VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/EMAll.cpp@ 12624

Last change on this file since 12624 was 12307, checked in by vboxsync, 17 years ago

Logging
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 96.9 KB
Line 
1/* $Id: EMAll.cpp 12307 2008-09-09 15:57:02Z vboxsync $ */
2/** @file
3 * EM - Execution Monitor(/Manager) - All contexts
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Header Files *
24*******************************************************************************/
25#define LOG_GROUP LOG_GROUP_EM
26#include <VBox/em.h>
27#include <VBox/mm.h>
28#include <VBox/selm.h>
29#include <VBox/patm.h>
30#include <VBox/csam.h>
31#include <VBox/pgm.h>
32#include <VBox/iom.h>
33#include <VBox/stam.h>
34#include "EMInternal.h"
35#include <VBox/vm.h>
36#include <VBox/hwaccm.h>
37#include <VBox/tm.h>
38#include <VBox/pdmapi.h>
39
40#include <VBox/param.h>
41#include <VBox/err.h>
42#include <VBox/dis.h>
43#include <VBox/disopcode.h>
44#include <VBox/log.h>
45#include <iprt/assert.h>
46#include <iprt/asm.h>
47#include <iprt/string.h>
48
49
50/*******************************************************************************
51* Structures and Typedefs *
52*******************************************************************************/
53
54
55/*******************************************************************************
56* Internal Functions *
57*******************************************************************************/
58DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize);
59
60
61/**
62 * Get the current execution manager status.
63 *
64 * @returns Current status.
65 */
66EMDECL(EMSTATE) EMGetState(PVM pVM)
67{
68 return pVM->em.s.enmState;
69}
70
71/**
72 * Flushes the REM translation blocks the next time we execute code there.
73 *
74 * @param pVM The VM handle.
75 */
76EMDECL(void) EMFlushREMTBs(PVM pVM)
77{
78 Log(("EMFlushREMTBs\n"));
79 pVM->em.s.fREMFlushTBs = true;
80}
81
82#ifndef IN_GC
83/**
84 * Read callback for disassembly function; supports reading bytes that cross a page boundary
85 *
86 * @returns VBox status code.
87 * @param pSrc GC source pointer
88 * @param pDest HC destination pointer
89 * @param cb Number of bytes to read
90 * @param dwUserdata Callback specific user data (pCpu)
91 *
92 */
93DECLCALLBACK(int) EMReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned cb, void *pvUserdata)
94{
95 DISCPUSTATE *pCpu = (DISCPUSTATE *)pvUserdata;
96 PVM pVM = (PVM)pCpu->apvUserData[0];
97#ifdef IN_RING0
98 int rc = PGMPhysReadGCPtr(pVM, pDest, pSrc, cb);
99 AssertMsgRC(rc, ("PGMPhysReadGCPtr failed for pSrc=%VGv cb=%x\n", pSrc, cb));
100#else
101 if (!PATMIsPatchGCAddr(pVM, pSrc))
102 {
103 int rc = PGMPhysReadGCPtr(pVM, pDest, pSrc, cb);
104 AssertRC(rc);
105 }
106 else
107 {
108 for (uint32_t i = 0; i < cb; i++)
109 {
110 uint8_t opcode;
111 if (VBOX_SUCCESS(PATMR3QueryOpcode(pVM, (RTGCPTR)pSrc + i, &opcode)))
112 {
113 *(pDest+i) = opcode;
114 }
115 }
116 }
117#endif /* IN_RING0 */
118 return VINF_SUCCESS;
119}
120
121DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
122{
123 return DISCoreOneEx(InstrGC, pCpu->mode, EMReadBytes, pVM, pCpu, pOpsize);
124}
125
126#else
127
128DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
129{
130 return DISCoreOne(pCpu, InstrGC, pOpsize);
131}
132
133#endif
134
135
136/**
137 * Disassembles one instruction.
138 *
139 * @param pVM The VM handle.
140 * @param pCtxCore The context core (used for both the mode and instruction).
141 * @param pCpu Where to return the parsed instruction info.
142 * @param pcbInstr Where to return the instruction size. (optional)
143 */
144EMDECL(int) EMInterpretDisasOne(PVM pVM, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
145{
146 RTGCPTR GCPtrInstr;
147 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pCtxCore, pCtxCore->rip, 0, &GCPtrInstr);
148 if (VBOX_FAILURE(rc))
149 {
150 Log(("EMInterpretDisasOne: Failed to convert %RTsel:%VGv (cpl=%d) - rc=%Vrc !!\n",
151 pCtxCore->cs, pCtxCore->rip, pCtxCore->ss & X86_SEL_RPL, rc));
152 return rc;
153 }
154 return EMInterpretDisasOneEx(pVM, (RTGCUINTPTR)GCPtrInstr, pCtxCore, pCpu, pcbInstr);
155}
156
157
158/**
159 * Disassembles one instruction.
160 *
161 * This is used by internally by the interpreter and by trap/access handlers.
162 *
163 * @param pVM The VM handle.
164 * @param GCPtrInstr The flat address of the instruction.
165 * @param pCtxCore The context core (used to determin the cpu mode).
166 * @param pCpu Where to return the parsed instruction info.
167 * @param pcbInstr Where to return the instruction size. (optional)
168 */
169EMDECL(int) EMInterpretDisasOneEx(PVM pVM, RTGCUINTPTR GCPtrInstr, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
170{
171 int rc = DISCoreOneEx(GCPtrInstr, SELMGetCpuModeFromSelector(pVM, pCtxCore->eflags, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid),
172#ifdef IN_GC
173 NULL, NULL,
174#else
175 EMReadBytes, pVM,
176#endif
177 pCpu, pcbInstr);
178 if (VBOX_SUCCESS(rc))
179 return VINF_SUCCESS;
180 AssertMsgFailed(("DISCoreOne failed to GCPtrInstr=%VGv rc=%Vrc\n", GCPtrInstr, rc));
181 return VERR_INTERNAL_ERROR;
182}
183
184
185/**
186 * Interprets the current instruction.
187 *
188 * @returns VBox status code.
189 * @retval VINF_* Scheduling instructions.
190 * @retval VERR_EM_INTERPRETER Something we can't cope with.
191 * @retval VERR_* Fatal errors.
192 *
193 * @param pVM The VM handle.
194 * @param pRegFrame The register frame.
195 * Updates the EIP if an instruction was executed successfully.
196 * @param pvFault The fault address (CR2).
197 * @param pcbSize Size of the write (if applicable).
198 *
199 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
200 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
201 * to worry about e.g. invalid modrm combinations (!)
202 */
203EMDECL(int) EMInterpretInstruction(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
204{
205 RTGCPTR pbCode;
206
207 LogFlow(("EMInterpretInstruction %VGv fault %VGv\n", pRegFrame->rip, pvFault));
208 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pRegFrame, pRegFrame->rip, 0, &pbCode);
209 if (VBOX_SUCCESS(rc))
210 {
211 uint32_t cbOp;
212 DISCPUSTATE Cpu;
213 Cpu.mode = SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid);
214 rc = emDisCoreOne(pVM, &Cpu, (RTGCUINTPTR)pbCode, &cbOp);
215 if (VBOX_SUCCESS(rc))
216 {
217 Assert(cbOp == Cpu.opsize);
218 rc = EMInterpretInstructionCPU(pVM, &Cpu, pRegFrame, pvFault, pcbSize);
219 if (VBOX_SUCCESS(rc))
220 {
221 pRegFrame->rip += cbOp; /* Move on to the next instruction. */
222 }
223 return rc;
224 }
225 }
226 return VERR_EM_INTERPRETER;
227}
228
229/**
230 * Interprets the current instruction using the supplied DISCPUSTATE structure.
231 *
232 * EIP is *NOT* updated!
233 *
234 * @returns VBox status code.
235 * @retval VINF_* Scheduling instructions. When these are returned, it
236 * starts to get a bit tricky to know whether code was
237 * executed or not... We'll address this when it becomes a problem.
238 * @retval VERR_EM_INTERPRETER Something we can't cope with.
239 * @retval VERR_* Fatal errors.
240 *
241 * @param pVM The VM handle.
242 * @param pCpu The disassembler cpu state for the instruction to be interpreted.
243 * @param pRegFrame The register frame. EIP is *NOT* changed!
244 * @param pvFault The fault address (CR2).
245 * @param pcbSize Size of the write (if applicable).
246 *
247 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
248 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
249 * to worry about e.g. invalid modrm combinations (!)
250 *
251 * @todo At this time we do NOT check if the instruction overwrites vital information.
252 * Make sure this can't happen!! (will add some assertions/checks later)
253 */
254EMDECL(int) EMInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
255{
256 STAM_PROFILE_START(&CTXMID(pVM->em.s.CTXSUFF(pStats)->Stat,Emulate), a);
257 int rc = emInterpretInstructionCPU(pVM, pCpu, pRegFrame, pvFault, pcbSize);
258 STAM_PROFILE_STOP(&CTXMID(pVM->em.s.CTXSUFF(pStats)->Stat,Emulate), a);
259 if (VBOX_SUCCESS(rc))
260 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,InterpretSucceeded));
261 else
262 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,InterpretFailed));
263 return rc;
264}
265
266
267/**
268 * Interpret a port I/O instruction.
269 *
270 * @returns VBox status code suitable for scheduling.
271 * @param pVM The VM handle.
272 * @param pCtxCore The context core. This will be updated on successful return.
273 * @param pCpu The instruction to interpret.
274 * @param cbOp The size of the instruction.
275 * @remark This may raise exceptions.
276 */
277EMDECL(int) EMInterpretPortIO(PVM pVM, PCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, uint32_t cbOp)
278{
279 /*
280 * Hand it on to IOM.
281 */
282#ifdef IN_GC
283 int rc = IOMGCIOPortHandler(pVM, pCtxCore, pCpu);
284 if (IOM_SUCCESS(rc))
285 pCtxCore->rip += cbOp;
286 return rc;
287#else
288 AssertReleaseMsgFailed(("not implemented\n"));
289 return VERR_NOT_IMPLEMENTED;
290#endif
291}
292
293
294DECLINLINE(int) emRamRead(PVM pVM, void *pDest, RTGCPTR GCSrc, uint32_t cb)
295{
296#ifdef IN_GC
297 int rc = MMGCRamRead(pVM, pDest, (void *)GCSrc, cb);
298 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
299 return rc;
300 /*
301 * The page pool cache may end up here in some cases because it
302 * flushed one of the shadow mappings used by the trapping
303 * instruction and it either flushed the TLB or the CPU reused it.
304 */
305 RTGCPHYS GCPhys;
306 rc = PGMPhysGCPtr2GCPhys(pVM, GCSrc, &GCPhys);
307 AssertRCReturn(rc, rc);
308 PGMPhysRead(pVM, GCPhys, pDest, cb);
309 return VINF_SUCCESS;
310#else
311 return PGMPhysReadGCPtrSafe(pVM, pDest, GCSrc, cb);
312#endif
313}
314
315DECLINLINE(int) emRamWrite(PVM pVM, RTGCPTR GCDest, void *pSrc, uint32_t cb)
316{
317#ifdef IN_GC
318 int rc = MMGCRamWrite(pVM, (void *)GCDest, pSrc, cb);
319 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
320 return rc;
321 /*
322 * The page pool cache may end up here in some cases because it
323 * flushed one of the shadow mappings used by the trapping
324 * instruction and it either flushed the TLB or the CPU reused it.
325 * We want to play safe here, verifying that we've got write
326 * access doesn't cost us much (see PGMPhysGCPtr2GCPhys()).
327 */
328 uint64_t fFlags;
329 RTGCPHYS GCPhys;
330 rc = PGMGstGetPage(pVM, GCDest, &fFlags, &GCPhys);
331 if (RT_FAILURE(rc))
332 return rc;
333 if ( !(fFlags & X86_PTE_RW)
334 && (CPUMGetGuestCR0(pVM) & X86_CR0_WP))
335 return VERR_ACCESS_DENIED;
336
337 PGMPhysWrite(pVM, GCPhys + ((RTGCUINTPTR)GCDest & PAGE_OFFSET_MASK), pSrc, cb);
338 return VINF_SUCCESS;
339
340#else
341 return PGMPhysWriteGCPtrSafe(pVM, GCDest, pSrc, cb);
342#endif
343}
344
345/* Convert sel:addr to a flat GC address */
346static RTGCPTR emConvertToFlatAddr(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, POP_PARAMETER pParam, RTGCPTR pvAddr)
347{
348 DIS_SELREG enmPrefixSeg = DISDetectSegReg(pCpu, pParam);
349 return SELMToFlat(pVM, enmPrefixSeg, pRegFrame, pvAddr);
350}
351
352#if defined(VBOX_STRICT) || defined(LOG_ENABLED)
353/**
354 * Get the mnemonic for the disassembled instruction.
355 *
356 * GC/R0 doesn't include the strings in the DIS tables because
357 * of limited space.
