VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/EMAll.cpp@ 13161

Last change on this file since 13161 was 13161, checked in by vboxsync, 16 years ago

Emulate WBINVD

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 97.1 KB
Line 
1/* $Id: EMAll.cpp 13161 2008-10-10 11:01:14Z vboxsync $ */
2/** @file
3 * EM - Execution Monitor(/Manager) - All contexts
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Header Files *
24*******************************************************************************/
25#define LOG_GROUP LOG_GROUP_EM
26#include <VBox/em.h>
27#include <VBox/mm.h>
28#include <VBox/selm.h>
29#include <VBox/patm.h>
30#include <VBox/csam.h>
31#include <VBox/pgm.h>
32#include <VBox/iom.h>
33#include <VBox/stam.h>
34#include "EMInternal.h"
35#include <VBox/vm.h>
36#include <VBox/vmm.h>
37#include <VBox/hwaccm.h>
38#include <VBox/tm.h>
39#include <VBox/pdmapi.h>
40
41#include <VBox/param.h>
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/log.h>
46#include <iprt/assert.h>
47#include <iprt/asm.h>
48#include <iprt/string.h>
49
50
51/*******************************************************************************
52* Defined Constants And Macros *
53*******************************************************************************/
54/** @def EM_ASSERT_FAULT_RETURN
55 * Safety check.
56 *
57 * Could in theory it misfire on a cross page boundary access...
58 *
59 * Currently disabled because the CSAM (+ PATM) patch monitoring occationally
60 * turns up an alias page instead of the original faulting one and annoying the
61 * heck out of anyone running a debug build. See @bugref{2609} and @bugref{1931}.
62 */
63#if 0
64# define EM_ASSERT_FAULT_RETURN(expr, rc) AssertReturn(expr, rc)
65#else
66# define EM_ASSERT_FAULT_RETURN(expr, rc) do { } while (0)
67#endif
68
69
70/*******************************************************************************
71* Internal Functions *
72*******************************************************************************/
73DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize);
74
75
76
77/**
78 * Get the current execution manager status.
79 *
80 * @returns Current status.
81 */
82VMMDECL(EMSTATE) EMGetState(PVM pVM)
83{
84 return pVM->em.s.enmState;
85}
86
87
88/**
89 * Flushes the REM translation blocks the next time we execute code there.
90 *
91 * @param pVM The VM handle.
92 *
93 * @todo This doesn't belong here, it should go in REMAll.cpp!
94 */
95VMMDECL(void) EMFlushREMTBs(PVM pVM)
96{
97 Log(("EMFlushREMTBs\n"));
98 pVM->em.s.fREMFlushTBs = true;
99}
100
101#ifndef IN_GC
102
103/**
104 * Read callback for disassembly function; supports reading bytes that cross a page boundary
105 *
106 * @returns VBox status code.
107 * @param pSrc GC source pointer
108 * @param pDest HC destination pointer
109 * @param cb Number of bytes to read
110 * @param dwUserdata Callback specific user data (pCpu)
111 *
112 */
113DECLCALLBACK(int) EMReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned cb, void *pvUserdata)
114{
115 DISCPUSTATE *pCpu = (DISCPUSTATE *)pvUserdata;
116 PVM pVM = (PVM)pCpu->apvUserData[0];
117# ifdef IN_RING0
118 int rc = PGMPhysSimpleReadGCPtr(pVM, pDest, pSrc, cb);
119 AssertMsgRC(rc, ("PGMPhysSimpleReadGCPtr failed for pSrc=%VGv cb=%x\n", pSrc, cb));
120# else /* IN_RING3 */
121 if (!PATMIsPatchGCAddr(pVM, pSrc))
122 {
123 int rc = PGMPhysSimpleReadGCPtr(pVM, pDest, pSrc, cb);
124 AssertRC(rc);
125 }
126 else
127 {
128 for (uint32_t i = 0; i < cb; i++)
129 {
130 uint8_t opcode;
131 if (VBOX_SUCCESS(PATMR3QueryOpcode(pVM, (RTGCPTR)pSrc + i, &opcode)))
132 {
133 *(pDest+i) = opcode;
134 }
135 }
136 }
137# endif /* IN_RING3 */
138 return VINF_SUCCESS;
139}
140
141DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
142{
143 return DISCoreOneEx(InstrGC, pCpu->mode, EMReadBytes, pVM, pCpu, pOpsize);
144}
145
146#else /* IN_GC */
147
148DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
149{
150 return DISCoreOne(pCpu, InstrGC, pOpsize);
151}
152
153#endif /* IN_GC */
154
155
156/**
157 * Disassembles one instruction.
158 *
159 * @param pVM The VM handle.
160 * @param pCtxCore The context core (used for both the mode and instruction).
161 * @param pCpu Where to return the parsed instruction info.
162 * @param pcbInstr Where to return the instruction size. (optional)
163 */
164VMMDECL(int) EMInterpretDisasOne(PVM pVM, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
165{
166 RTGCPTR GCPtrInstr;
167 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pCtxCore, pCtxCore->rip, 0, &GCPtrInstr);
168 if (VBOX_FAILURE(rc))
169 {
170 Log(("EMInterpretDisasOne: Failed to convert %RTsel:%VGv (cpl=%d) - rc=%Vrc !!\n",
171 pCtxCore->cs, pCtxCore->rip, pCtxCore->ss & X86_SEL_RPL, rc));
172 return rc;
173 }
174 return EMInterpretDisasOneEx(pVM, (RTGCUINTPTR)GCPtrInstr, pCtxCore, pCpu, pcbInstr);
175}
176
177
178/**
179 * Disassembles one instruction.
180 *
181 * This is used by internally by the interpreter and by trap/access handlers.
182 *
183 * @param pVM The VM handle.
184 * @param GCPtrInstr The flat address of the instruction.
185 * @param pCtxCore The context core (used to determin the cpu mode).
186 * @param pCpu Where to return the parsed instruction info.
187 * @param pcbInstr Where to return the instruction size. (optional)
188 */
189VMMDECL(int) EMInterpretDisasOneEx(PVM pVM, RTGCUINTPTR GCPtrInstr, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
190{
191 int rc = DISCoreOneEx(GCPtrInstr, SELMGetCpuModeFromSelector(pVM, pCtxCore->eflags, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid),
192#ifdef IN_GC
193 NULL, NULL,
194#else
195 EMReadBytes, pVM,
196#endif
197 pCpu, pcbInstr);
198 if (VBOX_SUCCESS(rc))
199 return VINF_SUCCESS;
200 AssertMsgFailed(("DISCoreOne failed to GCPtrInstr=%VGv rc=%Vrc\n", GCPtrInstr, rc));
201 return VERR_INTERNAL_ERROR;
202}
203
204
205/**
206 * Interprets the current instruction.
207 *
208 * @returns VBox status code.
209 * @retval VINF_* Scheduling instructions.
210 * @retval VERR_EM_INTERPRETER Something we can't cope with.
211 * @retval VERR_* Fatal errors.
212 *
213 * @param pVM The VM handle.
214 * @param pRegFrame The register frame.
215 * Updates the EIP if an instruction was executed successfully.
216 * @param pvFault The fault address (CR2).
217 * @param pcbSize Size of the write (if applicable).
218 *
219 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
220 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
221 * to worry about e.g. invalid modrm combinations (!)
222 */
223VMMDECL(int) EMInterpretInstruction(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
224{
225 RTGCPTR pbCode;
226
227 LogFlow(("EMInterpretInstruction %VGv fault %VGv\n", pRegFrame->rip, pvFault));
228 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pRegFrame, pRegFrame->rip, 0, &pbCode);
229 if (VBOX_SUCCESS(rc))
230 {
231 uint32_t cbOp;
232 DISCPUSTATE Cpu;
233 Cpu.mode = SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid);
234 rc = emDisCoreOne(pVM, &Cpu, (RTGCUINTPTR)pbCode, &cbOp);
235 if (VBOX_SUCCESS(rc))
236 {
237 Assert(cbOp == Cpu.opsize);
238 rc = EMInterpretInstructionCPU(pVM, &Cpu, pRegFrame, pvFault, pcbSize);
239 if (VBOX_SUCCESS(rc))
240 {
241 pRegFrame->rip += cbOp; /* Move on to the next instruction. */
242 }
243 return rc;
244 }
245 }
246 return VERR_EM_INTERPRETER;
247}
248
249
250/**
251 * Interprets the current instruction using the supplied DISCPUSTATE structure.
252 *
253 * EIP is *NOT* updated!
254 *
255 * @returns VBox status code.
256 * @retval VINF_* Scheduling instructions. When these are returned, it
257 * starts to get a bit tricky to know whether code was
258 * executed or not... We'll address this when it becomes a problem.
259 * @retval VERR_EM_INTERPRETER Something we can't cope with.
260 * @retval VERR_* Fatal errors.
261 *
262 * @param pVM The VM handle.
263 * @param pCpu The disassembler cpu state for the instruction to be interpreted.
264 * @param pRegFrame The register frame. EIP is *NOT* changed!
265 * @param pvFault The fault address (CR2).
266 * @param pcbSize Size of the write (if applicable).
267 *
268 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
269 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
270 * to worry about e.g. invalid modrm combinations (!)
271 *
272 * @todo At this time we do NOT check if the instruction overwrites vital information.
273 * Make sure this can't happen!! (will add some assertions/checks later)
274 */
275VMMDECL(int) EMInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
276{
277 STAM_PROFILE_START(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
278 int rc = emInterpretInstructionCPU(pVM, pCpu, pRegFrame, pvFault, pcbSize);
279 STAM_PROFILE_STOP(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
280 if (VBOX_SUCCESS(rc))
281 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretSucceeded));
282 else
283 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretFailed));
284 return rc;
285}
286
287
288/**
289 * Interpret a port I/O instruction.
290 *
291 * @returns VBox status code suitable for scheduling.
292 * @param pVM The VM handle.
293 * @param pCtxCore The context core. This will be updated on successful return.
294 * @param pCpu The instruction to interpret.
295 * @param cbOp The size of the instruction.
296 * @remark This may raise exceptions.
297 */
298VMMDECL(int) EMInterpretPortIO(PVM pVM, PCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, uint32_t cbOp)
299{
300 /*
301 * Hand it on to IOM.
302 */
303#ifdef IN_GC
304 int rc = IOMGCIOPortHandler(pVM, pCtxCore, pCpu);
305 if (IOM_SUCCESS(rc))
306 pCtxCore->rip += cbOp;
307 return rc;
308#else
309 AssertReleaseMsgFailed(("not implemented\n"));
310 return VERR_NOT_IMPLEMENTED;
311#endif
312}
313
314
315DECLINLINE(int) emRamRead(PVM pVM, void *pDest, RTGCPTR GCSrc, uint32_t cb)
316{
317#ifdef IN_GC
318 int rc = MMGCRamRead(pVM, pDest, (void *)GCSrc, cb);
319 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
320 return rc;
321 /*
322 * The page pool cache may end up here in some cases because it
323 * flushed one of the shadow mappings used by the trapping
324 * instruction and it either flushed the TLB or the CPU reused it.
325 */
326 RTGCPHYS GCPhys;
327 rc = PGMPhysGCPtr2GCPhys(pVM, GCSrc, &GCPhys);
328 AssertRCReturn(rc, rc);
329 PGMPhysRead(pVM, GCPhys, pDest, cb);
330 return VINF_SUCCESS;
331#else
332 return PGMPhysReadGCPtr(pVM, pDest, GCSrc, cb);
333#endif
334}
335
336
337DECLINLINE(int) emRamWrite(PVM pVM, RTGCPTR GCDest, void *pSrc, uint32_t cb)
338{
339#ifdef IN_GC
340 int rc = MMGCRamWrite(pVM, (void *)GCDest, pSrc, cb);
341 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
342 return rc;
343 /*
344 * The page pool cache may end up here in some cases because it
345 * flushed one of the shadow mappings used by the trapping
346 * instruction and it either flushed the TLB or the CPU reused it.
347 * We want to play safe here, verifying that we've got write
348 * access doesn't cost us much (see PGMPhysGCPtr2GCPhys()).
349 */
350 uint64_t fFlags;
351 RTGCPHYS GCPhys;
352 rc = PGMGstGetPage(pVM, GCDest, &fFlags, &GCPhys);
353 if (RT_FAILURE(rc))
354 return rc;
355 if ( !(fFlags & X86_PTE_RW)
356 && (CPUMGetGuestCR0(pVM) & X86_CR0_WP))
357 return VERR_ACCESS_DENIED;
358
359 PGMPhysWrite(pVM, GCPhys + ((RTGCUINTPTR)GCDest & PAGE_OFFSET_MASK), pSrc, cb);
360 return VINF_SUCCESS;
361
362#else
363 return PGMPhysWriteGCPtr(pVM, GCDest, pSrc, cb);
364#endif
365}
366
367
368/* Convert sel:addr to a flat GC address */
369static RTGCPTR emConvertToFlatAddr(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, POP_PARAMETER pParam, RTGCPTR pvAddr)
370{
371 DIS_SELREG enmPrefixSeg = DISDetectSegReg(pCpu, pParam);
372 return SELMToFlat(pVM, enmPrefixSeg, pRegFrame, pvAddr);
373}
374
375
376#if defined(VBOX_STRICT) || defined(LOG_ENABLED)
377/**
378 * Get the mnemonic for the disassembled instruction.
379 *
380 * GC/R0 doesn't include the strings in the DIS tables because
381 * of limited space.
382 */
383static const char *emGetMnemonic(PDISCPUSTATE pCpu)
384{
385 switch (pCpu->pCurInstr->opcode)
386 {
387 case OP_XCHG: return "Xchg";
388 case OP_DEC: return "Dec";
389 case OP_INC: return "Inc";
390 case OP_POP: return "Pop";
391 case OP_OR: return "Or";
392 case OP_AND: return "And";
393 case OP_MOV: return "Mov";
394 case OP_INVLPG: return "InvlPg";
395 case OP_CPUID: return "CpuId";
396 case OP_MOV_CR: return "MovCRx";
397 case OP_MOV_DR: return "MovDRx";
398 case OP_LLDT: return "LLdt";
399 case OP_LGDT: return "LGdt";
400 case OP_LIDT: return "LGdt";
401 case OP_CLTS: return "Clts";
402 case OP_MONITOR: return "Monitor";
403 case OP_MWAIT: return "MWait";
404 case OP_RDMSR: return "Rdmsr";
405 case OP_WRMSR: return "Wrmsr";
406 case OP_ADD: return "Add";
407 case OP_ADC: return "Adc";
408 case OP_SUB: return "Sub";
409 case OP_SBB: return "Sbb";
410 case OP_RDTSC: return "Rdtsc";
411 case OP_STI: return "Sti";
412 case OP_XADD: return "XAdd";
413 case OP_HLT: return "Hlt";
414 case OP_IRET: return "Iret";
415 case OP_MOVNTPS: return "MovNTPS";
416 case OP_STOSWD: return "StosWD";
417 case OP_WBINVD: return "WbInvd";
418 case OP_XOR: return "Xor";
419 case OP_BTR: return "Btr";
420 case OP_BTS: return "Bts";
421 case OP_BTC: return "Btc";
422 case OP_CMPXCHG: return pCpu->prefix & PREFIX_LOCK ? "Lock CmpXchg" : "CmpXchg";
423 case OP_CMPXCHG8B: return pCpu->prefix & PREFIX_LOCK ? "Lock CmpXchg8b" : "CmpXchg8b";
424
425 default:
426 Log(("Unknown opcode %d\n", pCpu->pCurInstr->opcode));
427 return "???";
428 }
429}
430#endif /* VBOX_STRICT || LOG_ENABLED */
431
432
433/**
434 * XCHG instruction emulation.
435 */
436static int emInterpretXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
437{
438 OP_PARAMVAL param1, param2;
439
440 /* Source to make DISQueryParamVal read the register value - ugly hack */
441 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
442 if(VBOX_FAILURE(rc))
443 return VERR_EM_INTERPRETER;
444
445 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
446 if(VBOX_FAILURE(rc))
447 return VERR_EM_INTERPRETER;
448
449#ifdef IN_GC
450 if (TRPMHasTrap(pVM))
451 {
452 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
453 {
454#endif
455 RTGCPTR pParam1 = 0, pParam2 = 0;
456 uint64_t valpar1, valpar2;
457
458 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
459 switch(param1.type)
460 {
461 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
462 valpar1 = param1.val.val64;
463 break;
464
465 case PARMTYPE_ADDRESS:
466 pParam1 = (RTGCPTR)param1.val.val64;
467 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
468 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
469 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
470 if (VBOX_FAILURE(rc))
471 {
472 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
473 return VERR_EM_INTERPRETER;
474 }
475 break;
476
477 default:
478 AssertFailed();
479 return VERR_EM_INTERPRETER;
480 }
481
482 switch(param2.type)
483 {
484 case PARMTYPE_ADDRESS:
485 pParam2 = (RTGCPTR)param2.val.val64;
486 pParam2 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pParam2);
487 EM_ASSERT_FAULT_RETURN(pParam2 == pvFault, VERR_EM_INTERPRETER);
488 rc = emRamRead(pVM, &valpar2, pParam2, param2.size);
489 if (VBOX_FAILURE(rc))
490 {
491 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
492 }
493 break;
494
495 case PARMTYPE_IMMEDIATE:
496 valpar2 = param2.val.val64;
497 break;
498
499 default:
500 AssertFailed();
501 return VERR_EM_INTERPRETER;
502 }
503
504 /* Write value of parameter 2 to parameter 1 (reg or memory address) */
505 if (pParam1 == 0)
506 {
507 Assert(param1.type == PARMTYPE_IMMEDIATE); /* register actually */
508 switch(param1.size)
509 {
510 case 1: //special case for AH etc
511 rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen, (uint8_t )valpar2); break;
512 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen, (uint16_t)valpar2); break;
513 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen, (uint32_t)valpar2); break;
514 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param1.base.reg_gen, valpar2); break;
515 default: AssertFailedReturn(VERR_EM_INTERPRETER);
516 }
517 if (VBOX_FAILURE(rc))
518 return VERR_EM_INTERPRETER;
519 }
520 else
521 {
522 rc = emRamWrite(pVM, pParam1, &valpar2, param1.size);
523 if (VBOX_FAILURE(rc))
524 {
525 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
526 return VERR_EM_INTERPRETER;
527 }
528 }
529
530 /* Write value of parameter 1 to parameter 2 (reg or memory address) */
531 if (pParam2 == 0)
532 {
533 Assert(param2.type == PARMTYPE_IMMEDIATE); /* register actually */
534 switch(param2.size)
535 {
536 case 1: //special case for AH etc
537 rc = DISWriteReg8(pRegFrame, pCpu->param2.base.reg_gen, (uint8_t )valpar1); break;
538 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param2.base.reg_gen, (uint16_t)valpar1); break;
539 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param2.base.reg_gen, (uint32_t)valpar1); break;
540 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param2.base.reg_gen, valpar1); break;
541 default: AssertFailedReturn(VERR_EM_INTERPRETER);
542 }
543 if (VBOX_FAILURE(rc))
544 return VERR_EM_INTERPRETER;
545 }
546 else
547 {
548 rc = emRamWrite(pVM, pParam2, &valpar1, param2.size);
549 if (VBOX_FAILURE(rc))
550 {
551 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
552 return VERR_EM_INTERPRETER;
553 }
554 }
555
556 *pcbSize = param2.size;
557 return VINF_SUCCESS;
558#ifdef IN_GC
559 }
560 }
561#endif
562 return VERR_EM_INTERPRETER;
563}
564
565
566/**
567 * INC and DEC emulation.
568 */
569static int emInterpretIncDec(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
570 PFNEMULATEPARAM2 pfnEmulate)
571{
572 OP_PARAMVAL param1;
573
574 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
575 if(VBOX_FAILURE(rc))
576 return VERR_EM_INTERPRETER;
577
578#ifdef IN_GC
579 if (TRPMHasTrap(pVM))
580 {
581 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
582 {
583#endif
584 RTGCPTR pParam1 = 0;
585 uint64_t valpar1;
586
587 if (param1.type == PARMTYPE_ADDRESS)
588 {
589 pParam1 = (RTGCPTR)param1.val.val64;
590 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
591#ifdef IN_GC
592 /* Safety check (in theory it could cross a page boundary and fault there though) */
593 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
594#endif
595 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
596 if (VBOX_FAILURE(rc))
597 {
598 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
599 return VERR_EM_INTERPRETER;
600 }
601 }
602 else
603 {
604 AssertFailed();
605 return VERR_EM_INTERPRETER;
606 }
607
608 uint32_t eflags;
609
610 eflags = pfnEmulate(&valpar1, param1.size);
611
612 /* Write result back */
613 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
614 if (VBOX_FAILURE(rc))
615 {
616 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
617 return VERR_EM_INTERPRETER;
618 }
619
620 /* Update guest's eflags and finish. */
621 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
622 | (eflags & (X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
623
624 /* All done! */
625 *pcbSize = param1.size;
626 return VINF_SUCCESS;
627#ifdef IN_GC
628 }
629 }
630#endif
631 return VERR_EM_INTERPRETER;
632}
633
634
635/**
636 * POP Emulation.
637 */
638static int emInterpretPop(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
639{
640 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
641 OP_PARAMVAL param1;
642 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
643 if(VBOX_FAILURE(rc))
644 return VERR_EM_INTERPRETER;
645
646#ifdef IN_GC
647 if (TRPMHasTrap(pVM))
648 {
649 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
650 {
651#endif
652 RTGCPTR pParam1 = 0;
653 uint32_t valpar1;
654 RTGCPTR pStackVal;
655
656 /* Read stack value first */
657 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid) == CPUMODE_16BIT)
658 return VERR_EM_INTERPRETER; /* No legacy 16 bits stuff here, please. */
659
660 /* Convert address; don't bother checking limits etc, as we only read here */
661 pStackVal = SELMToFlat(pVM, DIS_SELREG_SS, pRegFrame, (RTGCPTR)pRegFrame->esp);
662 if (pStackVal == 0)
663 return VERR_EM_INTERPRETER;
664
665 rc = emRamRead(pVM, &valpar1, pStackVal, param1.size);
666 if (VBOX_FAILURE(rc))
667 {
668 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
669 return VERR_EM_INTERPRETER;
670 }
671
672 if (param1.type == PARMTYPE_ADDRESS)
673 {
674 pParam1 = (RTGCPTR)param1.val.val64;
675
676 /* pop [esp+xx] uses esp after the actual pop! */
677 AssertCompile(USE_REG_ESP == USE_REG_SP);
678 if ( (pCpu->param1.flags & USE_BASE)
679 && (pCpu->param1.flags & (USE_REG_GEN16|USE_REG_GEN32))
680 && pCpu->param1.base.reg_gen == USE_REG_ESP
681 )
682 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + param1.size);
683
684 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
685 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault || (RTGCPTR)pRegFrame->esp == pvFault, VERR_EM_INTERPRETER);
686 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
687 if (VBOX_FAILURE(rc))
688 {
689 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
690 return VERR_EM_INTERPRETER;
691 }
692
693 /* Update ESP as the last step */
694 pRegFrame->esp += param1.size;
695 }
696 else
697 {
698#ifndef DEBUG_bird // annoying assertion.
699 AssertFailed();
700#endif
701 return VERR_EM_INTERPRETER;
702 }
703
704 /* All done! */
705 *pcbSize = param1.size;
706 return VINF_SUCCESS;
707#ifdef IN_GC
708 }
709 }
710#endif
711 return VERR_EM_INTERPRETER;
712}
713
714
715/**
716 * XOR/OR/AND Emulation.
717 */
718static int emInterpretOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
719 PFNEMULATEPARAM3 pfnEmulate)
720{
721 OP_PARAMVAL param1, param2;
722 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
723 if(VBOX_FAILURE(rc))
724 return VERR_EM_INTERPRETER;
725
726 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
727 if(VBOX_FAILURE(rc))
728 return VERR_EM_INTERPRETER;
729
730#ifdef IN_GC
731 if (TRPMHasTrap(pVM))
732 {
733 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
734 {
735#endif
736 RTGCPTR pParam1;
737 uint64_t valpar1, valpar2;
738
739 if (pCpu->param1.size != pCpu->param2.size)
740 {
741 if (pCpu->param1.size < pCpu->param2.size)
742 {
743 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
744 return VERR_EM_INTERPRETER;
745 }
746 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
747 pCpu->param2.size = pCpu->param1.size;
748 param2.size = param1.size;
749 }
750
751 /* The destination is always a virtual address */
752 if (param1.type == PARMTYPE_ADDRESS)
753 {
754 pParam1 = (RTGCPTR)param1.val.val64;
755 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
756 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
757 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
758 if (VBOX_FAILURE(rc))
759 {
760 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
761 return VERR_EM_INTERPRETER;
762 }
763 }
764 else
765 {
766 AssertFailed();
767 return VERR_EM_INTERPRETER;
768 }
769
770 /* Register or immediate data */
771 switch(param2.type)
772 {
773 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
774 valpar2 = param2.val.val64;
775 break;
776
777 default:
778 AssertFailed();
779 return VERR_EM_INTERPRETER;
780 }
781
782 LogFlow(("emInterpretOrXorAnd %s %VGv %RX64 - %RX64 size %d (%d)\n", emGetMnemonic(pCpu), pParam1, valpar1, valpar2, param2.size, param1.size));
783
784 /* Data read, emulate instruction. */
785 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
786
787 LogFlow(("emInterpretOrXorAnd %s result %RX64\n", emGetMnemonic(pCpu), valpar1));
788
789 /* Update guest's eflags and finish. */
790 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
791 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
792
793 /* And write it back */
794 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
795 if (VBOX_SUCCESS(rc))
796 {
797 /* All done! */
798 *pcbSize = param2.size;
799 return VINF_SUCCESS;
800 }
801#ifdef IN_GC
802 }
803 }
804#endif
805 return VERR_EM_INTERPRETER;
806}
807
808
809/**
810 * LOCK XOR/OR/AND Emulation.
811 */
812static int emInterpretLockOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
813 uint32_t *pcbSize, PFNEMULATELOCKPARAM3 pfnEmulate)
814{
815 void *pvParam1;
816
817 OP_PARAMVAL param1, param2;
818 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
819 if(VBOX_FAILURE(rc))
820 return VERR_EM_INTERPRETER;
821
822 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
823 if(VBOX_FAILURE(rc))
824 return VERR_EM_INTERPRETER;
825
826 if (pCpu->param1.size != pCpu->param2.size)
827 {
828 AssertMsgReturn(pCpu->param1.size >= pCpu->param2.size, /* should never happen! */
829 ("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size),
830 VERR_EM_INTERPRETER);
831
832 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
833 pCpu->param2.size = pCpu->param1.size;
834 param2.size = param1.size;
835 }
836
837 /* The destination is always a virtual address */
838 AssertReturn(param1.type == PARMTYPE_ADDRESS, VERR_EM_INTERPRETER);
839
840 RTGCPTR GCPtrPar1 = param1.val.val64;
841 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
842#ifdef IN_GC
843 pvParam1 = (void *)GCPtrPar1;
844#else
845 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
846 if (VBOX_FAILURE(rc))
847 {
848 AssertRC(rc);
849 return VERR_EM_INTERPRETER;
850 }
851#endif
852
853#ifdef IN_GC
854 /* Safety check (in theory it could cross a page boundary and fault there though) */
855 Assert( TRPMHasTrap(pVM)
856 && (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW));
857 EM_ASSERT_FAULT_RETURN(GCPtrPar1 == pvFault, VERR_EM_INTERPRETER);
858#endif
859
860 /* Register and immediate data == PARMTYPE_IMMEDIATE */
861 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
862 RTGCUINTREG ValPar2 = param2.val.val64;
863
864 /* Try emulate it with a one-shot #PF handler in place. */
865 Log2(("%s %VGv imm%d=%RX64\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
866
867 RTGCUINTREG32 eflags = 0;
868#ifdef IN_GC
869 MMGCRamRegisterTrapHandler(pVM);
870#endif
871 rc = pfnEmulate(pvParam1, ValPar2, pCpu->param2.size, &eflags);
872#ifdef IN_GC
873 MMGCRamDeregisterTrapHandler(pVM);
874#endif
875 if (RT_FAILURE(rc))
876 {
877 Log(("%s %VGv imm%d=%RX64-> emulation failed due to page fault!\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
878 return VERR_EM_INTERPRETER;
879 }
880
881 /* Update guest's eflags and finish. */
882 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
883 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
884
885 *pcbSize = param2.size;
886 return VINF_SUCCESS;
887}
888
889
890/**
891 * ADD, ADC & SUB Emulation.
892 */
893static int emInterpretAddSub(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
894 PFNEMULATEPARAM3 pfnEmulate)
895{
896 OP_PARAMVAL param1, param2;
897 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
898 if(VBOX_FAILURE(rc))
899 return VERR_EM_INTERPRETER;
900
901 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
902 if(VBOX_FAILURE(rc))
903 return VERR_EM_INTERPRETER;
904
905#ifdef IN_GC
906 if (TRPMHasTrap(pVM))
907 {
908 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
909 {
910#endif
911 RTGCPTR pParam1;
912 uint64_t valpar1, valpar2;
913
914 if (pCpu->param1.size != pCpu->param2.size)
915 {
916 if (pCpu->param1.size < pCpu->param2.size)
917 {
918 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->rip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
919 return VERR_EM_INTERPRETER;
920 }
921 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
922 pCpu->param2.size = pCpu->param1.size;
923 param2.size = param1.size;
924 }
925
926 /* The destination is always a virtual address */
927 if (param1.type == PARMTYPE_ADDRESS)
928 {
929 pParam1 = (RTGCPTR)param1.val.val64;
930 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
931 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
932 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
933 if (VBOX_FAILURE(rc))
934 {
935 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
936 return VERR_EM_INTERPRETER;
937 }
938 }
939 else
940 {
941#ifndef DEBUG_bird
942 AssertFailed();
943#endif
944 return VERR_EM_INTERPRETER;
945 }
946
947 /* Register or immediate data */
948 switch(param2.type)
949 {
950 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
951 valpar2 = param2.val.val64;
952 break;
953
954 default:
955 AssertFailed();
956 return VERR_EM_INTERPRETER;
957 }
958
959 /* Data read, emulate instruction. */
960 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
961
962 /* Update guest's eflags and finish. */
963 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
964 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
965
966 /* And write it back */
967 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
968 if (VBOX_SUCCESS(rc))
969 {
970 /* All done! */
971 *pcbSize = param2.size;
972 return VINF_SUCCESS;
973 }
974#ifdef IN_GC
975 }
976 }
977#endif
978 return VERR_EM_INTERPRETER;
979}
980
981
982/**
983 * ADC Emulation.
984 */
985static int emInterpretAdc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
986{
987 if (pRegFrame->eflags.Bits.u1CF)
988 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdcWithCarrySet);
989 else
990 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdd);
991}
992
993
994/**
995 * BTR/C/S Emulation.
996 */
997static int emInterpretBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
998 PFNEMULATEPARAM2UINT32 pfnEmulate)
999{
1000 OP_PARAMVAL param1, param2;
1001 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1002 if(VBOX_FAILURE(rc))
1003 return VERR_EM_INTERPRETER;
1004
1005 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1006 if(VBOX_FAILURE(rc))
1007 return VERR_EM_INTERPRETER;
1008
1009#ifdef IN_GC
1010 if (TRPMHasTrap(pVM))
1011 {
1012 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1013 {
1014#endif
1015 RTGCPTR pParam1;
1016 uint64_t valpar1 = 0, valpar2;
1017 uint32_t eflags;
1018
1019 /* The destination is always a virtual address */
1020 if (param1.type != PARMTYPE_ADDRESS)
1021 return VERR_EM_INTERPRETER;
1022
1023 pParam1 = (RTGCPTR)param1.val.val64;
1024 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
1025
1026 /* Register or immediate data */
1027 switch(param2.type)
1028 {
1029 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1030 valpar2 = param2.val.val64;
1031 break;
1032
1033 default:
1034 AssertFailed();
1035 return VERR_EM_INTERPRETER;
1036 }
1037
1038 Log2(("emInterpret%s: pvFault=%VGv pParam1=%VGv val2=%x\n", emGetMnemonic(pCpu), pvFault, pParam1, valpar2));
1039 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + valpar2/8);
1040 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)pParam1 & ~3) == pvFault, VERR_EM_INTERPRETER);
1041 rc = emRamRead(pVM, &valpar1, pParam1, 1);
1042 if (VBOX_FAILURE(rc))
1043 {
1044 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
1045 return VERR_EM_INTERPRETER;
1046 }
1047
1048 Log2(("emInterpretBtx: val=%x\n", valpar1));
1049 /* Data read, emulate bit test instruction. */
1050 eflags = pfnEmulate(&valpar1, valpar2 & 0x7);
1051
1052 Log2(("emInterpretBtx: val=%x CF=%d\n", valpar1, !!(eflags & X86_EFL_CF)));
1053
1054 /* Update guest's eflags and finish. */
1055 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1056 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1057
1058 /* And write it back */
1059 rc = emRamWrite(pVM, pParam1, &valpar1, 1);
1060 if (VBOX_SUCCESS(rc))
1061 {
1062 /* All done! */
1063 *pcbSize = 1;
1064 return VINF_SUCCESS;
1065 }
1066#ifdef IN_GC
1067 }
1068 }
1069#endif
1070 return VERR_EM_INTERPRETER;
1071}
1072
1073
1074/**
1075 * LOCK BTR/C/S Emulation.
1076 */
1077static int emInterpretLockBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
1078 uint32_t *pcbSize, PFNEMULATELOCKPARAM2 pfnEmulate)
1079{
1080 void *pvParam1;
1081
1082 OP_PARAMVAL param1, param2;
1083 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1084 if(VBOX_FAILURE(rc))
1085 return VERR_EM_INTERPRETER;
1086
1087 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1088 if(VBOX_FAILURE(rc))
1089 return VERR_EM_INTERPRETER;
1090
1091 /* The destination is always a virtual address */
1092 if (param1.type != PARMTYPE_ADDRESS)
1093 return VERR_EM_INTERPRETER;
1094
1095 /* Register and immediate data == PARMTYPE_IMMEDIATE */
1096 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
1097 uint64_t ValPar2 = param2.val.val64;
1098
1099 /* Adjust the parameters so what we're dealing with is a bit within the byte pointed to. */
1100 RTGCPTR GCPtrPar1 = param1.val.val64;
1101 GCPtrPar1 = (GCPtrPar1 + ValPar2 / 8);
1102 ValPar2 &= 7;
1103
1104#ifdef IN_GC
1105 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1106 pvParam1 = (void *)GCPtrPar1;
1107#else
1108 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1109 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1110 if (VBOX_FAILURE(rc))
1111 {
1112 AssertRC(rc);
1113 return VERR_EM_INTERPRETER;
1114 }
1115#endif
1116
1117 Log2(("emInterpretLockBitTest %s: pvFault=%VGv GCPtrPar1=%VGv imm=%RX64\n", emGetMnemonic(pCpu), pvFault, GCPtrPar1, ValPar2));
1118
1119#ifdef IN_GC
1120 Assert(TRPMHasTrap(pVM));
1121 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)GCPtrPar1 & ~(RTGCUINTPTR)3) == pvFault, VERR_EM_INTERPRETER);
1122#endif
1123
1124 /* Try emulate it with a one-shot #PF handler in place. */
1125 RTGCUINTREG32 eflags = 0;
1126#ifdef IN_GC
1127 MMGCRamRegisterTrapHandler(pVM);
1128#endif
1129 rc = pfnEmulate(pvParam1, ValPar2, &eflags);
1130#ifdef IN_GC
1131 MMGCRamDeregisterTrapHandler(pVM);
1132#endif
1133 if (RT_FAILURE(rc))
1134 {
1135 Log(("emInterpretLockBitTest %s: %VGv imm%d=%RX64 -> emulation failed due to page fault!\n",
1136 emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
1137 return VERR_EM_INTERPRETER;
1138 }
1139
1140 Log2(("emInterpretLockBitTest %s: GCPtrPar1=%VGv imm=%VX64 CF=%d\n", emGetMnemonic(pCpu), GCPtrPar1, ValPar2, !!(eflags & X86_EFL_CF)));
1141
1142 /* Update guest's eflags and finish. */
1143 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1144 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1145
1146 *pcbSize = 1;
1147 return VINF_SUCCESS;
1148}
1149
1150
1151/**
1152 * MOV emulation.
1153 */
1154static int emInterpretMov(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1155{
1156 OP_PARAMVAL param1, param2;
1157 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1158 if(VBOX_FAILURE(rc))
1159 return VERR_EM_INTERPRETER;
1160
1161 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1162 if(VBOX_FAILURE(rc))
1163 return VERR_EM_INTERPRETER;
1164
1165#ifdef IN_GC
1166 if (TRPMHasTrap(pVM))
1167 {
1168 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1169 {
1170#else
1171 /** @todo Make this the default and don't rely on TRPM information. */
1172 if (param1.type == PARMTYPE_ADDRESS)
1173 {
1174#endif
1175 RTGCPTR pDest;
1176 uint64_t val64;
1177
1178 switch(param1.type)
1179 {
1180 case PARMTYPE_IMMEDIATE:
1181 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1182 return VERR_EM_INTERPRETER;
1183 /* fallthru */
1184
1185 case PARMTYPE_ADDRESS:
1186 pDest = (RTGCPTR)param1.val.val64;
1187 pDest = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pDest);
1188 break;
1189
1190 default:
1191 AssertFailed();
1192 return VERR_EM_INTERPRETER;
1193 }
1194
1195 switch(param2.type)
1196 {
1197 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
1198 val64 = param2.val.val64;
1199 break;
1200
1201 default:
1202 Log(("emInterpretMov: unexpected type=%d eip=%VGv\n", param2.type, pRegFrame->rip));
1203 return VERR_EM_INTERPRETER;
1204 }
1205#ifdef LOG_ENABLED
1206 if (pCpu->mode == CPUMODE_64BIT)
1207 LogFlow(("EMInterpretInstruction at %VGv: OP_MOV %VGv <- %RX64 (%d) &val32=%VHv\n", pRegFrame->rip, pDest, val64, param2.size, &val64));
1208 else
1209 LogFlow(("EMInterpretInstruction at %VGv: OP_MOV %VGv <- %08X (%d) &val32=%VHv\n", pRegFrame->rip, pDest, (uint32_t)val64, param2.size, &val64));
1210#endif
1211
1212 Assert(param2.size <= 8 && param2.size > 0);
1213 EM_ASSERT_FAULT_RETURN(pDest == pvFault, VERR_EM_INTERPRETER);
1214 rc = emRamWrite(pVM, pDest, &val64, param2.size);
1215 if (VBOX_FAILURE(rc))
1216 return VERR_EM_INTERPRETER;
1217
1218 *pcbSize = param2.size;
1219 }
1220 else
1221 { /* read fault */
1222 RTGCPTR pSrc;
1223 uint64_t val64;
1224
1225 /* Source */
1226 switch(param2.type)
1227 {
1228 case PARMTYPE_IMMEDIATE:
1229 if(!(param2.flags & (PARAM_VAL32|PARAM_VAL64)))
1230 return VERR_EM_INTERPRETER;
1231 /* fallthru */
1232
1233 case PARMTYPE_ADDRESS:
1234 pSrc = (RTGCPTR)param2.val.val64;
1235 pSrc = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pSrc);
1236 break;
1237
1238 default:
1239 return VERR_EM_INTERPRETER;
1240 }
1241
1242 Assert(param1.size <= 8 && param1.size > 0);
1243 EM_ASSERT_FAULT_RETURN(pSrc == pvFault, VERR_EM_INTERPRETER);
1244 rc = emRamRead(pVM, &val64, pSrc, param1.size);
1245 if (VBOX_FAILURE(rc))
1246 return VERR_EM_INTERPRETER;
1247
1248 /* Destination */
1249 switch(param1.type)
1250 {
1251 case PARMTYPE_REGISTER:
1252 switch(param1.size)
1253 {
1254 case 1: rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen, (uint8_t) val64); break;
1255 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen, (uint16_t)val64); break;
1256 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen, (uint32_t)val64); break;
1257 case 8: rc = DISWriteReg64(pRegFrame, pCpu->param1.base.reg_gen, val64); break;
1258 default:
1259 return VERR_EM_INTERPRETER;
1260 }
1261 if (VBOX_FAILURE(rc))
1262 return rc;
1263 break;
1264
1265 default:
1266 return VERR_EM_INTERPRETER;
1267 }
1268#ifdef LOG_ENABLED
1269 if (pCpu->mode == CPUMODE_64BIT)
1270 LogFlow(("EMInterpretInstruction: OP_MOV %VGv -> %RX64 (%d)\n", pSrc, val64, param1.size));
1271 else
1272 LogFlow(("EMInterpretInstruction: OP_MOV %VGv -> %08X (%d)\n", pSrc, (uint32_t)val64, param1.size));
1273#endif
1274 }
1275 return VINF_SUCCESS;
1276#ifdef IN_GC
1277 }
1278#endif
1279 return VERR_EM_INTERPRETER;
1280}
1281
1282
1283#ifndef IN_GC
1284/*
1285 * [REP] STOSWD emulation
1286 *
1287 */
1288static int emInterpretStosWD(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1289{
1290 int rc;
1291 RTGCPTR GCDest, GCOffset;
1292 uint32_t cbSize;
1293 uint64_t cTransfers;
1294 int offIncrement;
1295
1296 /* Don't support any but these three prefix bytes. */
1297 if ((pCpu->prefix & ~(PREFIX_ADDRSIZE|PREFIX_OPSIZE|PREFIX_REP|PREFIX_REX)))
1298 return VERR_EM_INTERPRETER;
1299
1300 switch (pCpu->addrmode)
1301 {
1302 case CPUMODE_16BIT:
1303 GCOffset = pRegFrame->di;
1304 cTransfers = pRegFrame->cx;
1305 break;
1306 case CPUMODE_32BIT:
1307 GCOffset = pRegFrame->edi;
1308 cTransfers = pRegFrame->ecx;
1309 break;
1310 case CPUMODE_64BIT:
1311 GCOffset = pRegFrame->rdi;
1312 cTransfers = pRegFrame->rcx;
1313 break;
1314 default:
1315 AssertFailed();
1316 return VERR_EM_INTERPRETER;
1317 }
1318
1319 GCDest = SELMToFlat(pVM, DIS_SELREG_ES, pRegFrame, GCOffset);
1320 switch (pCpu->opmode)
1321 {
1322 case CPUMODE_16BIT:
1323 cbSize = 2;
1324 break;
1325 case CPUMODE_32BIT:
1326 cbSize = 4;
1327 break;
1328 case CPUMODE_64BIT:
1329 cbSize = 8;
1330 break;
1331 default:
1332 AssertFailed();
1333 return VERR_EM_INTERPRETER;
1334 }
1335
1336 offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cbSize : (signed)cbSize;
1337
1338 if (!(pCpu->prefix & PREFIX_REP))
1339 {
1340 LogFlow(("emInterpretStosWD dest=%04X:%VGv (%VGv) cbSize=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize));
1341
1342 rc = PGMPhysWriteGCPtr(pVM, GCDest, &pRegFrame->rax, cbSize);
1343 if (VBOX_FAILURE(rc))
1344 return VERR_EM_INTERPRETER;
1345 Assert(rc == VINF_SUCCESS);
1346
1347 /* Update (e/r)di. */
1348 switch (pCpu->addrmode)
1349 {
1350 case CPUMODE_16BIT:
1351 pRegFrame->di += offIncrement;
1352 break;
1353 case CPUMODE_32BIT:
1354 pRegFrame->edi += offIncrement;
1355 break;
1356 case CPUMODE_64BIT:
1357 pRegFrame->rdi += offIncrement;
1358 break;
1359 default:
1360 AssertFailed();
1361 return VERR_EM_INTERPRETER;
1362 }
1363
1364 }
1365 else
1366 {
1367 if (!cTransfers)
1368 return VINF_SUCCESS;
1369
1370 LogFlow(("emInterpretStosWD dest=%04X:%VGv (%VGv) cbSize=%d cTransfers=%x DF=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize, cTransfers, pRegFrame->eflags.Bits.u1DF));
1371
1372 /* Access verification first; we currently can't recover properly from traps inside this instruction */
1373 rc = PGMVerifyAccess(pVM, GCDest - (offIncrement > 0) ? 0 : ((cTransfers-1) * cbSize), cTransfers * cbSize, X86_PTE_RW | X86_PTE_US);
1374 if (rc != VINF_SUCCESS)
1375 {
1376 Log(("STOSWD will generate a trap -> recompiler, rc=%d\n", rc));
1377 return VERR_EM_INTERPRETER;
1378 }
1379
1380 /* REP case */
1381 while (cTransfers)
1382 {
1383 rc = PGMPhysWriteGCPtr(pVM, GCDest, &pRegFrame->rax, cbSize);
1384 if (VBOX_FAILURE(rc))
1385 {
1386 rc = VERR_EM_INTERPRETER;
1387 break;
1388 }
1389
1390 Assert(rc == VINF_SUCCESS);
1391 GCOffset += offIncrement;
1392 GCDest += offIncrement;
1393 cTransfers--;
1394 }
1395
1396 /* Update the registers. */
1397 switch (pCpu->addrmode)
1398 {
1399 case CPUMODE_16BIT:
1400 pRegFrame->di = GCOffset;
1401 pRegFrame->cx = cTransfers;
1402 break;
1403 case CPUMODE_32BIT:
1404 pRegFrame->edi = GCOffset;
1405 pRegFrame->ecx = cTransfers;
1406 break;
1407 case CPUMODE_64BIT:
1408 pRegFrame->rdi = GCOffset;
1409 pRegFrame->rcx = cTransfers;
1410 break;
1411 default:
1412 AssertFailed();
1413 return VERR_EM_INTERPRETER;
1414 }
1415 }
1416
1417 *pcbSize = cbSize;
1418 return rc;
1419}
1420#endif
1421
1422
1423/**
1424 * [LOCK] CMPXCHG emulation.
1425 */
1426#ifndef IN_GC
1427static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1428{
1429 OP_PARAMVAL param1, param2;
1430
1431 /* Source to make DISQueryParamVal read the register value - ugly hack */
1432 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1433 if(VBOX_FAILURE(rc))
1434 return VERR_EM_INTERPRETER;
1435
1436 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1437 if(VBOX_FAILURE(rc))
1438 return VERR_EM_INTERPRETER;
1439
1440 RTGCPTR GCPtrPar1;
1441 void *pvParam1;
1442 uint64_t valpar, eflags;
1443
1444 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1445 switch(param1.type)
1446 {
1447 case PARMTYPE_ADDRESS:
1448 GCPtrPar1 = param1.val.val64;
1449 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1450
1451 rc = PGMPhysGCPtr2HCPtr(pVM, GCPtrPar1, &pvParam1);
1452 if (VBOX_FAILURE(rc))
1453 {
1454 AssertRC(rc);
1455 return VERR_EM_INTERPRETER;
1456 }
1457 break;
1458
1459 default:
1460 return VERR_EM_INTERPRETER;
1461 }
1462
1463 switch(param2.type)
1464 {
1465 case PARMTYPE_IMMEDIATE: /* register actually */
1466 valpar = param2.val.val64;
1467 break;
1468
1469 default:
1470 return VERR_EM_INTERPRETER;
1471 }
1472
1473 LogFlow(("%s %VGv rax=%RX64 %RX64\n", emGetMnemonic(pCpu), GCPtrPar1, pRegFrame->rax, valpar));
1474
1475 if (pCpu->prefix & PREFIX_LOCK)
1476 eflags = EMEmulateLockCmpXchg(pvParam1, &pRegFrame->rax, valpar, pCpu->param2.size);
1477 else
1478 eflags = EMEmulateCmpXchg(pvParam1, &pRegFrame->rax, valpar, pCpu->param2.size);
1479
1480 LogFlow(("%s %VGv rax=%RX64 %RX64 ZF=%d\n", emGetMnemonic(pCpu), GCPtrPar1, pRegFrame->rax, valpar, !!(eflags & X86_EFL_ZF)));
1481
1482 /* Update guest's eflags and finish. */
1483 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1484 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1485
1486 *pcbSize = param2.size;
1487 return VINF_SUCCESS;
1488}
1489
1490#else /* IN_GC */
1491static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1492{
1493 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1494 OP_PARAMVAL param1, param2;
1495
1496 /* Source to make DISQueryParamVal read the register value - ugly hack */
1497 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1498 if(VBOX_FAILURE(rc))
1499 return VERR_EM_INTERPRETER;
1500
1501 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1502 if(VBOX_FAILURE(rc))
1503 return VERR_EM_INTERPRETER;
1504
1505 if (TRPMHasTrap(pVM))
1506 {
1507 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1508 {
1509 RTRCPTR pParam1;
1510 uint32_t valpar, eflags;
1511
1512 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1513 switch(param1.type)
1514 {
1515 case PARMTYPE_ADDRESS:
1516 pParam1 = (RTRCPTR)param1.val.val64;
1517 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1518 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1519 break;
1520
1521 default:
1522 return VERR_EM_INTERPRETER;
1523 }
1524
1525 switch(param2.type)
1526 {
1527 case PARMTYPE_IMMEDIATE: /* register actually */
1528 valpar = param2.val.val32;
1529 break;
1530
1531 default:
1532 return VERR_EM_INTERPRETER;
1533 }
1534
1535 LogFlow(("%s %VRv eax=%08x %08x\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, valpar));
1536
1537 MMGCRamRegisterTrapHandler(pVM);
1538 if (pCpu->prefix & PREFIX_LOCK)
1539 rc = EMGCEmulateLockCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1540 else
1541 rc = EMGCEmulateCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1542 MMGCRamDeregisterTrapHandler(pVM);
1543
1544 if (VBOX_FAILURE(rc))
1545 {
1546 Log(("%s %VGv eax=%08x %08x -> emulation failed due to page fault!\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, valpar));
1547 return VERR_EM_INTERPRETER;
1548 }
1549
1550 LogFlow(("%s %VRv eax=%08x %08x ZF=%d\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, valpar, !!(eflags & X86_EFL_ZF)));
1551
1552 /* Update guest's eflags and finish. */
1553 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1554 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1555
1556 *pcbSize = param2.size;
1557 return VINF_SUCCESS;
1558 }
1559 }
1560 return VERR_EM_INTERPRETER;
1561}
1562
1563/*
1564 * [LOCK] CMPXCHG8B emulation.
1565 */
1566static int emInterpretCmpXchg8b(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1567{
1568 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1569 OP_PARAMVAL param1;
1570
1571 /* Source to make DISQueryParamVal read the register value - ugly hack */
1572 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1573 if(VBOX_FAILURE(rc))
1574 return VERR_EM_INTERPRETER;
1575
1576 if (TRPMHasTrap(pVM))
1577 {
1578 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1579 {
1580 RTRCPTR pParam1;
1581 uint32_t eflags;
1582
1583 AssertReturn(pCpu->param1.size == 8, VERR_EM_INTERPRETER);
1584 switch(param1.type)
1585 {
1586 case PARMTYPE_ADDRESS:
1587 pParam1 = (RTRCPTR)param1.val.val64;
1588 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1589 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1590 break;
1591
1592 default:
1593 return VERR_EM_INTERPRETER;
1594 }
1595
1596 LogFlow(("%s %VRv=%08x eax=%08x\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax));
1597
1598 MMGCRamRegisterTrapHandler(pVM);
1599 if (pCpu->prefix & PREFIX_LOCK)
1600 rc = EMGCEmulateLockCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1601 else
1602 rc = EMGCEmulateCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1603 MMGCRamDeregisterTrapHandler(pVM);
1604
1605 if (VBOX_FAILURE(rc))
1606 {
1607 Log(("%s %VGv=%08x eax=%08x -> emulation failed due to page fault!\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax));
1608 return VERR_EM_INTERPRETER;
1609 }
1610
1611 LogFlow(("%s %VGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pCpu), pParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1612
1613 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1614 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1615 | (eflags & (X86_EFL_ZF));
1616
1617 *pcbSize = 8;
1618 return VINF_SUCCESS;
1619 }
1620 }
1621 return VERR_EM_INTERPRETER;
1622}
1623#endif /* IN_GC */
1624
1625
1626/**
1627 * [LOCK] XADD emulation.
1628 */
1629#ifdef IN_GC
1630static int emInterpretXAdd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1631{
1632 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
1633 OP_PARAMVAL param1;
1634 uint32_t *pParamReg2;
1635 size_t cbSizeParamReg2;
1636
1637 /* Source to make DISQueryParamVal read the register value - ugly hack */
1638 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1639 if(VBOX_FAILURE(rc))
1640 return VERR_EM_INTERPRETER;
1641
1642 rc = DISQueryParamRegPtr(pRegFrame, pCpu, &pCpu->param2, (void **)&pParamReg2, &cbSizeParamReg2);
1643 Assert(cbSizeParamReg2 <= 4);
1644 if(VBOX_FAILURE(rc))
1645 return VERR_EM_INTERPRETER;
1646
1647 if (TRPMHasTrap(pVM))
1648 {
1649 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1650 {
1651 RTRCPTR pParam1;
1652 uint32_t eflags;
1653
1654 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1655 switch(param1.type)
1656 {
1657 case PARMTYPE_ADDRESS:
1658 pParam1 = (RTRCPTR)param1.val.val64;
1659 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1660 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1661 break;
1662
1663 default:
1664 return VERR_EM_INTERPRETER;
1665 }
1666
1667 LogFlow(("XAdd %VRv=%08x reg=%08x\n", pParam1, *pParamReg2));
1668
1669 MMGCRamRegisterTrapHandler(pVM);
1670 if (pCpu->prefix & PREFIX_LOCK)
1671 rc = EMGCEmulateLockXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1672 else
1673 rc = EMGCEmulateXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1674 MMGCRamDeregisterTrapHandler(pVM);
1675
1676 if (VBOX_FAILURE(rc))
1677 {
1678 Log(("XAdd %VGv reg=%08x -> emulation failed due to page fault!\n", pParam1, *pParamReg2));
1679 return VERR_EM_INTERPRETER;
1680 }
1681
1682 LogFlow(("XAdd %VGv reg=%08x ZF=%d\n", pParam1, *pParamReg2, !!(eflags & X86_EFL_ZF)));
1683
1684 /* Update guest's eflags and finish. */
1685 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1686 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1687
1688 *pcbSize = cbSizeParamReg2;
1689 return VINF_SUCCESS;
1690 }
1691 }
1692 return VERR_EM_INTERPRETER;
1693}
1694#endif /* IN_GC */
1695
1696
1697#ifdef IN_GC
1698/**
1699 * Interpret IRET (currently only to V86 code)
1700 *
1701 * @returns VBox status code.
1702 * @param pVM The VM handle.
1703 * @param pRegFrame The register frame.
1704 *
1705 */
1706VMMDECL(int) EMInterpretIret(PVM pVM, PCPUMCTXCORE pRegFrame)
1707{
1708 RTGCUINTPTR pIretStack = (RTGCUINTPTR)pRegFrame->esp;
1709 RTGCUINTPTR eip, cs, esp, ss, eflags, ds, es, fs, gs, uMask;
1710 int rc;
1711
1712 Assert(!CPUMIsGuestIn64BitCode(pVM, pRegFrame));
1713
1714 rc = emRamRead(pVM, &eip, (RTGCPTR)pIretStack , 4);
1715 rc |= emRamRead(pVM, &cs, (RTGCPTR)(pIretStack + 4), 4);
1716 rc |= emRamRead(pVM, &eflags, (RTGCPTR)(pIretStack + 8), 4);
1717 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1718 AssertReturn(eflags & X86_EFL_VM, VERR_EM_INTERPRETER);
1719
1720 rc |= emRamRead(pVM, &esp, (RTGCPTR)(pIretStack + 12), 4);
1721 rc |= emRamRead(pVM, &ss, (RTGCPTR)(pIretStack + 16), 4);
1722 rc |= emRamRead(pVM, &es, (RTGCPTR)(pIretStack + 20), 4);
1723 rc |= emRamRead(pVM, &ds, (RTGCPTR)(pIretStack + 24), 4);
1724 rc |= emRamRead(pVM, &fs, (RTGCPTR)(pIretStack + 28), 4);
1725 rc |= emRamRead(pVM, &gs, (RTGCPTR)(pIretStack + 32), 4);
1726 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1727
1728 pRegFrame->eip = eip & 0xffff;
1729 pRegFrame->cs = cs;
1730
1731 /* Mask away all reserved bits */
1732 uMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_ID;
1733 eflags &= uMask;
1734
1735#ifndef IN_RING0
1736 CPUMRawSetEFlags(pVM, pRegFrame, eflags);
1737#endif
1738 Assert((pRegFrame->eflags.u32 & (X86_EFL_IF|X86_EFL_IOPL)) == X86_EFL_IF);
1739
1740 pRegFrame->esp = esp;
1741 pRegFrame->ss = ss;
1742 pRegFrame->ds = ds;
1743 pRegFrame->es = es;
1744 pRegFrame->fs = fs;
1745 pRegFrame->gs = gs;
1746
1747 return VINF_SUCCESS;
1748}
1749#endif /* IN_GC */
1750
1751
1752/**
1753 * IRET Emulation.
1754 */
1755static int emInterpretIret(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1756{
1757 /* only allow direct calls to EMInterpretIret for now */
1758 return VERR_EM_INTERPRETER;
1759}
1760
1761/**
1762 * WBINVD Emulation.
1763 */
1764static int emInterpretWbInvd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1765{
1766 /* Nothing to do. */
1767 return VINF_SUCCESS;
1768}
1769
1770
1771/**
1772 * Interpret INVLPG
1773 *
1774 * @returns VBox status code.
1775 * @param pVM The VM handle.
1776 * @param pRegFrame The register frame.
1777 * @param pAddrGC Operand address
1778 *
1779 */
1780VMMDECL(int) EMInterpretInvlpg(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pAddrGC)
1781{
1782 int rc;
1783
1784 /** @todo is addr always a flat linear address or ds based
1785 * (in absence of segment override prefixes)????
1786 */
1787#ifdef IN_GC
1788 // Note: we could also use PGMFlushPage here, but it currently doesn't always use invlpg!!!!!!!!!!
1789 LogFlow(("GC: EMULATE: invlpg %08X\n", pAddrGC));
1790 rc = PGMGCInvalidatePage(pVM, pAddrGC);
1791#else
1792 rc = PGMInvalidatePage(pVM, pAddrGC);
1793#endif
1794 if (VBOX_SUCCESS(rc))
1795 return VINF_SUCCESS;
1796 Log(("PGMInvalidatePage %VGv returned %VGv (%d)\n", pAddrGC, rc, rc));
1797 Assert(rc == VERR_REM_FLUSHED_PAGES_OVERFLOW);
1798 /** @todo r=bird: we shouldn't ignore returns codes like this... I'm 99% sure the error is fatal. */
1799 return VERR_EM_INTERPRETER;
1800}
1801
1802
1803/**
1804 * INVLPG Emulation.
1805 */
1806static int emInterpretInvlPg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1807{
1808 OP_PARAMVAL param1;
1809 RTGCPTR addr;
1810
1811 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1812 if(VBOX_FAILURE(rc))
1813 return VERR_EM_INTERPRETER;
1814
1815 switch(param1.type)
1816 {
1817 case PARMTYPE_IMMEDIATE:
1818 case PARMTYPE_ADDRESS:
1819 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1820 return VERR_EM_INTERPRETER;
1821 addr = (RTGCPTR)param1.val.val64;
1822 break;
1823
1824 default:
1825 return VERR_EM_INTERPRETER;
1826 }
1827
1828 /** @todo is addr always a flat linear address or ds based
1829 * (in absence of segment override prefixes)????
1830 */
1831#ifdef IN_GC
1832 // Note: we could also use PGMFlushPage here, but it currently doesn't always use invlpg!!!!!!!!!!
1833 LogFlow(("GC: EMULATE: invlpg %08X\n", addr));
1834 rc = PGMGCInvalidatePage(pVM, addr);
1835#else
1836 rc = PGMInvalidatePage(pVM, addr);
1837#endif
1838 if (VBOX_SUCCESS(rc))
1839 return VINF_SUCCESS;
1840 /** @todo r=bird: we shouldn't ignore returns codes like this... I'm 99% sure the error is fatal. */
1841 return VERR_EM_INTERPRETER;
1842}
1843
1844
1845/**
1846 * Interpret CPUID given the parameters in the CPU context
1847 *
1848 * @returns VBox status code.
1849 * @param pVM The VM handle.
1850 * @param pRegFrame The register frame.
1851 *
1852 */
1853VMMDECL(int) EMInterpretCpuId(PVM pVM, PCPUMCTXCORE pRegFrame)
1854{
1855 uint32_t iLeaf = pRegFrame->eax; NOREF(iLeaf);
1856
1857 /* Note: operates the same in 64 and non-64 bits mode. */
1858 CPUMGetGuestCpuId(pVM, pRegFrame->eax, &pRegFrame->eax, &pRegFrame->ebx, &pRegFrame->ecx, &pRegFrame->edx);
1859 Log(("Emulate: CPUID %x -> %08x %08x %08x %08x\n", iLeaf, pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx));
1860 return VINF_SUCCESS;
1861}
1862
1863
1864/**
1865 * CPUID Emulation.
1866 */
1867static int emInterpretCpuId(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1868{
1869 int rc = EMInterpretCpuId(pVM, pRegFrame);
1870 return rc;
1871}
1872
1873
1874/**
1875 * Interpret CRx read
1876 *
1877 * @returns VBox status code.
1878 * @param pVM The VM handle.
1879 * @param pRegFrame The register frame.
1880 * @param DestRegGen General purpose register index (USE_REG_E**))
1881 * @param SrcRegCRx CRx register index (USE_REG_CR*)
1882 *
1883 */
1884VMMDECL(int) EMInterpretCRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegCrx)
1885{
1886 int rc;
1887 uint64_t val64;
1888
1889 if (SrcRegCrx == USE_REG_CR8)
1890 {
1891 val64 = 0;
1892 rc = PDMApicGetTPR(pVM, (uint8_t *)&val64, NULL);
1893 AssertMsgRCReturn(rc, ("PDMApicGetTPR failed\n"), VERR_EM_INTERPRETER);
1894 }
1895 else
1896 {
1897 rc = CPUMGetGuestCRx(pVM, SrcRegCrx, &val64);
1898 AssertMsgRCReturn(rc, ("CPUMGetGuestCRx %d failed\n", SrcRegCrx), VERR_EM_INTERPRETER);
1899 }
1900
1901 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
1902 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
1903 else
1904 rc = DISWriteReg32(pRegFrame, DestRegGen, val64);
1905
1906 if(VBOX_SUCCESS(rc))
1907 {
1908 LogFlow(("MOV_CR: gen32=%d CR=%d val=%VX64\n", DestRegGen, SrcRegCrx, val64));
1909 return VINF_SUCCESS;
1910 }
1911 return VERR_EM_INTERPRETER;
1912}
1913
1914
1915/**
1916 * Interpret LMSW
1917 *
1918 * @returns VBox status code.
1919 * @param pVM The VM handle.
1920 * @param u16Data LMSW source data.
1921 *
1922 */
1923VMMDECL(int) EMInterpretLMSW(PVM pVM, uint16_t u16Data)
1924{
1925 uint64_t OldCr0 = CPUMGetGuestCR0(pVM);
1926
1927 /* don't use this path to go into protected mode! */
1928 Assert(OldCr0 & X86_CR0_PE);
1929 if (!(OldCr0 & X86_CR0_PE))
1930 return VERR_EM_INTERPRETER;
1931
1932 /* Only PE, MP, EM and TS can be changed; note that PE can't be cleared by this instruction. */
1933 uint64_t NewCr0 = ( OldCr0 & ~( X86_CR0_MP | X86_CR0_EM | X86_CR0_TS))
1934 | (u16Data & (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS));
1935
1936 return CPUMSetGuestCR0(pVM, NewCr0);
1937}
1938
1939
1940/**
1941 * Interpret CLTS
1942 *
1943 * @returns VBox status code.
1944 * @param pVM The VM handle.
1945 *
1946 */
1947VMMDECL(int) EMInterpretCLTS(PVM pVM)
1948{
1949 uint64_t cr0 = CPUMGetGuestCR0(pVM);
1950 if (!(cr0 & X86_CR0_TS))
1951 return VINF_SUCCESS;
1952 return CPUMSetGuestCR0(pVM, cr0 & ~X86_CR0_TS);
1953}
1954
1955/**
1956 * CLTS Emulation.
1957 */
1958static int emInterpretClts(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1959{
1960 return EMInterpretCLTS(pVM);
1961}
1962
1963
1964/**
1965 * Interpret CRx write
1966 *
1967 * @returns VBox status code.
1968 * @param pVM The VM handle.
1969 * @param pRegFrame The register frame.
1970 * @param DestRegCRx CRx register index (USE_REG_CR*)
1971 * @param SrcRegGen General purpose register index (USE_REG_E**))
1972 *
1973 */
1974VMMDECL(int) EMInterpretCRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint32_t SrcRegGen)
1975{
1976 uint64_t val;
1977 uint64_t oldval;
1978 uint64_t msrEFER;
1979 int rc;
1980
1981 /** @todo Clean up this mess. */
1982 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
1983 {
1984 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
1985 }
1986 else
1987 {
1988 uint32_t val32;
1989 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
1990 val = val32;
1991 }
1992
1993 if (VBOX_SUCCESS(rc))
1994 {
1995 LogFlow(("EMInterpretCRxWrite at %VGv CR%d <- %VX64\n", pRegFrame->rip, DestRegCrx, val));
1996 switch (DestRegCrx)
1997 {
1998 case USE_REG_CR0:
1999 oldval = CPUMGetGuestCR0(pVM);
2000#ifdef IN_GC
2001 /* CR0.WP and CR0.AM changes require a reschedule run in ring 3. */
2002 if ( (val & (X86_CR0_WP | X86_CR0_AM))
2003 != (oldval & (X86_CR0_WP | X86_CR0_AM)))
2004 return VERR_EM_INTERPRETER;
2005#endif
2006 CPUMSetGuestCR0(pVM, val);
2007 val = CPUMGetGuestCR0(pVM);
2008 if ( (oldval & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE))
2009 != (val & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE)))
2010 {
2011 /* global flush */
2012 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
2013 AssertRCReturn(rc, rc);
2014 }
2015
2016 /* Deal with long mode enabling/disabling. */
2017 msrEFER = CPUMGetGuestEFER(pVM);
2018 if (msrEFER & MSR_K6_EFER_LME)
2019 {
2020 if ( !(oldval & X86_CR0_PG)
2021 && (val & X86_CR0_PG))
2022 {
2023 /* Illegal to have an active 64 bits CS selector (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2024 if (pRegFrame->csHid.Attr.n.u1Long)
2025 {
2026 AssertMsgFailed(("Illegal enabling of paging with CS.u1Long = 1!!\n"));
2027 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2028 }
2029
2030 /* Illegal to switch to long mode before activating PAE first (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2031 if (!(CPUMGetGuestCR4(pVM) & X86_CR4_PAE))
2032 {
2033 AssertMsgFailed(("Illegal enabling of paging with PAE disabled!!\n"));
2034 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2035 }
2036 msrEFER |= MSR_K6_EFER_LMA;
2037 }
2038 else
2039 if ( (oldval & X86_CR0_PG)
2040 && !(val & X86_CR0_PG))
2041 {
2042 msrEFER &= ~MSR_K6_EFER_LMA;
2043 /* @todo Do we need to cut off rip here? High dword of rip is undefined, so it shouldn't really matter. */
2044 }
2045 CPUMSetGuestEFER(pVM, msrEFER);
2046 }
2047 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), CPUMGetGuestEFER(pVM));
2048
2049 case USE_REG_CR2:
2050 rc = CPUMSetGuestCR2(pVM, val); AssertRC(rc);
2051 return VINF_SUCCESS;
2052
2053 case USE_REG_CR3:
2054 /* Reloading the current CR3 means the guest just wants to flush the TLBs */
2055 rc = CPUMSetGuestCR3(pVM, val); AssertRC(rc);
2056 if (CPUMGetGuestCR0(pVM) & X86_CR0_PG)
2057 {
2058 /* flush */
2059 rc = PGMFlushTLB(pVM, val, !(CPUMGetGuestCR4(pVM) & X86_CR4_PGE));
2060 AssertRCReturn(rc, rc);
2061 }
2062 return VINF_SUCCESS;
2063
2064 case USE_REG_CR4:
2065 oldval = CPUMGetGuestCR4(pVM);
2066 rc = CPUMSetGuestCR4(pVM, val); AssertRC(rc);
2067 val = CPUMGetGuestCR4(pVM);
2068
2069 msrEFER = CPUMGetGuestEFER(pVM);
2070 /* Illegal to disable PAE when long mode is active. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2071 if ( (msrEFER & MSR_K6_EFER_LMA)
2072 && (oldval & X86_CR4_PAE)
2073 && !(val & X86_CR4_PAE))
2074 {
2075 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2076 }
2077
2078 if ( (oldval & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE))
2079 != (val & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE)))
2080 {
2081 /* global flush */
2082 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
2083 AssertRCReturn(rc, rc);
2084 }
2085# ifdef IN_GC
2086 /* Feeling extremely lazy. */
2087 if ( (oldval & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME))
2088 != (val & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME)))
2089 {
2090 Log(("emInterpretMovCRx: CR4: %#RX64->%#RX64 => R3\n", oldval, val));
2091 VM_FF_SET(pVM, VM_FF_TO_R3);
2092 }
2093# endif
2094 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), CPUMGetGuestEFER(pVM));
2095
2096 case USE_REG_CR8:
2097 return PDMApicSetTPR(pVM, val);
2098
2099 default:
2100 AssertFailed();
2101 case USE_REG_CR1: /* illegal op */
2102 break;
2103 }
2104 }
2105 return VERR_EM_INTERPRETER;
2106}
2107
2108
2109/**
2110 * MOV CRx
2111 */
2112static int emInterpretMovCRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2113{
2114 if ((pCpu->param1.flags == USE_REG_GEN32 || pCpu->param1.flags == USE_REG_GEN64) && pCpu->param2.flags == USE_REG_CR)
2115 return EMInterpretCRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen, pCpu->param2.base.reg_ctrl);
2116
2117 if (pCpu->param1.flags == USE_REG_CR && (pCpu->param2.flags == USE_REG_GEN32 || pCpu->param2.flags == USE_REG_GEN64))
2118 return EMInterpretCRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_ctrl, pCpu->param2.base.reg_gen);
2119
2120 AssertMsgFailedReturn(("Unexpected control register move\n"), VERR_EM_INTERPRETER);
2121 return VERR_EM_INTERPRETER;
2122}
2123
2124
2125/**
2126 * Interpret DRx write
2127 *
2128 * @returns VBox status code.
2129 * @param pVM The VM handle.
2130 * @param pRegFrame The register frame.
2131 * @param DestRegDRx DRx register index (USE_REG_DR*)
2132 * @param SrcRegGen General purpose register index (USE_REG_E**))
2133 *
2134 */
2135VMMDECL(int) EMInterpretDRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegDrx, uint32_t SrcRegGen)
2136{
2137 uint64_t val;
2138 int rc;
2139
2140 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2141 {
2142 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2143 }
2144 else
2145 {
2146 uint32_t val32;
2147 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2148 val = val32;
2149 }
2150
2151 if (RT_SUCCESS(rc))
2152 {
2153 /** @todo we don't fail if illegal bits are set/cleared for e.g. dr7 */
2154 rc = CPUMSetGuestDRx(pVM, DestRegDrx, val);
2155 if (RT_SUCCESS(rc))
2156 return rc;
2157 AssertMsgFailed(("CPUMSetGuestDRx %d failed\n", DestRegDrx));
2158 }
2159 return VERR_EM_INTERPRETER;
2160}
2161
2162
2163/**
2164 * Interpret DRx read
2165 *
2166 * @returns VBox status code.
2167 * @param pVM The VM handle.
2168 * @param pRegFrame The register frame.
2169 * @param DestRegGen General purpose register index (USE_REG_E**))
2170 * @param SrcRegDRx DRx register index (USE_REG_DR*)
2171 *
2172 */
2173VMMDECL(int) EMInterpretDRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegDrx)
2174{
2175 uint64_t val64;
2176
2177 int rc = CPUMGetGuestDRx(pVM, SrcRegDrx, &val64);
2178 AssertMsgRCReturn(rc, ("CPUMGetGuestDRx %d failed\n", SrcRegDrx), VERR_EM_INTERPRETER);
2179 if (CPUMIsGuestIn64BitCode(pVM, pRegFrame))
2180 {
2181 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2182 }
2183 else
2184 rc = DISWriteReg32(pRegFrame, DestRegGen, (uint32_t)val64);
2185
2186 if (VBOX_SUCCESS(rc))
2187 return VINF_SUCCESS;
2188
2189 return VERR_EM_INTERPRETER;
2190}
2191
2192
2193/**
2194 * MOV DRx
2195 */
2196static int emInterpretMovDRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2197{
2198 int rc = VERR_EM_INTERPRETER;
2199
2200 if((pCpu->param1.flags == USE_REG_GEN32 || pCpu->param1.flags == USE_REG_GEN64) && pCpu->param2.flags == USE_REG_DBG)
2201 {
2202 rc = EMInterpretDRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen, pCpu->param2.base.reg_dbg);
2203 }
2204 else
2205 if(pCpu->param1.flags == USE_REG_DBG && (pCpu->param2.flags == USE_REG_GEN32 || pCpu->param2.flags == USE_REG_GEN64))
2206 {
2207 rc = EMInterpretDRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_dbg, pCpu->param2.base.reg_gen);
2208 }
2209 else
2210 AssertMsgFailed(("Unexpected debug register move\n"));
2211
2212 return rc;
2213}
2214
2215
2216/**
2217 * LLDT Emulation.
2218 */
2219static int emInterpretLLdt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2220{
2221 OP_PARAMVAL param1;
2222 RTSEL sel;
2223
2224 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2225 if(VBOX_FAILURE(rc))
2226 return VERR_EM_INTERPRETER;
2227
2228 switch(param1.type)
2229 {
2230 case PARMTYPE_ADDRESS:
2231 return VERR_EM_INTERPRETER; //feeling lazy right now
2232
2233 case PARMTYPE_IMMEDIATE:
2234 if(!(param1.flags & PARAM_VAL16))
2235 return VERR_EM_INTERPRETER;
2236 sel = (RTSEL)param1.val.val16;
2237 break;
2238
2239 default:
2240 return VERR_EM_INTERPRETER;
2241 }
2242
2243 if (sel == 0)
2244 {
2245 if (CPUMGetHyperLDTR(pVM) == 0)
2246 {
2247 // this simple case is most frequent in Windows 2000 (31k - boot & shutdown)
2248 return VINF_SUCCESS;
2249 }
2250 }
2251 //still feeling lazy
2252 return VERR_EM_INTERPRETER;
2253}
2254
2255#ifdef IN_RING0
2256/**
2257 * LIDT/LGDT Emulation.
2258 */
2259static int emInterpretLIGdt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2260{
2261 OP_PARAMVAL param1;
2262 RTGCPTR pParam1;
2263 X86XDTR32 dtr32;
2264
2265 Log(("Emulate %s at %VGv\n", emGetMnemonic(pCpu), pRegFrame->rip));
2266
2267 /* Only for the VT-x real-mode emulation case. */
2268 if (!CPUMIsGuestInRealMode(pVM))
2269 return VERR_EM_INTERPRETER;
2270
2271 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
2272 if(VBOX_FAILURE(rc))
2273 return VERR_EM_INTERPRETER;
2274
2275 switch(param1.type)
2276 {
2277 case PARMTYPE_ADDRESS:
2278 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, param1.val.val16);
2279 break;
2280
2281 default:
2282 return VERR_EM_INTERPRETER;
2283 }
2284
2285 rc = emRamRead(pVM, &dtr32, pParam1, sizeof(dtr32));
2286 AssertRCReturn(rc, VERR_EM_INTERPRETER);
2287
2288 if (!(pCpu->prefix & PREFIX_OPSIZE))
2289 dtr32.uAddr &= 0xffffff; /* 16 bits operand size */
2290
2291 if (pCpu->pCurInstr->opcode == OP_LIDT)
2292 CPUMSetGuestIDTR(pVM, dtr32.uAddr, dtr32.cb);
2293 else
2294 CPUMSetGuestGDTR(pVM, dtr32.uAddr, dtr32.cb);
2295
2296 return VINF_SUCCESS;
2297}
2298#endif
2299
2300
2301#ifdef IN_GC
2302/**
2303 * STI Emulation.
2304 *
2305 * @remark the instruction following sti is guaranteed to be executed before any interrupts are dispatched
2306 */
2307static int emInterpretSti(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2308{
2309 PPATMGCSTATE pGCState = PATMQueryGCState(pVM);
2310
2311 if(!pGCState)
2312 {
2313 Assert(pGCState);
2314 return VERR_EM_INTERPRETER;
2315 }
2316 pGCState->uVMFlags |= X86_EFL_IF;
2317
2318 Assert(pRegFrame->eflags.u32 & X86_EFL_IF);
2319 Assert(pvFault == SELMToFlat(pVM, DIS_SELREG_CS, pRegFrame, (RTGCPTR)pRegFrame->rip));
2320
2321 pVM->em.s.GCPtrInhibitInterrupts = pRegFrame->eip + pCpu->opsize;
2322 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
2323
2324 return VINF_SUCCESS;
2325}
2326#endif /* IN_GC */
2327
2328
2329/**
2330 * HLT Emulation.
2331 */
2332static int emInterpretHlt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2333{
2334 return VINF_EM_HALT;
2335}
2336
2337
2338/**
2339 * Interpret RDTSC
2340 *
2341 * @returns VBox status code.
2342 * @param pVM The VM handle.
2343 * @param pRegFrame The register frame.
2344 *
2345 */
2346VMMDECL(int) EMInterpretRdtsc(PVM pVM, PCPUMCTXCORE pRegFrame)
2347{
2348 unsigned uCR4 = CPUMGetGuestCR4(pVM);
2349
2350 if (uCR4 & X86_CR4_TSD)
2351 return VERR_EM_INTERPRETER; /* genuine #GP */
2352
2353 uint64_t uTicks = TMCpuTickGet(pVM);
2354
2355 /* Same behaviour in 32 & 64 bits mode */
2356 pRegFrame->eax = uTicks;
2357 pRegFrame->edx = (uTicks >> 32ULL);
2358
2359 return VINF_SUCCESS;
2360}
2361
2362
2363/**
2364 * RDTSC Emulation.
2365 */
2366static int emInterpretRdtsc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2367{
2368 return EMInterpretRdtsc(pVM, pRegFrame);
2369}
2370
2371
2372/**
2373 * MONITOR Emulation.
2374 */
2375static int emInterpretMonitor(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2376{
2377 uint32_t u32Dummy, u32ExtFeatures, cpl;
2378
2379 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
2380 if (pRegFrame->ecx != 0)
2381 return VERR_EM_INTERPRETER; /* illegal value. */
2382
2383 /* Get the current privilege level. */
2384 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2385 if (cpl != 0)
2386 return VERR_EM_INTERPRETER; /* supervisor only */
2387
2388 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2389 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2390 return VERR_EM_INTERPRETER; /* not supported */
2391
2392 return VINF_SUCCESS;
2393}
2394
2395
2396/**
2397 * MWAIT Emulation.
2398 */
2399static int emInterpretMWait(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2400{
2401 uint32_t u32Dummy, u32ExtFeatures, cpl;
2402
2403 Assert(pCpu->mode != CPUMODE_64BIT); /** @todo check */
2404 if (pRegFrame->ecx != 0)
2405 return VERR_EM_INTERPRETER; /* illegal value. */
2406
2407 /* Get the current privilege level. */
2408 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2409 if (cpl != 0)
2410 return VERR_EM_INTERPRETER; /* supervisor only */
2411
2412 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2413 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2414 return VERR_EM_INTERPRETER; /* not supported */
2415
2416 /** @todo not completely correct */
2417 return VINF_EM_HALT;
2418}
2419
2420
2421#ifdef LOG_ENABLED
2422static const char *emMSRtoString(uint32_t uMsr)
2423{
2424 switch (uMsr)
2425 {
2426 case MSR_IA32_APICBASE:
2427 return "MSR_IA32_APICBASE";
2428 case MSR_IA32_CR_PAT:
2429 return "MSR_IA32_CR_PAT";
2430 case MSR_IA32_SYSENTER_CS:
2431 return "MSR_IA32_SYSENTER_CS";
2432 case MSR_IA32_SYSENTER_EIP:
2433 return "MSR_IA32_SYSENTER_EIP";
2434 case MSR_IA32_SYSENTER_ESP:
2435 return "MSR_IA32_SYSENTER_ESP";
2436 case MSR_K6_EFER:
2437 return "MSR_K6_EFER";
2438 case MSR_K8_SF_MASK:
2439 return "MSR_K8_SF_MASK";
2440 case MSR_K6_STAR:
2441 return "MSR_K6_STAR";
2442 case MSR_K8_LSTAR:
2443 return "MSR_K8_LSTAR";
2444 case MSR_K8_CSTAR:
2445 return "MSR_K8_CSTAR";
2446 case MSR_K8_FS_BASE:
2447 return "MSR_K8_FS_BASE";
2448 case MSR_K8_GS_BASE:
2449 return "MSR_K8_GS_BASE";
2450 case MSR_K8_KERNEL_GS_BASE:
2451 return "MSR_K8_KERNEL_GS_BASE";
2452 case MSR_IA32_BIOS_SIGN_ID:
2453 return "Unsupported MSR_IA32_BIOS_SIGN_ID";
2454 case MSR_IA32_PLATFORM_ID:
2455 return "Unsupported MSR_IA32_PLATFORM_ID";
2456 case MSR_IA32_BIOS_UPDT_TRIG:
2457 return "Unsupported MSR_IA32_BIOS_UPDT_TRIG";
2458 case MSR_IA32_TSC:
2459 return "Unsupported MSR_IA32_TSC";
2460 case MSR_IA32_MTRR_CAP:
2461 return "Unsupported MSR_IA32_MTRR_CAP";
2462 case MSR_IA32_MCP_CAP:
2463 return "Unsupported MSR_IA32_MCP_CAP";
2464 case MSR_IA32_MCP_STATUS:
2465 return "Unsupported MSR_IA32_MCP_STATUS";
2466 case MSR_IA32_MCP_CTRL:
2467 return "Unsupported MSR_IA32_MCP_CTRL";
2468 case MSR_IA32_MTRR_DEF_TYPE:
2469 return "Unsupported MSR_IA32_MTRR_DEF_TYPE";
2470 case MSR_K7_EVNTSEL0:
2471 return "Unsupported MSR_K7_EVNTSEL0";
2472 case MSR_K7_EVNTSEL1:
2473 return "Unsupported MSR_K7_EVNTSEL1";
2474 case MSR_K7_EVNTSEL2:
2475 return "Unsupported MSR_K7_EVNTSEL2";
2476 case MSR_K7_EVNTSEL3:
2477 return "Unsupported MSR_K7_EVNTSEL3";
2478 case MSR_IA32_MC0_CTL:
2479 return "Unsupported MSR_IA32_MC0_CTL";
2480 case MSR_IA32_MC0_STATUS:
2481 return "Unsupported MSR_IA32_MC0_STATUS";
2482 }
2483 return "Unknown MSR";
2484}
2485#endif /* LOG_ENABLED */
2486
2487
2488/**
2489 * Interpret RDMSR
2490 *
2491 * @returns VBox status code.
2492 * @param pVM The VM handle.
2493 * @param pRegFrame The register frame.
2494 *
2495 */
2496VMMDECL(int) EMInterpretRdmsr(PVM pVM, PCPUMCTXCORE pRegFrame)
2497{
2498 uint32_t u32Dummy, u32Features, cpl;
2499 uint64_t val;
2500 CPUMCTX *pCtx;
2501 int rc;
2502
2503 /** @todo According to the Intel manuals, there's a REX version of RDMSR that is slightly different.
2504 * That version clears the high dwords of both RDX & RAX */
2505 rc = CPUMQueryGuestCtxPtr(pVM, &pCtx);
2506 AssertRC(rc);
2507
2508 /* Get the current privilege level. */
2509 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2510 if (cpl != 0)
2511 return VERR_EM_INTERPRETER; /* supervisor only */
2512
2513 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2514 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2515 return VERR_EM_INTERPRETER; /* not supported */
2516
2517 switch (pRegFrame->ecx)
2518 {
2519 case MSR_IA32_APICBASE:
2520 rc = PDMApicGetBase(pVM, &val);
2521 AssertRC(rc);
2522 break;
2523
2524 case MSR_IA32_CR_PAT:
2525 val = pCtx->msrPAT;
2526 break;
2527
2528 case MSR_IA32_SYSENTER_CS:
2529 val = pCtx->SysEnter.cs;
2530 break;
2531
2532 case MSR_IA32_SYSENTER_EIP:
2533 val = pCtx->SysEnter.eip;
2534 break;
2535
2536 case MSR_IA32_SYSENTER_ESP:
2537 val = pCtx->SysEnter.esp;
2538 break;
2539
2540 case MSR_K6_EFER:
2541 val = pCtx->msrEFER;
2542 break;
2543
2544 case MSR_K8_SF_MASK:
2545 val = pCtx->msrSFMASK;
2546 break;
2547
2548 case MSR_K6_STAR:
2549 val = pCtx->msrSTAR;
2550 break;
2551
2552 case MSR_K8_LSTAR:
2553 val = pCtx->msrLSTAR;
2554 break;
2555
2556 case MSR_K8_CSTAR:
2557 val = pCtx->msrCSTAR;
2558 break;
2559
2560 case MSR_K8_FS_BASE:
2561 val = pCtx->fsHid.u64Base;
2562 break;
2563
2564 case MSR_K8_GS_BASE:
2565 val = pCtx->gsHid.u64Base;
2566 break;
2567
2568 case MSR_K8_KERNEL_GS_BASE:
2569 val = pCtx->msrKERNELGSBASE;
2570 break;
2571
2572#if 0 /*def IN_RING0 */
2573 case MSR_IA32_PLATFORM_ID:
2574 case MSR_IA32_BIOS_SIGN_ID:
2575 if (CPUMGetCPUVendor(pVM) == CPUMCPUVENDOR_INTEL)
2576 {
2577 /* Available since the P6 family. VT-x implies that this feature is present. */
2578 if (pRegFrame->ecx == MSR_IA32_PLATFORM_ID)
2579 val = ASMRdMsr(MSR_IA32_PLATFORM_ID);
2580 else
2581 if (pRegFrame->ecx == MSR_IA32_BIOS_SIGN_ID)
2582 val = ASMRdMsr(MSR_IA32_BIOS_SIGN_ID);
2583 break;
2584 }
2585 /* no break */
2586#endif
2587 default:
2588 /* In X2APIC specification this range is reserved for APIC control. */
2589 if ((pRegFrame->ecx >= MSR_IA32_APIC_START) && (pRegFrame->ecx < MSR_IA32_APIC_END))
2590 rc = PDMApicReadMSR(pVM, VMMGetCpuId(pVM), pRegFrame->ecx, &val);
2591 else
2592 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
2593 val = 0;
2594 break;
2595 }
2596 Log(("EMInterpretRdmsr %s (%x) -> val=%VX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2597 if (rc == VINF_SUCCESS)
2598 {
2599 pRegFrame->eax = (uint32_t) val;
2600 pRegFrame->edx = (uint32_t) (val >> 32ULL);
2601 }
2602 return rc;
2603}
2604
2605
2606/**
2607 * RDMSR Emulation.
2608 */
2609static int emInterpretRdmsr(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2610{
2611 /* Note: the intel manual claims there's a REX version of RDMSR that's slightly different, so we play safe by completely disassembling the instruction. */
2612 Assert(!(pCpu->prefix & PREFIX_REX));
2613 return EMInterpretRdmsr(pVM, pRegFrame);
2614}
2615
2616
2617/**
2618 * Interpret WRMSR
2619 *
2620 * @returns VBox status code.
2621 * @param pVM The VM handle.
2622 * @param pRegFrame The register frame.
2623 */
2624VMMDECL(int) EMInterpretWrmsr(PVM pVM, PCPUMCTXCORE pRegFrame)
2625{
2626 uint32_t u32Dummy, u32Features, cpl;
2627 uint64_t val;
2628 CPUMCTX *pCtx;
2629 int rc;
2630
2631 /* Note: works the same in 32 and 64 bits modes. */
2632 rc = CPUMQueryGuestCtxPtr(pVM, &pCtx);
2633 AssertRC(rc);
2634
2635 /* Get the current privilege level. */
2636 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2637 if (cpl != 0)
2638 return VERR_EM_INTERPRETER; /* supervisor only */
2639
2640 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2641 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2642 return VERR_EM_INTERPRETER; /* not supported */
2643
2644 val = (uint64_t)pRegFrame->eax | ((uint64_t)pRegFrame->edx << 32ULL);
2645 Log(("EMInterpretWrmsr %s (%x) val=%VX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2646 switch (pRegFrame->ecx)
2647 {
2648 case MSR_IA32_APICBASE:
2649 rc = PDMApicSetBase(pVM, val);
2650 AssertRC(rc);
2651 break;
2652
2653 case MSR_IA32_CR_PAT:
2654 pCtx->msrPAT = val;
2655 break;
2656
2657 case MSR_IA32_SYSENTER_CS:
2658 pCtx->SysEnter.cs = val & 0xffff; /* 16 bits selector */
2659 break;
2660
2661 case MSR_IA32_SYSENTER_EIP:
2662 pCtx->SysEnter.eip = val;
2663 break;
2664
2665 case MSR_IA32_SYSENTER_ESP:
2666 pCtx->SysEnter.esp = val;
2667 break;
2668
2669 case MSR_K6_EFER:
2670 {
2671 uint64_t uMask = 0;
2672 uint64_t oldval = pCtx->msrEFER;
2673
2674 /* Filter out those bits the guest is allowed to change. (e.g. LMA is read-only) */
2675 CPUMGetGuestCpuId(pVM, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2676 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_NX)
2677 uMask |= MSR_K6_EFER_NXE;
2678 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_LONG_MODE)
2679 uMask |= MSR_K6_EFER_LME;
2680 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_SEP)
2681 uMask |= MSR_K6_EFER_SCE;
2682 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_FFXSR)
2683 uMask |= MSR_K6_EFER_FFXSR;
2684
2685 /* Check for illegal MSR_K6_EFER_LME transitions: not allowed to change LME if paging is enabled. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2686 if ( ((pCtx->msrEFER & MSR_K6_EFER_LME) != (val & uMask & MSR_K6_EFER_LME))
2687 && (pCtx->cr0 & X86_CR0_PG))
2688 {
2689 AssertMsgFailed(("Illegal MSR_K6_EFER_LME change: paging is enabled!!\n"));
2690 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2691 }
2692
2693 /* There are a few more: e.g. MSR_K6_EFER_LMSLE */
2694 AssertMsg(!(val & ~(MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA /* ignored anyway */ |MSR_K6_EFER_SCE|MSR_K6_EFER_FFXSR)), ("Unexpected value %RX64\n", val));
2695 pCtx->msrEFER = (pCtx->msrEFER & ~uMask) | (val & uMask);
2696
2697 /* AMD64 Achitecture Programmer's Manual: 15.15 TLB Control; flush the TLB if MSR_K6_EFER_NXE, MSR_K6_EFER_LME or MSR_K6_EFER_LMA are changed. */
2698 if ((oldval & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)) != (pCtx->msrEFER & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)))
2699 HWACCMFlushTLB(pVM);
2700
2701 break;
2702 }
2703
2704 case MSR_K8_SF_MASK:
2705 pCtx->msrSFMASK = val;
2706 break;
2707
2708 case MSR_K6_STAR:
2709 pCtx->msrSTAR = val;
2710 break;
2711
2712 case MSR_K8_LSTAR:
2713 pCtx->msrLSTAR = val;
2714 break;
2715
2716 case MSR_K8_CSTAR:
2717 pCtx->msrCSTAR = val;
2718 break;
2719
2720 case MSR_K8_FS_BASE:
2721 pCtx->fsHid.u64Base = val;
2722 break;
2723
2724 case MSR_K8_GS_BASE:
2725 pCtx->gsHid.u64Base = val;
2726 break;
2727
2728 case MSR_K8_KERNEL_GS_BASE:
2729 pCtx->msrKERNELGSBASE = val;
2730 break;
2731
2732 default:
2733 /* In X2APIC specification this range is reserved for APIC control. */
2734 if ((pRegFrame->ecx >= MSR_IA32_APIC_START) && (pRegFrame->ecx < MSR_IA32_APIC_END))
2735 return PDMApicWriteMSR(pVM, VMMGetCpuId(pVM), pRegFrame->ecx, val);
2736
2737 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
2738 break;
2739 }
2740 return VINF_SUCCESS;
2741}
2742
2743
2744/**
2745 * WRMSR Emulation.
2746 */
2747static int emInterpretWrmsr(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2748{
2749 return EMInterpretWrmsr(pVM, pRegFrame);
2750}
2751
2752
2753/**
2754 * Internal worker.
2755 * @copydoc EMInterpretInstructionCPU
2756 */
2757DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2758{
2759 Assert(pcbSize);
2760 *pcbSize = 0;
2761
2762 /*
2763 * Only supervisor guest code!!
2764 * And no complicated prefixes.
2765 */
2766 /* Get the current privilege level. */
2767 uint32_t cpl = CPUMGetGuestCPL(pVM, pRegFrame);
2768 if ( cpl != 0
2769 && pCpu->pCurInstr->opcode != OP_RDTSC) /* rdtsc requires emulation in ring 3 as well */
2770 {
2771 Log(("WARNING: refusing instruction emulation for user-mode code!!\n"));
2772 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedUserMode));
2773 return VERR_EM_INTERPRETER;
2774 }
2775
2776#ifdef IN_GC
2777 if ( (pCpu->prefix & (PREFIX_REPNE | PREFIX_REP))
2778 || ( (pCpu->prefix & PREFIX_LOCK)
2779 && pCpu->pCurInstr->opcode != OP_CMPXCHG
2780 && pCpu->pCurInstr->opcode != OP_CMPXCHG8B
2781 && pCpu->pCurInstr->opcode != OP_XADD
2782 && pCpu->pCurInstr->opcode != OP_OR
2783 && pCpu->pCurInstr->opcode != OP_BTR
2784 )
2785 )
2786#else
2787 if ( (pCpu->prefix & PREFIX_REPNE)
2788 || ( (pCpu->prefix & PREFIX_REP)
2789 && pCpu->pCurInstr->opcode != OP_STOSWD
2790 )
2791 || ( (pCpu->prefix & PREFIX_LOCK)
2792 && pCpu->pCurInstr->opcode != OP_OR
2793 && pCpu->pCurInstr->opcode != OP_BTR
2794 )
2795 )
2796#endif
2797 {
2798 //Log(("EMInterpretInstruction: wrong prefix!!\n"));
2799 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedPrefix));
2800 return VERR_EM_INTERPRETER;
2801 }
2802
2803 int rc;
2804#if (defined(VBOX_STRICT) || defined(LOG_ENABLED))
2805 LogFlow(("emInterpretInstructionCPU %s\n", emGetMnemonic(pCpu)));
2806#endif
2807 switch (pCpu->pCurInstr->opcode)
2808 {
2809# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
2810 case opcode:\
2811 if (pCpu->prefix & PREFIX_LOCK) \
2812 rc = emInterpretLock##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulateLock); \
2813 else \
2814 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
2815 if (VBOX_SUCCESS(rc)) \
2816 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2817 else \
2818 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2819 return rc
2820#define INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate) \
2821 case opcode:\
2822 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
2823 if (VBOX_SUCCESS(rc)) \
2824 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2825 else \
2826 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2827 return rc
2828
2829#define INTERPRET_CASE_EX_PARAM2(opcode, Instr, InstrFn, pfnEmulate) \
2830 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
2831#define INTERPRET_CASE_EX_LOCK_PARAM2(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
2832 INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock)
2833
2834#define INTERPRET_CASE(opcode, Instr) \
2835 case opcode:\
2836 rc = emInterpret##Instr(pVM, pCpu, pRegFrame, pvFault, pcbSize); \
2837 if (VBOX_SUCCESS(rc)) \
2838 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2839 else \
2840 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2841 return rc
2842
2843#define INTERPRET_CASE_EX_DUAL_PARAM2(opcode, Instr, InstrFn) \
2844 case opcode:\
2845 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize); \
2846 if (VBOX_SUCCESS(rc)) \
2847 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
2848 else \
2849 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
2850 return rc
2851
2852#define INTERPRET_STAT_CASE(opcode, Instr) \
2853 case opcode: STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); return VERR_EM_INTERPRETER;
2854
2855 INTERPRET_CASE(OP_XCHG,Xchg);
2856 INTERPRET_CASE_EX_PARAM2(OP_DEC,Dec, IncDec, EMEmulateDec);
2857 INTERPRET_CASE_EX_PARAM2(OP_INC,Inc, IncDec, EMEmulateInc);
2858 INTERPRET_CASE(OP_POP,Pop);
2859 INTERPRET_CASE_EX_LOCK_PARAM3(OP_OR, Or, OrXorAnd, EMEmulateOr, EMEmulateLockOr);
2860 INTERPRET_CASE_EX_PARAM3(OP_XOR,Xor, OrXorAnd, EMEmulateXor);
2861 INTERPRET_CASE_EX_PARAM3(OP_AND,And, OrXorAnd, EMEmulateAnd);
2862 INTERPRET_CASE(OP_MOV,Mov);
2863#ifndef IN_GC
2864 INTERPRET_CASE(OP_STOSWD,StosWD);
2865#endif
2866 INTERPRET_CASE(OP_INVLPG,InvlPg);
2867 INTERPRET_CASE(OP_CPUID,CpuId);
2868 INTERPRET_CASE(OP_MOV_CR,MovCRx);
2869 INTERPRET_CASE(OP_MOV_DR,MovDRx);
2870 INTERPRET_CASE(OP_LLDT,LLdt);
2871#ifdef IN_RING0
2872 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LIDT, LIdt, LIGdt);
2873 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LGDT, LGdt, LIGdt);
2874#endif
2875 INTERPRET_CASE(OP_CLTS,Clts);
2876 INTERPRET_CASE(OP_MONITOR, Monitor);
2877 INTERPRET_CASE(OP_MWAIT, MWait);
2878 INTERPRET_CASE(OP_RDMSR, Rdmsr);
2879 INTERPRET_CASE(OP_WRMSR, Wrmsr);
2880 INTERPRET_CASE_EX_PARAM3(OP_ADD,Add, AddSub, EMEmulateAdd);
2881 INTERPRET_CASE_EX_PARAM3(OP_SUB,Sub, AddSub, EMEmulateSub);
2882 INTERPRET_CASE(OP_ADC,Adc);
2883 INTERPRET_CASE_EX_LOCK_PARAM2(OP_BTR,Btr, BitTest, EMEmulateBtr, EMEmulateLockBtr);
2884 INTERPRET_CASE_EX_PARAM2(OP_BTS,Bts, BitTest, EMEmulateBts);
2885 INTERPRET_CASE_EX_PARAM2(OP_BTC,Btc, BitTest, EMEmulateBtc);
2886 INTERPRET_CASE(OP_RDTSC,Rdtsc);
2887 INTERPRET_CASE(OP_CMPXCHG, CmpXchg);
2888#ifdef IN_GC
2889 INTERPRET_CASE(OP_STI,Sti);
2890 INTERPRET_CASE(OP_CMPXCHG8B, CmpXchg8b);
2891 INTERPRET_CASE(OP_XADD, XAdd);
2892#endif
2893 INTERPRET_CASE(OP_HLT,Hlt);
2894 INTERPRET_CASE(OP_IRET,Iret);
2895 INTERPRET_CASE(OP_WBINVD,WbInvd);
2896#ifdef VBOX_WITH_STATISTICS
2897#ifndef IN_GC
2898 INTERPRET_STAT_CASE(OP_CMPXCHG8B, CmpXchg8b);
2899 INTERPRET_STAT_CASE(OP_XADD, XAdd);
2900#endif
2901 INTERPRET_STAT_CASE(OP_MOVNTPS,MovNTPS);
2902#endif
2903 default:
2904 Log3(("emInterpretInstructionCPU: opcode=%d\n", pCpu->pCurInstr->opcode));
2905 STAM_COUNTER_INC(&pVM->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedMisc));
2906 return VERR_EM_INTERPRETER;
2907#undef INTERPRET_CASE_EX_PARAM2
2908#undef INTERPRET_STAT_CASE
2909#undef INTERPRET_CASE_EX
2910#undef INTERPRET_CASE
2911 }
2912 AssertFailed();
2913 return VERR_INTERNAL_ERROR;
2914}
2915
2916
2917/**
2918 * Sets the PC for which interrupts should be inhibited.
2919 *
2920 * @param pVM The VM handle.
2921 * @param PC The PC.
2922 */
2923VMMDECL(void) EMSetInhibitInterruptsPC(PVM pVM, RTGCUINTPTR PC)
2924{
2925 pVM->em.s.GCPtrInhibitInterrupts = PC;
2926 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
2927}
2928
2929
2930/**
2931 * Gets the PC for which interrupts should be inhibited.
2932 *
2933 * There are a few instructions which inhibits or delays interrupts
2934 * for the instruction following them. These instructions are:
2935 * - STI
2936 * - MOV SS, r/m16
2937 * - POP SS
2938 *
2939 * @returns The PC for which interrupts should be inhibited.
2940 * @param pVM VM handle.
2941 *
2942 */
2943VMMDECL(RTGCUINTPTR) EMGetInhibitInterruptsPC(PVM pVM)
2944{
2945 return pVM->em.s.GCPtrInhibitInterrupts;
2946}
2947
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette