VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/EMAll.cpp@ 6537

Last change on this file since 6537 was 6297, checked in by vboxsync, 17 years ago

Disabled annoying assertion, see #2609.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 69.8 KB
Line 
1/* $Id: EMAll.cpp 6297 2008-01-09 15:49:50Z vboxsync $ */
2/** @file
3 * EM - Execution Monitor(/Manager) - All contexts
4 */
5
6/*
7 * Copyright (C) 2006-2007 innotek GmbH
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*******************************************************************************
20* Header Files *
21*******************************************************************************/
22#define LOG_GROUP LOG_GROUP_EM
23#include <VBox/em.h>
24#include <VBox/mm.h>
25#include <VBox/selm.h>
26#include <VBox/patm.h>
27#include <VBox/csam.h>
28#include <VBox/pgm.h>
29#include <VBox/iom.h>
30#include <VBox/stam.h>
31#include "EMInternal.h"
32#include <VBox/vm.h>
33#include <VBox/hwaccm.h>
34#include <VBox/tm.h>
35
36#include <VBox/param.h>
37#include <VBox/err.h>
38#include <VBox/dis.h>
39#include <VBox/disopcode.h>
40#include <VBox/log.h>
41#include <iprt/assert.h>
42#include <iprt/asm.h>
43#include <iprt/string.h>
44
45
46/*******************************************************************************
47* Structures and Typedefs *
48*******************************************************************************/
49typedef DECLCALLBACK(uint32_t) PFN_EMULATE_PARAM2_UINT32(uint32_t *pu32Param1, uint32_t val2);
50typedef DECLCALLBACK(uint32_t) PFN_EMULATE_PARAM2(uint32_t *pu32Param1, size_t val2);
51typedef DECLCALLBACK(uint32_t) PFN_EMULATE_PARAM3(uint32_t *pu32Param1, uint32_t val2, size_t val3);
52typedef DECLCALLBACK(int) FNEMULATELOCKPARAM2(RTGCPTR GCPtrParam1, RTGCUINTREG Val2, uint32_t *pf);
53typedef FNEMULATELOCKPARAM2 *PFNEMULATELOCKPARAM2;
54typedef DECLCALLBACK(int) FNEMULATELOCKPARAM3(RTGCPTR GCPtrParam1, RTGCUINTREG Val2, size_t cb, uint32_t *pf);
55typedef FNEMULATELOCKPARAM3 *PFNEMULATELOCKPARAM3;
56
57
58/*******************************************************************************
59* Internal Functions *
60*******************************************************************************/
61DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize);
62
63
64/**
65 * Get the current execution manager status.
66 *
67 * @returns Current status.
68 */
69EMDECL(EMSTATE) EMGetState(PVM pVM)
70{
71 return pVM->em.s.enmState;
72}
73
74
75#ifndef IN_GC
76/**
77 * Read callback for disassembly function; supports reading bytes that cross a page boundary
78 *
79 * @returns VBox status code.
80 * @param pSrc GC source pointer
81 * @param pDest HC destination pointer
82 * @param size Number of bytes to read
83 * @param dwUserdata Callback specific user data (pCpu)
84 *
85 */
86DECLCALLBACK(int) EMReadBytes(RTHCUINTPTR pSrc, uint8_t *pDest, unsigned size, void *pvUserdata)
87{
88 DISCPUSTATE *pCpu = (DISCPUSTATE *)pvUserdata;
89 PVM pVM = (PVM)pCpu->apvUserData[0];
90#ifdef IN_RING0
91 int rc = PGMPhysReadGCPtr(pVM, pDest, pSrc, size);
92 AssertRC(rc);
93#else
94 if (!PATMIsPatchGCAddr(pVM, pSrc))
95 {
96 int rc = PGMPhysReadGCPtr(pVM, pDest, pSrc, size);
97 AssertRC(rc);
98 }
99 else
100 {
101 for (uint32_t i = 0; i < size; i++)
102 {
103 uint8_t opcode;
104 if (VBOX_SUCCESS(PATMR3QueryOpcode(pVM, (RTGCPTR)pSrc + i, &opcode)))
105 {
106 *(pDest+i) = opcode;
107 }
108 }
109 }
110#endif /* IN_RING0 */
111 return VINF_SUCCESS;
112}
113
114DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
115{
116 return DISCoreOneEx(InstrGC, pCpu->mode, EMReadBytes, pVM, pCpu, pOpsize);
117}
118
119#else
120
121DECLINLINE(int) emDisCoreOne(PVM pVM, DISCPUSTATE *pCpu, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
122{
123 return DISCoreOne(pCpu, InstrGC, pOpsize);
124}
125
126#endif
127
128
129/**
130 * Disassembles one instruction.
131 *
132 * @param pVM The VM handle.
133 * @param pCtxCore The context core (used for both the mode and instruction).
134 * @param pCpu Where to return the parsed instruction info.
135 * @param pcbInstr Where to return the instruction size. (optional)
136 */
137EMDECL(int) EMInterpretDisasOne(PVM pVM, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
138{
139 RTGCPTR GCPtrInstr;
140 int rc = SELMValidateAndConvertCSAddr(pVM, pCtxCore->eflags, pCtxCore->ss, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid, (RTGCPTR)pCtxCore->eip, &GCPtrInstr);
141 if (VBOX_FAILURE(rc))
142 {
143 Log(("EMInterpretDisasOne: Failed to convert %RTsel:%RX32 (cpl=%d) - rc=%Vrc !!\n",
144 pCtxCore->cs, pCtxCore->eip, pCtxCore->ss & X86_SEL_RPL, rc));
145 return rc;
146 }
147 return EMInterpretDisasOneEx(pVM, (RTGCUINTPTR)GCPtrInstr, pCtxCore, pCpu, pcbInstr);
148}
149
150
151/**
152 * Disassembles one instruction.
153 *
154 * This is used by internally by the interpreter and by trap/access handlers.
155 *
156 * @param pVM The VM handle.
157 * @param GCPtrInstr The flat address of the instruction.
158 * @param pCtxCore The context core (used to determin the cpu mode).
159 * @param pCpu Where to return the parsed instruction info.
160 * @param pcbInstr Where to return the instruction size. (optional)
161 */
162EMDECL(int) EMInterpretDisasOneEx(PVM pVM, RTGCUINTPTR GCPtrInstr, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, unsigned *pcbInstr)
163{
164 int rc = DISCoreOneEx(GCPtrInstr, SELMIsSelector32Bit(pVM, pCtxCore->eflags, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid) ? CPUMODE_32BIT : CPUMODE_16BIT,
165#ifdef IN_GC
166 NULL, NULL,
167#else
168 EMReadBytes, pVM,
169#endif
170 pCpu, pcbInstr);
171 if (VBOX_SUCCESS(rc))
172 return VINF_SUCCESS;
173 AssertMsgFailed(("DISCoreOne failed to GCPtrInstr=%VGv rc=%Vrc\n", GCPtrInstr, rc));
174 return VERR_INTERNAL_ERROR;
175}
176
177
178/**
179 * Interprets the current instruction.
180 *
181 * @returns VBox status code.
182 * @retval VINF_* Scheduling instructions.
183 * @retval VERR_EM_INTERPRETER Something we can't cope with.
184 * @retval VERR_* Fatal errors.
185 *
186 * @param pVM The VM handle.
187 * @param pRegFrame The register frame.
188 * Updates the EIP if an instruction was executed successfully.
189 * @param pvFault The fault address (CR2).
190 * @param pcbSize Size of the write (if applicable).
191 *
192 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
193 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
194 * to worry about e.g. invalid modrm combinations (!)
195 */
196EMDECL(int) EMInterpretInstruction(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
197{
198 RTGCPTR pbCode;
199 int rc = SELMValidateAndConvertCSAddr(pVM, pRegFrame->eflags, pRegFrame->ss, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->eip, &pbCode);
200 if (VBOX_SUCCESS(rc))
201 {
202 uint32_t cbOp;
203 DISCPUSTATE Cpu;
204 Cpu.mode = SELMIsSelector32Bit(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid) ? CPUMODE_32BIT : CPUMODE_16BIT;
205 rc = emDisCoreOne(pVM, &Cpu, (RTGCUINTPTR)pbCode, &cbOp);
206 if (VBOX_SUCCESS(rc))
207 {
208 Assert(cbOp == Cpu.opsize);
209 rc = EMInterpretInstructionCPU(pVM, &Cpu, pRegFrame, pvFault, pcbSize);
210 if (VBOX_SUCCESS(rc))
211 {
212 pRegFrame->eip += cbOp; /* Move on to the next instruction. */
213 }
214 return rc;
215 }
216 }
217 return VERR_EM_INTERPRETER;
218}
219
220/**
221 * Interprets the current instruction using the supplied DISCPUSTATE structure.
222 *
223 * EIP is *NOT* updated!
224 *
225 * @returns VBox status code.
226 * @retval VINF_* Scheduling instructions. When these are returned, it
227 * starts to get a bit tricky to know whether code was
228 * executed or not... We'll address this when it becomes a problem.
229 * @retval VERR_EM_INTERPRETER Something we can't cope with.
230 * @retval VERR_* Fatal errors.
231 *
232 * @param pVM The VM handle.
233 * @param pCpu The disassembler cpu state for the instruction to be interpreted.
234 * @param pRegFrame The register frame. EIP is *NOT* changed!
235 * @param pvFault The fault address (CR2).
236 * @param pcbSize Size of the write (if applicable).
237 *
238 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
239 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
240 * to worry about e.g. invalid modrm combinations (!)
241 *
242 * @todo At this time we do NOT check if the instruction overwrites vital information.
243 * Make sure this can't happen!! (will add some assertions/checks later)
244 */
245EMDECL(int) EMInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
246{
247 STAM_PROFILE_START(&CTXMID(pVM->em.s.CTXSUFF(pStats)->Stat,Emulate), a);
248 int rc = emInterpretInstructionCPU(pVM, pCpu, pRegFrame, pvFault, pcbSize);
249 STAM_PROFILE_STOP(&CTXMID(pVM->em.s.CTXSUFF(pStats)->Stat,Emulate), a);
250 if (VBOX_SUCCESS(rc))
251 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,InterpretSucceeded));
252 else
253 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,InterpretFailed));
254 return rc;
255}
256
257
258/**
259 * Interpret a port I/O instruction.
260 *
261 * @returns VBox status code suitable for scheduling.
262 * @param pVM The VM handle.
263 * @param pCtxCore The context core. This will be updated on successful return.
264 * @param pCpu The instruction to interpret.
265 * @param cbOp The size of the instruction.
266 * @remark This may raise exceptions.
267 */
268EMDECL(int) EMInterpretPortIO(PVM pVM, PCPUMCTXCORE pCtxCore, PDISCPUSTATE pCpu, uint32_t cbOp)
269{
270 /*
271 * Hand it on to IOM.
272 */
273#ifdef IN_GC
274 int rc = IOMGCIOPortHandler(pVM, pCtxCore, pCpu);
275 if (IOM_SUCCESS(rc))
276 pCtxCore->eip += cbOp;
277 return rc;
278#else
279 AssertReleaseMsgFailed(("not implemented\n"));
280 return VERR_NOT_IMPLEMENTED;
281#endif
282}
283
284
285DECLINLINE(int) emRamRead(PVM pVM, void *pDest, RTGCPTR GCSrc, uint32_t cb)
286{
287#ifdef IN_GC
288 int rc = MMGCRamRead(pVM, pDest, GCSrc, cb);
289 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
290 return rc;
291 /*
292 * The page pool cache may end up here in some cases because it
293 * flushed one of the shadow mappings used by the trapping
294 * instruction and it either flushed the TLB or the CPU reused it.
295 */
296 RTGCPHYS GCPhys;
297 rc = PGMPhysGCPtr2GCPhys(pVM, GCSrc, &GCPhys);
298 AssertRCReturn(rc, rc);
299 PGMPhysRead(pVM, GCPhys, pDest, cb);
300 return VINF_SUCCESS;
301#else
302 return PGMPhysReadGCPtrSafe(pVM, pDest, GCSrc, cb);
303#endif
304}
305
306DECLINLINE(int) emRamWrite(PVM pVM, RTGCPTR GCDest, void *pSrc, uint32_t cb)
307{
308#ifdef IN_GC
309 int rc = MMGCRamWrite(pVM, GCDest, pSrc, cb);
310 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
311 return rc;
312 /*
313 * The page pool cache may end up here in some cases because it
314 * flushed one of the shadow mappings used by the trapping
315 * instruction and it either flushed the TLB or the CPU reused it.
316 * We want to play safe here, verifying that we've got write
317 * access doesn't cost us much (see PGMPhysGCPtr2GCPhys()).
318 */
319 uint64_t fFlags;
320 RTGCPHYS GCPhys;
321 rc = PGMGstGetPage(pVM, GCDest, &fFlags, &GCPhys);
322 if (RT_FAILURE(rc))
323 return rc;
324 if ( !(fFlags & X86_PTE_RW)
325 && (CPUMGetGuestCR0(pVM) & X86_CR0_WP))
326 return VERR_ACCESS_DENIED;
327
328 PGMPhysWrite(pVM, GCPhys + ((RTGCUINTPTR)GCDest & PAGE_OFFSET_MASK), pSrc, cb);
329 return VINF_SUCCESS;
330
331#else
332 return PGMPhysWriteGCPtrSafe(pVM, GCDest, pSrc, cb);
333#endif
334}
335
336/* Convert sel:addr to a flat GC address */
337static RTGCPTR emConvertToFlatAddr(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pCpu, POP_PARAMETER pParam, RTGCPTR pvAddr)
338{
339 int prefix_seg, rc;
340 RTSEL sel;
341 CPUMSELREGHID *pSelHidReg;
342
343 prefix_seg = DISDetectSegReg(pCpu, pParam);
344 rc = DISFetchRegSegEx(pRegFrame, prefix_seg, &sel, &pSelHidReg);
345 if (VBOX_FAILURE(rc))
346 return pvAddr;
347
348 return SELMToFlat(pVM, pRegFrame->eflags, sel, pSelHidReg, pvAddr);
349}
350
351#if defined(VBOX_STRICT) || defined(LOG_ENABLED)
352/**
353 * Get the mnemonic for the disassembled instruction.
354 *
355 * GC/R0 doesn't include the strings in the DIS tables because
356 * of limited space.
357 */
358static const char *emGetMnemonic(PDISCPUSTATE pCpu)
359{
360 switch (pCpu->pCurInstr->opcode)
361 {
362 case OP_XOR: return "Xor";
363 case OP_OR: return "Or";
364 case OP_AND: return "And";
365 case OP_BTR: return "Btr";
366 case OP_BTS: return "Bts";
367 default:
368 AssertMsgFailed(("%d\n", pCpu->pCurInstr->opcode));
369 return "???";
370 }
371}
372#endif
373
374/**
375 * XCHG instruction emulation.
376 */
377static int emInterpretXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
378{
379 OP_PARAMVAL param1, param2;
380
381 /* Source to make DISQueryParamVal read the register value - ugly hack */
382 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
383 if(VBOX_FAILURE(rc))
384 return VERR_EM_INTERPRETER;
385
386 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
387 if(VBOX_FAILURE(rc))
388 return VERR_EM_INTERPRETER;
389
390#ifdef IN_GC
391 if (TRPMHasTrap(pVM))
392 {
393 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
394 {
395#endif
396 RTGCPTR pParam1 = 0, pParam2 = 0;
397 uint32_t valpar1, valpar2;
398
399 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
400 switch(param1.type)
401 {
402 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
403 valpar1 = param1.val.val32;
404 break;
405
406 case PARMTYPE_ADDRESS:
407 pParam1 = (RTGCPTR)param1.val.val32;
408 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
409#ifdef IN_GC
410 /* Safety check (in theory it could cross a page boundary and fault there though) */
411 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
412#endif
413 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
414 if (VBOX_FAILURE(rc))
415 {
416 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
417 return VERR_EM_INTERPRETER;
418 }
419 break;
420
421 default:
422 AssertFailed();
423 return VERR_EM_INTERPRETER;
424 }
425
426 switch(param2.type)
427 {
428 case PARMTYPE_ADDRESS:
429 pParam2 = (RTGCPTR)param2.val.val32;
430 pParam2 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pParam2);
431#ifdef IN_GC
432 /* Safety check (in theory it could cross a page boundary and fault there though) */
433 AssertReturn(pParam2 == pvFault, VERR_EM_INTERPRETER);
434#endif
435 rc = emRamRead(pVM, &valpar2, pParam2, param2.size);
436 if (VBOX_FAILURE(rc))
437 {
438 AssertMsgFailed(("MMGCRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
439 }
440 break;
441
442 case PARMTYPE_IMMEDIATE:
443 valpar2 = param2.val.val32;
444 break;
445
446 default:
447 AssertFailed();
448 return VERR_EM_INTERPRETER;
449 }
450
451 /* Write value of parameter 2 to parameter 1 (reg or memory address) */
452 if (pParam1 == 0)
453 {
454 Assert(param1.type == PARMTYPE_IMMEDIATE); /* register actually */
455 switch(param1.size)
456 {
457 case 1: //special case for AH etc
458 rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen8, (uint8_t)valpar2); break;
459 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen32, (uint16_t)valpar2); break;
460 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen32, valpar2); break;
461 default: AssertFailedReturn(VERR_EM_INTERPRETER);
462 }
463 if (VBOX_FAILURE(rc))
464 return VERR_EM_INTERPRETER;
465 }
466 else
467 {
468 rc = emRamWrite(pVM, pParam1, &valpar2, param1.size);
469 if (VBOX_FAILURE(rc))
470 {
471 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
472 return VERR_EM_INTERPRETER;
473 }
474 }
475
476 /* Write value of parameter 1 to parameter 2 (reg or memory address) */
477 if (pParam2 == 0)
478 {
479 Assert(param2.type == PARMTYPE_IMMEDIATE); /* register actually */
480 switch(param2.size)
481 {
482 case 1: //special case for AH etc
483 rc = DISWriteReg8(pRegFrame, pCpu->param2.base.reg_gen8, (uint8_t)valpar1); break;
484 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param2.base.reg_gen32, (uint16_t)valpar1); break;
485 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param2.base.reg_gen32, valpar1); break;
486 default: AssertFailedReturn(VERR_EM_INTERPRETER);
487 }
488 if (VBOX_FAILURE(rc))
489 return VERR_EM_INTERPRETER;
490 }
491 else
492 {
493 rc = emRamWrite(pVM, pParam2, &valpar1, param2.size);
494 if (VBOX_FAILURE(rc))
495 {
496 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
497 return VERR_EM_INTERPRETER;
498 }
499 }
500
501 *pcbSize = param2.size;
502 return VINF_SUCCESS;
503#ifdef IN_GC
504 }
505 }
506#endif
507 return VERR_EM_INTERPRETER;
508}
509
510/**
511 * INC and DEC emulation.
512 */
513static int emInterpretIncDec(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
514 PFN_EMULATE_PARAM2 pfnEmulate)
515{
516 OP_PARAMVAL param1;
517
518 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
519 if(VBOX_FAILURE(rc))
520 return VERR_EM_INTERPRETER;
521
522#ifdef IN_GC
523 if (TRPMHasTrap(pVM))
524 {
525 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
526 {
527#endif
528 RTGCPTR pParam1 = 0;
529 uint32_t valpar1;
530
531 if (param1.type == PARMTYPE_ADDRESS)
532 {
533 pParam1 = (RTGCPTR)param1.val.val32;
534 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
535#ifdef IN_GC
536 /* Safety check (in theory it could cross a page boundary and fault there though) */
537 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
538#endif
539 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
540 if (VBOX_FAILURE(rc))
541 {
542 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
543 return VERR_EM_INTERPRETER;
544 }
545 }
546 else
547 {
548 AssertFailed();
549 return VERR_EM_INTERPRETER;
550 }
551
552 uint32_t eflags;
553
554 eflags = pfnEmulate(&valpar1, param1.size);
555
556 /* Write result back */
557 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
558 if (VBOX_FAILURE(rc))
559 {
560 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
561 return VERR_EM_INTERPRETER;
562 }
563
564 /* Update guest's eflags and finish. */
565 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
566 | (eflags & (X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
567
568 /* All done! */
569 *pcbSize = param1.size;
570 return VINF_SUCCESS;
571#ifdef IN_GC
572 }
573 }
574#endif
575 return VERR_EM_INTERPRETER;
576}
577
578/**
579 * POP Emulation.
580 */
581static int emInterpretPop(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
582{
583 OP_PARAMVAL param1;
584 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
585 if(VBOX_FAILURE(rc))
586 return VERR_EM_INTERPRETER;
587
588#ifdef IN_GC
589 if (TRPMHasTrap(pVM))
590 {
591 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
592 {
593#endif
594 RTGCPTR pParam1 = 0;
595 uint32_t valpar1;
596 RTGCPTR pStackVal;
597
598 /* Read stack value first */
599 if (SELMIsSelector32Bit(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid) == false)
600 return VERR_EM_INTERPRETER; /* No legacy 16 bits stuff here, please. */
601
602 /* Convert address; don't bother checking limits etc, as we only read here */
603 pStackVal = SELMToFlat(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid, (RTGCPTR)pRegFrame->esp);
604 if (pStackVal == 0)
605 return VERR_EM_INTERPRETER;
606
607 rc = emRamRead(pVM, &valpar1, pStackVal, param1.size);
608 if (VBOX_FAILURE(rc))
609 {
610 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
611 return VERR_EM_INTERPRETER;
612 }
613
614 if (param1.type == PARMTYPE_ADDRESS)
615 {
616 pParam1 = (RTGCPTR)param1.val.val32;
617
618 /* pop [esp+xx] uses esp after the actual pop! */
619 AssertCompile(USE_REG_ESP == USE_REG_SP);
620 if ( (pCpu->param1.flags & USE_BASE)
621 && (pCpu->param1.flags & (USE_REG_GEN16|USE_REG_GEN32))
622 && pCpu->param1.base.reg_gen32 == USE_REG_ESP
623 )
624 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + param1.size);
625
626 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
627
628#ifdef IN_GC
629 /* Safety check (in theory it could cross a page boundary and fault there though) */
630 AssertMsgReturn(pParam1 == pvFault || (RTGCPTR)pRegFrame->esp == pvFault, ("%VGv != %VGv ss:esp=%04X:%VGv\n", pParam1, pvFault, pRegFrame->ss, pRegFrame->esp), VERR_EM_INTERPRETER);
631#endif
632 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
633 if (VBOX_FAILURE(rc))
634 {
635 AssertMsgFailed(("emRamWrite %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
636 return VERR_EM_INTERPRETER;
637 }
638
639 /* Update ESP as the last step */
640 pRegFrame->esp += param1.size;
641 }
642 else
643 {
644#ifndef DEBUG_bird // annoying assertion.
645 AssertFailed();
646#endif
647 return VERR_EM_INTERPRETER;
648 }
649
650 /* All done! */
651 *pcbSize = param1.size;
652 return VINF_SUCCESS;
653#ifdef IN_GC
654 }
655 }
656#endif
657 return VERR_EM_INTERPRETER;
658}
659
660
661/**
662 * XOR/OR/AND Emulation.
663 */
664static int emInterpretOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
665 PFN_EMULATE_PARAM3 pfnEmulate)
666{
667 OP_PARAMVAL param1, param2;
668 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
669 if(VBOX_FAILURE(rc))
670 return VERR_EM_INTERPRETER;
671
672 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
673 if(VBOX_FAILURE(rc))
674 return VERR_EM_INTERPRETER;
675
676#ifdef DEBUG
677 const char *pszInstr;
678
679 if (pCpu->pCurInstr->opcode == OP_XOR)
680 pszInstr = "Xor";
681 else
682 if (pCpu->pCurInstr->opcode == OP_OR)
683 pszInstr = "Or";
684 else
685 if (pCpu->pCurInstr->opcode == OP_AND)
686 pszInstr = "And";
687#endif
688
689#ifdef IN_GC
690 if (TRPMHasTrap(pVM))
691 {
692 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
693 {
694#endif
695 RTGCPTR pParam1;
696 uint32_t valpar1, valpar2;
697
698 if (pCpu->param1.size != pCpu->param2.size)
699 {
700 if (pCpu->param1.size < pCpu->param2.size)
701 {
702 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", pszInstr, pRegFrame->eip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
703 return VERR_EM_INTERPRETER;
704 }
705 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
706 pCpu->param2.size = pCpu->param1.size;
707 param2.size = param1.size;
708 }
709
710 /* The destination is always a virtual address */
711 if (param1.type == PARMTYPE_ADDRESS)
712 {
713 pParam1 = (RTGCPTR)param1.val.val32;
714 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
715
716#ifdef IN_GC
717 /* Safety check (in theory it could cross a page boundary and fault there though) */
718 AssertMsgReturn(pParam1 == pvFault, ("eip=%VGv, pParam1=%VGv pvFault=%VGv\n", pRegFrame->eip, pParam1, pvFault), VERR_EM_INTERPRETER);
719#endif
720 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
721 if (VBOX_FAILURE(rc))
722 {
723 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
724 return VERR_EM_INTERPRETER;
725 }
726 }
727 else
728 {
729 AssertFailed();
730 return VERR_EM_INTERPRETER;
731 }
732
733 /* Register or immediate data */
734 switch(param2.type)
735 {
736 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
737 valpar2 = param2.val.val32;
738 break;
739
740 default:
741 AssertFailed();
742 return VERR_EM_INTERPRETER;
743 }
744
745 /* Data read, emulate instruction. */
746 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
747
748 /* Update guest's eflags and finish. */
749 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
750 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
751
752 /* And write it back */
753 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
754 if (VBOX_SUCCESS(rc))
755 {
756 /* All done! */
757 *pcbSize = param2.size;
758 return VINF_SUCCESS;
759 }
760#ifdef IN_GC
761 }
762 }
763#endif
764 return VERR_EM_INTERPRETER;
765}
766
767#ifdef IN_GC
768/**
769 * LOCK XOR/OR/AND Emulation.
770 */
771static int emInterpretLockOrXorAnd(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
772 uint32_t *pcbSize, PFNEMULATELOCKPARAM3 pfnEmulate)
773{
774 OP_PARAMVAL param1, param2;
775 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
776 if(VBOX_FAILURE(rc))
777 return VERR_EM_INTERPRETER;
778
779 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
780 if(VBOX_FAILURE(rc))
781 return VERR_EM_INTERPRETER;
782
783 if (pCpu->param1.size != pCpu->param2.size)
784 {
785 AssertMsgReturn(pCpu->param1.size >= pCpu->param2.size, /* should never happen! */
786 ("%s at %VGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pCpu), pRegFrame->eip, pCpu->param1.size, pCpu->param2.size),
787 VERR_EM_INTERPRETER);
788
789 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
790 pCpu->param2.size = pCpu->param1.size;
791 param2.size = param1.size;
792 }
793
794 /* The destination is always a virtual address */
795 AssertReturn(param1.type == PARMTYPE_ADDRESS, VERR_EM_INTERPRETER);
796 RTGCPTR GCPtrPar1 = (RTGCPTR)param1.val.val32;
797 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
798
799# ifdef IN_GC
800 /* Safety check (in theory it could cross a page boundary and fault there though) */
801 Assert( TRPMHasTrap(pVM)
802 && (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW));
803 AssertMsgReturn(GCPtrPar1 == pvFault, ("eip=%VGv, GCPtrPar1=%VGv pvFault=%VGv\n", pRegFrame->eip, GCPtrPar1, pvFault), VERR_EM_INTERPRETER);
804# endif
805
806 /* Register and immediate data == PARMTYPE_IMMEDIATE */
807 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
808 RTGCUINTREG ValPar2 = param2.val.val32;
809
810 /* Try emulate it with a one-shot #PF handler in place. */
811 Log2(("%s %RGv imm%d=%RGr\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
812
813 RTGCUINTREG eflags = 0;
814 MMGCRamRegisterTrapHandler(pVM);
815 rc = pfnEmulate(GCPtrPar1, ValPar2, pCpu->param2.size, &eflags);
816 MMGCRamDeregisterTrapHandler(pVM);
817
818 if (RT_FAILURE(rc))
819 {
820 Log(("%s %RGv imm%d=%RGr -> emulation failed due to page fault!\n", emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
821 return VERR_EM_INTERPRETER;
822 }
823
824 /* Update guest's eflags and finish. */
825 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
826 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
827
828 *pcbSize = param2.size;
829 return VINF_SUCCESS;
830}
831#endif
832
833/**
834 * ADD, ADC & SUB Emulation.
835 */
836static int emInterpretAddSub(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
837 PFN_EMULATE_PARAM3 pfnEmulate)
838{
839 OP_PARAMVAL param1, param2;
840 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
841 if(VBOX_FAILURE(rc))
842 return VERR_EM_INTERPRETER;
843
844 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
845 if(VBOX_FAILURE(rc))
846 return VERR_EM_INTERPRETER;
847
848#ifdef DEBUG
849 const char *pszInstr;
850
851 if (pCpu->pCurInstr->opcode == OP_SUB)
852 pszInstr = "Sub";
853 else
854 if (pCpu->pCurInstr->opcode == OP_ADD)
855 pszInstr = "Add";
856 else
857 if (pCpu->pCurInstr->opcode == OP_ADC)
858 pszInstr = "Adc";
859#endif
860
861#ifdef IN_GC
862 if (TRPMHasTrap(pVM))
863 {
864 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
865 {
866#endif
867 RTGCPTR pParam1;
868 uint32_t valpar1, valpar2;
869
870 if (pCpu->param1.size != pCpu->param2.size)
871 {
872 if (pCpu->param1.size < pCpu->param2.size)
873 {
874 AssertMsgFailed(("%s at %VGv parameter mismatch %d vs %d!!\n", pszInstr, pRegFrame->eip, pCpu->param1.size, pCpu->param2.size)); /* should never happen! */
875 return VERR_EM_INTERPRETER;
876 }
877 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
878 pCpu->param2.size = pCpu->param1.size;
879 param2.size = param1.size;
880 }
881
882 /* The destination is always a virtual address */
883 if (param1.type == PARMTYPE_ADDRESS)
884 {
885 pParam1 = (RTGCPTR)param1.val.val32;
886 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
887
888#ifdef IN_GC
889 /* Safety check (in theory it could cross a page boundary and fault there though) */
890 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
891#endif
892 rc = emRamRead(pVM, &valpar1, pParam1, param1.size);
893 if (VBOX_FAILURE(rc))
894 {
895 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
896 return VERR_EM_INTERPRETER;
897 }
898 }
899 else
900 {
901#ifndef DEBUG_bird
902 AssertFailed();
903#endif
904 return VERR_EM_INTERPRETER;
905 }
906
907 /* Register or immediate data */
908 switch(param2.type)
909 {
910 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
911 valpar2 = param2.val.val32;
912 break;
913
914 default:
915 AssertFailed();
916 return VERR_EM_INTERPRETER;
917 }
918
919 /* Data read, emulate instruction. */
920 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
921
922 /* Update guest's eflags and finish. */
923 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
924 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
925
926 /* And write it back */
927 rc = emRamWrite(pVM, pParam1, &valpar1, param1.size);
928 if (VBOX_SUCCESS(rc))
929 {
930 /* All done! */
931 *pcbSize = param2.size;
932 return VINF_SUCCESS;
933 }
934#ifdef IN_GC
935 }
936 }
937#endif
938 return VERR_EM_INTERPRETER;
939}
940
941/**
942 * ADC Emulation.
943 */
944static int emInterpretAdc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
945{
946 if (pRegFrame->eflags.Bits.u1CF)
947 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdcWithCarrySet);
948 else
949 return emInterpretAddSub(pVM, pCpu, pRegFrame, pvFault, pcbSize, EMEmulateAdd);
950}
951
952/**
953 * BTR/C/S Emulation.
954 */
955static int emInterpretBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
956 PFN_EMULATE_PARAM2_UINT32 pfnEmulate)
957{
958 OP_PARAMVAL param1, param2;
959 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
960 if(VBOX_FAILURE(rc))
961 return VERR_EM_INTERPRETER;
962
963 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
964 if(VBOX_FAILURE(rc))
965 return VERR_EM_INTERPRETER;
966
967#ifdef LOG_ENABLED
968 const char *pszInstr;
969
970 if (pCpu->pCurInstr->opcode == OP_BTR)
971 pszInstr = "Btr";
972 else
973 if (pCpu->pCurInstr->opcode == OP_BTS)
974 pszInstr = "Bts";
975 else
976 if (pCpu->pCurInstr->opcode == OP_BTC)
977 pszInstr = "Btc";
978#endif
979
980#ifdef IN_GC
981 if (TRPMHasTrap(pVM))
982 {
983 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
984 {
985#endif
986 RTGCPTR pParam1;
987 uint32_t valpar1 = 0, valpar2;
988 uint32_t eflags;
989
990 /* The destination is always a virtual address */
991 if (param1.type != PARMTYPE_ADDRESS)
992 return VERR_EM_INTERPRETER;
993
994 pParam1 = (RTGCPTR)param1.val.val32;
995 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
996
997 /* Register or immediate data */
998 switch(param2.type)
999 {
1000 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1001 valpar2 = param2.val.val32;
1002 break;
1003
1004 default:
1005 AssertFailed();
1006 return VERR_EM_INTERPRETER;
1007 }
1008
1009 Log2(("emInterpret%s: pvFault=%VGv pParam1=%VGv val2=%x\n", pszInstr, pvFault, pParam1, valpar2));
1010 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + valpar2/8);
1011#ifdef IN_GC
1012 /* Safety check. */
1013 AssertMsgReturn((RTGCPTR)((RTGCUINTPTR)pParam1 & ~3) == pvFault, ("pParam1=%VGv pvFault=%VGv\n", pParam1, pvFault), VERR_EM_INTERPRETER);
1014#endif
1015 rc = emRamRead(pVM, &valpar1, pParam1, 1);
1016 if (VBOX_FAILURE(rc))
1017 {
1018 AssertMsgFailed(("emRamRead %VGv size=%d failed with %Vrc\n", pParam1, param1.size, rc));
1019 return VERR_EM_INTERPRETER;
1020 }
1021
1022 Log2(("emInterpretBtx: val=%x\n", valpar1));
1023 /* Data read, emulate bit test instruction. */
1024 eflags = pfnEmulate(&valpar1, valpar2 & 0x7);
1025
1026 Log2(("emInterpretBtx: val=%x CF=%d\n", valpar1, !!(eflags & X86_EFL_CF)));
1027
1028 /* Update guest's eflags and finish. */
1029 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1030 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1031
1032 /* And write it back */
1033 rc = emRamWrite(pVM, pParam1, &valpar1, 1);
1034 if (VBOX_SUCCESS(rc))
1035 {
1036 /* All done! */
1037 *pcbSize = 1;
1038 return VINF_SUCCESS;
1039 }
1040#ifdef IN_GC
1041 }
1042 }
1043#endif
1044 return VERR_EM_INTERPRETER;
1045}
1046
1047#ifdef IN_GC
1048/**
1049 * LOCK BTR/C/S Emulation.
1050 */
1051static int emInterpretLockBitTest(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
1052 uint32_t *pcbSize, PFNEMULATELOCKPARAM2 pfnEmulate)
1053{
1054 OP_PARAMVAL param1, param2;
1055 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1056 if(VBOX_FAILURE(rc))
1057 return VERR_EM_INTERPRETER;
1058
1059 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1060 if(VBOX_FAILURE(rc))
1061 return VERR_EM_INTERPRETER;
1062
1063 /* The destination is always a virtual address */
1064 if (param1.type != PARMTYPE_ADDRESS)
1065 return VERR_EM_INTERPRETER;
1066
1067 RTGCPTR GCPtrPar1 = (RTGCPTR)param1.val.val32;
1068 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, GCPtrPar1);
1069
1070 /* Register and immediate data == PARMTYPE_IMMEDIATE */
1071 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
1072 RTGCUINTREG ValPar2 = param2.val.val32;
1073
1074 Log2(("emInterpretLockBitTest %s: pvFault=%VGv GCPtrPar1=%RGv imm=%RGr\n", emGetMnemonic(pCpu), pvFault, GCPtrPar1, ValPar2));
1075
1076 /* Adjust the parameters so what we're dealing with is a bit within the byte pointed to. */
1077 GCPtrPar1 = (RTGCPTR)((RTGCUINTPTR)GCPtrPar1 + ValPar2 / 8);
1078 ValPar2 &= 7;
1079# ifdef IN_GC
1080 Assert(TRPMHasTrap(pVM));
1081 AssertMsgReturn((RTGCPTR)((RTGCUINTPTR)GCPtrPar1 & ~(RTGCUINTPTR)3) == pvFault,
1082 ("GCPtrPar1=%VGv pvFault=%VGv\n", GCPtrPar1, pvFault),
1083 VERR_EM_INTERPRETER);
1084# endif
1085
1086 /* Try emulate it with a one-shot #PF handler in place. */
1087 RTGCUINTREG eflags = 0;
1088 MMGCRamRegisterTrapHandler(pVM);
1089 rc = pfnEmulate(GCPtrPar1, ValPar2, &eflags);
1090 MMGCRamDeregisterTrapHandler(pVM);
1091
1092 if (RT_FAILURE(rc))
1093 {
1094 Log(("emInterpretLockBitTest %s: %RGv imm%d=%RGr -> emulation failed due to page fault!\n",
1095 emGetMnemonic(pCpu), GCPtrPar1, pCpu->param2.size*8, ValPar2));
1096 return VERR_EM_INTERPRETER;
1097 }
1098
1099 Log2(("emInterpretLockBitTest %s: GCPtrPar1=%RGv imm=%RGr CF=%d\n", emGetMnemonic(pCpu), GCPtrPar1, ValPar2, !!(eflags & X86_EFL_CF)));
1100
1101 /* Update guest's eflags and finish. */
1102 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1103 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1104
1105 *pcbSize = 1;
1106 return VINF_SUCCESS;
1107}
1108#endif /* IN_GC */
1109
1110/**
1111 * MOV emulation.
1112 */
1113static int emInterpretMov(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1114{
1115 OP_PARAMVAL param1, param2;
1116 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_DEST);
1117 if(VBOX_FAILURE(rc))
1118 return VERR_EM_INTERPRETER;
1119
1120 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1121 if(VBOX_FAILURE(rc))
1122 return VERR_EM_INTERPRETER;
1123
1124#ifdef IN_GC
1125 if (TRPMHasTrap(pVM))
1126 {
1127 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1128 {
1129#else
1130 /** @todo Make this the default and don't rely on TRPM information. */
1131 if (param1.type == PARMTYPE_ADDRESS)
1132 {
1133#endif
1134 RTGCPTR pDest;
1135 uint32_t val32;
1136
1137 switch(param1.type)
1138 {
1139 case PARMTYPE_IMMEDIATE:
1140 if(!(param1.flags & PARAM_VAL32))
1141 return VERR_EM_INTERPRETER;
1142 /* fallthru */
1143
1144 case PARMTYPE_ADDRESS:
1145 pDest = (RTGCPTR)param1.val.val32;
1146 pDest = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pDest);
1147 break;
1148
1149 default:
1150 AssertFailed();
1151 return VERR_EM_INTERPRETER;
1152 }
1153
1154 switch(param2.type)
1155 {
1156 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
1157 val32 = param2.val.val32;
1158 break;
1159
1160 default:
1161 Log(("emInterpretMov: unexpected type=%d eip=%VGv\n", param2.type, pRegFrame->eip));
1162 return VERR_EM_INTERPRETER;
1163 }
1164 LogFlow(("EMInterpretInstruction at %08x: OP_MOV %08X <- %08X (%d) &val32=%08x\n", pRegFrame->eip, pDest, val32, param2.size, &val32));
1165
1166 Assert(param2.size <= 4 && param2.size > 0);
1167
1168#if 0 /* CSAM/PATM translates aliases which causes this to incorrectly trigger. See #2609 and #1498. */
1169#ifdef IN_GC
1170 /* Safety check (in theory it could cross a page boundary and fault there though) */
1171 AssertMsgReturn(pDest == pvFault, ("eip=%VGv pDest=%VGv pvFault=%VGv\n", pRegFrame->eip, pDest, pvFault), VERR_EM_INTERPRETER);
1172#endif
1173#endif
1174 rc = emRamWrite(pVM, pDest, &val32, param2.size);
1175 if (VBOX_FAILURE(rc))
1176 return VERR_EM_INTERPRETER;
1177
1178 *pcbSize = param2.size;
1179 }
1180 else
1181 { /* read fault */
1182 RTGCPTR pSrc;
1183 uint32_t val32;
1184
1185 /* Source */
1186 switch(param2.type)
1187 {
1188 case PARMTYPE_IMMEDIATE:
1189 if(!(param2.flags & PARAM_VAL32))
1190 return VERR_EM_INTERPRETER;
1191 /* fallthru */
1192
1193 case PARMTYPE_ADDRESS:
1194 pSrc = (RTGCPTR)param2.val.val32;
1195 pSrc = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param2, pSrc);
1196 break;
1197
1198 default:
1199 return VERR_EM_INTERPRETER;
1200 }
1201
1202 Assert(param1.size <= 4 && param1.size > 0);
1203#ifdef IN_GC
1204 /* Safety check (in theory it could cross a page boundary and fault there though) */
1205 AssertReturn(pSrc == pvFault, VERR_EM_INTERPRETER);
1206#endif
1207 rc = emRamRead(pVM, &val32, pSrc, param1.size);
1208 if (VBOX_FAILURE(rc))
1209 return VERR_EM_INTERPRETER;
1210
1211 /* Destination */
1212 switch(param1.type)
1213 {
1214 case PARMTYPE_REGISTER:
1215 switch(param1.size)
1216 {
1217 case 1: rc = DISWriteReg8(pRegFrame, pCpu->param1.base.reg_gen8, (uint8_t)val32); break;
1218 case 2: rc = DISWriteReg16(pRegFrame, pCpu->param1.base.reg_gen16, (uint16_t)val32); break;
1219 case 4: rc = DISWriteReg32(pRegFrame, pCpu->param1.base.reg_gen32, val32); break;
1220 default:
1221 return VERR_EM_INTERPRETER;
1222 }
1223 if (VBOX_FAILURE(rc))
1224 return rc;
1225 break;
1226
1227 default:
1228 return VERR_EM_INTERPRETER;
1229 }
1230 LogFlow(("EMInterpretInstruction: OP_MOV %08X -> %08X (%d)\n", pSrc, val32, param1.size));
1231 }
1232 return VINF_SUCCESS;
1233#ifdef IN_GC
1234 }
1235#endif
1236 return VERR_EM_INTERPRETER;
1237}
1238
1239#ifdef IN_GC
1240static int emInterpretCmpXchg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1241{
1242 OP_PARAMVAL param1, param2;
1243
1244 /* Source to make DISQueryParamVal read the register value - ugly hack */
1245 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1246 if(VBOX_FAILURE(rc))
1247 return VERR_EM_INTERPRETER;
1248
1249 rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param2, &param2, PARAM_SOURCE);
1250 if(VBOX_FAILURE(rc))
1251 return VERR_EM_INTERPRETER;
1252
1253 if (TRPMHasTrap(pVM))
1254 {
1255 if (TRPMGetErrorCode(pVM) & X86_TRAP_PF_RW)
1256 {
1257 RTGCPTR pParam1;
1258 uint32_t valpar, eflags;
1259#ifdef VBOX_STRICT
1260 uint32_t valpar1 = 0; /// @todo used uninitialized...
1261#endif
1262
1263 AssertReturn(pCpu->param1.size == pCpu->param2.size, VERR_EM_INTERPRETER);
1264 switch(param1.type)
1265 {
1266 case PARMTYPE_ADDRESS:
1267 pParam1 = (RTGCPTR)param1.val.val32;
1268 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pCpu, &pCpu->param1, pParam1);
1269
1270 /* Safety check (in theory it could cross a page boundary and fault there though) */
1271 AssertMsgReturn(pParam1 == pvFault, ("eip=%VGv pParam1=%VGv pvFault=%VGv\n", pRegFrame->eip, pParam1, pvFault), VERR_EM_INTERPRETER);
1272 break;
1273
1274 default:
1275 return VERR_EM_INTERPRETER;
1276 }
1277
1278 switch(param2.type)
1279 {
1280 case PARMTYPE_IMMEDIATE: /* register actually */
1281 valpar = param2.val.val32;
1282 break;
1283
1284 default:
1285 return VERR_EM_INTERPRETER;
1286 }
1287
1288 LogFlow(("CmpXchg %VGv=%08x eax=%08x %08x\n", pParam1, valpar1, pRegFrame->eax, valpar));
1289
1290 MMGCRamRegisterTrapHandler(pVM);
1291 if (pCpu->prefix & PREFIX_LOCK)
1292 rc = EMGCEmulateLockCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1293 else
1294 rc = EMGCEmulateCmpXchg(pParam1, &pRegFrame->eax, valpar, pCpu->param2.size, &eflags);
1295 MMGCRamDeregisterTrapHandler(pVM);
1296
1297 if (VBOX_FAILURE(rc))
1298 {
1299 Log(("CmpXchg %VGv=%08x eax=%08x %08x -> emulation failed due to page fault!\n", pParam1, valpar1, pRegFrame->eax, valpar));
1300 return VERR_EM_INTERPRETER;
1301 }
1302
1303 LogFlow(("CmpXchg %VGv=%08x eax=%08x %08x ZF=%d\n", pParam1, valpar1, pRegFrame->eax, valpar, !!(eflags & X86_EFL_ZF)));
1304
1305 /* Update guest's eflags and finish. */
1306 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1307 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1308
1309 *pcbSize = param2.size;
1310 return VINF_SUCCESS;
1311 }
1312 }
1313 return VERR_EM_INTERPRETER;
1314}
1315#endif
1316
1317/**
1318 * Interpret IRET (currently only to V86 code)
1319 *
1320 * @returns VBox status code.
1321 * @param pVM The VM handle.
1322 * @param pRegFrame The register frame.
1323 *
1324 */
1325EMDECL(int) EMInterpretIret(PVM pVM, PCPUMCTXCORE pRegFrame)
1326{
1327 RTGCUINTPTR pIretStack = (RTGCUINTPTR)pRegFrame->esp;
1328 RTGCUINTPTR eip, cs, esp, ss, eflags, ds, es, fs, gs, uMask;
1329 int rc;
1330
1331 rc = emRamRead(pVM, &eip, (RTGCPTR)pIretStack , 4);
1332 rc |= emRamRead(pVM, &cs, (RTGCPTR)(pIretStack + 4), 4);
1333 rc |= emRamRead(pVM, &eflags, (RTGCPTR)(pIretStack + 8), 4);
1334 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1335 AssertReturn(eflags & X86_EFL_VM, VERR_EM_INTERPRETER);
1336
1337 rc |= emRamRead(pVM, &esp, (RTGCPTR)(pIretStack + 12), 4);
1338 rc |= emRamRead(pVM, &ss, (RTGCPTR)(pIretStack + 16), 4);
1339 rc |= emRamRead(pVM, &es, (RTGCPTR)(pIretStack + 20), 4);
1340 rc |= emRamRead(pVM, &ds, (RTGCPTR)(pIretStack + 24), 4);
1341 rc |= emRamRead(pVM, &fs, (RTGCPTR)(pIretStack + 28), 4);
1342 rc |= emRamRead(pVM, &gs, (RTGCPTR)(pIretStack + 32), 4);
1343 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1344
1345 pRegFrame->eip = eip & 0xffff;
1346 pRegFrame->cs = cs;
1347
1348 /* Mask away all reserved bits */
1349 uMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_ID;
1350 eflags &= uMask;
1351
1352#ifndef IN_RING0
1353 CPUMRawSetEFlags(pVM, pRegFrame, eflags);
1354#endif
1355 Assert((pRegFrame->eflags.u32 & (X86_EFL_IF|X86_EFL_IOPL)) == X86_EFL_IF);
1356
1357 pRegFrame->esp = esp;
1358 pRegFrame->ss = ss;
1359 pRegFrame->ds = ds;
1360 pRegFrame->es = es;
1361 pRegFrame->fs = fs;
1362 pRegFrame->gs = gs;
1363
1364 return VINF_SUCCESS;
1365}
1366
1367
1368/**
1369 * IRET Emulation.
1370 */
1371static int emInterpretIret(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1372{
1373 /* only allow direct calls to EMInterpretIret for now */
1374 return VERR_EM_INTERPRETER;
1375}
1376
1377/**
1378 * INVLPG Emulation.
1379 */
1380
1381/**
1382 * Interpret INVLPG
1383 *
1384 * @returns VBox status code.
1385 * @param pVM The VM handle.
1386 * @param pRegFrame The register frame.
1387 * @param pAddrGC Operand address
1388 *
1389 */
1390EMDECL(int) EMInterpretInvlpg(PVM pVM, PCPUMCTXCORE pRegFrame, RTGCPTR pAddrGC)
1391{
1392 int rc;
1393
1394 /** @todo is addr always a flat linear address or ds based
1395 * (in absence of segment override prefixes)????
1396 */
1397#ifdef IN_GC
1398 // Note: we could also use PGMFlushPage here, but it currently doesn't always use invlpg!!!!!!!!!!
1399 LogFlow(("GC: EMULATE: invlpg %08X\n", pAddrGC));
1400 rc = PGMGCInvalidatePage(pVM, pAddrGC);
1401#else
1402 rc = PGMInvalidatePage(pVM, pAddrGC);
1403#endif
1404 if (VBOX_SUCCESS(rc))
1405 return VINF_SUCCESS;
1406 Log(("PGMInvalidatePage %VGv returned %VGv (%d)\n", pAddrGC, rc, rc));
1407 Assert(rc == VERR_REM_FLUSHED_PAGES_OVERFLOW);
1408 /** @todo r=bird: we shouldn't ignore returns codes like this... I'm 99% sure the error is fatal. */
1409 return VERR_EM_INTERPRETER;
1410}
1411
1412static int emInterpretInvlPg(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1413{
1414 OP_PARAMVAL param1;
1415 RTGCPTR addr;
1416
1417 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1418 if(VBOX_FAILURE(rc))
1419 return VERR_EM_INTERPRETER;
1420
1421 switch(param1.type)
1422 {
1423 case PARMTYPE_IMMEDIATE:
1424 case PARMTYPE_ADDRESS:
1425 if(!(param1.flags & PARAM_VAL32))
1426 return VERR_EM_INTERPRETER;
1427 addr = (RTGCPTR)param1.val.val32;
1428 break;
1429
1430 default:
1431 return VERR_EM_INTERPRETER;
1432 }
1433
1434 /** @todo is addr always a flat linear address or ds based
1435 * (in absence of segment override prefixes)????
1436 */
1437#ifdef IN_GC
1438 // Note: we could also use PGMFlushPage here, but it currently doesn't always use invlpg!!!!!!!!!!
1439 LogFlow(("GC: EMULATE: invlpg %08X\n", addr));
1440 rc = PGMGCInvalidatePage(pVM, addr);
1441#else
1442 rc = PGMInvalidatePage(pVM, addr);
1443#endif
1444 if (VBOX_SUCCESS(rc))
1445 return VINF_SUCCESS;
1446 /** @todo r=bird: we shouldn't ignore returns codes like this... I'm 99% sure the error is fatal. */
1447 return VERR_EM_INTERPRETER;
1448}
1449
1450/**
1451 * CPUID Emulation.
1452 */
1453
1454/**
1455 * Interpret CPUID given the parameters in the CPU context
1456 *
1457 * @returns VBox status code.
1458 * @param pVM The VM handle.
1459 * @param pRegFrame The register frame.
1460 *
1461 */
1462EMDECL(int) EMInterpretCpuId(PVM pVM, PCPUMCTXCORE pRegFrame)
1463{
1464 CPUMGetGuestCpuId(pVM, pRegFrame->eax, &pRegFrame->eax, &pRegFrame->ebx, &pRegFrame->ecx, &pRegFrame->edx);
1465 return VINF_SUCCESS;
1466}
1467
1468static int emInterpretCpuId(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1469{
1470 uint32_t iLeaf = pRegFrame->eax; NOREF(iLeaf);
1471
1472 int rc = EMInterpretCpuId(pVM, pRegFrame);
1473 Log(("Emulate: CPUID %x -> %08x %08x %08x %08x\n", iLeaf, pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx));
1474 return rc;
1475}
1476
1477/**
1478 * MOV CRx Emulation.
1479 */
1480
1481/**
1482 * Interpret CRx read
1483 *
1484 * @returns VBox status code.
1485 * @param pVM The VM handle.
1486 * @param pRegFrame The register frame.
1487 * @param DestRegGen General purpose register index (USE_REG_E**))
1488 * @param SrcRegCRx CRx register index (USE_REG_CR*)
1489 *
1490 */
1491EMDECL(int) EMInterpretCRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegCrx)
1492{
1493 uint32_t val32;
1494
1495 int rc = CPUMGetGuestCRx(pVM, SrcRegCrx, &val32);
1496 AssertMsgRCReturn(rc, ("CPUMGetGuestCRx %d failed\n", SrcRegCrx), VERR_EM_INTERPRETER);
1497 rc = DISWriteReg32(pRegFrame, DestRegGen, val32);
1498 if(VBOX_SUCCESS(rc))
1499 {
1500 LogFlow(("MOV_CR: gen32=%d CR=%d val=%08x\n", DestRegGen, SrcRegCrx, val32));
1501 return VINF_SUCCESS;
1502 }
1503 return VERR_EM_INTERPRETER;
1504}
1505
1506
1507/**
1508 * Interpret LMSW
1509 *
1510 * @returns VBox status code.
1511 * @param pVM The VM handle.
1512 * @param u16Data LMSW source data.
1513 *
1514 */
1515EMDECL(int) EMInterpretLMSW(PVM pVM, uint16_t u16Data)
1516{
1517 uint32_t OldCr0 = CPUMGetGuestCR0(pVM);
1518
1519 /* don't use this path to go into protected mode! */
1520 Assert(OldCr0 & X86_CR0_PE);
1521 if (!(OldCr0 & X86_CR0_PE))
1522 return VERR_EM_INTERPRETER;
1523
1524 /* Only PE, MP, EM and TS can be changed; note that PE can't be cleared by this instruction. */
1525 uint32_t NewCr0 = ( OldCr0 & ~( X86_CR0_MP | X86_CR0_EM | X86_CR0_TS))
1526 | (u16Data & (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS));
1527
1528#ifdef IN_GC
1529 /* Need to change the hyper CR0? Doing it the lazy way then. */
1530 if ( (OldCr0 & (X86_CR0_AM | X86_CR0_WP))
1531 != (NewCr0 & (X86_CR0_AM | X86_CR0_WP)))
1532 {
1533 Log(("EMInterpretLMSW: CR0: %#x->%#x => R3\n", OldCr0, NewCr0));
1534 VM_FF_SET(pVM, VM_FF_TO_R3);
1535 }
1536#endif
1537
1538 return CPUMSetGuestCR0(pVM, NewCr0);
1539}
1540
1541
1542/**
1543 * Interpret CLTS
1544 *
1545 * @returns VBox status code.
1546 * @param pVM The VM handle.
1547 *
1548 */
1549EMDECL(int) EMInterpretCLTS(PVM pVM)
1550{
1551 uint32_t cr0 = CPUMGetGuestCR0(pVM);
1552 if (!(cr0 & X86_CR0_TS))
1553 return VINF_SUCCESS;
1554 return CPUMSetGuestCR0(pVM, cr0 & ~X86_CR0_TS);
1555}
1556
1557static int emInterpretClts(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1558{
1559 return EMInterpretCLTS(pVM);
1560}
1561
1562/**
1563 * Interpret CRx write
1564 *
1565 * @returns VBox status code.
1566 * @param pVM The VM handle.
1567 * @param pRegFrame The register frame.
1568 * @param DestRegCRx CRx register index (USE_REG_CR*)
1569 * @param SrcRegGen General purpose register index (USE_REG_E**))
1570 *
1571 */
1572EMDECL(int) EMInterpretCRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint32_t SrcRegGen)
1573{
1574 uint32_t val32;
1575 uint32_t oldval;
1576/** @todo Clean up this mess. */
1577
1578 int rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
1579 if (VBOX_SUCCESS(rc))
1580 {
1581 switch (DestRegCrx)
1582 {
1583 case USE_REG_CR0:
1584 oldval = CPUMGetGuestCR0(pVM);
1585#ifndef IN_RING3
1586 /* CR0.WP and CR0.AM changes require a reschedule run in ring 3. */
1587 if ( (val32 & (X86_CR0_WP | X86_CR0_AM))
1588 != (oldval & (X86_CR0_WP | X86_CR0_AM)))
1589 return VERR_EM_INTERPRETER;
1590#endif
1591 CPUMSetGuestCR0(pVM, val32);
1592 val32 = CPUMGetGuestCR0(pVM);
1593 if ( (oldval & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE))
1594 != (val32 & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE)))
1595 {
1596 /* global flush */
1597 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
1598 AssertRCReturn(rc, rc);
1599 }
1600 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), 0);
1601
1602 case USE_REG_CR2:
1603 rc = CPUMSetGuestCR2(pVM, val32); AssertRC(rc);
1604 return VINF_SUCCESS;
1605
1606 case USE_REG_CR3:
1607 /* Reloading the current CR3 means the guest just wants to flush the TLBs */
1608 rc = CPUMSetGuestCR3(pVM, val32); AssertRC(rc);
1609 if (CPUMGetGuestCR0(pVM) & X86_CR0_PG)
1610 {
1611 /* flush */
1612 rc = PGMFlushTLB(pVM, val32, !(CPUMGetGuestCR4(pVM) & X86_CR4_PGE));
1613 AssertRCReturn(rc, rc);
1614 }
1615 return VINF_SUCCESS;
1616
1617 case USE_REG_CR4:
1618 oldval = CPUMGetGuestCR4(pVM);
1619#ifndef IN_RING3
1620 /** @todo is flipping of the X86_CR4_PAE bit handled correctly here? */
1621#endif
1622 rc = CPUMSetGuestCR4(pVM, val32); AssertRC(rc);
1623 val32 = CPUMGetGuestCR4(pVM);
1624 if ( (oldval & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE))
1625 != (val32 & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE)))
1626 {
1627 /* global flush */
1628 rc = PGMFlushTLB(pVM, CPUMGetGuestCR3(pVM), true /* global */);
1629 AssertRCReturn(rc, rc);
1630 }
1631# ifndef IN_RING3 /** @todo check this out IN_RING0! */
1632 /* Feeling extremely lazy. */
1633 if ( (oldval & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME))
1634 != (val32 & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME)))
1635 {
1636 Log(("emInterpretMovCRx: CR4: %#x->%#x => R3\n", oldval, val32));
1637 VM_FF_SET(pVM, VM_FF_TO_R3);
1638 }
1639# endif
1640 return PGMChangeMode(pVM, CPUMGetGuestCR0(pVM), CPUMGetGuestCR4(pVM), 0);
1641
1642 default:
1643 AssertFailed();
1644 case USE_REG_CR1: /* illegal op */
1645 break;
1646 }
1647 }
1648 return VERR_EM_INTERPRETER;
1649}
1650
1651static int emInterpretMovCRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1652{
1653 if (pCpu->param1.flags == USE_REG_GEN32 && pCpu->param2.flags == USE_REG_CR)
1654 return EMInterpretCRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen32, pCpu->param2.base.reg_ctrl);
1655 if (pCpu->param1.flags == USE_REG_CR && pCpu->param2.flags == USE_REG_GEN32)
1656 return EMInterpretCRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_ctrl, pCpu->param2.base.reg_gen32);
1657 AssertMsgFailedReturn(("Unexpected control register move\n"), VERR_EM_INTERPRETER);
1658 return VERR_EM_INTERPRETER;
1659}
1660
1661/**
1662 * MOV DRx
1663 */
1664
1665/**
1666 * Interpret DRx write
1667 *
1668 * @returns VBox status code.
1669 * @param pVM The VM handle.
1670 * @param pRegFrame The register frame.
1671 * @param DestRegDRx DRx register index (USE_REG_DR*)
1672 * @param SrcRegGen General purpose register index (USE_REG_E**))
1673 *
1674 */
1675EMDECL(int) EMInterpretDRxWrite(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegDrx, uint32_t SrcRegGen)
1676{
1677 uint32_t val32;
1678
1679 int rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
1680 if (VBOX_SUCCESS(rc))
1681 {
1682 rc = CPUMSetGuestDRx(pVM, DestRegDrx, val32);
1683 if (VBOX_SUCCESS(rc))
1684 return rc;
1685 AssertMsgFailed(("CPUMSetGuestDRx %d failed\n", DestRegDrx));
1686 }
1687 return VERR_EM_INTERPRETER;
1688}
1689
1690/**
1691 * Interpret DRx read
1692 *
1693 * @returns VBox status code.
1694 * @param pVM The VM handle.
1695 * @param pRegFrame The register frame.
1696 * @param DestRegGen General purpose register index (USE_REG_E**))
1697 * @param SrcRegDRx DRx register index (USE_REG_DR*)
1698 *
1699 */
1700EMDECL(int) EMInterpretDRxRead(PVM pVM, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegDrx)
1701{
1702 uint32_t val32;
1703
1704 int rc = CPUMGetGuestDRx(pVM, SrcRegDrx, &val32);
1705 AssertMsgRCReturn(rc, ("CPUMGetGuestDRx %d failed\n", SrcRegDrx), VERR_EM_INTERPRETER);
1706 rc = DISWriteReg32(pRegFrame, DestRegGen, val32);
1707 if (VBOX_SUCCESS(rc))
1708 return VINF_SUCCESS;
1709 return VERR_EM_INTERPRETER;
1710}
1711
1712static int emInterpretMovDRx(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1713{
1714 int rc = VERR_EM_INTERPRETER;
1715
1716 if(pCpu->param1.flags == USE_REG_GEN32 && pCpu->param2.flags == USE_REG_DBG)
1717 {
1718 rc = EMInterpretDRxRead(pVM, pRegFrame, pCpu->param1.base.reg_gen32, pCpu->param2.base.reg_dbg);
1719 }
1720 else
1721 if(pCpu->param1.flags == USE_REG_DBG && pCpu->param2.flags == USE_REG_GEN32)
1722 {
1723 rc = EMInterpretDRxWrite(pVM, pRegFrame, pCpu->param1.base.reg_dbg, pCpu->param2.base.reg_gen32);
1724 }
1725 else
1726 AssertMsgFailed(("Unexpected debug register move\n"));
1727 return rc;
1728}
1729
1730/**
1731 * LLDT Emulation.
1732 */
1733static int emInterpretLLdt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1734{
1735 OP_PARAMVAL param1;
1736 RTSEL sel;
1737
1738 int rc = DISQueryParamVal(pRegFrame, pCpu, &pCpu->param1, &param1, PARAM_SOURCE);
1739 if(VBOX_FAILURE(rc))
1740 return VERR_EM_INTERPRETER;
1741
1742 switch(param1.type)
1743 {
1744 case PARMTYPE_ADDRESS:
1745 return VERR_EM_INTERPRETER; //feeling lazy right now
1746
1747 case PARMTYPE_IMMEDIATE:
1748 if(!(param1.flags & PARAM_VAL16))
1749 return VERR_EM_INTERPRETER;
1750 sel = (RTSEL)param1.val.val16;
1751 break;
1752
1753 default:
1754 return VERR_EM_INTERPRETER;
1755 }
1756
1757 if (sel == 0)
1758 {
1759 if (CPUMGetHyperLDTR(pVM) == 0)
1760 {
1761 // this simple case is most frequent in Windows 2000 (31k - boot & shutdown)
1762 return VINF_SUCCESS;
1763 }
1764 }
1765 //still feeling lazy
1766 return VERR_EM_INTERPRETER;
1767}
1768
1769#ifdef IN_GC
1770/**
1771 * STI Emulation.
1772 *
1773 * @remark the instruction following sti is guaranteed to be executed before any interrupts are dispatched
1774 */
1775static int emInterpretSti(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1776{
1777 PPATMGCSTATE pGCState = PATMQueryGCState(pVM);
1778
1779 if(!pGCState)
1780 {
1781 Assert(pGCState);
1782 return VERR_EM_INTERPRETER;
1783 }
1784 pGCState->uVMFlags |= X86_EFL_IF;
1785
1786 Assert(pRegFrame->eflags.u32 & X86_EFL_IF);
1787 Assert(pvFault == SELMToFlat(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid, (RTGCPTR)pRegFrame->eip));
1788
1789 pVM->em.s.GCPtrInhibitInterrupts = pRegFrame->eip + pCpu->opsize;
1790 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
1791
1792 return VINF_SUCCESS;
1793}
1794#endif /* IN_GC */
1795
1796
1797/**
1798 * HLT Emulation.
1799 */
1800static int emInterpretHlt(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1801{
1802 return VINF_EM_HALT;
1803}
1804
1805
1806/**
1807 * RDTSC Emulation.
1808 */
1809
1810/**
1811 * Interpret RDTSC
1812 *
1813 * @returns VBox status code.
1814 * @param pVM The VM handle.
1815 * @param pRegFrame The register frame.
1816 *
1817 */
1818EMDECL(int) EMInterpretRdtsc(PVM pVM, PCPUMCTXCORE pRegFrame)
1819{
1820 unsigned uCR4 = CPUMGetGuestCR4(pVM);
1821
1822 if (uCR4 & X86_CR4_TSD)
1823 return VERR_EM_INTERPRETER; /* genuine #GP */
1824
1825 uint64_t uTicks = TMCpuTickGet(pVM);
1826
1827 pRegFrame->eax = uTicks;
1828 pRegFrame->edx = (uTicks >> 32ULL);
1829
1830 return VINF_SUCCESS;
1831}
1832
1833static int emInterpretRdtsc(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1834{
1835 return EMInterpretRdtsc(pVM, pRegFrame);
1836}
1837
1838/**
1839 * MONITOR Emulation.
1840 */
1841static int emInterpretMonitor(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1842{
1843 uint32_t u32Dummy, u32ExtFeatures, cpl;
1844
1845 if (pRegFrame->ecx != 0)
1846 return VERR_EM_INTERPRETER; /* illegal value. */
1847
1848 /* Get the current privilege level. */
1849 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
1850 if (cpl != 0)
1851 return VERR_EM_INTERPRETER; /* supervisor only */
1852
1853 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
1854 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
1855 return VERR_EM_INTERPRETER; /* not supported */
1856
1857 return VINF_SUCCESS;
1858}
1859
1860
1861/**
1862 * MWAIT Emulation.
1863 */
1864static int emInterpretMWait(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1865{
1866 uint32_t u32Dummy, u32ExtFeatures, cpl;
1867
1868 if (pRegFrame->ecx != 0)
1869 return VERR_EM_INTERPRETER; /* illegal value. */
1870
1871 /* Get the current privilege level. */
1872 cpl = CPUMGetGuestCPL(pVM, pRegFrame);
1873 if (cpl != 0)
1874 return VERR_EM_INTERPRETER; /* supervisor only */
1875
1876 CPUMGetGuestCpuId(pVM, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
1877 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
1878 return VERR_EM_INTERPRETER; /* not supported */
1879
1880 /** @todo not completely correct */
1881 return VINF_EM_HALT;
1882}
1883
1884
1885/**
1886 * Internal worker.
1887 * @copydoc EMInterpretInstructionCPU
1888 */
1889DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PDISCPUSTATE pCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1890{
1891 Assert(pcbSize);
1892 *pcbSize = 0;
1893
1894 /*
1895 * Only supervisor guest code!!
1896 * And no complicated prefixes.
1897 */
1898 /* Get the current privilege level. */
1899 uint32_t cpl = CPUMGetGuestCPL(pVM, pRegFrame);
1900 if ( cpl != 0
1901 && pCpu->pCurInstr->opcode != OP_RDTSC) /* rdtsc requires emulation in ring 3 as well */
1902 {
1903 Log(("WARNING: refusing instruction emulation for user-mode code!!\n"));
1904 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,FailedUserMode));
1905 return VERR_EM_INTERPRETER;
1906 }
1907
1908#ifdef IN_GC
1909 if ( (pCpu->prefix & (PREFIX_REPNE | PREFIX_REP))
1910 || ( (pCpu->prefix & PREFIX_LOCK)
1911 && pCpu->pCurInstr->opcode != OP_CMPXCHG
1912 && pCpu->pCurInstr->opcode != OP_OR
1913 && pCpu->pCurInstr->opcode != OP_BTR
1914 )
1915 )
1916#else
1917 if (pCpu->prefix & (PREFIX_REPNE | PREFIX_REP | PREFIX_LOCK))
1918#endif
1919 {
1920 //Log(("EMInterpretInstruction: wrong prefix!!\n"));
1921 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,FailedPrefix));
1922 return VERR_EM_INTERPRETER;
1923 }
1924
1925 int rc;
1926 switch (pCpu->pCurInstr->opcode)
1927 {
1928#ifdef IN_GC
1929# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
1930 case opcode:\
1931 if (pCpu->prefix & PREFIX_LOCK) \
1932 rc = emInterpretLock##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulateLock); \
1933 else \
1934 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
1935 if (VBOX_SUCCESS(rc)) \
1936 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Instr)); \
1937 else \
1938 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); \
1939 return rc
1940#else
1941# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
1942 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
1943#endif
1944#define INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate) \
1945 case opcode:\
1946 rc = emInterpret##InstrFn(pVM, pCpu, pRegFrame, pvFault, pcbSize, pfnEmulate); \
1947 if (VBOX_SUCCESS(rc)) \
1948 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Instr)); \
1949 else \
1950 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); \
1951 return rc
1952
1953#define INTERPRET_CASE_EX_PARAM2(opcode, Instr, InstrFn, pfnEmulate) \
1954 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
1955#define INTERPRET_CASE_EX_LOCK_PARAM2(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
1956 INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock)
1957
1958#define INTERPRET_CASE(opcode, Instr) \
1959 case opcode:\
1960 rc = emInterpret##Instr(pVM, pCpu, pRegFrame, pvFault, pcbSize); \
1961 if (VBOX_SUCCESS(rc)) \
1962 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Instr)); \
1963 else \
1964 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); \
1965 return rc
1966#define INTERPRET_STAT_CASE(opcode, Instr) \
1967 case opcode: STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,Failed##Instr)); return VERR_EM_INTERPRETER;
1968
1969 INTERPRET_CASE(OP_XCHG,Xchg);
1970 INTERPRET_CASE_EX_PARAM2(OP_DEC,Dec, IncDec, EMEmulateDec);
1971 INTERPRET_CASE_EX_PARAM2(OP_INC,Inc, IncDec, EMEmulateInc);
1972 INTERPRET_CASE(OP_POP,Pop);
1973 INTERPRET_CASE_EX_LOCK_PARAM3(OP_OR, Or, OrXorAnd, EMEmulateOr, EMEmulateLockOr);
1974 INTERPRET_CASE_EX_PARAM3(OP_XOR,Xor, OrXorAnd, EMEmulateXor);
1975 INTERPRET_CASE_EX_PARAM3(OP_AND,And, OrXorAnd, EMEmulateAnd);
1976 INTERPRET_CASE(OP_MOV,Mov);
1977 INTERPRET_CASE(OP_INVLPG,InvlPg);
1978 INTERPRET_CASE(OP_CPUID,CpuId);
1979 INTERPRET_CASE(OP_MOV_CR,MovCRx);
1980 INTERPRET_CASE(OP_MOV_DR,MovDRx);
1981 INTERPRET_CASE(OP_LLDT,LLdt);
1982 INTERPRET_CASE(OP_CLTS,Clts);
1983 INTERPRET_CASE(OP_MONITOR, Monitor);
1984 INTERPRET_CASE(OP_MWAIT, MWait);
1985 INTERPRET_CASE_EX_PARAM3(OP_ADD,Add, AddSub, EMEmulateAdd);
1986 INTERPRET_CASE_EX_PARAM3(OP_SUB,Sub, AddSub, EMEmulateSub);
1987 INTERPRET_CASE(OP_ADC,Adc);
1988 INTERPRET_CASE_EX_LOCK_PARAM2(OP_BTR,Btr, BitTest, EMEmulateBtr, EMEmulateLockBtr);
1989 INTERPRET_CASE_EX_PARAM2(OP_BTS,Bts, BitTest, EMEmulateBts);
1990 INTERPRET_CASE_EX_PARAM2(OP_BTC,Btc, BitTest, EMEmulateBtc);
1991 INTERPRET_CASE(OP_RDTSC,Rdtsc);
1992#ifdef IN_GC
1993 INTERPRET_CASE(OP_STI,Sti);
1994 INTERPRET_CASE(OP_CMPXCHG, CmpXchg);
1995#endif
1996 INTERPRET_CASE(OP_HLT,Hlt);
1997 INTERPRET_CASE(OP_IRET,Iret);
1998#ifdef VBOX_WITH_STATISTICS
1999#ifndef IN_GC
2000 INTERPRET_STAT_CASE(OP_CMPXCHG,CmpXchg);
2001#endif
2002 INTERPRET_STAT_CASE(OP_MOVNTPS,MovNTPS);
2003 INTERPRET_STAT_CASE(OP_STOSWD,StosWD);
2004 INTERPRET_STAT_CASE(OP_WBINVD,WbInvd);
2005#endif
2006 default:
2007 Log3(("emInterpretInstructionCPU: opcode=%d\n", pCpu->pCurInstr->opcode));
2008 STAM_COUNTER_INC(&pVM->em.s.CTXSUFF(pStats)->CTXMID(Stat,FailedMisc));
2009 return VERR_EM_INTERPRETER;
2010#undef INTERPRET_CASE_EX_PARAM2
2011#undef INTERPRET_STAT_CASE
2012#undef INTERPRET_CASE_EX
2013#undef INTERPRET_CASE
2014 }
2015 AssertFailed();
2016 return VERR_INTERNAL_ERROR;
2017}
2018
2019
2020/**
2021 * Sets the PC for which interrupts should be inhibited.
2022 *
2023 * @param pVM The VM handle.
2024 * @param PC The PC.
2025 */
2026EMDECL(void) EMSetInhibitInterruptsPC(PVM pVM, RTGCUINTPTR PC)
2027{
2028 pVM->em.s.GCPtrInhibitInterrupts = PC;
2029 VM_FF_SET(pVM, VM_FF_INHIBIT_INTERRUPTS);
2030}
2031
2032
2033/**
2034 * Gets the PC for which interrupts should be inhibited.
2035 *
2036 * There are a few instructions which inhibits or delays interrupts
2037 * for the instruction following them. These instructions are:
2038 * - STI
2039 * - MOV SS, r/m16
2040 * - POP SS
2041 *
2042 * @returns The PC for which interrupts should be inhibited.
2043 * @param pVM VM handle.
2044 *
2045 */
2046EMDECL(RTGCUINTPTR) EMGetInhibitInterruptsPC(PVM pVM)
2047{
2048 return pVM->em.s.GCPtrInhibitInterrupts;
2049}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette