VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/EMAll.cpp@ 13561

Last change on this file since 13561 was 13561, checked in by vboxsync, 16 years ago

Emulate (lock) cmpxchg8b in ring 0 & 3. Added testcase for instruction emulation.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 99.5 KB
Line 
1/* $Id: EMAll.cpp 13561 2008-10-24 16:27:26Z vboxsync $ */
2/** @file
3 * EM - Execution Monitor(/Manager) - All contexts
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Header Files *
24*******************************************************************************/
25#define LOG_GROUP LOG_GROUP_EM
26#include <VBox/em.h>
27#include <VBox/mm.h>
28#include <VBox/selm.h>
29#include <VBox/patm.h>
30#include <VBox/csam.h>
31#include <VBox/pgm.h>
32#include <VBox/iom.h>
33#include <VBox/stam.h>
34#include "EMInternal.h"
35#include <VBox/vm.h>
36#include <VBox/vmm.h>
37#include <VBox/hwaccm.h>
38#include <VBox/tm.h>
39#include <VBox/pdmapi.h>
40
41#include <VBox/param.h>
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/log.h>
46#include <iprt/assert.h>
47#include <iprt/asm.h>
48#include <iprt/string.h>
49
50
51/*******************************************************************************
52* Defined Constants And Macros *
53*******************************************************************************/
54/** @def EM_ASSERT_FAULT_RETURN
55 * Safety check.
56 *
57 * Could in theory it misfire on a cross page boundary access...
58 *
59 * Currently disabled because the CSAM (+ PATM) patch monitoring occationally
60 * turns up an alias page instead of the original faulting one and annoying the
61 * heck out of anyone running a debug build. See @bugref{2609} and @bugref{1931}.
62 */
63#if 0
64# define EM_ASSERT_FAULT_RETURN(expr, rc) AssertReturn(expr, rc)
65#else
66# define EM_ASSERT_FAULT_RETURN(expr, rc) do { } while (0)
67#endif
68
69
70/*******************************************************************************
71* Internal Functions *
72*******************************************************************************/
73DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize);
74
75
76
77/**
78 * Get the current execution manager status.
79 *
80 * @returns Current status.
81 */
82VMMDECL(EMSTATE) EMGetState(PVM pVM)
83{
84 return pVM->em.s.enmState;
85}
86
87
88/**
89 * Flushes the REM translation blocks the next time we execute code there.
90 *
91 * @param pVM The VM handle.
92 *
93 * @todo This doesn't belong here, it should go in REMAll.cpp!
94 */
95VMMDECL(void) EMFlushREMTBs(PVM pVM)
96{
97 LogFlow(("EMFlushREMTBs\n"));
98 pVM->em.s.fREMFlushTBs = true;
99}
100
101#ifndef IN_GC
102
103/**
104 * Read callback for disassembly function; supports reading bytes that cross a page boundary
105 *
106 * @returns VBox status code.
107 * @param pSrc GC source pointer
108 * @param pDest HC destination pointer
109 * @param cb Number of bytes to read
110 * @param dwUserdata Callback specific user data (pCpu)
111 *
112 */
113DECLCALLBACK(int) EMReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned cb, void *pvUserdata)
114{
115 DISCPUSTATE *pCpu = (DISCPUSTATE *)pvUserdata;
116 PVM pVM = (PVM)pCpu->apvUserData[0];
117# ifdef IN_RING0
118 int rc = PGMPhysSimpleReadGCPtr(pVM, pDest, pSrc, cb);
119 AssertMsgRC(rc, ("PGMPhysSimpleReadGCPtr failed for pSrc=%VGv cb=%x\n", pSrc, cb));
120# else /* IN_RING3 */
121 if (!PATMIsPatchGCAddr(pVM, pSrc))
122 {
123 int rc = PGMPhysSimpleReadGCPtr(pVM, pDest, pSrc, cb);
124 AssertRC(rc);
125 }
126 else
127 {
128 for (uint32_t i = 0; i < cb; i++)
129 {
130 uint8_t opcode;
131 if (VBOX_SUCCESS(PATMR3QueryOpcode(pVM, (RTGCPTR)pSrc + i, &opcode)))
132 {
133 *(pDest+i) = opcode;
134 }
135 }
136 }
137# endif /* IN_RING3 */
138 return VINF_SUCCESS;
139}
140
141DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
142{
143 return DISCoreOneEx(InstrGC, pCpu->mode, EMReadBytes, pVM, pCpu, pOpsize);
144}
145
146#else /* IN_GC */
147
148DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
149{
150 return DISCoreOne(pCpu, InstrGC, pOpsize);
151}
152
153#endif /* IN_GC */
154
155
156/**
157 * Disassembles one instruction.
158 *
159 * @param pVM The VM handle.
160 * @param pCtxCore The context core (used for both the mode and instruction).
161 * @param pCpu Where to return the parsed instruction info.
162 * @param pcbInstr Where to return the instruction size. (optional)
163 */
164VMMDECL(int) EMInterpretDisasOne(PVM pVM, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
165{
166 RTGCPTR GCPtrInstr;
167 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pCtxCore, pCtxCore->rip, 0, &GCPtrInstr);
168 if (VBOX_FAILURE(rc))
169 {
170 Log(("EMInterpretDisasOne: Failed to convert %RTsel:%VGv (cpl=%d) - rc=%Vrc !!\n",
171 pCtxCore->cs, pCtxCore->rip, pCtxCore->ss & X86_SEL_RPL, rc));
172 return rc;
173 }
174 return EMInterpretDisasOneEx(pVM, (RTGCUINTPTR)GCPtrInstr, pCtxCore, pCpu, pcbInstr);
175}
176
177
178/**
179 * Disassembles one instruction.
180 *
181 * This is used by internally by the interpreter and by trap/access handlers.
182 *
183 * @param pVM The VM handle.
184 * @param GCPtrInstr The flat address of the instruction.
185 * @param pCtxCore The context core (used to determin the cpu mode).
186 * @param pCpu Where to return the parsed instruction info.
187 * @param pcbInstr Where to return the instruction size. (optional)
188 */
189VMMDECL(int) EMInterpretDisasOneEx(PVM pVM, RTGCUINTPTR GCPtrInstr, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
190{
191 int rc = DISCoreOneEx(GCPtrInstr, SELMGetCpuModeFromSelector(pVM, pCtxCore->eflags, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid),
192#ifdef IN_GC
193 NULL, NULL,
194#else
195 EMReadBytes, pVM,
196#endif
197 pCpu, pcbInstr);
198 if (VBOX_SUCCESS(rc))
199 return VINF_SUCCESS;
200 AssertMsgFailed(("DISCoreOne failed to GCPtrInstr=%VGv rc=%Vrc\n", GCPtrInstr, rc));
201 return VERR_INTERNAL_ERROR;
202}
203
204
205/**
206 * Interprets the current instruction.
207 *
208 * @returns VBox status code.
209 * @retval VINF_* Scheduling instructions.
210 * @retval VERR_EM_INTERPRETER Something we can't cope with.
211 * @retval VERR_* Fatal errors.
212 *
213 * @param pVM The VM handle.
214 * @param pRegFrame The register frame.
215 * Updates the EIP if an instruction was executed successfully.
216 * @param pvFault The fault address (CR2).
217 * @param pcbSize Size of the write (if applicable).
218 *
219 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
220 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
221 * to worry about e.g. invalid modrm combinations (!)
222 */
223VMMDECL(int) EMInterpretInstruction(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
224{
225 RTGCPTR pbCode;
226
227 LogFlow(("EMInterpretInstruction %VGv fault %VGv\n", pRegFrame->rip, pvFault));
228 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pRegFrame, pRegFrame->rip, 0, &pbCode);
229 if (VBOX_SUCCESS(rc))
230 {
231 uint32_t cbOp;
232 DISCPUSTATE Cpu;
233 Cpu.mode = SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid);
234 rc = emDisCoreOne(pVM, &Cpu, (RTGCUINTPTR)pbCode, &cbOp);
235 if (VBOX_SUCCESS(rc))
236 {
237 Assert(cbOp == Cpu.opsize);
238 rc = EMInterpretInstructionCPU(pVM, &Cpu, pRegFrame, pvFault, pcbSize);
239 if (VBOX_SUCCESS(rc))
240 {
241 pRegFrame->rip += cbOp; /* Move on to the next instruction. */
242 }
243 return rc;
244 }
245 }
246 return VERR_EM_INTERPRETER;
247}
248
249
250/**
251 * Interprets the current instruction using the supplied DISCPUSTATE structure.
252 *
253 * EIP is *NOT* updated!
254 *
255 * @returns VBox status code.
256 * @retval VINF_* Scheduling instructions. When these are returned, it
257 * starts to get a bit tricky to know whether code was
258 * executed or not... We'll address this when it becomes a problem.
259 * @retval VERR_EM_INTERPRETER Something we can't cope with.
260 * @retval VERR_* Fatal errors.
261 *
262 * @param pVM The VM handle.
263 * @param pCpu The disassembler cpu state for the instruction to be interpreted.
264 * @param pRegFrame The register frame. EIP is *NOT* changed!
265 * @param pvFault The fault address (CR2).
266 * @param pcbSize Size of the write (if applicable).
267 *
268 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
269 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
270 * to worry about e.g. invalid modrm combinations (!)
271 *
272 * @todo At this time we do NOT check if the instruction overwrites vital information.
273 * Make sure this can't happen!! (will add some assertions/checks later)
274 */
275VMMDECL(int) EMInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
276{
277 STAM_PROFILE_START(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
278 int rc = emInterpretInstructionCPU(pVM, pCpu, pRegFrame, pvFault, pcbSize);
279 STAM_PROFILE_STOP(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
280 if (VBOX_SUCCESS(rc))
281 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretSucceeded));
282 else
283 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretFailed));
284 return rc;
285}
286
287
288/**
289 * Interpret a port I/O instruction.
290 *
291 * @returns VBox status code suitable for scheduling.
292 * @param pVM The VM handle.
293 * @param pCtxCore The context core. This will be updated on successful return.
294 * @param pCpu The instruction to interpret.
295 * @param cbOp The size of the instruction.
296 * @remark This may raise exceptions.
297 */
298VMMDECL(int) EMInterpretPortIO(PVM pVM, PCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, uint32_t cbOp)
299{
300 /*
301 * Hand it on to IOM.
302 */
303#ifdef IN_GC
304 int rc = IOMGCIOPortHandler(pVM, pCtxCore, pCpu);
305 if (IOM_SUCCESS(rc))
306 pCtxCore->rip += cbOp;
307 return rc;
308#else
309 AssertReleaseMsgFailed(("not implemented\n"));
310 return VERR_NOT_IMPLEMENTED;
311#endif
312}
313
314
315DECLINLINE(int) emRamRead(PVM pVM, void *pDest, RTGCPTR GCSrc, uint32_t cb)
316{
317#ifdef IN_GC
318 int rc = MMGCRamRead(pVM, pDest, (void *)GCSrc, cb);
319 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
320 return rc;
321 /*
322 * The page pool cache may end up here in some cases because it
323 * flushed one of the shadow mappings used by the trapping
324 * instruction and it either flushed the TLB or the CPU reused it.
325 */
326 RTGCPHYS GCPhys;
327 rc = PGMPhysGCPtr2GCPhys(pVM, GCSrc, &GCPhys);
328 AssertRCReturn(rc, rc);
329 PGMPhysRead(pVM, GCPhys, pDest, cb);
330 return VINF_SUCCESS;
331#else
332 return PGMPhysReadGCPtr(pVM, pDest, GCSrc, cb);
333#endif
334}
335
336
337DECLINLINE(int) emRamWrite(PVM pVM, RTGCPTR GCDest, void *pSrc, uint32_t cb)
338{
339#ifdef IN_GC
340 int rc = MMGCRamWrite(pVM, (void *)GCDest, pSrc, cb);
341 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
342 return rc;
343 /*
344 * The page pool cache may end up here in some cases because it
345 * flushed one of the shadow mappings used by the trapping
346 * instruction and it either flushed the TLB or the CPU reused it.
347 * We want to play safe here, verifying that we've got write
348 * access doesn't cost us much (see PGMPhysGCPtr2GCPhys()).
349 */
350 uint64_t fFlags;
351 RTGCPHYS GCPhys;
352 rc = PGMGstGetPage(pVM, GCDest, &fFlags, &GCPhys);
353 if (RT_FAILURE(rc))
354 return rc;
355 if ( !(fFlags & X86_PTE_RW)
356 && (CPUMGetGuestCR0(pVM) & X86_CR0_WP))
357 return VERR_ACCESS_DENIED;
358
359 PGMPhysWrite(pVM, GCPhys + ((RTGCUINTPTR)GCDest & PAGE_OFFSET_MASK), pSrc, cb);
360 return VINF_SUCCESS;
361
362#else
363 return PGMPhysWriteGCPtr(pVM, GCDest, pSrc, cb);
364#endif
365}
366
367
368/* Convert sel:addr to a flat GC address */
369static RTGCPTR emConvertToFlatAddr(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, POP_PARAMETER pParam, RTGCPTR pvAddr)
370{
371 DIS_SELREG enmPrefixSeg = DISDetectSegReg(pCpu, pParam);
372 return SELMToFlat(pVM, enmPrefixSeg, pRegFrame, pvAddr);
373}
374
375
376#if defined(VBOX_STRICT) || defined(LOG_ENABLED)
377/**
378 * Get the mnemonic for the disassembled instruction.
379 *
380 * GC/R0 doesn't include the strings in the DIS tables because
381 * of limited space.
382 */
383static const char *emGetMnemonic(PDISCPUSTATE pCpu)
384{
385 switch (pCpu->pCurInstr->opcode)
386 {
387 case OP_XCHG: return "Xchg";
388 case OP_DEC: return "Dec";
389 case OP_INC: return "Inc";
390 case OP_POP: return "Pop";
391 case OP_OR: return "Or";
392 case OP_AND: return "And";
393 case OP_MOV: return "Mov";
394 case OP_INVLPG: return "InvlPg";
395 case OP_CPUID: return "CpuId";
396 case OP_MOV_CR: return "MovCRx";
397 case OP_MOV_DR: return "MovDRx";
398 case OP_LLDT: return "LLdt";
399 case OP_LGDT: return "LGdt";
400 case OP_LIDT: return "LGdt";
401 case OP_CLTS: return "Clts";
402 case OP_MONITOR: return "Monitor";
403 case OP_MWAIT: return "MWait";
404 case OP_RDMSR: return "Rdmsr";
405 case OP_WRMSR: return "Wrmsr";
406 case OP_ADD: return "Add";
407 case OP_ADC: return "Adc";
408 case OP_SUB: return "Sub";
409 case OP_SBB: return "Sbb";
410 case OP_RDTSC: return "Rdtsc";
411 case OP_STI: return "Sti";
412 case OP_XADD: return "XAdd";
413 case OP_HLT: return "Hlt";
414 case OP_IRET: return "Iret";
415 case OP_MOVNTPS: return "MovNTPS";
416 case OP_STOSWD: return "StosWD";
417 case OP_WBINVD: return "WbInvd";
418 case OP_XOR: return "Xor";
419 case OP_BTR: return "Btr";
420 case OP_BTS: return "Bts";
421 case OP_BTC: return "Btc";
422 case OP_LMSW: return "Lmsw";
423 case OP_CMPXCHG: return pCpu->prefix & PREFIX_LOCK ? "Lock CmpXchg" : "CmpXchg";
424 case OP_CMPXCHG8B: return pCpu->prefix & PREFIX_LOCK ? "Lock CmpXchg8b" : "CmpXchg8b";
425
426 default:
427 Log(("Unknown opcode %d\n", pCpu->pCurInstr->opcode));
428 return "???";
429 }
430}
431#endif /* VBOX_STRICT || LOG_ENABLED */
432
433
434/**
435 * XCHG instruction emulation.
436 */
437static int emInterpretXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
438{
439 OP_PARAMVAL param1, param2;
440
441 /* Source to make DISQueryParamVal read the register value - ugly hack */
442 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
443 if(VBOX_FAILURE(rc))
444 return VERR_EM_INTERPRETER;
445
446 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
447 if(VBOX_FAILURE(rc))
448 return VERR_EM_INTERPRETER;
449
450#ifdef IN_GC
451 if (TRPMHasTrap(pVM))
452 {
453 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
454 {
455#endif
456 RTGCPTR pParam1 = 0, pParam2 = 0;
457 uint64_t valpar1, valpar2;
458
459 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
460 switch(param1.type)
461 {
462 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
463 valpar1 = param1.val.val64;
464 break;
465
466 case PARMTYPE_ADDRESS:
467 pParam1 = (RTGCPTR)param1.val.val64;
468 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
469 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
470 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
471 if (VBOX_FAILURE(rc))
472 {
473 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
474 return VERR_EM_INTERPRETER;
475 }
476 break;
477
478 default:
479 AssertFailed();
480 return VERR_EM_INTERPRETER;
481 }
482
483 switch(param2.type)
484 {
485 case PARMTYPE_ADDRESS:
486 pParam2 = (RTGCPTR)param2.val.val64;
487 pParam2 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pParam2);
488 EM_ASSERT_FAULT_RETURN(pParam2 == pvFault, VERR_EM_INTERPRETER);
489 rc = emRamRead(pVM, &valpar2, pParam2, param2.size);
490 if (VBOX_FAILURE(rc))
491 {
492 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
493 }
494 break;
495
496 case PARMTYPE_IMMEDIATE:
497 valpar2 = param2.val.val64;
498 break;
499
500 default:
501 AssertFailed();
502 return VERR_EM_INTERPRETER;
503 }
504
505 /* Write value of parameter 2 to parameter 1 (reg or memory address) */
506 if (pParam1 == 0)
507 {
508 Assert(param1.type == PARMTYPE_IMMEDIATE); /* register actually */
509 switch(param1.size)
510 {
511 case 1: //special case for AH etc
512 rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen, (uint8_t )valpar2); break;
513 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen, (uint16_t)valpar2); break;
514 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen, (uint32_t)valpar2); break;
515 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param1.base.reg_gen, valpar2); break;
516 default: AssertFailedReturn(VERR_EM_INTERPRETER);
517 }
518 if (VBOX_FAILURE(rc))
519 return VERR_EM_INTERPRETER;
520 }
521 else
522 {
523 rc = emRamWrite(pVM, pParam1, &valpar2, param1.size);
524 if (VBOX_FAILURE(rc))
525 {
526 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
527 return VERR_EM_INTERPRETER;
528 }
529 }
530
531 /* Write value of parameter 1 to parameter 2 (reg or memory address) */
532 if (pParam2 == 0)
533 {
534 Assert(param2.type == PARMTYPE_IMMEDIATE); /* register actually */
535 switch(param2.size)
536 {
537 case 1: //special case for AH etc
538 rc = DISWriteReg8(pRegFrame, pCpu->param2.base.reg_gen, (uint8_t )valpar1); break;
539 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param2.base.reg_gen, (uint16_t)valpar1); break;
540 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param2.base.reg_gen, (uint32_t)valpar1); break;
541 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param2.base.reg_gen, valpar1); break;
542 default: AssertFailedReturn(VERR_EM_INTERPRETER);
543 }
544 if (VBOX_FAILURE(rc))
545 return VERR_EM_INTERPRETER;
546 }
547 else
548 {
549 rc = emRamWrite(pVM, pParam2, &valpar1, param2.size);
550 if (VBOX_FAILURE(rc))
551 {
552 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
553 return VERR_EM_INTERPRETER;
554 }
555 }
556
557 *pcbSize = param2.size;
558 return VINF_SUCCESS;
559#ifdef IN_GC
560 }
561 }
562#endif
563 return VERR_EM_INTERPRETER;
564}
565
566
567/**
568 * INC and DEC emulation.
569 */
570static int emInterpretIncDec(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
571 PFNEMULATEPARAM2 pfnEmulate)
572{
573 OP_PARAMVAL param1;
574
575 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
576 if(VBOX_FAILURE(rc))
577 return VERR_EM_INTERPRETER;
578
579#ifdef IN_GC
580 if (TRPMHasTrap(pVM))
581 {
582 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
583 {
584#endif
585 RTGCPTR pParam1 = 0;
586 uint64_t valpar1;
587
588 if (param1.type == PARMTYPE_ADDRESS)
589 {
590 pParam1 = (RTGCPTR)param1.val.val64;
591 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
592#ifdef IN_GC
593 /* Safety check (in theory it could cross a page boundary and fault there though) */
594 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
595#endif
596 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
597 if (VBOX_FAILURE(rc))
598 {
599 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
600 return VERR_EM_INTERPRETER;
601 }
602 }
603 else
604 {
605 AssertFailed();
606 return VERR_EM_INTERPRETER;
607 }
608
609 uint32_t eflags;
610
611 eflags = pfnEmulate(&valpar1, param1.size);
612
613 /* Write result back */
614 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
615 if (VBOX_FAILURE(rc))
616 {
617 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
618 return VERR_EM_INTERPRETER;
619 }
620
621 /* Update guest's eflags and finish. */
622 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
623 | (eflags & (X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
624
625 /* All done! */
626 *pcbSize = param1.size;
627 return VINF_SUCCESS;
628#ifdef IN_GC
629 }
630 }
631#endif
632 return VERR_EM_INTERPRETER;
633}
634
635
636/**
637 * POP Emulation.
638 */
639static int emInterpretPop(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
640{
641 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
642 OP_PARAMVAL param1;
643 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
644 if(VBOX_FAILURE(rc))
645 return VERR_EM_INTERPRETER;
646
647#ifdef IN_GC
648 if (TRPMHasTrap(pVM))
649 {
650 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
651 {
652#endif
653 RTGCPTR pParam1 = 0;
654 uint32_t valpar1;
655 RTGCPTR pStackVal;
656
657 /* Read stack value first */
658 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid) == CPUMODE_16BIT)
659 return VERR_EM_INTERPRETER; /* No legacy 16 bits stuff here, please. */
660
661 /* Convert address; don't bother checking limits etc, as we only read here */
662 pStackVal = SELMToFlat(pVM, DIS_SELREG_SS, pRegFrame, (RTGCPTR)pRegFrame->esp);
663 if (pStackVal == 0)
664 return VERR_EM_INTERPRETER;
665
666 rc = emRamRead(pVM, &valpar1, pStackVal, param1.size);
667 if (VBOX_FAILURE(rc))
668 {
669 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
670 return VERR_EM_INTERPRETER;
671 }
672
673 if (param1.type == PARMTYPE_ADDRESS)
674 {
675 pParam1 = (RTGCPTR)param1.val.val64;
676
677 /* pop [esp+xx] uses esp after the actual pop! */
678 AssertCompile(USE_REG_ESP == USE_REG_SP);
679 if ( (pCpu->param1.flags & USE_BASE)
680 && (pCpu->param1.flags & (USE_REG_GEN16|USE_REG_GEN32))
681 && pCpu->param1.base.reg_gen == USE_REG_ESP
682 )
683 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + param1.size);
684
685 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
686 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault || (RTGCPTR)pRegFrame->esp == pvFault, VERR_EM_INTERPRETER);
687 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
688 if (VBOX_FAILURE(rc))
689 {
690 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
691 return VERR_EM_INTERPRETER;
692 }
693
694 /* Update ESP as the last step */
695 pRegFrame->esp += param1.size;
696 }
697 else
698 {
699#ifndef DEBUG_bird // annoying assertion.
700 AssertFailed();
701#endif
702 return VERR_EM_INTERPRETER;
703 }
704
705 /* All done! */
706 *pcbSize = param1.size;
707 return VINF_SUCCESS;
708#ifdef IN_GC
709 }
710 }
711#endif
712 return VERR_EM_INTERPRETER;
713}
714
715
716/**
717 * XOR/OR/AND Emulation.
718 */
719static int emInterpretOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
720 PFNEMULATEPARAM3 pfnEmulate)
721{
722 OP_PARAMVAL param1, param2;
723 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
724 if(VBOX_FAILURE(rc))
725 return VERR_EM_INTERPRETER;
726
727 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
728 if(VBOX_FAILURE(rc))
729 return VERR_EM_INTERPRETER;
730
731#ifdef IN_GC
732 if (TRPMHasTrap(pVM))
733 {
734 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
735 {
736#endif
737 RTGCPTR pParam1;
738 uint64_t valpar1, valpar2;
739
740 if (pCpu->param1.size != pCpu->param2.size)
741 {
742 if (pCpu->param1.size < pCpu->param2.size)
743 {
744 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
745 return VERR_EM_INTERPRETER;
746 }
747 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
748 pCpu->param2.size = pCpu->param1.size;
749 param2.size = param1.size;
750 }
751
752 /* The destination is always a virtual address */
753 if (param1.type == PARMTYPE_ADDRESS)
754 {
755 pParam1 = (RTGCPTR)param1.val.val64;
756 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
757 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
758 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
759 if (VBOX_FAILURE(rc))
760 {
761 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
762 return VERR_EM_INTERPRETER;
763 }
764 }
765 else
766 {
767 AssertFailed();
768 return VERR_EM_INTERPRETER;
769 }
770
771 /* Register or immediate data */
772 switch(param2.type)
773 {
774 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
775 valpar2 = param2.val.val64;
776 break;
777
778 default:
779 AssertFailed();
780 return VERR_EM_INTERPRETER;
781 }
782
783 LogFlow(("emInterpretOrXorAnd %s %VGv %RX64 - %RX64 size %d (%d)\n", emGetMnemonic(pCpu), pParam1, valpar1, valpar2, param2.size, param1.size));
784
785 /* Data read, emulate instruction. */
786 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
787
788 LogFlow(("emInterpretOrXorAnd %s result %RX64\n", emGetMnemonic(pCpu), valpar1));
789
790 /* Update guest's eflags and finish. */
791 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
792 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
793
794 /* And write it back */
795 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
796 if (VBOX_SUCCESS(rc))
797 {
798 /* All done! */
799 *pcbSize = param2.size;
800 return VINF_SUCCESS;
801 }
802#ifdef IN_GC
803 }
804 }
805#endif
806 return VERR_EM_INTERPRETER;
807}
808
809
810/**
811 * LOCK XOR/OR/AND Emulation.
812 */
813static int emInterpretLockOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
814 uint32_t *pcbSize, PFNEMULATELOCKPARAM3 pfnEmulate)
815{
816 void *pvParam1;
817
818 OP_PARAMVAL param1, param2;
819 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
820 if(VBOX_FAILURE(rc))
821 return VERR_EM_INTERPRETER;
822
823 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
824 if(VBOX_FAILURE(rc))
825 return VERR_EM_INTERPRETER;
826
827 if (pCpu->param1.size != pCpu->param2.size)
828 {
829 AssertMsgReturn(pCpu->param1.size >= pCpu->param2.size, /* should never happen! */
830 ("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size),
831 VERR_EM_INTERPRETER);
832
833 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
834 pCpu->param2.size = pCpu->param1.size;
835 param2.size = param1.size;
836 }
837
838 /* The destination is always a virtual address */
839 AssertReturn(param1.type == PARMTYPE_ADDRESS, VERR_EM_INTERPRETER);
840
841 RTGCPTR GCPtrPar1 = param1.val.val64;
842 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
843#ifdef IN_GC
844 pvParam1 = (void *)GCPtrPar1;
845#else
846 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
847 if (VBOX_FAILURE(rc))
848 {
849 AssertRC(rc);
850 return VERR_EM_INTERPRETER;
851 }
852#endif
853
854#ifdef IN_GC
855 /* Safety check (in theory it could cross a page boundary and fault there though) */
856 Assert( TRPMHasTrap(pVM)
857 && (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW));
858 EM_ASSERT_FAULT_RETURN(GCPtrPar1 == pvFault, VERR_EM_INTERPRETER);
859#endif
860
861 /* Register and immediate data == PARMTYPE_IMMEDIATE */
862 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
863 RTGCUINTREG ValPar2 = param2.val.val64;
864
865 /* Try emulate it with a one-shot #PF handler in place. */
866 Log2(("%s %VGv imm%d=%RX64\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
867
868 RTGCUINTREG32 eflags = 0;
869#ifdef IN_GC
870 MMGCRamRegisterTrapHandler(pVM);
871#endif
872 rc = pfnEmulate(pvParam1, ValPar2, pCpu->param2.size, &eflags);
873#ifdef IN_GC
874 MMGCRamDeregisterTrapHandler(pVM);
875#endif
876 if (RT_FAILURE(rc))
877 {
878 Log(("%s %VGv imm%d=%RX64-> emulation failed due to page fault!\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
879 return VERR_EM_INTERPRETER;
880 }
881
882 /* Update guest's eflags and finish. */
883 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
884 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
885
886 *pcbSize = param2.size;
887 return VINF_SUCCESS;
888}
889
890
891/**
892 * ADD, ADC & SUB Emulation.
893 */
894static int emInterpretAddSub(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
895 PFNEMULATEPARAM3 pfnEmulate)
896{
897 OP_PARAMVAL param1, param2;
898 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
899 if(VBOX_FAILURE(rc))
900 return VERR_EM_INTERPRETER;
901
902 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
903 if(VBOX_FAILURE(rc))
904 return VERR_EM_INTERPRETER;
905
906#ifdef IN_GC
907 if (TRPMHasTrap(pVM))
908 {
909 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
910 {
911#endif
912 RTGCPTR pParam1;
913 uint64_t valpar1, valpar2;
914
915 if (pCpu->param1.size != pCpu->param2.size)
916 {
917 if (pCpu->param1.size < pCpu->param2.size)
918 {
919 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
920 return VERR_EM_INTERPRETER;
921 }
922 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
923 pCpu->param2.size = pCpu->param1.size;
924 param2.size = param1.size;
925 }
926
927 /* The destination is always a virtual address */
928 if (param1.type == PARMTYPE_ADDRESS)
929 {
930 pParam1 = (RTGCPTR)param1.val.val64;
931 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
932 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
933 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
934 if (VBOX_FAILURE(rc))
935 {
936 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
937 return VERR_EM_INTERPRETER;
938 }
939 }
940 else
941 {
942#ifndef DEBUG_bird
943 AssertFailed();
944#endif
945 return VERR_EM_INTERPRETER;
946 }
947
948 /* Register or immediate data */
949 switch(param2.type)
950 {
951 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
952 valpar2 = param2.val.val64;
953 break;
954
955 default:
956 AssertFailed();
957 return VERR_EM_INTERPRETER;
958 }
959
960 /* Data read, emulate instruction. */
961 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
962
963 /* Update guest's eflags and finish. */
964 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
965 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
966
967 /* And write it back */
968 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
969 if (VBOX_SUCCESS(rc))
970 {
971 /* All done! */
972 *pcbSize = param2.size;
973 return VINF_SUCCESS;
974 }
975#ifdef IN_GC
976 }
977 }
978#endif
979 return VERR_EM_INTERPRETER;
980}
981
982
983/**
984 * ADC Emulation.
985 */
986static int emInterpretAdc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
987{
988 if (pRegFrame->eflags.Bits.u1CF)
989 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdcWithCarrySet);
990 else
991 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdd);
992}
993
994
995/**
996 * BTR/C/S Emulation.
997 */
998static int emInterpretBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
999 PFNEMULATEPARAM2UINT32 pfnEmulate)
1000{
1001 OP_PARAMVAL param1, param2;
1002 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1003 if(VBOX_FAILURE(rc))
1004 return VERR_EM_INTERPRETER;
1005
1006 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1007 if(VBOX_FAILURE(rc))
1008 return VERR_EM_INTERPRETER;
1009
1010#ifdef IN_GC
1011 if (TRPMHasTrap(pVM))
1012 {
1013 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1014 {
1015#endif
1016 RTGCPTR pParam1;
1017 uint64_t valpar1 = 0, valpar2;
1018 uint32_t eflags;
1019
1020 /* The destination is always a virtual address */
1021 if (param1.type != PARMTYPE_ADDRESS)
1022 return VERR_EM_INTERPRETER;
1023
1024 pParam1 = (RTGCPTR)param1.val.val64;
1025 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
1026
1027 /* Register or immediate data */
1028 switch(param2.type)
1029 {
1030 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1031 valpar2 = param2.val.val64;
1032 break;
1033
1034 default:
1035 AssertFailed();
1036 return VERR_EM_INTERPRETER;
1037 }
1038
1039 Log2(("emInterpret%s: pvFault=%VGv pParam1=%VGv val2=%x\n", emGetMnemonic(pCpu), pvFault, pParam1, valpar2));
1040 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + valpar2/8);
1041 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)pParam1 & ~3) == pvFault, VERR_EM_INTERPRETER);
1042 rc = emRamRead(pVM, &valpar1, pParam1, 1);
1043 if (VBOX_FAILURE(rc))
1044 {
1045 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
1046 return VERR_EM_INTERPRETER;
1047 }
1048
1049 Log2(("emInterpretBtx: val=%x\n", valpar1));
1050 /* Data read, emulate bit test instruction. */
1051 eflags = pfnEmulate(&valpar1, valpar2 & 0x7);
1052
1053 Log2(("emInterpretBtx: val=%x CF=%d\n", valpar1, !!(eflags & X86_EFL_CF)));
1054
1055 /* Update guest's eflags and finish. */
1056 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1057 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1058
1059 /* And write it back */
1060 rc = emRamWrite(pVM, pParam1, &valpar1, 1);
1061 if (VBOX_SUCCESS(rc))
1062 {
1063 /* All done! */
1064 *pcbSize = 1;
1065 return VINF_SUCCESS;
1066 }
1067#ifdef IN_GC
1068 }
1069 }
1070#endif
1071 return VERR_EM_INTERPRETER;
1072}
1073
1074
1075/**
1076 * LOCK BTR/C/S Emulation.
1077 */
1078static int emInterpretLockBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
1079 uint32_t *pcbSize, PFNEMULATELOCKPARAM2 pfnEmulate)
1080{
1081 void *pvParam1;
1082
1083 OP_PARAMVAL param1, param2;
1084 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1085 if(VBOX_FAILURE(rc))
1086 return VERR_EM_INTERPRETER;
1087
1088 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1089 if(VBOX_FAILURE(rc))
1090 return VERR_EM_INTERPRETER;
1091
1092 /* The destination is always a virtual address */
1093 if (param1.type != PARMTYPE_ADDRESS)
1094 return VERR_EM_INTERPRETER;
1095
1096 /* Register and immediate data == PARMTYPE_IMMEDIATE */
1097 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
1098 uint64_t ValPar2 = param2.val.val64;
1099
1100 /* Adjust the parameters so what we're dealing with is a bit within the byte pointed to. */
1101 RTGCPTR GCPtrPar1 = param1.val.val64;
1102 GCPtrPar1 = (GCPtrPar1 + ValPar2 / 8);
1103 ValPar2 &= 7;
1104
1105#ifdef IN_GC
1106 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1107 pvParam1 = (void *)GCPtrPar1;
1108#else
1109 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1110 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1111 if (VBOX_FAILURE(rc))
1112 {
1113 AssertRC(rc);
1114 return VERR_EM_INTERPRETER;
1115 }
1116#endif
1117
1118 Log2(("emInterpretLockBitTest %s: pvFault=%VGv GCPtrPar1=%VGv imm=%RX64\n", emGetMnemonic(pCpu), pvFault, GCPtrPar1, ValPar2));
1119
1120#ifdef IN_GC
1121 Assert(TRPMHasTrap(pVM));
1122 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)GCPtrPar1 & ~(RTGCUINTPTR)3) == pvFault, VERR_EM_INTERPRETER);
1123#endif
1124
1125 /* Try emulate it with a one-shot #PF handler in place. */
1126 RTGCUINTREG32 eflags = 0;
1127#ifdef IN_GC
1128 MMGCRamRegisterTrapHandler(pVM);
1129#endif
1130 rc = pfnEmulate(pvParam1, ValPar2, &eflags);
1131#ifdef IN_GC
1132 MMGCRamDeregisterTrapHandler(pVM);
1133#endif
1134 if (RT_FAILURE(rc))
1135 {
1136 Log(("emInterpretLockBitTest %s: %VGv imm%d=%RX64 -> emulation failed due to page fault!\n",
1137 emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
1138 return VERR_EM_INTERPRETER;
1139 }
1140
1141 Log2(("emInterpretLockBitTest %s: GCPtrPar1=%VGv imm=%VX64 CF=%d\n", emGetMnemonic(pCpu), GCPtrPar1, ValPar2, !!(eflags & X86_EFL_CF)));
1142
1143 /* Update guest's eflags and finish. */
1144 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1145 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1146
1147 *pcbSize = 1;
1148 return VINF_SUCCESS;
1149}
1150
1151
1152/**
1153 * MOV emulation.
1154 */
1155static int emInterpretMov(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1156{
1157 OP_PARAMVAL param1, param2;
1158 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1159 if(VBOX_FAILURE(rc))
1160 return VERR_EM_INTERPRETER;
1161
1162 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1163 if(VBOX_FAILURE(rc))
1164 return VERR_EM_INTERPRETER;
1165
1166#ifdef IN_GC
1167 if (TRPMHasTrap(pVM))
1168 {
1169 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1170 {
1171#else
1172 /** @todo Make this the default and don't rely on TRPM information. */
1173 if (param1.type == PARMTYPE_ADDRESS)
1174 {
1175#endif
1176 RTGCPTR pDest;
1177 uint64_t val64;
1178
1179 switch(param1.type)
1180 {
1181 case PARMTYPE_IMMEDIATE:
1182 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1183 return VERR_EM_INTERPRETER;
1184 /* fallthru */
1185
1186 case PARMTYPE_ADDRESS:
1187 pDest = (RTGCPTR)param1.val.val64;
1188 pDest = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pDest);
1189 break;
1190
1191 default:
1192 AssertFailed();
1193 return VERR_EM_INTERPRETER;
1194 }
1195
1196 switch(param2.type)
1197 {
1198 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
1199 val64 = param2.val.val64;
1200 break;
1201
1202 default:
1203 Log(("emInterpretMov: unexpected type=%d eip=%VGv\n", param2.type, pRegFrame->rip));
1204 return VERR_EM_INTERPRETER;
1205 }
1206#ifdef LOG_ENABLED
1207 if (pCpu->mode == CPUMODE_64BIT)
1208 LogFlow(("EMInterpretInstruction at %VGv: OP_MOV %VGv <- %RX64 (%d) &val32=%VHv\n", pRegFrame->rip, pDest, val64, param2.size, &val64));
1209 else
1210 LogFlow(("EMInterpretInstruction at %VGv: OP_MOV %VGv <- %08X (%d) &val32=%VHv\n", pRegFrame->rip, pDest, (uint32_t)val64, param2.size, &val64));
1211#endif
1212
1213 Assert(param2.size <= 8 && param2.size > 0);
1214 EM_ASSERT_FAULT_RETURN(pDest == pvFault, VERR_EM_INTERPRETER);
1215 rc = emRamWrite(pVM, pDest, &val64, param2.size);
1216 if (VBOX_FAILURE(rc))
1217 return VERR_EM_INTERPRETER;
1218
1219 *pcbSize = param2.size;
1220 }
1221 else
1222 { /* read fault */
1223 RTGCPTR pSrc;
1224 uint64_t val64;
1225
1226 /* Source */
1227 switch(param2.type)
1228 {
1229 case PARMTYPE_IMMEDIATE:
1230 if(!(param2.flags & (PARAM_VAL32|PARAM_VAL64)))
1231 return VERR_EM_INTERPRETER;
1232 /* fallthru */
1233
1234 case PARMTYPE_ADDRESS:
1235 pSrc = (RTGCPTR)param2.val.val64;
1236 pSrc = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pSrc);
1237 break;
1238
1239 default:
1240 return VERR_EM_INTERPRETER;
1241 }
1242
1243 Assert(param1.size <= 8 && param1.size > 0);
1244 EM_ASSERT_FAULT_RETURN(pSrc == pvFault, VERR_EM_INTERPRETER);
1245 rc = emRamRead(pVM, &val64, pSrc, param1.size);
1246 if (VBOX_FAILURE(rc))
1247 return VERR_EM_INTERPRETER;
1248
1249 /* Destination */
1250 switch(param1.type)
1251 {
1252 case PARMTYPE_REGISTER:
1253 switch(param1.size)
1254 {
1255 case 1: rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen, (uint8_t) val64); break;
1256 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen, (uint16_t)val64); break;
1257 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen, (uint32_t)val64); break;
1258 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param1.base.reg_gen, val64); break;
1259 default:
1260 return VERR_EM_INTERPRETER;
1261 }
1262 if (VBOX_FAILURE(rc))
1263 return rc;
1264 break;
1265
1266 default:
1267 return VERR_EM_INTERPRETER;
1268 }
1269#ifdef LOG_ENABLED
1270 if (pCpu->mode == CPUMODE_64BIT)
1271 LogFlow(("EMInterpretInstruction: OP_MOV %VGv -> %RX64 (%d)\n", pSrc, val64, param1.size));
1272 else
1273 LogFlow(("EMInterpretInstruction: OP_MOV %VGv -> %08X (%d)\n", pSrc, (uint32_t)val64, param1.size));
1274#endif
1275 }
1276 return VINF_SUCCESS;
1277#ifdef IN_GC
1278 }
1279#endif
1280 return VERR_EM_INTERPRETER;
1281}
1282
1283
1284#ifndef IN_GC
1285/*
1286 * [REP] STOSWD emulation
1287 *
1288 */
1289static int emInterpretStosWD(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1290{
1291 int rc;
1292 RTGCPTR GCDest, GCOffset;
1293 uint32_t cbSize;
1294 uint64_t cTransfers;
1295 int offIncrement;
1296
1297 /* Don't support any but these three prefix bytes. */
1298 if ((pCpu->prefix & ~(PREFIX_ADDRSIZE|PREFIX_OPSIZE|PREFIX_REP|PREFIX_REX)))
1299 return VERR_EM_INTERPRETER;
1300
1301 switch (pCpu->addrmode)
1302 {
1303 case CPUMODE_16BIT:
1304 GCOffset = pRegFrame->di;
1305 cTransfers = pRegFrame->cx;
1306 break;
1307 case CPUMODE_32BIT:
1308 GCOffset = pRegFrame->edi;
1309 cTransfers = pRegFrame->ecx;
1310 break;
1311 case CPUMODE_64BIT:
1312 GCOffset = pRegFrame->rdi;
1313 cTransfers = pRegFrame->rcx;
1314 break;
1315 default:
1316 AssertFailed();
1317 return VERR_EM_INTERPRETER;
1318 }
1319
1320 GCDest = SELMToFlat(pVM, DIS_SELREG_ES, pRegFrame, GCOffset);
1321 switch (pCpu->opmode)
1322 {
1323 case CPUMODE_16BIT:
1324 cbSize = 2;
1325 break;
1326 case CPUMODE_32BIT:
1327 cbSize = 4;
1328 break;
1329 case CPUMODE_64BIT:
1330 cbSize = 8;
1331 break;
1332 default:
1333 AssertFailed();
1334 return VERR_EM_INTERPRETER;
1335 }
1336
1337 offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cbSize : (signed)cbSize;
1338
1339 if (!(pCpu->prefix & PREFIX_REP))
1340 {
1341 LogFlow(("emInterpretStosWD dest=%04X:%VGv (%VGv) cbSize=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize));
1342
1343 rc = PGMPhysWriteGCPtr(pVM, GCDest, &pRegFrame->rax, cbSize);
1344 if (VBOX_FAILURE(rc))
1345 return VERR_EM_INTERPRETER;
1346 Assert(rc == VINF_SUCCESS);
1347
1348 /* Update (e/r)di. */
1349 switch (pCpu->addrmode)
1350 {
1351 case CPUMODE_16BIT:
1352 pRegFrame->di += offIncrement;
1353 break;
1354 case CPUMODE_32BIT:
1355 pRegFrame->edi += offIncrement;
1356 break;
1357 case CPUMODE_64BIT:
1358 pRegFrame->rdi += offIncrement;
1359 break;
1360 default:
1361 AssertFailed();
1362 return VERR_EM_INTERPRETER;
1363 }
1364
1365 }
1366 else
1367 {
1368 if (!cTransfers)
1369 return VINF_SUCCESS;
1370
1371 LogFlow(("emInterpretStosWD dest=%04X:%VGv (%VGv) cbSize=%d cTransfers=%x DF=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize, cTransfers, pRegFrame->eflags.Bits.u1DF));
1372
1373 /* Access verification first; we currently can't recover properly from traps inside this instruction */
1374 rc = PGMVerifyAccess(pVM, GCDest - (offIncrement > 0) ? 0 : ((cTransfers-1) * cbSize), cTransfers * cbSize, X86_PTE_RW | X86_PTE_US);
1375 if (rc != VINF_SUCCESS)
1376 {
1377 Log(("STOSWD will generate a trap -> recompiler, rc=%d\n", rc));
1378 return VERR_EM_INTERPRETER;
1379 }
1380
1381 /* REP case */
1382 while (cTransfers)
1383 {
1384 rc = PGMPhysWriteGCPtr(pVM, GCDest, &pRegFrame->rax, cbSize);
1385 if (VBOX_FAILURE(rc))
1386 {
1387 rc = VERR_EM_INTERPRETER;
1388 break;
1389 }
1390
1391 Assert(rc == VINF_SUCCESS);
1392 GCOffset += offIncrement;
1393 GCDest += offIncrement;
1394 cTransfers--;
1395 }
1396
1397 /* Update the registers. */
1398 switch (pCpu->addrmode)
1399 {
1400 case CPUMODE_16BIT:
1401 pRegFrame->di = GCOffset;
1402 pRegFrame->cx = cTransfers;
1403 break;
1404 case CPUMODE_32BIT:
1405 pRegFrame->edi = GCOffset;
1406 pRegFrame->ecx = cTransfers;
1407 break;
1408 case CPUMODE_64BIT:
1409 pRegFrame->rdi = GCOffset;
1410 pRegFrame->rcx = cTransfers;
1411 break;
1412 default:
1413 AssertFailed();
1414 return VERR_EM_INTERPRETER;
1415 }
1416 }
1417
1418 *pcbSize = cbSize;
1419 return rc;
1420}
1421#endif
1422
1423
1424/**
1425 * [LOCK] CMPXCHG emulation.
1426 */
1427#ifndef IN_GC
1428static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1429{
1430 OP_PARAMVAL param1, param2;
1431
1432 /* Source to make DISQueryParamVal read the register value - ugly hack */
1433 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1434 if(VBOX_FAILURE(rc))
1435 return VERR_EM_INTERPRETER;
1436
1437 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1438 if(VBOX_FAILURE(rc))
1439 return VERR_EM_INTERPRETER;
1440
1441 RTGCPTR GCPtrPar1;
1442 void *pvParam1;
1443 uint64_t valpar, eflags;
1444
1445 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1446 switch(param1.type)
1447 {
1448 case PARMTYPE_ADDRESS:
1449 GCPtrPar1 = param1.val.val64;
1450 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1451
1452 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1453 if (VBOX_FAILURE(rc))
1454 {
1455 AssertRC(rc);
1456 return VERR_EM_INTERPRETER;
1457 }
1458 break;
1459
1460 default:
1461 return VERR_EM_INTERPRETER;
1462 }
1463
1464 switch(param2.type)
1465 {
1466 case PARMTYPE_IMMEDIATE: /* register actually */
1467 valpar = param2.val.val64;
1468 break;
1469
1470 default:
1471 return VERR_EM_INTERPRETER;
1472 }
1473
1474 LogFlow(("%s %VGv rax=%RX64 %RX64\n", emGetMnemonic(pCpu), GCPtrPar1, pRegFrame->rax, valpar));
1475
1476 if (pCpu->prefix & PREFIX_LOCK)
1477 eflags = EMEmulateLockCmpXchg(pvParam1, &pRegFrame->rax, valpar, pCpu->param2.size);
1478 else
1479 eflags = EMEmulateCmpXchg(pvParam1, &pRegFrame->rax, valpar, pCpu->param2.size);
1480
1481 LogFlow(("%s %VGv rax=%RX64 %RX64 ZF=%d\n", emGetMnemonic(pCpu), GCPtrPar1, pRegFrame->rax, valpar, !!(eflags & X86_EFL_ZF)));
1482
1483 /* Update guest's eflags and finish. */
1484 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1485 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1486
1487 *pcbSize = param2.size;
1488 return VINF_SUCCESS;
1489}
1490
1491/*
1492 * [LOCK] CMPXCHG8B emulation.
1493 */
1494static int emInterpretCmpXchg8b(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1495{
1496 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1497 OP_PARAMVAL param1;
1498
1499 /* Source to make DISQueryParamVal read the register value - ugly hack */
1500 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1501 if(VBOX_FAILURE(rc))
1502 return VERR_EM_INTERPRETER;
1503
1504 RTGCPTR GCPtrPar1;
1505 void *pvParam1;
1506 uint64_t eflags;
1507
1508 AssertReturn(pCpu->param1.size == 8, VERR_EM_INTERPRETER);
1509 switch(param1.type)
1510 {
1511 case PARMTYPE_ADDRESS:
1512 GCPtrPar1 = param1.val.val64;
1513 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1514
1515 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1516 if (VBOX_FAILURE(rc))
1517 {
1518 AssertRC(rc);
1519 return VERR_EM_INTERPRETER;
1520 }
1521 break;
1522
1523 default:
1524 return VERR_EM_INTERPRETER;
1525 }
1526
1527 LogFlow(("%s %VGv=%08x eax=%08x\n", emGetMnemonic(pCpu), pvParam1, pRegFrame->eax));
1528
1529 if (pCpu->prefix & PREFIX_LOCK)
1530 eflags = EMEmulateLockCmpXchg8b(pvParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx);
1531 else
1532 eflags = EMEmulateCmpXchg8b(pvParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx);
1533
1534 LogFlow(("%s %VGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pCpu), pvParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1535
1536 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1537 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1538 | (eflags & (X86_EFL_ZF));
1539
1540 *pcbSize = 8;
1541 return VINF_SUCCESS;
1542}
1543
1544#else /* IN_GC */
1545static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1546{
1547 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1548 OP_PARAMVAL param1, param2;
1549
1550 /* Source to make DISQueryParamVal read the register value - ugly hack */
1551 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1552 if(VBOX_FAILURE(rc))
1553 return VERR_EM_INTERPRETER;
1554
1555 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1556 if(VBOX_FAILURE(rc))
1557 return VERR_EM_INTERPRETER;
1558
1559 if (TRPMHasTrap(pVM))
1560 {
1561 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1562 {
1563 RTRCPTR pParam1;
1564 uint32_t valpar, eflags;
1565
1566 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1567 switch(param1.type)
1568 {
1569 case PARMTYPE_ADDRESS:
1570 pParam1 = (RTRCPTR)param1.val.val64;
1571 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1572 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1573 break;
1574
1575 default:
1576 return VERR_EM_INTERPRETER;
1577 }
1578
1579 switch(param2.type)
1580 {
1581 case PARMTYPE_IMMEDIATE: /* register actually */
1582 valpar = param2.val.val32;
1583 break;
1584
1585 default:
1586 return VERR_EM_INTERPRETER;
1587 }
1588
1589 LogFlow(("%s %VRv eax=%08x %08x\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, valpar));
1590
1591 MMGCRamRegisterTrapHandler(pVM);
1592 if (pCpu->prefix & PREFIX_LOCK)
1593 rc = EMGCEmulateLockCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1594 else
1595 rc = EMGCEmulateCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1596 MMGCRamDeregisterTrapHandler(pVM);
1597
1598 if (VBOX_FAILURE(rc))
1599 {
1600 Log(("%s %VGv eax=%08x %08x -> emulation failed due to page fault!\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, valpar));
1601 return VERR_EM_INTERPRETER;
1602 }
1603
1604 LogFlow(("%s %VRv eax=%08x %08x ZF=%d\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, valpar, !!(eflags & X86_EFL_ZF)));
1605
1606 /* Update guest's eflags and finish. */
1607 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1608 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1609
1610 *pcbSize = param2.size;
1611 return VINF_SUCCESS;
1612 }
1613 }
1614 return VERR_EM_INTERPRETER;
1615}
1616
1617/*
1618 * [LOCK] CMPXCHG8B emulation.