358 */
359static const char *emGetMnemonic(PDISCPUSTATE pCpu)
360{
361 switch (pCpu->pCurInstr->opcode)
362 {
363 case OP_XCHG: return "Xchg";
364 case OP_DEC: return "Dec";
365 case OP_INC: return "Inc";
366 case OP_POP: return "Pop";
367 case OP_OR: return "Or";
368 case OP_AND: return "And";
369 case OP_MOV: return "Mov";
370 case OP_INVLPG: return "InvlPg";
371 case OP_CPUID: return "CpuId";
372 case OP_MOV_CR: return "MovCRx";
373 case OP_MOV_DR: return "MovDRx";
374 case OP_LLDT: return "LLdt";
375 case OP_CLTS: return "Clts";
376 case OP_MONITOR: return "Monitor";
377 case OP_MWAIT: return "MWait";
378 case OP_RDMSR: return "Rdmsr";
379 case OP_WRMSR: return "Wrmsr";
380 case OP_ADC: return "Adc";
381 case OP_BTC: return "Btc";
382 case OP_RDTSC: return "Rdtsc";
383 case OP_STI: return "Sti";
384 case OP_XADD: return "XAdd";
385 case OP_HLT: return "Hlt";
386 case OP_IRET: return "Iret";
387 case OP_CMPXCHG: return "CmpXchg";
388 case OP_CMPXCHG8B: return "CmpXchg8b";
389 case OP_MOVNTPS: return "MovNTPS";
390 case OP_STOSWD: return "StosWD";
391 case OP_WBINVD: return "WbInvd";
392 case OP_XOR: return "Xor";
393 case OP_BTR: return "Btr";
394 case OP_BTS: return "Bts";
395 default:
396 Log(("Unknown opcode %d\n", pCpu->pCurInstr->opcode));
397 return "???";
398 }
399}
400#endif
401
402/**
403 * XCHG instruction emulation.
404 */
405static int emInterpretXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
406{
407 OP_PARAMVAL param1, param2;
408
409 /* Source to make DISQueryParamVal read the register value - ugly hack */
410 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
411 if(VBOX_FAILURE(rc))
412 return VERR_EM_INTERPRETER;
413
414 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
415 if(VBOX_FAILURE(rc))
416 return VERR_EM_INTERPRETER;
417
418#ifdef IN_GC
419 if (TRPMHasTrap(pVM))
420 {
421 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
422 {
423#endif
424 RTGCPTR pParam1 = 0, pParam2 = 0;
425 uint64_t valpar1, valpar2;
426
427 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
428 switch(param1.type)
429 {
430 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
431 valpar1 = param1.val.val64;
432 break;
433
434 case PARMTYPE_ADDRESS:
435 pParam1 = (RTGCPTR)param1.val.val64;
436 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
437#ifdef IN_GC
438 /* Safety check (in theory it could cross a page boundary and fault there though) */
439 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
440#endif
441 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
442 if (VBOX_FAILURE(rc))
443 {
444 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
445 return VERR_EM_INTERPRETER;
446 }
447 break;
448
449 default:
450 AssertFailed();
451 return VERR_EM_INTERPRETER;
452 }
453
454 switch(param2.type)
455 {
456 case PARMTYPE_ADDRESS:
457 pParam2 = (RTGCPTR)param2.val.val64;
458 pParam2 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pParam2);
459#ifdef IN_GC
460 /* Safety check (in theory it could cross a page boundary and fault there though) */
461 AssertReturn(pParam2 == pvFault, VERR_EM_INTERPRETER);
462#endif
463 rc = emRamRead(pVM, &valpar2, pParam2, param2.size);
464 if (VBOX_FAILURE(rc))
465 {
466 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
467 }
468 break;
469
470 case PARMTYPE_IMMEDIATE:
471 valpar2 = param2.val.val64;
472 break;
473
474 default:
475 AssertFailed();
476 return VERR_EM_INTERPRETER;
477 }
478
479 /* Write value of parameter 2 to parameter 1 (reg or memory address) */
480 if (pParam1 == 0)
481 {
482 Assert(param1.type == PARMTYPE_IMMEDIATE); /* register actually */
483 switch(param1.size)
484 {
485 case 1: //special case for AH etc
486 rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen, (uint8_t )valpar2); break;
487 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen, (uint16_t)valpar2); break;
488 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen, (uint32_t)valpar2); break;
489 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param1.base.reg_gen, valpar2); break;
490 default: AssertFailedReturn(VERR_EM_INTERPRETER);
491 }
492 if (VBOX_FAILURE(rc))
493 return VERR_EM_INTERPRETER;
494 }
495 else
496 {
497 rc = emRamWrite(pVM, pParam1, &valpar2, param1.size);
498 if (VBOX_FAILURE(rc))
499 {
500 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
501 return VERR_EM_INTERPRETER;
502 }
503 }
504
505 /* Write value of parameter 1 to parameter 2 (reg or memory address) */
506 if (pParam2 == 0)
507 {
508 Assert(param2.type == PARMTYPE_IMMEDIATE); /* register actually */
509 switch(param2.size)
510 {
511 case 1: //special case for AH etc
512 rc = DISWriteReg8(pRegFrame, pCpu->param2.base.reg_gen, (uint8_t )valpar1); break;
513 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param2.base.reg_gen, (uint16_t)valpar1); break;
514 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param2.base.reg_gen, (uint32_t)valpar1); break;
515 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param2.base.reg_gen, valpar1); break;
516 default: AssertFailedReturn(VERR_EM_INTERPRETER);
517 }
518 if (VBOX_FAILURE(rc))
519 return VERR_EM_INTERPRETER;
520 }
521 else
522 {
523 rc = emRamWrite(pVM, pParam2, &valpar1, param2.size);
524 if (VBOX_FAILURE(rc))
525 {
526 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
527 return VERR_EM_INTERPRETER;
528 }
529 }
530
531 *pcbSize = param2.size;
532 return VINF_SUCCESS;
533#ifdef IN_GC
534 }
535 }
536#endif
537 return VERR_EM_INTERPRETER;
538}
539
540/**
541 * INC and DEC emulation.
542 */
543static int emInterpretIncDec(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
544 PFN_EMULATE_PARAM2 pfnEmulate)
545{
546 OP_PARAMVAL param1;
547
548 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
549 if(VBOX_FAILURE(rc))
550 return VERR_EM_INTERPRETER;
551
552#ifdef IN_GC
553 if (TRPMHasTrap(pVM))
554 {
555 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
556 {
557#endif
558 RTGCPTR pParam1 = 0;
559 uint64_t valpar1;
560
561 if (param1.type == PARMTYPE_ADDRESS)
562 {
563 pParam1 = (RTGCPTR)param1.val.val64;
564 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
565#ifdef IN_GC
566 /* Safety check (in theory it could cross a page boundary and fault there though) */
567 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
568#endif
569 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
570 if (VBOX_FAILURE(rc))
571 {
572 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
573 return VERR_EM_INTERPRETER;
574 }
575 }
576 else
577 {
578 AssertFailed();
579 return VERR_EM_INTERPRETER;
580 }
581
582 uint32_t eflags;
583
584 eflags = pfnEmulate(&valpar1, param1.size);
585
586 /* Write result back */
587 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
588 if (VBOX_FAILURE(rc))
589 {
590 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
591 return VERR_EM_INTERPRETER;
592 }
593
594 /* Update guest's eflags and finish. */
595 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
596 | (eflags & (X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
597
598 /* All done! */
599 *pcbSize = param1.size;
600 return VINF_SUCCESS;
601#ifdef IN_GC
602 }
603 }
604#endif
605 return VERR_EM_INTERPRETER;
606}
607
608/**
609 * POP Emulation.
610 */
611static int emInterpretPop(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
612{
613 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
614 OP_PARAMVAL param1;
615 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
616 if(VBOX_FAILURE(rc))
617 return VERR_EM_INTERPRETER;
618
619#ifdef IN_GC
620 if (TRPMHasTrap(pVM))
621 {
622 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
623 {
624#endif
625 RTGCPTR pParam1 = 0;
626 uint32_t valpar1;
627 RTGCPTR pStackVal;
628
629 /* Read stack value first */
630 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid) == CPUMODE_16BIT)
631 return VERR_EM_INTERPRETER; /* No legacy 16 bits stuff here, please. */
632
633 /* Convert address; don't bother checking limits etc, as we only read here */
634 pStackVal = SELMToFlat(pVM, DIS_SELREG_SS, pRegFrame, (RTGCPTR)pRegFrame->esp);
635 if (pStackVal == 0)
636 return VERR_EM_INTERPRETER;
637
638 rc = emRamRead(pVM, &valpar1, pStackVal, param1.size);
639 if (VBOX_FAILURE(rc))
640 {
641 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
642 return VERR_EM_INTERPRETER;
643 }
644
645 if (param1.type == PARMTYPE_ADDRESS)
646 {
647 pParam1 = (RTGCPTR)param1.val.val64;
648
649 /* pop [esp+xx] uses esp after the actual pop! */
650 AssertCompile(USE_REG_ESP == USE_REG_SP);
651 if ( (pCpu->param1.flags & USE_BASE)
652 && (pCpu->param1.flags & (USE_REG_GEN16|USE_REG_GEN32))
653 && pCpu->param1.base.reg_gen == USE_REG_ESP
654 )
655 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + param1.size);
656
657 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
658
659#ifdef IN_GC
660 /* Safety check (in theory it could cross a page boundary and fault there though) */
661 AssertMsgReturn(pParam1 == pvFault || (RTGCPTR)pRegFrame->esp == pvFault, ("%VGv != %VGv ss:esp=%04X:%08x\n", pParam1, pvFault, pRegFrame->ss, pRegFrame->esp), VERR_EM_INTERPRETER);
662#endif
663 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
664 if (VBOX_FAILURE(rc))
665 {
666 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
667 return VERR_EM_INTERPRETER;
668 }
669
670 /* Update ESP as the last step */
671 pRegFrame->esp += param1.size;
672 }
673 else
674 {
675#ifndef DEBUG_bird // annoying assertion.
676 AssertFailed();
677#endif
678 return VERR_EM_INTERPRETER;
679 }
680
681 /* All done! */
682 *pcbSize = param1.size;
683 return VINF_SUCCESS;
684#ifdef IN_GC
685 }
686 }
687#endif
688 return VERR_EM_INTERPRETER;
689}
690
691
692/**
693 * XOR/OR/AND Emulation.
694 */
695static int emInterpretOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
696 PFN_EMULATE_PARAM3 pfnEmulate)
697{
698 OP_PARAMVAL param1, param2;
699 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
700 if(VBOX_FAILURE(rc))
701 return VERR_EM_INTERPRETER;
702
703 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
704 if(VBOX_FAILURE(rc))
705 return VERR_EM_INTERPRETER;
706
707#ifdef LOG_ENABLED
708 const char *pszInstr;
709
710 if (pCpu->pCurInstr->opcode == OP_XOR)
711 pszInstr = "Xor";
712 else if (pCpu->pCurInstr->opcode == OP_OR)
713 pszInstr = "Or";
714 else if (pCpu->pCurInstr->opcode == OP_AND)
715 pszInstr = "And";
716 else
717 pszInstr = "OrXorAnd??";
718#endif
719
720#ifdef IN_GC
721 if (TRPMHasTrap(pVM))
722 {
723 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
724 {
725#endif
726 RTGCPTR pParam1;
727 uint64_t valpar1, valpar2;
728
729 if (pCpu->param1.size != pCpu->param2.size)
730 {
731 if (pCpu->param1.size < pCpu->param2.size)
732 {
733 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", pszInstr, pRegFrame->rip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
734 return VERR_EM_INTERPRETER;
735 }
736 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
737 pCpu->param2.size = pCpu->param1.size;
738 param2.size = param1.size;
739 }
740
741 /* The destination is always a virtual address */
742 if (param1.type == PARMTYPE_ADDRESS)
743 {
744 pParam1 = (RTGCPTR)param1.val.val64;
745 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
746
747#ifdef IN_GC
748 /* Safety check (in theory it could cross a page boundary and fault there though) */
749 AssertMsgReturn(pParam1 == pvFault, ("eip=%VGv, pParam1=%VGv pvFault=%VGv\n", pRegFrame->rip, pParam1, pvFault), VERR_EM_INTERPRETER);
750#endif
751 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
752 if (VBOX_FAILURE(rc))
753 {
754 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
755 return VERR_EM_INTERPRETER;
756 }
757 }
758 else
759 {
760 AssertFailed();
761 return VERR_EM_INTERPRETER;
762 }
763
764 /* Register or immediate data */
765 switch(param2.type)
766 {
767 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
768 valpar2 = param2.val.val64;
769 break;
770
771 default:
772 AssertFailed();
773 return VERR_EM_INTERPRETER;
774 }
775
776 LogFlow(("emInterpretOrXorAnd %s %VGv %RX64 - %RX64 size %d (%d)\n", pszInstr, pParam1, valpar1, valpar2, param2.size, param1.size));
777
778 /* Data read, emulate instruction. */
779 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
780
781 LogFlow(("emInterpretOrXorAnd %s result %RX64\n", pszInstr, valpar1));
782
783 /* Update guest's eflags and finish. */
784 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
785 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
786
787 /* And write it back */
788 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
789 if (VBOX_SUCCESS(rc))
790 {
791 /* All done! */
792 *pcbSize = param2.size;
793 return VINF_SUCCESS;
794 }
795#ifdef IN_GC
796 }
797 }
798#endif
799 return VERR_EM_INTERPRETER;
800}
801
802/**
803 * LOCK XOR/OR/AND Emulation.
804 */
805static int emInterpretLockOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
806 uint32_t *pcbSize, PFNEMULATELOCKPARAM3 pfnEmulate)
807{
808 void *pvParam1;
809
810 OP_PARAMVAL param1, param2;
811 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
812 if(VBOX_FAILURE(rc))
813 return VERR_EM_INTERPRETER;
814
815 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
816 if(VBOX_FAILURE(rc))
817 return VERR_EM_INTERPRETER;
818
819 if (pCpu->param1.size != pCpu->param2.size)
820 {
821 AssertMsgReturn(pCpu->param1.size >= pCpu->param2.size, /* should never happen! */
822 ("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size),
823 VERR_EM_INTERPRETER);
824
825 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
826 pCpu->param2.size = pCpu->param1.size;
827 param2.size = param1.size;
828 }
829
830 /* The destination is always a virtual address */
831 AssertReturn(param1.type == PARMTYPE_ADDRESS, VERR_EM_INTERPRETER);
832
833 RTGCPTR GCPtrPar1 = param1.val.val64;
834 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
835#ifdef IN_GC
836 pvParam1 = (void *)GCPtrPar1;
837#else
838 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
839 if (VBOX_FAILURE(rc))
840 {
841 AssertRC(rc);
842 return VERR_EM_INTERPRETER;
843 }
844#endif
845
846# ifdef IN_GC
847 /* Safety check (in theory it could cross a page boundary and fault there though) */
848 Assert( TRPMHasTrap(pVM)
849 && (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW));
850 AssertMsgReturn(GCPtrPar1 == pvFault, ("eip=%VGv, GCPtrPar1=%VGv pvFault=%VGv\n", pRegFrame->rip, GCPtrPar1, pvFault), VERR_EM_INTERPRETER);
851# endif
852
853 /* Register and immediate data == PARMTYPE_IMMEDIATE */
854 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
855 RTGCUINTREG ValPar2 = param2.val.val64;
856
857 /* Try emulate it with a one-shot #PF handler in place. */
858 Log2(("%s %VGv imm%d=%RX64\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
859
860 RTGCUINTREG32 eflags = 0;
861#ifdef IN_GC
862 MMGCRamRegisterTrapHandler(pVM);
863#endif
864 rc = pfnEmulate(pvParam1, ValPar2, pCpu->param2.size, &eflags);
865#ifdef IN_GC
866 MMGCRamDeregisterTrapHandler(pVM);
867#endif
868 if (RT_FAILURE(rc))
869 {
870 Log(("%s %VGv imm%d=%RX64-> emulation failed due to page fault!\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
871 return VERR_EM_INTERPRETER;
872 }
873
874 /* Update guest's eflags and finish. */
875 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
876 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
877
878 *pcbSize = param2.size;
879 return VINF_SUCCESS;
880}
881
882/**
883 * ADD, ADC & SUB Emulation.
884 */
885static int emInterpretAddSub(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
886 PFN_EMULATE_PARAM3 pfnEmulate)
887{
888 OP_PARAMVAL param1, param2;
889 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
890 if(VBOX_FAILURE(rc))
891 return VERR_EM_INTERPRETER;
892
893 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
894 if(VBOX_FAILURE(rc))
895 return VERR_EM_INTERPRETER;
896
897#ifdef LOG_ENABLED
898 const char *pszInstr;
899
900 if (pCpu->pCurInstr->opcode == OP_SUB)
901 pszInstr = "Sub";
902 else if (pCpu->pCurInstr->opcode == OP_ADD)
903 pszInstr = "Add";
904 else if (pCpu->pCurInstr->opcode == OP_ADC)
905 pszInstr = "Adc";
906 else
907 pszInstr = "AddSub??";
908#endif
909
910#ifdef IN_GC
911 if (TRPMHasTrap(pVM))
912 {
913 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
914 {
915#endif
916 RTGCPTR pParam1;
917 uint64_t valpar1, valpar2;
918
919 if (pCpu->param1.size != pCpu->param2.size)
920 {
921 if (pCpu->param1.size < pCpu->param2.size)
922 {
923 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", pszInstr, pRegFrame->rip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
924 return VERR_EM_INTERPRETER;
925 }
926 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
927 pCpu->param2.size = pCpu->param1.size;
928 param2.size = param1.size;
929 }
930
931 /* The destination is always a virtual address */
932 if (param1.type == PARMTYPE_ADDRESS)
933 {
934 pParam1 = (RTGCPTR)param1.val.val64;
935 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
936
937#ifdef IN_GC
938 /* Safety check (in theory it could cross a page boundary and fault there though) */
939 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
940#endif
941 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
942 if (VBOX_FAILURE(rc))
943 {
944 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
945 return VERR_EM_INTERPRETER;
946 }
947 }
948 else
949 {
950#ifndef DEBUG_bird
951 AssertFailed();
952#endif
953 return VERR_EM_INTERPRETER;
954 }
955
956 /* Register or immediate data */
957 switch(param2.type)
958 {
959 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
960 valpar2 = param2.val.val64;
961 break;
962
963 default:
964 AssertFailed();
965 return VERR_EM_INTERPRETER;
966 }
967
968 /* Data read, emulate instruction. */
969 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
970
971 /* Update guest's eflags and finish. */
972 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
973 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
974
975 /* And write it back */
976 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
977 if (VBOX_SUCCESS(rc))
978 {
979 /* All done! */
980 *pcbSize = param2.size;
981 return VINF_SUCCESS;
982 }
983#ifdef IN_GC
984 }
985 }
986#endif
987 return VERR_EM_INTERPRETER;
988}
989
990/**
991 * ADC Emulation.
992 */
993static int emInterpretAdc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
994{
995 if (pRegFrame->eflags.Bits.u1CF)
996 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdcWithCarrySet);
997 else
998 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdd);
999}
1000
1001/**
1002 * BTR/C/S Emulation.
1003 */
1004static int emInterpretBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
1005 PFN_EMULATE_PARAM2_UINT32 pfnEmulate)
1006{
1007 OP_PARAMVAL param1, param2;
1008 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1009 if(VBOX_FAILURE(rc))
1010 return VERR_EM_INTERPRETER;
1011
1012 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1013 if(VBOX_FAILURE(rc))
1014 return VERR_EM_INTERPRETER;
1015
1016#ifdef LOG_ENABLED
1017 const char *pszInstr;
1018
1019 if (pCpu->pCurInstr->opcode == OP_BTR)
1020 pszInstr = "Btr";
1021 else if (pCpu->pCurInstr->opcode == OP_BTS)
1022 pszInstr = "Bts";
1023 else if (pCpu->pCurInstr->opcode == OP_BTC)
1024 pszInstr = "Btc";
1025 else
1026 pszInstr = "Bit??";
1027#endif
1028
1029#ifdef IN_GC
1030 if (TRPMHasTrap(pVM))
1031 {
1032 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1033 {
1034#endif
1035 RTGCPTR pParam1;
1036 uint64_t valpar1 = 0, valpar2;
1037 uint32_t eflags;
1038
1039 /* The destination is always a virtual address */
1040 if (param1.type != PARMTYPE_ADDRESS)
1041 return VERR_EM_INTERPRETER;
1042
1043 pParam1 = (RTGCPTR)param1.val.val64;
1044 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
1045
1046 /* Register or immediate data */
1047 switch(param2.type)
1048 {
1049 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1050 valpar2 = param2.val.val64;
1051 break;
1052
1053 default:
1054 AssertFailed();
1055 return VERR_EM_INTERPRETER;
1056 }
1057
1058 Log2(("emInterpret%s: pvFault=%VGv pParam1=%VGv val2=%x\n", pszInstr, pvFault, pParam1, valpar2));
1059 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + valpar2/8);
1060#ifdef IN_GC
1061 /* Safety check. */
1062 AssertMsgReturn((RTGCPTR)((RTGCUINTPTR)pParam1 & ~3) == pvFault, ("pParam1=%VGv pvFault=%VGv\n", pParam1, pvFault), VERR_EM_INTERPRETER);
1063#endif
1064 rc = emRamRead(pVM, &valpar1, pParam1, 1);
1065 if (VBOX_FAILURE(rc))
1066 {
1067 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
1068 return VERR_EM_INTERPRETER;
1069 }
1070
1071 Log2(("emInterpretBtx: val=%x\n", valpar1));
1072 /* Data read, emulate bit test instruction. */
1073 eflags = pfnEmulate(&valpar1, valpar2 & 0x7);
1074
1075 Log2(("emInterpretBtx: val=%x CF=%d\n", valpar1, !!(eflags & X86_EFL_CF)));
1076
1077 /* Update guest's eflags and finish. */
1078 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1079 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1080
1081 /* And write it back */
1082 rc = emRamWrite(pVM, pParam1, &valpar1, 1);
1083 if (VBOX_SUCCESS(rc))
1084 {
1085 /* All done! */
1086 *pcbSize = 1;
1087 return VINF_SUCCESS;
1088 }
1089#ifdef IN_GC
1090 }
1091 }
1092#endif
1093 return VERR_EM_INTERPRETER;
1094}
1095
1096/**
1097 * LOCK BTR/C/S Emulation.
1098 */
1099static int emInterpretLockBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
1100 uint32_t *pcbSize, PFNEMULATELOCKPARAM2 pfnEmulate)
1101{
1102 void *pvParam1;
1103
1104 OP_PARAMVAL param1, param2;
1105 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1106 if(VBOX_FAILURE(rc))
1107 return VERR_EM_INTERPRETER;
1108
1109 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1110 if(VBOX_FAILURE(rc))
1111 return VERR_EM_INTERPRETER;
1112
1113 /* The destination is always a virtual address */
1114 if (param1.type != PARMTYPE_ADDRESS)
1115 return VERR_EM_INTERPRETER;
1116
1117 /* Register and immediate data == PARMTYPE_IMMEDIATE */
1118 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
1119 uint64_t ValPar2 = param2.val.val64;
1120
1121 /* Adjust the parameters so what we're dealing with is a bit within the byte pointed to. */
1122 RTGCPTR GCPtrPar1 = param1.val.val64;
1123 GCPtrPar1 = (GCPtrPar1 + ValPar2 / 8);
1124 ValPar2 &= 7;
1125
1126#ifdef IN_GC
1127 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1128 pvParam1 = (void *)GCPtrPar1;
1129#else
1130 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1131 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1132 if (VBOX_FAILURE(rc))
1133 {
1134 AssertRC(rc);
1135 return VERR_EM_INTERPRETER;
1136 }
1137#endif
1138
1139 Log2(("emInterpretLockBitTest %s: pvFault=%VGv GCPtrPar1=%VGv imm=%RX64\n", emGetMnemonic(pCpu), pvFault, GCPtrPar1, ValPar2));
1140
1141#ifdef IN_GC
1142 Assert(TRPMHasTrap(pVM));
1143 AssertMsgReturn((RTGCPTR)((RTGCUINTPTR)GCPtrPar1 & ~(RTGCUINTPTR)3) == pvFault,
1144 ("GCPtrPar1=%VGv pvFault=%VGv\n", GCPtrPar1, pvFault),
1145 VERR_EM_INTERPRETER);
1146#endif
1147
1148 /* Try emulate it with a one-shot #PF handler in place. */
1149 RTGCUINTREG32 eflags = 0;
1150#ifdef IN_GC
1151 MMGCRamRegisterTrapHandler(pVM);
1152#endif
1153 rc = pfnEmulate(pvParam1, ValPar2, &eflags);
1154#ifdef IN_GC
1155 MMGCRamDeregisterTrapHandler(pVM);
1156#endif
1157 if (RT_FAILURE(rc))
1158 {
1159 Log(("emInterpretLockBitTest %s: %VGv imm%d=%RX64 -> emulation failed due to page fault!\n",
1160 emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
1161 return VERR_EM_INTERPRETER;
1162 }
1163
1164 Log2(("emInterpretLockBitTest %s: GCPtrPar1=%VGv imm=%VX64 CF=%d\n", emGetMnemonic(pCpu), GCPtrPar1, ValPar2, !!(eflags & X86_EFL_CF)));
1165
1166 /* Update guest's eflags and finish. */
1167 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1168 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1169
1170 *pcbSize = 1;
1171 return VINF_SUCCESS;
1172}
1173
1174/**
1175 * MOV emulation.
1176 */
1177static int emInterpretMov(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1178{
1179 OP_PARAMVAL param1, param2;
1180 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1181 if(VBOX_FAILURE(rc))
1182 return VERR_EM_INTERPRETER;
1183
1184 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1185 if(VBOX_FAILURE(rc))
1186 return VERR_EM_INTERPRETER;
1187
1188#ifdef IN_GC
1189 if (TRPMHasTrap(pVM))
1190 {
1191 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1192 {
1193#else
1194 /** @todo Make this the default and don't rely on TRPM information. */
1195 if (param1.type == PARMTYPE_ADDRESS)
1196 {
1197#endif
1198 RTGCPTR pDest;
1199 uint64_t val64;
1200
1201 switch(param1.type)
1202 {
1203 case PARMTYPE_IMMEDIATE:
1204 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1205 return VERR_EM_INTERPRETER;
1206 /* fallthru */
1207
1208 case PARMTYPE_ADDRESS:
1209 pDest = (RTGCPTR)param1.val.val64;
1210 pDest = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pDest);
1211 break;
1212
1213 default:
1214 AssertFailed();
1215 return VERR_EM_INTERPRETER;
1216 }
1217
1218 switch(param2.type)
1219 {
1220 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
1221 val64 = param2.val.val64;
1222 break;
1223
1224 default:
1225 Log(("emInterpretMov: unexpected type=%d eip=%VGv\n", param2.type, pRegFrame->rip));
1226 return VERR_EM_INTERPRETER;
1227 }
1228#ifdef LOG_ENABLED
1229 if (pCpu->mode == CPUMODE_64BIT)
1230 LogFlow(("EMInterpretInstruction at %VGv: OP_MOV %VGv <- %RX64 (%d) &val32=%VHv\n", pRegFrame->rip, pDest, val64, param2.size, &val64));
1231 else
1232 LogFlow(("EMInterpretInstruction at %VGv: OP_MOV %VGv <- %08X (%d) &val32=%VHv\n", pRegFrame->rip, pDest, (uint32_t)val64, param2.size, &val64));
1233#endif
1234
1235 Assert(param2.size <= 8 && param2.size > 0);
1236
1237#if 0 /* CSAM/PATM translates aliases which causes this to incorrectly trigger. See #2609 and #1498. */
1238#ifdef IN_GC
1239 /* Safety check (in theory it could cross a page boundary and fault there though) */
1240 AssertMsgReturn(pDest == pvFault, ("eip=%VGv pDest=%VGv pvFault=%VGv\n", pRegFrame->rip, pDest, pvFault), VERR_EM_INTERPRETER);
1241#endif
1242#endif
1243 rc = emRamWrite(pVM, pDest, &val64, param2.size);
1244 if (VBOX_FAILURE(rc))
1245 return VERR_EM_INTERPRETER;
1246
1247 *pcbSize = param2.size;
1248 }
1249 else
1250 { /* read fault */
1251 RTGCPTR pSrc;
1252 uint64_t val64;
1253
1254 /* Source */
1255 switch(param2.type)
1256 {
1257 case PARMTYPE_IMMEDIATE:
1258 if(!(param2.flags & (PARAM_VAL32|PARAM_VAL64)))
1259 return VERR_EM_INTERPRETER;
1260 /* fallthru */
1261
1262 case PARMTYPE_ADDRESS:
1263 pSrc = (RTGCPTR)param2.val.val64;
1264 pSrc = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pSrc);
1265 break;
1266
1267 default:
1268 return VERR_EM_INTERPRETER;
1269 }
1270
1271 Assert(param1.size <= 8 && param1.size > 0);
1272#ifdef IN_GC
1273 /* Safety check (in theory it could cross a page boundary and fault there though) */
1274 AssertReturn(pSrc == pvFault, VERR_EM_INTERPRETER);
1275#endif
1276 rc = emRamRead(pVM, &val64, pSrc, param1.size);
1277 if (VBOX_FAILURE(rc))
1278 return VERR_EM_INTERPRETER;
1279
1280 /* Destination */
1281 switch(param1.type)
1282 {
1283 case PARMTYPE_REGISTER:
1284 switch(param1.size)
1285 {
1286 case 1: rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen, (uint8_t) val64); break;
1287 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen, (uint16_t)val64); break;
1288 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen, (uint32_t)val64); break;
1289 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param1.base.reg_gen, val64); break;
1290 default:
1291 return VERR_EM_INTERPRETER;
1292 }
1293 if (VBOX_FAILURE(rc))
1294 return rc;
1295 break;
1296
1297 default:
1298 return VERR_EM_INTERPRETER;
1299 }
1300#ifdef LOG_ENABLED
1301 if (pCpu->mode == CPUMODE_64BIT)
1302 LogFlow(("EMInterpretInstruction: OP_MOV %VGv -> %RX64 (%d)\n", pSrc, val64, param1.size));
1303 else
1304 LogFlow(("EMInterpretInstruction: OP_MOV %VGv -> %08X (%d)\n", pSrc, (uint32_t)val64, param1.size));
1305#endif
1306 }
1307 return VINF_SUCCESS;
1308#ifdef IN_GC
1309 }
1310#endif
1311 return VERR_EM_INTERPRETER;
1312}
1313
1314#ifndef IN_GC
1315/*
1316 * [REP] STOSWD emulation
1317 *
1318 */
1319static int emInterpretStosWD(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1320{
1321 int rc;
1322 RTGCPTR GCDest, GCOffset;
1323 uint32_t cbSize;
1324 uint64_t cTransfers;
1325 int offIncrement;
1326
1327 /* Don't support any but these three prefix bytes. */
1328 if ((pCpu->prefix & ~(PREFIX_ADDRSIZE|PREFIX_OPSIZE|PREFIX_REP|PREFIX_REX)))
1329 return VERR_EM_INTERPRETER;
1330
1331 switch (pCpu->addrmode)
1332 {
1333 case CPUMODE_16BIT:
1334 GCOffset = pRegFrame->di;
1335 cTransfers = pRegFrame->cx;
1336 break;
1337 case CPUMODE_32BIT:
1338 GCOffset = pRegFrame->edi;
1339 cTransfers = pRegFrame->ecx;
1340 break;
1341 case CPUMODE_64BIT:
1342 GCOffset = pRegFrame->rdi;
1343 cTransfers = pRegFrame->rcx;
1344 break;
1345 default:
1346 AssertFailed();
1347 return VERR_EM_INTERPRETER;
1348 }
1349
1350 GCDest = SELMToFlat(pVM, DIS_SELREG_ES, pRegFrame, GCOffset);
1351 switch (pCpu->opmode)
1352 {
1353 case CPUMODE_16BIT:
1354 cbSize = 2;
1355 break;
1356 case CPUMODE_32BIT:
1357 cbSize = 4;
1358 break;
1359 case CPUMODE_64BIT:
1360 cbSize = 8;
1361 break;
1362 default:
1363 AssertFailed();
1364 return VERR_EM_INTERPRETER;
1365 }
1366
1367 offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cbSize : (signed)cbSize;
1368
1369 if (!(pCpu->prefix & PREFIX_REP))
1370 {
1371 LogFlow(("emInterpretStosWD dest=%04X:%VGv (%VGv) cbSize=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize));
1372
1373 rc = PGMPhysWriteGCPtrSafe(pVM, GCDest, &pRegFrame->rax, cbSize);
1374 if (VBOX_FAILURE(rc))
1375 return VERR_EM_INTERPRETER;
1376 Assert(rc == VINF_SUCCESS);
1377
1378 /* Update (e/r)di. */
1379 switch (pCpu->addrmode)
1380 {
1381 case CPUMODE_16BIT:
1382 pRegFrame->di += offIncrement;
1383 break;
1384 case CPUMODE_32BIT:
1385 pRegFrame->edi += offIncrement;
1386 break;
1387 case CPUMODE_64BIT:
1388 pRegFrame->rdi += offIncrement;
1389 break;
1390 default:
1391 AssertFailed();
1392 return VERR_EM_INTERPRETER;
1393 }
1394
1395 }
1396 else
1397 {
1398 if (!cTransfers)
1399 return VINF_SUCCESS;
1400
1401 LogFlow(("emInterpretStosWD dest=%04X:%VGv (%VGv) cbSize=%d cTransfers=%x DF=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize, cTransfers, pRegFrame->eflags.Bits.u1DF));
1402
1403 /* Access verification first; we currently can't recover properly from traps inside this instruction */
1404 rc = PGMVerifyAccess(pVM, GCDest - (offIncrement > 0) ? 0 : ((cTransfers-1) * cbSize), cTransfers * cbSize, X86_PTE_RW | X86_PTE_US);
1405 if (rc != VINF_SUCCESS)
1406 {
1407 Log(("STOSWD will generate a trap -> recompiler, rc=%d\n", rc));
1408 return VERR_EM_INTERPRETER;
1409 }
1410
1411 /* REP case */
1412 while (cTransfers)
1413 {
1414 rc = PGMPhysWriteGCPtrSafe(pVM, GCDest, &pRegFrame->rax, cbSize);
1415 if (VBOX_FAILURE(rc))
1416 {
1417 rc = VERR_EM_INTERPRETER;
1418 break;
1419 }
1420
1421 Assert(rc == VINF_SUCCESS);
1422 GCOffset += offIncrement;
1423 GCDest += offIncrement;
1424 cTransfers--;
1425 }
1426
1427 /* Update the registers. */
1428 switch (pCpu->addrmode)
1429 {
1430 case CPUMODE_16BIT:
1431 pRegFrame->di = GCOffset;
1432 pRegFrame->cx = cTransfers;
1433 break;
1434 case CPUMODE_32BIT:
1435 pRegFrame->edi = GCOffset;
1436 pRegFrame->ecx = cTransfers;
1437 break;
1438 case CPUMODE_64BIT:
1439 pRegFrame->rdi = GCOffset;
1440 pRegFrame->rcx = cTransfers;
1441 break;
1442 default:
1443 AssertFailed();
1444 return VERR_EM_INTERPRETER;
1445 }
1446 }
1447
1448 *pcbSize = cbSize;
1449 return rc;
1450}
1451#endif
1452
1453
1454/*
1455 * [LOCK] CMPXCHG emulation.
1456 */
1457#ifndef IN_GC
1458static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1459{
1460 OP_PARAMVAL param1, param2;
1461
1462#ifdef LOG_ENABLED
1463 const char *pszInstr;
1464
1465 if (pCpu->prefix & PREFIX_LOCK)
1466 pszInstr = "Lock CmpXchg";
1467 else
1468 pszInstr = "CmpXchg";
1469#endif
1470
1471 /* Source to make DISQueryParamVal read the register value - ugly hack */
1472 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1473 if(VBOX_FAILURE(rc))
1474 return VERR_EM_INTERPRETER;
1475
1476 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1477 if(VBOX_FAILURE(rc))
1478 return VERR_EM_INTERPRETER;
1479
1480 RTGCPTR GCPtrPar1;
1481 void *pvParam1;
1482 uint64_t valpar, eflags;
1483
1484 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1485 switch(param1.type)
1486 {
1487 case PARMTYPE_ADDRESS:
1488 GCPtrPar1 = param1.val.val64;
1489 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1490
1491 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1492 if (VBOX_FAILURE(rc))
1493 {
1494 AssertRC(rc);
1495 return VERR_EM_INTERPRETER;
1496 }
1497 break;
1498
1499 default:
1500 return VERR_EM_INTERPRETER;
1501 }
1502
1503 switch(param2.type)
1504 {
1505 case PARMTYPE_IMMEDIATE: /* register actually */
1506 valpar = param2.val.val64;
1507 break;
1508
1509 default:
1510 return VERR_EM_INTERPRETER;
1511 }
1512
1513 LogFlow(("%s %VGv rax=%RX64 %RX64\n", pszInstr, GCPtrPar1, pRegFrame->rax, valpar));
1514
1515 if (pCpu->prefix & PREFIX_LOCK)
1516 eflags = EMEmulateLockCmpXchg(pvParam1, &pRegFrame->rax, valpar, pCpu->param2.size);
1517 else
1518 eflags = EMEmulateCmpXchg(pvParam1, &pRegFrame->rax, valpar, pCpu->param2.size);
1519
1520 LogFlow(("%s %VGv rax=%RX64 %RX64 ZF=%d\n", pszInstr, GCPtrPar1, pRegFrame->rax, valpar, !!(eflags & X86_EFL_ZF)));
1521
1522 /* Update guest's eflags and finish. */
1523 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1524 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1525
1526 *pcbSize = param2.size;
1527 return VINF_SUCCESS;
1528}
1529
1530#else
1531static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1532{
1533 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1534 OP_PARAMVAL param1, param2;
1535
1536#ifdef LOG_ENABLED
1537 const char *pszInstr;
1538
1539 if (pCpu->prefix & PREFIX_LOCK)
1540 pszInstr = "Lock CmpXchg";
1541 else
1542 pszInstr = "CmpXchg";
1543#endif
1544
1545 /* Source to make DISQueryParamVal read the register value - ugly hack */
1546 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1547 if(VBOX_FAILURE(rc))
1548 return VERR_EM_INTERPRETER;
1549
1550 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1551 if(VBOX_FAILURE(rc))
1552 return VERR_EM_INTERPRETER;
1553
1554 if (TRPMHasTrap(pVM))
1555 {
1556 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1557 {
1558 RTRCPTR pParam1;
1559 uint32_t valpar, eflags;
1560
1561 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1562 switch(param1.type)
1563 {
1564 case PARMTYPE_ADDRESS:
1565 pParam1 = (RTRCPTR)param1.val.val64;
1566 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1567
1568 /* Safety check (in theory it could cross a page boundary and fault there though) */
1569 AssertMsgReturn(pParam1 == (RTRCPTR)pvFault, ("eip=%VGv pParam1=%VRv pvFault=%VGv\n", pRegFrame->rip, pParam1, pvFault), VERR_EM_INTERPRETER);
1570 break;
1571
1572 default:
1573 return VERR_EM_INTERPRETER;
1574 }
1575
1576 switch(param2.type)
1577 {
1578 case PARMTYPE_IMMEDIATE: /* register actually */
1579 valpar = param2.val.val32;
1580 break;
1581
1582 default:
1583 return VERR_EM_INTERPRETER;
1584 }
1585
1586 LogFlow(("%s %VRv eax=%08x %08x\n", pszInstr, pParam1, pRegFrame->eax, valpar));
1587
1588 MMGCRamRegisterTrapHandler(pVM);
1589 if (pCpu->prefix & PREFIX_LOCK)
1590 rc = EMGCEmulateLockCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1591 else
1592 rc = EMGCEmulateCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1593 MMGCRamDeregisterTrapHandler(pVM);
1594
1595 if (VBOX_FAILURE(rc))
1596 {
1597 Log(("%s %VGv eax=%08x %08x -> emulation failed due to page fault!\n", pszInstr, pParam1, pRegFrame->eax, valpar));
1598 return VERR_EM_INTERPRETER;
1599 }
1600
1601 LogFlow(("%s %VRv eax=%08x %08x ZF=%d\n", pszInstr, pParam1, pRegFrame->eax, valpar, !!(eflags & X86_EFL_ZF)));
1602
1603 /* Update guest's eflags and finish. */
1604 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1605 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1606
1607 *pcbSize = param2.size;
1608 return VINF_SUCCESS;
1609 }
1610 }
1611 return VERR_EM_INTERPRETER;
1612}
1613
1614/*
1615 * [LOCK] CMPXCHG8B emulation.
1616 */
1617static int emInterpretCmpXchg8b(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1618{
1619 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1620 OP_PARAMVAL param1;
1621
1622#ifdef LOG_ENABLED
1623 const char *pszInstr;
1624
1625 if (pCpu->prefix & PREFIX_LOCK)
1626 pszInstr = "Lock CmpXchg8b";
1627 else
1628 pszInstr = "CmpXchg8b";
1629#endif
1630
1631 /* Source to make DISQueryParamVal read the register value - ugly hack */
1632 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1633 if(VBOX_FAILURE(rc))
1634 return VERR_EM_INTERPRETER;
1635
1636 if (TRPMHasTrap(pVM))
1637 {
1638 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1639 {
1640 RTRCPTR pParam1;
1641 uint32_t eflags;
1642
1643 AssertReturn(pCpu->param1.size == 8, VERR_EM_INTERPRETER);
1644 switch(param1.type)
1645 {
1646 case PARMTYPE_ADDRESS:
1647 pParam1 = (RTRCPTR)param1.val.val64;
1648 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1649
1650 /* Safety check (in theory it could cross a page boundary and fault there though) */
1651 AssertMsgReturn(pParam1 == (RTRCPTR)pvFault, ("eip=%VGv pParam1=%VRv pvFault=%VGv\n", pRegFrame->rip, pParam1, pvFault), VERR_EM_INTERPRETER);
1652 break;
1653
1654 default:
1655 return VERR_EM_INTERPRETER;
1656 }
1657
1658 LogFlow(("%s %VRv=%08x eax=%08x\n", pszInstr, pParam1, pRegFrame->eax));
1659
1660 MMGCRamRegisterTrapHandler(pVM);
1661 if (pCpu->prefix & PREFIX_LOCK)
1662 rc = EMGCEmulateLockCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1663 else
1664 rc = EMGCEmulateCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1665 MMGCRamDeregisterTrapHandler(pVM);
1666
1667 if (VBOX_FAILURE(rc))
1668 {
1669 Log(("%s %VGv=%08x eax=%08x -> emulation failed due to page fault!\n", pszInstr, pParam1, pRegFrame->eax));
1670 return VERR_EM_INTERPRETER;
1671 }
1672
1673 LogFlow(("%s %VGv=%08x eax=%08x ZF=%d\n", pszInstr, pParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1674
1675 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1676 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1677 | (eflags & (X86_EFL_ZF));
1678
1679 *pcbSize = 8;
1680 return VINF_SUCCESS;
1681 }
1682 }
1683 return VERR_EM_INTERPRETER;
1684}
1685#endif
1686
1687/*
1688 * [LOCK] XADD emulation.
1689 */
1690#ifdef IN_GC
1691static int emInterpretXAdd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1692{
1693 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1694 OP_PARAMVAL param1;
1695 uint32_t *pParamReg2;
1696 size_t cbSizeParamReg2;
1697
1698 /* Source to make DISQueryParamVal read the register value - ugly hack */
1699 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1700 if(VBOX_FAILURE(rc))
1701 return VERR_EM_INTERPRETER;
1702
1703 rc = DISQueryParamRegPtr(pRegFrame, pCpu, &pCpu->param2, (void **)&pParamReg2, &cbSizeParamReg2);
1704 Assert(cbSizeParamReg2 <= 4);
1705 if(VBOX_FAILURE(rc))
1706 return VERR_EM_INTERPRETER;
1707
1708 if (TRPMHasTrap(pVM))
1709 {
1710 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1711 {
1712 RTRCPTR pParam1;
1713 uint32_t eflags;
1714
1715 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1716 switch(param1.type)
1717 {
1718 case PARMTYPE_ADDRESS:
1719 pParam1 = (RTRCPTR)param1.val.val64;
1720 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1721
1722 /* Safety check (in theory it could cross a page boundary and fault there though) */
1723 AssertMsgReturn(pParam1 == (RTRCPTR)pvFault, ("eip=%VGv pParam1=%VRv pvFault=%VGv\n", pRegFrame->rip, pParam1, pvFault), VERR_EM_INTERPRETER);
1724 break;
1725
1726 default:
1727 return VERR_EM_INTERPRETER;
1728 }
1729
1730 LogFlow(("XAdd %VRv=%08x reg=%08x\n", pParam1, *pParamReg2));
1731
1732 MMGCRamRegisterTrapHandler(pVM);
1733 if (pCpu->prefix & PREFIX_LOCK)
1734 rc = EMGCEmulateLockXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1735 else
1736 rc = EMGCEmulateXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1737 MMGCRamDeregisterTrapHandler(pVM);
1738
1739 if (VBOX_FAILURE(rc))
1740 {
1741 Log(("XAdd %VGv reg=%08x -> emulation failed due to page fault!\n", pParam1, *pParamReg2));
1742 return VERR_EM_INTERPRETER;
1743 }
1744
1745 LogFlow(("XAdd %VGv reg=%08x ZF=%d\n", pParam1, *pParamReg2, !!(eflags & X86_EFL_ZF)));
1746
1747 /* Update guest's eflags and finish. */
1748 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1749 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1750
1751 *pcbSize = cbSizeParamReg2;
1752 return VINF_SUCCESS;
1753 }
1754 }
1755 return VERR_EM_INTERPRETER;
1756}
1757#endif
1758
1759#ifdef IN_GC
1760/**
1761 * Interpret IRET (currently only to V86 code)
1762 *
1763 * @returns VBox status code.
1764 * @param pVM The VM handle.
1765 * @param pRegFrame The register frame.
1766 *
1767 */
1768EMDECL(int) EMInterpretIret(PVM pVM, PCPUMCTXCORE pRegFrame)
1769{
1770 RTGCUINTPTR pIretStack = (RTGCUINTPTR)pRegFrame->esp;
1771 RTGCUINTPTR eip, cs, esp, ss, eflags, ds, es, fs, gs, uMask;
1772 int rc;
1773
1774 Assert(!CPUMIsGuestIn64BitCode(pVM, pRegFrame));
1775
1776 rc = emRamRead(pVM, &eip, (RTGCPTR)pIretStack , 4);
1777 rc |= emRamRead(pVM, &cs, (RTGCPTR)(pIretStack + 4), 4);
1778 rc |= emRamRead(pVM, &eflags, (RTGCPTR)(pIretStack + 8), 4);
1779 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1780 AssertReturn(eflags & X86_EFL_VM, VERR_EM_INTERPRETER);
1781
1782 rc |= emRamRead(pVM, &esp, (RTGCPTR)(pIretStack + 12), 4);
1783 rc |= emRamRead(pVM, &ss, (RTGCPTR)(pIretStack + 16), 4);
1784 rc |= emRamRead(pVM, &es, (RTGCPTR)(pIretStack + 20), 4);
1785 rc |= emRamRead(pVM, &ds, (RTGCPTR)(pIretStack + 24), 4);
1786 rc |= emRamRead(pVM, &fs, (RTGCPTR)(pIretStack + 28), 4);
1787 rc |= emRamRead(pVM, &gs, (RTGCPTR)(pIretStack + 32), 4);
1788 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1789
1790 pRegFrame->eip = eip & 0xffff;
1791 pRegFrame->cs = cs;
1792
1793 /* Mask away all reserved bits */
1794 uMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_ID;
1795 eflags &= uMask;
1796
1797#ifndef IN_RING0
1798 CPUMRawSetEFlags(pVM, pRegFrame, eflags);
1799#endif
1800 Assert((pRegFrame->eflags.u32 & (X86_EFL_IF|X86_EFL_IOPL)) == X86_EFL_IF);
1801
1802 pRegFrame->esp = esp;
1803 pRegFrame->ss = ss;
1804 pRegFrame->ds = ds;
1805 pRegFrame->es = es;
1806 pRegFrame->fs = fs;
1807 pRegFrame->gs = gs;
1808
1809 return VINF_SUCCESS;
1810}
1811#endif
1812
1813/**
1814 * IRET Emulation.
1815 */
1816static int emInterpretIret(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1817{
1818 /* only allow direct calls to EMInterpretIret for now */
1819 return VERR_EM_INTERPRETER;
1820}
1821
1822/**
1823 * INVLPG Emulation.
1824 */
1825
1826/**
1827 * Interpret INVLPG
1828 *
1829 * @returns VBox status code.
1830 * @param pVM The VM handle.
1831 * @param pRegFrame The register frame.
1832 * @param pAddrGC Operand address
1833 *
1834 */
1835EMDECL(int) EMInterpretInvlpg(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pAddrGC)
1836{
1837 int rc;
1838
1839 /** @todo is addr always a flat linear address or ds based
1840 * (in absence of segment override prefixes)????
1841 */
1842#ifdef IN_GC
1843 // Note: we could also use PGMFlushPage here, but it currently doesn't always use invlpg!!!!!!!!!!
1844 LogFlow(("GC: EMULATE: invlpg %08X\n", pAddrGC));
1845 rc = PGMGCInvalidatePage(pVM, pAddrGC);
1846#else
1847 rc = PGMInvalidatePage(pVM, pAddrGC);
1848#endif
1849 if (VBOX_SUCCESS(rc))
1850 return VINF_SUCCESS;
1851 Log(("PGMInvalidatePage %VGv returned %VGv (%d)\n", pAddrGC, rc, rc));
1852 Assert(rc == VERR_REM_FLUSHED_PAGES_OVERFLOW);
1853 /** @todo r=bird: we shouldn't ignore returns codes like this... I'm 99% sure the error is fatal. */
1854 return VERR_EM_INTERPRETER;
1855}
1856
1857static int emInterpretInvlPg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1858{
1859 OP_PARAMVAL param1;
1860 RTGCPTR addr;
1861
1862 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1863 if(VBOX_FAILURE(rc))
1864 return VERR_EM_INTERPRETER;
1865
1866 switch(param1.type)
1867 {
1868 case PARMTYPE_IMMEDIATE:
1869 case PARMTYPE_ADDRESS:
1870 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1871 return VERR_EM_INTERPRETER;
1872 addr = (RTGCPTR)param1.val.val64;
1873 break;
1874
1875 default:
1876 return VERR_EM_INTERPRETER;
1877 }
1878
1879 /** @todo is addr always a flat linear address or ds based
1880 * (in absence of segment override prefixes)????
1881 */
1882#ifdef IN_GC
1883 // Note: we could also use PGMFlushPage here, but it currently doesn't always use invlpg!!!!!!!!!!
1884 LogFlow(("GC: EMULATE: invlpg %08X\n", addr));
1885 rc = PGMGCInvalidatePage(pVM, addr);
1886#else
1887 rc = PGMInvalidatePage(pVM, addr);
1888#endif
1889 if (VBOX_SUCCESS(rc))
1890 return VINF_SUCCESS;
1891 /** @todo r=bird: we shouldn't ignore returns codes like this... I'm 99% sure the error is fatal. */
1892 return VERR_EM_INTERPRETER;
1893}
1894
1895/**
1896 * CPUID Emulation.
1897 */
1898
1899/**
1900 * Interpret CPUID given the parameters in the CPU context
1901 *
1902 * @returns VBox status code.
1903 * @param pVM The VM handle.
1904 * @param pRegFrame The register frame.
1905 *
1906 */
1907EMDECL(int) EMInterpretCpuId(PVM pVM, PCPUMCTXCORE pRegFrame)
1908{
1909 uint32_t iLeaf = pRegFrame->eax; NOREF(iLeaf);
1910
1911 /* Note: operates the same in 64 and non-64 bits mode. */
1912 CPUMGetGuestCpuId(pVM, pRegFrame->eax, &pRegFrame->eax, &pRegFrame->ebx, &pRegFrame->ecx, &pRegFrame->edx);
1913 Log(("Emulate: CPUID %x -> %08x %08x %08x %08x\n", iLeaf, pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx));
1914 return VINF_SUCCESS;
1915}
1916
1917static int emInterpretCpuId(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1918{
1919 int rc = EMInterpretCpuId(pVM, pRegFrame);
1920 return rc;
1921}
1922
1923/**
1924 * MOV CRx Emulation.
1925 */
1926
1927/**
1928 * Interpret CRx read
1929 *
1930 * @returns VBox status code.
1931 * @param pVM The VM handle.
1932 * @param pRegFrame The register frame.
1933 * @param DestRegGen General purpose register index (USE_REG_E**))
1934 * @param SrcRegCRx CRx register index (USE_REG_CR*)
1935 *
1936 */
1937EMDECL(int) EMInterpretCRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegCrx)
1938{
1939 int rc;
1940 uint64_t val64;
1941
1942 if (SrcRegCrx == USE_REG_CR8)
1943 {
1944 val64 = 0;
1945 rc = PDMApicGetTPR(pVM, (uint8_t *)&val64, NULL);
1946 AssertMsgRCReturn(rc, ("PDMApicGetTPR failed\n"), VERR_EM_INTERPRETER);
1947 }
1948 else
1949 {
1950 rc = CPUMGetGuestCRx(pVM, SrcRegCrx, &val64);
1951 AssertMsgRCReturn(rc, ("CPUMGetGuestCRx %d failed\n", SrcRegCrx), VERR_EM_INTERPRETER);
1952 }
1953
1954 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
1955 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
1956 else
1957 rc = DISWriteReg32(pRegFrame, DestRegGen, val64);
1958
1959 if(VBOX_SUCCESS(rc))
1960 {
1961 LogFlow(("MOV_CR: gen32=%d CR=%d val=%VX64\n", DestRegGen, SrcRegCrx, val64));
1962 return VINF_SUCCESS;
1963 }
1964 return VERR_EM_INTERPRETER;
1965}
1966
1967
1968/**
1969 * Interpret LMSW
1970 *
1971 * @returns VBox status code.
1972 * @param pVM The VM handle.
1973 * @param u16Data LMSW source data.
1974 *
1975 */
1976EMDECL(int) EMInterpretLMSW(PVM pVM, uint16_t u16Data)
1977{
1978 uint64_t OldCr0 = CPUMGetGuestCR0(pVM);
1979
1980 /* don't use this path to go into protected mode! */
1981 Assert(OldCr0 & X86_CR0_PE);
1982 if (!(OldCr0 & X86_CR0_PE))
1983 return VERR_EM_INTERPRETER;
1984
1985 /* Only PE, MP, EM and TS can be changed; note that PE can't be cleared by this instruction. */
1986 uint64_t NewCr0 = ( OldCr0 & ~( X86_CR0_MP | X86_CR0_EM | X86_CR0_TS))
1987 | (u16Data & (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS));
1988
1989#ifdef IN_GC
1990 /* Need to change the hyper CR0? Doing it the lazy way then. */
1991 if ( (OldCr0 & (X86_CR0_AM | X86_CR0_WP))
1992 != (NewCr0 & (X86_CR0_AM | X86_CR0_WP)))
1993 {
1994 Log(("EMInterpretLMSW: CR0: %#x->%#x => R3\n", OldCr0, NewCr0));
1995 VM_FF_SET(pVM, VM_FF_TO_R3);
1996 }
1997#endif
1998
1999 return CPUMSetGuestCR0(pVM, NewCr0);
2000}
2001
2002
2003/**
2004 * Interpret CLTS
2005 *
2006 * @returns VBox status code.
2007 * @param pVM The VM handle.
2008 *
2009 */
2010EMDECL(int) EMInterpretCLTS(PVM pVM)
2011{
2012 uint64_t cr0 = CPUMGetGuestCR0(pVM);
2013 if (!(cr0 & X86_CR0_TS))
2014 return VINF_SUCCESS;
2015 return CPUMSetGuestCR0(pVM, cr0 & ~X86_CR0_TS);
2016}
2017
2018static int emInterpretClts(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2019{
2020 return EMInterpretCLTS(pVM);
2021}
2022
2023/**
2024 * Interpret CRx write
2025 *
2026 * @returns VBox status code.
2027 * @param pVM The VM handle.
2028 * @param pRegFrame The register frame.
2029 * @param DestRegCRx CRx register index (USE_REG_CR*)
2030 * @param SrcRegGen General purpose register index (USE_REG_E**))
2031 *
2032 */
2033EMDECL(int) EMInterpretCRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint32_t SrcRegGen)
2034{
2035 uint64_t val;
2036 uint64_t oldval;
2037 uint64_t msrEFER;
2038 int rc;
2039
2040 /** @todo Clean up this mess. */
2041 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2042 {
2043 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2044 }
2045 else
2046 {
2047 uint32_t val32;
2048 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2049 val = val32;
2050 }
2051
2052 if (VBOX_SUCCESS(rc))
2053 {
2054 LogFlow(("EMInterpretCRxWrite at %VGv CR%d <- %VX64\n", pRegFrame->rip, DestRegCrx, val));
2055 switch (DestRegCrx)
2056 {
2057 case USE_REG_CR0:
2058 oldval = CPUMGetGuestCR0(pVM);
2059#ifdef IN_GC
2060 /* CR0.WP and CR0.AM changes require a reschedule run in ring 3. */
2061 if ( (val & (X86_CR0_WP | X86_CR0_AM))
2062 != (oldval & (X86_CR0_WP | X86_CR0_AM)))
2063 return VERR_EM_INTERPRETER;
2064#endif
2065 CPUMSetGuestCR0(pVM, val);
2066 val = CPUMGetGuestCR0(pVM);
2067 if ( (oldval & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE))
2068 != (val & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE)))
2069 {
2070 /* global flush */
2071 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
2072 AssertRCReturn(rc, rc);
2073 }
2074
2075 /* Deal with long mode enabling/disabling. */
2076 msrEFER = CPUMGetGuestEFER(pVM);
2077 if (msrEFER & MSR_K6_EFER_LME)
2078 {
2079 if ( !(oldval & X86_CR0_PG)
2080 && (val & X86_CR0_PG))
2081 {
2082 /* Illegal to have an active 64 bits CS selector (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2083 if (pRegFrame->csHid.Attr.n.u1Long)
2084 {
2085 AssertMsgFailed(("Illegal enabling of paging with CS.u1Long = 1!!\n"));
2086 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2087 }
2088
2089 /* Illegal to switch to long mode before activating PAE first (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2090 if (!(CPUMGetGuestCR4(pVM) & X86_CR4_PAE))
2091 {
2092 AssertMsgFailed(("Illegal enabling of paging with PAE disabled!!\n"));
2093 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2094 }
2095 msrEFER |= MSR_K6_EFER_LMA;
2096 }
2097 else
2098 if ( (oldval & X86_CR0_PG)
2099 && !(val & X86_CR0_PG))
2100 {
2101 msrEFER &= ~MSR_K6_EFER_LMA;
2102 /* @todo Do we need to cut off rip here? High dword of rip is undefined, so it shouldn't really matter. */
2103 }
2104 CPUMSetGuestEFER(pVM, msrEFER);
2105 }
2106 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), CPUMGetGuestEFER(pVM));
2107
2108 case USE_REG_CR2:
2109 rc = CPUMSetGuestCR2(pVM, val); AssertRC(rc);
2110 return VINF_SUCCESS;
2111
2112 case USE_REG_CR3:
2113 /* Reloading the current CR3 means the guest just wants to flush the TLBs */
2114 rc = CPUMSetGuestCR3(pVM, val); AssertRC(rc);
2115 if (CPUMGetGuestCR0(pVM) & X86_CR0_PG)
2116 {
2117 /* flush */
2118 rc = PGMFlushTLB(pVM, val, !(CPUMGetGuestCR4(pVM) & X86_CR4_PGE));
2119 AssertRCReturn(rc, rc);
2120 }
2121 return VINF_SUCCESS;
2122
2123 case USE_REG_CR4:
2124 oldval = CPUMGetGuestCR4(pVM);
2125 rc = CPUMSetGuestCR4(pVM, val); AssertRC(rc);
2126 val = CPUMGetGuestCR4(pVM);
2127
2128 msrEFER = CPUMGetGuestEFER(pVM);
2129 /* Illegal to disable PAE when long mode is active. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2130 if ( (msrEFER & MSR_K6_EFER_LMA)
2131 && (oldval & X86_CR4_PAE)
2132 && !(val & X86_CR4_PAE))
2133 {
2134 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2135 }
2136
2137 if ( (oldval & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE))
2138 != (val & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE)))
2139 {
2140 /* global flush */
2141 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
2142 AssertRCReturn(rc, rc);
2143 }
2144# ifdef IN_GC
2145 /* Feeling extremely lazy. */
2146 if ( (oldval & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME))
2147 != (val & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME)))
2148 {
2149 Log(("emInterpretMovCRx: CR4: %#RX64->%#RX64 => R3\n", oldval, val));
2150 VM_FF_SET(pVM, VM_FF_TO_R3);
2151 }
2152# endif
2153 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), CPUMGetGuestEFER(pVM));
2154
2155 case USE_REG_CR8:
2156 return PDMApicSetTPR(pVM, val);
2157
2158 default:
2159 AssertFailed();
2160 case USE_REG_CR1: /* illegal op */
2161 break;
2162 }
2163 }
2164 return VERR_EM_INTERPRETER;
2165}
2166
2167static int emInterpretMovCRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2168{
2169 if ((pCpu->param1.flags == USE_REG_GEN32 || pCpu->param1.flags == USE_REG_GEN64) && pCpu->param2.flags == USE_REG_CR)
2170 return EMInterpretCRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen, pCpu->param2.base.reg_ctrl);
2171
2172 if (pCpu->param1.flags == USE_REG_CR && (pCpu->param2.flags == USE_REG_GEN32 || pCpu->param2.flags == USE_REG_GEN64))
2173 return EMInterpretCRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_ctrl, pCpu->param2.base.reg_gen);
2174
2175 AssertMsgFailedReturn(("Unexpected control register move\n"), VERR_EM_INTERPRETER);
2176 return VERR_EM_INTERPRETER;
2177}
2178
2179/**
2180 * MOV DRx
2181 */
2182
2183/**
2184 * Interpret DRx write
2185 *
2186 * @returns VBox status code.
2187 * @param pVM The VM handle.
2188 * @param pRegFrame The register frame.
2189 * @param DestRegDRx DRx register index (USE_REG_DR*)
2190 * @param SrcRegGen General purpose register index (USE_REG_E**))
2191 *
2192 */
2193EMDECL(int) EMInterpretDRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegDrx, uint32_t SrcRegGen)
2194{
2195 uint64_t val;
2196 int rc;
2197
2198 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2199 {
2200 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2201 }
2202 else
2203 {
2204 uint32_t val32;
2205 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2206 val = val32;
2207 }
2208
2209 if (VBOX_SUCCESS(rc))
2210 {
2211 /* @todo: we don't fail if illegal bits are set/cleared for e.g. dr7 */
2212 rc = CPUMSetGuestDRx(pVM, DestRegDrx, val);
2213 if (VBOX_SUCCESS(rc))
2214 return rc;
2215 AssertMsgFailed(("CPUMSetGuestDRx %d failed\n", DestRegDrx));
2216 }
2217 return VERR_EM_INTERPRETER;
2218}
2219
2220/**
2221 * Interpret DRx read
2222 *
2223 * @returns VBox status code.
2224 * @param pVM The VM handle.
2225 * @param pRegFrame The register frame.
2226 * @param DestRegGen General purpose register index (USE_REG_E**))
2227 * @param SrcRegDRx DRx register index (USE_REG_DR*)
2228 *
2229 */
2230EMDECL(int) EMInterpretDRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegDrx)
2231{
2232 uint64_t val64;
2233
2234 int rc = CPUMGetGuestDRx(pVM, SrcRegDrx, &val64);
2235 AssertMsgRCReturn(rc, ("CPUMGetGuestDRx %d failed\n", SrcRegDrx), VERR_EM_INTERPRETER);
2236 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2237 {
2238 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2239 }
2240 else
2241 rc = DISWriteReg32(pRegFrame, DestRegGen, (uint32_t)val64);
2242
2243 if (VBOX_SUCCESS(rc))
2244 return VINF_SUCCESS;
2245
2246 return VERR_EM_INTERPRETER;
2247}
2248
2249static int emInterpretMovDRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2250{
2251 int rc = VERR_EM_INTERPRETER;
2252
2253 if((pCpu->param1.flags == USE_REG_GEN32 || pCpu->param1.flags == USE_REG_GEN64) && pCpu->param2.flags == USE_REG_DBG)
2254 {
2255 rc = EMInterpretDRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen, pCpu->param2.base.reg_dbg);
2256 }
2257 else
2258 if(pCpu->param1.flags == USE_REG_DBG && (pCpu->param2.flags == USE_REG_GEN32 || pCpu->param2.flags == USE_REG_GEN64))
2259 {
2260 rc = EMInterpretDRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_dbg, pCpu->param2.base.reg_gen);
2261 }
2262 else
2263 AssertMsgFailed(("Unexpected debug register move\n"));
2264
2265 return rc;
2266}
2267
2268/**
2269 * LLDT Emulation.
2270 */
2271static int emInterpretLLdt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2272{
2273 OP_PARAMVAL param1;
2274 RTSEL sel;
2275
2276 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2277 if(VBOX_FAILURE(rc))
2278 return VERR_EM_INTERPRETER;
2279
2280 switch(param1.type)
2281 {
2282 case PARMTYPE_ADDRESS:
2283 return VERR_EM_INTERPRETER; //feeling lazy right now
2284
2285 case PARMTYPE_IMMEDIATE:
2286 if(!(param1.flags & PARAM_VAL16))
2287 return VERR_EM_INTERPRETER;
2288 sel = (RTSEL)param1.val.val16;
2289 break;
2290
2291 default:
2292 return VERR_EM_INTERPRETER;
2293 }
2294
2295 if (sel == 0)
2296 {
2297 if (CPUMGetHyperLDTR(pVM) == 0)
2298 {
2299 // this simple case is most frequent in Windows 2000 (31k - boot & shutdown)
2300 return VINF_SUCCESS;
2301 }
2302 }
2303 //still feeling lazy
2304 return VERR_EM_INTERPRETER;
2305}
2306
2307#ifdef IN_GC
2308/**
2309 * STI Emulation.
2310 *
2311 * @remark the instruction following sti is guaranteed to be executed before any interrupts are dispatched
2312 */
2313static int emInterpretSti(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2314{
2315 PPATMGCSTATE pGCState = PATMQueryGCState(pVM);
2316
2317 if(!pGCState)
2318 {
2319 Assert(pGCState);
2320 return VERR_EM_INTERPRETER;
2321 }
2322 pGCState->uVMFlags |= X86_EFL_IF;
2323
2324 Assert(pRegFrame->eflags.u32 & X86_EFL_IF);
2325 Assert(pvFault == SELMToFlat(pVM, DIS_SELREG_CS, pRegFrame, (RTGCPTR)pRegFrame->rip));
2326
2327 pVM->em.s.GCPtrInhibitInterrupts = pRegFrame->eip + pCpu->opsize;
2328 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
2329
2330 return VINF_SUCCESS;
2331}
2332#endif /* IN_GC */
2333
2334
2335/**
2336 * HLT Emulation.
2337 */
2338static int emInterpretHlt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2339{
2340 return VINF_EM_HALT;
2341}
2342
2343
2344/**
2345 * RDTSC Emulation.
2346 */
2347
2348/**
2349 * Interpret RDTSC
2350 *
2351 * @returns VBox status code.
2352 * @param pVM The VM handle.
2353 * @param pRegFrame The register frame.
2354 *
2355 */
2356EMDECL(int) EMInterpretRdtsc(PVM pVM, PCPUMCTXCORE pRegFrame)
2357{
2358 unsigned uCR4 = CPUMGetGuestCR4(pVM);
2359
2360 if (uCR4 & X86_CR4_TSD)
2361 return VERR_EM_INTERPRETER; /* genuine #GP */
2362
2363 uint64_t uTicks = TMCpuTickGet(pVM);
2364
2365 /* Same behaviour in 32 & 64 bits mode */
2366 pRegFrame->eax = uTicks;
2367 pRegFrame->edx = (uTicks >> 32ULL);
2368
2369 return VINF_SUCCESS;
2370}
2371
2372static int emInterpretRdtsc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2373{
2374 return EMInterpretRdtsc(pVM, pRegFrame);
2375}
2376
2377/**
2378 * MONITOR Emulation.
2379 */
2380static int emInterpretMonitor(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2381{
2382 uint32_t u32Dummy, u32ExtFeatures, cpl;
2383
2384 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
2385 if (pRegFrame->ecx != 0)
2386 return VERR_EM_INTERPRETER; /* illegal value. */
2387
2388 /* Get the current privilege level. */
2389 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2390 if (cpl != 0)
2391 return VERR_EM_INTERPRETER; /* supervisor only */
2392
2393 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2394 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2395 return VERR_EM_INTERPRETER; /* not supported */
2396
2397 return VINF_SUCCESS;
2398}
2399
2400
2401/**
2402 * MWAIT Emulation.
2403 */
2404static int emInterpretMWait(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2405{
2406 uint32_t u32Dummy, u32ExtFeatures, cpl;
2407
2408 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
2409 if (pRegFrame->ecx != 0)
2410 return VERR_EM_INTERPRETER; /* illegal value. */
2411
2412 /* Get the current privilege level. */
2413 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2414 if (cpl != 0)
2415 return VERR_EM_INTERPRETER; /* supervisor only */
2416
2417 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2418 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2419 return VERR_EM_INTERPRETER; /* not supported */
2420
2421 /** @todo not completely correct */
2422 return VINF_EM_HALT;
2423}
2424
2425#ifdef LOG_ENABLED
2426static const char *emMSRtoString(unsigned uMsr)
2427{
2428 switch(uMsr)
2429 {
2430 case MSR_IA32_APICBASE:
2431 return "MSR_IA32_APICBASE";
2432 case MSR_IA32_CR_PAT:
2433 return "MSR_IA32_CR_PAT";
2434 case MSR_IA32_SYSENTER_CS:
2435 return "MSR_IA32_SYSENTER_CS";
2436 case MSR_IA32_SYSENTER_EIP:
2437 return "MSR_IA32_SYSENTER_EIP";
2438 case MSR_IA32_SYSENTER_ESP:
2439 return "MSR_IA32_SYSENTER_ESP";
2440 case MSR_K6_EFER:
2441 return "MSR_K6_EFER";
2442 case MSR_K8_SF_MASK:
2443 return "MSR_K8_SF_MASK";
2444 case MSR_K6_STAR:
2445 return "MSR_K6_STAR";
2446 case MSR_K8_LSTAR:
2447 return "MSR_K8_LSTAR";
2448 case MSR_K8_CSTAR:
2449 return "MSR_K8_CSTAR";
2450 case MSR_K8_FS_BASE:
2451 return "MSR_K8_FS_BASE";
2452 case MSR_K8_GS_BASE:
2453 return "MSR_K8_GS_BASE";
2454 case MSR_K8_KERNEL_GS_BASE:
2455 return "MSR_K8_KERNEL_GS_BASE";
2456 case MSR_IA32_BIOS_SIGN_ID:
2457 return "Unsupported MSR_IA32_BIOS_SIGN_ID";
2458 case MSR_IA32_PLATFORM_ID:
2459 return "Unsupported MSR_IA32_PLATFORM_ID";
2460 case MSR_IA32_BIOS_UPDT_TRIG:
2461 return "Unsupported MSR_IA32_BIOS_UPDT_TRIG";
2462 case MSR_IA32_TSC:
2463 return "Unsupported MSR_IA32_TSC";
2464 case MSR_IA32_MTRR_CAP:
2465 return "Unsupported MSR_IA32_MTRR_CAP";
2466 case MSR_IA32_MCP_CAP:
2467 return "Unsupported MSR_IA32_MCP_CAP";
2468 case MSR_IA32_MCP_STATUS:
2469 return "Unsupported MSR_IA32_MCP_STATUS";
2470 case MSR_IA32_MCP_CTRL:
2471 return "Unsupported MSR_IA32_MCP_CTRL";
2472 case MSR_IA32_MTRR_DEF_TYPE:
2473 return "Unsupported MSR_IA32_MTRR_DEF_TYPE";
2474 case MSR_K7_EVNTSEL0:
2475 return "Unsupported MSR_K7_EVNTSEL0";
2476 case MSR_K7_EVNTSEL1:
2477 return "Unsupported MSR_K7_EVNTSEL1";
2478 case MSR_K7_EVNTSEL2:
2479 return "Unsupported MSR_K7_EVNTSEL2";
2480 case MSR_K7_EVNTSEL3:
2481 return "Unsupported MSR_K7_EVNTSEL3";
2482 case MSR_IA32_MC0_CTL:
2483 return "Unsupported MSR_IA32_MC0_CTL";
2484 case MSR_IA32_MC0_STATUS:
2485 return "Unsupported MSR_IA32_MC0_STATUS";
2486 }
2487 return "Unknown MSR";
2488}
2489#endif
2490
2491/**
2492 * Interpret RDMSR
2493 *
2494 * @returns VBox status code.
2495 * @param pVM The VM handle.
2496 * @param pRegFrame The register frame.
2497 *
2498 */
2499EMDECL(int) EMInterpretRdmsr(PVM pVM, PCPUMCTXCORE pRegFrame)
2500{
2501 uint32_t u32Dummy, u32Features, cpl;
2502 uint64_t val;
2503 CPUMCTX *pCtx;
2504 int rc;
2505
2506 /** @todo According to the Intel manuals, there's a REX version of RDMSR that is slightly different.
2507 * That version clears the high dwords of both RDX & RAX */
2508 rc = CPUMQueryGuestCtxPtr(pVM, &pCtx);
2509 AssertRC(rc);
2510
2511 /* Get the current privilege level. */
2512 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2513 if (cpl != 0)
2514 return VERR_EM_INTERPRETER; /* supervisor only */
2515
2516 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2517 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2518 return VERR_EM_INTERPRETER; /* not supported */
2519
2520 switch (pRegFrame->ecx)
2521 {
2522 case MSR_IA32_APICBASE:
2523 rc = PDMApicGetBase(pVM, &val);
2524 AssertRC(rc);
2525 break;
2526
2527 case MSR_IA32_CR_PAT:
2528 val = pCtx->msrPAT;
2529 break;
2530
2531 case MSR_IA32_SYSENTER_CS:
2532 val = pCtx->SysEnter.cs;
2533 break;
2534
2535 case MSR_IA32_SYSENTER_EIP:
2536 val = pCtx->SysEnter.eip;
2537 break;
2538
2539 case MSR_IA32_SYSENTER_ESP:
2540 val = pCtx->SysEnter.esp;
2541 break;
2542
2543 case MSR_K6_EFER:
2544 val = pCtx->msrEFER;
2545 break;
2546
2547 case MSR_K8_SF_MASK:
2548 val = pCtx->msrSFMASK;
2549 break;
2550
2551 case MSR_K6_STAR:
2552 val = pCtx->msrSTAR;
2553 break;
2554
2555 case MSR_K8_LSTAR:
2556 val = pCtx->msrLSTAR;
2557 break;
2558
2559 case MSR_K8_CSTAR:
2560 val = pCtx->msrCSTAR;
2561 break;
2562
2563 case MSR_K8_FS_BASE:
2564 val = pCtx->fsHid.u64Base;
2565 break;
2566
2567 case MSR_K8_GS_BASE:
2568 val = pCtx->gsHid.u64Base;
2569 break;
2570
2571 case MSR_K8_KERNEL_GS_BASE:
2572 val = pCtx->msrKERNELGSBASE;
2573 break;
2574
2575#if 0 /*def IN_RING0 */
2576 case MSR_IA32_PLATFORM_ID:
2577 case MSR_IA32_BIOS_SIGN_ID:
2578 if (CPUMGetCPUVendor(pVM) == CPUMCPUVENDOR_INTEL)
2579 {
2580 /* Available since the P6 family. VT-x implies that this feature is present. */
2581 if (pRegFrame->ecx == MSR_IA32_PLATFORM_ID)
2582 val = ASMRdMsr(MSR_IA32_PLATFORM_ID);
2583 else
2584 if (pRegFrame->ecx == MSR_IA32_BIOS_SIGN_ID)
2585 val = ASMRdMsr(MSR_IA32_BIOS_SIGN_ID);
2586 break;
2587 }
2588 /* no break */
2589#endif
2590 default:
2591 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
2592 val = 0;
2593 break;
2594 }
2595 Log(("EMInterpretRdmsr %s (%x) -> val=%VX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2596 pRegFrame->eax = (uint32_t) val;
2597 pRegFrame->edx = (uint32_t) (val >> 32ULL);
2598 return VINF_SUCCESS;
2599}
2600
2601/**
2602 * RDMSR Emulation.
2603 */
2604static int emInterpretRdmsr(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2605{
2606 /* Note: the intel manual claims there's a REX version of RDMSR that's slightly different, so we play safe by completely disassembling the instruction. */
2607 Assert(!(pCpu->prefix & PREFIX_REX));
2608 return EMInterpretRdmsr(pVM, pRegFrame);
2609}
2610
2611/**
2612 * Interpret WRMSR
2613 *
2614 * @returns VBox status code.
2615 * @param pVM The VM handle.
2616 * @param pRegFrame The register frame.
2617 *
2618 */
2619EMDECL(int) EMInterpretWrmsr(PVM pVM, PCPUMCTXCORE pRegFrame)
2620{
2621 uint32_t u32Dummy, u32Features, cpl;
2622 uint64_t val;
2623 CPUMCTX *pCtx;
2624 int rc;
2625
2626 /* Note: works the same in 32 and 64 bits modes. */
2627 rc = CPUMQueryGuestCtxPtr(pVM, &pCtx);
2628 AssertRC(rc);
2629
2630 /* Get the current privilege level. */
2631 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2632 if (cpl != 0)
2633 return VERR_EM_INTERPRETER; /* supervisor only */
2634
2635 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2636 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2637 return VERR_EM_INTERPRETER; /* not supported */
2638
2639 val = (uint64_t)pRegFrame->eax | ((uint64_t)pRegFrame->edx << 32ULL);
2640 Log(("EMInterpretWrmsr %s (%x) val=%VX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2641 switch (pRegFrame->ecx)
2642 {
2643 case MSR_IA32_APICBASE:
2644 rc = PDMApicSetBase(pVM, val);
2645 AssertRC(rc);
2646 break;
2647
2648 case MSR_IA32_CR_PAT:
2649 pCtx->msrPAT = val;
2650 break;
2651
2652 case MSR_IA32_SYSENTER_CS:
2653 pCtx->SysEnter.cs = val & 0xffff; /* 16 bits selector */
2654 break;
2655
2656 case MSR_IA32_SYSENTER_EIP:
2657 pCtx->SysEnter.eip = val;
2658 break;
2659
2660 case MSR_IA32_SYSENTER_ESP:
2661 pCtx->SysEnter.esp = val;
2662 break;
2663
2664 case MSR_K6_EFER:
2665 {
2666 uint64_t uMask = 0;
2667 uint64_t oldval = pCtx->msrEFER;
2668
2669 /* Filter out those bits the guest is allowed to change. (e.g. LMA is read-only) */
2670 CPUMGetGuestCpuId(pVM, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2671 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_NX)
2672 uMask |= MSR_K6_EFER_NXE;
2673 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_LONG_MODE)
2674 uMask |= MSR_K6_EFER_LME;
2675 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_SEP)
2676 uMask |= MSR_K6_EFER_SCE;
2677 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_FFXSR)
2678 uMask |= MSR_K6_EFER_FFXSR;
2679
2680 /* Check for illegal MSR_K6_EFER_LME transitions: not allowed to change LME if paging is enabled. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2681 if ( ((pCtx->msrEFER & MSR_K6_EFER_LME) != (val & uMask & MSR_K6_EFER_LME))
2682 && (pCtx->cr0 & X86_CR0_PG))
2683 {
2684 AssertMsgFailed(("Illegal MSR_K6_EFER_LME change: paging is enabled!!\n"));
2685 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2686 }
2687
2688 /* There are a few more: e.g. MSR_K6_EFER_LMSLE */
2689 AssertMsg(!(val & ~(MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA /* ignored anyway */ |MSR_K6_EFER_SCE|MSR_K6_EFER_FFXSR)), ("Unexpected value %RX64\n", val));
2690 pCtx->msrEFER = (pCtx->msrEFER & ~uMask) | (val & uMask);
2691
2692 /* AMD64 Achitecture Programmer's Manual: 15.15 TLB Control; flush the TLB if MSR_K6_EFER_NXE, MSR_K6_EFER_LME or MSR_K6_EFER_LMA are changed. */
2693 if ((oldval & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)) != (pCtx->msrEFER & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)))
2694 HWACCMFlushTLB(pVM);
2695
2696 break;
2697 }
2698
2699 case MSR_K8_SF_MASK:
2700 pCtx->msrSFMASK = val;
2701 break;
2702
2703 case MSR_K6_STAR:
2704 pCtx->msrSTAR = val;
2705 break;
2706
2707 case MSR_K8_LSTAR:
2708 pCtx->msrLSTAR = val;
2709 break;
2710
2711 case MSR_K8_CSTAR:
2712 pCtx->msrCSTAR = val;
2713 break;
2714
2715 case MSR_K8_FS_BASE:
2716 pCtx->fsHid.u64Base = val;
2717 break;
2718
2719 case MSR_K8_GS_BASE:
2720 pCtx->gsHid.u64Base = val;
2721 break;
2722
2723 case MSR_K8_KERNEL_GS_BASE:
2724 pCtx->msrKERNELGSBASE = val;
2725 break;
2726
2727 default:
2728 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
2729 break;
2730 }
2731 return VINF_SUCCESS;
2732}
2733
2734/**
2735 * WRMSR Emulation.
2736 */
2737static int emInterpretWrmsr(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2738{
2739 return EMInterpretWrmsr(pVM, pRegFrame);
2740}
2741
2742/**
2743 * Internal worker.
2744 * @copydoc EMInterpretInstructionCPU
2745 */
2746DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2747{
2748 Assert(pcbSize);
2749 *pcbSize = 0;
2750
2751 /*
2752 * Only supervisor guest code!!
2753 * And no complicated prefixes.
2754 */
2755 /* Get the current privilege level. */
2756 uint32_t cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2757 if ( cpl != 0
2758 && pCpu->pCurInstr->opcode != OP_RDTSC) /* rdtsc requires emulation in ring 3 as well */
2759 {
2760 Log(("WARNING: refusing instruction emulation for user-mode code!!\n"));
2761 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,FailedUserMode));
2762 return VERR_EM_INTERPRETER;
2763 }
2764
2765#ifdef IN_GC
2766 if ( (pCpu->prefix & (PREFIX_REPNE | PREFIX_REP))
2767 || ( (pCpu->prefix & PREFIX_LOCK)
2768 && pCpu->pCurInstr->opcode != OP_CMPXCHG
2769 && pCpu->pCurInstr->opcode != OP_CMPXCHG8B
2770 && pCpu->pCurInstr->opcode != OP_XADD
2771 && pCpu->pCurInstr->opcode != OP_OR
2772 && pCpu->pCurInstr->opcode != OP_BTR
2773 )
2774 )
2775#else
2776 if ( (pCpu->prefix & PREFIX_REPNE)
2777 || ( (pCpu->prefix & PREFIX_REP)
2778 && pCpu->pCurInstr->opcode != OP_STOSWD
2779 )
2780 || ( (pCpu->prefix & PREFIX_LOCK)
2781 && pCpu->pCurInstr->opcode != OP_OR
2782 && pCpu->pCurInstr->opcode != OP_BTR
2783 )
2784 )
2785#endif
2786 {
2787 //Log(("EMInterpretInstruction: wrong prefix!!\n"));
2788 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,FailedPrefix));
2789 return VERR_EM_INTERPRETER;
2790 }
2791
2792 int rc;
2793#if (defined(VBOX_STRICT) || defined(LOG_ENABLED))
2794 LogFlow(("emInterpretInstructionCPU %s\n", emGetMnemonic(pCpu)));
2795#endif
2796 switch (pCpu->pCurInstr->opcode)
2797 {
2798# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
2799 case opcode:\
2800 if (pCpu->prefix & PREFIX_LOCK) \
2801 rc = emInterpretLock##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulateLock); \
2802 else \
2803 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
2804 if (VBOX_SUCCESS(rc)) \
2805 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Instr)); \
2806 else \
2807 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); \
2808 return rc
2809#define INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate) \
2810 case opcode:\
2811 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
2812 if (VBOX_SUCCESS(rc)) \
2813 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Instr)); \
2814 else \
2815 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); \
2816 return rc
2817
2818#define INTERPRET_CASE_EX_PARAM2(opcode, Instr, InstrFn, pfnEmulate) \
2819 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
2820#define INTERPRET_CASE_EX_LOCK_PARAM2(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
2821 INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock)
2822
2823#define INTERPRET_CASE(opcode, Instr) \
2824 case opcode:\
2825 rc = emInterpret##Instr(pVM, pCpu, pRegFrame, pvFault, pcbSize); \
2826 if (VBOX_SUCCESS(rc)) \
2827 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Instr)); \
2828 else \
2829 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); \
2830 return rc
2831#define INTERPRET_STAT_CASE(opcode, Instr) \
2832 case opcode: STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); return VERR_EM_INTERPRETER;
2833
2834 INTERPRET_CASE(OP_XCHG,Xchg);
2835 INTERPRET_CASE_EX_PARAM2(OP_DEC,Dec, IncDec, EMEmulateDec);
2836 INTERPRET_CASE_EX_PARAM2(OP_INC,Inc, IncDec, EMEmulateInc);
2837 INTERPRET_CASE(OP_POP,Pop);
2838 INTERPRET_CASE_EX_LOCK_PARAM3(OP_OR, Or, OrXorAnd, EMEmulateOr, EMEmulateLockOr);
2839 INTERPRET_CASE_EX_PARAM3(OP_XOR,Xor, OrXorAnd, EMEmulateXor);
2840 INTERPRET_CASE_EX_PARAM3(OP_AND,And, OrXorAnd, EMEmulateAnd);
2841 INTERPRET_CASE(OP_MOV,Mov);
2842#ifndef IN_GC
2843 INTERPRET_CASE(OP_STOSWD,StosWD);
2844#endif
2845 INTERPRET_CASE(OP_INVLPG,InvlPg);
2846 INTERPRET_CASE(OP_CPUID,CpuId);
2847 INTERPRET_CASE(OP_MOV_CR,MovCRx);
2848 INTERPRET_CASE(OP_MOV_DR,MovDRx);
2849 INTERPRET_CASE(OP_LLDT,LLdt);
2850 INTERPRET_CASE(OP_CLTS,Clts);
2851 INTERPRET_CASE(OP_MONITOR, Monitor);
2852 INTERPRET_CASE(OP_MWAIT, MWait);
2853 INTERPRET_CASE(OP_RDMSR, Rdmsr);
2854 INTERPRET_CASE(OP_WRMSR, Wrmsr);
2855 INTERPRET_CASE_EX_PARAM3(OP_ADD,Add, AddSub, EMEmulateAdd);
2856 INTERPRET_CASE_EX_PARAM3(OP_SUB,Sub, AddSub, EMEmulateSub);
2857 INTERPRET_CASE(OP_ADC,Adc);
2858 INTERPRET_CASE_EX_LOCK_PARAM2(OP_BTR,Btr, BitTest, EMEmulateBtr, EMEmulateLockBtr);
2859 INTERPRET_CASE_EX_PARAM2(OP_BTS,Bts, BitTest, EMEmulateBts);
2860 INTERPRET_CASE_EX_PARAM2(OP_BTC,Btc, BitTest, EMEmulateBtc);
2861 INTERPRET_CASE(OP_RDTSC,Rdtsc);
2862 INTERPRET_CASE(OP_CMPXCHG, CmpXchg);
2863#ifdef IN_GC
2864 INTERPRET_CASE(OP_STI,Sti);
2865 INTERPRET_CASE(OP_CMPXCHG8B, CmpXchg8b);
2866 INTERPRET_CASE(OP_XADD, XAdd);
2867#endif
2868 INTERPRET_CASE(OP_HLT,Hlt);
2869 INTERPRET_CASE(OP_IRET,Iret);
2870#ifdef VBOX_WITH_STATISTICS
2871#ifndef IN_GC
2872 INTERPRET_STAT_CASE(OP_CMPXCHG8B, CmpXchg8b);
2873 INTERPRET_STAT_CASE(OP_XADD, XAdd);
2874#endif
2875 INTERPRET_STAT_CASE(OP_MOVNTPS,MovNTPS);
2876 INTERPRET_STAT_CASE(OP_WBINVD,WbInvd);
2877#endif
2878 default:
2879 Log3(("emInterpretInstructionCPU: opcode=%d\n", pCpu->pCurInstr->opcode));
2880 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,FailedMisc));
2881 return VERR_EM_INTERPRETER;
2882#undef INTERPRET_CASE_EX_PARAM2
2883#undef INTERPRET_STAT_CASE
2884#undef INTERPRET_CASE_EX
2885#undef INTERPRET_CASE
2886 }
2887 AssertFailed();
2888 return VERR_INTERNAL_ERROR;
2889}
2890
2891
2892/**
2893 * Sets the PC for which interrupts should be inhibited.
2894 *
2895 * @param pVM The VM handle.
2896 * @param PC The PC.
2897 */
2898EMDECL(void) EMSetInhibitInterruptsPC(PVM pVM, RTGCUINTPTR PC)
2899{
2900 pVM->em.s.GCPtrInhibitInterrupts = PC;
2901 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
2902}
2903
2904
2905/**
2906 * Gets the PC for which interrupts should be inhibited.
2907 *
2908 * There are a few instructions which inhibits or delays interrupts
2909 * for the instruction following them. These instructions are:
2910 * - STI
2911 * - MOV SS, r/m16
2912 * - POP SS
2913 *
2914 * @returns The PC for which interrupts should be inhibited.
2915 * @param pVM VM handle.
2916 *
2917 */
2918EMDECL(RTGCUINTPTR) EMGetInhibitInterruptsPC(PVM pVM)
2919{
2920 return pVM->em.s.GCPtrInhibitInterrupts;
2921}
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette