMAL_EBX     0xf
681 /*
682  * bit[00]: Tracing can be enabled with IA32_RTIT_CTL.ToPA = 1 and
683  *          IA32_RTIT_OUTPUT_BASE and IA32_RTIT_OUTPUT_MASK_PTRS MSRs can be
684  *          accessed;
685  * bit[01]: ToPA tables can hold any number of output entries, up to the
686  *          maximum allowed by the MaskOrTableOffset field of
687  *          IA32_RTIT_OUTPUT_MASK_PTRS;
688  * bit[02]: Support Single-Range Output scheme;
689  */
690 #define INTEL_PT_MINIMAL_ECX     0x7
691 /* generated packets which contain IP payloads have LIP values */
692 #define INTEL_PT_IP_LIP          (1 << 31)
693 #define INTEL_PT_ADDR_RANGES_NUM 0x2 /* Number of configurable address ranges */
694 #define INTEL_PT_ADDR_RANGES_NUM_MASK 0x3
695 #define INTEL_PT_MTC_BITMAP      (0x0249 << 16) /* Support ART(0,3,6,9) */
696 #define INTEL_PT_CYCLE_BITMAP    0x1fff         /* Support 0,2^(0~11) */
697 #define INTEL_PT_PSB_BITMAP      (0x003f << 16) /* Support 2K,4K,8K,16K,32K,64K */
698 
699 static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
700                                      uint32_t vendor2, uint32_t vendor3)
701 {
702     int i;
703     for (i = 0; i < 4; i++) {
704         dst[i] = vendor1 >> (8 * i);
705         dst[i + 4] = vendor2 >> (8 * i);
706         dst[i + 8] = vendor3 >> (8 * i);
707     }
708     dst[CPUID_VENDOR_SZ] = '\0';
709 }
710 
711 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
712 #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
713           CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
714 #define PENTIUM2_FEATURES (PENTIUM_FEATURES | CPUID_PAE | CPUID_SEP | \
715           CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
716           CPUID_PSE36 | CPUID_FXSR)
717 #define PENTIUM3_FEATURES (PENTIUM2_FEATURES | CPUID_SSE)
718 #define PPRO_FEATURES (CPUID_FP87 | CPUID_DE | CPUID_PSE | CPUID_TSC | \
719           CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_PGE | CPUID_CMOV | \
720           CPUID_PAT | CPUID_FXSR | CPUID_MMX | CPUID_SSE | CPUID_SSE2 | \
721           CPUID_PAE | CPUID_SEP | CPUID_APIC)
722 
723 #define TCG_FEATURES (CPUID_FP87 | CPUID_PSE | CPUID_TSC | CPUID_MSR | \
724           CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
725           CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
726           CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
727           CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE)
728           /* partly implemented:
729           CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64) */
730           /* missing:
731           CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
732 #define TCG_EXT_FEATURES (CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | \
733           CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
734           CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
735           CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */   \
736           CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
737           CPUID_EXT_RDRAND)
738           /* missing:
739           CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
740           CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
741           CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
742           CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
743           CPUID_EXT_F16C */
744 
745 #ifdef TARGET_X86_64
746 #define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
747 #else
748 #define TCG_EXT2_X86_64_FEATURES 0
749 #endif
750 
751 #define TCG_EXT2_FEATURES ((TCG_FEATURES & CPUID_EXT2_AMD_ALIASES) | \
752           CPUID_EXT2_NX | CPUID_EXT2_MMXEXT | CPUID_EXT2_RDTSCP | \
753           CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | CPUID_EXT2_PDPE1GB | \
754           TCG_EXT2_X86_64_FEATURES)
755 #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
756           CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
757 #define TCG_EXT4_FEATURES 0
758 #define TCG_SVM_FEATURES CPUID_SVM_NPT
759 #define TCG_KVM_FEATURES 0
760 #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
761           CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
762           CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
763           CPUID_7_0_EBX_CLWB | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_FSGSBASE | \
764           CPUID_7_0_EBX_ERMS)
765           /* missing:
766           CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
767           CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
768           CPUID_7_0_EBX_RDSEED */
769 #define TCG_7_0_ECX_FEATURES (CPUID_7_0_ECX_PKU | \
770           /* CPUID_7_0_ECX_OSPKE is dynamic */ \
771           CPUID_7_0_ECX_LA57)
772 #define TCG_7_0_EDX_FEATURES 0
773 #define TCG_7_1_EAX_FEATURES 0
774 #define TCG_APM_FEATURES 0
775 #define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT
776 #define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1)
777           /* missing:
778           CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
779 
780 typedef enum FeatureWordType {
781    CPUID_FEATURE_WORD,
782    MSR_FEATURE_WORD,
783 } FeatureWordType;
784 
785 typedef struct FeatureWordInfo {
786     FeatureWordType type;
787     /* feature flags names are taken from "Intel Processor Identification and
788      * the CPUID Instruction" and AMD's "CPUID Specification".
789      * In cases of disagreement between feature naming conventions,
790      * aliases may be added.
791      */
792     const char *feat_names[64];
793     union {
794         /* If type==CPUID_FEATURE_WORD */
795         struct {
796             uint32_t eax;   /* Input EAX for CPUID */
797             bool needs_ecx; /* CPUID instruction uses ECX as input */
798             uint32_t ecx;   /* Input ECX value for CPUID */
799             int reg;        /* output register (R_* constant) */
800         } cpuid;
801         /* If type==MSR_FEATURE_WORD */
802         struct {
803             uint32_t index;
804         } msr;
805     };
806     uint64_t tcg_features; /* Feature flags supported by TCG */
807     uint64_t unmigratable_flags; /* Feature flags known to be unmigratable */
808     uint64_t migratable_flags; /* Feature flags known to be migratable */
809     /* Features that shouldn't be auto-enabled by "-cpu host" */
810     uint64_t no_autoenable_flags;
811 } FeatureWordInfo;
812 
813 static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
814     [FEAT_1_EDX] = {
815         .type = CPUID_FEATURE_WORD,
816         .feat_names = {
817             "fpu", "vme", "de", "pse",
818             "tsc", "msr", "pae", "mce",
819             "cx8", "apic", NULL, "sep",
820             "mtrr", "pge", "mca", "cmov",
821             "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
822             NULL, "ds" /* Intel dts */, "acpi", "mmx",
823             "fxsr", "sse", "sse2", "ss",
824             "ht" /* Intel htt */, "tm", "ia64", "pbe",
825         },
826         .cpuid = {.eax = 1, .reg = R_EDX, },
827         .tcg_features = TCG_FEATURES,
828     },
829     [FEAT_1_ECX] = {
830         .type = CPUID_FEATURE_WORD,
831         .feat_names = {
832             "pni" /* Intel,AMD sse3 */, "pclmulqdq", "dtes64", "monitor",
833             "ds-cpl", "vmx", "smx", "est",
834             "tm2", "ssse3", "cid", NULL,
835             "fma", "cx16", "xtpr", "pdcm",
836             NULL, "pcid", "dca", "sse4.1",
837             "sse4.2", "x2apic", "movbe", "popcnt",
838             "tsc-deadline", "aes", "xsave", NULL /* osxsave */,
839             "avx", "f16c", "rdrand", "hypervisor",
840         },
841         .cpuid = { .eax = 1, .reg = R_ECX, },
842         .tcg_features = TCG_EXT_FEATURES,
843     },
844     /* Feature names that are already defined on feature_name[] but
845      * are set on CPUID[8000_0001].EDX on AMD CPUs don't have their
846      * names on feat_names below. They are copied automatically
847      * to features[FEAT_8000_0001_EDX] if and only if CPU vendor is AMD.
848      */
849     [FEAT_8000_0001_EDX] = {
850         .type = CPUID_FEATURE_WORD,
851         .feat_names = {
852             NULL /* fpu */, NULL /* vme */, NULL /* de */, NULL /* pse */,
853             NULL /* tsc */, NULL /* msr */, NULL /* pae */, NULL /* mce */,
854             NULL /* cx8 */, NULL /* apic */, NULL, "syscall",
855             NULL /* mtrr */, NULL /* pge */, NULL /* mca */, NULL /* cmov */,
856             NULL /* pat */, NULL /* pse36 */, NULL, NULL /* Linux mp */,
857             "nx", NULL, "mmxext", NULL /* mmx */,
858             NULL /* fxsr */, "fxsr-opt", "pdpe1gb", "rdtscp",
859             NULL, "lm", "3dnowext", "3dnow",
860         },
861         .cpuid = { .eax = 0x80000001, .reg = R_EDX, },
862         .tcg_features = TCG_EXT2_FEATURES,
863     },
864     [FEAT_8000_0001_ECX] = {
865         .type = CPUID_FEATURE_WORD,
866         .feat_names = {
867             "lahf-lm", "cmp-legacy", "svm", "extapic",
868             "cr8legacy", "abm", "sse4a", "misalignsse",
869             "3dnowprefetch", "osvw", "ibs", "xop",
870             "skinit", "wdt", NULL, "lwp",
871             "fma4", "tce", NULL, "nodeid-msr",
872             NULL, "tbm", "topoext", "perfctr-core",
873             "perfctr-nb", NULL, NULL, NULL,
874             NULL, NULL, NULL, NULL,
875         },
876         .cpuid = { .eax = 0x80000001, .reg = R_ECX, },
877         .tcg_features = TCG_EXT3_FEATURES,
878         /*
879          * TOPOEXT is always allowed but can't be enabled blindly by
880          * "-cpu host", as it requires consistent cache topology info
881          * to be provided so it doesn't confuse guests.
882          */
883         .no_autoenable_flags = CPUID_EXT3_TOPOEXT,
884     },
885     [FEAT_C000_0001_EDX] = {
886         .type = CPUID_FEATURE_WORD,
887         .feat_names = {
888             NULL, NULL, "xstore", "xstore-en",
889             NULL, NULL, "xcrypt", "xcrypt-en",
890             "ace2", "ace2-en", "phe", "phe-en",
891             "pmm", "pmm-en", NULL, NULL,
892             NULL, NULL, NULL, NULL,
893             NULL, NULL, NULL, NULL,
894             NULL, NULL, NULL, NULL,
895             NULL, NULL, NULL, NULL,
896         },
897         .cpuid = { .eax = 0xC0000001, .reg = R_EDX, },
898         .tcg_features = TCG_EXT4_FEATURES,
899     },
900     [FEAT_KVM] = {
901         .type = CPUID_FEATURE_WORD,
902         .feat_names = {
903             "kvmclock", "kvm-nopiodelay", "kvm-mmu", "kvmclock",
904             "kvm-asyncpf", "kvm-steal-time", "kvm-pv-eoi", "kvm-pv-unhalt",
905             NULL, "kvm-pv-tlb-flush", NULL, "kvm-pv-ipi",
906             "kvm-poll-control", "kvm-pv-sched-yield", NULL, NULL,
907             NULL, NULL, NULL, NULL,
908             NULL, NULL, NULL, NULL,
909             "kvmclock-stable-bit", NULL, NULL, NULL,
910             NULL, NULL, NULL, NULL,
911         },
912         .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EAX, },
913         .tcg_features = TCG_KVM_FEATURES,
914     },
915     [FEAT_KVM_HINTS] = {
916         .type = CPUID_FEATURE_WORD,
917         .feat_names = {
918             "kvm-hint-dedicated", NULL, NULL, NULL,
919             NULL, NULL, NULL, NULL,
920             NULL, NULL, NULL, NULL,
921             NULL, NULL, NULL, NULL,
922             NULL, NULL, NULL, NULL,
923             NULL, NULL, NULL, NULL,
924             NULL, NULL, NULL, NULL,
925             NULL, NULL, NULL, NULL,
926         },
927         .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EDX, },
928         .tcg_features = TCG_KVM_FEATURES,
929         /*
930          * KVM hints aren't auto-enabled by -cpu host, they need to be
931          * explicitly enabled in the command-line.
932          */
933         .no_autoenable_flags = ~0U,
934     },
935     /*
936      * .feat_names are commented out for Hyper-V enlightenments because we
937      * don't want to have two different ways for enabling them on QEMU command
938      * line. Some features (e.g. "hyperv_time", "hyperv_vapic", ...) require
939      * enabling several feature bits simultaneously, exposing these bits
940      * individually may just confuse guests.
941      */
942     [FEAT_HYPERV_EAX] = {
943         .type = CPUID_FEATURE_WORD,
944         .feat_names = {
945             NULL /* hv_msr_vp_runtime_access */, NULL /* hv_msr_time_refcount_access */,
946             NULL /* hv_msr_synic_access */, NULL /* hv_msr_stimer_access */,
947             NULL /* hv_msr_apic_access */, NULL /* hv_msr_hypercall_access */,
948             NULL /* hv_vpindex_access */, NULL /* hv_msr_reset_access */,
949             NULL /* hv_msr_stats_access */, NULL /* hv_reftsc_access */,
950             NULL /* hv_msr_idle_access */, NULL /* hv_msr_frequency_access */,
951             NULL /* hv_msr_debug_access */, NULL /* hv_msr_reenlightenment_access */,
952             NULL, NULL,
953             NULL, NULL, NULL, NULL,
954             NULL, NULL, NULL, NULL,
955             NULL, NULL, NULL, NULL,
956             NULL, NULL, NULL, NULL,
957         },
958         .cpuid = { .eax = 0x40000003, .reg = R_EAX, },
959     },
960     [FEAT_HYPERV_EBX] = {
961         .type = CPUID_FEATURE_WORD,
962         .feat_names = {
963             NULL /* hv_create_partitions */, NULL /* hv_access_partition_id */,
964             NULL /* hv_access_memory_pool */, NULL /* hv_adjust_message_buffers */,
965             NULL /* hv_post_messages */, NULL /* hv_signal_events */,
966             NULL /* hv_create_port */, NULL /* hv_connect_port */,
967             NULL /* hv_access_stats */, NULL, NULL, NULL /* hv_debugging */,
968             NULL /* hv_cpu_power_management */, NULL /* hv_configure_profiler */,
969             NULL, NULL,
970             NULL, NULL, NULL, NULL,
971             NULL, NULL, NULL, NULL,
972             NULL, NULL, NULL, NULL,
973             NULL, NULL, NULL, NULL,
974         },
975         .cpuid = { .eax = 0x40000003, .reg = R_EBX, },
976     },
977     [FEAT_HYPERV_EDX] = {
978         .type = CPUID_FEATURE_WORD,
979         .feat_names = {
980             NULL /* hv_mwait */, NULL /* hv_guest_debugging */,
981             NULL /* hv_perf_monitor */, NULL /* hv_cpu_dynamic_part */,
982             NULL /* hv_hypercall_params_xmm */, NULL /* hv_guest_idle_state */,
983             NULL, NULL,
984             NULL, NULL, NULL /* hv_guest_crash_msr */, NULL,
985             NULL, NULL, NULL, NULL,
986             NULL, NULL, NULL, NULL,
987             NULL, NULL, NULL, NULL,
988             NULL, NULL, NULL, NULL,
989             NULL, NULL, NULL, NULL,
990         },
991         .cpuid = { .eax = 0x40000003, .reg = R_EDX, },
992     },
993     [FEAT_HV_RECOMM_EAX] = {
994         .type = CPUID_FEATURE_WORD,
995         .feat_names = {
996             NULL /* hv_recommend_pv_as_switch */,
997             NULL /* hv_recommend_pv_tlbflush_local */,
998             NULL /* hv_recommend_pv_tlbflush_remote */,
999             NULL /* hv_recommend_msr_apic_access */,
1000             NULL /* hv_recommend_msr_reset */,
1001             NULL /* hv_recommend_relaxed_timing */,
1002             NULL /* hv_recommend_dma_remapping */,
1003             NULL /* hv_recommend_int_remapping */,
1004             NULL /* hv_recommend_x2apic_msrs */,
1005             NULL /* hv_recommend_autoeoi_deprecation */,
1006             NULL /* hv_recommend_pv_ipi */,
1007             NULL /* hv_recommend_ex_hypercalls */,
1008             NULL /* hv_hypervisor_is_nested */,
1009             NULL /* hv_recommend_int_mbec */,
1010             NULL /* hv_recommend_evmcs */,
1011             NULL,
1012             NULL, NULL, NULL, NULL,
1013             NULL, NULL, NULL, NULL,
1014             NULL, NULL, NULL, NULL,
1015             NULL, NULL, NULL, NULL,
1016         },
1017         .cpuid = { .eax = 0x40000004, .reg = R_EAX, },
1018     },
1019     [FEAT_HV_NESTED_EAX] = {
1020         .type = CPUID_FEATURE_WORD,
1021         .cpuid = { .eax = 0x4000000A, .reg = R_EAX, },
1022     },
1023     [FEAT_SVM] = {
1024         .type = CPUID_FEATURE_WORD,
1025         .feat_names = {
1026             "npt", "lbrv", "svm-lock", "nrip-save",
1027             "tsc-scale", "vmcb-clean",  "flushbyasid", "decodeassists",
1028             NULL, NULL, "pause-filter", NULL,
1029             "pfthreshold", NULL, NULL, NULL,
1030             NULL, NULL, NULL, NULL,
1031             NULL, NULL, NULL, NULL,
1032             NULL, NULL, NULL, NULL,
1033             NULL, NULL, NULL, NULL,
1034         },
1035         .cpuid = { .eax = 0x8000000A, .reg = R_EDX, },
1036         .tcg_features = TCG_SVM_FEATURES,
1037     },
1038     [FEAT_7_0_EBX] = {
1039         .type = CPUID_FEATURE_WORD,
1040         .feat_names = {
1041             "fsgsbase", "tsc-adjust", NULL, "bmi1",
1042             "hle", "avx2", NULL, "smep",
1043             "bmi2", "erms", "invpcid", "rtm",
1044             NULL, NULL, "mpx", NULL,
1045             "avx512f", "avx512dq", "rdseed", "adx",
1046             "smap", "avx512ifma", "pcommit", "clflushopt",
1047             "clwb", "intel-pt", "avx512pf", "avx512er",
1048             "avx512cd", "sha-ni", "avx512bw", "avx512vl",
1049         },
1050         .cpuid = {
1051             .eax = 7,
1052             .needs_ecx = true, .ecx = 0,
1053             .reg = R_EBX,
1054         },
1055         .tcg_features = TCG_7_0_EBX_FEATURES,
1056     },
1057     [FEAT_7_0_ECX] = {
1058         .type = CPUID_FEATURE_WORD,
1059         .feat_names = {
1060             NULL, "avx512vbmi", "umip", "pku",
1061             NULL /* ospke */, NULL, "avx512vbmi2", NULL,
1062             "gfni", "vaes", "vpclmulqdq", "avx512vnni",
1063             "avx512bitalg", NULL, "avx512-vpopcntdq", NULL,
1064             "la57", NULL, NULL, NULL,
1065             NULL, NULL, "rdpid", NULL,
1066             NULL, "cldemote", NULL, "movdiri",
1067             "movdir64b", NULL, NULL, NULL,
1068         },
1069         .cpuid = {
1070             .eax = 7,
1071             .needs_ecx = true, .ecx = 0,
1072             .reg = R_ECX,
1073         },
1074         .tcg_features = TCG_7_0_ECX_FEATURES,
1075     },
1076     [FEAT_7_0_EDX] = {
1077         .type = CPUID_FEATURE_WORD,
1078         .feat_names = {
1079             NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
1080             NULL, NULL, NULL, NULL,
1081             NULL, NULL, "md-clear", NULL,
1082             NULL, NULL, NULL, NULL,
1083             NULL, NULL, NULL /* pconfig */, NULL,
1084             NULL, NULL, NULL, NULL,
1085             NULL, NULL, "spec-ctrl", "stibp",
1086             NULL, "arch-capabilities", "core-capability", "ssbd",
1087         },
1088         .cpuid = {
1089             .eax = 7,
1090             .needs_ecx = true, .ecx = 0,
1091             .reg = R_EDX,
1092         },
1093         .tcg_features = TCG_7_0_EDX_FEATURES,
1094     },
1095     [FEAT_7_1_EAX] = {
1096         .type = CPUID_FEATURE_WORD,
1097         .feat_names = {
1098             NULL, NULL, NULL, NULL,
1099             NULL, "avx512-bf16", NULL, NULL,
1100             NULL, NULL, NULL, NULL,
1101             NULL, NULL, NULL, NULL,
1102             NULL, NULL, NULL, NULL,
1103             NULL, NULL, NULL, NULL,
1104             NULL, NULL, NULL, NULL,
1105             NULL, NULL, NULL, NULL,
1106         },
1107         .cpuid = {
1108             .eax = 7,
1109             .needs_ecx = true, .ecx = 1,
1110             .reg = R_EAX,
1111         },
1112         .tcg_features = TCG_7_1_EAX_FEATURES,
1113     },
1114     [FEAT_8000_0007_EDX] = {
1115         .type = CPUID_FEATURE_WORD,
1116         .feat_names = {
1117             NULL, NULL, NULL, NULL,
1118             NULL, NULL, NULL, NULL,
1119             "invtsc", NULL, NULL, NULL,
1120             NULL, NULL, NULL, NULL,
1121             NULL, NULL, NULL, NULL,
1122             NULL, NULL, NULL, NULL,
1123             NULL, NULL, NULL, NULL,
1124             NULL, NULL, NULL, NULL,
1125         },
1126         .cpuid = { .eax = 0x80000007, .reg = R_EDX, },
1127         .tcg_features = TCG_APM_FEATURES,
1128         .unmigratable_flags = CPUID_APM_INVTSC,
1129     },
1130     [FEAT_8000_0008_EBX] = {
1131         .type = CPUID_FEATURE_WORD,
1132         .feat_names = {
1133             "clzero", NULL, "xsaveerptr", NULL,
1134             NULL, NULL, NULL, NULL,
1135             NULL, "wbnoinvd", NULL, NULL,
1136             "ibpb", NULL, NULL, NULL,
1137             NULL, NULL, NULL, NULL,
1138             NULL, NULL, NULL, NULL,
1139             "amd-ssbd", "virt-ssbd", "amd-no-ssb", NULL,
1140             NULL, NULL, NULL, NULL,
1141         },
1142         .cpuid = { .eax = 0x80000008, .reg = R_EBX, },
1143         .tcg_features = 0,
1144         .unmigratable_flags = 0,
1145     },
1146     [FEAT_XSAVE] = {
1147         .type = CPUID_FEATURE_WORD,
1148         .feat_names = {
1149             "xsaveopt", "xsavec", "xgetbv1", "xsaves",
1150             NULL, NULL, NULL, NULL,
1151             NULL, NULL, NULL, NULL,
1152             NULL, NULL, NULL, NULL,
1153             NULL, NULL, NULL, NULL,
1154             NULL, NULL, NULL, NULL,
1155             NULL, NULL, NULL, NULL,
1156             NULL, NULL, NULL, NULL,
1157         },
1158         .cpuid = {
1159             .eax = 0xd,
1160             .needs_ecx = true, .ecx = 1,
1161             .reg = R_EAX,
1162         },
1163         .tcg_features = TCG_XSAVE_FEATURES,
1164     },
1165     [FEAT_6_EAX] = {
1166         .type = CPUID_FEATURE_WORD,
1167         .feat_names = {
1168             NULL, NULL, "arat", NULL,
1169             NULL, NULL, NULL, NULL,
1170             NULL, NULL, NULL, NULL,
1171             NULL, NULL, NULL, NULL,
1172             NULL, NULL, NULL, NULL,
1173             NULL, NULL, NULL, NULL,
1174             NULL, NULL, NULL, NULL,
1175             NULL, NULL, NULL, NULL,
1176         },
1177         .cpuid = { .eax = 6, .reg = R_EAX, },
1178         .tcg_features = TCG_6_EAX_FEATURES,
1179     },
1180     [FEAT_XSAVE_COMP_LO] = {
1181         .type = CPUID_FEATURE_WORD,
1182         .cpuid = {
1183             .eax = 0xD,
1184             .needs_ecx = true, .ecx = 0,
1185             .reg = R_EAX,
1186         },
1187         .tcg_features = ~0U,
1188         .migratable_flags = XSTATE_FP_MASK | XSTATE_SSE_MASK |
1189             XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK |
1190             XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | XSTATE_Hi16_ZMM_MASK |
1191             XSTATE_PKRU_MASK,
1192     },
1193     [FEAT_XSAVE_COMP_HI] = {
1194         .type = CPUID_FEATURE_WORD,
1195         .cpuid = {
1196             .eax = 0xD,
1197             .needs_ecx = true, .ecx = 0,
1198             .reg = R_EDX,
1199         },
1200         .tcg_features = ~0U,
1201     },
1202     /*Below are MSR exposed features*/
1203     [FEAT_ARCH_CAPABILITIES] = {
1204         .type = MSR_FEATURE_WORD,
1205         .feat_names = {
1206             "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
1207             "ssb-no", "mds-no", NULL, NULL,
1208             NULL, NULL, NULL, NULL,
1209             NULL, NULL, NULL, NULL,
1210             NULL, NULL, NULL, NULL,
1211             NULL, NULL, NULL, NULL,
1212             NULL, NULL, NULL, NULL,
1213             NULL, NULL, NULL, NULL,
1214         },
1215         .msr = {
1216             .index = MSR_IA32_ARCH_CAPABILITIES,
1217         },
1218     },
1219     [FEAT_CORE_CAPABILITY] = {
1220         .type = MSR_FEATURE_WORD,
1221         .feat_names = {
1222             NULL, NULL, NULL, NULL,
1223             NULL, "split-lock-detect", NULL, NULL,
1224             NULL, NULL, NULL, NULL,
1225             NULL, NULL, NULL, NULL,
1226             NULL, NULL, NULL, NULL,
1227             NULL, NULL, NULL, NULL,
1228             NULL, NULL, NULL, NULL,
1229             NULL, NULL, NULL, NULL,
1230         },
1231         .msr = {
1232             .index = MSR_IA32_CORE_CAPABILITY,
1233         },
1234     },
1235 
1236     [FEAT_VMX_PROCBASED_CTLS] = {
1237         .type = MSR_FEATURE_WORD,
1238         .feat_names = {
1239             NULL, NULL, "vmx-vintr-pending", "vmx-tsc-offset",
1240             NULL, NULL, NULL, "vmx-hlt-exit",
1241             NULL, "vmx-invlpg-exit", "vmx-mwait-exit", "vmx-rdpmc-exit",
1242             "vmx-rdtsc-exit", NULL, NULL, "vmx-cr3-load-noexit",
1243             "vmx-cr3-store-noexit", NULL, NULL, "vmx-cr8-load-exit",
1244             "vmx-cr8-store-exit", "vmx-flexpriority", "vmx-vnmi-pending", "vmx-movdr-exit",
1245             "vmx-io-exit", "vmx-io-bitmap", NULL, "vmx-mtf",
1246             "vmx-msr-bitmap", "vmx-monitor-exit", "vmx-pause-exit", "vmx-secondary-ctls",
1247         },
1248         .msr = {
1249             .index = MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
1250         }
1251     },
1252 
1253     [FEAT_VMX_SECONDARY_CTLS] = {
1254         .type = MSR_FEATURE_WORD,
1255         .feat_names = {
1256             "vmx-apicv-xapic", "vmx-ept", "vmx-desc-exit", "vmx-rdtscp-exit",
1257             "vmx-apicv-x2apic", "vmx-vpid", "vmx-wbinvd-exit", "vmx-unrestricted-guest",
1258             "vmx-apicv-register", "vmx-apicv-vid", "vmx-ple", "vmx-rdrand-exit",
1259             "vmx-invpcid-exit", "vmx-vmfunc", "vmx-shadow-vmcs", "vmx-encls-exit",
1260             "vmx-rdseed-exit", "vmx-pml", NULL, NULL,
1261             "vmx-xsaves", NULL, NULL, NULL,
1262             NULL, NULL, NULL, NULL,
1263             NULL, NULL, NULL, NULL,
1264         },
1265         .msr = {
1266             .index = MSR_IA32_VMX_PROCBASED_CTLS2,
1267         }
1268     },
1269 
1270     [FEAT_VMX_PINBASED_CTLS] = {
1271         .type = MSR_FEATURE_WORD,
1272         .feat_names = {
1273             "vmx-intr-exit", NULL, NULL, "vmx-nmi-exit",
1274             NULL, "vmx-vnmi", "vmx-preemption-timer", "vmx-posted-intr",
1275             NULL, NULL, NULL, NULL,
1276             NULL, NULL, NULL, NULL,
1277             NULL, NULL, NULL, NULL,
1278             NULL, NULL, NULL, NULL,
1279             NULL, NULL, NULL, NULL,
1280             NULL, NULL, NULL, NULL,
1281         },
1282         .msr = {
1283             .index = MSR_IA32_VMX_TRUE_PINBASED_CTLS,
1284         }
1285     },
1286 
1287     [FEAT_VMX_EXIT_CTLS] = {
1288         .type = MSR_FEATURE_WORD,
1289         /*
1290          * VMX_VM_EXIT_HOST_ADDR_SPACE_SIZE is copied from
1291          * the LM CPUID bit.
1292          */
1293         .feat_names = {
1294             NULL, NULL, "vmx-exit-nosave-debugctl", NULL,
1295             NULL, NULL, NULL, NULL,
1296             NULL, NULL /* vmx-exit-host-addr-space-size */, NULL, NULL,
1297             "vmx-exit-load-perf-global-ctrl", NULL, NULL, "vmx-exit-ack-intr",
1298             NULL, NULL, "vmx-exit-save-pat", "vmx-exit-load-pat",
1299             "vmx-exit-save-efer", "vmx-exit-load-efer",
1300                 "vmx-exit-save-preemption-timer", "vmx-exit-clear-bndcfgs",
1301             NULL, "vmx-exit-clear-rtit-ctl", NULL, NULL,
1302             NULL, NULL, NULL, NULL,
1303         },
1304         .msr = {
1305             .index = MSR_IA32_VMX_TRUE_EXIT_CTLS,
1306         }
1307     },
1308 
1309     [FEAT_VMX_ENTRY_CTLS] = {
1310         .type = MSR_FEATURE_WORD,
1311         .feat_names = {
1312             NULL, NULL, "vmx-entry-noload-debugctl", NULL,
1313             NULL, NULL, NULL, NULL,
1314             NULL, "vmx-entry-ia32e-mode", NULL, NULL,
1315             NULL, "vmx-entry-load-perf-global-ctrl", "vmx-entry-load-pat", "vmx-entry-load-efer",
1316             "vmx-entry-load-bndcfgs", NULL, "vmx-entry-load-rtit-ctl", NULL,
1317             NULL, NULL, NULL, NULL,
1318             NULL, NULL, NULL, NULL,
1319             NULL, NULL, NULL, NULL,
1320         },
1321         .msr = {
1322             .index = MSR_IA32_VMX_TRUE_ENTRY_CTLS,
1323         }
1324     },
1325 
1326     [FEAT_VMX_MISC] = {
1327         .type = MSR_FEATURE_WORD,
1328         .feat_names = {
1329             NULL, NULL, NULL, NULL,
1330             NULL, "vmx-store-lma", "vmx-activity-hlt", "vmx-activity-shutdown",
1331             "vmx-activity-wait-sipi", NULL, NULL, NULL,
1332             NULL, NULL, NULL, NULL,
1333             NULL, NULL, NULL, NULL,
1334             NULL, NULL, NULL, NULL,
1335             NULL, NULL, NULL, NULL,
1336             NULL, "vmx-vmwrite-vmexit-fields", "vmx-zero-len-inject", NULL,
1337         },
1338         .msr = {
1339             .index = MSR_IA32_VMX_MISC,
1340         }
1341     },
1342 
1343     [FEAT_VMX_EPT_VPID_CAPS] = {
1344         .type = MSR_FEATURE_WORD,
1345         .feat_names = {
1346             "vmx-ept-execonly", NULL, NULL, NULL,
1347             NULL, NULL, "vmx-page-walk-4", "vmx-page-walk-5",
1348             NULL, NULL, NULL, NULL,
1349             NULL, NULL, NULL, NULL,
1350             "vmx-ept-2mb", "vmx-ept-1gb", NULL, NULL,
1351             "vmx-invept", "vmx-eptad", "vmx-ept-advanced-exitinfo", NULL,
1352             NULL, "vmx-invept-single-context", "vmx-invept-all-context", NULL,
1353             NULL, NULL, NULL, NULL,
1354             "vmx-invvpid", NULL, NULL, NULL,
1355             NULL, NULL, NULL, NULL,
1356             "vmx-invvpid-single-addr", "vmx-invept-single-context",
1357                 "vmx-invvpid-all-context", "vmx-invept-single-context-noglobals",
1358             NULL, NULL, NULL, NULL,
1359             NULL, NULL, NULL, NULL,
1360             NULL, NULL, NULL, NULL,
1361             NULL, NULL, NULL, NULL,
1362             NULL, NULL, NULL, NULL,
1363         },
1364         .msr = {
1365             .index = MSR_IA32_VMX_EPT_VPID_CAP,
1366         }
1367     },
1368 
1369     [FEAT_VMX_BASIC] = {
1370         .type = MSR_FEATURE_WORD,
1371         .feat_names = {
1372             [54] = "vmx-ins-outs",
1373             [55] = "vmx-true-ctls",
1374         },
1375         .msr = {
1376             .index = MSR_IA32_VMX_BASIC,
1377         },
1378         /* Just to be safe - we don't support setting the MSEG version field.  */
1379         .no_autoenable_flags = MSR_VMX_BASIC_DUAL_MONITOR,
1380     },
1381 
1382     [FEAT_VMX_VMFUNC] = {
1383         .type = MSR_FEATURE_WORD,
1384         .feat_names = {
1385             [0] = "vmx-eptp-switching",
1386         },
1387         .msr = {
1388             .index = MSR_IA32_VMX_VMFUNC,
1389         }
1390     },
1391 
1392 };
1393 
1394 typedef struct FeatureMask {
1395     FeatureWord index;
1396     uint64_t mask;
1397 } FeatureMask;
1398 
1399 typedef struct FeatureDep {
1400     FeatureMask from, to;
1401 } FeatureDep;
1402 
1403 static FeatureDep feature_dependencies[] = {
1404     {
1405         .from = { FEAT_7_0_EDX,             CPUID_7_0_EDX_ARCH_CAPABILITIES },
1406         .to = { FEAT_ARCH_CAPABILITIES,     ~0ull },
1407     },
1408     {
1409         .from = { FEAT_7_0_EDX,             CPUID_7_0_EDX_CORE_CAPABILITY },
1410         .to = { FEAT_CORE_CAPABILITY,       ~0ull },
1411     },
1412     {
1413         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1414         .to = { FEAT_VMX_PROCBASED_CTLS,    ~0ull },
1415     },
1416     {
1417         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1418         .to = { FEAT_VMX_PINBASED_CTLS,     ~0ull },
1419     },
1420     {
1421         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1422         .to = { FEAT_VMX_EXIT_CTLS,         ~0ull },
1423     },
1424     {
1425         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1426         .to = { FEAT_VMX_ENTRY_CTLS,        ~0ull },
1427     },
1428     {
1429         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1430         .to = { FEAT_VMX_MISC,              ~0ull },
1431     },
1432     {
1433         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1434         .to = { FEAT_VMX_BASIC,             ~0ull },
1435     },
1436     {
1437         .from = { FEAT_8000_0001_EDX,       CPUID_EXT2_LM },
1438         .to = { FEAT_VMX_ENTRY_CTLS,        VMX_VM_ENTRY_IA32E_MODE },
1439     },
1440     {
1441         .from = { FEAT_VMX_PROCBASED_CTLS,  VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS },
1442         .to = { FEAT_VMX_SECONDARY_CTLS,    ~0ull },
1443     },
1444     {
1445         .from = { FEAT_XSAVE,               CPUID_XSAVE_XSAVES },
1446         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_XSAVES },
1447     },
1448     {
1449         .from = { FEAT_1_ECX,               CPUID_EXT_RDRAND },
1450         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDRAND_EXITING },
1451     },
1452     {
1453         .from = { FEAT_7_0_EBX,             CPUID_7_0_EBX_INVPCID },
1454         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_ENABLE_INVPCID },
1455     },
1456     {
1457         .from = { FEAT_7_0_EBX,             CPUID_7_0_EBX_RDSEED },
1458         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDSEED_EXITING },
1459     },
1460     {
1461         .from = { FEAT_8000_0001_EDX,       CPUID_EXT2_RDTSCP },
1462         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDTSCP },
1463     },
1464     {
1465         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_EPT },
1466         .to = { FEAT_VMX_EPT_VPID_CAPS,     0xffffffffull },
1467     },
1468     {
1469         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_EPT },
1470         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST },
1471     },
1472     {
1473         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_VPID },
1474         .to = { FEAT_VMX_EPT_VPID_CAPS,     0xffffffffull << 32 },
1475     },
1476     {
1477         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_VMFUNC },
1478         .to = { FEAT_VMX_VMFUNC,            ~0ull },
1479     },
1480 };
1481 
1482 typedef struct X86RegisterInfo32 {
1483     /* Name of register */
1484     const char *name;
1485     /* QAPI enum value register */
1486     X86CPURegister32 qapi_enum;
1487 } X86RegisterInfo32;
1488 
1489 #define REGISTER(reg) \
1490     [R_##reg] = { .name = #reg, .qapi_enum = X86_CPU_REGISTER32_##reg }
1491 static const X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
1492     REGISTER(EAX),
1493     REGISTER(ECX),
1494     REGISTER(EDX),
1495     REGISTER(EBX),
1496     REGISTER(ESP),
1497     REGISTER(EBP),
1498     REGISTER(ESI),
1499     REGISTER(EDI),
1500 };
1501 #undef REGISTER
1502 
1503 typedef struct ExtSaveArea {
1504     uint32_t feature, bits;
1505     uint32_t offset, size;
1506 } ExtSaveArea;
1507 
1508 static const ExtSaveArea x86_ext_save_areas[] = {
1509     [XSTATE_FP_BIT] = {
1510         /* x87 FP state component is always enabled if XSAVE is supported */
1511         .feature = FEAT_1_ECX, .bits = CPUID_EXT_XSAVE,
1512         /* x87 state is in the legacy region of the XSAVE area */
1513         .offset = 0,
1514         .size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader),
1515     },
1516     [XSTATE_SSE_BIT] = {
1517         /* SSE state component is always enabled if XSAVE is supported */
1518         .feature = FEAT_1_ECX, .bits = CPUID_EXT_XSAVE,
1519         /* SSE state is in the legacy region of the XSAVE area */
1520         .offset = 0,
1521         .size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader),
1522     },
1523     [XSTATE_YMM_BIT] =
1524           { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX,
1525             .offset = offsetof(X86XSaveArea, avx_state),
1526             .size = sizeof(XSaveAVX) },
1527     [XSTATE_BNDREGS_BIT] =
1528           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_MPX,
1529             .offset = offsetof(X86XSaveArea, bndreg_state),
1530             .size = sizeof(XSaveBNDREG)  },
1531     [XSTATE_BNDCSR_BIT] =
1532           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_MPX,
1533             .offset = offsetof(X86XSaveArea, bndcsr_state),
1534             .size = sizeof(XSaveBNDCSR)  },
1535     [XSTATE_OPMASK_BIT] =
1536           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1537             .offset = offsetof(X86XSaveArea, opmask_state),
1538             .size = sizeof(XSaveOpmask) },
1539     [XSTATE_ZMM_Hi256_BIT] =
1540           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1541             .offset = offsetof(X86XSaveArea, zmm_hi256_state),
1542             .size = sizeof(XSaveZMM_Hi256) },
1543     [XSTATE_Hi16_ZMM_BIT] =
1544           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1545             .offset = offsetof(X86XSaveArea, hi16_zmm_state),
1546             .size = sizeof(XSaveHi16_ZMM) },
1547     [XSTATE_PKRU_BIT] =
1548           { .feature = FEAT_7_0_ECX, .bits = CPUID_7_0_ECX_PKU,
1549             .offset = offsetof(X86XSaveArea, pkru_state),
1550             .size = sizeof(XSavePKRU) },
1551 };
1552 
1553 static uint32_t xsave_area_size(uint64_t mask)
1554 {
1555     int i;
1556     uint64_t ret = 0;
1557 
1558     for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
1559         const ExtSaveArea *esa = &x86_ext_save_areas[i];
1560         if ((mask >> i) & 1) {
1561             ret = MAX(ret, esa->offset + esa->size);
1562         }
1563     }
1564     return ret;
1565 }
1566 
1567 static inline bool accel_uses_host_cpuid(void)
1568 {
1569     return kvm_enabled() || hvf_enabled();
1570 }
1571 
1572 static inline uint64_t x86_cpu_xsave_components(X86CPU *cpu)
1573 {
1574     return ((uint64_t)cpu->env.features[FEAT_XSAVE_COMP_HI]) << 32 |
1575            cpu->env.features[FEAT_XSAVE_COMP_LO];
1576 }
1577 
1578 const char *get_register_name_32(unsigned int reg)
1579 {
1580     if (reg >= CPU_NB_REGS32) {
1581         return NULL;
1582     }
1583     return x86_reg_info_32[reg].name;
1584 }
1585 
1586 /*
1587  * Returns the set of feature flags that are supported and migratable by
1588  * QEMU, for a given FeatureWord.
1589  */
1590 static uint64_t x86_cpu_get_migratable_flags(FeatureWord w)
1591 {
1592     FeatureWordInfo *wi = &feature_word_info[w];
1593     uint64_t r = 0;
1594     int i;
1595 
1596     for (i = 0; i < 64; i++) {
1597         uint64_t f = 1ULL << i;
1598 
1599         /* If the feature name is known, it is implicitly considered migratable,
1600          * unless it is explicitly set in unmigratable_flags */
1601         if ((wi->migratable_flags & f) ||
1602             (wi->feat_names[i] && !(wi->unmigratable_flags & f))) {
1603             r |= f;
1604         }
1605     }
1606     return r;
1607 }
1608 
1609 void host_cpuid(uint32_t function, uint32_t count,
1610                 uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx)
1611 {
1612     uint32_t vec[4];
1613 
1614 #ifdef __x86_64__
1615     asm volatile("cpuid"
1616                  : "=a"(vec[0]), "=b"(vec[1]),
1617                    "=c"(vec[2]), "=d"(vec[3])
1618                  : "0"(function), "c"(count) : "cc");
1619 #elif defined(__i386__)
1620     asm volatile("pusha \n\t"
1621                  "cpuid \n\t"
1622                  "mov %%eax, 0(%2) \n\t"
1623                  "mov %%ebx, 4(%2) \n\t"
1624                  "mov %%ecx, 8(%2) \n\t"
1625                  "mov %%edx, 12(%2) \n\t"
1626                  "popa"
1627                  : : "a"(function), "c"(count), "S"(vec)
1628                  : "memory", "cc");
1629 #else
1630     abort();
1631 #endif
1632 
1633     if (eax)
1634         *eax = vec[0];
1635     if (ebx)
1636         *ebx = vec[1];
1637     if (ecx)
1638         *ecx = vec[2];
1639     if (edx)
1640         *edx = vec[3];
1641 }
1642 
1643 void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
1644 {
1645     uint32_t eax, ebx, ecx, edx;
1646 
1647     host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
1648     x86_cpu_vendor_words2str(vendor, ebx, edx, ecx);
1649 
1650     host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx);
1651     if (family) {
1652         *family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
1653     }
1654     if (model) {
1655         *model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12);
1656     }
1657     if (stepping) {
1658         *stepping = eax & 0x0F;
1659     }
1660 }
1661 
1662 /* CPU class name definitions: */
1663 
1664 /* Return type name for a given CPU model name
1665  * Caller is responsible for freeing the returned string.
1666  */
1667 static char *x86_cpu_type_name(const char *model_name)
1668 {
1669     return g_strdup_printf(X86_CPU_TYPE_NAME("%s"), model_name);
1670 }
1671 
1672 static ObjectClass *x86_cpu_class_by_name(const char *cpu_model)
1673 {
1674     ObjectClass *oc;
1675     char *typename = x86_cpu_type_name(cpu_model);
1676     oc = object_class_by_name(typename);
1677     g_free(typename);
1678     return oc;
1679 }
1680 
1681 static char *x86_cpu_class_get_model_name(X86CPUClass *cc)
1682 {
1683     const char *class_name = object_class_get_name(OBJECT_CLASS(cc));
1684     assert(g_str_has_suffix(class_name, X86_CPU_TYPE_SUFFIX));
1685     return g_strndup(class_name,
1686                      strlen(class_name) - strlen(X86_CPU_TYPE_SUFFIX));
1687 }
1688 
1689 typedef struct PropValue {
1690     const char *prop, *value;
1691 } PropValue;
1692 
1693 typedef struct X86CPUVersionDefinition {
1694     X86CPUVersion version;
1695     const char *alias;
1696     PropValue *props;
1697 } X86CPUVersionDefinition;
1698 
1699 /* Base definition for a CPU model */
1700 typedef struct X86CPUDefinition {
1701     const char *name;
1702     uint32_t level;
1703     uint32_t xlevel;
1704     /* vendor is zero-terminated, 12 character ASCII string */
1705     char vendor[CPUID_VENDOR_SZ + 1];
1706     int family;
1707     int model;
1708     int stepping;
1709     FeatureWordArray features;
1710     const char *model_id;
1711     CPUCaches *cache_info;
1712     /*
1713      * Definitions for alternative versions of CPU model.
1714      * List is terminated by item with version == 0.
1715      * If NULL, version 1 will be registered automatically.
1716      */
1717     const X86CPUVersionDefinition *versions;
1718 } X86CPUDefinition;
1719 
1720 /* Reference to a specific CPU model version */
1721 struct X86CPUModel {
1722     /* Base CPU definition */
1723     X86CPUDefinition *cpudef;
1724     /* CPU model version */
1725     X86CPUVersion version;
1726     /*
1727      * If true, this is an alias CPU model.
1728      * This matters only for "-cpu help" and query-cpu-definitions
1729      */
1730     bool is_alias;
1731 };
1732 
1733 /* Get full model name for CPU version */
1734 static char *x86_cpu_versioned_model_name(X86CPUDefinition *cpudef,
1735                                           X86CPUVersion version)
1736 {
1737     assert(version > 0);
1738     return g_strdup_printf("%s-v%d", cpudef->name, (int)version);
1739 }
1740 
1741 static const X86CPUVersionDefinition *x86_cpu_def_get_versions(X86CPUDefinition *def)
1742 {
1743     /* When X86CPUDefinition::versions is NULL, we register only v1 */
1744     static const X86CPUVersionDefinition default_version_list[] = {
1745         { 1 },
1746         { /* end of list */ }
1747     };
1748 
1749     return def->versions ?: default_version_list;
1750 }
1751 
1752 static CPUCaches epyc_cache_info = {
1753     .l1d_cache = &(CPUCacheInfo) {
1754         .type = DATA_CACHE,
1755         .level = 1,
1756         .size = 32 * KiB,
1757         .line_size = 64,
1758         .associativity = 8,
1759         .partitions = 1,
1760         .sets = 64,
1761         .lines_per_tag = 1,
1762         .self_init = 1,
1763         .no_invd_sharing = true,
1764     },
1765     .l1i_cache = &(CPUCacheInfo) {
1766         .type = INSTRUCTION_CACHE,
1767         .level = 1,
1768         .size = 64 * KiB,
1769         .line_size = 64,
1770         .associativity = 4,
1771         .partitions = 1,
1772         .sets = 256,
1773         .lines_per_tag = 1,
1774         .self_init = 1,
1775         .no_invd_sharing = true,
1776     },
1777     .l2_cache = &(CPUCacheInfo) {
1778         .type = UNIFIED_CACHE,
1779         .level = 2,
1780         .size = 512 * KiB,
1781         .line_size = 64,
1782         .associativity = 8,
1783         .partitions = 1,
1784         .sets = 1024,
1785         .lines_per_tag = 1,
1786     },
1787     .l3_cache = &(CPUCacheInfo) {
1788         .type = UNIFIED_CACHE,
1789         .level = 3,
1790         .size = 8 * MiB,
1791         .line_size = 64,
1792         .associativity = 16,
1793         .partitions = 1,
1794         .sets = 8192,
1795         .lines_per_tag = 1,
1796         .self_init = true,
1797         .inclusive = true,
1798         .complex_indexing = true,
1799     },
1800 };
1801 
1802 static X86CPUDefinition builtin_x86_defs[] = {
1803     {
1804         .name = "qemu64",
1805         .level = 0xd,
1806         .vendor = CPUID_VENDOR_AMD,
1807         .family = 6,
1808         .model = 6,
1809         .stepping = 3,
1810         .features[FEAT_1_EDX] =
1811             PPRO_FEATURES |
1812             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1813             CPUID_PSE36,
1814         .features[FEAT_1_ECX] =
1815             CPUID_EXT_SSE3 | CPUID_EXT_CX16,
1816         .features[FEAT_8000_0001_EDX] =
1817             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1818         .features[FEAT_8000_0001_ECX] =
1819             CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM,
1820         .xlevel = 0x8000000A,
1821         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
1822     },
1823     {
1824         .name = "phenom",
1825         .level = 5,
1826         .vendor = CPUID_VENDOR_AMD,
1827         .family = 16,
1828         .model = 2,
1829         .stepping = 3,
1830         /* Missing: CPUID_HT */
1831         .features[FEAT_1_EDX] =
1832             PPRO_FEATURES |
1833             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1834             CPUID_PSE36 | CPUID_VME,
1835         .features[FEAT_1_ECX] =
1836             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_CX16 |
1837             CPUID_EXT_POPCNT,
1838         .features[FEAT_8000_0001_EDX] =
1839             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX |
1840             CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | CPUID_EXT2_MMXEXT |
1841             CPUID_EXT2_FFXSR | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP,
1842         /* Missing: CPUID_EXT3_CMP_LEG, CPUID_EXT3_EXTAPIC,
1843                     CPUID_EXT3_CR8LEG,
1844                     CPUID_EXT3_MISALIGNSSE, CPUID_EXT3_3DNOWPREFETCH,
1845                     CPUID_EXT3_OSVW, CPUID_EXT3_IBS */
1846         .features[FEAT_8000_0001_ECX] =
1847             CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM |
1848             CPUID_EXT3_ABM | CPUID_EXT3_SSE4A,
1849         /* Missing: CPUID_SVM_LBRV */
1850         .features[FEAT_SVM] =
1851             CPUID_SVM_NPT,
1852         .xlevel = 0x8000001A,
1853         .model_id = "AMD Phenom(tm) 9550 Quad-Core Processor"
1854     },
1855     {
1856         .name = "core2duo",
1857         .level = 10,
1858         .vendor = CPUID_VENDOR_INTEL,
1859         .family = 6,
1860         .model = 15,
1861         .stepping = 11,
1862         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
1863         .features[FEAT_1_EDX] =
1864             PPRO_FEATURES |
1865             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1866             CPUID_PSE36 | CPUID_VME | CPUID_ACPI | CPUID_SS,
1867         /* Missing: CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_EST,
1868          * CPUID_EXT_TM2, CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_VMX */
1869         .features[FEAT_1_ECX] =
1870             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
1871             CPUID_EXT_CX16,
1872         .features[FEAT_8000_0001_EDX] =
1873             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1874         .features[FEAT_8000_0001_ECX] =
1875             CPUID_EXT3_LAHF_LM,
1876         .xlevel = 0x80000008,
1877         .model_id = "Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz",
1878     },
1879     {
1880         .name = "kvm64",
1881         .level = 0xd,
1882         .vendor = CPUID_VENDOR_INTEL,
1883         .family = 15,
1884         .model = 6,
1885         .stepping = 1,
1886         /* Missing: CPUID_HT */
1887         .features[FEAT_1_EDX] =
1888             PPRO_FEATURES | CPUID_VME |
1889             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1890             CPUID_PSE36,
1891         /* Missing: CPUID_EXT_POPCNT, CPUID_EXT_MONITOR */
1892         .features[FEAT_1_ECX] =
1893             CPUID_EXT_SSE3 | CPUID_EXT_CX16,
1894         /* Missing: CPUID_EXT2_PDPE1GB, CPUID_EXT2_RDTSCP */
1895         .features[FEAT_8000_0001_EDX] =
1896             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1897         /* Missing: CPUID_EXT3_LAHF_LM, CPUID_EXT3_CMP_LEG, CPUID_EXT3_EXTAPIC,
1898                     CPUID_EXT3_CR8LEG, CPUID_EXT3_ABM, CPUID_EXT3_SSE4A,
1899                     CPUID_EXT3_MISALIGNSSE, CPUID_EXT3_3DNOWPREFETCH,
1900                     CPUID_EXT3_OSVW, CPUID_EXT3_IBS, CPUID_EXT3_SVM */
1901         .features[FEAT_8000_0001_ECX] =
1902             0,
1903         .xlevel = 0x80000008,
1904         .model_id = "Common KVM processor"
1905     },
1906     {
1907         .name = "qemu32",
1908         .level = 4,
1909         .vendor = CPUID_VENDOR_INTEL,
1910         .family = 6,
1911         .model = 6,
1912         .stepping = 3,
1913         .features[FEAT_1_EDX] =
1914             PPRO_FEATURES,
1915         .features[FEAT_1_ECX] =
1916             CPUID_EXT_SSE3,
1917         .xlevel = 0x80000004,
1918         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
1919     },
1920     {
1921         .name = "kvm32",
1922         .level = 5,
1923         .vendor = CPUID_VENDOR_INTEL,
1924         .family = 15,
1925         .model = 6,
1926         .stepping = 1,
1927         .features[FEAT_1_EDX] =
1928             PPRO_FEATURES | CPUID_VME |
1929             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_PSE36,
1930         .features[FEAT_1_ECX] =
1931             CPUID_EXT_SSE3,
1932         .features[FEAT_8000_0001_ECX] =
1933             0,
1934         .xlevel = 0x80000008,
1935         .model_id = "Common 32-bit KVM processor"
1936     },
1937     {
1938         .name = "coreduo",
1939         .level = 10,
1940         .vendor = CPUID_VENDOR_INTEL,
1941         .family = 6,
1942         .model = 14,
1943         .stepping = 8,
1944         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
1945         .features[FEAT_1_EDX] =
1946             PPRO_FEATURES | CPUID_VME |
1947             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_ACPI |
1948             CPUID_SS,
1949         /* Missing: CPUID_EXT_EST, CPUID_EXT_TM2 , CPUID_EXT_XTPR,
1950          * CPUID_EXT_PDCM, CPUID_EXT_VMX */
1951         .features[FEAT_1_ECX] =
1952             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR,
1953         .features[FEAT_8000_0001_EDX] =
1954             CPUID_EXT2_NX,
1955         .xlevel = 0x80000008,
1956         .model_id = "Genuine Intel(R) CPU           T2600  @ 2.16GHz",
1957     },
1958     {
1959         .name = "486",
1960         .level = 1,
1961         .vendor = CPUID_VENDOR_INTEL,
1962         .family = 4,
1963         .model = 8,
1964         .stepping = 0,
1965         .features[FEAT_1_EDX] =
1966             I486_FEATURES,
1967         .xlevel = 0,
1968         .model_id = "",
1969     },
1970     {
1971         .name = "pentium",
1972         .level = 1,
1973         .vendor = CPUID_VENDOR_INTEL,
1974         .family = 5,
1975         .model = 4,
1976         .stepping = 3,
1977         .features[FEAT_1_EDX] =
1978             PENTIUM_FEATURES,
1979         .xlevel = 0,
1980         .model_id = "",
1981     },
1982     {
1983         .name = "pentium2",
1984         .level = 2,
1985         .vendor = CPUID_VENDOR_INTEL,
1986         .family = 6,
1987         .model = 5,
1988         .stepping = 2,
1989         .features[FEAT_1_EDX] =
1990             PENTIUM2_FEATURES,
1991         .xlevel = 0,
1992         .model_id = "",
1993     },
1994     {
1995         .name = "pentium3",
1996         .level = 3,
1997         .vendor = CPUID_VENDOR_INTEL,
1998         .family = 6,
1999         .model = 7,
2000         .stepping = 3,
2001         .features[FEAT_1_EDX] =
2002             PENTIUM3_FEATURES,
2003         .xlevel = 0,
2004         .model_id = "",
2005     },
2006     {
2007         .name = "athlon",
2008         .level = 2,
2009         .vendor = CPUID_VENDOR_AMD,
2010         .family = 6,
2011         .model = 2,
2012         .stepping = 3,
2013         .features[FEAT_1_EDX] =
2014             PPRO_FEATURES | CPUID_PSE36 | CPUID_VME | CPUID_MTRR |
2015             CPUID_MCA,
2016         .features[FEAT_8000_0001_EDX] =
2017             CPUID_EXT2_MMXEXT | CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT,
2018         .xlevel = 0x80000008,
2019         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
2020     },
2021     {
2022         .name = "n270",
2023         .level = 10,
2024         .vendor = CPUID_VENDOR_INTEL,
2025         .family = 6,
2026         .model = 28,
2027         .stepping = 2,
2028         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
2029         .features[FEAT_1_EDX] =
2030             PPRO_FEATURES |
2031             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_VME |
2032             CPUID_ACPI | CPUID_SS,
2033             /* Some CPUs got no CPUID_SEP */
2034         /* Missing: CPUID_EXT_DSCPL, CPUID_EXT_EST, CPUID_EXT_TM2,
2035          * CPUID_EXT_XTPR */
2036         .features[FEAT_1_ECX] =
2037             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
2038             CPUID_EXT_MOVBE,
2039         .features[FEAT_8000_0001_EDX] =
2040             CPUID_EXT2_NX,
2041         .features[FEAT_8000_0001_ECX] =
2042             CPUID_EXT3_LAHF_LM,
2043         .xlevel = 0x80000008,
2044         .model_id = "Intel(R) Atom(TM) CPU N270   @ 1.60GHz",
2045     },
2046     {
2047         .name = "Conroe",
2048         .level = 10,
2049         .vendor = CPUID_VENDOR_INTEL,
2050         .family = 6,
2051         .model = 15,
2052         .stepping = 3,
2053         .features[FEAT_1_EDX] =
2054             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2055             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2056             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2057             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2058             CPUID_DE | CPUID_FP87,
2059         .features[FEAT_1_ECX] =
2060             CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
2061         .features[FEAT_8000_0001_EDX] =
2062             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2063         .features[FEAT_8000_0001_ECX] =
2064             CPUID_EXT3_LAHF_LM,
2065         .xlevel = 0x80000008,
2066         .model_id = "Intel Celeron_4x0 (Conroe/Merom Class Core 2)",
2067     },
2068     {
2069         .name = "Penryn",
2070         .level = 10,
2071         .vendor = CPUID_VENDOR_INTEL,
2072         .family = 6,
2073         .model = 23,
2074         .stepping = 3,
2075         .features[FEAT_1_EDX] =
2076             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2077             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2078             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2079             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2080             CPUID_DE | CPUID_FP87,
2081         .features[FEAT_1_ECX] =
2082             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2083             CPUID_EXT_SSE3,
2084         .features[FEAT_8000_0001_EDX] =
2085             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2086         .features[FEAT_8000_0001_ECX] =
2087             CPUID_EXT3_LAHF_LM,
2088         .xlevel = 0x80000008,
2089         .model_id = "Intel Core 2 Duo P9xxx (Penryn Class Core 2)",
2090     },
2091     {
2092         .name = "Nehalem",
2093         .level = 11,
2094         .vendor = CPUID_VENDOR_INTEL,
2095         .family = 6,
2096         .model = 26,
2097         .stepping = 3,
2098         .features[FEAT_1_EDX] =
2099             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2100             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2101             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2102             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2103             CPUID_DE | CPUID_FP87,
2104         .features[FEAT_1_ECX] =
2105             CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2106             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
2107         .features[FEAT_8000_0001_EDX] =
2108             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2109         .features[FEAT_8000_0001_ECX] =
2110             CPUID_EXT3_LAHF_LM,
2111         .xlevel = 0x80000008,
2112         .model_id = "Intel Core i7 9xx (Nehalem Class Core i7)",
2113         .versions = (X86CPUVersionDefinition[]) {
2114             { .version = 1 },
2115             {
2116                 .version = 2,
2117                 .alias = "Nehalem-IBRS",
2118                 .props = (PropValue[]) {
2119                     { "spec-ctrl", "on" },
2120                     { "model-id",
2121                       "Intel Core i7 9xx (Nehalem Core i7, IBRS update)" },
2122                     { /* end of list */ }
2123                 }
2124             },
2125             { /* end of list */ }
2126         }
2127     },
2128     {
2129         .name = "Westmere",
2130         .level = 11,
2131         .vendor = CPUID_VENDOR_INTEL,
2132         .family = 6,
2133         .model = 44,
2134         .stepping = 1,
2135         .features[FEAT_1_EDX] =
2136             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2137             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2138             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2139             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2140             CPUID_DE | CPUID_FP87,
2141         .features[FEAT_1_ECX] =
2142             CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
2143             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2144             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
2145         .features[FEAT_8000_0001_EDX] =
2146             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2147         .features[FEAT_8000_0001_ECX] =
2148             CPUID_EXT3_LAHF_LM,
2149         .features[FEAT_6_EAX] =
2150             CPUID_6_EAX_ARAT,
2151         .xlevel = 0x80000008,
2152         .model_id = "Westmere E56xx/L56xx/X56xx (Nehalem-C)",
2153         .versions = (X86CPUVersionDefinition[]) {
2154             { .version = 1 },
2155             {
2156                 .version = 2,
2157                 .alias = "Westmere-IBRS",
2158                 .props = (PropValue[]) {
2159                     { "spec-ctrl", "on" },
2160                     { "model-id",
2161                       "Westmere E56xx/L56xx/X56xx (IBRS update)" },
2162                     { /* end of list */ }
2163                 }
2164             },
2165             { /* end of list */ }
2166         }
2167     },
2168     {
2169         .name = "SandyBridge",
2170         .level = 0xd,
2171         .vendor = CPUID_VENDOR_INTEL,
2172         .family = 6,
2173         .model = 42,
2174         .stepping = 1,
2175         .features[FEAT_1_EDX] =
2176             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2177             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2178             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2179             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2180             CPUID_DE | CPUID_FP87,
2181         .features[FEAT_1_ECX] =
2182             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2183             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
2184             CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2185             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2186             CPUID_EXT_SSE3,
2187         .features[FEAT_8000_0001_EDX] =
2188             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2189             CPUID_EXT2_SYSCALL,
2190         .features[FEAT_8000_0001_ECX] =
2191             CPUID_EXT3_LAHF_LM,
2192         .features[FEAT_XSAVE] =
2193             CPUID_XSAVE_XSAVEOPT,
2194         .features[FEAT_6_EAX] =
2195             CPUID_6_EAX_ARAT,
2196         .xlevel = 0x80000008,
2197         .model_id = "Intel Xeon E312xx (Sandy Bridge)",
2198         .versions = (X86CPUVersionDefinition[]) {
2199             { .version = 1 },
2200             {
2201                 .version = 2,
2202                 .alias = "SandyBridge-IBRS",
2203                 .props = (PropValue[]) {
2204                     { "spec-ctrl", "on" },
2205                     { "model-id",
2206                       "Intel Xeon E312xx (Sandy Bridge, IBRS update)" },
2207                     { /* end of list */ }
2208                 }
2209             },
2210             { /* end of list */ }
2211         }
2212     },
2213     {
2214         .name = "IvyBridge",
2215         .level = 0xd,
2216         .vendor = CPUID_VENDOR_INTEL,
2217         .family = 6,
2218         .model = 58,
2219         .stepping = 9,
2220         .features[FEAT_1_EDX] =
2221             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2222             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2223             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2224             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2225             CPUID_DE | CPUID_FP87,
2226         .features[FEAT_1_ECX] =
2227             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2228             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
2229             CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2230             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2231             CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2232         .features[FEAT_7_0_EBX] =
2233             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
2234             CPUID_7_0_EBX_ERMS,
2235         .features[FEAT_8000_0001_EDX] =
2236             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2237             CPUID_EXT2_SYSCALL,
2238         .features[FEAT_8000_0001_ECX] =
2239             CPUID_EXT3_LAHF_LM,
2240         .features[FEAT_XSAVE] =
2241             CPUID_XSAVE_XSAVEOPT,
2242         .features[FEAT_6_EAX] =
2243             CPUID_6_EAX_ARAT,
2244         .xlevel = 0x80000008,
2245         .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge)",
2246         .versions = (X86CPUVersionDefinition[]) {
2247             { .version = 1 },
2248             {
2249                 .version = 2,
2250                 .alias = "IvyBridge-IBRS",
2251                 .props = (PropValue[]) {
2252                     { "spec-ctrl", "on" },
2253                     { "model-id",
2254                       "Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)" },
2255                     { /* end of list */ }
2256                 }
2257             },
2258             { /* end of list */ }
2259         }
2260     },
2261     {
2262         .name = "Haswell",
2263         .level = 0xd,
2264         .vendor = CPUID_VENDOR_INTEL,
2265         .family = 6,
2266         .model = 60,
2267         .stepping = 4,
2268         .features[FEAT_1_EDX] =
2269             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2270             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2271             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2272             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2273             CPUID_DE | CPUID_FP87,
2274         .features[FEAT_1_ECX] =
2275             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2276             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2277             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2278             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2279             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2280             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2281         .features[FEAT_8000_0001_EDX] =
2282             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2283             CPUID_EXT2_SYSCALL,
2284         .features[FEAT_8000_0001_ECX] =
2285             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM,
2286         .features[FEAT_7_0_EBX] =
2287             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2288             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2289             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2290             CPUID_7_0_EBX_RTM,
2291         .features[FEAT_XSAVE] =
2292             CPUID_XSAVE_XSAVEOPT,
2293         .features[FEAT_6_EAX] =
2294             CPUID_6_EAX_ARAT,
2295         .xlevel = 0x80000008,
2296         .model_id = "Intel Core Processor (Haswell)",
2297         .versions = (X86CPUVersionDefinition[]) {
2298             { .version = 1 },
2299             {
2300                 .version = 2,
2301                 .alias = "Haswell-noTSX",
2302                 .props = (PropValue[]) {
2303                     { "hle", "off" },
2304                     { "rtm", "off" },
2305                     { "stepping", "1" },
2306                     { "model-id", "Intel Core Processor (Haswell, no TSX)", },
2307                     { /* end of list */ }
2308                 },
2309             },
2310             {
2311                 .version = 3,
2312                 .alias = "Haswell-IBRS",
2313                 .props = (PropValue[]) {
2314                     /* Restore TSX features removed by -v2 above */
2315                     { "hle", "on" },
2316                     { "rtm", "on" },
2317                     /*
2318                      * Haswell and Haswell-IBRS had stepping=4 in
2319                      * QEMU 4.0 and older
2320                      */
2321                     { "stepping", "4" },
2322                     { "spec-ctrl", "on" },
2323                     { "model-id",
2324                       "Intel Core Processor (Haswell, IBRS)" },
2325                     { /* end of list */ }
2326                 }
2327             },
2328             {
2329                 .version = 4,
2330                 .alias = "Haswell-noTSX-IBRS",
2331                 .props = (PropValue[]) {
2332                     { "hle", "off" },
2333                     { "rtm", "off" },
2334                     /* spec-ctrl was already enabled by -v3 above */
2335                     { "stepping", "1" },
2336                     { "model-id",
2337                       "Intel Core Processor (Haswell, no TSX, IBRS)" },
2338                     { /* end of list */ }
2339                 }
2340             },
2341             { /* end of list */ }
2342         }
2343     },
2344     {
2345         .name = "Broadwell",
2346         .level = 0xd,
2347         .vendor = CPUID_VENDOR_INTEL,
2348         .family = 6,
2349         .model = 61,
2350         .stepping = 2,
2351         .features[FEAT_1_EDX] =
2352             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2353             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2354             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2355             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2356             CPUID_DE | CPUID_FP87,
2357         .features[FEAT_1_ECX] =
2358             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2359             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2360             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2361             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2362             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2363             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2364         .features[FEAT_8000_0001_EDX] =
2365             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2366             CPUID_EXT2_SYSCALL,
2367         .features[FEAT_8000_0001_ECX] =
2368             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2369         .features[FEAT_7_0_EBX] =
2370             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2371             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2372             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2373             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2374             CPUID_7_0_EBX_SMAP,
2375         .features[FEAT_XSAVE] =
2376             CPUID_XSAVE_XSAVEOPT,
2377         .features[FEAT_6_EAX] =
2378             CPUID_6_EAX_ARAT,
2379         .xlevel = 0x80000008,
2380         .model_id = "Intel Core Processor (Broadwell)",
2381         .versions = (X86CPUVersionDefinition[]) {
2382             { .version = 1 },
2383             {
2384                 .version = 2,
2385                 .alias = "Broadwell-noTSX",
2386                 .props = (PropValue[]) {
2387                     { "hle", "off" },
2388                     { "rtm", "off" },
2389                     { "model-id", "Intel Core Processor (Broadwell, no TSX)", },
2390                     { /* end of list */ }
2391                 },
2392             },
2393             {
2394                 .version = 3,
2395                 .alias = "Broadwell-IBRS",
2396                 .props = (PropValue[]) {
2397                     /* Restore TSX features removed by -v2 above */
2398                     { "hle", "on" },
2399                     { "rtm", "on" },
2400                     { "spec-ctrl", "on" },
2401                     { "model-id",
2402                       "Intel Core Processor (Broadwell, IBRS)" },
2403                     { /* end of list */ }
2404                 }
2405             },
2406             {
2407                 .version = 4,
2408                 .alias = "Broadwell-noTSX-IBRS",
2409                 .props = (PropValue[]) {
2410                     { "hle", "off" },
2411                     { "rtm", "off" },
2412                     /* spec-ctrl was already enabled by -v3 above */
2413                     { "model-id",
2414                       "Intel Core Processor (Broadwell, no TSX, IBRS)" },
2415                     { /* end of list */ }
2416                 }
2417             },
2418             { /* end of list */ }
2419         }
2420     },
2421     {
2422         .name = "Skylake-Client",
2423         .level = 0xd,
2424         .vendor = CPUID_VENDOR_INTEL,
2425         .family = 6,
2426         .model = 94,
2427         .stepping = 3,
2428         .features[FEAT_1_EDX] =
2429             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2430             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2431             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2432             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2433             CPUID_DE | CPUID_FP87,
2434         .features[FEAT_1_ECX] =
2435             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2436             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2437             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2438             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2439             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2440             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2441         .features[FEAT_8000_0001_EDX] =
2442             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2443             CPUID_EXT2_SYSCALL,
2444         .features[FEAT_8000_0001_ECX] =
2445             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2446         .features[FEAT_7_0_EBX] =
2447             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2448             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2449             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2450             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2451             CPUID_7_0_EBX_SMAP,
2452         /* Missing: XSAVES (not supported by some Linux versions,
2453          * including v4.1 to v4.12).
2454          * KVM doesn't yet expose any XSAVES state save component,
2455          * and the only one defined in Skylake (processor tracing)
2456          * probably will block migration anyway.
2457          */
2458         .features[FEAT_XSAVE] =
2459             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2460             CPUID_XSAVE_XGETBV1,
2461         .features[FEAT_6_EAX] =
2462             CPUID_6_EAX_ARAT,
2463         .xlevel = 0x80000008,
2464         .model_id = "Intel Core Processor (Skylake)",
2465         .versions = (X86CPUVersionDefinition[]) {
2466             { .version = 1 },
2467             {
2468                 .version = 2,
2469                 .alias = "Skylake-Client-IBRS",
2470                 .props = (PropValue[]) {
2471                     { "spec-ctrl", "on" },
2472                     { "model-id",
2473                       "Intel Core Processor (Skylake, IBRS)" },
2474                     { /* end of list */ }
2475                 }
2476             },
2477             { /* end of list */ }
2478         }
2479     },
2480     {
2481         .name = "Skylake-Server",
2482         .level = 0xd,
2483         .vendor = CPUID_VENDOR_INTEL,
2484         .family = 6,
2485         .model = 85,
2486         .stepping = 4,
2487         .features[FEAT_1_EDX] =
2488             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2489             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2490             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2491             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2492             CPUID_DE | CPUID_FP87,
2493         .features[FEAT_1_ECX] =
2494             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2495             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2496             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2497             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2498             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2499             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2500         .features[FEAT_8000_0001_EDX] =
2501             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
2502             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2503         .features[FEAT_8000_0001_ECX] =
2504             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2505         .features[FEAT_7_0_EBX] =
2506             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2507             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2508             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2509             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2510             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
2511             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
2512             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
2513             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
2514         .features[FEAT_7_0_ECX] =
2515             CPUID_7_0_ECX_PKU,
2516         /* Missing: XSAVES (not supported by some Linux versions,
2517          * including v4.1 to v4.12).
2518          * KVM doesn't yet expose any XSAVES state save component,
2519          * and the only one defined in Skylake (processor tracing)
2520          * probably will block migration anyway.
2521          */
2522         .features[FEAT_XSAVE] =
2523             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2524             CPUID_XSAVE_XGETBV1,
2525         .features[FEAT_6_EAX] =
2526             CPUID_6_EAX_ARAT,
2527         .xlevel = 0x80000008,
2528         .model_id = "Intel Xeon Processor (Skylake)",
2529         .versions = (X86CPUVersionDefinition[]) {
2530             { .version = 1 },
2531             {
2532                 .version = 2,
2533                 .alias = "Skylake-Server-IBRS",
2534                 .props = (PropValue[]) {
2535                     /* clflushopt was not added to Skylake-Server-IBRS */
2536                     /* TODO: add -v3 including clflushopt */
2537                     { "clflushopt", "off" },
2538                     { "spec-ctrl", "on" },
2539                     { "model-id",
2540                       "Intel Xeon Processor (Skylake, IBRS)" },
2541                     { /* end of list */ }
2542                 }
2543             },
2544             { /* end of list */ }
2545         }
2546     },
2547     {
2548         .name = "Cascadelake-Server",
2549         .level = 0xd,
2550         .vendor = CPUID_VENDOR_INTEL,
2551         .family = 6,
2552         .model = 85,
2553         .stepping = 6,
2554         .features[FEAT_1_EDX] =
2555             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2556             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2557             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2558             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2559             CPUID_DE | CPUID_FP87,
2560         .features[FEAT_1_ECX] =
2561             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2562             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2563             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2564             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2565             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2566             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2567         .features[FEAT_8000_0001_EDX] =
2568             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
2569             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2570         .features[FEAT_8000_0001_ECX] =
2571             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2572         .features[FEAT_7_0_EBX] =
2573             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2574             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2575             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2576             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2577             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
2578             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
2579             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
2580             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
2581         .features[FEAT_7_0_ECX] =
2582             CPUID_7_0_ECX_PKU |
2583             CPUID_7_0_ECX_AVX512VNNI,
2584         .features[FEAT_7_0_EDX] =
2585             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
2586         /* Missing: XSAVES (not supported by some Linux versions,
2587                 * including v4.1 to v4.12).
2588                 * KVM doesn't yet expose any XSAVES state save component,
2589                 * and the only one defined in Skylake (processor tracing)
2590                 * probably will block migration anyway.
2591                 */
2592         .features[FEAT_XSAVE] =
2593             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2594             CPUID_XSAVE_XGETBV1,
2595         .features[FEAT_6_EAX] =
2596             CPUID_6_EAX_ARAT,
2597         .xlevel = 0x80000008,
2598         .model_id = "Intel Xeon Processor (Cascadelake)",
2599         .versions = (X86CPUVersionDefinition[]) {
2600             { .version = 1 },
2601             { .version = 2,
2602               .props = (PropValue[]) {
2603                   { "arch-capabilities", "on" },
2604                   { "rdctl-no", "on" },
2605                   { "ibrs-all", "on" },
2606                   { "skip-l1dfl-vmentry", "on" },
2607                   { "mds-no", "on" },
2608                   { /* end of list */ }
2609               },
2610             },
2611             { /* end of list */ }
2612         }
2613     },
2614     {
2615         .name = "Icelake-Client",
2616         .level = 0xd,
2617         .vendor = CPUID_VENDOR_INTEL,
2618         .family = 6,
2619         .model = 126,
2620         .stepping = 0,
2621         .features[FEAT_1_EDX] =
2622             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2623             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2624             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2625             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2626             CPUID_DE | CPUID_FP87,
2627         .features[FEAT_1_ECX] =
2628             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2629             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2630             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2631             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2632             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2633             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2634         .features[FEAT_8000_0001_EDX] =
2635             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2636             CPUID_EXT2_SYSCALL,
2637         .features[FEAT_8000_0001_ECX] =
2638             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2639         .features[FEAT_8000_0008_EBX] =
2640             CPUID_8000_0008_EBX_WBNOINVD,
2641         .features[FEAT_7_0_EBX] =
2642             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2643             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2644             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2645             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2646             CPUID_7_0_EBX_SMAP,
2647         .features[FEAT_7_0_ECX] =
2648             CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
2649             CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
2650             CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
2651             CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
2652             CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
2653         .features[FEAT_7_0_EDX] =
2654             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
2655         /* Missing: XSAVES (not supported by some Linux versions,
2656                 * including v4.1 to v4.12).
2657                 * KVM doesn't yet expose any XSAVES state save component,
2658                 * and the only one defined in Skylake (processor tracing)
2659                 * probably will block migration anyway.
2660                 */
2661         .features[FEAT_XSAVE] =
2662             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2663             CPUID_XSAVE_XGETBV1,
2664         .features[FEAT_6_EAX] =
2665             CPUID_6_EAX_ARAT,
2666         .xlevel = 0x80000008,
2667         .model_id = "Intel Core Processor (Icelake)",
2668     },
2669     {
2670         .name = "Icelake-Server",
2671         .level = 0xd,
2672         .vendor = CPUID_VENDOR_INTEL,
2673         .family = 6,
2674         .model = 134,
2675         .stepping = 0,
2676         .features[FEAT_1_EDX] =
2677             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2678             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2679             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2680             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2681             CPUID_DE | CPUID_FP87,
2682         .features[FEAT_1_ECX] =
2683             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2684             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2685             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2686             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2687             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2688             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2689         .features[FEAT_8000_0001_EDX] =
2690             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
2691             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2692         .features[FEAT_8000_0001_ECX] =
2693             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2694         .features[FEAT_8000_0008_EBX] =
2695             CPUID_8000_0008_EBX_WBNOINVD,
2696         .features[FEAT_7_0_EBX] =
2697             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2698             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2699             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2700             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2701             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
2702             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
2703             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
2704             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
2705         .features[FEAT_7_0_ECX] =
2706             CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
2707             CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
2708             CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
2709             CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
2710             CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57,
2711         .features[FEAT_7_0_EDX] =
2712             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
2713         /* Missing: XSAVES (not supported by some Linux versions,
2714                 * including v4.1 to v4.12).
2715                 * KVM doesn't yet expose any XSAVES state save component,
2716                 * and the only one defined in Skylake (processor tracing)
2717                 * probably will block migration anyway.
2718                 */
2719         .features[FEAT_XSAVE] =
2720             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2721             CPUID_XSAVE_XGETBV1,
2722         .features[FEAT_6_EAX] =
2723             CPUID_6_EAX_ARAT,
2724         .xlevel = 0x80000008,
2725         .model_id = "Intel Xeon Processor (Icelake)",
2726     },
2727     {
2728         .name = "Denverton",
2729         .level = 21,
2730         .vendor = CPUID_VENDOR_INTEL,
2731         .family = 6,
2732         .model = 95,
2733         .stepping = 1,
2734         .features[FEAT_1_EDX] =
2735             CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC |
2736             CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC |
2737             CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
2738             CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX | CPUID_FXSR |
2739             CPUID_SSE | CPUID_SSE2,
2740         .features[FEAT_1_ECX] =
2741             CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_MONITOR |
2742             CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | CPUID_EXT_SSE41 |
2743             CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
2744             CPUID_EXT_POPCNT | CPUID_EXT_TSC_DEADLINE_TIMER |
2745             CPUID_EXT_AES | CPUID_EXT_XSAVE | CPUID_EXT_RDRAND,
2746         .features[FEAT_8000_0001_EDX] =
2747             CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB |
2748             CPUID_EXT2_RDTSCP | CPUID_EXT2_LM,
2749         .features[FEAT_8000_0001_ECX] =
2750             CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2751         .features[FEAT_7_0_EBX] =
2752             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_ERMS |
2753             CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_SMAP |
2754             CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_SHA_NI,
2755         .features[FEAT_7_0_EDX] =
2756             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
2757             CPUID_7_0_EDX_SPEC_CTRL_SSBD,
2758         /*
2759          * Missing: XSAVES (not supported by some Linux versions,
2760          * including v4.1 to v4.12).
2761          * KVM doesn't yet expose any XSAVES state save component,
2762          * and the only one defined in Skylake (processor tracing)
2763          * probably will block migration anyway.
2764          */
2765         .features[FEAT_XSAVE] =
2766             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | CPUID_XSAVE_XGETBV1,
2767         .features[FEAT_6_EAX] =
2768             CPUID_6_EAX_ARAT,
2769         .features[FEAT_ARCH_CAPABILITIES] =
2770             MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY,
2771         .xlevel = 0x80000008,
2772         .model_id = "Intel Atom Processor (Denverton)",
2773     },
2774     {
2775         .name = "Snowridge",
2776         .level = 27,
2777         .vendor = CPUID_VENDOR_INTEL,
2778         .family = 6,
2779         .model = 134,
2780         .stepping = 1,
2781         .features[FEAT_1_EDX] =
2782             /* missing: CPUID_PN CPUID_IA64 */
2783             /* missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
2784             CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE |
2785             CPUID_TSC | CPUID_MSR | CPUID_PAE | CPUID_MCE |
2786             CPUID_CX8 | CPUID_APIC | CPUID_SEP |
2787             CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
2788             CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH |
2789             CPUID_MMX |
2790             CPUID_FXSR | CPUID_SSE | CPUID_SSE2,
2791         .features[FEAT_1_ECX] =
2792             CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_MONITOR |
2793             CPUID_EXT_SSSE3 |
2794             CPUID_EXT_CX16 |
2795             CPUID_EXT_SSE41 |
2796             CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
2797             CPUID_EXT_POPCNT |
2798             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_AES | CPUID_EXT_XSAVE |
2799             CPUID_EXT_RDRAND,
2800         .features[FEAT_8000_0001_EDX] =
2801             CPUID_EXT2_SYSCALL |
2802             CPUID_EXT2_NX |
2803             CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
2804             CPUID_EXT2_LM,
2805         .features[FEAT_8000_0001_ECX] =
2806             CPUID_EXT3_LAHF_LM |
2807             CPUID_EXT3_3DNOWPREFETCH,
2808         .features[FEAT_7_0_EBX] =
2809             CPUID_7_0_EBX_FSGSBASE |
2810             CPUID_7_0_EBX_SMEP |
2811             CPUID_7_0_EBX_ERMS |
2812             CPUID_7_0_EBX_MPX |  /* missing bits 13, 15 */
2813             CPUID_7_0_EBX_RDSEED |
2814             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
2815             CPUID_7_0_EBX_CLWB |
2816             CPUID_7_0_EBX_SHA_NI,
2817         .features[FEAT_7_0_ECX] =
2818             CPUID_7_0_ECX_UMIP |
2819             /* missing bit 5 */
2820             CPUID_7_0_ECX_GFNI |
2821             CPUID_7_0_ECX_MOVDIRI | CPUID_7_0_ECX_CLDEMOTE |
2822             CPUID_7_0_ECX_MOVDIR64B,
2823         .features[FEAT_7_0_EDX] =
2824             CPUID_7_0_EDX_SPEC_CTRL |
2825             CPUID_7_0_EDX_ARCH_CAPABILITIES | CPUID_7_0_EDX_SPEC_CTRL_SSBD |
2826             CPUID_7_0_EDX_CORE_CAPABILITY,
2827         .features[FEAT_CORE_CAPABILITY] =
2828             MSR_CORE_CAP_SPLIT_LOCK_DETECT,
2829         /*
2830          * Missing: XSAVES (not supported by some Linux versions,
2831          * including v4.1 to v4.12).
2832          * KVM doesn't yet expose any XSAVES state save component,
2833          * and the only one defined in Skylake (processor tracing)
2834          * probably will block migration anyway.
2835          */
2836         .features[FEAT_XSAVE] =
2837             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2838             CPUID_XSAVE_XGETBV1,
2839         .features[FEAT_6_EAX] =
2840             CPUID_6_EAX_ARAT,
2841         .xlevel = 0x80000008,
2842         .model_id = "Intel Atom Processor (SnowRidge)",
2843         .versions = (X86CPUVersionDefinition[]) {
2844             { .version = 1 },
2845             {
2846                 .version = 2,
2847                 .props = (PropValue[]) {
2848                     { "mpx", "off" },
2849                     { "model-id", "Intel Atom Processor (Snowridge, no MPX)" },
2850                     { /* end of list */ },
2851                 },
2852             },
2853             { /* end of list */ },
2854         },
2855     },
2856     {
2857         .name = "KnightsMill",
2858         .level = 0xd,
2859         .vendor = CPUID_VENDOR_INTEL,
2860         .family = 6,
2861         .model = 133,
2862         .stepping = 0,
2863         .features[FEAT_1_EDX] =
2864             CPUID_VME | CPUID_SS | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR |
2865             CPUID_MMX | CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV |
2866             CPUID_MCA | CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC |
2867             CPUID_CX8 | CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC |
2868             CPUID_PSE | CPUID_DE | CPUID_FP87,
2869         .features[FEAT_1_ECX] =
2870             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2871             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2872             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2873             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2874             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2875             CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2876         .features[FEAT_8000_0001_EDX] =
2877             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
2878             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2879         .features[FEAT_8000_0001_ECX] =
2880             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2881         .features[FEAT_7_0_EBX] =
2882             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
2883             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS |
2884             CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_AVX512F |
2885             CPUID_7_0_EBX_AVX512CD | CPUID_7_0_EBX_AVX512PF |
2886             CPUID_7_0_EBX_AVX512ER,
2887         .features[FEAT_7_0_ECX] =
2888             CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
2889         .features[FEAT_7_0_EDX] =
2890             CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS,
2891         .features[FEAT_XSAVE] =
2892             CPUID_XSAVE_XSAVEOPT,
2893         .features[FEAT_6_EAX] =
2894             CPUID_6_EAX_ARAT,
2895         .xlevel = 0x80000008,
2896         .model_id = "Intel Xeon Phi Processor (Knights Mill)",
2897     },
2898     {
2899         .name = "Opteron_G1",
2900         .level = 5,
2901         .vendor = CPUID_VENDOR_AMD,
2902         .family = 15,
2903         .model = 6,
2904         .stepping = 1,
2905         .features[FEAT_1_EDX] =
2906             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2907             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2908             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2909             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2910             CPUID_DE | CPUID_FP87,
2911         .features[FEAT_1_ECX] =
2912             CPUID_EXT_SSE3,
2913         .features[FEAT_8000_0001_EDX] =
2914             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2915         .xlevel = 0x80000008,
2916         .model_id = "AMD Opteron 240 (Gen 1 Class Opteron)",
2917     },
2918     {
2919         .name = "Opteron_G2",
2920         .level = 5,
2921         .vendor = CPUID_VENDOR_AMD,
2922         .family = 15,
2923         .model = 6,
2924         .stepping = 1,
2925         .features[FEAT_1_EDX] =
2926             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2927             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2928             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2929             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2930             CPUID_DE | CPUID_FP87,
2931         .features[FEAT_1_ECX] =
2932             CPUID_EXT_CX16 | CPUID_EXT_SSE3,
2933         .features[FEAT_8000_0001_EDX] =
2934             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2935         .features[FEAT_8000_0001_ECX] =
2936             CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
2937         .xlevel = 0x80000008,
2938         .model_id = "AMD Opteron 22xx (Gen 2 Class Opteron)",
2939     },
2940     {
2941         .name = "Opteron_G3",
2942         .level = 5,
2943         .vendor = CPUID_VENDOR_AMD,
2944         .family = 16,
2945         .model = 2,
2946         .stepping = 3,
2947         .features[FEAT_1_EDX] =
2948             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2949             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2950             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2951             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2952             CPUID_DE | CPUID_FP87,
2953         .features[FEAT_1_ECX] =
2954             CPUID_EXT_POPCNT | CPUID_EXT_CX16 | CPUID_EXT_MONITOR |
2955             CPUID_EXT_SSE3,
2956         .features[FEAT_8000_0001_EDX] =
2957             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL |
2958             CPUID_EXT2_RDTSCP,
2959         .features[FEAT_8000_0001_ECX] =
2960             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A |
2961             CPUID_EXT3_ABM | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
2962         .xlevel = 0x80000008,
2963         .model_id = "AMD Opteron 23xx (Gen 3 Class Opteron)",
2964     },
2965     {
2966         .name = "Opteron_G4",
2967         .level = 0xd,
2968         .vendor = CPUID_VENDOR_AMD,
2969         .family = 21,
2970         .model = 1,
2971         .stepping = 2,
2972         .features[FEAT_1_EDX] =
2973             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2974             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2975             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2976             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2977             CPUID_DE | CPUID_FP87,
2978         .features[FEAT_1_ECX] =
2979             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2980             CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2981             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2982             CPUID_EXT_SSE3,
2983         .features[FEAT_8000_0001_EDX] =
2984             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_NX |
2985             CPUID_EXT2_SYSCALL | CPUID_EXT2_RDTSCP,
2986         .features[FEAT_8000_0001_ECX] =
2987             CPUID_EXT3_FMA4 | CPUID_EXT3_XOP |
2988             CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_MISALIGNSSE |
2989             CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | CPUID_EXT3_SVM |
2990             CPUID_EXT3_LAHF_LM,
2991         .features[FEAT_SVM] =
2992             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
2993         /* no xsaveopt! */
2994         .xlevel = 0x8000001A,
2995         .model_id = "AMD Opteron 62xx class CPU",
2996     },
2997     {
2998         .name = "Opteron_G5",
2999         .level = 0xd,
3000         .vendor = CPUID_VENDOR_AMD,
3001         .family = 21,
3002         .model = 2,
3003         .stepping = 0,
3004         .features[FEAT_1_EDX] =
3005             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3006             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3007             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3008             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3009             CPUID_DE | CPUID_FP87,
3010         .features[FEAT_1_ECX] =
3011             CPUID_EXT_F16C | CPUID_EXT_AVX | CPUID_EXT_XSAVE |
3012             CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
3013             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_FMA |
3014             CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
3015         .features[FEAT_8000_0001_EDX] =
3016             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_NX |
3017             CPUID_EXT2_SYSCALL | CPUID_EXT2_RDTSCP,
3018         .features[FEAT_8000_0001_ECX] =
3019             CPUID_EXT3_TBM | CPUID_EXT3_FMA4 | CPUID_EXT3_XOP |
3020             CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_MISALIGNSSE |
3021             CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | CPUID_EXT3_SVM |
3022             CPUID_EXT3_LAHF_LM,
3023         .features[FEAT_SVM] =
3024             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3025         /* no xsaveopt! */
3026         .xlevel = 0x8000001A,
3027         .model_id = "AMD Opteron 63xx class CPU",
3028     },
3029     {
3030         .name = "EPYC",
3031         .level = 0xd,
3032         .vendor = CPUID_VENDOR_AMD,
3033         .family = 23,
3034         .model = 1,
3035         .stepping = 2,
3036         .features[FEAT_1_EDX] =
3037             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
3038             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
3039             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
3040             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
3041             CPUID_VME | CPUID_FP87,
3042         .features[FEAT_1_ECX] =
3043             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
3044             CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
3045             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
3046             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
3047             CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
3048         .features[FEAT_8000_0001_EDX] =
3049             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
3050             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
3051             CPUID_EXT2_SYSCALL,
3052         .features[FEAT_8000_0001_ECX] =
3053             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
3054             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
3055             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
3056             CPUID_EXT3_TOPOEXT,
3057         .features[FEAT_7_0_EBX] =
3058             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
3059             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
3060             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
3061             CPUID_7_0_EBX_SHA_NI,
3062         /* Missing: XSAVES (not supported by some Linux versions,
3063          * including v4.1 to v4.12).
3064          * KVM doesn't yet expose any XSAVES state save component.
3065          */
3066         .features[FEAT_XSAVE] =
3067             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3068             CPUID_XSAVE_XGETBV1,
3069         .features[FEAT_6_EAX] =
3070             CPUID_6_EAX_ARAT,
3071         .features[FEAT_SVM] =
3072             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3073         .xlevel = 0x8000001E,
3074         .model_id = "AMD EPYC Processor",
3075         .cache_info = &epyc_cache_info,
3076         .versions = (X86CPUVersionDefinition[]) {
3077             { .version = 1 },
3078             {
3079                 .version = 2,
3080                 .alias = "EPYC-IBPB",
3081                 .props = (PropValue[]) {
3082                     { "ibpb", "on" },
3083                     { "model-id",
3084                       "AMD EPYC Processor (with IBPB)" },
3085                     { /* end of list */ }
3086                 }
3087             },
3088             { /* end of list */ }
3089         }
3090     },
3091     {
3092         .name = "Dhyana",
3093         .level = 0xd,
3094         .vendor = CPUID_VENDOR_HYGON,
3095         .family = 24,
3096         .model = 0,
3097         .stepping = 1,
3098         .features[FEAT_1_EDX] =
3099             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
3100             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
3101             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
3102             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
3103             CPUID_VME | CPUID_FP87,
3104         .features[FEAT_1_ECX] =
3105             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
3106             CPUID_EXT_XSAVE | CPUID_EXT_POPCNT |
3107             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
3108             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
3109             CPUID_EXT_MONITOR | CPUID_EXT_SSE3,
3110         .features[FEAT_8000_0001_EDX] =
3111             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
3112             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
3113             CPUID_EXT2_SYSCALL,
3114         .features[FEAT_8000_0001_ECX] =
3115             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
3116             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
3117             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
3118             CPUID_EXT3_TOPOEXT,
3119         .features[FEAT_8000_0008_EBX] =
3120             CPUID_8000_0008_EBX_IBPB,
3121         .features[FEAT_7_0_EBX] =
3122             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
3123             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
3124             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT,
3125         /*
3126          * Missing: XSAVES (not supported by some Linux versions,
3127          * including v4.1 to v4.12).
3128          * KVM doesn't yet expose any XSAVES state save component.
3129          */
3130         .features[FEAT_XSAVE] =
3131             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3132             CPUID_XSAVE_XGETBV1,
3133         .features[FEAT_6_EAX] =
3134             CPUID_6_EAX_ARAT,
3135         .features[FEAT_SVM] =
3136             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3137         .xlevel = 0x8000001E,
3138         .model_id = "Hygon Dhyana Processor",
3139         .cache_info = &epyc_cache_info,
3140     },
3141 };
3142 
3143 /* KVM-specific features that are automatically added/removed
3144  * from all CPU models when KVM is enabled.
3145  */
3146 static PropValue kvm_default_props[] = {
3147     { "kvmclock", "on" },
3148     { "kvm-nopiodelay", "on" },
3149     { "kvm-asyncpf", "on" },
3150     { "kvm-steal-time", "on" },
3151     { "kvm-pv-eoi", "on" },
3152     { "kvmclock-stable-bit", "on" },
3153     { "x2apic", "on" },
3154     { "acpi", "off" },
3155     { "monitor", "off" },
3156     { "svm", "off" },
3157     { NULL, NULL },
3158 };
3159 
3160 /* TCG-specific defaults that override all CPU models when using TCG
3161  */
3162 static PropValue tcg_default_props[] = {
3163     { "vme", "off" },
3164     { NULL, NULL },
3165 };
3166 
3167 
3168 X86CPUVersion default_cpu_version = CPU_VERSION_LATEST;
3169 
3170 void x86_cpu_set_default_version(X86CPUVersion version)
3171 {
3172     /* Translating CPU_VERSION_AUTO to CPU_VERSION_AUTO doesn't make sense */
3173     assert(version != CPU_VERSION_AUTO);
3174     default_cpu_version = version;
3175 }
3176 
3177 static X86CPUVersion x86_cpu_model_last_version(const X86CPUModel *model)
3178 {
3179     int v = 0;
3180     const X86CPUVersionDefinition *vdef =
3181         x86_cpu_def_get_versions(model->cpudef);
3182     while (vdef->version) {
3183         v = vdef->version;
3184         vdef++;
3185     }
3186     return v;
3187 }
3188 
3189 /* Return the actual version being used for a specific CPU model */
3190 static X86CPUVersion x86_cpu_model_resolve_version(const X86CPUModel *model)
3191 {
3192     X86CPUVersion v = model->version;
3193     if (v == CPU_VERSION_AUTO) {
3194         v = default_cpu_version;
3195     }
3196     if (v == CPU_VERSION_LATEST) {
3197         return x86_cpu_model_last_version(model);
3198     }
3199     return v;
3200 }
3201 
3202 void x86_cpu_change_kvm_default(const char *prop, const char *value)
3203 {
3204     PropValue *pv;
3205     for (pv = kvm_default_props; pv->prop; pv++) {
3206         if (!strcmp(pv->prop, prop)) {
3207             pv->value = value;
3208             break;
3209         }
3210     }
3211 
3212     /* It is valid to call this function only for properties that
3213      * are already present in the kvm_default_props table.
3214      */
3215     assert(pv->prop);
3216 }
3217 
3218 static uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
3219                                                    bool migratable_only);
3220 
3221 static bool lmce_supported(void)
3222 {
3223     uint64_t mce_cap = 0;
3224 
3225 #ifdef CONFIG_KVM
3226     if (kvm_ioctl(kvm_state, KVM_X86_GET_MCE_CAP_SUPPORTED, &mce_cap) < 0) {
3227         return false;
3228     }
3229 #endif
3230 
3231     return !!(mce_cap & MCG_LMCE_P);
3232 }
3233 
3234 #define CPUID_MODEL_ID_SZ 48
3235 
3236 /**
3237  * cpu_x86_fill_model_id:
3238  * Get CPUID model ID string from host CPU.
3239  *
3240  * @str should have at least CPUID_MODEL_ID_SZ bytes
3241  *
3242  * The function does NOT add a null terminator to the string
3243  * automatically.
3244  */
3245 static int cpu_x86_fill_model_id(char *str)
3246 {
3247     uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
3248     int i;
3249 
3250     for (i = 0; i < 3; i++) {
3251         host_cpuid(0x80000002 + i, 0, &eax, &ebx, &ecx, &edx);
3252         memcpy(str + i * 16 +  0, &eax, 4);
3253         memcpy(str + i * 16 +  4, &ebx, 4);
3254         memcpy(str + i * 16 +  8, &ecx, 4);
3255         memcpy(str + i * 16 + 12, &edx, 4);
3256     }
3257     return 0;
3258 }
3259 
3260 static Property max_x86_cpu_properties[] = {
3261     DEFINE_PROP_BOOL("migratable", X86CPU, migratable, true),
3262     DEFINE_PROP_BOOL("host-cache-info", X86CPU, cache_info_passthrough, false),
3263     DEFINE_PROP_END_OF_LIST()
3264 };
3265 
3266 static void max_x86_cpu_class_init(ObjectClass *oc, void *data)
3267 {
3268     DeviceClass *dc = DEVICE_CLASS(oc);
3269     X86CPUClass *xcc = X86_CPU_CLASS(oc);
3270 
3271     xcc->ordering = 9;
3272 
3273     xcc->model_description =
3274         "Enables all features supported by the accelerator in the current host";
3275 
3276     dc->props = max_x86_cpu_properties;
3277 }
3278 
3279 static void max_x86_cpu_initfn(Object *obj)
3280 {
3281     X86CPU *cpu = X86_CPU(obj);
3282     CPUX86State *env = &cpu->env;
3283     KVMState *s = kvm_state;
3284 
3285     /* We can't fill the features array here because we don't know yet if
3286      * "migratable" is true or false.
3287      */
3288     cpu->max_features = true;
3289 
3290     if (accel_uses_host_cpuid()) {
3291         char vendor[CPUID_VENDOR_SZ + 1] = { 0 };
3292         char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 };
3293         int family, model, stepping;
3294 
3295         host_vendor_fms(vendor, &family, &model, &stepping);
3296         cpu_x86_fill_model_id(model_id);
3297 
3298         object_property_set_str(OBJECT(cpu), vendor, "vendor", &error_abort);
3299         object_property_set_int(OBJECT(cpu), family, "family", &error_abort);
3300         object_property_set_int(OBJECT(cpu), model, "model", &error_abort);
3301         object_property_set_int(OBJECT(cpu), stepping, "stepping",
3302                                 &error_abort);
3303         object_property_set_str(OBJECT(cpu), model_id, "model-id",
3304                                 &error_abort);
3305 
3306         if (kvm_enabled()) {
3307             env->cpuid_min_level =
3308                 kvm_arch_get_supported_cpuid(s, 0x0, 0, R_EAX);
3309             env->cpuid_min_xlevel =
3310                 kvm_arch_get_supported_cpuid(s, 0x80000000, 0, R_EAX);
3311             env->cpuid_min_xlevel2 =
3312                 kvm_arch_get_supported_cpuid(s, 0xC0000000, 0, R_EAX);
3313         } else {
3314             env->cpuid_min_level =
3315                 hvf_get_supported_cpuid(0x0, 0, R_EAX);
3316             env->cpuid_min_xlevel =
3317                 hvf_get_supported_cpuid(0x80000000, 0, R_EAX);
3318             env->cpuid_min_xlevel2 =
3319                 hvf_get_supported_cpuid(0xC0000000, 0, R_EAX);
3320         }
3321 
3322         if (lmce_supported()) {
3323             object_property_set_bool(OBJECT(cpu), true, "lmce", &error_abort);
3324         }
3325     } else {
3326         object_property_set_str(OBJECT(cpu), CPUID_VENDOR_AMD,
3327                                 "vendor", &error_abort);
3328         object_property_set_int(OBJECT(cpu), 6, "family", &error_abort);
3329         object_property_set_int(OBJECT(cpu), 6, "model", &error_abort);
3330         object_property_set_int(OBJECT(cpu), 3, "stepping", &error_abort);
3331         object_property_set_str(OBJECT(cpu),
3332                                 "QEMU TCG CPU version " QEMU_HW_VERSION,
3333                                 "model-id", &error_abort);
3334     }
3335 
3336     object_property_set_bool(OBJECT(cpu), true, "pmu", &error_abort);
3337 }
3338 
3339 static const TypeInfo max_x86_cpu_type_info = {
3340     .name = X86_CPU_TYPE_NAME("max"),
3341     .parent = TYPE_X86_CPU,
3342     .instance_init = max_x86_cpu_initfn,
3343     .class_init = max_x86_cpu_class_init,
3344 };
3345 
3346 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
3347 static void host_x86_cpu_class_init(ObjectClass *oc, void *data)
3348 {
3349     X86CPUClass *xcc = X86_CPU_CLASS(oc);
3350 
3351     xcc->host_cpuid_required = true;
3352     xcc->ordering = 8;
3353 
3354 #if defined(CONFIG_KVM)
3355     xcc->model_description =
3356         "KVM processor with all supported host features ";
3357 #elif defined(CONFIG_HVF)
3358     xcc->model_description =
3359         "HVF processor with all supported host features ";
3360 #endif
3361 }
3362 
3363 static const TypeInfo host_x86_cpu_type_info = {
3364     .name = X86_CPU_TYPE_NAME("host"),
3365     .parent = X86_CPU_TYPE_NAME("max"),
3366     .class_init = host_x86_cpu_class_init,
3367 };
3368 
3369 #endif
3370 
3371 static char *feature_word_description(FeatureWordInfo *f, uint32_t bit)
3372 {
3373     assert(f->type == CPUID_FEATURE_WORD || f->type == MSR_FEATURE_WORD);
3374 
3375     switch (f->type) {
3376     case CPUID_FEATURE_WORD:
3377         {
3378             const char *reg = get_register_name_32(f->cpuid.reg);
3379             assert(reg);
3380             return g_strdup_printf("CPUID.%02XH:%s",
3381                                    f->cpuid.eax, reg);
3382         }
3383     case MSR_FEATURE_WORD:
3384         return g_strdup_printf("MSR(%02XH)",
3385                                f->msr.index);
3386     }
3387 
3388     return NULL;
3389 }
3390 
3391 static bool x86_cpu_have_filtered_features(X86CPU *cpu)
3392 {
3393     FeatureWord w;
3394 
3395     for (w = 0; w < FEATURE_WORDS; w++) {
3396         if (cpu->filtered_features[w]) {
3397             return true;
3398         }
3399     }
3400 
3401     return false;
3402 }
3403 
3404 static void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask,
3405                                       const char *verbose_prefix)
3406 {
3407     CPUX86State *env = &cpu->env;
3408     FeatureWordInfo *f = &feature_word_info[w];
3409     int i;
3410     char *feat_word_str;
3411 
3412     if (!cpu->force_features) {
3413         env->features[w] &= ~mask;
3414     }
3415     cpu->filtered_features[w] |= mask;
3416 
3417     if (!verbose_prefix) {
3418         return;
3419     }
3420 
3421     for (i = 0; i < 64; ++i) {
3422         if ((1ULL << i) & mask) {
3423             feat_word_str = feature_word_description(f, i);
3424             warn_report("%s: %s%s%s [bit %d]",
3425                         verbose_prefix,
3426                         feat_word_str,
3427                         f->feat_names[i] ? "." : "",
3428                         f->feat_names[i] ? f->feat_names[i] : "", i);
3429             g_free(feat_word_str);
3430         }
3431     }
3432 }
3433 
3434 static void x86_cpuid_version_get_family(Object *obj, Visitor *v,
3435                                          const char *name, void *opaque,
3436                                          Error **errp)
3437 {
3438     X86CPU *cpu = X86_CPU(obj);
3439     CPUX86State *env = &cpu->env;
3440     int64_t value;
3441 
3442     value = (env->cpuid_version >> 8) & 0xf;
3443     if (value == 0xf) {
3444         value += (env->cpuid_version >> 20) & 0xff;
3445     }
3446     visit_type_int(v, name, &value, errp);
3447 }
3448 
3449 static void x86_cpuid_version_set_family(Object *obj, Visitor *v,
3450                                          const char *name, void *opaque,
3451                                          Error **errp)
3452 {
3453     X86CPU *cpu = X86_CPU(obj);
3454     CPUX86State *env = &cpu->env;
3455     const int64_t min = 0;
3456     const int64_t max = 0xff + 0xf;
3457     Error *local_err = NULL;
3458     int64_t value;
3459 
3460     visit_type_int(v, name, &value, &local_err);
3461     if (local_err) {
3462         error_propagate(errp, local_err);
3463         return;
3464     }
3465     if (value < min || value > max) {
3466         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
3467                    name ? name : "null", value, min, max);
3468         return;
3469     }
3470 
3471     env->cpuid_version &= ~0xff00f00;
3472     if (value > 0x0f) {
3473         env->cpuid_version |= 0xf00 | ((value - 0x0f) << 20);
3474     } else {
3475         env->cpuid_version |= value << 8;
3476     }
3477 }
3478 
3479 static void x86_cpuid_version_get_model(Object *obj, Visitor *v,
3480                                         const char *name, void *opaque,
3481                                         Error **errp)
3482 {
3483     X86CPU *cpu = X86_CPU(obj);
3484     CPUX86State *env = &cpu->env;
3485     int64_t value;
3486 
3487     value = (env->cpuid_version >> 4) & 0xf;
3488     value |= ((env->cpuid_version >> 16) & 0xf) << 4;
3489     visit_type_int(v, name, &value, errp);
3490 }
3491 
3492 static void x86_cpuid_version_set_model(Object *obj, Visitor *v,
3493                                         const char *name, void *opaque,
3494                                         Error **errp)
3495 {
3496     X86CPU *cpu = X86_CPU(obj);
3497     CPUX86State *env = &cpu->env;
3498     const int64_t min = 0;
3499     const int64_t max = 0xff;
3500     Error *local_err = NULL;
3501     int64_t value;
3502 
3503     visit_type_int(v, name, &value, &local_err);
3504     if (local_err) {
3505         error_propagate(errp, local_err);
3506         return;
3507     }
3508     if (value < min || value > max) {
3509         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
3510                    name ? name : "null", value, min, max);
3511         return;
3512     }
3513 
3514     env->cpuid_version &= ~0xf00f0;
3515     env->cpuid_version |= ((value & 0xf) << 4) | ((value >> 4) << 16);
3516 }
3517 
3518 static void x86_cpuid_version_get_stepping(Object *obj, Visitor *v,
3519                                            const char *name, void *opaque,
3520                                            Error **errp)
3521 {
3522     X86CPU *cpu = X86_CPU(obj);
3523     CPUX86State *env = &cpu->env;
3524     int64_t value;
3525 
3526     value = env->cpuid_version & 0xf;
3527     visit_type_int(v, name, &value, errp);
3528 }
3529 
3530 static void x86_cpuid_version_set_stepping(Object *obj, Visitor *v,
3531                                            const char *name, void *opaque,
3532                                            Error **errp)
3533 {
3534     X86CPU *cpu = X86_CPU(obj);
3535     CPUX86State *env = &cpu->env;
3536     const int64_t min = 0;
3537     const int64_t max = 0xf;
3538     Error *local_err = NULL;
3539     int64_t value;
3540 
3541     visit_type_int(v, name, &value, &local_err);
3542     if (local_err) {
3543         error_propagate(errp, local_err);
3544         return;
3545     }
3546     if (value < min || value > max) {
3547         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
3548                    name ? name : "null", value, min, max);
3549         return;
3550     }
3551 
3552     env->cpuid_version &= ~0xf;
3553     env->cpuid_version |= value & 0xf;
3554 }
3555 
3556 static char *x86_cpuid_get_vendor(Object *obj, Error **errp)
3557 {
3558     X86CPU *cpu = X86_CPU(obj);
3559     CPUX86State *env = &cpu->env;
3560     char *value;
3561 
3562     value = g_malloc(CPUID_VENDOR_SZ + 1);
3563     x86_cpu_vendor_words2str(value, env->cpuid_vendor1, env->cpuid_vendor2,
3564                              env->cpuid_vendor3);
3565     return value;
3566 }
3567 
3568 static void x86_cpuid_set_vendor(Object *obj, const char *value,
3569                                  Error **errp)
3570 {
3571     X86CPU *cpu = X86_CPU(obj);
3572     CPUX86State *env = &cpu->env;
3573     int i;
3574 
3575     if (strlen(value) != CPUID_VENDOR_SZ) {
3576         error_setg(errp, QERR_PROPERTY_VALUE_BAD, "", "vendor", value);
3577         return;
3578     }
3579 
3580     env->cpuid_vendor1 = 0;
3581     env->cpuid_vendor2 = 0;
3582     env->cpuid_vendor3 = 0;
3583     for (i = 0; i < 4; i++) {
3584         env->cpuid_vendor1 |= ((uint8_t)value[i    ]) << (8 * i);
3585         env->cpuid_vendor2 |= ((uint8_t)value[i + 4]) << (8 * i);
3586         env->cpuid_vendor3 |= ((uint8_t)value[i + 8]) << (8 * i);
3587     }
3588 }
3589 
3590 static char *x86_cpuid_get_model_id(Object *obj, Error **errp)
3591 {
3592     X86CPU *cpu = X86_CPU(obj);
3593     CPUX86State *env = &cpu->env;
3594     char *value;
3595     int i;
3596 
3597     value = g_malloc(48 + 1);
3598     for (i = 0; i < 48; i++) {
3599         value[i] = env->cpuid_model[i >> 2] >> (8 * (i & 3));
3600     }
3601     value[48] = '\0';
3602     return value;
3603 }
3604 
3605 static void x86_cpuid_set_model_id(Object *obj, const char *model_id,
3606                                    Error **errp)
3607 {
3608     X86CPU *cpu = X86_CPU(obj);
3609     CPUX86State *env = &cpu->env;
3610     int c, len, i;
3611 
3612     if (model_id == NULL) {
3613         model_id = "";
3614     }
3615     len = strlen(model_id);
3616     memset(env->cpuid_model, 0, 48);
3617     for (i = 0; i < 48; i++) {
3618         if (i >= len) {
3619             c = '\0';
3620         } else {
3621             c = (uint8_t)model_id[i];
3622         }
3623         env->cpuid_model[i >> 2] |= c << (8 * (i & 3));
3624     }
3625 }
3626 
3627 static void x86_cpuid_get_tsc_freq(Object *obj, Visitor *v, const char *name,
3628                                    void *opaque, Error **errp)
3629 {
3630     X86CPU *cpu = X86_CPU(obj);
3631     int64_t value;
3632 
3633     value = cpu->env.tsc_khz * 1000;
3634     visit_type_int(v, name, &value, errp);
3635 }
3636 
3637 static void x86_cpuid_set_tsc_freq(Object *obj, Visitor *v, const char *name,
3638                                    void *opaque, Error **errp)
3639 {
3640     X86CPU *cpu = X86_CPU(obj);
3641     const int64_t min = 0;
3642     const int64_t max = INT64_MAX;
3643     Error *local_err = NULL;
3644     int64_t value;
3645 
3646     visit_type_int(v, name, &value, &local_err);
3647     if (local_err) {
3648         error_propagate(errp, local_err);
3649         return;
3650     }
3651     if (value < min || value > max) {
3652         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
3653                    name ? name : "null", value, min, max);
3654         return;
3655     }
3656 
3657     cpu->env.tsc_khz = cpu->env.user_tsc_khz = value / 1000;
3658 }
3659 
3660 /* Generic getter for "feature-words" and "filtered-features" properties */
3661 static void x86_cpu_get_feature_words(Object *obj, Visitor *v,
3662                                       const char *name, void *opaque,
3663                                       Error **errp)
3664 {
3665     uint64_t *array = (uint64_t *)opaque;
3666     FeatureWord w;
3667     X86CPUFeatureWordInfo word_infos[FEATURE_WORDS] = { };
3668     X86CPUFeatureWordInfoList list_entries[FEATURE_WORDS] = { };
3669     X86CPUFeatureWordInfoList *list = NULL;
3670 
3671     for (w = 0; w < FEATURE_WORDS; w++) {
3672         FeatureWordInfo *wi = &feature_word_info[w];
3673         /*
3674                 * We didn't have MSR features when "feature-words" was
3675                 *  introduced. Therefore skipped other type entries.
3676                 */
3677         if (wi->type != CPUID_FEATURE_WORD) {
3678             continue;
3679         }
3680         X86CPUFeatureWordInfo *qwi = &word_infos[w];
3681         qwi->cpuid_input_eax = wi->cpuid.eax;
3682         qwi->has_cpuid_input_ecx = wi->cpuid.needs_ecx;
3683         qwi->cpuid_input_ecx = wi->cpuid.ecx;
3684         qwi->cpuid_register = x86_reg_info_32[wi->cpuid.reg].qapi_enum;
3685         qwi->features = array[w];
3686 
3687         /* List will be in reverse order, but order shouldn't matter */
3688         list_entries[w].next = list;
3689         list_entries[w].value = &word_infos[w];
3690         list = &list_entries[w];
3691     }
3692 
3693     visit_type_X86CPUFeatureWordInfoList(v, "feature-words", &list, errp);
3694 }
3695 
3696 /* Convert all '_' in a feature string option name to '-', to make feature
3697  * name conform to QOM property naming rule, which uses '-' instead of '_'.
3698  */
3699 static inline void feat2prop(char *s)
3700 {
3701     while ((s = strchr(s, '_'))) {
3702         *s = '-';
3703     }
3704 }
3705 
3706 /* Return the feature property name for a feature flag bit */
3707 static const char *x86_cpu_feature_name(FeatureWord w, int bitnr)
3708 {
3709     const char *name;
3710     /* XSAVE components are automatically enabled by other features,
3711      * so return the original feature name instead
3712      */
3713     if (w == FEAT_XSAVE_COMP_LO || w == FEAT_XSAVE_COMP_HI) {
3714         int comp = (w == FEAT_XSAVE_COMP_HI) ? bitnr + 32 : bitnr;
3715 
3716         if (comp < ARRAY_SIZE(x86_ext_save_areas) &&
3717             x86_ext_save_areas[comp].bits) {
3718             w = x86_ext_save_areas[comp].feature;
3719             bitnr = ctz32(x86_ext_save_areas[comp].bits);
3720         }
3721     }
3722 
3723     assert(bitnr < 64);
3724     assert(w < FEATURE_WORDS);
3725     name = feature_word_info[w].feat_names[bitnr];
3726     assert(bitnr < 32 || !(name && feature_word_info[w].type == CPUID_FEATURE_WORD));
3727     return name;
3728 }
3729 
3730 /* Compatibily hack to maintain legacy +-feat semantic,
3731  * where +-feat overwrites any feature set by
3732  * feat=on|feat even if the later is parsed after +-feat
3733  * (i.e. "-x2apic,x2apic=on" will result in x2apic disabled)
3734  */
3735 static GList *plus_features, *minus_features;
3736 
3737 static gint compare_string(gconstpointer a, gconstpointer b)
3738 {
3739     return g_strcmp0(a, b);
3740 }
3741 
3742 /* Parse "+feature,-feature,feature=foo" CPU feature string
3743  */
3744 static void x86_cpu_parse_featurestr(const char *typename, char *features,
3745                                      Error **errp)
3746 {
3747     char *featurestr; /* Single 'key=value" string being parsed */
3748     static bool cpu_globals_initialized;
3749     bool ambiguous = false;
3750 
3751     if (cpu_globals_initialized) {
3752         return;
3753     }
3754     cpu_globals_initialized = true;
3755 
3756     if (!features) {
3757         return;
3758     }
3759 
3760     for (featurestr = strtok(features, ",");
3761          featurestr;
3762          featurestr = strtok(NULL, ",")) {
3763         const char *name;
3764         const char *val = NULL;
3765         char *eq = NULL;
3766         char num[32];
3767         GlobalProperty *prop;
3768 
3769         /* Compatibility syntax: */
3770         if (featurestr[0] == '+') {
3771             plus_features = g_list_append(plus_features,
3772                                           g_strdup(featurestr + 1));
3773             continue;
3774         } else if (featurestr[0] == '-') {
3775             minus_features = g_list_append(minus_features,
3776                                            g_strdup(featurestr + 1));
3777             continue;
3778         }
3779 
3780         eq = strchr(featurestr, '=');
3781         if (eq) {
3782             *eq++ = 0;
3783             val = eq;
3784         } else {
3785             val = "on";
3786         }
3787 
3788         feat2prop(featurestr);
3789         name = featurestr;
3790 
3791         if (g_list_find_custom(plus_features, name, compare_string)) {
3792             warn_report("Ambiguous CPU model string. "
3793                         "Don't mix both \"+%s\" and \"%s=%s\"",
3794                         name, name, val);
3795             ambiguous = true;
3796         }
3797         if (g_list_find_custom(minus_features, name, compare_string)) {
3798             warn_report("Ambiguous CPU model string. "
3799                         "Don't mix both \"-%s\" and \"%s=%s\"",
3800                         name, name, val);
3801             ambiguous = true;
3802         }
3803 
3804         /* Special case: */
3805         if (!strcmp(name, "tsc-freq")) {
3806             int ret;
3807             uint64_t tsc_freq;
3808 
3809             ret = qemu_strtosz_metric(val, NULL, &tsc_freq);
3810             if (ret < 0 || tsc_freq > INT64_MAX) {
3811                 error_setg(errp, "bad numerical value %s", val);
3812                 return;
3813             }
3814             snprintf(num, sizeof(num), "%" PRId64, tsc_freq);
3815             val = num;
3816             name = "tsc-frequency";
3817         }
3818 
3819         prop = g_new0(typeof(*prop), 1);
3820         prop->driver = typename;
3821         prop->property = g_strdup(name);
3822         prop->value = g_strdup(val);
3823         qdev_prop_register_global(prop);
3824     }
3825 
3826     if (ambiguous) {
3827         warn_report("Compatibility of ambiguous CPU model "
3828                     "strings won't be kept on future QEMU versions");
3829     }
3830 }
3831 
3832 static void x86_cpu_expand_features(X86CPU *cpu, Error **errp);
3833 static void x86_cpu_filter_features(X86CPU *cpu, bool verbose);
3834 
3835 /* Build a list with the name of all features on a feature word array */
3836 static void x86_cpu_list_feature_names(FeatureWordArray features,
3837                                        strList **feat_names)
3838 {
3839     FeatureWord w;
3840     strList **next = feat_names;
3841 
3842     for (w = 0; w < FEATURE_WORDS; w++) {
3843         uint64_t filtered = features[w];
3844         int i;
3845         for (i = 0; i < 64; i++) {
3846             if (filtered & (1ULL << i)) {
3847                 strList *new = g_new0(strList, 1);
3848                 new->value = g_strdup(x86_cpu_feature_name(w, i));
3849                 *next = new;
3850                 next = &new->next;
3851             }
3852         }
3853     }
3854 }
3855 
3856 static void x86_cpu_get_unavailable_features(Object *obj, Visitor *v,
3857                                              const char *name, void *opaque,
3858                                              Error **errp)
3859 {
3860     X86CPU *xc = X86_CPU(obj);
3861     strList *result = NULL;
3862 
3863     x86_cpu_list_feature_names(xc->filtered_features, &result);
3864     visit_type_strList(v, "unavailable-features", &result, errp);
3865 }
3866 
3867 /* Check for missing features that may prevent the CPU class from
3868  * running using the current machine and accelerator.
3869  */
3870 static void x86_cpu_class_check_missing_features(X86CPUClass *xcc,
3871                                                  strList **missing_feats)
3872 {
3873     X86CPU *xc;
3874     Error *err = NULL;
3875     strList **next = missing_feats;
3876 
3877     if (xcc->host_cpuid_required && !accel_uses_host_cpuid()) {
3878         strList *new = g_new0(strList, 1);
3879         new->value = g_strdup("kvm");
3880         *missing_feats = new;
3881         return;
3882     }
3883 
3884     xc = X86_CPU(object_new(object_class_get_name(OBJECT_CLASS(xcc))));
3885 
3886     x86_cpu_expand_features(xc, &err);
3887     if (err) {
3888         /* Errors at x86_cpu_expand_features should never happen,
3889          * but in case it does, just report the model as not
3890          * runnable at all using the "type" property.
3891          */
3892         strList *new = g_new0(strList, 1);
3893         new->value = g_strdup("type");
3894         *next = new;
3895         next = &new->next;
3896     }
3897 
3898     x86_cpu_filter_features(xc, false);
3899 
3900     x86_cpu_list_feature_names(xc->filtered_features, next);
3901 
3902     object_unref(OBJECT(xc));
3903 }
3904 
3905 /* Print all cpuid feature names in featureset
3906  */
3907 static void listflags(GList *features)
3908 {
3909     size_t len = 0;
3910     GList *tmp;
3911 
3912     for (tmp = features; tmp; tmp = tmp->next) {
3913         const char *name = tmp->data;
3914         if ((len + strlen(name) + 1) >= 75) {
3915             qemu_printf("\n");
3916             len = 0;
3917         }
3918         qemu_printf("%s%s", len == 0 ? "  " : " ", name);
3919         len += strlen(name) + 1;
3920     }
3921     qemu_printf("\n");
3922 }
3923 
3924 /* Sort alphabetically by type name, respecting X86CPUClass::ordering. */
3925 static gint x86_cpu_list_compare(gconstpointer a, gconstpointer b)
3926 {
3927     ObjectClass *class_a = (ObjectClass *)a;
3928     ObjectClass *class_b = (ObjectClass *)b;
3929     X86CPUClass *cc_a = X86_CPU_CLASS(class_a);
3930     X86CPUClass *cc_b = X86_CPU_CLASS(class_b);
3931     char *name_a, *name_b;
3932     int ret;
3933 
3934     if (cc_a->ordering != cc_b->ordering) {
3935         ret = cc_a->ordering - cc_b->ordering;
3936     } else {
3937         name_a = x86_cpu_class_get_model_name(cc_a);
3938         name_b = x86_cpu_class_get_model_name(cc_b);
3939         ret = strcmp(name_a, name_b);
3940         g_free(name_a);
3941         g_free(name_b);
3942     }
3943     return ret;
3944 }
3945 
3946 static GSList *get_sorted_cpu_model_list(void)
3947 {
3948     GSList *list = object_class_get_list(TYPE_X86_CPU, false);
3949     list = g_slist_sort(list, x86_cpu_list_compare);
3950     return list;
3951 }
3952 
3953 static char *x86_cpu_class_get_model_id(X86CPUClass *xc)
3954 {
3955     Object *obj = object_new(object_class_get_name(OBJECT_CLASS(xc)));
3956     char *r = object_property_get_str(obj, "model-id", &error_abort);
3957     object_unref(obj);
3958     return r;
3959 }
3960 
3961 static char *x86_cpu_class_get_alias_of(X86CPUClass *cc)
3962 {
3963     X86CPUVersion version;
3964 
3965     if (!cc->model || !cc->model->is_alias) {
3966         return NULL;
3967     }
3968     version = x86_cpu_model_resolve_version(cc->model);
3969     if (version <= 0) {
3970         return NULL;
3971     }
3972     return x86_cpu_versioned_model_name(cc->model->cpudef, version);
3973 }
3974 
3975 static void x86_cpu_list_entry(gpointer data, gpointer user_data)
3976 {
3977     ObjectClass *oc = data;
3978     X86CPUClass *cc = X86_CPU_CLASS(oc);
3979     char *name = x86_cpu_class_get_model_name(cc);
3980     char *desc = g_strdup(cc->model_description);
3981     char *alias_of = x86_cpu_class_get_alias_of(cc);
3982 
3983     if (!desc && alias_of) {
3984         if (cc->model && cc->model->version == CPU_VERSION_AUTO) {
3985             desc = g_strdup("(alias configured by machine type)");
3986         } else {
3987             desc = g_strdup_printf("(alias of %s)", alias_of);
3988         }
3989     }
3990     if (!desc) {
3991         desc = x86_cpu_class_get_model_id(cc);
3992     }
3993 
3994     qemu_printf("x86 %-20s  %-48s\n", name, desc);
3995     g_free(name);
3996     g_free(desc);
3997     g_free(alias_of);
3998 }
3999 
4000 /* list available CPU models and flags */
4001 void x86_cpu_list(void)
4002 {
4003     int i, j;
4004     GSList *list;
4005     GList *names = NULL;
4006 
4007     qemu_printf("Available CPUs:\n");
4008     list = get_sorted_cpu_model_list();
4009     g_slist_foreach(list, x86_cpu_list_entry, NULL);
4010     g_slist_free(list);
4011 
4012     names = NULL;
4013     for (i = 0; i < ARRAY_SIZE(feature_word_info); i++) {
4014         FeatureWordInfo *fw = &feature_word_info[i];
4015         for (j = 0; j < 64; j++) {
4016             if (fw->feat_names[j]) {
4017                 names = g_list_append(names, (gpointer)fw->feat_names[j]);
4018             }
4019         }
4020     }
4021 
4022     names = g_list_sort(names, (GCompareFunc)strcmp);
4023 
4024     qemu_printf("\nRecognized CPUID flags:\n");
4025     listflags(names);
4026     qemu_printf("\n");
4027     g_list_free(names);
4028 }
4029 
4030 static void x86_cpu_definition_entry(gpointer data, gpointer user_data)
4031 {
4032     ObjectClass *oc = data;
4033     X86CPUClass *cc = X86_CPU_CLASS(oc);
4034     CpuDefinitionInfoList **cpu_list = user_data;
4035     CpuDefinitionInfoList *entry;
4036     CpuDefinitionInfo *info;
4037 
4038     info = g_malloc0(sizeof(*info));
4039     info->name = x86_cpu_class_get_model_name(cc);
4040     x86_cpu_class_check_missing_features(cc, &info->unavailable_features);
4041     info->has_unavailable_features = true;
4042     info->q_typename = g_strdup(object_class_get_name(oc));
4043     info->migration_safe = cc->migration_safe;
4044     info->has_migration_safe = true;
4045     info->q_static = cc->static_model;
4046     /*
4047      * Old machine types won't report aliases, so that alias translation
4048      * doesn't break compatibility with previous QEMU versions.
4049      */
4050     if (default_cpu_version != CPU_VERSION_LEGACY) {
4051         info->alias_of = x86_cpu_class_get_alias_of(cc);
4052         info->has_alias_of = !!info->alias_of;
4053     }
4054 
4055     entry = g_malloc0(sizeof(*entry));
4056     entry->value = info;
4057     entry->next = *cpu_list;
4058     *cpu_list = entry;
4059 }
4060 
4061 CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
4062 {
4063     CpuDefinitionInfoList *cpu_list = NULL;
4064     GSList *list = get_sorted_cpu_model_list();
4065     g_slist_foreach(list, x86_cpu_definition_entry, &cpu_list);
4066     g_slist_free(list);
4067     return cpu_list;
4068 }
4069 
4070 static uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
4071                                                    bool migratable_only)
4072 {
4073     FeatureWordInfo *wi = &feature_word_info[w];
4074     uint64_t r = 0;
4075 
4076     if (kvm_enabled()) {
4077         switch (wi->type) {
4078         case CPUID_FEATURE_WORD:
4079             r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid.eax,
4080                                                         wi->cpuid.ecx,
4081                                                         wi->cpuid.reg);
4082             break;
4083         case MSR_FEATURE_WORD:
4084             r = kvm_arch_get_supported_msr_feature(kvm_state,
4085                         wi->msr.index);
4086             break;
4087         }
4088     } else if (hvf_enabled()) {
4089         if (wi->type != CPUID_FEATURE_WORD) {
4090             return 0;
4091         }
4092         r = hvf_get_supported_cpuid(wi->cpuid.eax,
4093                                     wi->cpuid.ecx,
4094                                     wi->cpuid.reg);
4095     } else if (tcg_enabled()) {
4096         r = wi->tcg_features;
4097     } else {
4098         return ~0;
4099     }
4100     if (migratable_only) {
4101         r &= x86_cpu_get_migratable_flags(w);
4102     }
4103     return r;
4104 }
4105 
4106 static void x86_cpu_apply_props(X86CPU *cpu, PropValue *props)
4107 {
4108     PropValue *pv;
4109     for (pv = props; pv->prop; pv++) {
4110         if (!pv->value) {
4111             continue;
4112         }
4113         object_property_parse(OBJECT(cpu), pv->value, pv->prop,
4114                               &error_abort);
4115     }
4116 }
4117 
4118 /* Apply properties for the CPU model version specified in model */
4119 static void x86_cpu_apply_version_props(X86CPU *cpu, X86CPUModel *model)
4120 {
4121     const X86CPUVersionDefinition *vdef;
4122     X86CPUVersion version = x86_cpu_model_resolve_version(model);
4123 
4124     if (version == CPU_VERSION_LEGACY) {
4125         return;
4126     }
4127 
4128     for (vdef = x86_cpu_def_get_versions(model->cpudef); vdef->version; vdef++) {
4129         PropValue *p;
4130 
4131         for (p = vdef->props; p && p->prop; p++) {
4132             object_property_parse(OBJECT(cpu), p->value, p->prop,
4133                                   &error_abort);
4134         }
4135 
4136         if (vdef->version == version) {
4137             break;
4138         }
4139     }
4140 
4141     /*
4142      * If we reached the end of the list, version number was invalid
4143      */
4144     assert(vdef->version == version);
4145 }
4146 
4147 /* Load data from X86CPUDefinition into a X86CPU object
4148  */
4149 static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel *model, Error **errp)
4150 {
4151     X86CPUDefinition *def = model->cpudef;
4152     CPUX86State *env = &cpu->env;
4153     const char *vendor;
4154     char host_vendor[CPUID_VENDOR_SZ + 1];
4155     FeatureWord w;
4156 
4157     /*NOTE: any property set by this function should be returned by
4158      * x86_cpu_static_props(), so static expansion of
4159      * query-cpu-model-expansion is always complete.
4160      */
4161 
4162     /* CPU models only set _minimum_ values for level/xlevel: */
4163     object_property_set_uint(OBJECT(cpu), def->level, "min-level", errp);
4164     object_property_set_uint(OBJECT(cpu), def->xlevel, "min-xlevel", errp);
4165 
4166     object_property_set_int(OBJECT(cpu), def->family, "family", errp);
4167     object_property_set_int(OBJECT(cpu), def->model, "model", errp);
4168     object_property_set_int(OBJECT(cpu), def->stepping, "stepping", errp);
4169     object_property_set_str(OBJECT(cpu), def->model_id, "model-id", errp);
4170     for (w = 0; w < FEATURE_WORDS; w++) {
4171         env->features[w] = def->features[w];
4172     }
4173 
4174     /* legacy-cache defaults to 'off' if CPU model provides cache info */
4175     cpu->legacy_cache = !def->cache_info;
4176 
4177     /* Special cases not set in the X86CPUDefinition structs: */
4178     /* TODO: in-kernel irqchip for hvf */
4179     if (kvm_enabled()) {
4180         if (!kvm_irqchip_in_kernel()) {
4181             x86_cpu_change_kvm_default("x2apic", "off");
4182         }
4183 
4184         x86_cpu_apply_props(cpu, kvm_default_props);
4185     } else if (tcg_enabled()) {
4186         x86_cpu_apply_props(cpu, tcg_default_props);
4187     }
4188 
4189     env->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR;
4190 
4191     /* sysenter isn't supported in compatibility mode on AMD,
4192      * syscall isn't supported in compatibility mode on Intel.
4193      * Normally we advertise the actual CPU vendor, but you can
4194      * override this using the 'vendor' property if you want to use
4195      * KVM's sysenter/syscall emulation in compatibility mode and
4196      * when doing cross vendor migration
4197      */
4198     vendor = def->vendor;
4199     if (accel_uses_host_cpuid()) {
4200         uint32_t  ebx = 0, ecx = 0, edx = 0;
4201         host_cpuid(0, 0, NULL, &ebx, &ecx, &edx);
4202         x86_cpu_vendor_words2str(host_vendor, ebx, edx, ecx);
4203         vendor = host_vendor;
4204     }
4205 
4206     object_property_set_str(OBJECT(cpu), vendor, "vendor", errp);
4207 
4208     x86_cpu_apply_version_props(cpu, model);
4209 }
4210 
4211 #ifndef CONFIG_USER_ONLY
4212 /* Return a QDict containing keys for all properties that can be included
4213  * in static expansion of CPU models. All properties set by x86_cpu_load_model()
4214  * must be included in the dictionary.
4215  */
4216 static QDict *x86_cpu_static_props(void)
4217 {
4218     FeatureWord w;
4219     int i;
4220     static const char *props[] = {
4221         "min-level",
4222         "min-xlevel",
4223         "family",
4224         "model",
4225         "stepping",
4226         "model-id",
4227         "vendor",
4228         "lmce",
4229         NULL,
4230     };
4231     static QDict *d;
4232 
4233     if (d) {
4234         return d;
4235     }
4236 
4237     d = qdict_new();
4238     for (i = 0; props[i]; i++) {
4239         qdict_put_null(d, props[i]);
4240     }
4241 
4242     for (w = 0; w < FEATURE_WORDS; w++) {
4243         FeatureWordInfo *fi = &feature_word_info[w];
4244         int bit;
4245         for (bit = 0; bit < 64; bit++) {
4246             if (!fi->feat_names[bit]) {
4247                 continue;
4248             }
4249             qdict_put_null(d, fi->feat_names[bit]);
4250         }
4251     }
4252 
4253     return d;
4254 }
4255 
4256 /* Add an entry to @props dict, with the value for property. */
4257 static void x86_cpu_expand_prop(X86CPU *cpu, QDict *props, const char *prop)
4258 {
4259     QObject *value = object_property_get_qobject(OBJECT(cpu), prop,
4260                                                  &error_abort);
4261 
4262     qdict_put_obj(props, prop, value);
4263 }
4264 
4265 /* Convert CPU model data from X86CPU object to a property dictionary
4266  * that can recreate exactly the same CPU model.
4267  */
4268 static void x86_cpu_to_dict(X86CPU *cpu, QDict *props)
4269 {
4270     QDict *sprops = x86_cpu_static_props();
4271     const QDictEntry *e;
4272 
4273     for (e = qdict_first(sprops); e; e = qdict_next(sprops, e)) {
4274         const char *prop = qdict_entry_key(e);
4275         x86_cpu_expand_prop(cpu, props, prop);
4276     }
4277 }
4278 
4279 /* Convert CPU model data from X86CPU object to a property dictionary
4280  * that can recreate exactly the same CPU model, including every
4281  * writeable QOM property.
4282  */
4283 static void x86_cpu_to_dict_full(X86CPU *cpu, QDict *props)
4284 {
4285     ObjectPropertyIterator iter;
4286     ObjectProperty *prop;
4287 
4288     object_property_iter_init(&iter, OBJECT(cpu));
4289     while ((prop = object_property_iter_next(&iter))) {
4290         /* skip read-only or write-only properties */
4291         if (!prop->get || !prop->set) {
4292             continue;
4293         }
4294 
4295         /* "hotplugged" is the only property that is configurable
4296          * on the command-line but will be set differently on CPUs
4297          * created using "-cpu ... -smp ..." and by CPUs created
4298          * on the fly by x86_cpu_from_model() for querying. Skip it.
4299          */
4300         if (!strcmp(prop->name, "hotplugged")) {
4301             continue;
4302         }
4303         x86_cpu_expand_prop(cpu, props, prop->name);
4304     }
4305 }
4306 
4307 static void object_apply_props(Object *obj, QDict *props, Error **errp)
4308 {
4309     const QDictEntry *prop;
4310     Error *err = NULL;
4311 
4312     for (prop = qdict_first(props); prop; prop = qdict_next(props, prop)) {
4313         object_property_set_qobject(obj, qdict_entry_value(prop),
4314                                          qdict_entry_key(prop), &err);
4315         if (err) {
4316             break;
4317         }
4318     }
4319 
4320     error_propagate(errp, err);
4321 }
4322 
4323 /* Create X86CPU object according to model+props specification */
4324 static X86CPU *x86_cpu_from_model(const char *model, QDict *props, Error **errp)
4325 {
4326     X86CPU *xc = NULL;
4327     X86CPUClass *xcc;
4328     Error *err = NULL;
4329 
4330     xcc = X86_CPU_CLASS(cpu_class_by_name(TYPE_X86_CPU, model));
4331     if (xcc == NULL) {
4332         error_setg(&err, "CPU model '%s' not found", model);
4333         goto out;
4334     }
4335 
4336     xc = X86_CPU(object_new(object_class_get_name(OBJECT_CLASS(xcc))));
4337     if (props) {
4338         object_apply_props(OBJECT(xc), props, &err);
4339         if (err) {
4340             goto out;
4341         }
4342     }
4343 
4344     x86_cpu_expand_features(xc, &err);
4345     if (err) {
4346         goto out;
4347     }
4348 
4349 out:
4350     if (err) {
4351         error_propagate(errp, err);
4352         object_unref(OBJECT(xc));
4353         xc = NULL;
4354     }
4355     return xc;
4356 }
4357 
4358 CpuModelExpansionInfo *
4359 qmp_query_cpu_model_expansion(CpuModelExpansionType type,
4360                                                       CpuModelInfo *model,
4361                                                       Error **errp)
4362 {
4363     X86CPU *xc = NULL;
4364     Error *err = NULL;
4365     CpuModelExpansionInfo *ret = g_new0(CpuModelExpansionInfo, 1);
4366     QDict *props = NULL;
4367     const char *base_name;
4368 
4369     xc = x86_cpu_from_model(model->name,
4370                             model->has_props ?
4371                                 qobject_to(QDict, model->props) :
4372                                 NULL, &err);
4373     if (err) {
4374         goto out;
4375     }
4376 
4377     props = qdict_new();
4378     ret->model = g_new0(CpuModelInfo, 1);
4379     ret->model->props = QOBJECT(props);
4380     ret->model->has_props = true;
4381 
4382     switch (type) {
4383     case CPU_MODEL_EXPANSION_TYPE_STATIC:
4384         /* Static expansion will be based on "base" only */
4385         base_name = "base";
4386         x86_cpu_to_dict(xc, props);
4387     break;
4388     case CPU_MODEL_EXPANSION_TYPE_FULL:
4389         /* As we don't return every single property, full expansion needs
4390          * to keep the original model name+props, and add extra
4391          * properties on top of that.
4392          */
4393         base_name = model->name;
4394         x86_cpu_to_dict_full(xc, props);
4395     break;
4396     default:
4397         error_setg(&err, "Unsupported expansion type");
4398         goto out;
4399     }
4400 
4401     x86_cpu_to_dict(xc, props);
4402 
4403     ret->model->name = g_strdup(base_name);
4404 
4405 out:
4406     object_unref(OBJECT(xc));
4407     if (err) {
4408         error_propagate(errp, err);
4409         qapi_free_CpuModelExpansionInfo(ret);
4410         ret = NULL;
4411     }
4412     return ret;
4413 }
4414 #endif  /* !CONFIG_USER_ONLY */
4415 
4416 static gchar *x86_gdb_arch_name(CPUState *cs)
4417 {
4418 #ifdef TARGET_X86_64
4419     return g_strdup("i386:x86-64");
4420 #else
4421     return g_strdup("i386");
4422 #endif
4423 }
4424 
4425 static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
4426 {
4427     X86CPUModel *model = data;
4428     X86CPUClass *xcc = X86_CPU_CLASS(oc);
4429 
4430     xcc->model = model;
4431     xcc->migration_safe = true;
4432 }
4433 
4434 static void x86_register_cpu_model_type(const char *name, X86CPUModel *model)
4435 {
4436     char *typename = x86_cpu_type_name(name);
4437     TypeInfo ti = {
4438         .name = typename,
4439         .parent = TYPE_X86_CPU,
4440         .class_init = x86_cpu_cpudef_class_init,
4441         .class_data = model,
4442     };
4443 
4444     type_register(&ti);
4445     g_free(typename);
4446 }
4447 
4448 static void x86_register_cpudef_types(X86CPUDefinition *def)
4449 {
4450     X86CPUModel *m;
4451     const X86CPUVersionDefinition *vdef;
4452     char *name;
4453 
4454     /* AMD aliases are handled at runtime based on CPUID vendor, so
4455      * they shouldn't be set on the CPU model table.
4456      */
4457     assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
4458     /* catch mistakes instead of silently truncating model_id when too long */
4459     assert(def->model_id && strlen(def->model_id) <= 48);
4460 
4461     /* Unversioned model: */
4462     m = g_new0(X86CPUModel, 1);
4463     m->cpudef = def;
4464     m->version = CPU_VERSION_AUTO;
4465     m->is_alias = true;
4466     x86_register_cpu_model_type(def->name, m);
4467 
4468     /* Versioned models: */
4469 
4470     for (vdef = x86_cpu_def_get_versions(def); vdef->version; vdef++) {
4471         X86CPUModel *m = g_new0(X86CPUModel, 1);
4472         m->cpudef = def;
4473         m->version = vdef->version;
4474         name = x86_cpu_versioned_model_name(def, vdef->version);
4475         x86_register_cpu_model_type(name, m);
4476         g_free(name);
4477 
4478         if (vdef->alias) {
4479             X86CPUModel *am = g_new0(X86CPUModel, 1);
4480             am->cpudef = def;
4481             am->version = vdef->version;
4482             am->is_alias = true;
4483             x86_register_cpu_model_type(vdef->alias, am);
4484         }
4485     }
4486 
4487 }
4488 
4489 #if !defined(CONFIG_USER_ONLY)
4490 
4491 void cpu_clear_apic_feature(CPUX86State *env)
4492 {
4493     env->features[FEAT_1_EDX] &= ~CPUID_APIC;
4494 }
4495 
4496 #endif /* !CONFIG_USER_ONLY */
4497 
4498 void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
4499                    uint32_t *eax, uint32_t *ebx,
4500                    uint32_t *ecx, uint32_t *edx)
4501 {
4502     X86CPU *cpu = env_archcpu(env);
4503     CPUState *cs = env_cpu(env);
4504     uint32_t die_offset;
4505     uint32_t limit;
4506     uint32_t signature[3];
4507 
4508     /* Calculate & apply limits for different index ranges */
4509     if (index >= 0xC0000000) {
4510         limit = env->cpuid_xlevel2;
4511     } else if (index >= 0x80000000) {
4512         limit = env->cpuid_xlevel;
4513     } else if (index >= 0x40000000) {
4514         limit = 0x40000001;
4515     } else {
4516         limit = env->cpuid_level;
4517     }
4518 
4519     if (index > limit) {
4520         /* Intel documentation states that invalid EAX input will
4521          * return the same information as EAX=cpuid_level
4522          * (Intel SDM Vol. 2A - Instruction Set Reference - CPUID)
4523          */
4524         index = env->cpuid_level;
4525     }
4526 
4527     switch(index) {
4528     case 0:
4529         *eax = env->cpuid_level;
4530         *ebx = env->cpuid_vendor1;
4531         *edx = env->cpuid_vendor2;
4532         *ecx = env->cpuid_vendor3;
4533         break;
4534     case 1:
4535         *eax = env->cpuid_version;
4536         *ebx = (cpu->apic_id << 24) |
4537                8 << 8; /* CLFLUSH size in quad words, Linux wants it. */
4538         *ecx = env->features[FEAT_1_ECX];
4539         if ((*ecx & CPUID_EXT_XSAVE) && (env->cr[4] & CR4_OSXSAVE_MASK)) {
4540             *ecx |= CPUID_EXT_OSXSAVE;
4541         }
4542         *edx = env->features[FEAT_1_EDX];
4543         if (cs->nr_cores * cs->nr_threads > 1) {
4544             *ebx |= (cs->nr_cores * cs->nr_threads) << 16;
4545             *edx |= CPUID_HT;
4546         }
4547         break;
4548     case 2:
4549         /* cache info: needed for Pentium Pro compatibility */
4550         if (cpu->cache_info_passthrough) {
4551             host_cpuid(index, 0, eax, ebx, ecx, edx);
4552             break;
4553         }
4554         *eax = 1; /* Number of CPUID[EAX=2] calls required */
4555         *ebx = 0;
4556         if (!cpu->enable_l3_cache) {
4557             *ecx = 0;
4558         } else {
4559             *ecx = cpuid2_cache_descriptor(env->cache_info_cpuid2.l3_cache);
4560         }
4561         *edx = (cpuid2_cache_descriptor(env->cache_info_cpuid2.l1d_cache) << 16) |
4562                (cpuid2_cache_descriptor(env->cache_info_cpuid2.l1i_cache) <<  8) |
4563                (cpuid2_cache_descriptor(env->cache_info_cpuid2.l2_cache));
4564         break;
4565     case 4:
4566         /* cache info: needed for Core compatibility */
4567         if (cpu->cache_info_passthrough) {
4568             host_cpuid(index, count, eax, ebx, ecx, edx);
4569             /* QEMU gives out its own APIC IDs, never pass down bits 31..26.  */
4570             *eax &= ~0xFC000000;
4571             if ((*eax & 31) && cs->nr_cores > 1) {
4572                 *eax |= (cs->nr_cores - 1) << 26;
4573             }
4574         } else {
4575             *eax = 0;
4576             switch (count) {
4577             case 0: /* L1 dcache info */
4578                 encode_cache_cpuid4(env->cache_info_cpuid4.l1d_cache,
4579                                     1, cs->nr_cores,
4580                                     eax, ebx, ecx, edx);
4581                 break;
4582             case 1: /* L1 icache info */
4583                 encode_cache_cpuid4(env->cache_info_cpuid4.l1i_cache,
4584                                     1, cs->nr_cores,
4585                                     eax, ebx, ecx, edx);
4586                 break;
4587             case 2: /* L2 cache info */
4588                 encode_cache_cpuid4(env->cache_info_cpuid4.l2_cache,
4589                                     cs->nr_threads, cs->nr_cores,
4590                                     eax, ebx, ecx, edx);
4591                 break;
4592             case 3: /* L3 cache info */
4593                 die_offset = apicid_die_offset(env->nr_dies,
4594                                         cs->nr_cores, cs->nr_threads);
4595                 if (cpu->enable_l3_cache) {
4596                     encode_cache_cpuid4(env->cache_info_cpuid4.l3_cache,
4597                                         (1 << die_offset), cs->nr_cores,
4598                                         eax, ebx, ecx, edx);
4599                     break;
4600                 }
4601                 /* fall through */
4602             default: /* end of info */
4603                 *eax = *ebx = *ecx = *edx = 0;
4604                 break;
4605             }
4606         }
4607         break;
4608     case 5:
4609         /* MONITOR/MWAIT Leaf */
4610         *eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
4611         *ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
4612         *ecx = cpu->mwait.ecx; /* flags */
4613         *edx = cpu->mwait.edx; /* mwait substates */
4614         break;
4615     case 6:
4616         /* Thermal and Power Leaf */
4617         *eax = env->features[FEAT_6_EAX];
4618         *ebx = 0;
4619         *ecx = 0;
4620         *edx = 0;
4621         break;
4622     case 7:
4623         /* Structured Extended Feature Flags Enumeration Leaf */
4624         if (count == 0) {
4625             /* Maximum ECX value for sub-leaves */
4626             *eax = env->cpuid_level_func7;
4627             *ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */
4628             *ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */
4629             if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) {
4630                 *ecx |= CPUID_7_0_ECX_OSPKE;
4631             }
4632             *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
4633         } else if (count == 1) {
4634             *eax = env->features[FEAT_7_1_EAX];
4635             *ebx = 0;
4636             *ecx = 0;
4637             *edx = 0;
4638         } else {
4639             *eax = 0;
4640             *ebx = 0;
4641             *ecx = 0;
4642             *edx = 0;
4643         }
4644         break;
4645     case 9:
4646         /* Direct Cache Access Information Leaf */
4647         *eax = 0; /* Bits 0-31 in DCA_CAP MSR */
4648         *ebx = 0;
4649         *ecx = 0;
4650         *edx = 0;
4651         break;
4652     case 0xA:
4653         /* Architectural Performance Monitoring Leaf */
4654         if (kvm_enabled() && cpu->enable_pmu) {
4655             KVMState *s = cs->kvm_state;
4656 
4657             *eax = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EAX);
4658             *ebx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EBX);
4659             *ecx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_ECX);
4660             *edx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EDX);
4661         } else if (hvf_enabled() && cpu->enable_pmu) {
4662             *eax = hvf_get_supported_cpuid(0xA, count, R_EAX);
4663             *ebx = hvf_get_supported_cpuid(0xA, count, R_EBX);
4664             *ecx = hvf_get_supported_cpuid(0xA, count, R_ECX);
4665             *edx = hvf_get_supported_cpuid(0xA, count, R_EDX);
4666         } else {
4667             *eax = 0;
4668             *ebx = 0;
4669             *ecx = 0;
4670             *edx = 0;
4671         }
4672         break;
4673     case 0xB:
4674         /* Extended Topology Enumeration Leaf */
4675         if (!cpu->enable_cpuid_0xb) {
4676                 *eax = *ebx = *ecx = *edx = 0;
4677                 break;
4678         }
4679 
4680         *ecx = count & 0xff;
4681         *edx = cpu->apic_id;
4682 
4683         switch (count) {
4684         case 0:
4685             *eax = apicid_core_offset(env->nr_dies,
4686                                       cs->nr_cores, cs->nr_threads);
4687             *ebx = cs->nr_threads;
4688             *ecx |= CPUID_TOPOLOGY_LEVEL_SMT;
4689             break;
4690         case 1:
4691             *eax = apicid_pkg_offset(env->nr_dies,
4692                                      cs->nr_cores, cs->nr_threads);
4693             *ebx = cs->nr_cores * cs->nr_threads;
4694             *ecx |= CPUID_TOPOLOGY_LEVEL_CORE;
4695             break;
4696         default:
4697             *eax = 0;
4698             *ebx = 0;
4699             *ecx |= CPUID_TOPOLOGY_LEVEL_INVALID;
4700         }
4701 
4702         assert(!(*eax & ~0x1f));
4703         *ebx &= 0xffff; /* The count doesn't need to be reliable. */
4704         break;
4705     case 0x1F:
4706         /* V2 Extended Topology Enumeration Leaf */
4707         if (env->nr_dies < 2) {
4708             *eax = *ebx = *ecx = *edx = 0;
4709             break;
4710         }
4711 
4712         *ecx = count & 0xff;
4713         *edx = cpu->apic_id;
4714         switch (count) {
4715         case 0:
4716             *eax = apicid_core_offset(env->nr_dies, cs->nr_cores,
4717                                                     cs->nr_threads);
4718             *ebx = cs->nr_threads;
4719             *ecx |= CPUID_TOPOLOGY_LEVEL_SMT;
4720             break;
4721         case 1:
4722             *eax = apicid_die_offset(env->nr_dies, cs->nr_cores,
4723                                                    cs->nr_threads);
4724             *ebx = cs->nr_cores * cs->nr_threads;
4725             *ecx |= CPUID_TOPOLOGY_LEVEL_CORE;
4726             break;
4727         case 2:
4728             *eax = apicid_pkg_offset(env->nr_dies, cs->nr_cores,
4729                                                    cs->nr_threads);
4730             *ebx = env->nr_dies * cs->nr_cores * cs->nr_threads;
4731             *ecx |= CPUID_TOPOLOGY_LEVEL_DIE;
4732             break;
4733         default:
4734             *eax = 0;
4735             *ebx = 0;
4736             *ecx |= CPUID_TOPOLOGY_LEVEL_INVALID;
4737         }
4738         assert(!(*eax & ~0x1f));
4739         *ebx &= 0xffff; /* The count doesn't need to be reliable. */
4740         break;
4741     case 0xD: {
4742         /* Processor Extended State */
4743         *eax = 0;
4744         *ebx = 0;
4745         *ecx = 0;
4746         *edx = 0;
4747         if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
4748             break;
4749         }
4750 
4751         if (count == 0) {
4752             *ecx = xsave_area_size(x86_cpu_xsave_components(cpu));
4753             *eax = env->features[FEAT_XSAVE_COMP_LO];
4754             *edx = env->features[FEAT_XSAVE_COMP_HI];
4755             /*
4756              * The initial value of xcr0 and ebx == 0, On host without kvm
4757              * commit 412a3c41(e.g., CentOS 6), the ebx's value always == 0
4758              * even through guest update xcr0, this will crash some legacy guest
4759              * (e.g., CentOS 6), So set ebx == ecx to workaroud it.
4760              */
4761             *ebx = kvm_enabled() ? *ecx : xsave_area_size(env->xcr0);
4762         } else if (count == 1) {
4763             *eax = env->features[FEAT_XSAVE];
4764         } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
4765             if ((x86_cpu_xsave_components(cpu) >> count) & 1) {
4766                 const ExtSaveArea *esa = &x86_ext_save_areas[count];
4767                 *eax = esa->size;
4768                 *ebx = esa->offset;
4769             }
4770         }
4771         break;
4772     }
4773     case 0x14: {
4774         /* Intel Processor Trace Enumeration */
4775         *eax = 0;
4776         *ebx = 0;
4777         *ecx = 0;
4778         *edx = 0;
4779         if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) ||
4780             !kvm_enabled()) {
4781             break;
4782         }
4783 
4784         if (count == 0) {
4785             *eax = INTEL_PT_MAX_SUBLEAF;
4786             *ebx = INTEL_PT_MINIMAL_EBX;
4787             *ecx = INTEL_PT_MINIMAL_ECX;
4788         } else if (count == 1) {
4789             *eax = INTEL_PT_MTC_BITMAP | INTEL_PT_ADDR_RANGES_NUM;
4790             *ebx = INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP;
4791         }
4792         break;
4793     }
4794     case 0x40000000:
4795         /*
4796          * CPUID code in kvm_arch_init_vcpu() ignores stuff
4797          * set here, but we restrict to TCG none the less.
4798          */
4799         if (tcg_enabled() && cpu->expose_tcg) {
4800             memcpy(signature, "TCGTCGTCGTCG", 12);
4801             *eax = 0x40000001;
4802             *ebx = signature[0];
4803             *ecx = signature[1];
4804             *edx = signature[2];
4805         } else {
4806             *eax = 0;
4807             *ebx = 0;
4808             *ecx = 0;
4809             *edx = 0;
4810         }
4811         break;
4812     case 0x40000001:
4813         *eax = 0;
4814         *ebx = 0;
4815         *ecx = 0;
4816         *edx = 0;
4817         break;
4818     case 0x80000000:
4819         *eax = env->cpuid_xlevel;
4820         *ebx = env->cpuid_vendor1;
4821         *edx = env->cpuid_vendor2;
4822         *ecx = env->cpuid_vendor3;
4823         break;
4824     case 0x80000001:
4825         *eax = env->cpuid_version;
4826         *ebx = 0;
4827         *ecx = env->features[FEAT_8000_0001_ECX];
4828         *edx = env->features[FEAT_8000_0001_EDX];
4829 
4830         /* The Linux kernel checks for the CMPLegacy bit and
4831          * discards multiple thread information if it is set.
4832          * So don't set it here for Intel to make Linux guests happy.
4833          */
4834         if (cs->nr_cores * cs->nr_threads > 1) {
4835             if (env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1 ||
4836                 env->cpuid_vendor2 != CPUID_VENDOR_INTEL_2 ||
4837                 env->cpuid_vendor3 != CPUID_VENDOR_INTEL_3) {
4838                 *ecx |= 1 << 1;    /* CmpLegacy bit */
4839             }
4840         }
4841         break;
4842     case 0x80000002:
4843     case 0x80000003:
4844     case 0x80000004:
4845         *eax = env->cpuid_model[(index - 0x80000002) * 4 + 0];
4846         *ebx = env->cpuid_model[(index - 0x80000002) * 4 + 1];
4847         *ecx = env->cpuid_model[(index - 0x80000002) * 4 + 2];
4848         *edx = env->cpuid_model[(index - 0x80000002) * 4 + 3];
4849         break;
4850     case 0x80000005:
4851         /* cache info (L1 cache) */
4852         if (cpu->cache_info_passthrough) {
4853             host_cpuid(index, 0, eax, ebx, ecx, edx);
4854             break;
4855         }
4856         *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) | \
4857                (L1_ITLB_2M_ASSOC <<  8) | (L1_ITLB_2M_ENTRIES);
4858         *ebx = (L1_DTLB_4K_ASSOC << 24) | (L1_DTLB_4K_ENTRIES << 16) | \
4859                (L1_ITLB_4K_ASSOC <<  8) | (L1_ITLB_4K_ENTRIES);
4860         *ecx = encode_cache_cpuid80000005(env->cache_info_amd.l1d_cache);
4861         *edx = encode_cache_cpuid80000005(env->cache_info_amd.l1i_cache);
4862         break;
4863     case 0x80000006:
4864         /* cache info (L2 cache) */
4865         if (cpu->cache_info_passthrough) {
4866             host_cpuid(index, 0, eax, ebx, ecx, edx);
4867             break;
4868         }
4869         *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) | \
4870                (L2_DTLB_2M_ENTRIES << 16) | \
4871                (AMD_ENC_ASSOC(L2_ITLB_2M_ASSOC) << 12) | \
4872                (L2_ITLB_2M_ENTRIES);
4873         *ebx = (AMD_ENC_ASSOC(L2_DTLB_4K_ASSOC) << 28) | \
4874                (L2_DTLB_4K_ENTRIES << 16) | \
4875                (AMD_ENC_ASSOC(L2_ITLB_4K_ASSOC) << 12) | \
4876                (L2_ITLB_4K_ENTRIES);
4877         encode_cache_cpuid80000006(env->cache_info_amd.l2_cache,
4878                                    cpu->enable_l3_cache ?
4879                                    env->cache_info_amd.l3_cache : NULL,
4880                                    ecx, edx);
4881         break;
4882     case 0x80000007:
4883         *eax = 0;
4884         *ebx = 0;
4885         *ecx = 0;
4886         *edx = env->features[FEAT_8000_0007_EDX];
4887         break;
4888     case 0x80000008:
4889         /* virtual & phys address size in low 2 bytes. */
4890         if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
4891             /* 64 bit processor */
4892             *eax = cpu->phys_bits; /* configurable physical bits */
4893             if  (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_LA57) {
4894                 *eax |= 0x00003900; /* 57 bits virtual */
4895             } else {
4896                 *eax |= 0x00003000; /* 48 bits virtual */
4897             }
4898         } else {
4899             *eax = cpu->phys_bits;
4900         }
4901         *ebx = env->features[FEAT_8000_0008_EBX];
4902         *ecx = 0;
4903         *edx = 0;
4904         if (cs->nr_cores * cs->nr_threads > 1) {
4905             *ecx |= (cs->nr_cores * cs->nr_threads) - 1;
4906         }
4907         break;
4908     case 0x8000000A:
4909         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
4910             *eax = 0x00000001; /* SVM Revision */
4911             *ebx = 0x00000010; /* nr of ASIDs */
4912             *ecx = 0;
4913             *edx = env->features[FEAT_SVM]; /* optional features */
4914         } else {
4915             *eax = 0;
4916             *ebx = 0;
4917             *ecx = 0;
4918             *edx = 0;
4919         }
4920         break;
4921     case 0x8000001D:
4922         *eax = 0;
4923         if (cpu->cache_info_passthrough) {
4924             host_cpuid(index, count, eax, ebx, ecx, edx);
4925             break;
4926         }
4927         switch (count) {
4928         case 0: /* L1 dcache info */
4929             encode_cache_cpuid8000001d(env->cache_info_amd.l1d_cache, cs,
4930                                        eax, ebx, ecx, edx);
4931             break;
4932         case 1: /* L1 icache info */
4933             encode_cache_cpuid8000001d(env->cache_info_amd.l1i_cache, cs,
4934                                        eax, ebx, ecx, edx);
4935             break;
4936         case 2: /* L2 cache info */
4937             encode_cache_cpuid8000001d(env->cache_info_amd.l2_cache, cs,
4938                                        eax, ebx, ecx, edx);
4939             break;
4940         case 3: /* L3 cache info */
4941             encode_cache_cpuid8000001d(env->cache_info_amd.l3_cache, cs,
4942                                        eax, ebx, ecx, edx);
4943             break;
4944         default: /* end of info */
4945             *eax = *ebx = *ecx = *edx = 0;
4946             break;
4947         }
4948         break;
4949     case 0x8000001E:
4950         assert(cpu->core_id <= 255);
4951         encode_topo_cpuid8000001e(cs, cpu,
4952                                   eax, ebx, ecx, edx);
4953         break;
4954     case 0xC0000000:
4955         *eax = env->cpuid_xlevel2;
4956         *ebx = 0;
4957         *ecx = 0;
4958         *edx = 0;
4959         break;
4960     case 0xC0000001:
4961         /* Support for VIA CPU's CPUID instruction */
4962         *eax = env->cpuid_version;
4963         *ebx = 0;
4964         *ecx = 0;
4965         *edx = env->features[FEAT_C000_0001_EDX];
4966         break;
4967     case 0xC0000002:
4968     case 0xC0000003:
4969     case 0xC0000004:
4970         /* Reserved for the future, and now filled with zero */
4971         *eax = 0;
4972         *ebx = 0;
4973         *ecx = 0;
4974         *edx = 0;
4975         break;
4976     case 0x8000001F:
4977         *eax = sev_enabled() ? 0x2 : 0;
4978         *ebx = sev_get_cbit_position();
4979         *ebx |= sev_get_reduced_phys_bits() << 6;
4980         *ecx = 0;
4981         *edx = 0;
4982         break;
4983     default:
4984         /* reserved values: zero */
4985         *eax = 0;
4986         *ebx = 0;
4987         *ecx = 0;
4988         *edx = 0;
4989         break;
4990     }
4991 }
4992 
4993 /* CPUClass::reset() */
4994 static void x86_cpu_reset(CPUState *s)
4995 {
4996     X86CPU *cpu = X86_CPU(s);
4997     X86CPUClass *xcc = X86_CPU_GET_CLASS(cpu);
4998     CPUX86State *env = &cpu->env;
4999     target_ulong cr4;
5000     uint64_t xcr0;
5001     int i;
5002 
5003     xcc->parent_reset(s);
5004 
5005     memset(env, 0, offsetof(CPUX86State, end_reset_fields));
5006 
5007     env->old_exception = -1;
5008 
5009     /* init to reset state */
5010 
5011     env->hflags2 |= HF2_GIF_MASK;
5012 
5013     cpu_x86_update_cr0(env, 0x60000010);
5014     env->a20_mask = ~0x0;
5015     env->smbase = 0x30000;
5016     env->msr_smi_count = 0;
5017 
5018     env->idt.limit = 0xffff;
5019     env->gdt.limit = 0xffff;
5020     env->ldt.limit = 0xffff;
5021     env->ldt.flags = DESC_P_MASK | (2 << DESC_TYPE_SHIFT);
5022     env->tr.limit = 0xffff;
5023     env->tr.flags = DESC_P_MASK | (11 << DESC_TYPE_SHIFT);
5024 
5025     cpu_x86_load_seg_cache(env, R_CS, 0xf000, 0xffff0000, 0xffff,
5026                            DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
5027                            DESC_R_MASK | DESC_A_MASK);
5028     cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffff,
5029                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5030                            DESC_A_MASK);
5031     cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0xffff,
5032                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5033                            DESC_A_MASK);
5034     cpu_x86_load_seg_cache(env, R_SS, 0, 0, 0xffff,
5035                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5036                            DESC_A_MASK);
5037     cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0xffff,
5038                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5039                            DESC_A_MASK);
5040     cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0xffff,
5041                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
5042                            DESC_A_MASK);
5043 
5044     env->eip = 0xfff0;
5045     env->regs[R_EDX] = env->cpuid_version;
5046 
5047     env->eflags = 0x2;
5048 
5049     /* FPU init */
5050     for (i = 0; i < 8; i++) {
5051         env->fptags[i] = 1;
5052     }
5053     cpu_set_fpuc(env, 0x37f);
5054 
5055     env->mxcsr = 0x1f80;
5056     /* All units are in INIT state.  */
5057     env->xstate_bv = 0;
5058 
5059     env->pat = 0x0007040600070406ULL;
5060     env->msr_ia32_misc_enable = MSR_IA32_MISC_ENABLE_DEFAULT;
5061     if (env->features[FEAT_1_ECX] & CPUID_EXT_MONITOR) {
5062         env->msr_ia32_misc_enable |= MSR_IA32_MISC_ENABLE_MWAIT;
5063     }
5064 
5065     memset(env->dr, 0, sizeof(env->dr));
5066     env->dr[6] = DR6_FIXED_1;
5067     env->dr[7] = DR7_FIXED_1;
5068     cpu_breakpoint_remove_all(s, BP_CPU);
5069     cpu_watchpoint_remove_all(s, BP_CPU);
5070 
5071     cr4 = 0;
5072     xcr0 = XSTATE_FP_MASK;
5073 
5074 #ifdef CONFIG_USER_ONLY
5075     /* Enable all the features for user-mode.  */
5076     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
5077         xcr0 |= XSTATE_SSE_MASK;
5078     }
5079     for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
5080         const ExtSaveArea *esa = &x86_ext_save_areas[i];
5081         if (env->features[esa->feature] & esa->bits) {
5082             xcr0 |= 1ull << i;
5083         }
5084     }
5085 
5086     if (env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) {
5087         cr4 |= CR4_OSFXSR_MASK | CR4_OSXSAVE_MASK;
5088     }
5089     if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_FSGSBASE) {
5090         cr4 |= CR4_FSGSBASE_MASK;
5091     }
5092 #endif
5093 
5094     env->xcr0 = xcr0;
5095     cpu_x86_update_cr4(env, cr4);
5096 
5097     /*
5098      * SDM 11.11.5 requires:
5099      *  - IA32_MTRR_DEF_TYPE MSR.E = 0
5100      *  - IA32_MTRR_PHYSMASKn.V = 0
5101      * All other bits are undefined.  For simplification, zero it all.
5102      */
5103     env->mtrr_deftype = 0;
5104     memset(env->mtrr_var, 0, sizeof(env->mtrr_var));
5105     memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
5106 
5107     env->interrupt_injected = -1;
5108     env->exception_nr = -1;
5109     env->exception_pending = 0;
5110     env->exception_injected = 0;
5111     env->exception_has_payload = false;
5112     env->exception_payload = 0;
5113     env->nmi_injected = false;
5114 #if !defined(CONFIG_USER_ONLY)
5115     /* We hard-wire the BSP to the first CPU. */
5116     apic_designate_bsp(cpu->apic_state, s->cpu_index == 0);
5117 
5118     s->halted = !cpu_is_bsp(cpu);
5119 
5120     if (kvm_enabled()) {
5121         kvm_arch_reset_vcpu(cpu);
5122     }
5123     else if (hvf_enabled()) {
5124         hvf_reset_vcpu(s);
5125     }
5126 #endif
5127 }
5128 
5129 #ifndef CONFIG_USER_ONLY
5130 bool cpu_is_bsp(X86CPU *cpu)
5131 {
5132     return cpu_get_apic_base(cpu->apic_state) & MSR_IA32_APICBASE_BSP;
5133 }
5134 
5135 /* TODO: remove me, when reset over QOM tree is implemented */
5136 static void x86_cpu_machine_reset_cb(void *opaque)
5137 {
5138     X86CPU *cpu = opaque;
5139     cpu_reset(CPU(cpu));
5140 }
5141 #endif
5142 
5143 static void mce_init(X86CPU *cpu)
5144 {
5145     CPUX86State *cenv = &cpu->env;
5146     unsigned int bank;
5147 
5148     if (((cenv->cpuid_version >> 8) & 0xf) >= 6
5149         && (cenv->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
5150             (CPUID_MCE | CPUID_MCA)) {
5151         cenv->mcg_cap = MCE_CAP_DEF | MCE_BANKS_DEF |
5152                         (cpu->enable_lmce ? MCG_LMCE_P : 0);
5153         cenv->mcg_ctl = ~(uint64_t)0;
5154         for (bank = 0; bank < MCE_BANKS_DEF; bank++) {
5155             cenv->mce_banks[bank * 4] = ~(uint64_t)0;
5156         }
5157     }
5158 }
5159 
5160 #ifndef CONFIG_USER_ONLY
5161 APICCommonClass *apic_get_class(void)
5162 {
5163     const char *apic_type = "apic";
5164 
5165     /* TODO: in-kernel irqchip for hvf */
5166     if (kvm_apic_in_kernel()) {
5167         apic_type = "kvm-apic";
5168     } else if (xen_enabled()) {
5169         apic_type = "xen-apic";
5170     }
5171 
5172     return APIC_COMMON_CLASS(object_class_by_name(apic_type));
5173 }
5174 
5175 static void x86_cpu_apic_create(X86CPU *cpu, Error **errp)
5176 {
5177     APICCommonState *apic;
5178     ObjectClass *apic_class = OBJECT_CLASS(apic_get_class());
5179 
5180     cpu->apic_state = DEVICE(object_new(object_class_get_name(apic_class)));
5181 
5182     object_property_add_child(OBJECT(cpu), "lapic",
5183                               OBJECT(cpu->apic_state), &error_abort);
5184     object_unref(OBJECT(cpu->apic_state));
5185 
5186     qdev_prop_set_uint32(cpu->apic_state, "id", cpu->apic_id);
5187     /* TODO: convert to link<> */
5188     apic = APIC_COMMON(cpu->apic_state);
5189     apic->cpu = cpu;
5190     apic->apicbase = APIC_DEFAULT_ADDRESS | MSR_IA32_APICBASE_ENABLE;
5191 }
5192 
5193 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
5194 {
5195     APICCommonState *apic;
5196     static bool apic_mmio_map_once;
5197 
5198     if (cpu->apic_state == NULL) {
5199         return;
5200     }
5201     object_property_set_bool(OBJECT(cpu->apic_state), true, "realized",
5202                              errp);
5203 
5204     /* Map APIC MMIO area */
5205     apic = APIC_COMMON(cpu->apic_state);
5206     if (!apic_mmio_map_once) {
5207         memory_region_add_subregion_overlap(get_system_memory(),
5208                                             apic->apicbase &
5209                                             MSR_IA32_APICBASE_BASE,
5210                                             &apic->io_memory,
5211                                             0x1000);
5212         apic_mmio_map_once = true;
5213      }
5214 }
5215 
5216 static void x86_cpu_machine_done(Notifier *n, void *unused)
5217 {
5218     X86CPU *cpu = container_of(n, X86CPU, machine_done);
5219     MemoryRegion *smram =
5220         (MemoryRegion *) object_resolve_path("/machine/smram", NULL);
5221 
5222     if (smram) {
5223         cpu->smram = g_new(MemoryRegion, 1);
5224         memory_region_init_alias(cpu->smram, OBJECT(cpu), "smram",
5225                                  smram, 0, 1ull << 32);
5226         memory_region_set_enabled(cpu->smram, true);
5227         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->smram, 1);
5228     }
5229 }
5230 #else
5231 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
5232 {
5233 }
5234 #endif
5235 
5236 /* Note: Only safe for use on x86(-64) hosts */
5237 static uint32_t x86_host_phys_bits(void)
5238 {
5239     uint32_t eax;
5240     uint32_t host_phys_bits;
5241 
5242     host_cpuid(0x80000000, 0, &eax, NULL, NULL, NULL);
5243     if (eax >= 0x80000008) {
5244         host_cpuid(0x80000008, 0, &eax, NULL, NULL, NULL);
5245         /* Note: According to AMD doc 25481 rev 2.34 they have a field
5246          * at 23:16 that can specify a maximum physical address bits for
5247          * the guest that can override this value; but I've not seen
5248          * anything with that set.
5249          */
5250         host_phys_bits = eax & 0xff;
5251     } else {
5252         /* It's an odd 64 bit machine that doesn't have the leaf for
5253          * physical address bits; fall back to 36 that's most older
5254          * Intel.
5255          */
5256         host_phys_bits = 36;
5257     }
5258 
5259     return host_phys_bits;
5260 }
5261 
5262 static void x86_cpu_adjust_level(X86CPU *cpu, uint32_t *min, uint32_t value)
5263 {
5264     if (*min < value) {
5265         *min = value;
5266     }
5267 }
5268 
5269 /* Increase cpuid_min_{level,xlevel,xlevel2} automatically, if appropriate */
5270 static void x86_cpu_adjust_feat_level(X86CPU *cpu, FeatureWord w)
5271 {
5272     CPUX86State *env = &cpu->env;
5273     FeatureWordInfo *fi = &feature_word_info[w];
5274     uint32_t eax = fi->cpuid.eax;
5275     uint32_t region = eax & 0xF0000000;
5276 
5277     assert(feature_word_info[w].type == CPUID_FEATURE_WORD);
5278     if (!env->features[w]) {
5279         return;
5280     }
5281 
5282     switch (region) {
5283     case 0x00000000:
5284         x86_cpu_adjust_level(cpu, &env->cpuid_min_level, eax);
5285     break;
5286     case 0x80000000:
5287         x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, eax);
5288     break;
5289     case 0xC0000000:
5290         x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel2, eax);
5291     break;
5292     }
5293 
5294     if (eax == 7) {
5295         x86_cpu_adjust_level(cpu, &env->cpuid_min_level_func7,
5296                              fi->cpuid.ecx);
5297     }
5298 }
5299 
5300 /* Calculate XSAVE components based on the configured CPU feature flags */
5301 static void x86_cpu_enable_xsave_components(X86CPU *cpu)
5302 {
5303     CPUX86State *env = &cpu->env;
5304     int i;
5305     uint64_t mask;
5306 
5307     if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
5308         return;
5309     }
5310 
5311     mask = 0;
5312     for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
5313         const ExtSaveArea *esa = &x86_ext_save_areas[i];
5314         if (env->features[esa->feature] & esa->bits) {
5315             mask |= (1ULL << i);
5316         }
5317     }
5318 
5319     env->features[FEAT_XSAVE_COMP_LO] = mask;
5320     env->features[FEAT_XSAVE_COMP_HI] = mask >> 32;
5321 }
5322 
5323 /***** Steps involved on loading and filtering CPUID data
5324  *
5325  * When initializing and realizing a CPU object, the steps
5326  * involved in setting up CPUID data are:
5327  *
5328  * 1) Loading CPU model definition (X86CPUDefinition). This is
5329  *    implemented by x86_cpu_load_model() and should be completely
5330  *    transparent, as it is done automatically by instance_init.
5331  *    No code should need to look at X86CPUDefinition structs
5332  *    outside instance_init.
5333  *
5334  * 2) CPU expansion. This is done by realize before CPUID
5335  *    filtering, and will make sure host/accelerator data is
5336  *    loaded for CPU models that depend on host capabilities
5337  *    (e.g. "host"). Done by x86_cpu_expand_features().
5338  *
5339  * 3) CPUID filtering. This initializes extra data related to
5340  *    CPUID, and checks if the host supports all capabilities
5341  *    required by the CPU. Runnability of a CPU model is
5342  *    determined at this step. Done by x86_cpu_filter_features().
5343  *
5344  * Some operations don't require all steps to be performed.
5345  * More precisely:
5346  *
5347  * - CPU instance creation (instance_init) will run only CPU
5348  *   model loading. CPU expansion can't run at instance_init-time
5349  *   because host/accelerator data may be not available yet.
5350  * - CPU realization will perform both CPU model expansion and CPUID
5351  *   filtering, and return an error in case one of them fails.
5352  * - query-cpu-definitions needs to run all 3 steps. It needs
5353  *   to run CPUID filtering, as the 'unavailable-features'
5354  *   field is set based on the filtering results.
5355  * - The query-cpu-model-expansion QMP command only needs to run
5356  *   CPU model loading and CPU expansion. It should not filter
5357  *   any CPUID data based on host capabilities.
5358  */
5359 
5360 /* Expand CPU configuration data, based on configured features
5361  * and host/accelerator capabilities when appropriate.
5362  */
5363 static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
5364 {
5365     CPUX86State *env = &cpu->env;
5366     FeatureWord w;
5367     int i;
5368     GList *l;
5369     Error *local_err = NULL;
5370 
5371     for (l = plus_features; l; l = l->next) {
5372         const char *prop = l->data;
5373         object_property_set_bool(OBJECT(cpu), true, prop, &local_err);
5374         if (local_err) {
5375             goto out;
5376         }
5377     }
5378 
5379     for (l = minus_features; l; l = l->next) {
5380         const char *prop = l->data;
5381         object_property_set_bool(OBJECT(cpu), false, prop, &local_err);
5382         if (local_err) {
5383             goto out;
5384         }
5385     }
5386 
5387     /*TODO: Now cpu->max_features doesn't overwrite features
5388      * set using QOM properties, and we can convert
5389      * plus_features & minus_features to global properties
5390      * inside x86_cpu_parse_featurestr() too.
5391      */
5392     if (cpu->max_features) {
5393         for (w = 0; w < FEATURE_WORDS; w++) {
5394             /* Override only features that weren't set explicitly
5395              * by the user.
5396              */
5397             env->features[w] |=
5398                 x86_cpu_get_supported_feature_word(w, cpu->migratable) &
5399                 ~env->user_features[w] & \
5400                 ~feature_word_info[w].no_autoenable_flags;
5401         }
5402     }
5403 
5404     for (i = 0; i < ARRAY_SIZE(feature_dependencies); i++) {
5405         FeatureDep *d = &feature_dependencies[i];
5406         if (!(env->features[d->from.index] & d->from.mask)) {
5407             uint64_t unavailable_features = env->features[d->to.index] & d->to.mask;
5408 
5409             /* Not an error unless the dependent feature was added explicitly.  */
5410             mark_unavailable_features(cpu, d->to.index,
5411                                       unavailable_features & env->user_features[d->to.index],
5412                                       "This feature depends on other features that were not requested");
5413 
5414             env->user_features[d->to.index] |= unavailable_features;
5415             env->features[d->to.index] &= ~unavailable_features;
5416         }
5417     }
5418 
5419     if (!kvm_enabled() || !cpu->expose_kvm) {
5420         env->features[FEAT_KVM] = 0;
5421     }
5422 
5423     x86_cpu_enable_xsave_components(cpu);
5424 
5425     /* CPUID[EAX=7,ECX=0].EBX always increased level automatically: */
5426     x86_cpu_adjust_feat_level(cpu, FEAT_7_0_EBX);
5427     if (cpu->full_cpuid_auto_level) {
5428         x86_cpu_adjust_feat_level(cpu, FEAT_1_EDX);
5429         x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX);
5430         x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX);
5431         x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX);
5432         x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX);
5433         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX);
5434         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX);
5435         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX);
5436         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX);
5437         x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
5438         x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
5439         x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
5440 
5441         /* Intel Processor Trace requires CPUID[0x14] */
5442         if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) &&
5443              kvm_enabled() && cpu->intel_pt_auto_level) {
5444             x86_cpu_adjust_level(cpu, &cpu->env.cpuid_min_level, 0x14);
5445         }
5446 
5447         /* CPU topology with multi-dies support requires CPUID[0x1F] */
5448         if (env->nr_dies > 1) {
5449             x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F);
5450         }
5451 
5452         /* SVM requires CPUID[0x8000000A] */
5453         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
5454             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
5455         }
5456 
5457         /* SEV requires CPUID[0x8000001F] */
5458         if (sev_enabled()) {
5459             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
5460         }
5461     }
5462 
5463     /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
5464     if (env->cpuid_level_func7 == UINT32_MAX) {
5465         env->cpuid_level_func7 = env->cpuid_min_level_func7;
5466     }
5467     if (env->cpuid_level == UINT32_MAX) {
5468         env->cpuid_level = env->cpuid_min_level;
5469     }
5470     if (env->cpuid_xlevel == UINT32_MAX) {
5471         env->cpuid_xlevel = env->cpuid_min_xlevel;
5472     }
5473     if (env->cpuid_xlevel2 == UINT32_MAX) {
5474         env->cpuid_xlevel2 = env->cpuid_min_xlevel2;
5475     }
5476 
5477 out:
5478     if (local_err != NULL) {
5479         error_propagate(errp, local_err);
5480     }
5481 }
5482 
5483 /*
5484  * Finishes initialization of CPUID data, filters CPU feature
5485  * words based on host availability of each feature.
5486  *
5487  * Returns: 0 if all flags are supported by the host, non-zero otherwise.
5488  */
5489 static void x86_cpu_filter_features(X86CPU *cpu, bool verbose)
5490 {
5491     CPUX86State *env = &cpu->env;
5492     FeatureWord w;
5493     const char *prefix = NULL;
5494 
5495     if (verbose) {
5496         prefix = accel_uses_host_cpuid()
5497                  ? "host doesn't support requested feature"
5498                  : "TCG doesn't support requested feature";
5499     }
5500 
5501     for (w = 0; w < FEATURE_WORDS; w++) {
5502         uint64_t host_feat =
5503             x86_cpu_get_supported_feature_word(w, false);
5504         uint64_t requested_features = env->features[w];
5505         uint64_t unavailable_features = requested_features & ~host_feat;
5506         mark_unavailable_features(cpu, w, unavailable_features, prefix);
5507     }
5508 
5509     if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) &&
5510         kvm_enabled()) {
5511         KVMState *s = CPU(cpu)->kvm_state;
5512         uint32_t eax_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_EAX);
5513         uint32_t ebx_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_EBX);
5514         uint32_t ecx_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_ECX);
5515         uint32_t eax_1 = kvm_arch_get_supported_cpuid(s, 0x14, 1, R_EAX);
5516         uint32_t ebx_1 = kvm_arch_get_supported_cpuid(s, 0x14, 1, R_EBX);
5517 
5518         if (!eax_0 ||
5519            ((ebx_0 & INTEL_PT_MINIMAL_EBX) != INTEL_PT_MINIMAL_EBX) ||
5520            ((ecx_0 & INTEL_PT_MINIMAL_ECX) != INTEL_PT_MINIMAL_ECX) ||
5521            ((eax_1 & INTEL_PT_MTC_BITMAP) != INTEL_PT_MTC_BITMAP) ||
5522            ((eax_1 & INTEL_PT_ADDR_RANGES_NUM_MASK) <
5523                                            INTEL_PT_ADDR_RANGES_NUM) ||
5524            ((ebx_1 & (INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP)) !=
5525                 (INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP)) ||
5526            (ecx_0 & INTEL_PT_IP_LIP)) {
5527             /*
5528              * Processor Trace capabilities aren't configurable, so if the
5529              * host can't emulate the capabilities we report on
5530              * cpu_x86_cpuid(), intel-pt can't be enabled on the current host.
5531              */
5532             mark_unavailable_features(cpu, FEAT_7_0_EBX, CPUID_7_0_EBX_INTEL_PT, prefix);
5533         }
5534     }
5535 }
5536 
5537 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
5538 {
5539     CPUState *cs = CPU(dev);
5540     X86CPU *cpu = X86_CPU(dev);
5541     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
5542     CPUX86State *env = &cpu->env;
5543     Error *local_err = NULL;
5544     static bool ht_warned;
5545 
5546     if (xcc->host_cpuid_required) {
5547         if (!accel_uses_host_cpuid()) {
5548             char *name = x86_cpu_class_get_model_name(xcc);
5549             error_setg(&local_err, "CPU model '%s' requires KVM", name);
5550             g_free(name);
5551             goto out;
5552         }
5553 
5554         if (enable_cpu_pm) {
5555             host_cpuid(5, 0, &cpu->mwait.eax, &cpu->mwait.ebx,
5556                        &cpu->mwait.ecx, &cpu->mwait.edx);
5557             env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR;
5558         }
5559     }
5560 
5561     /* mwait extended info: needed for Core compatibility */
5562     /* We always wake on interrupt even if host does not have the capability */
5563     cpu->mwait.ecx |= CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
5564 
5565     if (cpu->apic_id == UNASSIGNED_APIC_ID) {
5566         error_setg(errp, "apic-id property was not initialized properly");
5567         return;
5568     }
5569 
5570     x86_cpu_expand_features(cpu, &local_err);
5571     if (local_err) {
5572         goto out;
5573     }
5574 
5575     x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid);
5576 
5577     if (cpu->enforce_cpuid && x86_cpu_have_filtered_features(cpu)) {
5578         error_setg(&local_err,
5579                    accel_uses_host_cpuid() ?
5580                        "Host doesn't support requested features" :
5581                        "TCG doesn't support requested features");
5582         goto out;
5583     }
5584 
5585     /* On AMD CPUs, some CPUID[8000_0001].EDX bits must match the bits on
5586      * CPUID[1].EDX.
5587      */
5588     if (IS_AMD_CPU(env)) {
5589         env->features[FEAT_8000_0001_EDX] &= ~CPUID_EXT2_AMD_ALIASES;
5590         env->features[FEAT_8000_0001_EDX] |= (env->features[FEAT_1_EDX]
5591            & CPUID_EXT2_AMD_ALIASES);
5592     }
5593 
5594     /* For 64bit systems think about the number of physical bits to present.
5595      * ideally this should be the same as the host; anything other than matching
5596      * the host can cause incorrect guest behaviour.
5597      * QEMU used to pick the magic value of 40 bits that corresponds to
5598      * consumer AMD devices but nothing else.
5599      */
5600     if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
5601         if (accel_uses_host_cpuid()) {
5602             uint32_t host_phys_bits = x86_host_phys_bits();
5603             static bool warned;
5604 
5605             /* Print a warning if the user set it to a value that's not the
5606              * host value.
5607              */
5608             if (cpu->phys_bits != host_phys_bits && cpu->phys_bits != 0 &&
5609                 !warned) {
5610                 warn_report("Host physical bits (%u)"
5611                             " does not match phys-bits property (%u)",
5612                             host_phys_bits, cpu->phys_bits);
5613                 warned = true;
5614             }
5615 
5616             if (cpu->host_phys_bits) {
5617                 /* The user asked for us to use the host physical bits */
5618                 cpu->phys_bits = host_phys_bits;
5619                 if (cpu->host_phys_bits_limit &&
5620                     cpu->phys_bits > cpu->host_phys_bits_limit) {
5621                     cpu->phys_bits = cpu->host_phys_bits_limit;
5622                 }
5623             }
5624 
5625             if (cpu->phys_bits &&
5626                 (cpu->phys_bits > TARGET_PHYS_ADDR_SPACE_BITS ||
5627                 cpu->phys_bits < 32)) {
5628                 error_setg(errp, "phys-bits should be between 32 and %u "
5629                                  " (but is %u)",
5630                                  TARGET_PHYS_ADDR_SPACE_BITS, cpu->phys_bits);
5631                 return;
5632             }
5633         } else {
5634             if (cpu->phys_bits && cpu->phys_bits != TCG_PHYS_ADDR_BITS) {
5635                 error_setg(errp, "TCG only supports phys-bits=%u",
5636                                   TCG_PHYS_ADDR_BITS);
5637                 return;
5638             }
5639         }
5640         /* 0 means it was not explicitly set by the user (or by machine
5641          * compat_props or by the host code above). In this case, the default
5642          * is the value used by TCG (40).
5643          */
5644         if (cpu->phys_bits == 0) {
5645             cpu->phys_bits = TCG_PHYS_ADDR_BITS;
5646         }
5647     } else {
5648         /* For 32 bit systems don't use the user set value, but keep
5649          * phys_bits consistent with what we tell the guest.
5650          */
5651         if (cpu->phys_bits != 0) {
5652             error_setg(errp, "phys-bits is not user-configurable in 32 bit");
5653             return;
5654         }
5655 
5656         if (env->features[FEAT_1_EDX] & CPUID_PSE36) {
5657             cpu->phys_bits = 36;
5658         } else {
5659             cpu->phys_bits = 32;
5660         }
5661     }
5662 
5663     /* Cache information initialization */
5664     if (!cpu->legacy_cache) {
5665         if (!xcc->model || !xcc->model->cpudef->cache_info) {
5666             char *name = x86_cpu_class_get_model_name(xcc);
5667             error_setg(errp,
5668                        "CPU model '%s' doesn't support legacy-cache=off", name);
5669             g_free(name);
5670             return;
5671         }
5672         env->cache_info_cpuid2 = env->cache_info_cpuid4 = env->cache_info_amd =
5673             *xcc->model->cpudef->cache_info;
5674     } else {
5675         /* Build legacy cache information */
5676         env->cache_info_cpuid2.l1d_cache = &legacy_l1d_cache;
5677         env->cache_info_cpuid2.l1i_cache = &legacy_l1i_cache;
5678         env->cache_info_cpuid2.l2_cache = &legacy_l2_cache_cpuid2;
5679         env->cache_info_cpuid2.l3_cache = &legacy_l3_cache;
5680 
5681         env->cache_info_cpuid4.l1d_cache = &legacy_l1d_cache;
5682         env->cache_info_cpuid4.l1i_cache = &legacy_l1i_cache;
5683         env->cache_info_cpuid4.l2_cache = &legacy_l2_cache;
5684         env->cache_info_cpuid4.l3_cache = &legacy_l3_cache;
5685 
5686         env->cache_info_amd.l1d_cache = &legacy_l1d_cache_amd;
5687         env->cache_info_amd.l1i_cache = &legacy_l1i_cache_amd;
5688         env->cache_info_amd.l2_cache = &legacy_l2_cache_amd;
5689         env->cache_info_amd.l3_cache = &legacy_l3_cache;
5690     }
5691 
5692 
5693     cpu_exec_realizefn(cs, &local_err);
5694     if (local_err != NULL) {
5695         error_propagate(errp, local_err);
5696         return;
5697     }
5698 
5699 #ifndef CONFIG_USER_ONLY
5700     MachineState *ms = MACHINE(qdev_get_machine());
5701     qemu_register_reset(x86_cpu_machine_reset_cb, cpu);
5702 
5703     if (cpu->env.features[FEAT_1_EDX] & CPUID_APIC || ms->smp.cpus > 1) {
5704         x86_cpu_apic_create(cpu, &local_err);
5705         if (local_err != NULL) {
5706             goto out;
5707         }
5708     }
5709 #endif
5710 
5711     mce_init(cpu);
5712 
5713 #ifndef CONFIG_USER_ONLY
5714     if (tcg_enabled()) {
5715         cpu->cpu_as_mem = g_new(MemoryRegion, 1);
5716         cpu->cpu_as_root = g_new(MemoryRegion, 1);
5717 
5718         /* Outer container... */
5719         memory_region_init(cpu->cpu_as_root, OBJECT(cpu), "memory", ~0ull);
5720         memory_region_set_enabled(cpu->cpu_as_root, true);
5721 
5722         /* ... with two regions inside: normal system memory with low
5723          * priority, and...
5724          */
5725         memory_region_init_alias(cpu->cpu_as_mem, OBJECT(cpu), "memory",
5726                                  get_system_memory(), 0, ~0ull);
5727         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0);
5728         memory_region_set_enabled(cpu->cpu_as_mem, true);
5729 
5730         cs->num_ases = 2;
5731         cpu_address_space_init(cs, 0, "cpu-memory", cs->memory);
5732         cpu_address_space_init(cs, 1, "cpu-smm", cpu->cpu_as_root);
5733 
5734         /* ... SMRAM with higher priority, linked from /machine/smram.  */
5735         cpu->machine_done.notify = x86_cpu_machine_done;
5736         qemu_add_machine_init_done_notifier(&cpu->machine_done);
5737     }
5738 #endif
5739 
5740     qemu_init_vcpu(cs);
5741 
5742     /*
5743      * Most Intel and certain AMD CPUs support hyperthreading. Even though QEMU
5744      * fixes this issue by adjusting CPUID_0000_0001_EBX and CPUID_8000_0008_ECX
5745      * based on inputs (sockets,cores,threads), it is still better to give
5746      * users a warning.
5747      *
5748      * NOTE: the following code has to follow qemu_init_vcpu(). Otherwise
5749      * cs->nr_threads hasn't be populated yet and the checking is incorrect.
5750      */
5751     if (IS_AMD_CPU(env) &&
5752         !(env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) &&
5753         cs->nr_threads > 1 && !ht_warned) {
5754             warn_report("This family of AMD CPU doesn't support "
5755                         "hyperthreading(%d)",
5756                         cs->nr_threads);
5757             error_printf("Please configure -smp options properly"
5758                          " or try enabling topoext feature.\n");
5759             ht_warned = true;
5760     }
5761 
5762     x86_cpu_apic_realize(cpu, &local_err);
5763     if (local_err != NULL) {
5764         goto out;
5765     }
5766     cpu_reset(cs);
5767 
5768     xcc->parent_realize(dev, &local_err);
5769 
5770 out:
5771     if (local_err != NULL) {
5772         error_propagate(errp, local_err);
5773         return;
5774     }
5775 }
5776 
5777 static void x86_cpu_unrealizefn(DeviceState *dev, Error **errp)
5778 {
5779     X86CPU *cpu = X86_CPU(dev);
5780     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
5781     Error *local_err = NULL;
5782 
5783 #ifndef CONFIG_USER_ONLY
5784     cpu_remove_sync(CPU(dev));
5785     qemu_unregister_reset(x86_cpu_machine_reset_cb, dev);
5786 #endif
5787 
5788     if (cpu->apic_state) {
5789         object_unparent(OBJECT(cpu->apic_state));
5790         cpu->apic_state = NULL;
5791     }
5792 
5793     xcc->parent_unrealize(dev, &local_err);
5794     if (local_err != NULL) {
5795         error_propagate(errp, local_err);
5796         return;
5797     }
5798 }
5799 
5800 typedef struct BitProperty {
5801     FeatureWord w;
5802     uint64_t mask;
5803 } BitProperty;
5804 
5805 static void x86_cpu_get_bit_prop(Object *obj, Visitor *v, const char *name,
5806                                  void *opaque, Error **errp)
5807 {
5808     X86CPU *cpu = X86_CPU(obj);
5809     BitProperty *fp = opaque;
5810     uint64_t f = cpu->env.features[fp->w];
5811     bool value = (f & fp->mask) == fp->mask;
5812     visit_type_bool(v, name, &value, errp);
5813 }
5814 
5815 static void x86_cpu_set_bit_prop(Object *obj, Visitor *v, const char *name,
5816                                  void *opaque, Error **errp)
5817 {
5818     DeviceState *dev = DEVICE(obj);
5819     X86CPU *cpu = X86_CPU(obj);
5820     BitProperty *fp = opaque;
5821     Error *local_err = NULL;
5822     bool value;
5823 
5824     if (dev->realized) {
5825         qdev_prop_set_after_realize(dev, name, errp);
5826         return;
5827     }
5828 
5829     visit_type_bool(v, name, &value, &local_err);
5830     if (local_err) {
5831         error_propagate(errp, local_err);
5832         return;
5833     }
5834 
5835     if (value) {
5836         cpu->env.features[fp->w] |= fp->mask;
5837     } else {
5838         cpu->env.features[fp->w] &= ~fp->mask;
5839     }
5840     cpu->env.user_features[fp->w] |= fp->mask;
5841 }
5842 
5843 static void x86_cpu_release_bit_prop(Object *obj, const char *name,
5844                                      void *opaque)
5845 {
5846     BitProperty *prop = opaque;
5847     g_free(prop);
5848 }
5849 
5850 /* Register a boolean property to get/set a single bit in a uint32_t field.
5851  *
5852  * The same property name can be registered multiple times to make it affect
5853  * multiple bits in the same FeatureWord. In that case, the getter will return
5854  * true only if all bits are set.
5855  */
5856 static void x86_cpu_register_bit_prop(X86CPU *cpu,
5857                                       const char *prop_name,
5858                                       FeatureWord w,
5859                                       int bitnr)
5860 {
5861     BitProperty *fp;
5862     ObjectProperty *op;
5863     uint64_t mask = (1ULL << bitnr);
5864 
5865     op = object_property_find(OBJECT(cpu), prop_name, NULL);
5866     if (op) {
5867         fp = op->opaque;
5868         assert(fp->w == w);
5869         fp->mask |= mask;
5870     } else {
5871         fp = g_new0(BitProperty, 1);
5872         fp->w = w;
5873         fp->mask = mask;
5874         object_property_add(OBJECT(cpu), prop_name, "bool",
5875                             x86_cpu_get_bit_prop,
5876                             x86_cpu_set_bit_prop,
5877                             x86_cpu_release_bit_prop, fp, &error_abort);
5878     }
5879 }
5880 
5881 static void x86_cpu_register_feature_bit_props(X86CPU *cpu,
5882                                                FeatureWord w,
5883                                                int bitnr)
5884 {
5885     FeatureWordInfo *fi = &feature_word_info[w];
5886     const char *name = fi->feat_names[bitnr];
5887 
5888     if (!name) {
5889         return;
5890     }
5891 
5892     /* Property names should use "-" instead of "_".
5893      * Old names containing underscores are registered as aliases
5894      * using object_property_add_alias()
5895      */
5896     assert(!strchr(name, '_'));
5897     /* aliases don't use "|" delimiters anymore, they are registered
5898      * manually using object_property_add_alias() */
5899     assert(!strchr(name, '|'));
5900     x86_cpu_register_bit_prop(cpu, name, w, bitnr);
5901 }
5902 
5903 static GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs)
5904 {
5905     X86CPU *cpu = X86_CPU(cs);
5906     CPUX86State *env = &cpu->env;
5907     GuestPanicInformation *panic_info = NULL;
5908 
5909     if (env->features[FEAT_HYPERV_EDX] & HV_GUEST_CRASH_MSR_AVAILABLE) {
5910         panic_info = g_malloc0(sizeof(GuestPanicInformation));
5911 
5912         panic_info->type = GUEST_PANIC_INFORMATION_TYPE_HYPER_V;
5913 
5914         assert(HV_CRASH_PARAMS >= 5);
5915         panic_info->u.hyper_v.arg1 = env->msr_hv_crash_params[0];
5916         panic_info->u.hyper_v.arg2 = env->msr_hv_crash_params[1];
5917         panic_info->u.hyper_v.arg3 = env->msr_hv_crash_params[2];
5918         panic_info->u.hyper_v.arg4 = env->msr_hv_crash_params[3];
5919         panic_info->u.hyper_v.arg5 = env->msr_hv_crash_params[4];
5920     }
5921 
5922     return panic_info;
5923 }
5924 static void x86_cpu_get_crash_info_qom(Object *obj, Visitor *v,
5925                                        const char *name, void *opaque,
5926                                        Error **errp)
5927 {
5928     CPUState *cs = CPU(obj);
5929     GuestPanicInformation *panic_info;
5930 
5931     if (!cs->crash_occurred) {
5932         error_setg(errp, "No crash occured");
5933         return;
5934     }
5935 
5936     panic_info = x86_cpu_get_crash_info(cs);
5937     if (panic_info == NULL) {
5938         error_setg(errp, "No crash information");
5939         return;
5940     }
5941 
5942     visit_type_GuestPanicInformation(v, "crash-information", &panic_info,
5943                                      errp);
5944     qapi_free_GuestPanicInformation(panic_info);
5945 }
5946 
5947 static void x86_cpu_initfn(Object *obj)
5948 {
5949     X86CPU *cpu = X86_CPU(obj);
5950     X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
5951     CPUX86State *env = &cpu->env;
5952     FeatureWord w;
5953 
5954     env->nr_dies = 1;
5955     cpu_set_cpustate_pointers(cpu);
5956 
5957     object_property_add(obj, "family", "int",
5958                         x86_cpuid_version_get_family,
5959                         x86_cpuid_version_set_family, NULL, NULL, NULL);
5960     object_property_add(obj, "model", "int",
5961                         x86_cpuid_version_get_model,
5962                         x86_cpuid_version_set_model, NULL, NULL, NULL);
5963     object_property_add(obj, "stepping", "int",
5964                         x86_cpuid_version_get_stepping,
5965                         x86_cpuid_version_set_stepping, NULL, NULL, NULL);
5966     object_property_add_str(obj, "vendor",
5967                             x86_cpuid_get_vendor,
5968                             x86_cpuid_set_vendor, NULL);
5969     object_property_add_str(obj, "model-id",
5970                             x86_cpuid_get_model_id,
5971                             x86_cpuid_set_model_id, NULL);
5972     object_property_add(obj, "tsc-frequency", "int",
5973                         x86_cpuid_get_tsc_freq,
5974                         x86_cpuid_set_tsc_freq, NULL, NULL, NULL);
5975     object_property_add(obj, "feature-words", "X86CPUFeatureWordInfo",
5976                         x86_cpu_get_feature_words,
5977                         NULL, NULL, (void *)env->features, NULL);
5978     object_property_add(obj, "filtered-features", "X86CPUFeatureWordInfo",
5979                         x86_cpu_get_feature_words,
5980                         NULL, NULL, (void *)cpu->filtered_features, NULL);
5981     /*
5982      * The "unavailable-features" property has the same semantics as
5983      * CpuDefinitionInfo.unavailable-features on the "query-cpu-definitions"
5984      * QMP command: they list the features that would have prevented the
5985      * CPU from running if the "enforce" flag was set.
5986      */
5987     object_property_add(obj, "unavailable-features", "strList",
5988                         x86_cpu_get_unavailable_features,
5989                         NULL, NULL, NULL, &error_abort);
5990 
5991     object_property_add(obj, "crash-information", "GuestPanicInformation",
5992                         x86_cpu_get_crash_info_qom, NULL, NULL, NULL, NULL);
5993 
5994     for (w = 0; w < FEATURE_WORDS; w++) {
5995         int bitnr;
5996 
5997         for (bitnr = 0; bitnr < 64; bitnr++) {
5998             x86_cpu_register_feature_bit_props(cpu, w, bitnr);
5999         }
6000     }
6001 
6002     object_property_add_alias(obj, "sse3", obj, "pni", &error_abort);
6003     object_property_add_alias(obj, "pclmuldq", obj, "pclmulqdq", &error_abort);
6004     object_property_add_alias(obj, "sse4-1", obj, "sse4.1", &error_abort);
6005     object_property_add_alias(obj, "sse4-2", obj, "sse4.2", &error_abort);
6006     object_property_add_alias(obj, "xd", obj, "nx", &error_abort);
6007     object_property_add_alias(obj, "ffxsr", obj, "fxsr-opt", &error_abort);
6008     object_property_add_alias(obj, "i64", obj, "lm", &error_abort);
6009 
6010     object_property_add_alias(obj, "ds_cpl", obj, "ds-cpl", &error_abort);
6011     object_property_add_alias(obj, "tsc_adjust", obj, "tsc-adjust", &error_abort);
6012     object_property_add_alias(obj, "fxsr_opt", obj, "fxsr-opt", &error_abort);
6013     object_property_add_alias(obj, "lahf_lm", obj, "lahf-lm", &error_abort);
6014     object_property_add_alias(obj, "cmp_legacy", obj, "cmp-legacy", &error_abort);
6015     object_property_add_alias(obj, "nodeid_msr", obj, "nodeid-msr", &error_abort);
6016     object_property_add_alias(obj, "perfctr_core", obj, "perfctr-core", &error_abort);
6017     object_property_add_alias(obj, "perfctr_nb", obj, "perfctr-nb", &error_abort);
6018     object_property_add_alias(obj, "kvm_nopiodelay", obj, "kvm-nopiodelay", &error_abort);
6019     object_property_add_alias(obj, "kvm_mmu", obj, "kvm-mmu", &error_abort);
6020     object_property_add_alias(obj, "kvm_asyncpf", obj, "kvm-asyncpf", &error_abort);
6021     object_property_add_alias(obj, "kvm_steal_time", obj, "kvm-steal-time", &error_abort);
6022     object_property_add_alias(obj, "kvm_pv_eoi", obj, "kvm-pv-eoi", &error_abort);
6023     object_property_add_alias(obj, "kvm_pv_unhalt", obj, "kvm-pv-unhalt", &error_abort);
6024     object_property_add_alias(obj, "kvm_poll_control", obj, "kvm-poll-control",
6025                               &error_abort);
6026     object_property_add_alias(obj, "svm_lock", obj, "svm-lock", &error_abort);
6027     object_property_add_alias(obj, "nrip_save", obj, "nrip-save", &error_abort);
6028     object_property_add_alias(obj, "tsc_scale", obj, "tsc-scale", &error_abort);
6029     object_property_add_alias(obj, "vmcb_clean", obj, "vmcb-clean", &error_abort);
6030     object_property_add_alias(obj, "pause_filter", obj, "pause-filter", &error_abort);
6031     object_property_add_alias(obj, "sse4_1", obj, "sse4.1", &error_abort);
6032     object_property_add_alias(obj, "sse4_2", obj, "sse4.2", &error_abort);
6033 
6034     if (xcc->model) {
6035         x86_cpu_load_model(cpu, xcc->model, &error_abort);
6036     }
6037 }
6038 
6039 static int64_t x86_cpu_get_arch_id(CPUState *cs)
6040 {
6041     X86CPU *cpu = X86_CPU(cs);
6042 
6043     return cpu->apic_id;
6044 }
6045 
6046 static bool x86_cpu_get_paging_enabled(const CPUState *cs)
6047 {
6048     X86CPU *cpu = X86_CPU(cs);
6049 
6050     return cpu->env.cr[0] & CR0_PG_MASK;
6051 }
6052 
6053 static void x86_cpu_set_pc(CPUState *cs, vaddr value)
6054 {
6055     X86CPU *cpu = X86_CPU(cs);
6056 
6057     cpu->env.eip = value;
6058 }
6059 
6060 static void x86_cpu_synchronize_from_tb(CPUState *cs, TranslationBlock *tb)
6061 {
6062     X86CPU *cpu = X86_CPU(cs);
6063 
6064     cpu->env.eip = tb->pc - tb->cs_base;
6065 }
6066 
6067 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
6068 {
6069     X86CPU *cpu = X86_CPU(cs);
6070     CPUX86State *env = &cpu->env;
6071 
6072 #if !defined(CONFIG_USER_ONLY)
6073     if (interrupt_request & CPU_INTERRUPT_POLL) {
6074         return CPU_INTERRUPT_POLL;
6075     }
6076 #endif
6077     if (interrupt_request & CPU_INTERRUPT_SIPI) {
6078         return CPU_INTERRUPT_SIPI;
6079     }
6080 
6081     if (env->hflags2 & HF2_GIF_MASK) {
6082         if ((interrupt_request & CPU_INTERRUPT_SMI) &&
6083             !(env->hflags & HF_SMM_MASK)) {
6084             return CPU_INTERRUPT_SMI;
6085         } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
6086                    !(env->hflags2 & HF2_NMI_MASK)) {
6087             return CPU_INTERRUPT_NMI;
6088         } else if (interrupt_request & CPU_INTERRUPT_MCE) {
6089             return CPU_INTERRUPT_MCE;
6090         } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
6091                    (((env->hflags2 & HF2_VINTR_MASK) &&
6092                      (env->hflags2 & HF2_HIF_MASK)) ||
6093                     (!(env->hflags2 & HF2_VINTR_MASK) &&
6094                      (env->eflags & IF_MASK &&
6095                       !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
6096             return CPU_INTERRUPT_HARD;
6097 #if !defined(CONFIG_USER_ONLY)
6098         } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
6099                    (env->eflags & IF_MASK) &&
6100                    !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
6101             return CPU_INTERRUPT_VIRQ;
6102 #endif
6103         }
6104     }
6105 
6106     return 0;
6107 }
6108 
6109 static bool x86_cpu_has_work(CPUState *cs)
6110 {
6111     return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
6112 }
6113 
6114 static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
6115 {
6116     X86CPU *cpu = X86_CPU(cs);
6117     CPUX86State *env = &cpu->env;
6118 
6119     info->mach = (env->hflags & HF_CS64_MASK ? bfd_mach_x86_64
6120                   : env->hflags & HF_CS32_MASK ? bfd_mach_i386_i386
6121                   : bfd_mach_i386_i8086);
6122     info->print_insn = print_insn_i386;
6123 
6124     info->cap_arch = CS_ARCH_X86;
6125     info->cap_mode = (env->hflags & HF_CS64_MASK ? CS_MODE_64
6126                       : env->hflags & HF_CS32_MASK ? CS_MODE_32
6127                       : CS_MODE_16);
6128     info->cap_insn_unit = 1;
6129     info->cap_insn_split = 8;
6130 }
6131 
6132 void x86_update_hflags(CPUX86State *env)
6133 {
6134    uint32_t hflags;
6135 #define HFLAG_COPY_MASK \
6136     ~( HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
6137        HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
6138        HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
6139        HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
6140 
6141     hflags = env->hflags & HFLAG_COPY_MASK;
6142     hflags |= (env->segs[R_SS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
6143     hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
6144     hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
6145                 (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
6146     hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
6147 
6148     if (env->cr[4] & CR4_OSFXSR_MASK) {
6149         hflags |= HF_OSFXSR_MASK;
6150     }
6151 
6152     if (env->efer & MSR_EFER_LMA) {
6153         hflags |= HF_LMA_MASK;
6154     }
6155 
6156     if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
6157         hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
6158     } else {
6159         hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
6160                     (DESC_B_SHIFT - HF_CS32_SHIFT);
6161         hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
6162                     (DESC_B_SHIFT - HF_SS32_SHIFT);
6163         if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK) ||
6164             !(hflags & HF_CS32_MASK)) {
6165             hflags |= HF_ADDSEG_MASK;
6166         } else {
6167             hflags |= ((env->segs[R_DS].base | env->segs[R_ES].base |
6168                         env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
6169         }
6170     }
6171     env->hflags = hflags;
6172 }
6173 
6174 static Property x86_cpu_properties[] = {
6175 #ifdef CONFIG_USER_ONLY
6176     /* apic_id = 0 by default for *-user, see commit 9886e834 */
6177     DEFINE_PROP_UINT32("apic-id", X86CPU, apic_id, 0),
6178     DEFINE_PROP_INT32("thread-id", X86CPU, thread_id, 0),
6179     DEFINE_PROP_INT32("core-id", X86CPU, core_id, 0),
6180     DEFINE_PROP_INT32("die-id", X86CPU, die_id, 0),
6181     DEFINE_PROP_INT32("socket-id", X86CPU, socket_id, 0),
6182 #else
6183     DEFINE_PROP_UINT32("apic-id", X86CPU, apic_id, UNASSIGNED_APIC_ID),
6184     DEFINE_PROP_INT32("thread-id", X86CPU, thread_id, -1),
6185     DEFINE_PROP_INT32("core-id", X86CPU, core_id, -1),
6186     DEFINE_PROP_INT32("die-id", X86CPU, die_id, -1),
6187     DEFINE_PROP_INT32("socket-id", X86CPU, socket_id, -1),
6188 #endif
6189     DEFINE_PROP_INT32("node-id", X86CPU, node_id, CPU_UNSET_NUMA_NODE_ID),
6190     DEFINE_PROP_BOOL("pmu", X86CPU, enable_pmu, false),
6191 
6192     DEFINE_PROP_UINT32("hv-spinlocks", X86CPU, hyperv_spinlock_attempts,
6193                        HYPERV_SPINLOCK_NEVER_RETRY),
6194     DEFINE_PROP_BIT64("hv-relaxed", X86CPU, hyperv_features,
6195                       HYPERV_FEAT_RELAXED, 0),
6196     DEFINE_PROP_BIT64("hv-vapic", X86CPU, hyperv_features,
6197                       HYPERV_FEAT_VAPIC, 0),
6198     DEFINE_PROP_BIT64("hv-time", X86CPU, hyperv_features,
6199                       HYPERV_FEAT_TIME, 0),
6200     DEFINE_PROP_BIT64("hv-crash", X86CPU, hyperv_features,
6201                       HYPERV_FEAT_CRASH, 0),
6202     DEFINE_PROP_BIT64("hv-reset", X86CPU, hyperv_features,
6203                       HYPERV_FEAT_RESET, 0),
6204     DEFINE_PROP_BIT64("hv-vpindex", X86CPU, hyperv_features,
6205                       HYPERV_FEAT_VPINDEX, 0),
6206     DEFINE_PROP_BIT64("hv-runtime", X86CPU, hyperv_features,
6207                       HYPERV_FEAT_RUNTIME, 0),
6208     DEFINE_PROP_BIT64("hv-synic", X86CPU, hyperv_features,
6209                       HYPERV_FEAT_SYNIC, 0),
6210     DEFINE_PROP_BIT64("hv-stimer", X86CPU, hyperv_features,
6211                       HYPERV_FEAT_STIMER, 0),
6212     DEFINE_PROP_BIT64("hv-frequencies", X86CPU, hyperv_features,
6213                       HYPERV_FEAT_FREQUENCIES, 0),
6214     DEFINE_PROP_BIT64("hv-reenlightenment", X86CPU, hyperv_features,
6215                       HYPERV_FEAT_REENLIGHTENMENT, 0),
6216     DEFINE_PROP_BIT64("hv-tlbflush", X86CPU, hyperv_features,
6217                       HYPERV_FEAT_TLBFLUSH, 0),
6218     DEFINE_PROP_BIT64("hv-evmcs", X86CPU, hyperv_features,
6219                       HYPERV_FEAT_EVMCS, 0),
6220     DEFINE_PROP_BIT64("hv-ipi", X86CPU, hyperv_features,
6221                       HYPERV_FEAT_IPI, 0),
6222     DEFINE_PROP_BIT64("hv-stimer-direct", X86CPU, hyperv_features,
6223                       HYPERV_FEAT_STIMER_DIRECT, 0),
6224     DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false),
6225 
6226     DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
6227     DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
6228     DEFINE_PROP_BOOL("x-force-features", X86CPU, force_features, false),
6229     DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
6230     DEFINE_PROP_UINT32("phys-bits", X86CPU, phys_bits, 0),
6231     DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false),
6232     DEFINE_PROP_UINT8("host-phys-bits-limit", X86CPU, host_phys_bits_limit, 0),
6233     DEFINE_PROP_BOOL("fill-mtrr-mask", X86CPU, fill_mtrr_mask, true),
6234     DEFINE_PROP_UINT32("level-func7", X86CPU, env.cpuid_level_func7,
6235                        UINT32_MAX),
6236     DEFINE_PROP_UINT32("level", X86CPU, env.cpuid_level, UINT32_MAX),
6237     DEFINE_PROP_UINT32("xlevel", X86CPU, env.cpuid_xlevel, UINT32_MAX),
6238     DEFINE_PROP_UINT32("xlevel2", X86CPU, env.cpuid_xlevel2, UINT32_MAX),
6239     DEFINE_PROP_UINT32("min-level", X86CPU, env.cpuid_min_level, 0),
6240     DEFINE_PROP_UINT32("min-xlevel", X86CPU, env.cpuid_min_xlevel, 0),
6241     DEFINE_PROP_UINT32("min-xlevel2", X86CPU, env.cpuid_min_xlevel2, 0),
6242     DEFINE_PROP_BOOL("full-cpuid-auto-level", X86CPU, full_cpuid_auto_level, true),
6243     DEFINE_PROP_STRING("hv-vendor-id", X86CPU, hyperv_vendor_id),
6244     DEFINE_PROP_BOOL("cpuid-0xb", X86CPU, enable_cpuid_0xb, true),
6245     DEFINE_PROP_BOOL("lmce", X86CPU, enable_lmce, false),
6246     DEFINE_PROP_BOOL("l3-cache", X86CPU, enable_l3_cache, true),
6247     DEFINE_PROP_BOOL("kvm-no-smi-migration", X86CPU, kvm_no_smi_migration,
6248                      false),
6249     DEFINE_PROP_BOOL("vmware-cpuid-freq", X86CPU, vmware_cpuid_freq, true),
6250     DEFINE_PROP_BOOL("tcg-cpuid", X86CPU, expose_tcg, true),
6251     DEFINE_PROP_BOOL("x-migrate-smi-count", X86CPU, migrate_smi_count,
6252                      true),
6253     /*
6254      * lecacy_cache defaults to true unless the CPU model provides its
6255      * own cache information (see x86_cpu_load_def()).
6256      */
6257     DEFINE_PROP_BOOL("legacy-cache", X86CPU, legacy_cache, true),
6258 
6259     /*
6260      * From "Requirements for Implementing the Microsoft
6261      * Hypervisor Interface":
6262      * https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
6263      *
6264      * "Starting with Windows Server 2012 and Windows 8, if
6265      * CPUID.40000005.EAX contains a value of -1, Windows assumes that
6266      * the hypervisor imposes no specific limit to the number of VPs.
6267      * In this case, Windows Server 2012 guest VMs may use more than
6268      * 64 VPs, up to the maximum supported number of processors applicable
6269      * to the specific Windows version being used."
6270      */
6271     DEFINE_PROP_INT32("x-hv-max-vps", X86CPU, hv_max_vps, -1),
6272     DEFINE_PROP_BOOL("x-hv-synic-kvm-only", X86CPU, hyperv_synic_kvm_only,
6273                      false),
6274     DEFINE_PROP_BOOL("x-intel-pt-auto-level", X86CPU, intel_pt_auto_level,
6275                      true),
6276     DEFINE_PROP_END_OF_LIST()
6277 };
6278 
6279 static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
6280 {
6281     X86CPUClass *xcc = X86_CPU_CLASS(oc);
6282     CPUClass *cc = CPU_CLASS(oc);
6283     DeviceClass *dc = DEVICE_CLASS(oc);
6284 
6285     device_class_set_parent_realize(dc, x86_cpu_realizefn,
6286                                     &xcc->parent_realize);
6287     device_class_set_parent_unrealize(dc, x86_cpu_unrealizefn,
6288                                       &xcc->parent_unrealize);
6289     dc->props = x86_cpu_properties;
6290 
6291     xcc->parent_reset = cc->reset;
6292     cc->reset = x86_cpu_reset;
6293     cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
6294 
6295     cc->class_by_name = x86_cpu_class_by_name;
6296     cc->parse_features = x86_cpu_parse_featurestr;
6297     cc->has_work = x86_cpu_has_work;
6298 #ifdef CONFIG_TCG
6299     cc->do_interrupt = x86_cpu_do_interrupt;
6300     cc->cpu_exec_interrupt = x86_cpu_exec_interrupt;
6301 #endif
6302     cc->dump_state = x86_cpu_dump_state;
6303     cc->get_crash_info = x86_cpu_get_crash_info;
6304     cc->set_pc = x86_cpu_set_pc;
6305     cc->synchronize_from_tb = x86_cpu_synchronize_from_tb;
6306     cc->gdb_read_register = x86_cpu_gdb_read_register;
6307     cc->gdb_write_register = x86_cpu_gdb_write_register;
6308     cc->get_arch_id = x86_cpu_get_arch_id;
6309     cc->get_paging_enabled = x86_cpu_get_paging_enabled;
6310 #ifndef CONFIG_USER_ONLY
6311     cc->asidx_from_attrs = x86_asidx_from_attrs;
6312     cc->get_memory_mapping = x86_cpu_get_memory_mapping;
6313     cc->get_phys_page_attrs_debug = x86_cpu_get_phys_page_attrs_debug;
6314     cc->write_elf64_note = x86_cpu_write_elf64_note;
6315     cc->write_elf64_qemunote = x86_cpu_write_elf64_qemunote;
6316     cc->write_elf32_note = x86_cpu_write_elf32_note;
6317     cc->write_elf32_qemunote = x86_cpu_write_elf32_qemunote;
6318     cc->vmsd = &vmstate_x86_cpu;
6319 #endif
6320     cc->gdb_arch_name = x86_gdb_arch_name;
6321 #ifdef TARGET_X86_64
6322     cc->gdb_core_xml_file = "i386-64bit.xml";
6323     cc->gdb_num_core_regs = 66;
6324 #else
6325     cc->gdb_core_xml_file = "i386-32bit.xml";
6326     cc->gdb_num_core_regs = 50;
6327 #endif
6328 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
6329     cc->debug_excp_handler = breakpoint_handler;
6330 #endif
6331     cc->cpu_exec_enter = x86_cpu_exec_enter;
6332     cc->cpu_exec_exit = x86_cpu_exec_exit;
6333 #ifdef CONFIG_TCG
6334     cc->tcg_initialize = tcg_x86_init;
6335     cc->tlb_fill = x86_cpu_tlb_fill;
6336 #endif
6337     cc->disas_set_info = x86_disas_set_info;
6338 
6339     dc->user_creatable = true;
6340 }
6341 
6342 static const TypeInfo x86_cpu_type_info = {
6343     .name = TYPE_X86_CPU,
6344     .parent = TYPE_CPU,
6345     .instance_size = sizeof(X86CPU),
6346     .instance_init = x86_cpu_initfn,
6347     .abstract = true,
6348     .class_size = sizeof(X86CPUClass),
6349     .class_init = x86_cpu_common_class_init,
6350 };
6351 
6352 
6353 /* "base" CPU model, used by query-cpu-model-expansion */
6354 static void x86_cpu_base_class_init(ObjectClass *oc, void *data)
6355 {
6356     X86CPUClass *xcc = X86_CPU_CLASS(oc);
6357 
6358     xcc->static_model = true;
6359     xcc->migration_safe = true;
6360     xcc->model_description = "base CPU model type with no features enabled";
6361     xcc->ordering = 8;
6362 }
6363 
6364 static const TypeInfo x86_base_cpu_type_info = {
6365         .name = X86_CPU_TYPE_NAME("base"),
6366         .parent = TYPE_X86_CPU,
6367         .class_init = x86_cpu_base_class_init,
6368 };
6369 
6370 static void x86_cpu_register_types(void)
6371 {
6372     int i;
6373 
6374     type_register_static(&x86_cpu_type_info);
6375     for (i = 0; i < ARRAY_SIZE(builtin_x86_defs); i++) {
6376         x86_register_cpudef_types(&builtin_x86_defs[i]);
6377     }
6378     type_register_static(&max_x86_cpu_type_info);
6379     type_register_static(&x86_base_cpu_type_info);
6380 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
6381     type_register_static(&host_x86_cpu_type_info);
6382 #endif
6383 }
6384 
6385 type_init(x86_cpu_register_types)
6386