1619 */
1620static int emInterpretCmpXchg8b(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1621{
1622 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1623 OP_PARAMVAL param1;
1624
1625 /* Source to make DISQueryParamVal read the register value - ugly hack */
1626 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1627 if(VBOX_FAILURE(rc))
1628 return VERR_EM_INTERPRETER;
1629
1630 if (TRPMHasTrap(pVM))
1631 {
1632 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1633 {
1634 RTRCPTR pParam1;
1635 uint32_t eflags;
1636
1637 AssertReturn(pCpu->param1.size == 8, VERR_EM_INTERPRETER);
1638 switch(param1.type)
1639 {
1640 case PARMTYPE_ADDRESS:
1641 pParam1 = (RTRCPTR)param1.val.val64;
1642 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1643 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1644 break;
1645
1646 default:
1647 return VERR_EM_INTERPRETER;
1648 }
1649
1650 LogFlow(("%s %VRv=%08x eax=%08x\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax));
1651
1652 MMGCRamRegisterTrapHandler(pVM);
1653 if (pCpu->prefix & PREFIX_LOCK)
1654 rc = EMGCEmulateLockCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1655 else
1656 rc = EMGCEmulateCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1657 MMGCRamDeregisterTrapHandler(pVM);
1658
1659 if (VBOX_FAILURE(rc))
1660 {
1661 Log(("%s %VGv=%08x eax=%08x -> emulation failed due to page fault!\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax));
1662 return VERR_EM_INTERPRETER;
1663 }
1664
1665 LogFlow(("%s %VGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1666
1667 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1668 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1669 | (eflags & (X86_EFL_ZF));
1670
1671 *pcbSize = 8;
1672 return VINF_SUCCESS;
1673 }
1674 }
1675 return VERR_EM_INTERPRETER;
1676}
1677#endif /* IN_GC */
1678
1679
1680/**
1681 * [LOCK] XADD emulation.
1682 */
1683#ifdef IN_GC
1684static int emInterpretXAdd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1685{
1686 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1687 OP_PARAMVAL param1;
1688 uint32_t *pParamReg2;
1689 size_t cbSizeParamReg2;
1690
1691 /* Source to make DISQueryParamVal read the register value - ugly hack */
1692 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1693 if(VBOX_FAILURE(rc))
1694 return VERR_EM_INTERPRETER;
1695
1696 rc = DISQueryParamRegPtr(pRegFrame, pCpu, &pCpu->param2, (void **)&pParamReg2, &cbSizeParamReg2);
1697 Assert(cbSizeParamReg2 <= 4);
1698 if(VBOX_FAILURE(rc))
1699 return VERR_EM_INTERPRETER;
1700
1701 if (TRPMHasTrap(pVM))
1702 {
1703 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1704 {
1705 RTRCPTR pParam1;
1706 uint32_t eflags;
1707
1708 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1709 switch(param1.type)
1710 {
1711 case PARMTYPE_ADDRESS:
1712 pParam1 = (RTRCPTR)param1.val.val64;
1713 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1714 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1715 break;
1716
1717 default:
1718 return VERR_EM_INTERPRETER;
1719 }
1720
1721 LogFlow(("XAdd %VRv=%08x reg=%08x\n", pParam1, *pParamReg2));
1722
1723 MMGCRamRegisterTrapHandler(pVM);
1724 if (pCpu->prefix & PREFIX_LOCK)
1725 rc = EMGCEmulateLockXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1726 else
1727 rc = EMGCEmulateXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1728 MMGCRamDeregisterTrapHandler(pVM);
1729
1730 if (VBOX_FAILURE(rc))
1731 {
1732 Log(("XAdd %VGv reg=%08x -> emulation failed due to page fault!\n", pParam1, *pParamReg2));
1733 return VERR_EM_INTERPRETER;
1734 }
1735
1736 LogFlow(("XAdd %VGv reg=%08x ZF=%d\n", pParam1, *pParamReg2, !!(eflags & X86_EFL_ZF)));
1737
1738 /* Update guest's eflags and finish. */
1739 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1740 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1741
1742 *pcbSize = cbSizeParamReg2;
1743 return VINF_SUCCESS;
1744 }
1745 }
1746 return VERR_EM_INTERPRETER;
1747}
1748#endif /* IN_GC */
1749
1750
1751#ifdef IN_GC
1752/**
1753 * Interpret IRET (currently only to V86 code)
1754 *
1755 * @returns VBox status code.
1756 * @param pVM The VM handle.
1757 * @param pRegFrame The register frame.
1758 *
1759 */
1760VMMDECL(int) EMInterpretIret(PVM pVM, PCPUMCTXCORE pRegFrame)
1761{
1762 RTGCUINTPTR pIretStack = (RTGCUINTPTR)pRegFrame->esp;
1763 RTGCUINTPTR eip, cs, esp, ss, eflags, ds, es, fs, gs, uMask;
1764 int rc;
1765
1766 Assert(!CPUMIsGuestIn64BitCode(pVM, pRegFrame));
1767
1768 rc = emRamRead(pVM, &eip, (RTGCPTR)pIretStack , 4);
1769 rc |= emRamRead(pVM, &cs, (RTGCPTR)(pIretStack + 4), 4);
1770 rc |= emRamRead(pVM, &eflags, (RTGCPTR)(pIretStack + 8), 4);
1771 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1772 AssertReturn(eflags & X86_EFL_VM, VERR_EM_INTERPRETER);
1773
1774 rc |= emRamRead(pVM, &esp, (RTGCPTR)(pIretStack + 12), 4);
1775 rc |= emRamRead(pVM, &ss, (RTGCPTR)(pIretStack + 16), 4);
1776 rc |= emRamRead(pVM, &es, (RTGCPTR)(pIretStack + 20), 4);
1777 rc |= emRamRead(pVM, &ds, (RTGCPTR)(pIretStack + 24), 4);
1778 rc |= emRamRead(pVM, &fs, (RTGCPTR)(pIretStack + 28), 4);
1779 rc |= emRamRead(pVM, &gs, (RTGCPTR)(pIretStack + 32), 4);
1780 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1781
1782 pRegFrame->eip = eip & 0xffff;
1783 pRegFrame->cs = cs;
1784
1785 /* Mask away all reserved bits */
1786 uMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_ID;
1787 eflags &= uMask;
1788
1789#ifndef IN_RING0
1790 CPUMRawSetEFlags(pVM, pRegFrame, eflags);
1791#endif
1792 Assert((pRegFrame->eflags.u32 & (X86_EFL_IF|X86_EFL_IOPL)) == X86_EFL_IF);
1793
1794 pRegFrame->esp = esp;
1795 pRegFrame->ss = ss;
1796 pRegFrame->ds = ds;
1797 pRegFrame->es = es;
1798 pRegFrame->fs = fs;
1799 pRegFrame->gs = gs;
1800
1801 return VINF_SUCCESS;
1802}
1803#endif /* IN_GC */
1804
1805
1806/**
1807 * IRET Emulation.
1808 */
1809static int emInterpretIret(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1810{
1811 /* only allow direct calls to EMInterpretIret for now */
1812 return VERR_EM_INTERPRETER;
1813}
1814
1815/**
1816 * WBINVD Emulation.
1817 */
1818static int emInterpretWbInvd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1819{
1820 /* Nothing to do. */
1821 return VINF_SUCCESS;
1822}
1823
1824
1825/**
1826 * Interpret INVLPG
1827 *
1828 * @returns VBox status code.
1829 * @param pVM The VM handle.
1830 * @param pRegFrame The register frame.
1831 * @param pAddrGC Operand address
1832 *
1833 */
1834VMMDECL(int) EMInterpretInvlpg(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pAddrGC)
1835{
1836 int rc;
1837
1838 /** @todo is addr always a flat linear address or ds based
1839 * (in absence of segment override prefixes)????
1840 */
1841#ifdef IN_GC
1842 LogFlow(("RC: EMULATE: invlpg %RGv\n", pAddrGC));
1843#endif
1844 rc = PGMInvalidatePage(pVM, pAddrGC);
1845 if ( rc == VINF_SUCCESS
1846 || rc == VINF_PGM_SYNC_CR3 /* we can rely on the FF */)
1847 return VINF_SUCCESS;
1848 AssertMsgReturn( rc == VERR_REM_FLUSHED_PAGES_OVERFLOW
1849 || rc == VINF_EM_RAW_EMULATE_INSTR,
1850 ("%Rrc addr=%RGv\n", rc, pAddrGC),
1851 VERR_EM_INTERPRETER);
1852 return rc;
1853}
1854
1855
1856/**
1857 * INVLPG Emulation.
1858 */
1859static int emInterpretInvlPg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1860{
1861 OP_PARAMVAL param1;
1862 RTGCPTR addr;
1863
1864 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1865 if(VBOX_FAILURE(rc))
1866 return VERR_EM_INTERPRETER;
1867
1868 switch(param1.type)
1869 {
1870 case PARMTYPE_IMMEDIATE:
1871 case PARMTYPE_ADDRESS:
1872 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1873 return VERR_EM_INTERPRETER;
1874 addr = (RTGCPTR)param1.val.val64;
1875 break;
1876
1877 default:
1878 return VERR_EM_INTERPRETER;
1879 }
1880
1881 /** @todo is addr always a flat linear address or ds based
1882 * (in absence of segment override prefixes)????
1883 */
1884#ifdef IN_GC
1885 LogFlow(("RC: EMULATE: invlpg %RGv\n", addr));
1886#endif
1887 rc = PGMInvalidatePage(pVM, addr);
1888 if ( rc == VINF_SUCCESS
1889 || rc == VINF_PGM_SYNC_CR3 /* we can rely on the FF */)
1890 return VINF_SUCCESS;
1891 AssertMsgReturn( rc == VERR_REM_FLUSHED_PAGES_OVERFLOW
1892 || rc == VINF_EM_RAW_EMULATE_INSTR,
1893 ("%Rrc addr=%RGv\n", rc, addr),
1894 VERR_EM_INTERPRETER);
1895 return rc;
1896}
1897
1898
1899/**
1900 * Interpret CPUID given the parameters in the CPU context
1901 *
1902 * @returns VBox status code.
1903 * @param pVM The VM handle.
1904 * @param pRegFrame The register frame.
1905 *
1906 */
1907VMMDECL(int) EMInterpretCpuId(PVM pVM, PCPUMCTXCORE pRegFrame)
1908{
1909 uint32_t iLeaf = pRegFrame->eax; NOREF(iLeaf);
1910
1911 /* Note: operates the same in 64 and non-64 bits mode. */
1912 CPUMGetGuestCpuId(pVM, pRegFrame->eax, &pRegFrame->eax, &pRegFrame->ebx, &pRegFrame->ecx, &pRegFrame->edx);
1913 Log(("Emulate: CPUID %x -> %08x %08x %08x %08x\n", iLeaf, pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx));
1914 return VINF_SUCCESS;
1915}
1916
1917
1918/**
1919 * CPUID Emulation.
1920 */
1921static int emInterpretCpuId(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1922{
1923 int rc = EMInterpretCpuId(pVM, pRegFrame);
1924 return rc;
1925}
1926
1927
1928/**
1929 * Interpret CRx read
1930 *
1931 * @returns VBox status code.
1932 * @param pVM The VM handle.
1933 * @param pRegFrame The register frame.
1934 * @param DestRegGen General purpose register index (USE_REG_E**))
1935 * @param SrcRegCRx CRx register index (USE_REG_CR*)
1936 *
1937 */
1938VMMDECL(int) EMInterpretCRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegCrx)
1939{
1940 int rc;
1941 uint64_t val64;
1942
1943 if (SrcRegCrx == USE_REG_CR8)
1944 {
1945 val64 = 0;
1946 rc = PDMApicGetTPR(pVM, (uint8_t *)&val64, NULL);
1947 AssertMsgRCReturn(rc, ("PDMApicGetTPR failed\n"), VERR_EM_INTERPRETER);
1948 }
1949 else
1950 {
1951 rc = CPUMGetGuestCRx(pVM, SrcRegCrx, &val64);
1952 AssertMsgRCReturn(rc, ("CPUMGetGuestCRx %d failed\n", SrcRegCrx), VERR_EM_INTERPRETER);
1953 }
1954
1955 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
1956 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
1957 else
1958 rc = DISWriteReg32(pRegFrame, DestRegGen, val64);
1959
1960 if(VBOX_SUCCESS(rc))
1961 {
1962 LogFlow(("MOV_CR: gen32=%d CR=%d val=%VX64\n", DestRegGen, SrcRegCrx, val64));
1963 return VINF_SUCCESS;
1964 }
1965 return VERR_EM_INTERPRETER;
1966}
1967
1968
1969
1970/**
1971 * Interpret CLTS
1972 *
1973 * @returns VBox status code.
1974 * @param pVM The VM handle.
1975 *
1976 */
1977VMMDECL(int) EMInterpretCLTS(PVM pVM)
1978{
1979 uint64_t cr0 = CPUMGetGuestCR0(pVM);
1980 if (!(cr0 & X86_CR0_TS))
1981 return VINF_SUCCESS;
1982 return CPUMSetGuestCR0(pVM, cr0 & ~X86_CR0_TS);
1983}
1984
1985/**
1986 * CLTS Emulation.
1987 */
1988static int emInterpretClts(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1989{
1990 return EMInterpretCLTS(pVM);
1991}
1992
1993
1994/**
1995 * Update CRx
1996 *
1997 * @returns VBox status code.
1998 * @param pVM The VM handle.
1999 * @param pRegFrame The register frame.
2000 * @param DestRegCRx CRx register index (USE_REG_CR*)
2001 * @param val New CRx value
2002 *
2003 */
2004static int EMUpdateCRx(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint64_t val)
2005{
2006 uint64_t oldval;
2007 uint64_t msrEFER;
2008 int rc;
2009
2010 /** @todo Clean up this mess. */
2011 LogFlow(("EMInterpretCRxWrite at %VGv CR%d <- %VX64\n", pRegFrame->rip, DestRegCrx, val));
2012 switch (DestRegCrx)
2013 {
2014 case USE_REG_CR0:
2015 oldval = CPUMGetGuestCR0(pVM);
2016#ifdef IN_GC
2017 /* CR0.WP and CR0.AM changes require a reschedule run in ring 3. */
2018 if ( (val & (X86_CR0_WP | X86_CR0_AM))
2019 != (oldval & (X86_CR0_WP | X86_CR0_AM)))
2020 return VERR_EM_INTERPRETER;
2021#endif
2022 CPUMSetGuestCR0(pVM, val);
2023 val = CPUMGetGuestCR0(pVM);
2024 if ( (oldval & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE))
2025 != (val & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE)))
2026 {
2027 /* global flush */
2028 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
2029 AssertRCReturn(rc, rc);
2030 }
2031
2032 /* Deal with long mode enabling/disabling. */
2033 msrEFER = CPUMGetGuestEFER(pVM);
2034 if (msrEFER & MSR_K6_EFER_LME)
2035 {
2036 if ( !(oldval & X86_CR0_PG)
2037 && (val & X86_CR0_PG))
2038 {
2039 /* Illegal to have an active 64 bits CS selector (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2040 if (pRegFrame->csHid.Attr.n.u1Long)
2041 {
2042 AssertMsgFailed(("Illegal enabling of paging with CS.u1Long = 1!!\n"));
2043 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2044 }
2045
2046 /* Illegal to switch to long mode before activating PAE first (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2047 if (!(CPUMGetGuestCR4(pVM) & X86_CR4_PAE))
2048 {
2049 AssertMsgFailed(("Illegal enabling of paging with PAE disabled!!\n"));
2050 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2051 }
2052 msrEFER |= MSR_K6_EFER_LMA;
2053 }
2054 else
2055 if ( (oldval & X86_CR0_PG)
2056 && !(val & X86_CR0_PG))
2057 {
2058 msrEFER &= ~MSR_K6_EFER_LMA;
2059 /* @todo Do we need to cut off rip here? High dword of rip is undefined, so it shouldn't really matter. */
2060 }
2061 CPUMSetGuestEFER(pVM, msrEFER);
2062 }
2063 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), CPUMGetGuestEFER(pVM));
2064
2065 case USE_REG_CR2:
2066 rc = CPUMSetGuestCR2(pVM, val); AssertRC(rc);
2067 return VINF_SUCCESS;
2068
2069 case USE_REG_CR3:
2070 /* Reloading the current CR3 means the guest just wants to flush the TLBs */
2071 rc = CPUMSetGuestCR3(pVM, val); AssertRC(rc);
2072 if (CPUMGetGuestCR0(pVM) & X86_CR0_PG)
2073 {
2074 /* flush */
2075 rc = PGMFlushTLB(pVM, val, !(CPUMGetGuestCR4(pVM) & X86_CR4_PGE));
2076 AssertRCReturn(rc, rc);
2077 }
2078 return VINF_SUCCESS;
2079
2080 case USE_REG_CR4:
2081 oldval = CPUMGetGuestCR4(pVM);
2082 rc = CPUMSetGuestCR4(pVM, val); AssertRC(rc);
2083 val = CPUMGetGuestCR4(pVM);
2084
2085 msrEFER = CPUMGetGuestEFER(pVM);
2086 /* Illegal to disable PAE when long mode is active. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2087 if ( (msrEFER & MSR_K6_EFER_LMA)
2088 && (oldval & X86_CR4_PAE)
2089 && !(val & X86_CR4_PAE))
2090 {
2091 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2092 }
2093
2094 if ( (oldval & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE))
2095 != (val & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE)))
2096 {
2097 /* global flush */
2098 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
2099 AssertRCReturn(rc, rc);
2100 }
2101# ifdef IN_GC
2102 /* Feeling extremely lazy. */
2103 if ( (oldval & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME))
2104 != (val & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME)))
2105 {
2106 Log(("emInterpretMovCRx: CR4: %#RX64->%#RX64 => R3\n", oldval, val));
2107 VM_FF_SET(pVM, VM_FF_TO_R3);
2108 }
2109# endif
2110 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), CPUMGetGuestEFER(pVM));
2111
2112 case USE_REG_CR8:
2113 return PDMApicSetTPR(pVM, val);
2114
2115 default:
2116 AssertFailed();
2117 case USE_REG_CR1: /* illegal op */
2118 break;
2119 }
2120 return VERR_EM_INTERPRETER;
2121}
2122
2123/**
2124 * Interpret CRx write
2125 *
2126 * @returns VBox status code.
2127 * @param pVM The VM handle.
2128 * @param pRegFrame The register frame.
2129 * @param DestRegCRx CRx register index (USE_REG_CR*)
2130 * @param SrcRegGen General purpose register index (USE_REG_E**))
2131 *
2132 */
2133VMMDECL(int) EMInterpretCRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint32_t SrcRegGen)
2134{
2135 uint64_t val;
2136 int rc;
2137
2138 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2139 {
2140 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2141 }
2142 else
2143 {
2144 uint32_t val32;
2145 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2146 val = val32;
2147 }
2148
2149 if (VBOX_SUCCESS(rc))
2150 return EMUpdateCRx(pVM, pRegFrame, DestRegCrx, val);
2151
2152 return VERR_EM_INTERPRETER;
2153}
2154
2155/**
2156 * Interpret LMSW
2157 *
2158 * @returns VBox status code.
2159 * @param pVM The VM handle.
2160 * @param pRegFrame The register frame.
2161 * @param u16Data LMSW source data.
2162 *
2163 */
2164VMMDECL(int) EMInterpretLMSW(PVM pVM, PCPUMCTXCORE pRegFrame, uint16_t u16Data)
2165{
2166 uint64_t OldCr0 = CPUMGetGuestCR0(pVM);
2167
2168 /* Only PE, MP, EM and TS can be changed; note that PE can't be cleared by this instruction. */
2169 uint64_t NewCr0 = ( OldCr0 & ~( X86_CR0_MP | X86_CR0_EM | X86_CR0_TS))
2170 | (u16Data & (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS));
2171
2172 return EMUpdateCRx(pVM, pRegFrame, USE_REG_CR0, NewCr0);
2173}
2174
2175/**
2176 * LMSW Emulation.
2177 */
2178static int emInterpretLmsw(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2179{
2180 OP_PARAMVAL param1;
2181 uint32_t val;
2182
2183 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2184 if(VBOX_FAILURE(rc))
2185 return VERR_EM_INTERPRETER;
2186
2187 switch(param1.type)
2188 {
2189 case PARMTYPE_IMMEDIATE:
2190 case PARMTYPE_ADDRESS:
2191 if(!(param1.flags & PARAM_VAL16))
2192 return VERR_EM_INTERPRETER;
2193 val = param1.val.val32;
2194 break;
2195
2196 default:
2197 return VERR_EM_INTERPRETER;
2198 }
2199
2200 LogFlow(("emInterpretLmsw %x\n", val));
2201 return EMInterpretLMSW(pVM, pRegFrame, val);
2202}
2203
2204/**
2205 * MOV CRx
2206 */
2207static int emInterpretMovCRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2208{
2209 if ((pCpu->param1.flags == USE_REG_GEN32 || pCpu->param1.flags == USE_REG_GEN64) && pCpu->param2.flags == USE_REG_CR)
2210 return EMInterpretCRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen, pCpu->param2.base.reg_ctrl);
2211
2212 if (pCpu->param1.flags == USE_REG_CR && (pCpu->param2.flags == USE_REG_GEN32 || pCpu->param2.flags == USE_REG_GEN64))
2213 return EMInterpretCRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_ctrl, pCpu->param2.base.reg_gen);
2214
2215 AssertMsgFailedReturn(("Unexpected control register move\n"), VERR_EM_INTERPRETER);
2216 return VERR_EM_INTERPRETER;
2217}
2218
2219
2220/**
2221 * Interpret DRx write
2222 *
2223 * @returns VBox status code.
2224 * @param pVM The VM handle.
2225 * @param pRegFrame The register frame.
2226 * @param DestRegDRx DRx register index (USE_REG_DR*)
2227 * @param SrcRegGen General purpose register index (USE_REG_E**))
2228 *
2229 */
2230VMMDECL(int) EMInterpretDRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegDrx, uint32_t SrcRegGen)
2231{
2232 uint64_t val;
2233 int rc;
2234
2235 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2236 {
2237 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2238 }
2239 else
2240 {
2241 uint32_t val32;
2242 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2243 val = val32;
2244 }
2245
2246 if (RT_SUCCESS(rc))
2247 {
2248 /** @todo we don't fail if illegal bits are set/cleared for e.g. dr7 */
2249 rc = CPUMSetGuestDRx(pVM, DestRegDrx, val);
2250 if (RT_SUCCESS(rc))
2251 return rc;
2252 AssertMsgFailed(("CPUMSetGuestDRx %d failed\n", DestRegDrx));
2253 }
2254 return VERR_EM_INTERPRETER;
2255}
2256
2257
2258/**
2259 * Interpret DRx read
2260 *
2261 * @returns VBox status code.
2262 * @param pVM The VM handle.
2263 * @param pRegFrame The register frame.
2264 * @param DestRegGen General purpose register index (USE_REG_E**))
2265 * @param SrcRegDRx DRx register index (USE_REG_DR*)
2266 *
2267 */
2268VMMDECL(int) EMInterpretDRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegDrx)
2269{
2270 uint64_t val64;
2271
2272 int rc = CPUMGetGuestDRx(pVM, SrcRegDrx, &val64);
2273 AssertMsgRCReturn(rc, ("CPUMGetGuestDRx %d failed\n", SrcRegDrx), VERR_EM_INTERPRETER);
2274 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2275 {
2276 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2277 }
2278 else
2279 rc = DISWriteReg32(pRegFrame, DestRegGen, (uint32_t)val64);
2280
2281 if (VBOX_SUCCESS(rc))
2282 return VINF_SUCCESS;
2283
2284 return VERR_EM_INTERPRETER;
2285}
2286
2287
2288/**
2289 * MOV DRx
2290 */
2291static int emInterpretMovDRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2292{
2293 int rc = VERR_EM_INTERPRETER;
2294
2295 if((pCpu->param1.flags == USE_REG_GEN32 || pCpu->param1.flags == USE_REG_GEN64) && pCpu->param2.flags == USE_REG_DBG)
2296 {
2297 rc = EMInterpretDRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen, pCpu->param2.base.reg_dbg);
2298 }
2299 else
2300 if(pCpu->param1.flags == USE_REG_DBG && (pCpu->param2.flags == USE_REG_GEN32 || pCpu->param2.flags == USE_REG_GEN64))
2301 {
2302 rc = EMInterpretDRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_dbg, pCpu->param2.base.reg_gen);
2303 }
2304 else
2305 AssertMsgFailed(("Unexpected debug register move\n"));
2306
2307 return rc;
2308}
2309
2310
2311/**
2312 * LLDT Emulation.
2313 */
2314static int emInterpretLLdt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2315{
2316 OP_PARAMVAL param1;
2317 RTSEL sel;
2318
2319 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2320 if(VBOX_FAILURE(rc))
2321 return VERR_EM_INTERPRETER;
2322
2323 switch(param1.type)
2324 {
2325 case PARMTYPE_ADDRESS:
2326 return VERR_EM_INTERPRETER; //feeling lazy right now
2327
2328 case PARMTYPE_IMMEDIATE:
2329 if(!(param1.flags & PARAM_VAL16))
2330 return VERR_EM_INTERPRETER;
2331 sel = (RTSEL)param1.val.val16;
2332 break;
2333
2334 default:
2335 return VERR_EM_INTERPRETER;
2336 }
2337
2338 if (sel == 0)
2339 {
2340 if (CPUMGetHyperLDTR(pVM) == 0)
2341 {
2342 // this simple case is most frequent in Windows 2000 (31k - boot & shutdown)
2343 return VINF_SUCCESS;
2344 }
2345 }
2346 //still feeling lazy
2347 return VERR_EM_INTERPRETER;
2348}
2349
2350#ifdef IN_RING0
2351/**
2352 * LIDT/LGDT Emulation.
2353 */
2354static int emInterpretLIGdt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2355{
2356 OP_PARAMVAL param1;
2357 RTGCPTR pParam1;
2358 X86XDTR32 dtr32;
2359
2360 Log(("Emulate %s at %VGv\n", emGetMnemonic(pCpu), pRegFrame->rip));
2361
2362 /* Only for the VT-x real-mode emulation case. */
2363 if (!CPUMIsGuestInRealMode(pVM))
2364 return VERR_EM_INTERPRETER;
2365
2366 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2367 if(VBOX_FAILURE(rc))
2368 return VERR_EM_INTERPRETER;
2369
2370 switch(param1.type)
2371 {
2372 case PARMTYPE_ADDRESS:
2373 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, param1.val.val16);
2374 break;
2375
2376 default:
2377 return VERR_EM_INTERPRETER;
2378 }
2379
2380 rc = emRamRead(pVM, &dtr32, pParam1, sizeof(dtr32));
2381 AssertRCReturn(rc, VERR_EM_INTERPRETER);
2382
2383 if (!(pCpu->prefix & PREFIX_OPSIZE))
2384 dtr32.uAddr &= 0xffffff; /* 16 bits operand size */
2385
2386 if (pCpu->pCurInstr->opcode == OP_LIDT)
2387 CPUMSetGuestIDTR(pVM, dtr32.uAddr, dtr32.cb);
2388 else
2389 CPUMSetGuestGDTR(pVM, dtr32.uAddr, dtr32.cb);
2390
2391 return VINF_SUCCESS;
2392}
2393#endif
2394
2395
2396#ifdef IN_GC
2397/**
2398 * STI Emulation.
2399 *
2400 * @remark the instruction following sti is guaranteed to be executed before any interrupts are dispatched
2401 */
2402static int emInterpretSti(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2403{
2404 PPATMGCSTATE pGCState = PATMQueryGCState(pVM);
2405
2406 if(!pGCState)
2407 {
2408 Assert(pGCState);
2409 return VERR_EM_INTERPRETER;
2410 }
2411 pGCState->uVMFlags |= X86_EFL_IF;
2412
2413 Assert(pRegFrame->eflags.u32 & X86_EFL_IF);
2414 Assert(pvFault == SELMToFlat(pVM, DIS_SELREG_CS, pRegFrame, (RTGCPTR)pRegFrame->rip));
2415
2416 pVM->em.s.GCPtrInhibitInterrupts = pRegFrame->eip + pCpu->opsize;
2417 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
2418
2419 return VINF_SUCCESS;
2420}
2421#endif /* IN_GC */
2422
2423
2424/**
2425 * HLT Emulation.
2426 */
2427static int emInterpretHlt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2428{
2429 return VINF_EM_HALT;
2430}
2431
2432
2433/**
2434 * Interpret RDTSC
2435 *
2436 * @returns VBox status code.
2437 * @param pVM The VM handle.
2438 * @param pRegFrame The register frame.
2439 *
2440 */
2441VMMDECL(int) EMInterpretRdtsc(PVM pVM, PCPUMCTXCORE pRegFrame)
2442{
2443 unsigned uCR4 = CPUMGetGuestCR4(pVM);
2444
2445 if (uCR4 & X86_CR4_TSD)
2446 return VERR_EM_INTERPRETER; /* genuine #GP */
2447
2448 uint64_t uTicks = TMCpuTickGet(pVM);
2449
2450 /* Same behaviour in 32 & 64 bits mode */
2451 pRegFrame->eax = uTicks;
2452 pRegFrame->edx = (uTicks >> 32ULL);
2453
2454 return VINF_SUCCESS;
2455}
2456
2457
2458/**
2459 * RDTSC Emulation.
2460 */
2461static int emInterpretRdtsc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2462{
2463 return EMInterpretRdtsc(pVM, pRegFrame);
2464}
2465
2466
2467/**
2468 * MONITOR Emulation.
2469 */
2470static int emInterpretMonitor(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2471{
2472 uint32_t u32Dummy, u32ExtFeatures, cpl;
2473
2474 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
2475 if (pRegFrame->ecx != 0)
2476 return VERR_EM_INTERPRETER; /* illegal value. */
2477
2478 /* Get the current privilege level. */
2479 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2480 if (cpl != 0)
2481 return VERR_EM_INTERPRETER; /* supervisor only */
2482
2483 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2484 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2485 return VERR_EM_INTERPRETER; /* not supported */
2486
2487 return VINF_SUCCESS;
2488}
2489
2490
2491/**
2492 * MWAIT Emulation.
2493 */
2494static int emInterpretMWait(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2495{
2496 uint32_t u32Dummy, u32ExtFeatures, cpl;
2497
2498 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
2499 if (pRegFrame->ecx != 0)
2500 return VERR_EM_INTERPRETER; /* illegal value. */
2501
2502 /* Get the current privilege level. */
2503 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2504 if (cpl != 0)
2505 return VERR_EM_INTERPRETER; /* supervisor only */
2506
2507 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2508 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2509 return VERR_EM_INTERPRETER; /* not supported */
2510
2511 /** @todo not completely correct */
2512 return VINF_EM_HALT;
2513}
2514
2515
2516#ifdef LOG_ENABLED
2517static const char *emMSRtoString(uint32_t uMsr)
2518{
2519 switch (uMsr)
2520 {
2521 case MSR_IA32_APICBASE:
2522 return "MSR_IA32_APICBASE";
2523 case MSR_IA32_CR_PAT:
2524 return "MSR_IA32_CR_PAT";
2525 case MSR_IA32_SYSENTER_CS:
2526 return "MSR_IA32_SYSENTER_CS";
2527 case MSR_IA32_SYSENTER_EIP:
2528 return "MSR_IA32_SYSENTER_EIP";
2529 case MSR_IA32_SYSENTER_ESP:
2530 return "MSR_IA32_SYSENTER_ESP";
2531 case MSR_K6_EFER:
2532 return "MSR_K6_EFER";
2533 case MSR_K8_SF_MASK:
2534 return "MSR_K8_SF_MASK";
2535 case MSR_K6_STAR:
2536 return "MSR_K6_STAR";
2537 case MSR_K8_LSTAR:
2538 return "MSR_K8_LSTAR";
2539 case MSR_K8_CSTAR:
2540 return "MSR_K8_CSTAR";
2541 case MSR_K8_FS_BASE:
2542 return "MSR_K8_FS_BASE";
2543 case MSR_K8_GS_BASE:
2544 return "MSR_K8_GS_BASE";
2545 case MSR_K8_KERNEL_GS_BASE:
2546 return "MSR_K8_KERNEL_GS_BASE";
2547 case MSR_IA32_BIOS_SIGN_ID:
2548 return "Unsupported MSR_IA32_BIOS_SIGN_ID";
2549 case MSR_IA32_PLATFORM_ID:
2550 return "Unsupported MSR_IA32_PLATFORM_ID";
2551 case MSR_IA32_BIOS_UPDT_TRIG:
2552 return "Unsupported MSR_IA32_BIOS_UPDT_TRIG";
2553 case MSR_IA32_TSC:
2554 return "Unsupported MSR_IA32_TSC";
2555 case MSR_IA32_MTRR_CAP:
2556 return "Unsupported MSR_IA32_MTRR_CAP";
2557 case MSR_IA32_MCP_CAP:
2558 return "Unsupported MSR_IA32_MCP_CAP";
2559 case MSR_IA32_MCP_STATUS:
2560 return "Unsupported MSR_IA32_MCP_STATUS";
2561 case MSR_IA32_MCP_CTRL:
2562 return "Unsupported MSR_IA32_MCP_CTRL";
2563 case MSR_IA32_MTRR_DEF_TYPE:
2564 return "Unsupported MSR_IA32_MTRR_DEF_TYPE";
2565 case MSR_K7_EVNTSEL0:
2566 return "Unsupported MSR_K7_EVNTSEL0";
2567 case MSR_K7_EVNTSEL1:
2568 return "Unsupported MSR_K7_EVNTSEL1";
2569 case MSR_K7_EVNTSEL2:
2570 return "Unsupported MSR_K7_EVNTSEL2";
2571 case MSR_K7_EVNTSEL3:
2572 return "Unsupported MSR_K7_EVNTSEL3";
2573 case MSR_IA32_MC0_CTL:
2574 return "Unsupported MSR_IA32_MC0_CTL";
2575 case MSR_IA32_MC0_STATUS:
2576 return "Unsupported MSR_IA32_MC0_STATUS";
2577 }
2578 return "Unknown MSR";
2579}
2580#endif /* LOG_ENABLED */
2581
2582
2583/**
2584 * Interpret RDMSR
2585 *
2586 * @returns VBox status code.
2587 * @param pVM The VM handle.
2588 * @param pRegFrame The register frame.
2589 *
2590 */
2591VMMDECL(int) EMInterpretRdmsr(PVM pVM, PCPUMCTXCORE pRegFrame)
2592{
2593 uint32_t u32Dummy, u32Features, cpl;
2594 uint64_t val;
2595 CPUMCTX *pCtx;
2596 int rc = VINF_SUCCESS;
2597
2598 /** @todo According to the Intel manuals, there's a REX version of RDMSR that is slightly different.
2599 * That version clears the high dwords of both RDX & RAX */
2600 pCtx = CPUMQueryGuestCtxPtr(pVM);
2601
2602 /* Get the current privilege level. */
2603 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2604 if (cpl != 0)
2605 return VERR_EM_INTERPRETER; /* supervisor only */
2606
2607 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2608 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2609 return VERR_EM_INTERPRETER; /* not supported */
2610
2611 switch (pRegFrame->ecx)
2612 {
2613 case MSR_IA32_APICBASE:
2614 rc = PDMApicGetBase(pVM, &val);
2615 AssertRC(rc);
2616 break;
2617
2618 case MSR_IA32_CR_PAT:
2619 val = pCtx->msrPAT;
2620 break;
2621
2622 case MSR_IA32_SYSENTER_CS:
2623 val = pCtx->SysEnter.cs;
2624 break;
2625
2626 case MSR_IA32_SYSENTER_EIP:
2627 val = pCtx->SysEnter.eip;
2628 break;
2629
2630 case MSR_IA32_SYSENTER_ESP:
2631 val = pCtx->SysEnter.esp;
2632 break;
2633
2634 case MSR_K6_EFER:
2635 val = pCtx->msrEFER;
2636 break;
2637
2638 case MSR_K8_SF_MASK:
2639 val = pCtx->msrSFMASK;
2640 break;
2641
2642 case MSR_K6_STAR:
2643 val = pCtx->msrSTAR;
2644 break;
2645
2646 case MSR_K8_LSTAR:
2647 val = pCtx->msrLSTAR;
2648 break;
2649
2650 case MSR_K8_CSTAR:
2651 val = pCtx->msrCSTAR;
2652 break;
2653
2654 case MSR_K8_FS_BASE:
2655 val = pCtx->fsHid.u64Base;
2656 break;
2657
2658 case MSR_K8_GS_BASE:
2659 val = pCtx->gsHid.u64Base;
2660 break;
2661
2662 case MSR_K8_KERNEL_GS_BASE:
2663 val = pCtx->msrKERNELGSBASE;
2664 break;
2665
2666#if 0 /*def IN_RING0 */
2667 case MSR_IA32_PLATFORM_ID:
2668 case MSR_IA32_BIOS_SIGN_ID:
2669 if (CPUMGetCPUVendor(pVM) == CPUMCPUVENDOR_INTEL)
2670 {
2671 /* Available since the P6 family. VT-x implies that this feature is present. */
2672 if (pRegFrame->ecx == MSR_IA32_PLATFORM_ID)
2673 val = ASMRdMsr(MSR_IA32_PLATFORM_ID);
2674 else
2675 if (pRegFrame->ecx == MSR_IA32_BIOS_SIGN_ID)
2676 val = ASMRdMsr(MSR_IA32_BIOS_SIGN_ID);
2677 break;
2678 }
2679 /* no break */
2680#endif
2681 default:
2682 /* In X2APIC specification this range is reserved for APIC control. */
2683 if ((pRegFrame->ecx >= MSR_IA32_APIC_START) && (pRegFrame->ecx < MSR_IA32_APIC_END))
2684 rc = PDMApicReadMSR(pVM, VMMGetCpuId(pVM), pRegFrame->ecx, &val);
2685 else
2686 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
2687 val = 0;
2688 break;
2689 }
2690 Log(("EMInterpretRdmsr %s (%x) -> val=%VX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2691 if (rc == VINF_SUCCESS)
2692 {
2693 pRegFrame->eax = (uint32_t) val;
2694 pRegFrame->edx = (uint32_t) (val >> 32ULL);
2695 }
2696 return rc;
2697}
2698
2699
2700/**
2701 * RDMSR Emulation.
2702 */
2703static int emInterpretRdmsr(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2704{
2705 /* Note: the intel manual claims there's a REX version of RDMSR that's slightly different, so we play safe by completely disassembling the instruction. */
2706 Assert(!(pCpu->prefix & PREFIX_REX));
2707 return EMInterpretRdmsr(pVM, pRegFrame);
2708}
2709
2710
2711/**
2712 * Interpret WRMSR
2713 *
2714 * @returns VBox status code.
2715 * @param pVM The VM handle.
2716 * @param pRegFrame The register frame.
2717 */
2718VMMDECL(int) EMInterpretWrmsr(PVM pVM, PCPUMCTXCORE pRegFrame)
2719{
2720 uint32_t u32Dummy, u32Features, cpl;
2721 uint64_t val;
2722 CPUMCTX *pCtx;
2723
2724 /* Note: works the same in 32 and 64 bits modes. */
2725 pCtx = CPUMQueryGuestCtxPtr(pVM);
2726
2727 /* Get the current privilege level. */
2728 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2729 if (cpl != 0)
2730 return VERR_EM_INTERPRETER; /* supervisor only */
2731
2732 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2733 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2734 return VERR_EM_INTERPRETER; /* not supported */
2735
2736 val = RT_MAKE_U64(pRegFrame->eax, pRegFrame->edx);
2737 Log(("EMInterpretWrmsr %s (%x) val=%VX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2738 switch (pRegFrame->ecx)
2739 {
2740 case MSR_IA32_APICBASE:
2741 {
2742 int rc = PDMApicSetBase(pVM, val);
2743 AssertRC(rc);
2744 break;
2745 }
2746
2747 case MSR_IA32_CR_PAT:
2748 pCtx->msrPAT = val;
2749 break;
2750
2751 case MSR_IA32_SYSENTER_CS:
2752 pCtx->SysEnter.cs = val & 0xffff; /* 16 bits selector */
2753 break;
2754
2755 case MSR_IA32_SYSENTER_EIP:
2756 pCtx->SysEnter.eip = val;
2757 break;
2758
2759 case MSR_IA32_SYSENTER_ESP:
2760 pCtx->SysEnter.esp = val;
2761 break;
2762
2763 case MSR_K6_EFER:
2764 {
2765 uint64_t uMask = 0;
2766 uint64_t oldval = pCtx->msrEFER;
2767
2768 /* Filter out those bits the guest is allowed to change. (e.g. LMA is read-only) */
2769 CPUMGetGuestCpuId(pVM, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2770 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_NX)
2771 uMask |= MSR_K6_EFER_NXE;
2772 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_LONG_MODE)
2773 uMask |= MSR_K6_EFER_LME;
2774 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_SEP)
2775 uMask |= MSR_K6_EFER_SCE;
2776 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_FFXSR)
2777 uMask |= MSR_K6_EFER_FFXSR;
2778
2779 /* Check for illegal MSR_K6_EFER_LME transitions: not allowed to change LME if paging is enabled. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2780 if ( ((pCtx->msrEFER & MSR_K6_EFER_LME) != (val & uMask & MSR_K6_EFER_LME))
2781 && (pCtx->cr0 & X86_CR0_PG))
2782 {
2783 AssertMsgFailed(("Illegal MSR_K6_EFER_LME change: paging is enabled!!\n"));
2784 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2785 }
2786
2787 /* There are a few more: e.g. MSR_K6_EFER_LMSLE */
2788 AssertMsg(!(val & ~(MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA /* ignored anyway */ |MSR_K6_EFER_SCE|MSR_K6_EFER_FFXSR)), ("Unexpected value %RX64\n", val));
2789 pCtx->msrEFER = (pCtx->msrEFER & ~uMask) | (val & uMask);
2790
2791 /* AMD64 Achitecture Programmer's Manual: 15.15 TLB Control; flush the TLB if MSR_K6_EFER_NXE, MSR_K6_EFER_LME or MSR_K6_EFER_LMA are changed. */
2792 if ((oldval & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)) != (pCtx->msrEFER & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)))
2793 HWACCMFlushTLB(pVM);
2794
2795 break;
2796 }
2797
2798 case MSR_K8_SF_MASK:
2799 pCtx->msrSFMASK = val;
2800 break;
2801
2802 case MSR_K6_STAR:
2803 pCtx->msrSTAR = val;
2804 break;
2805
2806 case MSR_K8_LSTAR:
2807 pCtx->msrLSTAR = val;
2808 break;
2809
2810 case MSR_K8_CSTAR:
2811 pCtx->msrCSTAR = val;
2812 break;
2813
2814 case MSR_K8_FS_BASE:
2815 pCtx->fsHid.u64Base = val;
2816 break;
2817
2818 case MSR_K8_GS_BASE:
2819 pCtx->gsHid.u64Base = val;
2820 break;
2821
2822 case MSR_K8_KERNEL_GS_BASE:
2823 pCtx->msrKERNELGSBASE = val;
2824 break;
2825
2826 default:
2827 /* In X2APIC specification this range is reserved for APIC control. */
2828 if ((pRegFrame->ecx >= MSR_IA32_APIC_START) && (pRegFrame->ecx < MSR_IA32_APIC_END))
2829 return PDMApicWriteMSR(pVM, VMMGetCpuId(pVM), pRegFrame->ecx, val);
2830
2831 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
2832 break;
2833 }
2834 return VINF_SUCCESS;
2835}
2836
2837
2838/**
2839 * WRMSR Emulation.
2840 */
2841static int emInterpretWrmsr(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2842{
2843 return EMInterpretWrmsr(pVM, pRegFrame);
2844}
2845
2846
2847/**
2848 * Internal worker.
2849 * @copydoc EMInterpretInstructionCPU
2850 */
2851DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2852{
2853 Assert(pcbSize);
2854 *pcbSize = 0;
2855
2856 /*
2857 * Only supervisor guest code!!
2858 * And no complicated prefixes.
2859 */
2860 /* Get the current privilege level. */
2861 uint32_t cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2862 if ( cpl != 0
2863 && pCpu->pCurInstr->opcode != OP_RDTSC) /* rdtsc requires emulation in ring 3 as well */
2864 {
2865 Log(("WARNING: refusing instruction emulation for user-mode code!!\n"));
2866 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedUserMode));
2867 return VERR_EM_INTERPRETER;
2868 }
2869
2870#ifdef IN_GC
2871 if ( (pCpu->prefix & (PREFIX_REPNE | PREFIX_REP))
2872 || ( (pCpu->prefix & PREFIX_LOCK)
2873 && pCpu->pCurInstr->opcode != OP_CMPXCHG
2874 && pCpu->pCurInstr->opcode != OP_CMPXCHG8B
2875 && pCpu->pCurInstr->opcode != OP_XADD
2876 && pCpu->pCurInstr->opcode != OP_OR
2877 && pCpu->pCurInstr->opcode != OP_BTR
2878 )
2879 )
2880#else
2881 if ( (pCpu->prefix & PREFIX_REPNE)
2882 || ( (pCpu->prefix & PREFIX_REP)
2883 && pCpu->pCurInstr->opcode != OP_STOSWD
2884 )
2885 || ( (pCpu->prefix & PREFIX_LOCK)
2886 && pCpu->pCurInstr->opcode != OP_OR
2887 && pCpu->pCurInstr->opcode != OP_BTR
2888 && pCpu->pCurInstr->opcode != OP_CMPXCHG
2889 && pCpu->pCurInstr->opcode != OP_CMPXCHG8B
2890 )
2891 )
2892#endif
2893 {
2894 //Log(("EMInterpretInstruction: wrong prefix!!\n"));
2895 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedPrefix));
2896 return VERR_EM_INTERPRETER;
2897 }
2898
2899 int rc;
2900#if (defined(VBOX_STRICT) || defined(LOG_ENABLED))
2901 LogFlow(("emInterpretInstructionCPU %s\n", emGetMnemonic(pCpu)));
2902#endif
2903 switch (pCpu->pCurInstr->opcode)
2904 {
2905# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
2906 case opcode:\
2907 if (pCpu->prefix & PREFIX_LOCK) \
2908 rc = emInterpretLock##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulateLock); \
2909 else \
2910 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
2911 if (VBOX_SUCCESS(rc)) \
2912 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2913 else \
2914 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2915 return rc
2916#define INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate) \
2917 case opcode:\
2918 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
2919 if (VBOX_SUCCESS(rc)) \
2920 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2921 else \
2922 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2923 return rc
2924
2925#define INTERPRET_CASE_EX_PARAM2(opcode, Instr, InstrFn, pfnEmulate) \
2926 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
2927#define INTERPRET_CASE_EX_LOCK_PARAM2(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
2928 INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock)
2929
2930#define INTERPRET_CASE(opcode, Instr) \
2931 case opcode:\
2932 rc = emInterpret##Instr(pVM, pCpu, pRegFrame, pvFault, pcbSize); \
2933 if (VBOX_SUCCESS(rc)) \
2934 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2935 else \
2936 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2937 return rc
2938
2939#define INTERPRET_CASE_EX_DUAL_PARAM2(opcode, Instr, InstrFn) \
2940 case opcode:\
2941 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize); \
2942 if (VBOX_SUCCESS(rc)) \
2943 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2944 else \
2945 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2946 return rc
2947
2948#define INTERPRET_STAT_CASE(opcode, Instr) \
2949 case opcode: STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); return VERR_EM_INTERPRETER;
2950
2951 INTERPRET_CASE(OP_XCHG,Xchg);
2952 INTERPRET_CASE_EX_PARAM2(OP_DEC,Dec, IncDec, EMEmulateDec);
2953 INTERPRET_CASE_EX_PARAM2(OP_INC,Inc, IncDec, EMEmulateInc);
2954 INTERPRET_CASE(OP_POP,Pop);
2955 INTERPRET_CASE_EX_LOCK_PARAM3(OP_OR, Or, OrXorAnd, EMEmulateOr, EMEmulateLockOr);
2956 INTERPRET_CASE_EX_PARAM3(OP_XOR,Xor, OrXorAnd, EMEmulateXor);
2957 INTERPRET_CASE_EX_PARAM3(OP_AND,And, OrXorAnd, EMEmulateAnd);
2958 INTERPRET_CASE(OP_MOV,Mov);
2959#ifndef IN_GC
2960 INTERPRET_CASE(OP_STOSWD,StosWD);
2961#endif
2962 INTERPRET_CASE(OP_INVLPG,InvlPg);
2963 INTERPRET_CASE(OP_CPUID,CpuId);
2964 INTERPRET_CASE(OP_MOV_CR,MovCRx);
2965 INTERPRET_CASE(OP_MOV_DR,MovDRx);
2966 INTERPRET_CASE(OP_LLDT,LLdt);
2967#ifdef IN_RING0
2968 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LIDT, LIdt, LIGdt);
2969 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LGDT, LGdt, LIGdt);
2970#endif
2971 INTERPRET_CASE(OP_LMSW,Lmsw);
2972 INTERPRET_CASE(OP_CLTS,Clts);
2973 INTERPRET_CASE(OP_MONITOR, Monitor);
2974 INTERPRET_CASE(OP_MWAIT, MWait);
2975 INTERPRET_CASE(OP_RDMSR, Rdmsr);
2976 INTERPRET_CASE(OP_WRMSR, Wrmsr);
2977 INTERPRET_CASE_EX_PARAM3(OP_ADD,Add, AddSub, EMEmulateAdd);
2978 INTERPRET_CASE_EX_PARAM3(OP_SUB,Sub, AddSub, EMEmulateSub);
2979 INTERPRET_CASE(OP_ADC,Adc);
2980 INTERPRET_CASE_EX_LOCK_PARAM2(OP_BTR,Btr, BitTest, EMEmulateBtr, EMEmulateLockBtr);
2981 INTERPRET_CASE_EX_PARAM2(OP_BTS,Bts, BitTest, EMEmulateBts);
2982 INTERPRET_CASE_EX_PARAM2(OP_BTC,Btc, BitTest, EMEmulateBtc);
2983 INTERPRET_CASE(OP_RDTSC,Rdtsc);
2984 INTERPRET_CASE(OP_CMPXCHG, CmpXchg);
2985#ifdef IN_GC
2986 INTERPRET_CASE(OP_STI,Sti);
2987 INTERPRET_CASE(OP_XADD, XAdd);
2988#endif
2989 INTERPRET_CASE(OP_CMPXCHG8B, CmpXchg8b);
2990 INTERPRET_CASE(OP_HLT,Hlt);
2991 INTERPRET_CASE(OP_IRET,Iret);
2992 INTERPRET_CASE(OP_WBINVD,WbInvd);
2993#ifdef VBOX_WITH_STATISTICS
2994#ifndef IN_GC
2995 INTERPRET_STAT_CASE(OP_XADD, XAdd);
2996#endif
2997 INTERPRET_STAT_CASE(OP_MOVNTPS,MovNTPS);
2998#endif
2999 default:
3000 Log3(("emInterpretInstructionCPU: opcode=%d\n", pCpu->pCurInstr->opcode));
3001 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedMisc));
3002 return VERR_EM_INTERPRETER;
3003#undef INTERPRET_CASE_EX_PARAM2
3004#undef INTERPRET_STAT_CASE
3005#undef INTERPRET_CASE_EX
3006#undef INTERPRET_CASE
3007 }
3008 AssertFailed();
3009 return VERR_INTERNAL_ERROR;
3010}
3011
3012
3013/**
3014 * Sets the PC for which interrupts should be inhibited.
3015 *
3016 * @param pVM The VM handle.
3017 * @param PC The PC.
3018 */
3019VMMDECL(void) EMSetInhibitInterruptsPC(PVM pVM, RTGCUINTPTR PC)
3020{
3021 pVM->em.s.GCPtrInhibitInterrupts = PC;
3022 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
3023}
3024
3025
3026/**
3027 * Gets the PC for which interrupts should be inhibited.
3028 *
3029 * There are a few instructions which inhibits or delays interrupts
3030 * for the instruction following them. These instructions are:
3031 * - STI
3032 * - MOV SS, r/m16
3033 * - POP SS
3034 *
3035 * @returns The PC for which interrupts should be inhibited.
3036 * @param pVM VM handle.
3037 *
3038 */
3039VMMDECL(RTGCUINTPTR) EMGetInhibitInterruptsPC(PVM pVM)
3040{
3041 return pVM->em.s.GCPtrInhibitInterrupts;
3042}
3043
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette