VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/EMAll.cpp@ 28563

Last change on this file since 28563 was 28563, checked in by vboxsync, 15 years ago

EMMAll: typo
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 118.5 KB
Line 
1/* $Id: EMAll.cpp 28563 2010-04-21 13:09:08Z vboxsync $ */
2/** @file
3 * EM - Execution Monitor(/Manager) - All contexts
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Header Files *
24*******************************************************************************/
25#define LOG_GROUP LOG_GROUP_EM
26#include <VBox/em.h>
27#include <VBox/mm.h>
28#include <VBox/selm.h>
29#include <VBox/patm.h>
30#include <VBox/csam.h>
31#include <VBox/pgm.h>
32#include <VBox/iom.h>
33#include <VBox/stam.h>
34#include "EMInternal.h"
35#include <VBox/vm.h>
36#include <VBox/vmm.h>
37#include <VBox/hwaccm.h>
38#include <VBox/tm.h>
39#include <VBox/pdmapi.h>
40
41#include <VBox/param.h>
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/log.h>
46#include <iprt/assert.h>
47#include <iprt/asm.h>
48#include <iprt/string.h>
49
50
51/*******************************************************************************
52* Defined Constants And Macros *
53*******************************************************************************/
54/** @def EM_ASSERT_FAULT_RETURN
55 * Safety check.
56 *
57 * Could in theory misfire on a cross page boundary access...
58 *
59 * Currently disabled because the CSAM (+ PATM) patch monitoring occasionally
60 * turns up an alias page instead of the original faulting one and annoying the
61 * heck out of anyone running a debug build. See @bugref{2609} and @bugref{1931}.
62 */
63#if 0
64# define EM_ASSERT_FAULT_RETURN(expr, rc) AssertReturn(expr, rc)
65#else
66# define EM_ASSERT_FAULT_RETURN(expr, rc) do { } while (0)
67#endif
68
69/* Used to pass information during instruction disassembly. */
70typedef struct
71{
72 PVM pVM;
73 PVMCPU pVCpu;
74 RTGCPTR GCPtr;
75 uint8_t aOpcode[8];
76} EMDISSTATE, *PEMDISSTATE;
77
78/*******************************************************************************
79* Internal Functions *
80*******************************************************************************/
81DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize, EMCODETYPE enmCodeType = EMCODETYPE_SUPERVISOR);
82
83
84
85/**
86 * Get the current execution manager status.
87 *
88 * @returns Current status.
89 * @param pVCpu The VMCPU to operate on.
90 */
91VMMDECL(EMSTATE) EMGetState(PVMCPU pVCpu)
92{
93 return pVCpu->em.s.enmState;
94}
95
96/**
97 * Sets the current execution manager status. (use only when you know what you're doing!)
98 *
99 * @param pVCpu The VMCPU to operate on.
100 */
101VMMDECL(void) EMSetState(PVMCPU pVCpu, EMSTATE enmNewState)
102{
103 /* Only allowed combination: */
104 Assert(pVCpu->em.s.enmState == EMSTATE_WAIT_SIPI && enmNewState == EMSTATE_HALTED);
105 pVCpu->em.s.enmState = enmNewState;
106}
107
108
109/**
110 * Read callback for disassembly function; supports reading bytes that cross a page boundary
111 *
112 * @returns VBox status code.
113 * @param pSrc GC source pointer
114 * @param pDest HC destination pointer
115 * @param cb Number of bytes to read
116 * @param dwUserdata Callback specific user data (pDis)
117 *
118 */
119DECLCALLBACK(int) EMReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned cb, void *pvUserdata)
120{
121 PDISCPUSTATE pDis = (PDISCPUSTATE)pvUserdata;
122 PEMDISSTATE pState = (PEMDISSTATE)pDis->apvUserData[0];
123 PVM pVM = pState->pVM;
124 PVMCPU pVCpu = pState->pVCpu;
125
126# ifdef IN_RING0
127 int rc;
128
129 if ( pState->GCPtr
130 && pSrc + cb <= pState->GCPtr + sizeof(pState->aOpcode))
131 {
132 unsigned offset = pSrc - pState->GCPtr;
133
134 Assert(pSrc >= pState->GCPtr);
135
136 for (unsigned i=0; i<cb; i++)
137 {
138 pDest[i] = pState->aOpcode[offset + i];
139 }
140 return VINF_SUCCESS;
141 }
142
143 rc = PGMPhysSimpleReadGCPtr(pVCpu, pDest, pSrc, cb);
144 AssertMsgRC(rc, ("PGMPhysSimpleReadGCPtr failed for pSrc=%RGv cb=%x rc=%d\n", pSrc, cb, rc));
145# elif defined(IN_RING3)
146 if (!PATMIsPatchGCAddr(pVM, pSrc))
147 {
148 int rc = PGMPhysSimpleReadGCPtr(pVCpu, pDest, pSrc, cb);
149 AssertRC(rc);
150 }
151 else
152 memcpy(pDest, PATMR3GCPtrToHCPtr(pVM, pSrc), cb);
153
154# elif defined(IN_RC)
155 if (!PATMIsPatchGCAddr(pVM, pSrc))
156 {
157 int rc = MMGCRamRead(pVM, pDest, (void *)(uintptr_t)pSrc, cb);
158 if (rc == VERR_ACCESS_DENIED)
159 {
160 /* Recently flushed; access the data manually. */
161 rc = PGMPhysSimpleReadGCPtr(pVCpu, pDest, pSrc, cb);
162 AssertRC(rc);
163 }
164 }
165 else /* the hypervisor region is always present. */
166 memcpy(pDest, (RTRCPTR)(uintptr_t)pSrc, cb);
167
168# endif /* IN_RING3 */
169 return VINF_SUCCESS;
170}
171
172
173#ifndef IN_RC
174DECLINLINE(int) emDisCoreOne(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
175{
176 EMDISSTATE State;
177
178 State.pVM = pVM;
179 State.pVCpu = pVCpu;
180 int rc = PGMPhysSimpleReadGCPtr(pVCpu, &State.aOpcode, InstrGC, sizeof(State.aOpcode));
181 if (RT_SUCCESS(rc))
182 {
183 State.GCPtr = InstrGC;
184 }
185 else
186 {
187 if (PAGE_ADDRESS(InstrGC) == PAGE_ADDRESS(InstrGC + sizeof(State.aOpcode) - 1))
188 {
189 if (rc == VERR_PAGE_TABLE_NOT_PRESENT)
190 HWACCMInvalidatePage(pVCpu, InstrGC);
191
192 Log(("emDisCoreOne: read failed with %d\n", rc));
193 return rc;
194 }
195 State.GCPtr = NIL_RTGCPTR;
196 }
197 return DISCoreOneEx(InstrGC, pDis->mode, EMReadBytes, &State, pDis, pOpsize);
198}
199
200#else /* IN_RC */
201
202DECLINLINE(int) emDisCoreOne(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
203{
204 EMDISSTATE State;
205
206 State.pVM = pVM;
207 State.pVCpu = pVCpu;
208 State.GCPtr = InstrGC;
209
210 return DISCoreOneEx(InstrGC, pDis->mode, EMReadBytes, &State, pDis, pOpsize);
211}
212
213#endif /* IN_RC */
214
215
216/**
217 * Disassembles one instruction.
218 *
219 * @returns VBox status code, see SELMToFlatEx and EMInterpretDisasOneEx for
220 * details.
221 * @retval VERR_INTERNAL_ERROR on DISCoreOneEx failure.
222 *
223 * @param pVM The VM handle.
224 * @param pVCpu The VMCPU handle.
225 * @param pCtxCore The context core (used for both the mode and instruction).
226 * @param pDis Where to return the parsed instruction info.
227 * @param pcbInstr Where to return the instruction size. (optional)
228 */
229VMMDECL(int) EMInterpretDisasOne(PVM pVM, PVMCPU pVCpu, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pDis, unsigned *pcbInstr)
230{
231 RTGCPTR GCPtrInstr;
232 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pCtxCore, pCtxCore->rip, 0, &GCPtrInstr);
233 if (RT_FAILURE(rc))
234 {
235 Log(("EMInterpretDisasOne: Failed to convert %RTsel:%RGv (cpl=%d) - rc=%Rrc !!\n",
236 pCtxCore->cs, (RTGCPTR)pCtxCore->rip, pCtxCore->ss & X86_SEL_RPL, rc));
237 return rc;
238 }
239 return EMInterpretDisasOneEx(pVM, pVCpu, (RTGCUINTPTR)GCPtrInstr, pCtxCore, pDis, pcbInstr);
240}
241
242
243/**
244 * Disassembles one instruction.
245 *
246 * This is used by internally by the interpreter and by trap/access handlers.
247 *
248 * @returns VBox status code.
249 * @retval VERR_INTERNAL_ERROR on DISCoreOneEx failure.
250 *
251 * @param pVM The VM handle.
252 * @param pVCpu The VMCPU handle.
253 * @param GCPtrInstr The flat address of the instruction.
254 * @param pCtxCore The context core (used to determine the cpu mode).
255 * @param pDis Where to return the parsed instruction info.
256 * @param pcbInstr Where to return the instruction size. (optional)
257 */
258VMMDECL(int) EMInterpretDisasOneEx(PVM pVM, PVMCPU pVCpu, RTGCUINTPTR GCPtrInstr, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pDis, unsigned *pcbInstr)
259{
260 int rc;
261 EMDISSTATE State;
262
263 State.pVM = pVM;
264 State.pVCpu = pVCpu;
265
266#ifdef IN_RC
267 State.GCPtr = GCPtrInstr;
268#else /* ring 0/3 */
269 rc = PGMPhysSimpleReadGCPtr(pVCpu, &State.aOpcode, GCPtrInstr, sizeof(State.aOpcode));
270 if (RT_SUCCESS(rc))
271 {
272 State.GCPtr = GCPtrInstr;
273 }
274 else
275 {
276 if (PAGE_ADDRESS(GCPtrInstr) == PAGE_ADDRESS(GCPtrInstr + sizeof(State.aOpcode) - 1))
277 {
278 if (rc == VERR_PAGE_TABLE_NOT_PRESENT)
279 HWACCMInvalidatePage(pVCpu, GCPtrInstr);
280
281 Log(("EMInterpretDisasOneEx: read failed with %d\n", rc));
282 return rc;
283 }
284 State.GCPtr = NIL_RTGCPTR;
285 }
286#endif
287
288 rc = DISCoreOneEx(GCPtrInstr, SELMGetCpuModeFromSelector(pVM, pCtxCore->eflags, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid),
289 EMReadBytes, &State,
290 pDis, pcbInstr);
291 if (RT_SUCCESS(rc))
292 return VINF_SUCCESS;
293 AssertMsgFailed(("DISCoreOne failed to GCPtrInstr=%RGv rc=%Rrc\n", GCPtrInstr, rc));
294 return VERR_INTERNAL_ERROR;
295}
296
297
298/**
299 * Interprets the current instruction.
300 *
301 * @returns VBox status code.
302 * @retval VINF_* Scheduling instructions.
303 * @retval VERR_EM_INTERPRETER Something we can't cope with.
304 * @retval VERR_* Fatal errors.
305 *
306 * @param pVM The VM handle.
307 * @param pVCpu The VMCPU handle.
308 * @param pRegFrame The register frame.
309 * Updates the EIP if an instruction was executed successfully.
310 * @param pvFault The fault address (CR2).
311 * @param pcbSize Size of the write (if applicable).
312 *
313 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
314 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
315 * to worry about e.g. invalid modrm combinations (!)
316 */
317VMMDECL(int) EMInterpretInstruction(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
318{
319 RTGCPTR pbCode;
320
321 LogFlow(("EMInterpretInstruction %RGv fault %RGv\n", (RTGCPTR)pRegFrame->rip, pvFault));
322 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pRegFrame, pRegFrame->rip, 0, &pbCode);
323 if (RT_SUCCESS(rc))
324 {
325 uint32_t cbOp;
326 PDISCPUSTATE pDis = &pVCpu->em.s.DisState;
327 pDis->mode = SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid);
328 rc = emDisCoreOne(pVM, pVCpu, pDis, (RTGCUINTPTR)pbCode, &cbOp);
329 if (RT_SUCCESS(rc))
330 {
331 Assert(cbOp == pDis->opsize);
332 rc = EMInterpretInstructionCPU(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize);
333 if (RT_SUCCESS(rc))
334 pRegFrame->rip += cbOp; /* Move on to the next instruction. */
335
336 return rc;
337 }
338 }
339 return VERR_EM_INTERPRETER;
340}
341
342
343/**
344 * Interprets the current instruction using the supplied DISCPUSTATE structure.
345 *
346 * EIP is *NOT* updated!
347 *
348 * @returns VBox status code.
349 * @retval VINF_* Scheduling instructions. When these are returned, it
350 * starts to get a bit tricky to know whether code was
351 * executed or not... We'll address this when it becomes a problem.
352 * @retval VERR_EM_INTERPRETER Something we can't cope with.
353 * @retval VERR_* Fatal errors.
354 *
355 * @param pVM The VM handle.
356 * @param pVCpu The VMCPU handle.
357 * @param pDis The disassembler cpu state for the instruction to be
358 * interpreted.
359 * @param pRegFrame The register frame. EIP is *NOT* changed!
360 * @param pvFault The fault address (CR2).
361 * @param pcbSize Size of the write (if applicable).
362 * @param enmCodeType Code type (user/supervisor)
363 *
364 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
365 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
366 * to worry about e.g. invalid modrm combinations (!)
367 *
368 * @todo At this time we do NOT check if the instruction overwrites vital information.
369 * Make sure this can't happen!! (will add some assertions/checks later)
370 */
371VMMDECL(int) EMInterpretInstructionCPUEx(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize, EMCODETYPE enmCodeType)
372{
373 STAM_PROFILE_START(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
374 int rc = emInterpretInstructionCPU(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, enmCodeType);
375 STAM_PROFILE_STOP(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
376 if (RT_SUCCESS(rc))
377 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretSucceeded));
378 else
379 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretFailed));
380 return rc;
381}
382
383
384/**
385 * Interpret a port I/O instruction.
386 *
387 * @returns VBox status code suitable for scheduling.
388 * @param pVM The VM handle.
389 * @param pVCpu The VMCPU handle.
390 * @param pCtxCore The context core. This will be updated on successful return.
391 * @param pDis The instruction to interpret.
392 * @param cbOp The size of the instruction.
393 * @remark This may raise exceptions.
394 */
395VMMDECL(VBOXSTRICTRC) EMInterpretPortIO(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, PDISCPUSTATE pDis, uint32_t cbOp)
396{
397 /*
398 * Hand it on to IOM.
399 */
400#ifdef IN_RC
401 VBOXSTRICTRC rcStrict = IOMGCIOPortHandler(pVM, pCtxCore, pDis);
402 if (IOM_SUCCESS(rcStrict))
403 pCtxCore->rip += cbOp;
404 return rcStrict;
405#else
406 AssertReleaseMsgFailed(("not implemented\n"));
407 return VERR_NOT_IMPLEMENTED;
408#endif
409}
410
411
412DECLINLINE(int) emRamRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, void *pvDst, RTGCPTR GCPtrSrc, uint32_t cb)
413{
414#ifdef IN_RC
415 int rc = MMGCRamRead(pVM, pvDst, (void *)(uintptr_t)GCPtrSrc, cb);
416 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
417 return rc;
418 /*
419 * The page pool cache may end up here in some cases because it
420 * flushed one of the shadow mappings used by the trapping
421 * instruction and it either flushed the TLB or the CPU reused it.
422 */
423#endif
424 return PGMPhysInterpretedReadNoHandlers(pVCpu, pCtxCore, pvDst, GCPtrSrc, cb, /*fMayTrap*/ false);
425}
426
427
428DECLINLINE(int) emRamWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, RTGCPTR GCPtrDst, const void *pvSrc, uint32_t cb)
429{
430#ifdef IN_RC
431 int rc = MMGCRamWrite(pVM, (void *)(uintptr_t)GCPtrDst, (void *)pvSrc, cb);
432 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
433 return rc;
434 /*
435 * The page pool cache may end up here in some cases because it
436 * flushed one of the shadow mappings used by the trapping
437 * instruction and it either flushed the TLB or the CPU reused it.
438 * We want to play safe here, verifying that we've got write
439 * access doesn't cost us much (see PGMPhysGCPtr2GCPhys()).
440 */
441#endif
442 return PGMPhysInterpretedWriteNoHandlers(pVCpu, pCtxCore, GCPtrDst, pvSrc, cb, /*fMayTrap*/ false);
443}
444
445
446/** Convert sel:addr to a flat GC address. */
447DECLINLINE(RTGCPTR) emConvertToFlatAddr(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pDis, POP_PARAMETER pParam, RTGCPTR pvAddr)
448{
449 DIS_SELREG enmPrefixSeg = DISDetectSegReg(pDis, pParam);
450 return SELMToFlat(pVM, enmPrefixSeg, pRegFrame, pvAddr);
451}
452
453
454#if defined(VBOX_STRICT) || defined(LOG_ENABLED)
455/**
456 * Get the mnemonic for the disassembled instruction.
457 *
458 * GC/R0 doesn't include the strings in the DIS tables because
459 * of limited space.
460 */
461static const char *emGetMnemonic(PDISCPUSTATE pDis)
462{
463 switch (pDis->pCurInstr->opcode)
464 {
465 case OP_XCHG: return "Xchg";
466 case OP_DEC: return "Dec";
467 case OP_INC: return "Inc";
468 case OP_POP: return "Pop";
469 case OP_OR: return "Or";
470 case OP_AND: return "And";
471 case OP_MOV: return "Mov";
472 case OP_INVLPG: return "InvlPg";
473 case OP_CPUID: return "CpuId";
474 case OP_MOV_CR: return "MovCRx";
475 case OP_MOV_DR: return "MovDRx";
476 case OP_LLDT: return "LLdt";
477 case OP_LGDT: return "LGdt";
478 case OP_LIDT: return "LIdt";
479 case OP_CLTS: return "Clts";
480 case OP_MONITOR: return "Monitor";
481 case OP_MWAIT: return "MWait";
482 case OP_RDMSR: return "Rdmsr";
483 case OP_WRMSR: return "Wrmsr";
484 case OP_ADD: return "Add";
485 case OP_ADC: return "Adc";
486 case OP_SUB: return "Sub";
487 case OP_SBB: return "Sbb";
488 case OP_RDTSC: return "Rdtsc";
489 case OP_STI: return "Sti";
490 case OP_CLI: return "Cli";
491 case OP_XADD: return "XAdd";
492 case OP_HLT: return "Hlt";
493 case OP_IRET: return "Iret";
494 case OP_MOVNTPS: return "MovNTPS";
495 case OP_STOSWD: return "StosWD";
496 case OP_WBINVD: return "WbInvd";
497 case OP_XOR: return "Xor";
498 case OP_BTR: return "Btr";
499 case OP_BTS: return "Bts";
500 case OP_BTC: return "Btc";
501 case OP_LMSW: return "Lmsw";
502 case OP_SMSW: return "Smsw";
503 case OP_CMPXCHG: return pDis->prefix & PREFIX_LOCK ? "Lock CmpXchg" : "CmpXchg";
504 case OP_CMPXCHG8B: return pDis->prefix & PREFIX_LOCK ? "Lock CmpXchg8b" : "CmpXchg8b";
505
506 default:
507 Log(("Unknown opcode %d\n", pDis->pCurInstr->opcode));
508 return "???";
509 }
510}
511#endif /* VBOX_STRICT || LOG_ENABLED */
512
513
514/**
515 * XCHG instruction emulation.
516 */
517static int emInterpretXchg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
518{
519 OP_PARAMVAL param1, param2;
520
521 /* Source to make DISQueryParamVal read the register value - ugly hack */
522 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
523 if(RT_FAILURE(rc))
524 return VERR_EM_INTERPRETER;
525
526 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
527 if(RT_FAILURE(rc))
528 return VERR_EM_INTERPRETER;
529
530#ifdef IN_RC
531 if (TRPMHasTrap(pVCpu))
532 {
533 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
534 {
535#endif
536 RTGCPTR pParam1 = 0, pParam2 = 0;
537 uint64_t valpar1, valpar2;
538
539 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
540 switch(param1.type)
541 {
542 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
543 valpar1 = param1.val.val64;
544 break;
545
546 case PARMTYPE_ADDRESS:
547 pParam1 = (RTGCPTR)param1.val.val64;
548 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
549 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
550 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
551 if (RT_FAILURE(rc))
552 {
553 AssertMsgFailed(("MMGCRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
554 return VERR_EM_INTERPRETER;
555 }
556 break;
557
558 default:
559 AssertFailed();
560 return VERR_EM_INTERPRETER;
561 }
562
563 switch(param2.type)
564 {
565 case PARMTYPE_ADDRESS:
566 pParam2 = (RTGCPTR)param2.val.val64;
567 pParam2 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param2, pParam2);
568 EM_ASSERT_FAULT_RETURN(pParam2 == pvFault, VERR_EM_INTERPRETER);
569 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar2, pParam2, param2.size);
570 if (RT_FAILURE(rc))
571 {
572 AssertMsgFailed(("MMGCRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
573 }
574 break;
575
576 case PARMTYPE_IMMEDIATE:
577 valpar2 = param2.val.val64;
578 break;
579
580 default:
581 AssertFailed();
582 return VERR_EM_INTERPRETER;
583 }
584
585 /* Write value of parameter 2 to parameter 1 (reg or memory address) */
586 if (pParam1 == 0)
587 {
588 Assert(param1.type == PARMTYPE_IMMEDIATE); /* register actually */
589 switch(param1.size)
590 {
591 case 1: //special case for AH etc
592 rc = DISWriteReg8(pRegFrame, pDis->param1.base.reg_gen, (uint8_t )valpar2); break;
593 case 2: rc = DISWriteReg16(pRegFrame, pDis->param1.base.reg_gen, (uint16_t)valpar2); break;
594 case 4: rc = DISWriteReg32(pRegFrame, pDis->param1.base.reg_gen, (uint32_t)valpar2); break;
595 case 8: rc = DISWriteReg64(pRegFrame, pDis->param1.base.reg_gen, valpar2); break;
596 default: AssertFailedReturn(VERR_EM_INTERPRETER);
597 }
598 if (RT_FAILURE(rc))
599 return VERR_EM_INTERPRETER;
600 }
601 else
602 {
603 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar2, param1.size);
604 if (RT_FAILURE(rc))
605 {
606 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
607 return VERR_EM_INTERPRETER;
608 }
609 }
610
611 /* Write value of parameter 1 to parameter 2 (reg or memory address) */
612 if (pParam2 == 0)
613 {
614 Assert(param2.type == PARMTYPE_IMMEDIATE); /* register actually */
615 switch(param2.size)
616 {
617 case 1: //special case for AH etc
618 rc = DISWriteReg8(pRegFrame, pDis->param2.base.reg_gen, (uint8_t )valpar1); break;
619 case 2: rc = DISWriteReg16(pRegFrame, pDis->param2.base.reg_gen, (uint16_t)valpar1); break;
620 case 4: rc = DISWriteReg32(pRegFrame, pDis->param2.base.reg_gen, (uint32_t)valpar1); break;
621 case 8: rc = DISWriteReg64(pRegFrame, pDis->param2.base.reg_gen, valpar1); break;
622 default: AssertFailedReturn(VERR_EM_INTERPRETER);
623 }
624 if (RT_FAILURE(rc))
625 return VERR_EM_INTERPRETER;
626 }
627 else
628 {
629 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam2, &valpar1, param2.size);
630 if (RT_FAILURE(rc))
631 {
632 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
633 return VERR_EM_INTERPRETER;
634 }
635 }
636
637 *pcbSize = param2.size;
638 return VINF_SUCCESS;
639#ifdef IN_RC
640 }
641 }
642#endif
643 return VERR_EM_INTERPRETER;
644}
645
646
647/**
648 * INC and DEC emulation.
649 */
650static int emInterpretIncDec(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
651 PFNEMULATEPARAM2 pfnEmulate)
652{
653 OP_PARAMVAL param1;
654
655 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
656 if(RT_FAILURE(rc))
657 return VERR_EM_INTERPRETER;
658
659#ifdef IN_RC
660 if (TRPMHasTrap(pVCpu))
661 {
662 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
663 {
664#endif
665 RTGCPTR pParam1 = 0;
666 uint64_t valpar1;
667
668 if (param1.type == PARMTYPE_ADDRESS)
669 {
670 pParam1 = (RTGCPTR)param1.val.val64;
671 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
672#ifdef IN_RC
673 /* Safety check (in theory it could cross a page boundary and fault there though) */
674 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
675#endif
676 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
677 if (RT_FAILURE(rc))
678 {
679 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
680 return VERR_EM_INTERPRETER;
681 }
682 }
683 else
684 {
685 AssertFailed();
686 return VERR_EM_INTERPRETER;
687 }
688
689 uint32_t eflags;
690
691 eflags = pfnEmulate(&valpar1, param1.size);
692
693 /* Write result back */
694 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
695 if (RT_FAILURE(rc))
696 {
697 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
698 return VERR_EM_INTERPRETER;
699 }
700
701 /* Update guest's eflags and finish. */
702 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
703 | (eflags & (X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
704
705 /* All done! */
706 *pcbSize = param1.size;
707 return VINF_SUCCESS;
708#ifdef IN_RC
709 }
710 }
711#endif
712 return VERR_EM_INTERPRETER;
713}
714
715
716/**
717 * POP Emulation.
718 */
719static int emInterpretPop(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
720{
721 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
722 OP_PARAMVAL param1;
723 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
724 if(RT_FAILURE(rc))
725 return VERR_EM_INTERPRETER;
726
727#ifdef IN_RC
728 if (TRPMHasTrap(pVCpu))
729 {
730 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
731 {
732#endif
733 RTGCPTR pParam1 = 0;
734 uint32_t valpar1;
735 RTGCPTR pStackVal;
736
737 /* Read stack value first */
738 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid) == CPUMODE_16BIT)
739 return VERR_EM_INTERPRETER; /* No legacy 16 bits stuff here, please. */
740
741 /* Convert address; don't bother checking limits etc, as we only read here */
742 pStackVal = SELMToFlat(pVM, DIS_SELREG_SS, pRegFrame, (RTGCPTR)pRegFrame->esp);
743 if (pStackVal == 0)
744 return VERR_EM_INTERPRETER;
745
746 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pStackVal, param1.size);
747 if (RT_FAILURE(rc))
748 {
749 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
750 return VERR_EM_INTERPRETER;
751 }
752
753 if (param1.type == PARMTYPE_ADDRESS)
754 {
755 pParam1 = (RTGCPTR)param1.val.val64;
756
757 /* pop [esp+xx] uses esp after the actual pop! */
758 AssertCompile(USE_REG_ESP == USE_REG_SP);
759 if ( (pDis->param1.flags & USE_BASE)
760 && (pDis->param1.flags & (USE_REG_GEN16|USE_REG_GEN32))
761 && pDis->param1.base.reg_gen == USE_REG_ESP
762 )
763 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + param1.size);
764
765 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
766 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault || (RTGCPTR)pRegFrame->esp == pvFault, VERR_EM_INTERPRETER);
767 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
768 if (RT_FAILURE(rc))
769 {
770 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
771 return VERR_EM_INTERPRETER;
772 }
773
774 /* Update ESP as the last step */
775 pRegFrame->esp += param1.size;
776 }
777 else
778 {
779#ifndef DEBUG_bird // annoying assertion.
780 AssertFailed();
781#endif
782 return VERR_EM_INTERPRETER;
783 }
784
785 /* All done! */
786 *pcbSize = param1.size;
787 return VINF_SUCCESS;
788#ifdef IN_RC
789 }
790 }
791#endif
792 return VERR_EM_INTERPRETER;
793}
794
795
796/**
797 * XOR/OR/AND Emulation.
798 */
799static int emInterpretOrXorAnd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
800 PFNEMULATEPARAM3 pfnEmulate)
801{
802 OP_PARAMVAL param1, param2;
803
804 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
805 if(RT_FAILURE(rc))
806 return VERR_EM_INTERPRETER;
807
808 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
809 if(RT_FAILURE(rc))
810 return VERR_EM_INTERPRETER;
811
812#ifdef IN_RC
813 if (TRPMHasTrap(pVCpu))
814 {
815 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
816 {
817#endif
818 RTGCPTR pParam1;
819 uint64_t valpar1, valpar2;
820
821 if (pDis->param1.size != pDis->param2.size)
822 {
823 if (pDis->param1.size < pDis->param2.size)
824 {
825 AssertMsgFailed(("%s at %RGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip, pDis->param1.size, pDis->param2.size)); /* should never happen! */
826 return VERR_EM_INTERPRETER;
827 }
828 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
829 pDis->param2.size = pDis->param1.size;
830 param2.size = param1.size;
831 }
832
833 /* The destination is always a virtual address */
834 if (param1.type == PARMTYPE_ADDRESS)
835 {
836 pParam1 = (RTGCPTR)param1.val.val64;
837 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
838 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
839 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
840 if (RT_FAILURE(rc))
841 {
842 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
843 return VERR_EM_INTERPRETER;
844 }
845 }
846 else
847 {
848 AssertFailed();
849 return VERR_EM_INTERPRETER;
850 }
851
852 /* Register or immediate data */
853 switch(param2.type)
854 {
855 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
856 valpar2 = param2.val.val64;
857 break;
858
859 default:
860 AssertFailed();
861 return VERR_EM_INTERPRETER;
862 }
863
864 LogFlow(("emInterpretOrXorAnd %s %RGv %RX64 - %RX64 size %d (%d)\n", emGetMnemonic(pDis), pParam1, valpar1, valpar2, param2.size, param1.size));
865
866 /* Data read, emulate instruction. */
867 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
868
869 LogFlow(("emInterpretOrXorAnd %s result %RX64\n", emGetMnemonic(pDis), valpar1));
870
871 /* Update guest's eflags and finish. */
872 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
873 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
874
875 /* And write it back */
876 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
877 if (RT_SUCCESS(rc))
878 {
879 /* All done! */
880 *pcbSize = param2.size;
881 return VINF_SUCCESS;
882 }
883#ifdef IN_RC
884 }
885 }
886#endif
887 return VERR_EM_INTERPRETER;
888}
889
890
891/**
892 * LOCK XOR/OR/AND Emulation.
893 */
894static int emInterpretLockOrXorAnd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
895 uint32_t *pcbSize, PFNEMULATELOCKPARAM3 pfnEmulate)
896{
897 void *pvParam1;
898 OP_PARAMVAL param1, param2;
899
900#if HC_ARCH_BITS == 32
901 Assert(pDis->param1.size <= 4);
902#endif
903
904 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
905 if(RT_FAILURE(rc))
906 return VERR_EM_INTERPRETER;
907
908 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
909 if(RT_FAILURE(rc))
910 return VERR_EM_INTERPRETER;
911
912 if (pDis->param1.size != pDis->param2.size)
913 {
914 AssertMsgReturn(pDis->param1.size >= pDis->param2.size, /* should never happen! */
915 ("%s at %RGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip, pDis->param1.size, pDis->param2.size),
916 VERR_EM_INTERPRETER);
917
918 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
919 pDis->param2.size = pDis->param1.size;
920 param2.size = param1.size;
921 }
922
923#ifdef IN_RC
924 /* Safety check (in theory it could cross a page boundary and fault there though) */
925 Assert( TRPMHasTrap(pVCpu)
926 && (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW));
927 EM_ASSERT_FAULT_RETURN(GCPtrPar1 == pvFault, VERR_EM_INTERPRETER);
928#endif
929
930 /* Register and immediate data == PARMTYPE_IMMEDIATE */
931 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
932 RTGCUINTREG ValPar2 = param2.val.val64;
933
934 /* The destination is always a virtual address */
935 AssertReturn(param1.type == PARMTYPE_ADDRESS, VERR_EM_INTERPRETER);
936
937 RTGCPTR GCPtrPar1 = param1.val.val64;
938 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
939#ifdef IN_RC
940 pvParam1 = (void *)(uintptr_t)GCPtrPar1;
941#else
942 PGMPAGEMAPLOCK Lock;
943 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
944 AssertRCReturn(rc, VERR_EM_INTERPRETER);
945#endif
946
947 /* Try emulate it with a one-shot #PF handler in place. (RC) */
948 Log2(("%s %RGv imm%d=%RX64\n", emGetMnemonic(pDis), GCPtrPar1, pDis->param2.size*8, ValPar2));
949
950 RTGCUINTREG32 eflags = 0;
951#ifdef IN_RC
952 MMGCRamRegisterTrapHandler(pVM);
953#endif
954 rc = pfnEmulate(pvParam1, ValPar2, pDis->param2.size, &eflags);
955#ifdef IN_RC
956 MMGCRamDeregisterTrapHandler(pVM);
957#else
958 PGMPhysReleasePageMappingLock(pVM, &Lock);
959#endif
960 if (RT_FAILURE(rc))
961 {
962 Log(("%s %RGv imm%d=%RX64-> emulation failed due to page fault!\n", emGetMnemonic(pDis), GCPtrPar1, pDis->param2.size*8, ValPar2));
963 return VERR_EM_INTERPRETER;
964 }
965
966 /* Update guest's eflags and finish. */
967 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
968 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
969
970 *pcbSize = param2.size;
971 return VINF_SUCCESS;
972}
973
974
975/**
976 * ADD, ADC & SUB Emulation.
977 */
978static int emInterpretAddSub(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
979 PFNEMULATEPARAM3 pfnEmulate)
980{
981 OP_PARAMVAL param1, param2;
982 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
983 if(RT_FAILURE(rc))
984 return VERR_EM_INTERPRETER;
985
986 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
987 if(RT_FAILURE(rc))
988 return VERR_EM_INTERPRETER;
989
990#ifdef IN_RC
991 if (TRPMHasTrap(pVCpu))
992 {
993 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
994 {
995#endif
996 RTGCPTR pParam1;
997 uint64_t valpar1, valpar2;
998
999 if (pDis->param1.size != pDis->param2.size)
1000 {
1001 if (pDis->param1.size < pDis->param2.size)
1002 {
1003 AssertMsgFailed(("%s at %RGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip, pDis->param1.size, pDis->param2.size)); /* should never happen! */
1004 return VERR_EM_INTERPRETER;
1005 }
1006 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
1007 pDis->param2.size = pDis->param1.size;
1008 param2.size = param1.size;
1009 }
1010
1011 /* The destination is always a virtual address */
1012 if (param1.type == PARMTYPE_ADDRESS)
1013 {
1014 pParam1 = (RTGCPTR)param1.val.val64;
1015 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
1016 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
1017 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
1018 if (RT_FAILURE(rc))
1019 {
1020 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
1021 return VERR_EM_INTERPRETER;
1022 }
1023 }
1024 else
1025 {
1026#ifndef DEBUG_bird
1027 AssertFailed();
1028#endif
1029 return VERR_EM_INTERPRETER;
1030 }
1031
1032 /* Register or immediate data */
1033 switch(param2.type)
1034 {
1035 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1036 valpar2 = param2.val.val64;
1037 break;
1038
1039 default:
1040 AssertFailed();
1041 return VERR_EM_INTERPRETER;
1042 }
1043
1044 /* Data read, emulate instruction. */
1045 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
1046
1047 /* Update guest's eflags and finish. */
1048 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1049 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1050
1051 /* And write it back */
1052 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
1053 if (RT_SUCCESS(rc))
1054 {
1055 /* All done! */
1056 *pcbSize = param2.size;
1057 return VINF_SUCCESS;
1058 }
1059#ifdef IN_RC
1060 }
1061 }
1062#endif
1063 return VERR_EM_INTERPRETER;
1064}
1065
1066
1067/**
1068 * ADC Emulation.
1069 */
1070static int emInterpretAdc(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1071{
1072 if (pRegFrame->eflags.Bits.u1CF)
1073 return emInterpretAddSub(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, EMEmulateAdcWithCarrySet);
1074 else
1075 return emInterpretAddSub(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, EMEmulateAdd);
1076}
1077
1078
1079/**
1080 * BTR/C/S Emulation.
1081 */
1082static int emInterpretBitTest(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
1083 PFNEMULATEPARAM2UINT32 pfnEmulate)
1084{
1085 OP_PARAMVAL param1, param2;
1086 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
1087 if(RT_FAILURE(rc))
1088 return VERR_EM_INTERPRETER;
1089
1090 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1091 if(RT_FAILURE(rc))
1092 return VERR_EM_INTERPRETER;
1093
1094#ifdef IN_RC
1095 if (TRPMHasTrap(pVCpu))
1096 {
1097 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1098 {
1099#endif
1100 RTGCPTR pParam1;
1101 uint64_t valpar1 = 0, valpar2;
1102 uint32_t eflags;
1103
1104 /* The destination is always a virtual address */
1105 if (param1.type != PARMTYPE_ADDRESS)
1106 return VERR_EM_INTERPRETER;
1107
1108 pParam1 = (RTGCPTR)param1.val.val64;
1109 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
1110
1111 /* Register or immediate data */
1112 switch(param2.type)
1113 {
1114 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1115 valpar2 = param2.val.val64;
1116 break;
1117
1118 default:
1119 AssertFailed();
1120 return VERR_EM_INTERPRETER;
1121 }
1122
1123 Log2(("emInterpret%s: pvFault=%RGv pParam1=%RGv val2=%x\n", emGetMnemonic(pDis), pvFault, pParam1, valpar2));
1124 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + valpar2/8);
1125 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)pParam1 & ~3) == pvFault, VERR_EM_INTERPRETER);
1126 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, 1);
1127 if (RT_FAILURE(rc))
1128 {
1129 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
1130 return VERR_EM_INTERPRETER;
1131 }
1132
1133 Log2(("emInterpretBtx: val=%x\n", valpar1));
1134 /* Data read, emulate bit test instruction. */
1135 eflags = pfnEmulate(&valpar1, valpar2 & 0x7);
1136
1137 Log2(("emInterpretBtx: val=%x CF=%d\n", valpar1, !!(eflags & X86_EFL_CF)));
1138
1139 /* Update guest's eflags and finish. */
1140 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1141 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1142
1143 /* And write it back */
1144 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, 1);
1145 if (RT_SUCCESS(rc))
1146 {
1147 /* All done! */
1148 *pcbSize = 1;
1149 return VINF_SUCCESS;
1150 }
1151#ifdef IN_RC
1152 }
1153 }
1154#endif
1155 return VERR_EM_INTERPRETER;
1156}
1157
1158
1159/**
1160 * LOCK BTR/C/S Emulation.
1161 */
1162static int emInterpretLockBitTest(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
1163 uint32_t *pcbSize, PFNEMULATELOCKPARAM2 pfnEmulate)
1164{
1165 void *pvParam1;
1166
1167 OP_PARAMVAL param1, param2;
1168 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
1169 if(RT_FAILURE(rc))
1170 return VERR_EM_INTERPRETER;
1171
1172 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1173 if(RT_FAILURE(rc))
1174 return VERR_EM_INTERPRETER;
1175
1176 /* The destination is always a virtual address */
1177 if (param1.type != PARMTYPE_ADDRESS)
1178 return VERR_EM_INTERPRETER;
1179
1180 /* Register and immediate data == PARMTYPE_IMMEDIATE */
1181 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
1182 uint64_t ValPar2 = param2.val.val64;
1183
1184 /* Adjust the parameters so what we're dealing with is a bit within the byte pointed to. */
1185 RTGCPTR GCPtrPar1 = param1.val.val64;
1186 GCPtrPar1 = (GCPtrPar1 + ValPar2 / 8);
1187 ValPar2 &= 7;
1188
1189 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
1190#ifdef IN_RC
1191 Assert(TRPMHasTrap(pVCpu));
1192 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)GCPtrPar1 & ~(RTGCUINTPTR)3) == pvFault, VERR_EM_INTERPRETER);
1193#endif
1194
1195#ifdef IN_RC
1196 pvParam1 = (void *)(uintptr_t)GCPtrPar1;
1197#else
1198 PGMPAGEMAPLOCK Lock;
1199 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
1200 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1201#endif
1202
1203 Log2(("emInterpretLockBitTest %s: pvFault=%RGv GCPtrPar1=%RGv imm=%RX64\n", emGetMnemonic(pDis), pvFault, GCPtrPar1, ValPar2));
1204
1205 /* Try emulate it with a one-shot #PF handler in place. (RC) */
1206 RTGCUINTREG32 eflags = 0;
1207#ifdef IN_RC
1208 MMGCRamRegisterTrapHandler(pVM);
1209#endif
1210 rc = pfnEmulate(pvParam1, ValPar2, &eflags);
1211#ifdef IN_RC
1212 MMGCRamDeregisterTrapHandler(pVM);
1213#else
1214 PGMPhysReleasePageMappingLock(pVM, &Lock);
1215#endif
1216 if (RT_FAILURE(rc))
1217 {
1218 Log(("emInterpretLockBitTest %s: %RGv imm%d=%RX64 -> emulation failed due to page fault!\n",
1219 emGetMnemonic(pDis), GCPtrPar1, pDis->param2.size*8, ValPar2));
1220 return VERR_EM_INTERPRETER;
1221 }
1222
1223 Log2(("emInterpretLockBitTest %s: GCPtrPar1=%RGv imm=%RX64 CF=%d\n", emGetMnemonic(pDis), GCPtrPar1, ValPar2, !!(eflags & X86_EFL_CF)));
1224
1225 /* Update guest's eflags and finish. */
1226 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1227 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1228
1229 *pcbSize = 1;
1230 return VINF_SUCCESS;
1231}
1232
1233
1234/**
1235 * MOV emulation.
1236 */
1237static int emInterpretMov(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1238{
1239 OP_PARAMVAL param1, param2;
1240 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
1241 if(RT_FAILURE(rc))
1242 return VERR_EM_INTERPRETER;
1243
1244 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1245 if(RT_FAILURE(rc))
1246 return VERR_EM_INTERPRETER;
1247
1248#ifdef IN_RC
1249 if (TRPMHasTrap(pVCpu))
1250 {
1251 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1252 {
1253#else
1254 /** @todo Make this the default and don't rely on TRPM information. */
1255 if (param1.type == PARMTYPE_ADDRESS)
1256 {
1257#endif
1258 RTGCPTR pDest;
1259 uint64_t val64;
1260
1261 switch(param1.type)
1262 {
1263 case PARMTYPE_IMMEDIATE:
1264 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1265 return VERR_EM_INTERPRETER;
1266 /* fallthru */
1267
1268 case PARMTYPE_ADDRESS:
1269 pDest = (RTGCPTR)param1.val.val64;
1270 pDest = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pDest);
1271 break;
1272
1273 default:
1274 AssertFailed();
1275 return VERR_EM_INTERPRETER;
1276 }
1277
1278 switch(param2.type)
1279 {
1280 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
1281 val64 = param2.val.val64;
1282 break;
1283
1284 default:
1285 Log(("emInterpretMov: unexpected type=%d rip=%RGv\n", param2.type, (RTGCPTR)pRegFrame->rip));
1286 return VERR_EM_INTERPRETER;
1287 }
1288#ifdef LOG_ENABLED
1289 if (pDis->mode == CPUMODE_64BIT)
1290 LogFlow(("EMInterpretInstruction at %RGv: OP_MOV %RGv <- %RX64 (%d) &val64=%RHv\n", (RTGCPTR)pRegFrame->rip, pDest, val64, param2.size, &val64));
1291 else
1292 LogFlow(("EMInterpretInstruction at %08RX64: OP_MOV %RGv <- %08X (%d) &val64=%RHv\n", pRegFrame->rip, pDest, (uint32_t)val64, param2.size, &val64));
1293#endif
1294
1295 Assert(param2.size <= 8 && param2.size > 0);
1296 EM_ASSERT_FAULT_RETURN(pDest == pvFault, VERR_EM_INTERPRETER);
1297 rc = emRamWrite(pVM, pVCpu, pRegFrame, pDest, &val64, param2.size);
1298 if (RT_FAILURE(rc))
1299 return VERR_EM_INTERPRETER;
1300
1301 *pcbSize = param2.size;
1302 }
1303 else
1304 { /* read fault */
1305 RTGCPTR pSrc;
1306 uint64_t val64;
1307
1308 /* Source */
1309 switch(param2.type)
1310 {
1311 case PARMTYPE_IMMEDIATE:
1312 if(!(param2.flags & (PARAM_VAL32|PARAM_VAL64)))
1313 return VERR_EM_INTERPRETER;
1314 /* fallthru */
1315
1316 case PARMTYPE_ADDRESS:
1317 pSrc = (RTGCPTR)param2.val.val64;
1318 pSrc = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param2, pSrc);
1319 break;
1320
1321 default:
1322 return VERR_EM_INTERPRETER;
1323 }
1324
1325 Assert(param1.size <= 8 && param1.size > 0);
1326 EM_ASSERT_FAULT_RETURN(pSrc == pvFault, VERR_EM_INTERPRETER);
1327 rc = emRamRead(pVM, pVCpu, pRegFrame, &val64, pSrc, param1.size);
1328 if (RT_FAILURE(rc))
1329 return VERR_EM_INTERPRETER;
1330
1331 /* Destination */
1332 switch(param1.type)
1333 {
1334 case PARMTYPE_REGISTER:
1335 switch(param1.size)
1336 {
1337 case 1: rc = DISWriteReg8(pRegFrame, pDis->param1.base.reg_gen, (uint8_t) val64); break;
1338 case 2: rc = DISWriteReg16(pRegFrame, pDis->param1.base.reg_gen, (uint16_t)val64); break;
1339 case 4: rc = DISWriteReg32(pRegFrame, pDis->param1.base.reg_gen, (uint32_t)val64); break;
1340 case 8: rc = DISWriteReg64(pRegFrame, pDis->param1.base.reg_gen, val64); break;
1341 default:
1342 return VERR_EM_INTERPRETER;
1343 }
1344 if (RT_FAILURE(rc))
1345 return rc;
1346 break;
1347
1348 default:
1349 return VERR_EM_INTERPRETER;
1350 }
1351#ifdef LOG_ENABLED
1352 if (pDis->mode == CPUMODE_64BIT)
1353 LogFlow(("EMInterpretInstruction: OP_MOV %RGv -> %RX64 (%d)\n", pSrc, val64, param1.size));
1354 else
1355 LogFlow(("EMInterpretInstruction: OP_MOV %RGv -> %08X (%d)\n", pSrc, (uint32_t)val64, param1.size));
1356#endif
1357 }
1358 return VINF_SUCCESS;
1359#ifdef IN_RC
1360 }
1361#endif
1362 return VERR_EM_INTERPRETER;
1363}
1364
1365
1366#ifndef IN_RC
1367/**
1368 * [REP] STOSWD emulation
1369 */
1370static int emInterpretStosWD(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1371{
1372 int rc;
1373 RTGCPTR GCDest, GCOffset;
1374 uint32_t cbSize;
1375 uint64_t cTransfers;
1376 int offIncrement;
1377
1378 /* Don't support any but these three prefix bytes. */
1379 if ((pDis->prefix & ~(PREFIX_ADDRSIZE|PREFIX_OPSIZE|PREFIX_REP|PREFIX_REX)))
1380 return VERR_EM_INTERPRETER;
1381
1382 switch (pDis->addrmode)
1383 {
1384 case CPUMODE_16BIT:
1385 GCOffset = pRegFrame->di;
1386 cTransfers = pRegFrame->cx;
1387 break;
1388 case CPUMODE_32BIT:
1389 GCOffset = pRegFrame->edi;
1390 cTransfers = pRegFrame->ecx;
1391 break;
1392 case CPUMODE_64BIT:
1393 GCOffset = pRegFrame->rdi;
1394 cTransfers = pRegFrame->rcx;
1395 break;
1396 default:
1397 AssertFailed();
1398 return VERR_EM_INTERPRETER;
1399 }
1400
1401 GCDest = SELMToFlat(pVM, DIS_SELREG_ES, pRegFrame, GCOffset);
1402 switch (pDis->opmode)
1403 {
1404 case CPUMODE_16BIT:
1405 cbSize = 2;
1406 break;
1407 case CPUMODE_32BIT:
1408 cbSize = 4;
1409 break;
1410 case CPUMODE_64BIT:
1411 cbSize = 8;
1412 break;
1413 default:
1414 AssertFailed();
1415 return VERR_EM_INTERPRETER;
1416 }
1417
1418 offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cbSize : (signed)cbSize;
1419
1420 if (!(pDis->prefix & PREFIX_REP))
1421 {
1422 LogFlow(("emInterpretStosWD dest=%04X:%RGv (%RGv) cbSize=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize));
1423
1424 rc = emRamWrite(pVM, pVCpu, pRegFrame, GCDest, &pRegFrame->rax, cbSize);
1425 if (RT_FAILURE(rc))
1426 return VERR_EM_INTERPRETER;
1427 Assert(rc == VINF_SUCCESS);
1428
1429 /* Update (e/r)di. */
1430 switch (pDis->addrmode)
1431 {
1432 case CPUMODE_16BIT:
1433 pRegFrame->di += offIncrement;
1434 break;
1435 case CPUMODE_32BIT:
1436 pRegFrame->edi += offIncrement;
1437 break;
1438 case CPUMODE_64BIT:
1439 pRegFrame->rdi += offIncrement;
1440 break;
1441 default:
1442 AssertFailed();
1443 return VERR_EM_INTERPRETER;
1444 }
1445
1446 }
1447 else
1448 {
1449 if (!cTransfers)
1450 return VINF_SUCCESS;
1451
1452 /*
1453 * Do *not* try emulate cross page stuff here because we don't know what might
1454 * be waiting for us on the subsequent pages. The caller has only asked us to
1455 * ignore access handlers fro the current page.
1456 * This also fends off big stores which would quickly kill PGMR0DynMap.
1457 */
1458 if ( cbSize > PAGE_SIZE
1459 || cTransfers > PAGE_SIZE
1460 || (GCDest >> PAGE_SHIFT) != ((GCDest + offIncrement * cTransfers) >> PAGE_SHIFT))
1461 {
1462 Log(("STOSWD is crosses pages, chicken out to the recompiler; GCDest=%RGv cbSize=%#x offIncrement=%d cTransfers=%#x\n",
1463 GCDest, cbSize, offIncrement, cTransfers));
1464 return VERR_EM_INTERPRETER;
1465 }
1466
1467 LogFlow(("emInterpretStosWD dest=%04X:%RGv (%RGv) cbSize=%d cTransfers=%x DF=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize, cTransfers, pRegFrame->eflags.Bits.u1DF));
1468 /* Access verification first; we currently can't recover properly from traps inside this instruction */
1469 rc = PGMVerifyAccess(pVCpu, GCDest - ((offIncrement > 0) ? 0 : ((cTransfers-1) * cbSize)),
1470 cTransfers * cbSize,
1471 X86_PTE_RW | (CPUMGetGuestCPL(pVCpu, pRegFrame) == 3 ? X86_PTE_US : 0));
1472 if (rc != VINF_SUCCESS)
1473 {
1474 Log(("STOSWD will generate a trap -> recompiler, rc=%d\n", rc));
1475 return VERR_EM_INTERPRETER;
1476 }
1477
1478 /* REP case */
1479 while (cTransfers)
1480 {
1481 rc = emRamWrite(pVM, pVCpu, pRegFrame, GCDest, &pRegFrame->rax, cbSize);
1482 if (RT_FAILURE(rc))
1483 {
1484 rc = VERR_EM_INTERPRETER;
1485 break;
1486 }
1487
1488 Assert(rc == VINF_SUCCESS);
1489 GCOffset += offIncrement;
1490 GCDest += offIncrement;
1491 cTransfers--;
1492 }
1493
1494 /* Update the registers. */
1495 switch (pDis->addrmode)
1496 {
1497 case CPUMODE_16BIT:
1498 pRegFrame->di = GCOffset;
1499 pRegFrame->cx = cTransfers;
1500 break;
1501 case CPUMODE_32BIT:
1502 pRegFrame->edi = GCOffset;
1503 pRegFrame->ecx = cTransfers;
1504 break;
1505 case CPUMODE_64BIT:
1506 pRegFrame->rdi = GCOffset;
1507 pRegFrame->rcx = cTransfers;
1508 break;
1509 default:
1510 AssertFailed();
1511 return VERR_EM_INTERPRETER;
1512 }
1513 }
1514
1515 *pcbSize = cbSize;
1516 return rc;
1517}
1518#endif /* !IN_RC */
1519
1520#ifndef IN_RC
1521
1522/**
1523 * [LOCK] CMPXCHG emulation.
1524 */
1525static int emInterpretCmpXchg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1526{
1527 OP_PARAMVAL param1, param2;
1528
1529#if HC_ARCH_BITS == 32 && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL_IN_R0)
1530 Assert(pDis->param1.size <= 4);
1531#endif
1532
1533 /* Source to make DISQueryParamVal read the register value - ugly hack */
1534 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1535 if(RT_FAILURE(rc))
1536 return VERR_EM_INTERPRETER;
1537
1538 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1539 if(RT_FAILURE(rc))
1540 return VERR_EM_INTERPRETER;
1541
1542 uint64_t valpar;
1543 switch(param2.type)
1544 {
1545 case PARMTYPE_IMMEDIATE: /* register actually */
1546 valpar = param2.val.val64;
1547 break;
1548
1549 default:
1550 return VERR_EM_INTERPRETER;
1551 }
1552
1553 PGMPAGEMAPLOCK Lock;
1554 RTGCPTR GCPtrPar1;
1555 void *pvParam1;
1556 uint64_t eflags;
1557
1558 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
1559 switch(param1.type)
1560 {
1561 case PARMTYPE_ADDRESS:
1562 GCPtrPar1 = param1.val.val64;
1563 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
1564
1565 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
1566 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1567 break;
1568
1569 default:
1570 return VERR_EM_INTERPRETER;
1571 }
1572
1573 LogFlow(("%s %RGv rax=%RX64 %RX64\n", emGetMnemonic(pDis), GCPtrPar1, pRegFrame->rax, valpar));
1574
1575 if (pDis->prefix & PREFIX_LOCK)
1576 eflags = EMEmulateLockCmpXchg(pvParam1, &pRegFrame->rax, valpar, pDis->param2.size);
1577 else
1578 eflags = EMEmulateCmpXchg(pvParam1, &pRegFrame->rax, valpar, pDis->param2.size);
1579
1580 LogFlow(("%s %RGv rax=%RX64 %RX64 ZF=%d\n", emGetMnemonic(pDis), GCPtrPar1, pRegFrame->rax, valpar, !!(eflags & X86_EFL_ZF)));
1581
1582 /* Update guest's eflags and finish. */
1583 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1584 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1585
1586 *pcbSize = param2.size;
1587 PGMPhysReleasePageMappingLock(pVM, &Lock);
1588 return VINF_SUCCESS;
1589}
1590
1591
1592/**
1593 * [LOCK] CMPXCHG8B emulation.
1594 */
1595static int emInterpretCmpXchg8b(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1596{
1597 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1598 OP_PARAMVAL param1;
1599
1600 /* Source to make DISQueryParamVal read the register value - ugly hack */
1601 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1602 if(RT_FAILURE(rc))
1603 return VERR_EM_INTERPRETER;
1604
1605 RTGCPTR GCPtrPar1;
1606 void *pvParam1;
1607 uint64_t eflags;
1608 PGMPAGEMAPLOCK Lock;
1609
1610 AssertReturn(pDis->param1.size == 8, VERR_EM_INTERPRETER);
1611 switch(param1.type)
1612 {
1613 case PARMTYPE_ADDRESS:
1614 GCPtrPar1 = param1.val.val64;
1615 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
1616
1617 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
1618 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1619 break;
1620
1621 default:
1622 return VERR_EM_INTERPRETER;
1623 }
1624
1625 LogFlow(("%s %RGv=%08x eax=%08x\n", emGetMnemonic(pDis), pvParam1, pRegFrame->eax));
1626
1627 if (pDis->prefix & PREFIX_LOCK)
1628 eflags = EMEmulateLockCmpXchg8b(pvParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx);
1629 else
1630 eflags = EMEmulateCmpXchg8b(pvParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx);
1631
1632 LogFlow(("%s %RGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pDis), pvParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1633
1634 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1635 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1636 | (eflags & (X86_EFL_ZF));
1637
1638 *pcbSize = 8;
1639 PGMPhysReleasePageMappingLock(pVM, &Lock);
1640 return VINF_SUCCESS;
1641}
1642
1643#else /* IN_RC */
1644
1645/**
1646 * [LOCK] CMPXCHG emulation.
1647 */
1648static int emInterpretCmpXchg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1649{
1650 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1651 OP_PARAMVAL param1, param2;
1652
1653 /* Source to make DISQueryParamVal read the register value - ugly hack */
1654 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1655 if(RT_FAILURE(rc))
1656 return VERR_EM_INTERPRETER;
1657
1658 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1659 if(RT_FAILURE(rc))
1660 return VERR_EM_INTERPRETER;
1661
1662 if (TRPMHasTrap(pVCpu))
1663 {
1664 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1665 {
1666 RTRCPTR pParam1;
1667 uint32_t valpar, eflags;
1668
1669 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
1670 switch(param1.type)
1671 {
1672 case PARMTYPE_ADDRESS:
1673 pParam1 = (RTRCPTR)(uintptr_t)emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, (RTRCUINTPTR)param1.val.val64);
1674 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1675 break;
1676
1677 default:
1678 return VERR_EM_INTERPRETER;
1679 }
1680
1681 switch(param2.type)
1682 {
1683 case PARMTYPE_IMMEDIATE: /* register actually */
1684 valpar = param2.val.val32;
1685 break;
1686
1687 default:
1688 return VERR_EM_INTERPRETER;
1689 }
1690
1691 LogFlow(("%s %RRv eax=%08x %08x\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, valpar));
1692
1693 MMGCRamRegisterTrapHandler(pVM);
1694 if (pDis->prefix & PREFIX_LOCK)
1695 rc = EMGCEmulateLockCmpXchg(pParam1, &pRegFrame->eax, valpar, pDis->param2.size, &eflags);
1696 else
1697 rc = EMGCEmulateCmpXchg(pParam1, &pRegFrame->eax, valpar, pDis->param2.size, &eflags);
1698 MMGCRamDeregisterTrapHandler(pVM);
1699
1700 if (RT_FAILURE(rc))
1701 {
1702 Log(("%s %RGv eax=%08x %08x -> emulation failed due to page fault!\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, valpar));
1703 return VERR_EM_INTERPRETER;
1704 }
1705
1706 LogFlow(("%s %RRv eax=%08x %08x ZF=%d\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, valpar, !!(eflags & X86_EFL_ZF)));
1707
1708 /* Update guest's eflags and finish. */
1709 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1710 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1711
1712 *pcbSize = param2.size;
1713 return VINF_SUCCESS;
1714 }
1715 }
1716 return VERR_EM_INTERPRETER;
1717}
1718
1719
1720/**
1721 * [LOCK] CMPXCHG8B emulation.
1722 */
1723static int emInterpretCmpXchg8b(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1724{
1725 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1726 OP_PARAMVAL param1;
1727
1728 /* Source to make DISQueryParamVal read the register value - ugly hack */
1729 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1730 if(RT_FAILURE(rc))
1731 return VERR_EM_INTERPRETER;
1732
1733 if (TRPMHasTrap(pVCpu))
1734 {
1735 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1736 {
1737 RTRCPTR pParam1;
1738 uint32_t eflags;
1739
1740 AssertReturn(pDis->param1.size == 8, VERR_EM_INTERPRETER);
1741 switch(param1.type)
1742 {
1743 case PARMTYPE_ADDRESS:
1744 pParam1 = (RTRCPTR)(uintptr_t)emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, (RTRCUINTPTR)param1.val.val64);
1745 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1746 break;
1747
1748 default:
1749 return VERR_EM_INTERPRETER;
1750 }
1751
1752 LogFlow(("%s %RRv=%08x eax=%08x\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax));
1753
1754 MMGCRamRegisterTrapHandler(pVM);
1755 if (pDis->prefix & PREFIX_LOCK)
1756 rc = EMGCEmulateLockCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1757 else
1758 rc = EMGCEmulateCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1759 MMGCRamDeregisterTrapHandler(pVM);
1760
1761 if (RT_FAILURE(rc))
1762 {
1763 Log(("%s %RGv=%08x eax=%08x -> emulation failed due to page fault!\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax));
1764 return VERR_EM_INTERPRETER;
1765 }
1766
1767 LogFlow(("%s %RGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1768
1769 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1770 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1771 | (eflags & (X86_EFL_ZF));
1772
1773 *pcbSize = 8;
1774 return VINF_SUCCESS;
1775 }
1776 }
1777 return VERR_EM_INTERPRETER;
1778}
1779
1780#endif /* IN_RC */
1781
1782#ifdef IN_RC
1783/**
1784 * [LOCK] XADD emulation.
1785 */
1786static int emInterpretXAdd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1787{
1788 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1789 OP_PARAMVAL param1;
1790 uint32_t *pParamReg2;
1791 size_t cbSizeParamReg2;
1792
1793 /* Source to make DISQueryParamVal read the register value - ugly hack */
1794 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1795 if(RT_FAILURE(rc))
1796 return VERR_EM_INTERPRETER;
1797
1798 rc = DISQueryParamRegPtr(pRegFrame, pDis, &pDis->param2, (void **)&pParamReg2, &cbSizeParamReg2);
1799 Assert(cbSizeParamReg2 <= 4);
1800 if(RT_FAILURE(rc))
1801 return VERR_EM_INTERPRETER;
1802
1803 if (TRPMHasTrap(pVCpu))
1804 {
1805 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1806 {
1807 RTRCPTR pParam1;
1808 uint32_t eflags;
1809
1810 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
1811 switch(param1.type)
1812 {
1813 case PARMTYPE_ADDRESS:
1814 pParam1 = (RTRCPTR)(uintptr_t)emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, (RTRCUINTPTR)param1.val.val64);
1815 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1816 break;
1817
1818 default:
1819 return VERR_EM_INTERPRETER;
1820 }
1821
1822 LogFlow(("XAdd %RRv=%08x reg=%08x\n", pParam1, *pParamReg2));
1823
1824 MMGCRamRegisterTrapHandler(pVM);
1825 if (pDis->prefix & PREFIX_LOCK)
1826 rc = EMGCEmulateLockXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1827 else
1828 rc = EMGCEmulateXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1829 MMGCRamDeregisterTrapHandler(pVM);
1830
1831 if (RT_FAILURE(rc))
1832 {
1833 Log(("XAdd %RGv reg=%08x -> emulation failed due to page fault!\n", pParam1, *pParamReg2));
1834 return VERR_EM_INTERPRETER;
1835 }
1836
1837 LogFlow(("XAdd %RGv reg=%08x ZF=%d\n", pParam1, *pParamReg2, !!(eflags & X86_EFL_ZF)));
1838
1839 /* Update guest's eflags and finish. */
1840 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1841 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1842
1843 *pcbSize = cbSizeParamReg2;
1844 return VINF_SUCCESS;
1845 }
1846 }
1847 return VERR_EM_INTERPRETER;
1848}
1849#endif /* IN_RC */
1850
1851
1852#ifdef IN_RC
1853/**
1854 * Interpret IRET (currently only to V86 code)
1855 *
1856 * @returns VBox status code.
1857 * @param pVM The VM handle.
1858 * @param pVCpu The VMCPU handle.
1859 * @param pRegFrame The register frame.
1860 *
1861 */
1862VMMDECL(int) EMInterpretIret(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
1863{
1864 RTGCUINTPTR pIretStack = (RTGCUINTPTR)pRegFrame->esp;
1865 RTGCUINTPTR eip, cs, esp, ss, eflags, ds, es, fs, gs, uMask;
1866 int rc;
1867
1868 Assert(!CPUMIsGuestIn64BitCode(pVCpu, pRegFrame));
1869
1870 rc = emRamRead(pVM, pVCpu, pRegFrame, &eip, (RTGCPTR)pIretStack , 4);
1871 rc |= emRamRead(pVM, pVCpu, pRegFrame, &cs, (RTGCPTR)(pIretStack + 4), 4);
1872 rc |= emRamRead(pVM, pVCpu, pRegFrame, &eflags, (RTGCPTR)(pIretStack + 8), 4);
1873 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1874 AssertReturn(eflags & X86_EFL_VM, VERR_EM_INTERPRETER);
1875
1876 rc |= emRamRead(pVM, pVCpu, pRegFrame, &esp, (RTGCPTR)(pIretStack + 12), 4);
1877 rc |= emRamRead(pVM, pVCpu, pRegFrame, &ss, (RTGCPTR)(pIretStack + 16), 4);
1878 rc |= emRamRead(pVM, pVCpu, pRegFrame, &es, (RTGCPTR)(pIretStack + 20), 4);
1879 rc |= emRamRead(pVM, pVCpu, pRegFrame, &ds, (RTGCPTR)(pIretStack + 24), 4);
1880 rc |= emRamRead(pVM, pVCpu, pRegFrame, &fs, (RTGCPTR)(pIretStack + 28), 4);
1881 rc |= emRamRead(pVM, pVCpu, pRegFrame, &gs, (RTGCPTR)(pIretStack + 32), 4);
1882 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1883
1884 pRegFrame->eip = eip & 0xffff;
1885 pRegFrame->cs = cs;
1886
1887 /* Mask away all reserved bits */
1888 uMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_ID;
1889 eflags &= uMask;
1890
1891#ifndef IN_RING0
1892 CPUMRawSetEFlags(pVCpu, pRegFrame, eflags);
1893#endif
1894 Assert((pRegFrame->eflags.u32 & (X86_EFL_IF|X86_EFL_IOPL)) == X86_EFL_IF);
1895
1896 pRegFrame->esp = esp;
1897 pRegFrame->ss = ss;
1898 pRegFrame->ds = ds;
1899 pRegFrame->es = es;
1900 pRegFrame->fs = fs;
1901 pRegFrame->gs = gs;
1902
1903 return VINF_SUCCESS;
1904}
1905#endif /* IN_RC */
1906
1907
1908/**
1909 * IRET Emulation.
1910 */
1911static int emInterpretIret(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1912{
1913 /* only allow direct calls to EMInterpretIret for now */
1914 return VERR_EM_INTERPRETER;
1915}
1916
1917/**
1918 * WBINVD Emulation.
1919 */
1920static int emInterpretWbInvd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1921{
1922 /* Nothing to do. */
1923 return VINF_SUCCESS;
1924}
1925
1926
1927/**
1928 * Interpret INVLPG
1929 *
1930 * @returns VBox status code.
1931 * @param pVM The VM handle.
1932 * @param pVCpu The VMCPU handle.
1933 * @param pRegFrame The register frame.
1934 * @param pAddrGC Operand address
1935 *
1936 */
1937VMMDECL(int) EMInterpretInvlpg(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pAddrGC)
1938{
1939 int rc;
1940
1941 /** @todo is addr always a flat linear address or ds based
1942 * (in absence of segment override prefixes)????
1943 */
1944#ifdef IN_RC
1945 LogFlow(("RC: EMULATE: invlpg %RGv\n", pAddrGC));
1946#endif
1947 rc = PGMInvalidatePage(pVCpu, pAddrGC);
1948 if ( rc == VINF_SUCCESS
1949 || rc == VINF_PGM_SYNC_CR3 /* we can rely on the FF */)
1950 return VINF_SUCCESS;
1951 AssertMsgReturn(rc == VINF_EM_RAW_EMULATE_INSTR,
1952 ("%Rrc addr=%RGv\n", rc, pAddrGC),
1953 VERR_EM_INTERPRETER);
1954 return rc;
1955}
1956
1957
1958/**
1959 * INVLPG Emulation.
1960 */
1961static int emInterpretInvlPg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1962{
1963 OP_PARAMVAL param1;
1964 RTGCPTR addr;
1965
1966 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1967 if(RT_FAILURE(rc))
1968 return VERR_EM_INTERPRETER;
1969
1970 switch(param1.type)
1971 {
1972 case PARMTYPE_IMMEDIATE:
1973 case PARMTYPE_ADDRESS:
1974 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1975 return VERR_EM_INTERPRETER;
1976 addr = (RTGCPTR)param1.val.val64;
1977 break;
1978
1979 default:
1980 return VERR_EM_INTERPRETER;
1981 }
1982
1983 /** @todo is addr always a flat linear address or ds based
1984 * (in absence of segment override prefixes)????
1985 */
1986#ifdef IN_RC
1987 LogFlow(("RC: EMULATE: invlpg %RGv\n", addr));
1988#endif
1989 rc = PGMInvalidatePage(pVCpu, addr);
1990 if ( rc == VINF_SUCCESS
1991 || rc == VINF_PGM_SYNC_CR3 /* we can rely on the FF */)
1992 return VINF_SUCCESS;
1993 AssertMsgReturn(rc == VINF_EM_RAW_EMULATE_INSTR,
1994 ("%Rrc addr=%RGv\n", rc, addr),
1995 VERR_EM_INTERPRETER);
1996 return rc;
1997}
1998
1999
2000/**
2001 * Interpret CPUID given the parameters in the CPU context
2002 *
2003 * @returns VBox status code.
2004 * @param pVM The VM handle.
2005 * @param pVCpu The VMCPU handle.
2006 * @param pRegFrame The register frame.
2007 *
2008 */
2009VMMDECL(int) EMInterpretCpuId(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2010{
2011 uint32_t iLeaf = pRegFrame->eax;
2012
2013 /* cpuid clears the high dwords of the affected 64 bits registers. */
2014 pRegFrame->rax = 0;
2015 pRegFrame->rbx = 0;
2016 pRegFrame->rcx &= UINT64_C(0x00000000ffffffff);
2017 pRegFrame->rdx = 0;
2018
2019 /* Note: operates the same in 64 and non-64 bits mode. */
2020 CPUMGetGuestCpuId(pVCpu, iLeaf, &pRegFrame->eax, &pRegFrame->ebx, &pRegFrame->ecx, &pRegFrame->edx);
2021 Log(("Emulate: CPUID %x -> %08x %08x %08x %08x\n", iLeaf, pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx));
2022 return VINF_SUCCESS;
2023}
2024
2025
2026/**
2027 * CPUID Emulation.
2028 */
2029static int emInterpretCpuId(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2030{
2031 int rc = EMInterpretCpuId(pVM, pVCpu, pRegFrame);
2032 return rc;
2033}
2034
2035
2036/**
2037 * Interpret CRx read
2038 *
2039 * @returns VBox status code.
2040 * @param pVM The VM handle.
2041 * @param pVCpu The VMCPU handle.
2042 * @param pRegFrame The register frame.
2043 * @param DestRegGen General purpose register index (USE_REG_E**))
2044 * @param SrcRegCRx CRx register index (USE_REG_CR*)
2045 *
2046 */
2047VMMDECL(int) EMInterpretCRxRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegCrx)
2048{
2049 int rc;
2050 uint64_t val64;
2051
2052 if (SrcRegCrx == USE_REG_CR8)
2053 {
2054 val64 = 0;
2055 rc = PDMApicGetTPR(pVCpu, (uint8_t *)&val64, NULL);
2056 AssertMsgRCReturn(rc, ("PDMApicGetTPR failed\n"), VERR_EM_INTERPRETER);
2057 val64 >>= 4; /* bits 7-4 contain the task priority that go in cr8, bits 3-0*/
2058 }
2059 else
2060 {
2061 rc = CPUMGetGuestCRx(pVCpu, SrcRegCrx, &val64);
2062 AssertMsgRCReturn(rc, ("CPUMGetGuestCRx %d failed\n", SrcRegCrx), VERR_EM_INTERPRETER);
2063 }
2064
2065 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2066 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2067 else
2068 rc = DISWriteReg32(pRegFrame, DestRegGen, val64);
2069
2070 if(RT_SUCCESS(rc))
2071 {
2072 LogFlow(("MOV_CR: gen32=%d CR=%d val=%RX64\n", DestRegGen, SrcRegCrx, val64));
2073 return VINF_SUCCESS;
2074 }
2075 return VERR_EM_INTERPRETER;
2076}
2077
2078
2079
2080/**
2081 * Interpret CLTS
2082 *
2083 * @returns VBox status code.
2084 * @param pVM The VM handle.
2085 * @param pVCpu The VMCPU handle.
2086 *
2087 */
2088VMMDECL(int) EMInterpretCLTS(PVM pVM, PVMCPU pVCpu)
2089{
2090 uint64_t cr0 = CPUMGetGuestCR0(pVCpu);
2091 if (!(cr0 & X86_CR0_TS))
2092 return VINF_SUCCESS;
2093 return CPUMSetGuestCR0(pVCpu, cr0 & ~X86_CR0_TS);
2094}
2095
2096/**
2097 * CLTS Emulation.
2098 */
2099static int emInterpretClts(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2100{
2101 return EMInterpretCLTS(pVM, pVCpu);
2102}
2103
2104
2105/**
2106 * Update CRx
2107 *
2108 * @returns VBox status code.
2109 * @param pVM The VM handle.
2110 * @param pVCpu The VMCPU handle.
2111 * @param pRegFrame The register frame.
2112 * @param DestRegCRx CRx register index (USE_REG_CR*)
2113 * @param val New CRx value
2114 *
2115 */
2116static int emUpdateCRx(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint64_t val)
2117{
2118 uint64_t oldval;
2119 uint64_t msrEFER;
2120 int rc, rc2;
2121
2122 /** @todo Clean up this mess. */
2123 LogFlow(("EMInterpretCRxWrite at %RGv CR%d <- %RX64\n", (RTGCPTR)pRegFrame->rip, DestRegCrx, val));
2124 switch (DestRegCrx)
2125 {
2126 case USE_REG_CR0:
2127 oldval = CPUMGetGuestCR0(pVCpu);
2128#ifdef IN_RC
2129 /* CR0.WP and CR0.AM changes require a reschedule run in ring 3. */
2130 if ( (val & (X86_CR0_WP | X86_CR0_AM))
2131 != (oldval & (X86_CR0_WP | X86_CR0_AM)))
2132 return VERR_EM_INTERPRETER;
2133#endif
2134 rc = VINF_SUCCESS;
2135 CPUMSetGuestCR0(pVCpu, val);
2136 val = CPUMGetGuestCR0(pVCpu);
2137 if ( (oldval & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE))
2138 != (val & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE)))
2139 {
2140 /* global flush */
2141 rc = PGMFlushTLB(pVCpu, CPUMGetGuestCR3(pVCpu), true /* global */);
2142 AssertRCReturn(rc, rc);
2143 }
2144
2145 /* Deal with long mode enabling/disabling. */
2146 msrEFER = CPUMGetGuestEFER(pVCpu);
2147 if (msrEFER & MSR_K6_EFER_LME)
2148 {
2149 if ( !(oldval & X86_CR0_PG)
2150 && (val & X86_CR0_PG))
2151 {
2152 /* Illegal to have an active 64 bits CS selector (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2153 if (pRegFrame->csHid.Attr.n.u1Long)
2154 {
2155 AssertMsgFailed(("Illegal enabling of paging with CS.u1Long = 1!!\n"));
2156 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2157 }
2158
2159 /* Illegal to switch to long mode before activating PAE first (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2160 if (!(CPUMGetGuestCR4(pVCpu) & X86_CR4_PAE))
2161 {
2162 AssertMsgFailed(("Illegal enabling of paging with PAE disabled!!\n"));
2163 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2164 }
2165 msrEFER |= MSR_K6_EFER_LMA;
2166 }
2167 else
2168 if ( (oldval & X86_CR0_PG)
2169 && !(val & X86_CR0_PG))
2170 {
2171 msrEFER &= ~MSR_K6_EFER_LMA;
2172 /* @todo Do we need to cut off rip here? High dword of rip is undefined, so it shouldn't really matter. */
2173 }
2174 CPUMSetGuestEFER(pVCpu, msrEFER);
2175 }
2176 rc2 = PGMChangeMode(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR4(pVCpu), CPUMGetGuestEFER(pVCpu));
2177 return rc2 == VINF_SUCCESS ? rc : rc2;
2178
2179 case USE_REG_CR2:
2180 rc = CPUMSetGuestCR2(pVCpu, val); AssertRC(rc);
2181 return VINF_SUCCESS;
2182
2183 case USE_REG_CR3:
2184 /* Reloading the current CR3 means the guest just wants to flush the TLBs */
2185 rc = CPUMSetGuestCR3(pVCpu, val); AssertRC(rc);
2186 if (CPUMGetGuestCR0(pVCpu) & X86_CR0_PG)
2187 {
2188 /* flush */
2189 rc = PGMFlushTLB(pVCpu, val, !(CPUMGetGuestCR4(pVCpu) & X86_CR4_PGE));
2190 AssertRC(rc);
2191 }
2192 return rc;
2193
2194 case USE_REG_CR4:
2195 oldval = CPUMGetGuestCR4(pVCpu);
2196 rc = CPUMSetGuestCR4(pVCpu, val); AssertRC(rc);
2197 val = CPUMGetGuestCR4(pVCpu);
2198
2199 /* Illegal to disable PAE when long mode is active. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2200 msrEFER = CPUMGetGuestEFER(pVCpu);
2201 if ( (msrEFER & MSR_K6_EFER_LMA)
2202 && (oldval & X86_CR4_PAE)
2203 && !(val & X86_CR4_PAE))
2204 {
2205 return VERR_EM_INTERPRETER; /** @todo generate #GP(0) */
2206 }
2207
2208 rc = VINF_SUCCESS;
2209 if ( (oldval & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE))
2210 != (val & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE)))
2211 {
2212 /* global flush */
2213 rc = PGMFlushTLB(pVCpu, CPUMGetGuestCR3(pVCpu), true /* global */);
2214 AssertRCReturn(rc, rc);
2215 }
2216
2217 /* Feeling extremely lazy. */
2218# ifdef IN_RC
2219 if ( (oldval & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME))
2220 != (val & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME)))
2221 {
2222 Log(("emInterpretMovCRx: CR4: %#RX64->%#RX64 => R3\n", oldval, val));
2223 VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
2224 }
2225# endif
2226 if ((val ^ oldval) & X86_CR4_VME)
2227 VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
2228
2229 rc2 = PGMChangeMode(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR4(pVCpu), CPUMGetGuestEFER(pVCpu));
2230 return rc2 == VINF_SUCCESS ? rc : rc2;
2231
2232 case USE_REG_CR8:
2233 return PDMApicSetTPR(pVCpu, val << 4); /* cr8 bits 3-0 correspond to bits 7-4 of the task priority mmio register. */
2234
2235 default:
2236 AssertFailed();
2237 case USE_REG_CR1: /* illegal op */
2238 break;
2239 }
2240 return VERR_EM_INTERPRETER;
2241}
2242
2243/**
2244 * Interpret CRx write
2245 *
2246 * @returns VBox status code.
2247 * @param pVM The VM handle.
2248 * @param pVCpu The VMCPU handle.
2249 * @param pRegFrame The register frame.
2250 * @param DestRegCRx CRx register index (USE_REG_CR*)
2251 * @param SrcRegGen General purpose register index (USE_REG_E**))
2252 *
2253 */
2254VMMDECL(int) EMInterpretCRxWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint32_t SrcRegGen)
2255{
2256 uint64_t val;
2257 int rc;
2258
2259 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2260 {
2261 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2262 }
2263 else
2264 {
2265 uint32_t val32;
2266 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2267 val = val32;
2268 }
2269
2270 if (RT_SUCCESS(rc))
2271 return emUpdateCRx(pVM, pVCpu, pRegFrame, DestRegCrx, val);
2272
2273 return VERR_EM_INTERPRETER;
2274}
2275
2276/**
2277 * Interpret LMSW
2278 *
2279 * @returns VBox status code.
2280 * @param pVM The VM handle.
2281 * @param pVCpu The VMCPU handle.
2282 * @param pRegFrame The register frame.
2283 * @param u16Data LMSW source data.
2284 *
2285 */
2286VMMDECL(int) EMInterpretLMSW(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint16_t u16Data)
2287{
2288 uint64_t OldCr0 = CPUMGetGuestCR0(pVCpu);
2289
2290 /* Only PE, MP, EM and TS can be changed; note that PE can't be cleared by this instruction. */
2291 uint64_t NewCr0 = ( OldCr0 & ~( X86_CR0_MP | X86_CR0_EM | X86_CR0_TS))
2292 | (u16Data & (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS));
2293
2294 return emUpdateCRx(pVM, pVCpu, pRegFrame, USE_REG_CR0, NewCr0);
2295}
2296
2297/**
2298 * LMSW Emulation.
2299 */
2300static int emInterpretLmsw(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2301{
2302 OP_PARAMVAL param1;
2303 uint32_t val;
2304
2305 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2306 if(RT_FAILURE(rc))
2307 return VERR_EM_INTERPRETER;
2308
2309 switch(param1.type)
2310 {
2311 case PARMTYPE_IMMEDIATE:
2312 case PARMTYPE_ADDRESS:
2313 if(!(param1.flags & PARAM_VAL16))
2314 return VERR_EM_INTERPRETER;
2315 val = param1.val.val32;
2316 break;
2317
2318 default:
2319 return VERR_EM_INTERPRETER;
2320 }
2321
2322 LogFlow(("emInterpretLmsw %x\n", val));
2323 return EMInterpretLMSW(pVM, pVCpu, pRegFrame, val);
2324}
2325
2326#ifdef EM_EMULATE_SMSW
2327/**
2328 * SMSW Emulation.
2329 */
2330static int emInterpretSmsw(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2331{
2332 OP_PARAMVAL param1;
2333 uint64_t cr0 = CPUMGetGuestCR0(pVCpu);
2334
2335 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2336 if(RT_FAILURE(rc))
2337 return VERR_EM_INTERPRETER;
2338
2339 switch(param1.type)
2340 {
2341 case PARMTYPE_IMMEDIATE:
2342 if(param1.size != sizeof(uint16_t))
2343 return VERR_EM_INTERPRETER;
2344 LogFlow(("emInterpretSmsw %d <- cr0 (%x)\n", pDis->param1.base.reg_gen, cr0));
2345 rc = DISWriteReg16(pRegFrame, pDis->param1.base.reg_gen, cr0);
2346 break;
2347
2348 case PARMTYPE_ADDRESS:
2349 {
2350 RTGCPTR pParam1;
2351
2352 /* Actually forced to 16 bits regardless of the operand size. */
2353 if(param1.size != sizeof(uint16_t))
2354 return VERR_EM_INTERPRETER;
2355
2356 pParam1 = (RTGCPTR)param1.val.val64;
2357 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
2358 LogFlow(("emInterpretSmsw %RGv <- cr0 (%x)\n", pParam1, cr0));
2359
2360 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &cr0, sizeof(uint16_t));
2361 if (RT_FAILURE(rc))
2362 {
2363 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
2364 return VERR_EM_INTERPRETER;
2365 }
2366 break;
2367 }
2368
2369 default:
2370 return VERR_EM_INTERPRETER;
2371 }
2372
2373 LogFlow(("emInterpretSmsw %x\n", cr0));
2374 return rc;
2375}
2376#endif
2377
2378/**
2379 * MOV CRx
2380 */
2381static int emInterpretMovCRx(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2382{
2383 if ((pDis->param1.flags == USE_REG_GEN32 || pDis->param1.flags == USE_REG_GEN64) && pDis->param2.flags == USE_REG_CR)
2384 return EMInterpretCRxRead(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_gen, pDis->param2.base.reg_ctrl);
2385
2386 if (pDis->param1.flags == USE_REG_CR && (pDis->param2.flags == USE_REG_GEN32 || pDis->param2.flags == USE_REG_GEN64))
2387 return EMInterpretCRxWrite(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_ctrl, pDis->param2.base.reg_gen);
2388
2389 AssertMsgFailedReturn(("Unexpected control register move\n"), VERR_EM_INTERPRETER);
2390 return VERR_EM_INTERPRETER;
2391}
2392
2393
2394/**
2395 * Interpret DRx write
2396 *
2397 * @returns VBox status code.
2398 * @param pVM The VM handle.
2399 * @param pVCpu The VMCPU handle.
2400 * @param pRegFrame The register frame.
2401 * @param DestRegDRx DRx register index (USE_REG_DR*)
2402 * @param SrcRegGen General purpose register index (USE_REG_E**))
2403 *
2404 */
2405VMMDECL(int) EMInterpretDRxWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegDrx, uint32_t SrcRegGen)
2406{
2407 uint64_t val;
2408 int rc;
2409
2410 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2411 {
2412 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2413 }
2414 else
2415 {
2416 uint32_t val32;
2417 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2418 val = val32;
2419 }
2420
2421 if (RT_SUCCESS(rc))
2422 {
2423 /** @todo we don't fail if illegal bits are set/cleared for e.g. dr7 */
2424 rc = CPUMSetGuestDRx(pVCpu, DestRegDrx, val);
2425 if (RT_SUCCESS(rc))
2426 return rc;
2427 AssertMsgFailed(("CPUMSetGuestDRx %d failed\n", DestRegDrx));
2428 }
2429 return VERR_EM_INTERPRETER;
2430}
2431
2432
2433/**
2434 * Interpret DRx read
2435 *
2436 * @returns VBox status code.
2437 * @param pVM The VM handle.
2438 * @param pVCpu The VMCPU handle.
2439 * @param pRegFrame The register frame.
2440 * @param DestRegGen General purpose register index (USE_REG_E**))
2441 * @param SrcRegDRx DRx register index (USE_REG_DR*)
2442 *
2443 */
2444VMMDECL(int) EMInterpretDRxRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegDrx)
2445{
2446 uint64_t val64;
2447
2448 int rc = CPUMGetGuestDRx(pVCpu, SrcRegDrx, &val64);
2449 AssertMsgRCReturn(rc, ("CPUMGetGuestDRx %d failed\n", SrcRegDrx), VERR_EM_INTERPRETER);
2450 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2451 {
2452 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2453 }
2454 else
2455 rc = DISWriteReg32(pRegFrame, DestRegGen, (uint32_t)val64);
2456
2457 if (RT_SUCCESS(rc))
2458 return VINF_SUCCESS;
2459
2460 return VERR_EM_INTERPRETER;
2461}
2462
2463
2464/**
2465 * MOV DRx
2466 */
2467static int emInterpretMovDRx(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2468{
2469 int rc = VERR_EM_INTERPRETER;
2470
2471 if((pDis->param1.flags == USE_REG_GEN32 || pDis->param1.flags == USE_REG_GEN64) && pDis->param2.flags == USE_REG_DBG)
2472 {
2473 rc = EMInterpretDRxRead(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_gen, pDis->param2.base.reg_dbg);
2474 }
2475 else
2476 if(pDis->param1.flags == USE_REG_DBG && (pDis->param2.flags == USE_REG_GEN32 || pDis->param2.flags == USE_REG_GEN64))
2477 {
2478 rc = EMInterpretDRxWrite(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_dbg, pDis->param2.base.reg_gen);
2479 }
2480 else
2481 AssertMsgFailed(("Unexpected debug register move\n"));
2482
2483 return rc;
2484}
2485
2486
2487/**
2488 * LLDT Emulation.
2489 */
2490static int emInterpretLLdt(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2491{
2492 OP_PARAMVAL param1;
2493 RTSEL sel;
2494
2495 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2496 if(RT_FAILURE(rc))
2497 return VERR_EM_INTERPRETER;
2498
2499 switch(param1.type)
2500 {
2501 case PARMTYPE_ADDRESS:
2502 return VERR_EM_INTERPRETER; //feeling lazy right now
2503
2504 case PARMTYPE_IMMEDIATE:
2505 if(!(param1.flags & PARAM_VAL16))
2506 return VERR_EM_INTERPRETER;
2507 sel = (RTSEL)param1.val.val16;
2508 break;
2509
2510 default:
2511 return VERR_EM_INTERPRETER;
2512 }
2513
2514#ifdef IN_RING0
2515 /* Only for the VT-x real-mode emulation case. */
2516 AssertReturn(CPUMIsGuestInRealMode(pVCpu), VERR_EM_INTERPRETER);
2517 CPUMSetGuestLDTR(pVCpu, sel);
2518 return VINF_SUCCESS;
2519#else
2520 if (sel == 0)
2521 {
2522 if (CPUMGetHyperLDTR(pVCpu) == 0)
2523 {
2524 // this simple case is most frequent in Windows 2000 (31k - boot & shutdown)
2525 return VINF_SUCCESS;
2526 }
2527 }
2528 //still feeling lazy
2529 return VERR_EM_INTERPRETER;
2530#endif
2531}
2532
2533#ifdef IN_RING0
2534/**
2535 * LIDT/LGDT Emulation.
2536 */
2537static int emInterpretLIGdt(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2538{
2539 OP_PARAMVAL param1;
2540 RTGCPTR pParam1;
2541 X86XDTR32 dtr32;
2542
2543 Log(("Emulate %s at %RGv\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip));
2544
2545 /* Only for the VT-x real-mode emulation case. */
2546 AssertReturn(CPUMIsGuestInRealMode(pVCpu), VERR_EM_INTERPRETER);
2547
2548 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2549 if(RT_FAILURE(rc))
2550 return VERR_EM_INTERPRETER;
2551
2552 switch(param1.type)
2553 {
2554 case PARMTYPE_ADDRESS:
2555 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, param1.val.val16);
2556 break;
2557
2558 default:
2559 return VERR_EM_INTERPRETER;
2560 }
2561
2562 rc = emRamRead(pVM, pVCpu, pRegFrame, &dtr32, pParam1, sizeof(dtr32));
2563 AssertRCReturn(rc, VERR_EM_INTERPRETER);
2564
2565 if (!(pDis->prefix & PREFIX_OPSIZE))
2566 dtr32.uAddr &= 0xffffff; /* 16 bits operand size */
2567
2568 if (pDis->pCurInstr->opcode == OP_LIDT)
2569 CPUMSetGuestIDTR(pVCpu, dtr32.uAddr, dtr32.cb);
2570 else
2571 CPUMSetGuestGDTR(pVCpu, dtr32.uAddr, dtr32.cb);
2572
2573 return VINF_SUCCESS;
2574}
2575#endif
2576
2577
2578#ifdef IN_RC
2579/**
2580 * STI Emulation.
2581 *
2582 * @remark the instruction following sti is guaranteed to be executed before any interrupts are dispatched
2583 */
2584static int emInterpretSti(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2585{
2586 PPATMGCSTATE pGCState = PATMQueryGCState(pVM);
2587
2588 if(!pGCState)
2589 {
2590 Assert(pGCState);
2591 return VERR_EM_INTERPRETER;
2592 }
2593 pGCState->uVMFlags |= X86_EFL_IF;
2594
2595 Assert(pRegFrame->eflags.u32 & X86_EFL_IF);
2596 Assert(pvFault == SELMToFlat(pVM, DIS_SELREG_CS, pRegFrame, (RTGCPTR)pRegFrame->rip));
2597
2598 pVCpu->em.s.GCPtrInhibitInterrupts = pRegFrame->eip + pDis->opsize;
2599 VMCPU_FF_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
2600
2601 return VINF_SUCCESS;
2602}
2603#endif /* IN_RC */
2604
2605
2606/**
2607 * HLT Emulation.
2608 */
2609static int emInterpretHlt(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2610{
2611 return VINF_EM_HALT;
2612}
2613
2614
2615/**
2616 * Interpret RDTSC
2617 *
2618 * @returns VBox status code.
2619 * @param pVM The VM handle.
2620 * @param pVCpu The VMCPU handle.
2621 * @param pRegFrame The register frame.
2622 *
2623 */
2624VMMDECL(int) EMInterpretRdtsc(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2625{
2626 unsigned uCR4 = CPUMGetGuestCR4(pVCpu);
2627
2628 if (uCR4 & X86_CR4_TSD)
2629 return VERR_EM_INTERPRETER; /* genuine #GP */
2630
2631 uint64_t uTicks = TMCpuTickGet(pVCpu);
2632
2633 /* Same behaviour in 32 & 64 bits mode */
2634 pRegFrame->rax = (uint32_t)uTicks;
2635 pRegFrame->rdx = (uTicks >> 32ULL);
2636
2637 return VINF_SUCCESS;
2638}
2639
2640/**
2641 * Interpret RDTSCP
2642 *
2643 * @returns VBox status code.
2644 * @param pVM The VM handle.
2645 * @param pVCpu The VMCPU handle.
2646 * @param pCtx The CPU context.
2647 *
2648 */
2649VMMDECL(int) EMInterpretRdtscp(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
2650{
2651 unsigned uCR4 = CPUMGetGuestCR4(pVCpu);
2652
2653 if (!CPUMGetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_RDTSCP))
2654 {
2655 AssertFailed();
2656 return VERR_EM_INTERPRETER; /* genuine #UD */
2657 }
2658
2659 if (uCR4 & X86_CR4_TSD)
2660 return VERR_EM_INTERPRETER; /* genuine #GP */
2661
2662 uint64_t uTicks = TMCpuTickGet(pVCpu);
2663
2664 /* Same behaviour in 32 & 64 bits mode */
2665 pCtx->rax = (uint32_t)uTicks;
2666 pCtx->rdx = (uTicks >> 32ULL);
2667 /* Low dword of the TSC_AUX msr only. */
2668 pCtx->rcx = (uint32_t)CPUMGetGuestMsr(pVCpu, MSR_K8_TSC_AUX);
2669
2670 return VINF_SUCCESS;
2671}
2672
2673/**
2674 * RDTSC Emulation.
2675 */
2676static int emInterpretRdtsc(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2677{
2678 return EMInterpretRdtsc(pVM, pVCpu, pRegFrame);
2679}
2680
2681/**
2682 * Interpret RDPMC
2683 *
2684 * @returns VBox status code.
2685 * @param pVM The VM handle.
2686 * @param pVCpu The VMCPU handle.
2687 * @param pRegFrame The register frame.
2688 *
2689 */
2690VMMDECL(int) EMInterpretRdpmc(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2691{
2692 unsigned uCR4 = CPUMGetGuestCR4(pVCpu);
2693
2694 /* If X86_CR4_PCE is not set, then CPL must be zero. */
2695 if ( !(uCR4 & X86_CR4_PCE)
2696 && CPUMGetGuestCPL(pVCpu, pRegFrame) != 0)
2697 {
2698 Assert(CPUMGetGuestCR0(pVCpu) & X86_CR0_PE);
2699 return VERR_EM_INTERPRETER; /* genuine #GP */
2700 }
2701
2702 /* Just return zero here; rather tricky to properly emulate this, especially as the specs are a mess. */
2703 pRegFrame->rax = 0;
2704 pRegFrame->rdx = 0;
2705 /* @todo We should trigger a #GP here if the cpu doesn't support the index in ecx. */
2706 return VINF_SUCCESS;
2707}
2708
2709/**
2710 * RDPMC Emulation
2711 */
2712static int emInterpretRdpmc(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2713{
2714 return EMInterpretRdpmc(pVM, pVCpu, pRegFrame);
2715}
2716
2717/**
2718 * MONITOR Emulation.
2719 */
2720VMMDECL(int) EMInterpretMonitor(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2721{
2722 uint32_t u32Dummy, u32ExtFeatures, cpl;
2723
2724 if (pRegFrame->ecx != 0)
2725 {
2726 Log(("emInterpretMonitor: unexpected ecx=%x -> recompiler!!\n", pRegFrame->ecx));
2727 return VERR_EM_INTERPRETER; /* illegal value. */
2728 }
2729
2730 /* Get the current privilege level. */
2731 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
2732 if (cpl != 0)
2733 return VERR_EM_INTERPRETER; /* supervisor only */
2734
2735 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2736 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2737 return VERR_EM_INTERPRETER; /* not supported */
2738
2739 pVCpu->em.s.mwait.uMonitorEAX = pRegFrame->rax;
2740 pVCpu->em.s.mwait.uMonitorECX = pRegFrame->rcx;
2741 pVCpu->em.s.mwait.uMonitorEDX = pRegFrame->rdx;
2742 pVCpu->em.s.mwait.fWait |= EMMWAIT_FLAG_MONITOR_ACTIVE;
2743 return VINF_SUCCESS;
2744}
2745
2746static int emInterpretMonitor(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2747{
2748 return EMInterpretMonitor(pVM, pVCpu, pRegFrame);
2749}
2750
2751
2752/**
2753 * MWAIT Emulation.
2754 */
2755VMMDECL(int) EMInterpretMWait(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2756{
2757 uint32_t u32Dummy, u32ExtFeatures, cpl, u32MWaitFeatures;
2758
2759 /* Get the current privilege level. */
2760 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
2761 if (cpl != 0)
2762 return VERR_EM_INTERPRETER; /* supervisor only */
2763
2764 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2765 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2766 return VERR_EM_INTERPRETER; /* not supported */
2767
2768 /*
2769 * CPUID.05H.ECX[0] defines support for power management extensions (eax)
2770 * CPUID.05H.ECX[1] defines support for interrupts as break events for mwait even when IF=0
2771 */
2772 CPUMGetGuestCpuId(pVCpu, 5, &u32Dummy, &u32Dummy, &u32MWaitFeatures, &u32Dummy);
2773 if (pRegFrame->ecx > 1)
2774 {
2775 Log(("EMInterpretMWait: unexpected ecx value %x -> recompiler\n", pRegFrame->ecx));
2776 return VERR_EM_INTERPRETER; /* illegal value. */
2777 }
2778
2779 if (pRegFrame->ecx)
2780 {
2781 if (!(u32MWaitFeatures & X86_CPUID_MWAIT_ECX_BREAKIRQIF0))
2782 {
2783 Log(("EMInterpretMWait: unsupported X86_CPUID_MWAIT_ECX_BREAKIRQIF0 -> recompiler\n"));
2784 return VERR_EM_INTERPRETER; /* illegal value. */
2785 }
2786
2787 pVCpu->em.s.mwait.fWait = EMMWAIT_FLAG_ACTIVE | EMMWAIT_FLAG_BREAKIRQIF0;
2788 }
2789 else
2790 pVCpu->em.s.mwait.fWait = EMMWAIT_FLAG_ACTIVE;
2791
2792 pVCpu->em.s.mwait.uMWaitEAX = pRegFrame->rax;
2793 pVCpu->em.s.mwait.uMWaitECX = pRegFrame->rcx;
2794
2795 /** @todo not completely correct */
2796 return VINF_EM_HALT;
2797}
2798
2799static int emInterpretMWait(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2800{
2801 return EMInterpretMWait(pVM, pVCpu, pRegFrame);
2802}
2803
2804
2805#ifdef LOG_ENABLED
2806static const char *emMSRtoString(uint32_t uMsr)
2807{
2808 switch (uMsr)
2809 {
2810 case MSR_IA32_APICBASE:
2811 return "MSR_IA32_APICBASE";
2812 case MSR_IA32_CR_PAT:
2813 return "MSR_IA32_CR_PAT";
2814 case MSR_IA32_SYSENTER_CS:
2815 return "MSR_IA32_SYSENTER_CS";
2816 case MSR_IA32_SYSENTER_EIP:
2817 return "MSR_IA32_SYSENTER_EIP";
2818 case MSR_IA32_SYSENTER_ESP:
2819 return "MSR_IA32_SYSENTER_ESP";
2820 case MSR_K6_EFER:
2821 return "MSR_K6_EFER";
2822 case MSR_K8_SF_MASK:
2823 return "MSR_K8_SF_MASK";
2824 case MSR_K6_STAR:
2825 return "MSR_K6_STAR";
2826 case MSR_K8_LSTAR:
2827 return "MSR_K8_LSTAR";
2828 case MSR_K8_CSTAR:
2829 return "MSR_K8_CSTAR";
2830 case MSR_K8_FS_BASE:
2831 return "MSR_K8_FS_BASE";
2832 case MSR_K8_GS_BASE:
2833 return "MSR_K8_GS_BASE";
2834 case MSR_K8_KERNEL_GS_BASE:
2835 return "MSR_K8_KERNEL_GS_BASE";
2836 case MSR_K8_TSC_AUX:
2837 return "MSR_K8_TSC_AUX";
2838 case MSR_IA32_BIOS_SIGN_ID:
2839 return "Unsupported MSR_IA32_BIOS_SIGN_ID";
2840 case MSR_IA32_PLATFORM_ID:
2841 return "Unsupported MSR_IA32_PLATFORM_ID";
2842 case MSR_IA32_BIOS_UPDT_TRIG:
2843 return "Unsupported MSR_IA32_BIOS_UPDT_TRIG";
2844 case MSR_IA32_TSC:
2845 return "MSR_IA32_TSC";
2846 case MSR_IA32_MISC_ENABLE:
2847 return "Unsupported MSR_IA32_MISC_ENABLE";
2848 case MSR_IA32_MTRR_CAP:
2849 return "Unsupported MSR_IA32_MTRR_CAP";
2850 case MSR_IA32_MCP_CAP:
2851 return "Unsupported MSR_IA32_MCP_CAP";
2852 case MSR_IA32_MCP_STATUS:
2853 return "Unsupported MSR_IA32_MCP_STATUS";
2854 case MSR_IA32_MCP_CTRL:
2855 return "Unsupported MSR_IA32_MCP_CTRL";
2856 case MSR_IA32_MTRR_DEF_TYPE:
2857 return "Unsupported MSR_IA32_MTRR_DEF_TYPE";
2858 case MSR_K7_EVNTSEL0:
2859 return "Unsupported MSR_K7_EVNTSEL0";
2860 case MSR_K7_EVNTSEL1:
2861 return "Unsupported MSR_K7_EVNTSEL1";
2862 case MSR_K7_EVNTSEL2:
2863 return "Unsupported MSR_K7_EVNTSEL2";
2864 case MSR_K7_EVNTSEL3:
2865 return "Unsupported MSR_K7_EVNTSEL3";
2866 case MSR_IA32_MC0_CTL:
2867 return "Unsupported MSR_IA32_MC0_CTL";
2868 case MSR_IA32_MC0_STATUS:
2869 return "Unsupported MSR_IA32_MC0_STATUS";
2870 case MSR_IA32_PERFEVTSEL0:
2871 return "Unsupported MSR_IA32_PERFEVTSEL0";
2872 case MSR_IA32_PERFEVTSEL1:
2873 return "Unsupported MSR_IA32_PERFEVTSEL1";
2874 case MSR_IA32_PERF_STATUS:
2875 return "MSR_IA32_PERF_STATUS";
2876 case MSR_IA32_PLATFORM_INFO:
2877 return "MSR_IA32_PLATFORM_INFO";
2878 case MSR_IA32_PERF_CTL:
2879 return "Unsupported MSR_IA32_PERF_CTL";
2880 case MSR_K7_PERFCTR0:
2881 return "Unsupported MSR_K7_PERFCTR0";
2882 case MSR_K7_PERFCTR1:
2883 return "Unsupported MSR_K7_PERFCTR1";
2884 case MSR_K7_PERFCTR2:
2885 return "Unsupported MSR_K7_PERFCTR2";
2886 case MSR_K7_PERFCTR3:
2887 return "Unsupported MSR_K7_PERFCTR3";
2888 case MSR_IA32_PMC0:
2889 return "Unsupported MSR_IA32_PMC0";
2890 case MSR_IA32_PMC1:
2891 return "Unsupported MSR_IA32_PMC1";
2892 case MSR_IA32_PMC2:
2893 return "Unsupported MSR_IA32_PMC2";
2894 case MSR_IA32_PMC3:
2895 return "Unsupported MSR_IA32_PMC3";
2896 }
2897 return "Unknown MSR";
2898}
2899#endif /* LOG_ENABLED */
2900
2901
2902/**
2903 * Interpret RDMSR
2904 *
2905 * @returns VBox status code.
2906 * @param pVM The VM handle.
2907 * @param pVCpu The VMCPU handle.
2908 * @param pRegFrame The register frame.
2909 *
2910 */
2911VMMDECL(int) EMInterpretRdmsr(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2912{
2913 uint32_t u32Dummy, u32Features, cpl;
2914 uint64_t val;
2915 CPUMCTX *pCtx;
2916 int rc = VINF_SUCCESS;
2917
2918 /** @todo According to the Intel manuals, there's a REX version of RDMSR that is slightly different.
2919 * That version clears the high dwords of both RDX & RAX */
2920 pCtx = CPUMQueryGuestCtxPtr(pVCpu);
2921
2922 /* Get the current privilege level. */
2923 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
2924 if (cpl != 0)
2925 return VERR_EM_INTERPRETER; /* supervisor only */
2926
2927 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2928 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2929 return VERR_EM_INTERPRETER; /* not supported */
2930
2931 switch (pRegFrame->ecx)
2932 {
2933 case MSR_IA32_TSC:
2934 val = TMCpuTickGet(pVCpu);
2935 break;
2936
2937 case MSR_IA32_APICBASE:
2938 rc = PDMApicGetBase(pVM, &val);
2939 AssertRC(rc);
2940 break;
2941
2942 case MSR_IA32_CR_PAT:
2943 val = pCtx->msrPAT;
2944 break;
2945
2946 case MSR_IA32_SYSENTER_CS:
2947 val = pCtx->SysEnter.cs;
2948 break;
2949
2950 case MSR_IA32_SYSENTER_EIP:
2951 val = pCtx->SysEnter.eip;
2952 break;
2953
2954 case MSR_IA32_SYSENTER_ESP:
2955 val = pCtx->SysEnter.esp;
2956 break;
2957
2958 case MSR_K6_EFER:
2959 val = pCtx->msrEFER;
2960 break;
2961
2962 case MSR_K8_SF_MASK:
2963 val = pCtx->msrSFMASK;
2964 break;
2965
2966 case MSR_K6_STAR:
2967 val = pCtx->msrSTAR;
2968 break;
2969
2970 case MSR_K8_LSTAR:
2971 val = pCtx->msrLSTAR;
2972 break;
2973
2974 case MSR_K8_CSTAR:
2975 val = pCtx->msrCSTAR;
2976 break;
2977
2978 case MSR_K8_FS_BASE:
2979 val = pCtx->fsHid.u64Base;
2980 break;
2981
2982 case MSR_K8_GS_BASE:
2983 val = pCtx->gsHid.u64Base;
2984 break;
2985
2986 case MSR_K8_KERNEL_GS_BASE:
2987 val = pCtx->msrKERNELGSBASE;
2988 break;
2989
2990 case MSR_K8_TSC_AUX:
2991 val = CPUMGetGuestMsr(pVCpu, MSR_K8_TSC_AUX);
2992 break;
2993
2994 case MSR_IA32_PERF_STATUS:
2995 case MSR_IA32_PLATFORM_INFO:
2996 case MSR_IA32_MISC_ENABLE:
2997 case MSR_IA32_FSB_CLOCK_STS:
2998 case MSR_IA32_THERM_STATUS:
2999 val = CPUMGetGuestMsr(pVCpu, pRegFrame->ecx);
3000 break;
3001
3002#if 0 /*def IN_RING0 */
3003 case MSR_IA32_PLATFORM_ID:
3004 case MSR_IA32_BIOS_SIGN_ID:
3005 if (CPUMGetCPUVendor(pVM) == CPUMCPUVENDOR_INTEL)
3006 {
3007 /* Available since the P6 family. VT-x implies that this feature is present. */
3008 if (pRegFrame->ecx == MSR_IA32_PLATFORM_ID)
3009 val = ASMRdMsr(MSR_IA32_PLATFORM_ID);
3010 else
3011 if (pRegFrame->ecx == MSR_IA32_BIOS_SIGN_ID)
3012 val = ASMRdMsr(MSR_IA32_BIOS_SIGN_ID);
3013 break;
3014 }
3015 /* no break */
3016#endif
3017 default:
3018 /* In X2APIC specification this range is reserved for APIC control. */
3019 if ( pRegFrame->ecx >= MSR_IA32_APIC_START
3020 && pRegFrame->ecx < MSR_IA32_APIC_END)
3021 rc = PDMApicReadMSR(pVM, pVCpu->idCpu, pRegFrame->ecx, &val);
3022 else
3023 /* We should actually trigger a #GP here, but don't as that will cause more trouble. */
3024 val = 0;
3025 break;
3026 }
3027 LogFlow(("EMInterpretRdmsr %s (%x) -> val=%RX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
3028 if (rc == VINF_SUCCESS)
3029 {
3030 pRegFrame->rax = (uint32_t) val;
3031 pRegFrame->rdx = (uint32_t)(val >> 32);
3032 }
3033 return rc;
3034}
3035
3036
3037/**
3038 * RDMSR Emulation.
3039 */
3040static int emInterpretRdmsr(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
3041{
3042 /* Note: the Intel manual claims there's a REX version of RDMSR that's slightly different, so we play safe by completely disassembling the instruction. */
3043 Assert(!(pDis->prefix & PREFIX_REX));
3044 return EMInterpretRdmsr(pVM, pVCpu, pRegFrame);
3045}
3046
3047
3048/**
3049 * Interpret WRMSR
3050 *
3051 * @returns VBox status code.
3052 * @param pVM The VM handle.
3053 * @param pVCpu The VMCPU handle.
3054 * @param pRegFrame The register frame.
3055 */
3056VMMDECL(int) EMInterpretWrmsr(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
3057{
3058 uint32_t u32Dummy, u32Features, cpl;
3059 uint64_t val;
3060 CPUMCTX *pCtx;
3061
3062 /* Note: works the same in 32 and 64 bits modes. */
3063 pCtx = CPUMQueryGuestCtxPtr(pVCpu);
3064
3065 /* Get the current privilege level. */
3066 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
3067 if (cpl != 0)
3068 return VERR_EM_INTERPRETER; /* supervisor only */
3069
3070 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
3071 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
3072 return VERR_EM_INTERPRETER; /* not supported */
3073
3074 val = RT_MAKE_U64(pRegFrame->eax, pRegFrame->edx);
3075 LogFlow(("EMInterpretWrmsr %s (%x) val=%RX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
3076 switch (pRegFrame->ecx)
3077 {
3078 case MSR_IA32_TSC:
3079 TMCpuTickSet(pVM, pVCpu, val);
3080 break;
3081
3082 case MSR_IA32_APICBASE:
3083 {
3084 int rc = PDMApicSetBase(pVM, val);
3085 AssertRC(rc);
3086 break;
3087 }
3088
3089 case MSR_IA32_CR_PAT:
3090 pCtx->msrPAT = val;
3091 break;
3092
3093 case MSR_IA32_SYSENTER_CS:
3094 pCtx->SysEnter.cs = val & 0xffff; /* 16 bits selector */
3095 break;
3096
3097 case MSR_IA32_SYSENTER_EIP:
3098 pCtx->SysEnter.eip = val;
3099 break;
3100
3101 case MSR_IA32_SYSENTER_ESP:
3102 pCtx->SysEnter.esp = val;
3103 break;
3104
3105 case MSR_K6_EFER:
3106 {
3107 uint64_t uMask = 0;
3108 uint64_t oldval = pCtx->msrEFER;
3109
3110 /* Filter out those bits the guest is allowed to change. (e.g. LMA is read-only) */
3111 CPUMGetGuestCpuId(pVCpu, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
3112 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_NX)
3113 uMask |= MSR_K6_EFER_NXE;
3114 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_LONG_MODE)
3115 uMask |= MSR_K6_EFER_LME;
3116 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_SEP)
3117 uMask |= MSR_K6_EFER_SCE;
3118 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_FFXSR)
3119 uMask |= MSR_K6_EFER_FFXSR;
3120
3121 /* Check for illegal MSR_K6_EFER_LME transitions: not allowed to change LME if paging is enabled. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
3122 if ( ((pCtx->msrEFER & MSR_K6_EFER_LME) != (val & uMask & MSR_K6_EFER_LME))
3123 && (pCtx->cr0 & X86_CR0_PG))
3124 {
3125 AssertMsgFailed(("Illegal MSR_K6_EFER_LME change: paging is enabled!!\n"));
3126 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
3127 }
3128
3129 /* There are a few more: e.g. MSR_K6_EFER_LMSLE */
3130 AssertMsg(!(val & ~(MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA /* ignored anyway */ |MSR_K6_EFER_SCE|MSR_K6_EFER_FFXSR)), ("Unexpected value %RX64\n", val));
3131 pCtx->msrEFER = (pCtx->msrEFER & ~uMask) | (val & uMask);
3132
3133 /* AMD64 Architecture Programmer's Manual: 15.15 TLB Control; flush the TLB if MSR_K6_EFER_NXE, MSR_K6_EFER_LME or MSR_K6_EFER_LMA are changed. */
3134 if ((oldval & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)) != (pCtx->msrEFER & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)))
3135 HWACCMFlushTLB(pVCpu);
3136
3137 break;
3138 }
3139
3140 case MSR_K8_SF_MASK:
3141 pCtx->msrSFMASK = val;
3142 break;
3143
3144 case MSR_K6_STAR:
3145 pCtx->msrSTAR = val;
3146 break;
3147
3148 case MSR_K8_LSTAR:
3149 pCtx->msrLSTAR = val;
3150 break;
3151
3152 case MSR_K8_CSTAR:
3153 pCtx->msrCSTAR = val;
3154 break;
3155
3156 case MSR_K8_FS_BASE:
3157 pCtx->fsHid.u64Base = val;
3158 break;
3159
3160 case MSR_K8_GS_BASE:
3161 pCtx->gsHid.u64Base = val;
3162 break;
3163
3164 case MSR_K8_KERNEL_GS_BASE:
3165 pCtx->msrKERNELGSBASE = val;
3166 break;
3167
3168 case MSR_K8_TSC_AUX:
3169 case MSR_IA32_MISC_ENABLE:
3170 CPUMSetGuestMsr(pVCpu, pRegFrame->ecx, val);
3171 break;
3172
3173 default:
3174 /* In X2APIC specification this range is reserved for APIC control. */
3175 if ( pRegFrame->ecx >= MSR_IA32_APIC_START
3176 && pRegFrame->ecx < MSR_IA32_APIC_END)
3177 return PDMApicWriteMSR(pVM, pVCpu->idCpu, pRegFrame->ecx, val);
3178
3179 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
3180 break;
3181 }
3182 return VINF_SUCCESS;
3183}
3184
3185
3186/**
3187 * WRMSR Emulation.
3188 */
3189static int emInterpretWrmsr(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
3190{
3191 return EMInterpretWrmsr(pVM, pVCpu, pRegFrame);
3192}
3193
3194
3195/**
3196 * Internal worker.
3197 * @copydoc EMInterpretInstructionCPU
3198 */
3199DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize, EMCODETYPE enmCodeType)
3200{
3201 Assert(enmCodeType == EMCODETYPE_SUPERVISOR || enmCodeType == EMCODETYPE_ALL);
3202 Assert(pcbSize);
3203 *pcbSize = 0;
3204
3205 if (enmCodeType == EMCODETYPE_SUPERVISOR)
3206 {
3207 /*
3208 * Only supervisor guest code!!
3209 * And no complicated prefixes.
3210 */
3211 /* Get the current privilege level. */
3212 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
3213 if ( cpl != 0
3214 && pDis->pCurInstr->opcode != OP_RDTSC) /* rdtsc requires emulation in ring 3 as well */
3215 {
3216 Log(("WARNING: refusing instruction emulation for user-mode code!!\n"));
3217 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedUserMode));
3218 return VERR_EM_INTERPRETER;
3219 }
3220 }
3221 else
3222 Log2(("emInterpretInstructionCPU allowed to interpret user-level code!!\n"));
3223
3224#ifdef IN_RC
3225 if ( (pDis->prefix & (PREFIX_REPNE | PREFIX_REP))
3226 || ( (pDis->prefix & PREFIX_LOCK)
3227 && pDis->pCurInstr->opcode != OP_CMPXCHG
3228 && pDis->pCurInstr->opcode != OP_CMPXCHG8B
3229 && pDis->pCurInstr->opcode != OP_XADD
3230 && pDis->pCurInstr->opcode != OP_OR
3231 && pDis->pCurInstr->opcode != OP_AND
3232 && pDis->pCurInstr->opcode != OP_XOR
3233 && pDis->pCurInstr->opcode != OP_BTR
3234 )
3235 )
3236#else
3237 if ( (pDis->prefix & PREFIX_REPNE)
3238 || ( (pDis->prefix & PREFIX_REP)
3239 && pDis->pCurInstr->opcode != OP_STOSWD
3240 )
3241 || ( (pDis->prefix & PREFIX_LOCK)
3242 && pDis->pCurInstr->opcode != OP_OR
3243 && pDis->pCurInstr->opcode != OP_AND
3244 && pDis->pCurInstr->opcode != OP_XOR
3245 && pDis->pCurInstr->opcode != OP_BTR
3246 && pDis->pCurInstr->opcode != OP_CMPXCHG
3247 && pDis->pCurInstr->opcode != OP_CMPXCHG8B
3248 )
3249 )
3250#endif
3251 {
3252 //Log(("EMInterpretInstruction: wrong prefix!!\n"));
3253 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedPrefix));
3254 return VERR_EM_INTERPRETER;
3255 }
3256
3257#if HC_ARCH_BITS == 32
3258 /*
3259 * Unable to emulate most >4 bytes accesses in 32 bits mode.
3260 * Whitelisted instructions are safe.
3261 */
3262 if ( pDis->param1.size > 4
3263 && CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
3264 {
3265 uint32_t uOpCode = pDis->pCurInstr->opcode;
3266 if ( uOpCode != OP_STOSWD
3267 && uOpCode != OP_MOV
3268 && uOpCode != OP_CMPXCHG8B
3269 && uOpCode != OP_XCHG
3270 && uOpCode != OP_BTS
3271 && uOpCode != OP_BTR
3272 && uOpCode != OP_BTC
3273# ifdef VBOX_WITH_HYBRID_32BIT_KERNEL_IN_R0
3274 && uOpCode != OP_CMPXCHG /* solaris */
3275 && uOpCode != OP_AND /* windows */
3276 && uOpCode != OP_OR /* windows */
3277 && uOpCode != OP_XOR /* because we can */
3278 && uOpCode != OP_ADD /* windows (dripple) */
3279 && uOpCode != OP_ADC /* because we can */
3280 && uOpCode != OP_SUB /* because we can */
3281 /** @todo OP_BTS or is that a different kind of failure? */
3282# endif
3283 )
3284 {
3285# ifdef VBOX_WITH_STATISTICS
3286 switch (pDis->pCurInstr->opcode)
3287 {
3288# define INTERPRET_FAILED_CASE(opcode, Instr) \
3289 case opcode: STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); break;
3290 INTERPRET_FAILED_CASE(OP_XCHG,Xchg);
3291 INTERPRET_FAILED_CASE(OP_DEC,Dec);
3292 INTERPRET_FAILED_CASE(OP_INC,Inc);
3293 INTERPRET_FAILED_CASE(OP_POP,Pop);
3294 INTERPRET_FAILED_CASE(OP_OR, Or);
3295 INTERPRET_FAILED_CASE(OP_XOR,Xor);
3296 INTERPRET_FAILED_CASE(OP_AND,And);
3297 INTERPRET_FAILED_CASE(OP_MOV,Mov);
3298 INTERPRET_FAILED_CASE(OP_STOSWD,StosWD);
3299 INTERPRET_FAILED_CASE(OP_INVLPG,InvlPg);
3300 INTERPRET_FAILED_CASE(OP_CPUID,CpuId);
3301 INTERPRET_FAILED_CASE(OP_MOV_CR,MovCRx);
3302 INTERPRET_FAILED_CASE(OP_MOV_DR,MovDRx);
3303 INTERPRET_FAILED_CASE(OP_LLDT,LLdt);
3304 INTERPRET_FAILED_CASE(OP_LIDT,LIdt);
3305 INTERPRET_FAILED_CASE(OP_LGDT,LGdt);
3306 INTERPRET_FAILED_CASE(OP_LMSW,Lmsw);
3307 INTERPRET_FAILED_CASE(OP_CLTS,Clts);
3308 INTERPRET_FAILED_CASE(OP_MONITOR,Monitor);
3309 INTERPRET_FAILED_CASE(OP_MWAIT,MWait);
3310 INTERPRET_FAILED_CASE(OP_RDMSR,Rdmsr);
3311 INTERPRET_FAILED_CASE(OP_WRMSR,Wrmsr);
3312 INTERPRET_FAILED_CASE(OP_ADD,Add);
3313 INTERPRET_FAILED_CASE(OP_SUB,Sub);
3314 INTERPRET_FAILED_CASE(OP_ADC,Adc);
3315 INTERPRET_FAILED_CASE(OP_BTR,Btr);
3316 INTERPRET_FAILED_CASE(OP_BTS,Bts);
3317 INTERPRET_FAILED_CASE(OP_BTC,Btc);
3318 INTERPRET_FAILED_CASE(OP_RDTSC,Rdtsc);
3319 INTERPRET_FAILED_CASE(OP_CMPXCHG, CmpXchg);
3320 INTERPRET_FAILED_CASE(OP_STI, Sti);
3321 INTERPRET_FAILED_CASE(OP_XADD,XAdd);
3322 INTERPRET_FAILED_CASE(OP_CMPXCHG8B,CmpXchg8b);
3323 INTERPRET_FAILED_CASE(OP_HLT, Hlt);
3324 INTERPRET_FAILED_CASE(OP_IRET,Iret);
3325 INTERPRET_FAILED_CASE(OP_WBINVD,WbInvd);
3326 INTERPRET_FAILED_CASE(OP_MOVNTPS,MovNTPS);
3327# undef INTERPRET_FAILED_CASE
3328 default:
3329 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedMisc));
3330 break;
3331 }
3332# endif /* VBOX_WITH_STATISTICS */
3333 return VERR_EM_INTERPRETER;
3334 }
3335 }
3336#endif
3337
3338 int rc;
3339#if (defined(VBOX_STRICT) || defined(LOG_ENABLED))
3340 LogFlow(("emInterpretInstructionCPU %s\n", emGetMnemonic(pDis)));
3341#endif
3342 switch (pDis->pCurInstr->opcode)
3343 {
3344 /*
3345 * Macros for generating the right case statements.
3346 */
3347# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
3348 case opcode:\
3349 if (pDis->prefix & PREFIX_LOCK) \
3350 rc = emInterpretLock##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, pfnEmulateLock); \
3351 else \
3352 rc = emInterpret##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, pfnEmulate); \
3353 if (RT_SUCCESS(rc)) \
3354 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3355 else \
3356 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3357 return rc
3358#define INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate) \
3359 case opcode:\
3360 rc = emInterpret##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, pfnEmulate); \
3361 if (RT_SUCCESS(rc)) \
3362 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3363 else \
3364 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3365 return rc
3366
3367#define INTERPRET_CASE_EX_PARAM2(opcode, Instr, InstrFn, pfnEmulate) \
3368 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
3369#define INTERPRET_CASE_EX_LOCK_PARAM2(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
3370 INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock)
3371
3372#define INTERPRET_CASE(opcode, Instr) \
3373 case opcode:\
3374 rc = emInterpret##Instr(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize); \
3375 if (RT_SUCCESS(rc)) \
3376 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3377 else \
3378 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3379 return rc
3380
3381#define INTERPRET_CASE_EX_DUAL_PARAM2(opcode, Instr, InstrFn) \
3382 case opcode:\
3383 rc = emInterpret##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize); \
3384 if (RT_SUCCESS(rc)) \
3385 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3386 else \
3387 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3388 return rc
3389
3390#define INTERPRET_STAT_CASE(opcode, Instr) \
3391 case opcode: STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); return VERR_EM_INTERPRETER;
3392
3393 /*
3394 * The actual case statements.
3395 */
3396 INTERPRET_CASE(OP_XCHG,Xchg);
3397 INTERPRET_CASE_EX_PARAM2(OP_DEC,Dec, IncDec, EMEmulateDec);
3398 INTERPRET_CASE_EX_PARAM2(OP_INC,Inc, IncDec, EMEmulateInc);
3399 INTERPRET_CASE(OP_POP,Pop);
3400 INTERPRET_CASE_EX_LOCK_PARAM3(OP_OR, Or, OrXorAnd, EMEmulateOr, EMEmulateLockOr);
3401 INTERPRET_CASE_EX_LOCK_PARAM3(OP_XOR,Xor, OrXorAnd, EMEmulateXor, EMEmulateLockXor);
3402 INTERPRET_CASE_EX_LOCK_PARAM3(OP_AND,And, OrXorAnd, EMEmulateAnd, EMEmulateLockAnd);
3403 INTERPRET_CASE(OP_MOV,Mov);
3404#ifndef IN_RC
3405 INTERPRET_CASE(OP_STOSWD,StosWD);
3406#endif
3407 INTERPRET_CASE(OP_INVLPG,InvlPg);
3408 INTERPRET_CASE(OP_CPUID,CpuId);
3409 INTERPRET_CASE(OP_MOV_CR,MovCRx);
3410 INTERPRET_CASE(OP_MOV_DR,MovDRx);
3411#ifdef IN_RING0
3412 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LIDT, LIdt, LIGdt);
3413 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LGDT, LGdt, LIGdt);
3414#endif
3415 INTERPRET_CASE(OP_LLDT,LLdt);
3416 INTERPRET_CASE(OP_LMSW,Lmsw);
3417#ifdef EM_EMULATE_SMSW
3418 INTERPRET_CASE(OP_SMSW,Smsw);
3419#endif
3420 INTERPRET_CASE(OP_CLTS,Clts);
3421 INTERPRET_CASE(OP_MONITOR, Monitor);
3422 INTERPRET_CASE(OP_MWAIT, MWait);
3423 INTERPRET_CASE(OP_RDMSR, Rdmsr);
3424 INTERPRET_CASE(OP_WRMSR, Wrmsr);
3425 INTERPRET_CASE_EX_PARAM3(OP_ADD,Add, AddSub, EMEmulateAdd);
3426 INTERPRET_CASE_EX_PARAM3(OP_SUB,Sub, AddSub, EMEmulateSub);
3427 INTERPRET_CASE(OP_ADC,Adc);
3428 INTERPRET_CASE_EX_LOCK_PARAM2(OP_BTR,Btr, BitTest, EMEmulateBtr, EMEmulateLockBtr);
3429 INTERPRET_CASE_EX_PARAM2(OP_BTS,Bts, BitTest, EMEmulateBts);
3430 INTERPRET_CASE_EX_PARAM2(OP_BTC,Btc, BitTest, EMEmulateBtc);
3431 INTERPRET_CASE(OP_RDPMC,Rdpmc);
3432 INTERPRET_CASE(OP_RDTSC,Rdtsc);
3433 INTERPRET_CASE(OP_CMPXCHG, CmpXchg);
3434#ifdef IN_RC
3435 INTERPRET_CASE(OP_STI,Sti);
3436 INTERPRET_CASE(OP_XADD, XAdd);
3437#endif
3438 INTERPRET_CASE(OP_CMPXCHG8B, CmpXchg8b);
3439 INTERPRET_CASE(OP_HLT,Hlt);
3440 INTERPRET_CASE(OP_IRET,Iret);
3441 INTERPRET_CASE(OP_WBINVD,WbInvd);
3442#ifdef VBOX_WITH_STATISTICS
3443# ifndef IN_RC
3444 INTERPRET_STAT_CASE(OP_XADD, XAdd);
3445# endif
3446 INTERPRET_STAT_CASE(OP_MOVNTPS,MovNTPS);
3447#endif
3448
3449 default:
3450 Log3(("emInterpretInstructionCPU: opcode=%d\n", pDis->pCurInstr->opcode));
3451 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedMisc));
3452 return VERR_EM_INTERPRETER;
3453
3454#undef INTERPRET_CASE_EX_PARAM2
3455#undef INTERPRET_STAT_CASE
3456#undef INTERPRET_CASE_EX
3457#undef INTERPRET_CASE
3458 } /* switch (opcode) */
3459 AssertFailed();
3460 return VERR_INTERNAL_ERROR;
3461}
3462
3463
3464/**
3465 * Sets the PC for which interrupts should be inhibited.
3466 *
3467 * @param pVCpu The VMCPU handle.
3468 * @param PC The PC.
3469 */
3470VMMDECL(void) EMSetInhibitInterruptsPC(PVMCPU pVCpu, RTGCUINTPTR PC)
3471{
3472 pVCpu->em.s.GCPtrInhibitInterrupts = PC;
3473 VMCPU_FF_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
3474}
3475
3476
3477/**
3478 * Gets the PC for which interrupts should be inhibited.
3479 *
3480 * There are a few instructions which inhibits or delays interrupts
3481 * for the instruction following them. These instructions are:
3482 * - STI
3483 * - MOV SS, r/m16
3484 * - POP SS
3485 *
3486 * @returns The PC for which interrupts should be inhibited.
3487 * @param pVCpu The VMCPU handle.
3488 *
3489 */
3490VMMDECL(RTGCUINTPTR) EMGetInhibitInterruptsPC(PVMCPU pVCpu)
3491{
3492 return pVCpu->em.s.GCPtrInhibitInterrupts;
3493}
3494
3495/**
3496 * Locks REM execution to a single VCpu
3497 *
3498 * @param pVM VM handle.
3499 */
3500VMMDECL(void) EMRemLock(PVM pVM)
3501{
3502 if (!PDMCritSectIsInitialized(&pVM->em.s.CritSectREM))
3503 return; /* early init */
3504
3505 Assert(!PGMIsLockOwner(pVM) && !IOMIsLockOwner(pVM));
3506 int rc = PDMCritSectEnter(&pVM->em.s.CritSectREM, VERR_SEM_BUSY);
3507 AssertMsg(rc == VINF_SUCCESS, ("%Rrc\n", rc));
3508}
3509
3510/**
3511 * Unlocks REM execution
3512 *
3513 * @param pVM VM handle.
3514 */
3515VMMDECL(void) EMRemUnlock(PVM pVM)
3516{
3517 if (!PDMCritSectIsInitialized(&pVM->em.s.CritSectREM))
3518 return; /* early init */
3519
3520 PDMCritSectLeave(&pVM->em.s.CritSectREM);
3521}
3522
3523/**
3524 * Check if this VCPU currently owns the REM lock.
3525 *
3526 * @returns bool owner/not owner
3527 * @param pVM The VM to operate on.
3528 */
3529VMMDECL(bool) EMRemIsLockOwner(PVM pVM)
3530{
3531 return PDMCritSectIsOwner(&pVM->em.s.CritSectREM);
3532}
3533
3534/**
3535 * Try to acquire the REM lock.
3536 *
3537 * @returns VBox status code
3538 * @param pVM The VM to operate on.
3539 */
3540VMMDECL(int) EMTryEnterRemLock(PVM pVM)
3541{
3542 return PDMCritSectTryEnter(&pVM->em.s.CritSectREM);
3543}
3544
3545/**
3546 * Determine if we should continue after encountering a hlt or mwait instruction
3547 *
3548 * @returns boolean
3549 * @param pVCpu The VMCPU to operate on.
3550 * @param pCtx Current CPU context
3551 */
3552VMMDECL(bool) EMShouldContinueAfterHalt(PVMCPU pVCpu, PCPUMCTX pCtx)
3553{
3554 if ( pCtx->eflags.Bits.u1IF
3555 || ((pVCpu->em.s.mwait.fWait & (EMMWAIT_FLAG_ACTIVE | EMMWAIT_FLAG_BREAKIRQIF0)) == (EMMWAIT_FLAG_ACTIVE | EMMWAIT_FLAG_BREAKIRQIF0)))
3556 {
3557 pVCpu->em.s.mwait.fWait &= ~(EMMWAIT_FLAG_ACTIVE | EMMWAIT_FLAG_BREAKIRQIF0);
3558 return !!VMCPU_FF_ISPENDING(pVCpu, (VMCPU_FF_INTERRUPT_APIC|VMCPU_FF_INTERRUPT_PIC));
3559 }
3560
3561 return false;
3562}
3563
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette