Xen project Mailing List

Re: [PATCH] x86emul: adjust BSF/BSR behavior as to EFLAGS

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 23 Apr 2025 13:09:32 +0200

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 23 Apr 2025 11:10:41 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 23.04.2025 11:49, Andrew Cooper wrote: > On 23/04/2025 7:13 am, Jan Beulich wrote: >> SDM revision 087 points out that apparently as of quite some time ago on >> Intel hardware BSF and BSR may alter all arithmetic flags, not just ZF. >> Because of the inconsistency (and because documentation doesn't look to >> be quite right about PF), best we can do is simply take the flag values >> from what the processor produces, just like we do for various other >> arithmetic insns. (Note also that AMD and Intel have always been >> disagreeing on arithmetic flags other than ZF.) > > The new footnote Intel have added about "older processors" does match > AMD, saying "unmodified". > > I think it's clear now that Intel and AMD behaviour was the same > originally, except AMD wrote "unmodified" and Intel wrote "undefined", > and Intel used this flexibility to alter the behaviour. Except it isn't - U in AMD's nomenclature is "undefined", not "unmodified" (and despite what you wrote above I hope you agree that the two mean different things). Unmodified flag entries are simply blank. >> --- a/xen/arch/x86/x86_emulate/x86_emulate.c >> +++ b/xen/arch/x86/x86_emulate/x86_emulate.c >> @@ -5268,16 +5268,14 @@ x86_emulate( >> break; >> >> case X86EMUL_OPC(0x0f, 0xbc): /* bsf or tzcnt */ >> - { >> - bool zf; >> - >> - asm ( "bsf %2,%0" ASM_FLAG_OUT(, "; setz %1") >> - : "=r" (dst.val), ASM_FLAG_OUT("=@ccz", "=qm") (zf) >> - : "rm" (src.val) ); >> - _regs.eflags &= ~X86_EFLAGS_ZF; >> if ( (vex.pfx == vex_f3) && vcpu_has_bmi1() ) >> { >> - _regs.eflags &= ~X86_EFLAGS_CF; >> + bool zf; >> + >> + asm ( "bsf %2,%0" ASM_FLAG_OUT(, "; setz %1") >> + : "=r" (dst.val), ASM_FLAG_OUT("=@ccz", "=qm") (zf) >> + : "rm" (src.val) ); >> + _regs.eflags &= ~(X86_EFLAGS_ZF | X86_EFLAGS_CF); >> if ( zf ) >> { >> _regs.eflags |= X86_EFLAGS_CF; >> @@ -5286,25 +5284,23 @@ x86_emulate( >> else if ( !dst.val ) >> _regs.eflags |= X86_EFLAGS_ZF; >> } >> - else if ( zf ) >> + else >> { >> - _regs.eflags |= X86_EFLAGS_ZF; >> - dst.type = OP_NONE; >> + emulate_2op_SrcV_srcmem("bsf", src, dst, _regs.eflags); >> + if ( _regs.eflags & X86_EFLAGS_ZF ) >> + dst.type = OP_NONE; > > On Intel, BSF/BSR writes back the destination register. Notably, it > gets 0 extended per normal rules, That's also only on "older processors", as per the other footnote. > which is why you have to be extra > careful when using the trick of preloading it with -1; the result must > be interpreted as (int) even over a 64bit operation. > > This needs an amd_like() qualification to override dst.type. This > aspect genuinely is different between them. Alternatively, we might be > able to set the operand size always to 64 and write back the entire > register as the processor gave to us, but I'm not sure if that will have > effects elsewhere. Besides (as per above), amd_like() not covering all cases, this would then further need special treatment for 16-bit opsize. Plus promoting to 64-bit would require manually clipping the result to 5 bits when the original size wants 64-bit. That's imo far more complications than gains. Further, this patch is really about EFLAGS only; the OP_NONE was there already before. > Finally, I'm wary leaving TZCNT/LZCNT using the old logic. Despite the > absence of an update in 087, I find it unlikely that they behave > differently WRT flags (specifically, I severely doubt they've got > differing circuitry). They do, I checked. Iirc I even mentioned on Matrix that I'm surprised by the difference. > I'd suggest giving them the same fully-emulated treatment as BSF/BSR. But we're emulating them as the correct insn even if the respective feature flag isn't set in the host policy. I don't want to break that, so doing as you suggest would mean further bifurcating the handling (to deal with the two different cases of what underlying hardware we run on). This feels like unnecessary extra complexity to me. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.