~fboudra/qemu-linaro/new-upstream-release-1.2.0-2012.09-0ubuntu1
» Revision
12924
: target-i386/op_helper.c
« back to all changes in this revision
Viewing changes to target-i386/op_helper.c
- browse files at revision 12924
- compare with another revision
- download diff
- download tarball
- view history from revision 12924
- Committer: Fathi Boudra
- Author(s): Fathi Boudra
- Date: 2012-08-21 06:47:11 UTC
- mfrom: (0.1.16)
- Revision ID: fathi.boudra@linaro.org-20120821064711-7yxmubp2v8a44xce
Tags: 1.1.50-2012.08-0ubuntu1
* New upstream release.
- support emulated systems with more than 2G of memory. (LP: #1030588)
* Drop powerpc-missing-include.patch - merged upstream.
* Update debian/control:
- drop perl build dependency.
- add libfdt-dev build dependency.
* Update debian/qemu-keymaps.install file.
* Update debian/rules:
- update QEMU_CPU for ARM architecture: armv4l -> armv7l.
- update conf_audio_drv: default to PulseAudio since PA is the default on
Ubuntu.
- enable KVM on ARM architecture.
- enable flat device tree support (--enable-fdt). (LP: #1030594)
- support emulated systems with more than 2G of memory. (LP: #1030588)
* Drop powerpc-missing-include.patch - merged upstream.
* Update debian/control:
- drop perl build dependency.
- add libfdt-dev build dependency.
* Update debian/qemu-keymaps.install file.
* Update debian/rules:
- update QEMU_CPU for ARM architecture: armv4l -> armv7l.
- update conf_audio_drv: default to PulseAudio since PA is the default on
Ubuntu.
- enable KVM on ARM architecture.
- enable flat device tree support (--enable-fdt). (LP: #1030594)
- files added:
- QMP/qom-fuse
- hw/alpha
- hw/arm
- hw/cris
- hw/i386
- hw/lm32
- hw/m68k
- hw/microblaze
- hw/mips
- hw/openrisc
- hw/ppc
- hw/s390x
- hw/sh4
- hw/sparc
- hw/sparc64
- hw/usb
- hw/xtensa
- linux-headers/asm-generic
- linux-user/openrisc
- scripts/tracetool/backend
- scripts/tracetool/format
- target-openrisc
- target-xtensa/core-dc233c
- tests/tcg/openrisc
- files removed:
- .pc/powerpc-missing-include.patch
- darwin-user
- files modified:
- .gitignore
- scripts/tracetool
added
removed
target-i386/op_helper.c
1
/*
2
* i386 helpers
3
*
4
* Copyright (c) 2003 Fabrice Bellard
5
*
6
* This library is free software; you can redistribute it and/or
7
* modify it under the terms of the GNU Lesser General Public
8
* License as published by the Free Software Foundation; either
9
* version 2 of the License, or (at your option) any later version.
10
*
11
* This library is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
* Lesser General Public License for more details.
15
*
16
* You should have received a copy of the GNU Lesser General Public
17
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
18
*/
19
20
#include <math.h>
21
#include "cpu.h"
22
#include "dyngen-exec.h"
23
#include "host-utils.h"
24
#include "ioport.h"
25
#include "qemu-log.h"
26
#include "cpu-defs.h"
27
#include "helper.h"
28
29
#if !defined(CONFIG_USER_ONLY)
30
#include "softmmu_exec.h"
31
#endif /* !defined(CONFIG_USER_ONLY) */
32
33
//#define DEBUG_PCALL
34
35
#ifdef DEBUG_PCALL
36
# define LOG_PCALL(...) qemu_log_mask(CPU_LOG_PCALL, ## __VA_ARGS__)
37
# define LOG_PCALL_STATE(env) \
38
log_cpu_state_mask(CPU_LOG_PCALL, (env), X86_DUMP_CCOP)
39
#else
40
# define LOG_PCALL(...) do { } while (0)
41
# define LOG_PCALL_STATE(env) do { } while (0)
42
#endif
43
44
/* n must be a constant to be efficient */
45
static inline target_long lshift(target_long x, int n)
46
{
47
if (n >= 0) {
48
return x << n;
49
} else {
50
return x >> (-n);
51
}
52
}
53
54
#define FPU_RC_MASK 0xc00
55
#define FPU_RC_NEAR 0x000
56
#define FPU_RC_DOWN 0x400
57
#define FPU_RC_UP 0x800
58
#define FPU_RC_CHOP 0xc00
59
60
#define MAXTAN 9223372036854775808.0
61
62
/* the following deal with x86 long double-precision numbers */
63
#define MAXEXPD 0x7fff
64
#define EXPBIAS 16383
65
#define EXPD(fp) (fp.l.upper & 0x7fff)
66
#define SIGND(fp) ((fp.l.upper) & 0x8000)
67
#define MANTD(fp) (fp.l.lower)
68
#define BIASEXPONENT(fp) fp.l.upper = (fp.l.upper & ~(0x7fff)) | EXPBIAS
69
70
static inline void fpush(void)
71
{
72
env->fpstt = (env->fpstt - 1) & 7;
73
env->fptags[env->fpstt] = 0; /* validate stack entry */
74
}
75
76
static inline void fpop(void)
77
{
78
env->fptags[env->fpstt] = 1; /* invvalidate stack entry */
79
env->fpstt = (env->fpstt + 1) & 7;
80
}
81
82
static inline floatx80 helper_fldt(target_ulong ptr)
83
{
84
CPU_LDoubleU temp;
85
86
temp.l.lower = ldq(ptr);
87
temp.l.upper = lduw(ptr + 8);
88
return temp.d;
89
}
90
91
static inline void helper_fstt(floatx80 f, target_ulong ptr)
92
{
93
CPU_LDoubleU temp;
94
95
temp.d = f;
96
stq(ptr, temp.l.lower);
97
stw(ptr + 8, temp.l.upper);
98
}
99
100
#define FPUS_IE (1 << 0)
101
#define FPUS_DE (1 << 1)
102
#define FPUS_ZE (1 << 2)
103
#define FPUS_OE (1 << 3)
104
#define FPUS_UE (1 << 4)
105
#define FPUS_PE (1 << 5)
106
#define FPUS_SF (1 << 6)
107
#define FPUS_SE (1 << 7)
108
#define FPUS_B (1 << 15)
109
110
#define FPUC_EM 0x3f
111
112
static inline uint32_t compute_eflags(void)
113
{
114
return env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK);
115
}
116
117
/* NOTE: CC_OP must be modified manually to CC_OP_EFLAGS */
118
static inline void load_eflags(int eflags, int update_mask)
119
{
120
CC_SRC = eflags & (CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C);
121
DF = 1 - (2 * ((eflags >> 10) & 1));
122
env->eflags = (env->eflags & ~update_mask) |
123
(eflags & update_mask) | 0x2;
124
}
125
126
/* load efer and update the corresponding hflags. XXX: do consistency
127
checks with cpuid bits ? */
128
static inline void cpu_load_efer(CPUState *env, uint64_t val)
129
{
130
env->efer = val;
131
env->hflags &= ~(HF_LMA_MASK | HF_SVME_MASK);
132
if (env->efer & MSR_EFER_LMA) {
133
env->hflags |= HF_LMA_MASK;
134
}
135
if (env->efer & MSR_EFER_SVME) {
136
env->hflags |= HF_SVME_MASK;
137
}
138
}
139
140
#if 0
141
#define raise_exception_err(a, b)\
142
do {\
143
qemu_log("raise_exception line=%d\n", __LINE__);\
144
(raise_exception_err)(a, b);\
145
} while (0)
146
#endif
147
148
static void QEMU_NORETURN raise_exception_err(int exception_index,
149
int error_code);
150
151
static const uint8_t parity_table[256] = {
152
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
153
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
154
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
155
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
156
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
157
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
158
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
159
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
160
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
161
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
162
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
163
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
164
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
165
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
166
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
167
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
168
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
169
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
170
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
171
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
172
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
173
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
174
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
175
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
176
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
177
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
178
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
179
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
180
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
181
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
182
CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
183
0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
184
};
185
186
/* modulo 17 table */
187
static const uint8_t rclw_table[32] = {
188
0, 1, 2, 3, 4, 5, 6, 7,
189
8, 9,10,11,12,13,14,15,
190
16, 0, 1, 2, 3, 4, 5, 6,
191
7, 8, 9,10,11,12,13,14,
192
};
193
194
/* modulo 9 table */
195
static const uint8_t rclb_table[32] = {
196
0, 1, 2, 3, 4, 5, 6, 7,
197
8, 0, 1, 2, 3, 4, 5, 6,
198
7, 8, 0, 1, 2, 3, 4, 5,
199
6, 7, 8, 0, 1, 2, 3, 4,
200
};
201
202
#define floatx80_lg2 make_floatx80( 0x3ffd, 0x9a209a84fbcff799LL )
203
#define floatx80_l2e make_floatx80( 0x3fff, 0xb8aa3b295c17f0bcLL )
204
#define floatx80_l2t make_floatx80( 0x4000, 0xd49a784bcd1b8afeLL )
205
206
/* broken thread support */
207
208
static spinlock_t global_cpu_lock = SPIN_LOCK_UNLOCKED;
209
210
void helper_lock(void)
211
{
212
spin_lock(&global_cpu_lock);
213
}
214
215
void helper_unlock(void)
216
{
217
spin_unlock(&global_cpu_lock);
218
}
219
220
void helper_write_eflags(target_ulong t0, uint32_t update_mask)
221
{
222
load_eflags(t0, update_mask);
223
}
224
225
target_ulong helper_read_eflags(void)
226
{
227
uint32_t eflags;
228
eflags = helper_cc_compute_all(CC_OP);
229
eflags |= (DF & DF_MASK);
230
eflags |= env->eflags & ~(VM_MASK | RF_MASK);
231
return eflags;
232
}
233
234
/* return non zero if error */
235
static inline int load_segment(uint32_t *e1_ptr, uint32_t *e2_ptr,
236
int selector)
237
{
238
SegmentCache *dt;
239
int index;
240
target_ulong ptr;
241
242
if (selector & 0x4)
243
dt = &env->ldt;
244
else
245
dt = &env->gdt;
246
index = selector & ~7;
247
if ((index + 7) > dt->limit)
248
return -1;
249
ptr = dt->base + index;
250
*e1_ptr = ldl_kernel(ptr);
251
*e2_ptr = ldl_kernel(ptr + 4);
252
return 0;
253
}
254
255
static inline unsigned int get_seg_limit(uint32_t e1, uint32_t e2)
256
{
257
unsigned int limit;
258
limit = (e1 & 0xffff) | (e2 & 0x000f0000);
259
if (e2 & DESC_G_MASK)
260
limit = (limit << 12) | 0xfff;
261
return limit;
262
}
263
264
static inline uint32_t get_seg_base(uint32_t e1, uint32_t e2)
265
{
266
return ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
267
}
268
269
static inline void load_seg_cache_raw_dt(SegmentCache *sc, uint32_t e1, uint32_t e2)
270
{
271
sc->base = get_seg_base(e1, e2);
272
sc->limit = get_seg_limit(e1, e2);
273
sc->flags = e2;
274
}
275
276
/* init the segment cache in vm86 mode. */
277
static inline void load_seg_vm(int seg, int selector)
278
{
279
selector &= 0xffff;
280
cpu_x86_load_seg_cache(env, seg, selector,
281
(selector << 4), 0xffff, 0);
282
}
283
284
static inline void get_ss_esp_from_tss(uint32_t *ss_ptr,
285
uint32_t *esp_ptr, int dpl)
286
{
287
int type, index, shift;
288
289
#if 0
290
{
291
int i;
292
printf("TR: base=%p limit=%x\n", env->tr.base, env->tr.limit);
293
for(i=0;i<env->tr.limit;i++) {
294
printf("%02x ", env->tr.base[i]);
295
if ((i & 7) == 7) printf("\n");
296
}
297
printf("\n");
298
}
299
#endif
300
301
if (!(env->tr.flags & DESC_P_MASK))
302
cpu_abort(env, "invalid tss");
303
type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
304
if ((type & 7) != 1)
305
cpu_abort(env, "invalid tss type");
306
shift = type >> 3;
307
index = (dpl * 4 + 2) << shift;
308
if (index + (4 << shift) - 1 > env->tr.limit)
309
raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
310
if (shift == 0) {
311
*esp_ptr = lduw_kernel(env->tr.base + index);
312
*ss_ptr = lduw_kernel(env->tr.base + index + 2);
313
} else {
314
*esp_ptr = ldl_kernel(env->tr.base + index);
315
*ss_ptr = lduw_kernel(env->tr.base + index + 4);
316
}
317
}
318
319
/* XXX: merge with load_seg() */
320
static void tss_load_seg(int seg_reg, int selector)
321
{
322
uint32_t e1, e2;
323
int rpl, dpl, cpl;
324
325
if ((selector & 0xfffc) != 0) {
326
if (load_segment(&e1, &e2, selector) != 0)
327
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
328
if (!(e2 & DESC_S_MASK))
329
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
330
rpl = selector & 3;
331
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
332
cpl = env->hflags & HF_CPL_MASK;
333
if (seg_reg == R_CS) {
334
if (!(e2 & DESC_CS_MASK))
335
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
336
/* XXX: is it correct ? */
337
if (dpl != rpl)
338
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
339
if ((e2 & DESC_C_MASK) && dpl > rpl)
340
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
341
} else if (seg_reg == R_SS) {
342
/* SS must be writable data */
343
if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK))
344
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
345
if (dpl != cpl || dpl != rpl)
346
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
347
} else {
348
/* not readable code */
349
if ((e2 & DESC_CS_MASK) && !(e2 & DESC_R_MASK))
350
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
351
/* if data or non conforming code, checks the rights */
352
if (((e2 >> DESC_TYPE_SHIFT) & 0xf) < 12) {
353
if (dpl < cpl || dpl < rpl)
354
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
355
}
356
}
357
if (!(e2 & DESC_P_MASK))
358
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
359
cpu_x86_load_seg_cache(env, seg_reg, selector,
360
get_seg_base(e1, e2),
361
get_seg_limit(e1, e2),
362
e2);
363
} else {
364
if (seg_reg == R_SS || seg_reg == R_CS)
365
raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
366
}
367
}
368
369
#define SWITCH_TSS_JMP 0
370
#define SWITCH_TSS_IRET 1
371
#define SWITCH_TSS_CALL 2
372
373
/* XXX: restore CPU state in registers (PowerPC case) */
374
static void switch_tss(int tss_selector,
375
uint32_t e1, uint32_t e2, int source,
376
uint32_t next_eip)
377
{
378
int tss_limit, tss_limit_max, type, old_tss_limit_max, old_type, v1, v2, i;
379
target_ulong tss_base;
380
uint32_t new_regs[8], new_segs[6];
381
uint32_t new_eflags, new_eip, new_cr3, new_ldt, new_trap;
382
uint32_t old_eflags, eflags_mask;
383
SegmentCache *dt;
384
int index;
385
target_ulong ptr;
386
387
type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
388
LOG_PCALL("switch_tss: sel=0x%04x type=%d src=%d\n", tss_selector, type, source);
389
390
/* if task gate, we read the TSS segment and we load it */
391
if (type == 5) {
392
if (!(e2 & DESC_P_MASK))
393
raise_exception_err(EXCP0B_NOSEG, tss_selector & 0xfffc);
394
tss_selector = e1 >> 16;
395
if (tss_selector & 4)
396
raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
397
if (load_segment(&e1, &e2, tss_selector) != 0)
398
raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
399
if (e2 & DESC_S_MASK)
400
raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
401
type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
402
if ((type & 7) != 1)
403
raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
404
}
405
406
if (!(e2 & DESC_P_MASK))
407
raise_exception_err(EXCP0B_NOSEG, tss_selector & 0xfffc);
408
409
if (type & 8)
410
tss_limit_max = 103;
411
else
412
tss_limit_max = 43;
413
tss_limit = get_seg_limit(e1, e2);
414
tss_base = get_seg_base(e1, e2);
415
if ((tss_selector & 4) != 0 ||
416
tss_limit < tss_limit_max)
417
raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
418
old_type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
419
if (old_type & 8)
420
old_tss_limit_max = 103;
421
else
422
old_tss_limit_max = 43;
423
424
/* read all the registers from the new TSS */
425
if (type & 8) {
426
/* 32 bit */
427
new_cr3 = ldl_kernel(tss_base + 0x1c);
428
new_eip = ldl_kernel(tss_base + 0x20);
429
new_eflags = ldl_kernel(tss_base + 0x24);
430
for(i = 0; i < 8; i++)
431
new_regs[i] = ldl_kernel(tss_base + (0x28 + i * 4));
432
for(i = 0; i < 6; i++)
433
new_segs[i] = lduw_kernel(tss_base + (0x48 + i * 4));
434
new_ldt = lduw_kernel(tss_base + 0x60);
435
new_trap = ldl_kernel(tss_base + 0x64);
436
} else {
437
/* 16 bit */
438
new_cr3 = 0;
439
new_eip = lduw_kernel(tss_base + 0x0e);
440
new_eflags = lduw_kernel(tss_base + 0x10);
441
for(i = 0; i < 8; i++)
442
new_regs[i] = lduw_kernel(tss_base + (0x12 + i * 2)) | 0xffff0000;
443
for(i = 0; i < 4; i++)
444
new_segs[i] = lduw_kernel(tss_base + (0x22 + i * 4));
445
new_ldt = lduw_kernel(tss_base + 0x2a);
446
new_segs[R_FS] = 0;
447
new_segs[R_GS] = 0;
448
new_trap = 0;
449
}
450
/* XXX: avoid a compiler warning, see
451
http://support.amd.com/us/Processor_TechDocs/24593.pdf
452
chapters 12.2.5 and 13.2.4 on how to implement TSS Trap bit */
453
(void)new_trap;
454
455
/* NOTE: we must avoid memory exceptions during the task switch,
456
so we make dummy accesses before */
457
/* XXX: it can still fail in some cases, so a bigger hack is
458
necessary to valid the TLB after having done the accesses */
459
460
v1 = ldub_kernel(env->tr.base);
461
v2 = ldub_kernel(env->tr.base + old_tss_limit_max);
462
stb_kernel(env->tr.base, v1);
463
stb_kernel(env->tr.base + old_tss_limit_max, v2);
464
465
/* clear busy bit (it is restartable) */
466
if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_IRET) {
467
target_ulong ptr;
468
uint32_t e2;
469
ptr = env->gdt.base + (env->tr.selector & ~7);
470
e2 = ldl_kernel(ptr + 4);
471
e2 &= ~DESC_TSS_BUSY_MASK;
472
stl_kernel(ptr + 4, e2);
473
}
474
old_eflags = compute_eflags();
475
if (source == SWITCH_TSS_IRET)
476
old_eflags &= ~NT_MASK;
477
478
/* save the current state in the old TSS */
479
if (type & 8) {
480
/* 32 bit */
481
stl_kernel(env->tr.base + 0x20, next_eip);
482
stl_kernel(env->tr.base + 0x24, old_eflags);
483
stl_kernel(env->tr.base + (0x28 + 0 * 4), EAX);
484
stl_kernel(env->tr.base + (0x28 + 1 * 4), ECX);
485
stl_kernel(env->tr.base + (0x28 + 2 * 4), EDX);
486
stl_kernel(env->tr.base + (0x28 + 3 * 4), EBX);
487
stl_kernel(env->tr.base + (0x28 + 4 * 4), ESP);
488
stl_kernel(env->tr.base + (0x28 + 5 * 4), EBP);
489
stl_kernel(env->tr.base + (0x28 + 6 * 4), ESI);
490
stl_kernel(env->tr.base + (0x28 + 7 * 4), EDI);
491
for(i = 0; i < 6; i++)
492
stw_kernel(env->tr.base + (0x48 + i * 4), env->segs[i].selector);
493
} else {
494
/* 16 bit */
495
stw_kernel(env->tr.base + 0x0e, next_eip);
496
stw_kernel(env->tr.base + 0x10, old_eflags);
497
stw_kernel(env->tr.base + (0x12 + 0 * 2), EAX);
498
stw_kernel(env->tr.base + (0x12 + 1 * 2), ECX);
499
stw_kernel(env->tr.base + (0x12 + 2 * 2), EDX);
500
stw_kernel(env->tr.base + (0x12 + 3 * 2), EBX);
501
stw_kernel(env->tr.base + (0x12 + 4 * 2), ESP);
502
stw_kernel(env->tr.base + (0x12 + 5 * 2), EBP);
503
stw_kernel(env->tr.base + (0x12 + 6 * 2), ESI);
504
stw_kernel(env->tr.base + (0x12 + 7 * 2), EDI);
505
for(i = 0; i < 4; i++)
506
stw_kernel(env->tr.base + (0x22 + i * 4), env->segs[i].selector);
507
}
508
509
/* now if an exception occurs, it will occurs in the next task
510
context */
511
512
if (source == SWITCH_TSS_CALL) {
513
stw_kernel(tss_base, env->tr.selector);
514
new_eflags |= NT_MASK;
515
}
516
517
/* set busy bit */
518
if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_CALL) {
519
target_ulong ptr;
520
uint32_t e2;
521
ptr = env->gdt.base + (tss_selector & ~7);
522
e2 = ldl_kernel(ptr + 4);
523
e2 |= DESC_TSS_BUSY_MASK;
524
stl_kernel(ptr + 4, e2);
525
}
526
527
/* set the new CPU state */
528
/* from this point, any exception which occurs can give problems */
529
env->cr[0] |= CR0_TS_MASK;
530
env->hflags |= HF_TS_MASK;
531
env->tr.selector = tss_selector;
532
env->tr.base = tss_base;
533
env->tr.limit = tss_limit;
534
env->tr.flags = e2 & ~DESC_TSS_BUSY_MASK;
535
536
if ((type & 8) && (env->cr[0] & CR0_PG_MASK)) {
537
cpu_x86_update_cr3(env, new_cr3);
538
}
539
540
/* load all registers without an exception, then reload them with
541
possible exception */
542
env->eip = new_eip;
543
eflags_mask = TF_MASK | AC_MASK | ID_MASK |
544
IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK;
545
if (!(type & 8))
546
eflags_mask &= 0xffff;
547
load_eflags(new_eflags, eflags_mask);
548
/* XXX: what to do in 16 bit case ? */
549
EAX = new_regs[0];
550
ECX = new_regs[1];
551
EDX = new_regs[2];
552
EBX = new_regs[3];
553
ESP = new_regs[4];
554
EBP = new_regs[5];
555
ESI = new_regs[6];
556
EDI = new_regs[7];
557
if (new_eflags & VM_MASK) {
558
for(i = 0; i < 6; i++)
559
load_seg_vm(i, new_segs[i]);
560
/* in vm86, CPL is always 3 */
561
cpu_x86_set_cpl(env, 3);
562
} else {
563
/* CPL is set the RPL of CS */
564
cpu_x86_set_cpl(env, new_segs[R_CS] & 3);
565
/* first just selectors as the rest may trigger exceptions */
566
for(i = 0; i < 6; i++)
567
cpu_x86_load_seg_cache(env, i, new_segs[i], 0, 0, 0);
568
}
569
570
env->ldt.selector = new_ldt & ~4;
571
env->ldt.base = 0;
572
env->ldt.limit = 0;
573
env->ldt.flags = 0;
574
575
/* load the LDT */
576
if (new_ldt & 4)
577
raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
578
579
if ((new_ldt & 0xfffc) != 0) {
580
dt = &env->gdt;
581
index = new_ldt & ~7;
582
if ((index + 7) > dt->limit)
583
raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
584
ptr = dt->base + index;
585
e1 = ldl_kernel(ptr);
586
e2 = ldl_kernel(ptr + 4);
587
if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2)
588
raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
589
if (!(e2 & DESC_P_MASK))
590
raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
591
load_seg_cache_raw_dt(&env->ldt, e1, e2);
592
}
593
594
/* load the segments */
595
if (!(new_eflags & VM_MASK)) {
596
tss_load_seg(R_CS, new_segs[R_CS]);
597
tss_load_seg(R_SS, new_segs[R_SS]);
598
tss_load_seg(R_ES, new_segs[R_ES]);
599
tss_load_seg(R_DS, new_segs[R_DS]);
600
tss_load_seg(R_FS, new_segs[R_FS]);
601
tss_load_seg(R_GS, new_segs[R_GS]);
602
}
603
604
/* check that EIP is in the CS segment limits */
605
if (new_eip > env->segs[R_CS].limit) {
606
/* XXX: different exception if CALL ? */
607
raise_exception_err(EXCP0D_GPF, 0);
608
}
609
610
#ifndef CONFIG_USER_ONLY
611
/* reset local breakpoints */
612
if (env->dr[7] & 0x55) {
613
for (i = 0; i < 4; i++) {
614
if (hw_breakpoint_enabled(env->dr[7], i) == 0x1)
615
hw_breakpoint_remove(env, i);
616
}
617
env->dr[7] &= ~0x55;
618
}
619
#endif
620
}
621
622
/* check if Port I/O is allowed in TSS */
623
static inline void check_io(int addr, int size)
624
{
625
int io_offset, val, mask;
626
627
/* TSS must be a valid 32 bit one */
628
if (!(env->tr.flags & DESC_P_MASK) ||
629
((env->tr.flags >> DESC_TYPE_SHIFT) & 0xf) != 9 ||
630
env->tr.limit < 103)
631
goto fail;
632
io_offset = lduw_kernel(env->tr.base + 0x66);
633
io_offset += (addr >> 3);
634
/* Note: the check needs two bytes */
635
if ((io_offset + 1) > env->tr.limit)
636
goto fail;
637
val = lduw_kernel(env->tr.base + io_offset);
638
val >>= (addr & 7);
639
mask = (1 << size) - 1;
640
/* all bits must be zero to allow the I/O */
641
if ((val & mask) != 0) {
642
fail:
643
raise_exception_err(EXCP0D_GPF, 0);
644
}
645
}
646
647
void helper_check_iob(uint32_t t0)
648
{
649
check_io(t0, 1);
650
}
651
652
void helper_check_iow(uint32_t t0)
653
{
654
check_io(t0, 2);
655
}
656
657
void helper_check_iol(uint32_t t0)
658
{
659
check_io(t0, 4);
660
}
661
662
void helper_outb(uint32_t port, uint32_t data)
663
{
664
cpu_outb(port, data & 0xff);
665
}
666
667
target_ulong helper_inb(uint32_t port)
668
{
669
return cpu_inb(port);
670
}
671
672
void helper_outw(uint32_t port, uint32_t data)
673
{
674
cpu_outw(port, data & 0xffff);
675
}
676
677
target_ulong helper_inw(uint32_t port)
678
{
679
return cpu_inw(port);
680
}
681
682
void helper_outl(uint32_t port, uint32_t data)
683
{
684
cpu_outl(port, data);
685
}
686
687
target_ulong helper_inl(uint32_t port)
688
{
689
return cpu_inl(port);
690
}
691
692
static inline unsigned int get_sp_mask(unsigned int e2)
693
{
694
if (e2 & DESC_B_MASK)
695
return 0xffffffff;
696
else
697
return 0xffff;
698
}
699
700
static int exeption_has_error_code(int intno)
701
{
702
switch(intno) {
703
case 8:
704
case 10:
705
case 11:
706
case 12:
707
case 13:
708
case 14:
709
case 17:
710
return 1;
711
}
712
return 0;
713
}
714
715
#ifdef TARGET_X86_64
716
#define SET_ESP(val, sp_mask)\
717
do {\
718
if ((sp_mask) == 0xffff)\
719
ESP = (ESP & ~0xffff) | ((val) & 0xffff);\
720
else if ((sp_mask) == 0xffffffffLL)\
721
ESP = (uint32_t)(val);\
722
else\
723
ESP = (val);\
724
} while (0)
725
#else
726
#define SET_ESP(val, sp_mask) ESP = (ESP & ~(sp_mask)) | ((val) & (sp_mask))
727
#endif
728
729
/* in 64-bit machines, this can overflow. So this segment addition macro
730
* can be used to trim the value to 32-bit whenever needed */
731
#define SEG_ADDL(ssp, sp, sp_mask) ((uint32_t)((ssp) + (sp & (sp_mask))))
732
733
/* XXX: add a is_user flag to have proper security support */
734
#define PUSHW(ssp, sp, sp_mask, val)\
735
{\
736
sp -= 2;\
737
stw_kernel((ssp) + (sp & (sp_mask)), (val));\
738
}
739
740
#define PUSHL(ssp, sp, sp_mask, val)\
741
{\
742
sp -= 4;\
743
stl_kernel(SEG_ADDL(ssp, sp, sp_mask), (uint32_t)(val));\
744
}
745
746
#define POPW(ssp, sp, sp_mask, val)\
747
{\
748
val = lduw_kernel((ssp) + (sp & (sp_mask)));\
749
sp += 2;\
750
}
751
752
#define POPL(ssp, sp, sp_mask, val)\
753
{\
754
val = (uint32_t)ldl_kernel(SEG_ADDL(ssp, sp, sp_mask));\
755
sp += 4;\
756
}
757
758
/* protected mode interrupt */
759
static void do_interrupt_protected(int intno, int is_int, int error_code,
760
unsigned int next_eip, int is_hw)
761
{
762
SegmentCache *dt;
763
target_ulong ptr, ssp;
764
int type, dpl, selector, ss_dpl, cpl;
765
int has_error_code, new_stack, shift;
766
uint32_t e1, e2, offset, ss = 0, esp, ss_e1 = 0, ss_e2 = 0;
767
uint32_t old_eip, sp_mask;
768
769
has_error_code = 0;
770
if (!is_int && !is_hw)
771
has_error_code = exeption_has_error_code(intno);
772
if (is_int)
773
old_eip = next_eip;
774
else
775
old_eip = env->eip;
776
777
dt = &env->idt;
778
if (intno * 8 + 7 > dt->limit)
779
raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
780
ptr = dt->base + intno * 8;
781
e1 = ldl_kernel(ptr);
782
e2 = ldl_kernel(ptr + 4);
783
/* check gate type */
784
type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
785
switch(type) {
786
case 5: /* task gate */
787
/* must do that check here to return the correct error code */
788
if (!(e2 & DESC_P_MASK))
789
raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
790
switch_tss(intno * 8, e1, e2, SWITCH_TSS_CALL, old_eip);
791
if (has_error_code) {
792
int type;
793
uint32_t mask;
794
/* push the error code */
795
type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
796
shift = type >> 3;
797
if (env->segs[R_SS].flags & DESC_B_MASK)
798
mask = 0xffffffff;
799
else
800
mask = 0xffff;
801
esp = (ESP - (2 << shift)) & mask;
802
ssp = env->segs[R_SS].base + esp;
803
if (shift)
804
stl_kernel(ssp, error_code);
805
else
806
stw_kernel(ssp, error_code);
807
SET_ESP(esp, mask);
808
}
809
return;
810
case 6: /* 286 interrupt gate */
811
case 7: /* 286 trap gate */
812
case 14: /* 386 interrupt gate */
813
case 15: /* 386 trap gate */
814
break;
815
default:
816
raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
817
break;
818
}
819
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
820
cpl = env->hflags & HF_CPL_MASK;
821
/* check privilege if software int */
822
if (is_int && dpl < cpl)
823
raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
824
/* check valid bit */
825
if (!(e2 & DESC_P_MASK))
826
raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
827
selector = e1 >> 16;
828
offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
829
if ((selector & 0xfffc) == 0)
830
raise_exception_err(EXCP0D_GPF, 0);
831
832
if (load_segment(&e1, &e2, selector) != 0)
833
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
834
if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
835
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
836
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
837
if (dpl > cpl)
838
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
839
if (!(e2 & DESC_P_MASK))
840
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
841
if (!(e2 & DESC_C_MASK) && dpl < cpl) {
842
/* to inner privilege */
843
get_ss_esp_from_tss(&ss, &esp, dpl);
844
if ((ss & 0xfffc) == 0)
845
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
846
if ((ss & 3) != dpl)
847
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
848
if (load_segment(&ss_e1, &ss_e2, ss) != 0)
849
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
850
ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
851
if (ss_dpl != dpl)
852
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
853
if (!(ss_e2 & DESC_S_MASK) ||
854
(ss_e2 & DESC_CS_MASK) ||
855
!(ss_e2 & DESC_W_MASK))
856
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
857
if (!(ss_e2 & DESC_P_MASK))
858
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
859
new_stack = 1;
860
sp_mask = get_sp_mask(ss_e2);
861
ssp = get_seg_base(ss_e1, ss_e2);
862
} else if ((e2 & DESC_C_MASK) || dpl == cpl) {
863
/* to same privilege */
864
if (env->eflags & VM_MASK)
865
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
866
new_stack = 0;
867
sp_mask = get_sp_mask(env->segs[R_SS].flags);
868
ssp = env->segs[R_SS].base;
869
esp = ESP;
870
dpl = cpl;
871
} else {
872
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
873
new_stack = 0; /* avoid warning */
874
sp_mask = 0; /* avoid warning */
875
ssp = 0; /* avoid warning */
876
esp = 0; /* avoid warning */
877
}
878
879
shift = type >> 3;
880
881
#if 0
882
/* XXX: check that enough room is available */
883
push_size = 6 + (new_stack << 2) + (has_error_code << 1);
884
if (env->eflags & VM_MASK)
885
push_size += 8;
886
push_size <<= shift;
887
#endif
888
if (shift == 1) {
889
if (new_stack) {
890
if (env->eflags & VM_MASK) {
891
PUSHL(ssp, esp, sp_mask, env->segs[R_GS].selector);
892
PUSHL(ssp, esp, sp_mask, env->segs[R_FS].selector);
893
PUSHL(ssp, esp, sp_mask, env->segs[R_DS].selector);
894
PUSHL(ssp, esp, sp_mask, env->segs[R_ES].selector);
895
}
896
PUSHL(ssp, esp, sp_mask, env->segs[R_SS].selector);
897
PUSHL(ssp, esp, sp_mask, ESP);
898
}
899
PUSHL(ssp, esp, sp_mask, compute_eflags());
900
PUSHL(ssp, esp, sp_mask, env->segs[R_CS].selector);
901
PUSHL(ssp, esp, sp_mask, old_eip);
902
if (has_error_code) {
903
PUSHL(ssp, esp, sp_mask, error_code);
904
}
905
} else {
906
if (new_stack) {
907
if (env->eflags & VM_MASK) {
908
PUSHW(ssp, esp, sp_mask, env->segs[R_GS].selector);
909
PUSHW(ssp, esp, sp_mask, env->segs[R_FS].selector);
910
PUSHW(ssp, esp, sp_mask, env->segs[R_DS].selector);
911
PUSHW(ssp, esp, sp_mask, env->segs[R_ES].selector);
912
}
913
PUSHW(ssp, esp, sp_mask, env->segs[R_SS].selector);
914
PUSHW(ssp, esp, sp_mask, ESP);
915
}
916
PUSHW(ssp, esp, sp_mask, compute_eflags());
917
PUSHW(ssp, esp, sp_mask, env->segs[R_CS].selector);
918
PUSHW(ssp, esp, sp_mask, old_eip);
919
if (has_error_code) {
920
PUSHW(ssp, esp, sp_mask, error_code);
921
}
922
}
923
924
if (new_stack) {
925
if (env->eflags & VM_MASK) {
926
cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0, 0);
927
cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0, 0);
928
cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0, 0);
929
cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0, 0);
930
}
931
ss = (ss & ~3) | dpl;
932
cpu_x86_load_seg_cache(env, R_SS, ss,
933
ssp, get_seg_limit(ss_e1, ss_e2), ss_e2);
934
}
935
SET_ESP(esp, sp_mask);
936
937
selector = (selector & ~3) | dpl;
938
cpu_x86_load_seg_cache(env, R_CS, selector,
939
get_seg_base(e1, e2),
940
get_seg_limit(e1, e2),
941
e2);
942
cpu_x86_set_cpl(env, dpl);
943
env->eip = offset;
944
945
/* interrupt gate clear IF mask */
946
if ((type & 1) == 0) {
947
env->eflags &= ~IF_MASK;
948
}
949
env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
950
}
951
952
#ifdef TARGET_X86_64
953
954
#define PUSHQ(sp, val)\
955
{\
956
sp -= 8;\
957
stq_kernel(sp, (val));\
958
}
959
960
#define POPQ(sp, val)\
961
{\
962
val = ldq_kernel(sp);\
963
sp += 8;\
964
}
965
966
static inline target_ulong get_rsp_from_tss(int level)
967
{
968
int index;
969
970
#if 0
971
printf("TR: base=" TARGET_FMT_lx " limit=%x\n",
972
env->tr.base, env->tr.limit);
973
#endif
974
975
if (!(env->tr.flags & DESC_P_MASK))
976
cpu_abort(env, "invalid tss");
977
index = 8 * level + 4;
978
if ((index + 7) > env->tr.limit)
979
raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
980
return ldq_kernel(env->tr.base + index);
981
}
982
983
/* 64 bit interrupt */
984
static void do_interrupt64(int intno, int is_int, int error_code,
985
target_ulong next_eip, int is_hw)
986
{
987
SegmentCache *dt;
988
target_ulong ptr;
989
int type, dpl, selector, cpl, ist;
990
int has_error_code, new_stack;
991
uint32_t e1, e2, e3, ss;
992
target_ulong old_eip, esp, offset;
993
994
has_error_code = 0;
995
if (!is_int && !is_hw)
996
has_error_code = exeption_has_error_code(intno);
997
if (is_int)
998
old_eip = next_eip;
999
else
1000
old_eip = env->eip;
1001
1002
dt = &env->idt;
1003
if (intno * 16 + 15 > dt->limit)
1004
raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
1005
ptr = dt->base + intno * 16;
1006
e1 = ldl_kernel(ptr);
1007
e2 = ldl_kernel(ptr + 4);
1008
e3 = ldl_kernel(ptr + 8);
1009
/* check gate type */
1010
type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
1011
switch(type) {
1012
case 14: /* 386 interrupt gate */
1013
case 15: /* 386 trap gate */
1014
break;
1015
default:
1016
raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
1017
break;
1018
}
1019
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1020
cpl = env->hflags & HF_CPL_MASK;
1021
/* check privilege if software int */
1022
if (is_int && dpl < cpl)
1023
raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
1024
/* check valid bit */
1025
if (!(e2 & DESC_P_MASK))
1026
raise_exception_err(EXCP0B_NOSEG, intno * 16 + 2);
1027
selector = e1 >> 16;
1028
offset = ((target_ulong)e3 << 32) | (e2 & 0xffff0000) | (e1 & 0x0000ffff);
1029
ist = e2 & 7;
1030
if ((selector & 0xfffc) == 0)
1031
raise_exception_err(EXCP0D_GPF, 0);
1032
1033
if (load_segment(&e1, &e2, selector) != 0)
1034
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
1035
if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
1036
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
1037
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1038
if (dpl > cpl)
1039
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
1040
if (!(e2 & DESC_P_MASK))
1041
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
1042
if (!(e2 & DESC_L_MASK) || (e2 & DESC_B_MASK))
1043
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
1044
if ((!(e2 & DESC_C_MASK) && dpl < cpl) || ist != 0) {
1045
/* to inner privilege */
1046
if (ist != 0)
1047
esp = get_rsp_from_tss(ist + 3);
1048
else
1049
esp = get_rsp_from_tss(dpl);
1050
esp &= ~0xfLL; /* align stack */
1051
ss = 0;
1052
new_stack = 1;
1053
} else if ((e2 & DESC_C_MASK) || dpl == cpl) {
1054
/* to same privilege */
1055
if (env->eflags & VM_MASK)
1056
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
1057
new_stack = 0;
1058
if (ist != 0)
1059
esp = get_rsp_from_tss(ist + 3);
1060
else
1061
esp = ESP;
1062
esp &= ~0xfLL; /* align stack */
1063
dpl = cpl;
1064
} else {
1065
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
1066
new_stack = 0; /* avoid warning */
1067
esp = 0; /* avoid warning */
1068
}
1069
1070
PUSHQ(esp, env->segs[R_SS].selector);
1071
PUSHQ(esp, ESP);
1072
PUSHQ(esp, compute_eflags());
1073
PUSHQ(esp, env->segs[R_CS].selector);
1074
PUSHQ(esp, old_eip);
1075
if (has_error_code) {
1076
PUSHQ(esp, error_code);
1077
}
1078
1079
if (new_stack) {
1080
ss = 0 | dpl;
1081
cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, 0);
1082
}
1083
ESP = esp;
1084
1085
selector = (selector & ~3) | dpl;
1086
cpu_x86_load_seg_cache(env, R_CS, selector,
1087
get_seg_base(e1, e2),
1088
get_seg_limit(e1, e2),
1089
e2);
1090
cpu_x86_set_cpl(env, dpl);
1091
env->eip = offset;
1092
1093
/* interrupt gate clear IF mask */
1094
if ((type & 1) == 0) {
1095
env->eflags &= ~IF_MASK;
1096
}
1097
env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
1098
}
1099
#endif
1100
1101
#ifdef TARGET_X86_64
1102
#if defined(CONFIG_USER_ONLY)
1103
void helper_syscall(int next_eip_addend)
1104
{
1105
env->exception_index = EXCP_SYSCALL;
1106
env->exception_next_eip = env->eip + next_eip_addend;
1107
cpu_loop_exit(env);
1108
}
1109
#else
1110
void helper_syscall(int next_eip_addend)
1111
{
1112
int selector;
1113
1114
if (!(env->efer & MSR_EFER_SCE)) {
1115
raise_exception_err(EXCP06_ILLOP, 0);
1116
}
1117
selector = (env->star >> 32) & 0xffff;
1118
if (env->hflags & HF_LMA_MASK) {
1119
int code64;
1120
1121
ECX = env->eip + next_eip_addend;
1122
env->regs[11] = compute_eflags();
1123
1124
code64 = env->hflags & HF_CS64_MASK;
1125
1126
cpu_x86_set_cpl(env, 0);
1127
cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
1128
0, 0xffffffff,
1129
DESC_G_MASK | DESC_P_MASK |
1130
DESC_S_MASK |
1131
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
1132
cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
1133
0, 0xffffffff,
1134
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1135
DESC_S_MASK |
1136
DESC_W_MASK | DESC_A_MASK);
1137
env->eflags &= ~env->fmask;
1138
load_eflags(env->eflags, 0);
1139
if (code64)
1140
env->eip = env->lstar;
1141
else
1142
env->eip = env->cstar;
1143
} else {
1144
ECX = (uint32_t)(env->eip + next_eip_addend);
1145
1146
cpu_x86_set_cpl(env, 0);
1147
cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
1148
0, 0xffffffff,
1149
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1150
DESC_S_MASK |
1151
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1152
cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
1153
0, 0xffffffff,
1154
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1155
DESC_S_MASK |
1156
DESC_W_MASK | DESC_A_MASK);
1157
env->eflags &= ~(IF_MASK | RF_MASK | VM_MASK);
1158
env->eip = (uint32_t)env->star;
1159
}
1160
}
1161
#endif
1162
#endif
1163
1164
#ifdef TARGET_X86_64
1165
void helper_sysret(int dflag)
1166
{
1167
int cpl, selector;
1168
1169
if (!(env->efer & MSR_EFER_SCE)) {
1170
raise_exception_err(EXCP06_ILLOP, 0);
1171
}
1172
cpl = env->hflags & HF_CPL_MASK;
1173
if (!(env->cr[0] & CR0_PE_MASK) || cpl != 0) {
1174
raise_exception_err(EXCP0D_GPF, 0);
1175
}
1176
selector = (env->star >> 48) & 0xffff;
1177
if (env->hflags & HF_LMA_MASK) {
1178
if (dflag == 2) {
1179
cpu_x86_load_seg_cache(env, R_CS, (selector + 16) | 3,
1180
0, 0xffffffff,
1181
DESC_G_MASK | DESC_P_MASK |
1182
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1183
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
1184
DESC_L_MASK);
1185
env->eip = ECX;
1186
} else {
1187
cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1188
0, 0xffffffff,
1189
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1190
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1191
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1192
env->eip = (uint32_t)ECX;
1193
}
1194
cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1195
0, 0xffffffff,
1196
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1197
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1198
DESC_W_MASK | DESC_A_MASK);
1199
load_eflags((uint32_t)(env->regs[11]), TF_MASK | AC_MASK | ID_MASK |
1200
IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK);
1201
cpu_x86_set_cpl(env, 3);
1202
} else {
1203
cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1204
0, 0xffffffff,
1205
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1206
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1207
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1208
env->eip = (uint32_t)ECX;
1209
cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1210
0, 0xffffffff,
1211
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1212
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1213
DESC_W_MASK | DESC_A_MASK);
1214
env->eflags |= IF_MASK;
1215
cpu_x86_set_cpl(env, 3);
1216
}
1217
}
1218
#endif
1219
1220
/* real mode interrupt */
1221
static void do_interrupt_real(int intno, int is_int, int error_code,
1222
unsigned int next_eip)
1223
{
1224
SegmentCache *dt;
1225
target_ulong ptr, ssp;
1226
int selector;
1227
uint32_t offset, esp;
1228
uint32_t old_cs, old_eip;
1229
1230
/* real mode (simpler !) */
1231
dt = &env->idt;
1232
if (intno * 4 + 3 > dt->limit)
1233
raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
1234
ptr = dt->base + intno * 4;
1235
offset = lduw_kernel(ptr);
1236
selector = lduw_kernel(ptr + 2);
1237
esp = ESP;
1238
ssp = env->segs[R_SS].base;
1239
if (is_int)
1240
old_eip = next_eip;
1241
else
1242
old_eip = env->eip;
1243
old_cs = env->segs[R_CS].selector;
1244
/* XXX: use SS segment size ? */
1245
PUSHW(ssp, esp, 0xffff, compute_eflags());
1246
PUSHW(ssp, esp, 0xffff, old_cs);
1247
PUSHW(ssp, esp, 0xffff, old_eip);
1248
1249
/* update processor state */
1250
ESP = (ESP & ~0xffff) | (esp & 0xffff);
1251
env->eip = offset;
1252
env->segs[R_CS].selector = selector;
1253
env->segs[R_CS].base = (selector << 4);
1254
env->eflags &= ~(IF_MASK | TF_MASK | AC_MASK | RF_MASK);
1255
}
1256
1257
#if defined(CONFIG_USER_ONLY)
1258
/* fake user mode interrupt */
1259
static void do_interrupt_user(int intno, int is_int, int error_code,
1260
target_ulong next_eip)
1261
{
1262
SegmentCache *dt;
1263
target_ulong ptr;
1264
int dpl, cpl, shift;
1265
uint32_t e2;
1266
1267
dt = &env->idt;
1268
if (env->hflags & HF_LMA_MASK) {
1269
shift = 4;
1270
} else {
1271
shift = 3;
1272
}
1273
ptr = dt->base + (intno << shift);
1274
e2 = ldl_kernel(ptr + 4);
1275
1276
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1277
cpl = env->hflags & HF_CPL_MASK;
1278
/* check privilege if software int */
1279
if (is_int && dpl < cpl)
1280
raise_exception_err(EXCP0D_GPF, (intno << shift) + 2);
1281
1282
/* Since we emulate only user space, we cannot do more than
1283
exiting the emulation with the suitable exception and error
1284
code */
1285
if (is_int)
1286
EIP = next_eip;
1287
}
1288
1289
#else
1290
1291
static void handle_even_inj(int intno, int is_int, int error_code,
1292
int is_hw, int rm)
1293
{
1294
uint32_t event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
1295
if (!(event_inj & SVM_EVTINJ_VALID)) {
1296
int type;
1297
if (is_int)
1298
type = SVM_EVTINJ_TYPE_SOFT;
1299
else
1300
type = SVM_EVTINJ_TYPE_EXEPT;
1301
event_inj = intno | type | SVM_EVTINJ_VALID;
1302
if (!rm && exeption_has_error_code(intno)) {
1303
event_inj |= SVM_EVTINJ_VALID_ERR;
1304
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err), error_code);
1305
}
1306
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), event_inj);
1307
}
1308
}
1309
#endif
1310
1311
/*
1312
* Begin execution of an interruption. is_int is TRUE if coming from
1313
* the int instruction. next_eip is the EIP value AFTER the interrupt
1314
* instruction. It is only relevant if is_int is TRUE.
1315
*/
1316
static void do_interrupt_all(int intno, int is_int, int error_code,
1317
target_ulong next_eip, int is_hw)
1318
{
1319
if (qemu_loglevel_mask(CPU_LOG_INT)) {
1320
if ((env->cr[0] & CR0_PE_MASK)) {
1321
static int count;
1322
qemu_log("%6d: v=%02x e=%04x i=%d cpl=%d IP=%04x:" TARGET_FMT_lx " pc=" TARGET_FMT_lx " SP=%04x:" TARGET_FMT_lx,
1323
count, intno, error_code, is_int,
1324
env->hflags & HF_CPL_MASK,
1325
env->segs[R_CS].selector, EIP,
1326
(int)env->segs[R_CS].base + EIP,
1327
env->segs[R_SS].selector, ESP);
1328
if (intno == 0x0e) {
1329
qemu_log(" CR2=" TARGET_FMT_lx, env->cr[2]);
1330
} else {
1331
qemu_log(" EAX=" TARGET_FMT_lx, EAX);
1332
}
1333
qemu_log("\n");
1334
log_cpu_state(env, X86_DUMP_CCOP);
1335
#if 0
1336
{
1337
int i;
1338
target_ulong ptr;
1339
qemu_log(" code=");
1340
ptr = env->segs[R_CS].base + env->eip;
1341
for(i = 0; i < 16; i++) {
1342
qemu_log(" %02x", ldub(ptr + i));
1343
}
1344
qemu_log("\n");
1345
}
1346
#endif
1347
count++;
1348
}
1349
}
1350
if (env->cr[0] & CR0_PE_MASK) {
1351
#if !defined(CONFIG_USER_ONLY)
1352
if (env->hflags & HF_SVMI_MASK)
1353
handle_even_inj(intno, is_int, error_code, is_hw, 0);
1354
#endif
1355
#ifdef TARGET_X86_64
1356
if (env->hflags & HF_LMA_MASK) {
1357
do_interrupt64(intno, is_int, error_code, next_eip, is_hw);
1358
} else
1359
#endif
1360
{
1361
do_interrupt_protected(intno, is_int, error_code, next_eip, is_hw);
1362
}
1363
} else {
1364
#if !defined(CONFIG_USER_ONLY)
1365
if (env->hflags & HF_SVMI_MASK)
1366
handle_even_inj(intno, is_int, error_code, is_hw, 1);
1367
#endif
1368
do_interrupt_real(intno, is_int, error_code, next_eip);
1369
}
1370
1371
#if !defined(CONFIG_USER_ONLY)
1372
if (env->hflags & HF_SVMI_MASK) {
1373
uint32_t event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
1374
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), event_inj & ~SVM_EVTINJ_VALID);
1375
}
1376
#endif
1377
}
1378
1379
void do_interrupt(CPUState *env1)
1380
{
1381
CPUState *saved_env;
1382
1383
saved_env = env;
1384
env = env1;
1385
#if defined(CONFIG_USER_ONLY)
1386
/* if user mode only, we simulate a fake exception
1387
which will be handled outside the cpu execution
1388
loop */
1389
do_interrupt_user(env->exception_index,
1390
env->exception_is_int,
1391
env->error_code,
1392
env->exception_next_eip);
1393
/* successfully delivered */
1394
env->old_exception = -1;
1395
#else
1396
/* simulate a real cpu exception. On i386, it can
1397
trigger new exceptions, but we do not handle
1398
double or triple faults yet. */
1399
do_interrupt_all(env->exception_index,
1400
env->exception_is_int,
1401
env->error_code,
1402
env->exception_next_eip, 0);
1403
/* successfully delivered */
1404
env->old_exception = -1;
1405
#endif
1406
env = saved_env;
1407
}
1408
1409
void do_interrupt_x86_hardirq(CPUState *env1, int intno, int is_hw)
1410
{
1411
CPUState *saved_env;
1412
1413
saved_env = env;
1414
env = env1;
1415
do_interrupt_all(intno, 0, 0, 0, is_hw);
1416
env = saved_env;
1417
}
1418
1419
/* This should come from sysemu.h - if we could include it here... */
1420
void qemu_system_reset_request(void);
1421
1422
/*
1423
* Check nested exceptions and change to double or triple fault if
1424
* needed. It should only be called, if this is not an interrupt.
1425
* Returns the new exception number.
1426
*/
1427
static int check_exception(int intno, int *error_code)
1428
{
1429
int first_contributory = env->old_exception == 0 ||
1430
(env->old_exception >= 10 &&
1431
env->old_exception <= 13);
1432
int second_contributory = intno == 0 ||
1433
(intno >= 10 && intno <= 13);
1434
1435
qemu_log_mask(CPU_LOG_INT, "check_exception old: 0x%x new 0x%x\n",
1436
env->old_exception, intno);
1437
1438
#if !defined(CONFIG_USER_ONLY)
1439
if (env->old_exception == EXCP08_DBLE) {
1440
if (env->hflags & HF_SVMI_MASK)
1441
helper_vmexit(SVM_EXIT_SHUTDOWN, 0); /* does not return */
1442
1443
qemu_log_mask(CPU_LOG_RESET, "Triple fault\n");
1444
1445
qemu_system_reset_request();
1446
return EXCP_HLT;
1447
}
1448
#endif
1449
1450
if ((first_contributory && second_contributory)
1451
|| (env->old_exception == EXCP0E_PAGE &&
1452
(second_contributory || (intno == EXCP0E_PAGE)))) {
1453
intno = EXCP08_DBLE;
1454
*error_code = 0;
1455
}
1456
1457
if (second_contributory || (intno == EXCP0E_PAGE) ||
1458
(intno == EXCP08_DBLE))
1459
env->old_exception = intno;
1460
1461
return intno;
1462
}
1463
1464
/*
1465
* Signal an interruption. It is executed in the main CPU loop.
1466
* is_int is TRUE if coming from the int instruction. next_eip is the
1467
* EIP value AFTER the interrupt instruction. It is only relevant if
1468
* is_int is TRUE.
1469
*/
1470
static void QEMU_NORETURN raise_interrupt(int intno, int is_int, int error_code,
1471
int next_eip_addend)
1472
{
1473
if (!is_int) {
1474
helper_svm_check_intercept_param(SVM_EXIT_EXCP_BASE + intno, error_code);
1475
intno = check_exception(intno, &error_code);
1476
} else {
1477
helper_svm_check_intercept_param(SVM_EXIT_SWINT, 0);
1478
}
1479
1480
env->exception_index = intno;
1481
env->error_code = error_code;
1482
env->exception_is_int = is_int;
1483
env->exception_next_eip = env->eip + next_eip_addend;
1484
cpu_loop_exit(env);
1485
}
1486
1487
/* shortcuts to generate exceptions */
1488
1489
static void QEMU_NORETURN raise_exception_err(int exception_index,
1490
int error_code)
1491
{
1492
raise_interrupt(exception_index, 0, error_code, 0);
1493
}
1494
1495
void raise_exception_err_env(CPUState *nenv, int exception_index,
1496
int error_code)
1497
{
1498
env = nenv;
1499
raise_interrupt(exception_index, 0, error_code, 0);
1500
}
1501
1502
static void QEMU_NORETURN raise_exception(int exception_index)
1503
{
1504
raise_interrupt(exception_index, 0, 0, 0);
1505
}
1506
1507
void raise_exception_env(int exception_index, CPUState *nenv)
1508
{
1509
env = nenv;
1510
raise_exception(exception_index);
1511
}
1512
/* SMM support */
1513
1514
#if defined(CONFIG_USER_ONLY)
1515
1516
void do_smm_enter(CPUState *env1)
1517
{
1518
}
1519
1520
void helper_rsm(void)
1521
{
1522
}
1523
1524
#else
1525
1526
#ifdef TARGET_X86_64
1527
#define SMM_REVISION_ID 0x00020064
1528
#else
1529
#define SMM_REVISION_ID 0x00020000
1530
#endif
1531
1532
void do_smm_enter(CPUState *env1)
1533
{
1534
target_ulong sm_state;
1535
SegmentCache *dt;
1536
int i, offset;
1537
CPUState *saved_env;
1538
1539
saved_env = env;
1540
env = env1;
1541
1542
qemu_log_mask(CPU_LOG_INT, "SMM: enter\n");
1543
log_cpu_state_mask(CPU_LOG_INT, env, X86_DUMP_CCOP);
1544
1545
env->hflags |= HF_SMM_MASK;
1546
cpu_smm_update(env);
1547
1548
sm_state = env->smbase + 0x8000;
1549
1550
#ifdef TARGET_X86_64
1551
for(i = 0; i < 6; i++) {
1552
dt = &env->segs[i];
1553
offset = 0x7e00 + i * 16;
1554
stw_phys(sm_state + offset, dt->selector);
1555
stw_phys(sm_state + offset + 2, (dt->flags >> 8) & 0xf0ff);
1556
stl_phys(sm_state + offset + 4, dt->limit);
1557
stq_phys(sm_state + offset + 8, dt->base);
1558
}
1559
1560
stq_phys(sm_state + 0x7e68, env->gdt.base);
1561
stl_phys(sm_state + 0x7e64, env->gdt.limit);
1562
1563
stw_phys(sm_state + 0x7e70, env->ldt.selector);
1564
stq_phys(sm_state + 0x7e78, env->ldt.base);
1565
stl_phys(sm_state + 0x7e74, env->ldt.limit);
1566
stw_phys(sm_state + 0x7e72, (env->ldt.flags >> 8) & 0xf0ff);
1567
1568
stq_phys(sm_state + 0x7e88, env->idt.base);
1569
stl_phys(sm_state + 0x7e84, env->idt.limit);
1570
1571
stw_phys(sm_state + 0x7e90, env->tr.selector);
1572
stq_phys(sm_state + 0x7e98, env->tr.base);
1573
stl_phys(sm_state + 0x7e94, env->tr.limit);
1574
stw_phys(sm_state + 0x7e92, (env->tr.flags >> 8) & 0xf0ff);
1575
1576
stq_phys(sm_state + 0x7ed0, env->efer);
1577
1578
stq_phys(sm_state + 0x7ff8, EAX);
1579
stq_phys(sm_state + 0x7ff0, ECX);
1580
stq_phys(sm_state + 0x7fe8, EDX);
1581
stq_phys(sm_state + 0x7fe0, EBX);
1582
stq_phys(sm_state + 0x7fd8, ESP);
1583
stq_phys(sm_state + 0x7fd0, EBP);
1584
stq_phys(sm_state + 0x7fc8, ESI);
1585
stq_phys(sm_state + 0x7fc0, EDI);
1586
for(i = 8; i < 16; i++)
1587
stq_phys(sm_state + 0x7ff8 - i * 8, env->regs[i]);
1588
stq_phys(sm_state + 0x7f78, env->eip);
1589
stl_phys(sm_state + 0x7f70, compute_eflags());
1590
stl_phys(sm_state + 0x7f68, env->dr[6]);
1591
stl_phys(sm_state + 0x7f60, env->dr[7]);
1592
1593
stl_phys(sm_state + 0x7f48, env->cr[4]);
1594
stl_phys(sm_state + 0x7f50, env->cr[3]);
1595
stl_phys(sm_state + 0x7f58, env->cr[0]);
1596
1597
stl_phys(sm_state + 0x7efc, SMM_REVISION_ID);
1598
stl_phys(sm_state + 0x7f00, env->smbase);
1599
#else
1600
stl_phys(sm_state + 0x7ffc, env->cr[0]);
1601
stl_phys(sm_state + 0x7ff8, env->cr[3]);
1602
stl_phys(sm_state + 0x7ff4, compute_eflags());
1603
stl_phys(sm_state + 0x7ff0, env->eip);
1604
stl_phys(sm_state + 0x7fec, EDI);
1605
stl_phys(sm_state + 0x7fe8, ESI);
1606
stl_phys(sm_state + 0x7fe4, EBP);
1607
stl_phys(sm_state + 0x7fe0, ESP);
1608
stl_phys(sm_state + 0x7fdc, EBX);
1609
stl_phys(sm_state + 0x7fd8, EDX);
1610
stl_phys(sm_state + 0x7fd4, ECX);
1611
stl_phys(sm_state + 0x7fd0, EAX);
1612
stl_phys(sm_state + 0x7fcc, env->dr[6]);
1613
stl_phys(sm_state + 0x7fc8, env->dr[7]);
1614
1615
stl_phys(sm_state + 0x7fc4, env->tr.selector);
1616
stl_phys(sm_state + 0x7f64, env->tr.base);
1617
stl_phys(sm_state + 0x7f60, env->tr.limit);
1618
stl_phys(sm_state + 0x7f5c, (env->tr.flags >> 8) & 0xf0ff);
1619
1620
stl_phys(sm_state + 0x7fc0, env->ldt.selector);
1621
stl_phys(sm_state + 0x7f80, env->ldt.base);
1622
stl_phys(sm_state + 0x7f7c, env->ldt.limit);
1623
stl_phys(sm_state + 0x7f78, (env->ldt.flags >> 8) & 0xf0ff);
1624
1625
stl_phys(sm_state + 0x7f74, env->gdt.base);
1626
stl_phys(sm_state + 0x7f70, env->gdt.limit);
1627
1628
stl_phys(sm_state + 0x7f58, env->idt.base);
1629
stl_phys(sm_state + 0x7f54, env->idt.limit);
1630
1631
for(i = 0; i < 6; i++) {
1632
dt = &env->segs[i];
1633
if (i < 3)
1634
offset = 0x7f84 + i * 12;
1635
else
1636
offset = 0x7f2c + (i - 3) * 12;
1637
stl_phys(sm_state + 0x7fa8 + i * 4, dt->selector);
1638
stl_phys(sm_state + offset + 8, dt->base);
1639
stl_phys(sm_state + offset + 4, dt->limit);
1640
stl_phys(sm_state + offset, (dt->flags >> 8) & 0xf0ff);
1641
}
1642
stl_phys(sm_state + 0x7f14, env->cr[4]);
1643
1644
stl_phys(sm_state + 0x7efc, SMM_REVISION_ID);
1645
stl_phys(sm_state + 0x7ef8, env->smbase);
1646
#endif
1647
/* init SMM cpu state */
1648
1649
#ifdef TARGET_X86_64
1650
cpu_load_efer(env, 0);
1651
#endif
1652
load_eflags(0, ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1653
env->eip = 0x00008000;
1654
cpu_x86_load_seg_cache(env, R_CS, (env->smbase >> 4) & 0xffff, env->smbase,
1655
0xffffffff, 0);
1656
cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffffffff, 0);
1657
cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0xffffffff, 0);
1658
cpu_x86_load_seg_cache(env, R_SS, 0, 0, 0xffffffff, 0);
1659
cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0xffffffff, 0);
1660
cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0xffffffff, 0);
1661
1662
cpu_x86_update_cr0(env,
1663
env->cr[0] & ~(CR0_PE_MASK | CR0_EM_MASK | CR0_TS_MASK | CR0_PG_MASK));
1664
cpu_x86_update_cr4(env, 0);
1665
env->dr[7] = 0x00000400;
1666
CC_OP = CC_OP_EFLAGS;
1667
env = saved_env;
1668
}
1669
1670
void helper_rsm(void)
1671
{
1672
target_ulong sm_state;
1673
int i, offset;
1674
uint32_t val;
1675
1676
sm_state = env->smbase + 0x8000;
1677
#ifdef TARGET_X86_64
1678
cpu_load_efer(env, ldq_phys(sm_state + 0x7ed0));
1679
1680
for(i = 0; i < 6; i++) {
1681
offset = 0x7e00 + i * 16;
1682
cpu_x86_load_seg_cache(env, i,
1683
lduw_phys(sm_state + offset),
1684
ldq_phys(sm_state + offset + 8),
1685
ldl_phys(sm_state + offset + 4),
1686
(lduw_phys(sm_state + offset + 2) & 0xf0ff) << 8);
1687
}
1688
1689
env->gdt.base = ldq_phys(sm_state + 0x7e68);
1690
env->gdt.limit = ldl_phys(sm_state + 0x7e64);
1691
1692
env->ldt.selector = lduw_phys(sm_state + 0x7e70);
1693
env->ldt.base = ldq_phys(sm_state + 0x7e78);
1694
env->ldt.limit = ldl_phys(sm_state + 0x7e74);
1695
env->ldt.flags = (lduw_phys(sm_state + 0x7e72) & 0xf0ff) << 8;
1696
1697
env->idt.base = ldq_phys(sm_state + 0x7e88);
1698
env->idt.limit = ldl_phys(sm_state + 0x7e84);
1699
1700
env->tr.selector = lduw_phys(sm_state + 0x7e90);
1701
env->tr.base = ldq_phys(sm_state + 0x7e98);
1702
env->tr.limit = ldl_phys(sm_state + 0x7e94);
1703
env->tr.flags = (lduw_phys(sm_state + 0x7e92) & 0xf0ff) << 8;
1704
1705
EAX = ldq_phys(sm_state + 0x7ff8);
1706
ECX = ldq_phys(sm_state + 0x7ff0);
1707
EDX = ldq_phys(sm_state + 0x7fe8);
1708
EBX = ldq_phys(sm_state + 0x7fe0);
1709
ESP = ldq_phys(sm_state + 0x7fd8);
1710
EBP = ldq_phys(sm_state + 0x7fd0);
1711
ESI = ldq_phys(sm_state + 0x7fc8);
1712
EDI = ldq_phys(sm_state + 0x7fc0);
1713
for(i = 8; i < 16; i++)
1714
env->regs[i] = ldq_phys(sm_state + 0x7ff8 - i * 8);
1715
env->eip = ldq_phys(sm_state + 0x7f78);
1716
load_eflags(ldl_phys(sm_state + 0x7f70),
1717
~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1718
env->dr[6] = ldl_phys(sm_state + 0x7f68);
1719
env->dr[7] = ldl_phys(sm_state + 0x7f60);
1720
1721
cpu_x86_update_cr4(env, ldl_phys(sm_state + 0x7f48));
1722
cpu_x86_update_cr3(env, ldl_phys(sm_state + 0x7f50));
1723
cpu_x86_update_cr0(env, ldl_phys(sm_state + 0x7f58));
1724
1725
val = ldl_phys(sm_state + 0x7efc); /* revision ID */
1726
if (val & 0x20000) {
1727
env->smbase = ldl_phys(sm_state + 0x7f00) & ~0x7fff;
1728
}
1729
#else
1730
cpu_x86_update_cr0(env, ldl_phys(sm_state + 0x7ffc));
1731
cpu_x86_update_cr3(env, ldl_phys(sm_state + 0x7ff8));
1732
load_eflags(ldl_phys(sm_state + 0x7ff4),
1733
~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1734
env->eip = ldl_phys(sm_state + 0x7ff0);
1735
EDI = ldl_phys(sm_state + 0x7fec);
1736
ESI = ldl_phys(sm_state + 0x7fe8);
1737
EBP = ldl_phys(sm_state + 0x7fe4);
1738
ESP = ldl_phys(sm_state + 0x7fe0);
1739
EBX = ldl_phys(sm_state + 0x7fdc);
1740
EDX = ldl_phys(sm_state + 0x7fd8);
1741
ECX = ldl_phys(sm_state + 0x7fd4);
1742
EAX = ldl_phys(sm_state + 0x7fd0);
1743
env->dr[6] = ldl_phys(sm_state + 0x7fcc);
1744
env->dr[7] = ldl_phys(sm_state + 0x7fc8);
1745
1746
env->tr.selector = ldl_phys(sm_state + 0x7fc4) & 0xffff;
1747
env->tr.base = ldl_phys(sm_state + 0x7f64);
1748
env->tr.limit = ldl_phys(sm_state + 0x7f60);
1749
env->tr.flags = (ldl_phys(sm_state + 0x7f5c) & 0xf0ff) << 8;
1750
1751
env->ldt.selector = ldl_phys(sm_state + 0x7fc0) & 0xffff;
1752
env->ldt.base = ldl_phys(sm_state + 0x7f80);
1753
env->ldt.limit = ldl_phys(sm_state + 0x7f7c);
1754
env->ldt.flags = (ldl_phys(sm_state + 0x7f78) & 0xf0ff) << 8;
1755
1756
env->gdt.base = ldl_phys(sm_state + 0x7f74);
1757
env->gdt.limit = ldl_phys(sm_state + 0x7f70);
1758
1759
env->idt.base = ldl_phys(sm_state + 0x7f58);
1760
env->idt.limit = ldl_phys(sm_state + 0x7f54);
1761
1762
for(i = 0; i < 6; i++) {
1763
if (i < 3)
1764
offset = 0x7f84 + i * 12;
1765
else
1766
offset = 0x7f2c + (i - 3) * 12;
1767
cpu_x86_load_seg_cache(env, i,
1768
ldl_phys(sm_state + 0x7fa8 + i * 4) & 0xffff,
1769
ldl_phys(sm_state + offset + 8),
1770
ldl_phys(sm_state + offset + 4),
1771
(ldl_phys(sm_state + offset) & 0xf0ff) << 8);
1772
}
1773
cpu_x86_update_cr4(env, ldl_phys(sm_state + 0x7f14));
1774
1775
val = ldl_phys(sm_state + 0x7efc); /* revision ID */
1776
if (val & 0x20000) {
1777
env->smbase = ldl_phys(sm_state + 0x7ef8) & ~0x7fff;
1778
}
1779
#endif
1780
CC_OP = CC_OP_EFLAGS;
1781
env->hflags &= ~HF_SMM_MASK;
1782
cpu_smm_update(env);
1783
1784
qemu_log_mask(CPU_LOG_INT, "SMM: after RSM\n");
1785
log_cpu_state_mask(CPU_LOG_INT, env, X86_DUMP_CCOP);
1786
}
1787
1788
#endif /* !CONFIG_USER_ONLY */
1789
1790
1791
/* division, flags are undefined */
1792
1793
void helper_divb_AL(target_ulong t0)
1794
{
1795
unsigned int num, den, q, r;
1796
1797
num = (EAX & 0xffff);
1798
den = (t0 & 0xff);
1799
if (den == 0) {
1800
raise_exception(EXCP00_DIVZ);
1801
}
1802
q = (num / den);
1803
if (q > 0xff)
1804
raise_exception(EXCP00_DIVZ);
1805
q &= 0xff;
1806
r = (num % den) & 0xff;
1807
EAX = (EAX & ~0xffff) | (r << 8) | q;
1808
}
1809
1810
void helper_idivb_AL(target_ulong t0)
1811
{
1812
int num, den, q, r;
1813
1814
num = (int16_t)EAX;
1815
den = (int8_t)t0;
1816
if (den == 0) {
1817
raise_exception(EXCP00_DIVZ);
1818
}
1819
q = (num / den);
1820
if (q != (int8_t)q)
1821
raise_exception(EXCP00_DIVZ);
1822
q &= 0xff;
1823
r = (num % den) & 0xff;
1824
EAX = (EAX & ~0xffff) | (r << 8) | q;
1825
}
1826
1827
void helper_divw_AX(target_ulong t0)
1828
{
1829
unsigned int num, den, q, r;
1830
1831
num = (EAX & 0xffff) | ((EDX & 0xffff) << 16);
1832
den = (t0 & 0xffff);
1833
if (den == 0) {
1834
raise_exception(EXCP00_DIVZ);
1835
}
1836
q = (num / den);
1837
if (q > 0xffff)
1838
raise_exception(EXCP00_DIVZ);
1839
q &= 0xffff;
1840
r = (num % den) & 0xffff;
1841
EAX = (EAX & ~0xffff) | q;
1842
EDX = (EDX & ~0xffff) | r;
1843
}
1844
1845
void helper_idivw_AX(target_ulong t0)
1846
{
1847
int num, den, q, r;
1848
1849
num = (EAX & 0xffff) | ((EDX & 0xffff) << 16);
1850
den = (int16_t)t0;
1851
if (den == 0) {
1852
raise_exception(EXCP00_DIVZ);
1853
}
1854
q = (num / den);
1855
if (q != (int16_t)q)
1856
raise_exception(EXCP00_DIVZ);
1857
q &= 0xffff;
1858
r = (num % den) & 0xffff;
1859
EAX = (EAX & ~0xffff) | q;
1860
EDX = (EDX & ~0xffff) | r;
1861
}
1862
1863
void helper_divl_EAX(target_ulong t0)
1864
{
1865
unsigned int den, r;
1866
uint64_t num, q;
1867
1868
num = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
1869
den = t0;
1870
if (den == 0) {
1871
raise_exception(EXCP00_DIVZ);
1872
}
1873
q = (num / den);
1874
r = (num % den);
1875
if (q > 0xffffffff)
1876
raise_exception(EXCP00_DIVZ);
1877
EAX = (uint32_t)q;
1878
EDX = (uint32_t)r;
1879
}
1880
1881
void helper_idivl_EAX(target_ulong t0)
1882
{
1883
int den, r;
1884
int64_t num, q;
1885
1886
num = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
1887
den = t0;
1888
if (den == 0) {
1889
raise_exception(EXCP00_DIVZ);
1890
}
1891
q = (num / den);
1892
r = (num % den);
1893
if (q != (int32_t)q)
1894
raise_exception(EXCP00_DIVZ);
1895
EAX = (uint32_t)q;
1896
EDX = (uint32_t)r;
1897
}
1898
1899
/* bcd */
1900
1901
/* XXX: exception */
1902
void helper_aam(int base)
1903
{
1904
int al, ah;
1905
al = EAX & 0xff;
1906
ah = al / base;
1907
al = al % base;
1908
EAX = (EAX & ~0xffff) | al | (ah << 8);
1909
CC_DST = al;
1910
}
1911
1912
void helper_aad(int base)
1913
{
1914
int al, ah;
1915
al = EAX & 0xff;
1916
ah = (EAX >> 8) & 0xff;
1917
al = ((ah * base) + al) & 0xff;
1918
EAX = (EAX & ~0xffff) | al;
1919
CC_DST = al;
1920
}
1921
1922
void helper_aaa(void)
1923
{
1924
int icarry;
1925
int al, ah, af;
1926
int eflags;
1927
1928
eflags = helper_cc_compute_all(CC_OP);
1929
af = eflags & CC_A;
1930
al = EAX & 0xff;
1931
ah = (EAX >> 8) & 0xff;
1932
1933
icarry = (al > 0xf9);
1934
if (((al & 0x0f) > 9 ) || af) {
1935
al = (al + 6) & 0x0f;
1936
ah = (ah + 1 + icarry) & 0xff;
1937
eflags |= CC_C | CC_A;
1938
} else {
1939
eflags &= ~(CC_C | CC_A);
1940
al &= 0x0f;
1941
}
1942
EAX = (EAX & ~0xffff) | al | (ah << 8);
1943
CC_SRC = eflags;
1944
}
1945
1946
void helper_aas(void)
1947
{
1948
int icarry;
1949
int al, ah, af;
1950
int eflags;
1951
1952
eflags = helper_cc_compute_all(CC_OP);
1953
af = eflags & CC_A;
1954
al = EAX & 0xff;
1955
ah = (EAX >> 8) & 0xff;
1956
1957
icarry = (al < 6);
1958
if (((al & 0x0f) > 9 ) || af) {
1959
al = (al - 6) & 0x0f;
1960
ah = (ah - 1 - icarry) & 0xff;
1961
eflags |= CC_C | CC_A;
1962
} else {
1963
eflags &= ~(CC_C | CC_A);
1964
al &= 0x0f;
1965
}
1966
EAX = (EAX & ~0xffff) | al | (ah << 8);
1967
CC_SRC = eflags;
1968
}
1969
1970
void helper_daa(void)
1971
{
1972
int old_al, al, af, cf;
1973
int eflags;
1974
1975
eflags = helper_cc_compute_all(CC_OP);
1976
cf = eflags & CC_C;
1977
af = eflags & CC_A;
1978
old_al = al = EAX & 0xff;
1979
1980
eflags = 0;
1981
if (((al & 0x0f) > 9 ) || af) {
1982
al = (al + 6) & 0xff;
1983
eflags |= CC_A;
1984
}
1985
if ((old_al > 0x99) || cf) {
1986
al = (al + 0x60) & 0xff;
1987
eflags |= CC_C;
1988
}
1989
EAX = (EAX & ~0xff) | al;
1990
/* well, speed is not an issue here, so we compute the flags by hand */
1991
eflags |= (al == 0) << 6; /* zf */
1992
eflags |= parity_table[al]; /* pf */
1993
eflags |= (al & 0x80); /* sf */
1994
CC_SRC = eflags;
1995
}
1996
1997
void helper_das(void)
1998
{
1999
int al, al1, af, cf;
2000
int eflags;
2001
2002
eflags = helper_cc_compute_all(CC_OP);
2003
cf = eflags & CC_C;
2004
af = eflags & CC_A;
2005
al = EAX & 0xff;
2006
2007
eflags = 0;
2008
al1 = al;
2009
if (((al & 0x0f) > 9 ) || af) {
2010
eflags |= CC_A;
2011
if (al < 6 || cf)
2012
eflags |= CC_C;
2013
al = (al - 6) & 0xff;
2014
}
2015
if ((al1 > 0x99) || cf) {
2016
al = (al - 0x60) & 0xff;
2017
eflags |= CC_C;
2018
}
2019
EAX = (EAX & ~0xff) | al;
2020
/* well, speed is not an issue here, so we compute the flags by hand */
2021
eflags |= (al == 0) << 6; /* zf */
2022
eflags |= parity_table[al]; /* pf */
2023
eflags |= (al & 0x80); /* sf */
2024
CC_SRC = eflags;
2025
}
2026
2027
void helper_into(int next_eip_addend)
2028
{
2029
int eflags;
2030
eflags = helper_cc_compute_all(CC_OP);
2031
if (eflags & CC_O) {
2032
raise_interrupt(EXCP04_INTO, 1, 0, next_eip_addend);
2033
}
2034
}
2035
2036
void helper_cmpxchg8b(target_ulong a0)
2037
{
2038
uint64_t d;
2039
int eflags;
2040
2041
eflags = helper_cc_compute_all(CC_OP);
2042
d = ldq(a0);
2043
if (d == (((uint64_t)EDX << 32) | (uint32_t)EAX)) {
2044
stq(a0, ((uint64_t)ECX << 32) | (uint32_t)EBX);
2045
eflags |= CC_Z;
2046
} else {
2047
/* always do the store */
2048
stq(a0, d);
2049
EDX = (uint32_t)(d >> 32);
2050
EAX = (uint32_t)d;
2051
eflags &= ~CC_Z;
2052
}
2053
CC_SRC = eflags;
2054
}
2055
2056
#ifdef TARGET_X86_64
2057
void helper_cmpxchg16b(target_ulong a0)
2058
{
2059
uint64_t d0, d1;
2060
int eflags;
2061
2062
if ((a0 & 0xf) != 0)
2063
raise_exception(EXCP0D_GPF);
2064
eflags = helper_cc_compute_all(CC_OP);
2065
d0 = ldq(a0);
2066
d1 = ldq(a0 + 8);
2067
if (d0 == EAX && d1 == EDX) {
2068
stq(a0, EBX);
2069
stq(a0 + 8, ECX);
2070
eflags |= CC_Z;
2071
} else {
2072
/* always do the store */
2073
stq(a0, d0);
2074
stq(a0 + 8, d1);
2075
EDX = d1;
2076
EAX = d0;
2077
eflags &= ~CC_Z;
2078
}
2079
CC_SRC = eflags;
2080
}
2081
#endif
2082
2083
void helper_single_step(void)
2084
{
2085
#ifndef CONFIG_USER_ONLY
2086
check_hw_breakpoints(env, 1);
2087
env->dr[6] |= DR6_BS;
2088
#endif
2089
raise_exception(EXCP01_DB);
2090
}
2091
2092
void helper_cpuid(void)
2093
{
2094
uint32_t eax, ebx, ecx, edx;
2095
2096
helper_svm_check_intercept_param(SVM_EXIT_CPUID, 0);
2097
2098
cpu_x86_cpuid(env, (uint32_t)EAX, (uint32_t)ECX, &eax, &ebx, &ecx, &edx);
2099
EAX = eax;
2100
EBX = ebx;
2101
ECX = ecx;
2102
EDX = edx;
2103
}
2104
2105
void helper_enter_level(int level, int data32, target_ulong t1)
2106
{
2107
target_ulong ssp;
2108
uint32_t esp_mask, esp, ebp;
2109
2110
esp_mask = get_sp_mask(env->segs[R_SS].flags);
2111
ssp = env->segs[R_SS].base;
2112
ebp = EBP;
2113
esp = ESP;
2114
if (data32) {
2115
/* 32 bit */
2116
esp -= 4;
2117
while (--level) {
2118
esp -= 4;
2119
ebp -= 4;
2120
stl(ssp + (esp & esp_mask), ldl(ssp + (ebp & esp_mask)));
2121
}
2122
esp -= 4;
2123
stl(ssp + (esp & esp_mask), t1);
2124
} else {
2125
/* 16 bit */
2126
esp -= 2;
2127
while (--level) {
2128
esp -= 2;
2129
ebp -= 2;
2130
stw(ssp + (esp & esp_mask), lduw(ssp + (ebp & esp_mask)));
2131
}
2132
esp -= 2;
2133
stw(ssp + (esp & esp_mask), t1);
2134
}
2135
}
2136
2137
#ifdef TARGET_X86_64
2138
void helper_enter64_level(int level, int data64, target_ulong t1)
2139
{
2140
target_ulong esp, ebp;
2141
ebp = EBP;
2142
esp = ESP;
2143
2144
if (data64) {
2145
/* 64 bit */
2146
esp -= 8;
2147
while (--level) {
2148
esp -= 8;
2149
ebp -= 8;
2150
stq(esp, ldq(ebp));
2151
}
2152
esp -= 8;
2153
stq(esp, t1);
2154
} else {
2155
/* 16 bit */
2156
esp -= 2;
2157
while (--level) {
2158
esp -= 2;
2159
ebp -= 2;
2160
stw(esp, lduw(ebp));
2161
}
2162
esp -= 2;
2163
stw(esp, t1);
2164
}
2165
}
2166
#endif
2167
2168
void helper_lldt(int selector)
2169
{
2170
SegmentCache *dt;
2171
uint32_t e1, e2;
2172
int index, entry_limit;
2173
target_ulong ptr;
2174
2175
selector &= 0xffff;
2176
if ((selector & 0xfffc) == 0) {
2177
/* XXX: NULL selector case: invalid LDT */
2178
env->ldt.base = 0;
2179
env->ldt.limit = 0;
2180
} else {
2181
if (selector & 0x4)
2182
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2183
dt = &env->gdt;
2184
index = selector & ~7;
2185
#ifdef TARGET_X86_64
2186
if (env->hflags & HF_LMA_MASK)
2187
entry_limit = 15;
2188
else
2189
#endif
2190
entry_limit = 7;
2191
if ((index + entry_limit) > dt->limit)
2192
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2193
ptr = dt->base + index;
2194
e1 = ldl_kernel(ptr);
2195
e2 = ldl_kernel(ptr + 4);
2196
if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2)
2197
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2198
if (!(e2 & DESC_P_MASK))
2199
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2200
#ifdef TARGET_X86_64
2201
if (env->hflags & HF_LMA_MASK) {
2202
uint32_t e3;
2203
e3 = ldl_kernel(ptr + 8);
2204
load_seg_cache_raw_dt(&env->ldt, e1, e2);
2205
env->ldt.base |= (target_ulong)e3 << 32;
2206
} else
2207
#endif
2208
{
2209
load_seg_cache_raw_dt(&env->ldt, e1, e2);
2210
}
2211
}
2212
env->ldt.selector = selector;
2213
}
2214
2215
void helper_ltr(int selector)
2216
{
2217
SegmentCache *dt;
2218
uint32_t e1, e2;
2219
int index, type, entry_limit;
2220
target_ulong ptr;
2221
2222
selector &= 0xffff;
2223
if ((selector & 0xfffc) == 0) {
2224
/* NULL selector case: invalid TR */
2225
env->tr.base = 0;
2226
env->tr.limit = 0;
2227
env->tr.flags = 0;
2228
} else {
2229
if (selector & 0x4)
2230
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2231
dt = &env->gdt;
2232
index = selector & ~7;
2233
#ifdef TARGET_X86_64
2234
if (env->hflags & HF_LMA_MASK)
2235
entry_limit = 15;
2236
else
2237
#endif
2238
entry_limit = 7;
2239
if ((index + entry_limit) > dt->limit)
2240
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2241
ptr = dt->base + index;
2242
e1 = ldl_kernel(ptr);
2243
e2 = ldl_kernel(ptr + 4);
2244
type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2245
if ((e2 & DESC_S_MASK) ||
2246
(type != 1 && type != 9))
2247
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2248
if (!(e2 & DESC_P_MASK))
2249
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2250
#ifdef TARGET_X86_64
2251
if (env->hflags & HF_LMA_MASK) {
2252
uint32_t e3, e4;
2253
e3 = ldl_kernel(ptr + 8);
2254
e4 = ldl_kernel(ptr + 12);
2255
if ((e4 >> DESC_TYPE_SHIFT) & 0xf)
2256
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2257
load_seg_cache_raw_dt(&env->tr, e1, e2);
2258
env->tr.base |= (target_ulong)e3 << 32;
2259
} else
2260
#endif
2261
{
2262
load_seg_cache_raw_dt(&env->tr, e1, e2);
2263
}
2264
e2 |= DESC_TSS_BUSY_MASK;
2265
stl_kernel(ptr + 4, e2);
2266
}
2267
env->tr.selector = selector;
2268
}
2269
2270
/* only works if protected mode and not VM86. seg_reg must be != R_CS */
2271
void helper_load_seg(int seg_reg, int selector)
2272
{
2273
uint32_t e1, e2;
2274
int cpl, dpl, rpl;
2275
SegmentCache *dt;
2276
int index;
2277
target_ulong ptr;
2278
2279
selector &= 0xffff;
2280
cpl = env->hflags & HF_CPL_MASK;
2281
if ((selector & 0xfffc) == 0) {
2282
/* null selector case */
2283
if (seg_reg == R_SS
2284
#ifdef TARGET_X86_64
2285
&& (!(env->hflags & HF_CS64_MASK) || cpl == 3)
2286
#endif
2287
)
2288
raise_exception_err(EXCP0D_GPF, 0);
2289
cpu_x86_load_seg_cache(env, seg_reg, selector, 0, 0, 0);
2290
} else {
2291
2292
if (selector & 0x4)
2293
dt = &env->ldt;
2294
else
2295
dt = &env->gdt;
2296
index = selector & ~7;
2297
if ((index + 7) > dt->limit)
2298
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2299
ptr = dt->base + index;
2300
e1 = ldl_kernel(ptr);
2301
e2 = ldl_kernel(ptr + 4);
2302
2303
if (!(e2 & DESC_S_MASK))
2304
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2305
rpl = selector & 3;
2306
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2307
if (seg_reg == R_SS) {
2308
/* must be writable segment */
2309
if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK))
2310
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2311
if (rpl != cpl || dpl != cpl)
2312
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2313
} else {
2314
/* must be readable segment */
2315
if ((e2 & (DESC_CS_MASK | DESC_R_MASK)) == DESC_CS_MASK)
2316
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2317
2318
if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
2319
/* if not conforming code, test rights */
2320
if (dpl < cpl || dpl < rpl)
2321
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2322
}
2323
}
2324
2325
if (!(e2 & DESC_P_MASK)) {
2326
if (seg_reg == R_SS)
2327
raise_exception_err(EXCP0C_STACK, selector & 0xfffc);
2328
else
2329
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2330
}
2331
2332
/* set the access bit if not already set */
2333
if (!(e2 & DESC_A_MASK)) {
2334
e2 |= DESC_A_MASK;
2335
stl_kernel(ptr + 4, e2);
2336
}
2337
2338
cpu_x86_load_seg_cache(env, seg_reg, selector,
2339
get_seg_base(e1, e2),
2340
get_seg_limit(e1, e2),
2341
e2);
2342
#if 0
2343
qemu_log("load_seg: sel=0x%04x base=0x%08lx limit=0x%08lx flags=%08x\n",
2344
selector, (unsigned long)sc->base, sc->limit, sc->flags);
2345
#endif
2346
}
2347
}
2348
2349
/* protected mode jump */
2350
void helper_ljmp_protected(int new_cs, target_ulong new_eip,
2351
int next_eip_addend)
2352
{
2353
int gate_cs, type;
2354
uint32_t e1, e2, cpl, dpl, rpl, limit;
2355
target_ulong next_eip;
2356
2357
if ((new_cs & 0xfffc) == 0)
2358
raise_exception_err(EXCP0D_GPF, 0);
2359
if (load_segment(&e1, &e2, new_cs) != 0)
2360
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2361
cpl = env->hflags & HF_CPL_MASK;
2362
if (e2 & DESC_S_MASK) {
2363
if (!(e2 & DESC_CS_MASK))
2364
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2365
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2366
if (e2 & DESC_C_MASK) {
2367
/* conforming code segment */
2368
if (dpl > cpl)
2369
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2370
} else {
2371
/* non conforming code segment */
2372
rpl = new_cs & 3;
2373
if (rpl > cpl)
2374
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2375
if (dpl != cpl)
2376
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2377
}
2378
if (!(e2 & DESC_P_MASK))
2379
raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2380
limit = get_seg_limit(e1, e2);
2381
if (new_eip > limit &&
2382
!(env->hflags & HF_LMA_MASK) && !(e2 & DESC_L_MASK))
2383
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2384
cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2385
get_seg_base(e1, e2), limit, e2);
2386
EIP = new_eip;
2387
} else {
2388
/* jump to call or task gate */
2389
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2390
rpl = new_cs & 3;
2391
cpl = env->hflags & HF_CPL_MASK;
2392
type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2393
switch(type) {
2394
case 1: /* 286 TSS */
2395
case 9: /* 386 TSS */
2396
case 5: /* task gate */
2397
if (dpl < cpl || dpl < rpl)
2398
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2399
next_eip = env->eip + next_eip_addend;
2400
switch_tss(new_cs, e1, e2, SWITCH_TSS_JMP, next_eip);
2401
CC_OP = CC_OP_EFLAGS;
2402
break;
2403
case 4: /* 286 call gate */
2404
case 12: /* 386 call gate */
2405
if ((dpl < cpl) || (dpl < rpl))
2406
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2407
if (!(e2 & DESC_P_MASK))
2408
raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2409
gate_cs = e1 >> 16;
2410
new_eip = (e1 & 0xffff);
2411
if (type == 12)
2412
new_eip |= (e2 & 0xffff0000);
2413
if (load_segment(&e1, &e2, gate_cs) != 0)
2414
raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2415
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2416
/* must be code segment */
2417
if (((e2 & (DESC_S_MASK | DESC_CS_MASK)) !=
2418
(DESC_S_MASK | DESC_CS_MASK)))
2419
raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2420
if (((e2 & DESC_C_MASK) && (dpl > cpl)) ||
2421
(!(e2 & DESC_C_MASK) && (dpl != cpl)))
2422
raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2423
if (!(e2 & DESC_P_MASK))
2424
raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2425
limit = get_seg_limit(e1, e2);
2426
if (new_eip > limit)
2427
raise_exception_err(EXCP0D_GPF, 0);
2428
cpu_x86_load_seg_cache(env, R_CS, (gate_cs & 0xfffc) | cpl,
2429
get_seg_base(e1, e2), limit, e2);
2430
EIP = new_eip;
2431
break;
2432
default:
2433
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2434
break;
2435
}
2436
}
2437
}
2438
2439
/* real mode call */
2440
void helper_lcall_real(int new_cs, target_ulong new_eip1,
2441
int shift, int next_eip)
2442
{
2443
int new_eip;
2444
uint32_t esp, esp_mask;
2445
target_ulong ssp;
2446
2447
new_eip = new_eip1;
2448
esp = ESP;
2449
esp_mask = get_sp_mask(env->segs[R_SS].flags);
2450
ssp = env->segs[R_SS].base;
2451
if (shift) {
2452
PUSHL(ssp, esp, esp_mask, env->segs[R_CS].selector);
2453
PUSHL(ssp, esp, esp_mask, next_eip);
2454
} else {
2455
PUSHW(ssp, esp, esp_mask, env->segs[R_CS].selector);
2456
PUSHW(ssp, esp, esp_mask, next_eip);
2457
}
2458
2459
SET_ESP(esp, esp_mask);
2460
env->eip = new_eip;
2461
env->segs[R_CS].selector = new_cs;
2462
env->segs[R_CS].base = (new_cs << 4);
2463
}
2464
2465
/* protected mode call */
2466
void helper_lcall_protected(int new_cs, target_ulong new_eip,
2467
int shift, int next_eip_addend)
2468
{
2469
int new_stack, i;
2470
uint32_t e1, e2, cpl, dpl, rpl, selector, offset, param_count;
2471
uint32_t ss = 0, ss_e1 = 0, ss_e2 = 0, sp, type, ss_dpl, sp_mask;
2472
uint32_t val, limit, old_sp_mask;
2473
target_ulong ssp, old_ssp, next_eip;
2474
2475
next_eip = env->eip + next_eip_addend;
2476
LOG_PCALL("lcall %04x:%08x s=%d\n", new_cs, (uint32_t)new_eip, shift);
2477
LOG_PCALL_STATE(env);
2478
if ((new_cs & 0xfffc) == 0)
2479
raise_exception_err(EXCP0D_GPF, 0);
2480
if (load_segment(&e1, &e2, new_cs) != 0)
2481
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2482
cpl = env->hflags & HF_CPL_MASK;
2483
LOG_PCALL("desc=%08x:%08x\n", e1, e2);
2484
if (e2 & DESC_S_MASK) {
2485
if (!(e2 & DESC_CS_MASK))
2486
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2487
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2488
if (e2 & DESC_C_MASK) {
2489
/* conforming code segment */
2490
if (dpl > cpl)
2491
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2492
} else {
2493
/* non conforming code segment */
2494
rpl = new_cs & 3;
2495
if (rpl > cpl)
2496
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2497
if (dpl != cpl)
2498
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2499
}
2500
if (!(e2 & DESC_P_MASK))
2501
raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2502
2503
#ifdef TARGET_X86_64
2504
/* XXX: check 16/32 bit cases in long mode */
2505
if (shift == 2) {
2506
target_ulong rsp;
2507
/* 64 bit case */
2508
rsp = ESP;
2509
PUSHQ(rsp, env->segs[R_CS].selector);
2510
PUSHQ(rsp, next_eip);
2511
/* from this point, not restartable */
2512
ESP = rsp;
2513
cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2514
get_seg_base(e1, e2),
2515
get_seg_limit(e1, e2), e2);
2516
EIP = new_eip;
2517
} else
2518
#endif
2519
{
2520
sp = ESP;
2521
sp_mask = get_sp_mask(env->segs[R_SS].flags);
2522
ssp = env->segs[R_SS].base;
2523
if (shift) {
2524
PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
2525
PUSHL(ssp, sp, sp_mask, next_eip);
2526
} else {
2527
PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
2528
PUSHW(ssp, sp, sp_mask, next_eip);
2529
}
2530
2531
limit = get_seg_limit(e1, e2);
2532
if (new_eip > limit)
2533
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2534
/* from this point, not restartable */
2535
SET_ESP(sp, sp_mask);
2536
cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2537
get_seg_base(e1, e2), limit, e2);
2538
EIP = new_eip;
2539
}
2540
} else {
2541
/* check gate type */
2542
type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
2543
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2544
rpl = new_cs & 3;
2545
switch(type) {
2546
case 1: /* available 286 TSS */
2547
case 9: /* available 386 TSS */
2548
case 5: /* task gate */
2549
if (dpl < cpl || dpl < rpl)
2550
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2551
switch_tss(new_cs, e1, e2, SWITCH_TSS_CALL, next_eip);
2552
CC_OP = CC_OP_EFLAGS;
2553
return;
2554
case 4: /* 286 call gate */
2555
case 12: /* 386 call gate */
2556
break;
2557
default:
2558
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2559
break;
2560
}
2561
shift = type >> 3;
2562
2563
if (dpl < cpl || dpl < rpl)
2564
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2565
/* check valid bit */
2566
if (!(e2 & DESC_P_MASK))
2567
raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2568
selector = e1 >> 16;
2569
offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
2570
param_count = e2 & 0x1f;
2571
if ((selector & 0xfffc) == 0)
2572
raise_exception_err(EXCP0D_GPF, 0);
2573
2574
if (load_segment(&e1, &e2, selector) != 0)
2575
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2576
if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
2577
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2578
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2579
if (dpl > cpl)
2580
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2581
if (!(e2 & DESC_P_MASK))
2582
raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2583
2584
if (!(e2 & DESC_C_MASK) && dpl < cpl) {
2585
/* to inner privilege */
2586
get_ss_esp_from_tss(&ss, &sp, dpl);
2587
LOG_PCALL("new ss:esp=%04x:%08x param_count=%d ESP=" TARGET_FMT_lx "\n",
2588
ss, sp, param_count, ESP);
2589
if ((ss & 0xfffc) == 0)
2590
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2591
if ((ss & 3) != dpl)
2592
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2593
if (load_segment(&ss_e1, &ss_e2, ss) != 0)
2594
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2595
ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2596
if (ss_dpl != dpl)
2597
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2598
if (!(ss_e2 & DESC_S_MASK) ||
2599
(ss_e2 & DESC_CS_MASK) ||
2600
!(ss_e2 & DESC_W_MASK))
2601
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2602
if (!(ss_e2 & DESC_P_MASK))
2603
raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2604
2605
// push_size = ((param_count * 2) + 8) << shift;
2606
2607
old_sp_mask = get_sp_mask(env->segs[R_SS].flags);
2608
old_ssp = env->segs[R_SS].base;
2609
2610
sp_mask = get_sp_mask(ss_e2);
2611
ssp = get_seg_base(ss_e1, ss_e2);
2612
if (shift) {
2613
PUSHL(ssp, sp, sp_mask, env->segs[R_SS].selector);
2614
PUSHL(ssp, sp, sp_mask, ESP);
2615
for(i = param_count - 1; i >= 0; i--) {
2616
val = ldl_kernel(old_ssp + ((ESP + i * 4) & old_sp_mask));
2617
PUSHL(ssp, sp, sp_mask, val);
2618
}
2619
} else {
2620
PUSHW(ssp, sp, sp_mask, env->segs[R_SS].selector);
2621
PUSHW(ssp, sp, sp_mask, ESP);
2622
for(i = param_count - 1; i >= 0; i--) {
2623
val = lduw_kernel(old_ssp + ((ESP + i * 2) & old_sp_mask));
2624
PUSHW(ssp, sp, sp_mask, val);
2625
}
2626
}
2627
new_stack = 1;
2628
} else {
2629
/* to same privilege */
2630
sp = ESP;
2631
sp_mask = get_sp_mask(env->segs[R_SS].flags);
2632
ssp = env->segs[R_SS].base;
2633
// push_size = (4 << shift);
2634
new_stack = 0;
2635
}
2636
2637
if (shift) {
2638
PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
2639
PUSHL(ssp, sp, sp_mask, next_eip);
2640
} else {
2641
PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
2642
PUSHW(ssp, sp, sp_mask, next_eip);
2643
}
2644
2645
/* from this point, not restartable */
2646
2647
if (new_stack) {
2648
ss = (ss & ~3) | dpl;
2649
cpu_x86_load_seg_cache(env, R_SS, ss,
2650
ssp,
2651
get_seg_limit(ss_e1, ss_e2),
2652
ss_e2);
2653
}
2654
2655
selector = (selector & ~3) | dpl;
2656
cpu_x86_load_seg_cache(env, R_CS, selector,
2657
get_seg_base(e1, e2),
2658
get_seg_limit(e1, e2),
2659
e2);
2660
cpu_x86_set_cpl(env, dpl);
2661
SET_ESP(sp, sp_mask);
2662
EIP = offset;
2663
}
2664
}
2665
2666
/* real and vm86 mode iret */
2667
void helper_iret_real(int shift)
2668
{
2669
uint32_t sp, new_cs, new_eip, new_eflags, sp_mask;
2670
target_ulong ssp;
2671
int eflags_mask;
2672
2673
sp_mask = 0xffff; /* XXXX: use SS segment size ? */
2674
sp = ESP;
2675
ssp = env->segs[R_SS].base;
2676
if (shift == 1) {
2677
/* 32 bits */
2678
POPL(ssp, sp, sp_mask, new_eip);
2679
POPL(ssp, sp, sp_mask, new_cs);
2680
new_cs &= 0xffff;
2681
POPL(ssp, sp, sp_mask, new_eflags);
2682
} else {
2683
/* 16 bits */
2684
POPW(ssp, sp, sp_mask, new_eip);
2685
POPW(ssp, sp, sp_mask, new_cs);
2686
POPW(ssp, sp, sp_mask, new_eflags);
2687
}
2688
ESP = (ESP & ~sp_mask) | (sp & sp_mask);
2689
env->segs[R_CS].selector = new_cs;
2690
env->segs[R_CS].base = (new_cs << 4);
2691
env->eip = new_eip;
2692
if (env->eflags & VM_MASK)
2693
eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | RF_MASK | NT_MASK;
2694
else
2695
eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | IOPL_MASK | RF_MASK | NT_MASK;
2696
if (shift == 0)
2697
eflags_mask &= 0xffff;
2698
load_eflags(new_eflags, eflags_mask);
2699
env->hflags2 &= ~HF2_NMI_MASK;
2700
}
2701
2702
static inline void validate_seg(int seg_reg, int cpl)
2703
{
2704
int dpl;
2705
uint32_t e2;
2706
2707
/* XXX: on x86_64, we do not want to nullify FS and GS because
2708
they may still contain a valid base. I would be interested to
2709
know how a real x86_64 CPU behaves */
2710
if ((seg_reg == R_FS || seg_reg == R_GS) &&
2711
(env->segs[seg_reg].selector & 0xfffc) == 0)
2712
return;
2713
2714
e2 = env->segs[seg_reg].flags;
2715
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2716
if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
2717
/* data or non conforming code segment */
2718
if (dpl < cpl) {
2719
cpu_x86_load_seg_cache(env, seg_reg, 0, 0, 0, 0);
2720
}
2721
}
2722
}
2723
2724
/* protected mode iret */
2725
static inline void helper_ret_protected(int shift, int is_iret, int addend)
2726
{
2727
uint32_t new_cs, new_eflags, new_ss;
2728
uint32_t new_es, new_ds, new_fs, new_gs;
2729
uint32_t e1, e2, ss_e1, ss_e2;
2730
int cpl, dpl, rpl, eflags_mask, iopl;
2731
target_ulong ssp, sp, new_eip, new_esp, sp_mask;
2732
2733
#ifdef TARGET_X86_64
2734
if (shift == 2)
2735
sp_mask = -1;
2736
else
2737
#endif
2738
sp_mask = get_sp_mask(env->segs[R_SS].flags);
2739
sp = ESP;
2740
ssp = env->segs[R_SS].base;
2741
new_eflags = 0; /* avoid warning */
2742
#ifdef TARGET_X86_64
2743
if (shift == 2) {
2744
POPQ(sp, new_eip);
2745
POPQ(sp, new_cs);
2746
new_cs &= 0xffff;
2747
if (is_iret) {
2748
POPQ(sp, new_eflags);
2749
}
2750
} else
2751
#endif
2752
if (shift == 1) {
2753
/* 32 bits */
2754
POPL(ssp, sp, sp_mask, new_eip);
2755
POPL(ssp, sp, sp_mask, new_cs);
2756
new_cs &= 0xffff;
2757
if (is_iret) {
2758
POPL(ssp, sp, sp_mask, new_eflags);
2759
if (new_eflags & VM_MASK)
2760
goto return_to_vm86;
2761
}
2762
} else {
2763
/* 16 bits */
2764
POPW(ssp, sp, sp_mask, new_eip);
2765
POPW(ssp, sp, sp_mask, new_cs);
2766
if (is_iret)
2767
POPW(ssp, sp, sp_mask, new_eflags);
2768
}
2769
LOG_PCALL("lret new %04x:" TARGET_FMT_lx " s=%d addend=0x%x\n",
2770
new_cs, new_eip, shift, addend);
2771
LOG_PCALL_STATE(env);
2772
if ((new_cs & 0xfffc) == 0)
2773
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2774
if (load_segment(&e1, &e2, new_cs) != 0)
2775
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2776
if (!(e2 & DESC_S_MASK) ||
2777
!(e2 & DESC_CS_MASK))
2778
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2779
cpl = env->hflags & HF_CPL_MASK;
2780
rpl = new_cs & 3;
2781
if (rpl < cpl)
2782
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2783
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2784
if (e2 & DESC_C_MASK) {
2785
if (dpl > rpl)
2786
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2787
} else {
2788
if (dpl != rpl)
2789
raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2790
}
2791
if (!(e2 & DESC_P_MASK))
2792
raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2793
2794
sp += addend;
2795
if (rpl == cpl && (!(env->hflags & HF_CS64_MASK) ||
2796
((env->hflags & HF_CS64_MASK) && !is_iret))) {
2797
/* return to same privilege level */
2798
cpu_x86_load_seg_cache(env, R_CS, new_cs,
2799
get_seg_base(e1, e2),
2800
get_seg_limit(e1, e2),
2801
e2);
2802
} else {
2803
/* return to different privilege level */
2804
#ifdef TARGET_X86_64
2805
if (shift == 2) {
2806
POPQ(sp, new_esp);
2807
POPQ(sp, new_ss);
2808
new_ss &= 0xffff;
2809
} else
2810
#endif
2811
if (shift == 1) {
2812
/* 32 bits */
2813
POPL(ssp, sp, sp_mask, new_esp);
2814
POPL(ssp, sp, sp_mask, new_ss);
2815
new_ss &= 0xffff;
2816
} else {
2817
/* 16 bits */
2818
POPW(ssp, sp, sp_mask, new_esp);
2819
POPW(ssp, sp, sp_mask, new_ss);
2820
}
2821
LOG_PCALL("new ss:esp=%04x:" TARGET_FMT_lx "\n",
2822
new_ss, new_esp);
2823
if ((new_ss & 0xfffc) == 0) {
2824
#ifdef TARGET_X86_64
2825
/* NULL ss is allowed in long mode if cpl != 3*/
2826
/* XXX: test CS64 ? */
2827
if ((env->hflags & HF_LMA_MASK) && rpl != 3) {
2828
cpu_x86_load_seg_cache(env, R_SS, new_ss,
2829
0, 0xffffffff,
2830
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2831
DESC_S_MASK | (rpl << DESC_DPL_SHIFT) |
2832
DESC_W_MASK | DESC_A_MASK);
2833
ss_e2 = DESC_B_MASK; /* XXX: should not be needed ? */
2834
} else
2835
#endif
2836
{
2837
raise_exception_err(EXCP0D_GPF, 0);
2838
}
2839
} else {
2840
if ((new_ss & 3) != rpl)
2841
raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2842
if (load_segment(&ss_e1, &ss_e2, new_ss) != 0)
2843
raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2844
if (!(ss_e2 & DESC_S_MASK) ||
2845
(ss_e2 & DESC_CS_MASK) ||
2846
!(ss_e2 & DESC_W_MASK))
2847
raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2848
dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2849
if (dpl != rpl)
2850
raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2851
if (!(ss_e2 & DESC_P_MASK))
2852
raise_exception_err(EXCP0B_NOSEG, new_ss & 0xfffc);
2853
cpu_x86_load_seg_cache(env, R_SS, new_ss,
2854
get_seg_base(ss_e1, ss_e2),
2855
get_seg_limit(ss_e1, ss_e2),
2856
ss_e2);
2857
}
2858
2859
cpu_x86_load_seg_cache(env, R_CS, new_cs,
2860
get_seg_base(e1, e2),
2861
get_seg_limit(e1, e2),
2862
e2);
2863
cpu_x86_set_cpl(env, rpl);
2864
sp = new_esp;
2865
#ifdef TARGET_X86_64
2866
if (env->hflags & HF_CS64_MASK)
2867
sp_mask = -1;
2868
else
2869
#endif
2870
sp_mask = get_sp_mask(ss_e2);
2871
2872
/* validate data segments */
2873
validate_seg(R_ES, rpl);
2874
validate_seg(R_DS, rpl);
2875
validate_seg(R_FS, rpl);
2876
validate_seg(R_GS, rpl);
2877
2878
sp += addend;
2879
}
2880
SET_ESP(sp, sp_mask);
2881
env->eip = new_eip;
2882
if (is_iret) {
2883
/* NOTE: 'cpl' is the _old_ CPL */
2884
eflags_mask = TF_MASK | AC_MASK | ID_MASK | RF_MASK | NT_MASK;
2885
if (cpl == 0)
2886
eflags_mask |= IOPL_MASK;
2887
iopl = (env->eflags >> IOPL_SHIFT) & 3;
2888
if (cpl <= iopl)
2889
eflags_mask |= IF_MASK;
2890
if (shift == 0)
2891
eflags_mask &= 0xffff;
2892
load_eflags(new_eflags, eflags_mask);
2893
}
2894
return;
2895
2896
return_to_vm86:
2897
POPL(ssp, sp, sp_mask, new_esp);
2898
POPL(ssp, sp, sp_mask, new_ss);
2899
POPL(ssp, sp, sp_mask, new_es);
2900
POPL(ssp, sp, sp_mask, new_ds);
2901
POPL(ssp, sp, sp_mask, new_fs);
2902
POPL(ssp, sp, sp_mask, new_gs);
2903
2904
/* modify processor state */
2905
load_eflags(new_eflags, TF_MASK | AC_MASK | ID_MASK |
2906
IF_MASK | IOPL_MASK | VM_MASK | NT_MASK | VIF_MASK | VIP_MASK);
2907
load_seg_vm(R_CS, new_cs & 0xffff);
2908
cpu_x86_set_cpl(env, 3);
2909
load_seg_vm(R_SS, new_ss & 0xffff);
2910
load_seg_vm(R_ES, new_es & 0xffff);
2911
load_seg_vm(R_DS, new_ds & 0xffff);
2912
load_seg_vm(R_FS, new_fs & 0xffff);
2913
load_seg_vm(R_GS, new_gs & 0xffff);
2914
2915
env->eip = new_eip & 0xffff;
2916
ESP = new_esp;
2917
}
2918
2919
void helper_iret_protected(int shift, int next_eip)
2920
{
2921
int tss_selector, type;
2922
uint32_t e1, e2;
2923
2924
/* specific case for TSS */
2925
if (env->eflags & NT_MASK) {
2926
#ifdef TARGET_X86_64
2927
if (env->hflags & HF_LMA_MASK)
2928
raise_exception_err(EXCP0D_GPF, 0);
2929
#endif
2930
tss_selector = lduw_kernel(env->tr.base + 0);
2931
if (tss_selector & 4)
2932
raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2933
if (load_segment(&e1, &e2, tss_selector) != 0)
2934
raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2935
type = (e2 >> DESC_TYPE_SHIFT) & 0x17;
2936
/* NOTE: we check both segment and busy TSS */
2937
if (type != 3)
2938
raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2939
switch_tss(tss_selector, e1, e2, SWITCH_TSS_IRET, next_eip);
2940
} else {
2941
helper_ret_protected(shift, 1, 0);
2942
}
2943
env->hflags2 &= ~HF2_NMI_MASK;
2944
}
2945
2946
void helper_lret_protected(int shift, int addend)
2947
{
2948
helper_ret_protected(shift, 0, addend);
2949
}
2950
2951
void helper_sysenter(void)
2952
{
2953
if (env->sysenter_cs == 0) {
2954
raise_exception_err(EXCP0D_GPF, 0);
2955
}
2956
env->eflags &= ~(VM_MASK | IF_MASK | RF_MASK);
2957
cpu_x86_set_cpl(env, 0);
2958
2959
#ifdef TARGET_X86_64
2960
if (env->hflags & HF_LMA_MASK) {
2961
cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2962
0, 0xffffffff,
2963
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2964
DESC_S_MASK |
2965
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
2966
} else
2967
#endif
2968
{
2969
cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2970
0, 0xffffffff,
2971
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2972
DESC_S_MASK |
2973
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2974
}
2975
cpu_x86_load_seg_cache(env, R_SS, (env->sysenter_cs + 8) & 0xfffc,
2976
0, 0xffffffff,
2977
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2978
DESC_S_MASK |
2979
DESC_W_MASK | DESC_A_MASK);
2980
ESP = env->sysenter_esp;
2981
EIP = env->sysenter_eip;
2982
}
2983
2984
void helper_sysexit(int dflag)
2985
{
2986
int cpl;
2987
2988
cpl = env->hflags & HF_CPL_MASK;
2989
if (env->sysenter_cs == 0 || cpl != 0) {
2990
raise_exception_err(EXCP0D_GPF, 0);
2991
}
2992
cpu_x86_set_cpl(env, 3);
2993
#ifdef TARGET_X86_64
2994
if (dflag == 2) {
2995
cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 32) & 0xfffc) | 3,
2996
0, 0xffffffff,
2997
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2998
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2999
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
3000
cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 40) & 0xfffc) | 3,
3001
0, 0xffffffff,
3002
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
3003
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
3004
DESC_W_MASK | DESC_A_MASK);
3005
} else
3006
#endif
3007
{
3008
cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 16) & 0xfffc) | 3,
3009
0, 0xffffffff,
3010
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
3011
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
3012
DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
3013
cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 24) & 0xfffc) | 3,
3014
0, 0xffffffff,
3015
DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
3016
DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
3017
DESC_W_MASK | DESC_A_MASK);
3018
}
3019
ESP = ECX;
3020
EIP = EDX;
3021
}
3022
3023
#if defined(CONFIG_USER_ONLY)
3024
target_ulong helper_read_crN(int reg)
3025
{
3026
return 0;
3027
}
3028
3029
void helper_write_crN(int reg, target_ulong t0)
3030
{
3031
}
3032
3033
void helper_movl_drN_T0(int reg, target_ulong t0)
3034
{
3035
}
3036
#else
3037
target_ulong helper_read_crN(int reg)
3038
{
3039
target_ulong val;
3040
3041
helper_svm_check_intercept_param(SVM_EXIT_READ_CR0 + reg, 0);
3042
switch(reg) {
3043
default:
3044
val = env->cr[reg];
3045
break;
3046
case 8:
3047
if (!(env->hflags2 & HF2_VINTR_MASK)) {
3048
val = cpu_get_apic_tpr(env->apic_state);
3049
} else {
3050
val = env->v_tpr;
3051
}
3052
break;
3053
}
3054
return val;
3055
}
3056
3057
void helper_write_crN(int reg, target_ulong t0)
3058
{
3059
helper_svm_check_intercept_param(SVM_EXIT_WRITE_CR0 + reg, 0);
3060
switch(reg) {
3061
case 0:
3062
cpu_x86_update_cr0(env, t0);
3063
break;
3064
case 3:
3065
cpu_x86_update_cr3(env, t0);
3066
break;
3067
case 4:
3068
cpu_x86_update_cr4(env, t0);
3069
break;
3070
case 8:
3071
if (!(env->hflags2 & HF2_VINTR_MASK)) {
3072
cpu_set_apic_tpr(env->apic_state, t0);
3073
}
3074
env->v_tpr = t0 & 0x0f;
3075
break;
3076
default:
3077
env->cr[reg] = t0;
3078
break;
3079
}
3080
}
3081
3082
void helper_movl_drN_T0(int reg, target_ulong t0)
3083
{
3084
int i;
3085
3086
if (reg < 4) {
3087
hw_breakpoint_remove(env, reg);
3088
env->dr[reg] = t0;
3089
hw_breakpoint_insert(env, reg);
3090
} else if (reg == 7) {
3091
for (i = 0; i < 4; i++)
3092
hw_breakpoint_remove(env, i);
3093
env->dr[7] = t0;
3094
for (i = 0; i < 4; i++)
3095
hw_breakpoint_insert(env, i);
3096
} else
3097
env->dr[reg] = t0;
3098
}
3099
#endif
3100
3101
void helper_lmsw(target_ulong t0)
3102
{
3103
/* only 4 lower bits of CR0 are modified. PE cannot be set to zero
3104
if already set to one. */
3105
t0 = (env->cr[0] & ~0xe) | (t0 & 0xf);
3106
helper_write_crN(0, t0);
3107
}
3108
3109
void helper_clts(void)
3110
{
3111
env->cr[0] &= ~CR0_TS_MASK;
3112
env->hflags &= ~HF_TS_MASK;
3113
}
3114
3115
void helper_invlpg(target_ulong addr)
3116
{
3117
helper_svm_check_intercept_param(SVM_EXIT_INVLPG, 0);
3118
tlb_flush_page(env, addr);
3119
}
3120
3121
void helper_rdtsc(void)
3122
{
3123
uint64_t val;
3124
3125
if ((env->cr[4] & CR4_TSD_MASK) && ((env->hflags & HF_CPL_MASK) != 0)) {
3126
raise_exception(EXCP0D_GPF);
3127
}
3128
helper_svm_check_intercept_param(SVM_EXIT_RDTSC, 0);
3129
3130
val = cpu_get_tsc(env) + env->tsc_offset;
3131
EAX = (uint32_t)(val);
3132
EDX = (uint32_t)(val >> 32);
3133
}
3134
3135
void helper_rdtscp(void)
3136
{
3137
helper_rdtsc();
3138
ECX = (uint32_t)(env->tsc_aux);
3139
}
3140
3141
void helper_rdpmc(void)
3142
{
3143
if ((env->cr[4] & CR4_PCE_MASK) && ((env->hflags & HF_CPL_MASK) != 0)) {
3144
raise_exception(EXCP0D_GPF);
3145
}
3146
helper_svm_check_intercept_param(SVM_EXIT_RDPMC, 0);
3147
3148
/* currently unimplemented */
3149
raise_exception_err(EXCP06_ILLOP, 0);
3150
}
3151
3152
#if defined(CONFIG_USER_ONLY)
3153
void helper_wrmsr(void)
3154
{
3155
}
3156
3157
void helper_rdmsr(void)
3158
{
3159
}
3160
#else
3161
void helper_wrmsr(void)
3162
{
3163
uint64_t val;
3164
3165
helper_svm_check_intercept_param(SVM_EXIT_MSR, 1);
3166
3167
val = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
3168
3169
switch((uint32_t)ECX) {
3170
case MSR_IA32_SYSENTER_CS:
3171
env->sysenter_cs = val & 0xffff;
3172
break;
3173
case MSR_IA32_SYSENTER_ESP:
3174
env->sysenter_esp = val;
3175
break;
3176
case MSR_IA32_SYSENTER_EIP:
3177
env->sysenter_eip = val;
3178
break;
3179
case MSR_IA32_APICBASE:
3180
cpu_set_apic_base(env->apic_state, val);
3181
break;
3182
case MSR_EFER:
3183
{
3184
uint64_t update_mask;
3185
update_mask = 0;
3186
if (env->cpuid_ext2_features & CPUID_EXT2_SYSCALL)
3187
update_mask |= MSR_EFER_SCE;
3188
if (env->cpuid_ext2_features & CPUID_EXT2_LM)
3189
update_mask |= MSR_EFER_LME;
3190
if (env->cpuid_ext2_features & CPUID_EXT2_FFXSR)
3191
update_mask |= MSR_EFER_FFXSR;
3192
if (env->cpuid_ext2_features & CPUID_EXT2_NX)
3193
update_mask |= MSR_EFER_NXE;
3194
if (env->cpuid_ext3_features & CPUID_EXT3_SVM)
3195
update_mask |= MSR_EFER_SVME;
3196
if (env->cpuid_ext2_features & CPUID_EXT2_FFXSR)
3197
update_mask |= MSR_EFER_FFXSR;
3198
cpu_load_efer(env, (env->efer & ~update_mask) |
3199
(val & update_mask));
3200
}
3201
break;
3202
case MSR_STAR:
3203
env->star = val;
3204
break;
3205
case MSR_PAT:
3206
env->pat = val;
3207
break;
3208
case MSR_VM_HSAVE_PA:
3209
env->vm_hsave = val;
3210
break;
3211
#ifdef TARGET_X86_64
3212
case MSR_LSTAR:
3213
env->lstar = val;
3214
break;
3215
case MSR_CSTAR:
3216
env->cstar = val;
3217
break;
3218
case MSR_FMASK:
3219
env->fmask = val;
3220
break;
3221
case MSR_FSBASE:
3222
env->segs[R_FS].base = val;
3223
break;
3224
case MSR_GSBASE:
3225
env->segs[R_GS].base = val;
3226
break;
3227
case MSR_KERNELGSBASE:
3228
env->kernelgsbase = val;
3229
break;
3230
#endif
3231
case MSR_MTRRphysBase(0):
3232
case MSR_MTRRphysBase(1):
3233
case MSR_MTRRphysBase(2):
3234
case MSR_MTRRphysBase(3):
3235
case MSR_MTRRphysBase(4):
3236
case MSR_MTRRphysBase(5):
3237
case MSR_MTRRphysBase(6):
3238
case MSR_MTRRphysBase(7):
3239
env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysBase(0)) / 2].base = val;
3240
break;
3241
case MSR_MTRRphysMask(0):
3242
case MSR_MTRRphysMask(1):
3243
case MSR_MTRRphysMask(2):
3244
case MSR_MTRRphysMask(3):
3245
case MSR_MTRRphysMask(4):
3246
case MSR_MTRRphysMask(5):
3247
case MSR_MTRRphysMask(6):
3248
case MSR_MTRRphysMask(7):
3249
env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysMask(0)) / 2].mask = val;
3250
break;
3251
case MSR_MTRRfix64K_00000:
3252
env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix64K_00000] = val;
3253
break;
3254
case MSR_MTRRfix16K_80000:
3255
case MSR_MTRRfix16K_A0000:
3256
env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix16K_80000 + 1] = val;
3257
break;
3258
case MSR_MTRRfix4K_C0000:
3259
case MSR_MTRRfix4K_C8000:
3260
case MSR_MTRRfix4K_D0000:
3261
case MSR_MTRRfix4K_D8000:
3262
case MSR_MTRRfix4K_E0000:
3263
case MSR_MTRRfix4K_E8000:
3264
case MSR_MTRRfix4K_F0000:
3265
case MSR_MTRRfix4K_F8000:
3266
env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix4K_C0000 + 3] = val;
3267
break;
3268
case MSR_MTRRdefType:
3269
env->mtrr_deftype = val;
3270
break;
3271
case MSR_MCG_STATUS:
3272
env->mcg_status = val;
3273
break;
3274
case MSR_MCG_CTL:
3275
if ((env->mcg_cap & MCG_CTL_P)
3276
&& (val == 0 || val == ~(uint64_t)0))
3277
env->mcg_ctl = val;
3278
break;
3279
case MSR_TSC_AUX:
3280
env->tsc_aux = val;
3281
break;
3282
case MSR_IA32_MISC_ENABLE:
3283
env->msr_ia32_misc_enable = val;
3284
break;
3285
default:
3286
if ((uint32_t)ECX >= MSR_MC0_CTL
3287
&& (uint32_t)ECX < MSR_MC0_CTL + (4 * env->mcg_cap & 0xff)) {
3288
uint32_t offset = (uint32_t)ECX - MSR_MC0_CTL;
3289
if ((offset & 0x3) != 0
3290
|| (val == 0 || val == ~(uint64_t)0))
3291
env->mce_banks[offset] = val;
3292
break;
3293
}
3294
/* XXX: exception ? */
3295
break;
3296
}
3297
}
3298
3299
void helper_rdmsr(void)
3300
{
3301
uint64_t val;
3302
3303
helper_svm_check_intercept_param(SVM_EXIT_MSR, 0);
3304
3305
switch((uint32_t)ECX) {
3306
case MSR_IA32_SYSENTER_CS:
3307
val = env->sysenter_cs;
3308
break;
3309
case MSR_IA32_SYSENTER_ESP:
3310
val = env->sysenter_esp;
3311
break;
3312
case MSR_IA32_SYSENTER_EIP:
3313
val = env->sysenter_eip;
3314
break;
3315
case MSR_IA32_APICBASE:
3316
val = cpu_get_apic_base(env->apic_state);
3317
break;
3318
case MSR_EFER:
3319
val = env->efer;
3320
break;
3321
case MSR_STAR:
3322
val = env->star;
3323
break;
3324
case MSR_PAT:
3325
val = env->pat;
3326
break;
3327
case MSR_VM_HSAVE_PA:
3328
val = env->vm_hsave;
3329
break;
3330
case MSR_IA32_PERF_STATUS:
3331
/* tsc_increment_by_tick */
3332
val = 1000ULL;
3333
/* CPU multiplier */
3334
val |= (((uint64_t)4ULL) << 40);
3335
break;
3336
#ifdef TARGET_X86_64
3337
case MSR_LSTAR:
3338
val = env->lstar;
3339
break;
3340
case MSR_CSTAR:
3341
val = env->cstar;
3342
break;
3343
case MSR_FMASK:
3344
val = env->fmask;
3345
break;
3346
case MSR_FSBASE:
3347
val = env->segs[R_FS].base;
3348
break;
3349
case MSR_GSBASE:
3350
val = env->segs[R_GS].base;
3351
break;
3352
case MSR_KERNELGSBASE:
3353
val = env->kernelgsbase;
3354
break;
3355
case MSR_TSC_AUX:
3356
val = env->tsc_aux;
3357
break;
3358
#endif
3359
case MSR_MTRRphysBase(0):
3360
case MSR_MTRRphysBase(1):
3361
case MSR_MTRRphysBase(2):
3362
case MSR_MTRRphysBase(3):
3363
case MSR_MTRRphysBase(4):
3364
case MSR_MTRRphysBase(5):
3365
case MSR_MTRRphysBase(6):
3366
case MSR_MTRRphysBase(7):
3367
val = env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysBase(0)) / 2].base;
3368
break;
3369
case MSR_MTRRphysMask(0):
3370
case MSR_MTRRphysMask(1):
3371
case MSR_MTRRphysMask(2):
3372
case MSR_MTRRphysMask(3):
3373
case MSR_MTRRphysMask(4):
3374
case MSR_MTRRphysMask(5):
3375
case MSR_MTRRphysMask(6):
3376
case MSR_MTRRphysMask(7):
3377
val = env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysMask(0)) / 2].mask;
3378
break;
3379
case MSR_MTRRfix64K_00000:
3380
val = env->mtrr_fixed[0];
3381
break;
3382
case MSR_MTRRfix16K_80000:
3383
case MSR_MTRRfix16K_A0000:
3384
val = env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix16K_80000 + 1];
3385
break;
3386
case MSR_MTRRfix4K_C0000:
3387
case MSR_MTRRfix4K_C8000:
3388
case MSR_MTRRfix4K_D0000:
3389
case MSR_MTRRfix4K_D8000:
3390
case MSR_MTRRfix4K_E0000:
3391
case MSR_MTRRfix4K_E8000:
3392
case MSR_MTRRfix4K_F0000:
3393
case MSR_MTRRfix4K_F8000:
3394
val = env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix4K_C0000 + 3];
3395
break;
3396
case MSR_MTRRdefType:
3397
val = env->mtrr_deftype;
3398
break;
3399
case MSR_MTRRcap:
3400
if (env->cpuid_features & CPUID_MTRR)
3401
val = MSR_MTRRcap_VCNT | MSR_MTRRcap_FIXRANGE_SUPPORT | MSR_MTRRcap_WC_SUPPORTED;
3402
else
3403
/* XXX: exception ? */
3404
val = 0;
3405
break;
3406
case MSR_MCG_CAP:
3407
val = env->mcg_cap;
3408
break;
3409
case MSR_MCG_CTL:
3410
if (env->mcg_cap & MCG_CTL_P)
3411
val = env->mcg_ctl;
3412
else
3413
val = 0;
3414
break;
3415
case MSR_MCG_STATUS:
3416
val = env->mcg_status;
3417
break;
3418
case MSR_IA32_MISC_ENABLE:
3419
val = env->msr_ia32_misc_enable;
3420
break;
3421
default:
3422
if ((uint32_t)ECX >= MSR_MC0_CTL
3423
&& (uint32_t)ECX < MSR_MC0_CTL + (4 * env->mcg_cap & 0xff)) {
3424
uint32_t offset = (uint32_t)ECX - MSR_MC0_CTL;
3425
val = env->mce_banks[offset];
3426
break;
3427
}
3428
/* XXX: exception ? */
3429
val = 0;
3430
break;
3431
}
3432
EAX = (uint32_t)(val);
3433
EDX = (uint32_t)(val >> 32);
3434
}
3435
#endif
3436
3437
target_ulong helper_lsl(target_ulong selector1)
3438
{
3439
unsigned int limit;
3440
uint32_t e1, e2, eflags, selector;
3441
int rpl, dpl, cpl, type;
3442
3443
selector = selector1 & 0xffff;
3444
eflags = helper_cc_compute_all(CC_OP);
3445
if ((selector & 0xfffc) == 0)
3446
goto fail;
3447
if (load_segment(&e1, &e2, selector) != 0)
3448
goto fail;
3449
rpl = selector & 3;
3450
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3451
cpl = env->hflags & HF_CPL_MASK;
3452
if (e2 & DESC_S_MASK) {
3453
if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
3454
/* conforming */
3455
} else {
3456
if (dpl < cpl || dpl < rpl)
3457
goto fail;
3458
}
3459
} else {
3460
type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
3461
switch(type) {
3462
case 1:
3463
case 2:
3464
case 3:
3465
case 9:
3466
case 11:
3467
break;
3468
default:
3469
goto fail;
3470
}
3471
if (dpl < cpl || dpl < rpl) {
3472
fail:
3473
CC_SRC = eflags & ~CC_Z;
3474
return 0;
3475
}
3476
}
3477
limit = get_seg_limit(e1, e2);
3478
CC_SRC = eflags | CC_Z;
3479
return limit;
3480
}
3481
3482
target_ulong helper_lar(target_ulong selector1)
3483
{
3484
uint32_t e1, e2, eflags, selector;
3485
int rpl, dpl, cpl, type;
3486
3487
selector = selector1 & 0xffff;
3488
eflags = helper_cc_compute_all(CC_OP);
3489
if ((selector & 0xfffc) == 0)
3490
goto fail;
3491
if (load_segment(&e1, &e2, selector) != 0)
3492
goto fail;
3493
rpl = selector & 3;
3494
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3495
cpl = env->hflags & HF_CPL_MASK;
3496
if (e2 & DESC_S_MASK) {
3497
if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
3498
/* conforming */
3499
} else {
3500
if (dpl < cpl || dpl < rpl)
3501
goto fail;
3502
}
3503
} else {
3504
type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
3505
switch(type) {
3506
case 1:
3507
case 2:
3508
case 3:
3509
case 4:
3510
case 5:
3511
case 9:
3512
case 11:
3513
case 12:
3514
break;
3515
default:
3516
goto fail;
3517
}
3518
if (dpl < cpl || dpl < rpl) {
3519
fail:
3520
CC_SRC = eflags & ~CC_Z;
3521
return 0;
3522
}
3523
}
3524
CC_SRC = eflags | CC_Z;
3525
return e2 & 0x00f0ff00;
3526
}
3527
3528
void helper_verr(target_ulong selector1)
3529
{
3530
uint32_t e1, e2, eflags, selector;
3531
int rpl, dpl, cpl;
3532
3533
selector = selector1 & 0xffff;
3534
eflags = helper_cc_compute_all(CC_OP);
3535
if ((selector & 0xfffc) == 0)
3536
goto fail;
3537
if (load_segment(&e1, &e2, selector) != 0)
3538
goto fail;
3539
if (!(e2 & DESC_S_MASK))
3540
goto fail;
3541
rpl = selector & 3;
3542
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3543
cpl = env->hflags & HF_CPL_MASK;
3544
if (e2 & DESC_CS_MASK) {
3545
if (!(e2 & DESC_R_MASK))
3546
goto fail;
3547
if (!(e2 & DESC_C_MASK)) {
3548
if (dpl < cpl || dpl < rpl)
3549
goto fail;
3550
}
3551
} else {
3552
if (dpl < cpl || dpl < rpl) {
3553
fail:
3554
CC_SRC = eflags & ~CC_Z;
3555
return;
3556
}
3557
}
3558
CC_SRC = eflags | CC_Z;
3559
}
3560
3561
void helper_verw(target_ulong selector1)
3562
{
3563
uint32_t e1, e2, eflags, selector;
3564
int rpl, dpl, cpl;
3565
3566
selector = selector1 & 0xffff;
3567
eflags = helper_cc_compute_all(CC_OP);
3568
if ((selector & 0xfffc) == 0)
3569
goto fail;
3570
if (load_segment(&e1, &e2, selector) != 0)
3571
goto fail;
3572
if (!(e2 & DESC_S_MASK))
3573
goto fail;
3574
rpl = selector & 3;
3575
dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3576
cpl = env->hflags & HF_CPL_MASK;
3577
if (e2 & DESC_CS_MASK) {
3578
goto fail;
3579
} else {
3580
if (dpl < cpl || dpl < rpl)
3581
goto fail;
3582
if (!(e2 & DESC_W_MASK)) {
3583
fail:
3584
CC_SRC = eflags & ~CC_Z;
3585
return;
3586
}
3587
}
3588
CC_SRC = eflags | CC_Z;
3589
}
3590
3591
/* x87 FPU helpers */
3592
3593
static inline double floatx80_to_double(floatx80 a)
3594
{
3595
union {
3596
float64 f64;
3597
double d;
3598
} u;
3599
3600
u.f64 = floatx80_to_float64(a, &env->fp_status);
3601
return u.d;
3602
}
3603
3604
static inline floatx80 double_to_floatx80(double a)
3605
{
3606
union {
3607
float64 f64;
3608
double d;
3609
} u;
3610
3611
u.d = a;
3612
return float64_to_floatx80(u.f64, &env->fp_status);
3613
}
3614
3615
static void fpu_set_exception(int mask)
3616
{
3617
env->fpus |= mask;
3618
if (env->fpus & (~env->fpuc & FPUC_EM))
3619
env->fpus |= FPUS_SE | FPUS_B;
3620
}
3621
3622
static inline floatx80 helper_fdiv(floatx80 a, floatx80 b)
3623
{
3624
if (floatx80_is_zero(b)) {
3625
fpu_set_exception(FPUS_ZE);
3626
}
3627
return floatx80_div(a, b, &env->fp_status);
3628
}
3629
3630
static void fpu_raise_exception(void)
3631
{
3632
if (env->cr[0] & CR0_NE_MASK) {
3633
raise_exception(EXCP10_COPR);
3634
}
3635
#if !defined(CONFIG_USER_ONLY)
3636
else {
3637
cpu_set_ferr(env);
3638
}
3639
#endif
3640
}
3641
3642
void helper_flds_FT0(uint32_t val)
3643
{
3644
union {
3645
float32 f;
3646
uint32_t i;
3647
} u;
3648
u.i = val;
3649
FT0 = float32_to_floatx80(u.f, &env->fp_status);
3650
}
3651
3652
void helper_fldl_FT0(uint64_t val)
3653
{
3654
union {
3655
float64 f;
3656
uint64_t i;
3657
} u;
3658
u.i = val;
3659
FT0 = float64_to_floatx80(u.f, &env->fp_status);
3660
}
3661
3662
void helper_fildl_FT0(int32_t val)
3663
{
3664
FT0 = int32_to_floatx80(val, &env->fp_status);
3665
}
3666
3667
void helper_flds_ST0(uint32_t val)
3668
{
3669
int new_fpstt;
3670
union {
3671
float32 f;
3672
uint32_t i;
3673
} u;
3674
new_fpstt = (env->fpstt - 1) & 7;
3675
u.i = val;
3676
env->fpregs[new_fpstt].d = float32_to_floatx80(u.f, &env->fp_status);
3677
env->fpstt = new_fpstt;
3678
env->fptags[new_fpstt] = 0; /* validate stack entry */
3679
}
3680
3681
void helper_fldl_ST0(uint64_t val)
3682
{
3683
int new_fpstt;
3684
union {
3685
float64 f;
3686
uint64_t i;
3687
} u;
3688
new_fpstt = (env->fpstt - 1) & 7;
3689
u.i = val;
3690
env->fpregs[new_fpstt].d = float64_to_floatx80(u.f, &env->fp_status);
3691
env->fpstt = new_fpstt;
3692
env->fptags[new_fpstt] = 0; /* validate stack entry */
3693
}
3694
3695
void helper_fildl_ST0(int32_t val)
3696
{
3697
int new_fpstt;
3698
new_fpstt = (env->fpstt - 1) & 7;
3699
env->fpregs[new_fpstt].d = int32_to_floatx80(val, &env->fp_status);
3700
env->fpstt = new_fpstt;
3701
env->fptags[new_fpstt] = 0; /* validate stack entry */
3702
}
3703
3704
void helper_fildll_ST0(int64_t val)
3705
{
3706
int new_fpstt;
3707
new_fpstt = (env->fpstt - 1) & 7;
3708
env->fpregs[new_fpstt].d = int64_to_floatx80(val, &env->fp_status);
3709
env->fpstt = new_fpstt;
3710
env->fptags[new_fpstt] = 0; /* validate stack entry */
3711
}
3712
3713
uint32_t helper_fsts_ST0(void)
3714
{
3715
union {
3716
float32 f;
3717
uint32_t i;
3718
} u;
3719
u.f = floatx80_to_float32(ST0, &env->fp_status);
3720
return u.i;
3721
}
3722
3723
uint64_t helper_fstl_ST0(void)
3724
{
3725
union {
3726
float64 f;
3727
uint64_t i;
3728
} u;
3729
u.f = floatx80_to_float64(ST0, &env->fp_status);
3730
return u.i;
3731
}
3732
3733
int32_t helper_fist_ST0(void)
3734
{
3735
int32_t val;
3736
val = floatx80_to_int32(ST0, &env->fp_status);
3737
if (val != (int16_t)val)
3738
val = -32768;
3739
return val;
3740
}
3741
3742
int32_t helper_fistl_ST0(void)
3743
{
3744
int32_t val;
3745
val = floatx80_to_int32(ST0, &env->fp_status);
3746
return val;
3747
}
3748
3749
int64_t helper_fistll_ST0(void)
3750
{
3751
int64_t val;
3752
val = floatx80_to_int64(ST0, &env->fp_status);
3753
return val;
3754
}
3755
3756
int32_t helper_fistt_ST0(void)
3757
{
3758
int32_t val;
3759
val = floatx80_to_int32_round_to_zero(ST0, &env->fp_status);
3760
if (val != (int16_t)val)
3761
val = -32768;
3762
return val;
3763
}
3764
3765
int32_t helper_fisttl_ST0(void)
3766
{
3767
int32_t val;
3768
val = floatx80_to_int32_round_to_zero(ST0, &env->fp_status);
3769
return val;
3770
}
3771
3772
int64_t helper_fisttll_ST0(void)
3773
{
3774
int64_t val;
3775
val = floatx80_to_int64_round_to_zero(ST0, &env->fp_status);
3776
return val;
3777
}
3778
3779
void helper_fldt_ST0(target_ulong ptr)
3780
{
3781
int new_fpstt;
3782
new_fpstt = (env->fpstt - 1) & 7;
3783
env->fpregs[new_fpstt].d = helper_fldt(ptr);
3784
env->fpstt = new_fpstt;
3785
env->fptags[new_fpstt] = 0; /* validate stack entry */
3786
}
3787
3788
void helper_fstt_ST0(target_ulong ptr)
3789
{
3790
helper_fstt(ST0, ptr);
3791
}
3792
3793
void helper_fpush(void)
3794
{
3795
fpush();
3796
}
3797
3798
void helper_fpop(void)
3799
{
3800
fpop();
3801
}
3802
3803
void helper_fdecstp(void)
3804
{
3805
env->fpstt = (env->fpstt - 1) & 7;
3806
env->fpus &= (~0x4700);
3807
}
3808
3809
void helper_fincstp(void)
3810
{
3811
env->fpstt = (env->fpstt + 1) & 7;
3812
env->fpus &= (~0x4700);
3813
}
3814
3815
/* FPU move */
3816
3817
void helper_ffree_STN(int st_index)
3818
{
3819
env->fptags[(env->fpstt + st_index) & 7] = 1;
3820
}
3821
3822
void helper_fmov_ST0_FT0(void)
3823
{
3824
ST0 = FT0;
3825
}
3826
3827
void helper_fmov_FT0_STN(int st_index)
3828
{
3829
FT0 = ST(st_index);
3830
}
3831
3832
void helper_fmov_ST0_STN(int st_index)
3833
{
3834
ST0 = ST(st_index);
3835
}
3836
3837
void helper_fmov_STN_ST0(int st_index)
3838
{
3839
ST(st_index) = ST0;
3840
}
3841
3842
void helper_fxchg_ST0_STN(int st_index)
3843
{
3844
floatx80 tmp;
3845
tmp = ST(st_index);
3846
ST(st_index) = ST0;
3847
ST0 = tmp;
3848
}
3849
3850
/* FPU operations */
3851
3852
static const int fcom_ccval[4] = {0x0100, 0x4000, 0x0000, 0x4500};
3853
3854
void helper_fcom_ST0_FT0(void)
3855
{
3856
int ret;
3857
3858
ret = floatx80_compare(ST0, FT0, &env->fp_status);
3859
env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret + 1];
3860
}
3861
3862
void helper_fucom_ST0_FT0(void)
3863
{
3864
int ret;
3865
3866
ret = floatx80_compare_quiet(ST0, FT0, &env->fp_status);
3867
env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret+ 1];
3868
}
3869
3870
static const int fcomi_ccval[4] = {CC_C, CC_Z, 0, CC_Z | CC_P | CC_C};
3871
3872
void helper_fcomi_ST0_FT0(void)
3873
{
3874
int eflags;
3875
int ret;
3876
3877
ret = floatx80_compare(ST0, FT0, &env->fp_status);
3878
eflags = helper_cc_compute_all(CC_OP);
3879
eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
3880
CC_SRC = eflags;
3881
}
3882
3883
void helper_fucomi_ST0_FT0(void)
3884
{
3885
int eflags;
3886
int ret;
3887
3888
ret = floatx80_compare_quiet(ST0, FT0, &env->fp_status);
3889
eflags = helper_cc_compute_all(CC_OP);
3890
eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
3891
CC_SRC = eflags;
3892
}
3893
3894
void helper_fadd_ST0_FT0(void)
3895
{
3896
ST0 = floatx80_add(ST0, FT0, &env->fp_status);
3897
}
3898
3899
void helper_fmul_ST0_FT0(void)
3900
{
3901
ST0 = floatx80_mul(ST0, FT0, &env->fp_status);
3902
}
3903
3904
void helper_fsub_ST0_FT0(void)
3905
{
3906
ST0 = floatx80_sub(ST0, FT0, &env->fp_status);
3907
}
3908
3909
void helper_fsubr_ST0_FT0(void)
3910
{
3911
ST0 = floatx80_sub(FT0, ST0, &env->fp_status);
3912
}
3913
3914
void helper_fdiv_ST0_FT0(void)
3915
{
3916
ST0 = helper_fdiv(ST0, FT0);
3917
}
3918
3919
void helper_fdivr_ST0_FT0(void)
3920
{
3921
ST0 = helper_fdiv(FT0, ST0);
3922
}
3923
3924
/* fp operations between STN and ST0 */
3925
3926
void helper_fadd_STN_ST0(int st_index)
3927
{
3928
ST(st_index) = floatx80_add(ST(st_index), ST0, &env->fp_status);
3929
}
3930
3931
void helper_fmul_STN_ST0(int st_index)
3932
{
3933
ST(st_index) = floatx80_mul(ST(st_index), ST0, &env->fp_status);
3934
}
3935
3936
void helper_fsub_STN_ST0(int st_index)
3937
{
3938
ST(st_index) = floatx80_sub(ST(st_index), ST0, &env->fp_status);
3939
}
3940
3941
void helper_fsubr_STN_ST0(int st_index)
3942
{
3943
ST(st_index) = floatx80_sub(ST0, ST(st_index), &env->fp_status);
3944
}
3945
3946
void helper_fdiv_STN_ST0(int st_index)
3947
{
3948
floatx80 *p;
3949
p = &ST(st_index);
3950
*p = helper_fdiv(*p, ST0);
3951
}
3952
3953
void helper_fdivr_STN_ST0(int st_index)
3954
{
3955
floatx80 *p;
3956
p = &ST(st_index);
3957
*p = helper_fdiv(ST0, *p);
3958
}
3959
3960
/* misc FPU operations */
3961
void helper_fchs_ST0(void)
3962
{
3963
ST0 = floatx80_chs(ST0);
3964
}
3965
3966
void helper_fabs_ST0(void)
3967
{
3968
ST0 = floatx80_abs(ST0);
3969
}
3970
3971
void helper_fld1_ST0(void)
3972
{
3973
ST0 = floatx80_one;
3974
}
3975
3976
void helper_fldl2t_ST0(void)
3977
{
3978
ST0 = floatx80_l2t;
3979
}
3980
3981
void helper_fldl2e_ST0(void)
3982
{
3983
ST0 = floatx80_l2e;
3984
}
3985
3986
void helper_fldpi_ST0(void)
3987
{
3988
ST0 = floatx80_pi;
3989
}
3990
3991
void helper_fldlg2_ST0(void)
3992
{
3993
ST0 = floatx80_lg2;
3994
}
3995
3996
void helper_fldln2_ST0(void)
3997
{
3998
ST0 = floatx80_ln2;
3999
}
4000
4001
void helper_fldz_ST0(void)
4002
{
4003
ST0 = floatx80_zero;
4004
}
4005
4006
void helper_fldz_FT0(void)
4007
{
4008
FT0 = floatx80_zero;
4009
}
4010
4011
uint32_t helper_fnstsw(void)
4012
{
4013
return (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4014
}
4015
4016
uint32_t helper_fnstcw(void)
4017
{
4018
return env->fpuc;
4019
}
4020
4021
static void update_fp_status(void)
4022
{
4023
int rnd_type;
4024
4025
/* set rounding mode */
4026
switch(env->fpuc & FPU_RC_MASK) {
4027
default:
4028
case FPU_RC_NEAR:
4029
rnd_type = float_round_nearest_even;
4030
break;
4031
case FPU_RC_DOWN:
4032
rnd_type = float_round_down;
4033
break;
4034
case FPU_RC_UP:
4035
rnd_type = float_round_up;
4036
break;
4037
case FPU_RC_CHOP:
4038
rnd_type = float_round_to_zero;
4039
break;
4040
}
4041
set_float_rounding_mode(rnd_type, &env->fp_status);
4042
switch((env->fpuc >> 8) & 3) {
4043
case 0:
4044
rnd_type = 32;
4045
break;
4046
case 2:
4047
rnd_type = 64;
4048
break;
4049
case 3:
4050
default:
4051
rnd_type = 80;
4052
break;
4053
}
4054
set_floatx80_rounding_precision(rnd_type, &env->fp_status);
4055
}
4056
4057
void helper_fldcw(uint32_t val)
4058
{
4059
env->fpuc = val;
4060
update_fp_status();
4061
}
4062
4063
void helper_fclex(void)
4064
{
4065
env->fpus &= 0x7f00;
4066
}
4067
4068
void helper_fwait(void)
4069
{
4070
if (env->fpus & FPUS_SE)
4071
fpu_raise_exception();
4072
}
4073
4074
void helper_fninit(void)
4075
{
4076
env->fpus = 0;
4077
env->fpstt = 0;
4078
env->fpuc = 0x37f;
4079
env->fptags[0] = 1;
4080
env->fptags[1] = 1;
4081
env->fptags[2] = 1;
4082
env->fptags[3] = 1;
4083
env->fptags[4] = 1;
4084
env->fptags[5] = 1;
4085
env->fptags[6] = 1;
4086
env->fptags[7] = 1;
4087
}
4088
4089
/* BCD ops */
4090
4091
void helper_fbld_ST0(target_ulong ptr)
4092
{
4093
floatx80 tmp;
4094
uint64_t val;
4095
unsigned int v;
4096
int i;
4097
4098
val = 0;
4099
for(i = 8; i >= 0; i--) {
4100
v = ldub(ptr + i);
4101
val = (val * 100) + ((v >> 4) * 10) + (v & 0xf);
4102
}
4103
tmp = int64_to_floatx80(val, &env->fp_status);
4104
if (ldub(ptr + 9) & 0x80) {
4105
floatx80_chs(tmp);
4106
}
4107
fpush();
4108
ST0 = tmp;
4109
}
4110
4111
void helper_fbst_ST0(target_ulong ptr)
4112
{
4113
int v;
4114
target_ulong mem_ref, mem_end;
4115
int64_t val;
4116
4117
val = floatx80_to_int64(ST0, &env->fp_status);
4118
mem_ref = ptr;
4119
mem_end = mem_ref + 9;
4120
if (val < 0) {
4121
stb(mem_end, 0x80);
4122
val = -val;
4123
} else {
4124
stb(mem_end, 0x00);
4125
}
4126
while (mem_ref < mem_end) {
4127
if (val == 0)
4128
break;
4129
v = val % 100;
4130
val = val / 100;
4131
v = ((v / 10) << 4) | (v % 10);
4132
stb(mem_ref++, v);
4133
}
4134
while (mem_ref < mem_end) {
4135
stb(mem_ref++, 0);
4136
}
4137
}
4138
4139
void helper_f2xm1(void)
4140
{
4141
double val = floatx80_to_double(ST0);
4142
val = pow(2.0, val) - 1.0;
4143
ST0 = double_to_floatx80(val);
4144
}
4145
4146
void helper_fyl2x(void)
4147
{
4148
double fptemp = floatx80_to_double(ST0);
4149
4150
if (fptemp>0.0){
4151
fptemp = log(fptemp)/log(2.0); /* log2(ST) */
4152
fptemp *= floatx80_to_double(ST1);
4153
ST1 = double_to_floatx80(fptemp);
4154
fpop();
4155
} else {
4156
env->fpus &= (~0x4700);
4157
env->fpus |= 0x400;
4158
}
4159
}
4160
4161
void helper_fptan(void)
4162
{
4163
double fptemp = floatx80_to_double(ST0);
4164
4165
if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4166
env->fpus |= 0x400;
4167
} else {
4168
fptemp = tan(fptemp);
4169
ST0 = double_to_floatx80(fptemp);
4170
fpush();
4171
ST0 = floatx80_one;
4172
env->fpus &= (~0x400); /* C2 <-- 0 */
4173
/* the above code is for |arg| < 2**52 only */
4174
}
4175
}
4176
4177
void helper_fpatan(void)
4178
{
4179
double fptemp, fpsrcop;
4180
4181
fpsrcop = floatx80_to_double(ST1);
4182
fptemp = floatx80_to_double(ST0);
4183
ST1 = double_to_floatx80(atan2(fpsrcop, fptemp));
4184
fpop();
4185
}
4186
4187
void helper_fxtract(void)
4188
{
4189
CPU_LDoubleU temp;
4190
4191
temp.d = ST0;
4192
4193
if (floatx80_is_zero(ST0)) {
4194
/* Easy way to generate -inf and raising division by 0 exception */
4195
ST0 = floatx80_div(floatx80_chs(floatx80_one), floatx80_zero, &env->fp_status);
4196
fpush();
4197
ST0 = temp.d;
4198
} else {
4199
int expdif;
4200
4201
expdif = EXPD(temp) - EXPBIAS;
4202
/*DP exponent bias*/
4203
ST0 = int32_to_floatx80(expdif, &env->fp_status);
4204
fpush();
4205
BIASEXPONENT(temp);
4206
ST0 = temp.d;
4207
}
4208
}
4209
4210
void helper_fprem1(void)
4211
{
4212
double st0, st1, dblq, fpsrcop, fptemp;
4213
CPU_LDoubleU fpsrcop1, fptemp1;
4214
int expdif;
4215
signed long long int q;
4216
4217
st0 = floatx80_to_double(ST0);
4218
st1 = floatx80_to_double(ST1);
4219
4220
if (isinf(st0) || isnan(st0) || isnan(st1) || (st1 == 0.0)) {
4221
ST0 = double_to_floatx80(0.0 / 0.0); /* NaN */
4222
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4223
return;
4224
}
4225
4226
fpsrcop = st0;
4227
fptemp = st1;
4228
fpsrcop1.d = ST0;
4229
fptemp1.d = ST1;
4230
expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
4231
4232
if (expdif < 0) {
4233
/* optimisation? taken from the AMD docs */
4234
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4235
/* ST0 is unchanged */
4236
return;
4237
}
4238
4239
if (expdif < 53) {
4240
dblq = fpsrcop / fptemp;
4241
/* round dblq towards nearest integer */
4242
dblq = rint(dblq);
4243
st0 = fpsrcop - fptemp * dblq;
4244
4245
/* convert dblq to q by truncating towards zero */
4246
if (dblq < 0.0)
4247
q = (signed long long int)(-dblq);
4248
else
4249
q = (signed long long int)dblq;
4250
4251
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4252
/* (C0,C3,C1) <-- (q2,q1,q0) */
4253
env->fpus |= (q & 0x4) << (8 - 2); /* (C0) <-- q2 */
4254
env->fpus |= (q & 0x2) << (14 - 1); /* (C3) <-- q1 */
4255
env->fpus |= (q & 0x1) << (9 - 0); /* (C1) <-- q0 */
4256
} else {
4257
env->fpus |= 0x400; /* C2 <-- 1 */
4258
fptemp = pow(2.0, expdif - 50);
4259
fpsrcop = (st0 / st1) / fptemp;
4260
/* fpsrcop = integer obtained by chopping */
4261
fpsrcop = (fpsrcop < 0.0) ?
4262
-(floor(fabs(fpsrcop))) : floor(fpsrcop);
4263
st0 -= (st1 * fpsrcop * fptemp);
4264
}
4265
ST0 = double_to_floatx80(st0);
4266
}
4267
4268
void helper_fprem(void)
4269
{
4270
double st0, st1, dblq, fpsrcop, fptemp;
4271
CPU_LDoubleU fpsrcop1, fptemp1;
4272
int expdif;
4273
signed long long int q;
4274
4275
st0 = floatx80_to_double(ST0);
4276
st1 = floatx80_to_double(ST1);
4277
4278
if (isinf(st0) || isnan(st0) || isnan(st1) || (st1 == 0.0)) {
4279
ST0 = double_to_floatx80(0.0 / 0.0); /* NaN */
4280
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4281
return;
4282
}
4283
4284
fpsrcop = st0;
4285
fptemp = st1;
4286
fpsrcop1.d = ST0;
4287
fptemp1.d = ST1;
4288
expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
4289
4290
if (expdif < 0) {
4291
/* optimisation? taken from the AMD docs */
4292
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4293
/* ST0 is unchanged */
4294
return;
4295
}
4296
4297
if ( expdif < 53 ) {
4298
dblq = fpsrcop/*ST0*/ / fptemp/*ST1*/;
4299
/* round dblq towards zero */
4300
dblq = (dblq < 0.0) ? ceil(dblq) : floor(dblq);
4301
st0 = fpsrcop/*ST0*/ - fptemp * dblq;
4302
4303
/* convert dblq to q by truncating towards zero */
4304
if (dblq < 0.0)
4305
q = (signed long long int)(-dblq);
4306
else
4307
q = (signed long long int)dblq;
4308
4309
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4310
/* (C0,C3,C1) <-- (q2,q1,q0) */
4311
env->fpus |= (q & 0x4) << (8 - 2); /* (C0) <-- q2 */
4312
env->fpus |= (q & 0x2) << (14 - 1); /* (C3) <-- q1 */
4313
env->fpus |= (q & 0x1) << (9 - 0); /* (C1) <-- q0 */
4314
} else {
4315
int N = 32 + (expdif % 32); /* as per AMD docs */
4316
env->fpus |= 0x400; /* C2 <-- 1 */
4317
fptemp = pow(2.0, (double)(expdif - N));
4318
fpsrcop = (st0 / st1) / fptemp;
4319
/* fpsrcop = integer obtained by chopping */
4320
fpsrcop = (fpsrcop < 0.0) ?
4321
-(floor(fabs(fpsrcop))) : floor(fpsrcop);
4322
st0 -= (st1 * fpsrcop * fptemp);
4323
}
4324
ST0 = double_to_floatx80(st0);
4325
}
4326
4327
void helper_fyl2xp1(void)
4328
{
4329
double fptemp = floatx80_to_double(ST0);
4330
4331
if ((fptemp+1.0)>0.0) {
4332
fptemp = log(fptemp+1.0) / log(2.0); /* log2(ST+1.0) */
4333
fptemp *= floatx80_to_double(ST1);
4334
ST1 = double_to_floatx80(fptemp);
4335
fpop();
4336
} else {
4337
env->fpus &= (~0x4700);
4338
env->fpus |= 0x400;
4339
}
4340
}
4341
4342
void helper_fsqrt(void)
4343
{
4344
if (floatx80_is_neg(ST0)) {
4345
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4346
env->fpus |= 0x400;
4347
}
4348
ST0 = floatx80_sqrt(ST0, &env->fp_status);
4349
}
4350
4351
void helper_fsincos(void)
4352
{
4353
double fptemp = floatx80_to_double(ST0);
4354
4355
if ((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4356
env->fpus |= 0x400;
4357
} else {
4358
ST0 = double_to_floatx80(sin(fptemp));
4359
fpush();
4360
ST0 = double_to_floatx80(cos(fptemp));
4361
env->fpus &= (~0x400); /* C2 <-- 0 */
4362
/* the above code is for |arg| < 2**63 only */
4363
}
4364
}
4365
4366
void helper_frndint(void)
4367
{
4368
ST0 = floatx80_round_to_int(ST0, &env->fp_status);
4369
}
4370
4371
void helper_fscale(void)
4372
{
4373
if (floatx80_is_any_nan(ST1)) {
4374
ST0 = ST1;
4375
} else {
4376
int n = floatx80_to_int32_round_to_zero(ST1, &env->fp_status);
4377
ST0 = floatx80_scalbn(ST0, n, &env->fp_status);
4378
}
4379
}
4380
4381
void helper_fsin(void)
4382
{
4383
double fptemp = floatx80_to_double(ST0);
4384
4385
if ((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4386
env->fpus |= 0x400;
4387
} else {
4388
ST0 = double_to_floatx80(sin(fptemp));
4389
env->fpus &= (~0x400); /* C2 <-- 0 */
4390
/* the above code is for |arg| < 2**53 only */
4391
}
4392
}
4393
4394
void helper_fcos(void)
4395
{
4396
double fptemp = floatx80_to_double(ST0);
4397
4398
if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4399
env->fpus |= 0x400;
4400
} else {
4401
ST0 = double_to_floatx80(cos(fptemp));
4402
env->fpus &= (~0x400); /* C2 <-- 0 */
4403
/* the above code is for |arg5 < 2**63 only */
4404
}
4405
}
4406
4407
void helper_fxam_ST0(void)
4408
{
4409
CPU_LDoubleU temp;
4410
int expdif;
4411
4412
temp.d = ST0;
4413
4414
env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4415
if (SIGND(temp))
4416
env->fpus |= 0x200; /* C1 <-- 1 */
4417
4418
/* XXX: test fptags too */
4419
expdif = EXPD(temp);
4420
if (expdif == MAXEXPD) {
4421
if (MANTD(temp) == 0x8000000000000000ULL)
4422
env->fpus |= 0x500 /*Infinity*/;
4423
else
4424
env->fpus |= 0x100 /*NaN*/;
4425
} else if (expdif == 0) {
4426
if (MANTD(temp) == 0)
4427
env->fpus |= 0x4000 /*Zero*/;
4428
else
4429
env->fpus |= 0x4400 /*Denormal*/;
4430
} else {
4431
env->fpus |= 0x400;
4432
}
4433
}
4434
4435
void helper_fstenv(target_ulong ptr, int data32)
4436
{
4437
int fpus, fptag, exp, i;
4438
uint64_t mant;
4439
CPU_LDoubleU tmp;
4440
4441
fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4442
fptag = 0;
4443
for (i=7; i>=0; i--) {
4444
fptag <<= 2;
4445
if (env->fptags[i]) {
4446
fptag |= 3;
4447
} else {
4448
tmp.d = env->fpregs[i].d;
4449
exp = EXPD(tmp);
4450
mant = MANTD(tmp);
4451
if (exp == 0 && mant == 0) {
4452
/* zero */
4453
fptag |= 1;
4454
} else if (exp == 0 || exp == MAXEXPD
4455
|| (mant & (1LL << 63)) == 0
4456
) {
4457
/* NaNs, infinity, denormal */
4458
fptag |= 2;
4459
}
4460
}
4461
}
4462
if (data32) {
4463
/* 32 bit */
4464
stl(ptr, env->fpuc);
4465
stl(ptr + 4, fpus);
4466
stl(ptr + 8, fptag);
4467
stl(ptr + 12, 0); /* fpip */
4468
stl(ptr + 16, 0); /* fpcs */
4469
stl(ptr + 20, 0); /* fpoo */
4470
stl(ptr + 24, 0); /* fpos */
4471
} else {
4472
/* 16 bit */
4473
stw(ptr, env->fpuc);
4474
stw(ptr + 2, fpus);
4475
stw(ptr + 4, fptag);
4476
stw(ptr + 6, 0);
4477
stw(ptr + 8, 0);
4478
stw(ptr + 10, 0);
4479
stw(ptr + 12, 0);
4480
}
4481
}
4482
4483
void helper_fldenv(target_ulong ptr, int data32)
4484
{
4485
int i, fpus, fptag;
4486
4487
if (data32) {
4488
env->fpuc = lduw(ptr);
4489
fpus = lduw(ptr + 4);
4490
fptag = lduw(ptr + 8);
4491
}
4492
else {
4493
env->fpuc = lduw(ptr);
4494
fpus = lduw(ptr + 2);
4495
fptag = lduw(ptr + 4);
4496
}
4497
env->fpstt = (fpus >> 11) & 7;
4498
env->fpus = fpus & ~0x3800;
4499
for(i = 0;i < 8; i++) {
4500
env->fptags[i] = ((fptag & 3) == 3);
4501
fptag >>= 2;
4502
}
4503
}
4504
4505
void helper_fsave(target_ulong ptr, int data32)
4506
{
4507
floatx80 tmp;
4508
int i;
4509
4510
helper_fstenv(ptr, data32);
4511
4512
ptr += (14 << data32);
4513
for(i = 0;i < 8; i++) {
4514
tmp = ST(i);
4515
helper_fstt(tmp, ptr);
4516
ptr += 10;
4517
}
4518
4519
/* fninit */
4520
env->fpus = 0;
4521
env->fpstt = 0;
4522
env->fpuc = 0x37f;
4523
env->fptags[0] = 1;
4524
env->fptags[1] = 1;
4525
env->fptags[2] = 1;
4526
env->fptags[3] = 1;
4527
env->fptags[4] = 1;
4528
env->fptags[5] = 1;
4529
env->fptags[6] = 1;
4530
env->fptags[7] = 1;
4531
}
4532
4533
void helper_frstor(target_ulong ptr, int data32)
4534
{
4535
floatx80 tmp;
4536
int i;
4537
4538
helper_fldenv(ptr, data32);
4539
ptr += (14 << data32);
4540
4541
for(i = 0;i < 8; i++) {
4542
tmp = helper_fldt(ptr);
4543
ST(i) = tmp;
4544
ptr += 10;
4545
}
4546
}
4547
4548
4549
#if defined(CONFIG_USER_ONLY)
4550
void cpu_x86_load_seg(CPUX86State *s, int seg_reg, int selector)
4551
{
4552
CPUX86State *saved_env;
4553
4554
saved_env = env;
4555
env = s;
4556
if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
4557
selector &= 0xffff;
4558
cpu_x86_load_seg_cache(env, seg_reg, selector,
4559
(selector << 4), 0xffff, 0);
4560
} else {
4561
helper_load_seg(seg_reg, selector);
4562
}
4563
env = saved_env;
4564
}
4565
4566
void cpu_x86_fsave(CPUX86State *s, target_ulong ptr, int data32)
4567
{
4568
CPUX86State *saved_env;
4569
4570
saved_env = env;
4571
env = s;
4572
4573
helper_fsave(ptr, data32);
4574
4575
env = saved_env;
4576
}
4577
4578
void cpu_x86_frstor(CPUX86State *s, target_ulong ptr, int data32)
4579
{
4580
CPUX86State *saved_env;
4581
4582
saved_env = env;
4583
env = s;
4584
4585
helper_frstor(ptr, data32);
4586
4587
env = saved_env;
4588
}
4589
#endif
4590
4591
void helper_fxsave(target_ulong ptr, int data64)
4592
{
4593
int fpus, fptag, i, nb_xmm_regs;
4594
floatx80 tmp;
4595
target_ulong addr;
4596
4597
/* The operand must be 16 byte aligned */
4598
if (ptr & 0xf) {
4599
raise_exception(EXCP0D_GPF);
4600
}
4601
4602
fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4603
fptag = 0;
4604
for(i = 0; i < 8; i++) {
4605
fptag |= (env->fptags[i] << i);
4606
}
4607
stw(ptr, env->fpuc);
4608
stw(ptr + 2, fpus);
4609
stw(ptr + 4, fptag ^ 0xff);
4610
#ifdef TARGET_X86_64
4611
if (data64) {
4612
stq(ptr + 0x08, 0); /* rip */
4613
stq(ptr + 0x10, 0); /* rdp */
4614
} else
4615
#endif
4616
{
4617
stl(ptr + 0x08, 0); /* eip */
4618
stl(ptr + 0x0c, 0); /* sel */
4619
stl(ptr + 0x10, 0); /* dp */
4620
stl(ptr + 0x14, 0); /* sel */
4621
}
4622
4623
addr = ptr + 0x20;
4624
for(i = 0;i < 8; i++) {
4625
tmp = ST(i);
4626
helper_fstt(tmp, addr);
4627
addr += 16;
4628
}
4629
4630
if (env->cr[4] & CR4_OSFXSR_MASK) {
4631
/* XXX: finish it */
4632
stl(ptr + 0x18, env->mxcsr); /* mxcsr */
4633
stl(ptr + 0x1c, 0x0000ffff); /* mxcsr_mask */
4634
if (env->hflags & HF_CS64_MASK)
4635
nb_xmm_regs = 16;
4636
else
4637
nb_xmm_regs = 8;
4638
addr = ptr + 0xa0;
4639
/* Fast FXSAVE leaves out the XMM registers */
4640
if (!(env->efer & MSR_EFER_FFXSR)
4641
|| (env->hflags & HF_CPL_MASK)
4642
|| !(env->hflags & HF_LMA_MASK)) {
4643
for(i = 0; i < nb_xmm_regs; i++) {
4644
stq(addr, env->xmm_regs[i].XMM_Q(0));
4645
stq(addr + 8, env->xmm_regs[i].XMM_Q(1));
4646
addr += 16;
4647
}
4648
}
4649
}
4650
}
4651
4652
void helper_fxrstor(target_ulong ptr, int data64)
4653
{
4654
int i, fpus, fptag, nb_xmm_regs;
4655
floatx80 tmp;
4656
target_ulong addr;
4657
4658
/* The operand must be 16 byte aligned */
4659
if (ptr & 0xf) {
4660
raise_exception(EXCP0D_GPF);
4661
}
4662
4663
env->fpuc = lduw(ptr);
4664
fpus = lduw(ptr + 2);
4665
fptag = lduw(ptr + 4);
4666
env->fpstt = (fpus >> 11) & 7;
4667
env->fpus = fpus & ~0x3800;
4668
fptag ^= 0xff;
4669
for(i = 0;i < 8; i++) {
4670
env->fptags[i] = ((fptag >> i) & 1);
4671
}
4672
4673
addr = ptr + 0x20;
4674
for(i = 0;i < 8; i++) {
4675
tmp = helper_fldt(addr);
4676
ST(i) = tmp;
4677
addr += 16;
4678
}
4679
4680
if (env->cr[4] & CR4_OSFXSR_MASK) {
4681
/* XXX: finish it */
4682
env->mxcsr = ldl(ptr + 0x18);
4683
//ldl(ptr + 0x1c);
4684
if (env->hflags & HF_CS64_MASK)
4685
nb_xmm_regs = 16;
4686
else
4687
nb_xmm_regs = 8;
4688
addr = ptr + 0xa0;
4689
/* Fast FXRESTORE leaves out the XMM registers */
4690
if (!(env->efer & MSR_EFER_FFXSR)
4691
|| (env->hflags & HF_CPL_MASK)
4692
|| !(env->hflags & HF_LMA_MASK)) {
4693
for(i = 0; i < nb_xmm_regs; i++) {
4694
env->xmm_regs[i].XMM_Q(0) = ldq(addr);
4695
env->xmm_regs[i].XMM_Q(1) = ldq(addr + 8);
4696
addr += 16;
4697
}
4698
}
4699
}
4700
}
4701
4702
void cpu_get_fp80(uint64_t *pmant, uint16_t *pexp, floatx80 f)
4703
{
4704
CPU_LDoubleU temp;
4705
4706
temp.d = f;
4707
*pmant = temp.l.lower;
4708
*pexp = temp.l.upper;
4709
}
4710
4711
floatx80 cpu_set_fp80(uint64_t mant, uint16_t upper)
4712
{
4713
CPU_LDoubleU temp;
4714
4715
temp.l.upper = upper;
4716
temp.l.lower = mant;
4717
return temp.d;
4718
}
4719
4720
#ifdef TARGET_X86_64
4721
4722
//#define DEBUG_MULDIV
4723
4724
static void add128(uint64_t *plow, uint64_t *phigh, uint64_t a, uint64_t b)
4725
{
4726
*plow += a;
4727
/* carry test */
4728
if (*plow < a)
4729
(*phigh)++;
4730
*phigh += b;
4731
}
4732
4733
static void neg128(uint64_t *plow, uint64_t *phigh)
4734
{
4735
*plow = ~ *plow;
4736
*phigh = ~ *phigh;
4737
add128(plow, phigh, 1, 0);
4738
}
4739
4740
/* return TRUE if overflow */
4741
static int div64(uint64_t *plow, uint64_t *phigh, uint64_t b)
4742
{
4743
uint64_t q, r, a1, a0;
4744
int i, qb, ab;
4745
4746
a0 = *plow;
4747
a1 = *phigh;
4748
if (a1 == 0) {
4749
q = a0 / b;
4750
r = a0 % b;
4751
*plow = q;
4752
*phigh = r;
4753
} else {
4754
if (a1 >= b)
4755
return 1;
4756
/* XXX: use a better algorithm */
4757
for(i = 0; i < 64; i++) {
4758
ab = a1 >> 63;
4759
a1 = (a1 << 1) | (a0 >> 63);
4760
if (ab || a1 >= b) {
4761
a1 -= b;
4762
qb = 1;
4763
} else {
4764
qb = 0;
4765
}
4766
a0 = (a0 << 1) | qb;
4767
}
4768
#if defined(DEBUG_MULDIV)
4769
printf("div: 0x%016" PRIx64 "%016" PRIx64 " / 0x%016" PRIx64 ": q=0x%016" PRIx64 " r=0x%016" PRIx64 "\n",
4770
*phigh, *plow, b, a0, a1);
4771
#endif
4772
*plow = a0;
4773
*phigh = a1;
4774
}
4775
return 0;
4776
}
4777
4778
/* return TRUE if overflow */
4779
static int idiv64(uint64_t *plow, uint64_t *phigh, int64_t b)
4780
{
4781
int sa, sb;
4782
sa = ((int64_t)*phigh < 0);
4783
if (sa)
4784
neg128(plow, phigh);
4785
sb = (b < 0);
4786
if (sb)
4787
b = -b;
4788
if (div64(plow, phigh, b) != 0)
4789
return 1;
4790
if (sa ^ sb) {
4791
if (*plow > (1ULL << 63))
4792
return 1;
4793
*plow = - *plow;
4794
} else {
4795
if (*plow >= (1ULL << 63))
4796
return 1;
4797
}
4798
if (sa)
4799
*phigh = - *phigh;
4800
return 0;
4801
}
4802
4803
void helper_mulq_EAX_T0(target_ulong t0)
4804
{
4805
uint64_t r0, r1;
4806
4807
mulu64(&r0, &r1, EAX, t0);
4808
EAX = r0;
4809
EDX = r1;
4810
CC_DST = r0;
4811
CC_SRC = r1;
4812
}
4813
4814
void helper_imulq_EAX_T0(target_ulong t0)
4815
{
4816
uint64_t r0, r1;
4817
4818
muls64(&r0, &r1, EAX, t0);
4819
EAX = r0;
4820
EDX = r1;
4821
CC_DST = r0;
4822
CC_SRC = ((int64_t)r1 != ((int64_t)r0 >> 63));
4823
}
4824
4825
target_ulong helper_imulq_T0_T1(target_ulong t0, target_ulong t1)
4826
{
4827
uint64_t r0, r1;
4828
4829
muls64(&r0, &r1, t0, t1);
4830
CC_DST = r0;
4831
CC_SRC = ((int64_t)r1 != ((int64_t)r0 >> 63));
4832
return r0;
4833
}
4834
4835
void helper_divq_EAX(target_ulong t0)
4836
{
4837
uint64_t r0, r1;
4838
if (t0 == 0) {
4839
raise_exception(EXCP00_DIVZ);
4840
}
4841
r0 = EAX;
4842
r1 = EDX;
4843
if (div64(&r0, &r1, t0))
4844
raise_exception(EXCP00_DIVZ);
4845
EAX = r0;
4846
EDX = r1;
4847
}
4848
4849
void helper_idivq_EAX(target_ulong t0)
4850
{
4851
uint64_t r0, r1;
4852
if (t0 == 0) {
4853
raise_exception(EXCP00_DIVZ);
4854
}
4855
r0 = EAX;
4856
r1 = EDX;
4857
if (idiv64(&r0, &r1, t0))
4858
raise_exception(EXCP00_DIVZ);
4859
EAX = r0;
4860
EDX = r1;
4861
}
4862
#endif
4863
4864
static void do_hlt(void)
4865
{
4866
env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */
4867
env->halted = 1;
4868
env->exception_index = EXCP_HLT;
4869
cpu_loop_exit(env);
4870
}
4871
4872
void helper_hlt(int next_eip_addend)
4873
{
4874
helper_svm_check_intercept_param(SVM_EXIT_HLT, 0);
4875
EIP += next_eip_addend;
4876
4877
do_hlt();
4878
}
4879
4880
void helper_monitor(target_ulong ptr)
4881
{
4882
if ((uint32_t)ECX != 0)
4883
raise_exception(EXCP0D_GPF);
4884
/* XXX: store address ? */
4885
helper_svm_check_intercept_param(SVM_EXIT_MONITOR, 0);
4886
}
4887
4888
void helper_mwait(int next_eip_addend)
4889
{
4890
if ((uint32_t)ECX != 0)
4891
raise_exception(EXCP0D_GPF);
4892
helper_svm_check_intercept_param(SVM_EXIT_MWAIT, 0);
4893
EIP += next_eip_addend;
4894
4895
/* XXX: not complete but not completely erroneous */
4896
if (env->cpu_index != 0 || env->next_cpu != NULL) {
4897
/* more than one CPU: do not sleep because another CPU may
4898
wake this one */
4899
} else {
4900
do_hlt();
4901
}
4902
}
4903
4904
void helper_debug(void)
4905
{
4906
env->exception_index = EXCP_DEBUG;
4907
cpu_loop_exit(env);
4908
}
4909
4910
void helper_reset_rf(void)
4911
{
4912
env->eflags &= ~RF_MASK;
4913
}
4914
4915
void helper_raise_interrupt(int intno, int next_eip_addend)
4916
{
4917
raise_interrupt(intno, 1, 0, next_eip_addend);
4918
}
4919
4920
void helper_raise_exception(int exception_index)
4921
{
4922
raise_exception(exception_index);
4923
}
4924
4925
void helper_cli(void)
4926
{
4927
env->eflags &= ~IF_MASK;
4928
}
4929
4930
void helper_sti(void)
4931
{
4932
env->eflags |= IF_MASK;
4933
}
4934
4935
#if 0
4936
/* vm86plus instructions */
4937
void helper_cli_vm(void)
4938
{
4939
env->eflags &= ~VIF_MASK;
4940
}
4941
4942
void helper_sti_vm(void)
4943
{
4944
env->eflags |= VIF_MASK;
4945
if (env->eflags & VIP_MASK) {
4946
raise_exception(EXCP0D_GPF);
4947
}
4948
}
4949
#endif
4950
4951
void helper_set_inhibit_irq(void)
4952
{
4953
env->hflags |= HF_INHIBIT_IRQ_MASK;
4954
}
4955
4956
void helper_reset_inhibit_irq(void)
4957
{
4958
env->hflags &= ~HF_INHIBIT_IRQ_MASK;
4959
}
4960
4961
void helper_boundw(target_ulong a0, int v)
4962
{
4963
int low, high;
4964
low = ldsw(a0);
4965
high = ldsw(a0 + 2);
4966
v = (int16_t)v;
4967
if (v < low || v > high) {
4968
raise_exception(EXCP05_BOUND);
4969
}
4970
}
4971
4972
void helper_boundl(target_ulong a0, int v)
4973
{
4974
int low, high;
4975
low = ldl(a0);
4976
high = ldl(a0 + 4);
4977
if (v < low || v > high) {
4978
raise_exception(EXCP05_BOUND);
4979
}
4980
}
4981
4982
#if !defined(CONFIG_USER_ONLY)
4983
4984
#define MMUSUFFIX _mmu
4985
4986
#define SHIFT 0
4987
#include "softmmu_template.h"
4988
4989
#define SHIFT 1
4990
#include "softmmu_template.h"
4991
4992
#define SHIFT 2
4993
#include "softmmu_template.h"
4994
4995
#define SHIFT 3
4996
#include "softmmu_template.h"
4997
4998
#endif
4999
5000
#if !defined(CONFIG_USER_ONLY)
5001
/* try to fill the TLB and return an exception if error. If retaddr is
5002
NULL, it means that the function was called in C code (i.e. not
5003
from generated code or from helper.c) */
5004
/* XXX: fix it to restore all registers */
5005
void tlb_fill(CPUState *env1, target_ulong addr, int is_write, int mmu_idx,
5006
void *retaddr)
5007
{
5008
TranslationBlock *tb;
5009
int ret;
5010
unsigned long pc;
5011
CPUX86State *saved_env;
5012
5013
saved_env = env;
5014
env = env1;
5015
5016
ret = cpu_x86_handle_mmu_fault(env, addr, is_write, mmu_idx);
5017
if (ret) {
5018
if (retaddr) {
5019
/* now we have a real cpu fault */
5020
pc = (unsigned long)retaddr;
5021
tb = tb_find_pc(pc);
5022
if (tb) {
5023
/* the PC is inside the translated code. It means that we have
5024
a virtual CPU fault */
5025
cpu_restore_state(tb, env, pc);
5026
}
5027
}
5028
raise_exception_err(env->exception_index, env->error_code);
5029
}
5030
env = saved_env;
5031
}
5032
#endif
5033
5034
/* Secure Virtual Machine helpers */
5035
5036
#if defined(CONFIG_USER_ONLY)
5037
5038
void helper_vmrun(int aflag, int next_eip_addend)
5039
{
5040
}
5041
void helper_vmmcall(void)
5042
{
5043
}
5044
void helper_vmload(int aflag)
5045
{
5046
}
5047
void helper_vmsave(int aflag)
5048
{
5049
}
5050
void helper_stgi(void)
5051
{
5052
}
5053
void helper_clgi(void)
5054
{
5055
}
5056
void helper_skinit(void)
5057
{
5058
}
5059
void helper_invlpga(int aflag)
5060
{
5061
}
5062
void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
5063
{
5064
}
5065
void helper_svm_check_intercept_param(uint32_t type, uint64_t param)
5066
{
5067
}
5068
5069
void svm_check_intercept(CPUState *env1, uint32_t type)
5070
{
5071
}
5072
5073
void helper_svm_check_io(uint32_t port, uint32_t param,
5074
uint32_t next_eip_addend)
5075
{
5076
}
5077
#else
5078
5079
static inline void svm_save_seg(target_phys_addr_t addr,
5080
const SegmentCache *sc)
5081
{
5082
stw_phys(addr + offsetof(struct vmcb_seg, selector),
5083
sc->selector);
5084
stq_phys(addr + offsetof(struct vmcb_seg, base),
5085
sc->base);
5086
stl_phys(addr + offsetof(struct vmcb_seg, limit),
5087
sc->limit);
5088
stw_phys(addr + offsetof(struct vmcb_seg, attrib),
5089
((sc->flags >> 8) & 0xff) | ((sc->flags >> 12) & 0x0f00));
5090
}
5091
5092
static inline void svm_load_seg(target_phys_addr_t addr, SegmentCache *sc)
5093
{
5094
unsigned int flags;
5095
5096
sc->selector = lduw_phys(addr + offsetof(struct vmcb_seg, selector));
5097
sc->base = ldq_phys(addr + offsetof(struct vmcb_seg, base));
5098
sc->limit = ldl_phys(addr + offsetof(struct vmcb_seg, limit));
5099
flags = lduw_phys(addr + offsetof(struct vmcb_seg, attrib));
5100
sc->flags = ((flags & 0xff) << 8) | ((flags & 0x0f00) << 12);
5101
}
5102
5103
static inline void svm_load_seg_cache(target_phys_addr_t addr,
5104
CPUState *env, int seg_reg)
5105
{
5106
SegmentCache sc1, *sc = &sc1;
5107
svm_load_seg(addr, sc);
5108
cpu_x86_load_seg_cache(env, seg_reg, sc->selector,
5109
sc->base, sc->limit, sc->flags);
5110
}
5111
5112
void helper_vmrun(int aflag, int next_eip_addend)
5113
{
5114
target_ulong addr;
5115
uint32_t event_inj;
5116
uint32_t int_ctl;
5117
5118
helper_svm_check_intercept_param(SVM_EXIT_VMRUN, 0);
5119
5120
if (aflag == 2)
5121
addr = EAX;
5122
else
5123
addr = (uint32_t)EAX;
5124
5125
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmrun! " TARGET_FMT_lx "\n", addr);
5126
5127
env->vm_vmcb = addr;
5128
5129
/* save the current CPU state in the hsave page */
5130
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.base), env->gdt.base);
5131
stl_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit), env->gdt.limit);
5132
5133
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.base), env->idt.base);
5134
stl_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.limit), env->idt.limit);
5135
5136
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr0), env->cr[0]);
5137
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr2), env->cr[2]);
5138
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr3), env->cr[3]);
5139
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr4), env->cr[4]);
5140
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr6), env->dr[6]);
5141
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr7), env->dr[7]);
5142
5143
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.efer), env->efer);
5144
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rflags), compute_eflags());
5145
5146
svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.es),
5147
&env->segs[R_ES]);
5148
svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.cs),
5149
&env->segs[R_CS]);
5150
svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ss),
5151
&env->segs[R_SS]);
5152
svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ds),
5153
&env->segs[R_DS]);
5154
5155
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip),
5156
EIP + next_eip_addend);
5157
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp), ESP);
5158
stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax), EAX);
5159
5160
/* load the interception bitmaps so we do not need to access the
5161
vmcb in svm mode */
5162
env->intercept = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept));
5163
env->intercept_cr_read = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_cr_read));
5164
env->intercept_cr_write = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_cr_write));
5165
env->intercept_dr_read = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_dr_read));
5166
env->intercept_dr_write = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_dr_write));
5167
env->intercept_exceptions = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_exceptions));
5168
5169
/* enable intercepts */
5170
env->hflags |= HF_SVMI_MASK;
5171
5172
env->tsc_offset = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.tsc_offset));
5173
5174
env->gdt.base = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base));
5175
env->gdt.limit = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit));
5176
5177
env->idt.base = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.base));
5178
env->idt.limit = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit));
5179
5180
/* clear exit_info_2 so we behave like the real hardware */
5181
stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2), 0);
5182
5183
cpu_x86_update_cr0(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr0)));
5184
cpu_x86_update_cr4(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr4)));
5185
cpu_x86_update_cr3(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr3)));
5186
env->cr[2] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr2));
5187
int_ctl = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
5188
env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
5189
if (int_ctl & V_INTR_MASKING_MASK) {
5190
env->v_tpr = int_ctl & V_TPR_MASK;
5191
env->hflags2 |= HF2_VINTR_MASK;
5192
if (env->eflags & IF_MASK)
5193
env->hflags2 |= HF2_HIF_MASK;
5194
}
5195
5196
cpu_load_efer(env,
5197
ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.efer)));
5198
env->eflags = 0;
5199
load_eflags(ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rflags)),
5200
~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
5201
CC_OP = CC_OP_EFLAGS;
5202
5203
svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.es),
5204
env, R_ES);
5205
svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.cs),
5206
env, R_CS);
5207
svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.ss),
5208
env, R_SS);
5209
svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.ds),
5210
env, R_DS);
5211
5212
EIP = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rip));
5213
env->eip = EIP;
5214
ESP = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rsp));
5215
EAX = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rax));
5216
env->dr[7] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr7));
5217
env->dr[6] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr6));
5218
cpu_x86_set_cpl(env, ldub_phys(env->vm_vmcb + offsetof(struct vmcb, save.cpl)));
5219
5220
/* FIXME: guest state consistency checks */
5221
5222
switch(ldub_phys(env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) {
5223
case TLB_CONTROL_DO_NOTHING:
5224
break;
5225
case TLB_CONTROL_FLUSH_ALL_ASID:
5226
/* FIXME: this is not 100% correct but should work for now */
5227
tlb_flush(env, 1);
5228
break;
5229
}
5230
5231
env->hflags2 |= HF2_GIF_MASK;
5232
5233
if (int_ctl & V_IRQ_MASK) {
5234
env->interrupt_request |= CPU_INTERRUPT_VIRQ;
5235
}
5236
5237
/* maybe we need to inject an event */
5238
event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
5239
if (event_inj & SVM_EVTINJ_VALID) {
5240
uint8_t vector = event_inj & SVM_EVTINJ_VEC_MASK;
5241
uint16_t valid_err = event_inj & SVM_EVTINJ_VALID_ERR;
5242
uint32_t event_inj_err = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err));
5243
5244
qemu_log_mask(CPU_LOG_TB_IN_ASM, "Injecting(%#hx): ", valid_err);
5245
/* FIXME: need to implement valid_err */
5246
switch (event_inj & SVM_EVTINJ_TYPE_MASK) {
5247
case SVM_EVTINJ_TYPE_INTR:
5248
env->exception_index = vector;
5249
env->error_code = event_inj_err;
5250
env->exception_is_int = 0;
5251
env->exception_next_eip = -1;
5252
qemu_log_mask(CPU_LOG_TB_IN_ASM, "INTR");
5253
/* XXX: is it always correct ? */
5254
do_interrupt_all(vector, 0, 0, 0, 1);
5255
break;
5256
case SVM_EVTINJ_TYPE_NMI:
5257
env->exception_index = EXCP02_NMI;
5258
env->error_code = event_inj_err;
5259
env->exception_is_int = 0;
5260
env->exception_next_eip = EIP;
5261
qemu_log_mask(CPU_LOG_TB_IN_ASM, "NMI");
5262
cpu_loop_exit(env);
5263
break;
5264
case SVM_EVTINJ_TYPE_EXEPT:
5265
env->exception_index = vector;
5266
env->error_code = event_inj_err;
5267
env->exception_is_int = 0;
5268
env->exception_next_eip = -1;
5269
qemu_log_mask(CPU_LOG_TB_IN_ASM, "EXEPT");
5270
cpu_loop_exit(env);
5271
break;
5272
case SVM_EVTINJ_TYPE_SOFT:
5273
env->exception_index = vector;
5274
env->error_code = event_inj_err;
5275
env->exception_is_int = 1;
5276
env->exception_next_eip = EIP;
5277
qemu_log_mask(CPU_LOG_TB_IN_ASM, "SOFT");
5278
cpu_loop_exit(env);
5279
break;
5280
}
5281
qemu_log_mask(CPU_LOG_TB_IN_ASM, " %#x %#x\n", env->exception_index, env->error_code);
5282
}
5283
}
5284
5285
void helper_vmmcall(void)
5286
{
5287
helper_svm_check_intercept_param(SVM_EXIT_VMMCALL, 0);
5288
raise_exception(EXCP06_ILLOP);
5289
}
5290
5291
void helper_vmload(int aflag)
5292
{
5293
target_ulong addr;
5294
helper_svm_check_intercept_param(SVM_EXIT_VMLOAD, 0);
5295
5296
if (aflag == 2)
5297
addr = EAX;
5298
else
5299
addr = (uint32_t)EAX;
5300
5301
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmload! " TARGET_FMT_lx "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
5302
addr, ldq_phys(addr + offsetof(struct vmcb, save.fs.base)),
5303
env->segs[R_FS].base);
5304
5305
svm_load_seg_cache(addr + offsetof(struct vmcb, save.fs),
5306
env, R_FS);
5307
svm_load_seg_cache(addr + offsetof(struct vmcb, save.gs),
5308
env, R_GS);
5309
svm_load_seg(addr + offsetof(struct vmcb, save.tr),
5310
&env->tr);
5311
svm_load_seg(addr + offsetof(struct vmcb, save.ldtr),
5312
&env->ldt);
5313
5314
#ifdef TARGET_X86_64
5315
env->kernelgsbase = ldq_phys(addr + offsetof(struct vmcb, save.kernel_gs_base));
5316
env->lstar = ldq_phys(addr + offsetof(struct vmcb, save.lstar));
5317
env->cstar = ldq_phys(addr + offsetof(struct vmcb, save.cstar));
5318
env->fmask = ldq_phys(addr + offsetof(struct vmcb, save.sfmask));
5319
#endif
5320
env->star = ldq_phys(addr + offsetof(struct vmcb, save.star));
5321
env->sysenter_cs = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_cs));
5322
env->sysenter_esp = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_esp));
5323
env->sysenter_eip = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_eip));
5324
}
5325
5326
void helper_vmsave(int aflag)
5327
{
5328
target_ulong addr;
5329
helper_svm_check_intercept_param(SVM_EXIT_VMSAVE, 0);
5330
5331
if (aflag == 2)
5332
addr = EAX;
5333
else
5334
addr = (uint32_t)EAX;
5335
5336
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmsave! " TARGET_FMT_lx "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
5337
addr, ldq_phys(addr + offsetof(struct vmcb, save.fs.base)),
5338
env->segs[R_FS].base);
5339
5340
svm_save_seg(addr + offsetof(struct vmcb, save.fs),
5341
&env->segs[R_FS]);
5342
svm_save_seg(addr + offsetof(struct vmcb, save.gs),
5343
&env->segs[R_GS]);
5344
svm_save_seg(addr + offsetof(struct vmcb, save.tr),
5345
&env->tr);
5346
svm_save_seg(addr + offsetof(struct vmcb, save.ldtr),
5347
&env->ldt);
5348
5349
#ifdef TARGET_X86_64
5350
stq_phys(addr + offsetof(struct vmcb, save.kernel_gs_base), env->kernelgsbase);
5351
stq_phys(addr + offsetof(struct vmcb, save.lstar), env->lstar);
5352
stq_phys(addr + offsetof(struct vmcb, save.cstar), env->cstar);
5353
stq_phys(addr + offsetof(struct vmcb, save.sfmask), env->fmask);
5354
#endif
5355
stq_phys(addr + offsetof(struct vmcb, save.star), env->star);
5356
stq_phys(addr + offsetof(struct vmcb, save.sysenter_cs), env->sysenter_cs);
5357
stq_phys(addr + offsetof(struct vmcb, save.sysenter_esp), env->sysenter_esp);
5358
stq_phys(addr + offsetof(struct vmcb, save.sysenter_eip), env->sysenter_eip);
5359
}
5360
5361
void helper_stgi(void)
5362
{
5363
helper_svm_check_intercept_param(SVM_EXIT_STGI, 0);
5364
env->hflags2 |= HF2_GIF_MASK;
5365
}
5366
5367
void helper_clgi(void)
5368
{
5369
helper_svm_check_intercept_param(SVM_EXIT_CLGI, 0);
5370
env->hflags2 &= ~HF2_GIF_MASK;
5371
}
5372
5373
void helper_skinit(void)
5374
{
5375
helper_svm_check_intercept_param(SVM_EXIT_SKINIT, 0);
5376
/* XXX: not implemented */
5377
raise_exception(EXCP06_ILLOP);
5378
}
5379
5380
void helper_invlpga(int aflag)
5381
{
5382
target_ulong addr;
5383
helper_svm_check_intercept_param(SVM_EXIT_INVLPGA, 0);
5384
5385
if (aflag == 2)
5386
addr = EAX;
5387
else
5388
addr = (uint32_t)EAX;
5389
5390
/* XXX: could use the ASID to see if it is needed to do the
5391
flush */
5392
tlb_flush_page(env, addr);
5393
}
5394
5395
void helper_svm_check_intercept_param(uint32_t type, uint64_t param)
5396
{
5397
if (likely(!(env->hflags & HF_SVMI_MASK)))
5398
return;
5399
switch(type) {
5400
case SVM_EXIT_READ_CR0 ... SVM_EXIT_READ_CR0 + 8:
5401
if (env->intercept_cr_read & (1 << (type - SVM_EXIT_READ_CR0))) {
5402
helper_vmexit(type, param);
5403
}
5404
break;
5405
case SVM_EXIT_WRITE_CR0 ... SVM_EXIT_WRITE_CR0 + 8:
5406
if (env->intercept_cr_write & (1 << (type - SVM_EXIT_WRITE_CR0))) {
5407
helper_vmexit(type, param);
5408
}
5409
break;
5410
case SVM_EXIT_READ_DR0 ... SVM_EXIT_READ_DR0 + 7:
5411
if (env->intercept_dr_read & (1 << (type - SVM_EXIT_READ_DR0))) {
5412
helper_vmexit(type, param);
5413
}
5414
break;
5415
case SVM_EXIT_WRITE_DR0 ... SVM_EXIT_WRITE_DR0 + 7:
5416
if (env->intercept_dr_write & (1 << (type - SVM_EXIT_WRITE_DR0))) {
5417
helper_vmexit(type, param);
5418
}
5419
break;
5420
case SVM_EXIT_EXCP_BASE ... SVM_EXIT_EXCP_BASE + 31:
5421
if (env->intercept_exceptions & (1 << (type - SVM_EXIT_EXCP_BASE))) {
5422
helper_vmexit(type, param);
5423
}
5424
break;
5425
case SVM_EXIT_MSR:
5426
if (env->intercept & (1ULL << (SVM_EXIT_MSR - SVM_EXIT_INTR))) {
5427
/* FIXME: this should be read in at vmrun (faster this way?) */
5428
uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.msrpm_base_pa));
5429
uint32_t t0, t1;
5430
switch((uint32_t)ECX) {
5431
case 0 ... 0x1fff:
5432
t0 = (ECX * 2) % 8;
5433
t1 = (ECX * 2) / 8;
5434
break;
5435
case 0xc0000000 ... 0xc0001fff:
5436
t0 = (8192 + ECX - 0xc0000000) * 2;
5437
t1 = (t0 / 8);
5438
t0 %= 8;
5439
break;
5440
case 0xc0010000 ... 0xc0011fff:
5441
t0 = (16384 + ECX - 0xc0010000) * 2;
5442
t1 = (t0 / 8);
5443
t0 %= 8;
5444
break;
5445
default:
5446
helper_vmexit(type, param);
5447
t0 = 0;
5448
t1 = 0;
5449
break;
5450
}
5451
if (ldub_phys(addr + t1) & ((1 << param) << t0))
5452
helper_vmexit(type, param);
5453
}
5454
break;
5455
default:
5456
if (env->intercept & (1ULL << (type - SVM_EXIT_INTR))) {
5457
helper_vmexit(type, param);
5458
}
5459
break;
5460
}
5461
}
5462
5463
void svm_check_intercept(CPUState *env1, uint32_t type)
5464
{
5465
CPUState *saved_env;
5466
5467
saved_env = env;
5468
env = env1;
5469
helper_svm_check_intercept_param(type, 0);
5470
env = saved_env;
5471
}
5472
5473
void helper_svm_check_io(uint32_t port, uint32_t param,
5474
uint32_t next_eip_addend)
5475
{
5476
if (env->intercept & (1ULL << (SVM_EXIT_IOIO - SVM_EXIT_INTR))) {
5477
/* FIXME: this should be read in at vmrun (faster this way?) */
5478
uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.iopm_base_pa));
5479
uint16_t mask = (1 << ((param >> 4) & 7)) - 1;
5480
if(lduw_phys(addr + port / 8) & (mask << (port & 7))) {
5481
/* next EIP */
5482
stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2),
5483
env->eip + next_eip_addend);
5484
helper_vmexit(SVM_EXIT_IOIO, param | (port << 16));
5485
}
5486
}
5487
}
5488
5489
/* Note: currently only 32 bits of exit_code are used */
5490
void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
5491
{
5492
uint32_t int_ctl;
5493
5494
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmexit(%08x, %016" PRIx64 ", %016" PRIx64 ", " TARGET_FMT_lx ")!\n",
5495
exit_code, exit_info_1,
5496
ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2)),
5497
EIP);
5498
5499
if(env->hflags & HF_INHIBIT_IRQ_MASK) {
5500
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_state), SVM_INTERRUPT_SHADOW_MASK);
5501
env->hflags &= ~HF_INHIBIT_IRQ_MASK;
5502
} else {
5503
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_state), 0);
5504
}
5505
5506
/* Save the VM state in the vmcb */
5507
svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.es),
5508
&env->segs[R_ES]);
5509
svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.cs),
5510
&env->segs[R_CS]);
5511
svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.ss),
5512
&env->segs[R_SS]);
5513
svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.ds),
5514
&env->segs[R_DS]);
5515
5516
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base), env->gdt.base);
5517
stl_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit), env->gdt.limit);
5518
5519
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.base), env->idt.base);
5520
stl_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit), env->idt.limit);
5521
5522
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.efer), env->efer);
5523
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr0), env->cr[0]);
5524
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr2), env->cr[2]);
5525
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr3), env->cr[3]);
5526
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr4), env->cr[4]);
5527
5528
int_ctl = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
5529
int_ctl &= ~(V_TPR_MASK | V_IRQ_MASK);
5530
int_ctl |= env->v_tpr & V_TPR_MASK;
5531
if (env->interrupt_request & CPU_INTERRUPT_VIRQ)
5532
int_ctl |= V_IRQ_MASK;
5533
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl), int_ctl);
5534
5535
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rflags), compute_eflags());
5536
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rip), env->eip);
5537
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rsp), ESP);
5538
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rax), EAX);
5539
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr7), env->dr[7]);
5540
stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr6), env->dr[6]);
5541
stb_phys(env->vm_vmcb + offsetof(struct vmcb, save.cpl), env->hflags & HF_CPL_MASK);
5542
5543
/* Reload the host state from vm_hsave */
5544
env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
5545
env->hflags &= ~HF_SVMI_MASK;
5546
env->intercept = 0;
5547
env->intercept_exceptions = 0;
5548
env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
5549
env->tsc_offset = 0;
5550
5551
env->gdt.base = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.base));
5552
env->gdt.limit = ldl_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit));
5553
5554
env->idt.base = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.base));
5555
env->idt.limit = ldl_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.limit));
5556
5557
cpu_x86_update_cr0(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr0)) | CR0_PE_MASK);
5558
cpu_x86_update_cr4(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr4)));
5559
cpu_x86_update_cr3(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr3)));
5560
/* we need to set the efer after the crs so the hidden flags get
5561
set properly */
5562
cpu_load_efer(env,
5563
ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.efer)));
5564
env->eflags = 0;
5565
load_eflags(ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rflags)),
5566
~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
5567
CC_OP = CC_OP_EFLAGS;
5568
5569
svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.es),
5570
env, R_ES);
5571
svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.cs),
5572
env, R_CS);
5573
svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.ss),
5574
env, R_SS);
5575
svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.ds),
5576
env, R_DS);
5577
5578
EIP = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip));
5579
ESP = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp));
5580
EAX = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax));
5581
5582
env->dr[6] = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr6));
5583
env->dr[7] = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr7));
5584
5585
/* other setups */
5586
cpu_x86_set_cpl(env, 0);
5587
stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_code), exit_code);
5588
stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_1), exit_info_1);
5589
5590
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info),
5591
ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj)));
5592
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info_err),
5593
ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err)));
5594
stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), 0);
5595
5596
env->hflags2 &= ~HF2_GIF_MASK;
5597
/* FIXME: Resets the current ASID register to zero (host ASID). */
5598
5599
/* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */
5600
5601
/* Clears the TSC_OFFSET inside the processor. */
5602
5603
/* If the host is in PAE mode, the processor reloads the host's PDPEs
5604
from the page table indicated the host's CR3. If the PDPEs contain
5605
illegal state, the processor causes a shutdown. */
5606
5607
/* Forces CR0.PE = 1, RFLAGS.VM = 0. */
5608
env->cr[0] |= CR0_PE_MASK;
5609
env->eflags &= ~VM_MASK;
5610
5611
/* Disables all breakpoints in the host DR7 register. */
5612
5613
/* Checks the reloaded host state for consistency. */
5614
5615
/* If the host's rIP reloaded by #VMEXIT is outside the limit of the
5616
host's code segment or non-canonical (in the case of long mode), a
5617
#GP fault is delivered inside the host.) */
5618
5619
/* remove any pending exception */
5620
env->exception_index = -1;
5621
env->error_code = 0;
5622
env->old_exception = -1;
5623
5624
cpu_loop_exit(env);
5625
}
5626
5627
#endif
5628
5629
/* MMX/SSE */
5630
/* XXX: optimize by storing fptt and fptags in the static cpu state */
5631
5632
#define SSE_DAZ 0x0040
5633
#define SSE_RC_MASK 0x6000
5634
#define SSE_RC_NEAR 0x0000
5635
#define SSE_RC_DOWN 0x2000
5636
#define SSE_RC_UP 0x4000
5637
#define SSE_RC_CHOP 0x6000
5638
#define SSE_FZ 0x8000
5639
5640
static void update_sse_status(void)
5641
{
5642
int rnd_type;
5643
5644
/* set rounding mode */
5645
switch(env->mxcsr & SSE_RC_MASK) {
5646
default:
5647
case SSE_RC_NEAR:
5648
rnd_type = float_round_nearest_even;
5649
break;
5650
case SSE_RC_DOWN:
5651
rnd_type = float_round_down;
5652
break;
5653
case SSE_RC_UP:
5654
rnd_type = float_round_up;
5655
break;
5656
case SSE_RC_CHOP:
5657
rnd_type = float_round_to_zero;
5658
break;
5659
}
5660
set_float_rounding_mode(rnd_type, &env->sse_status);
5661
5662
/* set denormals are zero */
5663
set_flush_inputs_to_zero((env->mxcsr & SSE_DAZ) ? 1 : 0, &env->sse_status);
5664
5665
/* set flush to zero */
5666
set_flush_to_zero((env->mxcsr & SSE_FZ) ? 1 : 0, &env->fp_status);
5667
}
5668
5669
void helper_ldmxcsr(uint32_t val)
5670
{
5671
env->mxcsr = val;
5672
update_sse_status();
5673
}
5674
5675
void helper_enter_mmx(void)
5676
{
5677
env->fpstt = 0;
5678
*(uint32_t *)(env->fptags) = 0;
5679
*(uint32_t *)(env->fptags + 4) = 0;
5680
}
5681
5682
void helper_emms(void)
5683
{
5684
/* set to empty state */
5685
*(uint32_t *)(env->fptags) = 0x01010101;
5686
*(uint32_t *)(env->fptags + 4) = 0x01010101;
5687
}
5688
5689
/* XXX: suppress */
5690
void helper_movq(void *d, void *s)
5691
{
5692
*(uint64_t *)d = *(uint64_t *)s;
5693
}
5694
5695
#define SHIFT 0
5696
#include "ops_sse.h"
5697
5698
#define SHIFT 1
5699
#include "ops_sse.h"
5700
5701
#define SHIFT 0
5702
#include "helper_template.h"
5703
#undef SHIFT
5704
5705
#define SHIFT 1
5706
#include "helper_template.h"
5707
#undef SHIFT
5708
5709
#define SHIFT 2
5710
#include "helper_template.h"
5711
#undef SHIFT
5712
5713
#ifdef TARGET_X86_64
5714
5715
#define SHIFT 3
5716
#include "helper_template.h"
5717
#undef SHIFT
5718
5719
#endif
5720
5721
/* bit operations */
5722
target_ulong helper_bsf(target_ulong t0)
5723
{
5724
int count;
5725
target_ulong res;
5726
5727
res = t0;
5728
count = 0;
5729
while ((res & 1) == 0) {
5730
count++;
5731
res >>= 1;
5732
}
5733
return count;
5734
}
5735
5736
target_ulong helper_lzcnt(target_ulong t0, int wordsize)
5737
{
5738
int count;
5739
target_ulong res, mask;
5740
5741
if (wordsize > 0 && t0 == 0) {
5742
return wordsize;
5743
}
5744
res = t0;
5745
count = TARGET_LONG_BITS - 1;
5746
mask = (target_ulong)1 << (TARGET_LONG_BITS - 1);
5747
while ((res & mask) == 0) {
5748
count--;
5749
res <<= 1;
5750
}
5751
if (wordsize > 0) {
5752
return wordsize - 1 - count;
5753
}
5754
return count;
5755
}
5756
5757
target_ulong helper_bsr(target_ulong t0)
5758
{
5759
return helper_lzcnt(t0, 0);
5760
}
5761
5762
static int compute_all_eflags(void)
5763
{
5764
return CC_SRC;
5765
}
5766
5767
static int compute_c_eflags(void)
5768
{
5769
return CC_SRC & CC_C;
5770
}
5771
5772
uint32_t helper_cc_compute_all(int op)
5773
{
5774
switch (op) {
5775
default: /* should never happen */ return 0;
5776
5777
case CC_OP_EFLAGS: return compute_all_eflags();
5778
5779
case CC_OP_MULB: return compute_all_mulb();
5780
case CC_OP_MULW: return compute_all_mulw();
5781
case CC_OP_MULL: return compute_all_mull();
5782
5783
case CC_OP_ADDB: return compute_all_addb();
5784
case CC_OP_ADDW: return compute_all_addw();
5785
case CC_OP_ADDL: return compute_all_addl();
5786
5787
case CC_OP_ADCB: return compute_all_adcb();
5788
case CC_OP_ADCW: return compute_all_adcw();
5789
case CC_OP_ADCL: return compute_all_adcl();
5790
5791
case CC_OP_SUBB: return compute_all_subb();
5792
case CC_OP_SUBW: return compute_all_subw();
5793
case CC_OP_SUBL: return compute_all_subl();
5794
5795
case CC_OP_SBBB: return compute_all_sbbb();
5796
case CC_OP_SBBW: return compute_all_sbbw();
5797
case CC_OP_SBBL: return compute_all_sbbl();
5798
5799
case CC_OP_LOGICB: return compute_all_logicb();
5800
case CC_OP_LOGICW: return compute_all_logicw();
5801
case CC_OP_LOGICL: return compute_all_logicl();
5802
5803
case CC_OP_INCB: return compute_all_incb();
5804
case CC_OP_INCW: return compute_all_incw();
5805
case CC_OP_INCL: return compute_all_incl();
5806
5807
case CC_OP_DECB: return compute_all_decb();
5808
case CC_OP_DECW: return compute_all_decw();
5809
case CC_OP_DECL: return compute_all_decl();
5810
5811
case CC_OP_SHLB: return compute_all_shlb();
5812
case CC_OP_SHLW: return compute_all_shlw();
5813
case CC_OP_SHLL: return compute_all_shll();
5814
5815
case CC_OP_SARB: return compute_all_sarb();
5816
case CC_OP_SARW: return compute_all_sarw();
5817
case CC_OP_SARL: return compute_all_sarl();
5818
5819
#ifdef TARGET_X86_64
5820
case CC_OP_MULQ: return compute_all_mulq();
5821
5822
case CC_OP_ADDQ: return compute_all_addq();
5823
5824
case CC_OP_ADCQ: return compute_all_adcq();
5825
5826
case CC_OP_SUBQ: return compute_all_subq();
5827
5828
case CC_OP_SBBQ: return compute_all_sbbq();
5829
5830
case CC_OP_LOGICQ: return compute_all_logicq();
5831
5832
case CC_OP_INCQ: return compute_all_incq();
5833
5834
case CC_OP_DECQ: return compute_all_decq();
5835
5836
case CC_OP_SHLQ: return compute_all_shlq();
5837
5838
case CC_OP_SARQ: return compute_all_sarq();
5839
#endif
5840
}
5841
}
5842
5843
uint32_t cpu_cc_compute_all(CPUState *env1, int op)
5844
{
5845
CPUState *saved_env;
5846
uint32_t ret;
5847
5848
saved_env = env;
5849
env = env1;
5850
ret = helper_cc_compute_all(op);
5851
env = saved_env;
5852
return ret;
5853
}
5854
5855
uint32_t helper_cc_compute_c(int op)
5856
{
5857
switch (op) {
5858
default: /* should never happen */ return 0;
5859
5860
case CC_OP_EFLAGS: return compute_c_eflags();
5861
5862
case CC_OP_MULB: return compute_c_mull();
5863
case CC_OP_MULW: return compute_c_mull();
5864
case CC_OP_MULL: return compute_c_mull();
5865
5866
case CC_OP_ADDB: return compute_c_addb();
5867
case CC_OP_ADDW: return compute_c_addw();
5868
case CC_OP_ADDL: return compute_c_addl();
5869
5870
case CC_OP_ADCB: return compute_c_adcb();
5871
case CC_OP_ADCW: return compute_c_adcw();
5872
case CC_OP_ADCL: return compute_c_adcl();
5873
5874
case CC_OP_SUBB: return compute_c_subb();
5875
case CC_OP_SUBW: return compute_c_subw();
5876
case CC_OP_SUBL: return compute_c_subl();
5877
5878
case CC_OP_SBBB: return compute_c_sbbb();
5879
case CC_OP_SBBW: return compute_c_sbbw();
5880
case CC_OP_SBBL: return compute_c_sbbl();
5881
5882
case CC_OP_LOGICB: return compute_c_logicb();
5883
case CC_OP_LOGICW: return compute_c_logicw();
5884
case CC_OP_LOGICL: return compute_c_logicl();
5885
5886
case CC_OP_INCB: return compute_c_incl();
5887
case CC_OP_INCW: return compute_c_incl();
5888
case CC_OP_INCL: return compute_c_incl();
5889
5890
case CC_OP_DECB: return compute_c_incl();
5891
case CC_OP_DECW: return compute_c_incl();
5892
case CC_OP_DECL: return compute_c_incl();
5893
5894
case CC_OP_SHLB: return compute_c_shlb();
5895
case CC_OP_SHLW: return compute_c_shlw();
5896
case CC_OP_SHLL: return compute_c_shll();
5897
5898
case CC_OP_SARB: return compute_c_sarl();
5899
case CC_OP_SARW: return compute_c_sarl();
5900
case CC_OP_SARL: return compute_c_sarl();
5901
5902
#ifdef TARGET_X86_64
5903
case CC_OP_MULQ: return compute_c_mull();
5904
5905
case CC_OP_ADDQ: return compute_c_addq();
5906
5907
case CC_OP_ADCQ: return compute_c_adcq();
5908
5909
case CC_OP_SUBQ: return compute_c_subq();
5910
5911
case CC_OP_SBBQ: return compute_c_sbbq();
5912
5913
case CC_OP_LOGICQ: return compute_c_logicq();
5914
5915
case CC_OP_INCQ: return compute_c_incl();
5916
5917
case CC_OP_DECQ: return compute_c_incl();
5918
5919
case CC_OP_SHLQ: return compute_c_shlq();
5920
5921
case CC_OP_SARQ: return compute_c_sarl();
5922
#endif
5923
}
5924
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1