xref: /openbmc/qemu/target/i386/cpu.c (revision b15e402f)
1 /*
2  *  i386 CPUID helper functions
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/units.h"
22 #include "qemu/cutils.h"
23 #include "qemu/bitops.h"
24 #include "qemu/qemu-print.h"
25 
26 #include "cpu.h"
27 #include "exec/exec-all.h"
28 #include "sysemu/kvm.h"
29 #include "sysemu/reset.h"
30 #include "sysemu/hvf.h"
31 #include "sysemu/cpus.h"
32 #include "sysemu/xen.h"
33 #include "kvm_i386.h"
34 #include "sev_i386.h"
35 
36 #include "qemu/error-report.h"
37 #include "qemu/module.h"
38 #include "qemu/option.h"
39 #include "qemu/config-file.h"
40 #include "qapi/error.h"
41 #include "qapi/qapi-visit-machine.h"
42 #include "qapi/qapi-visit-run-state.h"
43 #include "qapi/qmp/qdict.h"
44 #include "qapi/qmp/qerror.h"
45 #include "qapi/visitor.h"
46 #include "qom/qom-qobject.h"
47 #include "sysemu/arch_init.h"
48 #include "qapi/qapi-commands-machine-target.h"
49 
50 #include "standard-headers/asm-x86/kvm_para.h"
51 
52 #include "sysemu/sysemu.h"
53 #include "sysemu/tcg.h"
54 #include "hw/qdev-properties.h"
55 #include "hw/i386/topology.h"
56 #ifndef CONFIG_USER_ONLY
57 #include "exec/address-spaces.h"
58 #include "hw/i386/apic_internal.h"
59 #include "hw/boards.h"
60 #endif
61 
62 #include "disas/capstone.h"
63 
64 /* Helpers for building CPUID[2] descriptors: */
65 
66 struct CPUID2CacheDescriptorInfo {
67     enum CacheType type;
68     int level;
69     int size;
70     int line_size;
71     int associativity;
72 };
73 
74 /*
75  * Known CPUID 2 cache descriptors.
76  * From Intel SDM Volume 2A, CPUID instruction
77  */
78 struct CPUID2CacheDescriptorInfo cpuid2_cache_descriptors[] = {
79     [0x06] = { .level = 1, .type = INSTRUCTION_CACHE, .size =   8 * KiB,
80                .associativity = 4,  .line_size = 32, },
81     [0x08] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  16 * KiB,
82                .associativity = 4,  .line_size = 32, },
83     [0x09] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  32 * KiB,
84                .associativity = 4,  .line_size = 64, },
85     [0x0A] = { .level = 1, .type = DATA_CACHE,        .size =   8 * KiB,
86                .associativity = 2,  .line_size = 32, },
87     [0x0C] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
88                .associativity = 4,  .line_size = 32, },
89     [0x0D] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
90                .associativity = 4,  .line_size = 64, },
91     [0x0E] = { .level = 1, .type = DATA_CACHE,        .size =  24 * KiB,
92                .associativity = 6,  .line_size = 64, },
93     [0x1D] = { .level = 2, .type = UNIFIED_CACHE,     .size = 128 * KiB,
94                .associativity = 2,  .line_size = 64, },
95     [0x21] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
96                .associativity = 8,  .line_size = 64, },
97     /* lines per sector is not supported cpuid2_cache_descriptor(),
98     * so descriptors 0x22, 0x23 are not included
99     */
100     [0x24] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
101                .associativity = 16, .line_size = 64, },
102     /* lines per sector is not supported cpuid2_cache_descriptor(),
103     * so descriptors 0x25, 0x20 are not included
104     */
105     [0x2C] = { .level = 1, .type = DATA_CACHE,        .size =  32 * KiB,
106                .associativity = 8,  .line_size = 64, },
107     [0x30] = { .level = 1, .type = INSTRUCTION_CACHE, .size =  32 * KiB,
108                .associativity = 8,  .line_size = 64, },
109     [0x41] = { .level = 2, .type = UNIFIED_CACHE,     .size = 128 * KiB,
110                .associativity = 4,  .line_size = 32, },
111     [0x42] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
112                .associativity = 4,  .line_size = 32, },
113     [0x43] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
114                .associativity = 4,  .line_size = 32, },
115     [0x44] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
116                .associativity = 4,  .line_size = 32, },
117     [0x45] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
118                .associativity = 4,  .line_size = 32, },
119     [0x46] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
120                .associativity = 4,  .line_size = 64, },
121     [0x47] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
122                .associativity = 8,  .line_size = 64, },
123     [0x48] = { .level = 2, .type = UNIFIED_CACHE,     .size =   3 * MiB,
124                .associativity = 12, .line_size = 64, },
125     /* Descriptor 0x49 depends on CPU family/model, so it is not included */
126     [0x4A] = { .level = 3, .type = UNIFIED_CACHE,     .size =   6 * MiB,
127                .associativity = 12, .line_size = 64, },
128     [0x4B] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
129                .associativity = 16, .line_size = 64, },
130     [0x4C] = { .level = 3, .type = UNIFIED_CACHE,     .size =  12 * MiB,
131                .associativity = 12, .line_size = 64, },
132     [0x4D] = { .level = 3, .type = UNIFIED_CACHE,     .size =  16 * MiB,
133                .associativity = 16, .line_size = 64, },
134     [0x4E] = { .level = 2, .type = UNIFIED_CACHE,     .size =   6 * MiB,
135                .associativity = 24, .line_size = 64, },
136     [0x60] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
137                .associativity = 8,  .line_size = 64, },
138     [0x66] = { .level = 1, .type = DATA_CACHE,        .size =   8 * KiB,
139                .associativity = 4,  .line_size = 64, },
140     [0x67] = { .level = 1, .type = DATA_CACHE,        .size =  16 * KiB,
141                .associativity = 4,  .line_size = 64, },
142     [0x68] = { .level = 1, .type = DATA_CACHE,        .size =  32 * KiB,
143                .associativity = 4,  .line_size = 64, },
144     [0x78] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
145                .associativity = 4,  .line_size = 64, },
146     /* lines per sector is not supported cpuid2_cache_descriptor(),
147     * so descriptors 0x79, 0x7A, 0x7B, 0x7C are not included.
148     */
149     [0x7D] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
150                .associativity = 8,  .line_size = 64, },
151     [0x7F] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
152                .associativity = 2,  .line_size = 64, },
153     [0x80] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
154                .associativity = 8,  .line_size = 64, },
155     [0x82] = { .level = 2, .type = UNIFIED_CACHE,     .size = 256 * KiB,
156                .associativity = 8,  .line_size = 32, },
157     [0x83] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
158                .associativity = 8,  .line_size = 32, },
159     [0x84] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
160                .associativity = 8,  .line_size = 32, },
161     [0x85] = { .level = 2, .type = UNIFIED_CACHE,     .size =   2 * MiB,
162                .associativity = 8,  .line_size = 32, },
163     [0x86] = { .level = 2, .type = UNIFIED_CACHE,     .size = 512 * KiB,
164                .associativity = 4,  .line_size = 64, },
165     [0x87] = { .level = 2, .type = UNIFIED_CACHE,     .size =   1 * MiB,
166                .associativity = 8,  .line_size = 64, },
167     [0xD0] = { .level = 3, .type = UNIFIED_CACHE,     .size = 512 * KiB,
168                .associativity = 4,  .line_size = 64, },
169     [0xD1] = { .level = 3, .type = UNIFIED_CACHE,     .size =   1 * MiB,
170                .associativity = 4,  .line_size = 64, },
171     [0xD2] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
172                .associativity = 4,  .line_size = 64, },
173     [0xD6] = { .level = 3, .type = UNIFIED_CACHE,     .size =   1 * MiB,
174                .associativity = 8,  .line_size = 64, },
175     [0xD7] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
176                .associativity = 8,  .line_size = 64, },
177     [0xD8] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
178                .associativity = 8,  .line_size = 64, },
179     [0xDC] = { .level = 3, .type = UNIFIED_CACHE,     .size = 1.5 * MiB,
180                .associativity = 12, .line_size = 64, },
181     [0xDD] = { .level = 3, .type = UNIFIED_CACHE,     .size =   3 * MiB,
182                .associativity = 12, .line_size = 64, },
183     [0xDE] = { .level = 3, .type = UNIFIED_CACHE,     .size =   6 * MiB,
184                .associativity = 12, .line_size = 64, },
185     [0xE2] = { .level = 3, .type = UNIFIED_CACHE,     .size =   2 * MiB,
186                .associativity = 16, .line_size = 64, },
187     [0xE3] = { .level = 3, .type = UNIFIED_CACHE,     .size =   4 * MiB,
188                .associativity = 16, .line_size = 64, },
189     [0xE4] = { .level = 3, .type = UNIFIED_CACHE,     .size =   8 * MiB,
190                .associativity = 16, .line_size = 64, },
191     [0xEA] = { .level = 3, .type = UNIFIED_CACHE,     .size =  12 * MiB,
192                .associativity = 24, .line_size = 64, },
193     [0xEB] = { .level = 3, .type = UNIFIED_CACHE,     .size =  18 * MiB,
194                .associativity = 24, .line_size = 64, },
195     [0xEC] = { .level = 3, .type = UNIFIED_CACHE,     .size =  24 * MiB,
196                .associativity = 24, .line_size = 64, },
197 };
198 
199 /*
200  * "CPUID leaf 2 does not report cache descriptor information,
201  * use CPUID leaf 4 to query cache parameters"
202  */
203 #define CACHE_DESCRIPTOR_UNAVAILABLE 0xFF
204 
205 /*
206  * Return a CPUID 2 cache descriptor for a given cache.
207  * If no known descriptor is found, return CACHE_DESCRIPTOR_UNAVAILABLE
208  */
209 static uint8_t cpuid2_cache_descriptor(CPUCacheInfo *cache)
210 {
211     int i;
212 
213     assert(cache->size > 0);
214     assert(cache->level > 0);
215     assert(cache->line_size > 0);
216     assert(cache->associativity > 0);
217     for (i = 0; i < ARRAY_SIZE(cpuid2_cache_descriptors); i++) {
218         struct CPUID2CacheDescriptorInfo *d = &cpuid2_cache_descriptors[i];
219         if (d->level == cache->level && d->type == cache->type &&
220             d->size == cache->size && d->line_size == cache->line_size &&
221             d->associativity == cache->associativity) {
222                 return i;
223             }
224     }
225 
226     return CACHE_DESCRIPTOR_UNAVAILABLE;
227 }
228 
229 /* CPUID Leaf 4 constants: */
230 
231 /* EAX: */
232 #define CACHE_TYPE_D    1
233 #define CACHE_TYPE_I    2
234 #define CACHE_TYPE_UNIFIED   3
235 
236 #define CACHE_LEVEL(l)        (l << 5)
237 
238 #define CACHE_SELF_INIT_LEVEL (1 << 8)
239 
240 /* EDX: */
241 #define CACHE_NO_INVD_SHARING   (1 << 0)
242 #define CACHE_INCLUSIVE       (1 << 1)
243 #define CACHE_COMPLEX_IDX     (1 << 2)
244 
245 /* Encode CacheType for CPUID[4].EAX */
246 #define CACHE_TYPE(t) (((t) == DATA_CACHE) ? CACHE_TYPE_D : \
247                        ((t) == INSTRUCTION_CACHE) ? CACHE_TYPE_I : \
248                        ((t) == UNIFIED_CACHE) ? CACHE_TYPE_UNIFIED : \
249                        0 /* Invalid value */)
250 
251 
252 /* Encode cache info for CPUID[4] */
253 static void encode_cache_cpuid4(CPUCacheInfo *cache,
254                                 int num_apic_ids, int num_cores,
255                                 uint32_t *eax, uint32_t *ebx,
256                                 uint32_t *ecx, uint32_t *edx)
257 {
258     assert(cache->size == cache->line_size * cache->associativity *
259                           cache->partitions * cache->sets);
260 
261     assert(num_apic_ids > 0);
262     *eax = CACHE_TYPE(cache->type) |
263            CACHE_LEVEL(cache->level) |
264            (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0) |
265            ((num_cores - 1) << 26) |
266            ((num_apic_ids - 1) << 14);
267 
268     assert(cache->line_size > 0);
269     assert(cache->partitions > 0);
270     assert(cache->associativity > 0);
271     /* We don't implement fully-associative caches */
272     assert(cache->associativity < cache->sets);
273     *ebx = (cache->line_size - 1) |
274            ((cache->partitions - 1) << 12) |
275            ((cache->associativity - 1) << 22);
276 
277     assert(cache->sets > 0);
278     *ecx = cache->sets - 1;
279 
280     *edx = (cache->no_invd_sharing ? CACHE_NO_INVD_SHARING : 0) |
281            (cache->inclusive ? CACHE_INCLUSIVE : 0) |
282            (cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
283 }
284 
285 /* Encode cache info for CPUID[0x80000005].ECX or CPUID[0x80000005].EDX */
286 static uint32_t encode_cache_cpuid80000005(CPUCacheInfo *cache)
287 {
288     assert(cache->size % 1024 == 0);
289     assert(cache->lines_per_tag > 0);
290     assert(cache->associativity > 0);
291     assert(cache->line_size > 0);
292     return ((cache->size / 1024) << 24) | (cache->associativity << 16) |
293            (cache->lines_per_tag << 8) | (cache->line_size);
294 }
295 
296 #define ASSOC_FULL 0xFF
297 
298 /* AMD associativity encoding used on CPUID Leaf 0x80000006: */
299 #define AMD_ENC_ASSOC(a) (a <=   1 ? a   : \
300                           a ==   2 ? 0x2 : \
301                           a ==   4 ? 0x4 : \
302                           a ==   8 ? 0x6 : \
303                           a ==  16 ? 0x8 : \
304                           a ==  32 ? 0xA : \
305                           a ==  48 ? 0xB : \
306                           a ==  64 ? 0xC : \
307                           a ==  96 ? 0xD : \
308                           a == 128 ? 0xE : \
309                           a == ASSOC_FULL ? 0xF : \
310                           0 /* invalid value */)
311 
312 /*
313  * Encode cache info for CPUID[0x80000006].ECX and CPUID[0x80000006].EDX
314  * @l3 can be NULL.
315  */
316 static void encode_cache_cpuid80000006(CPUCacheInfo *l2,
317                                        CPUCacheInfo *l3,
318                                        uint32_t *ecx, uint32_t *edx)
319 {
320     assert(l2->size % 1024 == 0);
321     assert(l2->associativity > 0);
322     assert(l2->lines_per_tag > 0);
323     assert(l2->line_size > 0);
324     *ecx = ((l2->size / 1024) << 16) |
325            (AMD_ENC_ASSOC(l2->associativity) << 12) |
326            (l2->lines_per_tag << 8) | (l2->line_size);
327 
328     if (l3) {
329         assert(l3->size % (512 * 1024) == 0);
330         assert(l3->associativity > 0);
331         assert(l3->lines_per_tag > 0);
332         assert(l3->line_size > 0);
333         *edx = ((l3->size / (512 * 1024)) << 18) |
334                (AMD_ENC_ASSOC(l3->associativity) << 12) |
335                (l3->lines_per_tag << 8) | (l3->line_size);
336     } else {
337         *edx = 0;
338     }
339 }
340 
341 /*
342  * Definitions used for building CPUID Leaf 0x8000001D and 0x8000001E
343  * Please refer to the AMD64 Architecture Programmer’s Manual Volume 3.
344  * Define the constants to build the cpu topology. Right now, TOPOEXT
345  * feature is enabled only on EPYC. So, these constants are based on
346  * EPYC supported configurations. We may need to handle the cases if
347  * these values change in future.
348  */
349 /* Maximum core complexes in a node */
350 #define MAX_CCX 2
351 /* Maximum cores in a core complex */
352 #define MAX_CORES_IN_CCX 4
353 /* Maximum cores in a node */
354 #define MAX_CORES_IN_NODE 8
355 /* Maximum nodes in a socket */
356 #define MAX_NODES_PER_SOCKET 4
357 
358 /*
359  * Figure out the number of nodes required to build this config.
360  * Max cores in a node is 8
361  */
362 static int nodes_in_socket(int nr_cores)
363 {
364     int nodes;
365 
366     nodes = DIV_ROUND_UP(nr_cores, MAX_CORES_IN_NODE);
367 
368    /* Hardware does not support config with 3 nodes, return 4 in that case */
369     return (nodes == 3) ? 4 : nodes;
370 }
371 
372 /*
373  * Decide the number of cores in a core complex with the given nr_cores using
374  * following set constants MAX_CCX, MAX_CORES_IN_CCX, MAX_CORES_IN_NODE and
375  * MAX_NODES_PER_SOCKET. Maintain symmetry as much as possible
376  * L3 cache is shared across all cores in a core complex. So, this will also
377  * tell us how many cores are sharing the L3 cache.
378  */
379 static int cores_in_core_complex(int nr_cores)
380 {
381     int nodes;
382 
383     /* Check if we can fit all the cores in one core complex */
384     if (nr_cores <= MAX_CORES_IN_CCX) {
385         return nr_cores;
386     }
387     /* Get the number of nodes required to build this config */
388     nodes = nodes_in_socket(nr_cores);
389 
390     /*
391      * Divide the cores accros all the core complexes
392      * Return rounded up value
393      */
394     return DIV_ROUND_UP(nr_cores, nodes * MAX_CCX);
395 }
396 
397 /* Encode cache info for CPUID[8000001D] */
398 static void encode_cache_cpuid8000001d(CPUCacheInfo *cache, CPUState *cs,
399                                 uint32_t *eax, uint32_t *ebx,
400                                 uint32_t *ecx, uint32_t *edx)
401 {
402     uint32_t l3_cores;
403     assert(cache->size == cache->line_size * cache->associativity *
404                           cache->partitions * cache->sets);
405 
406     *eax = CACHE_TYPE(cache->type) | CACHE_LEVEL(cache->level) |
407                (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0);
408 
409     /* L3 is shared among multiple cores */
410     if (cache->level == 3) {
411         l3_cores = cores_in_core_complex(cs->nr_cores);
412         *eax |= ((l3_cores * cs->nr_threads) - 1) << 14;
413     } else {
414         *eax |= ((cs->nr_threads - 1) << 14);
415     }
416 
417     assert(cache->line_size > 0);
418     assert(cache->partitions > 0);
419     assert(cache->associativity > 0);
420     /* We don't implement fully-associative caches */
421     assert(cache->associativity < cache->sets);
422     *ebx = (cache->line_size - 1) |
423            ((cache->partitions - 1) << 12) |
424            ((cache->associativity - 1) << 22);
425 
426     assert(cache->sets > 0);
427     *ecx = cache->sets - 1;
428 
429     *edx = (cache->no_invd_sharing ? CACHE_NO_INVD_SHARING : 0) |
430            (cache->inclusive ? CACHE_INCLUSIVE : 0) |
431            (cache->complex_indexing ? CACHE_COMPLEX_IDX : 0);
432 }
433 
434 /* Data structure to hold the configuration info for a given core index */
435 struct core_topology {
436     /* core complex id of the current core index */
437     int ccx_id;
438     /*
439      * Adjusted core index for this core in the topology
440      * This can be 0,1,2,3 with max 4 cores in a core complex
441      */
442     int core_id;
443     /* Node id for this core index */
444     int node_id;
445     /* Number of nodes in this config */
446     int num_nodes;
447 };
448 
449 /*
450  * Build the configuration closely match the EPYC hardware. Using the EPYC
451  * hardware configuration values (MAX_CCX, MAX_CORES_IN_CCX, MAX_CORES_IN_NODE)
452  * right now. This could change in future.
453  * nr_cores : Total number of cores in the config
454  * core_id  : Core index of the current CPU
455  * topo     : Data structure to hold all the config info for this core index
456  */
457 static void build_core_topology(int nr_cores, int core_id,
458                                 struct core_topology *topo)
459 {
460     int nodes, cores_in_ccx;
461 
462     /* First get the number of nodes required */
463     nodes = nodes_in_socket(nr_cores);
464 
465     cores_in_ccx = cores_in_core_complex(nr_cores);
466 
467     topo->node_id = core_id / (cores_in_ccx * MAX_CCX);
468     topo->ccx_id = (core_id % (cores_in_ccx * MAX_CCX)) / cores_in_ccx;
469     topo->core_id = core_id % cores_in_ccx;
470     topo->num_nodes = nodes;
471 }
472 
473 /* Encode cache info for CPUID[8000001E] */
474 static void encode_topo_cpuid8000001e(CPUState *cs, X86CPU *cpu,
475                                        uint32_t *eax, uint32_t *ebx,
476                                        uint32_t *ecx, uint32_t *edx)
477 {
478     struct core_topology topo = {0};
479     unsigned long nodes;
480     int shift;
481 
482     build_core_topology(cs->nr_cores, cpu->core_id, &topo);
483     *eax = cpu->apic_id;
484     /*
485      * CPUID_Fn8000001E_EBX
486      * 31:16 Reserved
487      * 15:8  Threads per core (The number of threads per core is
488      *       Threads per core + 1)
489      *  7:0  Core id (see bit decoding below)
490      *       SMT:
491      *           4:3 node id
492      *             2 Core complex id
493      *           1:0 Core id
494      *       Non SMT:
495      *           5:4 node id
496      *             3 Core complex id
497      *           1:0 Core id
498      */
499     if (cs->nr_threads - 1) {
500         *ebx = ((cs->nr_threads - 1) << 8) | (topo.node_id << 3) |
501                 (topo.ccx_id << 2) | topo.core_id;
502     } else {
503         *ebx = (topo.node_id << 4) | (topo.ccx_id << 3) | topo.core_id;
504     }
505     /*
506      * CPUID_Fn8000001E_ECX
507      * 31:11 Reserved
508      * 10:8  Nodes per processor (Nodes per processor is number of nodes + 1)
509      *  7:0  Node id (see bit decoding below)
510      *         2  Socket id
511      *       1:0  Node id
512      */
513     if (topo.num_nodes <= 4) {
514         *ecx = ((topo.num_nodes - 1) << 8) | (cpu->socket_id << 2) |
515                 topo.node_id;
516     } else {
517         /*
518          * Node id fix up. Actual hardware supports up to 4 nodes. But with
519          * more than 32 cores, we may end up with more than 4 nodes.
520          * Node id is a combination of socket id and node id. Only requirement
521          * here is that this number should be unique accross the system.
522          * Shift the socket id to accommodate more nodes. We dont expect both
523          * socket id and node id to be big number at the same time. This is not
524          * an ideal config but we need to to support it. Max nodes we can have
525          * is 32 (255/8) with 8 cores per node and 255 max cores. We only need
526          * 5 bits for nodes. Find the left most set bit to represent the total
527          * number of nodes. find_last_bit returns last set bit(0 based). Left
528          * shift(+1) the socket id to represent all the nodes.
529          */
530         nodes = topo.num_nodes - 1;
531         shift = find_last_bit(&nodes, 8);
532         *ecx = ((topo.num_nodes - 1) << 8) | (cpu->socket_id << (shift + 1)) |
533                 topo.node_id;
534     }
535     *edx = 0;
536 }
537 
538 /*
539  * Definitions of the hardcoded cache entries we expose:
540  * These are legacy cache values. If there is a need to change any
541  * of these values please use builtin_x86_defs
542  */
543 
544 /* L1 data cache: */
545 static CPUCacheInfo legacy_l1d_cache = {
546     .type = DATA_CACHE,
547     .level = 1,
548     .size = 32 * KiB,
549     .self_init = 1,
550     .line_size = 64,
551     .associativity = 8,
552     .sets = 64,
553     .partitions = 1,
554     .no_invd_sharing = true,
555 };
556 
557 /*FIXME: CPUID leaf 0x80000005 is inconsistent with leaves 2 & 4 */
558 static CPUCacheInfo legacy_l1d_cache_amd = {
559     .type = DATA_CACHE,
560     .level = 1,
561     .size = 64 * KiB,
562     .self_init = 1,
563     .line_size = 64,
564     .associativity = 2,
565     .sets = 512,
566     .partitions = 1,
567     .lines_per_tag = 1,
568     .no_invd_sharing = true,
569 };
570 
571 /* L1 instruction cache: */
572 static CPUCacheInfo legacy_l1i_cache = {
573     .type = INSTRUCTION_CACHE,
574     .level = 1,
575     .size = 32 * KiB,
576     .self_init = 1,
577     .line_size = 64,
578     .associativity = 8,
579     .sets = 64,
580     .partitions = 1,
581     .no_invd_sharing = true,
582 };
583 
584 /*FIXME: CPUID leaf 0x80000005 is inconsistent with leaves 2 & 4 */
585 static CPUCacheInfo legacy_l1i_cache_amd = {
586     .type = INSTRUCTION_CACHE,
587     .level = 1,
588     .size = 64 * KiB,
589     .self_init = 1,
590     .line_size = 64,
591     .associativity = 2,
592     .sets = 512,
593     .partitions = 1,
594     .lines_per_tag = 1,
595     .no_invd_sharing = true,
596 };
597 
598 /* Level 2 unified cache: */
599 static CPUCacheInfo legacy_l2_cache = {
600     .type = UNIFIED_CACHE,
601     .level = 2,
602     .size = 4 * MiB,
603     .self_init = 1,
604     .line_size = 64,
605     .associativity = 16,
606     .sets = 4096,
607     .partitions = 1,
608     .no_invd_sharing = true,
609 };
610 
611 /*FIXME: CPUID leaf 2 descriptor is inconsistent with CPUID leaf 4 */
612 static CPUCacheInfo legacy_l2_cache_cpuid2 = {
613     .type = UNIFIED_CACHE,
614     .level = 2,
615     .size = 2 * MiB,
616     .line_size = 64,
617     .associativity = 8,
618 };
619 
620 
621 /*FIXME: CPUID leaf 0x80000006 is inconsistent with leaves 2 & 4 */
622 static CPUCacheInfo legacy_l2_cache_amd = {
623     .type = UNIFIED_CACHE,
624     .level = 2,
625     .size = 512 * KiB,
626     .line_size = 64,
627     .lines_per_tag = 1,
628     .associativity = 16,
629     .sets = 512,
630     .partitions = 1,
631 };
632 
633 /* Level 3 unified cache: */
634 static CPUCacheInfo legacy_l3_cache = {
635     .type = UNIFIED_CACHE,
636     .level = 3,
637     .size = 16 * MiB,
638     .line_size = 64,
639     .associativity = 16,
640     .sets = 16384,
641     .partitions = 1,
642     .lines_per_tag = 1,
643     .self_init = true,
644     .inclusive = true,
645     .complex_indexing = true,
646 };
647 
648 /* TLB definitions: */
649 
650 #define L1_DTLB_2M_ASSOC       1
651 #define L1_DTLB_2M_ENTRIES   255
652 #define L1_DTLB_4K_ASSOC       1
653 #define L1_DTLB_4K_ENTRIES   255
654 
655 #define L1_ITLB_2M_ASSOC       1
656 #define L1_ITLB_2M_ENTRIES   255
657 #define L1_ITLB_4K_ASSOC       1
658 #define L1_ITLB_4K_ENTRIES   255
659 
660 #define L2_DTLB_2M_ASSOC       0 /* disabled */
661 #define L2_DTLB_2M_ENTRIES     0 /* disabled */
662 #define L2_DTLB_4K_ASSOC       4
663 #define L2_DTLB_4K_ENTRIES   512
664 
665 #define L2_ITLB_2M_ASSOC       0 /* disabled */
666 #define L2_ITLB_2M_ENTRIES     0 /* disabled */
667 #define L2_ITLB_4K_ASSOC       4
668 #define L2_ITLB_4K_ENTRIES   512
669 
670 /* CPUID Leaf 0x14 constants: */
671 #define INTEL_PT_MAX_SUBLEAF     0x1
672 /*
673  * bit[00]: IA32_RTIT_CTL.CR3 filter can be set to 1 and IA32_RTIT_CR3_MATCH
674  *          MSR can be accessed;
675  * bit[01]: Support Configurable PSB and Cycle-Accurate Mode;
676  * bit[02]: Support IP Filtering, TraceStop filtering, and preservation
677  *          of Intel PT MSRs across warm reset;
678  * bit[03]: Support MTC timing packet and suppression of COFI-based packets;
679  */
680 #define INTEL_PT_MINIMAL_EBX     0xf
681 /*
682  * bit[00]: Tracing can be enabled with IA32_RTIT_CTL.ToPA = 1 and
683  *          IA32_RTIT_OUTPUT_BASE and IA32_RTIT_OUTPUT_MASK_PTRS MSRs can be
684  *          accessed;
685  * bit[01]: ToPA tables can hold any number of output entries, up to the
686  *          maximum allowed by the MaskOrTableOffset field of
687  *          IA32_RTIT_OUTPUT_MASK_PTRS;
688  * bit[02]: Support Single-Range Output scheme;
689  */
690 #define INTEL_PT_MINIMAL_ECX     0x7
691 /* generated packets which contain IP payloads have LIP values */
692 #define INTEL_PT_IP_LIP          (1 << 31)
693 #define INTEL_PT_ADDR_RANGES_NUM 0x2 /* Number of configurable address ranges */
694 #define INTEL_PT_ADDR_RANGES_NUM_MASK 0x3
695 #define INTEL_PT_MTC_BITMAP      (0x0249 << 16) /* Support ART(0,3,6,9) */
696 #define INTEL_PT_CYCLE_BITMAP    0x1fff         /* Support 0,2^(0~11) */
697 #define INTEL_PT_PSB_BITMAP      (0x003f << 16) /* Support 2K,4K,8K,16K,32K,64K */
698 
699 static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
700                                      uint32_t vendor2, uint32_t vendor3)
701 {
702     int i;
703     for (i = 0; i < 4; i++) {
704         dst[i] = vendor1 >> (8 * i);
705         dst[i + 4] = vendor2 >> (8 * i);
706         dst[i + 8] = vendor3 >> (8 * i);
707     }
708     dst[CPUID_VENDOR_SZ] = '\0';
709 }
710 
711 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
712 #define PENTIUM_FEATURES (I486_FEATURES | CPUID_DE | CPUID_TSC | \
713           CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_MMX | CPUID_APIC)
714 #define PENTIUM2_FEATURES (PENTIUM_FEATURES | CPUID_PAE | CPUID_SEP | \
715           CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
716           CPUID_PSE36 | CPUID_FXSR)
717 #define PENTIUM3_FEATURES (PENTIUM2_FEATURES | CPUID_SSE)
718 #define PPRO_FEATURES (CPUID_FP87 | CPUID_DE | CPUID_PSE | CPUID_TSC | \
719           CPUID_MSR | CPUID_MCE | CPUID_CX8 | CPUID_PGE | CPUID_CMOV | \
720           CPUID_PAT | CPUID_FXSR | CPUID_MMX | CPUID_SSE | CPUID_SSE2 | \
721           CPUID_PAE | CPUID_SEP | CPUID_APIC)
722 
723 #define TCG_FEATURES (CPUID_FP87 | CPUID_PSE | CPUID_TSC | CPUID_MSR | \
724           CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
725           CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
726           CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
727           CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE)
728           /* partly implemented:
729           CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64) */
730           /* missing:
731           CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
732 #define TCG_EXT_FEATURES (CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | \
733           CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | \
734           CPUID_EXT_SSE41 | CPUID_EXT_SSE42 | CPUID_EXT_POPCNT | \
735           CPUID_EXT_XSAVE | /* CPUID_EXT_OSXSAVE is dynamic */   \
736           CPUID_EXT_MOVBE | CPUID_EXT_AES | CPUID_EXT_HYPERVISOR | \
737           CPUID_EXT_RDRAND)
738           /* missing:
739           CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_VMX, CPUID_EXT_SMX,
740           CPUID_EXT_EST, CPUID_EXT_TM2, CPUID_EXT_CID, CPUID_EXT_FMA,
741           CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_PCID, CPUID_EXT_DCA,
742           CPUID_EXT_X2APIC, CPUID_EXT_TSC_DEADLINE_TIMER, CPUID_EXT_AVX,
743           CPUID_EXT_F16C */
744 
745 #ifdef TARGET_X86_64
746 #define TCG_EXT2_X86_64_FEATURES (CPUID_EXT2_SYSCALL | CPUID_EXT2_LM)
747 #else
748 #define TCG_EXT2_X86_64_FEATURES 0
749 #endif
750 
751 #define TCG_EXT2_FEATURES ((TCG_FEATURES & CPUID_EXT2_AMD_ALIASES) | \
752           CPUID_EXT2_NX | CPUID_EXT2_MMXEXT | CPUID_EXT2_RDTSCP | \
753           CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | CPUID_EXT2_PDPE1GB | \
754           TCG_EXT2_X86_64_FEATURES)
755 #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
756           CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
757 #define TCG_EXT4_FEATURES 0
758 #define TCG_SVM_FEATURES CPUID_SVM_NPT
759 #define TCG_KVM_FEATURES 0
760 #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
761           CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
762           CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
763           CPUID_7_0_EBX_CLWB | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_FSGSBASE | \
764           CPUID_7_0_EBX_ERMS)
765           /* missing:
766           CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2,
767           CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM,
768           CPUID_7_0_EBX_RDSEED */
769 #define TCG_7_0_ECX_FEATURES (CPUID_7_0_ECX_PKU | \
770           /* CPUID_7_0_ECX_OSPKE is dynamic */ \
771           CPUID_7_0_ECX_LA57)
772 #define TCG_7_0_EDX_FEATURES 0
773 #define TCG_7_1_EAX_FEATURES 0
774 #define TCG_APM_FEATURES 0
775 #define TCG_6_EAX_FEATURES CPUID_6_EAX_ARAT
776 #define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1)
777           /* missing:
778           CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
779 
780 typedef enum FeatureWordType {
781    CPUID_FEATURE_WORD,
782    MSR_FEATURE_WORD,
783 } FeatureWordType;
784 
785 typedef struct FeatureWordInfo {
786     FeatureWordType type;
787     /* feature flags names are taken from "Intel Processor Identification and
788      * the CPUID Instruction" and AMD's "CPUID Specification".
789      * In cases of disagreement between feature naming conventions,
790      * aliases may be added.
791      */
792     const char *feat_names[64];
793     union {
794         /* If type==CPUID_FEATURE_WORD */
795         struct {
796             uint32_t eax;   /* Input EAX for CPUID */
797             bool needs_ecx; /* CPUID instruction uses ECX as input */
798             uint32_t ecx;   /* Input ECX value for CPUID */
799             int reg;        /* output register (R_* constant) */
800         } cpuid;
801         /* If type==MSR_FEATURE_WORD */
802         struct {
803             uint32_t index;
804         } msr;
805     };
806     uint64_t tcg_features; /* Feature flags supported by TCG */
807     uint64_t unmigratable_flags; /* Feature flags known to be unmigratable */
808     uint64_t migratable_flags; /* Feature flags known to be migratable */
809     /* Features that shouldn't be auto-enabled by "-cpu host" */
810     uint64_t no_autoenable_flags;
811 } FeatureWordInfo;
812 
813 static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
814     [FEAT_1_EDX] = {
815         .type = CPUID_FEATURE_WORD,
816         .feat_names = {
817             "fpu", "vme", "de", "pse",
818             "tsc", "msr", "pae", "mce",
819             "cx8", "apic", NULL, "sep",
820             "mtrr", "pge", "mca", "cmov",
821             "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
822             NULL, "ds" /* Intel dts */, "acpi", "mmx",
823             "fxsr", "sse", "sse2", "ss",
824             "ht" /* Intel htt */, "tm", "ia64", "pbe",
825         },
826         .cpuid = {.eax = 1, .reg = R_EDX, },
827         .tcg_features = TCG_FEATURES,
828     },
829     [FEAT_1_ECX] = {
830         .type = CPUID_FEATURE_WORD,
831         .feat_names = {
832             "pni" /* Intel,AMD sse3 */, "pclmulqdq", "dtes64", "monitor",
833             "ds-cpl", "vmx", "smx", "est",
834             "tm2", "ssse3", "cid", NULL,
835             "fma", "cx16", "xtpr", "pdcm",
836             NULL, "pcid", "dca", "sse4.1",
837             "sse4.2", "x2apic", "movbe", "popcnt",
838             "tsc-deadline", "aes", "xsave", NULL /* osxsave */,
839             "avx", "f16c", "rdrand", "hypervisor",
840         },
841         .cpuid = { .eax = 1, .reg = R_ECX, },
842         .tcg_features = TCG_EXT_FEATURES,
843     },
844     /* Feature names that are already defined on feature_name[] but
845      * are set on CPUID[8000_0001].EDX on AMD CPUs don't have their
846      * names on feat_names below. They are copied automatically
847      * to features[FEAT_8000_0001_EDX] if and only if CPU vendor is AMD.
848      */
849     [FEAT_8000_0001_EDX] = {
850         .type = CPUID_FEATURE_WORD,
851         .feat_names = {
852             NULL /* fpu */, NULL /* vme */, NULL /* de */, NULL /* pse */,
853             NULL /* tsc */, NULL /* msr */, NULL /* pae */, NULL /* mce */,
854             NULL /* cx8 */, NULL /* apic */, NULL, "syscall",
855             NULL /* mtrr */, NULL /* pge */, NULL /* mca */, NULL /* cmov */,
856             NULL /* pat */, NULL /* pse36 */, NULL, NULL /* Linux mp */,
857             "nx", NULL, "mmxext", NULL /* mmx */,
858             NULL /* fxsr */, "fxsr-opt", "pdpe1gb", "rdtscp",
859             NULL, "lm", "3dnowext", "3dnow",
860         },
861         .cpuid = { .eax = 0x80000001, .reg = R_EDX, },
862         .tcg_features = TCG_EXT2_FEATURES,
863     },
864     [FEAT_8000_0001_ECX] = {
865         .type = CPUID_FEATURE_WORD,
866         .feat_names = {
867             "lahf-lm", "cmp-legacy", "svm", "extapic",
868             "cr8legacy", "abm", "sse4a", "misalignsse",
869             "3dnowprefetch", "osvw", "ibs", "xop",
870             "skinit", "wdt", NULL, "lwp",
871             "fma4", "tce", NULL, "nodeid-msr",
872             NULL, "tbm", "topoext", "perfctr-core",
873             "perfctr-nb", NULL, NULL, NULL,
874             NULL, NULL, NULL, NULL,
875         },
876         .cpuid = { .eax = 0x80000001, .reg = R_ECX, },
877         .tcg_features = TCG_EXT3_FEATURES,
878         /*
879          * TOPOEXT is always allowed but can't be enabled blindly by
880          * "-cpu host", as it requires consistent cache topology info
881          * to be provided so it doesn't confuse guests.
882          */
883         .no_autoenable_flags = CPUID_EXT3_TOPOEXT,
884     },
885     [FEAT_C000_0001_EDX] = {
886         .type = CPUID_FEATURE_WORD,
887         .feat_names = {
888             NULL, NULL, "xstore", "xstore-en",
889             NULL, NULL, "xcrypt", "xcrypt-en",
890             "ace2", "ace2-en", "phe", "phe-en",
891             "pmm", "pmm-en", NULL, NULL,
892             NULL, NULL, NULL, NULL,
893             NULL, NULL, NULL, NULL,
894             NULL, NULL, NULL, NULL,
895             NULL, NULL, NULL, NULL,
896         },
897         .cpuid = { .eax = 0xC0000001, .reg = R_EDX, },
898         .tcg_features = TCG_EXT4_FEATURES,
899     },
900     [FEAT_KVM] = {
901         .type = CPUID_FEATURE_WORD,
902         .feat_names = {
903             "kvmclock", "kvm-nopiodelay", "kvm-mmu", "kvmclock",
904             "kvm-asyncpf", "kvm-steal-time", "kvm-pv-eoi", "kvm-pv-unhalt",
905             NULL, "kvm-pv-tlb-flush", NULL, "kvm-pv-ipi",
906             "kvm-poll-control", "kvm-pv-sched-yield", NULL, NULL,
907             NULL, NULL, NULL, NULL,
908             NULL, NULL, NULL, NULL,
909             "kvmclock-stable-bit", NULL, NULL, NULL,
910             NULL, NULL, NULL, NULL,
911         },
912         .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EAX, },
913         .tcg_features = TCG_KVM_FEATURES,
914     },
915     [FEAT_KVM_HINTS] = {
916         .type = CPUID_FEATURE_WORD,
917         .feat_names = {
918             "kvm-hint-dedicated", NULL, NULL, NULL,
919             NULL, NULL, NULL, NULL,
920             NULL, NULL, NULL, NULL,
921             NULL, NULL, NULL, NULL,
922             NULL, NULL, NULL, NULL,
923             NULL, NULL, NULL, NULL,
924             NULL, NULL, NULL, NULL,
925             NULL, NULL, NULL, NULL,
926         },
927         .cpuid = { .eax = KVM_CPUID_FEATURES, .reg = R_EDX, },
928         .tcg_features = TCG_KVM_FEATURES,
929         /*
930          * KVM hints aren't auto-enabled by -cpu host, they need to be
931          * explicitly enabled in the command-line.
932          */
933         .no_autoenable_flags = ~0U,
934     },
935     /*
936      * .feat_names are commented out for Hyper-V enlightenments because we
937      * don't want to have two different ways for enabling them on QEMU command
938      * line. Some features (e.g. "hyperv_time", "hyperv_vapic", ...) require
939      * enabling several feature bits simultaneously, exposing these bits
940      * individually may just confuse guests.
941      */
942     [FEAT_HYPERV_EAX] = {
943         .type = CPUID_FEATURE_WORD,
944         .feat_names = {
945             NULL /* hv_msr_vp_runtime_access */, NULL /* hv_msr_time_refcount_access */,
946             NULL /* hv_msr_synic_access */, NULL /* hv_msr_stimer_access */,
947             NULL /* hv_msr_apic_access */, NULL /* hv_msr_hypercall_access */,
948             NULL /* hv_vpindex_access */, NULL /* hv_msr_reset_access */,
949             NULL /* hv_msr_stats_access */, NULL /* hv_reftsc_access */,
950             NULL /* hv_msr_idle_access */, NULL /* hv_msr_frequency_access */,
951             NULL /* hv_msr_debug_access */, NULL /* hv_msr_reenlightenment_access */,
952             NULL, NULL,
953             NULL, NULL, NULL, NULL,
954             NULL, NULL, NULL, NULL,
955             NULL, NULL, NULL, NULL,
956             NULL, NULL, NULL, NULL,
957         },
958         .cpuid = { .eax = 0x40000003, .reg = R_EAX, },
959     },
960     [FEAT_HYPERV_EBX] = {
961         .type = CPUID_FEATURE_WORD,
962         .feat_names = {
963             NULL /* hv_create_partitions */, NULL /* hv_access_partition_id */,
964             NULL /* hv_access_memory_pool */, NULL /* hv_adjust_message_buffers */,
965             NULL /* hv_post_messages */, NULL /* hv_signal_events */,
966             NULL /* hv_create_port */, NULL /* hv_connect_port */,
967             NULL /* hv_access_stats */, NULL, NULL, NULL /* hv_debugging */,
968             NULL /* hv_cpu_power_management */, NULL /* hv_configure_profiler */,
969             NULL, NULL,
970             NULL, NULL, NULL, NULL,
971             NULL, NULL, NULL, NULL,
972             NULL, NULL, NULL, NULL,
973             NULL, NULL, NULL, NULL,
974         },
975         .cpuid = { .eax = 0x40000003, .reg = R_EBX, },
976     },
977     [FEAT_HYPERV_EDX] = {
978         .type = CPUID_FEATURE_WORD,
979         .feat_names = {
980             NULL /* hv_mwait */, NULL /* hv_guest_debugging */,
981             NULL /* hv_perf_monitor */, NULL /* hv_cpu_dynamic_part */,
982             NULL /* hv_hypercall_params_xmm */, NULL /* hv_guest_idle_state */,
983             NULL, NULL,
984             NULL, NULL, NULL /* hv_guest_crash_msr */, NULL,
985             NULL, NULL, NULL, NULL,
986             NULL, NULL, NULL, NULL,
987             NULL, NULL, NULL, NULL,
988             NULL, NULL, NULL, NULL,
989             NULL, NULL, NULL, NULL,
990         },
991         .cpuid = { .eax = 0x40000003, .reg = R_EDX, },
992     },
993     [FEAT_HV_RECOMM_EAX] = {
994         .type = CPUID_FEATURE_WORD,
995         .feat_names = {
996             NULL /* hv_recommend_pv_as_switch */,
997             NULL /* hv_recommend_pv_tlbflush_local */,
998             NULL /* hv_recommend_pv_tlbflush_remote */,
999             NULL /* hv_recommend_msr_apic_access */,
1000             NULL /* hv_recommend_msr_reset */,
1001             NULL /* hv_recommend_relaxed_timing */,
1002             NULL /* hv_recommend_dma_remapping */,
1003             NULL /* hv_recommend_int_remapping */,
1004             NULL /* hv_recommend_x2apic_msrs */,
1005             NULL /* hv_recommend_autoeoi_deprecation */,
1006             NULL /* hv_recommend_pv_ipi */,
1007             NULL /* hv_recommend_ex_hypercalls */,
1008             NULL /* hv_hypervisor_is_nested */,
1009             NULL /* hv_recommend_int_mbec */,
1010             NULL /* hv_recommend_evmcs */,
1011             NULL,
1012             NULL, NULL, NULL, NULL,
1013             NULL, NULL, NULL, NULL,
1014             NULL, NULL, NULL, NULL,
1015             NULL, NULL, NULL, NULL,
1016         },
1017         .cpuid = { .eax = 0x40000004, .reg = R_EAX, },
1018     },
1019     [FEAT_HV_NESTED_EAX] = {
1020         .type = CPUID_FEATURE_WORD,
1021         .cpuid = { .eax = 0x4000000A, .reg = R_EAX, },
1022     },
1023     [FEAT_SVM] = {
1024         .type = CPUID_FEATURE_WORD,
1025         .feat_names = {
1026             "npt", "lbrv", "svm-lock", "nrip-save",
1027             "tsc-scale", "vmcb-clean",  "flushbyasid", "decodeassists",
1028             NULL, NULL, "pause-filter", NULL,
1029             "pfthreshold", NULL, NULL, NULL,
1030             NULL, NULL, NULL, NULL,
1031             NULL, NULL, NULL, NULL,
1032             NULL, NULL, NULL, NULL,
1033             NULL, NULL, NULL, NULL,
1034         },
1035         .cpuid = { .eax = 0x8000000A, .reg = R_EDX, },
1036         .tcg_features = TCG_SVM_FEATURES,
1037     },
1038     [FEAT_7_0_EBX] = {
1039         .type = CPUID_FEATURE_WORD,
1040         .feat_names = {
1041             "fsgsbase", "tsc-adjust", NULL, "bmi1",
1042             "hle", "avx2", NULL, "smep",
1043             "bmi2", "erms", "invpcid", "rtm",
1044             NULL, NULL, "mpx", NULL,
1045             "avx512f", "avx512dq", "rdseed", "adx",
1046             "smap", "avx512ifma", "pcommit", "clflushopt",
1047             "clwb", "intel-pt", "avx512pf", "avx512er",
1048             "avx512cd", "sha-ni", "avx512bw", "avx512vl",
1049         },
1050         .cpuid = {
1051             .eax = 7,
1052             .needs_ecx = true, .ecx = 0,
1053             .reg = R_EBX,
1054         },
1055         .tcg_features = TCG_7_0_EBX_FEATURES,
1056     },
1057     [FEAT_7_0_ECX] = {
1058         .type = CPUID_FEATURE_WORD,
1059         .feat_names = {
1060             NULL, "avx512vbmi", "umip", "pku",
1061             NULL /* ospke */, "waitpkg", "avx512vbmi2", NULL,
1062             "gfni", "vaes", "vpclmulqdq", "avx512vnni",
1063             "avx512bitalg", NULL, "avx512-vpopcntdq", NULL,
1064             "la57", NULL, NULL, NULL,
1065             NULL, NULL, "rdpid", NULL,
1066             NULL, "cldemote", NULL, "movdiri",
1067             "movdir64b", NULL, NULL, NULL,
1068         },
1069         .cpuid = {
1070             .eax = 7,
1071             .needs_ecx = true, .ecx = 0,
1072             .reg = R_ECX,
1073         },
1074         .tcg_features = TCG_7_0_ECX_FEATURES,
1075     },
1076     [FEAT_7_0_EDX] = {
1077         .type = CPUID_FEATURE_WORD,
1078         .feat_names = {
1079             NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
1080             "fsrm", NULL, NULL, NULL,
1081             "avx512-vp2intersect", NULL, "md-clear", NULL,
1082             NULL, NULL, "serialize", NULL,
1083             "tsx-ldtrk", NULL, NULL /* pconfig */, NULL,
1084             NULL, NULL, NULL, NULL,
1085             NULL, NULL, "spec-ctrl", "stibp",
1086             NULL, "arch-capabilities", "core-capability", "ssbd",
1087         },
1088         .cpuid = {
1089             .eax = 7,
1090             .needs_ecx = true, .ecx = 0,
1091             .reg = R_EDX,
1092         },
1093         .tcg_features = TCG_7_0_EDX_FEATURES,
1094     },
1095     [FEAT_7_1_EAX] = {
1096         .type = CPUID_FEATURE_WORD,
1097         .feat_names = {
1098             NULL, NULL, NULL, NULL,
1099             NULL, "avx512-bf16", NULL, NULL,
1100             NULL, NULL, NULL, NULL,
1101             NULL, NULL, NULL, NULL,
1102             NULL, NULL, NULL, NULL,
1103             NULL, NULL, NULL, NULL,
1104             NULL, NULL, NULL, NULL,
1105             NULL, NULL, NULL, NULL,
1106         },
1107         .cpuid = {
1108             .eax = 7,
1109             .needs_ecx = true, .ecx = 1,
1110             .reg = R_EAX,
1111         },
1112         .tcg_features = TCG_7_1_EAX_FEATURES,
1113     },
1114     [FEAT_8000_0007_EDX] = {
1115         .type = CPUID_FEATURE_WORD,
1116         .feat_names = {
1117             NULL, NULL, NULL, NULL,
1118             NULL, NULL, NULL, NULL,
1119             "invtsc", NULL, NULL, NULL,
1120             NULL, NULL, NULL, NULL,
1121             NULL, NULL, NULL, NULL,
1122             NULL, NULL, NULL, NULL,
1123             NULL, NULL, NULL, NULL,
1124             NULL, NULL, NULL, NULL,
1125         },
1126         .cpuid = { .eax = 0x80000007, .reg = R_EDX, },
1127         .tcg_features = TCG_APM_FEATURES,
1128         .unmigratable_flags = CPUID_APM_INVTSC,
1129     },
1130     [FEAT_8000_0008_EBX] = {
1131         .type = CPUID_FEATURE_WORD,
1132         .feat_names = {
1133             "clzero", NULL, "xsaveerptr", NULL,
1134             NULL, NULL, NULL, NULL,
1135             NULL, "wbnoinvd", NULL, NULL,
1136             "ibpb", NULL, NULL, "amd-stibp",
1137             NULL, NULL, NULL, NULL,
1138             NULL, NULL, NULL, NULL,
1139             "amd-ssbd", "virt-ssbd", "amd-no-ssb", NULL,
1140             NULL, NULL, NULL, NULL,
1141         },
1142         .cpuid = { .eax = 0x80000008, .reg = R_EBX, },
1143         .tcg_features = 0,
1144         .unmigratable_flags = 0,
1145     },
1146     [FEAT_XSAVE] = {
1147         .type = CPUID_FEATURE_WORD,
1148         .feat_names = {
1149             "xsaveopt", "xsavec", "xgetbv1", "xsaves",
1150             NULL, NULL, NULL, NULL,
1151             NULL, NULL, NULL, NULL,
1152             NULL, NULL, NULL, NULL,
1153             NULL, NULL, NULL, NULL,
1154             NULL, NULL, NULL, NULL,
1155             NULL, NULL, NULL, NULL,
1156             NULL, NULL, NULL, NULL,
1157         },
1158         .cpuid = {
1159             .eax = 0xd,
1160             .needs_ecx = true, .ecx = 1,
1161             .reg = R_EAX,
1162         },
1163         .tcg_features = TCG_XSAVE_FEATURES,
1164     },
1165     [FEAT_6_EAX] = {
1166         .type = CPUID_FEATURE_WORD,
1167         .feat_names = {
1168             NULL, NULL, "arat", NULL,
1169             NULL, NULL, NULL, NULL,
1170             NULL, NULL, NULL, NULL,
1171             NULL, NULL, NULL, NULL,
1172             NULL, NULL, NULL, NULL,
1173             NULL, NULL, NULL, NULL,
1174             NULL, NULL, NULL, NULL,
1175             NULL, NULL, NULL, NULL,
1176         },
1177         .cpuid = { .eax = 6, .reg = R_EAX, },
1178         .tcg_features = TCG_6_EAX_FEATURES,
1179     },
1180     [FEAT_XSAVE_COMP_LO] = {
1181         .type = CPUID_FEATURE_WORD,
1182         .cpuid = {
1183             .eax = 0xD,
1184             .needs_ecx = true, .ecx = 0,
1185             .reg = R_EAX,
1186         },
1187         .tcg_features = ~0U,
1188         .migratable_flags = XSTATE_FP_MASK | XSTATE_SSE_MASK |
1189             XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK |
1190             XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | XSTATE_Hi16_ZMM_MASK |
1191             XSTATE_PKRU_MASK,
1192     },
1193     [FEAT_XSAVE_COMP_HI] = {
1194         .type = CPUID_FEATURE_WORD,
1195         .cpuid = {
1196             .eax = 0xD,
1197             .needs_ecx = true, .ecx = 0,
1198             .reg = R_EDX,
1199         },
1200         .tcg_features = ~0U,
1201     },
1202     /*Below are MSR exposed features*/
1203     [FEAT_ARCH_CAPABILITIES] = {
1204         .type = MSR_FEATURE_WORD,
1205         .feat_names = {
1206             "rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
1207             "ssb-no", "mds-no", "pschange-mc-no", "tsx-ctrl",
1208             "taa-no", NULL, NULL, NULL,
1209             NULL, NULL, NULL, NULL,
1210             NULL, NULL, NULL, NULL,
1211             NULL, NULL, NULL, NULL,
1212             NULL, NULL, NULL, NULL,
1213             NULL, NULL, NULL, NULL,
1214         },
1215         .msr = {
1216             .index = MSR_IA32_ARCH_CAPABILITIES,
1217         },
1218     },
1219     [FEAT_CORE_CAPABILITY] = {
1220         .type = MSR_FEATURE_WORD,
1221         .feat_names = {
1222             NULL, NULL, NULL, NULL,
1223             NULL, "split-lock-detect", NULL, NULL,
1224             NULL, NULL, NULL, NULL,
1225             NULL, NULL, NULL, NULL,
1226             NULL, NULL, NULL, NULL,
1227             NULL, NULL, NULL, NULL,
1228             NULL, NULL, NULL, NULL,
1229             NULL, NULL, NULL, NULL,
1230         },
1231         .msr = {
1232             .index = MSR_IA32_CORE_CAPABILITY,
1233         },
1234     },
1235     [FEAT_PERF_CAPABILITIES] = {
1236         .type = MSR_FEATURE_WORD,
1237         .feat_names = {
1238             NULL, NULL, NULL, NULL,
1239             NULL, NULL, NULL, NULL,
1240             NULL, NULL, NULL, NULL,
1241             NULL, "full-width-write", NULL, NULL,
1242             NULL, NULL, NULL, NULL,
1243             NULL, NULL, NULL, NULL,
1244             NULL, NULL, NULL, NULL,
1245             NULL, NULL, NULL, NULL,
1246         },
1247         .msr = {
1248             .index = MSR_IA32_PERF_CAPABILITIES,
1249         },
1250     },
1251 
1252     [FEAT_VMX_PROCBASED_CTLS] = {
1253         .type = MSR_FEATURE_WORD,
1254         .feat_names = {
1255             NULL, NULL, "vmx-vintr-pending", "vmx-tsc-offset",
1256             NULL, NULL, NULL, "vmx-hlt-exit",
1257             NULL, "vmx-invlpg-exit", "vmx-mwait-exit", "vmx-rdpmc-exit",
1258             "vmx-rdtsc-exit", NULL, NULL, "vmx-cr3-load-noexit",
1259             "vmx-cr3-store-noexit", NULL, NULL, "vmx-cr8-load-exit",
1260             "vmx-cr8-store-exit", "vmx-flexpriority", "vmx-vnmi-pending", "vmx-movdr-exit",
1261             "vmx-io-exit", "vmx-io-bitmap", NULL, "vmx-mtf",
1262             "vmx-msr-bitmap", "vmx-monitor-exit", "vmx-pause-exit", "vmx-secondary-ctls",
1263         },
1264         .msr = {
1265             .index = MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
1266         }
1267     },
1268 
1269     [FEAT_VMX_SECONDARY_CTLS] = {
1270         .type = MSR_FEATURE_WORD,
1271         .feat_names = {
1272             "vmx-apicv-xapic", "vmx-ept", "vmx-desc-exit", "vmx-rdtscp-exit",
1273             "vmx-apicv-x2apic", "vmx-vpid", "vmx-wbinvd-exit", "vmx-unrestricted-guest",
1274             "vmx-apicv-register", "vmx-apicv-vid", "vmx-ple", "vmx-rdrand-exit",
1275             "vmx-invpcid-exit", "vmx-vmfunc", "vmx-shadow-vmcs", "vmx-encls-exit",
1276             "vmx-rdseed-exit", "vmx-pml", NULL, NULL,
1277             "vmx-xsaves", NULL, NULL, NULL,
1278             NULL, NULL, NULL, NULL,
1279             NULL, NULL, NULL, NULL,
1280         },
1281         .msr = {
1282             .index = MSR_IA32_VMX_PROCBASED_CTLS2,
1283         }
1284     },
1285 
1286     [FEAT_VMX_PINBASED_CTLS] = {
1287         .type = MSR_FEATURE_WORD,
1288         .feat_names = {
1289             "vmx-intr-exit", NULL, NULL, "vmx-nmi-exit",
1290             NULL, "vmx-vnmi", "vmx-preemption-timer", "vmx-posted-intr",
1291             NULL, NULL, NULL, NULL,
1292             NULL, NULL, NULL, NULL,
1293             NULL, NULL, NULL, NULL,
1294             NULL, NULL, NULL, NULL,
1295             NULL, NULL, NULL, NULL,
1296             NULL, NULL, NULL, NULL,
1297         },
1298         .msr = {
1299             .index = MSR_IA32_VMX_TRUE_PINBASED_CTLS,
1300         }
1301     },
1302 
1303     [FEAT_VMX_EXIT_CTLS] = {
1304         .type = MSR_FEATURE_WORD,
1305         /*
1306          * VMX_VM_EXIT_HOST_ADDR_SPACE_SIZE is copied from
1307          * the LM CPUID bit.
1308          */
1309         .feat_names = {
1310             NULL, NULL, "vmx-exit-nosave-debugctl", NULL,
1311             NULL, NULL, NULL, NULL,
1312             NULL, NULL /* vmx-exit-host-addr-space-size */, NULL, NULL,
1313             "vmx-exit-load-perf-global-ctrl", NULL, NULL, "vmx-exit-ack-intr",
1314             NULL, NULL, "vmx-exit-save-pat", "vmx-exit-load-pat",
1315             "vmx-exit-save-efer", "vmx-exit-load-efer",
1316                 "vmx-exit-save-preemption-timer", "vmx-exit-clear-bndcfgs",
1317             NULL, "vmx-exit-clear-rtit-ctl", NULL, NULL,
1318             NULL, NULL, NULL, NULL,
1319         },
1320         .msr = {
1321             .index = MSR_IA32_VMX_TRUE_EXIT_CTLS,
1322         }
1323     },
1324 
1325     [FEAT_VMX_ENTRY_CTLS] = {
1326         .type = MSR_FEATURE_WORD,
1327         .feat_names = {
1328             NULL, NULL, "vmx-entry-noload-debugctl", NULL,
1329             NULL, NULL, NULL, NULL,
1330             NULL, "vmx-entry-ia32e-mode", NULL, NULL,
1331             NULL, "vmx-entry-load-perf-global-ctrl", "vmx-entry-load-pat", "vmx-entry-load-efer",
1332             "vmx-entry-load-bndcfgs", NULL, "vmx-entry-load-rtit-ctl", NULL,
1333             NULL, NULL, NULL, NULL,
1334             NULL, NULL, NULL, NULL,
1335             NULL, NULL, NULL, NULL,
1336         },
1337         .msr = {
1338             .index = MSR_IA32_VMX_TRUE_ENTRY_CTLS,
1339         }
1340     },
1341 
1342     [FEAT_VMX_MISC] = {
1343         .type = MSR_FEATURE_WORD,
1344         .feat_names = {
1345             NULL, NULL, NULL, NULL,
1346             NULL, "vmx-store-lma", "vmx-activity-hlt", "vmx-activity-shutdown",
1347             "vmx-activity-wait-sipi", NULL, NULL, NULL,
1348             NULL, NULL, NULL, NULL,
1349             NULL, NULL, NULL, NULL,
1350             NULL, NULL, NULL, NULL,
1351             NULL, NULL, NULL, NULL,
1352             NULL, "vmx-vmwrite-vmexit-fields", "vmx-zero-len-inject", NULL,
1353         },
1354         .msr = {
1355             .index = MSR_IA32_VMX_MISC,
1356         }
1357     },
1358 
1359     [FEAT_VMX_EPT_VPID_CAPS] = {
1360         .type = MSR_FEATURE_WORD,
1361         .feat_names = {
1362             "vmx-ept-execonly", NULL, NULL, NULL,
1363             NULL, NULL, "vmx-page-walk-4", "vmx-page-walk-5",
1364             NULL, NULL, NULL, NULL,
1365             NULL, NULL, NULL, NULL,
1366             "vmx-ept-2mb", "vmx-ept-1gb", NULL, NULL,
1367             "vmx-invept", "vmx-eptad", "vmx-ept-advanced-exitinfo", NULL,
1368             NULL, "vmx-invept-single-context", "vmx-invept-all-context", NULL,
1369             NULL, NULL, NULL, NULL,
1370             "vmx-invvpid", NULL, NULL, NULL,
1371             NULL, NULL, NULL, NULL,
1372             "vmx-invvpid-single-addr", "vmx-invept-single-context",
1373                 "vmx-invvpid-all-context", "vmx-invept-single-context-noglobals",
1374             NULL, NULL, NULL, NULL,
1375             NULL, NULL, NULL, NULL,
1376             NULL, NULL, NULL, NULL,
1377             NULL, NULL, NULL, NULL,
1378             NULL, NULL, NULL, NULL,
1379         },
1380         .msr = {
1381             .index = MSR_IA32_VMX_EPT_VPID_CAP,
1382         }
1383     },
1384 
1385     [FEAT_VMX_BASIC] = {
1386         .type = MSR_FEATURE_WORD,
1387         .feat_names = {
1388             [54] = "vmx-ins-outs",
1389             [55] = "vmx-true-ctls",
1390         },
1391         .msr = {
1392             .index = MSR_IA32_VMX_BASIC,
1393         },
1394         /* Just to be safe - we don't support setting the MSEG version field.  */
1395         .no_autoenable_flags = MSR_VMX_BASIC_DUAL_MONITOR,
1396     },
1397 
1398     [FEAT_VMX_VMFUNC] = {
1399         .type = MSR_FEATURE_WORD,
1400         .feat_names = {
1401             [0] = "vmx-eptp-switching",
1402         },
1403         .msr = {
1404             .index = MSR_IA32_VMX_VMFUNC,
1405         }
1406     },
1407 
1408 };
1409 
1410 typedef struct FeatureMask {
1411     FeatureWord index;
1412     uint64_t mask;
1413 } FeatureMask;
1414 
1415 typedef struct FeatureDep {
1416     FeatureMask from, to;
1417 } FeatureDep;
1418 
1419 static FeatureDep feature_dependencies[] = {
1420     {
1421         .from = { FEAT_7_0_EDX,             CPUID_7_0_EDX_ARCH_CAPABILITIES },
1422         .to = { FEAT_ARCH_CAPABILITIES,     ~0ull },
1423     },
1424     {
1425         .from = { FEAT_7_0_EDX,             CPUID_7_0_EDX_CORE_CAPABILITY },
1426         .to = { FEAT_CORE_CAPABILITY,       ~0ull },
1427     },
1428     {
1429         .from = { FEAT_1_ECX,             CPUID_EXT_PDCM },
1430         .to = { FEAT_PERF_CAPABILITIES,       ~0ull },
1431     },
1432     {
1433         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1434         .to = { FEAT_VMX_PROCBASED_CTLS,    ~0ull },
1435     },
1436     {
1437         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1438         .to = { FEAT_VMX_PINBASED_CTLS,     ~0ull },
1439     },
1440     {
1441         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1442         .to = { FEAT_VMX_EXIT_CTLS,         ~0ull },
1443     },
1444     {
1445         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1446         .to = { FEAT_VMX_ENTRY_CTLS,        ~0ull },
1447     },
1448     {
1449         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1450         .to = { FEAT_VMX_MISC,              ~0ull },
1451     },
1452     {
1453         .from = { FEAT_1_ECX,               CPUID_EXT_VMX },
1454         .to = { FEAT_VMX_BASIC,             ~0ull },
1455     },
1456     {
1457         .from = { FEAT_8000_0001_EDX,       CPUID_EXT2_LM },
1458         .to = { FEAT_VMX_ENTRY_CTLS,        VMX_VM_ENTRY_IA32E_MODE },
1459     },
1460     {
1461         .from = { FEAT_VMX_PROCBASED_CTLS,  VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS },
1462         .to = { FEAT_VMX_SECONDARY_CTLS,    ~0ull },
1463     },
1464     {
1465         .from = { FEAT_XSAVE,               CPUID_XSAVE_XSAVES },
1466         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_XSAVES },
1467     },
1468     {
1469         .from = { FEAT_1_ECX,               CPUID_EXT_RDRAND },
1470         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDRAND_EXITING },
1471     },
1472     {
1473         .from = { FEAT_7_0_EBX,             CPUID_7_0_EBX_INVPCID },
1474         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_ENABLE_INVPCID },
1475     },
1476     {
1477         .from = { FEAT_7_0_EBX,             CPUID_7_0_EBX_RDSEED },
1478         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDSEED_EXITING },
1479     },
1480     {
1481         .from = { FEAT_8000_0001_EDX,       CPUID_EXT2_RDTSCP },
1482         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_RDTSCP },
1483     },
1484     {
1485         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_EPT },
1486         .to = { FEAT_VMX_EPT_VPID_CAPS,     0xffffffffull },
1487     },
1488     {
1489         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_EPT },
1490         .to = { FEAT_VMX_SECONDARY_CTLS,    VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST },
1491     },
1492     {
1493         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_VPID },
1494         .to = { FEAT_VMX_EPT_VPID_CAPS,     0xffffffffull << 32 },
1495     },
1496     {
1497         .from = { FEAT_VMX_SECONDARY_CTLS,  VMX_SECONDARY_EXEC_ENABLE_VMFUNC },
1498         .to = { FEAT_VMX_VMFUNC,            ~0ull },
1499     },
1500     {
1501         .from = { FEAT_8000_0001_ECX,       CPUID_EXT3_SVM },
1502         .to = { FEAT_SVM,                   ~0ull },
1503     },
1504 };
1505 
1506 typedef struct X86RegisterInfo32 {
1507     /* Name of register */
1508     const char *name;
1509     /* QAPI enum value register */
1510     X86CPURegister32 qapi_enum;
1511 } X86RegisterInfo32;
1512 
1513 #define REGISTER(reg) \
1514     [R_##reg] = { .name = #reg, .qapi_enum = X86_CPU_REGISTER32_##reg }
1515 static const X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = {
1516     REGISTER(EAX),
1517     REGISTER(ECX),
1518     REGISTER(EDX),
1519     REGISTER(EBX),
1520     REGISTER(ESP),
1521     REGISTER(EBP),
1522     REGISTER(ESI),
1523     REGISTER(EDI),
1524 };
1525 #undef REGISTER
1526 
1527 typedef struct ExtSaveArea {
1528     uint32_t feature, bits;
1529     uint32_t offset, size;
1530 } ExtSaveArea;
1531 
1532 static const ExtSaveArea x86_ext_save_areas[] = {
1533     [XSTATE_FP_BIT] = {
1534         /* x87 FP state component is always enabled if XSAVE is supported */
1535         .feature = FEAT_1_ECX, .bits = CPUID_EXT_XSAVE,
1536         /* x87 state is in the legacy region of the XSAVE area */
1537         .offset = 0,
1538         .size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader),
1539     },
1540     [XSTATE_SSE_BIT] = {
1541         /* SSE state component is always enabled if XSAVE is supported */
1542         .feature = FEAT_1_ECX, .bits = CPUID_EXT_XSAVE,
1543         /* SSE state is in the legacy region of the XSAVE area */
1544         .offset = 0,
1545         .size = sizeof(X86LegacyXSaveArea) + sizeof(X86XSaveHeader),
1546     },
1547     [XSTATE_YMM_BIT] =
1548           { .feature = FEAT_1_ECX, .bits = CPUID_EXT_AVX,
1549             .offset = offsetof(X86XSaveArea, avx_state),
1550             .size = sizeof(XSaveAVX) },
1551     [XSTATE_BNDREGS_BIT] =
1552           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_MPX,
1553             .offset = offsetof(X86XSaveArea, bndreg_state),
1554             .size = sizeof(XSaveBNDREG)  },
1555     [XSTATE_BNDCSR_BIT] =
1556           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_MPX,
1557             .offset = offsetof(X86XSaveArea, bndcsr_state),
1558             .size = sizeof(XSaveBNDCSR)  },
1559     [XSTATE_OPMASK_BIT] =
1560           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1561             .offset = offsetof(X86XSaveArea, opmask_state),
1562             .size = sizeof(XSaveOpmask) },
1563     [XSTATE_ZMM_Hi256_BIT] =
1564           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1565             .offset = offsetof(X86XSaveArea, zmm_hi256_state),
1566             .size = sizeof(XSaveZMM_Hi256) },
1567     [XSTATE_Hi16_ZMM_BIT] =
1568           { .feature = FEAT_7_0_EBX, .bits = CPUID_7_0_EBX_AVX512F,
1569             .offset = offsetof(X86XSaveArea, hi16_zmm_state),
1570             .size = sizeof(XSaveHi16_ZMM) },
1571     [XSTATE_PKRU_BIT] =
1572           { .feature = FEAT_7_0_ECX, .bits = CPUID_7_0_ECX_PKU,
1573             .offset = offsetof(X86XSaveArea, pkru_state),
1574             .size = sizeof(XSavePKRU) },
1575 };
1576 
1577 static uint32_t xsave_area_size(uint64_t mask)
1578 {
1579     int i;
1580     uint64_t ret = 0;
1581 
1582     for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
1583         const ExtSaveArea *esa = &x86_ext_save_areas[i];
1584         if ((mask >> i) & 1) {
1585             ret = MAX(ret, esa->offset + esa->size);
1586         }
1587     }
1588     return ret;
1589 }
1590 
1591 static inline bool accel_uses_host_cpuid(void)
1592 {
1593     return kvm_enabled() || hvf_enabled();
1594 }
1595 
1596 static inline uint64_t x86_cpu_xsave_components(X86CPU *cpu)
1597 {
1598     return ((uint64_t)cpu->env.features[FEAT_XSAVE_COMP_HI]) << 32 |
1599            cpu->env.features[FEAT_XSAVE_COMP_LO];
1600 }
1601 
1602 const char *get_register_name_32(unsigned int reg)
1603 {
1604     if (reg >= CPU_NB_REGS32) {
1605         return NULL;
1606     }
1607     return x86_reg_info_32[reg].name;
1608 }
1609 
1610 /*
1611  * Returns the set of feature flags that are supported and migratable by
1612  * QEMU, for a given FeatureWord.
1613  */
1614 static uint64_t x86_cpu_get_migratable_flags(FeatureWord w)
1615 {
1616     FeatureWordInfo *wi = &feature_word_info[w];
1617     uint64_t r = 0;
1618     int i;
1619 
1620     for (i = 0; i < 64; i++) {
1621         uint64_t f = 1ULL << i;
1622 
1623         /* If the feature name is known, it is implicitly considered migratable,
1624          * unless it is explicitly set in unmigratable_flags */
1625         if ((wi->migratable_flags & f) ||
1626             (wi->feat_names[i] && !(wi->unmigratable_flags & f))) {
1627             r |= f;
1628         }
1629     }
1630     return r;
1631 }
1632 
1633 void host_cpuid(uint32_t function, uint32_t count,
1634                 uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx)
1635 {
1636     uint32_t vec[4];
1637 
1638 #ifdef __x86_64__
1639     asm volatile("cpuid"
1640                  : "=a"(vec[0]), "=b"(vec[1]),
1641                    "=c"(vec[2]), "=d"(vec[3])
1642                  : "0"(function), "c"(count) : "cc");
1643 #elif defined(__i386__)
1644     asm volatile("pusha \n\t"
1645                  "cpuid \n\t"
1646                  "mov %%eax, 0(%2) \n\t"
1647                  "mov %%ebx, 4(%2) \n\t"
1648                  "mov %%ecx, 8(%2) \n\t"
1649                  "mov %%edx, 12(%2) \n\t"
1650                  "popa"
1651                  : : "a"(function), "c"(count), "S"(vec)
1652                  : "memory", "cc");
1653 #else
1654     abort();
1655 #endif
1656 
1657     if (eax)
1658         *eax = vec[0];
1659     if (ebx)
1660         *ebx = vec[1];
1661     if (ecx)
1662         *ecx = vec[2];
1663     if (edx)
1664         *edx = vec[3];
1665 }
1666 
1667 void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
1668 {
1669     uint32_t eax, ebx, ecx, edx;
1670 
1671     host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
1672     x86_cpu_vendor_words2str(vendor, ebx, edx, ecx);
1673 
1674     host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx);
1675     if (family) {
1676         *family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
1677     }
1678     if (model) {
1679         *model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12);
1680     }
1681     if (stepping) {
1682         *stepping = eax & 0x0F;
1683     }
1684 }
1685 
1686 /* CPU class name definitions: */
1687 
1688 /* Return type name for a given CPU model name
1689  * Caller is responsible for freeing the returned string.
1690  */
1691 static char *x86_cpu_type_name(const char *model_name)
1692 {
1693     return g_strdup_printf(X86_CPU_TYPE_NAME("%s"), model_name);
1694 }
1695 
1696 static ObjectClass *x86_cpu_class_by_name(const char *cpu_model)
1697 {
1698     g_autofree char *typename = x86_cpu_type_name(cpu_model);
1699     return object_class_by_name(typename);
1700 }
1701 
1702 static char *x86_cpu_class_get_model_name(X86CPUClass *cc)
1703 {
1704     const char *class_name = object_class_get_name(OBJECT_CLASS(cc));
1705     assert(g_str_has_suffix(class_name, X86_CPU_TYPE_SUFFIX));
1706     return g_strndup(class_name,
1707                      strlen(class_name) - strlen(X86_CPU_TYPE_SUFFIX));
1708 }
1709 
1710 typedef struct PropValue {
1711     const char *prop, *value;
1712 } PropValue;
1713 
1714 typedef struct X86CPUVersionDefinition {
1715     X86CPUVersion version;
1716     const char *alias;
1717     const char *note;
1718     PropValue *props;
1719 } X86CPUVersionDefinition;
1720 
1721 /* Base definition for a CPU model */
1722 typedef struct X86CPUDefinition {
1723     const char *name;
1724     uint32_t level;
1725     uint32_t xlevel;
1726     /* vendor is zero-terminated, 12 character ASCII string */
1727     char vendor[CPUID_VENDOR_SZ + 1];
1728     int family;
1729     int model;
1730     int stepping;
1731     FeatureWordArray features;
1732     const char *model_id;
1733     CPUCaches *cache_info;
1734     /*
1735      * Definitions for alternative versions of CPU model.
1736      * List is terminated by item with version == 0.
1737      * If NULL, version 1 will be registered automatically.
1738      */
1739     const X86CPUVersionDefinition *versions;
1740 } X86CPUDefinition;
1741 
1742 /* Reference to a specific CPU model version */
1743 struct X86CPUModel {
1744     /* Base CPU definition */
1745     X86CPUDefinition *cpudef;
1746     /* CPU model version */
1747     X86CPUVersion version;
1748     const char *note;
1749     /*
1750      * If true, this is an alias CPU model.
1751      * This matters only for "-cpu help" and query-cpu-definitions
1752      */
1753     bool is_alias;
1754 };
1755 
1756 /* Get full model name for CPU version */
1757 static char *x86_cpu_versioned_model_name(X86CPUDefinition *cpudef,
1758                                           X86CPUVersion version)
1759 {
1760     assert(version > 0);
1761     return g_strdup_printf("%s-v%d", cpudef->name, (int)version);
1762 }
1763 
1764 static const X86CPUVersionDefinition *x86_cpu_def_get_versions(X86CPUDefinition *def)
1765 {
1766     /* When X86CPUDefinition::versions is NULL, we register only v1 */
1767     static const X86CPUVersionDefinition default_version_list[] = {
1768         { 1 },
1769         { /* end of list */ }
1770     };
1771 
1772     return def->versions ?: default_version_list;
1773 }
1774 
1775 static CPUCaches epyc_cache_info = {
1776     .l1d_cache = &(CPUCacheInfo) {
1777         .type = DATA_CACHE,
1778         .level = 1,
1779         .size = 32 * KiB,
1780         .line_size = 64,
1781         .associativity = 8,
1782         .partitions = 1,
1783         .sets = 64,
1784         .lines_per_tag = 1,
1785         .self_init = 1,
1786         .no_invd_sharing = true,
1787     },
1788     .l1i_cache = &(CPUCacheInfo) {
1789         .type = INSTRUCTION_CACHE,
1790         .level = 1,
1791         .size = 64 * KiB,
1792         .line_size = 64,
1793         .associativity = 4,
1794         .partitions = 1,
1795         .sets = 256,
1796         .lines_per_tag = 1,
1797         .self_init = 1,
1798         .no_invd_sharing = true,
1799     },
1800     .l2_cache = &(CPUCacheInfo) {
1801         .type = UNIFIED_CACHE,
1802         .level = 2,
1803         .size = 512 * KiB,
1804         .line_size = 64,
1805         .associativity = 8,
1806         .partitions = 1,
1807         .sets = 1024,
1808         .lines_per_tag = 1,
1809     },
1810     .l3_cache = &(CPUCacheInfo) {
1811         .type = UNIFIED_CACHE,
1812         .level = 3,
1813         .size = 8 * MiB,
1814         .line_size = 64,
1815         .associativity = 16,
1816         .partitions = 1,
1817         .sets = 8192,
1818         .lines_per_tag = 1,
1819         .self_init = true,
1820         .inclusive = true,
1821         .complex_indexing = true,
1822     },
1823 };
1824 
1825 static CPUCaches epyc_rome_cache_info = {
1826     .l1d_cache = &(CPUCacheInfo) {
1827         .type = DATA_CACHE,
1828         .level = 1,
1829         .size = 32 * KiB,
1830         .line_size = 64,
1831         .associativity = 8,
1832         .partitions = 1,
1833         .sets = 64,
1834         .lines_per_tag = 1,
1835         .self_init = 1,
1836         .no_invd_sharing = true,
1837     },
1838     .l1i_cache = &(CPUCacheInfo) {
1839         .type = INSTRUCTION_CACHE,
1840         .level = 1,
1841         .size = 32 * KiB,
1842         .line_size = 64,
1843         .associativity = 8,
1844         .partitions = 1,
1845         .sets = 64,
1846         .lines_per_tag = 1,
1847         .self_init = 1,
1848         .no_invd_sharing = true,
1849     },
1850     .l2_cache = &(CPUCacheInfo) {
1851         .type = UNIFIED_CACHE,
1852         .level = 2,
1853         .size = 512 * KiB,
1854         .line_size = 64,
1855         .associativity = 8,
1856         .partitions = 1,
1857         .sets = 1024,
1858         .lines_per_tag = 1,
1859     },
1860     .l3_cache = &(CPUCacheInfo) {
1861         .type = UNIFIED_CACHE,
1862         .level = 3,
1863         .size = 16 * MiB,
1864         .line_size = 64,
1865         .associativity = 16,
1866         .partitions = 1,
1867         .sets = 16384,
1868         .lines_per_tag = 1,
1869         .self_init = true,
1870         .inclusive = true,
1871         .complex_indexing = true,
1872     },
1873 };
1874 
1875 /* The following VMX features are not supported by KVM and are left out in the
1876  * CPU definitions:
1877  *
1878  *  Dual-monitor support (all processors)
1879  *  Entry to SMM
1880  *  Deactivate dual-monitor treatment
1881  *  Number of CR3-target values
1882  *  Shutdown activity state
1883  *  Wait-for-SIPI activity state
1884  *  PAUSE-loop exiting (Westmere and newer)
1885  *  EPT-violation #VE (Broadwell and newer)
1886  *  Inject event with insn length=0 (Skylake and newer)
1887  *  Conceal non-root operation from PT
1888  *  Conceal VM exits from PT
1889  *  Conceal VM entries from PT
1890  *  Enable ENCLS exiting
1891  *  Mode-based execute control (XS/XU)
1892  s  TSC scaling (Skylake Server and newer)
1893  *  GPA translation for PT (IceLake and newer)
1894  *  User wait and pause
1895  *  ENCLV exiting
1896  *  Load IA32_RTIT_CTL
1897  *  Clear IA32_RTIT_CTL
1898  *  Advanced VM-exit information for EPT violations
1899  *  Sub-page write permissions
1900  *  PT in VMX operation
1901  */
1902 
1903 static X86CPUDefinition builtin_x86_defs[] = {
1904     {
1905         .name = "qemu64",
1906         .level = 0xd,
1907         .vendor = CPUID_VENDOR_AMD,
1908         .family = 6,
1909         .model = 6,
1910         .stepping = 3,
1911         .features[FEAT_1_EDX] =
1912             PPRO_FEATURES |
1913             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1914             CPUID_PSE36,
1915         .features[FEAT_1_ECX] =
1916             CPUID_EXT_SSE3 | CPUID_EXT_CX16,
1917         .features[FEAT_8000_0001_EDX] =
1918             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1919         .features[FEAT_8000_0001_ECX] =
1920             CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM,
1921         .xlevel = 0x8000000A,
1922         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
1923     },
1924     {
1925         .name = "phenom",
1926         .level = 5,
1927         .vendor = CPUID_VENDOR_AMD,
1928         .family = 16,
1929         .model = 2,
1930         .stepping = 3,
1931         /* Missing: CPUID_HT */
1932         .features[FEAT_1_EDX] =
1933             PPRO_FEATURES |
1934             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1935             CPUID_PSE36 | CPUID_VME,
1936         .features[FEAT_1_ECX] =
1937             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_CX16 |
1938             CPUID_EXT_POPCNT,
1939         .features[FEAT_8000_0001_EDX] =
1940             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX |
1941             CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT | CPUID_EXT2_MMXEXT |
1942             CPUID_EXT2_FFXSR | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP,
1943         /* Missing: CPUID_EXT3_CMP_LEG, CPUID_EXT3_EXTAPIC,
1944                     CPUID_EXT3_CR8LEG,
1945                     CPUID_EXT3_MISALIGNSSE, CPUID_EXT3_3DNOWPREFETCH,
1946                     CPUID_EXT3_OSVW, CPUID_EXT3_IBS */
1947         .features[FEAT_8000_0001_ECX] =
1948             CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM |
1949             CPUID_EXT3_ABM | CPUID_EXT3_SSE4A,
1950         /* Missing: CPUID_SVM_LBRV */
1951         .features[FEAT_SVM] =
1952             CPUID_SVM_NPT,
1953         .xlevel = 0x8000001A,
1954         .model_id = "AMD Phenom(tm) 9550 Quad-Core Processor"
1955     },
1956     {
1957         .name = "core2duo",
1958         .level = 10,
1959         .vendor = CPUID_VENDOR_INTEL,
1960         .family = 6,
1961         .model = 15,
1962         .stepping = 11,
1963         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
1964         .features[FEAT_1_EDX] =
1965             PPRO_FEATURES |
1966             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
1967             CPUID_PSE36 | CPUID_VME | CPUID_ACPI | CPUID_SS,
1968         /* Missing: CPUID_EXT_DTES64, CPUID_EXT_DSCPL, CPUID_EXT_EST,
1969          * CPUID_EXT_TM2, CPUID_EXT_XTPR, CPUID_EXT_PDCM, CPUID_EXT_VMX */
1970         .features[FEAT_1_ECX] =
1971             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
1972             CPUID_EXT_CX16,
1973         .features[FEAT_8000_0001_EDX] =
1974             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
1975         .features[FEAT_8000_0001_ECX] =
1976             CPUID_EXT3_LAHF_LM,
1977         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS,
1978         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
1979         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
1980         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
1981         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
1982              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS,
1983         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
1984              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
1985              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
1986              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
1987              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
1988              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
1989              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
1990              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
1991              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
1992              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
1993         .features[FEAT_VMX_SECONDARY_CTLS] =
1994              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES,
1995         .xlevel = 0x80000008,
1996         .model_id = "Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz",
1997     },
1998     {
1999         .name = "kvm64",
2000         .level = 0xd,
2001         .vendor = CPUID_VENDOR_INTEL,
2002         .family = 15,
2003         .model = 6,
2004         .stepping = 1,
2005         /* Missing: CPUID_HT */
2006         .features[FEAT_1_EDX] =
2007             PPRO_FEATURES | CPUID_VME |
2008             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA |
2009             CPUID_PSE36,
2010         /* Missing: CPUID_EXT_POPCNT, CPUID_EXT_MONITOR */
2011         .features[FEAT_1_ECX] =
2012             CPUID_EXT_SSE3 | CPUID_EXT_CX16,
2013         /* Missing: CPUID_EXT2_PDPE1GB, CPUID_EXT2_RDTSCP */
2014         .features[FEAT_8000_0001_EDX] =
2015             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2016         /* Missing: CPUID_EXT3_LAHF_LM, CPUID_EXT3_CMP_LEG, CPUID_EXT3_EXTAPIC,
2017                     CPUID_EXT3_CR8LEG, CPUID_EXT3_ABM, CPUID_EXT3_SSE4A,
2018                     CPUID_EXT3_MISALIGNSSE, CPUID_EXT3_3DNOWPREFETCH,
2019                     CPUID_EXT3_OSVW, CPUID_EXT3_IBS, CPUID_EXT3_SVM */
2020         .features[FEAT_8000_0001_ECX] =
2021             0,
2022         /* VMX features from Cedar Mill/Prescott */
2023         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
2024         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
2025         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2026         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2027              VMX_PIN_BASED_NMI_EXITING,
2028         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2029              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2030              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2031              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2032              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2033              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2034              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2035              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING,
2036         .xlevel = 0x80000008,
2037         .model_id = "Common KVM processor"
2038     },
2039     {
2040         .name = "qemu32",
2041         .level = 4,
2042         .vendor = CPUID_VENDOR_INTEL,
2043         .family = 6,
2044         .model = 6,
2045         .stepping = 3,
2046         .features[FEAT_1_EDX] =
2047             PPRO_FEATURES,
2048         .features[FEAT_1_ECX] =
2049             CPUID_EXT_SSE3,
2050         .xlevel = 0x80000004,
2051         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
2052     },
2053     {
2054         .name = "kvm32",
2055         .level = 5,
2056         .vendor = CPUID_VENDOR_INTEL,
2057         .family = 15,
2058         .model = 6,
2059         .stepping = 1,
2060         .features[FEAT_1_EDX] =
2061             PPRO_FEATURES | CPUID_VME |
2062             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_PSE36,
2063         .features[FEAT_1_ECX] =
2064             CPUID_EXT_SSE3,
2065         .features[FEAT_8000_0001_ECX] =
2066             0,
2067         /* VMX features from Yonah */
2068         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
2069         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
2070         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2071         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2072              VMX_PIN_BASED_NMI_EXITING,
2073         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2074              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2075              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2076              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2077              VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING |
2078              VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING |
2079              VMX_CPU_BASED_PAUSE_EXITING | VMX_CPU_BASED_USE_MSR_BITMAPS,
2080         .xlevel = 0x80000008,
2081         .model_id = "Common 32-bit KVM processor"
2082     },
2083     {
2084         .name = "coreduo",
2085         .level = 10,
2086         .vendor = CPUID_VENDOR_INTEL,
2087         .family = 6,
2088         .model = 14,
2089         .stepping = 8,
2090         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
2091         .features[FEAT_1_EDX] =
2092             PPRO_FEATURES | CPUID_VME |
2093             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_ACPI |
2094             CPUID_SS,
2095         /* Missing: CPUID_EXT_EST, CPUID_EXT_TM2 , CPUID_EXT_XTPR,
2096          * CPUID_EXT_PDCM, CPUID_EXT_VMX */
2097         .features[FEAT_1_ECX] =
2098             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR,
2099         .features[FEAT_8000_0001_EDX] =
2100             CPUID_EXT2_NX,
2101         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
2102         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
2103         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2104         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2105              VMX_PIN_BASED_NMI_EXITING,
2106         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2107              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2108              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2109              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2110              VMX_CPU_BASED_MOV_DR_EXITING | VMX_CPU_BASED_UNCOND_IO_EXITING |
2111              VMX_CPU_BASED_USE_IO_BITMAPS | VMX_CPU_BASED_MONITOR_EXITING |
2112              VMX_CPU_BASED_PAUSE_EXITING | VMX_CPU_BASED_USE_MSR_BITMAPS,
2113         .xlevel = 0x80000008,
2114         .model_id = "Genuine Intel(R) CPU           T2600  @ 2.16GHz",
2115     },
2116     {
2117         .name = "486",
2118         .level = 1,
2119         .vendor = CPUID_VENDOR_INTEL,
2120         .family = 4,
2121         .model = 8,
2122         .stepping = 0,
2123         .features[FEAT_1_EDX] =
2124             I486_FEATURES,
2125         .xlevel = 0,
2126         .model_id = "",
2127     },
2128     {
2129         .name = "pentium",
2130         .level = 1,
2131         .vendor = CPUID_VENDOR_INTEL,
2132         .family = 5,
2133         .model = 4,
2134         .stepping = 3,
2135         .features[FEAT_1_EDX] =
2136             PENTIUM_FEATURES,
2137         .xlevel = 0,
2138         .model_id = "",
2139     },
2140     {
2141         .name = "pentium2",
2142         .level = 2,
2143         .vendor = CPUID_VENDOR_INTEL,
2144         .family = 6,
2145         .model = 5,
2146         .stepping = 2,
2147         .features[FEAT_1_EDX] =
2148             PENTIUM2_FEATURES,
2149         .xlevel = 0,
2150         .model_id = "",
2151     },
2152     {
2153         .name = "pentium3",
2154         .level = 3,
2155         .vendor = CPUID_VENDOR_INTEL,
2156         .family = 6,
2157         .model = 7,
2158         .stepping = 3,
2159         .features[FEAT_1_EDX] =
2160             PENTIUM3_FEATURES,
2161         .xlevel = 0,
2162         .model_id = "",
2163     },
2164     {
2165         .name = "athlon",
2166         .level = 2,
2167         .vendor = CPUID_VENDOR_AMD,
2168         .family = 6,
2169         .model = 2,
2170         .stepping = 3,
2171         .features[FEAT_1_EDX] =
2172             PPRO_FEATURES | CPUID_PSE36 | CPUID_VME | CPUID_MTRR |
2173             CPUID_MCA,
2174         .features[FEAT_8000_0001_EDX] =
2175             CPUID_EXT2_MMXEXT | CPUID_EXT2_3DNOW | CPUID_EXT2_3DNOWEXT,
2176         .xlevel = 0x80000008,
2177         .model_id = "QEMU Virtual CPU version " QEMU_HW_VERSION,
2178     },
2179     {
2180         .name = "n270",
2181         .level = 10,
2182         .vendor = CPUID_VENDOR_INTEL,
2183         .family = 6,
2184         .model = 28,
2185         .stepping = 2,
2186         /* Missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
2187         .features[FEAT_1_EDX] =
2188             PPRO_FEATURES |
2189             CPUID_MTRR | CPUID_CLFLUSH | CPUID_MCA | CPUID_VME |
2190             CPUID_ACPI | CPUID_SS,
2191             /* Some CPUs got no CPUID_SEP */
2192         /* Missing: CPUID_EXT_DSCPL, CPUID_EXT_EST, CPUID_EXT_TM2,
2193          * CPUID_EXT_XTPR */
2194         .features[FEAT_1_ECX] =
2195             CPUID_EXT_SSE3 | CPUID_EXT_MONITOR | CPUID_EXT_SSSE3 |
2196             CPUID_EXT_MOVBE,
2197         .features[FEAT_8000_0001_EDX] =
2198             CPUID_EXT2_NX,
2199         .features[FEAT_8000_0001_ECX] =
2200             CPUID_EXT3_LAHF_LM,
2201         .xlevel = 0x80000008,
2202         .model_id = "Intel(R) Atom(TM) CPU N270   @ 1.60GHz",
2203     },
2204     {
2205         .name = "Conroe",
2206         .level = 10,
2207         .vendor = CPUID_VENDOR_INTEL,
2208         .family = 6,
2209         .model = 15,
2210         .stepping = 3,
2211         .features[FEAT_1_EDX] =
2212             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2213             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2214             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2215             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2216             CPUID_DE | CPUID_FP87,
2217         .features[FEAT_1_ECX] =
2218             CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
2219         .features[FEAT_8000_0001_EDX] =
2220             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2221         .features[FEAT_8000_0001_ECX] =
2222             CPUID_EXT3_LAHF_LM,
2223         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS,
2224         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE,
2225         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT,
2226         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2227         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2228              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS,
2229         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2230              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2231              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2232              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2233              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2234              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2235              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2236              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2237              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2238              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2239         .features[FEAT_VMX_SECONDARY_CTLS] =
2240              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES,
2241         .xlevel = 0x80000008,
2242         .model_id = "Intel Celeron_4x0 (Conroe/Merom Class Core 2)",
2243     },
2244     {
2245         .name = "Penryn",
2246         .level = 10,
2247         .vendor = CPUID_VENDOR_INTEL,
2248         .family = 6,
2249         .model = 23,
2250         .stepping = 3,
2251         .features[FEAT_1_EDX] =
2252             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2253             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2254             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2255             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2256             CPUID_DE | CPUID_FP87,
2257         .features[FEAT_1_ECX] =
2258             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2259             CPUID_EXT_SSE3,
2260         .features[FEAT_8000_0001_EDX] =
2261             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
2262         .features[FEAT_8000_0001_ECX] =
2263             CPUID_EXT3_LAHF_LM,
2264         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS,
2265         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2266              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL,
2267         .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT |
2268              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL,
2269         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2270         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2271              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS,
2272         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2273              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2274              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2275              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2276              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2277              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2278              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2279              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2280              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2281              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2282         .features[FEAT_VMX_SECONDARY_CTLS] =
2283              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2284              VMX_SECONDARY_EXEC_WBINVD_EXITING,
2285         .xlevel = 0x80000008,
2286         .model_id = "Intel Core 2 Duo P9xxx (Penryn Class Core 2)",
2287     },
2288     {
2289         .name = "Nehalem",
2290         .level = 11,
2291         .vendor = CPUID_VENDOR_INTEL,
2292         .family = 6,
2293         .model = 26,
2294         .stepping = 3,
2295         .features[FEAT_1_EDX] =
2296             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2297             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2298             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2299             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2300             CPUID_DE | CPUID_FP87,
2301         .features[FEAT_1_ECX] =
2302             CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2303             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_SSE3,
2304         .features[FEAT_8000_0001_EDX] =
2305             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2306         .features[FEAT_8000_0001_ECX] =
2307             CPUID_EXT3_LAHF_LM,
2308         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2309              MSR_VMX_BASIC_TRUE_CTLS,
2310         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2311              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2312              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2313         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2314              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2315              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2316              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2317              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2318              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2319              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2320         .features[FEAT_VMX_EXIT_CTLS] =
2321              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2322              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2323              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2324              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2325              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2326         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT,
2327         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2328              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2329              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2330         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2331              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2332              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2333              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2334              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2335              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2336              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2337              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2338              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2339              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2340              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2341              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2342         .features[FEAT_VMX_SECONDARY_CTLS] =
2343              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2344              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2345              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2346              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2347              VMX_SECONDARY_EXEC_ENABLE_VPID,
2348         .xlevel = 0x80000008,
2349         .model_id = "Intel Core i7 9xx (Nehalem Class Core i7)",
2350         .versions = (X86CPUVersionDefinition[]) {
2351             { .version = 1 },
2352             {
2353                 .version = 2,
2354                 .alias = "Nehalem-IBRS",
2355                 .props = (PropValue[]) {
2356                     { "spec-ctrl", "on" },
2357                     { "model-id",
2358                       "Intel Core i7 9xx (Nehalem Core i7, IBRS update)" },
2359                     { /* end of list */ }
2360                 }
2361             },
2362             { /* end of list */ }
2363         }
2364     },
2365     {
2366         .name = "Westmere",
2367         .level = 11,
2368         .vendor = CPUID_VENDOR_INTEL,
2369         .family = 6,
2370         .model = 44,
2371         .stepping = 1,
2372         .features[FEAT_1_EDX] =
2373             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2374             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2375             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2376             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2377             CPUID_DE | CPUID_FP87,
2378         .features[FEAT_1_ECX] =
2379             CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
2380             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2381             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
2382         .features[FEAT_8000_0001_EDX] =
2383             CPUID_EXT2_LM | CPUID_EXT2_SYSCALL | CPUID_EXT2_NX,
2384         .features[FEAT_8000_0001_ECX] =
2385             CPUID_EXT3_LAHF_LM,
2386         .features[FEAT_6_EAX] =
2387             CPUID_6_EAX_ARAT,
2388         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2389              MSR_VMX_BASIC_TRUE_CTLS,
2390         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2391              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2392              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2393         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2394              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2395              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2396              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2397              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2398              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2399              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2400         .features[FEAT_VMX_EXIT_CTLS] =
2401              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2402              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2403              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2404              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2405              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2406         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2407              MSR_VMX_MISC_STORE_LMA,
2408         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2409              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2410              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2411         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2412              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2413              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2414              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2415              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2416              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2417              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2418              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2419              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2420              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2421              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2422              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2423         .features[FEAT_VMX_SECONDARY_CTLS] =
2424              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2425              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2426              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2427              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2428              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST,
2429         .xlevel = 0x80000008,
2430         .model_id = "Westmere E56xx/L56xx/X56xx (Nehalem-C)",
2431         .versions = (X86CPUVersionDefinition[]) {
2432             { .version = 1 },
2433             {
2434                 .version = 2,
2435                 .alias = "Westmere-IBRS",
2436                 .props = (PropValue[]) {
2437                     { "spec-ctrl", "on" },
2438                     { "model-id",
2439                       "Westmere E56xx/L56xx/X56xx (IBRS update)" },
2440                     { /* end of list */ }
2441                 }
2442             },
2443             { /* end of list */ }
2444         }
2445     },
2446     {
2447         .name = "SandyBridge",
2448         .level = 0xd,
2449         .vendor = CPUID_VENDOR_INTEL,
2450         .family = 6,
2451         .model = 42,
2452         .stepping = 1,
2453         .features[FEAT_1_EDX] =
2454             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2455             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2456             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2457             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2458             CPUID_DE | CPUID_FP87,
2459         .features[FEAT_1_ECX] =
2460             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2461             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
2462             CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2463             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2464             CPUID_EXT_SSE3,
2465         .features[FEAT_8000_0001_EDX] =
2466             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2467             CPUID_EXT2_SYSCALL,
2468         .features[FEAT_8000_0001_ECX] =
2469             CPUID_EXT3_LAHF_LM,
2470         .features[FEAT_XSAVE] =
2471             CPUID_XSAVE_XSAVEOPT,
2472         .features[FEAT_6_EAX] =
2473             CPUID_6_EAX_ARAT,
2474         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2475              MSR_VMX_BASIC_TRUE_CTLS,
2476         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2477              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2478              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2479         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2480              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2481              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2482              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2483              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2484              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2485              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2486         .features[FEAT_VMX_EXIT_CTLS] =
2487              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2488              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2489              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2490              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2491              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2492         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2493              MSR_VMX_MISC_STORE_LMA,
2494         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2495              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2496              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2497         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2498              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2499              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2500              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2501              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2502              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2503              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2504              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2505              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2506              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2507              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2508              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2509         .features[FEAT_VMX_SECONDARY_CTLS] =
2510              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2511              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2512              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2513              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2514              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST,
2515         .xlevel = 0x80000008,
2516         .model_id = "Intel Xeon E312xx (Sandy Bridge)",
2517         .versions = (X86CPUVersionDefinition[]) {
2518             { .version = 1 },
2519             {
2520                 .version = 2,
2521                 .alias = "SandyBridge-IBRS",
2522                 .props = (PropValue[]) {
2523                     { "spec-ctrl", "on" },
2524                     { "model-id",
2525                       "Intel Xeon E312xx (Sandy Bridge, IBRS update)" },
2526                     { /* end of list */ }
2527                 }
2528             },
2529             { /* end of list */ }
2530         }
2531     },
2532     {
2533         .name = "IvyBridge",
2534         .level = 0xd,
2535         .vendor = CPUID_VENDOR_INTEL,
2536         .family = 6,
2537         .model = 58,
2538         .stepping = 9,
2539         .features[FEAT_1_EDX] =
2540             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2541             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2542             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2543             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2544             CPUID_DE | CPUID_FP87,
2545         .features[FEAT_1_ECX] =
2546             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2547             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_POPCNT |
2548             CPUID_EXT_X2APIC | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
2549             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
2550             CPUID_EXT_SSE3 | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2551         .features[FEAT_7_0_EBX] =
2552             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP |
2553             CPUID_7_0_EBX_ERMS,
2554         .features[FEAT_8000_0001_EDX] =
2555             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2556             CPUID_EXT2_SYSCALL,
2557         .features[FEAT_8000_0001_ECX] =
2558             CPUID_EXT3_LAHF_LM,
2559         .features[FEAT_XSAVE] =
2560             CPUID_XSAVE_XSAVEOPT,
2561         .features[FEAT_6_EAX] =
2562             CPUID_6_EAX_ARAT,
2563         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2564              MSR_VMX_BASIC_TRUE_CTLS,
2565         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2566              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2567              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2568         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2569              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2570              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2571              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2572              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2573              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2574              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
2575         .features[FEAT_VMX_EXIT_CTLS] =
2576              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2577              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2578              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2579              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2580              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2581         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2582              MSR_VMX_MISC_STORE_LMA,
2583         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2584              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2585              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2586         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2587              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2588              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2589              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2590              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2591              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2592              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2593              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2594              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2595              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2596              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2597              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2598         .features[FEAT_VMX_SECONDARY_CTLS] =
2599              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2600              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2601              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2602              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2603              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2604              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2605              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2606              VMX_SECONDARY_EXEC_RDRAND_EXITING,
2607         .xlevel = 0x80000008,
2608         .model_id = "Intel Xeon E3-12xx v2 (Ivy Bridge)",
2609         .versions = (X86CPUVersionDefinition[]) {
2610             { .version = 1 },
2611             {
2612                 .version = 2,
2613                 .alias = "IvyBridge-IBRS",
2614                 .props = (PropValue[]) {
2615                     { "spec-ctrl", "on" },
2616                     { "model-id",
2617                       "Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)" },
2618                     { /* end of list */ }
2619                 }
2620             },
2621             { /* end of list */ }
2622         }
2623     },
2624     {
2625         .name = "Haswell",
2626         .level = 0xd,
2627         .vendor = CPUID_VENDOR_INTEL,
2628         .family = 6,
2629         .model = 60,
2630         .stepping = 4,
2631         .features[FEAT_1_EDX] =
2632             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2633             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2634             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2635             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2636             CPUID_DE | CPUID_FP87,
2637         .features[FEAT_1_ECX] =
2638             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2639             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2640             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2641             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2642             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2643             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2644         .features[FEAT_8000_0001_EDX] =
2645             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2646             CPUID_EXT2_SYSCALL,
2647         .features[FEAT_8000_0001_ECX] =
2648             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM,
2649         .features[FEAT_7_0_EBX] =
2650             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2651             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2652             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2653             CPUID_7_0_EBX_RTM,
2654         .features[FEAT_XSAVE] =
2655             CPUID_XSAVE_XSAVEOPT,
2656         .features[FEAT_6_EAX] =
2657             CPUID_6_EAX_ARAT,
2658         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2659              MSR_VMX_BASIC_TRUE_CTLS,
2660         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2661              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2662              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2663         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2664              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2665              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2666              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2667              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2668              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2669              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2670         .features[FEAT_VMX_EXIT_CTLS] =
2671              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2672              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2673              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2674              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2675              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2676         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2677              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2678         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2679              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2680              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2681         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2682              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2683              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2684              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2685              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2686              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2687              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2688              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2689              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2690              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2691              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2692              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2693         .features[FEAT_VMX_SECONDARY_CTLS] =
2694              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2695              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2696              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2697              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2698              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2699              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2700              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2701              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2702              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS,
2703         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
2704         .xlevel = 0x80000008,
2705         .model_id = "Intel Core Processor (Haswell)",
2706         .versions = (X86CPUVersionDefinition[]) {
2707             { .version = 1 },
2708             {
2709                 .version = 2,
2710                 .alias = "Haswell-noTSX",
2711                 .props = (PropValue[]) {
2712                     { "hle", "off" },
2713                     { "rtm", "off" },
2714                     { "stepping", "1" },
2715                     { "model-id", "Intel Core Processor (Haswell, no TSX)", },
2716                     { /* end of list */ }
2717                 },
2718             },
2719             {
2720                 .version = 3,
2721                 .alias = "Haswell-IBRS",
2722                 .props = (PropValue[]) {
2723                     /* Restore TSX features removed by -v2 above */
2724                     { "hle", "on" },
2725                     { "rtm", "on" },
2726                     /*
2727                      * Haswell and Haswell-IBRS had stepping=4 in
2728                      * QEMU 4.0 and older
2729                      */
2730                     { "stepping", "4" },
2731                     { "spec-ctrl", "on" },
2732                     { "model-id",
2733                       "Intel Core Processor (Haswell, IBRS)" },
2734                     { /* end of list */ }
2735                 }
2736             },
2737             {
2738                 .version = 4,
2739                 .alias = "Haswell-noTSX-IBRS",
2740                 .props = (PropValue[]) {
2741                     { "hle", "off" },
2742                     { "rtm", "off" },
2743                     /* spec-ctrl was already enabled by -v3 above */
2744                     { "stepping", "1" },
2745                     { "model-id",
2746                       "Intel Core Processor (Haswell, no TSX, IBRS)" },
2747                     { /* end of list */ }
2748                 }
2749             },
2750             { /* end of list */ }
2751         }
2752     },
2753     {
2754         .name = "Broadwell",
2755         .level = 0xd,
2756         .vendor = CPUID_VENDOR_INTEL,
2757         .family = 6,
2758         .model = 61,
2759         .stepping = 2,
2760         .features[FEAT_1_EDX] =
2761             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2762             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2763             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2764             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2765             CPUID_DE | CPUID_FP87,
2766         .features[FEAT_1_ECX] =
2767             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2768             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2769             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2770             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2771             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2772             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2773         .features[FEAT_8000_0001_EDX] =
2774             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2775             CPUID_EXT2_SYSCALL,
2776         .features[FEAT_8000_0001_ECX] =
2777             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2778         .features[FEAT_7_0_EBX] =
2779             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2780             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2781             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2782             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2783             CPUID_7_0_EBX_SMAP,
2784         .features[FEAT_XSAVE] =
2785             CPUID_XSAVE_XSAVEOPT,
2786         .features[FEAT_6_EAX] =
2787             CPUID_6_EAX_ARAT,
2788         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2789              MSR_VMX_BASIC_TRUE_CTLS,
2790         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2791              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2792              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2793         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2794              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2795              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2796              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2797              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2798              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2799              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2800         .features[FEAT_VMX_EXIT_CTLS] =
2801              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2802              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2803              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2804              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2805              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2806         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2807              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2808         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2809              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2810              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
2811         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2812              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2813              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2814              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2815              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2816              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2817              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2818              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2819              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2820              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2821              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2822              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2823         .features[FEAT_VMX_SECONDARY_CTLS] =
2824              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2825              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2826              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2827              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
2828              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2829              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
2830              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
2831              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2832              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
2833              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
2834         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
2835         .xlevel = 0x80000008,
2836         .model_id = "Intel Core Processor (Broadwell)",
2837         .versions = (X86CPUVersionDefinition[]) {
2838             { .version = 1 },
2839             {
2840                 .version = 2,
2841                 .alias = "Broadwell-noTSX",
2842                 .props = (PropValue[]) {
2843                     { "hle", "off" },
2844                     { "rtm", "off" },
2845                     { "model-id", "Intel Core Processor (Broadwell, no TSX)", },
2846                     { /* end of list */ }
2847                 },
2848             },
2849             {
2850                 .version = 3,
2851                 .alias = "Broadwell-IBRS",
2852                 .props = (PropValue[]) {
2853                     /* Restore TSX features removed by -v2 above */
2854                     { "hle", "on" },
2855                     { "rtm", "on" },
2856                     { "spec-ctrl", "on" },
2857                     { "model-id",
2858                       "Intel Core Processor (Broadwell, IBRS)" },
2859                     { /* end of list */ }
2860                 }
2861             },
2862             {
2863                 .version = 4,
2864                 .alias = "Broadwell-noTSX-IBRS",
2865                 .props = (PropValue[]) {
2866                     { "hle", "off" },
2867                     { "rtm", "off" },
2868                     /* spec-ctrl was already enabled by -v3 above */
2869                     { "model-id",
2870                       "Intel Core Processor (Broadwell, no TSX, IBRS)" },
2871                     { /* end of list */ }
2872                 }
2873             },
2874             { /* end of list */ }
2875         }
2876     },
2877     {
2878         .name = "Skylake-Client",
2879         .level = 0xd,
2880         .vendor = CPUID_VENDOR_INTEL,
2881         .family = 6,
2882         .model = 94,
2883         .stepping = 3,
2884         .features[FEAT_1_EDX] =
2885             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
2886             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
2887             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
2888             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
2889             CPUID_DE | CPUID_FP87,
2890         .features[FEAT_1_ECX] =
2891             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
2892             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
2893             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
2894             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
2895             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
2896             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
2897         .features[FEAT_8000_0001_EDX] =
2898             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
2899             CPUID_EXT2_SYSCALL,
2900         .features[FEAT_8000_0001_ECX] =
2901             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
2902         .features[FEAT_7_0_EBX] =
2903             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
2904             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
2905             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
2906             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
2907             CPUID_7_0_EBX_SMAP,
2908         /* Missing: XSAVES (not supported by some Linux versions,
2909          * including v4.1 to v4.12).
2910          * KVM doesn't yet expose any XSAVES state save component,
2911          * and the only one defined in Skylake (processor tracing)
2912          * probably will block migration anyway.
2913          */
2914         .features[FEAT_XSAVE] =
2915             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
2916             CPUID_XSAVE_XGETBV1,
2917         .features[FEAT_6_EAX] =
2918             CPUID_6_EAX_ARAT,
2919         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
2920         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
2921              MSR_VMX_BASIC_TRUE_CTLS,
2922         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
2923              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
2924              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
2925         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
2926              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
2927              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
2928              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
2929              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
2930              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
2931              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
2932         .features[FEAT_VMX_EXIT_CTLS] =
2933              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
2934              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
2935              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
2936              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
2937              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
2938         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
2939              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
2940         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
2941              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
2942              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
2943         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
2944              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
2945              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
2946              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
2947              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
2948              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
2949              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
2950              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
2951              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
2952              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
2953              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
2954              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
2955         .features[FEAT_VMX_SECONDARY_CTLS] =
2956              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
2957              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
2958              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
2959              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
2960              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
2961              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
2962              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
2963         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
2964         .xlevel = 0x80000008,
2965         .model_id = "Intel Core Processor (Skylake)",
2966         .versions = (X86CPUVersionDefinition[]) {
2967             { .version = 1 },
2968             {
2969                 .version = 2,
2970                 .alias = "Skylake-Client-IBRS",
2971                 .props = (PropValue[]) {
2972                     { "spec-ctrl", "on" },
2973                     { "model-id",
2974                       "Intel Core Processor (Skylake, IBRS)" },
2975                     { /* end of list */ }
2976                 }
2977             },
2978             {
2979                 .version = 3,
2980                 .alias = "Skylake-Client-noTSX-IBRS",
2981                 .props = (PropValue[]) {
2982                     { "hle", "off" },
2983                     { "rtm", "off" },
2984                     { "model-id",
2985                       "Intel Core Processor (Skylake, IBRS, no TSX)" },
2986                     { /* end of list */ }
2987                 }
2988             },
2989             { /* end of list */ }
2990         }
2991     },
2992     {
2993         .name = "Skylake-Server",
2994         .level = 0xd,
2995         .vendor = CPUID_VENDOR_INTEL,
2996         .family = 6,
2997         .model = 85,
2998         .stepping = 4,
2999         .features[FEAT_1_EDX] =
3000             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3001             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3002             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3003             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3004             CPUID_DE | CPUID_FP87,
3005         .features[FEAT_1_ECX] =
3006             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3007             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3008             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3009             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3010             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3011             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3012         .features[FEAT_8000_0001_EDX] =
3013             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3014             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3015         .features[FEAT_8000_0001_ECX] =
3016             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3017         .features[FEAT_7_0_EBX] =
3018             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3019             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3020             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3021             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3022             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3023             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3024             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3025             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3026         .features[FEAT_7_0_ECX] =
3027             CPUID_7_0_ECX_PKU,
3028         /* Missing: XSAVES (not supported by some Linux versions,
3029          * including v4.1 to v4.12).
3030          * KVM doesn't yet expose any XSAVES state save component,
3031          * and the only one defined in Skylake (processor tracing)
3032          * probably will block migration anyway.
3033          */
3034         .features[FEAT_XSAVE] =
3035             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3036             CPUID_XSAVE_XGETBV1,
3037         .features[FEAT_6_EAX] =
3038             CPUID_6_EAX_ARAT,
3039         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3040         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3041              MSR_VMX_BASIC_TRUE_CTLS,
3042         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3043              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3044              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3045         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3046              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3047              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3048              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3049              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3050              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3051              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3052         .features[FEAT_VMX_EXIT_CTLS] =
3053              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3054              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3055              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3056              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3057              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3058         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3059              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3060         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3061              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3062              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3063         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3064              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3065              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3066              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3067              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3068              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3069              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3070              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3071              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3072              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3073              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3074              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3075         .features[FEAT_VMX_SECONDARY_CTLS] =
3076              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3077              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3078              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3079              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3080              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3081              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3082              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3083              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3084              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3085              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3086         .xlevel = 0x80000008,
3087         .model_id = "Intel Xeon Processor (Skylake)",
3088         .versions = (X86CPUVersionDefinition[]) {
3089             { .version = 1 },
3090             {
3091                 .version = 2,
3092                 .alias = "Skylake-Server-IBRS",
3093                 .props = (PropValue[]) {
3094                     /* clflushopt was not added to Skylake-Server-IBRS */
3095                     /* TODO: add -v3 including clflushopt */
3096                     { "clflushopt", "off" },
3097                     { "spec-ctrl", "on" },
3098                     { "model-id",
3099                       "Intel Xeon Processor (Skylake, IBRS)" },
3100                     { /* end of list */ }
3101                 }
3102             },
3103             {
3104                 .version = 3,
3105                 .alias = "Skylake-Server-noTSX-IBRS",
3106                 .props = (PropValue[]) {
3107                     { "hle", "off" },
3108                     { "rtm", "off" },
3109                     { "model-id",
3110                       "Intel Xeon Processor (Skylake, IBRS, no TSX)" },
3111                     { /* end of list */ }
3112                 }
3113             },
3114             {
3115                 .version = 4,
3116                 .props = (PropValue[]) {
3117                     { "vmx-eptp-switching", "on" },
3118                     { /* end of list */ }
3119                 }
3120             },
3121             { /* end of list */ }
3122         }
3123     },
3124     {
3125         .name = "Cascadelake-Server",
3126         .level = 0xd,
3127         .vendor = CPUID_VENDOR_INTEL,
3128         .family = 6,
3129         .model = 85,
3130         .stepping = 6,
3131         .features[FEAT_1_EDX] =
3132             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3133             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3134             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3135             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3136             CPUID_DE | CPUID_FP87,
3137         .features[FEAT_1_ECX] =
3138             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3139             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3140             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3141             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3142             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3143             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3144         .features[FEAT_8000_0001_EDX] =
3145             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3146             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3147         .features[FEAT_8000_0001_ECX] =
3148             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3149         .features[FEAT_7_0_EBX] =
3150             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3151             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3152             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3153             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3154             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3155             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3156             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3157             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3158         .features[FEAT_7_0_ECX] =
3159             CPUID_7_0_ECX_PKU |
3160             CPUID_7_0_ECX_AVX512VNNI,
3161         .features[FEAT_7_0_EDX] =
3162             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3163         /* Missing: XSAVES (not supported by some Linux versions,
3164                 * including v4.1 to v4.12).
3165                 * KVM doesn't yet expose any XSAVES state save component,
3166                 * and the only one defined in Skylake (processor tracing)
3167                 * probably will block migration anyway.
3168                 */
3169         .features[FEAT_XSAVE] =
3170             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3171             CPUID_XSAVE_XGETBV1,
3172         .features[FEAT_6_EAX] =
3173             CPUID_6_EAX_ARAT,
3174         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3175         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3176              MSR_VMX_BASIC_TRUE_CTLS,
3177         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3178              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3179              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3180         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3181              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3182              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3183              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3184              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3185              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3186              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3187         .features[FEAT_VMX_EXIT_CTLS] =
3188              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3189              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3190              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3191              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3192              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3193         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3194              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3195         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3196              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3197              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3198         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3199              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3200              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3201              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3202              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3203              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3204              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3205              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3206              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3207              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3208              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3209              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3210         .features[FEAT_VMX_SECONDARY_CTLS] =
3211              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3212              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3213              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3214              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3215              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3216              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3217              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3218              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3219              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3220              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3221         .xlevel = 0x80000008,
3222         .model_id = "Intel Xeon Processor (Cascadelake)",
3223         .versions = (X86CPUVersionDefinition[]) {
3224             { .version = 1 },
3225             { .version = 2,
3226               .note = "ARCH_CAPABILITIES",
3227               .props = (PropValue[]) {
3228                   { "arch-capabilities", "on" },
3229                   { "rdctl-no", "on" },
3230                   { "ibrs-all", "on" },
3231                   { "skip-l1dfl-vmentry", "on" },
3232                   { "mds-no", "on" },
3233                   { /* end of list */ }
3234               },
3235             },
3236             { .version = 3,
3237               .alias = "Cascadelake-Server-noTSX",
3238               .note = "ARCH_CAPABILITIES, no TSX",
3239               .props = (PropValue[]) {
3240                   { "hle", "off" },
3241                   { "rtm", "off" },
3242                   { /* end of list */ }
3243               },
3244             },
3245             { .version = 4,
3246               .note = "ARCH_CAPABILITIES, no TSX",
3247               .props = (PropValue[]) {
3248                   { "vmx-eptp-switching", "on" },
3249                   { /* end of list */ }
3250               },
3251             },
3252             { /* end of list */ }
3253         }
3254     },
3255     {
3256         .name = "Cooperlake",
3257         .level = 0xd,
3258         .vendor = CPUID_VENDOR_INTEL,
3259         .family = 6,
3260         .model = 85,
3261         .stepping = 10,
3262         .features[FEAT_1_EDX] =
3263             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3264             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3265             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3266             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3267             CPUID_DE | CPUID_FP87,
3268         .features[FEAT_1_ECX] =
3269             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3270             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3271             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3272             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3273             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3274             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3275         .features[FEAT_8000_0001_EDX] =
3276             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3277             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3278         .features[FEAT_8000_0001_ECX] =
3279             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3280         .features[FEAT_7_0_EBX] =
3281             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3282             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3283             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3284             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3285             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3286             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3287             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3288             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3289         .features[FEAT_7_0_ECX] =
3290             CPUID_7_0_ECX_PKU |
3291             CPUID_7_0_ECX_AVX512VNNI,
3292         .features[FEAT_7_0_EDX] =
3293             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_STIBP |
3294             CPUID_7_0_EDX_SPEC_CTRL_SSBD | CPUID_7_0_EDX_ARCH_CAPABILITIES,
3295         .features[FEAT_ARCH_CAPABILITIES] =
3296             MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL |
3297             MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY | MSR_ARCH_CAP_MDS_NO |
3298             MSR_ARCH_CAP_PSCHANGE_MC_NO | MSR_ARCH_CAP_TAA_NO,
3299         .features[FEAT_7_1_EAX] =
3300             CPUID_7_1_EAX_AVX512_BF16,
3301         /*
3302          * Missing: XSAVES (not supported by some Linux versions,
3303          * including v4.1 to v4.12).
3304          * KVM doesn't yet expose any XSAVES state save component,
3305          * and the only one defined in Skylake (processor tracing)
3306          * probably will block migration anyway.
3307          */
3308         .features[FEAT_XSAVE] =
3309             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3310             CPUID_XSAVE_XGETBV1,
3311         .features[FEAT_6_EAX] =
3312             CPUID_6_EAX_ARAT,
3313         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3314         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3315              MSR_VMX_BASIC_TRUE_CTLS,
3316         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3317              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3318              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3319         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3320              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3321              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3322              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3323              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3324              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3325              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3326         .features[FEAT_VMX_EXIT_CTLS] =
3327              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3328              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3329              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3330              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3331              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3332         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3333              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3334         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3335              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3336              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3337         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3338              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3339              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3340              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3341              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3342              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3343              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3344              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3345              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3346              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3347              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3348              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3349         .features[FEAT_VMX_SECONDARY_CTLS] =
3350              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3351              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3352              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3353              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3354              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3355              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3356              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3357              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3358              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3359              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3360         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3361         .xlevel = 0x80000008,
3362         .model_id = "Intel Xeon Processor (Cooperlake)",
3363     },
3364     {
3365         .name = "Icelake-Client",
3366         .level = 0xd,
3367         .vendor = CPUID_VENDOR_INTEL,
3368         .family = 6,
3369         .model = 126,
3370         .stepping = 0,
3371         .features[FEAT_1_EDX] =
3372             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3373             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3374             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3375             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3376             CPUID_DE | CPUID_FP87,
3377         .features[FEAT_1_ECX] =
3378             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3379             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3380             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3381             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3382             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3383             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3384         .features[FEAT_8000_0001_EDX] =
3385             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_NX |
3386             CPUID_EXT2_SYSCALL,
3387         .features[FEAT_8000_0001_ECX] =
3388             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3389         .features[FEAT_8000_0008_EBX] =
3390             CPUID_8000_0008_EBX_WBNOINVD,
3391         .features[FEAT_7_0_EBX] =
3392             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3393             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3394             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3395             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3396             CPUID_7_0_EBX_SMAP,
3397         .features[FEAT_7_0_ECX] =
3398             CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
3399             CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
3400             CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
3401             CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
3402             CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
3403         .features[FEAT_7_0_EDX] =
3404             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3405         /* Missing: XSAVES (not supported by some Linux versions,
3406                 * including v4.1 to v4.12).
3407                 * KVM doesn't yet expose any XSAVES state save component,
3408                 * and the only one defined in Skylake (processor tracing)
3409                 * probably will block migration anyway.
3410                 */
3411         .features[FEAT_XSAVE] =
3412             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3413             CPUID_XSAVE_XGETBV1,
3414         .features[FEAT_6_EAX] =
3415             CPUID_6_EAX_ARAT,
3416         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3417         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3418              MSR_VMX_BASIC_TRUE_CTLS,
3419         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3420              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3421              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3422         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3423              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3424              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3425              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3426              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3427              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3428              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3429         .features[FEAT_VMX_EXIT_CTLS] =
3430              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3431              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3432              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3433              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3434              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3435         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3436              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3437         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3438              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3439              VMX_PIN_BASED_VMX_PREEMPTION_TIMER,
3440         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3441              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3442              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3443              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3444              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3445              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3446              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3447              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3448              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3449              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3450              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3451              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3452         .features[FEAT_VMX_SECONDARY_CTLS] =
3453              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3454              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3455              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3456              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3457              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3458              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3459              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3460         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3461         .xlevel = 0x80000008,
3462         .model_id = "Intel Core Processor (Icelake)",
3463         .versions = (X86CPUVersionDefinition[]) {
3464             { .version = 1 },
3465             {
3466                 .version = 2,
3467                 .note = "no TSX",
3468                 .alias = "Icelake-Client-noTSX",
3469                 .props = (PropValue[]) {
3470                     { "hle", "off" },
3471                     { "rtm", "off" },
3472                     { /* end of list */ }
3473                 },
3474             },
3475             { /* end of list */ }
3476         }
3477     },
3478     {
3479         .name = "Icelake-Server",
3480         .level = 0xd,
3481         .vendor = CPUID_VENDOR_INTEL,
3482         .family = 6,
3483         .model = 134,
3484         .stepping = 0,
3485         .features[FEAT_1_EDX] =
3486             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3487             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3488             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3489             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3490             CPUID_DE | CPUID_FP87,
3491         .features[FEAT_1_ECX] =
3492             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3493             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3494             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3495             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3496             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3497             CPUID_EXT_PCID | CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3498         .features[FEAT_8000_0001_EDX] =
3499             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3500             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3501         .features[FEAT_8000_0001_ECX] =
3502             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3503         .features[FEAT_8000_0008_EBX] =
3504             CPUID_8000_0008_EBX_WBNOINVD,
3505         .features[FEAT_7_0_EBX] =
3506             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 |
3507             CPUID_7_0_EBX_HLE | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_SMEP |
3508             CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_INVPCID |
3509             CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
3510             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLWB |
3511             CPUID_7_0_EBX_AVX512F | CPUID_7_0_EBX_AVX512DQ |
3512             CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
3513             CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
3514         .features[FEAT_7_0_ECX] =
3515             CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
3516             CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
3517             CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
3518             CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
3519             CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57,
3520         .features[FEAT_7_0_EDX] =
3521             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3522         /* Missing: XSAVES (not supported by some Linux versions,
3523                 * including v4.1 to v4.12).
3524                 * KVM doesn't yet expose any XSAVES state save component,
3525                 * and the only one defined in Skylake (processor tracing)
3526                 * probably will block migration anyway.
3527                 */
3528         .features[FEAT_XSAVE] =
3529             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3530             CPUID_XSAVE_XGETBV1,
3531         .features[FEAT_6_EAX] =
3532             CPUID_6_EAX_ARAT,
3533         /* Missing: Mode-based execute control (XS/XU), processor tracing, TSC scaling */
3534         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3535              MSR_VMX_BASIC_TRUE_CTLS,
3536         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3537              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3538              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3539         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3540              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3541              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3542              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3543              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3544              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3545              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3546         .features[FEAT_VMX_EXIT_CTLS] =
3547              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3548              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3549              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3550              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3551              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3552         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3553              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3554         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3555              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3556              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3557         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3558              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3559              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3560              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3561              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3562              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3563              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3564              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3565              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3566              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3567              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3568              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3569         .features[FEAT_VMX_SECONDARY_CTLS] =
3570              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3571              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3572              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3573              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3574              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3575              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3576              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3577              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3578              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS,
3579         .xlevel = 0x80000008,
3580         .model_id = "Intel Xeon Processor (Icelake)",
3581         .versions = (X86CPUVersionDefinition[]) {
3582             { .version = 1 },
3583             {
3584                 .version = 2,
3585                 .note = "no TSX",
3586                 .alias = "Icelake-Server-noTSX",
3587                 .props = (PropValue[]) {
3588                     { "hle", "off" },
3589                     { "rtm", "off" },
3590                     { /* end of list */ }
3591                 },
3592             },
3593             {
3594                 .version = 3,
3595                 .props = (PropValue[]) {
3596                     { "arch-capabilities", "on" },
3597                     { "rdctl-no", "on" },
3598                     { "ibrs-all", "on" },
3599                     { "skip-l1dfl-vmentry", "on" },
3600                     { "mds-no", "on" },
3601                     { "pschange-mc-no", "on" },
3602                     { "taa-no", "on" },
3603                     { /* end of list */ }
3604                 },
3605             },
3606             {
3607                 .version = 4,
3608                 .props = (PropValue[]) {
3609                     { "sha-ni", "on" },
3610                     { "avx512ifma", "on" },
3611                     { "rdpid", "on" },
3612                     { "fsrm", "on" },
3613                     { "vmx-rdseed-exit", "on" },
3614                     { "vmx-pml", "on" },
3615                     { "vmx-eptp-switching", "on" },
3616                     { "model", "106" },
3617                     { /* end of list */ }
3618                 },
3619             },
3620             { /* end of list */ }
3621         }
3622     },
3623     {
3624         .name = "Denverton",
3625         .level = 21,
3626         .vendor = CPUID_VENDOR_INTEL,
3627         .family = 6,
3628         .model = 95,
3629         .stepping = 1,
3630         .features[FEAT_1_EDX] =
3631             CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC |
3632             CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC |
3633             CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
3634             CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH | CPUID_MMX | CPUID_FXSR |
3635             CPUID_SSE | CPUID_SSE2,
3636         .features[FEAT_1_ECX] =
3637             CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_MONITOR |
3638             CPUID_EXT_SSSE3 | CPUID_EXT_CX16 | CPUID_EXT_SSE41 |
3639             CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
3640             CPUID_EXT_POPCNT | CPUID_EXT_TSC_DEADLINE_TIMER |
3641             CPUID_EXT_AES | CPUID_EXT_XSAVE | CPUID_EXT_RDRAND,
3642         .features[FEAT_8000_0001_EDX] =
3643             CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB |
3644             CPUID_EXT2_RDTSCP | CPUID_EXT2_LM,
3645         .features[FEAT_8000_0001_ECX] =
3646             CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3647         .features[FEAT_7_0_EBX] =
3648             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_ERMS |
3649             CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_SMAP |
3650             CPUID_7_0_EBX_CLFLUSHOPT | CPUID_7_0_EBX_SHA_NI,
3651         .features[FEAT_7_0_EDX] =
3652             CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_ARCH_CAPABILITIES |
3653             CPUID_7_0_EDX_SPEC_CTRL_SSBD,
3654         /*
3655          * Missing: XSAVES (not supported by some Linux versions,
3656          * including v4.1 to v4.12).
3657          * KVM doesn't yet expose any XSAVES state save component,
3658          * and the only one defined in Skylake (processor tracing)
3659          * probably will block migration anyway.
3660          */
3661         .features[FEAT_XSAVE] =
3662             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC | CPUID_XSAVE_XGETBV1,
3663         .features[FEAT_6_EAX] =
3664             CPUID_6_EAX_ARAT,
3665         .features[FEAT_ARCH_CAPABILITIES] =
3666             MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY,
3667         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3668              MSR_VMX_BASIC_TRUE_CTLS,
3669         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3670              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3671              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3672         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3673              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3674              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3675              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3676              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3677              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3678              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3679         .features[FEAT_VMX_EXIT_CTLS] =
3680              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3681              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3682              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3683              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3684              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3685         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3686              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3687         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3688              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3689              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3690         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3691              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3692              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3693              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3694              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3695              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3696              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3697              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3698              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3699              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3700              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3701              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3702         .features[FEAT_VMX_SECONDARY_CTLS] =
3703              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3704              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3705              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3706              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3707              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3708              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3709              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3710              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3711              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3712              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3713         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3714         .xlevel = 0x80000008,
3715         .model_id = "Intel Atom Processor (Denverton)",
3716         .versions = (X86CPUVersionDefinition[]) {
3717             { .version = 1 },
3718             {
3719                 .version = 2,
3720                 .note = "no MPX, no MONITOR",
3721                 .props = (PropValue[]) {
3722                     { "monitor", "off" },
3723                     { "mpx", "off" },
3724                     { /* end of list */ },
3725                 },
3726             },
3727             { /* end of list */ },
3728         },
3729     },
3730     {
3731         .name = "Snowridge",
3732         .level = 27,
3733         .vendor = CPUID_VENDOR_INTEL,
3734         .family = 6,
3735         .model = 134,
3736         .stepping = 1,
3737         .features[FEAT_1_EDX] =
3738             /* missing: CPUID_PN CPUID_IA64 */
3739             /* missing: CPUID_DTS, CPUID_HT, CPUID_TM, CPUID_PBE */
3740             CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE |
3741             CPUID_TSC | CPUID_MSR | CPUID_PAE | CPUID_MCE |
3742             CPUID_CX8 | CPUID_APIC | CPUID_SEP |
3743             CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV |
3744             CPUID_PAT | CPUID_PSE36 | CPUID_CLFLUSH |
3745             CPUID_MMX |
3746             CPUID_FXSR | CPUID_SSE | CPUID_SSE2,
3747         .features[FEAT_1_ECX] =
3748             CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_MONITOR |
3749             CPUID_EXT_SSSE3 |
3750             CPUID_EXT_CX16 |
3751             CPUID_EXT_SSE41 |
3752             CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE |
3753             CPUID_EXT_POPCNT |
3754             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_AES | CPUID_EXT_XSAVE |
3755             CPUID_EXT_RDRAND,
3756         .features[FEAT_8000_0001_EDX] =
3757             CPUID_EXT2_SYSCALL |
3758             CPUID_EXT2_NX |
3759             CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3760             CPUID_EXT2_LM,
3761         .features[FEAT_8000_0001_ECX] =
3762             CPUID_EXT3_LAHF_LM |
3763             CPUID_EXT3_3DNOWPREFETCH,
3764         .features[FEAT_7_0_EBX] =
3765             CPUID_7_0_EBX_FSGSBASE |
3766             CPUID_7_0_EBX_SMEP |
3767             CPUID_7_0_EBX_ERMS |
3768             CPUID_7_0_EBX_MPX |  /* missing bits 13, 15 */
3769             CPUID_7_0_EBX_RDSEED |
3770             CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
3771             CPUID_7_0_EBX_CLWB |
3772             CPUID_7_0_EBX_SHA_NI,
3773         .features[FEAT_7_0_ECX] =
3774             CPUID_7_0_ECX_UMIP |
3775             /* missing bit 5 */
3776             CPUID_7_0_ECX_GFNI |
3777             CPUID_7_0_ECX_MOVDIRI | CPUID_7_0_ECX_CLDEMOTE |
3778             CPUID_7_0_ECX_MOVDIR64B,
3779         .features[FEAT_7_0_EDX] =
3780             CPUID_7_0_EDX_SPEC_CTRL |
3781             CPUID_7_0_EDX_ARCH_CAPABILITIES | CPUID_7_0_EDX_SPEC_CTRL_SSBD |
3782             CPUID_7_0_EDX_CORE_CAPABILITY,
3783         .features[FEAT_CORE_CAPABILITY] =
3784             MSR_CORE_CAP_SPLIT_LOCK_DETECT,
3785         /*
3786          * Missing: XSAVES (not supported by some Linux versions,
3787          * including v4.1 to v4.12).
3788          * KVM doesn't yet expose any XSAVES state save component,
3789          * and the only one defined in Skylake (processor tracing)
3790          * probably will block migration anyway.
3791          */
3792         .features[FEAT_XSAVE] =
3793             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
3794             CPUID_XSAVE_XGETBV1,
3795         .features[FEAT_6_EAX] =
3796             CPUID_6_EAX_ARAT,
3797         .features[FEAT_VMX_BASIC] = MSR_VMX_BASIC_INS_OUTS |
3798              MSR_VMX_BASIC_TRUE_CTLS,
3799         .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE |
3800              VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL | VMX_VM_ENTRY_LOAD_IA32_PAT |
3801              VMX_VM_ENTRY_LOAD_DEBUG_CONTROLS | VMX_VM_ENTRY_LOAD_IA32_EFER,
3802         .features[FEAT_VMX_EPT_VPID_CAPS] = MSR_VMX_EPT_EXECONLY |
3803              MSR_VMX_EPT_PAGE_WALK_LENGTH_4 | MSR_VMX_EPT_WB | MSR_VMX_EPT_2MB |
3804              MSR_VMX_EPT_1GB | MSR_VMX_EPT_INVEPT |
3805              MSR_VMX_EPT_INVEPT_SINGLE_CONTEXT | MSR_VMX_EPT_INVEPT_ALL_CONTEXT |
3806              MSR_VMX_EPT_INVVPID | MSR_VMX_EPT_INVVPID_SINGLE_ADDR |
3807              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT | MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
3808              MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS | MSR_VMX_EPT_AD_BITS,
3809         .features[FEAT_VMX_EXIT_CTLS] =
3810              VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_DEBUG_CONTROLS |
3811              VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
3812              VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_LOAD_IA32_EFER |
3813              VMX_VM_EXIT_SAVE_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
3814              VMX_VM_EXIT_SAVE_VMX_PREEMPTION_TIMER,
3815         .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT |
3816              MSR_VMX_MISC_STORE_LMA | MSR_VMX_MISC_VMWRITE_VMEXIT,
3817         .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK |
3818              VMX_PIN_BASED_NMI_EXITING | VMX_PIN_BASED_VIRTUAL_NMIS |
3819              VMX_PIN_BASED_VMX_PREEMPTION_TIMER | VMX_PIN_BASED_POSTED_INTR,
3820         .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING |
3821              VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING |
3822              VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING |
3823              VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING |
3824              VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING |
3825              VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING |
3826              VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS |
3827              VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING |
3828              VMX_CPU_BASED_VIRTUAL_NMI_PENDING | VMX_CPU_BASED_USE_MSR_BITMAPS |
3829              VMX_CPU_BASED_CR3_LOAD_EXITING | VMX_CPU_BASED_CR3_STORE_EXITING |
3830              VMX_CPU_BASED_MONITOR_TRAP_FLAG |
3831              VMX_CPU_BASED_ACTIVATE_SECONDARY_CONTROLS,
3832         .features[FEAT_VMX_SECONDARY_CTLS] =
3833              VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
3834              VMX_SECONDARY_EXEC_WBINVD_EXITING | VMX_SECONDARY_EXEC_ENABLE_EPT |
3835              VMX_SECONDARY_EXEC_DESC | VMX_SECONDARY_EXEC_RDTSCP |
3836              VMX_SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE |
3837              VMX_SECONDARY_EXEC_ENABLE_VPID | VMX_SECONDARY_EXEC_UNRESTRICTED_GUEST |
3838              VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
3839              VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
3840              VMX_SECONDARY_EXEC_RDRAND_EXITING | VMX_SECONDARY_EXEC_ENABLE_INVPCID |
3841              VMX_SECONDARY_EXEC_ENABLE_VMFUNC | VMX_SECONDARY_EXEC_SHADOW_VMCS |
3842              VMX_SECONDARY_EXEC_RDSEED_EXITING | VMX_SECONDARY_EXEC_ENABLE_PML,
3843         .features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
3844         .xlevel = 0x80000008,
3845         .model_id = "Intel Atom Processor (SnowRidge)",
3846         .versions = (X86CPUVersionDefinition[]) {
3847             { .version = 1 },
3848             {
3849                 .version = 2,
3850                 .props = (PropValue[]) {
3851                     { "mpx", "off" },
3852                     { "model-id", "Intel Atom Processor (Snowridge, no MPX)" },
3853                     { /* end of list */ },
3854                 },
3855             },
3856             { /* end of list */ },
3857         },
3858     },
3859     {
3860         .name = "KnightsMill",
3861         .level = 0xd,
3862         .vendor = CPUID_VENDOR_INTEL,
3863         .family = 6,
3864         .model = 133,
3865         .stepping = 0,
3866         .features[FEAT_1_EDX] =
3867             CPUID_VME | CPUID_SS | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR |
3868             CPUID_MMX | CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV |
3869             CPUID_MCA | CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC |
3870             CPUID_CX8 | CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC |
3871             CPUID_PSE | CPUID_DE | CPUID_FP87,
3872         .features[FEAT_1_ECX] =
3873             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3874             CPUID_EXT_POPCNT | CPUID_EXT_X2APIC | CPUID_EXT_SSE42 |
3875             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_SSSE3 |
3876             CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3 |
3877             CPUID_EXT_TSC_DEADLINE_TIMER | CPUID_EXT_FMA | CPUID_EXT_MOVBE |
3878             CPUID_EXT_F16C | CPUID_EXT_RDRAND,
3879         .features[FEAT_8000_0001_EDX] =
3880             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP |
3881             CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3882         .features[FEAT_8000_0001_ECX] =
3883             CPUID_EXT3_ABM | CPUID_EXT3_LAHF_LM | CPUID_EXT3_3DNOWPREFETCH,
3884         .features[FEAT_7_0_EBX] =
3885             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
3886             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ERMS |
3887             CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_AVX512F |
3888             CPUID_7_0_EBX_AVX512CD | CPUID_7_0_EBX_AVX512PF |
3889             CPUID_7_0_EBX_AVX512ER,
3890         .features[FEAT_7_0_ECX] =
3891             CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
3892         .features[FEAT_7_0_EDX] =
3893             CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS,
3894         .features[FEAT_XSAVE] =
3895             CPUID_XSAVE_XSAVEOPT,
3896         .features[FEAT_6_EAX] =
3897             CPUID_6_EAX_ARAT,
3898         .xlevel = 0x80000008,
3899         .model_id = "Intel Xeon Phi Processor (Knights Mill)",
3900     },
3901     {
3902         .name = "Opteron_G1",
3903         .level = 5,
3904         .vendor = CPUID_VENDOR_AMD,
3905         .family = 15,
3906         .model = 6,
3907         .stepping = 1,
3908         .features[FEAT_1_EDX] =
3909             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3910             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3911             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3912             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3913             CPUID_DE | CPUID_FP87,
3914         .features[FEAT_1_ECX] =
3915             CPUID_EXT_SSE3,
3916         .features[FEAT_8000_0001_EDX] =
3917             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3918         .xlevel = 0x80000008,
3919         .model_id = "AMD Opteron 240 (Gen 1 Class Opteron)",
3920     },
3921     {
3922         .name = "Opteron_G2",
3923         .level = 5,
3924         .vendor = CPUID_VENDOR_AMD,
3925         .family = 15,
3926         .model = 6,
3927         .stepping = 1,
3928         .features[FEAT_1_EDX] =
3929             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3930             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3931             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3932             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3933             CPUID_DE | CPUID_FP87,
3934         .features[FEAT_1_ECX] =
3935             CPUID_EXT_CX16 | CPUID_EXT_SSE3,
3936         .features[FEAT_8000_0001_EDX] =
3937             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL,
3938         .features[FEAT_8000_0001_ECX] =
3939             CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
3940         .xlevel = 0x80000008,
3941         .model_id = "AMD Opteron 22xx (Gen 2 Class Opteron)",
3942     },
3943     {
3944         .name = "Opteron_G3",
3945         .level = 5,
3946         .vendor = CPUID_VENDOR_AMD,
3947         .family = 16,
3948         .model = 2,
3949         .stepping = 3,
3950         .features[FEAT_1_EDX] =
3951             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3952             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3953             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3954             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3955             CPUID_DE | CPUID_FP87,
3956         .features[FEAT_1_ECX] =
3957             CPUID_EXT_POPCNT | CPUID_EXT_CX16 | CPUID_EXT_MONITOR |
3958             CPUID_EXT_SSE3,
3959         .features[FEAT_8000_0001_EDX] =
3960             CPUID_EXT2_LM | CPUID_EXT2_NX | CPUID_EXT2_SYSCALL |
3961             CPUID_EXT2_RDTSCP,
3962         .features[FEAT_8000_0001_ECX] =
3963             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A |
3964             CPUID_EXT3_ABM | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM,
3965         .xlevel = 0x80000008,
3966         .model_id = "AMD Opteron 23xx (Gen 3 Class Opteron)",
3967     },
3968     {
3969         .name = "Opteron_G4",
3970         .level = 0xd,
3971         .vendor = CPUID_VENDOR_AMD,
3972         .family = 21,
3973         .model = 1,
3974         .stepping = 2,
3975         .features[FEAT_1_EDX] =
3976             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
3977             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
3978             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
3979             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
3980             CPUID_DE | CPUID_FP87,
3981         .features[FEAT_1_ECX] =
3982             CPUID_EXT_AVX | CPUID_EXT_XSAVE | CPUID_EXT_AES |
3983             CPUID_EXT_POPCNT | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
3984             CPUID_EXT_CX16 | CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ |
3985             CPUID_EXT_SSE3,
3986         .features[FEAT_8000_0001_EDX] =
3987             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_NX |
3988             CPUID_EXT2_SYSCALL | CPUID_EXT2_RDTSCP,
3989         .features[FEAT_8000_0001_ECX] =
3990             CPUID_EXT3_FMA4 | CPUID_EXT3_XOP |
3991             CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_MISALIGNSSE |
3992             CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | CPUID_EXT3_SVM |
3993             CPUID_EXT3_LAHF_LM,
3994         .features[FEAT_SVM] =
3995             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
3996         /* no xsaveopt! */
3997         .xlevel = 0x8000001A,
3998         .model_id = "AMD Opteron 62xx class CPU",
3999     },
4000     {
4001         .name = "Opteron_G5",
4002         .level = 0xd,
4003         .vendor = CPUID_VENDOR_AMD,
4004         .family = 21,
4005         .model = 2,
4006         .stepping = 0,
4007         .features[FEAT_1_EDX] =
4008             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
4009             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
4010             CPUID_PGE | CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 |
4011             CPUID_MCE | CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE |
4012             CPUID_DE | CPUID_FP87,
4013         .features[FEAT_1_ECX] =
4014             CPUID_EXT_F16C | CPUID_EXT_AVX | CPUID_EXT_XSAVE |
4015             CPUID_EXT_AES | CPUID_EXT_POPCNT | CPUID_EXT_SSE42 |
4016             CPUID_EXT_SSE41 | CPUID_EXT_CX16 | CPUID_EXT_FMA |
4017             CPUID_EXT_SSSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
4018         .features[FEAT_8000_0001_EDX] =
4019             CPUID_EXT2_LM | CPUID_EXT2_PDPE1GB | CPUID_EXT2_NX |
4020             CPUID_EXT2_SYSCALL | CPUID_EXT2_RDTSCP,
4021         .features[FEAT_8000_0001_ECX] =
4022             CPUID_EXT3_TBM | CPUID_EXT3_FMA4 | CPUID_EXT3_XOP |
4023             CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_MISALIGNSSE |
4024             CPUID_EXT3_SSE4A | CPUID_EXT3_ABM | CPUID_EXT3_SVM |
4025             CPUID_EXT3_LAHF_LM,
4026         .features[FEAT_SVM] =
4027             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
4028         /* no xsaveopt! */
4029         .xlevel = 0x8000001A,
4030         .model_id = "AMD Opteron 63xx class CPU",
4031     },
4032     {
4033         .name = "EPYC",
4034         .level = 0xd,
4035         .vendor = CPUID_VENDOR_AMD,
4036         .family = 23,
4037         .model = 1,
4038         .stepping = 2,
4039         .features[FEAT_1_EDX] =
4040             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
4041             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
4042             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
4043             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
4044             CPUID_VME | CPUID_FP87,
4045         .features[FEAT_1_ECX] =
4046             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
4047             CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
4048             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
4049             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
4050             CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
4051         .features[FEAT_8000_0001_EDX] =
4052             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
4053             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
4054             CPUID_EXT2_SYSCALL,
4055         .features[FEAT_8000_0001_ECX] =
4056             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
4057             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
4058             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
4059             CPUID_EXT3_TOPOEXT,
4060         .features[FEAT_7_0_EBX] =
4061             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
4062             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
4063             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
4064             CPUID_7_0_EBX_SHA_NI,
4065         .features[FEAT_XSAVE] =
4066             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
4067             CPUID_XSAVE_XGETBV1,
4068         .features[FEAT_6_EAX] =
4069             CPUID_6_EAX_ARAT,
4070         .features[FEAT_SVM] =
4071             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
4072         .xlevel = 0x8000001E,
4073         .model_id = "AMD EPYC Processor",
4074         .cache_info = &epyc_cache_info,
4075         .versions = (X86CPUVersionDefinition[]) {
4076             { .version = 1 },
4077             {
4078                 .version = 2,
4079                 .alias = "EPYC-IBPB",
4080                 .props = (PropValue[]) {
4081                     { "ibpb", "on" },
4082                     { "model-id",
4083                       "AMD EPYC Processor (with IBPB)" },
4084                     { /* end of list */ }
4085                 }
4086             },
4087             {
4088                 .version = 3,
4089                 .props = (PropValue[]) {
4090                     { "ibpb", "on" },
4091                     { "perfctr-core", "on" },
4092                     { "clzero", "on" },
4093                     { "xsaveerptr", "on" },
4094                     { "xsaves", "on" },
4095                     { "model-id",
4096                       "AMD EPYC Processor" },
4097                     { /* end of list */ }
4098                 }
4099             },
4100             { /* end of list */ }
4101         }
4102     },
4103     {
4104         .name = "Dhyana",
4105         .level = 0xd,
4106         .vendor = CPUID_VENDOR_HYGON,
4107         .family = 24,
4108         .model = 0,
4109         .stepping = 1,
4110         .features[FEAT_1_EDX] =
4111             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
4112             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
4113             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
4114             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
4115             CPUID_VME | CPUID_FP87,
4116         .features[FEAT_1_ECX] =
4117             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
4118             CPUID_EXT_XSAVE | CPUID_EXT_POPCNT |
4119             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
4120             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
4121             CPUID_EXT_MONITOR | CPUID_EXT_SSE3,
4122         .features[FEAT_8000_0001_EDX] =
4123             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
4124             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
4125             CPUID_EXT2_SYSCALL,
4126         .features[FEAT_8000_0001_ECX] =
4127             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
4128             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
4129             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
4130             CPUID_EXT3_TOPOEXT,
4131         .features[FEAT_8000_0008_EBX] =
4132             CPUID_8000_0008_EBX_IBPB,
4133         .features[FEAT_7_0_EBX] =
4134             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
4135             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
4136             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT,
4137         /*
4138          * Missing: XSAVES (not supported by some Linux versions,
4139          * including v4.1 to v4.12).
4140          * KVM doesn't yet expose any XSAVES state save component.
4141          */
4142         .features[FEAT_XSAVE] =
4143             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
4144             CPUID_XSAVE_XGETBV1,
4145         .features[FEAT_6_EAX] =
4146             CPUID_6_EAX_ARAT,
4147         .features[FEAT_SVM] =
4148             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
4149         .xlevel = 0x8000001E,
4150         .model_id = "Hygon Dhyana Processor",
4151         .cache_info = &epyc_cache_info,
4152     },
4153     {
4154         .name = "EPYC-Rome",
4155         .level = 0xd,
4156         .vendor = CPUID_VENDOR_AMD,
4157         .family = 23,
4158         .model = 49,
4159         .stepping = 0,
4160         .features[FEAT_1_EDX] =
4161             CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX | CPUID_CLFLUSH |
4162             CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA | CPUID_PGE |
4163             CPUID_MTRR | CPUID_SEP | CPUID_APIC | CPUID_CX8 | CPUID_MCE |
4164             CPUID_PAE | CPUID_MSR | CPUID_TSC | CPUID_PSE | CPUID_DE |
4165             CPUID_VME | CPUID_FP87,
4166         .features[FEAT_1_ECX] =
4167             CPUID_EXT_RDRAND | CPUID_EXT_F16C | CPUID_EXT_AVX |
4168             CPUID_EXT_XSAVE | CPUID_EXT_AES |  CPUID_EXT_POPCNT |
4169             CPUID_EXT_MOVBE | CPUID_EXT_SSE42 | CPUID_EXT_SSE41 |
4170             CPUID_EXT_CX16 | CPUID_EXT_FMA | CPUID_EXT_SSSE3 |
4171             CPUID_EXT_MONITOR | CPUID_EXT_PCLMULQDQ | CPUID_EXT_SSE3,
4172         .features[FEAT_8000_0001_EDX] =
4173             CPUID_EXT2_LM | CPUID_EXT2_RDTSCP | CPUID_EXT2_PDPE1GB |
4174             CPUID_EXT2_FFXSR | CPUID_EXT2_MMXEXT | CPUID_EXT2_NX |
4175             CPUID_EXT2_SYSCALL,
4176         .features[FEAT_8000_0001_ECX] =
4177             CPUID_EXT3_OSVW | CPUID_EXT3_3DNOWPREFETCH |
4178             CPUID_EXT3_MISALIGNSSE | CPUID_EXT3_SSE4A | CPUID_EXT3_ABM |
4179             CPUID_EXT3_CR8LEG | CPUID_EXT3_SVM | CPUID_EXT3_LAHF_LM |
4180             CPUID_EXT3_TOPOEXT | CPUID_EXT3_PERFCORE,
4181         .features[FEAT_8000_0008_EBX] =
4182             CPUID_8000_0008_EBX_CLZERO | CPUID_8000_0008_EBX_XSAVEERPTR |
4183             CPUID_8000_0008_EBX_WBNOINVD | CPUID_8000_0008_EBX_IBPB |
4184             CPUID_8000_0008_EBX_STIBP,
4185         .features[FEAT_7_0_EBX] =
4186             CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_AVX2 |
4187             CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_RDSEED |
4188             CPUID_7_0_EBX_ADX | CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT |
4189             CPUID_7_0_EBX_SHA_NI | CPUID_7_0_EBX_CLWB,
4190         .features[FEAT_7_0_ECX] =
4191             CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_RDPID,
4192         .features[FEAT_XSAVE] =
4193             CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC |
4194             CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES,
4195         .features[FEAT_6_EAX] =
4196             CPUID_6_EAX_ARAT,
4197         .features[FEAT_SVM] =
4198             CPUID_SVM_NPT | CPUID_SVM_NRIPSAVE,
4199         .xlevel = 0x8000001E,
4200         .model_id = "AMD EPYC-Rome Processor",
4201         .cache_info = &epyc_rome_cache_info,
4202     },
4203 };
4204 
4205 /* KVM-specific features that are automatically added/removed
4206  * from all CPU models when KVM is enabled.
4207  */
4208 static PropValue kvm_default_props[] = {
4209     { "kvmclock", "on" },
4210     { "kvm-nopiodelay", "on" },
4211     { "kvm-asyncpf", "on" },
4212     { "kvm-steal-time", "on" },
4213     { "kvm-pv-eoi", "on" },
4214     { "kvmclock-stable-bit", "on" },
4215     { "x2apic", "on" },
4216     { "acpi", "off" },
4217     { "monitor", "off" },
4218     { "svm", "off" },
4219     { NULL, NULL },
4220 };
4221 
4222 /* TCG-specific defaults that override all CPU models when using TCG
4223  */
4224 static PropValue tcg_default_props[] = {
4225     { "vme", "off" },
4226     { NULL, NULL },
4227 };
4228 
4229 
4230 /*
4231  * We resolve CPU model aliases using -v1 when using "-machine
4232  * none", but this is just for compatibility while libvirt isn't
4233  * adapted to resolve CPU model versions before creating VMs.
4234  * See "Runnability guarantee of CPU models" at * qemu-deprecated.texi.
4235  */
4236 X86CPUVersion default_cpu_version = 1;
4237 
4238 void x86_cpu_set_default_version(X86CPUVersion version)
4239 {
4240     /* Translating CPU_VERSION_AUTO to CPU_VERSION_AUTO doesn't make sense */
4241     assert(version != CPU_VERSION_AUTO);
4242     default_cpu_version = version;
4243 }
4244 
4245 static X86CPUVersion x86_cpu_model_last_version(const X86CPUModel *model)
4246 {
4247     int v = 0;
4248     const X86CPUVersionDefinition *vdef =
4249         x86_cpu_def_get_versions(model->cpudef);
4250     while (vdef->version) {
4251         v = vdef->version;
4252         vdef++;
4253     }
4254     return v;
4255 }
4256 
4257 /* Return the actual version being used for a specific CPU model */
4258 static X86CPUVersion x86_cpu_model_resolve_version(const X86CPUModel *model)
4259 {
4260     X86CPUVersion v = model->version;
4261     if (v == CPU_VERSION_AUTO) {
4262         v = default_cpu_version;
4263     }
4264     if (v == CPU_VERSION_LATEST) {
4265         return x86_cpu_model_last_version(model);
4266     }
4267     return v;
4268 }
4269 
4270 void x86_cpu_change_kvm_default(const char *prop, const char *value)
4271 {
4272     PropValue *pv;
4273     for (pv = kvm_default_props; pv->prop; pv++) {
4274         if (!strcmp(pv->prop, prop)) {
4275             pv->value = value;
4276             break;
4277         }
4278     }
4279 
4280     /* It is valid to call this function only for properties that
4281      * are already present in the kvm_default_props table.
4282      */
4283     assert(pv->prop);
4284 }
4285 
4286 static uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
4287                                                    bool migratable_only);
4288 
4289 static bool lmce_supported(void)
4290 {
4291     uint64_t mce_cap = 0;
4292 
4293 #ifdef CONFIG_KVM
4294     if (kvm_ioctl(kvm_state, KVM_X86_GET_MCE_CAP_SUPPORTED, &mce_cap) < 0) {
4295         return false;
4296     }
4297 #endif
4298 
4299     return !!(mce_cap & MCG_LMCE_P);
4300 }
4301 
4302 #define CPUID_MODEL_ID_SZ 48
4303 
4304 /**
4305  * cpu_x86_fill_model_id:
4306  * Get CPUID model ID string from host CPU.
4307  *
4308  * @str should have at least CPUID_MODEL_ID_SZ bytes
4309  *
4310  * The function does NOT add a null terminator to the string
4311  * automatically.
4312  */
4313 static int cpu_x86_fill_model_id(char *str)
4314 {
4315     uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0;
4316     int i;
4317 
4318     for (i = 0; i < 3; i++) {
4319         host_cpuid(0x80000002 + i, 0, &eax, &ebx, &ecx, &edx);
4320         memcpy(str + i * 16 +  0, &eax, 4);
4321         memcpy(str + i * 16 +  4, &ebx, 4);
4322         memcpy(str + i * 16 +  8, &ecx, 4);
4323         memcpy(str + i * 16 + 12, &edx, 4);
4324     }
4325     return 0;
4326 }
4327 
4328 static Property max_x86_cpu_properties[] = {
4329     DEFINE_PROP_BOOL("migratable", X86CPU, migratable, true),
4330     DEFINE_PROP_BOOL("host-cache-info", X86CPU, cache_info_passthrough, false),
4331     DEFINE_PROP_END_OF_LIST()
4332 };
4333 
4334 static void max_x86_cpu_class_init(ObjectClass *oc, void *data)
4335 {
4336     DeviceClass *dc = DEVICE_CLASS(oc);
4337     X86CPUClass *xcc = X86_CPU_CLASS(oc);
4338 
4339     xcc->ordering = 9;
4340 
4341     xcc->model_description =
4342         "Enables all features supported by the accelerator in the current host";
4343 
4344     device_class_set_props(dc, max_x86_cpu_properties);
4345 }
4346 
4347 static void max_x86_cpu_initfn(Object *obj)
4348 {
4349     X86CPU *cpu = X86_CPU(obj);
4350     CPUX86State *env = &cpu->env;
4351     KVMState *s = kvm_state;
4352 
4353     /* We can't fill the features array here because we don't know yet if
4354      * "migratable" is true or false.
4355      */
4356     cpu->max_features = true;
4357 
4358     if (accel_uses_host_cpuid()) {
4359         char vendor[CPUID_VENDOR_SZ + 1] = { 0 };
4360         char model_id[CPUID_MODEL_ID_SZ + 1] = { 0 };
4361         int family, model, stepping;
4362 
4363         host_vendor_fms(vendor, &family, &model, &stepping);
4364         cpu_x86_fill_model_id(model_id);
4365 
4366         object_property_set_str(OBJECT(cpu), "vendor", vendor, &error_abort);
4367         object_property_set_int(OBJECT(cpu), "family", family, &error_abort);
4368         object_property_set_int(OBJECT(cpu), "model", model, &error_abort);
4369         object_property_set_int(OBJECT(cpu), "stepping", stepping,
4370                                 &error_abort);
4371         object_property_set_str(OBJECT(cpu), "model-id", model_id,
4372                                 &error_abort);
4373 
4374         if (kvm_enabled()) {
4375             env->cpuid_min_level =
4376                 kvm_arch_get_supported_cpuid(s, 0x0, 0, R_EAX);
4377             env->cpuid_min_xlevel =
4378                 kvm_arch_get_supported_cpuid(s, 0x80000000, 0, R_EAX);
4379             env->cpuid_min_xlevel2 =
4380                 kvm_arch_get_supported_cpuid(s, 0xC0000000, 0, R_EAX);
4381         } else {
4382             env->cpuid_min_level =
4383                 hvf_get_supported_cpuid(0x0, 0, R_EAX);
4384             env->cpuid_min_xlevel =
4385                 hvf_get_supported_cpuid(0x80000000, 0, R_EAX);
4386             env->cpuid_min_xlevel2 =
4387                 hvf_get_supported_cpuid(0xC0000000, 0, R_EAX);
4388         }
4389 
4390         if (lmce_supported()) {
4391             object_property_set_bool(OBJECT(cpu), "lmce", true, &error_abort);
4392         }
4393     } else {
4394         object_property_set_str(OBJECT(cpu), "vendor", CPUID_VENDOR_AMD,
4395                                 &error_abort);
4396         object_property_set_int(OBJECT(cpu), "family", 6, &error_abort);
4397         object_property_set_int(OBJECT(cpu), "model", 6, &error_abort);
4398         object_property_set_int(OBJECT(cpu), "stepping", 3, &error_abort);
4399         object_property_set_str(OBJECT(cpu), "model-id",
4400                                 "QEMU TCG CPU version " QEMU_HW_VERSION,
4401                                 &error_abort);
4402     }
4403 
4404     object_property_set_bool(OBJECT(cpu), "pmu", true, &error_abort);
4405 }
4406 
4407 static const TypeInfo max_x86_cpu_type_info = {
4408     .name = X86_CPU_TYPE_NAME("max"),
4409     .parent = TYPE_X86_CPU,
4410     .instance_init = max_x86_cpu_initfn,
4411     .class_init = max_x86_cpu_class_init,
4412 };
4413 
4414 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
4415 static void host_x86_cpu_class_init(ObjectClass *oc, void *data)
4416 {
4417     X86CPUClass *xcc = X86_CPU_CLASS(oc);
4418 
4419     xcc->host_cpuid_required = true;
4420     xcc->ordering = 8;
4421 
4422 #if defined(CONFIG_KVM)
4423     xcc->model_description =
4424         "KVM processor with all supported host features ";
4425 #elif defined(CONFIG_HVF)
4426     xcc->model_description =
4427         "HVF processor with all supported host features ";
4428 #endif
4429 }
4430 
4431 static const TypeInfo host_x86_cpu_type_info = {
4432     .name = X86_CPU_TYPE_NAME("host"),
4433     .parent = X86_CPU_TYPE_NAME("max"),
4434     .class_init = host_x86_cpu_class_init,
4435 };
4436 
4437 #endif
4438 
4439 static char *feature_word_description(FeatureWordInfo *f, uint32_t bit)
4440 {
4441     assert(f->type == CPUID_FEATURE_WORD || f->type == MSR_FEATURE_WORD);
4442 
4443     switch (f->type) {
4444     case CPUID_FEATURE_WORD:
4445         {
4446             const char *reg = get_register_name_32(f->cpuid.reg);
4447             assert(reg);
4448             return g_strdup_printf("CPUID.%02XH:%s",
4449                                    f->cpuid.eax, reg);
4450         }
4451     case MSR_FEATURE_WORD:
4452         return g_strdup_printf("MSR(%02XH)",
4453                                f->msr.index);
4454     }
4455 
4456     return NULL;
4457 }
4458 
4459 static bool x86_cpu_have_filtered_features(X86CPU *cpu)
4460 {
4461     FeatureWord w;
4462 
4463     for (w = 0; w < FEATURE_WORDS; w++) {
4464         if (cpu->filtered_features[w]) {
4465             return true;
4466         }
4467     }
4468 
4469     return false;
4470 }
4471 
4472 static void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask,
4473                                       const char *verbose_prefix)
4474 {
4475     CPUX86State *env = &cpu->env;
4476     FeatureWordInfo *f = &feature_word_info[w];
4477     int i;
4478 
4479     if (!cpu->force_features) {
4480         env->features[w] &= ~mask;
4481     }
4482     cpu->filtered_features[w] |= mask;
4483 
4484     if (!verbose_prefix) {
4485         return;
4486     }
4487 
4488     for (i = 0; i < 64; ++i) {
4489         if ((1ULL << i) & mask) {
4490             g_autofree char *feat_word_str = feature_word_description(f, i);
4491             warn_report("%s: %s%s%s [bit %d]",
4492                         verbose_prefix,
4493                         feat_word_str,
4494                         f->feat_names[i] ? "." : "",
4495                         f->feat_names[i] ? f->feat_names[i] : "", i);
4496         }
4497     }
4498 }
4499 
4500 static void x86_cpuid_version_get_family(Object *obj, Visitor *v,
4501                                          const char *name, void *opaque,
4502                                          Error **errp)
4503 {
4504     X86CPU *cpu = X86_CPU(obj);
4505     CPUX86State *env = &cpu->env;
4506     int64_t value;
4507 
4508     value = (env->cpuid_version >> 8) & 0xf;
4509     if (value == 0xf) {
4510         value += (env->cpuid_version >> 20) & 0xff;
4511     }
4512     visit_type_int(v, name, &value, errp);
4513 }
4514 
4515 static void x86_cpuid_version_set_family(Object *obj, Visitor *v,
4516                                          const char *name, void *opaque,
4517                                          Error **errp)
4518 {
4519     X86CPU *cpu = X86_CPU(obj);
4520     CPUX86State *env = &cpu->env;
4521     const int64_t min = 0;
4522     const int64_t max = 0xff + 0xf;
4523     int64_t value;
4524 
4525     if (!visit_type_int(v, name, &value, errp)) {
4526         return;
4527     }
4528     if (value < min || value > max) {
4529         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4530                    name ? name : "null", value, min, max);
4531         return;
4532     }
4533 
4534     env->cpuid_version &= ~0xff00f00;
4535     if (value > 0x0f) {
4536         env->cpuid_version |= 0xf00 | ((value - 0x0f) << 20);
4537     } else {
4538         env->cpuid_version |= value << 8;
4539     }
4540 }
4541 
4542 static void x86_cpuid_version_get_model(Object *obj, Visitor *v,
4543                                         const char *name, void *opaque,
4544                                         Error **errp)
4545 {
4546     X86CPU *cpu = X86_CPU(obj);
4547     CPUX86State *env = &cpu->env;
4548     int64_t value;
4549 
4550     value = (env->cpuid_version >> 4) & 0xf;
4551     value |= ((env->cpuid_version >> 16) & 0xf) << 4;
4552     visit_type_int(v, name, &value, errp);
4553 }
4554 
4555 static void x86_cpuid_version_set_model(Object *obj, Visitor *v,
4556                                         const char *name, void *opaque,
4557                                         Error **errp)
4558 {
4559     X86CPU *cpu = X86_CPU(obj);
4560     CPUX86State *env = &cpu->env;
4561     const int64_t min = 0;
4562     const int64_t max = 0xff;
4563     int64_t value;
4564 
4565     if (!visit_type_int(v, name, &value, errp)) {
4566         return;
4567     }
4568     if (value < min || value > max) {
4569         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4570                    name ? name : "null", value, min, max);
4571         return;
4572     }
4573 
4574     env->cpuid_version &= ~0xf00f0;
4575     env->cpuid_version |= ((value & 0xf) << 4) | ((value >> 4) << 16);
4576 }
4577 
4578 static void x86_cpuid_version_get_stepping(Object *obj, Visitor *v,
4579                                            const char *name, void *opaque,
4580                                            Error **errp)
4581 {
4582     X86CPU *cpu = X86_CPU(obj);
4583     CPUX86State *env = &cpu->env;
4584     int64_t value;
4585 
4586     value = env->cpuid_version & 0xf;
4587     visit_type_int(v, name, &value, errp);
4588 }
4589 
4590 static void x86_cpuid_version_set_stepping(Object *obj, Visitor *v,
4591                                            const char *name, void *opaque,
4592                                            Error **errp)
4593 {
4594     X86CPU *cpu = X86_CPU(obj);
4595     CPUX86State *env = &cpu->env;
4596     const int64_t min = 0;
4597     const int64_t max = 0xf;
4598     int64_t value;
4599 
4600     if (!visit_type_int(v, name, &value, errp)) {
4601         return;
4602     }
4603     if (value < min || value > max) {
4604         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4605                    name ? name : "null", value, min, max);
4606         return;
4607     }
4608 
4609     env->cpuid_version &= ~0xf;
4610     env->cpuid_version |= value & 0xf;
4611 }
4612 
4613 static char *x86_cpuid_get_vendor(Object *obj, Error **errp)
4614 {
4615     X86CPU *cpu = X86_CPU(obj);
4616     CPUX86State *env = &cpu->env;
4617     char *value;
4618 
4619     value = g_malloc(CPUID_VENDOR_SZ + 1);
4620     x86_cpu_vendor_words2str(value, env->cpuid_vendor1, env->cpuid_vendor2,
4621                              env->cpuid_vendor3);
4622     return value;
4623 }
4624 
4625 static void x86_cpuid_set_vendor(Object *obj, const char *value,
4626                                  Error **errp)
4627 {
4628     X86CPU *cpu = X86_CPU(obj);
4629     CPUX86State *env = &cpu->env;
4630     int i;
4631 
4632     if (strlen(value) != CPUID_VENDOR_SZ) {
4633         error_setg(errp, QERR_PROPERTY_VALUE_BAD, "", "vendor", value);
4634         return;
4635     }
4636 
4637     env->cpuid_vendor1 = 0;
4638     env->cpuid_vendor2 = 0;
4639     env->cpuid_vendor3 = 0;
4640     for (i = 0; i < 4; i++) {
4641         env->cpuid_vendor1 |= ((uint8_t)value[i    ]) << (8 * i);
4642         env->cpuid_vendor2 |= ((uint8_t)value[i + 4]) << (8 * i);
4643         env->cpuid_vendor3 |= ((uint8_t)value[i + 8]) << (8 * i);
4644     }
4645 }
4646 
4647 static char *x86_cpuid_get_model_id(Object *obj, Error **errp)
4648 {
4649     X86CPU *cpu = X86_CPU(obj);
4650     CPUX86State *env = &cpu->env;
4651     char *value;
4652     int i;
4653 
4654     value = g_malloc(48 + 1);
4655     for (i = 0; i < 48; i++) {
4656         value[i] = env->cpuid_model[i >> 2] >> (8 * (i & 3));
4657     }
4658     value[48] = '\0';
4659     return value;
4660 }
4661 
4662 static void x86_cpuid_set_model_id(Object *obj, const char *model_id,
4663                                    Error **errp)
4664 {
4665     X86CPU *cpu = X86_CPU(obj);
4666     CPUX86State *env = &cpu->env;
4667     int c, len, i;
4668 
4669     if (model_id == NULL) {
4670         model_id = "";
4671     }
4672     len = strlen(model_id);
4673     memset(env->cpuid_model, 0, 48);
4674     for (i = 0; i < 48; i++) {
4675         if (i >= len) {
4676             c = '\0';
4677         } else {
4678             c = (uint8_t)model_id[i];
4679         }
4680         env->cpuid_model[i >> 2] |= c << (8 * (i & 3));
4681     }
4682 }
4683 
4684 static void x86_cpuid_get_tsc_freq(Object *obj, Visitor *v, const char *name,
4685                                    void *opaque, Error **errp)
4686 {
4687     X86CPU *cpu = X86_CPU(obj);
4688     int64_t value;
4689 
4690     value = cpu->env.tsc_khz * 1000;
4691     visit_type_int(v, name, &value, errp);
4692 }
4693 
4694 static void x86_cpuid_set_tsc_freq(Object *obj, Visitor *v, const char *name,
4695                                    void *opaque, Error **errp)
4696 {
4697     X86CPU *cpu = X86_CPU(obj);
4698     const int64_t min = 0;
4699     const int64_t max = INT64_MAX;
4700     int64_t value;
4701 
4702     if (!visit_type_int(v, name, &value, errp)) {
4703         return;
4704     }
4705     if (value < min || value > max) {
4706         error_setg(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, "",
4707                    name ? name : "null", value, min, max);
4708         return;
4709     }
4710 
4711     cpu->env.tsc_khz = cpu->env.user_tsc_khz = value / 1000;
4712 }
4713 
4714 /* Generic getter for "feature-words" and "filtered-features" properties */
4715 static void x86_cpu_get_feature_words(Object *obj, Visitor *v,
4716                                       const char *name, void *opaque,
4717                                       Error **errp)
4718 {
4719     uint64_t *array = (uint64_t *)opaque;
4720     FeatureWord w;
4721     X86CPUFeatureWordInfo word_infos[FEATURE_WORDS] = { };
4722     X86CPUFeatureWordInfoList list_entries[FEATURE_WORDS] = { };
4723     X86CPUFeatureWordInfoList *list = NULL;
4724 
4725     for (w = 0; w < FEATURE_WORDS; w++) {
4726         FeatureWordInfo *wi = &feature_word_info[w];
4727         /*
4728                 * We didn't have MSR features when "feature-words" was
4729                 *  introduced. Therefore skipped other type entries.
4730                 */
4731         if (wi->type != CPUID_FEATURE_WORD) {
4732             continue;
4733         }
4734         X86CPUFeatureWordInfo *qwi = &word_infos[w];
4735         qwi->cpuid_input_eax = wi->cpuid.eax;
4736         qwi->has_cpuid_input_ecx = wi->cpuid.needs_ecx;
4737         qwi->cpuid_input_ecx = wi->cpuid.ecx;
4738         qwi->cpuid_register = x86_reg_info_32[wi->cpuid.reg].qapi_enum;
4739         qwi->features = array[w];
4740 
4741         /* List will be in reverse order, but order shouldn't matter */
4742         list_entries[w].next = list;
4743         list_entries[w].value = &word_infos[w];
4744         list = &list_entries[w];
4745     }
4746 
4747     visit_type_X86CPUFeatureWordInfoList(v, "feature-words", &list, errp);
4748 }
4749 
4750 /* Convert all '_' in a feature string option name to '-', to make feature
4751  * name conform to QOM property naming rule, which uses '-' instead of '_'.
4752  */
4753 static inline void feat2prop(char *s)
4754 {
4755     while ((s = strchr(s, '_'))) {
4756         *s = '-';
4757     }
4758 }
4759 
4760 /* Return the feature property name for a feature flag bit */
4761 static const char *x86_cpu_feature_name(FeatureWord w, int bitnr)
4762 {
4763     const char *name;
4764     /* XSAVE components are automatically enabled by other features,
4765      * so return the original feature name instead
4766      */
4767     if (w == FEAT_XSAVE_COMP_LO || w == FEAT_XSAVE_COMP_HI) {
4768         int comp = (w == FEAT_XSAVE_COMP_HI) ? bitnr + 32 : bitnr;
4769 
4770         if (comp < ARRAY_SIZE(x86_ext_save_areas) &&
4771             x86_ext_save_areas[comp].bits) {
4772             w = x86_ext_save_areas[comp].feature;
4773             bitnr = ctz32(x86_ext_save_areas[comp].bits);
4774         }
4775     }
4776 
4777     assert(bitnr < 64);
4778     assert(w < FEATURE_WORDS);
4779     name = feature_word_info[w].feat_names[bitnr];
4780     assert(bitnr < 32 || !(name && feature_word_info[w].type == CPUID_FEATURE_WORD));
4781     return name;
4782 }
4783 
4784 /* Compatibily hack to maintain legacy +-feat semantic,
4785  * where +-feat overwrites any feature set by
4786  * feat=on|feat even if the later is parsed after +-feat
4787  * (i.e. "-x2apic,x2apic=on" will result in x2apic disabled)
4788  */
4789 static GList *plus_features, *minus_features;
4790 
4791 static gint compare_string(gconstpointer a, gconstpointer b)
4792 {
4793     return g_strcmp0(a, b);
4794 }
4795 
4796 /* Parse "+feature,-feature,feature=foo" CPU feature string
4797  */
4798 static void x86_cpu_parse_featurestr(const char *typename, char *features,
4799                                      Error **errp)
4800 {
4801     char *featurestr; /* Single 'key=value" string being parsed */
4802     static bool cpu_globals_initialized;
4803     bool ambiguous = false;
4804 
4805     if (cpu_globals_initialized) {
4806         return;
4807     }
4808     cpu_globals_initialized = true;
4809 
4810     if (!features) {
4811         return;
4812     }
4813 
4814     for (featurestr = strtok(features, ",");
4815          featurestr;
4816          featurestr = strtok(NULL, ",")) {
4817         const char *name;
4818         const char *val = NULL;
4819         char *eq = NULL;
4820         char num[32];
4821         GlobalProperty *prop;
4822 
4823         /* Compatibility syntax: */
4824         if (featurestr[0] == '+') {
4825             plus_features = g_list_append(plus_features,
4826                                           g_strdup(featurestr + 1));
4827             continue;
4828         } else if (featurestr[0] == '-') {
4829             minus_features = g_list_append(minus_features,
4830                                            g_strdup(featurestr + 1));
4831             continue;
4832         }
4833 
4834         eq = strchr(featurestr, '=');
4835         if (eq) {
4836             *eq++ = 0;
4837             val = eq;
4838         } else {
4839             val = "on";
4840         }
4841 
4842         feat2prop(featurestr);
4843         name = featurestr;
4844 
4845         if (g_list_find_custom(plus_features, name, compare_string)) {
4846             warn_report("Ambiguous CPU model string. "
4847                         "Don't mix both \"+%s\" and \"%s=%s\"",
4848                         name, name, val);
4849             ambiguous = true;
4850         }
4851         if (g_list_find_custom(minus_features, name, compare_string)) {
4852             warn_report("Ambiguous CPU model string. "
4853                         "Don't mix both \"-%s\" and \"%s=%s\"",
4854                         name, name, val);
4855             ambiguous = true;
4856         }
4857 
4858         /* Special case: */
4859         if (!strcmp(name, "tsc-freq")) {
4860             int ret;
4861             uint64_t tsc_freq;
4862 
4863             ret = qemu_strtosz_metric(val, NULL, &tsc_freq);
4864             if (ret < 0 || tsc_freq > INT64_MAX) {
4865                 error_setg(errp, "bad numerical value %s", val);
4866                 return;
4867             }
4868             snprintf(num, sizeof(num), "%" PRId64, tsc_freq);
4869             val = num;
4870             name = "tsc-frequency";
4871         }
4872 
4873         prop = g_new0(typeof(*prop), 1);
4874         prop->driver = typename;
4875         prop->property = g_strdup(name);
4876         prop->value = g_strdup(val);
4877         qdev_prop_register_global(prop);
4878     }
4879 
4880     if (ambiguous) {
4881         warn_report("Compatibility of ambiguous CPU model "
4882                     "strings won't be kept on future QEMU versions");
4883     }
4884 }
4885 
4886 static void x86_cpu_expand_features(X86CPU *cpu, Error **errp);
4887 static void x86_cpu_filter_features(X86CPU *cpu, bool verbose);
4888 
4889 /* Build a list with the name of all features on a feature word array */
4890 static void x86_cpu_list_feature_names(FeatureWordArray features,
4891                                        strList **feat_names)
4892 {
4893     FeatureWord w;
4894     strList **next = feat_names;
4895 
4896     for (w = 0; w < FEATURE_WORDS; w++) {
4897         uint64_t filtered = features[w];
4898         int i;
4899         for (i = 0; i < 64; i++) {
4900             if (filtered & (1ULL << i)) {
4901                 strList *new = g_new0(strList, 1);
4902                 new->value = g_strdup(x86_cpu_feature_name(w, i));
4903                 *next = new;
4904                 next = &new->next;
4905             }
4906         }
4907     }
4908 }
4909 
4910 static void x86_cpu_get_unavailable_features(Object *obj, Visitor *v,
4911                                              const char *name, void *opaque,
4912                                              Error **errp)
4913 {
4914     X86CPU *xc = X86_CPU(obj);
4915     strList *result = NULL;
4916 
4917     x86_cpu_list_feature_names(xc->filtered_features, &result);
4918     visit_type_strList(v, "unavailable-features", &result, errp);
4919 }
4920 
4921 /* Check for missing features that may prevent the CPU class from
4922  * running using the current machine and accelerator.
4923  */
4924 static void x86_cpu_class_check_missing_features(X86CPUClass *xcc,
4925                                                  strList **missing_feats)
4926 {
4927     X86CPU *xc;
4928     Error *err = NULL;
4929     strList **next = missing_feats;
4930 
4931     if (xcc->host_cpuid_required && !accel_uses_host_cpuid()) {
4932         strList *new = g_new0(strList, 1);
4933         new->value = g_strdup("kvm");
4934         *missing_feats = new;
4935         return;
4936     }
4937 
4938     xc = X86_CPU(object_new_with_class(OBJECT_CLASS(xcc)));
4939 
4940     x86_cpu_expand_features(xc, &err);
4941     if (err) {
4942         /* Errors at x86_cpu_expand_features should never happen,
4943          * but in case it does, just report the model as not
4944          * runnable at all using the "type" property.
4945          */
4946         strList *new = g_new0(strList, 1);
4947         new->value = g_strdup("type");
4948         *next = new;
4949         next = &new->next;
4950         error_free(err);
4951     }
4952 
4953     x86_cpu_filter_features(xc, false);
4954 
4955     x86_cpu_list_feature_names(xc->filtered_features, next);
4956 
4957     object_unref(OBJECT(xc));
4958 }
4959 
4960 /* Print all cpuid feature names in featureset
4961  */
4962 static void listflags(GList *features)
4963 {
4964     size_t len = 0;
4965     GList *tmp;
4966 
4967     for (tmp = features; tmp; tmp = tmp->next) {
4968         const char *name = tmp->data;
4969         if ((len + strlen(name) + 1) >= 75) {
4970             qemu_printf("\n");
4971             len = 0;
4972         }
4973         qemu_printf("%s%s", len == 0 ? "  " : " ", name);
4974         len += strlen(name) + 1;
4975     }
4976     qemu_printf("\n");
4977 }
4978 
4979 /* Sort alphabetically by type name, respecting X86CPUClass::ordering. */
4980 static gint x86_cpu_list_compare(gconstpointer a, gconstpointer b)
4981 {
4982     ObjectClass *class_a = (ObjectClass *)a;
4983     ObjectClass *class_b = (ObjectClass *)b;
4984     X86CPUClass *cc_a = X86_CPU_CLASS(class_a);
4985     X86CPUClass *cc_b = X86_CPU_CLASS(class_b);
4986     int ret;
4987 
4988     if (cc_a->ordering != cc_b->ordering) {
4989         ret = cc_a->ordering - cc_b->ordering;
4990     } else {
4991         g_autofree char *name_a = x86_cpu_class_get_model_name(cc_a);
4992         g_autofree char *name_b = x86_cpu_class_get_model_name(cc_b);
4993         ret = strcmp(name_a, name_b);
4994     }
4995     return ret;
4996 }
4997 
4998 static GSList *get_sorted_cpu_model_list(void)
4999 {
5000     GSList *list = object_class_get_list(TYPE_X86_CPU, false);
5001     list = g_slist_sort(list, x86_cpu_list_compare);
5002     return list;
5003 }
5004 
5005 static char *x86_cpu_class_get_model_id(X86CPUClass *xc)
5006 {
5007     Object *obj = object_new_with_class(OBJECT_CLASS(xc));
5008     char *r = object_property_get_str(obj, "model-id", &error_abort);
5009     object_unref(obj);
5010     return r;
5011 }
5012 
5013 static char *x86_cpu_class_get_alias_of(X86CPUClass *cc)
5014 {
5015     X86CPUVersion version;
5016 
5017     if (!cc->model || !cc->model->is_alias) {
5018         return NULL;
5019     }
5020     version = x86_cpu_model_resolve_version(cc->model);
5021     if (version <= 0) {
5022         return NULL;
5023     }
5024     return x86_cpu_versioned_model_name(cc->model->cpudef, version);
5025 }
5026 
5027 static void x86_cpu_list_entry(gpointer data, gpointer user_data)
5028 {
5029     ObjectClass *oc = data;
5030     X86CPUClass *cc = X86_CPU_CLASS(oc);
5031     g_autofree char *name = x86_cpu_class_get_model_name(cc);
5032     g_autofree char *desc = g_strdup(cc->model_description);
5033     g_autofree char *alias_of = x86_cpu_class_get_alias_of(cc);
5034     g_autofree char *model_id = x86_cpu_class_get_model_id(cc);
5035 
5036     if (!desc && alias_of) {
5037         if (cc->model && cc->model->version == CPU_VERSION_AUTO) {
5038             desc = g_strdup("(alias configured by machine type)");
5039         } else {
5040             desc = g_strdup_printf("(alias of %s)", alias_of);
5041         }
5042     }
5043     if (!desc && cc->model && cc->model->note) {
5044         desc = g_strdup_printf("%s [%s]", model_id, cc->model->note);
5045     }
5046     if (!desc) {
5047         desc = g_strdup_printf("%s", model_id);
5048     }
5049 
5050     qemu_printf("x86 %-20s  %-58s\n", name, desc);
5051 }
5052 
5053 /* list available CPU models and flags */
5054 void x86_cpu_list(void)
5055 {
5056     int i, j;
5057     GSList *list;
5058     GList *names = NULL;
5059 
5060     qemu_printf("Available CPUs:\n");
5061     list = get_sorted_cpu_model_list();
5062     g_slist_foreach(list, x86_cpu_list_entry, NULL);
5063     g_slist_free(list);
5064 
5065     names = NULL;
5066     for (i = 0; i < ARRAY_SIZE(feature_word_info); i++) {
5067         FeatureWordInfo *fw = &feature_word_info[i];
5068         for (j = 0; j < 64; j++) {
5069             if (fw->feat_names[j]) {
5070                 names = g_list_append(names, (gpointer)fw->feat_names[j]);
5071             }
5072         }
5073     }
5074 
5075     names = g_list_sort(names, (GCompareFunc)strcmp);
5076 
5077     qemu_printf("\nRecognized CPUID flags:\n");
5078     listflags(names);
5079     qemu_printf("\n");
5080     g_list_free(names);
5081 }
5082 
5083 static void x86_cpu_definition_entry(gpointer data, gpointer user_data)
5084 {
5085     ObjectClass *oc = data;
5086     X86CPUClass *cc = X86_CPU_CLASS(oc);
5087     CpuDefinitionInfoList **cpu_list = user_data;
5088     CpuDefinitionInfoList *entry;
5089     CpuDefinitionInfo *info;
5090 
5091     info = g_malloc0(sizeof(*info));
5092     info->name = x86_cpu_class_get_model_name(cc);
5093     x86_cpu_class_check_missing_features(cc, &info->unavailable_features);
5094     info->has_unavailable_features = true;
5095     info->q_typename = g_strdup(object_class_get_name(oc));
5096     info->migration_safe = cc->migration_safe;
5097     info->has_migration_safe = true;
5098     info->q_static = cc->static_model;
5099     /*
5100      * Old machine types won't report aliases, so that alias translation
5101      * doesn't break compatibility with previous QEMU versions.
5102      */
5103     if (default_cpu_version != CPU_VERSION_LEGACY) {
5104         info->alias_of = x86_cpu_class_get_alias_of(cc);
5105         info->has_alias_of = !!info->alias_of;
5106     }
5107 
5108     entry = g_malloc0(sizeof(*entry));
5109     entry->value = info;
5110     entry->next = *cpu_list;
5111     *cpu_list = entry;
5112 }
5113 
5114 CpuDefinitionInfoList *qmp_query_cpu_definitions(Error **errp)
5115 {
5116     CpuDefinitionInfoList *cpu_list = NULL;
5117     GSList *list = get_sorted_cpu_model_list();
5118     g_slist_foreach(list, x86_cpu_definition_entry, &cpu_list);
5119     g_slist_free(list);
5120     return cpu_list;
5121 }
5122 
5123 static uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
5124                                                    bool migratable_only)
5125 {
5126     FeatureWordInfo *wi = &feature_word_info[w];
5127     uint64_t r = 0;
5128 
5129     if (kvm_enabled()) {
5130         switch (wi->type) {
5131         case CPUID_FEATURE_WORD:
5132             r = kvm_arch_get_supported_cpuid(kvm_state, wi->cpuid.eax,
5133                                                         wi->cpuid.ecx,
5134                                                         wi->cpuid.reg);
5135             break;
5136         case MSR_FEATURE_WORD:
5137             r = kvm_arch_get_supported_msr_feature(kvm_state,
5138                         wi->msr.index);
5139             break;
5140         }
5141     } else if (hvf_enabled()) {
5142         if (wi->type != CPUID_FEATURE_WORD) {
5143             return 0;
5144         }
5145         r = hvf_get_supported_cpuid(wi->cpuid.eax,
5146                                     wi->cpuid.ecx,
5147                                     wi->cpuid.reg);
5148     } else if (tcg_enabled()) {
5149         r = wi->tcg_features;
5150     } else {
5151         return ~0;
5152     }
5153     if (migratable_only) {
5154         r &= x86_cpu_get_migratable_flags(w);
5155     }
5156     return r;
5157 }
5158 
5159 static void x86_cpu_apply_props(X86CPU *cpu, PropValue *props)
5160 {
5161     PropValue *pv;
5162     for (pv = props; pv->prop; pv++) {
5163         if (!pv->value) {
5164             continue;
5165         }
5166         object_property_parse(OBJECT(cpu), pv->prop, pv->value,
5167                               &error_abort);
5168     }
5169 }
5170 
5171 /* Apply properties for the CPU model version specified in model */
5172 static void x86_cpu_apply_version_props(X86CPU *cpu, X86CPUModel *model)
5173 {
5174     const X86CPUVersionDefinition *vdef;
5175     X86CPUVersion version = x86_cpu_model_resolve_version(model);
5176 
5177     if (version == CPU_VERSION_LEGACY) {
5178         return;
5179     }
5180 
5181     for (vdef = x86_cpu_def_get_versions(model->cpudef); vdef->version; vdef++) {
5182         PropValue *p;
5183 
5184         for (p = vdef->props; p && p->prop; p++) {
5185             object_property_parse(OBJECT(cpu), p->prop, p->value,
5186                                   &error_abort);
5187         }
5188 
5189         if (vdef->version == version) {
5190             break;
5191         }
5192     }
5193 
5194     /*
5195      * If we reached the end of the list, version number was invalid
5196      */
5197     assert(vdef->version == version);
5198 }
5199 
5200 /* Load data from X86CPUDefinition into a X86CPU object
5201  */
5202 static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel *model)
5203 {
5204     X86CPUDefinition *def = model->cpudef;
5205     CPUX86State *env = &cpu->env;
5206     const char *vendor;
5207     char host_vendor[CPUID_VENDOR_SZ + 1];
5208     FeatureWord w;
5209 
5210     /*NOTE: any property set by this function should be returned by
5211      * x86_cpu_static_props(), so static expansion of
5212      * query-cpu-model-expansion is always complete.
5213      */
5214 
5215     /* CPU models only set _minimum_ values for level/xlevel: */
5216     object_property_set_uint(OBJECT(cpu), "min-level", def->level,
5217                              &error_abort);
5218     object_property_set_uint(OBJECT(cpu), "min-xlevel", def->xlevel,
5219                              &error_abort);
5220 
5221     object_property_set_int(OBJECT(cpu), "family", def->family, &error_abort);
5222     object_property_set_int(OBJECT(cpu), "model", def->model, &error_abort);
5223     object_property_set_int(OBJECT(cpu), "stepping", def->stepping,
5224                             &error_abort);
5225     object_property_set_str(OBJECT(cpu), "model-id", def->model_id,
5226                             &error_abort);
5227     for (w = 0; w < FEATURE_WORDS; w++) {
5228         env->features[w] = def->features[w];
5229     }
5230 
5231     /* legacy-cache defaults to 'off' if CPU model provides cache info */
5232     cpu->legacy_cache = !def->cache_info;
5233 
5234     /* Special cases not set in the X86CPUDefinition structs: */
5235     /* TODO: in-kernel irqchip for hvf */
5236     if (kvm_enabled()) {
5237         if (!kvm_irqchip_in_kernel()) {
5238             x86_cpu_change_kvm_default("x2apic", "off");
5239         }
5240 
5241         x86_cpu_apply_props(cpu, kvm_default_props);
5242     } else if (tcg_enabled()) {
5243         x86_cpu_apply_props(cpu, tcg_default_props);
5244     }
5245 
5246     env->features[FEAT_1_ECX] |= CPUID_EXT_HYPERVISOR;
5247 
5248     /* sysenter isn't supported in compatibility mode on AMD,
5249      * syscall isn't supported in compatibility mode on Intel.
5250      * Normally we advertise the actual CPU vendor, but you can
5251      * override this using the 'vendor' property if you want to use
5252      * KVM's sysenter/syscall emulation in compatibility mode and
5253      * when doing cross vendor migration
5254      */
5255     vendor = def->vendor;
5256     if (accel_uses_host_cpuid()) {
5257         uint32_t  ebx = 0, ecx = 0, edx = 0;
5258         host_cpuid(0, 0, NULL, &ebx, &ecx, &edx);
5259         x86_cpu_vendor_words2str(host_vendor, ebx, edx, ecx);
5260         vendor = host_vendor;
5261     }
5262 
5263     object_property_set_str(OBJECT(cpu), "vendor", vendor, &error_abort);
5264 
5265     x86_cpu_apply_version_props(cpu, model);
5266 
5267     /*
5268      * Properties in versioned CPU model are not user specified features.
5269      * We can simply clear env->user_features here since it will be filled later
5270      * in x86_cpu_expand_features() based on plus_features and minus_features.
5271      */
5272     memset(&env->user_features, 0, sizeof(env->user_features));
5273 }
5274 
5275 #ifndef CONFIG_USER_ONLY
5276 /* Return a QDict containing keys for all properties that can be included
5277  * in static expansion of CPU models. All properties set by x86_cpu_load_model()
5278  * must be included in the dictionary.
5279  */
5280 static QDict *x86_cpu_static_props(void)
5281 {
5282     FeatureWord w;
5283     int i;
5284     static const char *props[] = {
5285         "min-level",
5286         "min-xlevel",
5287         "family",
5288         "model",
5289         "stepping",
5290         "model-id",
5291         "vendor",
5292         "lmce",
5293         NULL,
5294     };
5295     static QDict *d;
5296 
5297     if (d) {
5298         return d;
5299     }
5300 
5301     d = qdict_new();
5302     for (i = 0; props[i]; i++) {
5303         qdict_put_null(d, props[i]);
5304     }
5305 
5306     for (w = 0; w < FEATURE_WORDS; w++) {
5307         FeatureWordInfo *fi = &feature_word_info[w];
5308         int bit;
5309         for (bit = 0; bit < 64; bit++) {
5310             if (!fi->feat_names[bit]) {
5311                 continue;
5312             }
5313             qdict_put_null(d, fi->feat_names[bit]);
5314         }
5315     }
5316 
5317     return d;
5318 }
5319 
5320 /* Add an entry to @props dict, with the value for property. */
5321 static void x86_cpu_expand_prop(X86CPU *cpu, QDict *props, const char *prop)
5322 {
5323     QObject *value = object_property_get_qobject(OBJECT(cpu), prop,
5324                                                  &error_abort);
5325 
5326     qdict_put_obj(props, prop, value);
5327 }
5328 
5329 /* Convert CPU model data from X86CPU object to a property dictionary
5330  * that can recreate exactly the same CPU model.
5331  */
5332 static void x86_cpu_to_dict(X86CPU *cpu, QDict *props)
5333 {
5334     QDict *sprops = x86_cpu_static_props();
5335     const QDictEntry *e;
5336 
5337     for (e = qdict_first(sprops); e; e = qdict_next(sprops, e)) {
5338         const char *prop = qdict_entry_key(e);
5339         x86_cpu_expand_prop(cpu, props, prop);
5340     }
5341 }
5342 
5343 /* Convert CPU model data from X86CPU object to a property dictionary
5344  * that can recreate exactly the same CPU model, including every
5345  * writeable QOM property.
5346  */
5347 static void x86_cpu_to_dict_full(X86CPU *cpu, QDict *props)
5348 {
5349     ObjectPropertyIterator iter;
5350     ObjectProperty *prop;
5351 
5352     object_property_iter_init(&iter, OBJECT(cpu));
5353     while ((prop = object_property_iter_next(&iter))) {
5354         /* skip read-only or write-only properties */
5355         if (!prop->get || !prop->set) {
5356             continue;
5357         }
5358 
5359         /* "hotplugged" is the only property that is configurable
5360          * on the command-line but will be set differently on CPUs
5361          * created using "-cpu ... -smp ..." and by CPUs created
5362          * on the fly by x86_cpu_from_model() for querying. Skip it.
5363          */
5364         if (!strcmp(prop->name, "hotplugged")) {
5365             continue;
5366         }
5367         x86_cpu_expand_prop(cpu, props, prop->name);
5368     }
5369 }
5370 
5371 static void object_apply_props(Object *obj, QDict *props, Error **errp)
5372 {
5373     const QDictEntry *prop;
5374 
5375     for (prop = qdict_first(props); prop; prop = qdict_next(props, prop)) {
5376         if (!object_property_set_qobject(obj, qdict_entry_key(prop),
5377                                          qdict_entry_value(prop), errp)) {
5378             break;
5379         }
5380     }
5381 }
5382 
5383 /* Create X86CPU object according to model+props specification */
5384 static X86CPU *x86_cpu_from_model(const char *model, QDict *props, Error **errp)
5385 {
5386     X86CPU *xc = NULL;
5387     X86CPUClass *xcc;
5388     Error *err = NULL;
5389 
5390     xcc = X86_CPU_CLASS(cpu_class_by_name(TYPE_X86_CPU, model));
5391     if (xcc == NULL) {
5392         error_setg(&err, "CPU model '%s' not found", model);
5393         goto out;
5394     }
5395 
5396     xc = X86_CPU(object_new_with_class(OBJECT_CLASS(xcc)));
5397     if (props) {
5398         object_apply_props(OBJECT(xc), props, &err);
5399         if (err) {
5400             goto out;
5401         }
5402     }
5403 
5404     x86_cpu_expand_features(xc, &err);
5405     if (err) {
5406         goto out;
5407     }
5408 
5409 out:
5410     if (err) {
5411         error_propagate(errp, err);
5412         object_unref(OBJECT(xc));
5413         xc = NULL;
5414     }
5415     return xc;
5416 }
5417 
5418 CpuModelExpansionInfo *
5419 qmp_query_cpu_model_expansion(CpuModelExpansionType type,
5420                                                       CpuModelInfo *model,
5421                                                       Error **errp)
5422 {
5423     X86CPU *xc = NULL;
5424     Error *err = NULL;
5425     CpuModelExpansionInfo *ret = g_new0(CpuModelExpansionInfo, 1);
5426     QDict *props = NULL;
5427     const char *base_name;
5428 
5429     xc = x86_cpu_from_model(model->name,
5430                             model->has_props ?
5431                                 qobject_to(QDict, model->props) :
5432                                 NULL, &err);
5433     if (err) {
5434         goto out;
5435     }
5436 
5437     props = qdict_new();
5438     ret->model = g_new0(CpuModelInfo, 1);
5439     ret->model->props = QOBJECT(props);
5440     ret->model->has_props = true;
5441 
5442     switch (type) {
5443     case CPU_MODEL_EXPANSION_TYPE_STATIC:
5444         /* Static expansion will be based on "base" only */
5445         base_name = "base";
5446         x86_cpu_to_dict(xc, props);
5447     break;
5448     case CPU_MODEL_EXPANSION_TYPE_FULL:
5449         /* As we don't return every single property, full expansion needs
5450          * to keep the original model name+props, and add extra
5451          * properties on top of that.
5452          */
5453         base_name = model->name;
5454         x86_cpu_to_dict_full(xc, props);
5455     break;
5456     default:
5457         error_setg(&err, "Unsupported expansion type");
5458         goto out;
5459     }
5460 
5461     x86_cpu_to_dict(xc, props);
5462 
5463     ret->model->name = g_strdup(base_name);
5464 
5465 out:
5466     object_unref(OBJECT(xc));
5467     if (err) {
5468         error_propagate(errp, err);
5469         qapi_free_CpuModelExpansionInfo(ret);
5470         ret = NULL;
5471     }
5472     return ret;
5473 }
5474 #endif  /* !CONFIG_USER_ONLY */
5475 
5476 static gchar *x86_gdb_arch_name(CPUState *cs)
5477 {
5478 #ifdef TARGET_X86_64
5479     return g_strdup("i386:x86-64");
5480 #else
5481     return g_strdup("i386");
5482 #endif
5483 }
5484 
5485 static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
5486 {
5487     X86CPUModel *model = data;
5488     X86CPUClass *xcc = X86_CPU_CLASS(oc);
5489 
5490     xcc->model = model;
5491     xcc->migration_safe = true;
5492 }
5493 
5494 static void x86_register_cpu_model_type(const char *name, X86CPUModel *model)
5495 {
5496     g_autofree char *typename = x86_cpu_type_name(name);
5497     TypeInfo ti = {
5498         .name = typename,
5499         .parent = TYPE_X86_CPU,
5500         .class_init = x86_cpu_cpudef_class_init,
5501         .class_data = model,
5502     };
5503 
5504     type_register(&ti);
5505 }
5506 
5507 static void x86_register_cpudef_types(X86CPUDefinition *def)
5508 {
5509     X86CPUModel *m;
5510     const X86CPUVersionDefinition *vdef;
5511 
5512     /* AMD aliases are handled at runtime based on CPUID vendor, so
5513      * they shouldn't be set on the CPU model table.
5514      */
5515     assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
5516     /* catch mistakes instead of silently truncating model_id when too long */
5517     assert(def->model_id && strlen(def->model_id) <= 48);
5518 
5519     /* Unversioned model: */
5520     m = g_new0(X86CPUModel, 1);
5521     m->cpudef = def;
5522     m->version = CPU_VERSION_AUTO;
5523     m->is_alias = true;
5524     x86_register_cpu_model_type(def->name, m);
5525 
5526     /* Versioned models: */
5527 
5528     for (vdef = x86_cpu_def_get_versions(def); vdef->version; vdef++) {
5529         X86CPUModel *m = g_new0(X86CPUModel, 1);
5530         g_autofree char *name =
5531             x86_cpu_versioned_model_name(def, vdef->version);
5532         m->cpudef = def;
5533         m->version = vdef->version;
5534         m->note = vdef->note;
5535         x86_register_cpu_model_type(name, m);
5536 
5537         if (vdef->alias) {
5538             X86CPUModel *am = g_new0(X86CPUModel, 1);
5539             am->cpudef = def;
5540             am->version = vdef->version;
5541             am->is_alias = true;
5542             x86_register_cpu_model_type(vdef->alias, am);
5543         }
5544     }
5545 
5546 }
5547 
5548 #if !defined(CONFIG_USER_ONLY)
5549 
5550 void cpu_clear_apic_feature(CPUX86State *env)
5551 {
5552     env->features[FEAT_1_EDX] &= ~CPUID_APIC;
5553 }
5554 
5555 #endif /* !CONFIG_USER_ONLY */
5556 
5557 void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
5558                    uint32_t *eax, uint32_t *ebx,
5559                    uint32_t *ecx, uint32_t *edx)
5560 {
5561     X86CPU *cpu = env_archcpu(env);
5562     CPUState *cs = env_cpu(env);
5563     uint32_t die_offset;
5564     uint32_t limit;
5565     uint32_t signature[3];
5566     X86CPUTopoInfo topo_info;
5567 
5568     topo_info.dies_per_pkg = env->nr_dies;
5569     topo_info.cores_per_die = cs->nr_cores;
5570     topo_info.threads_per_core = cs->nr_threads;
5571 
5572     /* Calculate & apply limits for different index ranges */
5573     if (index >= 0xC0000000) {
5574         limit = env->cpuid_xlevel2;
5575     } else if (index >= 0x80000000) {
5576         limit = env->cpuid_xlevel;
5577     } else if (index >= 0x40000000) {
5578         limit = 0x40000001;
5579     } else {
5580         limit = env->cpuid_level;
5581     }
5582 
5583     if (index > limit) {
5584         /* Intel documentation states that invalid EAX input will
5585          * return the same information as EAX=cpuid_level
5586          * (Intel SDM Vol. 2A - Instruction Set Reference - CPUID)
5587          */
5588         index = env->cpuid_level;
5589     }
5590 
5591     switch(index) {
5592     case 0:
5593         *eax = env->cpuid_level;
5594         *ebx = env->cpuid_vendor1;
5595         *edx = env->cpuid_vendor2;
5596         *ecx = env->cpuid_vendor3;
5597         break;
5598     case 1:
5599         *eax = env->cpuid_version;
5600         *ebx = (cpu->apic_id << 24) |
5601                8 << 8; /* CLFLUSH size in quad words, Linux wants it. */
5602         *ecx = env->features[FEAT_1_ECX];
5603         if ((*ecx & CPUID_EXT_XSAVE) && (env->cr[4] & CR4_OSXSAVE_MASK)) {
5604             *ecx |= CPUID_EXT_OSXSAVE;
5605         }
5606         *edx = env->features[FEAT_1_EDX];
5607         if (cs->nr_cores * cs->nr_threads > 1) {
5608             *ebx |= (cs->nr_cores * cs->nr_threads) << 16;
5609             *edx |= CPUID_HT;
5610         }
5611         if (!cpu->enable_pmu) {
5612             *ecx &= ~CPUID_EXT_PDCM;
5613         }
5614         break;
5615     case 2:
5616         /* cache info: needed for Pentium Pro compatibility */
5617         if (cpu->cache_info_passthrough) {
5618             host_cpuid(index, 0, eax, ebx, ecx, edx);
5619             break;
5620         }
5621         *eax = 1; /* Number of CPUID[EAX=2] calls required */
5622         *ebx = 0;
5623         if (!cpu->enable_l3_cache) {
5624             *ecx = 0;
5625         } else {
5626             *ecx = cpuid2_cache_descriptor(env->cache_info_cpuid2.l3_cache);
5627         }
5628         *edx = (cpuid2_cache_descriptor(env->cache_info_cpuid2.l1d_cache) << 16) |
5629                (cpuid2_cache_descriptor(env->cache_info_cpuid2.l1i_cache) <<  8) |
5630                (cpuid2_cache_descriptor(env->cache_info_cpuid2.l2_cache));
5631         break;
5632     case 4:
5633         /* cache info: needed for Core compatibility */
5634         if (cpu->cache_info_passthrough) {
5635             host_cpuid(index, count, eax, ebx, ecx, edx);
5636             /* QEMU gives out its own APIC IDs, never pass down bits 31..26.  */
5637             *eax &= ~0xFC000000;
5638             if ((*eax & 31) && cs->nr_cores > 1) {
5639                 *eax |= (cs->nr_cores - 1) << 26;
5640             }
5641         } else {
5642             *eax = 0;
5643             switch (count) {
5644             case 0: /* L1 dcache info */
5645                 encode_cache_cpuid4(env->cache_info_cpuid4.l1d_cache,
5646                                     1, cs->nr_cores,
5647                                     eax, ebx, ecx, edx);
5648                 break;
5649             case 1: /* L1 icache info */
5650                 encode_cache_cpuid4(env->cache_info_cpuid4.l1i_cache,
5651                                     1, cs->nr_cores,
5652                                     eax, ebx, ecx, edx);
5653                 break;
5654             case 2: /* L2 cache info */
5655                 encode_cache_cpuid4(env->cache_info_cpuid4.l2_cache,
5656                                     cs->nr_threads, cs->nr_cores,
5657                                     eax, ebx, ecx, edx);
5658                 break;
5659             case 3: /* L3 cache info */
5660                 die_offset = apicid_die_offset(&topo_info);
5661                 if (cpu->enable_l3_cache) {
5662                     encode_cache_cpuid4(env->cache_info_cpuid4.l3_cache,
5663                                         (1 << die_offset), cs->nr_cores,
5664                                         eax, ebx, ecx, edx);
5665                     break;
5666                 }
5667                 /* fall through */
5668             default: /* end of info */
5669                 *eax = *ebx = *ecx = *edx = 0;
5670                 break;
5671             }
5672         }
5673         break;
5674     case 5:
5675         /* MONITOR/MWAIT Leaf */
5676         *eax = cpu->mwait.eax; /* Smallest monitor-line size in bytes */
5677         *ebx = cpu->mwait.ebx; /* Largest monitor-line size in bytes */
5678         *ecx = cpu->mwait.ecx; /* flags */
5679         *edx = cpu->mwait.edx; /* mwait substates */
5680         break;
5681     case 6:
5682         /* Thermal and Power Leaf */
5683         *eax = env->features[FEAT_6_EAX];
5684         *ebx = 0;
5685         *ecx = 0;
5686         *edx = 0;
5687         break;
5688     case 7:
5689         /* Structured Extended Feature Flags Enumeration Leaf */
5690         if (count == 0) {
5691             /* Maximum ECX value for sub-leaves */
5692             *eax = env->cpuid_level_func7;
5693             *ebx = env->features[FEAT_7_0_EBX]; /* Feature flags */
5694             *ecx = env->features[FEAT_7_0_ECX]; /* Feature flags */
5695             if ((*ecx & CPUID_7_0_ECX_PKU) && env->cr[4] & CR4_PKE_MASK) {
5696                 *ecx |= CPUID_7_0_ECX_OSPKE;
5697             }
5698             *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
5699         } else if (count == 1) {
5700             *eax = env->features[FEAT_7_1_EAX];
5701             *ebx = 0;
5702             *ecx = 0;
5703             *edx = 0;
5704         } else {
5705             *eax = 0;
5706             *ebx = 0;
5707             *ecx = 0;
5708             *edx = 0;
5709         }
5710         break;
5711     case 9:
5712         /* Direct Cache Access Information Leaf */
5713         *eax = 0; /* Bits 0-31 in DCA_CAP MSR */
5714         *ebx = 0;
5715         *ecx = 0;
5716         *edx = 0;
5717         break;
5718     case 0xA:
5719         /* Architectural Performance Monitoring Leaf */
5720         if (kvm_enabled() && cpu->enable_pmu) {
5721             KVMState *s = cs->kvm_state;
5722 
5723             *eax = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EAX);
5724             *ebx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EBX);
5725             *ecx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_ECX);
5726             *edx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EDX);
5727         } else if (hvf_enabled() && cpu->enable_pmu) {
5728             *eax = hvf_get_supported_cpuid(0xA, count, R_EAX);
5729             *ebx = hvf_get_supported_cpuid(0xA, count, R_EBX);
5730             *ecx = hvf_get_supported_cpuid(0xA, count, R_ECX);
5731             *edx = hvf_get_supported_cpuid(0xA, count, R_EDX);
5732         } else {
5733             *eax = 0;
5734             *ebx = 0;
5735             *ecx = 0;
5736             *edx = 0;
5737         }
5738         break;
5739     case 0xB:
5740         /* Extended Topology Enumeration Leaf */
5741         if (!cpu->enable_cpuid_0xb) {
5742                 *eax = *ebx = *ecx = *edx = 0;
5743                 break;
5744         }
5745 
5746         *ecx = count & 0xff;
5747         *edx = cpu->apic_id;
5748 
5749         switch (count) {
5750         case 0:
5751             *eax = apicid_core_offset(&topo_info);
5752             *ebx = cs->nr_threads;
5753             *ecx |= CPUID_TOPOLOGY_LEVEL_SMT;
5754             break;
5755         case 1:
5756             *eax = apicid_pkg_offset(&topo_info);
5757             *ebx = cs->nr_cores * cs->nr_threads;
5758             *ecx |= CPUID_TOPOLOGY_LEVEL_CORE;
5759             break;
5760         default:
5761             *eax = 0;
5762             *ebx = 0;
5763             *ecx |= CPUID_TOPOLOGY_LEVEL_INVALID;
5764         }
5765 
5766         assert(!(*eax & ~0x1f));
5767         *ebx &= 0xffff; /* The count doesn't need to be reliable. */
5768         break;
5769     case 0x1F:
5770         /* V2 Extended Topology Enumeration Leaf */
5771         if (env->nr_dies < 2) {
5772             *eax = *ebx = *ecx = *edx = 0;
5773             break;
5774         }
5775 
5776         *ecx = count & 0xff;
5777         *edx = cpu->apic_id;
5778         switch (count) {
5779         case 0:
5780             *eax = apicid_core_offset(&topo_info);
5781             *ebx = cs->nr_threads;
5782             *ecx |= CPUID_TOPOLOGY_LEVEL_SMT;
5783             break;
5784         case 1:
5785             *eax = apicid_die_offset(&topo_info);
5786             *ebx = cs->nr_cores * cs->nr_threads;
5787             *ecx |= CPUID_TOPOLOGY_LEVEL_CORE;
5788             break;
5789         case 2:
5790             *eax = apicid_pkg_offset(&topo_info);
5791             *ebx = env->nr_dies * cs->nr_cores * cs->nr_threads;
5792             *ecx |= CPUID_TOPOLOGY_LEVEL_DIE;
5793             break;
5794         default:
5795             *eax = 0;
5796             *ebx = 0;
5797             *ecx |= CPUID_TOPOLOGY_LEVEL_INVALID;
5798         }
5799         assert(!(*eax & ~0x1f));
5800         *ebx &= 0xffff; /* The count doesn't need to be reliable. */
5801         break;
5802     case 0xD: {
5803         /* Processor Extended State */
5804         *eax = 0;
5805         *ebx = 0;
5806         *ecx = 0;
5807         *edx = 0;
5808         if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
5809             break;
5810         }
5811 
5812         if (count == 0) {
5813             *ecx = xsave_area_size(x86_cpu_xsave_components(cpu));
5814             *eax = env->features[FEAT_XSAVE_COMP_LO];
5815             *edx = env->features[FEAT_XSAVE_COMP_HI];
5816             /*
5817              * The initial value of xcr0 and ebx == 0, On host without kvm
5818              * commit 412a3c41(e.g., CentOS 6), the ebx's value always == 0
5819              * even through guest update xcr0, this will crash some legacy guest
5820              * (e.g., CentOS 6), So set ebx == ecx to workaroud it.
5821              */
5822             *ebx = kvm_enabled() ? *ecx : xsave_area_size(env->xcr0);
5823         } else if (count == 1) {
5824             *eax = env->features[FEAT_XSAVE];
5825         } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
5826             if ((x86_cpu_xsave_components(cpu) >> count) & 1) {
5827                 const ExtSaveArea *esa = &x86_ext_save_areas[count];
5828                 *eax = esa->size;
5829                 *ebx = esa->offset;
5830             }
5831         }
5832         break;
5833     }
5834     case 0x14: {
5835         /* Intel Processor Trace Enumeration */
5836         *eax = 0;
5837         *ebx = 0;
5838         *ecx = 0;
5839         *edx = 0;
5840         if (!(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) ||
5841             !kvm_enabled()) {
5842             break;
5843         }
5844 
5845         if (count == 0) {
5846             *eax = INTEL_PT_MAX_SUBLEAF;
5847             *ebx = INTEL_PT_MINIMAL_EBX;
5848             *ecx = INTEL_PT_MINIMAL_ECX;
5849         } else if (count == 1) {
5850             *eax = INTEL_PT_MTC_BITMAP | INTEL_PT_ADDR_RANGES_NUM;
5851             *ebx = INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP;
5852         }
5853         break;
5854     }
5855     case 0x40000000:
5856         /*
5857          * CPUID code in kvm_arch_init_vcpu() ignores stuff
5858          * set here, but we restrict to TCG none the less.
5859          */
5860         if (tcg_enabled() && cpu->expose_tcg) {
5861             memcpy(signature, "TCGTCGTCGTCG", 12);
5862             *eax = 0x40000001;
5863             *ebx = signature[0];
5864             *ecx = signature[1];
5865             *edx = signature[2];
5866         } else {
5867             *eax = 0;
5868             *ebx = 0;
5869             *ecx = 0;
5870             *edx = 0;
5871         }
5872         break;
5873     case 0x40000001:
5874         *eax = 0;
5875         *ebx = 0;
5876         *ecx = 0;
5877         *edx = 0;
5878         break;
5879     case 0x80000000:
5880         *eax = env->cpuid_xlevel;
5881         *ebx = env->cpuid_vendor1;
5882         *edx = env->cpuid_vendor2;
5883         *ecx = env->cpuid_vendor3;
5884         break;
5885     case 0x80000001:
5886         *eax = env->cpuid_version;
5887         *ebx = 0;
5888         *ecx = env->features[FEAT_8000_0001_ECX];
5889         *edx = env->features[FEAT_8000_0001_EDX];
5890 
5891         /* The Linux kernel checks for the CMPLegacy bit and
5892          * discards multiple thread information if it is set.
5893          * So don't set it here for Intel to make Linux guests happy.
5894          */
5895         if (cs->nr_cores * cs->nr_threads > 1) {
5896             if (env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1 ||
5897                 env->cpuid_vendor2 != CPUID_VENDOR_INTEL_2 ||
5898                 env->cpuid_vendor3 != CPUID_VENDOR_INTEL_3) {
5899                 *ecx |= 1 << 1;    /* CmpLegacy bit */
5900             }
5901         }
5902         break;
5903     case 0x80000002:
5904     case 0x80000003:
5905     case 0x80000004:
5906         *eax = env->cpuid_model[(index - 0x80000002) * 4 + 0];
5907         *ebx = env->cpuid_model[(index - 0x80000002) * 4 + 1];
5908         *ecx = env->cpuid_model[(index - 0x80000002) * 4 + 2];
5909         *edx = env->cpuid_model[(index - 0x80000002) * 4 + 3];
5910         break;
5911     case 0x80000005:
5912         /* cache info (L1 cache) */
5913         if (cpu->cache_info_passthrough) {
5914             host_cpuid(index, 0, eax, ebx, ecx, edx);
5915             break;
5916         }
5917         *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) |
5918                (L1_ITLB_2M_ASSOC <<  8) | (L1_ITLB_2M_ENTRIES);
5919         *ebx = (L1_DTLB_4K_ASSOC << 24) | (L1_DTLB_4K_ENTRIES << 16) |
5920                (L1_ITLB_4K_ASSOC <<  8) | (L1_ITLB_4K_ENTRIES);
5921         *ecx = encode_cache_cpuid80000005(env->cache_info_amd.l1d_cache);
5922         *edx = encode_cache_cpuid80000005(env->cache_info_amd.l1i_cache);
5923         break;
5924     case 0x80000006:
5925         /* cache info (L2 cache) */
5926         if (cpu->cache_info_passthrough) {
5927             host_cpuid(index, 0, eax, ebx, ecx, edx);
5928             break;
5929         }
5930         *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) |
5931                (L2_DTLB_2M_ENTRIES << 16) |
5932                (AMD_ENC_ASSOC(L2_ITLB_2M_ASSOC) << 12) |
5933                (L2_ITLB_2M_ENTRIES);
5934         *ebx = (AMD_ENC_ASSOC(L2_DTLB_4K_ASSOC) << 28) |
5935                (L2_DTLB_4K_ENTRIES << 16) |
5936                (AMD_ENC_ASSOC(L2_ITLB_4K_ASSOC) << 12) |
5937                (L2_ITLB_4K_ENTRIES);
5938         encode_cache_cpuid80000006(env->cache_info_amd.l2_cache,
5939                                    cpu->enable_l3_cache ?
5940                                    env->cache_info_amd.l3_cache : NULL,
5941                                    ecx, edx);
5942         break;
5943     case 0x80000007:
5944         *eax = 0;
5945         *ebx = 0;
5946         *ecx = 0;
5947         *edx = env->features[FEAT_8000_0007_EDX];
5948         break;
5949     case 0x80000008:
5950         /* virtual & phys address size in low 2 bytes. */
5951         if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
5952             /* 64 bit processor */
5953             *eax = cpu->phys_bits; /* configurable physical bits */
5954             if  (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_LA57) {
5955                 *eax |= 0x00003900; /* 57 bits virtual */
5956             } else {
5957                 *eax |= 0x00003000; /* 48 bits virtual */
5958             }
5959         } else {
5960             *eax = cpu->phys_bits;
5961         }
5962         *ebx = env->features[FEAT_8000_0008_EBX];
5963         if (cs->nr_cores * cs->nr_threads > 1) {
5964             /*
5965              * Bits 15:12 is "The number of bits in the initial
5966              * Core::X86::Apic::ApicId[ApicId] value that indicate
5967              * thread ID within a package".
5968              * Bits 7:0 is "The number of threads in the package is NC+1"
5969              */
5970             *ecx = (apicid_pkg_offset(&topo_info) << 12) |
5971                    ((cs->nr_cores * cs->nr_threads) - 1);
5972         } else {
5973             *ecx = 0;
5974         }
5975         *edx = 0;
5976         break;
5977     case 0x8000000A:
5978         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
5979             *eax = 0x00000001; /* SVM Revision */
5980             *ebx = 0x00000010; /* nr of ASIDs */
5981             *ecx = 0;
5982             *edx = env->features[FEAT_SVM]; /* optional features */
5983         } else {
5984             *eax = 0;
5985             *ebx = 0;
5986             *ecx = 0;
5987             *edx = 0;
5988         }
5989         break;
5990     case 0x8000001D:
5991         *eax = 0;
5992         if (cpu->cache_info_passthrough) {
5993             host_cpuid(index, count, eax, ebx, ecx, edx);
5994             break;
5995         }
5996         switch (count) {
5997         case 0: /* L1 dcache info */
5998             encode_cache_cpuid8000001d(env->cache_info_amd.l1d_cache, cs,
5999                                        eax, ebx, ecx, edx);
6000             break;
6001         case 1: /* L1 icache info */
6002             encode_cache_cpuid8000001d(env->cache_info_amd.l1i_cache, cs,
6003                                        eax, ebx, ecx, edx);
6004             break;
6005         case 2: /* L2 cache info */
6006             encode_cache_cpuid8000001d(env->cache_info_amd.l2_cache, cs,
6007                                        eax, ebx, ecx, edx);
6008             break;
6009         case 3: /* L3 cache info */
6010             encode_cache_cpuid8000001d(env->cache_info_amd.l3_cache, cs,
6011                                        eax, ebx, ecx, edx);
6012             break;
6013         default: /* end of info */
6014             *eax = *ebx = *ecx = *edx = 0;
6015             break;
6016         }
6017         break;
6018     case 0x8000001E:
6019         assert(cpu->core_id <= 255);
6020         encode_topo_cpuid8000001e(cs, cpu,
6021                                   eax, ebx, ecx, edx);
6022         break;
6023     case 0xC0000000:
6024         *eax = env->cpuid_xlevel2;
6025         *ebx = 0;
6026         *ecx = 0;
6027         *edx = 0;
6028         break;
6029     case 0xC0000001:
6030         /* Support for VIA CPU's CPUID instruction */
6031         *eax = env->cpuid_version;
6032         *ebx = 0;
6033         *ecx = 0;
6034         *edx = env->features[FEAT_C000_0001_EDX];
6035         break;
6036     case 0xC0000002:
6037     case 0xC0000003:
6038     case 0xC0000004:
6039         /* Reserved for the future, and now filled with zero */
6040         *eax = 0;
6041         *ebx = 0;
6042         *ecx = 0;
6043         *edx = 0;
6044         break;
6045     case 0x8000001F:
6046         *eax = sev_enabled() ? 0x2 : 0;
6047         *ebx = sev_get_cbit_position();
6048         *ebx |= sev_get_reduced_phys_bits() << 6;
6049         *ecx = 0;
6050         *edx = 0;
6051         break;
6052     default:
6053         /* reserved values: zero */
6054         *eax = 0;
6055         *ebx = 0;
6056         *ecx = 0;
6057         *edx = 0;
6058         break;
6059     }
6060 }
6061 
6062 static void x86_cpu_reset(DeviceState *dev)
6063 {
6064     CPUState *s = CPU(dev);
6065     X86CPU *cpu = X86_CPU(s);
6066     X86CPUClass *xcc = X86_CPU_GET_CLASS(cpu);
6067     CPUX86State *env = &cpu->env;
6068     target_ulong cr4;
6069     uint64_t xcr0;
6070     int i;
6071 
6072     xcc->parent_reset(dev);
6073 
6074     memset(env, 0, offsetof(CPUX86State, end_reset_fields));
6075 
6076     env->old_exception = -1;
6077 
6078     /* init to reset state */
6079 
6080     env->hflags2 |= HF2_GIF_MASK;
6081     env->hflags &= ~HF_GUEST_MASK;
6082 
6083     cpu_x86_update_cr0(env, 0x60000010);
6084     env->a20_mask = ~0x0;
6085     env->smbase = 0x30000;
6086     env->msr_smi_count = 0;
6087 
6088     env->idt.limit = 0xffff;
6089     env->gdt.limit = 0xffff;
6090     env->ldt.limit = 0xffff;
6091     env->ldt.flags = DESC_P_MASK | (2 << DESC_TYPE_SHIFT);
6092     env->tr.limit = 0xffff;
6093     env->tr.flags = DESC_P_MASK | (11 << DESC_TYPE_SHIFT);
6094 
6095     cpu_x86_load_seg_cache(env, R_CS, 0xf000, 0xffff0000, 0xffff,
6096                            DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
6097                            DESC_R_MASK | DESC_A_MASK);
6098     cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffff,
6099                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
6100                            DESC_A_MASK);
6101     cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0xffff,
6102                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
6103                            DESC_A_MASK);
6104     cpu_x86_load_seg_cache(env, R_SS, 0, 0, 0xffff,
6105                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
6106                            DESC_A_MASK);
6107     cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0xffff,
6108                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
6109                            DESC_A_MASK);
6110     cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0xffff,
6111                            DESC_P_MASK | DESC_S_MASK | DESC_W_MASK |
6112                            DESC_A_MASK);
6113 
6114     env->eip = 0xfff0;
6115     env->regs[R_EDX] = env->cpuid_version;
6116 
6117     env->eflags = 0x2;
6118 
6119     /* FPU init */
6120     for (i = 0; i < 8; i++) {
6121         env->fptags[i] = 1;
6122     }
6123     cpu_set_fpuc(env, 0x37f);
6124 
6125     env->mxcsr = 0x1f80;
6126     /* All units are in INIT state.  */
6127     env->xstate_bv = 0;
6128 
6129     env->pat = 0x0007040600070406ULL;
6130     env->msr_ia32_misc_enable = MSR_IA32_MISC_ENABLE_DEFAULT;
6131     if (env->features[FEAT_1_ECX] & CPUID_EXT_MONITOR) {
6132         env->msr_ia32_misc_enable |= MSR_IA32_MISC_ENABLE_MWAIT;
6133     }
6134 
6135     memset(env->dr, 0, sizeof(env->dr));
6136     env->dr[6] = DR6_FIXED_1;
6137     env->dr[7] = DR7_FIXED_1;
6138     cpu_breakpoint_remove_all(s, BP_CPU);
6139     cpu_watchpoint_remove_all(s, BP_CPU);
6140 
6141     cr4 = 0;
6142     xcr0 = XSTATE_FP_MASK;
6143 
6144 #ifdef CONFIG_USER_ONLY
6145     /* Enable all the features for user-mode.  */
6146     if (env->features[FEAT_1_EDX] & CPUID_SSE) {
6147         xcr0 |= XSTATE_SSE_MASK;
6148     }
6149     for (i = 2; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
6150         const ExtSaveArea *esa = &x86_ext_save_areas[i];
6151         if (env->features[esa->feature] & esa->bits) {
6152             xcr0 |= 1ull << i;
6153         }
6154     }
6155 
6156     if (env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) {
6157         cr4 |= CR4_OSFXSR_MASK | CR4_OSXSAVE_MASK;
6158     }
6159     if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_FSGSBASE) {
6160         cr4 |= CR4_FSGSBASE_MASK;
6161     }
6162 #endif
6163 
6164     env->xcr0 = xcr0;
6165     cpu_x86_update_cr4(env, cr4);
6166 
6167     /*
6168      * SDM 11.11.5 requires:
6169      *  - IA32_MTRR_DEF_TYPE MSR.E = 0
6170      *  - IA32_MTRR_PHYSMASKn.V = 0
6171      * All other bits are undefined.  For simplification, zero it all.
6172      */
6173     env->mtrr_deftype = 0;
6174     memset(env->mtrr_var, 0, sizeof(env->mtrr_var));
6175     memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
6176 
6177     env->interrupt_injected = -1;
6178     env->exception_nr = -1;
6179     env->exception_pending = 0;
6180     env->exception_injected = 0;
6181     env->exception_has_payload = false;
6182     env->exception_payload = 0;
6183     env->nmi_injected = false;
6184 #if !defined(CONFIG_USER_ONLY)
6185     /* We hard-wire the BSP to the first CPU. */
6186     apic_designate_bsp(cpu->apic_state, s->cpu_index == 0);
6187 
6188     s->halted = !cpu_is_bsp(cpu);
6189 
6190     if (kvm_enabled()) {
6191         kvm_arch_reset_vcpu(cpu);
6192     }
6193 #endif
6194 }
6195 
6196 #ifndef CONFIG_USER_ONLY
6197 bool cpu_is_bsp(X86CPU *cpu)
6198 {
6199     return cpu_get_apic_base(cpu->apic_state) & MSR_IA32_APICBASE_BSP;
6200 }
6201 
6202 /* TODO: remove me, when reset over QOM tree is implemented */
6203 static void x86_cpu_machine_reset_cb(void *opaque)
6204 {
6205     X86CPU *cpu = opaque;
6206     cpu_reset(CPU(cpu));
6207 }
6208 #endif
6209 
6210 static void mce_init(X86CPU *cpu)
6211 {
6212     CPUX86State *cenv = &cpu->env;
6213     unsigned int bank;
6214 
6215     if (((cenv->cpuid_version >> 8) & 0xf) >= 6
6216         && (cenv->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
6217             (CPUID_MCE | CPUID_MCA)) {
6218         cenv->mcg_cap = MCE_CAP_DEF | MCE_BANKS_DEF |
6219                         (cpu->enable_lmce ? MCG_LMCE_P : 0);
6220         cenv->mcg_ctl = ~(uint64_t)0;
6221         for (bank = 0; bank < MCE_BANKS_DEF; bank++) {
6222             cenv->mce_banks[bank * 4] = ~(uint64_t)0;
6223         }
6224     }
6225 }
6226 
6227 #ifndef CONFIG_USER_ONLY
6228 APICCommonClass *apic_get_class(void)
6229 {
6230     const char *apic_type = "apic";
6231 
6232     /* TODO: in-kernel irqchip for hvf */
6233     if (kvm_apic_in_kernel()) {
6234         apic_type = "kvm-apic";
6235     } else if (xen_enabled()) {
6236         apic_type = "xen-apic";
6237     }
6238 
6239     return APIC_COMMON_CLASS(object_class_by_name(apic_type));
6240 }
6241 
6242 static void x86_cpu_apic_create(X86CPU *cpu, Error **errp)
6243 {
6244     APICCommonState *apic;
6245     ObjectClass *apic_class = OBJECT_CLASS(apic_get_class());
6246 
6247     cpu->apic_state = DEVICE(object_new_with_class(apic_class));
6248 
6249     object_property_add_child(OBJECT(cpu), "lapic",
6250                               OBJECT(cpu->apic_state));
6251     object_unref(OBJECT(cpu->apic_state));
6252 
6253     qdev_prop_set_uint32(cpu->apic_state, "id", cpu->apic_id);
6254     /* TODO: convert to link<> */
6255     apic = APIC_COMMON(cpu->apic_state);
6256     apic->cpu = cpu;
6257     apic->apicbase = APIC_DEFAULT_ADDRESS | MSR_IA32_APICBASE_ENABLE;
6258 }
6259 
6260 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
6261 {
6262     APICCommonState *apic;
6263     static bool apic_mmio_map_once;
6264 
6265     if (cpu->apic_state == NULL) {
6266         return;
6267     }
6268     qdev_realize(DEVICE(cpu->apic_state), NULL, errp);
6269 
6270     /* Map APIC MMIO area */
6271     apic = APIC_COMMON(cpu->apic_state);
6272     if (!apic_mmio_map_once) {
6273         memory_region_add_subregion_overlap(get_system_memory(),
6274                                             apic->apicbase &
6275                                             MSR_IA32_APICBASE_BASE,
6276                                             &apic->io_memory,
6277                                             0x1000);
6278         apic_mmio_map_once = true;
6279      }
6280 }
6281 
6282 static void x86_cpu_machine_done(Notifier *n, void *unused)
6283 {
6284     X86CPU *cpu = container_of(n, X86CPU, machine_done);
6285     MemoryRegion *smram =
6286         (MemoryRegion *) object_resolve_path("/machine/smram", NULL);
6287 
6288     if (smram) {
6289         cpu->smram = g_new(MemoryRegion, 1);
6290         memory_region_init_alias(cpu->smram, OBJECT(cpu), "smram",
6291                                  smram, 0, 4 * GiB);
6292         memory_region_set_enabled(cpu->smram, true);
6293         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->smram, 1);
6294     }
6295 }
6296 #else
6297 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
6298 {
6299 }
6300 #endif
6301 
6302 /* Note: Only safe for use on x86(-64) hosts */
6303 static uint32_t x86_host_phys_bits(void)
6304 {
6305     uint32_t eax;
6306     uint32_t host_phys_bits;
6307 
6308     host_cpuid(0x80000000, 0, &eax, NULL, NULL, NULL);
6309     if (eax >= 0x80000008) {
6310         host_cpuid(0x80000008, 0, &eax, NULL, NULL, NULL);
6311         /* Note: According to AMD doc 25481 rev 2.34 they have a field
6312          * at 23:16 that can specify a maximum physical address bits for
6313          * the guest that can override this value; but I've not seen
6314          * anything with that set.
6315          */
6316         host_phys_bits = eax & 0xff;
6317     } else {
6318         /* It's an odd 64 bit machine that doesn't have the leaf for
6319          * physical address bits; fall back to 36 that's most older
6320          * Intel.
6321          */
6322         host_phys_bits = 36;
6323     }
6324 
6325     return host_phys_bits;
6326 }
6327 
6328 static void x86_cpu_adjust_level(X86CPU *cpu, uint32_t *min, uint32_t value)
6329 {
6330     if (*min < value) {
6331         *min = value;
6332     }
6333 }
6334 
6335 /* Increase cpuid_min_{level,xlevel,xlevel2} automatically, if appropriate */
6336 static void x86_cpu_adjust_feat_level(X86CPU *cpu, FeatureWord w)
6337 {
6338     CPUX86State *env = &cpu->env;
6339     FeatureWordInfo *fi = &feature_word_info[w];
6340     uint32_t eax = fi->cpuid.eax;
6341     uint32_t region = eax & 0xF0000000;
6342 
6343     assert(feature_word_info[w].type == CPUID_FEATURE_WORD);
6344     if (!env->features[w]) {
6345         return;
6346     }
6347 
6348     switch (region) {
6349     case 0x00000000:
6350         x86_cpu_adjust_level(cpu, &env->cpuid_min_level, eax);
6351     break;
6352     case 0x80000000:
6353         x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, eax);
6354     break;
6355     case 0xC0000000:
6356         x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel2, eax);
6357     break;
6358     }
6359 
6360     if (eax == 7) {
6361         x86_cpu_adjust_level(cpu, &env->cpuid_min_level_func7,
6362                              fi->cpuid.ecx);
6363     }
6364 }
6365 
6366 /* Calculate XSAVE components based on the configured CPU feature flags */
6367 static void x86_cpu_enable_xsave_components(X86CPU *cpu)
6368 {
6369     CPUX86State *env = &cpu->env;
6370     int i;
6371     uint64_t mask;
6372 
6373     if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
6374         return;
6375     }
6376 
6377     mask = 0;
6378     for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) {
6379         const ExtSaveArea *esa = &x86_ext_save_areas[i];
6380         if (env->features[esa->feature] & esa->bits) {
6381             mask |= (1ULL << i);
6382         }
6383     }
6384 
6385     env->features[FEAT_XSAVE_COMP_LO] = mask;
6386     env->features[FEAT_XSAVE_COMP_HI] = mask >> 32;
6387 }
6388 
6389 /***** Steps involved on loading and filtering CPUID data
6390  *
6391  * When initializing and realizing a CPU object, the steps
6392  * involved in setting up CPUID data are:
6393  *
6394  * 1) Loading CPU model definition (X86CPUDefinition). This is
6395  *    implemented by x86_cpu_load_model() and should be completely
6396  *    transparent, as it is done automatically by instance_init.
6397  *    No code should need to look at X86CPUDefinition structs
6398  *    outside instance_init.
6399  *
6400  * 2) CPU expansion. This is done by realize before CPUID
6401  *    filtering, and will make sure host/accelerator data is
6402  *    loaded for CPU models that depend on host capabilities
6403  *    (e.g. "host"). Done by x86_cpu_expand_features().
6404  *
6405  * 3) CPUID filtering. This initializes extra data related to
6406  *    CPUID, and checks if the host supports all capabilities
6407  *    required by the CPU. Runnability of a CPU model is
6408  *    determined at this step. Done by x86_cpu_filter_features().
6409  *
6410  * Some operations don't require all steps to be performed.
6411  * More precisely:
6412  *
6413  * - CPU instance creation (instance_init) will run only CPU
6414  *   model loading. CPU expansion can't run at instance_init-time
6415  *   because host/accelerator data may be not available yet.
6416  * - CPU realization will perform both CPU model expansion and CPUID
6417  *   filtering, and return an error in case one of them fails.
6418  * - query-cpu-definitions needs to run all 3 steps. It needs
6419  *   to run CPUID filtering, as the 'unavailable-features'
6420  *   field is set based on the filtering results.
6421  * - The query-cpu-model-expansion QMP command only needs to run
6422  *   CPU model loading and CPU expansion. It should not filter
6423  *   any CPUID data based on host capabilities.
6424  */
6425 
6426 /* Expand CPU configuration data, based on configured features
6427  * and host/accelerator capabilities when appropriate.
6428  */
6429 static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
6430 {
6431     CPUX86State *env = &cpu->env;
6432     FeatureWord w;
6433     int i;
6434     GList *l;
6435 
6436     for (l = plus_features; l; l = l->next) {
6437         const char *prop = l->data;
6438         if (!object_property_set_bool(OBJECT(cpu), prop, true, errp)) {
6439             return;
6440         }
6441     }
6442 
6443     for (l = minus_features; l; l = l->next) {
6444         const char *prop = l->data;
6445         if (!object_property_set_bool(OBJECT(cpu), prop, false, errp)) {
6446             return;
6447         }
6448     }
6449 
6450     /*TODO: Now cpu->max_features doesn't overwrite features
6451      * set using QOM properties, and we can convert
6452      * plus_features & minus_features to global properties
6453      * inside x86_cpu_parse_featurestr() too.
6454      */
6455     if (cpu->max_features) {
6456         for (w = 0; w < FEATURE_WORDS; w++) {
6457             /* Override only features that weren't set explicitly
6458              * by the user.
6459              */
6460             env->features[w] |=
6461                 x86_cpu_get_supported_feature_word(w, cpu->migratable) &
6462                 ~env->user_features[w] &
6463                 ~feature_word_info[w].no_autoenable_flags;
6464         }
6465     }
6466 
6467     for (i = 0; i < ARRAY_SIZE(feature_dependencies); i++) {
6468         FeatureDep *d = &feature_dependencies[i];
6469         if (!(env->features[d->from.index] & d->from.mask)) {
6470             uint64_t unavailable_features = env->features[d->to.index] & d->to.mask;
6471 
6472             /* Not an error unless the dependent feature was added explicitly.  */
6473             mark_unavailable_features(cpu, d->to.index,
6474                                       unavailable_features & env->user_features[d->to.index],
6475                                       "This feature depends on other features that were not requested");
6476 
6477             env->features[d->to.index] &= ~unavailable_features;
6478         }
6479     }
6480 
6481     if (!kvm_enabled() || !cpu->expose_kvm) {
6482         env->features[FEAT_KVM] = 0;
6483     }
6484 
6485     x86_cpu_enable_xsave_components(cpu);
6486 
6487     /* CPUID[EAX=7,ECX=0].EBX always increased level automatically: */
6488     x86_cpu_adjust_feat_level(cpu, FEAT_7_0_EBX);
6489     if (cpu->full_cpuid_auto_level) {
6490         x86_cpu_adjust_feat_level(cpu, FEAT_1_EDX);
6491         x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX);
6492         x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX);
6493         x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX);
6494         x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX);
6495         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX);
6496         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX);
6497         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX);
6498         x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX);
6499         x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
6500         x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
6501         x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
6502 
6503         /* Intel Processor Trace requires CPUID[0x14] */
6504         if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT)) {
6505             if (cpu->intel_pt_auto_level) {
6506                 x86_cpu_adjust_level(cpu, &cpu->env.cpuid_min_level, 0x14);
6507             } else if (cpu->env.cpuid_min_level < 0x14) {
6508                 mark_unavailable_features(cpu, FEAT_7_0_EBX,
6509                     CPUID_7_0_EBX_INTEL_PT,
6510                     "Intel PT need CPUID leaf 0x14, please set by \"-cpu ...,+intel-pt,min-level=0x14\"");
6511             }
6512         }
6513 
6514         /* CPU topology with multi-dies support requires CPUID[0x1F] */
6515         if (env->nr_dies > 1) {
6516             x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F);
6517         }
6518 
6519         /* SVM requires CPUID[0x8000000A] */
6520         if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
6521             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
6522         }
6523 
6524         /* SEV requires CPUID[0x8000001F] */
6525         if (sev_enabled()) {
6526             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
6527         }
6528     }
6529 
6530     /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
6531     if (env->cpuid_level_func7 == UINT32_MAX) {
6532         env->cpuid_level_func7 = env->cpuid_min_level_func7;
6533     }
6534     if (env->cpuid_level == UINT32_MAX) {
6535         env->cpuid_level = env->cpuid_min_level;
6536     }
6537     if (env->cpuid_xlevel == UINT32_MAX) {
6538         env->cpuid_xlevel = env->cpuid_min_xlevel;
6539     }
6540     if (env->cpuid_xlevel2 == UINT32_MAX) {
6541         env->cpuid_xlevel2 = env->cpuid_min_xlevel2;
6542     }
6543 }
6544 
6545 /*
6546  * Finishes initialization of CPUID data, filters CPU feature
6547  * words based on host availability of each feature.
6548  *
6549  * Returns: 0 if all flags are supported by the host, non-zero otherwise.
6550  */
6551 static void x86_cpu_filter_features(X86CPU *cpu, bool verbose)
6552 {
6553     CPUX86State *env = &cpu->env;
6554     FeatureWord w;
6555     const char *prefix = NULL;
6556 
6557     if (verbose) {
6558         prefix = accel_uses_host_cpuid()
6559                  ? "host doesn't support requested feature"
6560                  : "TCG doesn't support requested feature";
6561     }
6562 
6563     for (w = 0; w < FEATURE_WORDS; w++) {
6564         uint64_t host_feat =
6565             x86_cpu_get_supported_feature_word(w, false);
6566         uint64_t requested_features = env->features[w];
6567         uint64_t unavailable_features = requested_features & ~host_feat;
6568         mark_unavailable_features(cpu, w, unavailable_features, prefix);
6569     }
6570 
6571     if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) &&
6572         kvm_enabled()) {
6573         KVMState *s = CPU(cpu)->kvm_state;
6574         uint32_t eax_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_EAX);
6575         uint32_t ebx_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_EBX);
6576         uint32_t ecx_0 = kvm_arch_get_supported_cpuid(s, 0x14, 0, R_ECX);
6577         uint32_t eax_1 = kvm_arch_get_supported_cpuid(s, 0x14, 1, R_EAX);
6578         uint32_t ebx_1 = kvm_arch_get_supported_cpuid(s, 0x14, 1, R_EBX);
6579 
6580         if (!eax_0 ||
6581            ((ebx_0 & INTEL_PT_MINIMAL_EBX) != INTEL_PT_MINIMAL_EBX) ||
6582            ((ecx_0 & INTEL_PT_MINIMAL_ECX) != INTEL_PT_MINIMAL_ECX) ||
6583            ((eax_1 & INTEL_PT_MTC_BITMAP) != INTEL_PT_MTC_BITMAP) ||
6584            ((eax_1 & INTEL_PT_ADDR_RANGES_NUM_MASK) <
6585                                            INTEL_PT_ADDR_RANGES_NUM) ||
6586            ((ebx_1 & (INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP)) !=
6587                 (INTEL_PT_PSB_BITMAP | INTEL_PT_CYCLE_BITMAP)) ||
6588            (ecx_0 & INTEL_PT_IP_LIP)) {
6589             /*
6590              * Processor Trace capabilities aren't configurable, so if the
6591              * host can't emulate the capabilities we report on
6592              * cpu_x86_cpuid(), intel-pt can't be enabled on the current host.
6593              */
6594             mark_unavailable_features(cpu, FEAT_7_0_EBX, CPUID_7_0_EBX_INTEL_PT, prefix);
6595         }
6596     }
6597 }
6598 
6599 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
6600 {
6601     CPUState *cs = CPU(dev);
6602     X86CPU *cpu = X86_CPU(dev);
6603     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
6604     CPUX86State *env = &cpu->env;
6605     Error *local_err = NULL;
6606     static bool ht_warned;
6607 
6608     if (xcc->host_cpuid_required) {
6609         if (!accel_uses_host_cpuid()) {
6610             g_autofree char *name = x86_cpu_class_get_model_name(xcc);
6611             error_setg(&local_err, "CPU model '%s' requires KVM", name);
6612             goto out;
6613         }
6614     }
6615 
6616     if (cpu->max_features && accel_uses_host_cpuid()) {
6617         if (enable_cpu_pm) {
6618             host_cpuid(5, 0, &cpu->mwait.eax, &cpu->mwait.ebx,
6619                        &cpu->mwait.ecx, &cpu->mwait.edx);
6620             env->features[FEAT_1_ECX] |= CPUID_EXT_MONITOR;
6621             if (kvm_enabled() && kvm_has_waitpkg()) {
6622                 env->features[FEAT_7_0_ECX] |= CPUID_7_0_ECX_WAITPKG;
6623             }
6624         }
6625         if (kvm_enabled() && cpu->ucode_rev == 0) {
6626             cpu->ucode_rev = kvm_arch_get_supported_msr_feature(kvm_state,
6627                                                                 MSR_IA32_UCODE_REV);
6628         }
6629     }
6630 
6631     if (cpu->ucode_rev == 0) {
6632         /* The default is the same as KVM's.  */
6633         if (IS_AMD_CPU(env)) {
6634             cpu->ucode_rev = 0x01000065;
6635         } else {
6636             cpu->ucode_rev = 0x100000000ULL;
6637         }
6638     }
6639 
6640     /* mwait extended info: needed for Core compatibility */
6641     /* We always wake on interrupt even if host does not have the capability */
6642     cpu->mwait.ecx |= CPUID_MWAIT_EMX | CPUID_MWAIT_IBE;
6643 
6644     if (cpu->apic_id == UNASSIGNED_APIC_ID) {
6645         error_setg(errp, "apic-id property was not initialized properly");
6646         return;
6647     }
6648 
6649     x86_cpu_expand_features(cpu, &local_err);
6650     if (local_err) {
6651         goto out;
6652     }
6653 
6654     x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid);
6655 
6656     if (cpu->enforce_cpuid && x86_cpu_have_filtered_features(cpu)) {
6657         error_setg(&local_err,
6658                    accel_uses_host_cpuid() ?
6659                        "Host doesn't support requested features" :
6660                        "TCG doesn't support requested features");
6661         goto out;
6662     }
6663 
6664     /* On AMD CPUs, some CPUID[8000_0001].EDX bits must match the bits on
6665      * CPUID[1].EDX.
6666      */
6667     if (IS_AMD_CPU(env)) {
6668         env->features[FEAT_8000_0001_EDX] &= ~CPUID_EXT2_AMD_ALIASES;
6669         env->features[FEAT_8000_0001_EDX] |= (env->features[FEAT_1_EDX]
6670            & CPUID_EXT2_AMD_ALIASES);
6671     }
6672 
6673     /* For 64bit systems think about the number of physical bits to present.
6674      * ideally this should be the same as the host; anything other than matching
6675      * the host can cause incorrect guest behaviour.
6676      * QEMU used to pick the magic value of 40 bits that corresponds to
6677      * consumer AMD devices but nothing else.
6678      */
6679     if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
6680         if (accel_uses_host_cpuid()) {
6681             uint32_t host_phys_bits = x86_host_phys_bits();
6682             static bool warned;
6683 
6684             /* Print a warning if the user set it to a value that's not the
6685              * host value.
6686              */
6687             if (cpu->phys_bits != host_phys_bits && cpu->phys_bits != 0 &&
6688                 !warned) {
6689                 warn_report("Host physical bits (%u)"
6690                             " does not match phys-bits property (%u)",
6691                             host_phys_bits, cpu->phys_bits);
6692                 warned = true;
6693             }
6694 
6695             if (cpu->host_phys_bits) {
6696                 /* The user asked for us to use the host physical bits */
6697                 cpu->phys_bits = host_phys_bits;
6698                 if (cpu->host_phys_bits_limit &&
6699                     cpu->phys_bits > cpu->host_phys_bits_limit) {
6700                     cpu->phys_bits = cpu->host_phys_bits_limit;
6701                 }
6702             }
6703 
6704             if (cpu->phys_bits &&
6705                 (cpu->phys_bits > TARGET_PHYS_ADDR_SPACE_BITS ||
6706                 cpu->phys_bits < 32)) {
6707                 error_setg(errp, "phys-bits should be between 32 and %u "
6708                                  " (but is %u)",
6709                                  TARGET_PHYS_ADDR_SPACE_BITS, cpu->phys_bits);
6710                 return;
6711             }
6712         } else {
6713             if (cpu->phys_bits && cpu->phys_bits != TCG_PHYS_ADDR_BITS) {
6714                 error_setg(errp, "TCG only supports phys-bits=%u",
6715                                   TCG_PHYS_ADDR_BITS);
6716                 return;
6717             }
6718         }
6719         /* 0 means it was not explicitly set by the user (or by machine
6720          * compat_props or by the host code above). In this case, the default
6721          * is the value used by TCG (40).
6722          */
6723         if (cpu->phys_bits == 0) {
6724             cpu->phys_bits = TCG_PHYS_ADDR_BITS;
6725         }
6726     } else {
6727         /* For 32 bit systems don't use the user set value, but keep
6728          * phys_bits consistent with what we tell the guest.
6729          */
6730         if (cpu->phys_bits != 0) {
6731             error_setg(errp, "phys-bits is not user-configurable in 32 bit");
6732             return;
6733         }
6734 
6735         if (env->features[FEAT_1_EDX] & CPUID_PSE36) {
6736             cpu->phys_bits = 36;
6737         } else {
6738             cpu->phys_bits = 32;
6739         }
6740     }
6741 
6742     /* Cache information initialization */
6743     if (!cpu->legacy_cache) {
6744         if (!xcc->model || !xcc->model->cpudef->cache_info) {
6745             g_autofree char *name = x86_cpu_class_get_model_name(xcc);
6746             error_setg(errp,
6747                        "CPU model '%s' doesn't support legacy-cache=off", name);
6748             return;
6749         }
6750         env->cache_info_cpuid2 = env->cache_info_cpuid4 = env->cache_info_amd =
6751             *xcc->model->cpudef->cache_info;
6752     } else {
6753         /* Build legacy cache information */
6754         env->cache_info_cpuid2.l1d_cache = &legacy_l1d_cache;
6755         env->cache_info_cpuid2.l1i_cache = &legacy_l1i_cache;
6756         env->cache_info_cpuid2.l2_cache = &legacy_l2_cache_cpuid2;
6757         env->cache_info_cpuid2.l3_cache = &legacy_l3_cache;
6758 
6759         env->cache_info_cpuid4.l1d_cache = &legacy_l1d_cache;
6760         env->cache_info_cpuid4.l1i_cache = &legacy_l1i_cache;
6761         env->cache_info_cpuid4.l2_cache = &legacy_l2_cache;
6762         env->cache_info_cpuid4.l3_cache = &legacy_l3_cache;
6763 
6764         env->cache_info_amd.l1d_cache = &legacy_l1d_cache_amd;
6765         env->cache_info_amd.l1i_cache = &legacy_l1i_cache_amd;
6766         env->cache_info_amd.l2_cache = &legacy_l2_cache_amd;
6767         env->cache_info_amd.l3_cache = &legacy_l3_cache;
6768     }
6769 
6770 
6771     cpu_exec_realizefn(cs, &local_err);
6772     if (local_err != NULL) {
6773         error_propagate(errp, local_err);
6774         return;
6775     }
6776 
6777 #ifndef CONFIG_USER_ONLY
6778     MachineState *ms = MACHINE(qdev_get_machine());
6779     qemu_register_reset(x86_cpu_machine_reset_cb, cpu);
6780 
6781     if (cpu->env.features[FEAT_1_EDX] & CPUID_APIC || ms->smp.cpus > 1) {
6782         x86_cpu_apic_create(cpu, &local_err);
6783         if (local_err != NULL) {
6784             goto out;
6785         }
6786     }
6787 #endif
6788 
6789     mce_init(cpu);
6790 
6791 #ifndef CONFIG_USER_ONLY
6792     if (tcg_enabled()) {
6793         cpu->cpu_as_mem = g_new(MemoryRegion, 1);
6794         cpu->cpu_as_root = g_new(MemoryRegion, 1);
6795 
6796         /* Outer container... */
6797         memory_region_init(cpu->cpu_as_root, OBJECT(cpu), "memory", ~0ull);
6798         memory_region_set_enabled(cpu->cpu_as_root, true);
6799 
6800         /* ... with two regions inside: normal system memory with low
6801          * priority, and...
6802          */
6803         memory_region_init_alias(cpu->cpu_as_mem, OBJECT(cpu), "memory",
6804                                  get_system_memory(), 0, ~0ull);
6805         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0);
6806         memory_region_set_enabled(cpu->cpu_as_mem, true);
6807 
6808         cs->num_ases = 2;
6809         cpu_address_space_init(cs, 0, "cpu-memory", cs->memory);
6810         cpu_address_space_init(cs, 1, "cpu-smm", cpu->cpu_as_root);
6811 
6812         /* ... SMRAM with higher priority, linked from /machine/smram.  */
6813         cpu->machine_done.notify = x86_cpu_machine_done;
6814         qemu_add_machine_init_done_notifier(&cpu->machine_done);
6815     }
6816 #endif
6817 
6818     qemu_init_vcpu(cs);
6819 
6820     /*
6821      * Most Intel and certain AMD CPUs support hyperthreading. Even though QEMU
6822      * fixes this issue by adjusting CPUID_0000_0001_EBX and CPUID_8000_0008_ECX
6823      * based on inputs (sockets,cores,threads), it is still better to give
6824      * users a warning.
6825      *
6826      * NOTE: the following code has to follow qemu_init_vcpu(). Otherwise
6827      * cs->nr_threads hasn't be populated yet and the checking is incorrect.
6828      */
6829     if (IS_AMD_CPU(env) &&
6830         !(env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_TOPOEXT) &&
6831         cs->nr_threads > 1 && !ht_warned) {
6832             warn_report("This family of AMD CPU doesn't support "
6833                         "hyperthreading(%d)",
6834                         cs->nr_threads);
6835             error_printf("Please configure -smp options properly"
6836                          " or try enabling topoext feature.\n");
6837             ht_warned = true;
6838     }
6839 
6840     x86_cpu_apic_realize(cpu, &local_err);
6841     if (local_err != NULL) {
6842         goto out;
6843     }
6844     cpu_reset(cs);
6845 
6846     xcc->parent_realize(dev, &local_err);
6847 
6848 out:
6849     if (local_err != NULL) {
6850         error_propagate(errp, local_err);
6851         return;
6852     }
6853 }
6854 
6855 static void x86_cpu_unrealizefn(DeviceState *dev)
6856 {
6857     X86CPU *cpu = X86_CPU(dev);
6858     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
6859 
6860 #ifndef CONFIG_USER_ONLY
6861     cpu_remove_sync(CPU(dev));
6862     qemu_unregister_reset(x86_cpu_machine_reset_cb, dev);
6863 #endif
6864 
6865     if (cpu->apic_state) {
6866         object_unparent(OBJECT(cpu->apic_state));
6867         cpu->apic_state = NULL;
6868     }
6869 
6870     xcc->parent_unrealize(dev);
6871 }
6872 
6873 typedef struct BitProperty {
6874     FeatureWord w;
6875     uint64_t mask;
6876 } BitProperty;
6877 
6878 static void x86_cpu_get_bit_prop(Object *obj, Visitor *v, const char *name,
6879                                  void *opaque, Error **errp)
6880 {
6881     X86CPU *cpu = X86_CPU(obj);
6882     BitProperty *fp = opaque;
6883     uint64_t f = cpu->env.features[fp->w];
6884     bool value = (f & fp->mask) == fp->mask;
6885     visit_type_bool(v, name, &value, errp);
6886 }
6887 
6888 static void x86_cpu_set_bit_prop(Object *obj, Visitor *v, const char *name,
6889                                  void *opaque, Error **errp)
6890 {
6891     DeviceState *dev = DEVICE(obj);
6892     X86CPU *cpu = X86_CPU(obj);
6893     BitProperty *fp = opaque;
6894     bool value;
6895 
6896     if (dev->realized) {
6897         qdev_prop_set_after_realize(dev, name, errp);
6898         return;
6899     }
6900 
6901     if (!visit_type_bool(v, name, &value, errp)) {
6902         return;
6903     }
6904 
6905     if (value) {
6906         cpu->env.features[fp->w] |= fp->mask;
6907     } else {
6908         cpu->env.features[fp->w] &= ~fp->mask;
6909     }
6910     cpu->env.user_features[fp->w] |= fp->mask;
6911 }
6912 
6913 static void x86_cpu_release_bit_prop(Object *obj, const char *name,
6914                                      void *opaque)
6915 {
6916     BitProperty *prop = opaque;
6917     g_free(prop);
6918 }
6919 
6920 /* Register a boolean property to get/set a single bit in a uint32_t field.
6921  *
6922  * The same property name can be registered multiple times to make it affect
6923  * multiple bits in the same FeatureWord. In that case, the getter will return
6924  * true only if all bits are set.
6925  */
6926 static void x86_cpu_register_bit_prop(X86CPU *cpu,
6927                                       const char *prop_name,
6928                                       FeatureWord w,
6929                                       int bitnr)
6930 {
6931     BitProperty *fp;
6932     ObjectProperty *op;
6933     uint64_t mask = (1ULL << bitnr);
6934 
6935     op = object_property_find(OBJECT(cpu), prop_name, NULL);
6936     if (op) {
6937         fp = op->opaque;
6938         assert(fp->w == w);
6939         fp->mask |= mask;
6940     } else {
6941         fp = g_new0(BitProperty, 1);
6942         fp->w = w;
6943         fp->mask = mask;
6944         object_property_add(OBJECT(cpu), prop_name, "bool",
6945                             x86_cpu_get_bit_prop,
6946                             x86_cpu_set_bit_prop,
6947                             x86_cpu_release_bit_prop, fp);
6948     }
6949 }
6950 
6951 static void x86_cpu_register_feature_bit_props(X86CPU *cpu,
6952                                                FeatureWord w,
6953                                                int bitnr)
6954 {
6955     FeatureWordInfo *fi = &feature_word_info[w];
6956     const char *name = fi->feat_names[bitnr];
6957 
6958     if (!name) {
6959         return;
6960     }
6961 
6962     /* Property names should use "-" instead of "_".
6963      * Old names containing underscores are registered as aliases
6964      * using object_property_add_alias()
6965      */
6966     assert(!strchr(name, '_'));
6967     /* aliases don't use "|" delimiters anymore, they are registered
6968      * manually using object_property_add_alias() */
6969     assert(!strchr(name, '|'));
6970     x86_cpu_register_bit_prop(cpu, name, w, bitnr);
6971 }
6972 
6973 #if !defined(CONFIG_USER_ONLY)
6974 static GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs)
6975 {
6976     X86CPU *cpu = X86_CPU(cs);
6977     CPUX86State *env = &cpu->env;
6978     GuestPanicInformation *panic_info = NULL;
6979 
6980     if (env->features[FEAT_HYPERV_EDX] & HV_GUEST_CRASH_MSR_AVAILABLE) {
6981         panic_info = g_malloc0(sizeof(GuestPanicInformation));
6982 
6983         panic_info->type = GUEST_PANIC_INFORMATION_TYPE_HYPER_V;
6984 
6985         assert(HV_CRASH_PARAMS >= 5);
6986         panic_info->u.hyper_v.arg1 = env->msr_hv_crash_params[0];
6987         panic_info->u.hyper_v.arg2 = env->msr_hv_crash_params[1];
6988         panic_info->u.hyper_v.arg3 = env->msr_hv_crash_params[2];
6989         panic_info->u.hyper_v.arg4 = env->msr_hv_crash_params[3];
6990         panic_info->u.hyper_v.arg5 = env->msr_hv_crash_params[4];
6991     }
6992 
6993     return panic_info;
6994 }
6995 static void x86_cpu_get_crash_info_qom(Object *obj, Visitor *v,
6996                                        const char *name, void *opaque,
6997                                        Error **errp)
6998 {
6999     CPUState *cs = CPU(obj);
7000     GuestPanicInformation *panic_info;
7001 
7002     if (!cs->crash_occurred) {
7003         error_setg(errp, "No crash occured");
7004         return;
7005     }
7006 
7007     panic_info = x86_cpu_get_crash_info(cs);
7008     if (panic_info == NULL) {
7009         error_setg(errp, "No crash information");
7010         return;
7011     }
7012 
7013     visit_type_GuestPanicInformation(v, "crash-information", &panic_info,
7014                                      errp);
7015     qapi_free_GuestPanicInformation(panic_info);
7016 }
7017 #endif /* !CONFIG_USER_ONLY */
7018 
7019 static void x86_cpu_initfn(Object *obj)
7020 {
7021     X86CPU *cpu = X86_CPU(obj);
7022     X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
7023     CPUX86State *env = &cpu->env;
7024     FeatureWord w;
7025 
7026     env->nr_dies = 1;
7027     cpu_set_cpustate_pointers(cpu);
7028 
7029     object_property_add(obj, "family", "int",
7030                         x86_cpuid_version_get_family,
7031                         x86_cpuid_version_set_family, NULL, NULL);
7032     object_property_add(obj, "model", "int",
7033                         x86_cpuid_version_get_model,
7034                         x86_cpuid_version_set_model, NULL, NULL);
7035     object_property_add(obj, "stepping", "int",
7036                         x86_cpuid_version_get_stepping,
7037                         x86_cpuid_version_set_stepping, NULL, NULL);
7038     object_property_add_str(obj, "vendor",
7039                             x86_cpuid_get_vendor,
7040                             x86_cpuid_set_vendor);
7041     object_property_add_str(obj, "model-id",
7042                             x86_cpuid_get_model_id,
7043                             x86_cpuid_set_model_id);
7044     object_property_add(obj, "tsc-frequency", "int",
7045                         x86_cpuid_get_tsc_freq,
7046                         x86_cpuid_set_tsc_freq, NULL, NULL);
7047     object_property_add(obj, "feature-words", "X86CPUFeatureWordInfo",
7048                         x86_cpu_get_feature_words,
7049                         NULL, NULL, (void *)env->features);
7050     object_property_add(obj, "filtered-features", "X86CPUFeatureWordInfo",
7051                         x86_cpu_get_feature_words,
7052                         NULL, NULL, (void *)cpu->filtered_features);
7053     /*
7054      * The "unavailable-features" property has the same semantics as
7055      * CpuDefinitionInfo.unavailable-features on the "query-cpu-definitions"
7056      * QMP command: they list the features that would have prevented the
7057      * CPU from running if the "enforce" flag was set.
7058      */
7059     object_property_add(obj, "unavailable-features", "strList",
7060                         x86_cpu_get_unavailable_features,
7061                         NULL, NULL, NULL);
7062 
7063 #if !defined(CONFIG_USER_ONLY)
7064     object_property_add(obj, "crash-information", "GuestPanicInformation",
7065                         x86_cpu_get_crash_info_qom, NULL, NULL, NULL);
7066 #endif
7067 
7068     for (w = 0; w < FEATURE_WORDS; w++) {
7069         int bitnr;
7070 
7071         for (bitnr = 0; bitnr < 64; bitnr++) {
7072             x86_cpu_register_feature_bit_props(cpu, w, bitnr);
7073         }
7074     }
7075 
7076     object_property_add_alias(obj, "sse3", obj, "pni");
7077     object_property_add_alias(obj, "pclmuldq", obj, "pclmulqdq");
7078     object_property_add_alias(obj, "sse4-1", obj, "sse4.1");
7079     object_property_add_alias(obj, "sse4-2", obj, "sse4.2");
7080     object_property_add_alias(obj, "xd", obj, "nx");
7081     object_property_add_alias(obj, "ffxsr", obj, "fxsr-opt");
7082     object_property_add_alias(obj, "i64", obj, "lm");
7083 
7084     object_property_add_alias(obj, "ds_cpl", obj, "ds-cpl");
7085     object_property_add_alias(obj, "tsc_adjust", obj, "tsc-adjust");
7086     object_property_add_alias(obj, "fxsr_opt", obj, "fxsr-opt");
7087     object_property_add_alias(obj, "lahf_lm", obj, "lahf-lm");
7088     object_property_add_alias(obj, "cmp_legacy", obj, "cmp-legacy");
7089     object_property_add_alias(obj, "nodeid_msr", obj, "nodeid-msr");
7090     object_property_add_alias(obj, "perfctr_core", obj, "perfctr-core");
7091     object_property_add_alias(obj, "perfctr_nb", obj, "perfctr-nb");
7092     object_property_add_alias(obj, "kvm_nopiodelay", obj, "kvm-nopiodelay");
7093     object_property_add_alias(obj, "kvm_mmu", obj, "kvm-mmu");
7094     object_property_add_alias(obj, "kvm_asyncpf", obj, "kvm-asyncpf");
7095     object_property_add_alias(obj, "kvm_steal_time", obj, "kvm-steal-time");
7096     object_property_add_alias(obj, "kvm_pv_eoi", obj, "kvm-pv-eoi");
7097     object_property_add_alias(obj, "kvm_pv_unhalt", obj, "kvm-pv-unhalt");
7098     object_property_add_alias(obj, "kvm_poll_control", obj, "kvm-poll-control");
7099     object_property_add_alias(obj, "svm_lock", obj, "svm-lock");
7100     object_property_add_alias(obj, "nrip_save", obj, "nrip-save");
7101     object_property_add_alias(obj, "tsc_scale", obj, "tsc-scale");
7102     object_property_add_alias(obj, "vmcb_clean", obj, "vmcb-clean");
7103     object_property_add_alias(obj, "pause_filter", obj, "pause-filter");
7104     object_property_add_alias(obj, "sse4_1", obj, "sse4.1");
7105     object_property_add_alias(obj, "sse4_2", obj, "sse4.2");
7106 
7107     if (xcc->model) {
7108         x86_cpu_load_model(cpu, xcc->model);
7109     }
7110 }
7111 
7112 static int64_t x86_cpu_get_arch_id(CPUState *cs)
7113 {
7114     X86CPU *cpu = X86_CPU(cs);
7115 
7116     return cpu->apic_id;
7117 }
7118 
7119 static bool x86_cpu_get_paging_enabled(const CPUState *cs)
7120 {
7121     X86CPU *cpu = X86_CPU(cs);
7122 
7123     return cpu->env.cr[0] & CR0_PG_MASK;
7124 }
7125 
7126 static void x86_cpu_set_pc(CPUState *cs, vaddr value)
7127 {
7128     X86CPU *cpu = X86_CPU(cs);
7129 
7130     cpu->env.eip = value;
7131 }
7132 
7133 static void x86_cpu_synchronize_from_tb(CPUState *cs, TranslationBlock *tb)
7134 {
7135     X86CPU *cpu = X86_CPU(cs);
7136 
7137     cpu->env.eip = tb->pc - tb->cs_base;
7138 }
7139 
7140 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
7141 {
7142     X86CPU *cpu = X86_CPU(cs);
7143     CPUX86State *env = &cpu->env;
7144 
7145 #if !defined(CONFIG_USER_ONLY)
7146     if (interrupt_request & CPU_INTERRUPT_POLL) {
7147         return CPU_INTERRUPT_POLL;
7148     }
7149 #endif
7150     if (interrupt_request & CPU_INTERRUPT_SIPI) {
7151         return CPU_INTERRUPT_SIPI;
7152     }
7153 
7154     if (env->hflags2 & HF2_GIF_MASK) {
7155         if ((interrupt_request & CPU_INTERRUPT_SMI) &&
7156             !(env->hflags & HF_SMM_MASK)) {
7157             return CPU_INTERRUPT_SMI;
7158         } else if ((interrupt_request & CPU_INTERRUPT_NMI) &&
7159                    !(env->hflags2 & HF2_NMI_MASK)) {
7160             return CPU_INTERRUPT_NMI;
7161         } else if (interrupt_request & CPU_INTERRUPT_MCE) {
7162             return CPU_INTERRUPT_MCE;
7163         } else if ((interrupt_request & CPU_INTERRUPT_HARD) &&
7164                    (((env->hflags2 & HF2_VINTR_MASK) &&
7165                      (env->hflags2 & HF2_HIF_MASK)) ||
7166                     (!(env->hflags2 & HF2_VINTR_MASK) &&
7167                      (env->eflags & IF_MASK &&
7168                       !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
7169             return CPU_INTERRUPT_HARD;
7170 #if !defined(CONFIG_USER_ONLY)
7171         } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
7172                    (env->eflags & IF_MASK) &&
7173                    !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
7174             return CPU_INTERRUPT_VIRQ;
7175 #endif
7176         }
7177     }
7178 
7179     return 0;
7180 }
7181 
7182 static bool x86_cpu_has_work(CPUState *cs)
7183 {
7184     return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
7185 }
7186 
7187 static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
7188 {
7189     X86CPU *cpu = X86_CPU(cs);
7190     CPUX86State *env = &cpu->env;
7191 
7192     info->mach = (env->hflags & HF_CS64_MASK ? bfd_mach_x86_64
7193                   : env->hflags & HF_CS32_MASK ? bfd_mach_i386_i386
7194                   : bfd_mach_i386_i8086);
7195     info->print_insn = print_insn_i386;
7196 
7197     info->cap_arch = CS_ARCH_X86;
7198     info->cap_mode = (env->hflags & HF_CS64_MASK ? CS_MODE_64
7199                       : env->hflags & HF_CS32_MASK ? CS_MODE_32
7200                       : CS_MODE_16);
7201     info->cap_insn_unit = 1;
7202     info->cap_insn_split = 8;
7203 }
7204 
7205 void x86_update_hflags(CPUX86State *env)
7206 {
7207    uint32_t hflags;
7208 #define HFLAG_COPY_MASK \
7209     ~( HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
7210        HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
7211        HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
7212        HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
7213 
7214     hflags = env->hflags & HFLAG_COPY_MASK;
7215     hflags |= (env->segs[R_SS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
7216     hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
7217     hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
7218                 (HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
7219     hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
7220 
7221     if (env->cr[4] & CR4_OSFXSR_MASK) {
7222         hflags |= HF_OSFXSR_MASK;
7223     }
7224 
7225     if (env->efer & MSR_EFER_LMA) {
7226         hflags |= HF_LMA_MASK;
7227     }
7228 
7229     if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
7230         hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
7231     } else {
7232         hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
7233                     (DESC_B_SHIFT - HF_CS32_SHIFT);
7234         hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
7235                     (DESC_B_SHIFT - HF_SS32_SHIFT);
7236         if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK) ||
7237             !(hflags & HF_CS32_MASK)) {
7238             hflags |= HF_ADDSEG_MASK;
7239         } else {
7240             hflags |= ((env->segs[R_DS].base | env->segs[R_ES].base |
7241                         env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
7242         }
7243     }
7244     env->hflags = hflags;
7245 }
7246 
7247 static Property x86_cpu_properties[] = {
7248 #ifdef CONFIG_USER_ONLY
7249     /* apic_id = 0 by default for *-user, see commit 9886e834 */
7250     DEFINE_PROP_UINT32("apic-id", X86CPU, apic_id, 0),
7251     DEFINE_PROP_INT32("thread-id", X86CPU, thread_id, 0),
7252     DEFINE_PROP_INT32("core-id", X86CPU, core_id, 0),
7253     DEFINE_PROP_INT32("die-id", X86CPU, die_id, 0),
7254     DEFINE_PROP_INT32("socket-id", X86CPU, socket_id, 0),
7255 #else
7256     DEFINE_PROP_UINT32("apic-id", X86CPU, apic_id, UNASSIGNED_APIC_ID),
7257     DEFINE_PROP_INT32("thread-id", X86CPU, thread_id, -1),
7258     DEFINE_PROP_INT32("core-id", X86CPU, core_id, -1),
7259     DEFINE_PROP_INT32("die-id", X86CPU, die_id, -1),
7260     DEFINE_PROP_INT32("socket-id", X86CPU, socket_id, -1),
7261 #endif
7262     DEFINE_PROP_INT32("node-id", X86CPU, node_id, CPU_UNSET_NUMA_NODE_ID),
7263     DEFINE_PROP_BOOL("pmu", X86CPU, enable_pmu, false),
7264 
7265     DEFINE_PROP_UINT32("hv-spinlocks", X86CPU, hyperv_spinlock_attempts,
7266                        HYPERV_SPINLOCK_NEVER_RETRY),
7267     DEFINE_PROP_BIT64("hv-relaxed", X86CPU, hyperv_features,
7268                       HYPERV_FEAT_RELAXED, 0),
7269     DEFINE_PROP_BIT64("hv-vapic", X86CPU, hyperv_features,
7270                       HYPERV_FEAT_VAPIC, 0),
7271     DEFINE_PROP_BIT64("hv-time", X86CPU, hyperv_features,
7272                       HYPERV_FEAT_TIME, 0),
7273     DEFINE_PROP_BIT64("hv-crash", X86CPU, hyperv_features,
7274                       HYPERV_FEAT_CRASH, 0),
7275     DEFINE_PROP_BIT64("hv-reset", X86CPU, hyperv_features,
7276                       HYPERV_FEAT_RESET, 0),
7277     DEFINE_PROP_BIT64("hv-vpindex", X86CPU, hyperv_features,
7278                       HYPERV_FEAT_VPINDEX, 0),
7279     DEFINE_PROP_BIT64("hv-runtime", X86CPU, hyperv_features,
7280                       HYPERV_FEAT_RUNTIME, 0),
7281     DEFINE_PROP_BIT64("hv-synic", X86CPU, hyperv_features,
7282                       HYPERV_FEAT_SYNIC, 0),
7283     DEFINE_PROP_BIT64("hv-stimer", X86CPU, hyperv_features,
7284                       HYPERV_FEAT_STIMER, 0),
7285     DEFINE_PROP_BIT64("hv-frequencies", X86CPU, hyperv_features,
7286                       HYPERV_FEAT_FREQUENCIES, 0),
7287     DEFINE_PROP_BIT64("hv-reenlightenment", X86CPU, hyperv_features,
7288                       HYPERV_FEAT_REENLIGHTENMENT, 0),
7289     DEFINE_PROP_BIT64("hv-tlbflush", X86CPU, hyperv_features,
7290                       HYPERV_FEAT_TLBFLUSH, 0),
7291     DEFINE_PROP_BIT64("hv-evmcs", X86CPU, hyperv_features,
7292                       HYPERV_FEAT_EVMCS, 0),
7293     DEFINE_PROP_BIT64("hv-ipi", X86CPU, hyperv_features,
7294                       HYPERV_FEAT_IPI, 0),
7295     DEFINE_PROP_BIT64("hv-stimer-direct", X86CPU, hyperv_features,
7296                       HYPERV_FEAT_STIMER_DIRECT, 0),
7297     DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU,
7298                             hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF),
7299     DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false),
7300 
7301     DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
7302     DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false),
7303     DEFINE_PROP_BOOL("x-force-features", X86CPU, force_features, false),
7304     DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
7305     DEFINE_PROP_UINT32("phys-bits", X86CPU, phys_bits, 0),
7306     DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false),
7307     DEFINE_PROP_UINT8("host-phys-bits-limit", X86CPU, host_phys_bits_limit, 0),
7308     DEFINE_PROP_BOOL("fill-mtrr-mask", X86CPU, fill_mtrr_mask, true),
7309     DEFINE_PROP_UINT32("level-func7", X86CPU, env.cpuid_level_func7,
7310                        UINT32_MAX),
7311     DEFINE_PROP_UINT32("level", X86CPU, env.cpuid_level, UINT32_MAX),
7312     DEFINE_PROP_UINT32("xlevel", X86CPU, env.cpuid_xlevel, UINT32_MAX),
7313     DEFINE_PROP_UINT32("xlevel2", X86CPU, env.cpuid_xlevel2, UINT32_MAX),
7314     DEFINE_PROP_UINT32("min-level", X86CPU, env.cpuid_min_level, 0),
7315     DEFINE_PROP_UINT32("min-xlevel", X86CPU, env.cpuid_min_xlevel, 0),
7316     DEFINE_PROP_UINT32("min-xlevel2", X86CPU, env.cpuid_min_xlevel2, 0),
7317     DEFINE_PROP_UINT64("ucode-rev", X86CPU, ucode_rev, 0),
7318     DEFINE_PROP_BOOL("full-cpuid-auto-level", X86CPU, full_cpuid_auto_level, true),
7319     DEFINE_PROP_STRING("hv-vendor-id", X86CPU, hyperv_vendor_id),
7320     DEFINE_PROP_BOOL("cpuid-0xb", X86CPU, enable_cpuid_0xb, true),
7321     DEFINE_PROP_BOOL("lmce", X86CPU, enable_lmce, false),
7322     DEFINE_PROP_BOOL("l3-cache", X86CPU, enable_l3_cache, true),
7323     DEFINE_PROP_BOOL("kvm-no-smi-migration", X86CPU, kvm_no_smi_migration,
7324                      false),
7325     DEFINE_PROP_BOOL("vmware-cpuid-freq", X86CPU, vmware_cpuid_freq, true),
7326     DEFINE_PROP_BOOL("tcg-cpuid", X86CPU, expose_tcg, true),
7327     DEFINE_PROP_BOOL("x-migrate-smi-count", X86CPU, migrate_smi_count,
7328                      true),
7329     /*
7330      * lecacy_cache defaults to true unless the CPU model provides its
7331      * own cache information (see x86_cpu_load_def()).
7332      */
7333     DEFINE_PROP_BOOL("legacy-cache", X86CPU, legacy_cache, true),
7334 
7335     /*
7336      * From "Requirements for Implementing the Microsoft
7337      * Hypervisor Interface":
7338      * https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs
7339      *
7340      * "Starting with Windows Server 2012 and Windows 8, if
7341      * CPUID.40000005.EAX contains a value of -1, Windows assumes that
7342      * the hypervisor imposes no specific limit to the number of VPs.
7343      * In this case, Windows Server 2012 guest VMs may use more than
7344      * 64 VPs, up to the maximum supported number of processors applicable
7345      * to the specific Windows version being used."
7346      */
7347     DEFINE_PROP_INT32("x-hv-max-vps", X86CPU, hv_max_vps, -1),
7348     DEFINE_PROP_BOOL("x-hv-synic-kvm-only", X86CPU, hyperv_synic_kvm_only,
7349                      false),
7350     DEFINE_PROP_BOOL("x-intel-pt-auto-level", X86CPU, intel_pt_auto_level,
7351                      true),
7352     DEFINE_PROP_END_OF_LIST()
7353 };
7354 
7355 static void x86_cpu_common_class_init(ObjectClass *oc, void *data)
7356 {
7357     X86CPUClass *xcc = X86_CPU_CLASS(oc);
7358     CPUClass *cc = CPU_CLASS(oc);
7359     DeviceClass *dc = DEVICE_CLASS(oc);
7360 
7361     device_class_set_parent_realize(dc, x86_cpu_realizefn,
7362                                     &xcc->parent_realize);
7363     device_class_set_parent_unrealize(dc, x86_cpu_unrealizefn,
7364                                       &xcc->parent_unrealize);
7365     device_class_set_props(dc, x86_cpu_properties);
7366 
7367     device_class_set_parent_reset(dc, x86_cpu_reset, &xcc->parent_reset);
7368     cc->reset_dump_flags = CPU_DUMP_FPU | CPU_DUMP_CCOP;
7369 
7370     cc->class_by_name = x86_cpu_class_by_name;
7371     cc->parse_features = x86_cpu_parse_featurestr;
7372     cc->has_work = x86_cpu_has_work;
7373 #ifdef CONFIG_TCG
7374     cc->do_interrupt = x86_cpu_do_interrupt;
7375     cc->cpu_exec_interrupt = x86_cpu_exec_interrupt;
7376 #endif
7377     cc->dump_state = x86_cpu_dump_state;
7378     cc->set_pc = x86_cpu_set_pc;
7379     cc->synchronize_from_tb = x86_cpu_synchronize_from_tb;
7380     cc->gdb_read_register = x86_cpu_gdb_read_register;
7381     cc->gdb_write_register = x86_cpu_gdb_write_register;
7382     cc->get_arch_id = x86_cpu_get_arch_id;
7383     cc->get_paging_enabled = x86_cpu_get_paging_enabled;
7384 #ifndef CONFIG_USER_ONLY
7385     cc->asidx_from_attrs = x86_asidx_from_attrs;
7386     cc->get_memory_mapping = x86_cpu_get_memory_mapping;
7387     cc->get_phys_page_attrs_debug = x86_cpu_get_phys_page_attrs_debug;
7388     cc->get_crash_info = x86_cpu_get_crash_info;
7389     cc->write_elf64_note = x86_cpu_write_elf64_note;
7390     cc->write_elf64_qemunote = x86_cpu_write_elf64_qemunote;
7391     cc->write_elf32_note = x86_cpu_write_elf32_note;
7392     cc->write_elf32_qemunote = x86_cpu_write_elf32_qemunote;
7393     cc->vmsd = &vmstate_x86_cpu;
7394 #endif
7395     cc->gdb_arch_name = x86_gdb_arch_name;
7396 #ifdef TARGET_X86_64
7397     cc->gdb_core_xml_file = "i386-64bit.xml";
7398     cc->gdb_num_core_regs = 66;
7399 #else
7400     cc->gdb_core_xml_file = "i386-32bit.xml";
7401     cc->gdb_num_core_regs = 50;
7402 #endif
7403 #if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
7404     cc->debug_excp_handler = breakpoint_handler;
7405 #endif
7406     cc->cpu_exec_enter = x86_cpu_exec_enter;
7407     cc->cpu_exec_exit = x86_cpu_exec_exit;
7408 #ifdef CONFIG_TCG
7409     cc->tcg_initialize = tcg_x86_init;
7410     cc->tlb_fill = x86_cpu_tlb_fill;
7411 #endif
7412     cc->disas_set_info = x86_disas_set_info;
7413 
7414     dc->user_creatable = true;
7415 }
7416 
7417 static const TypeInfo x86_cpu_type_info = {
7418     .name = TYPE_X86_CPU,
7419     .parent = TYPE_CPU,
7420     .instance_size = sizeof(X86CPU),
7421     .instance_init = x86_cpu_initfn,
7422     .abstract = true,
7423     .class_size = sizeof(X86CPUClass),
7424     .class_init = x86_cpu_common_class_init,
7425 };
7426 
7427 
7428 /* "base" CPU model, used by query-cpu-model-expansion */
7429 static void x86_cpu_base_class_init(ObjectClass *oc, void *data)
7430 {
7431     X86CPUClass *xcc = X86_CPU_CLASS(oc);
7432 
7433     xcc->static_model = true;
7434     xcc->migration_safe = true;
7435     xcc->model_description = "base CPU model type with no features enabled";
7436     xcc->ordering = 8;
7437 }
7438 
7439 static const TypeInfo x86_base_cpu_type_info = {
7440         .name = X86_CPU_TYPE_NAME("base"),
7441         .parent = TYPE_X86_CPU,
7442         .class_init = x86_cpu_base_class_init,
7443 };
7444 
7445 static void x86_cpu_register_types(void)
7446 {
7447     int i;
7448 
7449     type_register_static(&x86_cpu_type_info);
7450     for (i = 0; i < ARRAY_SIZE(builtin_x86_defs); i++) {
7451         x86_register_cpudef_types(&builtin_x86_defs[i]);
7452     }
7453     type_register_static(&max_x86_cpu_type_info);
7454     type_register_static(&x86_base_cpu_type_info);
7455 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
7456     type_register_static(&host_x86_cpu_type_info);
7457 #endif
7458 }
7459 
7460 type_init(x86_cpu_register_types)
7461