VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/IEMAll.cpp@ 60999

Last change on this file since 60999 was 60991, checked in by vboxsync, 9 years ago

IEM: Implemented movntps/d and movaps/d. (lacks proper testcase)

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 461.0 KB
Line 
1/* $Id: IEMAll.cpp 60991 2016-05-16 19:26:51Z vboxsync $ */
2/** @file
3 * IEM - Interpreted Execution Manager - All Contexts.
4 */
5
6/*
7 * Copyright (C) 2011-2015 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/** @page pg_iem IEM - Interpreted Execution Manager
20 *
21 * The interpreted exeuction manager (IEM) is for executing short guest code
22 * sequences that are causing too many exits / virtualization traps. It will
23 * also be used to interpret single instructions, thus replacing the selective
24 * interpreters in EM and IOM.
25 *
26 * Design goals:
27 * - Relatively small footprint, although we favour speed and correctness
28 * over size.
29 * - Reasonably fast.
30 * - Correctly handle lock prefixed instructions.
31 * - Complete instruction set - eventually.
32 * - Refactorable into a recompiler, maybe.
33 * - Replace EMInterpret*.
34 *
35 * Using the existing disassembler has been considered, however this is thought
36 * to conflict with speed as the disassembler chews things a bit too much while
37 * leaving us with a somewhat complicated state to interpret afterwards.
38 *
39 *
40 * The current code is very much work in progress. You've been warned!
41 *
42 *
43 * @section sec_iem_fpu_instr FPU Instructions
44 *
45 * On x86 and AMD64 hosts, the FPU instructions are implemented by executing the
46 * same or equivalent instructions on the host FPU. To make life easy, we also
47 * let the FPU prioritize the unmasked exceptions for us. This however, only
48 * works reliably when CR0.NE is set, i.e. when using \#MF instead the IRQ 13
49 * for FPU exception delivery, because with CR0.NE=0 there is a window where we
50 * can trigger spurious FPU exceptions.
51 *
52 * The guest FPU state is not loaded into the host CPU and kept there till we
53 * leave IEM because the calling conventions have declared an all year open
54 * season on much of the FPU state. For instance an innocent looking call to
55 * memcpy might end up using a whole bunch of XMM or MM registers if the
56 * particular implementation finds it worthwhile.
57 *
58 *
59 * @section sec_iem_logging Logging
60 *
61 * The IEM code uses the \"IEM\" log group for the main logging. The different
62 * logging levels/flags are generally used for the following purposes:
63 * - Level 1 (Log) : Errors, exceptions, interrupts and such major events.
64 * - Flow (LogFlow): Basic enter/exit IEM state info.
65 * - Level 2 (Log2): ?
66 * - Level 3 (Log3): More detailed enter/exit IEM state info.
67 * - Level 4 (Log4): Decoding mnemonics w/ EIP.
68 * - Level 5 (Log5): Decoding details.
69 * - Level 6 (Log6): Enables/disables the lockstep comparison with REM.
70 * - Level 7 (Log7): iret++ execution logging.
71 * - Level 8 (Log8): Memory writes.
72 * - Level 9 (Log9): Memory reads.
73 *
74 */
75
76/** @def IEM_VERIFICATION_MODE_MINIMAL
77 * Use for pitting IEM against EM or something else in ring-0 or raw-mode
78 * context. */
79#if defined(DOXYGEN_RUNNING)
80# define IEM_VERIFICATION_MODE_MINIMAL
81#endif
82//#define IEM_LOG_MEMORY_WRITES
83#define IEM_IMPLEMENTS_TASKSWITCH
84
85
86/*********************************************************************************************************************************
87* Header Files *
88*********************************************************************************************************************************/
89#define LOG_GROUP LOG_GROUP_IEM
90#include <VBox/vmm/iem.h>
91#include <VBox/vmm/cpum.h>
92#include <VBox/vmm/pdm.h>
93#include <VBox/vmm/pgm.h>
94#include <internal/pgm.h>
95#include <VBox/vmm/iom.h>
96#include <VBox/vmm/em.h>
97#include <VBox/vmm/hm.h>
98#include <VBox/vmm/tm.h>
99#include <VBox/vmm/dbgf.h>
100#include <VBox/vmm/dbgftrace.h>
101#ifdef VBOX_WITH_RAW_MODE_NOT_R0
102# include <VBox/vmm/patm.h>
103# if defined(VBOX_WITH_CALL_RECORD) || defined(REM_MONITOR_CODE_PAGES)
104# include <VBox/vmm/csam.h>
105# endif
106#endif
107#include "IEMInternal.h"
108#ifdef IEM_VERIFICATION_MODE_FULL
109# include <VBox/vmm/rem.h>
110# include <VBox/vmm/mm.h>
111#endif
112#include <VBox/vmm/vm.h>
113#include <VBox/log.h>
114#include <VBox/err.h>
115#include <VBox/param.h>
116#include <VBox/dis.h>
117#include <VBox/disopcode.h>
118#include <iprt/assert.h>
119#include <iprt/string.h>
120#include <iprt/x86.h>
121
122
123
124/*********************************************************************************************************************************
125* Structures and Typedefs *
126*********************************************************************************************************************************/
127/** @typedef PFNIEMOP
128 * Pointer to an opcode decoder function.
129 */
130
131/** @def FNIEMOP_DEF
132 * Define an opcode decoder function.
133 *
134 * We're using macors for this so that adding and removing parameters as well as
135 * tweaking compiler specific attributes becomes easier. See FNIEMOP_CALL
136 *
137 * @param a_Name The function name.
138 */
139
140
141#if defined(__GNUC__) && defined(RT_ARCH_X86)
142typedef VBOXSTRICTRC (__attribute__((__fastcall__)) * PFNIEMOP)(PIEMCPU pIemCpu);
143# define FNIEMOP_DEF(a_Name) \
144 IEM_STATIC VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PIEMCPU pIemCpu)
145# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
146 IEM_STATIC VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0)
147# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
148 IEM_STATIC VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1)
149
150#elif defined(_MSC_VER) && defined(RT_ARCH_X86)
151typedef VBOXSTRICTRC (__fastcall * PFNIEMOP)(PIEMCPU pIemCpu);
152# define FNIEMOP_DEF(a_Name) \
153 IEM_STATIC /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PIEMCPU pIemCpu) RT_NO_THROW_DEF
154# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
155 IEM_STATIC /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0) RT_NO_THROW_DEF
156# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
157 IEM_STATIC /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1) RT_NO_THROW_DEF
158
159#elif defined(__GNUC__)
160typedef VBOXSTRICTRC (* PFNIEMOP)(PIEMCPU pIemCpu);
161# define FNIEMOP_DEF(a_Name) \
162 IEM_STATIC VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PIEMCPU pIemCpu)
163# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
164 IEM_STATIC VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0)
165# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
166 IEM_STATIC VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1)
167
168#else
169typedef VBOXSTRICTRC (* PFNIEMOP)(PIEMCPU pIemCpu);
170# define FNIEMOP_DEF(a_Name) \
171 IEM_STATIC VBOXSTRICTRC a_Name(PIEMCPU pIemCpu) RT_NO_THROW_DEF
172# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
173 IEM_STATIC VBOXSTRICTRC a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0) RT_NO_THROW_DEF
174# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
175 IEM_STATIC VBOXSTRICTRC a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1) RT_NO_THROW_DEF
176
177#endif
178
179
180/**
181 * Selector descriptor table entry as fetched by iemMemFetchSelDesc.
182 */
183typedef union IEMSELDESC
184{
185 /** The legacy view. */
186 X86DESC Legacy;
187 /** The long mode view. */
188 X86DESC64 Long;
189} IEMSELDESC;
190/** Pointer to a selector descriptor table entry. */
191typedef IEMSELDESC *PIEMSELDESC;
192
193
194/*********************************************************************************************************************************
195* Defined Constants And Macros *
196*********************************************************************************************************************************/
197/** Temporary hack to disable the double execution. Will be removed in favor
198 * of a dedicated execution mode in EM. */
199//#define IEM_VERIFICATION_MODE_NO_REM
200
201/** Used to shut up GCC warnings about variables that 'may be used uninitialized'
202 * due to GCC lacking knowledge about the value range of a switch. */
203#define IEM_NOT_REACHED_DEFAULT_CASE_RET() default: AssertFailedReturn(VERR_IPE_NOT_REACHED_DEFAULT_CASE)
204
205/**
206 * Returns IEM_RETURN_ASPECT_NOT_IMPLEMENTED, and in debug builds logs the
207 * occation.
208 */
209#ifdef LOG_ENABLED
210# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED() \
211 do { \
212 /*Log*/ LogAlways(("%s: returning IEM_RETURN_ASPECT_NOT_IMPLEMENTED (line %d)\n", __FUNCTION__, __LINE__)); \
213 return VERR_IEM_ASPECT_NOT_IMPLEMENTED; \
214 } while (0)
215#else
216# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED() \
217 return VERR_IEM_ASPECT_NOT_IMPLEMENTED
218#endif
219
220/**
221 * Returns IEM_RETURN_ASPECT_NOT_IMPLEMENTED, and in debug builds logs the
222 * occation using the supplied logger statement.
223 *
224 * @param a_LoggerArgs What to log on failure.
225 */
226#ifdef LOG_ENABLED
227# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(a_LoggerArgs) \
228 do { \
229 LogAlways((LOG_FN_FMT ": ", __PRETTY_FUNCTION__)); LogAlways(a_LoggerArgs); \
230 /*LogFunc(a_LoggerArgs);*/ \
231 return VERR_IEM_ASPECT_NOT_IMPLEMENTED; \
232 } while (0)
233#else
234# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(a_LoggerArgs) \
235 return VERR_IEM_ASPECT_NOT_IMPLEMENTED
236#endif
237
238/**
239 * Call an opcode decoder function.
240 *
241 * We're using macors for this so that adding and removing parameters can be
242 * done as we please. See FNIEMOP_DEF.
243 */
244#define FNIEMOP_CALL(a_pfn) (a_pfn)(pIemCpu)
245
246/**
247 * Call a common opcode decoder function taking one extra argument.
248 *
249 * We're using macors for this so that adding and removing parameters can be
250 * done as we please. See FNIEMOP_DEF_1.
251 */
252#define FNIEMOP_CALL_1(a_pfn, a0) (a_pfn)(pIemCpu, a0)
253
254/**
255 * Call a common opcode decoder function taking one extra argument.
256 *
257 * We're using macors for this so that adding and removing parameters can be
258 * done as we please. See FNIEMOP_DEF_1.
259 */
260#define FNIEMOP_CALL_2(a_pfn, a0, a1) (a_pfn)(pIemCpu, a0, a1)
261
262/**
263 * Check if we're currently executing in real or virtual 8086 mode.
264 *
265 * @returns @c true if it is, @c false if not.
266 * @param a_pIemCpu The IEM state of the current CPU.
267 */
268#define IEM_IS_REAL_OR_V86_MODE(a_pIemCpu) (CPUMIsGuestInRealOrV86ModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
269
270/**
271 * Check if we're currently executing in virtual 8086 mode.
272 *
273 * @returns @c true if it is, @c false if not.
274 * @param a_pIemCpu The IEM state of the current CPU.
275 */
276#define IEM_IS_V86_MODE(a_pIemCpu) (CPUMIsGuestInV86ModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
277
278/**
279 * Check if we're currently executing in long mode.
280 *
281 * @returns @c true if it is, @c false if not.
282 * @param a_pIemCpu The IEM state of the current CPU.
283 */
284#define IEM_IS_LONG_MODE(a_pIemCpu) (CPUMIsGuestInLongModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
285
286/**
287 * Check if we're currently executing in real mode.
288 *
289 * @returns @c true if it is, @c false if not.
290 * @param a_pIemCpu The IEM state of the current CPU.
291 */
292#define IEM_IS_REAL_MODE(a_pIemCpu) (CPUMIsGuestInRealModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
293
294/**
295 * Returns a (const) pointer to the CPUMFEATURES for the guest CPU.
296 * @returns PCCPUMFEATURES
297 * @param a_pIemCpu The IEM state of the current CPU.
298 */
299#define IEM_GET_GUEST_CPU_FEATURES(a_pIemCpu) (&(IEMCPU_TO_VM(a_pIemCpu)->cpum.ro.GuestFeatures))
300
301/**
302 * Returns a (const) pointer to the CPUMFEATURES for the host CPU.
303 * @returns PCCPUMFEATURES
304 * @param a_pIemCpu The IEM state of the current CPU.
305 */
306#define IEM_GET_HOST_CPU_FEATURES(a_pIemCpu) (&(IEMCPU_TO_VM(a_pIemCpu)->cpum.ro.HostFeatures))
307
308/**
309 * Evaluates to true if we're presenting an Intel CPU to the guest.
310 */
311#define IEM_IS_GUEST_CPU_INTEL(a_pIemCpu) ( (a_pIemCpu)->enmCpuVendor == CPUMCPUVENDOR_INTEL )
312
313/**
314 * Evaluates to true if we're presenting an AMD CPU to the guest.
315 */
316#define IEM_IS_GUEST_CPU_AMD(a_pIemCpu) ( (a_pIemCpu)->enmCpuVendor == CPUMCPUVENDOR_AMD )
317
318/**
319 * Check if the address is canonical.
320 */
321#define IEM_IS_CANONICAL(a_u64Addr) X86_IS_CANONICAL(a_u64Addr)
322
323
324/*********************************************************************************************************************************
325* Global Variables *
326*********************************************************************************************************************************/
327extern const PFNIEMOP g_apfnOneByteMap[256]; /* not static since we need to forward declare it. */
328
329
330/** Function table for the ADD instruction. */
331IEM_STATIC const IEMOPBINSIZES g_iemAImpl_add =
332{
333 iemAImpl_add_u8, iemAImpl_add_u8_locked,
334 iemAImpl_add_u16, iemAImpl_add_u16_locked,
335 iemAImpl_add_u32, iemAImpl_add_u32_locked,
336 iemAImpl_add_u64, iemAImpl_add_u64_locked
337};
338
339/** Function table for the ADC instruction. */
340IEM_STATIC const IEMOPBINSIZES g_iemAImpl_adc =
341{
342 iemAImpl_adc_u8, iemAImpl_adc_u8_locked,
343 iemAImpl_adc_u16, iemAImpl_adc_u16_locked,
344 iemAImpl_adc_u32, iemAImpl_adc_u32_locked,
345 iemAImpl_adc_u64, iemAImpl_adc_u64_locked
346};
347
348/** Function table for the SUB instruction. */
349IEM_STATIC const IEMOPBINSIZES g_iemAImpl_sub =
350{
351 iemAImpl_sub_u8, iemAImpl_sub_u8_locked,
352 iemAImpl_sub_u16, iemAImpl_sub_u16_locked,
353 iemAImpl_sub_u32, iemAImpl_sub_u32_locked,
354 iemAImpl_sub_u64, iemAImpl_sub_u64_locked
355};
356
357/** Function table for the SBB instruction. */
358IEM_STATIC const IEMOPBINSIZES g_iemAImpl_sbb =
359{
360 iemAImpl_sbb_u8, iemAImpl_sbb_u8_locked,
361 iemAImpl_sbb_u16, iemAImpl_sbb_u16_locked,
362 iemAImpl_sbb_u32, iemAImpl_sbb_u32_locked,
363 iemAImpl_sbb_u64, iemAImpl_sbb_u64_locked
364};
365
366/** Function table for the OR instruction. */
367IEM_STATIC const IEMOPBINSIZES g_iemAImpl_or =
368{
369 iemAImpl_or_u8, iemAImpl_or_u8_locked,
370 iemAImpl_or_u16, iemAImpl_or_u16_locked,
371 iemAImpl_or_u32, iemAImpl_or_u32_locked,
372 iemAImpl_or_u64, iemAImpl_or_u64_locked
373};
374
375/** Function table for the XOR instruction. */
376IEM_STATIC const IEMOPBINSIZES g_iemAImpl_xor =
377{
378 iemAImpl_xor_u8, iemAImpl_xor_u8_locked,
379 iemAImpl_xor_u16, iemAImpl_xor_u16_locked,
380 iemAImpl_xor_u32, iemAImpl_xor_u32_locked,
381 iemAImpl_xor_u64, iemAImpl_xor_u64_locked
382};
383
384/** Function table for the AND instruction. */
385IEM_STATIC const IEMOPBINSIZES g_iemAImpl_and =
386{
387 iemAImpl_and_u8, iemAImpl_and_u8_locked,
388 iemAImpl_and_u16, iemAImpl_and_u16_locked,
389 iemAImpl_and_u32, iemAImpl_and_u32_locked,
390 iemAImpl_and_u64, iemAImpl_and_u64_locked
391};
392
393/** Function table for the CMP instruction.
394 * @remarks Making operand order ASSUMPTIONS.
395 */
396IEM_STATIC const IEMOPBINSIZES g_iemAImpl_cmp =
397{
398 iemAImpl_cmp_u8, NULL,
399 iemAImpl_cmp_u16, NULL,
400 iemAImpl_cmp_u32, NULL,
401 iemAImpl_cmp_u64, NULL
402};
403
404/** Function table for the TEST instruction.
405 * @remarks Making operand order ASSUMPTIONS.
406 */
407IEM_STATIC const IEMOPBINSIZES g_iemAImpl_test =
408{
409 iemAImpl_test_u8, NULL,
410 iemAImpl_test_u16, NULL,
411 iemAImpl_test_u32, NULL,
412 iemAImpl_test_u64, NULL
413};
414
415/** Function table for the BT instruction. */
416IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bt =
417{
418 NULL, NULL,
419 iemAImpl_bt_u16, NULL,
420 iemAImpl_bt_u32, NULL,
421 iemAImpl_bt_u64, NULL
422};
423
424/** Function table for the BTC instruction. */
425IEM_STATIC const IEMOPBINSIZES g_iemAImpl_btc =
426{
427 NULL, NULL,
428 iemAImpl_btc_u16, iemAImpl_btc_u16_locked,
429 iemAImpl_btc_u32, iemAImpl_btc_u32_locked,
430 iemAImpl_btc_u64, iemAImpl_btc_u64_locked
431};
432
433/** Function table for the BTR instruction. */
434IEM_STATIC const IEMOPBINSIZES g_iemAImpl_btr =
435{
436 NULL, NULL,
437 iemAImpl_btr_u16, iemAImpl_btr_u16_locked,
438 iemAImpl_btr_u32, iemAImpl_btr_u32_locked,
439 iemAImpl_btr_u64, iemAImpl_btr_u64_locked
440};
441
442/** Function table for the BTS instruction. */
443IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bts =
444{
445 NULL, NULL,
446 iemAImpl_bts_u16, iemAImpl_bts_u16_locked,
447 iemAImpl_bts_u32, iemAImpl_bts_u32_locked,
448 iemAImpl_bts_u64, iemAImpl_bts_u64_locked
449};
450
451/** Function table for the BSF instruction. */
452IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bsf =
453{
454 NULL, NULL,
455 iemAImpl_bsf_u16, NULL,
456 iemAImpl_bsf_u32, NULL,
457 iemAImpl_bsf_u64, NULL
458};
459
460/** Function table for the BSR instruction. */
461IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bsr =
462{
463 NULL, NULL,
464 iemAImpl_bsr_u16, NULL,
465 iemAImpl_bsr_u32, NULL,
466 iemAImpl_bsr_u64, NULL
467};
468
469/** Function table for the IMUL instruction. */
470IEM_STATIC const IEMOPBINSIZES g_iemAImpl_imul_two =
471{
472 NULL, NULL,
473 iemAImpl_imul_two_u16, NULL,
474 iemAImpl_imul_two_u32, NULL,
475 iemAImpl_imul_two_u64, NULL
476};
477
478/** Group 1 /r lookup table. */
479IEM_STATIC const PCIEMOPBINSIZES g_apIemImplGrp1[8] =
480{
481 &g_iemAImpl_add,
482 &g_iemAImpl_or,
483 &g_iemAImpl_adc,
484 &g_iemAImpl_sbb,
485 &g_iemAImpl_and,
486 &g_iemAImpl_sub,
487 &g_iemAImpl_xor,
488 &g_iemAImpl_cmp
489};
490
491/** Function table for the INC instruction. */
492IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_inc =
493{
494 iemAImpl_inc_u8, iemAImpl_inc_u8_locked,
495 iemAImpl_inc_u16, iemAImpl_inc_u16_locked,
496 iemAImpl_inc_u32, iemAImpl_inc_u32_locked,
497 iemAImpl_inc_u64, iemAImpl_inc_u64_locked
498};
499
500/** Function table for the DEC instruction. */
501IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_dec =
502{
503 iemAImpl_dec_u8, iemAImpl_dec_u8_locked,
504 iemAImpl_dec_u16, iemAImpl_dec_u16_locked,
505 iemAImpl_dec_u32, iemAImpl_dec_u32_locked,
506 iemAImpl_dec_u64, iemAImpl_dec_u64_locked
507};
508
509/** Function table for the NEG instruction. */
510IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_neg =
511{
512 iemAImpl_neg_u8, iemAImpl_neg_u8_locked,
513 iemAImpl_neg_u16, iemAImpl_neg_u16_locked,
514 iemAImpl_neg_u32, iemAImpl_neg_u32_locked,
515 iemAImpl_neg_u64, iemAImpl_neg_u64_locked
516};
517
518/** Function table for the NOT instruction. */
519IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_not =
520{
521 iemAImpl_not_u8, iemAImpl_not_u8_locked,
522 iemAImpl_not_u16, iemAImpl_not_u16_locked,
523 iemAImpl_not_u32, iemAImpl_not_u32_locked,
524 iemAImpl_not_u64, iemAImpl_not_u64_locked
525};
526
527
528/** Function table for the ROL instruction. */
529IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_rol =
530{
531 iemAImpl_rol_u8,
532 iemAImpl_rol_u16,
533 iemAImpl_rol_u32,
534 iemAImpl_rol_u64
535};
536
537/** Function table for the ROR instruction. */
538IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_ror =
539{
540 iemAImpl_ror_u8,
541 iemAImpl_ror_u16,
542 iemAImpl_ror_u32,
543 iemAImpl_ror_u64
544};
545
546/** Function table for the RCL instruction. */
547IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_rcl =
548{
549 iemAImpl_rcl_u8,
550 iemAImpl_rcl_u16,
551 iemAImpl_rcl_u32,
552 iemAImpl_rcl_u64
553};
554
555/** Function table for the RCR instruction. */
556IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_rcr =
557{
558 iemAImpl_rcr_u8,
559 iemAImpl_rcr_u16,
560 iemAImpl_rcr_u32,
561 iemAImpl_rcr_u64
562};
563
564/** Function table for the SHL instruction. */
565IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_shl =
566{
567 iemAImpl_shl_u8,
568 iemAImpl_shl_u16,
569 iemAImpl_shl_u32,
570 iemAImpl_shl_u64
571};
572
573/** Function table for the SHR instruction. */
574IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_shr =
575{
576 iemAImpl_shr_u8,
577 iemAImpl_shr_u16,
578 iemAImpl_shr_u32,
579 iemAImpl_shr_u64
580};
581
582/** Function table for the SAR instruction. */
583IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_sar =
584{
585 iemAImpl_sar_u8,
586 iemAImpl_sar_u16,
587 iemAImpl_sar_u32,
588 iemAImpl_sar_u64
589};
590
591
592/** Function table for the MUL instruction. */
593IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_mul =
594{
595 iemAImpl_mul_u8,
596 iemAImpl_mul_u16,
597 iemAImpl_mul_u32,
598 iemAImpl_mul_u64
599};
600
601/** Function table for the IMUL instruction working implicitly on rAX. */
602IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_imul =
603{
604 iemAImpl_imul_u8,
605 iemAImpl_imul_u16,
606 iemAImpl_imul_u32,
607 iemAImpl_imul_u64
608};
609
610/** Function table for the DIV instruction. */
611IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_div =
612{
613 iemAImpl_div_u8,
614 iemAImpl_div_u16,
615 iemAImpl_div_u32,
616 iemAImpl_div_u64
617};
618
619/** Function table for the MUL instruction. */
620IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_idiv =
621{
622 iemAImpl_idiv_u8,
623 iemAImpl_idiv_u16,
624 iemAImpl_idiv_u32,
625 iemAImpl_idiv_u64
626};
627
628/** Function table for the SHLD instruction */
629IEM_STATIC const IEMOPSHIFTDBLSIZES g_iemAImpl_shld =
630{
631 iemAImpl_shld_u16,
632 iemAImpl_shld_u32,
633 iemAImpl_shld_u64,
634};
635
636/** Function table for the SHRD instruction */
637IEM_STATIC const IEMOPSHIFTDBLSIZES g_iemAImpl_shrd =
638{
639 iemAImpl_shrd_u16,
640 iemAImpl_shrd_u32,
641 iemAImpl_shrd_u64,
642};
643
644
645/** Function table for the PUNPCKLBW instruction */
646IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpcklbw = { iemAImpl_punpcklbw_u64, iemAImpl_punpcklbw_u128 };
647/** Function table for the PUNPCKLBD instruction */
648IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpcklwd = { iemAImpl_punpcklwd_u64, iemAImpl_punpcklwd_u128 };
649/** Function table for the PUNPCKLDQ instruction */
650IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpckldq = { iemAImpl_punpckldq_u64, iemAImpl_punpckldq_u128 };
651/** Function table for the PUNPCKLQDQ instruction */
652IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpcklqdq = { NULL, iemAImpl_punpcklqdq_u128 };
653
654/** Function table for the PUNPCKHBW instruction */
655IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhbw = { iemAImpl_punpckhbw_u64, iemAImpl_punpckhbw_u128 };
656/** Function table for the PUNPCKHBD instruction */
657IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhwd = { iemAImpl_punpckhwd_u64, iemAImpl_punpckhwd_u128 };
658/** Function table for the PUNPCKHDQ instruction */
659IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhdq = { iemAImpl_punpckhdq_u64, iemAImpl_punpckhdq_u128 };
660/** Function table for the PUNPCKHQDQ instruction */
661IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhqdq = { NULL, iemAImpl_punpckhqdq_u128 };
662
663/** Function table for the PXOR instruction */
664IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pxor = { iemAImpl_pxor_u64, iemAImpl_pxor_u128 };
665/** Function table for the PCMPEQB instruction */
666IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pcmpeqb = { iemAImpl_pcmpeqb_u64, iemAImpl_pcmpeqb_u128 };
667/** Function table for the PCMPEQW instruction */
668IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pcmpeqw = { iemAImpl_pcmpeqw_u64, iemAImpl_pcmpeqw_u128 };
669/** Function table for the PCMPEQD instruction */
670IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pcmpeqd = { iemAImpl_pcmpeqd_u64, iemAImpl_pcmpeqd_u128 };
671
672
673#if defined(IEM_VERIFICATION_MODE_MINIMAL) || defined(IEM_LOG_MEMORY_WRITES)
674/** What IEM just wrote. */
675uint8_t g_abIemWrote[256];
676/** How much IEM just wrote. */
677size_t g_cbIemWrote;
678#endif
679
680
681/*********************************************************************************************************************************
682* Internal Functions *
683*********************************************************************************************************************************/
684IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFaultWithErr(PIEMCPU pIemCpu, uint16_t uErr);
685IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFaultCurrentTSS(PIEMCPU pIemCpu);
686IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFault0(PIEMCPU pIemCpu);
687IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFaultBySelector(PIEMCPU pIemCpu, uint16_t uSel);
688/*IEM_STATIC VBOXSTRICTRC iemRaiseSelectorNotPresent(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess);*/
689IEM_STATIC VBOXSTRICTRC iemRaiseSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel);
690IEM_STATIC VBOXSTRICTRC iemRaiseSelectorNotPresentWithErr(PIEMCPU pIemCpu, uint16_t uErr);
691IEM_STATIC VBOXSTRICTRC iemRaiseStackSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel);
692IEM_STATIC VBOXSTRICTRC iemRaiseStackSelectorNotPresentWithErr(PIEMCPU pIemCpu, uint16_t uErr);
693IEM_STATIC VBOXSTRICTRC iemRaiseGeneralProtectionFault(PIEMCPU pIemCpu, uint16_t uErr);
694IEM_STATIC VBOXSTRICTRC iemRaiseGeneralProtectionFault0(PIEMCPU pIemCpu);
695IEM_STATIC VBOXSTRICTRC iemRaiseGeneralProtectionFaultBySelector(PIEMCPU pIemCpu, RTSEL uSel);
696IEM_STATIC VBOXSTRICTRC iemRaiseSelectorBounds(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess);
697IEM_STATIC VBOXSTRICTRC iemRaiseSelectorBoundsBySelector(PIEMCPU pIemCpu, RTSEL Sel);
698IEM_STATIC VBOXSTRICTRC iemRaiseSelectorInvalidAccess(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess);
699IEM_STATIC VBOXSTRICTRC iemRaisePageFault(PIEMCPU pIemCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc);
700IEM_STATIC VBOXSTRICTRC iemRaiseAlignmentCheckException(PIEMCPU pIemCpu);
701IEM_STATIC VBOXSTRICTRC iemMemMap(PIEMCPU pIemCpu, void **ppvMem, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess);
702IEM_STATIC VBOXSTRICTRC iemMemCommitAndUnmap(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess);
703IEM_STATIC VBOXSTRICTRC iemMemFetchDataU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
704IEM_STATIC VBOXSTRICTRC iemMemFetchDataU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
705IEM_STATIC VBOXSTRICTRC iemMemFetchSysU8(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
706IEM_STATIC VBOXSTRICTRC iemMemFetchSysU16(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
707IEM_STATIC VBOXSTRICTRC iemMemFetchSysU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
708IEM_STATIC VBOXSTRICTRC iemMemFetchSysU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
709IEM_STATIC VBOXSTRICTRC iemMemFetchSelDescWithErr(PIEMCPU pIemCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt, uint16_t uErrorCode);
710IEM_STATIC VBOXSTRICTRC iemMemFetchSelDesc(PIEMCPU pIemCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt);
711IEM_STATIC VBOXSTRICTRC iemMemStackPushCommitSpecial(PIEMCPU pIemCpu, void *pvMem, uint64_t uNewRsp);
712IEM_STATIC VBOXSTRICTRC iemMemStackPushBeginSpecial(PIEMCPU pIemCpu, size_t cbMem, void **ppvMem, uint64_t *puNewRsp);
713IEM_STATIC VBOXSTRICTRC iemMemStackPushU32(PIEMCPU pIemCpu, uint32_t u32Value);
714IEM_STATIC VBOXSTRICTRC iemMemStackPushU16(PIEMCPU pIemCpu, uint16_t u16Value);
715IEM_STATIC VBOXSTRICTRC iemMemMarkSelDescAccessed(PIEMCPU pIemCpu, uint16_t uSel);
716IEM_STATIC uint16_t iemSRegFetchU16(PIEMCPU pIemCpu, uint8_t iSegReg);
717
718#if defined(IEM_VERIFICATION_MODE_FULL) && !defined(IEM_VERIFICATION_MODE_MINIMAL)
719IEM_STATIC PIEMVERIFYEVTREC iemVerifyAllocRecord(PIEMCPU pIemCpu);
720#endif
721IEM_STATIC VBOXSTRICTRC iemVerifyFakeIOPortRead(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t *pu32Value, size_t cbValue);
722IEM_STATIC VBOXSTRICTRC iemVerifyFakeIOPortWrite(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t u32Value, size_t cbValue);
723
724
725
726/**
727 * Sets the pass up status.
728 *
729 * @returns VINF_SUCCESS.
730 * @param pIemCpu The per CPU IEM state of the calling thread.
731 * @param rcPassUp The pass up status. Must be informational.
732 * VINF_SUCCESS is not allowed.
733 */
734IEM_STATIC int iemSetPassUpStatus(PIEMCPU pIemCpu, VBOXSTRICTRC rcPassUp)
735{
736 AssertRC(VBOXSTRICTRC_VAL(rcPassUp)); Assert(rcPassUp != VINF_SUCCESS);
737
738 int32_t const rcOldPassUp = pIemCpu->rcPassUp;
739 if (rcOldPassUp == VINF_SUCCESS)
740 pIemCpu->rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
741 /* If both are EM scheduling codes, use EM priority rules. */
742 else if ( rcOldPassUp >= VINF_EM_FIRST && rcOldPassUp <= VINF_EM_LAST
743 && rcPassUp >= VINF_EM_FIRST && rcPassUp <= VINF_EM_LAST)
744 {
745 if (rcPassUp < rcOldPassUp)
746 {
747 Log(("IEM: rcPassUp=%Rrc! rcOldPassUp=%Rrc\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
748 pIemCpu->rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
749 }
750 else
751 Log(("IEM: rcPassUp=%Rrc rcOldPassUp=%Rrc!\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
752 }
753 /* Override EM scheduling with specific status code. */
754 else if (rcOldPassUp >= VINF_EM_FIRST && rcOldPassUp <= VINF_EM_LAST)
755 {
756 Log(("IEM: rcPassUp=%Rrc! rcOldPassUp=%Rrc\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
757 pIemCpu->rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
758 }
759 /* Don't override specific status code, first come first served. */
760 else
761 Log(("IEM: rcPassUp=%Rrc rcOldPassUp=%Rrc!\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
762 return VINF_SUCCESS;
763}
764
765
766/**
767 * Calculates the CPU mode.
768 *
769 * This is mainly for updating IEMCPU::enmCpuMode.
770 *
771 * @returns CPU mode.
772 * @param pCtx The register context for the CPU.
773 */
774DECLINLINE(IEMMODE) iemCalcCpuMode(PCPUMCTX pCtx)
775{
776 if (CPUMIsGuestIn64BitCodeEx(pCtx))
777 return IEMMODE_64BIT;
778 if (pCtx->cs.Attr.n.u1DefBig) /** @todo check if this is correct... */
779 return IEMMODE_32BIT;
780 return IEMMODE_16BIT;
781}
782
783
784/**
785 * Initializes the execution state.
786 *
787 * @param pIemCpu The per CPU IEM state.
788 * @param fBypassHandlers Whether to bypass access handlers.
789 *
790 * @remarks Callers of this must call iemUninitExec() to undo potentially fatal
791 * side-effects in strict builds.
792 */
793DECLINLINE(void) iemInitExec(PIEMCPU pIemCpu, bool fBypassHandlers)
794{
795 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
796 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
797
798 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IEM));
799
800#if defined(VBOX_STRICT) && (defined(IEM_VERIFICATION_MODE_FULL) || !defined(VBOX_WITH_RAW_MODE_NOT_R0))
801 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->cs));
802 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ss));
803 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->es));
804 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ds));
805 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->fs));
806 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->gs));
807 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ldtr));
808 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->tr));
809#endif
810
811#ifdef VBOX_WITH_RAW_MODE_NOT_R0
812 CPUMGuestLazyLoadHiddenCsAndSs(pVCpu);
813#endif
814 pIemCpu->uCpl = CPUMGetGuestCPL(pVCpu);
815 pIemCpu->enmCpuMode = iemCalcCpuMode(pCtx);
816#ifdef VBOX_STRICT
817 pIemCpu->enmDefAddrMode = (IEMMODE)0xc0fe;
818 pIemCpu->enmEffAddrMode = (IEMMODE)0xc0fe;
819 pIemCpu->enmDefOpSize = (IEMMODE)0xc0fe;
820 pIemCpu->enmEffOpSize = (IEMMODE)0xc0fe;
821 pIemCpu->fPrefixes = (IEMMODE)0xfeedbeef;
822 pIemCpu->uRexReg = 127;
823 pIemCpu->uRexB = 127;
824 pIemCpu->uRexIndex = 127;
825 pIemCpu->iEffSeg = 127;
826 pIemCpu->offOpcode = 127;
827 pIemCpu->cbOpcode = 127;
828#endif
829
830 pIemCpu->cActiveMappings = 0;
831 pIemCpu->iNextMapping = 0;
832 pIemCpu->rcPassUp = VINF_SUCCESS;
833 pIemCpu->fBypassHandlers = fBypassHandlers;
834#ifdef VBOX_WITH_RAW_MODE_NOT_R0
835 pIemCpu->fInPatchCode = pIemCpu->uCpl == 0
836 && pCtx->cs.u64Base == 0
837 && pCtx->cs.u32Limit == UINT32_MAX
838 && PATMIsPatchGCAddr(IEMCPU_TO_VM(pIemCpu), pCtx->eip);
839 if (!pIemCpu->fInPatchCode)
840 CPUMRawLeave(pVCpu, VINF_SUCCESS);
841#endif
842
843#ifdef IEM_VERIFICATION_MODE_FULL
844 pIemCpu->fNoRemSavedByExec = pIemCpu->fNoRem;
845 pIemCpu->fNoRem = true;
846#endif
847}
848
849
850/**
851 * Counterpart to #iemInitExec that undoes evil strict-build stuff.
852 *
853 * @param pIemCpu The per CPU IEM state.
854 */
855DECLINLINE(void) iemUninitExec(PIEMCPU pIemCpu)
856{
857 /* Note! do not touch fInPatchCode here! (see iemUninitExecAndFiddleStatusAndMaybeReenter) */
858#ifdef IEM_VERIFICATION_MODE_FULL
859 pIemCpu->fNoRem = pIemCpu->fNoRemSavedByExec;
860#endif
861#ifdef VBOX_STRICT
862 pIemCpu->cbOpcode = 0;
863#else
864 NOREF(pIemCpu);
865#endif
866}
867
868
869/**
870 * Initializes the decoder state.
871 *
872 * @param pIemCpu The per CPU IEM state.
873 * @param fBypassHandlers Whether to bypass access handlers.
874 */
875DECLINLINE(void) iemInitDecoder(PIEMCPU pIemCpu, bool fBypassHandlers)
876{
877 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
878 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
879
880 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IEM));
881
882#if defined(VBOX_STRICT) && (defined(IEM_VERIFICATION_MODE_FULL) || !defined(VBOX_WITH_RAW_MODE_NOT_R0))
883 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->cs));
884 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ss));
885 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->es));
886 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ds));
887 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->fs));
888 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->gs));
889 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ldtr));
890 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->tr));
891#endif
892
893#ifdef VBOX_WITH_RAW_MODE_NOT_R0
894 CPUMGuestLazyLoadHiddenCsAndSs(pVCpu);
895#endif
896 pIemCpu->uCpl = CPUMGetGuestCPL(pVCpu);
897#ifdef IEM_VERIFICATION_MODE_FULL
898 if (pIemCpu->uInjectCpl != UINT8_MAX)
899 pIemCpu->uCpl = pIemCpu->uInjectCpl;
900#endif
901 IEMMODE enmMode = iemCalcCpuMode(pCtx);
902 pIemCpu->enmCpuMode = enmMode;
903 pIemCpu->enmDefAddrMode = enmMode; /** @todo check if this is correct... */
904 pIemCpu->enmEffAddrMode = enmMode;
905 if (enmMode != IEMMODE_64BIT)
906 {
907 pIemCpu->enmDefOpSize = enmMode; /** @todo check if this is correct... */
908 pIemCpu->enmEffOpSize = enmMode;
909 }
910 else
911 {
912 pIemCpu->enmDefOpSize = IEMMODE_32BIT;
913 pIemCpu->enmEffOpSize = IEMMODE_32BIT;
914 }
915 pIemCpu->fPrefixes = 0;
916 pIemCpu->uRexReg = 0;
917 pIemCpu->uRexB = 0;
918 pIemCpu->uRexIndex = 0;
919 pIemCpu->iEffSeg = X86_SREG_DS;
920 pIemCpu->offOpcode = 0;
921 pIemCpu->cbOpcode = 0;
922 pIemCpu->cActiveMappings = 0;
923 pIemCpu->iNextMapping = 0;
924 pIemCpu->rcPassUp = VINF_SUCCESS;
925 pIemCpu->fBypassHandlers = fBypassHandlers;
926#ifdef VBOX_WITH_RAW_MODE_NOT_R0
927 pIemCpu->fInPatchCode = pIemCpu->uCpl == 0
928 && pCtx->cs.u64Base == 0
929 && pCtx->cs.u32Limit == UINT32_MAX
930 && PATMIsPatchGCAddr(IEMCPU_TO_VM(pIemCpu), pCtx->eip);
931 if (!pIemCpu->fInPatchCode)
932 CPUMRawLeave(pVCpu, VINF_SUCCESS);
933#endif
934
935#ifdef DBGFTRACE_ENABLED
936 switch (enmMode)
937 {
938 case IEMMODE_64BIT:
939 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I64/%u %08llx", pIemCpu->uCpl, pCtx->rip);
940 break;
941 case IEMMODE_32BIT:
942 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I32/%u %04x:%08x", pIemCpu->uCpl, pCtx->cs.Sel, pCtx->eip);
943 break;
944 case IEMMODE_16BIT:
945 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I16/%u %04x:%04x", pIemCpu->uCpl, pCtx->cs.Sel, pCtx->eip);
946 break;
947 }
948#endif
949}
950
951
952/**
953 * Prefetch opcodes the first time when starting executing.
954 *
955 * @returns Strict VBox status code.
956 * @param pIemCpu The IEM state.
957 * @param fBypassHandlers Whether to bypass access handlers.
958 */
959IEM_STATIC VBOXSTRICTRC iemInitDecoderAndPrefetchOpcodes(PIEMCPU pIemCpu, bool fBypassHandlers)
960{
961#ifdef IEM_VERIFICATION_MODE_FULL
962 uint8_t const cbOldOpcodes = pIemCpu->cbOpcode;
963#endif
964 iemInitDecoder(pIemCpu, fBypassHandlers);
965
966 /*
967 * What we're doing here is very similar to iemMemMap/iemMemBounceBufferMap.
968 *
969 * First translate CS:rIP to a physical address.
970 */
971 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
972 uint32_t cbToTryRead;
973 RTGCPTR GCPtrPC;
974 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
975 {
976 cbToTryRead = PAGE_SIZE;
977 GCPtrPC = pCtx->rip;
978 if (!IEM_IS_CANONICAL(GCPtrPC))
979 return iemRaiseGeneralProtectionFault0(pIemCpu);
980 cbToTryRead = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
981 }
982 else
983 {
984 uint32_t GCPtrPC32 = pCtx->eip;
985 AssertMsg(!(GCPtrPC32 & ~(uint32_t)UINT16_MAX) || pIemCpu->enmCpuMode == IEMMODE_32BIT, ("%04x:%RX64\n", pCtx->cs.Sel, pCtx->rip));
986 if (GCPtrPC32 > pCtx->cs.u32Limit)
987 return iemRaiseSelectorBounds(pIemCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
988 cbToTryRead = pCtx->cs.u32Limit - GCPtrPC32 + 1;
989 if (!cbToTryRead) /* overflowed */
990 {
991 Assert(GCPtrPC32 == 0); Assert(pCtx->cs.u32Limit == UINT32_MAX);
992 cbToTryRead = UINT32_MAX;
993 }
994 GCPtrPC = (uint32_t)pCtx->cs.u64Base + GCPtrPC32;
995 Assert(GCPtrPC <= UINT32_MAX);
996 }
997
998#ifdef VBOX_WITH_RAW_MODE_NOT_R0
999 /* Allow interpretation of patch manager code blocks since they can for
1000 instance throw #PFs for perfectly good reasons. */
1001 if (pIemCpu->fInPatchCode)
1002 {
1003 size_t cbRead = 0;
1004 int rc = PATMReadPatchCode(IEMCPU_TO_VM(pIemCpu), GCPtrPC, pIemCpu->abOpcode, sizeof(pIemCpu->abOpcode), &cbRead);
1005 AssertRCReturn(rc, rc);
1006 pIemCpu->cbOpcode = (uint8_t)cbRead; Assert(pIemCpu->cbOpcode == cbRead); Assert(cbRead > 0);
1007 return VINF_SUCCESS;
1008 }
1009#endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
1010
1011 RTGCPHYS GCPhys;
1012 uint64_t fFlags;
1013 int rc = PGMGstGetPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrPC, &fFlags, &GCPhys);
1014 if (RT_FAILURE(rc))
1015 {
1016 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - rc=%Rrc\n", GCPtrPC, rc));
1017 return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, rc);
1018 }
1019 if (!(fFlags & X86_PTE_US) && pIemCpu->uCpl == 3)
1020 {
1021 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - supervisor page\n", GCPtrPC));
1022 return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1023 }
1024 if ((fFlags & X86_PTE_PAE_NX) && (pCtx->msrEFER & MSR_K6_EFER_NXE))
1025 {
1026 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - NX\n", GCPtrPC));
1027 return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1028 }
1029 GCPhys |= GCPtrPC & PAGE_OFFSET_MASK;
1030 /** @todo Check reserved bits and such stuff. PGM is better at doing
1031 * that, so do it when implementing the guest virtual address
1032 * TLB... */
1033
1034#ifdef IEM_VERIFICATION_MODE_FULL
1035 /*
1036 * Optimistic optimization: Use unconsumed opcode bytes from the previous
1037 * instruction.
1038 */
1039 /** @todo optimize this differently by not using PGMPhysRead. */
1040 RTGCPHYS const offPrevOpcodes = GCPhys - pIemCpu->GCPhysOpcodes;
1041 pIemCpu->GCPhysOpcodes = GCPhys;
1042 if ( offPrevOpcodes < cbOldOpcodes
1043 && PAGE_SIZE - (GCPhys & PAGE_OFFSET_MASK) > sizeof(pIemCpu->abOpcode))
1044 {
1045 uint8_t cbNew = cbOldOpcodes - (uint8_t)offPrevOpcodes;
1046 Assert(cbNew <= RT_ELEMENTS(pIemCpu->abOpcode));
1047 memmove(&pIemCpu->abOpcode[0], &pIemCpu->abOpcode[offPrevOpcodes], cbNew);
1048 pIemCpu->cbOpcode = cbNew;
1049 return VINF_SUCCESS;
1050 }
1051#endif
1052
1053 /*
1054 * Read the bytes at this address.
1055 */
1056 PVM pVM = IEMCPU_TO_VM(pIemCpu);
1057#if defined(IN_RING3) && defined(VBOX_WITH_RAW_MODE_NOT_R0)
1058 size_t cbActual;
1059 if ( PATMIsEnabled(pVM)
1060 && RT_SUCCESS(PATMR3ReadOrgInstr(pVM, GCPtrPC, pIemCpu->abOpcode, sizeof(pIemCpu->abOpcode), &cbActual)))
1061 {
1062 Log4(("decode - Read %u unpatched bytes at %RGv\n", cbActual, GCPtrPC));
1063 Assert(cbActual > 0);
1064 pIemCpu->cbOpcode = (uint8_t)cbActual;
1065 }
1066 else
1067#endif
1068 {
1069 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
1070 if (cbToTryRead > cbLeftOnPage)
1071 cbToTryRead = cbLeftOnPage;
1072 if (cbToTryRead > sizeof(pIemCpu->abOpcode))
1073 cbToTryRead = sizeof(pIemCpu->abOpcode);
1074
1075 if (!pIemCpu->fBypassHandlers)
1076 {
1077 VBOXSTRICTRC rcStrict = PGMPhysRead(pVM, GCPhys, pIemCpu->abOpcode, cbToTryRead, PGMACCESSORIGIN_IEM);
1078 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
1079 { /* likely */ }
1080 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
1081 {
1082 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n",
1083 GCPtrPC, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1084 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
1085 }
1086 else
1087 {
1088 Log((RT_SUCCESS(rcStrict)
1089 ? "iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
1090 : "iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
1091 GCPtrPC, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1092 return rcStrict;
1093 }
1094 }
1095 else
1096 {
1097 rc = PGMPhysSimpleReadGCPhys(pVM, pIemCpu->abOpcode, GCPhys, cbToTryRead);
1098 if (RT_SUCCESS(rc))
1099 { /* likely */ }
1100 else
1101 {
1102 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read error - rc=%Rrc (!!)\n",
1103 GCPtrPC, GCPhys, rc, cbToTryRead));
1104 return rc;
1105 }
1106 }
1107 pIemCpu->cbOpcode = cbToTryRead;
1108 }
1109
1110 return VINF_SUCCESS;
1111}
1112
1113
1114/**
1115 * Try fetch at least @a cbMin bytes more opcodes, raise the appropriate
1116 * exception if it fails.
1117 *
1118 * @returns Strict VBox status code.
1119 * @param pIemCpu The IEM state.
1120 * @param cbMin The minimum number of bytes relative offOpcode
1121 * that must be read.
1122 */
1123IEM_STATIC VBOXSTRICTRC iemOpcodeFetchMoreBytes(PIEMCPU pIemCpu, size_t cbMin)
1124{
1125 /*
1126 * What we're doing here is very similar to iemMemMap/iemMemBounceBufferMap.
1127 *
1128 * First translate CS:rIP to a physical address.
1129 */
1130 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
1131 uint8_t cbLeft = pIemCpu->cbOpcode - pIemCpu->offOpcode; Assert(cbLeft < cbMin);
1132 uint32_t cbToTryRead;
1133 RTGCPTR GCPtrNext;
1134 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
1135 {
1136 cbToTryRead = PAGE_SIZE;
1137 GCPtrNext = pCtx->rip + pIemCpu->cbOpcode;
1138 if (!IEM_IS_CANONICAL(GCPtrNext))
1139 return iemRaiseGeneralProtectionFault0(pIemCpu);
1140 }
1141 else
1142 {
1143 uint32_t GCPtrNext32 = pCtx->eip;
1144 Assert(!(GCPtrNext32 & ~(uint32_t)UINT16_MAX) || pIemCpu->enmCpuMode == IEMMODE_32BIT);
1145 GCPtrNext32 += pIemCpu->cbOpcode;
1146 if (GCPtrNext32 > pCtx->cs.u32Limit)
1147 return iemRaiseSelectorBounds(pIemCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
1148 cbToTryRead = pCtx->cs.u32Limit - GCPtrNext32 + 1;
1149 if (!cbToTryRead) /* overflowed */
1150 {
1151 Assert(GCPtrNext32 == 0); Assert(pCtx->cs.u32Limit == UINT32_MAX);
1152 cbToTryRead = UINT32_MAX;
1153 /** @todo check out wrapping around the code segment. */
1154 }
1155 if (cbToTryRead < cbMin - cbLeft)
1156 return iemRaiseSelectorBounds(pIemCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
1157 GCPtrNext = (uint32_t)pCtx->cs.u64Base + GCPtrNext32;
1158 }
1159
1160 /* Only read up to the end of the page, and make sure we don't read more
1161 than the opcode buffer can hold. */
1162 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrNext & PAGE_OFFSET_MASK);
1163 if (cbToTryRead > cbLeftOnPage)
1164 cbToTryRead = cbLeftOnPage;
1165 if (cbToTryRead > sizeof(pIemCpu->abOpcode) - pIemCpu->cbOpcode)
1166 cbToTryRead = sizeof(pIemCpu->abOpcode) - pIemCpu->cbOpcode;
1167/** @todo r=bird: Convert assertion into undefined opcode exception? */
1168 Assert(cbToTryRead >= cbMin - cbLeft); /* ASSUMPTION based on iemInitDecoderAndPrefetchOpcodes. */
1169
1170#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1171 /* Allow interpretation of patch manager code blocks since they can for
1172 instance throw #PFs for perfectly good reasons. */
1173 if (pIemCpu->fInPatchCode)
1174 {
1175 size_t cbRead = 0;
1176 int rc = PATMReadPatchCode(IEMCPU_TO_VM(pIemCpu), GCPtrNext, pIemCpu->abOpcode, cbToTryRead, &cbRead);
1177 AssertRCReturn(rc, rc);
1178 pIemCpu->cbOpcode = (uint8_t)cbRead; Assert(pIemCpu->cbOpcode == cbRead); Assert(cbRead > 0);
1179 return VINF_SUCCESS;
1180 }
1181#endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
1182
1183 RTGCPHYS GCPhys;
1184 uint64_t fFlags;
1185 int rc = PGMGstGetPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrNext, &fFlags, &GCPhys);
1186 if (RT_FAILURE(rc))
1187 {
1188 Log(("iemOpcodeFetchMoreBytes: %RGv - rc=%Rrc\n", GCPtrNext, rc));
1189 return iemRaisePageFault(pIemCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, rc);
1190 }
1191 if (!(fFlags & X86_PTE_US) && pIemCpu->uCpl == 3)
1192 {
1193 Log(("iemOpcodeFetchMoreBytes: %RGv - supervisor page\n", GCPtrNext));
1194 return iemRaisePageFault(pIemCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1195 }
1196 if ((fFlags & X86_PTE_PAE_NX) && (pCtx->msrEFER & MSR_K6_EFER_NXE))
1197 {
1198 Log(("iemOpcodeFetchMoreBytes: %RGv - NX\n", GCPtrNext));
1199 return iemRaisePageFault(pIemCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1200 }
1201 GCPhys |= GCPtrNext & PAGE_OFFSET_MASK;
1202 Log5(("GCPtrNext=%RGv GCPhys=%RGp cbOpcodes=%#x\n", GCPtrNext, GCPhys, pIemCpu->cbOpcode));
1203 /** @todo Check reserved bits and such stuff. PGM is better at doing
1204 * that, so do it when implementing the guest virtual address
1205 * TLB... */
1206
1207 /*
1208 * Read the bytes at this address.
1209 *
1210 * We read all unpatched bytes in iemInitDecoderAndPrefetchOpcodes already,
1211 * and since PATM should only patch the start of an instruction there
1212 * should be no need to check again here.
1213 */
1214 if (!pIemCpu->fBypassHandlers)
1215 {
1216 VBOXSTRICTRC rcStrict = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhys, &pIemCpu->abOpcode[pIemCpu->cbOpcode],
1217 cbToTryRead, PGMACCESSORIGIN_IEM);
1218 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
1219 { /* likely */ }
1220 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
1221 {
1222 Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n",
1223 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1224 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
1225 }
1226 else
1227 {
1228 Log((RT_SUCCESS(rcStrict)
1229 ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
1230 : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
1231 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1232 return rcStrict;
1233 }
1234 }
1235 else
1236 {
1237 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), &pIemCpu->abOpcode[pIemCpu->cbOpcode], GCPhys, cbToTryRead);
1238 if (RT_SUCCESS(rc))
1239 { /* likely */ }
1240 else
1241 {
1242 Log(("iemOpcodeFetchMoreBytes: %RGv - read error - rc=%Rrc (!!)\n", GCPtrNext, rc));
1243 return rc;
1244 }
1245 }
1246 pIemCpu->cbOpcode += cbToTryRead;
1247 Log5(("%.*Rhxs\n", pIemCpu->cbOpcode, pIemCpu->abOpcode));
1248
1249 return VINF_SUCCESS;
1250}
1251
1252
1253/**
1254 * Deals with the problematic cases that iemOpcodeGetNextU8 doesn't like.
1255 *
1256 * @returns Strict VBox status code.
1257 * @param pIemCpu The IEM state.
1258 * @param pb Where to return the opcode byte.
1259 */
1260DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU8Slow(PIEMCPU pIemCpu, uint8_t *pb)
1261{
1262 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 1);
1263 if (rcStrict == VINF_SUCCESS)
1264 {
1265 uint8_t offOpcode = pIemCpu->offOpcode;
1266 *pb = pIemCpu->abOpcode[offOpcode];
1267 pIemCpu->offOpcode = offOpcode + 1;
1268 }
1269 else
1270 *pb = 0;
1271 return rcStrict;
1272}
1273
1274
1275/**
1276 * Fetches the next opcode byte.
1277 *
1278 * @returns Strict VBox status code.
1279 * @param pIemCpu The IEM state.
1280 * @param pu8 Where to return the opcode byte.
1281 */
1282DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU8(PIEMCPU pIemCpu, uint8_t *pu8)
1283{
1284 uint8_t const offOpcode = pIemCpu->offOpcode;
1285 if (RT_LIKELY(offOpcode < pIemCpu->cbOpcode))
1286 {
1287 *pu8 = pIemCpu->abOpcode[offOpcode];
1288 pIemCpu->offOpcode = offOpcode + 1;
1289 return VINF_SUCCESS;
1290 }
1291 return iemOpcodeGetNextU8Slow(pIemCpu, pu8);
1292}
1293
1294
1295/**
1296 * Fetches the next opcode byte, returns automatically on failure.
1297 *
1298 * @param a_pu8 Where to return the opcode byte.
1299 * @remark Implicitly references pIemCpu.
1300 */
1301#define IEM_OPCODE_GET_NEXT_U8(a_pu8) \
1302 do \
1303 { \
1304 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU8(pIemCpu, (a_pu8)); \
1305 if (rcStrict2 != VINF_SUCCESS) \
1306 return rcStrict2; \
1307 } while (0)
1308
1309
1310/**
1311 * Fetches the next signed byte from the opcode stream.
1312 *
1313 * @returns Strict VBox status code.
1314 * @param pIemCpu The IEM state.
1315 * @param pi8 Where to return the signed byte.
1316 */
1317DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8(PIEMCPU pIemCpu, int8_t *pi8)
1318{
1319 return iemOpcodeGetNextU8(pIemCpu, (uint8_t *)pi8);
1320}
1321
1322
1323/**
1324 * Fetches the next signed byte from the opcode stream, returning automatically
1325 * on failure.
1326 *
1327 * @param a_pi8 Where to return the signed byte.
1328 * @remark Implicitly references pIemCpu.
1329 */
1330#define IEM_OPCODE_GET_NEXT_S8(a_pi8) \
1331 do \
1332 { \
1333 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8(pIemCpu, (a_pi8)); \
1334 if (rcStrict2 != VINF_SUCCESS) \
1335 return rcStrict2; \
1336 } while (0)
1337
1338
1339/**
1340 * Deals with the problematic cases that iemOpcodeGetNextS8SxU16 doesn't like.
1341 *
1342 * @returns Strict VBox status code.
1343 * @param pIemCpu The IEM state.
1344 * @param pu16 Where to return the opcode dword.
1345 */
1346DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS8SxU16Slow(PIEMCPU pIemCpu, uint16_t *pu16)
1347{
1348 uint8_t u8;
1349 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pIemCpu, &u8);
1350 if (rcStrict == VINF_SUCCESS)
1351 *pu16 = (int8_t)u8;
1352 return rcStrict;
1353}
1354
1355
1356/**
1357 * Fetches the next signed byte from the opcode stream, extending it to
1358 * unsigned 16-bit.
1359 *
1360 * @returns Strict VBox status code.
1361 * @param pIemCpu The IEM state.
1362 * @param pu16 Where to return the unsigned word.
1363 */
1364DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU16(PIEMCPU pIemCpu, uint16_t *pu16)
1365{
1366 uint8_t const offOpcode = pIemCpu->offOpcode;
1367 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1368 return iemOpcodeGetNextS8SxU16Slow(pIemCpu, pu16);
1369
1370 *pu16 = (int8_t)pIemCpu->abOpcode[offOpcode];
1371 pIemCpu->offOpcode = offOpcode + 1;
1372 return VINF_SUCCESS;
1373}
1374
1375
1376/**
1377 * Fetches the next signed byte from the opcode stream and sign-extending it to
1378 * a word, returning automatically on failure.
1379 *
1380 * @param a_pu16 Where to return the word.
1381 * @remark Implicitly references pIemCpu.
1382 */
1383#define IEM_OPCODE_GET_NEXT_S8_SX_U16(a_pu16) \
1384 do \
1385 { \
1386 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU16(pIemCpu, (a_pu16)); \
1387 if (rcStrict2 != VINF_SUCCESS) \
1388 return rcStrict2; \
1389 } while (0)
1390
1391
1392/**
1393 * Deals with the problematic cases that iemOpcodeGetNextS8SxU32 doesn't like.
1394 *
1395 * @returns Strict VBox status code.
1396 * @param pIemCpu The IEM state.
1397 * @param pu32 Where to return the opcode dword.
1398 */
1399DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS8SxU32Slow(PIEMCPU pIemCpu, uint32_t *pu32)
1400{
1401 uint8_t u8;
1402 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pIemCpu, &u8);
1403 if (rcStrict == VINF_SUCCESS)
1404 *pu32 = (int8_t)u8;
1405 return rcStrict;
1406}
1407
1408
1409/**
1410 * Fetches the next signed byte from the opcode stream, extending it to
1411 * unsigned 32-bit.
1412 *
1413 * @returns Strict VBox status code.
1414 * @param pIemCpu The IEM state.
1415 * @param pu32 Where to return the unsigned dword.
1416 */
1417DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU32(PIEMCPU pIemCpu, uint32_t *pu32)
1418{
1419 uint8_t const offOpcode = pIemCpu->offOpcode;
1420 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1421 return iemOpcodeGetNextS8SxU32Slow(pIemCpu, pu32);
1422
1423 *pu32 = (int8_t)pIemCpu->abOpcode[offOpcode];
1424 pIemCpu->offOpcode = offOpcode + 1;
1425 return VINF_SUCCESS;
1426}
1427
1428
1429/**
1430 * Fetches the next signed byte from the opcode stream and sign-extending it to
1431 * a word, returning automatically on failure.
1432 *
1433 * @param a_pu32 Where to return the word.
1434 * @remark Implicitly references pIemCpu.
1435 */
1436#define IEM_OPCODE_GET_NEXT_S8_SX_U32(a_pu32) \
1437 do \
1438 { \
1439 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU32(pIemCpu, (a_pu32)); \
1440 if (rcStrict2 != VINF_SUCCESS) \
1441 return rcStrict2; \
1442 } while (0)
1443
1444
1445/**
1446 * Deals with the problematic cases that iemOpcodeGetNextS8SxU64 doesn't like.
1447 *
1448 * @returns Strict VBox status code.
1449 * @param pIemCpu The IEM state.
1450 * @param pu64 Where to return the opcode qword.
1451 */
1452DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS8SxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1453{
1454 uint8_t u8;
1455 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pIemCpu, &u8);
1456 if (rcStrict == VINF_SUCCESS)
1457 *pu64 = (int8_t)u8;
1458 return rcStrict;
1459}
1460
1461
1462/**
1463 * Fetches the next signed byte from the opcode stream, extending it to
1464 * unsigned 64-bit.
1465 *
1466 * @returns Strict VBox status code.
1467 * @param pIemCpu The IEM state.
1468 * @param pu64 Where to return the unsigned qword.
1469 */
1470DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1471{
1472 uint8_t const offOpcode = pIemCpu->offOpcode;
1473 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1474 return iemOpcodeGetNextS8SxU64Slow(pIemCpu, pu64);
1475
1476 *pu64 = (int8_t)pIemCpu->abOpcode[offOpcode];
1477 pIemCpu->offOpcode = offOpcode + 1;
1478 return VINF_SUCCESS;
1479}
1480
1481
1482/**
1483 * Fetches the next signed byte from the opcode stream and sign-extending it to
1484 * a word, returning automatically on failure.
1485 *
1486 * @param a_pu64 Where to return the word.
1487 * @remark Implicitly references pIemCpu.
1488 */
1489#define IEM_OPCODE_GET_NEXT_S8_SX_U64(a_pu64) \
1490 do \
1491 { \
1492 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU64(pIemCpu, (a_pu64)); \
1493 if (rcStrict2 != VINF_SUCCESS) \
1494 return rcStrict2; \
1495 } while (0)
1496
1497
1498/**
1499 * Deals with the problematic cases that iemOpcodeGetNextU16 doesn't like.
1500 *
1501 * @returns Strict VBox status code.
1502 * @param pIemCpu The IEM state.
1503 * @param pu16 Where to return the opcode word.
1504 */
1505DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU16Slow(PIEMCPU pIemCpu, uint16_t *pu16)
1506{
1507 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 2);
1508 if (rcStrict == VINF_SUCCESS)
1509 {
1510 uint8_t offOpcode = pIemCpu->offOpcode;
1511 *pu16 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1512 pIemCpu->offOpcode = offOpcode + 2;
1513 }
1514 else
1515 *pu16 = 0;
1516 return rcStrict;
1517}
1518
1519
1520/**
1521 * Fetches the next opcode word.
1522 *
1523 * @returns Strict VBox status code.
1524 * @param pIemCpu The IEM state.
1525 * @param pu16 Where to return the opcode word.
1526 */
1527DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16(PIEMCPU pIemCpu, uint16_t *pu16)
1528{
1529 uint8_t const offOpcode = pIemCpu->offOpcode;
1530 if (RT_UNLIKELY(offOpcode + 2 > pIemCpu->cbOpcode))
1531 return iemOpcodeGetNextU16Slow(pIemCpu, pu16);
1532
1533 *pu16 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1534 pIemCpu->offOpcode = offOpcode + 2;
1535 return VINF_SUCCESS;
1536}
1537
1538
1539/**
1540 * Fetches the next opcode word, returns automatically on failure.
1541 *
1542 * @param a_pu16 Where to return the opcode word.
1543 * @remark Implicitly references pIemCpu.
1544 */
1545#define IEM_OPCODE_GET_NEXT_U16(a_pu16) \
1546 do \
1547 { \
1548 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16(pIemCpu, (a_pu16)); \
1549 if (rcStrict2 != VINF_SUCCESS) \
1550 return rcStrict2; \
1551 } while (0)
1552
1553
1554/**
1555 * Deals with the problematic cases that iemOpcodeGetNextU16ZxU32 doesn't like.
1556 *
1557 * @returns Strict VBox status code.
1558 * @param pIemCpu The IEM state.
1559 * @param pu32 Where to return the opcode double word.
1560 */
1561DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU16ZxU32Slow(PIEMCPU pIemCpu, uint32_t *pu32)
1562{
1563 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 2);
1564 if (rcStrict == VINF_SUCCESS)
1565 {
1566 uint8_t offOpcode = pIemCpu->offOpcode;
1567 *pu32 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1568 pIemCpu->offOpcode = offOpcode + 2;
1569 }
1570 else
1571 *pu32 = 0;
1572 return rcStrict;
1573}
1574
1575
1576/**
1577 * Fetches the next opcode word, zero extending it to a double word.
1578 *
1579 * @returns Strict VBox status code.
1580 * @param pIemCpu The IEM state.
1581 * @param pu32 Where to return the opcode double word.
1582 */
1583DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16ZxU32(PIEMCPU pIemCpu, uint32_t *pu32)
1584{
1585 uint8_t const offOpcode = pIemCpu->offOpcode;
1586 if (RT_UNLIKELY(offOpcode + 2 > pIemCpu->cbOpcode))
1587 return iemOpcodeGetNextU16ZxU32Slow(pIemCpu, pu32);
1588
1589 *pu32 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1590 pIemCpu->offOpcode = offOpcode + 2;
1591 return VINF_SUCCESS;
1592}
1593
1594
1595/**
1596 * Fetches the next opcode word and zero extends it to a double word, returns
1597 * automatically on failure.
1598 *
1599 * @param a_pu32 Where to return the opcode double word.
1600 * @remark Implicitly references pIemCpu.
1601 */
1602#define IEM_OPCODE_GET_NEXT_U16_ZX_U32(a_pu32) \
1603 do \
1604 { \
1605 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16ZxU32(pIemCpu, (a_pu32)); \
1606 if (rcStrict2 != VINF_SUCCESS) \
1607 return rcStrict2; \
1608 } while (0)
1609
1610
1611/**
1612 * Deals with the problematic cases that iemOpcodeGetNextU16ZxU64 doesn't like.
1613 *
1614 * @returns Strict VBox status code.
1615 * @param pIemCpu The IEM state.
1616 * @param pu64 Where to return the opcode quad word.
1617 */
1618DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU16ZxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1619{
1620 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 2);
1621 if (rcStrict == VINF_SUCCESS)
1622 {
1623 uint8_t offOpcode = pIemCpu->offOpcode;
1624 *pu64 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1625 pIemCpu->offOpcode = offOpcode + 2;
1626 }
1627 else
1628 *pu64 = 0;
1629 return rcStrict;
1630}
1631
1632
1633/**
1634 * Fetches the next opcode word, zero extending it to a quad word.
1635 *
1636 * @returns Strict VBox status code.
1637 * @param pIemCpu The IEM state.
1638 * @param pu64 Where to return the opcode quad word.
1639 */
1640DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16ZxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1641{
1642 uint8_t const offOpcode = pIemCpu->offOpcode;
1643 if (RT_UNLIKELY(offOpcode + 2 > pIemCpu->cbOpcode))
1644 return iemOpcodeGetNextU16ZxU64Slow(pIemCpu, pu64);
1645
1646 *pu64 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1647 pIemCpu->offOpcode = offOpcode + 2;
1648 return VINF_SUCCESS;
1649}
1650
1651
1652/**
1653 * Fetches the next opcode word and zero extends it to a quad word, returns
1654 * automatically on failure.
1655 *
1656 * @param a_pu64 Where to return the opcode quad word.
1657 * @remark Implicitly references pIemCpu.
1658 */
1659#define IEM_OPCODE_GET_NEXT_U16_ZX_U64(a_pu64) \
1660 do \
1661 { \
1662 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16ZxU64(pIemCpu, (a_pu64)); \
1663 if (rcStrict2 != VINF_SUCCESS) \
1664 return rcStrict2; \
1665 } while (0)
1666
1667
1668/**
1669 * Fetches the next signed word from the opcode stream.
1670 *
1671 * @returns Strict VBox status code.
1672 * @param pIemCpu The IEM state.
1673 * @param pi16 Where to return the signed word.
1674 */
1675DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS16(PIEMCPU pIemCpu, int16_t *pi16)
1676{
1677 return iemOpcodeGetNextU16(pIemCpu, (uint16_t *)pi16);
1678}
1679
1680
1681/**
1682 * Fetches the next signed word from the opcode stream, returning automatically
1683 * on failure.
1684 *
1685 * @param a_pi16 Where to return the signed word.
1686 * @remark Implicitly references pIemCpu.
1687 */
1688#define IEM_OPCODE_GET_NEXT_S16(a_pi16) \
1689 do \
1690 { \
1691 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS16(pIemCpu, (a_pi16)); \
1692 if (rcStrict2 != VINF_SUCCESS) \
1693 return rcStrict2; \
1694 } while (0)
1695
1696
1697/**
1698 * Deals with the problematic cases that iemOpcodeGetNextU32 doesn't like.
1699 *
1700 * @returns Strict VBox status code.
1701 * @param pIemCpu The IEM state.
1702 * @param pu32 Where to return the opcode dword.
1703 */
1704DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU32Slow(PIEMCPU pIemCpu, uint32_t *pu32)
1705{
1706 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 4);
1707 if (rcStrict == VINF_SUCCESS)
1708 {
1709 uint8_t offOpcode = pIemCpu->offOpcode;
1710 *pu32 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1711 pIemCpu->abOpcode[offOpcode + 1],
1712 pIemCpu->abOpcode[offOpcode + 2],
1713 pIemCpu->abOpcode[offOpcode + 3]);
1714 pIemCpu->offOpcode = offOpcode + 4;
1715 }
1716 else
1717 *pu32 = 0;
1718 return rcStrict;
1719}
1720
1721
1722/**
1723 * Fetches the next opcode dword.
1724 *
1725 * @returns Strict VBox status code.
1726 * @param pIemCpu The IEM state.
1727 * @param pu32 Where to return the opcode double word.
1728 */
1729DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU32(PIEMCPU pIemCpu, uint32_t *pu32)
1730{
1731 uint8_t const offOpcode = pIemCpu->offOpcode;
1732 if (RT_UNLIKELY(offOpcode + 4 > pIemCpu->cbOpcode))
1733 return iemOpcodeGetNextU32Slow(pIemCpu, pu32);
1734
1735 *pu32 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1736 pIemCpu->abOpcode[offOpcode + 1],
1737 pIemCpu->abOpcode[offOpcode + 2],
1738 pIemCpu->abOpcode[offOpcode + 3]);
1739 pIemCpu->offOpcode = offOpcode + 4;
1740 return VINF_SUCCESS;
1741}
1742
1743
1744/**
1745 * Fetches the next opcode dword, returns automatically on failure.
1746 *
1747 * @param a_pu32 Where to return the opcode dword.
1748 * @remark Implicitly references pIemCpu.
1749 */
1750#define IEM_OPCODE_GET_NEXT_U32(a_pu32) \
1751 do \
1752 { \
1753 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU32(pIemCpu, (a_pu32)); \
1754 if (rcStrict2 != VINF_SUCCESS) \
1755 return rcStrict2; \
1756 } while (0)
1757
1758
1759/**
1760 * Deals with the problematic cases that iemOpcodeGetNextU32ZxU64 doesn't like.
1761 *
1762 * @returns Strict VBox status code.
1763 * @param pIemCpu The IEM state.
1764 * @param pu64 Where to return the opcode dword.
1765 */
1766DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU32ZxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1767{
1768 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 4);
1769 if (rcStrict == VINF_SUCCESS)
1770 {
1771 uint8_t offOpcode = pIemCpu->offOpcode;
1772 *pu64 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1773 pIemCpu->abOpcode[offOpcode + 1],
1774 pIemCpu->abOpcode[offOpcode + 2],
1775 pIemCpu->abOpcode[offOpcode + 3]);
1776 pIemCpu->offOpcode = offOpcode + 4;
1777 }
1778 else
1779 *pu64 = 0;
1780 return rcStrict;
1781}
1782
1783
1784/**
1785 * Fetches the next opcode dword, zero extending it to a quad word.
1786 *
1787 * @returns Strict VBox status code.
1788 * @param pIemCpu The IEM state.
1789 * @param pu64 Where to return the opcode quad word.
1790 */
1791DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU32ZxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1792{
1793 uint8_t const offOpcode = pIemCpu->offOpcode;
1794 if (RT_UNLIKELY(offOpcode + 4 > pIemCpu->cbOpcode))
1795 return iemOpcodeGetNextU32ZxU64Slow(pIemCpu, pu64);
1796
1797 *pu64 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1798 pIemCpu->abOpcode[offOpcode + 1],
1799 pIemCpu->abOpcode[offOpcode + 2],
1800 pIemCpu->abOpcode[offOpcode + 3]);
1801 pIemCpu->offOpcode = offOpcode + 4;
1802 return VINF_SUCCESS;
1803}
1804
1805
1806/**
1807 * Fetches the next opcode dword and zero extends it to a quad word, returns
1808 * automatically on failure.
1809 *
1810 * @param a_pu64 Where to return the opcode quad word.
1811 * @remark Implicitly references pIemCpu.
1812 */
1813#define IEM_OPCODE_GET_NEXT_U32_ZX_U64(a_pu64) \
1814 do \
1815 { \
1816 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU32ZxU64(pIemCpu, (a_pu64)); \
1817 if (rcStrict2 != VINF_SUCCESS) \
1818 return rcStrict2; \
1819 } while (0)
1820
1821
1822/**
1823 * Fetches the next signed double word from the opcode stream.
1824 *
1825 * @returns Strict VBox status code.
1826 * @param pIemCpu The IEM state.
1827 * @param pi32 Where to return the signed double word.
1828 */
1829DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS32(PIEMCPU pIemCpu, int32_t *pi32)
1830{
1831 return iemOpcodeGetNextU32(pIemCpu, (uint32_t *)pi32);
1832}
1833
1834/**
1835 * Fetches the next signed double word from the opcode stream, returning
1836 * automatically on failure.
1837 *
1838 * @param a_pi32 Where to return the signed double word.
1839 * @remark Implicitly references pIemCpu.
1840 */
1841#define IEM_OPCODE_GET_NEXT_S32(a_pi32) \
1842 do \
1843 { \
1844 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS32(pIemCpu, (a_pi32)); \
1845 if (rcStrict2 != VINF_SUCCESS) \
1846 return rcStrict2; \
1847 } while (0)
1848
1849
1850/**
1851 * Deals with the problematic cases that iemOpcodeGetNextS32SxU64 doesn't like.
1852 *
1853 * @returns Strict VBox status code.
1854 * @param pIemCpu The IEM state.
1855 * @param pu64 Where to return the opcode qword.
1856 */
1857DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS32SxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1858{
1859 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 4);
1860 if (rcStrict == VINF_SUCCESS)
1861 {
1862 uint8_t offOpcode = pIemCpu->offOpcode;
1863 *pu64 = (int32_t)RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1864 pIemCpu->abOpcode[offOpcode + 1],
1865 pIemCpu->abOpcode[offOpcode + 2],
1866 pIemCpu->abOpcode[offOpcode + 3]);
1867 pIemCpu->offOpcode = offOpcode + 4;
1868 }
1869 else
1870 *pu64 = 0;
1871 return rcStrict;
1872}
1873
1874
1875/**
1876 * Fetches the next opcode dword, sign extending it into a quad word.
1877 *
1878 * @returns Strict VBox status code.
1879 * @param pIemCpu The IEM state.
1880 * @param pu64 Where to return the opcode quad word.
1881 */
1882DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS32SxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1883{
1884 uint8_t const offOpcode = pIemCpu->offOpcode;
1885 if (RT_UNLIKELY(offOpcode + 4 > pIemCpu->cbOpcode))
1886 return iemOpcodeGetNextS32SxU64Slow(pIemCpu, pu64);
1887
1888 int32_t i32 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1889 pIemCpu->abOpcode[offOpcode + 1],
1890 pIemCpu->abOpcode[offOpcode + 2],
1891 pIemCpu->abOpcode[offOpcode + 3]);
1892 *pu64 = i32;
1893 pIemCpu->offOpcode = offOpcode + 4;
1894 return VINF_SUCCESS;
1895}
1896
1897
1898/**
1899 * Fetches the next opcode double word and sign extends it to a quad word,
1900 * returns automatically on failure.
1901 *
1902 * @param a_pu64 Where to return the opcode quad word.
1903 * @remark Implicitly references pIemCpu.
1904 */
1905#define IEM_OPCODE_GET_NEXT_S32_SX_U64(a_pu64) \
1906 do \
1907 { \
1908 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS32SxU64(pIemCpu, (a_pu64)); \
1909 if (rcStrict2 != VINF_SUCCESS) \
1910 return rcStrict2; \
1911 } while (0)
1912
1913
1914/**
1915 * Deals with the problematic cases that iemOpcodeGetNextU64 doesn't like.
1916 *
1917 * @returns Strict VBox status code.
1918 * @param pIemCpu The IEM state.
1919 * @param pu64 Where to return the opcode qword.
1920 */
1921DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1922{
1923 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 8);
1924 if (rcStrict == VINF_SUCCESS)
1925 {
1926 uint8_t offOpcode = pIemCpu->offOpcode;
1927 *pu64 = RT_MAKE_U64_FROM_U8(pIemCpu->abOpcode[offOpcode],
1928 pIemCpu->abOpcode[offOpcode + 1],
1929 pIemCpu->abOpcode[offOpcode + 2],
1930 pIemCpu->abOpcode[offOpcode + 3],
1931 pIemCpu->abOpcode[offOpcode + 4],
1932 pIemCpu->abOpcode[offOpcode + 5],
1933 pIemCpu->abOpcode[offOpcode + 6],
1934 pIemCpu->abOpcode[offOpcode + 7]);
1935 pIemCpu->offOpcode = offOpcode + 8;
1936 }
1937 else
1938 *pu64 = 0;
1939 return rcStrict;
1940}
1941
1942
1943/**
1944 * Fetches the next opcode qword.
1945 *
1946 * @returns Strict VBox status code.
1947 * @param pIemCpu The IEM state.
1948 * @param pu64 Where to return the opcode qword.
1949 */
1950DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU64(PIEMCPU pIemCpu, uint64_t *pu64)
1951{
1952 uint8_t const offOpcode = pIemCpu->offOpcode;
1953 if (RT_UNLIKELY(offOpcode + 8 > pIemCpu->cbOpcode))
1954 return iemOpcodeGetNextU64Slow(pIemCpu, pu64);
1955
1956 *pu64 = RT_MAKE_U64_FROM_U8(pIemCpu->abOpcode[offOpcode],
1957 pIemCpu->abOpcode[offOpcode + 1],
1958 pIemCpu->abOpcode[offOpcode + 2],
1959 pIemCpu->abOpcode[offOpcode + 3],
1960 pIemCpu->abOpcode[offOpcode + 4],
1961 pIemCpu->abOpcode[offOpcode + 5],
1962 pIemCpu->abOpcode[offOpcode + 6],
1963 pIemCpu->abOpcode[offOpcode + 7]);
1964 pIemCpu->offOpcode = offOpcode + 8;
1965 return VINF_SUCCESS;
1966}
1967
1968
1969/**
1970 * Fetches the next opcode quad word, returns automatically on failure.
1971 *
1972 * @param a_pu64 Where to return the opcode quad word.
1973 * @remark Implicitly references pIemCpu.
1974 */
1975#define IEM_OPCODE_GET_NEXT_U64(a_pu64) \
1976 do \
1977 { \
1978 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU64(pIemCpu, (a_pu64)); \
1979 if (rcStrict2 != VINF_SUCCESS) \
1980 return rcStrict2; \
1981 } while (0)
1982
1983
1984/** @name Misc Worker Functions.
1985 * @{
1986 */
1987
1988
1989/**
1990 * Validates a new SS segment.
1991 *
1992 * @returns VBox strict status code.
1993 * @param pIemCpu The IEM per CPU instance data.
1994 * @param pCtx The CPU context.
1995 * @param NewSS The new SS selctor.
1996 * @param uCpl The CPL to load the stack for.
1997 * @param pDesc Where to return the descriptor.
1998 */
1999IEM_STATIC VBOXSTRICTRC iemMiscValidateNewSS(PIEMCPU pIemCpu, PCCPUMCTX pCtx, RTSEL NewSS, uint8_t uCpl, PIEMSELDESC pDesc)
2000{
2001 NOREF(pCtx);
2002
2003 /* Null selectors are not allowed (we're not called for dispatching
2004 interrupts with SS=0 in long mode). */
2005 if (!(NewSS & X86_SEL_MASK_OFF_RPL))
2006 {
2007 Log(("iemMiscValidateNewSSandRsp: %#x - null selector -> #TS(0)\n", NewSS));
2008 return iemRaiseTaskSwitchFault0(pIemCpu);
2009 }
2010
2011 /** @todo testcase: check that the TSS.ssX RPL is checked. Also check when. */
2012 if ((NewSS & X86_SEL_RPL) != uCpl)
2013 {
2014 Log(("iemMiscValidateNewSSandRsp: %#x - RPL and CPL (%d) differs -> #TS\n", NewSS, uCpl));
2015 return iemRaiseTaskSwitchFaultBySelector(pIemCpu, NewSS);
2016 }
2017
2018 /*
2019 * Read the descriptor.
2020 */
2021 VBOXSTRICTRC rcStrict = iemMemFetchSelDesc(pIemCpu, pDesc, NewSS, X86_XCPT_TS);
2022 if (rcStrict != VINF_SUCCESS)
2023 return rcStrict;
2024
2025 /*
2026 * Perform the descriptor validation documented for LSS, POP SS and MOV SS.
2027 */
2028 if (!pDesc->Legacy.Gen.u1DescType)
2029 {
2030 Log(("iemMiscValidateNewSSandRsp: %#x - system selector (%#x) -> #TS\n", NewSS, pDesc->Legacy.Gen.u4Type));
2031 return iemRaiseTaskSwitchFaultBySelector(pIemCpu, NewSS);
2032 }
2033
2034 if ( (pDesc->Legacy.Gen.u4Type & X86_SEL_TYPE_CODE)
2035 || !(pDesc->Legacy.Gen.u4Type & X86_SEL_TYPE_WRITE) )
2036 {
2037 Log(("iemMiscValidateNewSSandRsp: %#x - code or read only (%#x) -> #TS\n", NewSS, pDesc->Legacy.Gen.u4Type));
2038 return iemRaiseTaskSwitchFaultBySelector(pIemCpu, NewSS);
2039 }
2040 if (pDesc->Legacy.Gen.u2Dpl != uCpl)
2041 {
2042 Log(("iemMiscValidateNewSSandRsp: %#x - DPL (%d) and CPL (%d) differs -> #TS\n", NewSS, pDesc->Legacy.Gen.u2Dpl, uCpl));
2043 return iemRaiseTaskSwitchFaultBySelector(pIemCpu, NewSS);
2044 }
2045
2046 /* Is it there? */
2047 /** @todo testcase: Is this checked before the canonical / limit check below? */
2048 if (!pDesc->Legacy.Gen.u1Present)
2049 {
2050 Log(("iemMiscValidateNewSSandRsp: %#x - segment not present -> #NP\n", NewSS));
2051 return iemRaiseSelectorNotPresentBySelector(pIemCpu, NewSS);
2052 }
2053
2054 return VINF_SUCCESS;
2055}
2056
2057
2058/**
2059 * Gets the correct EFLAGS regardless of whether PATM stores parts of them or
2060 * not.
2061 *
2062 * @param a_pIemCpu The IEM per CPU data.
2063 * @param a_pCtx The CPU context.
2064 */
2065#ifdef VBOX_WITH_RAW_MODE_NOT_R0
2066# define IEMMISC_GET_EFL(a_pIemCpu, a_pCtx) \
2067 ( IEM_VERIFICATION_ENABLED(a_pIemCpu) \
2068 ? (a_pCtx)->eflags.u \
2069 : CPUMRawGetEFlags(IEMCPU_TO_VMCPU(a_pIemCpu)) )
2070#else
2071# define IEMMISC_GET_EFL(a_pIemCpu, a_pCtx) \
2072 ( (a_pCtx)->eflags.u )
2073#endif
2074
2075/**
2076 * Updates the EFLAGS in the correct manner wrt. PATM.
2077 *
2078 * @param a_pIemCpu The IEM per CPU data.
2079 * @param a_pCtx The CPU context.
2080 * @param a_fEfl The new EFLAGS.
2081 */
2082#ifdef VBOX_WITH_RAW_MODE_NOT_R0
2083# define IEMMISC_SET_EFL(a_pIemCpu, a_pCtx, a_fEfl) \
2084 do { \
2085 if (IEM_VERIFICATION_ENABLED(a_pIemCpu)) \
2086 (a_pCtx)->eflags.u = (a_fEfl); \
2087 else \
2088 CPUMRawSetEFlags(IEMCPU_TO_VMCPU(a_pIemCpu), a_fEfl); \
2089 } while (0)
2090#else
2091# define IEMMISC_SET_EFL(a_pIemCpu, a_pCtx, a_fEfl) \
2092 do { \
2093 (a_pCtx)->eflags.u = (a_fEfl); \
2094 } while (0)
2095#endif
2096
2097
2098/** @} */
2099
2100/** @name Raising Exceptions.
2101 *
2102 * @{
2103 */
2104
2105/** @name IEM_XCPT_FLAGS_XXX - flags for iemRaiseXcptOrInt.
2106 * @{ */
2107/** CPU exception. */
2108#define IEM_XCPT_FLAGS_T_CPU_XCPT RT_BIT_32(0)
2109/** External interrupt (from PIC, APIC, whatever). */
2110#define IEM_XCPT_FLAGS_T_EXT_INT RT_BIT_32(1)
2111/** Software interrupt (int or into, not bound).
2112 * Returns to the following instruction */
2113#define IEM_XCPT_FLAGS_T_SOFT_INT RT_BIT_32(2)
2114/** Takes an error code. */
2115#define IEM_XCPT_FLAGS_ERR RT_BIT_32(3)
2116/** Takes a CR2. */
2117#define IEM_XCPT_FLAGS_CR2 RT_BIT_32(4)
2118/** Generated by the breakpoint instruction. */
2119#define IEM_XCPT_FLAGS_BP_INSTR RT_BIT_32(5)
2120/** Generated by a DRx instruction breakpoint and RF should be cleared. */
2121#define IEM_XCPT_FLAGS_DRx_INSTR_BP RT_BIT_32(6)
2122/** @} */
2123
2124
2125/**
2126 * Loads the specified stack far pointer from the TSS.
2127 *
2128 * @returns VBox strict status code.
2129 * @param pIemCpu The IEM per CPU instance data.
2130 * @param pCtx The CPU context.
2131 * @param uCpl The CPL to load the stack for.
2132 * @param pSelSS Where to return the new stack segment.
2133 * @param puEsp Where to return the new stack pointer.
2134 */
2135IEM_STATIC VBOXSTRICTRC iemRaiseLoadStackFromTss32Or16(PIEMCPU pIemCpu, PCCPUMCTX pCtx, uint8_t uCpl,
2136 PRTSEL pSelSS, uint32_t *puEsp)
2137{
2138 VBOXSTRICTRC rcStrict;
2139 Assert(uCpl < 4);
2140
2141 switch (pCtx->tr.Attr.n.u4Type)
2142 {
2143 /*
2144 * 16-bit TSS (X86TSS16).
2145 */
2146 case X86_SEL_TYPE_SYS_286_TSS_AVAIL: AssertFailed();
2147 case X86_SEL_TYPE_SYS_286_TSS_BUSY:
2148 {
2149 uint32_t off = uCpl * 4 + 2;
2150 if (off + 4 <= pCtx->tr.u32Limit)
2151 {
2152 /** @todo check actual access pattern here. */
2153 uint32_t u32Tmp = 0; /* gcc maybe... */
2154 rcStrict = iemMemFetchSysU32(pIemCpu, &u32Tmp, UINT8_MAX, pCtx->tr.u64Base + off);
2155 if (rcStrict == VINF_SUCCESS)
2156 {
2157 *puEsp = RT_LOWORD(u32Tmp);
2158 *pSelSS = RT_HIWORD(u32Tmp);
2159 return VINF_SUCCESS;
2160 }
2161 }
2162 else
2163 {
2164 Log(("LoadStackFromTss32Or16: out of bounds! uCpl=%d, u32Limit=%#x TSS16\n", uCpl, pCtx->tr.u32Limit));
2165 rcStrict = iemRaiseTaskSwitchFaultCurrentTSS(pIemCpu);
2166 }
2167 break;
2168 }
2169
2170 /*
2171 * 32-bit TSS (X86TSS32).
2172 */
2173 case X86_SEL_TYPE_SYS_386_TSS_AVAIL: AssertFailed();
2174 case X86_SEL_TYPE_SYS_386_TSS_BUSY:
2175 {
2176 uint32_t off = uCpl * 8 + 4;
2177 if (off + 7 <= pCtx->tr.u32Limit)
2178 {
2179/** @todo check actual access pattern here. */
2180 uint64_t u64Tmp;
2181 rcStrict = iemMemFetchSysU64(pIemCpu, &u64Tmp, UINT8_MAX, pCtx->tr.u64Base + off);
2182 if (rcStrict == VINF_SUCCESS)
2183 {
2184 *puEsp = u64Tmp & UINT32_MAX;
2185 *pSelSS = (RTSEL)(u64Tmp >> 32);
2186 return VINF_SUCCESS;
2187 }
2188 }
2189 else
2190 {
2191 Log(("LoadStackFromTss32Or16: out of bounds! uCpl=%d, u32Limit=%#x TSS16\n", uCpl, pCtx->tr.u32Limit));
2192 rcStrict = iemRaiseTaskSwitchFaultCurrentTSS(pIemCpu);
2193 }
2194 break;
2195 }
2196
2197 default:
2198 AssertFailed();
2199 rcStrict = VERR_IEM_IPE_4;
2200 break;
2201 }
2202
2203 *puEsp = 0; /* make gcc happy */
2204 *pSelSS = 0; /* make gcc happy */
2205 return rcStrict;
2206}
2207
2208
2209/**
2210 * Loads the specified stack pointer from the 64-bit TSS.
2211 *
2212 * @returns VBox strict status code.
2213 * @param pIemCpu The IEM per CPU instance data.
2214 * @param pCtx The CPU context.
2215 * @param uCpl The CPL to load the stack for.
2216 * @param uIst The interrupt stack table index, 0 if to use uCpl.
2217 * @param puRsp Where to return the new stack pointer.
2218 */
2219IEM_STATIC VBOXSTRICTRC iemRaiseLoadStackFromTss64(PIEMCPU pIemCpu, PCCPUMCTX pCtx, uint8_t uCpl, uint8_t uIst, uint64_t *puRsp)
2220{
2221 Assert(uCpl < 4);
2222 Assert(uIst < 8);
2223 *puRsp = 0; /* make gcc happy */
2224
2225 AssertReturn(pCtx->tr.Attr.n.u4Type == AMD64_SEL_TYPE_SYS_TSS_BUSY, VERR_IEM_IPE_5);
2226
2227 uint32_t off;
2228 if (uIst)
2229 off = (uIst - 1) * sizeof(uint64_t) + RT_OFFSETOF(X86TSS64, ist1);
2230 else
2231 off = uCpl * sizeof(uint64_t) + RT_OFFSETOF(X86TSS64, rsp0);
2232 if (off + sizeof(uint64_t) > pCtx->tr.u32Limit)
2233 {
2234 Log(("iemRaiseLoadStackFromTss64: out of bounds! uCpl=%d uIst=%d, u32Limit=%#x\n", uCpl, uIst, pCtx->tr.u32Limit));
2235 return iemRaiseTaskSwitchFaultCurrentTSS(pIemCpu);
2236 }
2237
2238 return iemMemFetchSysU64(pIemCpu, puRsp, UINT8_MAX, pCtx->tr.u64Base + off);
2239}
2240
2241
2242/**
2243 * Adjust the CPU state according to the exception being raised.
2244 *
2245 * @param pCtx The CPU context.
2246 * @param u8Vector The exception that has been raised.
2247 */
2248DECLINLINE(void) iemRaiseXcptAdjustState(PCPUMCTX pCtx, uint8_t u8Vector)
2249{
2250 switch (u8Vector)
2251 {
2252 case X86_XCPT_DB:
2253 pCtx->dr[7] &= ~X86_DR7_GD;
2254 break;
2255 /** @todo Read the AMD and Intel exception reference... */
2256 }
2257}
2258
2259
2260/**
2261 * Implements exceptions and interrupts for real mode.
2262 *
2263 * @returns VBox strict status code.
2264 * @param pIemCpu The IEM per CPU instance data.
2265 * @param pCtx The CPU context.
2266 * @param cbInstr The number of bytes to offset rIP by in the return
2267 * address.
2268 * @param u8Vector The interrupt / exception vector number.
2269 * @param fFlags The flags.
2270 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
2271 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
2272 */
2273IEM_STATIC VBOXSTRICTRC
2274iemRaiseXcptOrIntInRealMode(PIEMCPU pIemCpu,
2275 PCPUMCTX pCtx,
2276 uint8_t cbInstr,
2277 uint8_t u8Vector,
2278 uint32_t fFlags,
2279 uint16_t uErr,
2280 uint64_t uCr2)
2281{
2282 AssertReturn(pIemCpu->enmCpuMode == IEMMODE_16BIT, VERR_IEM_IPE_6);
2283 NOREF(uErr); NOREF(uCr2);
2284
2285 /*
2286 * Read the IDT entry.
2287 */
2288 if (pCtx->idtr.cbIdt < UINT32_C(4) * u8Vector + 3)
2289 {
2290 Log(("RaiseXcptOrIntInRealMode: %#x is out of bounds (%#x)\n", u8Vector, pCtx->idtr.cbIdt));
2291 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
2292 }
2293 RTFAR16 Idte;
2294 VBOXSTRICTRC rcStrict = iemMemFetchDataU32(pIemCpu, (uint32_t *)&Idte, UINT8_MAX,
2295 pCtx->idtr.pIdt + UINT32_C(4) * u8Vector);
2296 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2297 return rcStrict;
2298
2299 /*
2300 * Push the stack frame.
2301 */
2302 uint16_t *pu16Frame;
2303 uint64_t uNewRsp;
2304 rcStrict = iemMemStackPushBeginSpecial(pIemCpu, 6, (void **)&pu16Frame, &uNewRsp);
2305 if (rcStrict != VINF_SUCCESS)
2306 return rcStrict;
2307
2308 uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
2309#if IEM_CFG_TARGET_CPU == IEMTARGETCPU_DYNAMIC
2310 AssertCompile(IEMTARGETCPU_8086 <= IEMTARGETCPU_186 && IEMTARGETCPU_V20 <= IEMTARGETCPU_186 && IEMTARGETCPU_286 > IEMTARGETCPU_186);
2311 if (pIemCpu->uTargetCpu <= IEMTARGETCPU_186)
2312 fEfl |= UINT16_C(0xf000);
2313#endif
2314 pu16Frame[2] = (uint16_t)fEfl;
2315 pu16Frame[1] = (uint16_t)pCtx->cs.Sel;
2316 pu16Frame[0] = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pCtx->ip + cbInstr : pCtx->ip;
2317 rcStrict = iemMemStackPushCommitSpecial(pIemCpu, pu16Frame, uNewRsp);
2318 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2319 return rcStrict;
2320
2321 /*
2322 * Load the vector address into cs:ip and make exception specific state
2323 * adjustments.
2324 */
2325 pCtx->cs.Sel = Idte.sel;
2326 pCtx->cs.ValidSel = Idte.sel;
2327 pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
2328 pCtx->cs.u64Base = (uint32_t)Idte.sel << 4;
2329 /** @todo do we load attribs and limit as well? Should we check against limit like far jump? */
2330 pCtx->rip = Idte.off;
2331 fEfl &= ~X86_EFL_IF;
2332 IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
2333
2334 /** @todo do we actually do this in real mode? */
2335 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
2336 iemRaiseXcptAdjustState(pCtx, u8Vector);
2337
2338 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
2339}
2340
2341
2342/**
2343 * Loads a NULL data selector into when coming from V8086 mode.
2344 *
2345 * @param pIemCpu The IEM per CPU instance data.
2346 * @param pSReg Pointer to the segment register.
2347 */
2348IEM_STATIC void iemHlpLoadNullDataSelectorOnV86Xcpt(PIEMCPU pIemCpu, PCPUMSELREG pSReg)
2349{
2350 pSReg->Sel = 0;
2351 pSReg->ValidSel = 0;
2352 if (IEM_IS_GUEST_CPU_INTEL(pIemCpu) && !IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
2353 {
2354 /* VT-x (Intel 3960x) doesn't change the base and limit, clears and sets the following attributes */
2355 pSReg->Attr.u &= X86DESCATTR_DT | X86DESCATTR_TYPE | X86DESCATTR_DPL | X86DESCATTR_G | X86DESCATTR_D;
2356 pSReg->Attr.u |= X86DESCATTR_UNUSABLE;
2357 }
2358 else
2359 {
2360 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
2361 /** @todo check this on AMD-V */
2362 pSReg->u64Base = 0;
2363 pSReg->u32Limit = 0;
2364 }
2365}
2366
2367
2368/**
2369 * Loads a segment selector during a task switch in V8086 mode.
2370 *
2371 * @param pIemCpu The IEM per CPU instance data.
2372 * @param pSReg Pointer to the segment register.
2373 * @param uSel The selector value to load.
2374 */
2375IEM_STATIC void iemHlpLoadSelectorInV86Mode(PIEMCPU pIemCpu, PCPUMSELREG pSReg, uint16_t uSel)
2376{
2377 /* See Intel spec. 26.3.1.2 "Checks on Guest Segment Registers". */
2378 pSReg->Sel = uSel;
2379 pSReg->ValidSel = uSel;
2380 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
2381 pSReg->u64Base = uSel << 4;
2382 pSReg->u32Limit = 0xffff;
2383 pSReg->Attr.u = 0xf3;
2384}
2385
2386
2387/**
2388 * Loads a NULL data selector into a selector register, both the hidden and
2389 * visible parts, in protected mode.
2390 *
2391 * @param pIemCpu The IEM state of the calling EMT.
2392 * @param pSReg Pointer to the segment register.
2393 * @param uRpl The RPL.
2394 */
2395IEM_STATIC void iemHlpLoadNullDataSelectorProt(PIEMCPU pIemCpu, PCPUMSELREG pSReg, RTSEL uRpl)
2396{
2397 /** @todo Testcase: write a testcase checking what happends when loading a NULL
2398 * data selector in protected mode. */
2399 pSReg->Sel = uRpl;
2400 pSReg->ValidSel = uRpl;
2401 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
2402 if (IEM_IS_GUEST_CPU_INTEL(pIemCpu) && !IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
2403 {
2404 /* VT-x (Intel 3960x) observed doing something like this. */
2405 pSReg->Attr.u = X86DESCATTR_UNUSABLE | X86DESCATTR_G | X86DESCATTR_D | (pIemCpu->uCpl << X86DESCATTR_DPL_SHIFT);
2406 pSReg->u32Limit = UINT32_MAX;
2407 pSReg->u64Base = 0;
2408 }
2409 else
2410 {
2411 pSReg->Attr.u = X86DESCATTR_UNUSABLE;
2412 pSReg->u32Limit = 0;
2413 pSReg->u64Base = 0;
2414 }
2415}
2416
2417
2418/**
2419 * Loads a segment selector during a task switch in protected mode.
2420 *
2421 * In this task switch scenario, we would throw \#TS exceptions rather than
2422 * \#GPs.
2423 *
2424 * @returns VBox strict status code.
2425 * @param pIemCpu The IEM per CPU instance data.
2426 * @param pSReg Pointer to the segment register.
2427 * @param uSel The new selector value.
2428 *
2429 * @remarks This does _not_ handle CS or SS.
2430 * @remarks This expects pIemCpu->uCpl to be up to date.
2431 */
2432IEM_STATIC VBOXSTRICTRC iemHlpTaskSwitchLoadDataSelectorInProtMode(PIEMCPU pIemCpu, PCPUMSELREG pSReg, uint16_t uSel)
2433{
2434 Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
2435
2436 /* Null data selector. */
2437 if (!(uSel & X86_SEL_MASK_OFF_RPL))
2438 {
2439 iemHlpLoadNullDataSelectorProt(pIemCpu, pSReg, uSel);
2440 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg));
2441 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_HIDDEN_SEL_REGS);
2442 return VINF_SUCCESS;
2443 }
2444
2445 /* Fetch the descriptor. */
2446 IEMSELDESC Desc;
2447 VBOXSTRICTRC rcStrict = iemMemFetchSelDesc(pIemCpu, &Desc, uSel, X86_XCPT_TS);
2448 if (rcStrict != VINF_SUCCESS)
2449 {
2450 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: failed to fetch selector. uSel=%u rc=%Rrc\n", uSel,
2451 VBOXSTRICTRC_VAL(rcStrict)));
2452 return rcStrict;
2453 }
2454
2455 /* Must be a data segment or readable code segment. */
2456 if ( !Desc.Legacy.Gen.u1DescType
2457 || (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ)) == X86_SEL_TYPE_CODE)
2458 {
2459 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: invalid segment type. uSel=%u Desc.u4Type=%#x\n", uSel,
2460 Desc.Legacy.Gen.u4Type));
2461 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uSel & X86_SEL_MASK_OFF_RPL);
2462 }
2463
2464 /* Check privileges for data segments and non-conforming code segments. */
2465 if ( (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
2466 != (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
2467 {
2468 /* The RPL and the new CPL must be less than or equal to the DPL. */
2469 if ( (unsigned)(uSel & X86_SEL_RPL) > Desc.Legacy.Gen.u2Dpl
2470 || (pIemCpu->uCpl > Desc.Legacy.Gen.u2Dpl))
2471 {
2472 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: Invalid priv. uSel=%u uSel.RPL=%u DPL=%u CPL=%u\n",
2473 uSel, (uSel & X86_SEL_RPL), Desc.Legacy.Gen.u2Dpl, pIemCpu->uCpl));
2474 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uSel & X86_SEL_MASK_OFF_RPL);
2475 }
2476 }
2477
2478 /* Is it there? */
2479 if (!Desc.Legacy.Gen.u1Present)
2480 {
2481 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: Segment not present. uSel=%u\n", uSel));
2482 return iemRaiseSelectorNotPresentWithErr(pIemCpu, uSel & X86_SEL_MASK_OFF_RPL);
2483 }
2484
2485 /* The base and limit. */
2486 uint32_t cbLimit = X86DESC_LIMIT_G(&Desc.Legacy);
2487 uint64_t u64Base = X86DESC_BASE(&Desc.Legacy);
2488
2489 /*
2490 * Ok, everything checked out fine. Now set the accessed bit before
2491 * committing the result into the registers.
2492 */
2493 if (!(Desc.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
2494 {
2495 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, uSel);
2496 if (rcStrict != VINF_SUCCESS)
2497 return rcStrict;
2498 Desc.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
2499 }
2500
2501 /* Commit */
2502 pSReg->Sel = uSel;
2503 pSReg->Attr.u = X86DESC_GET_HID_ATTR(&Desc.Legacy);
2504 pSReg->u32Limit = cbLimit;
2505 pSReg->u64Base = u64Base; /** @todo testcase/investigate: seen claims that the upper half of the base remains unchanged... */
2506 pSReg->ValidSel = uSel;
2507 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
2508 if (IEM_IS_GUEST_CPU_INTEL(pIemCpu) && !IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
2509 pSReg->Attr.u &= ~X86DESCATTR_UNUSABLE;
2510
2511 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg));
2512 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_HIDDEN_SEL_REGS);
2513 return VINF_SUCCESS;
2514}
2515
2516
2517/**
2518 * Performs a task switch.
2519 *
2520 * If the task switch is the result of a JMP, CALL or IRET instruction, the
2521 * caller is responsible for performing the necessary checks (like DPL, TSS
2522 * present etc.) which are specific to JMP/CALL/IRET. See Intel Instruction
2523 * reference for JMP, CALL, IRET.
2524 *
2525 * If the task switch is the due to a software interrupt or hardware exception,
2526 * the caller is responsible for validating the TSS selector and descriptor. See
2527 * Intel Instruction reference for INT n.
2528 *
2529 * @returns VBox strict status code.
2530 * @param pIemCpu The IEM per CPU instance data.
2531 * @param pCtx The CPU context.
2532 * @param enmTaskSwitch What caused this task switch.
2533 * @param uNextEip The EIP effective after the task switch.
2534 * @param fFlags The flags.
2535 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
2536 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
2537 * @param SelTSS The TSS selector of the new task.
2538 * @param pNewDescTSS Pointer to the new TSS descriptor.
2539 */
2540IEM_STATIC VBOXSTRICTRC
2541iemTaskSwitch(PIEMCPU pIemCpu,
2542 PCPUMCTX pCtx,
2543 IEMTASKSWITCH enmTaskSwitch,
2544 uint32_t uNextEip,
2545 uint32_t fFlags,
2546 uint16_t uErr,
2547 uint64_t uCr2,
2548 RTSEL SelTSS,
2549 PIEMSELDESC pNewDescTSS)
2550{
2551 Assert(!IEM_IS_REAL_MODE(pIemCpu));
2552 Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
2553
2554 uint32_t const uNewTSSType = pNewDescTSS->Legacy.Gate.u4Type;
2555 Assert( uNewTSSType == X86_SEL_TYPE_SYS_286_TSS_AVAIL
2556 || uNewTSSType == X86_SEL_TYPE_SYS_286_TSS_BUSY
2557 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_AVAIL
2558 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_BUSY);
2559
2560 bool const fIsNewTSS386 = ( uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_AVAIL
2561 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_BUSY);
2562
2563 Log(("iemTaskSwitch: enmTaskSwitch=%u NewTSS=%#x fIsNewTSS386=%RTbool EIP=%#RGv uNextEip=%#RGv\n", enmTaskSwitch, SelTSS,
2564 fIsNewTSS386, pCtx->eip, uNextEip));
2565
2566 /* Update CR2 in case it's a page-fault. */
2567 /** @todo This should probably be done much earlier in IEM/PGM. See
2568 * @bugref{5653#c49}. */
2569 if (fFlags & IEM_XCPT_FLAGS_CR2)
2570 pCtx->cr2 = uCr2;
2571
2572 /*
2573 * Check the new TSS limit. See Intel spec. 6.15 "Exception and Interrupt Reference"
2574 * subsection "Interrupt 10 - Invalid TSS Exception (#TS)".
2575 */
2576 uint32_t const uNewTSSLimit = pNewDescTSS->Legacy.Gen.u16LimitLow | (pNewDescTSS->Legacy.Gen.u4LimitHigh << 16);
2577 uint32_t const uNewTSSLimitMin = fIsNewTSS386 ? X86_SEL_TYPE_SYS_386_TSS_LIMIT_MIN : X86_SEL_TYPE_SYS_286_TSS_LIMIT_MIN;
2578 if (uNewTSSLimit < uNewTSSLimitMin)
2579 {
2580 Log(("iemTaskSwitch: Invalid new TSS limit. enmTaskSwitch=%u uNewTSSLimit=%#x uNewTSSLimitMin=%#x -> #TS\n",
2581 enmTaskSwitch, uNewTSSLimit, uNewTSSLimitMin));
2582 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, SelTSS & X86_SEL_MASK_OFF_RPL);
2583 }
2584
2585 /*
2586 * Check the current TSS limit. The last written byte to the current TSS during the
2587 * task switch will be 2 bytes at offset 0x5C (32-bit) and 1 byte at offset 0x28 (16-bit).
2588 * See Intel spec. 7.2.1 "Task-State Segment (TSS)" for static and dynamic fields.
2589 *
2590 * The AMD docs doesn't mention anything about limit checks with LTR which suggests you can
2591 * end up with smaller than "legal" TSS limits.
2592 */
2593 uint32_t const uCurTSSLimit = pCtx->tr.u32Limit;
2594 uint32_t const uCurTSSLimitMin = fIsNewTSS386 ? 0x5F : 0x29;
2595 if (uCurTSSLimit < uCurTSSLimitMin)
2596 {
2597 Log(("iemTaskSwitch: Invalid current TSS limit. enmTaskSwitch=%u uCurTSSLimit=%#x uCurTSSLimitMin=%#x -> #TS\n",
2598 enmTaskSwitch, uCurTSSLimit, uCurTSSLimitMin));
2599 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, SelTSS & X86_SEL_MASK_OFF_RPL);
2600 }
2601
2602 /*
2603 * Verify that the new TSS can be accessed and map it. Map only the required contents
2604 * and not the entire TSS.
2605 */
2606 void *pvNewTSS;
2607 uint32_t cbNewTSS = uNewTSSLimitMin + 1;
2608 RTGCPTR GCPtrNewTSS = X86DESC_BASE(&pNewDescTSS->Legacy);
2609 AssertCompile(sizeof(X86TSS32) == X86_SEL_TYPE_SYS_386_TSS_LIMIT_MIN + 1);
2610 /** @todo Handle if the TSS crosses a page boundary. Intel specifies that it may
2611 * not perform correct translation if this happens. See Intel spec. 7.2.1
2612 * "Task-State Segment" */
2613 VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu, &pvNewTSS, cbNewTSS, UINT8_MAX, GCPtrNewTSS, IEM_ACCESS_SYS_RW);
2614 if (rcStrict != VINF_SUCCESS)
2615 {
2616 Log(("iemTaskSwitch: Failed to read new TSS. enmTaskSwitch=%u cbNewTSS=%u uNewTSSLimit=%u rc=%Rrc\n", enmTaskSwitch,
2617 cbNewTSS, uNewTSSLimit, VBOXSTRICTRC_VAL(rcStrict)));
2618 return rcStrict;
2619 }
2620
2621 /*
2622 * Clear the busy bit in current task's TSS descriptor if it's a task switch due to JMP/IRET.
2623 */
2624 uint32_t u32EFlags = pCtx->eflags.u32;
2625 if ( enmTaskSwitch == IEMTASKSWITCH_JUMP
2626 || enmTaskSwitch == IEMTASKSWITCH_IRET)
2627 {
2628 PX86DESC pDescCurTSS;
2629 rcStrict = iemMemMap(pIemCpu, (void **)&pDescCurTSS, sizeof(*pDescCurTSS), UINT8_MAX,
2630 pCtx->gdtr.pGdt + (pCtx->tr.Sel & X86_SEL_MASK), IEM_ACCESS_SYS_RW);
2631 if (rcStrict != VINF_SUCCESS)
2632 {
2633 Log(("iemTaskSwitch: Failed to read new TSS descriptor in GDT. enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
2634 enmTaskSwitch, pCtx->gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
2635 return rcStrict;
2636 }
2637
2638 pDescCurTSS->Gate.u4Type &= ~X86_SEL_TYPE_SYS_TSS_BUSY_MASK;
2639 rcStrict = iemMemCommitAndUnmap(pIemCpu, pDescCurTSS, IEM_ACCESS_SYS_RW);
2640 if (rcStrict != VINF_SUCCESS)
2641 {
2642 Log(("iemTaskSwitch: Failed to commit new TSS descriptor in GDT. enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
2643 enmTaskSwitch, pCtx->gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
2644 return rcStrict;
2645 }
2646
2647 /* Clear EFLAGS.NT (Nested Task) in the eflags memory image, if it's a task switch due to an IRET. */
2648 if (enmTaskSwitch == IEMTASKSWITCH_IRET)
2649 {
2650 Assert( uNewTSSType == X86_SEL_TYPE_SYS_286_TSS_BUSY
2651 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_BUSY);
2652 u32EFlags &= ~X86_EFL_NT;
2653 }
2654 }
2655
2656 /*
2657 * Save the CPU state into the current TSS.
2658 */
2659 RTGCPTR GCPtrCurTSS = pCtx->tr.u64Base;
2660 if (GCPtrNewTSS == GCPtrCurTSS)
2661 {
2662 Log(("iemTaskSwitch: Switching to the same TSS! enmTaskSwitch=%u GCPtr[Cur|New]TSS=%#RGv\n", enmTaskSwitch, GCPtrCurTSS));
2663 Log(("uCurCr3=%#x uCurEip=%#x uCurEflags=%#x uCurEax=%#x uCurEsp=%#x uCurEbp=%#x uCurCS=%#04x uCurSS=%#04x uCurLdt=%#x\n",
2664 pCtx->cr3, pCtx->eip, pCtx->eflags.u32, pCtx->eax, pCtx->esp, pCtx->ebp, pCtx->cs.Sel, pCtx->ss.Sel, pCtx->ldtr.Sel));
2665 }
2666 if (fIsNewTSS386)
2667 {
2668 /*
2669 * Verify that the current TSS (32-bit) can be accessed, only the minimum required size.
2670 * See Intel spec. 7.2.1 "Task-State Segment (TSS)" for static and dynamic fields.
2671 */
2672 void *pvCurTSS32;
2673 uint32_t offCurTSS = RT_OFFSETOF(X86TSS32, eip);
2674 uint32_t cbCurTSS = RT_OFFSETOF(X86TSS32, selLdt) - RT_OFFSETOF(X86TSS32, eip);
2675 AssertCompile(RTASSERT_OFFSET_OF(X86TSS32, selLdt) - RTASSERT_OFFSET_OF(X86TSS32, eip) == 64);
2676 rcStrict = iemMemMap(pIemCpu, &pvCurTSS32, cbCurTSS, UINT8_MAX, GCPtrCurTSS + offCurTSS, IEM_ACCESS_SYS_RW);
2677 if (rcStrict != VINF_SUCCESS)
2678 {
2679 Log(("iemTaskSwitch: Failed to read current 32-bit TSS. enmTaskSwitch=%u GCPtrCurTSS=%#RGv cb=%u rc=%Rrc\n",
2680 enmTaskSwitch, GCPtrCurTSS, cbCurTSS, VBOXSTRICTRC_VAL(rcStrict)));
2681 return rcStrict;
2682 }
2683
2684 /* !! WARNING !! Access -only- the members (dynamic fields) that are mapped, i.e interval [offCurTSS..cbCurTSS). */
2685 PX86TSS32 pCurTSS32 = (PX86TSS32)((uintptr_t)pvCurTSS32 - offCurTSS);
2686 pCurTSS32->eip = uNextEip;
2687 pCurTSS32->eflags = u32EFlags;
2688 pCurTSS32->eax = pCtx->eax;
2689 pCurTSS32->ecx = pCtx->ecx;
2690 pCurTSS32->edx = pCtx->edx;
2691 pCurTSS32->ebx = pCtx->ebx;
2692 pCurTSS32->esp = pCtx->esp;
2693 pCurTSS32->ebp = pCtx->ebp;
2694 pCurTSS32->esi = pCtx->esi;
2695 pCurTSS32->edi = pCtx->edi;
2696 pCurTSS32->es = pCtx->es.Sel;
2697 pCurTSS32->cs = pCtx->cs.Sel;
2698 pCurTSS32->ss = pCtx->ss.Sel;
2699 pCurTSS32->ds = pCtx->ds.Sel;
2700 pCurTSS32->fs = pCtx->fs.Sel;
2701 pCurTSS32->gs = pCtx->gs.Sel;
2702
2703 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvCurTSS32, IEM_ACCESS_SYS_RW);
2704 if (rcStrict != VINF_SUCCESS)
2705 {
2706 Log(("iemTaskSwitch: Failed to commit current 32-bit TSS. enmTaskSwitch=%u rc=%Rrc\n", enmTaskSwitch,
2707 VBOXSTRICTRC_VAL(rcStrict)));
2708 return rcStrict;
2709 }
2710 }
2711 else
2712 {
2713 /*
2714 * Verify that the current TSS (16-bit) can be accessed. Again, only the minimum required size.
2715 */
2716 void *pvCurTSS16;
2717 uint32_t offCurTSS = RT_OFFSETOF(X86TSS16, ip);
2718 uint32_t cbCurTSS = RT_OFFSETOF(X86TSS16, selLdt) - RT_OFFSETOF(X86TSS16, ip);
2719 AssertCompile(RTASSERT_OFFSET_OF(X86TSS16, selLdt) - RTASSERT_OFFSET_OF(X86TSS16, ip) == 28);
2720 rcStrict = iemMemMap(pIemCpu, &pvCurTSS16, cbCurTSS, UINT8_MAX, GCPtrCurTSS + offCurTSS, IEM_ACCESS_SYS_RW);
2721 if (rcStrict != VINF_SUCCESS)
2722 {
2723 Log(("iemTaskSwitch: Failed to read current 16-bit TSS. enmTaskSwitch=%u GCPtrCurTSS=%#RGv cb=%u rc=%Rrc\n",
2724 enmTaskSwitch, GCPtrCurTSS, cbCurTSS, VBOXSTRICTRC_VAL(rcStrict)));
2725 return rcStrict;
2726 }
2727
2728 /* !! WARNING !! Access -only- the members (dynamic fields) that are mapped, i.e interval [offCurTSS..cbCurTSS). */
2729 PX86TSS16 pCurTSS16 = (PX86TSS16)((uintptr_t)pvCurTSS16 - offCurTSS);
2730 pCurTSS16->ip = uNextEip;
2731 pCurTSS16->flags = u32EFlags;
2732 pCurTSS16->ax = pCtx->ax;
2733 pCurTSS16->cx = pCtx->cx;
2734 pCurTSS16->dx = pCtx->dx;
2735 pCurTSS16->bx = pCtx->bx;
2736 pCurTSS16->sp = pCtx->sp;
2737 pCurTSS16->bp = pCtx->bp;
2738 pCurTSS16->si = pCtx->si;
2739 pCurTSS16->di = pCtx->di;
2740 pCurTSS16->es = pCtx->es.Sel;
2741 pCurTSS16->cs = pCtx->cs.Sel;
2742 pCurTSS16->ss = pCtx->ss.Sel;
2743 pCurTSS16->ds = pCtx->ds.Sel;
2744
2745 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvCurTSS16, IEM_ACCESS_SYS_RW);
2746 if (rcStrict != VINF_SUCCESS)
2747 {
2748 Log(("iemTaskSwitch: Failed to commit current 16-bit TSS. enmTaskSwitch=%u rc=%Rrc\n", enmTaskSwitch,
2749 VBOXSTRICTRC_VAL(rcStrict)));
2750 return rcStrict;
2751 }
2752 }
2753
2754 /*
2755 * Update the previous task link field for the new TSS, if the task switch is due to a CALL/INT_XCPT.
2756 */
2757 if ( enmTaskSwitch == IEMTASKSWITCH_CALL
2758 || enmTaskSwitch == IEMTASKSWITCH_INT_XCPT)
2759 {
2760 /* 16 or 32-bit TSS doesn't matter, we only access the first, common 16-bit field (selPrev) here. */
2761 PX86TSS32 pNewTSS = (PX86TSS32)pvNewTSS;
2762 pNewTSS->selPrev = pCtx->tr.Sel;
2763 }
2764
2765 /*
2766 * Read the state from the new TSS into temporaries. Setting it immediately as the new CPU state is tricky,
2767 * it's done further below with error handling (e.g. CR3 changes will go through PGM).
2768 */
2769 uint32_t uNewCr3, uNewEip, uNewEflags, uNewEax, uNewEcx, uNewEdx, uNewEbx, uNewEsp, uNewEbp, uNewEsi, uNewEdi;
2770 uint16_t uNewES, uNewCS, uNewSS, uNewDS, uNewFS, uNewGS, uNewLdt;
2771 bool fNewDebugTrap;
2772 if (fIsNewTSS386)
2773 {
2774 PX86TSS32 pNewTSS32 = (PX86TSS32)pvNewTSS;
2775 uNewCr3 = (pCtx->cr0 & X86_CR0_PG) ? pNewTSS32->cr3 : 0;
2776 uNewEip = pNewTSS32->eip;
2777 uNewEflags = pNewTSS32->eflags;
2778 uNewEax = pNewTSS32->eax;
2779 uNewEcx = pNewTSS32->ecx;
2780 uNewEdx = pNewTSS32->edx;
2781 uNewEbx = pNewTSS32->ebx;
2782 uNewEsp = pNewTSS32->esp;
2783 uNewEbp = pNewTSS32->ebp;
2784 uNewEsi = pNewTSS32->esi;
2785 uNewEdi = pNewTSS32->edi;
2786 uNewES = pNewTSS32->es;
2787 uNewCS = pNewTSS32->cs;
2788 uNewSS = pNewTSS32->ss;
2789 uNewDS = pNewTSS32->ds;
2790 uNewFS = pNewTSS32->fs;
2791 uNewGS = pNewTSS32->gs;
2792 uNewLdt = pNewTSS32->selLdt;
2793 fNewDebugTrap = RT_BOOL(pNewTSS32->fDebugTrap);
2794 }
2795 else
2796 {
2797 PX86TSS16 pNewTSS16 = (PX86TSS16)pvNewTSS;
2798 uNewCr3 = 0;
2799 uNewEip = pNewTSS16->ip;
2800 uNewEflags = pNewTSS16->flags;
2801 uNewEax = UINT32_C(0xffff0000) | pNewTSS16->ax;
2802 uNewEcx = UINT32_C(0xffff0000) | pNewTSS16->cx;
2803 uNewEdx = UINT32_C(0xffff0000) | pNewTSS16->dx;
2804 uNewEbx = UINT32_C(0xffff0000) | pNewTSS16->bx;
2805 uNewEsp = UINT32_C(0xffff0000) | pNewTSS16->sp;
2806 uNewEbp = UINT32_C(0xffff0000) | pNewTSS16->bp;
2807 uNewEsi = UINT32_C(0xffff0000) | pNewTSS16->si;
2808 uNewEdi = UINT32_C(0xffff0000) | pNewTSS16->di;
2809 uNewES = pNewTSS16->es;
2810 uNewCS = pNewTSS16->cs;
2811 uNewSS = pNewTSS16->ss;
2812 uNewDS = pNewTSS16->ds;
2813 uNewFS = 0;
2814 uNewGS = 0;
2815 uNewLdt = pNewTSS16->selLdt;
2816 fNewDebugTrap = false;
2817 }
2818
2819 if (GCPtrNewTSS == GCPtrCurTSS)
2820 Log(("uNewCr3=%#x uNewEip=%#x uNewEflags=%#x uNewEax=%#x uNewEsp=%#x uNewEbp=%#x uNewCS=%#04x uNewSS=%#04x uNewLdt=%#x\n",
2821 uNewCr3, uNewEip, uNewEflags, uNewEax, uNewEsp, uNewEbp, uNewCS, uNewSS, uNewLdt));
2822
2823 /*
2824 * We're done accessing the new TSS.
2825 */
2826 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvNewTSS, IEM_ACCESS_SYS_RW);
2827 if (rcStrict != VINF_SUCCESS)
2828 {
2829 Log(("iemTaskSwitch: Failed to commit new TSS. enmTaskSwitch=%u rc=%Rrc\n", enmTaskSwitch, VBOXSTRICTRC_VAL(rcStrict)));
2830 return rcStrict;
2831 }
2832
2833 /*
2834 * Set the busy bit in the new TSS descriptor, if the task switch is a JMP/CALL/INT_XCPT.
2835 */
2836 if (enmTaskSwitch != IEMTASKSWITCH_IRET)
2837 {
2838 rcStrict = iemMemMap(pIemCpu, (void **)&pNewDescTSS, sizeof(*pNewDescTSS), UINT8_MAX,
2839 pCtx->gdtr.pGdt + (SelTSS & X86_SEL_MASK), IEM_ACCESS_SYS_RW);
2840 if (rcStrict != VINF_SUCCESS)
2841 {
2842 Log(("iemTaskSwitch: Failed to read new TSS descriptor in GDT (2). enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
2843 enmTaskSwitch, pCtx->gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
2844 return rcStrict;
2845 }
2846
2847 /* Check that the descriptor indicates the new TSS is available (not busy). */
2848 AssertMsg( pNewDescTSS->Legacy.Gate.u4Type == X86_SEL_TYPE_SYS_286_TSS_AVAIL
2849 || pNewDescTSS->Legacy.Gate.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL,
2850 ("Invalid TSS descriptor type=%#x", pNewDescTSS->Legacy.Gate.u4Type));
2851
2852 pNewDescTSS->Legacy.Gate.u4Type |= X86_SEL_TYPE_SYS_TSS_BUSY_MASK;
2853 rcStrict = iemMemCommitAndUnmap(pIemCpu, pNewDescTSS, IEM_ACCESS_SYS_RW);
2854 if (rcStrict != VINF_SUCCESS)
2855 {
2856 Log(("iemTaskSwitch: Failed to commit new TSS descriptor in GDT (2). enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
2857 enmTaskSwitch, pCtx->gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
2858 return rcStrict;
2859 }
2860 }
2861
2862 /*
2863 * From this point on, we're technically in the new task. We will defer exceptions
2864 * until the completion of the task switch but before executing any instructions in the new task.
2865 */
2866 pCtx->tr.Sel = SelTSS;
2867 pCtx->tr.ValidSel = SelTSS;
2868 pCtx->tr.fFlags = CPUMSELREG_FLAGS_VALID;
2869 pCtx->tr.Attr.u = X86DESC_GET_HID_ATTR(&pNewDescTSS->Legacy);
2870 pCtx->tr.u32Limit = X86DESC_LIMIT_G(&pNewDescTSS->Legacy);
2871 pCtx->tr.u64Base = X86DESC_BASE(&pNewDescTSS->Legacy);
2872 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_TR);
2873
2874 /* Set the busy bit in TR. */
2875 pCtx->tr.Attr.n.u4Type |= X86_SEL_TYPE_SYS_TSS_BUSY_MASK;
2876 /* Set EFLAGS.NT (Nested Task) in the eflags loaded from the new TSS, if it's a task switch due to a CALL/INT_XCPT. */
2877 if ( enmTaskSwitch == IEMTASKSWITCH_CALL
2878 || enmTaskSwitch == IEMTASKSWITCH_INT_XCPT)
2879 {
2880 uNewEflags |= X86_EFL_NT;
2881 }
2882
2883 pCtx->dr[7] &= ~X86_DR7_LE_ALL; /** @todo Should we clear DR7.LE bit too? */
2884 pCtx->cr0 |= X86_CR0_TS;
2885 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_CR0);
2886
2887 pCtx->eip = uNewEip;
2888 pCtx->eax = uNewEax;
2889 pCtx->ecx = uNewEcx;
2890 pCtx->edx = uNewEdx;
2891 pCtx->ebx = uNewEbx;
2892 pCtx->esp = uNewEsp;
2893 pCtx->ebp = uNewEbp;
2894 pCtx->esi = uNewEsi;
2895 pCtx->edi = uNewEdi;
2896
2897 uNewEflags &= X86_EFL_LIVE_MASK;
2898 uNewEflags |= X86_EFL_RA1_MASK;
2899 IEMMISC_SET_EFL(pIemCpu, pCtx, uNewEflags);
2900
2901 /*
2902 * Switch the selectors here and do the segment checks later. If we throw exceptions, the selectors
2903 * will be valid in the exception handler. We cannot update the hidden parts until we've switched CR3
2904 * due to the hidden part data originating from the guest LDT/GDT which is accessed through paging.
2905 */
2906 pCtx->es.Sel = uNewES;
2907 pCtx->es.fFlags = CPUMSELREG_FLAGS_STALE;
2908 pCtx->es.Attr.u &= ~X86DESCATTR_P;
2909
2910 pCtx->cs.Sel = uNewCS;
2911 pCtx->cs.fFlags = CPUMSELREG_FLAGS_STALE;
2912 pCtx->cs.Attr.u &= ~X86DESCATTR_P;
2913
2914 pCtx->ss.Sel = uNewSS;
2915 pCtx->ss.fFlags = CPUMSELREG_FLAGS_STALE;
2916 pCtx->ss.Attr.u &= ~X86DESCATTR_P;
2917
2918 pCtx->ds.Sel = uNewDS;
2919 pCtx->ds.fFlags = CPUMSELREG_FLAGS_STALE;
2920 pCtx->ds.Attr.u &= ~X86DESCATTR_P;
2921
2922 pCtx->fs.Sel = uNewFS;
2923 pCtx->fs.fFlags = CPUMSELREG_FLAGS_STALE;
2924 pCtx->fs.Attr.u &= ~X86DESCATTR_P;
2925
2926 pCtx->gs.Sel = uNewGS;
2927 pCtx->gs.fFlags = CPUMSELREG_FLAGS_STALE;
2928 pCtx->gs.Attr.u &= ~X86DESCATTR_P;
2929 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_HIDDEN_SEL_REGS);
2930
2931 pCtx->ldtr.Sel = uNewLdt;
2932 pCtx->ldtr.fFlags = CPUMSELREG_FLAGS_STALE;
2933 pCtx->ldtr.Attr.u &= ~X86DESCATTR_P;
2934 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_LDTR);
2935
2936 if (IEM_IS_GUEST_CPU_INTEL(pIemCpu) && !IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
2937 {
2938 pCtx->es.Attr.u |= X86DESCATTR_UNUSABLE;
2939 pCtx->cs.Attr.u |= X86DESCATTR_UNUSABLE;
2940 pCtx->ss.Attr.u |= X86DESCATTR_UNUSABLE;
2941 pCtx->ds.Attr.u |= X86DESCATTR_UNUSABLE;
2942 pCtx->fs.Attr.u |= X86DESCATTR_UNUSABLE;
2943 pCtx->gs.Attr.u |= X86DESCATTR_UNUSABLE;
2944 pCtx->ldtr.Attr.u |= X86DESCATTR_UNUSABLE;
2945 }
2946
2947 /*
2948 * Switch CR3 for the new task.
2949 */
2950 if ( fIsNewTSS386
2951 && (pCtx->cr0 & X86_CR0_PG))
2952 {
2953 /** @todo Should we update and flush TLBs only if CR3 value actually changes? */
2954 if (!IEM_FULL_VERIFICATION_ENABLED(pIemCpu))
2955 {
2956 int rc = CPUMSetGuestCR3(IEMCPU_TO_VMCPU(pIemCpu), uNewCr3);
2957 AssertRCSuccessReturn(rc, rc);
2958 }
2959 else
2960 pCtx->cr3 = uNewCr3;
2961
2962 /* Inform PGM. */
2963 if (!IEM_FULL_VERIFICATION_ENABLED(pIemCpu))
2964 {
2965 int rc = PGMFlushTLB(IEMCPU_TO_VMCPU(pIemCpu), pCtx->cr3, !(pCtx->cr4 & X86_CR4_PGE));
2966 AssertRCReturn(rc, rc);
2967 /* ignore informational status codes */
2968 }
2969 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_CR3);
2970 }
2971
2972 /*
2973 * Switch LDTR for the new task.
2974 */
2975 if (!(uNewLdt & X86_SEL_MASK_OFF_RPL))
2976 iemHlpLoadNullDataSelectorProt(pIemCpu, &pCtx->ldtr, uNewLdt);
2977 else
2978 {
2979 Assert(!pCtx->ldtr.Attr.n.u1Present); /* Ensures that LDT.TI check passes in iemMemFetchSelDesc() below. */
2980
2981 IEMSELDESC DescNewLdt;
2982 rcStrict = iemMemFetchSelDesc(pIemCpu, &DescNewLdt, uNewLdt, X86_XCPT_TS);
2983 if (rcStrict != VINF_SUCCESS)
2984 {
2985 Log(("iemTaskSwitch: fetching LDT failed. enmTaskSwitch=%u uNewLdt=%u cbGdt=%u rc=%Rrc\n", enmTaskSwitch,
2986 uNewLdt, pCtx->gdtr.cbGdt, VBOXSTRICTRC_VAL(rcStrict)));
2987 return rcStrict;
2988 }
2989 if ( !DescNewLdt.Legacy.Gen.u1Present
2990 || DescNewLdt.Legacy.Gen.u1DescType
2991 || DescNewLdt.Legacy.Gen.u4Type != X86_SEL_TYPE_SYS_LDT)
2992 {
2993 Log(("iemTaskSwitch: Invalid LDT. enmTaskSwitch=%u uNewLdt=%u DescNewLdt.Legacy.u=%#RX64 -> #TS\n", enmTaskSwitch,
2994 uNewLdt, DescNewLdt.Legacy.u));
2995 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewLdt & X86_SEL_MASK_OFF_RPL);
2996 }
2997
2998 pCtx->ldtr.ValidSel = uNewLdt;
2999 pCtx->ldtr.fFlags = CPUMSELREG_FLAGS_VALID;
3000 pCtx->ldtr.u64Base = X86DESC_BASE(&DescNewLdt.Legacy);
3001 pCtx->ldtr.u32Limit = X86DESC_LIMIT_G(&DescNewLdt.Legacy);
3002 pCtx->ldtr.Attr.u = X86DESC_GET_HID_ATTR(&DescNewLdt.Legacy);
3003 if (IEM_IS_GUEST_CPU_INTEL(pIemCpu) && !IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
3004 pCtx->ldtr.Attr.u &= ~X86DESCATTR_UNUSABLE;
3005 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), &pCtx->ldtr));
3006 }
3007
3008 IEMSELDESC DescSS;
3009 if (IEM_IS_V86_MODE(pIemCpu))
3010 {
3011 pIemCpu->uCpl = 3;
3012 iemHlpLoadSelectorInV86Mode(pIemCpu, &pCtx->es, uNewES);
3013 iemHlpLoadSelectorInV86Mode(pIemCpu, &pCtx->cs, uNewCS);
3014 iemHlpLoadSelectorInV86Mode(pIemCpu, &pCtx->ss, uNewSS);
3015 iemHlpLoadSelectorInV86Mode(pIemCpu, &pCtx->ds, uNewDS);
3016 iemHlpLoadSelectorInV86Mode(pIemCpu, &pCtx->fs, uNewFS);
3017 iemHlpLoadSelectorInV86Mode(pIemCpu, &pCtx->gs, uNewGS);
3018 }
3019 else
3020 {
3021 uint8_t uNewCpl = (uNewCS & X86_SEL_RPL);
3022
3023 /*
3024 * Load the stack segment for the new task.
3025 */
3026 if (!(uNewSS & X86_SEL_MASK_OFF_RPL))
3027 {
3028 Log(("iemTaskSwitch: Null stack segment. enmTaskSwitch=%u uNewSS=%#x -> #TS\n", enmTaskSwitch, uNewSS));
3029 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
3030 }
3031
3032 /* Fetch the descriptor. */
3033 rcStrict = iemMemFetchSelDesc(pIemCpu, &DescSS, uNewSS, X86_XCPT_TS);
3034 if (rcStrict != VINF_SUCCESS)
3035 {
3036 Log(("iemTaskSwitch: failed to fetch SS. uNewSS=%#x rc=%Rrc\n", uNewSS,
3037 VBOXSTRICTRC_VAL(rcStrict)));
3038 return rcStrict;
3039 }
3040
3041 /* SS must be a data segment and writable. */
3042 if ( !DescSS.Legacy.Gen.u1DescType
3043 || (DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE)
3044 || !(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_WRITE))
3045 {
3046 Log(("iemTaskSwitch: SS invalid descriptor type. uNewSS=%#x u1DescType=%u u4Type=%#x\n",
3047 uNewSS, DescSS.Legacy.Gen.u1DescType, DescSS.Legacy.Gen.u4Type));
3048 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
3049 }
3050
3051 /* The SS.RPL, SS.DPL, CS.RPL (CPL) must be equal. */
3052 if ( (uNewSS & X86_SEL_RPL) != uNewCpl
3053 || DescSS.Legacy.Gen.u2Dpl != uNewCpl)
3054 {
3055 Log(("iemTaskSwitch: Invalid priv. for SS. uNewSS=%#x SS.DPL=%u uNewCpl=%u -> #TS\n", uNewSS, DescSS.Legacy.Gen.u2Dpl,
3056 uNewCpl));
3057 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
3058 }
3059
3060 /* Is it there? */
3061 if (!DescSS.Legacy.Gen.u1Present)
3062 {
3063 Log(("iemTaskSwitch: SS not present. uNewSS=%#x -> #NP\n", uNewSS));
3064 return iemRaiseSelectorNotPresentWithErr(pIemCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
3065 }
3066
3067 uint32_t cbLimit = X86DESC_LIMIT_G(&DescSS.Legacy);
3068 uint64_t u64Base = X86DESC_BASE(&DescSS.Legacy);
3069
3070 /* Set the accessed bit before committing the result into SS. */
3071 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3072 {
3073 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, uNewSS);
3074 if (rcStrict != VINF_SUCCESS)
3075 return rcStrict;
3076 DescSS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3077 }
3078
3079 /* Commit SS. */
3080 pCtx->ss.Sel = uNewSS;
3081 pCtx->ss.ValidSel = uNewSS;
3082 pCtx->ss.Attr.u = X86DESC_GET_HID_ATTR(&DescSS.Legacy);
3083 pCtx->ss.u32Limit = cbLimit;
3084 pCtx->ss.u64Base = u64Base;
3085 pCtx->ss.fFlags = CPUMSELREG_FLAGS_VALID;
3086 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), &pCtx->ss));
3087
3088 /* CPL has changed, update IEM before loading rest of segments. */
3089 pIemCpu->uCpl = uNewCpl;
3090
3091 /*
3092 * Load the data segments for the new task.
3093 */
3094 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pIemCpu, &pCtx->es, uNewES);
3095 if (rcStrict != VINF_SUCCESS)
3096 return rcStrict;
3097 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pIemCpu, &pCtx->ds, uNewDS);
3098 if (rcStrict != VINF_SUCCESS)
3099 return rcStrict;
3100 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pIemCpu, &pCtx->fs, uNewFS);
3101 if (rcStrict != VINF_SUCCESS)
3102 return rcStrict;
3103 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pIemCpu, &pCtx->gs, uNewGS);
3104 if (rcStrict != VINF_SUCCESS)
3105 return rcStrict;
3106
3107 /*
3108 * Load the code segment for the new task.
3109 */
3110 if (!(uNewCS & X86_SEL_MASK_OFF_RPL))
3111 {
3112 Log(("iemTaskSwitch #TS: Null code segment. enmTaskSwitch=%u uNewCS=%#x\n", enmTaskSwitch, uNewCS));
3113 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
3114 }
3115
3116 /* Fetch the descriptor. */
3117 IEMSELDESC DescCS;
3118 rcStrict = iemMemFetchSelDesc(pIemCpu, &DescCS, uNewCS, X86_XCPT_TS);
3119 if (rcStrict != VINF_SUCCESS)
3120 {
3121 Log(("iemTaskSwitch: failed to fetch CS. uNewCS=%u rc=%Rrc\n", uNewCS, VBOXSTRICTRC_VAL(rcStrict)));
3122 return rcStrict;
3123 }
3124
3125 /* CS must be a code segment. */
3126 if ( !DescCS.Legacy.Gen.u1DescType
3127 || !(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE))
3128 {
3129 Log(("iemTaskSwitch: CS invalid descriptor type. uNewCS=%#x u1DescType=%u u4Type=%#x -> #TS\n", uNewCS,
3130 DescCS.Legacy.Gen.u1DescType, DescCS.Legacy.Gen.u4Type));
3131 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
3132 }
3133
3134 /* For conforming CS, DPL must be less than or equal to the RPL. */
3135 if ( (DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF)
3136 && DescCS.Legacy.Gen.u2Dpl > (uNewCS & X86_SEL_RPL))
3137 {
3138 Log(("iemTaskSwitch: confirming CS DPL > RPL. uNewCS=%#x u4Type=%#x DPL=%u -> #TS\n", uNewCS, DescCS.Legacy.Gen.u4Type,
3139 DescCS.Legacy.Gen.u2Dpl));
3140 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
3141 }
3142
3143 /* For non-conforming CS, DPL must match RPL. */
3144 if ( !(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF)
3145 && DescCS.Legacy.Gen.u2Dpl != (uNewCS & X86_SEL_RPL))
3146 {
3147 Log(("iemTaskSwitch: non-confirming CS DPL RPL mismatch. uNewCS=%#x u4Type=%#x DPL=%u -> #TS\n", uNewCS,
3148 DescCS.Legacy.Gen.u4Type, DescCS.Legacy.Gen.u2Dpl));
3149 return iemRaiseTaskSwitchFaultWithErr(pIemCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
3150 }
3151
3152 /* Is it there? */
3153 if (!DescCS.Legacy.Gen.u1Present)
3154 {
3155 Log(("iemTaskSwitch: CS not present. uNewCS=%#x -> #NP\n", uNewCS));
3156 return iemRaiseSelectorNotPresentWithErr(pIemCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
3157 }
3158
3159 cbLimit = X86DESC_LIMIT_G(&DescCS.Legacy);
3160 u64Base = X86DESC_BASE(&DescCS.Legacy);
3161
3162 /* Set the accessed bit before committing the result into CS. */
3163 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3164 {
3165 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, uNewCS);
3166 if (rcStrict != VINF_SUCCESS)
3167 return rcStrict;
3168 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3169 }
3170
3171 /* Commit CS. */
3172 pCtx->cs.Sel = uNewCS;
3173 pCtx->cs.ValidSel = uNewCS;
3174 pCtx->cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
3175 pCtx->cs.u32Limit = cbLimit;
3176 pCtx->cs.u64Base = u64Base;
3177 pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
3178 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), &pCtx->cs));
3179 }
3180
3181 /** @todo Debug trap. */
3182 if (fIsNewTSS386 && fNewDebugTrap)
3183 Log(("iemTaskSwitch: Debug Trap set in new TSS. Not implemented!\n"));
3184
3185 /*
3186 * Construct the error code masks based on what caused this task switch.
3187 * See Intel Instruction reference for INT.
3188 */
3189 uint16_t uExt;
3190 if ( enmTaskSwitch == IEMTASKSWITCH_INT_XCPT
3191 && !(fFlags & IEM_XCPT_FLAGS_T_SOFT_INT))
3192 {
3193 uExt = 1;
3194 }
3195 else
3196 uExt = 0;
3197
3198 /*
3199 * Push any error code on to the new stack.
3200 */
3201 if (fFlags & IEM_XCPT_FLAGS_ERR)
3202 {
3203 Assert(enmTaskSwitch == IEMTASKSWITCH_INT_XCPT);
3204 uint32_t cbLimitSS = X86DESC_LIMIT_G(&DescSS.Legacy);
3205 uint8_t const cbStackFrame = fIsNewTSS386 ? 4 : 2;
3206
3207 /* Check that there is sufficient space on the stack. */
3208 /** @todo Factor out segment limit checking for normal/expand down segments
3209 * into a separate function. */
3210 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_DOWN))
3211 {
3212 if ( pCtx->esp - 1 > cbLimitSS
3213 || pCtx->esp < cbStackFrame)
3214 {
3215 /** @todo Intel says \#SS(EXT) for INT/XCPT, I couldn't figure out AMD yet. */
3216 Log(("iemTaskSwitch: SS=%#x ESP=%#x cbStackFrame=%#x is out of bounds -> #SS\n", pCtx->ss.Sel, pCtx->esp,
3217 cbStackFrame));
3218 return iemRaiseStackSelectorNotPresentWithErr(pIemCpu, uExt);
3219 }
3220 }
3221 else
3222 {
3223 if ( pCtx->esp - 1 > (DescSS.Legacy.Gen.u4Type & X86_DESC_DB ? UINT32_MAX : UINT32_C(0xffff))
3224 || pCtx->esp - cbStackFrame < cbLimitSS + UINT32_C(1))
3225 {
3226 Log(("iemTaskSwitch: SS=%#x ESP=%#x cbStackFrame=%#x (expand down) is out of bounds -> #SS\n", pCtx->ss.Sel, pCtx->esp,
3227 cbStackFrame));
3228 return iemRaiseStackSelectorNotPresentWithErr(pIemCpu, uExt);
3229 }
3230 }
3231
3232
3233 if (fIsNewTSS386)
3234 rcStrict = iemMemStackPushU32(pIemCpu, uErr);
3235 else
3236 rcStrict = iemMemStackPushU16(pIemCpu, uErr);
3237 if (rcStrict != VINF_SUCCESS)
3238 {
3239 Log(("iemTaskSwitch: Can't push error code to new task's stack. %s-bit TSS. rc=%Rrc\n", fIsNewTSS386 ? "32" : "16",
3240 VBOXSTRICTRC_VAL(rcStrict)));
3241 return rcStrict;
3242 }
3243 }
3244
3245 /* Check the new EIP against the new CS limit. */
3246 if (pCtx->eip > pCtx->cs.u32Limit)
3247 {
3248 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: New EIP exceeds CS limit. uNewEIP=%#RGv CS limit=%u -> #GP(0)\n",
3249 pCtx->eip, pCtx->cs.u32Limit));
3250 /** @todo Intel says \#GP(EXT) for INT/XCPT, I couldn't figure out AMD yet. */
3251 return iemRaiseGeneralProtectionFault(pIemCpu, uExt);
3252 }
3253
3254 Log(("iemTaskSwitch: Success! New CS:EIP=%#04x:%#x SS=%#04x\n", pCtx->cs.Sel, pCtx->eip, pCtx->ss.Sel));
3255 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
3256}
3257
3258
3259/**
3260 * Implements exceptions and interrupts for protected mode.
3261 *
3262 * @returns VBox strict status code.
3263 * @param pIemCpu The IEM per CPU instance data.
3264 * @param pCtx The CPU context.
3265 * @param cbInstr The number of bytes to offset rIP by in the return
3266 * address.
3267 * @param u8Vector The interrupt / exception vector number.
3268 * @param fFlags The flags.
3269 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
3270 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
3271 */
3272IEM_STATIC VBOXSTRICTRC
3273iemRaiseXcptOrIntInProtMode(PIEMCPU pIemCpu,
3274 PCPUMCTX pCtx,
3275 uint8_t cbInstr,
3276 uint8_t u8Vector,
3277 uint32_t fFlags,
3278 uint16_t uErr,
3279 uint64_t uCr2)
3280{
3281 /*
3282 * Read the IDT entry.
3283 */
3284 if (pCtx->idtr.cbIdt < UINT32_C(8) * u8Vector + 7)
3285 {
3286 Log(("RaiseXcptOrIntInProtMode: %#x is out of bounds (%#x)\n", u8Vector, pCtx->idtr.cbIdt));
3287 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3288 }
3289 X86DESC Idte;
3290 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &Idte.u, UINT8_MAX,
3291 pCtx->idtr.pIdt + UINT32_C(8) * u8Vector);
3292 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
3293 return rcStrict;
3294 Log(("iemRaiseXcptOrIntInProtMode: vec=%#x P=%u DPL=%u DT=%u:%u A=%u %04x:%04x%04x\n",
3295 u8Vector, Idte.Gate.u1Present, Idte.Gate.u2Dpl, Idte.Gate.u1DescType, Idte.Gate.u4Type,
3296 Idte.Gate.u4ParmCount, Idte.Gate.u16Sel, Idte.Gate.u16OffsetHigh, Idte.Gate.u16OffsetLow));
3297
3298 /*
3299 * Check the descriptor type, DPL and such.
3300 * ASSUMES this is done in the same order as described for call-gate calls.
3301 */
3302 if (Idte.Gate.u1DescType)
3303 {
3304 Log(("RaiseXcptOrIntInProtMode %#x - not system selector (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
3305 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3306 }
3307 bool fTaskGate = false;
3308 uint8_t f32BitGate = true;
3309 uint32_t fEflToClear = X86_EFL_TF | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM;
3310 switch (Idte.Gate.u4Type)
3311 {
3312 case X86_SEL_TYPE_SYS_UNDEFINED:
3313 case X86_SEL_TYPE_SYS_286_TSS_AVAIL:
3314 case X86_SEL_TYPE_SYS_LDT:
3315 case X86_SEL_TYPE_SYS_286_TSS_BUSY:
3316 case X86_SEL_TYPE_SYS_286_CALL_GATE:
3317 case X86_SEL_TYPE_SYS_UNDEFINED2:
3318 case X86_SEL_TYPE_SYS_386_TSS_AVAIL:
3319 case X86_SEL_TYPE_SYS_UNDEFINED3:
3320 case X86_SEL_TYPE_SYS_386_TSS_BUSY:
3321 case X86_SEL_TYPE_SYS_386_CALL_GATE:
3322 case X86_SEL_TYPE_SYS_UNDEFINED4:
3323 {
3324 /** @todo check what actually happens when the type is wrong...
3325 * esp. call gates. */
3326 Log(("RaiseXcptOrIntInProtMode %#x - invalid type (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
3327 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3328 }
3329
3330 case X86_SEL_TYPE_SYS_286_INT_GATE:
3331 f32BitGate = false;
3332 case X86_SEL_TYPE_SYS_386_INT_GATE:
3333 fEflToClear |= X86_EFL_IF;
3334 break;
3335
3336 case X86_SEL_TYPE_SYS_TASK_GATE:
3337 fTaskGate = true;
3338#ifndef IEM_IMPLEMENTS_TASKSWITCH
3339 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Task gates\n"));
3340#endif
3341 break;
3342
3343 case X86_SEL_TYPE_SYS_286_TRAP_GATE:
3344 f32BitGate = false;
3345 case X86_SEL_TYPE_SYS_386_TRAP_GATE:
3346 break;
3347
3348 IEM_NOT_REACHED_DEFAULT_CASE_RET();
3349 }
3350
3351 /* Check DPL against CPL if applicable. */
3352 if (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
3353 {
3354 if (pIemCpu->uCpl > Idte.Gate.u2Dpl)
3355 {
3356 Log(("RaiseXcptOrIntInProtMode %#x - CPL (%d) > DPL (%d) -> #GP\n", u8Vector, pIemCpu->uCpl, Idte.Gate.u2Dpl));
3357 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3358 }
3359 }
3360
3361 /* Is it there? */
3362 if (!Idte.Gate.u1Present)
3363 {
3364 Log(("RaiseXcptOrIntInProtMode %#x - not present -> #NP\n", u8Vector));
3365 return iemRaiseSelectorNotPresentWithErr(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3366 }
3367
3368 /* Is it a task-gate? */
3369 if (fTaskGate)
3370 {
3371 /*
3372 * Construct the error code masks based on what caused this task switch.
3373 * See Intel Instruction reference for INT.
3374 */
3375 uint16_t const uExt = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? 0 : 1;
3376 uint16_t const uSelMask = X86_SEL_MASK_OFF_RPL;
3377 RTSEL SelTSS = Idte.Gate.u16Sel;
3378
3379 /*
3380 * Fetch the TSS descriptor in the GDT.
3381 */
3382 IEMSELDESC DescTSS;
3383 rcStrict = iemMemFetchSelDescWithErr(pIemCpu, &DescTSS, SelTSS, X86_XCPT_GP, (SelTSS & uSelMask) | uExt);
3384 if (rcStrict != VINF_SUCCESS)
3385 {
3386 Log(("RaiseXcptOrIntInProtMode %#x - failed to fetch TSS selector %#x, rc=%Rrc\n", u8Vector, SelTSS,
3387 VBOXSTRICTRC_VAL(rcStrict)));
3388 return rcStrict;
3389 }
3390
3391 /* The TSS descriptor must be a system segment and be available (not busy). */
3392 if ( DescTSS.Legacy.Gen.u1DescType
3393 || ( DescTSS.Legacy.Gen.u4Type != X86_SEL_TYPE_SYS_286_TSS_AVAIL
3394 && DescTSS.Legacy.Gen.u4Type != X86_SEL_TYPE_SYS_386_TSS_AVAIL))
3395 {
3396 Log(("RaiseXcptOrIntInProtMode %#x - TSS selector %#x of task gate not a system descriptor or not available %#RX64\n",
3397 u8Vector, SelTSS, DescTSS.Legacy.au64));
3398 return iemRaiseGeneralProtectionFault(pIemCpu, (SelTSS & uSelMask) | uExt);
3399 }
3400
3401 /* The TSS must be present. */
3402 if (!DescTSS.Legacy.Gen.u1Present)
3403 {
3404 Log(("RaiseXcptOrIntInProtMode %#x - TSS selector %#x not present %#RX64\n", u8Vector, SelTSS, DescTSS.Legacy.au64));
3405 return iemRaiseSelectorNotPresentWithErr(pIemCpu, (SelTSS & uSelMask) | uExt);
3406 }
3407
3408 /* Do the actual task switch. */
3409 return iemTaskSwitch(pIemCpu, pCtx, IEMTASKSWITCH_INT_XCPT, pCtx->eip, fFlags, uErr, uCr2, SelTSS, &DescTSS);
3410 }
3411
3412 /* A null CS is bad. */
3413 RTSEL NewCS = Idte.Gate.u16Sel;
3414 if (!(NewCS & X86_SEL_MASK_OFF_RPL))
3415 {
3416 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x -> #GP\n", u8Vector, NewCS));
3417 return iemRaiseGeneralProtectionFault0(pIemCpu);
3418 }
3419
3420 /* Fetch the descriptor for the new CS. */
3421 IEMSELDESC DescCS;
3422 rcStrict = iemMemFetchSelDesc(pIemCpu, &DescCS, NewCS, X86_XCPT_GP); /** @todo correct exception? */
3423 if (rcStrict != VINF_SUCCESS)
3424 {
3425 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - rc=%Rrc\n", u8Vector, NewCS, VBOXSTRICTRC_VAL(rcStrict)));
3426 return rcStrict;
3427 }
3428
3429 /* Must be a code segment. */
3430 if (!DescCS.Legacy.Gen.u1DescType)
3431 {
3432 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - system selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
3433 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
3434 }
3435 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE))
3436 {
3437 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - data selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
3438 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
3439 }
3440
3441 /* Don't allow lowering the privilege level. */
3442 /** @todo Does the lowering of privileges apply to software interrupts
3443 * only? This has bearings on the more-privileged or
3444 * same-privilege stack behavior further down. A testcase would
3445 * be nice. */
3446 if (DescCS.Legacy.Gen.u2Dpl > pIemCpu->uCpl)
3447 {
3448 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - DPL (%d) > CPL (%d) -> #GP\n",
3449 u8Vector, NewCS, DescCS.Legacy.Gen.u2Dpl, pIemCpu->uCpl));
3450 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
3451 }
3452
3453 /* Make sure the selector is present. */
3454 if (!DescCS.Legacy.Gen.u1Present)
3455 {
3456 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - segment not present -> #NP\n", u8Vector, NewCS));
3457 return iemRaiseSelectorNotPresentBySelector(pIemCpu, NewCS);
3458 }
3459
3460 /* Check the new EIP against the new CS limit. */
3461 uint32_t const uNewEip = Idte.Gate.u4Type == X86_SEL_TYPE_SYS_286_INT_GATE
3462 || Idte.Gate.u4Type == X86_SEL_TYPE_SYS_286_TRAP_GATE
3463 ? Idte.Gate.u16OffsetLow
3464 : Idte.Gate.u16OffsetLow | ((uint32_t)Idte.Gate.u16OffsetHigh << 16);
3465 uint32_t cbLimitCS = X86DESC_LIMIT_G(&DescCS.Legacy);
3466 if (uNewEip > cbLimitCS)
3467 {
3468 Log(("RaiseXcptOrIntInProtMode %#x - EIP=%#x > cbLimitCS=%#x (CS=%#x) -> #GP(0)\n",
3469 u8Vector, uNewEip, cbLimitCS, NewCS));
3470 return iemRaiseGeneralProtectionFault(pIemCpu, 0);
3471 }
3472
3473 /* Calc the flag image to push. */
3474 uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
3475 if (fFlags & (IEM_XCPT_FLAGS_DRx_INSTR_BP | IEM_XCPT_FLAGS_T_SOFT_INT))
3476 fEfl &= ~X86_EFL_RF;
3477 else if (!IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
3478 fEfl |= X86_EFL_RF; /* Vagueness is all I've found on this so far... */ /** @todo Automatically pushing EFLAGS.RF. */
3479
3480 /* From V8086 mode only go to CPL 0. */
3481 uint8_t const uNewCpl = DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF
3482 ? pIemCpu->uCpl : DescCS.Legacy.Gen.u2Dpl;
3483 if ((fEfl & X86_EFL_VM) && uNewCpl != 0) /** @todo When exactly is this raised? */
3484 {
3485 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - New CPL (%d) != 0 w/ VM=1 -> #GP\n", u8Vector, NewCS, uNewCpl));
3486 return iemRaiseGeneralProtectionFault(pIemCpu, 0);
3487 }
3488
3489 /*
3490 * If the privilege level changes, we need to get a new stack from the TSS.
3491 * This in turns means validating the new SS and ESP...
3492 */
3493 if (uNewCpl != pIemCpu->uCpl)
3494 {
3495 RTSEL NewSS;
3496 uint32_t uNewEsp;
3497 rcStrict = iemRaiseLoadStackFromTss32Or16(pIemCpu, pCtx, uNewCpl, &NewSS, &uNewEsp);
3498 if (rcStrict != VINF_SUCCESS)
3499 return rcStrict;
3500
3501 IEMSELDESC DescSS;
3502 rcStrict = iemMiscValidateNewSS(pIemCpu, pCtx, NewSS, uNewCpl, &DescSS);
3503 if (rcStrict != VINF_SUCCESS)
3504 return rcStrict;
3505
3506 /* Check that there is sufficient space for the stack frame. */
3507 uint32_t cbLimitSS = X86DESC_LIMIT_G(&DescSS.Legacy);
3508 uint8_t const cbStackFrame = !(fEfl & X86_EFL_VM)
3509 ? (fFlags & IEM_XCPT_FLAGS_ERR ? 12 : 10) << f32BitGate
3510 : (fFlags & IEM_XCPT_FLAGS_ERR ? 20 : 18) << f32BitGate;
3511
3512 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_DOWN))
3513 {
3514 if ( uNewEsp - 1 > cbLimitSS
3515 || uNewEsp < cbStackFrame)
3516 {
3517 Log(("RaiseXcptOrIntInProtMode: %#x - SS=%#x ESP=%#x cbStackFrame=%#x is out of bounds -> #GP\n",
3518 u8Vector, NewSS, uNewEsp, cbStackFrame));
3519 return iemRaiseSelectorBoundsBySelector(pIemCpu, NewSS);
3520 }
3521 }
3522 else
3523 {
3524 if ( uNewEsp - 1 > (DescSS.Legacy.Gen.u4Type & X86_DESC_DB ? UINT32_MAX : UINT32_C(0xffff))
3525 || uNewEsp - cbStackFrame < cbLimitSS + UINT32_C(1))
3526 {
3527 Log(("RaiseXcptOrIntInProtMode: %#x - SS=%#x ESP=%#x cbStackFrame=%#x (expand down) is out of bounds -> #GP\n",
3528 u8Vector, NewSS, uNewEsp, cbStackFrame));
3529 return iemRaiseSelectorBoundsBySelector(pIemCpu, NewSS);
3530 }
3531 }
3532
3533 /*
3534 * Start making changes.
3535 */
3536
3537 /* Create the stack frame. */
3538 RTPTRUNION uStackFrame;
3539 rcStrict = iemMemMap(pIemCpu, &uStackFrame.pv, cbStackFrame, UINT8_MAX,
3540 uNewEsp - cbStackFrame + X86DESC_BASE(&DescSS.Legacy), IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS); /* _SYS is a hack ... */
3541 if (rcStrict != VINF_SUCCESS)
3542 return rcStrict;
3543 void * const pvStackFrame = uStackFrame.pv;
3544 if (f32BitGate)
3545 {
3546 if (fFlags & IEM_XCPT_FLAGS_ERR)
3547 *uStackFrame.pu32++ = uErr;
3548 uStackFrame.pu32[0] = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pCtx->eip + cbInstr : pCtx->eip;
3549 uStackFrame.pu32[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
3550 uStackFrame.pu32[2] = fEfl;
3551 uStackFrame.pu32[3] = pCtx->esp;
3552 uStackFrame.pu32[4] = pCtx->ss.Sel;
3553 if (fEfl & X86_EFL_VM)
3554 {
3555 uStackFrame.pu32[1] = pCtx->cs.Sel;
3556 uStackFrame.pu32[5] = pCtx->es.Sel;
3557 uStackFrame.pu32[6] = pCtx->ds.Sel;
3558 uStackFrame.pu32[7] = pCtx->fs.Sel;
3559 uStackFrame.pu32[8] = pCtx->gs.Sel;
3560 }
3561 }
3562 else
3563 {
3564 if (fFlags & IEM_XCPT_FLAGS_ERR)
3565 *uStackFrame.pu16++ = uErr;
3566 uStackFrame.pu16[0] = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pCtx->ip + cbInstr : pCtx->ip;
3567 uStackFrame.pu16[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
3568 uStackFrame.pu16[2] = fEfl;
3569 uStackFrame.pu16[3] = pCtx->sp;
3570 uStackFrame.pu16[4] = pCtx->ss.Sel;
3571 if (fEfl & X86_EFL_VM)
3572 {
3573 uStackFrame.pu16[1] = pCtx->cs.Sel;
3574 uStackFrame.pu16[5] = pCtx->es.Sel;
3575 uStackFrame.pu16[6] = pCtx->ds.Sel;
3576 uStackFrame.pu16[7] = pCtx->fs.Sel;
3577 uStackFrame.pu16[8] = pCtx->gs.Sel;
3578 }
3579 }
3580 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS);
3581 if (rcStrict != VINF_SUCCESS)
3582 return rcStrict;
3583
3584 /* Mark the selectors 'accessed' (hope this is the correct time). */
3585 /** @todo testcase: excatly _when_ are the accessed bits set - before or
3586 * after pushing the stack frame? (Write protect the gdt + stack to
3587 * find out.) */
3588 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3589 {
3590 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewCS);
3591 if (rcStrict != VINF_SUCCESS)
3592 return rcStrict;
3593 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3594 }
3595
3596 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3597 {
3598 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewSS);
3599 if (rcStrict != VINF_SUCCESS)
3600 return rcStrict;
3601 DescSS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3602 }
3603
3604 /*
3605 * Start comitting the register changes (joins with the DPL=CPL branch).
3606 */
3607 pCtx->ss.Sel = NewSS;
3608 pCtx->ss.ValidSel = NewSS;
3609 pCtx->ss.fFlags = CPUMSELREG_FLAGS_VALID;
3610 pCtx->ss.u32Limit = cbLimitSS;
3611 pCtx->ss.u64Base = X86DESC_BASE(&DescSS.Legacy);
3612 pCtx->ss.Attr.u = X86DESC_GET_HID_ATTR(&DescSS.Legacy);
3613 /** @todo When coming from 32-bit code and operating with a 16-bit TSS and
3614 * 16-bit handler, the high word of ESP remains unchanged (i.e. only
3615 * SP is loaded).
3616 * Need to check the other combinations too:
3617 * - 16-bit TSS, 32-bit handler
3618 * - 32-bit TSS, 16-bit handler */
3619 if (!pCtx->ss.Attr.n.u1DefBig)
3620 pCtx->sp = (uint16_t)(uNewEsp - cbStackFrame);
3621 else
3622 pCtx->rsp = uNewEsp - cbStackFrame;
3623 pIemCpu->uCpl = uNewCpl;
3624
3625 if (fEfl & X86_EFL_VM)
3626 {
3627 iemHlpLoadNullDataSelectorOnV86Xcpt(pIemCpu, &pCtx->gs);
3628 iemHlpLoadNullDataSelectorOnV86Xcpt(pIemCpu, &pCtx->fs);
3629 iemHlpLoadNullDataSelectorOnV86Xcpt(pIemCpu, &pCtx->es);
3630 iemHlpLoadNullDataSelectorOnV86Xcpt(pIemCpu, &pCtx->ds);
3631 }
3632 }
3633 /*
3634 * Same privilege, no stack change and smaller stack frame.
3635 */
3636 else
3637 {
3638 uint64_t uNewRsp;
3639 RTPTRUNION uStackFrame;
3640 uint8_t const cbStackFrame = (fFlags & IEM_XCPT_FLAGS_ERR ? 8 : 6) << f32BitGate;
3641 rcStrict = iemMemStackPushBeginSpecial(pIemCpu, cbStackFrame, &uStackFrame.pv, &uNewRsp);
3642 if (rcStrict != VINF_SUCCESS)
3643 return rcStrict;
3644 void * const pvStackFrame = uStackFrame.pv;
3645
3646 if (f32BitGate)
3647 {
3648 if (fFlags & IEM_XCPT_FLAGS_ERR)
3649 *uStackFrame.pu32++ = uErr;
3650 uStackFrame.pu32[0] = fFlags & IEM_XCPT_FLAGS_T_SOFT_INT ? pCtx->eip + cbInstr : pCtx->eip;
3651 uStackFrame.pu32[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
3652 uStackFrame.pu32[2] = fEfl;
3653 }
3654 else
3655 {
3656 if (fFlags & IEM_XCPT_FLAGS_ERR)
3657 *uStackFrame.pu16++ = uErr;
3658 uStackFrame.pu16[0] = fFlags & IEM_XCPT_FLAGS_T_SOFT_INT ? pCtx->eip + cbInstr : pCtx->eip;
3659 uStackFrame.pu16[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
3660 uStackFrame.pu16[2] = fEfl;
3661 }
3662 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvStackFrame, IEM_ACCESS_STACK_W); /* don't use the commit here */
3663 if (rcStrict != VINF_SUCCESS)
3664 return rcStrict;
3665
3666 /* Mark the CS selector as 'accessed'. */
3667 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3668 {
3669 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewCS);
3670 if (rcStrict != VINF_SUCCESS)
3671 return rcStrict;
3672 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3673 }
3674
3675 /*
3676 * Start committing the register changes (joins with the other branch).
3677 */
3678 pCtx->rsp = uNewRsp;
3679 }
3680
3681 /* ... register committing continues. */
3682 pCtx->cs.Sel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
3683 pCtx->cs.ValidSel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
3684 pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
3685 pCtx->cs.u32Limit = cbLimitCS;
3686 pCtx->cs.u64Base = X86DESC_BASE(&DescCS.Legacy);
3687 pCtx->cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
3688
3689 pCtx->rip = uNewEip; /* (The entire register is modified, see pe16_32 bs3kit tests.) */
3690 fEfl &= ~fEflToClear;
3691 IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
3692
3693 if (fFlags & IEM_XCPT_FLAGS_CR2)
3694 pCtx->cr2 = uCr2;
3695
3696 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
3697 iemRaiseXcptAdjustState(pCtx, u8Vector);
3698
3699 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
3700}
3701
3702
3703/**
3704 * Implements exceptions and interrupts for long mode.
3705 *
3706 * @returns VBox strict status code.
3707 * @param pIemCpu The IEM per CPU instance data.
3708 * @param pCtx The CPU context.
3709 * @param cbInstr The number of bytes to offset rIP by in the return
3710 * address.
3711 * @param u8Vector The interrupt / exception vector number.
3712 * @param fFlags The flags.
3713 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
3714 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
3715 */
3716IEM_STATIC VBOXSTRICTRC
3717iemRaiseXcptOrIntInLongMode(PIEMCPU pIemCpu,
3718 PCPUMCTX pCtx,
3719 uint8_t cbInstr,
3720 uint8_t u8Vector,
3721 uint32_t fFlags,
3722 uint16_t uErr,
3723 uint64_t uCr2)
3724{
3725 /*
3726 * Read the IDT entry.
3727 */
3728 uint16_t offIdt = (uint16_t)u8Vector << 4;
3729 if (pCtx->idtr.cbIdt < offIdt + 7)
3730 {
3731 Log(("iemRaiseXcptOrIntInLongMode: %#x is out of bounds (%#x)\n", u8Vector, pCtx->idtr.cbIdt));
3732 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3733 }
3734 X86DESC64 Idte;
3735 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &Idte.au64[0], UINT8_MAX, pCtx->idtr.pIdt + offIdt);
3736 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
3737 rcStrict = iemMemFetchSysU64(pIemCpu, &Idte.au64[1], UINT8_MAX, pCtx->idtr.pIdt + offIdt + 8);
3738 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
3739 return rcStrict;
3740 Log(("iemRaiseXcptOrIntInLongMode: vec=%#x P=%u DPL=%u DT=%u:%u IST=%u %04x:%08x%04x%04x\n",
3741 u8Vector, Idte.Gate.u1Present, Idte.Gate.u2Dpl, Idte.Gate.u1DescType, Idte.Gate.u4Type,
3742 Idte.Gate.u3IST, Idte.Gate.u16Sel, Idte.Gate.u32OffsetTop, Idte.Gate.u16OffsetHigh, Idte.Gate.u16OffsetLow));
3743
3744 /*
3745 * Check the descriptor type, DPL and such.
3746 * ASSUMES this is done in the same order as described for call-gate calls.
3747 */
3748 if (Idte.Gate.u1DescType)
3749 {
3750 Log(("iemRaiseXcptOrIntInLongMode %#x - not system selector (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
3751 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3752 }
3753 uint32_t fEflToClear = X86_EFL_TF | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM;
3754 switch (Idte.Gate.u4Type)
3755 {
3756 case AMD64_SEL_TYPE_SYS_INT_GATE:
3757 fEflToClear |= X86_EFL_IF;
3758 break;
3759 case AMD64_SEL_TYPE_SYS_TRAP_GATE:
3760 break;
3761
3762 default:
3763 Log(("iemRaiseXcptOrIntInLongMode %#x - invalid type (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
3764 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3765 }
3766
3767 /* Check DPL against CPL if applicable. */
3768 if (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
3769 {
3770 if (pIemCpu->uCpl > Idte.Gate.u2Dpl)
3771 {
3772 Log(("iemRaiseXcptOrIntInLongMode %#x - CPL (%d) > DPL (%d) -> #GP\n", u8Vector, pIemCpu->uCpl, Idte.Gate.u2Dpl));
3773 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3774 }
3775 }
3776
3777 /* Is it there? */
3778 if (!Idte.Gate.u1Present)
3779 {
3780 Log(("iemRaiseXcptOrIntInLongMode %#x - not present -> #NP\n", u8Vector));
3781 return iemRaiseSelectorNotPresentWithErr(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3782 }
3783
3784 /* A null CS is bad. */
3785 RTSEL NewCS = Idte.Gate.u16Sel;
3786 if (!(NewCS & X86_SEL_MASK_OFF_RPL))
3787 {
3788 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x -> #GP\n", u8Vector, NewCS));
3789 return iemRaiseGeneralProtectionFault0(pIemCpu);
3790 }
3791
3792 /* Fetch the descriptor for the new CS. */
3793 IEMSELDESC DescCS;
3794 rcStrict = iemMemFetchSelDesc(pIemCpu, &DescCS, NewCS, X86_XCPT_GP);
3795 if (rcStrict != VINF_SUCCESS)
3796 {
3797 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - rc=%Rrc\n", u8Vector, NewCS, VBOXSTRICTRC_VAL(rcStrict)));
3798 return rcStrict;
3799 }
3800
3801 /* Must be a 64-bit code segment. */
3802 if (!DescCS.Long.Gen.u1DescType)
3803 {
3804 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - system selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
3805 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
3806 }
3807 if ( !DescCS.Long.Gen.u1Long
3808 || DescCS.Long.Gen.u1DefBig
3809 || !(DescCS.Long.Gen.u4Type & X86_SEL_TYPE_CODE) )
3810 {
3811 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - not 64-bit code selector (%#x, L=%u, D=%u) -> #GP\n",
3812 u8Vector, NewCS, DescCS.Legacy.Gen.u4Type, DescCS.Long.Gen.u1Long, DescCS.Long.Gen.u1DefBig));
3813 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
3814 }
3815
3816 /* Don't allow lowering the privilege level. For non-conforming CS
3817 selectors, the CS.DPL sets the privilege level the trap/interrupt
3818 handler runs at. For conforming CS selectors, the CPL remains
3819 unchanged, but the CS.DPL must be <= CPL. */
3820 /** @todo Testcase: Interrupt handler with CS.DPL=1, interrupt dispatched
3821 * when CPU in Ring-0. Result \#GP? */
3822 if (DescCS.Legacy.Gen.u2Dpl > pIemCpu->uCpl)
3823 {
3824 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - DPL (%d) > CPL (%d) -> #GP\n",
3825 u8Vector, NewCS, DescCS.Legacy.Gen.u2Dpl, pIemCpu->uCpl));
3826 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
3827 }
3828
3829
3830 /* Make sure the selector is present. */
3831 if (!DescCS.Legacy.Gen.u1Present)
3832 {
3833 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - segment not present -> #NP\n", u8Vector, NewCS));
3834 return iemRaiseSelectorNotPresentBySelector(pIemCpu, NewCS);
3835 }
3836
3837 /* Check that the new RIP is canonical. */
3838 uint64_t const uNewRip = Idte.Gate.u16OffsetLow
3839 | ((uint32_t)Idte.Gate.u16OffsetHigh << 16)
3840 | ((uint64_t)Idte.Gate.u32OffsetTop << 32);
3841 if (!IEM_IS_CANONICAL(uNewRip))
3842 {
3843 Log(("iemRaiseXcptOrIntInLongMode %#x - RIP=%#RX64 - Not canonical -> #GP(0)\n", u8Vector, uNewRip));
3844 return iemRaiseGeneralProtectionFault0(pIemCpu);
3845 }
3846
3847 /*
3848 * If the privilege level changes or if the IST isn't zero, we need to get
3849 * a new stack from the TSS.
3850 */
3851 uint64_t uNewRsp;
3852 uint8_t const uNewCpl = DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF
3853 ? pIemCpu->uCpl : DescCS.Legacy.Gen.u2Dpl;
3854 if ( uNewCpl != pIemCpu->uCpl
3855 || Idte.Gate.u3IST != 0)
3856 {
3857 rcStrict = iemRaiseLoadStackFromTss64(pIemCpu, pCtx, uNewCpl, Idte.Gate.u3IST, &uNewRsp);
3858 if (rcStrict != VINF_SUCCESS)
3859 return rcStrict;
3860 }
3861 else
3862 uNewRsp = pCtx->rsp;
3863 uNewRsp &= ~(uint64_t)0xf;
3864
3865 /*
3866 * Calc the flag image to push.
3867 */
3868 uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
3869 if (fFlags & (IEM_XCPT_FLAGS_DRx_INSTR_BP | IEM_XCPT_FLAGS_T_SOFT_INT))
3870 fEfl &= ~X86_EFL_RF;
3871 else if (!IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
3872 fEfl |= X86_EFL_RF; /* Vagueness is all I've found on this so far... */ /** @todo Automatically pushing EFLAGS.RF. */
3873
3874 /*
3875 * Start making changes.
3876 */
3877
3878 /* Create the stack frame. */
3879 uint32_t cbStackFrame = sizeof(uint64_t) * (5 + !!(fFlags & IEM_XCPT_FLAGS_ERR));
3880 RTPTRUNION uStackFrame;
3881 rcStrict = iemMemMap(pIemCpu, &uStackFrame.pv, cbStackFrame, UINT8_MAX,
3882 uNewRsp - cbStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS); /* _SYS is a hack ... */
3883 if (rcStrict != VINF_SUCCESS)
3884 return rcStrict;
3885 void * const pvStackFrame = uStackFrame.pv;
3886
3887 if (fFlags & IEM_XCPT_FLAGS_ERR)
3888 *uStackFrame.pu64++ = uErr;
3889 uStackFrame.pu64[0] = fFlags & IEM_XCPT_FLAGS_T_SOFT_INT ? pCtx->rip + cbInstr : pCtx->rip;
3890 uStackFrame.pu64[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl; /* CPL paranoia */
3891 uStackFrame.pu64[2] = fEfl;
3892 uStackFrame.pu64[3] = pCtx->rsp;
3893 uStackFrame.pu64[4] = pCtx->ss.Sel;
3894 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS);
3895 if (rcStrict != VINF_SUCCESS)
3896 return rcStrict;
3897
3898 /* Mark the CS selectors 'accessed' (hope this is the correct time). */
3899 /** @todo testcase: excatly _when_ are the accessed bits set - before or
3900 * after pushing the stack frame? (Write protect the gdt + stack to
3901 * find out.) */
3902 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3903 {
3904 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewCS);
3905 if (rcStrict != VINF_SUCCESS)
3906 return rcStrict;
3907 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3908 }
3909
3910 /*
3911 * Start comitting the register changes.
3912 */
3913 /** @todo research/testcase: Figure out what VT-x and AMD-V loads into the
3914 * hidden registers when interrupting 32-bit or 16-bit code! */
3915 if (uNewCpl != pIemCpu->uCpl)
3916 {
3917 pCtx->ss.Sel = 0 | uNewCpl;
3918 pCtx->ss.ValidSel = 0 | uNewCpl;
3919 pCtx->ss.fFlags = CPUMSELREG_FLAGS_VALID;
3920 pCtx->ss.u32Limit = UINT32_MAX;
3921 pCtx->ss.u64Base = 0;
3922 pCtx->ss.Attr.u = (uNewCpl << X86DESCATTR_DPL_SHIFT) | X86DESCATTR_UNUSABLE;
3923 }
3924 pCtx->rsp = uNewRsp - cbStackFrame;
3925 pCtx->cs.Sel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
3926 pCtx->cs.ValidSel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
3927 pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
3928 pCtx->cs.u32Limit = X86DESC_LIMIT_G(&DescCS.Legacy);
3929 pCtx->cs.u64Base = X86DESC_BASE(&DescCS.Legacy);
3930 pCtx->cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
3931 pCtx->rip = uNewRip;
3932 pIemCpu->uCpl = uNewCpl;
3933
3934 fEfl &= ~fEflToClear;
3935 IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
3936
3937 if (fFlags & IEM_XCPT_FLAGS_CR2)
3938 pCtx->cr2 = uCr2;
3939
3940 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
3941 iemRaiseXcptAdjustState(pCtx, u8Vector);
3942
3943 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
3944}
3945
3946
3947/**
3948 * Implements exceptions and interrupts.
3949 *
3950 * All exceptions and interrupts goes thru this function!
3951 *
3952 * @returns VBox strict status code.
3953 * @param pIemCpu The IEM per CPU instance data.
3954 * @param cbInstr The number of bytes to offset rIP by in the return
3955 * address.
3956 * @param u8Vector The interrupt / exception vector number.
3957 * @param fFlags The flags.
3958 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
3959 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
3960 */
3961DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC)
3962iemRaiseXcptOrInt(PIEMCPU pIemCpu,
3963 uint8_t cbInstr,
3964 uint8_t u8Vector,
3965 uint32_t fFlags,
3966 uint16_t uErr,
3967 uint64_t uCr2)
3968{
3969 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3970#ifdef IN_RING0
3971 int rc = HMR0EnsureCompleteBasicContext(IEMCPU_TO_VMCPU(pIemCpu), pCtx);
3972 AssertRCReturn(rc, rc);
3973#endif
3974
3975 /*
3976 * Perform the V8086 IOPL check and upgrade the fault without nesting.
3977 */
3978 if ( pCtx->eflags.Bits.u1VM
3979 && pCtx->eflags.Bits.u2IOPL != 3
3980 && (fFlags & (IEM_XCPT_FLAGS_T_SOFT_INT | IEM_XCPT_FLAGS_BP_INSTR)) == IEM_XCPT_FLAGS_T_SOFT_INT
3981 && (pCtx->cr0 & X86_CR0_PE) )
3982 {
3983 Log(("iemRaiseXcptOrInt: V8086 IOPL check failed for int %#x -> #GP(0)\n", u8Vector));
3984 fFlags = IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR;
3985 u8Vector = X86_XCPT_GP;
3986 uErr = 0;
3987 }
3988#ifdef DBGFTRACE_ENABLED
3989 RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "Xcpt/%u: %02x %u %x %x %llx %04x:%04llx %04x:%04llx",
3990 pIemCpu->cXcptRecursions, u8Vector, cbInstr, fFlags, uErr, uCr2,
3991 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp);
3992#endif
3993
3994 /*
3995 * Do recursion accounting.
3996 */
3997 uint8_t const uPrevXcpt = pIemCpu->uCurXcpt;
3998 uint32_t const fPrevXcpt = pIemCpu->fCurXcpt;
3999 if (pIemCpu->cXcptRecursions == 0)
4000 Log(("iemRaiseXcptOrInt: %#x at %04x:%RGv cbInstr=%#x fFlags=%#x uErr=%#x uCr2=%llx\n",
4001 u8Vector, pCtx->cs.Sel, pCtx->rip, cbInstr, fFlags, uErr, uCr2));
4002 else
4003 {
4004 Log(("iemRaiseXcptOrInt: %#x at %04x:%RGv cbInstr=%#x fFlags=%#x uErr=%#x uCr2=%llx; prev=%#x depth=%d flags=%#x\n",
4005 u8Vector, pCtx->cs.Sel, pCtx->rip, cbInstr, fFlags, uErr, uCr2, pIemCpu->uCurXcpt, pIemCpu->cXcptRecursions + 1, fPrevXcpt));
4006
4007 /** @todo double and tripple faults. */
4008 if (pIemCpu->cXcptRecursions >= 3)
4009 {
4010#ifdef DEBUG_bird
4011 AssertFailed();
4012#endif
4013 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Too many fault nestings.\n"));
4014 }
4015
4016 /** @todo set X86_TRAP_ERR_EXTERNAL when appropriate.
4017 if (fPrevXcpt & IEM_XCPT_FLAGS_T_EXT_INT)
4018 {
4019 ....
4020 } */
4021 }
4022 pIemCpu->cXcptRecursions++;
4023 pIemCpu->uCurXcpt = u8Vector;
4024 pIemCpu->fCurXcpt = fFlags;
4025
4026 /*
4027 * Extensive logging.
4028 */
4029#if defined(LOG_ENABLED) && defined(IN_RING3)
4030 if (LogIs3Enabled())
4031 {
4032 PVM pVM = IEMCPU_TO_VM(pIemCpu);
4033 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
4034 char szRegs[4096];
4035 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
4036 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
4037 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
4038 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
4039 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
4040 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
4041 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
4042 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
4043 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
4044 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
4045 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
4046 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
4047 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
4048 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
4049 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
4050 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
4051 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
4052 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
4053 " efer=%016VR{efer}\n"
4054 " pat=%016VR{pat}\n"
4055 " sf_mask=%016VR{sf_mask}\n"
4056 "krnl_gs_base=%016VR{krnl_gs_base}\n"
4057 " lstar=%016VR{lstar}\n"
4058 " star=%016VR{star} cstar=%016VR{cstar}\n"
4059 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
4060 );
4061
4062 char szInstr[256];
4063 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
4064 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
4065 szInstr, sizeof(szInstr), NULL);
4066 Log3(("%s%s\n", szRegs, szInstr));
4067 }
4068#endif /* LOG_ENABLED */
4069
4070 /*
4071 * Call the mode specific worker function.
4072 */
4073 VBOXSTRICTRC rcStrict;
4074 if (!(pCtx->cr0 & X86_CR0_PE))
4075 rcStrict = iemRaiseXcptOrIntInRealMode( pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
4076 else if (pCtx->msrEFER & MSR_K6_EFER_LMA)
4077 rcStrict = iemRaiseXcptOrIntInLongMode( pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
4078 else
4079 rcStrict = iemRaiseXcptOrIntInProtMode( pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
4080
4081 /*
4082 * Unwind.
4083 */
4084 pIemCpu->cXcptRecursions--;
4085 pIemCpu->uCurXcpt = uPrevXcpt;
4086 pIemCpu->fCurXcpt = fPrevXcpt;
4087 Log(("iemRaiseXcptOrInt: returns %Rrc (vec=%#x); cs:rip=%04x:%RGv ss:rsp=%04x:%RGv cpl=%u\n",
4088 VBOXSTRICTRC_VAL(rcStrict), u8Vector, pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->esp, pIemCpu->uCpl));
4089 return rcStrict;
4090}
4091
4092
4093/** \#DE - 00. */
4094DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseDivideError(PIEMCPU pIemCpu)
4095{
4096 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_DE, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4097}
4098
4099
4100/** \#DB - 01.
4101 * @note This automatically clear DR7.GD. */
4102DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseDebugException(PIEMCPU pIemCpu)
4103{
4104 /** @todo set/clear RF. */
4105 pIemCpu->CTX_SUFF(pCtx)->dr[7] &= ~X86_DR7_GD;
4106 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_DB, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4107}
4108
4109
4110/** \#UD - 06. */
4111DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseUndefinedOpcode(PIEMCPU pIemCpu)
4112{
4113 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4114}
4115
4116
4117/** \#NM - 07. */
4118DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseDeviceNotAvailable(PIEMCPU pIemCpu)
4119{
4120 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NM, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4121}
4122
4123
4124/** \#TS(err) - 0a. */
4125DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFaultWithErr(PIEMCPU pIemCpu, uint16_t uErr)
4126{
4127 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
4128}
4129
4130
4131/** \#TS(tr) - 0a. */
4132DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFaultCurrentTSS(PIEMCPU pIemCpu)
4133{
4134 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4135 pIemCpu->CTX_SUFF(pCtx)->tr.Sel, 0);
4136}
4137
4138
4139/** \#TS(0) - 0a. */
4140DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFault0(PIEMCPU pIemCpu)
4141{
4142 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4143 0, 0);
4144}
4145
4146
4147/** \#TS(err) - 0a. */
4148DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFaultBySelector(PIEMCPU pIemCpu, uint16_t uSel)
4149{
4150 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4151 uSel & X86_SEL_MASK_OFF_RPL, 0);
4152}
4153
4154
4155/** \#NP(err) - 0b. */
4156DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorNotPresentWithErr(PIEMCPU pIemCpu, uint16_t uErr)
4157{
4158 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
4159}
4160
4161
4162/** \#NP(seg) - 0b. */
4163DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorNotPresentBySegReg(PIEMCPU pIemCpu, uint32_t iSegReg)
4164{
4165 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4166 iemSRegFetchU16(pIemCpu, iSegReg) & ~X86_SEL_RPL, 0);
4167}
4168
4169
4170/** \#NP(sel) - 0b. */
4171DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel)
4172{
4173 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4174 uSel & ~X86_SEL_RPL, 0);
4175}
4176
4177
4178/** \#SS(seg) - 0c. */
4179DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseStackSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel)
4180{
4181 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_SS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4182 uSel & ~X86_SEL_RPL, 0);
4183}
4184
4185
4186/** \#SS(err) - 0c. */
4187DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseStackSelectorNotPresentWithErr(PIEMCPU pIemCpu, uint16_t uErr)
4188{
4189 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_SS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
4190}
4191
4192
4193/** \#GP(n) - 0d. */
4194DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseGeneralProtectionFault(PIEMCPU pIemCpu, uint16_t uErr)
4195{
4196 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
4197}
4198
4199
4200/** \#GP(0) - 0d. */
4201DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseGeneralProtectionFault0(PIEMCPU pIemCpu)
4202{
4203 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
4204}
4205
4206
4207/** \#GP(sel) - 0d. */
4208DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseGeneralProtectionFaultBySelector(PIEMCPU pIemCpu, RTSEL Sel)
4209{
4210 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
4211 Sel & ~X86_SEL_RPL, 0);
4212}
4213
4214
4215/** \#GP(0) - 0d. */
4216DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseNotCanonical(PIEMCPU pIemCpu)
4217{
4218 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
4219}
4220
4221
4222/** \#GP(sel) - 0d. */
4223DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorBounds(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess)
4224{
4225 NOREF(iSegReg); NOREF(fAccess);
4226 return iemRaiseXcptOrInt(pIemCpu, 0, iSegReg == X86_SREG_SS ? X86_XCPT_SS : X86_XCPT_GP,
4227 IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
4228}
4229
4230
4231/** \#GP(sel) - 0d. */
4232DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorBoundsBySelector(PIEMCPU pIemCpu, RTSEL Sel)
4233{
4234 NOREF(Sel);
4235 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
4236}
4237
4238
4239/** \#GP(sel) - 0d. */
4240DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorInvalidAccess(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess)
4241{
4242 NOREF(iSegReg); NOREF(fAccess);
4243 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
4244}
4245
4246
4247/** \#PF(n) - 0e. */
4248DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaisePageFault(PIEMCPU pIemCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc)
4249{
4250 uint16_t uErr;
4251 switch (rc)
4252 {
4253 case VERR_PAGE_NOT_PRESENT:
4254 case VERR_PAGE_TABLE_NOT_PRESENT:
4255 case VERR_PAGE_DIRECTORY_PTR_NOT_PRESENT:
4256 case VERR_PAGE_MAP_LEVEL4_NOT_PRESENT:
4257 uErr = 0;
4258 break;
4259
4260 default:
4261 AssertMsgFailed(("%Rrc\n", rc));
4262 case VERR_ACCESS_DENIED:
4263 uErr = X86_TRAP_PF_P;
4264 break;
4265
4266 /** @todo reserved */
4267 }
4268
4269 if (pIemCpu->uCpl == 3)
4270 uErr |= X86_TRAP_PF_US;
4271
4272 if ( (fAccess & IEM_ACCESS_WHAT_MASK) == IEM_ACCESS_WHAT_CODE
4273 && ( (pIemCpu->CTX_SUFF(pCtx)->cr4 & X86_CR4_PAE)
4274 && (pIemCpu->CTX_SUFF(pCtx)->msrEFER & MSR_K6_EFER_NXE) ) )
4275 uErr |= X86_TRAP_PF_ID;
4276
4277#if 0 /* This is so much non-sense, really. Why was it done like that? */
4278 /* Note! RW access callers reporting a WRITE protection fault, will clear
4279 the READ flag before calling. So, read-modify-write accesses (RW)
4280 can safely be reported as READ faults. */
4281 if ((fAccess & (IEM_ACCESS_TYPE_WRITE | IEM_ACCESS_TYPE_READ)) == IEM_ACCESS_TYPE_WRITE)
4282 uErr |= X86_TRAP_PF_RW;
4283#else
4284 if (fAccess & IEM_ACCESS_TYPE_WRITE)
4285 {
4286 if (!IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu) || !(fAccess & IEM_ACCESS_TYPE_READ))
4287 uErr |= X86_TRAP_PF_RW;
4288 }
4289#endif
4290
4291 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_PF, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR | IEM_XCPT_FLAGS_CR2,
4292 uErr, GCPtrWhere);
4293}
4294
4295
4296/** \#MF(0) - 10. */
4297DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseMathFault(PIEMCPU pIemCpu)
4298{
4299 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_MF, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4300}
4301
4302
4303/** \#AC(0) - 11. */
4304DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseAlignmentCheckException(PIEMCPU pIemCpu)
4305{
4306 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_AC, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4307}
4308
4309
4310/**
4311 * Macro for calling iemCImplRaiseDivideError().
4312 *
4313 * This enables us to add/remove arguments and force different levels of
4314 * inlining as we wish.
4315 *
4316 * @return Strict VBox status code.
4317 */
4318#define IEMOP_RAISE_DIVIDE_ERROR() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseDivideError)
4319IEM_CIMPL_DEF_0(iemCImplRaiseDivideError)
4320{
4321 NOREF(cbInstr);
4322 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_DE, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4323}
4324
4325
4326/**
4327 * Macro for calling iemCImplRaiseInvalidLockPrefix().
4328 *
4329 * This enables us to add/remove arguments and force different levels of
4330 * inlining as we wish.
4331 *
4332 * @return Strict VBox status code.
4333 */
4334#define IEMOP_RAISE_INVALID_LOCK_PREFIX() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseInvalidLockPrefix)
4335IEM_CIMPL_DEF_0(iemCImplRaiseInvalidLockPrefix)
4336{
4337 NOREF(cbInstr);
4338 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4339}
4340
4341
4342/**
4343 * Macro for calling iemCImplRaiseInvalidOpcode().
4344 *
4345 * This enables us to add/remove arguments and force different levels of
4346 * inlining as we wish.
4347 *
4348 * @return Strict VBox status code.
4349 */
4350#define IEMOP_RAISE_INVALID_OPCODE() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseInvalidOpcode)
4351IEM_CIMPL_DEF_0(iemCImplRaiseInvalidOpcode)
4352{
4353 NOREF(cbInstr);
4354 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
4355}
4356
4357
4358/** @} */
4359
4360
4361/*
4362 *
4363 * Helpers routines.
4364 * Helpers routines.
4365 * Helpers routines.
4366 *
4367 */
4368
4369/**
4370 * Recalculates the effective operand size.
4371 *
4372 * @param pIemCpu The IEM state.
4373 */
4374IEM_STATIC void iemRecalEffOpSize(PIEMCPU pIemCpu)
4375{
4376 switch (pIemCpu->enmCpuMode)
4377 {
4378 case IEMMODE_16BIT:
4379 pIemCpu->enmEffOpSize = pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_OP ? IEMMODE_32BIT : IEMMODE_16BIT;
4380 break;
4381 case IEMMODE_32BIT:
4382 pIemCpu->enmEffOpSize = pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_OP ? IEMMODE_16BIT : IEMMODE_32BIT;
4383 break;
4384 case IEMMODE_64BIT:
4385 switch (pIemCpu->fPrefixes & (IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP))
4386 {
4387 case 0:
4388 pIemCpu->enmEffOpSize = pIemCpu->enmDefOpSize;
4389 break;
4390 case IEM_OP_PRF_SIZE_OP:
4391 pIemCpu->enmEffOpSize = IEMMODE_16BIT;
4392 break;
4393 case IEM_OP_PRF_SIZE_REX_W:
4394 case IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP:
4395 pIemCpu->enmEffOpSize = IEMMODE_64BIT;
4396 break;
4397 }
4398 break;
4399 default:
4400 AssertFailed();
4401 }
4402}
4403
4404
4405/**
4406 * Sets the default operand size to 64-bit and recalculates the effective
4407 * operand size.
4408 *
4409 * @param pIemCpu The IEM state.
4410 */
4411IEM_STATIC void iemRecalEffOpSize64Default(PIEMCPU pIemCpu)
4412{
4413 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
4414 pIemCpu->enmDefOpSize = IEMMODE_64BIT;
4415 if ((pIemCpu->fPrefixes & (IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP)) != IEM_OP_PRF_SIZE_OP)
4416 pIemCpu->enmEffOpSize = IEMMODE_64BIT;
4417 else
4418 pIemCpu->enmEffOpSize = IEMMODE_16BIT;
4419}
4420
4421
4422/*
4423 *
4424 * Common opcode decoders.
4425 * Common opcode decoders.
4426 * Common opcode decoders.
4427 *
4428 */
4429//#include <iprt/mem.h>
4430
4431/**
4432 * Used to add extra details about a stub case.
4433 * @param pIemCpu The IEM per CPU state.
4434 */
4435IEM_STATIC void iemOpStubMsg2(PIEMCPU pIemCpu)
4436{
4437#if defined(LOG_ENABLED) && defined(IN_RING3)
4438 PVM pVM = IEMCPU_TO_VM(pIemCpu);
4439 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
4440 char szRegs[4096];
4441 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
4442 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
4443 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
4444 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
4445 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
4446 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
4447 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
4448 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
4449 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
4450 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
4451 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
4452 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
4453 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
4454 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
4455 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
4456 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
4457 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
4458 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
4459 " efer=%016VR{efer}\n"
4460 " pat=%016VR{pat}\n"
4461 " sf_mask=%016VR{sf_mask}\n"
4462 "krnl_gs_base=%016VR{krnl_gs_base}\n"
4463 " lstar=%016VR{lstar}\n"
4464 " star=%016VR{star} cstar=%016VR{cstar}\n"
4465 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
4466 );
4467
4468 char szInstr[256];
4469 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
4470 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
4471 szInstr, sizeof(szInstr), NULL);
4472
4473 RTAssertMsg2Weak("%s%s\n", szRegs, szInstr);
4474#else
4475 RTAssertMsg2Weak("cs:rip=%04x:%RX64\n", pIemCpu->CTX_SUFF(pCtx)->cs, pIemCpu->CTX_SUFF(pCtx)->rip);
4476#endif
4477}
4478
4479/**
4480 * Complains about a stub.
4481 *
4482 * Providing two versions of this macro, one for daily use and one for use when
4483 * working on IEM.
4484 */
4485#if 0
4486# define IEMOP_BITCH_ABOUT_STUB() \
4487 do { \
4488 RTAssertMsg1(NULL, __LINE__, __FILE__, __FUNCTION__); \
4489 iemOpStubMsg2(pIemCpu); \
4490 RTAssertPanic(); \
4491 } while (0)
4492#else
4493# define IEMOP_BITCH_ABOUT_STUB() Log(("Stub: %s (line %d)\n", __FUNCTION__, __LINE__));
4494#endif
4495
4496/** Stubs an opcode. */
4497#define FNIEMOP_STUB(a_Name) \
4498 FNIEMOP_DEF(a_Name) \
4499 { \
4500 IEMOP_BITCH_ABOUT_STUB(); \
4501 return VERR_IEM_INSTR_NOT_IMPLEMENTED; \
4502 } \
4503 typedef int ignore_semicolon
4504
4505/** Stubs an opcode. */
4506#define FNIEMOP_STUB_1(a_Name, a_Type0, a_Name0) \
4507 FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
4508 { \
4509 IEMOP_BITCH_ABOUT_STUB(); \
4510 NOREF(a_Name0); \
4511 return VERR_IEM_INSTR_NOT_IMPLEMENTED; \
4512 } \
4513 typedef int ignore_semicolon
4514
4515/** Stubs an opcode which currently should raise \#UD. */
4516#define FNIEMOP_UD_STUB(a_Name) \
4517 FNIEMOP_DEF(a_Name) \
4518 { \
4519 Log(("Unsupported instruction %Rfn\n", __FUNCTION__)); \
4520 return IEMOP_RAISE_INVALID_OPCODE(); \
4521 } \
4522 typedef int ignore_semicolon
4523
4524/** Stubs an opcode which currently should raise \#UD. */
4525#define FNIEMOP_UD_STUB_1(a_Name, a_Type0, a_Name0) \
4526 FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
4527 { \
4528 NOREF(a_Name0); \
4529 Log(("Unsupported instruction %Rfn\n", __FUNCTION__)); \
4530 return IEMOP_RAISE_INVALID_OPCODE(); \
4531 } \
4532 typedef int ignore_semicolon
4533
4534
4535
4536/** @name Register Access.
4537 * @{
4538 */
4539
4540/**
4541 * Gets a reference (pointer) to the specified hidden segment register.
4542 *
4543 * @returns Hidden register reference.
4544 * @param pIemCpu The per CPU data.
4545 * @param iSegReg The segment register.
4546 */
4547IEM_STATIC PCPUMSELREG iemSRegGetHid(PIEMCPU pIemCpu, uint8_t iSegReg)
4548{
4549 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4550 PCPUMSELREG pSReg;
4551 switch (iSegReg)
4552 {
4553 case X86_SREG_ES: pSReg = &pCtx->es; break;
4554 case X86_SREG_CS: pSReg = &pCtx->cs; break;
4555 case X86_SREG_SS: pSReg = &pCtx->ss; break;
4556 case X86_SREG_DS: pSReg = &pCtx->ds; break;
4557 case X86_SREG_FS: pSReg = &pCtx->fs; break;
4558 case X86_SREG_GS: pSReg = &pCtx->gs; break;
4559 default:
4560 AssertFailedReturn(NULL);
4561 }
4562#ifdef VBOX_WITH_RAW_MODE_NOT_R0
4563 if (!CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg))
4564 CPUMGuestLazyLoadHiddenSelectorReg(IEMCPU_TO_VMCPU(pIemCpu), pSReg);
4565#else
4566 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg));
4567#endif
4568 return pSReg;
4569}
4570
4571
4572/**
4573 * Ensures that the given hidden segment register is up to date.
4574 *
4575 * @returns Hidden register reference.
4576 * @param pIemCpu The per CPU data.
4577 * @param pSReg The segment register.
4578 */
4579IEM_STATIC PCPUMSELREG iemSRegUpdateHid(PIEMCPU pIemCpu, PCPUMSELREG pSReg)
4580{
4581#ifdef VBOX_WITH_RAW_MODE_NOT_R0
4582 if (!CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg))
4583 CPUMGuestLazyLoadHiddenSelectorReg(IEMCPU_TO_VMCPU(pIemCpu), pSReg);
4584#else
4585 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg));
4586 NOREF(pIemCpu);
4587#endif
4588 return pSReg;
4589}
4590
4591
4592/**
4593 * Gets a reference (pointer) to the specified segment register (the selector
4594 * value).
4595 *
4596 * @returns Pointer to the selector variable.
4597 * @param pIemCpu The per CPU data.
4598 * @param iSegReg The segment register.
4599 */
4600IEM_STATIC uint16_t *iemSRegRef(PIEMCPU pIemCpu, uint8_t iSegReg)
4601{
4602 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4603 switch (iSegReg)
4604 {
4605 case X86_SREG_ES: return &pCtx->es.Sel;
4606 case X86_SREG_CS: return &pCtx->cs.Sel;
4607 case X86_SREG_SS: return &pCtx->ss.Sel;
4608 case X86_SREG_DS: return &pCtx->ds.Sel;
4609 case X86_SREG_FS: return &pCtx->fs.Sel;
4610 case X86_SREG_GS: return &pCtx->gs.Sel;
4611 }
4612 AssertFailedReturn(NULL);
4613}
4614
4615
4616/**
4617 * Fetches the selector value of a segment register.
4618 *
4619 * @returns The selector value.
4620 * @param pIemCpu The per CPU data.
4621 * @param iSegReg The segment register.
4622 */
4623IEM_STATIC uint16_t iemSRegFetchU16(PIEMCPU pIemCpu, uint8_t iSegReg)
4624{
4625 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4626 switch (iSegReg)
4627 {
4628 case X86_SREG_ES: return pCtx->es.Sel;
4629 case X86_SREG_CS: return pCtx->cs.Sel;
4630 case X86_SREG_SS: return pCtx->ss.Sel;
4631 case X86_SREG_DS: return pCtx->ds.Sel;
4632 case X86_SREG_FS: return pCtx->fs.Sel;
4633 case X86_SREG_GS: return pCtx->gs.Sel;
4634 }
4635 AssertFailedReturn(0xffff);
4636}
4637
4638
4639/**
4640 * Gets a reference (pointer) to the specified general register.
4641 *
4642 * @returns Register reference.
4643 * @param pIemCpu The per CPU data.
4644 * @param iReg The general register.
4645 */
4646IEM_STATIC void *iemGRegRef(PIEMCPU pIemCpu, uint8_t iReg)
4647{
4648 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4649 switch (iReg)
4650 {
4651 case X86_GREG_xAX: return &pCtx->rax;
4652 case X86_GREG_xCX: return &pCtx->rcx;
4653 case X86_GREG_xDX: return &pCtx->rdx;
4654 case X86_GREG_xBX: return &pCtx->rbx;
4655 case X86_GREG_xSP: return &pCtx->rsp;
4656 case X86_GREG_xBP: return &pCtx->rbp;
4657 case X86_GREG_xSI: return &pCtx->rsi;
4658 case X86_GREG_xDI: return &pCtx->rdi;
4659 case X86_GREG_x8: return &pCtx->r8;
4660 case X86_GREG_x9: return &pCtx->r9;
4661 case X86_GREG_x10: return &pCtx->r10;
4662 case X86_GREG_x11: return &pCtx->r11;
4663 case X86_GREG_x12: return &pCtx->r12;
4664 case X86_GREG_x13: return &pCtx->r13;
4665 case X86_GREG_x14: return &pCtx->r14;
4666 case X86_GREG_x15: return &pCtx->r15;
4667 }
4668 AssertFailedReturn(NULL);
4669}
4670
4671
4672/**
4673 * Gets a reference (pointer) to the specified 8-bit general register.
4674 *
4675 * Because of AH, CH, DH and BH we cannot use iemGRegRef directly here.
4676 *
4677 * @returns Register reference.
4678 * @param pIemCpu The per CPU data.
4679 * @param iReg The register.
4680 */
4681IEM_STATIC uint8_t *iemGRegRefU8(PIEMCPU pIemCpu, uint8_t iReg)
4682{
4683 if (pIemCpu->fPrefixes & IEM_OP_PRF_REX)
4684 return (uint8_t *)iemGRegRef(pIemCpu, iReg);
4685
4686 uint8_t *pu8Reg = (uint8_t *)iemGRegRef(pIemCpu, iReg & 3);
4687 if (iReg >= 4)
4688 pu8Reg++;
4689 return pu8Reg;
4690}
4691
4692
4693/**
4694 * Fetches the value of a 8-bit general register.
4695 *
4696 * @returns The register value.
4697 * @param pIemCpu The per CPU data.
4698 * @param iReg The register.
4699 */
4700IEM_STATIC uint8_t iemGRegFetchU8(PIEMCPU pIemCpu, uint8_t iReg)
4701{
4702 uint8_t const *pbSrc = iemGRegRefU8(pIemCpu, iReg);
4703 return *pbSrc;
4704}
4705
4706
4707/**
4708 * Fetches the value of a 16-bit general register.
4709 *
4710 * @returns The register value.
4711 * @param pIemCpu The per CPU data.
4712 * @param iReg The register.
4713 */
4714IEM_STATIC uint16_t iemGRegFetchU16(PIEMCPU pIemCpu, uint8_t iReg)
4715{
4716 return *(uint16_t *)iemGRegRef(pIemCpu, iReg);
4717}
4718
4719
4720/**
4721 * Fetches the value of a 32-bit general register.
4722 *
4723 * @returns The register value.
4724 * @param pIemCpu The per CPU data.
4725 * @param iReg The register.
4726 */
4727IEM_STATIC uint32_t iemGRegFetchU32(PIEMCPU pIemCpu, uint8_t iReg)
4728{
4729 return *(uint32_t *)iemGRegRef(pIemCpu, iReg);
4730}
4731
4732
4733/**
4734 * Fetches the value of a 64-bit general register.
4735 *
4736 * @returns The register value.
4737 * @param pIemCpu The per CPU data.
4738 * @param iReg The register.
4739 */
4740IEM_STATIC uint64_t iemGRegFetchU64(PIEMCPU pIemCpu, uint8_t iReg)
4741{
4742 return *(uint64_t *)iemGRegRef(pIemCpu, iReg);
4743}
4744
4745
4746/**
4747 * Adds a 8-bit signed jump offset to RIP/EIP/IP.
4748 *
4749 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
4750 * segment limit.
4751 *
4752 * @param pIemCpu The per CPU data.
4753 * @param offNextInstr The offset of the next instruction.
4754 */
4755IEM_STATIC VBOXSTRICTRC iemRegRipRelativeJumpS8(PIEMCPU pIemCpu, int8_t offNextInstr)
4756{
4757 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4758 switch (pIemCpu->enmEffOpSize)
4759 {
4760 case IEMMODE_16BIT:
4761 {
4762 uint16_t uNewIp = pCtx->ip + offNextInstr + pIemCpu->offOpcode;
4763 if ( uNewIp > pCtx->cs.u32Limit
4764 && pIemCpu->enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
4765 return iemRaiseGeneralProtectionFault0(pIemCpu);
4766 pCtx->rip = uNewIp;
4767 break;
4768 }
4769
4770 case IEMMODE_32BIT:
4771 {
4772 Assert(pCtx->rip <= UINT32_MAX);
4773 Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
4774
4775 uint32_t uNewEip = pCtx->eip + offNextInstr + pIemCpu->offOpcode;
4776 if (uNewEip > pCtx->cs.u32Limit)
4777 return iemRaiseGeneralProtectionFault0(pIemCpu);
4778 pCtx->rip = uNewEip;
4779 break;
4780 }
4781
4782 case IEMMODE_64BIT:
4783 {
4784 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
4785
4786 uint64_t uNewRip = pCtx->rip + offNextInstr + pIemCpu->offOpcode;
4787 if (!IEM_IS_CANONICAL(uNewRip))
4788 return iemRaiseGeneralProtectionFault0(pIemCpu);
4789 pCtx->rip = uNewRip;
4790 break;
4791 }
4792
4793 IEM_NOT_REACHED_DEFAULT_CASE_RET();
4794 }
4795
4796 pCtx->eflags.Bits.u1RF = 0;
4797 return VINF_SUCCESS;
4798}
4799
4800
4801/**
4802 * Adds a 16-bit signed jump offset to RIP/EIP/IP.
4803 *
4804 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
4805 * segment limit.
4806 *
4807 * @returns Strict VBox status code.
4808 * @param pIemCpu The per CPU data.
4809 * @param offNextInstr The offset of the next instruction.
4810 */
4811IEM_STATIC VBOXSTRICTRC iemRegRipRelativeJumpS16(PIEMCPU pIemCpu, int16_t offNextInstr)
4812{
4813 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4814 Assert(pIemCpu->enmEffOpSize == IEMMODE_16BIT);
4815
4816 uint16_t uNewIp = pCtx->ip + offNextInstr + pIemCpu->offOpcode;
4817 if ( uNewIp > pCtx->cs.u32Limit
4818 && pIemCpu->enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
4819 return iemRaiseGeneralProtectionFault0(pIemCpu);
4820 /** @todo Test 16-bit jump in 64-bit mode. possible? */
4821 pCtx->rip = uNewIp;
4822 pCtx->eflags.Bits.u1RF = 0;
4823
4824 return VINF_SUCCESS;
4825}
4826
4827
4828/**
4829 * Adds a 32-bit signed jump offset to RIP/EIP/IP.
4830 *
4831 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
4832 * segment limit.
4833 *
4834 * @returns Strict VBox status code.
4835 * @param pIemCpu The per CPU data.
4836 * @param offNextInstr The offset of the next instruction.
4837 */
4838IEM_STATIC VBOXSTRICTRC iemRegRipRelativeJumpS32(PIEMCPU pIemCpu, int32_t offNextInstr)
4839{
4840 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4841 Assert(pIemCpu->enmEffOpSize != IEMMODE_16BIT);
4842
4843 if (pIemCpu->enmEffOpSize == IEMMODE_32BIT)
4844 {
4845 Assert(pCtx->rip <= UINT32_MAX); Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
4846
4847 uint32_t uNewEip = pCtx->eip + offNextInstr + pIemCpu->offOpcode;
4848 if (uNewEip > pCtx->cs.u32Limit)
4849 return iemRaiseGeneralProtectionFault0(pIemCpu);
4850 pCtx->rip = uNewEip;
4851 }
4852 else
4853 {
4854 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
4855
4856 uint64_t uNewRip = pCtx->rip + offNextInstr + pIemCpu->offOpcode;
4857 if (!IEM_IS_CANONICAL(uNewRip))
4858 return iemRaiseGeneralProtectionFault0(pIemCpu);
4859 pCtx->rip = uNewRip;
4860 }
4861 pCtx->eflags.Bits.u1RF = 0;
4862 return VINF_SUCCESS;
4863}
4864
4865
4866/**
4867 * Performs a near jump to the specified address.
4868 *
4869 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
4870 * segment limit.
4871 *
4872 * @param pIemCpu The per CPU data.
4873 * @param uNewRip The new RIP value.
4874 */
4875IEM_STATIC VBOXSTRICTRC iemRegRipJump(PIEMCPU pIemCpu, uint64_t uNewRip)
4876{
4877 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4878 switch (pIemCpu->enmEffOpSize)
4879 {
4880 case IEMMODE_16BIT:
4881 {
4882 Assert(uNewRip <= UINT16_MAX);
4883 if ( uNewRip > pCtx->cs.u32Limit
4884 && pIemCpu->enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
4885 return iemRaiseGeneralProtectionFault0(pIemCpu);
4886 /** @todo Test 16-bit jump in 64-bit mode. */
4887 pCtx->rip = uNewRip;
4888 break;
4889 }
4890
4891 case IEMMODE_32BIT:
4892 {
4893 Assert(uNewRip <= UINT32_MAX);
4894 Assert(pCtx->rip <= UINT32_MAX);
4895 Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
4896
4897 if (uNewRip > pCtx->cs.u32Limit)
4898 return iemRaiseGeneralProtectionFault0(pIemCpu);
4899 pCtx->rip = uNewRip;
4900 break;
4901 }
4902
4903 case IEMMODE_64BIT:
4904 {
4905 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
4906
4907 if (!IEM_IS_CANONICAL(uNewRip))
4908 return iemRaiseGeneralProtectionFault0(pIemCpu);
4909 pCtx->rip = uNewRip;
4910 break;
4911 }
4912
4913 IEM_NOT_REACHED_DEFAULT_CASE_RET();
4914 }
4915
4916 pCtx->eflags.Bits.u1RF = 0;
4917 return VINF_SUCCESS;
4918}
4919
4920
4921/**
4922 * Get the address of the top of the stack.
4923 *
4924 * @param pIemCpu The per CPU data.
4925 * @param pCtx The CPU context which SP/ESP/RSP should be
4926 * read.
4927 */
4928DECLINLINE(RTGCPTR) iemRegGetEffRsp(PCIEMCPU pIemCpu, PCCPUMCTX pCtx)
4929{
4930 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
4931 return pCtx->rsp;
4932 if (pCtx->ss.Attr.n.u1DefBig)
4933 return pCtx->esp;
4934 return pCtx->sp;
4935}
4936
4937
4938/**
4939 * Updates the RIP/EIP/IP to point to the next instruction.
4940 *
4941 * This function leaves the EFLAGS.RF flag alone.
4942 *
4943 * @param pIemCpu The per CPU data.
4944 * @param cbInstr The number of bytes to add.
4945 */
4946IEM_STATIC void iemRegAddToRipKeepRF(PIEMCPU pIemCpu, uint8_t cbInstr)
4947{
4948 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4949 switch (pIemCpu->enmCpuMode)
4950 {
4951 case IEMMODE_16BIT:
4952 Assert(pCtx->rip <= UINT16_MAX);
4953 pCtx->eip += cbInstr;
4954 pCtx->eip &= UINT32_C(0xffff);
4955 break;
4956
4957 case IEMMODE_32BIT:
4958 pCtx->eip += cbInstr;
4959 Assert(pCtx->rip <= UINT32_MAX);
4960 break;
4961
4962 case IEMMODE_64BIT:
4963 pCtx->rip += cbInstr;
4964 break;
4965 default: AssertFailed();
4966 }
4967}
4968
4969
4970#if 0
4971/**
4972 * Updates the RIP/EIP/IP to point to the next instruction.
4973 *
4974 * @param pIemCpu The per CPU data.
4975 */
4976IEM_STATIC void iemRegUpdateRipKeepRF(PIEMCPU pIemCpu)
4977{
4978 return iemRegAddToRipKeepRF(pIemCpu, pIemCpu->offOpcode);
4979}
4980#endif
4981
4982
4983
4984/**
4985 * Updates the RIP/EIP/IP to point to the next instruction and clears EFLAGS.RF.
4986 *
4987 * @param pIemCpu The per CPU data.
4988 * @param cbInstr The number of bytes to add.
4989 */
4990IEM_STATIC void iemRegAddToRipAndClearRF(PIEMCPU pIemCpu, uint8_t cbInstr)
4991{
4992 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4993
4994 pCtx->eflags.Bits.u1RF = 0;
4995
4996 /* NB: Must be kept in sync with HM (xxxAdvanceGuestRip). */
4997 switch (pIemCpu->enmCpuMode)
4998 {
4999 /** @todo investigate if EIP or RIP is really incremented. */
5000 case IEMMODE_16BIT:
5001 case IEMMODE_32BIT:
5002 pCtx->eip += cbInstr;
5003 Assert(pCtx->rip <= UINT32_MAX);
5004 break;
5005
5006 case IEMMODE_64BIT:
5007 pCtx->rip += cbInstr;
5008 break;
5009 default: AssertFailed();
5010 }
5011}
5012
5013
5014/**
5015 * Updates the RIP/EIP/IP to point to the next instruction and clears EFLAGS.RF.
5016 *
5017 * @param pIemCpu The per CPU data.
5018 */
5019IEM_STATIC void iemRegUpdateRipAndClearRF(PIEMCPU pIemCpu)
5020{
5021 return iemRegAddToRipAndClearRF(pIemCpu, pIemCpu->offOpcode);
5022}
5023
5024
5025/**
5026 * Adds to the stack pointer.
5027 *
5028 * @param pIemCpu The per CPU data.
5029 * @param pCtx The CPU context which SP/ESP/RSP should be
5030 * updated.
5031 * @param cbToAdd The number of bytes to add.
5032 */
5033DECLINLINE(void) iemRegAddToRsp(PCIEMCPU pIemCpu, PCPUMCTX pCtx, uint8_t cbToAdd)
5034{
5035 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5036 pCtx->rsp += cbToAdd;
5037 else if (pCtx->ss.Attr.n.u1DefBig)
5038 pCtx->esp += cbToAdd;
5039 else
5040 pCtx->sp += cbToAdd;
5041}
5042
5043
5044/**
5045 * Subtracts from the stack pointer.
5046 *
5047 * @param pIemCpu The per CPU data.
5048 * @param pCtx The CPU context which SP/ESP/RSP should be
5049 * updated.
5050 * @param cbToSub The number of bytes to subtract.
5051 */
5052DECLINLINE(void) iemRegSubFromRsp(PCIEMCPU pIemCpu, PCPUMCTX pCtx, uint8_t cbToSub)
5053{
5054 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5055 pCtx->rsp -= cbToSub;
5056 else if (pCtx->ss.Attr.n.u1DefBig)
5057 pCtx->esp -= cbToSub;
5058 else
5059 pCtx->sp -= cbToSub;
5060}
5061
5062
5063/**
5064 * Adds to the temporary stack pointer.
5065 *
5066 * @param pIemCpu The per CPU data.
5067 * @param pTmpRsp The temporary SP/ESP/RSP to update.
5068 * @param cbToAdd The number of bytes to add.
5069 * @param pCtx Where to get the current stack mode.
5070 */
5071DECLINLINE(void) iemRegAddToRspEx(PCIEMCPU pIemCpu, PCCPUMCTX pCtx, PRTUINT64U pTmpRsp, uint16_t cbToAdd)
5072{
5073 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5074 pTmpRsp->u += cbToAdd;
5075 else if (pCtx->ss.Attr.n.u1DefBig)
5076 pTmpRsp->DWords.dw0 += cbToAdd;
5077 else
5078 pTmpRsp->Words.w0 += cbToAdd;
5079}
5080
5081
5082/**
5083 * Subtracts from the temporary stack pointer.
5084 *
5085 * @param pIemCpu The per CPU data.
5086 * @param pTmpRsp The temporary SP/ESP/RSP to update.
5087 * @param cbToSub The number of bytes to subtract.
5088 * @param pCtx Where to get the current stack mode.
5089 * @remarks The @a cbToSub argument *MUST* be 16-bit, iemCImpl_enter is
5090 * expecting that.
5091 */
5092DECLINLINE(void) iemRegSubFromRspEx(PCIEMCPU pIemCpu, PCCPUMCTX pCtx, PRTUINT64U pTmpRsp, uint16_t cbToSub)
5093{
5094 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5095 pTmpRsp->u -= cbToSub;
5096 else if (pCtx->ss.Attr.n.u1DefBig)
5097 pTmpRsp->DWords.dw0 -= cbToSub;
5098 else
5099 pTmpRsp->Words.w0 -= cbToSub;
5100}
5101
5102
5103/**
5104 * Calculates the effective stack address for a push of the specified size as
5105 * well as the new RSP value (upper bits may be masked).
5106 *
5107 * @returns Effective stack addressf for the push.
5108 * @param pIemCpu The IEM per CPU data.
5109 * @param pCtx Where to get the current stack mode.
5110 * @param cbItem The size of the stack item to pop.
5111 * @param puNewRsp Where to return the new RSP value.
5112 */
5113DECLINLINE(RTGCPTR) iemRegGetRspForPush(PCIEMCPU pIemCpu, PCCPUMCTX pCtx, uint8_t cbItem, uint64_t *puNewRsp)
5114{
5115 RTUINT64U uTmpRsp;
5116 RTGCPTR GCPtrTop;
5117 uTmpRsp.u = pCtx->rsp;
5118
5119 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5120 GCPtrTop = uTmpRsp.u -= cbItem;
5121 else if (pCtx->ss.Attr.n.u1DefBig)
5122 GCPtrTop = uTmpRsp.DWords.dw0 -= cbItem;
5123 else
5124 GCPtrTop = uTmpRsp.Words.w0 -= cbItem;
5125 *puNewRsp = uTmpRsp.u;
5126 return GCPtrTop;
5127}
5128
5129
5130/**
5131 * Gets the current stack pointer and calculates the value after a pop of the
5132 * specified size.
5133 *
5134 * @returns Current stack pointer.
5135 * @param pIemCpu The per CPU data.
5136 * @param pCtx Where to get the current stack mode.
5137 * @param cbItem The size of the stack item to pop.
5138 * @param puNewRsp Where to return the new RSP value.
5139 */
5140DECLINLINE(RTGCPTR) iemRegGetRspForPop(PCIEMCPU pIemCpu, PCCPUMCTX pCtx, uint8_t cbItem, uint64_t *puNewRsp)
5141{
5142 RTUINT64U uTmpRsp;
5143 RTGCPTR GCPtrTop;
5144 uTmpRsp.u = pCtx->rsp;
5145
5146 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5147 {
5148 GCPtrTop = uTmpRsp.u;
5149 uTmpRsp.u += cbItem;
5150 }
5151 else if (pCtx->ss.Attr.n.u1DefBig)
5152 {
5153 GCPtrTop = uTmpRsp.DWords.dw0;
5154 uTmpRsp.DWords.dw0 += cbItem;
5155 }
5156 else
5157 {
5158 GCPtrTop = uTmpRsp.Words.w0;
5159 uTmpRsp.Words.w0 += cbItem;
5160 }
5161 *puNewRsp = uTmpRsp.u;
5162 return GCPtrTop;
5163}
5164
5165
5166/**
5167 * Calculates the effective stack address for a push of the specified size as
5168 * well as the new temporary RSP value (upper bits may be masked).
5169 *
5170 * @returns Effective stack addressf for the push.
5171 * @param pIemCpu The per CPU data.
5172 * @param pCtx Where to get the current stack mode.
5173 * @param pTmpRsp The temporary stack pointer. This is updated.
5174 * @param cbItem The size of the stack item to pop.
5175 */
5176DECLINLINE(RTGCPTR) iemRegGetRspForPushEx(PCIEMCPU pIemCpu, PCCPUMCTX pCtx, PRTUINT64U pTmpRsp, uint8_t cbItem)
5177{
5178 RTGCPTR GCPtrTop;
5179
5180 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5181 GCPtrTop = pTmpRsp->u -= cbItem;
5182 else if (pCtx->ss.Attr.n.u1DefBig)
5183 GCPtrTop = pTmpRsp->DWords.dw0 -= cbItem;
5184 else
5185 GCPtrTop = pTmpRsp->Words.w0 -= cbItem;
5186 return GCPtrTop;
5187}
5188
5189
5190/**
5191 * Gets the effective stack address for a pop of the specified size and
5192 * calculates and updates the temporary RSP.
5193 *
5194 * @returns Current stack pointer.
5195 * @param pIemCpu The per CPU data.
5196 * @param pCtx Where to get the current stack mode.
5197 * @param pTmpRsp The temporary stack pointer. This is updated.
5198 * @param cbItem The size of the stack item to pop.
5199 */
5200DECLINLINE(RTGCPTR) iemRegGetRspForPopEx(PCIEMCPU pIemCpu, PCCPUMCTX pCtx, PRTUINT64U pTmpRsp, uint8_t cbItem)
5201{
5202 RTGCPTR GCPtrTop;
5203 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
5204 {
5205 GCPtrTop = pTmpRsp->u;
5206 pTmpRsp->u += cbItem;
5207 }
5208 else if (pCtx->ss.Attr.n.u1DefBig)
5209 {
5210 GCPtrTop = pTmpRsp->DWords.dw0;
5211 pTmpRsp->DWords.dw0 += cbItem;
5212 }
5213 else
5214 {
5215 GCPtrTop = pTmpRsp->Words.w0;
5216 pTmpRsp->Words.w0 += cbItem;
5217 }
5218 return GCPtrTop;
5219}
5220
5221/** @} */
5222
5223
5224/** @name FPU access and helpers.
5225 *
5226 * @{
5227 */
5228
5229
5230/**
5231 * Hook for preparing to use the host FPU.
5232 *
5233 * This is necessary in ring-0 and raw-mode context.
5234 *
5235 * @param pIemCpu The IEM per CPU data.
5236 */
5237DECLINLINE(void) iemFpuPrepareUsage(PIEMCPU pIemCpu)
5238{
5239#ifdef IN_RING3
5240 NOREF(pIemCpu);
5241#else
5242/** @todo RZ: FIXME */
5243//# error "Implement me"
5244#endif
5245}
5246
5247
5248/**
5249 * Hook for preparing to use the host FPU for SSE
5250 *
5251 * This is necessary in ring-0 and raw-mode context.
5252 *
5253 * @param pIemCpu The IEM per CPU data.
5254 */
5255DECLINLINE(void) iemFpuPrepareUsageSse(PIEMCPU pIemCpu)
5256{
5257 iemFpuPrepareUsage(pIemCpu);
5258}
5259
5260
5261/**
5262 * Stores a QNaN value into a FPU register.
5263 *
5264 * @param pReg Pointer to the register.
5265 */
5266DECLINLINE(void) iemFpuStoreQNan(PRTFLOAT80U pReg)
5267{
5268 pReg->au32[0] = UINT32_C(0x00000000);
5269 pReg->au32[1] = UINT32_C(0xc0000000);
5270 pReg->au16[4] = UINT16_C(0xffff);
5271}
5272
5273
5274/**
5275 * Updates the FOP, FPU.CS and FPUIP registers.
5276 *
5277 * @param pIemCpu The IEM per CPU data.
5278 * @param pCtx The CPU context.
5279 * @param pFpuCtx The FPU context.
5280 */
5281DECLINLINE(void) iemFpuUpdateOpcodeAndIpWorker(PIEMCPU pIemCpu, PCPUMCTX pCtx, PX86FXSTATE pFpuCtx)
5282{
5283 pFpuCtx->FOP = pIemCpu->abOpcode[pIemCpu->offFpuOpcode]
5284 | ((uint16_t)(pIemCpu->abOpcode[pIemCpu->offFpuOpcode - 1] & 0x7) << 8);
5285 /** @todo x87.CS and FPUIP needs to be kept seperately. */
5286 if (IEM_IS_REAL_OR_V86_MODE(pIemCpu))
5287 {
5288 /** @todo Testcase: making assumptions about how FPUIP and FPUDP are handled
5289 * happens in real mode here based on the fnsave and fnstenv images. */
5290 pFpuCtx->CS = 0;
5291 pFpuCtx->FPUIP = pCtx->eip | ((uint32_t)pCtx->cs.Sel << 4);
5292 }
5293 else
5294 {
5295 pFpuCtx->CS = pCtx->cs.Sel;
5296 pFpuCtx->FPUIP = pCtx->rip;
5297 }
5298}
5299
5300
5301/**
5302 * Updates the x87.DS and FPUDP registers.
5303 *
5304 * @param pIemCpu The IEM per CPU data.
5305 * @param pCtx The CPU context.
5306 * @param pFpuCtx The FPU context.
5307 * @param iEffSeg The effective segment register.
5308 * @param GCPtrEff The effective address relative to @a iEffSeg.
5309 */
5310DECLINLINE(void) iemFpuUpdateDP(PIEMCPU pIemCpu, PCPUMCTX pCtx, PX86FXSTATE pFpuCtx, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5311{
5312 RTSEL sel;
5313 switch (iEffSeg)
5314 {
5315 case X86_SREG_DS: sel = pCtx->ds.Sel; break;
5316 case X86_SREG_SS: sel = pCtx->ss.Sel; break;
5317 case X86_SREG_CS: sel = pCtx->cs.Sel; break;
5318 case X86_SREG_ES: sel = pCtx->es.Sel; break;
5319 case X86_SREG_FS: sel = pCtx->fs.Sel; break;
5320 case X86_SREG_GS: sel = pCtx->gs.Sel; break;
5321 default:
5322 AssertMsgFailed(("%d\n", iEffSeg));
5323 sel = pCtx->ds.Sel;
5324 }
5325 /** @todo pFpuCtx->DS and FPUDP needs to be kept seperately. */
5326 if (IEM_IS_REAL_OR_V86_MODE(pIemCpu))
5327 {
5328 pFpuCtx->DS = 0;
5329 pFpuCtx->FPUDP = (uint32_t)GCPtrEff | ((uint32_t)sel << 4);
5330 }
5331 else
5332 {
5333 pFpuCtx->DS = sel;
5334 pFpuCtx->FPUDP = GCPtrEff;
5335 }
5336}
5337
5338
5339/**
5340 * Rotates the stack registers in the push direction.
5341 *
5342 * @param pFpuCtx The FPU context.
5343 * @remarks This is a complete waste of time, but fxsave stores the registers in
5344 * stack order.
5345 */
5346DECLINLINE(void) iemFpuRotateStackPush(PX86FXSTATE pFpuCtx)
5347{
5348 RTFLOAT80U r80Tmp = pFpuCtx->aRegs[7].r80;
5349 pFpuCtx->aRegs[7].r80 = pFpuCtx->aRegs[6].r80;
5350 pFpuCtx->aRegs[6].r80 = pFpuCtx->aRegs[5].r80;
5351 pFpuCtx->aRegs[5].r80 = pFpuCtx->aRegs[4].r80;
5352 pFpuCtx->aRegs[4].r80 = pFpuCtx->aRegs[3].r80;
5353 pFpuCtx->aRegs[3].r80 = pFpuCtx->aRegs[2].r80;
5354 pFpuCtx->aRegs[2].r80 = pFpuCtx->aRegs[1].r80;
5355 pFpuCtx->aRegs[1].r80 = pFpuCtx->aRegs[0].r80;
5356 pFpuCtx->aRegs[0].r80 = r80Tmp;
5357}
5358
5359
5360/**
5361 * Rotates the stack registers in the pop direction.
5362 *
5363 * @param pFpuCtx The FPU context.
5364 * @remarks This is a complete waste of time, but fxsave stores the registers in
5365 * stack order.
5366 */
5367DECLINLINE(void) iemFpuRotateStackPop(PX86FXSTATE pFpuCtx)
5368{
5369 RTFLOAT80U r80Tmp = pFpuCtx->aRegs[0].r80;
5370 pFpuCtx->aRegs[0].r80 = pFpuCtx->aRegs[1].r80;
5371 pFpuCtx->aRegs[1].r80 = pFpuCtx->aRegs[2].r80;
5372 pFpuCtx->aRegs[2].r80 = pFpuCtx->aRegs[3].r80;
5373 pFpuCtx->aRegs[3].r80 = pFpuCtx->aRegs[4].r80;
5374 pFpuCtx->aRegs[4].r80 = pFpuCtx->aRegs[5].r80;
5375 pFpuCtx->aRegs[5].r80 = pFpuCtx->aRegs[6].r80;
5376 pFpuCtx->aRegs[6].r80 = pFpuCtx->aRegs[7].r80;
5377 pFpuCtx->aRegs[7].r80 = r80Tmp;
5378}
5379
5380
5381/**
5382 * Updates FSW and pushes a FPU result onto the FPU stack if no pending
5383 * exception prevents it.
5384 *
5385 * @param pIemCpu The IEM per CPU data.
5386 * @param pResult The FPU operation result to push.
5387 * @param pFpuCtx The FPU context.
5388 */
5389IEM_STATIC void iemFpuMaybePushResult(PIEMCPU pIemCpu, PIEMFPURESULT pResult, PX86FXSTATE pFpuCtx)
5390{
5391 /* Update FSW and bail if there are pending exceptions afterwards. */
5392 uint16_t fFsw = pFpuCtx->FSW & ~X86_FSW_C_MASK;
5393 fFsw |= pResult->FSW & ~X86_FSW_TOP_MASK;
5394 if ( (fFsw & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
5395 & ~(pFpuCtx->FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
5396 {
5397 pFpuCtx->FSW = fFsw;
5398 return;
5399 }
5400
5401 uint16_t iNewTop = (X86_FSW_TOP_GET(fFsw) + 7) & X86_FSW_TOP_SMASK;
5402 if (!(pFpuCtx->FTW & RT_BIT(iNewTop)))
5403 {
5404 /* All is fine, push the actual value. */
5405 pFpuCtx->FTW |= RT_BIT(iNewTop);
5406 pFpuCtx->aRegs[7].r80 = pResult->r80Result;
5407 }
5408 else if (pFpuCtx->FCW & X86_FCW_IM)
5409 {
5410 /* Masked stack overflow, push QNaN. */
5411 fFsw |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1;
5412 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
5413 }
5414 else
5415 {
5416 /* Raise stack overflow, don't push anything. */
5417 pFpuCtx->FSW |= pResult->FSW & ~X86_FSW_C_MASK;
5418 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1 | X86_FSW_B | X86_FSW_ES;
5419 return;
5420 }
5421
5422 fFsw &= ~X86_FSW_TOP_MASK;
5423 fFsw |= iNewTop << X86_FSW_TOP_SHIFT;
5424 pFpuCtx->FSW = fFsw;
5425
5426 iemFpuRotateStackPush(pFpuCtx);
5427}
5428
5429
5430/**
5431 * Stores a result in a FPU register and updates the FSW and FTW.
5432 *
5433 * @param pFpuCtx The FPU context.
5434 * @param pResult The result to store.
5435 * @param iStReg Which FPU register to store it in.
5436 */
5437IEM_STATIC void iemFpuStoreResultOnly(PX86FXSTATE pFpuCtx, PIEMFPURESULT pResult, uint8_t iStReg)
5438{
5439 Assert(iStReg < 8);
5440 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
5441 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5442 pFpuCtx->FSW |= pResult->FSW & ~X86_FSW_TOP_MASK;
5443 pFpuCtx->FTW |= RT_BIT(iReg);
5444 pFpuCtx->aRegs[iStReg].r80 = pResult->r80Result;
5445}
5446
5447
5448/**
5449 * Only updates the FPU status word (FSW) with the result of the current
5450 * instruction.
5451 *
5452 * @param pFpuCtx The FPU context.
5453 * @param u16FSW The FSW output of the current instruction.
5454 */
5455IEM_STATIC void iemFpuUpdateFSWOnly(PX86FXSTATE pFpuCtx, uint16_t u16FSW)
5456{
5457 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5458 pFpuCtx->FSW |= u16FSW & ~X86_FSW_TOP_MASK;
5459}
5460
5461
5462/**
5463 * Pops one item off the FPU stack if no pending exception prevents it.
5464 *
5465 * @param pFpuCtx The FPU context.
5466 */
5467IEM_STATIC void iemFpuMaybePopOne(PX86FXSTATE pFpuCtx)
5468{
5469 /* Check pending exceptions. */
5470 uint16_t uFSW = pFpuCtx->FSW;
5471 if ( (pFpuCtx->FSW & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
5472 & ~(pFpuCtx->FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
5473 return;
5474
5475 /* TOP--. */
5476 uint16_t iOldTop = uFSW & X86_FSW_TOP_MASK;
5477 uFSW &= ~X86_FSW_TOP_MASK;
5478 uFSW |= (iOldTop + (UINT16_C(9) << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
5479 pFpuCtx->FSW = uFSW;
5480
5481 /* Mark the previous ST0 as empty. */
5482 iOldTop >>= X86_FSW_TOP_SHIFT;
5483 pFpuCtx->FTW &= ~RT_BIT(iOldTop);
5484
5485 /* Rotate the registers. */
5486 iemFpuRotateStackPop(pFpuCtx);
5487}
5488
5489
5490/**
5491 * Pushes a FPU result onto the FPU stack if no pending exception prevents it.
5492 *
5493 * @param pIemCpu The IEM per CPU data.
5494 * @param pResult The FPU operation result to push.
5495 */
5496IEM_STATIC void iemFpuPushResult(PIEMCPU pIemCpu, PIEMFPURESULT pResult)
5497{
5498 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5499 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5500 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5501 iemFpuMaybePushResult(pIemCpu, pResult, pFpuCtx);
5502}
5503
5504
5505/**
5506 * Pushes a FPU result onto the FPU stack if no pending exception prevents it,
5507 * and sets FPUDP and FPUDS.
5508 *
5509 * @param pIemCpu The IEM per CPU data.
5510 * @param pResult The FPU operation result to push.
5511 * @param iEffSeg The effective segment register.
5512 * @param GCPtrEff The effective address relative to @a iEffSeg.
5513 */
5514IEM_STATIC void iemFpuPushResultWithMemOp(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5515{
5516 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5517 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5518 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5519 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5520 iemFpuMaybePushResult(pIemCpu, pResult, pFpuCtx);
5521}
5522
5523
5524/**
5525 * Replace ST0 with the first value and push the second onto the FPU stack,
5526 * unless a pending exception prevents it.
5527 *
5528 * @param pIemCpu The IEM per CPU data.
5529 * @param pResult The FPU operation result to store and push.
5530 */
5531IEM_STATIC void iemFpuPushResultTwo(PIEMCPU pIemCpu, PIEMFPURESULTTWO pResult)
5532{
5533 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5534 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5535 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5536
5537 /* Update FSW and bail if there are pending exceptions afterwards. */
5538 uint16_t fFsw = pFpuCtx->FSW & ~X86_FSW_C_MASK;
5539 fFsw |= pResult->FSW & ~X86_FSW_TOP_MASK;
5540 if ( (fFsw & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
5541 & ~(pFpuCtx->FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
5542 {
5543 pFpuCtx->FSW = fFsw;
5544 return;
5545 }
5546
5547 uint16_t iNewTop = (X86_FSW_TOP_GET(fFsw) + 7) & X86_FSW_TOP_SMASK;
5548 if (!(pFpuCtx->FTW & RT_BIT(iNewTop)))
5549 {
5550 /* All is fine, push the actual value. */
5551 pFpuCtx->FTW |= RT_BIT(iNewTop);
5552 pFpuCtx->aRegs[0].r80 = pResult->r80Result1;
5553 pFpuCtx->aRegs[7].r80 = pResult->r80Result2;
5554 }
5555 else if (pFpuCtx->FCW & X86_FCW_IM)
5556 {
5557 /* Masked stack overflow, push QNaN. */
5558 fFsw |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1;
5559 iemFpuStoreQNan(&pFpuCtx->aRegs[0].r80);
5560 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
5561 }
5562 else
5563 {
5564 /* Raise stack overflow, don't push anything. */
5565 pFpuCtx->FSW |= pResult->FSW & ~X86_FSW_C_MASK;
5566 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1 | X86_FSW_B | X86_FSW_ES;
5567 return;
5568 }
5569
5570 fFsw &= ~X86_FSW_TOP_MASK;
5571 fFsw |= iNewTop << X86_FSW_TOP_SHIFT;
5572 pFpuCtx->FSW = fFsw;
5573
5574 iemFpuRotateStackPush(pFpuCtx);
5575}
5576
5577
5578/**
5579 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, and
5580 * FOP.
5581 *
5582 * @param pIemCpu The IEM per CPU data.
5583 * @param pResult The result to store.
5584 * @param iStReg Which FPU register to store it in.
5585 */
5586IEM_STATIC void iemFpuStoreResult(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg)
5587{
5588 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5589 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5590 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5591 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
5592}
5593
5594
5595/**
5596 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, and
5597 * FOP, and then pops the stack.
5598 *
5599 * @param pIemCpu The IEM per CPU data.
5600 * @param pResult The result to store.
5601 * @param iStReg Which FPU register to store it in.
5602 */
5603IEM_STATIC void iemFpuStoreResultThenPop(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg)
5604{
5605 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5606 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5607 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5608 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
5609 iemFpuMaybePopOne(pFpuCtx);
5610}
5611
5612
5613/**
5614 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, FOP,
5615 * FPUDP, and FPUDS.
5616 *
5617 * @param pIemCpu The IEM per CPU data.
5618 * @param pResult The result to store.
5619 * @param iStReg Which FPU register to store it in.
5620 * @param iEffSeg The effective memory operand selector register.
5621 * @param GCPtrEff The effective memory operand offset.
5622 */
5623IEM_STATIC void iemFpuStoreResultWithMemOp(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg,
5624 uint8_t iEffSeg, RTGCPTR GCPtrEff)
5625{
5626 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5627 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5628 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5629 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5630 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
5631}
5632
5633
5634/**
5635 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, FOP,
5636 * FPUDP, and FPUDS, and then pops the stack.
5637 *
5638 * @param pIemCpu The IEM per CPU data.
5639 * @param pResult The result to store.
5640 * @param iStReg Which FPU register to store it in.
5641 * @param iEffSeg The effective memory operand selector register.
5642 * @param GCPtrEff The effective memory operand offset.
5643 */
5644IEM_STATIC void iemFpuStoreResultWithMemOpThenPop(PIEMCPU pIemCpu, PIEMFPURESULT pResult,
5645 uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5646{
5647 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5648 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5649 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5650 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5651 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
5652 iemFpuMaybePopOne(pFpuCtx);
5653}
5654
5655
5656/**
5657 * Updates the FOP, FPUIP, and FPUCS. For FNOP.
5658 *
5659 * @param pIemCpu The IEM per CPU data.
5660 */
5661IEM_STATIC void iemFpuUpdateOpcodeAndIp(PIEMCPU pIemCpu)
5662{
5663 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5664 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5665 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5666}
5667
5668
5669/**
5670 * Marks the specified stack register as free (for FFREE).
5671 *
5672 * @param pIemCpu The IEM per CPU data.
5673 * @param iStReg The register to free.
5674 */
5675IEM_STATIC void iemFpuStackFree(PIEMCPU pIemCpu, uint8_t iStReg)
5676{
5677 Assert(iStReg < 8);
5678 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
5679 uint8_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
5680 pFpuCtx->FTW &= ~RT_BIT(iReg);
5681}
5682
5683
5684/**
5685 * Increments FSW.TOP, i.e. pops an item off the stack without freeing it.
5686 *
5687 * @param pIemCpu The IEM per CPU data.
5688 */
5689IEM_STATIC void iemFpuStackIncTop(PIEMCPU pIemCpu)
5690{
5691 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
5692 uint16_t uFsw = pFpuCtx->FSW;
5693 uint16_t uTop = uFsw & X86_FSW_TOP_MASK;
5694 uTop = (uTop + (1 << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
5695 uFsw &= ~X86_FSW_TOP_MASK;
5696 uFsw |= uTop;
5697 pFpuCtx->FSW = uFsw;
5698}
5699
5700
5701/**
5702 * Decrements FSW.TOP, i.e. push an item off the stack without storing anything.
5703 *
5704 * @param pIemCpu The IEM per CPU data.
5705 */
5706IEM_STATIC void iemFpuStackDecTop(PIEMCPU pIemCpu)
5707{
5708 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
5709 uint16_t uFsw = pFpuCtx->FSW;
5710 uint16_t uTop = uFsw & X86_FSW_TOP_MASK;
5711 uTop = (uTop + (7 << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
5712 uFsw &= ~X86_FSW_TOP_MASK;
5713 uFsw |= uTop;
5714 pFpuCtx->FSW = uFsw;
5715}
5716
5717
5718/**
5719 * Updates the FSW, FOP, FPUIP, and FPUCS.
5720 *
5721 * @param pIemCpu The IEM per CPU data.
5722 * @param u16FSW The FSW from the current instruction.
5723 */
5724IEM_STATIC void iemFpuUpdateFSW(PIEMCPU pIemCpu, uint16_t u16FSW)
5725{
5726 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5727 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5728 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5729 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
5730}
5731
5732
5733/**
5734 * Updates the FSW, FOP, FPUIP, and FPUCS, then pops the stack.
5735 *
5736 * @param pIemCpu The IEM per CPU data.
5737 * @param u16FSW The FSW from the current instruction.
5738 */
5739IEM_STATIC void iemFpuUpdateFSWThenPop(PIEMCPU pIemCpu, uint16_t u16FSW)
5740{
5741 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5742 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5743 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5744 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
5745 iemFpuMaybePopOne(pFpuCtx);
5746}
5747
5748
5749/**
5750 * Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS.
5751 *
5752 * @param pIemCpu The IEM per CPU data.
5753 * @param u16FSW The FSW from the current instruction.
5754 * @param iEffSeg The effective memory operand selector register.
5755 * @param GCPtrEff The effective memory operand offset.
5756 */
5757IEM_STATIC void iemFpuUpdateFSWWithMemOp(PIEMCPU pIemCpu, uint16_t u16FSW, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5758{
5759 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5760 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5761 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5762 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5763 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
5764}
5765
5766
5767/**
5768 * Updates the FSW, FOP, FPUIP, and FPUCS, then pops the stack twice.
5769 *
5770 * @param pIemCpu The IEM per CPU data.
5771 * @param u16FSW The FSW from the current instruction.
5772 */
5773IEM_STATIC void iemFpuUpdateFSWThenPopPop(PIEMCPU pIemCpu, uint16_t u16FSW)
5774{
5775 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5776 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5777 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5778 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
5779 iemFpuMaybePopOne(pFpuCtx);
5780 iemFpuMaybePopOne(pFpuCtx);
5781}
5782
5783
5784/**
5785 * Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS, then pops the stack.
5786 *
5787 * @param pIemCpu The IEM per CPU data.
5788 * @param u16FSW The FSW from the current instruction.
5789 * @param iEffSeg The effective memory operand selector register.
5790 * @param GCPtrEff The effective memory operand offset.
5791 */
5792IEM_STATIC void iemFpuUpdateFSWWithMemOpThenPop(PIEMCPU pIemCpu, uint16_t u16FSW, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5793{
5794 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5795 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5796 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5797 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5798 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
5799 iemFpuMaybePopOne(pFpuCtx);
5800}
5801
5802
5803/**
5804 * Worker routine for raising an FPU stack underflow exception.
5805 *
5806 * @param pIemCpu The IEM per CPU data.
5807 * @param pFpuCtx The FPU context.
5808 * @param iStReg The stack register being accessed.
5809 */
5810IEM_STATIC void iemFpuStackUnderflowOnly(PIEMCPU pIemCpu, PX86FXSTATE pFpuCtx, uint8_t iStReg)
5811{
5812 Assert(iStReg < 8 || iStReg == UINT8_MAX);
5813 if (pFpuCtx->FCW & X86_FCW_IM)
5814 {
5815 /* Masked underflow. */
5816 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5817 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF;
5818 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
5819 if (iStReg != UINT8_MAX)
5820 {
5821 pFpuCtx->FTW |= RT_BIT(iReg);
5822 iemFpuStoreQNan(&pFpuCtx->aRegs[iStReg].r80);
5823 }
5824 }
5825 else
5826 {
5827 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5828 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
5829 }
5830}
5831
5832
5833/**
5834 * Raises a FPU stack underflow exception.
5835 *
5836 * @param pIemCpu The IEM per CPU data.
5837 * @param iStReg The destination register that should be loaded
5838 * with QNaN if \#IS is not masked. Specify
5839 * UINT8_MAX if none (like for fcom).
5840 */
5841DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackUnderflow(PIEMCPU pIemCpu, uint8_t iStReg)
5842{
5843 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5844 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5845 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5846 iemFpuStackUnderflowOnly(pIemCpu, pFpuCtx, iStReg);
5847}
5848
5849
5850DECL_NO_INLINE(IEM_STATIC, void)
5851iemFpuStackUnderflowWithMemOp(PIEMCPU pIemCpu, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5852{
5853 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5854 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5855 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5856 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5857 iemFpuStackUnderflowOnly(pIemCpu, pFpuCtx, iStReg);
5858}
5859
5860
5861DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackUnderflowThenPop(PIEMCPU pIemCpu, uint8_t iStReg)
5862{
5863 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5864 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5865 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5866 iemFpuStackUnderflowOnly(pIemCpu, pFpuCtx, iStReg);
5867 iemFpuMaybePopOne(pFpuCtx);
5868}
5869
5870
5871DECL_NO_INLINE(IEM_STATIC, void)
5872iemFpuStackUnderflowWithMemOpThenPop(PIEMCPU pIemCpu, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5873{
5874 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5875 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5876 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
5877 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5878 iemFpuStackUnderflowOnly(pIemCpu, pFpuCtx, iStReg);
5879 iemFpuMaybePopOne(pFpuCtx);
5880}
5881
5882
5883DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackUnderflowThenPopPop(PIEMCPU pIemCpu)
5884{
5885 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5886 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5887 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5888 iemFpuStackUnderflowOnly(pIemCpu, pFpuCtx, UINT8_MAX);
5889 iemFpuMaybePopOne(pFpuCtx);
5890 iemFpuMaybePopOne(pFpuCtx);
5891}
5892
5893
5894DECL_NO_INLINE(IEM_STATIC, void)
5895iemFpuStackPushUnderflow(PIEMCPU pIemCpu)
5896{
5897 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5898 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5899 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5900
5901 if (pFpuCtx->FCW & X86_FCW_IM)
5902 {
5903 /* Masked overflow - Push QNaN. */
5904 uint16_t iNewTop = (X86_FSW_TOP_GET(pFpuCtx->FSW) + 7) & X86_FSW_TOP_SMASK;
5905 pFpuCtx->FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
5906 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF;
5907 pFpuCtx->FSW |= iNewTop << X86_FSW_TOP_SHIFT;
5908 pFpuCtx->FTW |= RT_BIT(iNewTop);
5909 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
5910 iemFpuRotateStackPush(pFpuCtx);
5911 }
5912 else
5913 {
5914 /* Exception pending - don't change TOP or the register stack. */
5915 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5916 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
5917 }
5918}
5919
5920
5921DECL_NO_INLINE(IEM_STATIC, void)
5922iemFpuStackPushUnderflowTwo(PIEMCPU pIemCpu)
5923{
5924 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5925 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5926 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5927
5928 if (pFpuCtx->FCW & X86_FCW_IM)
5929 {
5930 /* Masked overflow - Push QNaN. */
5931 uint16_t iNewTop = (X86_FSW_TOP_GET(pFpuCtx->FSW) + 7) & X86_FSW_TOP_SMASK;
5932 pFpuCtx->FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
5933 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF;
5934 pFpuCtx->FSW |= iNewTop << X86_FSW_TOP_SHIFT;
5935 pFpuCtx->FTW |= RT_BIT(iNewTop);
5936 iemFpuStoreQNan(&pFpuCtx->aRegs[0].r80);
5937 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
5938 iemFpuRotateStackPush(pFpuCtx);
5939 }
5940 else
5941 {
5942 /* Exception pending - don't change TOP or the register stack. */
5943 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5944 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
5945 }
5946}
5947
5948
5949/**
5950 * Worker routine for raising an FPU stack overflow exception on a push.
5951 *
5952 * @param pFpuCtx The FPU context.
5953 */
5954IEM_STATIC void iemFpuStackPushOverflowOnly(PX86FXSTATE pFpuCtx)
5955{
5956 if (pFpuCtx->FCW & X86_FCW_IM)
5957 {
5958 /* Masked overflow. */
5959 uint16_t iNewTop = (X86_FSW_TOP_GET(pFpuCtx->FSW) + 7) & X86_FSW_TOP_SMASK;
5960 pFpuCtx->FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
5961 pFpuCtx->FSW |= X86_FSW_C1 | X86_FSW_IE | X86_FSW_SF;
5962 pFpuCtx->FSW |= iNewTop << X86_FSW_TOP_SHIFT;
5963 pFpuCtx->FTW |= RT_BIT(iNewTop);
5964 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
5965 iemFpuRotateStackPush(pFpuCtx);
5966 }
5967 else
5968 {
5969 /* Exception pending - don't change TOP or the register stack. */
5970 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
5971 pFpuCtx->FSW |= X86_FSW_C1 | X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
5972 }
5973}
5974
5975
5976/**
5977 * Raises a FPU stack overflow exception on a push.
5978 *
5979 * @param pIemCpu The IEM per CPU data.
5980 */
5981DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackPushOverflow(PIEMCPU pIemCpu)
5982{
5983 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5984 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
5985 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
5986 iemFpuStackPushOverflowOnly(pFpuCtx);
5987}
5988
5989
5990/**
5991 * Raises a FPU stack overflow exception on a push with a memory operand.
5992 *
5993 * @param pIemCpu The IEM per CPU data.
5994 * @param iEffSeg The effective memory operand selector register.
5995 * @param GCPtrEff The effective memory operand offset.
5996 */
5997DECL_NO_INLINE(IEM_STATIC, void)
5998iemFpuStackPushOverflowWithMemOp(PIEMCPU pIemCpu, uint8_t iEffSeg, RTGCPTR GCPtrEff)
5999{
6000 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6001 PX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
6002 iemFpuUpdateDP(pIemCpu, pCtx, pFpuCtx, iEffSeg, GCPtrEff);
6003 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx, pFpuCtx);
6004 iemFpuStackPushOverflowOnly(pFpuCtx);
6005}
6006
6007
6008IEM_STATIC int iemFpuStRegNotEmpty(PIEMCPU pIemCpu, uint8_t iStReg)
6009{
6010 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
6011 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
6012 if (pFpuCtx->FTW & RT_BIT(iReg))
6013 return VINF_SUCCESS;
6014 return VERR_NOT_FOUND;
6015}
6016
6017
6018IEM_STATIC int iemFpuStRegNotEmptyRef(PIEMCPU pIemCpu, uint8_t iStReg, PCRTFLOAT80U *ppRef)
6019{
6020 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
6021 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
6022 if (pFpuCtx->FTW & RT_BIT(iReg))
6023 {
6024 *ppRef = &pFpuCtx->aRegs[iStReg].r80;
6025 return VINF_SUCCESS;
6026 }
6027 return VERR_NOT_FOUND;
6028}
6029
6030
6031IEM_STATIC int iemFpu2StRegsNotEmptyRef(PIEMCPU pIemCpu, uint8_t iStReg0, PCRTFLOAT80U *ppRef0,
6032 uint8_t iStReg1, PCRTFLOAT80U *ppRef1)
6033{
6034 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
6035 uint16_t iTop = X86_FSW_TOP_GET(pFpuCtx->FSW);
6036 uint16_t iReg0 = (iTop + iStReg0) & X86_FSW_TOP_SMASK;
6037 uint16_t iReg1 = (iTop + iStReg1) & X86_FSW_TOP_SMASK;
6038 if ((pFpuCtx->FTW & (RT_BIT(iReg0) | RT_BIT(iReg1))) == (RT_BIT(iReg0) | RT_BIT(iReg1)))
6039 {
6040 *ppRef0 = &pFpuCtx->aRegs[iStReg0].r80;
6041 *ppRef1 = &pFpuCtx->aRegs[iStReg1].r80;
6042 return VINF_SUCCESS;
6043 }
6044 return VERR_NOT_FOUND;
6045}
6046
6047
6048IEM_STATIC int iemFpu2StRegsNotEmptyRefFirst(PIEMCPU pIemCpu, uint8_t iStReg0, PCRTFLOAT80U *ppRef0, uint8_t iStReg1)
6049{
6050 PX86FXSTATE pFpuCtx = &pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87;
6051 uint16_t iTop = X86_FSW_TOP_GET(pFpuCtx->FSW);
6052 uint16_t iReg0 = (iTop + iStReg0) & X86_FSW_TOP_SMASK;
6053 uint16_t iReg1 = (iTop + iStReg1) & X86_FSW_TOP_SMASK;
6054 if ((pFpuCtx->FTW & (RT_BIT(iReg0) | RT_BIT(iReg1))) == (RT_BIT(iReg0) | RT_BIT(iReg1)))
6055 {
6056 *ppRef0 = &pFpuCtx->aRegs[iStReg0].r80;
6057 return VINF_SUCCESS;
6058 }
6059 return VERR_NOT_FOUND;
6060}
6061
6062
6063/**
6064 * Updates the FPU exception status after FCW is changed.
6065 *
6066 * @param pFpuCtx The FPU context.
6067 */
6068IEM_STATIC void iemFpuRecalcExceptionStatus(PX86FXSTATE pFpuCtx)
6069{
6070 uint16_t u16Fsw = pFpuCtx->FSW;
6071 if ((u16Fsw & X86_FSW_XCPT_MASK) & ~(pFpuCtx->FCW & X86_FCW_XCPT_MASK))
6072 u16Fsw |= X86_FSW_ES | X86_FSW_B;
6073 else
6074 u16Fsw &= ~(X86_FSW_ES | X86_FSW_B);
6075 pFpuCtx->FSW = u16Fsw;
6076}
6077
6078
6079/**
6080 * Calculates the full FTW (FPU tag word) for use in FNSTENV and FNSAVE.
6081 *
6082 * @returns The full FTW.
6083 * @param pFpuCtx The FPU context.
6084 */
6085IEM_STATIC uint16_t iemFpuCalcFullFtw(PCX86FXSTATE pFpuCtx)
6086{
6087 uint8_t const u8Ftw = (uint8_t)pFpuCtx->FTW;
6088 uint16_t u16Ftw = 0;
6089 unsigned const iTop = X86_FSW_TOP_GET(pFpuCtx->FSW);
6090 for (unsigned iSt = 0; iSt < 8; iSt++)
6091 {
6092 unsigned const iReg = (iSt + iTop) & 7;
6093 if (!(u8Ftw & RT_BIT(iReg)))
6094 u16Ftw |= 3 << (iReg * 2); /* empty */
6095 else
6096 {
6097 uint16_t uTag;
6098 PCRTFLOAT80U const pr80Reg = &pFpuCtx->aRegs[iSt].r80;
6099 if (pr80Reg->s.uExponent == 0x7fff)
6100 uTag = 2; /* Exponent is all 1's => Special. */
6101 else if (pr80Reg->s.uExponent == 0x0000)
6102 {
6103 if (pr80Reg->s.u64Mantissa == 0x0000)
6104 uTag = 1; /* All bits are zero => Zero. */
6105 else
6106 uTag = 2; /* Must be special. */
6107 }
6108 else if (pr80Reg->s.u64Mantissa & RT_BIT_64(63)) /* The J bit. */
6109 uTag = 0; /* Valid. */
6110 else
6111 uTag = 2; /* Must be special. */
6112
6113 u16Ftw |= uTag << (iReg * 2); /* empty */
6114 }
6115 }
6116
6117 return u16Ftw;
6118}
6119
6120
6121/**
6122 * Converts a full FTW to a compressed one (for use in FLDENV and FRSTOR).
6123 *
6124 * @returns The compressed FTW.
6125 * @param u16FullFtw The full FTW to convert.
6126 */
6127IEM_STATIC uint16_t iemFpuCompressFtw(uint16_t u16FullFtw)
6128{
6129 uint8_t u8Ftw = 0;
6130 for (unsigned i = 0; i < 8; i++)
6131 {
6132 if ((u16FullFtw & 3) != 3 /*empty*/)
6133 u8Ftw |= RT_BIT(i);
6134 u16FullFtw >>= 2;
6135 }
6136
6137 return u8Ftw;
6138}
6139
6140/** @} */
6141
6142
6143/** @name Memory access.
6144 *
6145 * @{
6146 */
6147
6148
6149/**
6150 * Updates the IEMCPU::cbWritten counter if applicable.
6151 *
6152 * @param pIemCpu The IEM per CPU data.
6153 * @param fAccess The access being accounted for.
6154 * @param cbMem The access size.
6155 */
6156DECL_FORCE_INLINE(void) iemMemUpdateWrittenCounter(PIEMCPU pIemCpu, uint32_t fAccess, size_t cbMem)
6157{
6158 if ( (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_STACK | IEM_ACCESS_TYPE_WRITE)
6159 || (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_DATA | IEM_ACCESS_TYPE_WRITE) )
6160 pIemCpu->cbWritten += (uint32_t)cbMem;
6161}
6162
6163
6164/**
6165 * Checks if the given segment can be written to, raise the appropriate
6166 * exception if not.
6167 *
6168 * @returns VBox strict status code.
6169 *
6170 * @param pIemCpu The IEM per CPU data.
6171 * @param pHid Pointer to the hidden register.
6172 * @param iSegReg The register number.
6173 * @param pu64BaseAddr Where to return the base address to use for the
6174 * segment. (In 64-bit code it may differ from the
6175 * base in the hidden segment.)
6176 */
6177IEM_STATIC VBOXSTRICTRC
6178iemMemSegCheckWriteAccessEx(PIEMCPU pIemCpu, PCCPUMSELREGHID pHid, uint8_t iSegReg, uint64_t *pu64BaseAddr)
6179{
6180 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
6181 *pu64BaseAddr = iSegReg < X86_SREG_FS ? 0 : pHid->u64Base;
6182 else
6183 {
6184 if (!pHid->Attr.n.u1Present)
6185 return iemRaiseSelectorNotPresentBySegReg(pIemCpu, iSegReg);
6186
6187 if ( ( (pHid->Attr.n.u4Type & X86_SEL_TYPE_CODE)
6188 || !(pHid->Attr.n.u4Type & X86_SEL_TYPE_WRITE) )
6189 && pIemCpu->enmCpuMode != IEMMODE_64BIT )
6190 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, IEM_ACCESS_DATA_W);
6191 *pu64BaseAddr = pHid->u64Base;
6192 }
6193 return VINF_SUCCESS;
6194}
6195
6196
6197/**
6198 * Checks if the given segment can be read from, raise the appropriate
6199 * exception if not.
6200 *
6201 * @returns VBox strict status code.
6202 *
6203 * @param pIemCpu The IEM per CPU data.
6204 * @param pHid Pointer to the hidden register.
6205 * @param iSegReg The register number.
6206 * @param pu64BaseAddr Where to return the base address to use for the
6207 * segment. (In 64-bit code it may differ from the
6208 * base in the hidden segment.)
6209 */
6210IEM_STATIC VBOXSTRICTRC
6211iemMemSegCheckReadAccessEx(PIEMCPU pIemCpu, PCCPUMSELREGHID pHid, uint8_t iSegReg, uint64_t *pu64BaseAddr)
6212{
6213 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
6214 *pu64BaseAddr = iSegReg < X86_SREG_FS ? 0 : pHid->u64Base;
6215 else
6216 {
6217 if (!pHid->Attr.n.u1Present)
6218 return iemRaiseSelectorNotPresentBySegReg(pIemCpu, iSegReg);
6219
6220 if ((pHid->Attr.n.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ)) == X86_SEL_TYPE_CODE)
6221 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, IEM_ACCESS_DATA_R);
6222 *pu64BaseAddr = pHid->u64Base;
6223 }
6224 return VINF_SUCCESS;
6225}
6226
6227
6228/**
6229 * Applies the segment limit, base and attributes.
6230 *
6231 * This may raise a \#GP or \#SS.
6232 *
6233 * @returns VBox strict status code.
6234 *
6235 * @param pIemCpu The IEM per CPU data.
6236 * @param fAccess The kind of access which is being performed.
6237 * @param iSegReg The index of the segment register to apply.
6238 * This is UINT8_MAX if none (for IDT, GDT, LDT,
6239 * TSS, ++).
6240 * @param cbMem The access size.
6241 * @param pGCPtrMem Pointer to the guest memory address to apply
6242 * segmentation to. Input and output parameter.
6243 */
6244IEM_STATIC VBOXSTRICTRC
6245iemMemApplySegment(PIEMCPU pIemCpu, uint32_t fAccess, uint8_t iSegReg, size_t cbMem, PRTGCPTR pGCPtrMem)
6246{
6247 if (iSegReg == UINT8_MAX)
6248 return VINF_SUCCESS;
6249
6250 PCPUMSELREGHID pSel = iemSRegGetHid(pIemCpu, iSegReg);
6251 switch (pIemCpu->enmCpuMode)
6252 {
6253 case IEMMODE_16BIT:
6254 case IEMMODE_32BIT:
6255 {
6256 RTGCPTR32 GCPtrFirst32 = (RTGCPTR32)*pGCPtrMem;
6257 RTGCPTR32 GCPtrLast32 = GCPtrFirst32 + (uint32_t)cbMem - 1;
6258
6259 if ( pSel->Attr.n.u1Present
6260 && !pSel->Attr.n.u1Unusable)
6261 {
6262 Assert(pSel->Attr.n.u1DescType);
6263 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_CODE))
6264 {
6265 if ( (fAccess & IEM_ACCESS_TYPE_WRITE)
6266 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_WRITE) )
6267 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, fAccess);
6268
6269 if (!IEM_IS_REAL_OR_V86_MODE(pIemCpu))
6270 {
6271 /** @todo CPL check. */
6272 }
6273
6274 /*
6275 * There are two kinds of data selectors, normal and expand down.
6276 */
6277 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_DOWN))
6278 {
6279 if ( GCPtrFirst32 > pSel->u32Limit
6280 || GCPtrLast32 > pSel->u32Limit) /* yes, in real mode too (since 80286). */
6281 return iemRaiseSelectorBounds(pIemCpu, iSegReg, fAccess);
6282 }
6283 else
6284 {
6285 /*
6286 * The upper boundary is defined by the B bit, not the G bit!
6287 */
6288 if ( GCPtrFirst32 < pSel->u32Limit + UINT32_C(1)
6289 || GCPtrLast32 > (pSel->Attr.n.u1DefBig ? UINT32_MAX : UINT32_C(0xffff)))
6290 return iemRaiseSelectorBounds(pIemCpu, iSegReg, fAccess);
6291 }
6292 *pGCPtrMem = GCPtrFirst32 += (uint32_t)pSel->u64Base;
6293 }
6294 else
6295 {
6296
6297 /*
6298 * Code selector and usually be used to read thru, writing is
6299 * only permitted in real and V8086 mode.
6300 */
6301 if ( ( (fAccess & IEM_ACCESS_TYPE_WRITE)
6302 || ( (fAccess & IEM_ACCESS_TYPE_READ)
6303 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_READ)) )
6304 && !IEM_IS_REAL_OR_V86_MODE(pIemCpu) )
6305 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, fAccess);
6306
6307 if ( GCPtrFirst32 > pSel->u32Limit
6308 || GCPtrLast32 > pSel->u32Limit) /* yes, in real mode too (since 80286). */
6309 return iemRaiseSelectorBounds(pIemCpu, iSegReg, fAccess);
6310
6311 if (!IEM_IS_REAL_OR_V86_MODE(pIemCpu))
6312 {
6313 /** @todo CPL check. */
6314 }
6315
6316 *pGCPtrMem = GCPtrFirst32 += (uint32_t)pSel->u64Base;
6317 }
6318 }
6319 else
6320 return iemRaiseGeneralProtectionFault0(pIemCpu);
6321 return VINF_SUCCESS;
6322 }
6323
6324 case IEMMODE_64BIT:
6325 {
6326 RTGCPTR GCPtrMem = *pGCPtrMem;
6327 if (iSegReg == X86_SREG_GS || iSegReg == X86_SREG_FS)
6328 *pGCPtrMem = GCPtrMem + pSel->u64Base;
6329
6330 Assert(cbMem >= 1);
6331 if (RT_LIKELY(X86_IS_CANONICAL(GCPtrMem) && X86_IS_CANONICAL(GCPtrMem + cbMem - 1)))
6332 return VINF_SUCCESS;
6333 return iemRaiseGeneralProtectionFault0(pIemCpu);
6334 }
6335
6336 default:
6337 AssertFailedReturn(VERR_IEM_IPE_7);
6338 }
6339}
6340
6341
6342/**
6343 * Translates a virtual address to a physical physical address and checks if we
6344 * can access the page as specified.
6345 *
6346 * @param pIemCpu The IEM per CPU data.
6347 * @param GCPtrMem The virtual address.
6348 * @param fAccess The intended access.
6349 * @param pGCPhysMem Where to return the physical address.
6350 */
6351IEM_STATIC VBOXSTRICTRC
6352iemMemPageTranslateAndCheckAccess(PIEMCPU pIemCpu, RTGCPTR GCPtrMem, uint32_t fAccess, PRTGCPHYS pGCPhysMem)
6353{
6354 /** @todo Need a different PGM interface here. We're currently using
6355 * generic / REM interfaces. this won't cut it for R0 & RC. */
6356 RTGCPHYS GCPhys;
6357 uint64_t fFlags;
6358 int rc = PGMGstGetPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrMem, &fFlags, &GCPhys);
6359 if (RT_FAILURE(rc))
6360 {
6361 /** @todo Check unassigned memory in unpaged mode. */
6362 /** @todo Reserved bits in page tables. Requires new PGM interface. */
6363 *pGCPhysMem = NIL_RTGCPHYS;
6364 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess, rc);
6365 }
6366
6367 /* If the page is writable and does not have the no-exec bit set, all
6368 access is allowed. Otherwise we'll have to check more carefully... */
6369 if ((fFlags & (X86_PTE_RW | X86_PTE_US | X86_PTE_PAE_NX)) != (X86_PTE_RW | X86_PTE_US))
6370 {
6371 /* Write to read only memory? */
6372 if ( (fAccess & IEM_ACCESS_TYPE_WRITE)
6373 && !(fFlags & X86_PTE_RW)
6374 && ( pIemCpu->uCpl != 0
6375 || (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_WP)))
6376 {
6377 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - read-only page -> #PF\n", GCPtrMem));
6378 *pGCPhysMem = NIL_RTGCPHYS;
6379 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess & ~IEM_ACCESS_TYPE_READ, VERR_ACCESS_DENIED);
6380 }
6381
6382 /* Kernel memory accessed by userland? */
6383 if ( !(fFlags & X86_PTE_US)
6384 && pIemCpu->uCpl == 3
6385 && !(fAccess & IEM_ACCESS_WHAT_SYS))
6386 {
6387 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - user access to kernel page -> #PF\n", GCPtrMem));
6388 *pGCPhysMem = NIL_RTGCPHYS;
6389 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess, VERR_ACCESS_DENIED);
6390 }
6391
6392 /* Executing non-executable memory? */
6393 if ( (fAccess & IEM_ACCESS_TYPE_EXEC)
6394 && (fFlags & X86_PTE_PAE_NX)
6395 && (pIemCpu->CTX_SUFF(pCtx)->msrEFER & MSR_K6_EFER_NXE) )
6396 {
6397 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - NX -> #PF\n", GCPtrMem));
6398 *pGCPhysMem = NIL_RTGCPHYS;
6399 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess & ~(IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_WRITE),
6400 VERR_ACCESS_DENIED);
6401 }
6402 }
6403
6404 /*
6405 * Set the dirty / access flags.
6406 * ASSUMES this is set when the address is translated rather than on committ...
6407 */
6408 /** @todo testcase: check when A and D bits are actually set by the CPU. */
6409 uint32_t fAccessedDirty = fAccess & IEM_ACCESS_TYPE_WRITE ? X86_PTE_D | X86_PTE_A : X86_PTE_A;
6410 if ((fFlags & fAccessedDirty) != fAccessedDirty)
6411 {
6412 int rc2 = PGMGstModifyPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrMem, 1, fAccessedDirty, ~(uint64_t)fAccessedDirty);
6413 AssertRC(rc2);
6414 }
6415
6416 GCPhys |= GCPtrMem & PAGE_OFFSET_MASK;
6417 *pGCPhysMem = GCPhys;
6418 return VINF_SUCCESS;
6419}
6420
6421
6422
6423/**
6424 * Maps a physical page.
6425 *
6426 * @returns VBox status code (see PGMR3PhysTlbGCPhys2Ptr).
6427 * @param pIemCpu The IEM per CPU data.
6428 * @param GCPhysMem The physical address.
6429 * @param fAccess The intended access.
6430 * @param ppvMem Where to return the mapping address.
6431 * @param pLock The PGM lock.
6432 */
6433IEM_STATIC int iemMemPageMap(PIEMCPU pIemCpu, RTGCPHYS GCPhysMem, uint32_t fAccess, void **ppvMem, PPGMPAGEMAPLOCK pLock)
6434{
6435#ifdef IEM_VERIFICATION_MODE_FULL
6436 /* Force the alternative path so we can ignore writes. */
6437 if ((fAccess & IEM_ACCESS_TYPE_WRITE) && !pIemCpu->fNoRem)
6438 {
6439 if (IEM_FULL_VERIFICATION_ENABLED(pIemCpu))
6440 {
6441 int rc2 = PGMPhysIemQueryAccess(IEMCPU_TO_VM(pIemCpu), GCPhysMem,
6442 RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE), pIemCpu->fBypassHandlers);
6443 if (RT_FAILURE(rc2))
6444 pIemCpu->fProblematicMemory = true;
6445 }
6446 return VERR_PGM_PHYS_TLB_CATCH_ALL;
6447 }
6448#endif
6449#ifdef IEM_LOG_MEMORY_WRITES
6450 if (fAccess & IEM_ACCESS_TYPE_WRITE)
6451 return VERR_PGM_PHYS_TLB_CATCH_ALL;
6452#endif
6453#ifdef IEM_VERIFICATION_MODE_MINIMAL
6454 return VERR_PGM_PHYS_TLB_CATCH_ALL;
6455#endif
6456
6457 /** @todo This API may require some improving later. A private deal with PGM
6458 * regarding locking and unlocking needs to be struct. A couple of TLBs
6459 * living in PGM, but with publicly accessible inlined access methods
6460 * could perhaps be an even better solution. */
6461 int rc = PGMPhysIemGCPhys2Ptr(IEMCPU_TO_VM(pIemCpu), IEMCPU_TO_VMCPU(pIemCpu),
6462 GCPhysMem,
6463 RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE),
6464 pIemCpu->fBypassHandlers,
6465 ppvMem,
6466 pLock);
6467 /*Log(("PGMPhysIemGCPhys2Ptr %Rrc pLock=%.*Rhxs\n", rc, sizeof(*pLock), pLock));*/
6468 AssertMsg(rc == VINF_SUCCESS || RT_FAILURE_NP(rc), ("%Rrc\n", rc));
6469
6470#ifdef IEM_VERIFICATION_MODE_FULL
6471 if (RT_FAILURE(rc) && IEM_FULL_VERIFICATION_ENABLED(pIemCpu))
6472 pIemCpu->fProblematicMemory = true;
6473#endif
6474 return rc;
6475}
6476
6477
6478/**
6479 * Unmap a page previously mapped by iemMemPageMap.
6480 *
6481 * @param pIemCpu The IEM per CPU data.
6482 * @param GCPhysMem The physical address.
6483 * @param fAccess The intended access.
6484 * @param pvMem What iemMemPageMap returned.
6485 * @param pLock The PGM lock.
6486 */
6487DECLINLINE(void) iemMemPageUnmap(PIEMCPU pIemCpu, RTGCPHYS GCPhysMem, uint32_t fAccess, const void *pvMem, PPGMPAGEMAPLOCK pLock)
6488{
6489 NOREF(pIemCpu);
6490 NOREF(GCPhysMem);
6491 NOREF(fAccess);
6492 NOREF(pvMem);
6493 PGMPhysReleasePageMappingLock(IEMCPU_TO_VM(pIemCpu), pLock);
6494}
6495
6496
6497/**
6498 * Looks up a memory mapping entry.
6499 *
6500 * @returns The mapping index (positive) or VERR_NOT_FOUND (negative).
6501 * @param pIemCpu The IEM per CPU data.
6502 * @param pvMem The memory address.
6503 * @param fAccess The access to.
6504 */
6505DECLINLINE(int) iemMapLookup(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess)
6506{
6507 Assert(pIemCpu->cActiveMappings < RT_ELEMENTS(pIemCpu->aMemMappings));
6508 fAccess &= IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK;
6509 if ( pIemCpu->aMemMappings[0].pv == pvMem
6510 && (pIemCpu->aMemMappings[0].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
6511 return 0;
6512 if ( pIemCpu->aMemMappings[1].pv == pvMem
6513 && (pIemCpu->aMemMappings[1].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
6514 return 1;
6515 if ( pIemCpu->aMemMappings[2].pv == pvMem
6516 && (pIemCpu->aMemMappings[2].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
6517 return 2;
6518 return VERR_NOT_FOUND;
6519}
6520
6521
6522/**
6523 * Finds a free memmap entry when using iNextMapping doesn't work.
6524 *
6525 * @returns Memory mapping index, 1024 on failure.
6526 * @param pIemCpu The IEM per CPU data.
6527 */
6528IEM_STATIC unsigned iemMemMapFindFree(PIEMCPU pIemCpu)
6529{
6530 /*
6531 * The easy case.
6532 */
6533 if (pIemCpu->cActiveMappings == 0)
6534 {
6535 pIemCpu->iNextMapping = 1;
6536 return 0;
6537 }
6538
6539 /* There should be enough mappings for all instructions. */
6540 AssertReturn(pIemCpu->cActiveMappings < RT_ELEMENTS(pIemCpu->aMemMappings), 1024);
6541
6542 for (unsigned i = 0; i < RT_ELEMENTS(pIemCpu->aMemMappings); i++)
6543 if (pIemCpu->aMemMappings[i].fAccess == IEM_ACCESS_INVALID)
6544 return i;
6545
6546 AssertFailedReturn(1024);
6547}
6548
6549
6550/**
6551 * Commits a bounce buffer that needs writing back and unmaps it.
6552 *
6553 * @returns Strict VBox status code.
6554 * @param pIemCpu The IEM per CPU data.
6555 * @param iMemMap The index of the buffer to commit.
6556 * @param fPostponeFail Whether we can postpone writer failures to ring-3.
6557 * Always false in ring-3, obviously.
6558 */
6559IEM_STATIC VBOXSTRICTRC iemMemBounceBufferCommitAndUnmap(PIEMCPU pIemCpu, unsigned iMemMap, bool fPostponeFail)
6560{
6561 Assert(pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED);
6562 Assert(pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE);
6563#ifdef IN_RING3
6564 Assert(!fPostponeFail);
6565#endif
6566
6567 /*
6568 * Do the writing.
6569 */
6570#ifndef IEM_VERIFICATION_MODE_MINIMAL
6571 PVM pVM = IEMCPU_TO_VM(pIemCpu);
6572 if ( !pIemCpu->aMemBbMappings[iMemMap].fUnassigned
6573 && !IEM_VERIFICATION_ENABLED(pIemCpu))
6574 {
6575 uint16_t const cbFirst = pIemCpu->aMemBbMappings[iMemMap].cbFirst;
6576 uint16_t const cbSecond = pIemCpu->aMemBbMappings[iMemMap].cbSecond;
6577 uint8_t const *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
6578 if (!pIemCpu->fBypassHandlers)
6579 {
6580 /*
6581 * Carefully and efficiently dealing with access handler return
6582 * codes make this a little bloated.
6583 */
6584 VBOXSTRICTRC rcStrict = PGMPhysWrite(pVM,
6585 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
6586 pbBuf,
6587 cbFirst,
6588 PGMACCESSORIGIN_IEM);
6589 if (rcStrict == VINF_SUCCESS)
6590 {
6591 if (cbSecond)
6592 {
6593 rcStrict = PGMPhysWrite(pVM,
6594 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
6595 pbBuf + cbFirst,
6596 cbSecond,
6597 PGMACCESSORIGIN_IEM);
6598 if (rcStrict == VINF_SUCCESS)
6599 { /* nothing */ }
6600 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
6601 {
6602 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc\n",
6603 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
6604 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
6605 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6606 }
6607# ifndef IN_RING3
6608 else if (fPostponeFail)
6609 {
6610 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (postponed)\n",
6611 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
6612 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
6613 pIemCpu->aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_2ND;
6614 VMCPU_FF_SET(IEMCPU_TO_VMCPU(pIemCpu), VMCPU_FF_IEM);
6615 return iemSetPassUpStatus(pIemCpu, rcStrict);
6616 }
6617# endif
6618 else
6619 {
6620 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
6621 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
6622 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
6623 return rcStrict;
6624 }
6625 }
6626 }
6627 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
6628 {
6629 if (!cbSecond)
6630 {
6631 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc\n",
6632 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict) ));
6633 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6634 }
6635 else
6636 {
6637 VBOXSTRICTRC rcStrict2 = PGMPhysWrite(pVM,
6638 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
6639 pbBuf + cbFirst,
6640 cbSecond,
6641 PGMACCESSORIGIN_IEM);
6642 if (rcStrict2 == VINF_SUCCESS)
6643 {
6644 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc GCPhysSecond=%RGp/%#x\n",
6645 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
6646 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond));
6647 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6648 }
6649 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict2))
6650 {
6651 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc GCPhysSecond=%RGp/%#x %Rrc\n",
6652 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
6653 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict2) ));
6654 PGM_PHYS_RW_DO_UPDATE_STRICT_RC(rcStrict, rcStrict2);
6655 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6656 }
6657# ifndef IN_RING3
6658 else if (fPostponeFail)
6659 {
6660 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (postponed)\n",
6661 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
6662 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
6663 pIemCpu->aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_2ND;
6664 VMCPU_FF_SET(IEMCPU_TO_VMCPU(pIemCpu), VMCPU_FF_IEM);
6665 return iemSetPassUpStatus(pIemCpu, rcStrict);
6666 }
6667# endif
6668 else
6669 {
6670 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
6671 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
6672 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict2) ));
6673 return rcStrict2;
6674 }
6675 }
6676 }
6677# ifndef IN_RING3
6678 else if (fPostponeFail)
6679 {
6680 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (postponed)\n",
6681 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
6682 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
6683 if (!cbSecond)
6684 pIemCpu->aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_1ST;
6685 else
6686 pIemCpu->aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_1ST | IEM_ACCESS_PENDING_R3_WRITE_2ND;
6687 VMCPU_FF_SET(IEMCPU_TO_VMCPU(pIemCpu), VMCPU_FF_IEM);
6688 return iemSetPassUpStatus(pIemCpu, rcStrict);
6689 }
6690# endif
6691 else
6692 {
6693 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc [GCPhysSecond=%RGp/%#x] (!!)\n",
6694 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
6695 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond));
6696 return rcStrict;
6697 }
6698 }
6699 else
6700 {
6701 /*
6702 * No access handlers, much simpler.
6703 */
6704 int rc = PGMPhysSimpleWriteGCPhys(pVM, pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, pbBuf, cbFirst);
6705 if (RT_SUCCESS(rc))
6706 {
6707 if (cbSecond)
6708 {
6709 rc = PGMPhysSimpleWriteGCPhys(pVM, pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, pbBuf + cbFirst, cbSecond);
6710 if (RT_SUCCESS(rc))
6711 { /* likely */ }
6712 else
6713 {
6714 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysSimpleWriteGCPhys GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
6715 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
6716 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, rc));
6717 return rc;
6718 }
6719 }
6720 }
6721 else
6722 {
6723 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysSimpleWriteGCPhys GCPhysFirst=%RGp/%#x %Rrc [GCPhysSecond=%RGp/%#x] (!!)\n",
6724 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, rc,
6725 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond));
6726 return rc;
6727 }
6728 }
6729 }
6730#endif
6731
6732#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
6733 /*
6734 * Record the write(s).
6735 */
6736 if (!pIemCpu->fNoRem)
6737 {
6738 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
6739 if (pEvtRec)
6740 {
6741 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_WRITE;
6742 pEvtRec->u.RamWrite.GCPhys = pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst;
6743 pEvtRec->u.RamWrite.cb = pIemCpu->aMemBbMappings[iMemMap].cbFirst;
6744 memcpy(pEvtRec->u.RamWrite.ab, &pIemCpu->aBounceBuffers[iMemMap].ab[0], pIemCpu->aMemBbMappings[iMemMap].cbFirst);
6745 AssertCompile(sizeof(pEvtRec->u.RamWrite.ab) == sizeof(pIemCpu->aBounceBuffers[0].ab));
6746 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
6747 *pIemCpu->ppIemEvtRecNext = pEvtRec;
6748 }
6749 if (pIemCpu->aMemBbMappings[iMemMap].cbSecond)
6750 {
6751 pEvtRec = iemVerifyAllocRecord(pIemCpu);
6752 if (pEvtRec)
6753 {
6754 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_WRITE;
6755 pEvtRec->u.RamWrite.GCPhys = pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond;
6756 pEvtRec->u.RamWrite.cb = pIemCpu->aMemBbMappings[iMemMap].cbSecond;
6757 memcpy(pEvtRec->u.RamWrite.ab,
6758 &pIemCpu->aBounceBuffers[iMemMap].ab[pIemCpu->aMemBbMappings[iMemMap].cbFirst],
6759 pIemCpu->aMemBbMappings[iMemMap].cbSecond);
6760 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
6761 *pIemCpu->ppIemEvtRecNext = pEvtRec;
6762 }
6763 }
6764 }
6765#endif
6766#if defined(IEM_VERIFICATION_MODE_MINIMAL) || defined(IEM_LOG_MEMORY_WRITES)
6767 Log(("IEM Wrote %RGp: %.*Rhxs\n", pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
6768 RT_MAX(RT_MIN(pIemCpu->aMemBbMappings[iMemMap].cbFirst, 64), 1), &pIemCpu->aBounceBuffers[iMemMap].ab[0]));
6769 if (pIemCpu->aMemBbMappings[iMemMap].cbSecond)
6770 Log(("IEM Wrote %RGp: %.*Rhxs [2nd page]\n", pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
6771 RT_MIN(pIemCpu->aMemBbMappings[iMemMap].cbSecond, 64),
6772 &pIemCpu->aBounceBuffers[iMemMap].ab[pIemCpu->aMemBbMappings[iMemMap].cbFirst]));
6773
6774 size_t cbWrote = pIemCpu->aMemBbMappings[iMemMap].cbFirst + pIemCpu->aMemBbMappings[iMemMap].cbSecond;
6775 g_cbIemWrote = cbWrote;
6776 memcpy(g_abIemWrote, &pIemCpu->aBounceBuffers[iMemMap].ab[0], RT_MIN(cbWrote, sizeof(g_abIemWrote)));
6777#endif
6778
6779 /*
6780 * Free the mapping entry.
6781 */
6782 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
6783 Assert(pIemCpu->cActiveMappings != 0);
6784 pIemCpu->cActiveMappings--;
6785 return VINF_SUCCESS;
6786}
6787
6788
6789/**
6790 * iemMemMap worker that deals with a request crossing pages.
6791 */
6792IEM_STATIC VBOXSTRICTRC
6793iemMemBounceBufferMapCrossPage(PIEMCPU pIemCpu, int iMemMap, void **ppvMem, size_t cbMem, RTGCPTR GCPtrFirst, uint32_t fAccess)
6794{
6795 /*
6796 * Do the address translations.
6797 */
6798 RTGCPHYS GCPhysFirst;
6799 VBOXSTRICTRC rcStrict = iemMemPageTranslateAndCheckAccess(pIemCpu, GCPtrFirst, fAccess, &GCPhysFirst);
6800 if (rcStrict != VINF_SUCCESS)
6801 return rcStrict;
6802
6803 RTGCPHYS GCPhysSecond;
6804 rcStrict = iemMemPageTranslateAndCheckAccess(pIemCpu, (GCPtrFirst + (cbMem - 1)) & ~(RTGCPTR)PAGE_OFFSET_MASK,
6805 fAccess, &GCPhysSecond);
6806 if (rcStrict != VINF_SUCCESS)
6807 return rcStrict;
6808 GCPhysSecond &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
6809
6810 PVM pVM = IEMCPU_TO_VM(pIemCpu);
6811#ifdef IEM_VERIFICATION_MODE_FULL
6812 /*
6813 * Detect problematic memory when verifying so we can select
6814 * the right execution engine. (TLB: Redo this.)
6815 */
6816 if (IEM_FULL_VERIFICATION_ENABLED(pIemCpu))
6817 {
6818 int rc2 = PGMPhysIemQueryAccess(pVM, GCPhysFirst, RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE), pIemCpu->fBypassHandlers);
6819 if (RT_SUCCESS(rc2))
6820 rc2 = PGMPhysIemQueryAccess(pVM, GCPhysSecond, RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE), pIemCpu->fBypassHandlers);
6821 if (RT_FAILURE(rc2))
6822 pIemCpu->fProblematicMemory = true;
6823 }
6824#endif
6825
6826
6827 /*
6828 * Read in the current memory content if it's a read, execute or partial
6829 * write access.
6830 */
6831 uint8_t *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
6832 uint32_t const cbFirstPage = PAGE_SIZE - (GCPhysFirst & PAGE_OFFSET_MASK);
6833 uint32_t const cbSecondPage = (uint32_t)(cbMem - cbFirstPage);
6834
6835 if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
6836 {
6837 if (!pIemCpu->fBypassHandlers)
6838 {
6839 /*
6840 * Must carefully deal with access handler status codes here,
6841 * makes the code a bit bloated.
6842 */
6843 rcStrict = PGMPhysRead(pVM, GCPhysFirst, pbBuf, cbFirstPage, PGMACCESSORIGIN_IEM);
6844 if (rcStrict == VINF_SUCCESS)
6845 {
6846 rcStrict = PGMPhysRead(pVM, GCPhysSecond, pbBuf + cbFirstPage, cbSecondPage, PGMACCESSORIGIN_IEM);
6847 if (rcStrict == VINF_SUCCESS)
6848 { /*likely */ }
6849 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
6850 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6851 else
6852 {
6853 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysSecond=%RGp rcStrict2=%Rrc (!!)\n",
6854 GCPhysSecond, VBOXSTRICTRC_VAL(rcStrict) ));
6855 return rcStrict;
6856 }
6857 }
6858 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
6859 {
6860 VBOXSTRICTRC rcStrict2 = PGMPhysRead(pVM, GCPhysSecond, pbBuf + cbFirstPage, cbSecondPage, PGMACCESSORIGIN_IEM);
6861 if (PGM_PHYS_RW_IS_SUCCESS(rcStrict2))
6862 {
6863 PGM_PHYS_RW_DO_UPDATE_STRICT_RC(rcStrict, rcStrict2);
6864 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6865 }
6866 else
6867 {
6868 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysSecond=%RGp rcStrict2=%Rrc (rcStrict=%Rrc) (!!)\n",
6869 GCPhysSecond, VBOXSTRICTRC_VAL(rcStrict2), VBOXSTRICTRC_VAL(rcStrict2) ));
6870 return rcStrict2;
6871 }
6872 }
6873 else
6874 {
6875 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysFirst=%RGp rcStrict=%Rrc (!!)\n",
6876 GCPhysFirst, VBOXSTRICTRC_VAL(rcStrict) ));
6877 return rcStrict;
6878 }
6879 }
6880 else
6881 {
6882 /*
6883 * No informational status codes here, much more straight forward.
6884 */
6885 int rc = PGMPhysSimpleReadGCPhys(pVM, pbBuf, GCPhysFirst, cbFirstPage);
6886 if (RT_SUCCESS(rc))
6887 {
6888 Assert(rc == VINF_SUCCESS);
6889 rc = PGMPhysSimpleReadGCPhys(pVM, pbBuf + cbFirstPage, GCPhysSecond, cbSecondPage);
6890 if (RT_SUCCESS(rc))
6891 Assert(rc == VINF_SUCCESS);
6892 else
6893 {
6894 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysSecond=%RGp rc=%Rrc (!!)\n", GCPhysSecond, rc));
6895 return rc;
6896 }
6897 }
6898 else
6899 {
6900 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysFirst=%RGp rc=%Rrc (!!)\n", GCPhysFirst, rc));
6901 return rc;
6902 }
6903 }
6904
6905#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
6906 if ( !pIemCpu->fNoRem
6907 && (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC)) )
6908 {
6909 /*
6910 * Record the reads.
6911 */
6912 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
6913 if (pEvtRec)
6914 {
6915 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
6916 pEvtRec->u.RamRead.GCPhys = GCPhysFirst;
6917 pEvtRec->u.RamRead.cb = cbFirstPage;
6918 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
6919 *pIemCpu->ppIemEvtRecNext = pEvtRec;
6920 }
6921 pEvtRec = iemVerifyAllocRecord(pIemCpu);
6922 if (pEvtRec)
6923 {
6924 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
6925 pEvtRec->u.RamRead.GCPhys = GCPhysSecond;
6926 pEvtRec->u.RamRead.cb = cbSecondPage;
6927 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
6928 *pIemCpu->ppIemEvtRecNext = pEvtRec;
6929 }
6930 }
6931#endif
6932 }
6933#ifdef VBOX_STRICT
6934 else
6935 memset(pbBuf, 0xcc, cbMem);
6936 if (cbMem < sizeof(pIemCpu->aBounceBuffers[iMemMap].ab))
6937 memset(pbBuf + cbMem, 0xaa, sizeof(pIemCpu->aBounceBuffers[iMemMap].ab) - cbMem);
6938#endif
6939
6940 /*
6941 * Commit the bounce buffer entry.
6942 */
6943 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst = GCPhysFirst;
6944 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond = GCPhysSecond;
6945 pIemCpu->aMemBbMappings[iMemMap].cbFirst = (uint16_t)cbFirstPage;
6946 pIemCpu->aMemBbMappings[iMemMap].cbSecond = (uint16_t)cbSecondPage;
6947 pIemCpu->aMemBbMappings[iMemMap].fUnassigned = false;
6948 pIemCpu->aMemMappings[iMemMap].pv = pbBuf;
6949 pIemCpu->aMemMappings[iMemMap].fAccess = fAccess | IEM_ACCESS_BOUNCE_BUFFERED;
6950 pIemCpu->iNextMapping = iMemMap + 1;
6951 pIemCpu->cActiveMappings++;
6952
6953 iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
6954 *ppvMem = pbBuf;
6955 return VINF_SUCCESS;
6956}
6957
6958
6959/**
6960 * iemMemMap woker that deals with iemMemPageMap failures.
6961 */
6962IEM_STATIC VBOXSTRICTRC iemMemBounceBufferMapPhys(PIEMCPU pIemCpu, unsigned iMemMap, void **ppvMem, size_t cbMem,
6963 RTGCPHYS GCPhysFirst, uint32_t fAccess, VBOXSTRICTRC rcMap)
6964{
6965 /*
6966 * Filter out conditions we can handle and the ones which shouldn't happen.
6967 */
6968 if ( rcMap != VERR_PGM_PHYS_TLB_CATCH_WRITE
6969 && rcMap != VERR_PGM_PHYS_TLB_CATCH_ALL
6970 && rcMap != VERR_PGM_PHYS_TLB_UNASSIGNED)
6971 {
6972 AssertReturn(RT_FAILURE_NP(rcMap), VERR_IEM_IPE_8);
6973 return rcMap;
6974 }
6975 pIemCpu->cPotentialExits++;
6976
6977 /*
6978 * Read in the current memory content if it's a read, execute or partial
6979 * write access.
6980 */
6981 uint8_t *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
6982 if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
6983 {
6984 if (rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED)
6985 memset(pbBuf, 0xff, cbMem);
6986 else
6987 {
6988 int rc;
6989 if (!pIemCpu->fBypassHandlers)
6990 {
6991 VBOXSTRICTRC rcStrict = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhysFirst, pbBuf, cbMem, PGMACCESSORIGIN_IEM);
6992 if (rcStrict == VINF_SUCCESS)
6993 { /* nothing */ }
6994 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
6995 rcStrict = iemSetPassUpStatus(pIemCpu, rcStrict);
6996 else
6997 {
6998 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysFirst=%RGp rcStrict=%Rrc (!!)\n",
6999 GCPhysFirst, VBOXSTRICTRC_VAL(rcStrict) ));
7000 return rcStrict;
7001 }
7002 }
7003 else
7004 {
7005 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), pbBuf, GCPhysFirst, cbMem);
7006 if (RT_SUCCESS(rc))
7007 { /* likely */ }
7008 else
7009 {
7010 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysFirst=%RGp rcStrict=%Rrc (!!)\n",
7011 GCPhysFirst, rc));
7012 return rc;
7013 }
7014 }
7015 }
7016
7017#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
7018 if ( !pIemCpu->fNoRem
7019 && (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC)) )
7020 {
7021 /*
7022 * Record the read.
7023 */
7024 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7025 if (pEvtRec)
7026 {
7027 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
7028 pEvtRec->u.RamRead.GCPhys = GCPhysFirst;
7029 pEvtRec->u.RamRead.cb = (uint32_t)cbMem;
7030 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
7031 *pIemCpu->ppIemEvtRecNext = pEvtRec;
7032 }
7033 }
7034#endif
7035 }
7036#ifdef VBOX_STRICT
7037 else
7038 memset(pbBuf, 0xcc, cbMem);
7039#endif
7040#ifdef VBOX_STRICT
7041 if (cbMem < sizeof(pIemCpu->aBounceBuffers[iMemMap].ab))
7042 memset(pbBuf + cbMem, 0xaa, sizeof(pIemCpu->aBounceBuffers[iMemMap].ab) - cbMem);
7043#endif
7044
7045 /*
7046 * Commit the bounce buffer entry.
7047 */
7048 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst = GCPhysFirst;
7049 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond = NIL_RTGCPHYS;
7050 pIemCpu->aMemBbMappings[iMemMap].cbFirst = (uint16_t)cbMem;
7051 pIemCpu->aMemBbMappings[iMemMap].cbSecond = 0;
7052 pIemCpu->aMemBbMappings[iMemMap].fUnassigned = rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED;
7053 pIemCpu->aMemMappings[iMemMap].pv = pbBuf;
7054 pIemCpu->aMemMappings[iMemMap].fAccess = fAccess | IEM_ACCESS_BOUNCE_BUFFERED;
7055 pIemCpu->iNextMapping = iMemMap + 1;
7056 pIemCpu->cActiveMappings++;
7057
7058 iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
7059 *ppvMem = pbBuf;
7060 return VINF_SUCCESS;
7061}
7062
7063
7064
7065/**
7066 * Maps the specified guest memory for the given kind of access.
7067 *
7068 * This may be using bounce buffering of the memory if it's crossing a page
7069 * boundary or if there is an access handler installed for any of it. Because
7070 * of lock prefix guarantees, we're in for some extra clutter when this
7071 * happens.
7072 *
7073 * This may raise a \#GP, \#SS, \#PF or \#AC.
7074 *
7075 * @returns VBox strict status code.
7076 *
7077 * @param pIemCpu The IEM per CPU data.
7078 * @param ppvMem Where to return the pointer to the mapped
7079 * memory.
7080 * @param cbMem The number of bytes to map. This is usually 1,
7081 * 2, 4, 6, 8, 12, 16, 32 or 512. When used by
7082 * string operations it can be up to a page.
7083 * @param iSegReg The index of the segment register to use for
7084 * this access. The base and limits are checked.
7085 * Use UINT8_MAX to indicate that no segmentation
7086 * is required (for IDT, GDT and LDT accesses).
7087 * @param GCPtrMem The address of the guest memory.
7088 * @param fAccess How the memory is being accessed. The
7089 * IEM_ACCESS_TYPE_XXX bit is used to figure out
7090 * how to map the memory, while the
7091 * IEM_ACCESS_WHAT_XXX bit is used when raising
7092 * exceptions.
7093 */
7094IEM_STATIC VBOXSTRICTRC
7095iemMemMap(PIEMCPU pIemCpu, void **ppvMem, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess)
7096{
7097 /*
7098 * Check the input and figure out which mapping entry to use.
7099 */
7100 Assert(cbMem <= 64 || cbMem == 512 || cbMem == 108 || cbMem == 104 || cbMem == 94); /* 512 is the max! */
7101 Assert(~(fAccess & ~(IEM_ACCESS_TYPE_MASK | IEM_ACCESS_WHAT_MASK)));
7102 Assert(pIemCpu->cActiveMappings < RT_ELEMENTS(pIemCpu->aMemMappings));
7103
7104 unsigned iMemMap = pIemCpu->iNextMapping;
7105 if ( iMemMap >= RT_ELEMENTS(pIemCpu->aMemMappings)
7106 || pIemCpu->aMemMappings[iMemMap].fAccess != IEM_ACCESS_INVALID)
7107 {
7108 iMemMap = iemMemMapFindFree(pIemCpu);
7109 AssertLogRelMsgReturn(iMemMap < RT_ELEMENTS(pIemCpu->aMemMappings),
7110 ("active=%d fAccess[0] = {%#x, %#x, %#x}\n", pIemCpu->cActiveMappings,
7111 pIemCpu->aMemMappings[0].fAccess, pIemCpu->aMemMappings[1].fAccess,
7112 pIemCpu->aMemMappings[2].fAccess),
7113 VERR_IEM_IPE_9);
7114 }
7115
7116 /*
7117 * Map the memory, checking that we can actually access it. If something
7118 * slightly complicated happens, fall back on bounce buffering.
7119 */
7120 VBOXSTRICTRC rcStrict = iemMemApplySegment(pIemCpu, fAccess, iSegReg, cbMem, &GCPtrMem);
7121 if (rcStrict != VINF_SUCCESS)
7122 return rcStrict;
7123
7124 if ((GCPtrMem & PAGE_OFFSET_MASK) + cbMem > PAGE_SIZE) /* Crossing a page boundary? */
7125 return iemMemBounceBufferMapCrossPage(pIemCpu, iMemMap, ppvMem, cbMem, GCPtrMem, fAccess);
7126
7127 RTGCPHYS GCPhysFirst;
7128 rcStrict = iemMemPageTranslateAndCheckAccess(pIemCpu, GCPtrMem, fAccess, &GCPhysFirst);
7129 if (rcStrict != VINF_SUCCESS)
7130 return rcStrict;
7131
7132 if (fAccess & IEM_ACCESS_TYPE_WRITE)
7133 Log8(("IEM WR %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
7134 if (fAccess & IEM_ACCESS_TYPE_READ)
7135 Log9(("IEM RD %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
7136
7137 void *pvMem;
7138 rcStrict = iemMemPageMap(pIemCpu, GCPhysFirst, fAccess, &pvMem, &pIemCpu->aMemMappingLocks[iMemMap].Lock);
7139 if (rcStrict != VINF_SUCCESS)
7140 return iemMemBounceBufferMapPhys(pIemCpu, iMemMap, ppvMem, cbMem, GCPhysFirst, fAccess, rcStrict);
7141
7142 /*
7143 * Fill in the mapping table entry.
7144 */
7145 pIemCpu->aMemMappings[iMemMap].pv = pvMem;
7146 pIemCpu->aMemMappings[iMemMap].fAccess = fAccess;
7147 pIemCpu->iNextMapping = iMemMap + 1;
7148 pIemCpu->cActiveMappings++;
7149
7150 iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
7151 *ppvMem = pvMem;
7152 return VINF_SUCCESS;
7153}
7154
7155
7156/**
7157 * Commits the guest memory if bounce buffered and unmaps it.
7158 *
7159 * @returns Strict VBox status code.
7160 * @param pIemCpu The IEM per CPU data.
7161 * @param pvMem The mapping.
7162 * @param fAccess The kind of access.
7163 */
7164IEM_STATIC VBOXSTRICTRC iemMemCommitAndUnmap(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess)
7165{
7166 int iMemMap = iemMapLookup(pIemCpu, pvMem, fAccess);
7167 AssertReturn(iMemMap >= 0, iMemMap);
7168
7169 /* If it's bounce buffered, we may need to write back the buffer. */
7170 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED)
7171 {
7172 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE)
7173 return iemMemBounceBufferCommitAndUnmap(pIemCpu, iMemMap, false /*fPostponeFail*/);
7174 }
7175 /* Otherwise unlock it. */
7176 else
7177 PGMPhysReleasePageMappingLock(IEMCPU_TO_VM(pIemCpu), &pIemCpu->aMemMappingLocks[iMemMap].Lock);
7178
7179 /* Free the entry. */
7180 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
7181 Assert(pIemCpu->cActiveMappings != 0);
7182 pIemCpu->cActiveMappings--;
7183 return VINF_SUCCESS;
7184}
7185
7186
7187#ifndef IN_RING3
7188/**
7189 * Commits the guest memory if bounce buffered and unmaps it, if any bounce
7190 * buffer part shows trouble it will be postponed to ring-3 (sets FF and stuff).
7191 *
7192 * Allows the instruction to be completed and retired, while the IEM user will
7193 * return to ring-3 immediately afterwards and do the postponed writes there.
7194 *
7195 * @returns VBox status code (no strict statuses). Caller must check
7196 * VMCPU_FF_IEM before repeating string instructions and similar stuff.
7197 * @param pIemCpu The IEM per CPU data.
7198 * @param pvMem The mapping.
7199 * @param fAccess The kind of access.
7200 */
7201IEM_STATIC VBOXSTRICTRC iemMemCommitAndUnmapPostponeTroubleToR3(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess)
7202{
7203 int iMemMap = iemMapLookup(pIemCpu, pvMem, fAccess);
7204 AssertReturn(iMemMap >= 0, iMemMap);
7205
7206 /* If it's bounce buffered, we may need to write back the buffer. */
7207 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED)
7208 {
7209 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE)
7210 return iemMemBounceBufferCommitAndUnmap(pIemCpu, iMemMap, true /*fPostponeFail*/);
7211 }
7212 /* Otherwise unlock it. */
7213 else
7214 PGMPhysReleasePageMappingLock(IEMCPU_TO_VM(pIemCpu), &pIemCpu->aMemMappingLocks[iMemMap].Lock);
7215
7216 /* Free the entry. */
7217 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
7218 Assert(pIemCpu->cActiveMappings != 0);
7219 pIemCpu->cActiveMappings--;
7220 return VINF_SUCCESS;
7221}
7222#endif
7223
7224
7225/**
7226 * Rollbacks mappings, releasing page locks and such.
7227 *
7228 * The caller shall only call this after checking cActiveMappings.
7229 *
7230 * @returns Strict VBox status code to pass up.
7231 * @param pIemCpu The IEM per CPU data.
7232 */
7233IEM_STATIC void iemMemRollback(PIEMCPU pIemCpu)
7234{
7235 Assert(pIemCpu->cActiveMappings > 0);
7236
7237 uint32_t iMemMap = RT_ELEMENTS(pIemCpu->aMemMappings);
7238 while (iMemMap-- > 0)
7239 {
7240 uint32_t fAccess = pIemCpu->aMemMappings[iMemMap].fAccess;
7241 if (fAccess != IEM_ACCESS_INVALID)
7242 {
7243 AssertMsg(!(fAccess & ~IEM_ACCESS_VALID_MASK) && fAccess != 0, ("%#x\n", fAccess));
7244 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
7245 if (!(fAccess & IEM_ACCESS_BOUNCE_BUFFERED))
7246 PGMPhysReleasePageMappingLock(IEMCPU_TO_VM(pIemCpu), &pIemCpu->aMemMappingLocks[iMemMap].Lock);
7247 Assert(pIemCpu->cActiveMappings > 0);
7248 pIemCpu->cActiveMappings--;
7249 }
7250 }
7251}
7252
7253
7254/**
7255 * Fetches a data byte.
7256 *
7257 * @returns Strict VBox status code.
7258 * @param pIemCpu The IEM per CPU data.
7259 * @param pu8Dst Where to return the byte.
7260 * @param iSegReg The index of the segment register to use for
7261 * this access. The base and limits are checked.
7262 * @param GCPtrMem The address of the guest memory.
7263 */
7264IEM_STATIC VBOXSTRICTRC iemMemFetchDataU8(PIEMCPU pIemCpu, uint8_t *pu8Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7265{
7266 /* The lazy approach for now... */
7267 uint8_t const *pu8Src;
7268 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu8Src, sizeof(*pu8Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7269 if (rc == VINF_SUCCESS)
7270 {
7271 *pu8Dst = *pu8Src;
7272 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu8Src, IEM_ACCESS_DATA_R);
7273 }
7274 return rc;
7275}
7276
7277
7278/**
7279 * Fetches a data word.
7280 *
7281 * @returns Strict VBox status code.
7282 * @param pIemCpu The IEM per CPU data.
7283 * @param pu16Dst Where to return the word.
7284 * @param iSegReg The index of the segment register to use for
7285 * this access. The base and limits are checked.
7286 * @param GCPtrMem The address of the guest memory.
7287 */
7288IEM_STATIC VBOXSTRICTRC iemMemFetchDataU16(PIEMCPU pIemCpu, uint16_t *pu16Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7289{
7290 /* The lazy approach for now... */
7291 uint16_t const *pu16Src;
7292 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7293 if (rc == VINF_SUCCESS)
7294 {
7295 *pu16Dst = *pu16Src;
7296 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_DATA_R);
7297 }
7298 return rc;
7299}
7300
7301
7302/**
7303 * Fetches a data dword.
7304 *
7305 * @returns Strict VBox status code.
7306 * @param pIemCpu The IEM per CPU data.
7307 * @param pu32Dst Where to return the dword.
7308 * @param iSegReg The index of the segment register to use for
7309 * this access. The base and limits are checked.
7310 * @param GCPtrMem The address of the guest memory.
7311 */
7312IEM_STATIC VBOXSTRICTRC iemMemFetchDataU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7313{
7314 /* The lazy approach for now... */
7315 uint32_t const *pu32Src;
7316 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7317 if (rc == VINF_SUCCESS)
7318 {
7319 *pu32Dst = *pu32Src;
7320 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_DATA_R);
7321 }
7322 return rc;
7323}
7324
7325
7326#ifdef SOME_UNUSED_FUNCTION
7327/**
7328 * Fetches a data dword and sign extends it to a qword.
7329 *
7330 * @returns Strict VBox status code.
7331 * @param pIemCpu The IEM per CPU data.
7332 * @param pu64Dst Where to return the sign extended value.
7333 * @param iSegReg The index of the segment register to use for
7334 * this access. The base and limits are checked.
7335 * @param GCPtrMem The address of the guest memory.
7336 */
7337IEM_STATIC VBOXSTRICTRC iemMemFetchDataS32SxU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7338{
7339 /* The lazy approach for now... */
7340 int32_t const *pi32Src;
7341 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pi32Src, sizeof(*pi32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7342 if (rc == VINF_SUCCESS)
7343 {
7344 *pu64Dst = *pi32Src;
7345 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pi32Src, IEM_ACCESS_DATA_R);
7346 }
7347#ifdef __GNUC__ /* warning: GCC may be a royal pain */
7348 else
7349 *pu64Dst = 0;
7350#endif
7351 return rc;
7352}
7353#endif
7354
7355
7356/**
7357 * Fetches a data qword.
7358 *
7359 * @returns Strict VBox status code.
7360 * @param pIemCpu The IEM per CPU data.
7361 * @param pu64Dst Where to return the qword.
7362 * @param iSegReg The index of the segment register to use for
7363 * this access. The base and limits are checked.
7364 * @param GCPtrMem The address of the guest memory.
7365 */
7366IEM_STATIC VBOXSTRICTRC iemMemFetchDataU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7367{
7368 /* The lazy approach for now... */
7369 uint64_t const *pu64Src;
7370 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7371 if (rc == VINF_SUCCESS)
7372 {
7373 *pu64Dst = *pu64Src;
7374 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
7375 }
7376 return rc;
7377}
7378
7379
7380/**
7381 * Fetches a data qword, aligned at a 16 byte boundrary (for SSE).
7382 *
7383 * @returns Strict VBox status code.
7384 * @param pIemCpu The IEM per CPU data.
7385 * @param pu64Dst Where to return the qword.
7386 * @param iSegReg The index of the segment register to use for
7387 * this access. The base and limits are checked.
7388 * @param GCPtrMem The address of the guest memory.
7389 */
7390IEM_STATIC VBOXSTRICTRC iemMemFetchDataU64AlignedU128(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7391{
7392 /* The lazy approach for now... */
7393 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on SSE stuff. */
7394 if (RT_UNLIKELY(GCPtrMem & 15))
7395 return iemRaiseGeneralProtectionFault0(pIemCpu);
7396
7397 uint64_t const *pu64Src;
7398 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7399 if (rc == VINF_SUCCESS)
7400 {
7401 *pu64Dst = *pu64Src;
7402 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
7403 }
7404 return rc;
7405}
7406
7407
7408/**
7409 * Fetches a data tword.
7410 *
7411 * @returns Strict VBox status code.
7412 * @param pIemCpu The IEM per CPU data.
7413 * @param pr80Dst Where to return the tword.
7414 * @param iSegReg The index of the segment register to use for
7415 * this access. The base and limits are checked.
7416 * @param GCPtrMem The address of the guest memory.
7417 */
7418IEM_STATIC VBOXSTRICTRC iemMemFetchDataR80(PIEMCPU pIemCpu, PRTFLOAT80U pr80Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7419{
7420 /* The lazy approach for now... */
7421 PCRTFLOAT80U pr80Src;
7422 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pr80Src, sizeof(*pr80Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7423 if (rc == VINF_SUCCESS)
7424 {
7425 *pr80Dst = *pr80Src;
7426 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pr80Src, IEM_ACCESS_DATA_R);
7427 }
7428 return rc;
7429}
7430
7431
7432/**
7433 * Fetches a data dqword (double qword), generally SSE related.
7434 *
7435 * @returns Strict VBox status code.
7436 * @param pIemCpu The IEM per CPU data.
7437 * @param pu128Dst Where to return the qword.
7438 * @param iSegReg The index of the segment register to use for
7439 * this access. The base and limits are checked.
7440 * @param GCPtrMem The address of the guest memory.
7441 */
7442IEM_STATIC VBOXSTRICTRC iemMemFetchDataU128(PIEMCPU pIemCpu, uint128_t *pu128Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7443{
7444 /* The lazy approach for now... */
7445 uint128_t const *pu128Src;
7446 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu128Src, sizeof(*pu128Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7447 if (rc == VINF_SUCCESS)
7448 {
7449 *pu128Dst = *pu128Src;
7450 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu128Src, IEM_ACCESS_DATA_R);
7451 }
7452 return rc;
7453}
7454
7455
7456/**
7457 * Fetches a data dqword (double qword) at an aligned address, generally SSE
7458 * related.
7459 *
7460 * Raises \#GP(0) if not aligned.
7461 *
7462 * @returns Strict VBox status code.
7463 * @param pIemCpu The IEM per CPU data.
7464 * @param pu128Dst Where to return the qword.
7465 * @param iSegReg The index of the segment register to use for
7466 * this access. The base and limits are checked.
7467 * @param GCPtrMem The address of the guest memory.
7468 */
7469IEM_STATIC VBOXSTRICTRC iemMemFetchDataU128AlignedSse(PIEMCPU pIemCpu, uint128_t *pu128Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
7470{
7471 /* The lazy approach for now... */
7472 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on SSE stuff. */
7473 if ( (GCPtrMem & 15)
7474 && !(pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.MXCSR & X86_MXSCR_MM)) /** @todo should probably check this *after* applying seg.u64Base... Check real HW. */
7475 return iemRaiseGeneralProtectionFault0(pIemCpu);
7476
7477 uint128_t const *pu128Src;
7478 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu128Src, sizeof(*pu128Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
7479 if (rc == VINF_SUCCESS)
7480 {
7481 *pu128Dst = *pu128Src;
7482 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu128Src, IEM_ACCESS_DATA_R);
7483 }
7484 return rc;
7485}
7486
7487
7488
7489
7490/**
7491 * Fetches a descriptor register (lgdt, lidt).
7492 *
7493 * @returns Strict VBox status code.
7494 * @param pIemCpu The IEM per CPU data.
7495 * @param pcbLimit Where to return the limit.
7496 * @param pGCPtrBase Where to return the base.
7497 * @param iSegReg The index of the segment register to use for
7498 * this access. The base and limits are checked.
7499 * @param GCPtrMem The address of the guest memory.
7500 * @param enmOpSize The effective operand size.
7501 */
7502IEM_STATIC VBOXSTRICTRC iemMemFetchDataXdtr(PIEMCPU pIemCpu, uint16_t *pcbLimit, PRTGCPTR pGCPtrBase, uint8_t iSegReg,
7503 RTGCPTR GCPtrMem, IEMMODE enmOpSize)
7504{
7505 /*
7506 * Just like SIDT and SGDT, the LIDT and LGDT instructions are a
7507 * little special:
7508 * - The two reads are done separately.
7509 * - Operand size override works in 16-bit and 32-bit code, but 64-bit.
7510 * - We suspect the 386 to actually commit the limit before the base in
7511 * some cases (search for 386 in bs3CpuBasic2_lidt_lgdt_One). We
7512 * don't try emulate this eccentric behavior, because it's not well
7513 * enough understood and rather hard to trigger.
7514 * - The 486 seems to do a dword limit read when the operand size is 32-bit.
7515 */
7516 VBOXSTRICTRC rcStrict;
7517 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
7518 {
7519 rcStrict = iemMemFetchDataU16(pIemCpu, pcbLimit, iSegReg, GCPtrMem);
7520 if (rcStrict == VINF_SUCCESS)
7521 rcStrict = iemMemFetchDataU64(pIemCpu, pGCPtrBase, iSegReg, GCPtrMem + 2);
7522 }
7523 else
7524 {
7525 uint32_t uTmp;
7526 if (enmOpSize == IEMMODE_32BIT)
7527 {
7528 if (IEM_GET_TARGET_CPU(pIemCpu) != IEMTARGETCPU_486)
7529 {
7530 rcStrict = iemMemFetchDataU16(pIemCpu, pcbLimit, iSegReg, GCPtrMem);
7531 if (rcStrict == VINF_SUCCESS)
7532 rcStrict = iemMemFetchDataU32(pIemCpu, &uTmp, iSegReg, GCPtrMem + 2);
7533 }
7534 else
7535 {
7536 rcStrict = iemMemFetchDataU32(pIemCpu, &uTmp, iSegReg, GCPtrMem);
7537 if (rcStrict == VINF_SUCCESS)
7538 {
7539 *pcbLimit = (uint16_t)uTmp;
7540 rcStrict = iemMemFetchDataU32(pIemCpu, &uTmp, iSegReg, GCPtrMem + 2);
7541 }
7542 }
7543 if (rcStrict == VINF_SUCCESS)
7544 *pGCPtrBase = uTmp;
7545 }
7546 else
7547 {
7548 rcStrict = iemMemFetchDataU16(pIemCpu, pcbLimit, iSegReg, GCPtrMem);
7549 if (rcStrict == VINF_SUCCESS)
7550 {
7551 rcStrict = iemMemFetchDataU32(pIemCpu, &uTmp, iSegReg, GCPtrMem + 2);
7552 if (rcStrict == VINF_SUCCESS)
7553 *pGCPtrBase = uTmp & UINT32_C(0x00ffffff);
7554 }
7555 }
7556 }
7557 return rcStrict;
7558}
7559
7560
7561
7562/**
7563 * Stores a data byte.
7564 *
7565 * @returns Strict VBox status code.
7566 * @param pIemCpu The IEM per CPU data.
7567 * @param iSegReg The index of the segment register to use for
7568 * this access. The base and limits are checked.
7569 * @param GCPtrMem The address of the guest memory.
7570 * @param u8Value The value to store.
7571 */
7572IEM_STATIC VBOXSTRICTRC iemMemStoreDataU8(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint8_t u8Value)
7573{
7574 /* The lazy approach for now... */
7575 uint8_t *pu8Dst;
7576 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu8Dst, sizeof(*pu8Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
7577 if (rc == VINF_SUCCESS)
7578 {
7579 *pu8Dst = u8Value;
7580 rc = iemMemCommitAndUnmap(pIemCpu, pu8Dst, IEM_ACCESS_DATA_W);
7581 }
7582 return rc;
7583}
7584
7585
7586/**
7587 * Stores a data word.
7588 *
7589 * @returns Strict VBox status code.
7590 * @param pIemCpu The IEM per CPU data.
7591 * @param iSegReg The index of the segment register to use for
7592 * this access. The base and limits are checked.
7593 * @param GCPtrMem The address of the guest memory.
7594 * @param u16Value The value to store.
7595 */
7596IEM_STATIC VBOXSTRICTRC iemMemStoreDataU16(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint16_t u16Value)
7597{
7598 /* The lazy approach for now... */
7599 uint16_t *pu16Dst;
7600 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(*pu16Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
7601 if (rc == VINF_SUCCESS)
7602 {
7603 *pu16Dst = u16Value;
7604 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_DATA_W);
7605 }
7606 return rc;
7607}
7608
7609
7610/**
7611 * Stores a data dword.
7612 *
7613 * @returns Strict VBox status code.
7614 * @param pIemCpu The IEM per CPU data.
7615 * @param iSegReg The index of the segment register to use for
7616 * this access. The base and limits are checked.
7617 * @param GCPtrMem The address of the guest memory.
7618 * @param u32Value The value to store.
7619 */
7620IEM_STATIC VBOXSTRICTRC iemMemStoreDataU32(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t u32Value)
7621{
7622 /* The lazy approach for now... */
7623 uint32_t *pu32Dst;
7624 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
7625 if (rc == VINF_SUCCESS)
7626 {
7627 *pu32Dst = u32Value;
7628 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_DATA_W);
7629 }
7630 return rc;
7631}
7632
7633
7634/**
7635 * Stores a data qword.
7636 *
7637 * @returns Strict VBox status code.
7638 * @param pIemCpu The IEM per CPU data.
7639 * @param iSegReg The index of the segment register to use for
7640 * this access. The base and limits are checked.
7641 * @param GCPtrMem The address of the guest memory.
7642 * @param u64Value The value to store.
7643 */
7644IEM_STATIC VBOXSTRICTRC iemMemStoreDataU64(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint64_t u64Value)
7645{
7646 /* The lazy approach for now... */
7647 uint64_t *pu64Dst;
7648 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Dst, sizeof(*pu64Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
7649 if (rc == VINF_SUCCESS)
7650 {
7651 *pu64Dst = u64Value;
7652 rc = iemMemCommitAndUnmap(pIemCpu, pu64Dst, IEM_ACCESS_DATA_W);
7653 }
7654 return rc;
7655}
7656
7657
7658/**
7659 * Stores a data dqword.
7660 *
7661 * @returns Strict VBox status code.
7662 * @param pIemCpu The IEM per CPU data.
7663 * @param iSegReg The index of the segment register to use for
7664 * this access. The base and limits are checked.
7665 * @param GCPtrMem The address of the guest memory.
7666 * @param u128Value The value to store.
7667 */
7668IEM_STATIC VBOXSTRICTRC iemMemStoreDataU128(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint128_t u128Value)
7669{
7670 /* The lazy approach for now... */
7671 uint128_t *pu128Dst;
7672 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu128Dst, sizeof(*pu128Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
7673 if (rc == VINF_SUCCESS)
7674 {
7675 *pu128Dst = u128Value;
7676 rc = iemMemCommitAndUnmap(pIemCpu, pu128Dst, IEM_ACCESS_DATA_W);
7677 }
7678 return rc;
7679}
7680
7681
7682/**
7683 * Stores a data dqword, SSE aligned.
7684 *
7685 * @returns Strict VBox status code.
7686 * @param pIemCpu The IEM per CPU data.
7687 * @param iSegReg The index of the segment register to use for
7688 * this access. The base and limits are checked.
7689 * @param GCPtrMem The address of the guest memory.
7690 * @param u128Value The value to store.
7691 */
7692IEM_STATIC VBOXSTRICTRC iemMemStoreDataU128AlignedSse(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint128_t u128Value)
7693{
7694 /* The lazy approach for now... */
7695 if ( (GCPtrMem & 15)
7696 && !(pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.MXCSR & X86_MXSCR_MM)) /** @todo should probably check this *after* applying seg.u64Base... Check real HW. */
7697 return iemRaiseGeneralProtectionFault0(pIemCpu);
7698
7699 uint128_t *pu128Dst;
7700 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu128Dst, sizeof(*pu128Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
7701 if (rc == VINF_SUCCESS)
7702 {
7703 *pu128Dst = u128Value;
7704 rc = iemMemCommitAndUnmap(pIemCpu, pu128Dst, IEM_ACCESS_DATA_W);
7705 }
7706 return rc;
7707}
7708
7709
7710/**
7711 * Stores a descriptor register (sgdt, sidt).
7712 *
7713 * @returns Strict VBox status code.
7714 * @param pIemCpu The IEM per CPU data.
7715 * @param cbLimit The limit.
7716 * @param GCPtrBase The base address.
7717 * @param iSegReg The index of the segment register to use for
7718 * this access. The base and limits are checked.
7719 * @param GCPtrMem The address of the guest memory.
7720 */
7721IEM_STATIC VBOXSTRICTRC
7722iemMemStoreDataXdtr(PIEMCPU pIemCpu, uint16_t cbLimit, RTGCPTR GCPtrBase, uint8_t iSegReg, RTGCPTR GCPtrMem)
7723{
7724 /*
7725 * The SIDT and SGDT instructions actually stores the data using two
7726 * independent writes. The instructions does not respond to opsize prefixes.
7727 */
7728 VBOXSTRICTRC rcStrict = iemMemStoreDataU16(pIemCpu, iSegReg, GCPtrMem, cbLimit);
7729 if (rcStrict == VINF_SUCCESS)
7730 {
7731 if (pIemCpu->enmCpuMode == IEMMODE_16BIT)
7732 rcStrict = iemMemStoreDataU32(pIemCpu, iSegReg, GCPtrMem + 2,
7733 IEM_GET_TARGET_CPU(pIemCpu) <= IEMTARGETCPU_286
7734 ? (uint32_t)GCPtrBase | UINT32_C(0xff000000) : (uint32_t)GCPtrBase);
7735 else if (pIemCpu->enmCpuMode == IEMMODE_32BIT)
7736 rcStrict = iemMemStoreDataU32(pIemCpu, iSegReg, GCPtrMem + 2, (uint32_t)GCPtrBase);
7737 else
7738 rcStrict = iemMemStoreDataU64(pIemCpu, iSegReg, GCPtrMem + 2, GCPtrBase);
7739 }
7740 return rcStrict;
7741}
7742
7743
7744/**
7745 * Pushes a word onto the stack.
7746 *
7747 * @returns Strict VBox status code.
7748 * @param pIemCpu The IEM per CPU data.
7749 * @param u16Value The value to push.
7750 */
7751IEM_STATIC VBOXSTRICTRC iemMemStackPushU16(PIEMCPU pIemCpu, uint16_t u16Value)
7752{
7753 /* Increment the stack pointer. */
7754 uint64_t uNewRsp;
7755 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7756 RTGCPTR GCPtrTop = iemRegGetRspForPush(pIemCpu, pCtx, 2, &uNewRsp);
7757
7758 /* Write the word the lazy way. */
7759 uint16_t *pu16Dst;
7760 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(*pu16Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
7761 if (rc == VINF_SUCCESS)
7762 {
7763 *pu16Dst = u16Value;
7764 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_STACK_W);
7765 }
7766
7767 /* Commit the new RSP value unless we an access handler made trouble. */
7768 if (rc == VINF_SUCCESS)
7769 pCtx->rsp = uNewRsp;
7770
7771 return rc;
7772}
7773
7774
7775/**
7776 * Pushes a dword onto the stack.
7777 *
7778 * @returns Strict VBox status code.
7779 * @param pIemCpu The IEM per CPU data.
7780 * @param u32Value The value to push.
7781 */
7782IEM_STATIC VBOXSTRICTRC iemMemStackPushU32(PIEMCPU pIemCpu, uint32_t u32Value)
7783{
7784 /* Increment the stack pointer. */
7785 uint64_t uNewRsp;
7786 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7787 RTGCPTR GCPtrTop = iemRegGetRspForPush(pIemCpu, pCtx, 4, &uNewRsp);
7788
7789 /* Write the dword the lazy way. */
7790 uint32_t *pu32Dst;
7791 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
7792 if (rc == VINF_SUCCESS)
7793 {
7794 *pu32Dst = u32Value;
7795 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_STACK_W);
7796 }
7797
7798 /* Commit the new RSP value unless we an access handler made trouble. */
7799 if (rc == VINF_SUCCESS)
7800 pCtx->rsp = uNewRsp;
7801
7802 return rc;
7803}
7804
7805
7806/**
7807 * Pushes a dword segment register value onto the stack.
7808 *
7809 * @returns Strict VBox status code.
7810 * @param pIemCpu The IEM per CPU data.
7811 * @param u32Value The value to push.
7812 */
7813IEM_STATIC VBOXSTRICTRC iemMemStackPushU32SReg(PIEMCPU pIemCpu, uint32_t u32Value)
7814{
7815 /* Increment the stack pointer. */
7816 uint64_t uNewRsp;
7817 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7818 RTGCPTR GCPtrTop = iemRegGetRspForPush(pIemCpu, pCtx, 4, &uNewRsp);
7819
7820 VBOXSTRICTRC rc;
7821 if (IEM_FULL_VERIFICATION_REM_ENABLED(pIemCpu))
7822 {
7823 /* The recompiler writes a full dword. */
7824 uint32_t *pu32Dst;
7825 rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
7826 if (rc == VINF_SUCCESS)
7827 {
7828 *pu32Dst = u32Value;
7829 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_STACK_W);
7830 }
7831 }
7832 else
7833 {
7834 /* The intel docs talks about zero extending the selector register
7835 value. My actual intel CPU here might be zero extending the value
7836 but it still only writes the lower word... */
7837 /** @todo Test this on new HW and on AMD and in 64-bit mode. Also test what
7838 * happens when crossing an electric page boundrary, is the high word checked
7839 * for write accessibility or not? Probably it is. What about segment limits?
7840 * It appears this behavior is also shared with trap error codes.
7841 *
7842 * Docs indicate the behavior changed maybe in Pentium or Pentium Pro. Check
7843 * ancient hardware when it actually did change. */
7844 uint16_t *pu16Dst;
7845 rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(uint32_t), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_RW);
7846 if (rc == VINF_SUCCESS)
7847 {
7848 *pu16Dst = (uint16_t)u32Value;
7849 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_STACK_RW);
7850 }
7851 }
7852
7853 /* Commit the new RSP value unless we an access handler made trouble. */
7854 if (rc == VINF_SUCCESS)
7855 pCtx->rsp = uNewRsp;
7856
7857 return rc;
7858}
7859
7860
7861/**
7862 * Pushes a qword onto the stack.
7863 *
7864 * @returns Strict VBox status code.
7865 * @param pIemCpu The IEM per CPU data.
7866 * @param u64Value The value to push.
7867 */
7868IEM_STATIC VBOXSTRICTRC iemMemStackPushU64(PIEMCPU pIemCpu, uint64_t u64Value)
7869{
7870 /* Increment the stack pointer. */
7871 uint64_t uNewRsp;
7872 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7873 RTGCPTR GCPtrTop = iemRegGetRspForPush(pIemCpu, pCtx, 8, &uNewRsp);
7874
7875 /* Write the word the lazy way. */
7876 uint64_t *pu64Dst;
7877 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Dst, sizeof(*pu64Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
7878 if (rc == VINF_SUCCESS)
7879 {
7880 *pu64Dst = u64Value;
7881 rc = iemMemCommitAndUnmap(pIemCpu, pu64Dst, IEM_ACCESS_STACK_W);
7882 }
7883
7884 /* Commit the new RSP value unless we an access handler made trouble. */
7885 if (rc == VINF_SUCCESS)
7886 pCtx->rsp = uNewRsp;
7887
7888 return rc;
7889}
7890
7891
7892/**
7893 * Pops a word from the stack.
7894 *
7895 * @returns Strict VBox status code.
7896 * @param pIemCpu The IEM per CPU data.
7897 * @param pu16Value Where to store the popped value.
7898 */
7899IEM_STATIC VBOXSTRICTRC iemMemStackPopU16(PIEMCPU pIemCpu, uint16_t *pu16Value)
7900{
7901 /* Increment the stack pointer. */
7902 uint64_t uNewRsp;
7903 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7904 RTGCPTR GCPtrTop = iemRegGetRspForPop(pIemCpu, pCtx, 2, &uNewRsp);
7905
7906 /* Write the word the lazy way. */
7907 uint16_t const *pu16Src;
7908 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
7909 if (rc == VINF_SUCCESS)
7910 {
7911 *pu16Value = *pu16Src;
7912 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_STACK_R);
7913
7914 /* Commit the new RSP value. */
7915 if (rc == VINF_SUCCESS)
7916 pCtx->rsp = uNewRsp;
7917 }
7918
7919 return rc;
7920}
7921
7922
7923/**
7924 * Pops a dword from the stack.
7925 *
7926 * @returns Strict VBox status code.
7927 * @param pIemCpu The IEM per CPU data.
7928 * @param pu32Value Where to store the popped value.
7929 */
7930IEM_STATIC VBOXSTRICTRC iemMemStackPopU32(PIEMCPU pIemCpu, uint32_t *pu32Value)
7931{
7932 /* Increment the stack pointer. */
7933 uint64_t uNewRsp;
7934 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7935 RTGCPTR GCPtrTop = iemRegGetRspForPop(pIemCpu, pCtx, 4, &uNewRsp);
7936
7937 /* Write the word the lazy way. */
7938 uint32_t const *pu32Src;
7939 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
7940 if (rc == VINF_SUCCESS)
7941 {
7942 *pu32Value = *pu32Src;
7943 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_STACK_R);
7944
7945 /* Commit the new RSP value. */
7946 if (rc == VINF_SUCCESS)
7947 pCtx->rsp = uNewRsp;
7948 }
7949
7950 return rc;
7951}
7952
7953
7954/**
7955 * Pops a qword from the stack.
7956 *
7957 * @returns Strict VBox status code.
7958 * @param pIemCpu The IEM per CPU data.
7959 * @param pu64Value Where to store the popped value.
7960 */
7961IEM_STATIC VBOXSTRICTRC iemMemStackPopU64(PIEMCPU pIemCpu, uint64_t *pu64Value)
7962{
7963 /* Increment the stack pointer. */
7964 uint64_t uNewRsp;
7965 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7966 RTGCPTR GCPtrTop = iemRegGetRspForPop(pIemCpu, pCtx, 8, &uNewRsp);
7967
7968 /* Write the word the lazy way. */
7969 uint64_t const *pu64Src;
7970 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
7971 if (rc == VINF_SUCCESS)
7972 {
7973 *pu64Value = *pu64Src;
7974 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_STACK_R);
7975
7976 /* Commit the new RSP value. */
7977 if (rc == VINF_SUCCESS)
7978 pCtx->rsp = uNewRsp;
7979 }
7980
7981 return rc;
7982}
7983
7984
7985/**
7986 * Pushes a word onto the stack, using a temporary stack pointer.
7987 *
7988 * @returns Strict VBox status code.
7989 * @param pIemCpu The IEM per CPU data.
7990 * @param u16Value The value to push.
7991 * @param pTmpRsp Pointer to the temporary stack pointer.
7992 */
7993IEM_STATIC VBOXSTRICTRC iemMemStackPushU16Ex(PIEMCPU pIemCpu, uint16_t u16Value, PRTUINT64U pTmpRsp)
7994{
7995 /* Increment the stack pointer. */
7996 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7997 RTUINT64U NewRsp = *pTmpRsp;
7998 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(pIemCpu, pCtx, &NewRsp, 2);
7999
8000 /* Write the word the lazy way. */
8001 uint16_t *pu16Dst;
8002 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(*pu16Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
8003 if (rc == VINF_SUCCESS)
8004 {
8005 *pu16Dst = u16Value;
8006 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_STACK_W);
8007 }
8008
8009 /* Commit the new RSP value unless we an access handler made trouble. */
8010 if (rc == VINF_SUCCESS)
8011 *pTmpRsp = NewRsp;
8012
8013 return rc;
8014}
8015
8016
8017/**
8018 * Pushes a dword onto the stack, using a temporary stack pointer.
8019 *
8020 * @returns Strict VBox status code.
8021 * @param pIemCpu The IEM per CPU data.
8022 * @param u32Value The value to push.
8023 * @param pTmpRsp Pointer to the temporary stack pointer.
8024 */
8025IEM_STATIC VBOXSTRICTRC iemMemStackPushU32Ex(PIEMCPU pIemCpu, uint32_t u32Value, PRTUINT64U pTmpRsp)
8026{
8027 /* Increment the stack pointer. */
8028 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8029 RTUINT64U NewRsp = *pTmpRsp;
8030 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(pIemCpu, pCtx, &NewRsp, 4);
8031
8032 /* Write the word the lazy way. */
8033 uint32_t *pu32Dst;
8034 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
8035 if (rc == VINF_SUCCESS)
8036 {
8037 *pu32Dst = u32Value;
8038 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_STACK_W);
8039 }
8040
8041 /* Commit the new RSP value unless we an access handler made trouble. */
8042 if (rc == VINF_SUCCESS)
8043 *pTmpRsp = NewRsp;
8044
8045 return rc;
8046}
8047
8048
8049/**
8050 * Pushes a dword onto the stack, using a temporary stack pointer.
8051 *
8052 * @returns Strict VBox status code.
8053 * @param pIemCpu The IEM per CPU data.
8054 * @param u64Value The value to push.
8055 * @param pTmpRsp Pointer to the temporary stack pointer.
8056 */
8057IEM_STATIC VBOXSTRICTRC iemMemStackPushU64Ex(PIEMCPU pIemCpu, uint64_t u64Value, PRTUINT64U pTmpRsp)
8058{
8059 /* Increment the stack pointer. */
8060 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8061 RTUINT64U NewRsp = *pTmpRsp;
8062 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(pIemCpu, pCtx, &NewRsp, 8);
8063
8064 /* Write the word the lazy way. */
8065 uint64_t *pu64Dst;
8066 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Dst, sizeof(*pu64Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
8067 if (rc == VINF_SUCCESS)
8068 {
8069 *pu64Dst = u64Value;
8070 rc = iemMemCommitAndUnmap(pIemCpu, pu64Dst, IEM_ACCESS_STACK_W);
8071 }
8072
8073 /* Commit the new RSP value unless we an access handler made trouble. */
8074 if (rc == VINF_SUCCESS)
8075 *pTmpRsp = NewRsp;
8076
8077 return rc;
8078}
8079
8080
8081/**
8082 * Pops a word from the stack, using a temporary stack pointer.
8083 *
8084 * @returns Strict VBox status code.
8085 * @param pIemCpu The IEM per CPU data.
8086 * @param pu16Value Where to store the popped value.
8087 * @param pTmpRsp Pointer to the temporary stack pointer.
8088 */
8089IEM_STATIC VBOXSTRICTRC iemMemStackPopU16Ex(PIEMCPU pIemCpu, uint16_t *pu16Value, PRTUINT64U pTmpRsp)
8090{
8091 /* Increment the stack pointer. */
8092 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8093 RTUINT64U NewRsp = *pTmpRsp;
8094 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pIemCpu, pCtx, &NewRsp, 2);
8095
8096 /* Write the word the lazy way. */
8097 uint16_t const *pu16Src;
8098 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
8099 if (rc == VINF_SUCCESS)
8100 {
8101 *pu16Value = *pu16Src;
8102 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_STACK_R);
8103
8104 /* Commit the new RSP value. */
8105 if (rc == VINF_SUCCESS)
8106 *pTmpRsp = NewRsp;
8107 }
8108
8109 return rc;
8110}
8111
8112
8113/**
8114 * Pops a dword from the stack, using a temporary stack pointer.
8115 *
8116 * @returns Strict VBox status code.
8117 * @param pIemCpu The IEM per CPU data.
8118 * @param pu32Value Where to store the popped value.
8119 * @param pTmpRsp Pointer to the temporary stack pointer.
8120 */
8121IEM_STATIC VBOXSTRICTRC iemMemStackPopU32Ex(PIEMCPU pIemCpu, uint32_t *pu32Value, PRTUINT64U pTmpRsp)
8122{
8123 /* Increment the stack pointer. */
8124 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8125 RTUINT64U NewRsp = *pTmpRsp;
8126 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pIemCpu, pCtx, &NewRsp, 4);
8127
8128 /* Write the word the lazy way. */
8129 uint32_t const *pu32Src;
8130 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
8131 if (rc == VINF_SUCCESS)
8132 {
8133 *pu32Value = *pu32Src;
8134 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_STACK_R);
8135
8136 /* Commit the new RSP value. */
8137 if (rc == VINF_SUCCESS)
8138 *pTmpRsp = NewRsp;
8139 }
8140
8141 return rc;
8142}
8143
8144
8145/**
8146 * Pops a qword from the stack, using a temporary stack pointer.
8147 *
8148 * @returns Strict VBox status code.
8149 * @param pIemCpu The IEM per CPU data.
8150 * @param pu64Value Where to store the popped value.
8151 * @param pTmpRsp Pointer to the temporary stack pointer.
8152 */
8153IEM_STATIC VBOXSTRICTRC iemMemStackPopU64Ex(PIEMCPU pIemCpu, uint64_t *pu64Value, PRTUINT64U pTmpRsp)
8154{
8155 /* Increment the stack pointer. */
8156 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8157 RTUINT64U NewRsp = *pTmpRsp;
8158 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pIemCpu, pCtx, &NewRsp, 8);
8159
8160 /* Write the word the lazy way. */
8161 uint64_t const *pu64Src;
8162 VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
8163 if (rcStrict == VINF_SUCCESS)
8164 {
8165 *pu64Value = *pu64Src;
8166 rcStrict = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_STACK_R);
8167
8168 /* Commit the new RSP value. */
8169 if (rcStrict == VINF_SUCCESS)
8170 *pTmpRsp = NewRsp;
8171 }
8172
8173 return rcStrict;
8174}
8175
8176
8177/**
8178 * Begin a special stack push (used by interrupt, exceptions and such).
8179 *
8180 * This will raise \#SS or \#PF if appropriate.
8181 *
8182 * @returns Strict VBox status code.
8183 * @param pIemCpu The IEM per CPU data.
8184 * @param cbMem The number of bytes to push onto the stack.
8185 * @param ppvMem Where to return the pointer to the stack memory.
8186 * As with the other memory functions this could be
8187 * direct access or bounce buffered access, so
8188 * don't commit register until the commit call
8189 * succeeds.
8190 * @param puNewRsp Where to return the new RSP value. This must be
8191 * passed unchanged to
8192 * iemMemStackPushCommitSpecial().
8193 */
8194IEM_STATIC VBOXSTRICTRC iemMemStackPushBeginSpecial(PIEMCPU pIemCpu, size_t cbMem, void **ppvMem, uint64_t *puNewRsp)
8195{
8196 Assert(cbMem < UINT8_MAX);
8197 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8198 RTGCPTR GCPtrTop = iemRegGetRspForPush(pIemCpu, pCtx, (uint8_t)cbMem, puNewRsp);
8199 return iemMemMap(pIemCpu, ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
8200}
8201
8202
8203/**
8204 * Commits a special stack push (started by iemMemStackPushBeginSpecial).
8205 *
8206 * This will update the rSP.
8207 *
8208 * @returns Strict VBox status code.
8209 * @param pIemCpu The IEM per CPU data.
8210 * @param pvMem The pointer returned by
8211 * iemMemStackPushBeginSpecial().
8212 * @param uNewRsp The new RSP value returned by
8213 * iemMemStackPushBeginSpecial().
8214 */
8215IEM_STATIC VBOXSTRICTRC iemMemStackPushCommitSpecial(PIEMCPU pIemCpu, void *pvMem, uint64_t uNewRsp)
8216{
8217 VBOXSTRICTRC rcStrict = iemMemCommitAndUnmap(pIemCpu, pvMem, IEM_ACCESS_STACK_W);
8218 if (rcStrict == VINF_SUCCESS)
8219 pIemCpu->CTX_SUFF(pCtx)->rsp = uNewRsp;
8220 return rcStrict;
8221}
8222
8223
8224/**
8225 * Begin a special stack pop (used by iret, retf and such).
8226 *
8227 * This will raise \#SS or \#PF if appropriate.
8228 *
8229 * @returns Strict VBox status code.
8230 * @param pIemCpu The IEM per CPU data.
8231 * @param cbMem The number of bytes to push onto the stack.
8232 * @param ppvMem Where to return the pointer to the stack memory.
8233 * @param puNewRsp Where to return the new RSP value. This must be
8234 * passed unchanged to
8235 * iemMemStackPopCommitSpecial() or applied
8236 * manually if iemMemStackPopDoneSpecial() is used.
8237 */
8238IEM_STATIC VBOXSTRICTRC iemMemStackPopBeginSpecial(PIEMCPU pIemCpu, size_t cbMem, void const **ppvMem, uint64_t *puNewRsp)
8239{
8240 Assert(cbMem < UINT8_MAX);
8241 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8242 RTGCPTR GCPtrTop = iemRegGetRspForPop(pIemCpu, pCtx, (uint8_t)cbMem, puNewRsp);
8243 return iemMemMap(pIemCpu, (void **)ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
8244}
8245
8246
8247/**
8248 * Continue a special stack pop (used by iret and retf).
8249 *
8250 * This will raise \#SS or \#PF if appropriate.
8251 *
8252 * @returns Strict VBox status code.
8253 * @param pIemCpu The IEM per CPU data.
8254 * @param cbMem The number of bytes to push onto the stack.
8255 * @param ppvMem Where to return the pointer to the stack memory.
8256 * @param puNewRsp Where to return the new RSP value. This must be
8257 * passed unchanged to
8258 * iemMemStackPopCommitSpecial() or applied
8259 * manually if iemMemStackPopDoneSpecial() is used.
8260 */
8261IEM_STATIC VBOXSTRICTRC iemMemStackPopContinueSpecial(PIEMCPU pIemCpu, size_t cbMem, void const **ppvMem, uint64_t *puNewRsp)
8262{
8263 Assert(cbMem < UINT8_MAX);
8264 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8265 RTUINT64U NewRsp;
8266 NewRsp.u = *puNewRsp;
8267 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pIemCpu, pCtx, &NewRsp, 8);
8268 *puNewRsp = NewRsp.u;
8269 return iemMemMap(pIemCpu, (void **)ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
8270}
8271
8272
8273/**
8274 * Commits a special stack pop (started by iemMemStackPopBeginSpecial).
8275 *
8276 * This will update the rSP.
8277 *
8278 * @returns Strict VBox status code.
8279 * @param pIemCpu The IEM per CPU data.
8280 * @param pvMem The pointer returned by
8281 * iemMemStackPopBeginSpecial().
8282 * @param uNewRsp The new RSP value returned by
8283 * iemMemStackPopBeginSpecial().
8284 */
8285IEM_STATIC VBOXSTRICTRC iemMemStackPopCommitSpecial(PIEMCPU pIemCpu, void const *pvMem, uint64_t uNewRsp)
8286{
8287 VBOXSTRICTRC rcStrict = iemMemCommitAndUnmap(pIemCpu, (void *)pvMem, IEM_ACCESS_STACK_R);
8288 if (rcStrict == VINF_SUCCESS)
8289 pIemCpu->CTX_SUFF(pCtx)->rsp = uNewRsp;
8290 return rcStrict;
8291}
8292
8293
8294/**
8295 * Done with a special stack pop (started by iemMemStackPopBeginSpecial or
8296 * iemMemStackPopContinueSpecial).
8297 *
8298 * The caller will manually commit the rSP.
8299 *
8300 * @returns Strict VBox status code.
8301 * @param pIemCpu The IEM per CPU data.
8302 * @param pvMem The pointer returned by
8303 * iemMemStackPopBeginSpecial() or
8304 * iemMemStackPopContinueSpecial().
8305 */
8306IEM_STATIC VBOXSTRICTRC iemMemStackPopDoneSpecial(PIEMCPU pIemCpu, void const *pvMem)
8307{
8308 return iemMemCommitAndUnmap(pIemCpu, (void *)pvMem, IEM_ACCESS_STACK_R);
8309}
8310
8311
8312/**
8313 * Fetches a system table byte.
8314 *
8315 * @returns Strict VBox status code.
8316 * @param pIemCpu The IEM per CPU data.
8317 * @param pbDst Where to return the byte.
8318 * @param iSegReg The index of the segment register to use for
8319 * this access. The base and limits are checked.
8320 * @param GCPtrMem The address of the guest memory.
8321 */
8322IEM_STATIC VBOXSTRICTRC iemMemFetchSysU8(PIEMCPU pIemCpu, uint8_t *pbDst, uint8_t iSegReg, RTGCPTR GCPtrMem)
8323{
8324 /* The lazy approach for now... */
8325 uint8_t const *pbSrc;
8326 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pbSrc, sizeof(*pbSrc), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
8327 if (rc == VINF_SUCCESS)
8328 {
8329 *pbDst = *pbSrc;
8330 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pbSrc, IEM_ACCESS_SYS_R);
8331 }
8332 return rc;
8333}
8334
8335
8336/**
8337 * Fetches a system table word.
8338 *
8339 * @returns Strict VBox status code.
8340 * @param pIemCpu The IEM per CPU data.
8341 * @param pu16Dst Where to return the word.
8342 * @param iSegReg The index of the segment register to use for
8343 * this access. The base and limits are checked.
8344 * @param GCPtrMem The address of the guest memory.
8345 */
8346IEM_STATIC VBOXSTRICTRC iemMemFetchSysU16(PIEMCPU pIemCpu, uint16_t *pu16Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
8347{
8348 /* The lazy approach for now... */
8349 uint16_t const *pu16Src;
8350 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
8351 if (rc == VINF_SUCCESS)
8352 {
8353 *pu16Dst = *pu16Src;
8354 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_SYS_R);
8355 }
8356 return rc;
8357}
8358
8359
8360/**
8361 * Fetches a system table dword.
8362 *
8363 * @returns Strict VBox status code.
8364 * @param pIemCpu The IEM per CPU data.
8365 * @param pu32Dst Where to return the dword.
8366 * @param iSegReg The index of the segment register to use for
8367 * this access. The base and limits are checked.
8368 * @param GCPtrMem The address of the guest memory.
8369 */
8370IEM_STATIC VBOXSTRICTRC iemMemFetchSysU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
8371{
8372 /* The lazy approach for now... */
8373 uint32_t const *pu32Src;
8374 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
8375 if (rc == VINF_SUCCESS)
8376 {
8377 *pu32Dst = *pu32Src;
8378 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_SYS_R);
8379 }
8380 return rc;
8381}
8382
8383
8384/**
8385 * Fetches a system table qword.
8386 *
8387 * @returns Strict VBox status code.
8388 * @param pIemCpu The IEM per CPU data.
8389 * @param pu64Dst Where to return the qword.
8390 * @param iSegReg The index of the segment register to use for
8391 * this access. The base and limits are checked.
8392 * @param GCPtrMem The address of the guest memory.
8393 */
8394IEM_STATIC VBOXSTRICTRC iemMemFetchSysU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
8395{
8396 /* The lazy approach for now... */
8397 uint64_t const *pu64Src;
8398 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
8399 if (rc == VINF_SUCCESS)
8400 {
8401 *pu64Dst = *pu64Src;
8402 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_SYS_R);
8403 }
8404 return rc;
8405}
8406
8407
8408/**
8409 * Fetches a descriptor table entry with caller specified error code.
8410 *
8411 * @returns Strict VBox status code.
8412 * @param pIemCpu The IEM per CPU.
8413 * @param pDesc Where to return the descriptor table entry.
8414 * @param uSel The selector which table entry to fetch.
8415 * @param uXcpt The exception to raise on table lookup error.
8416 * @param uErrorCode The error code associated with the exception.
8417 */
8418IEM_STATIC VBOXSTRICTRC
8419iemMemFetchSelDescWithErr(PIEMCPU pIemCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt, uint16_t uErrorCode)
8420{
8421 AssertPtr(pDesc);
8422 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8423
8424 /** @todo did the 286 require all 8 bytes to be accessible? */
8425 /*
8426 * Get the selector table base and check bounds.
8427 */
8428 RTGCPTR GCPtrBase;
8429 if (uSel & X86_SEL_LDT)
8430 {
8431 if ( !pCtx->ldtr.Attr.n.u1Present
8432 || (uSel | X86_SEL_RPL_LDT) > pCtx->ldtr.u32Limit )
8433 {
8434 Log(("iemMemFetchSelDesc: LDT selector %#x is out of bounds (%3x) or ldtr is NP (%#x)\n",
8435 uSel, pCtx->ldtr.u32Limit, pCtx->ldtr.Sel));
8436 return iemRaiseXcptOrInt(pIemCpu, 0, uXcpt, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
8437 uErrorCode, 0);
8438 }
8439
8440 Assert(pCtx->ldtr.Attr.n.u1Present);
8441 GCPtrBase = pCtx->ldtr.u64Base;
8442 }
8443 else
8444 {
8445 if ((uSel | X86_SEL_RPL_LDT) > pCtx->gdtr.cbGdt)
8446 {
8447 Log(("iemMemFetchSelDesc: GDT selector %#x is out of bounds (%3x)\n", uSel, pCtx->gdtr.cbGdt));
8448 return iemRaiseXcptOrInt(pIemCpu, 0, uXcpt, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
8449 uErrorCode, 0);
8450 }
8451 GCPtrBase = pCtx->gdtr.pGdt;
8452 }
8453
8454 /*
8455 * Read the legacy descriptor and maybe the long mode extensions if
8456 * required.
8457 */
8458 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &pDesc->Legacy.u, UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK));
8459 if (rcStrict == VINF_SUCCESS)
8460 {
8461 if ( !IEM_IS_LONG_MODE(pIemCpu)
8462 || pDesc->Legacy.Gen.u1DescType)
8463 pDesc->Long.au64[1] = 0;
8464 else if ((uint32_t)(uSel | X86_SEL_RPL_LDT) + 8 <= (uSel & X86_SEL_LDT ? pCtx->ldtr.u32Limit : pCtx->gdtr.cbGdt))
8465 rcStrict = iemMemFetchSysU64(pIemCpu, &pDesc->Long.au64[1], UINT8_MAX, GCPtrBase + (uSel | X86_SEL_RPL_LDT) + 1);
8466 else
8467 {
8468 Log(("iemMemFetchSelDesc: system selector %#x is out of bounds\n", uSel));
8469 /** @todo is this the right exception? */
8470 return iemRaiseXcptOrInt(pIemCpu, 0, uXcpt, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErrorCode, 0);
8471 }
8472 }
8473 return rcStrict;
8474}
8475
8476
8477/**
8478 * Fetches a descriptor table entry.
8479 *
8480 * @returns Strict VBox status code.
8481 * @param pIemCpu The IEM per CPU.
8482 * @param pDesc Where to return the descriptor table entry.
8483 * @param uSel The selector which table entry to fetch.
8484 * @param uXcpt The exception to raise on table lookup error.
8485 */
8486IEM_STATIC VBOXSTRICTRC iemMemFetchSelDesc(PIEMCPU pIemCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt)
8487{
8488 return iemMemFetchSelDescWithErr(pIemCpu, pDesc, uSel, uXcpt, uSel & X86_SEL_MASK_OFF_RPL);
8489}
8490
8491
8492/**
8493 * Fakes a long mode stack selector for SS = 0.
8494 *
8495 * @param pDescSs Where to return the fake stack descriptor.
8496 * @param uDpl The DPL we want.
8497 */
8498IEM_STATIC void iemMemFakeStackSelDesc(PIEMSELDESC pDescSs, uint32_t uDpl)
8499{
8500 pDescSs->Long.au64[0] = 0;
8501 pDescSs->Long.au64[1] = 0;
8502 pDescSs->Long.Gen.u4Type = X86_SEL_TYPE_RW_ACC;
8503 pDescSs->Long.Gen.u1DescType = 1; /* 1 = code / data, 0 = system. */
8504 pDescSs->Long.Gen.u2Dpl = uDpl;
8505 pDescSs->Long.Gen.u1Present = 1;
8506 pDescSs->Long.Gen.u1Long = 1;
8507}
8508
8509
8510/**
8511 * Marks the selector descriptor as accessed (only non-system descriptors).
8512 *
8513 * This function ASSUMES that iemMemFetchSelDesc has be called previously and
8514 * will therefore skip the limit checks.
8515 *
8516 * @returns Strict VBox status code.
8517 * @param pIemCpu The IEM per CPU.
8518 * @param uSel The selector.
8519 */
8520IEM_STATIC VBOXSTRICTRC iemMemMarkSelDescAccessed(PIEMCPU pIemCpu, uint16_t uSel)
8521{
8522 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8523
8524 /*
8525 * Get the selector table base and calculate the entry address.
8526 */
8527 RTGCPTR GCPtr = uSel & X86_SEL_LDT
8528 ? pCtx->ldtr.u64Base
8529 : pCtx->gdtr.pGdt;
8530 GCPtr += uSel & X86_SEL_MASK;
8531
8532 /*
8533 * ASMAtomicBitSet will assert if the address is misaligned, so do some
8534 * ugly stuff to avoid this. This will make sure it's an atomic access
8535 * as well more or less remove any question about 8-bit or 32-bit accesss.
8536 */
8537 VBOXSTRICTRC rcStrict;
8538 uint32_t volatile *pu32;
8539 if ((GCPtr & 3) == 0)
8540 {
8541 /* The normal case, map the 32-bit bits around the accessed bit (40). */
8542 GCPtr += 2 + 2;
8543 rcStrict = iemMemMap(pIemCpu, (void **)&pu32, 4, UINT8_MAX, GCPtr, IEM_ACCESS_SYS_RW);
8544 if (rcStrict != VINF_SUCCESS)
8545 return rcStrict;
8546 ASMAtomicBitSet(pu32, 8); /* X86_SEL_TYPE_ACCESSED is 1, but it is preceeded by u8BaseHigh1. */
8547 }
8548 else
8549 {
8550 /* The misaligned GDT/LDT case, map the whole thing. */
8551 rcStrict = iemMemMap(pIemCpu, (void **)&pu32, 8, UINT8_MAX, GCPtr, IEM_ACCESS_SYS_RW);
8552 if (rcStrict != VINF_SUCCESS)
8553 return rcStrict;
8554 switch ((uintptr_t)pu32 & 3)
8555 {
8556 case 0: ASMAtomicBitSet(pu32, 40 + 0 - 0); break;
8557 case 1: ASMAtomicBitSet((uint8_t volatile *)pu32 + 3, 40 + 0 - 24); break;
8558 case 2: ASMAtomicBitSet((uint8_t volatile *)pu32 + 2, 40 + 0 - 16); break;
8559 case 3: ASMAtomicBitSet((uint8_t volatile *)pu32 + 1, 40 + 0 - 8); break;
8560 }
8561 }
8562
8563 return iemMemCommitAndUnmap(pIemCpu, (void *)pu32, IEM_ACCESS_SYS_RW);
8564}
8565
8566/** @} */
8567
8568
8569/*
8570 * Include the C/C++ implementation of instruction.
8571 */
8572#include "IEMAllCImpl.cpp.h"
8573
8574
8575
8576/** @name "Microcode" macros.
8577 *
8578 * The idea is that we should be able to use the same code to interpret
8579 * instructions as well as recompiler instructions. Thus this obfuscation.
8580 *
8581 * @{
8582 */
8583#define IEM_MC_BEGIN(a_cArgs, a_cLocals) {
8584#define IEM_MC_END() }
8585#define IEM_MC_PAUSE() do {} while (0)
8586#define IEM_MC_CONTINUE() do {} while (0)
8587
8588/** Internal macro. */
8589#define IEM_MC_RETURN_ON_FAILURE(a_Expr) \
8590 do \
8591 { \
8592 VBOXSTRICTRC rcStrict2 = a_Expr; \
8593 if (rcStrict2 != VINF_SUCCESS) \
8594 return rcStrict2; \
8595 } while (0)
8596
8597#define IEM_MC_ADVANCE_RIP() iemRegUpdateRipAndClearRF(pIemCpu)
8598#define IEM_MC_REL_JMP_S8(a_i8) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS8(pIemCpu, a_i8))
8599#define IEM_MC_REL_JMP_S16(a_i16) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS16(pIemCpu, a_i16))
8600#define IEM_MC_REL_JMP_S32(a_i32) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS32(pIemCpu, a_i32))
8601#define IEM_MC_SET_RIP_U16(a_u16NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pIemCpu), (a_u16NewIP)))
8602#define IEM_MC_SET_RIP_U32(a_u32NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pIemCpu), (a_u32NewIP)))
8603#define IEM_MC_SET_RIP_U64(a_u64NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pIemCpu), (a_u64NewIP)))
8604
8605#define IEM_MC_RAISE_DIVIDE_ERROR() return iemRaiseDivideError(pIemCpu)
8606#define IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE() \
8607 do { \
8608 if ((pIemCpu)->CTX_SUFF(pCtx)->cr0 & (X86_CR0_EM | X86_CR0_TS)) \
8609 return iemRaiseDeviceNotAvailable(pIemCpu); \
8610 } while (0)
8611#define IEM_MC_MAYBE_RAISE_FPU_XCPT() \
8612 do { \
8613 if ((pIemCpu)->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.FSW & X86_FSW_ES) \
8614 return iemRaiseMathFault(pIemCpu); \
8615 } while (0)
8616#define IEM_MC_MAYBE_RAISE_SSE2_RELATED_XCPT() \
8617 do { \
8618 if ( (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_EM) \
8619 || !(pIemCpu->CTX_SUFF(pCtx)->cr4 & X86_CR4_OSFXSR) \
8620 || !IEM_GET_GUEST_CPU_FEATURES(pIemCpu)->fSse2) \
8621 return iemRaiseUndefinedOpcode(pIemCpu); \
8622 if (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_TS) \
8623 return iemRaiseDeviceNotAvailable(pIemCpu); \
8624 } while (0)
8625#define IEM_MC_MAYBE_RAISE_SSE_RELATED_XCPT() \
8626 do { \
8627 if ( (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_EM) \
8628 || !(pIemCpu->CTX_SUFF(pCtx)->cr4 & X86_CR4_OSFXSR) \
8629 || !IEM_GET_GUEST_CPU_FEATURES(pIemCpu)->fSse) \
8630 return iemRaiseUndefinedOpcode(pIemCpu); \
8631 if (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_TS) \
8632 return iemRaiseDeviceNotAvailable(pIemCpu); \
8633 } while (0)
8634#define IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT() \
8635 do { \
8636 if ( ((pIemCpu)->CTX_SUFF(pCtx)->cr0 & X86_CR0_EM) \
8637 || !IEM_GET_GUEST_CPU_FEATURES(pIemCpu)->fMmx) \
8638 return iemRaiseUndefinedOpcode(pIemCpu); \
8639 if (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_TS) \
8640 return iemRaiseDeviceNotAvailable(pIemCpu); \
8641 } while (0)
8642#define IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT_CHECK_SSE_OR_MMXEXT() \
8643 do { \
8644 if ( ((pIemCpu)->CTX_SUFF(pCtx)->cr0 & X86_CR0_EM) \
8645 || ( !IEM_GET_GUEST_CPU_FEATURES(pIemCpu)->fSse \
8646 && !IEM_GET_GUEST_CPU_FEATURES(pIemCpu)->fAmdMmxExts) ) \
8647 return iemRaiseUndefinedOpcode(pIemCpu); \
8648 if (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_TS) \
8649 return iemRaiseDeviceNotAvailable(pIemCpu); \
8650 } while (0)
8651#define IEM_MC_RAISE_GP0_IF_CPL_NOT_ZERO() \
8652 do { \
8653 if (pIemCpu->uCpl != 0) \
8654 return iemRaiseGeneralProtectionFault0(pIemCpu); \
8655 } while (0)
8656
8657
8658#define IEM_MC_LOCAL(a_Type, a_Name) a_Type a_Name
8659#define IEM_MC_LOCAL_CONST(a_Type, a_Name, a_Value) a_Type const a_Name = (a_Value)
8660#define IEM_MC_REF_LOCAL(a_pRefArg, a_Local) (a_pRefArg) = &(a_Local)
8661#define IEM_MC_ARG(a_Type, a_Name, a_iArg) a_Type a_Name
8662#define IEM_MC_ARG_CONST(a_Type, a_Name, a_Value, a_iArg) a_Type const a_Name = (a_Value)
8663#define IEM_MC_ARG_LOCAL_REF(a_Type, a_Name, a_Local, a_iArg) a_Type const a_Name = &(a_Local)
8664#define IEM_MC_ARG_LOCAL_EFLAGS(a_pName, a_Name, a_iArg) \
8665 uint32_t a_Name; \
8666 uint32_t *a_pName = &a_Name
8667#define IEM_MC_COMMIT_EFLAGS(a_EFlags) \
8668 do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u = (a_EFlags); Assert((pIemCpu)->CTX_SUFF(pCtx)->eflags.u & X86_EFL_1); } while (0)
8669
8670#define IEM_MC_ASSIGN(a_VarOrArg, a_CVariableOrConst) (a_VarOrArg) = (a_CVariableOrConst)
8671#define IEM_MC_ASSIGN_TO_SMALLER IEM_MC_ASSIGN
8672
8673#define IEM_MC_FETCH_GREG_U8(a_u8Dst, a_iGReg) (a_u8Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
8674#define IEM_MC_FETCH_GREG_U8_ZX_U16(a_u16Dst, a_iGReg) (a_u16Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
8675#define IEM_MC_FETCH_GREG_U8_ZX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
8676#define IEM_MC_FETCH_GREG_U8_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
8677#define IEM_MC_FETCH_GREG_U8_SX_U16(a_u16Dst, a_iGReg) (a_u16Dst) = (int8_t)iemGRegFetchU8(pIemCpu, (a_iGReg))
8678#define IEM_MC_FETCH_GREG_U8_SX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = (int8_t)iemGRegFetchU8(pIemCpu, (a_iGReg))
8679#define IEM_MC_FETCH_GREG_U8_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int8_t)iemGRegFetchU8(pIemCpu, (a_iGReg))
8680#define IEM_MC_FETCH_GREG_U16(a_u16Dst, a_iGReg) (a_u16Dst) = iemGRegFetchU16(pIemCpu, (a_iGReg))
8681#define IEM_MC_FETCH_GREG_U16_ZX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU16(pIemCpu, (a_iGReg))
8682#define IEM_MC_FETCH_GREG_U16_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU16(pIemCpu, (a_iGReg))
8683#define IEM_MC_FETCH_GREG_U16_SX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = (int16_t)iemGRegFetchU16(pIemCpu, (a_iGReg))
8684#define IEM_MC_FETCH_GREG_U16_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int16_t)iemGRegFetchU16(pIemCpu, (a_iGReg))
8685#define IEM_MC_FETCH_GREG_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU32(pIemCpu, (a_iGReg))
8686#define IEM_MC_FETCH_GREG_U32_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU32(pIemCpu, (a_iGReg))
8687#define IEM_MC_FETCH_GREG_U32_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int32_t)iemGRegFetchU32(pIemCpu, (a_iGReg))
8688#define IEM_MC_FETCH_GREG_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU64(pIemCpu, (a_iGReg))
8689#define IEM_MC_FETCH_GREG_U64_ZX_U64 IEM_MC_FETCH_GREG_U64
8690#define IEM_MC_FETCH_SREG_U16(a_u16Dst, a_iSReg) (a_u16Dst) = iemSRegFetchU16(pIemCpu, (a_iSReg))
8691#define IEM_MC_FETCH_SREG_ZX_U32(a_u32Dst, a_iSReg) (a_u32Dst) = iemSRegFetchU16(pIemCpu, (a_iSReg))
8692#define IEM_MC_FETCH_SREG_ZX_U64(a_u64Dst, a_iSReg) (a_u64Dst) = iemSRegFetchU16(pIemCpu, (a_iSReg))
8693#define IEM_MC_FETCH_CR0_U16(a_u16Dst) (a_u16Dst) = (uint16_t)(pIemCpu)->CTX_SUFF(pCtx)->cr0
8694#define IEM_MC_FETCH_CR0_U32(a_u32Dst) (a_u32Dst) = (uint32_t)(pIemCpu)->CTX_SUFF(pCtx)->cr0
8695#define IEM_MC_FETCH_CR0_U64(a_u64Dst) (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->cr0
8696#define IEM_MC_FETCH_LDTR_U16(a_u16Dst) (a_u16Dst) = (pIemCpu)->CTX_SUFF(pCtx)->ldtr.Sel
8697#define IEM_MC_FETCH_LDTR_U32(a_u32Dst) (a_u32Dst) = (pIemCpu)->CTX_SUFF(pCtx)->ldtr.Sel
8698#define IEM_MC_FETCH_LDTR_U64(a_u64Dst) (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->ldtr.Sel
8699#define IEM_MC_FETCH_TR_U16(a_u16Dst) (a_u16Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
8700#define IEM_MC_FETCH_TR_U32(a_u32Dst) (a_u32Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
8701#define IEM_MC_FETCH_TR_U64(a_u64Dst) (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
8702/** @note Not for IOPL or IF testing or modification. */
8703#define IEM_MC_FETCH_EFLAGS(a_EFlags) (a_EFlags) = (pIemCpu)->CTX_SUFF(pCtx)->eflags.u
8704#define IEM_MC_FETCH_EFLAGS_U8(a_EFlags) (a_EFlags) = (uint8_t)(pIemCpu)->CTX_SUFF(pCtx)->eflags.u
8705#define IEM_MC_FETCH_FSW(a_u16Fsw) (a_u16Fsw) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.FSW
8706#define IEM_MC_FETCH_FCW(a_u16Fcw) (a_u16Fcw) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.FCW
8707
8708#define IEM_MC_STORE_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8(pIemCpu, (a_iGReg)) = (a_u8Value)
8709#define IEM_MC_STORE_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) = (a_u16Value)
8710#define IEM_MC_STORE_GREG_U32(a_iGReg, a_u32Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) = (uint32_t)(a_u32Value) /* clear high bits. */
8711#define IEM_MC_STORE_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) = (a_u64Value)
8712#define IEM_MC_STORE_GREG_U8_CONST IEM_MC_STORE_GREG_U8
8713#define IEM_MC_STORE_GREG_U16_CONST IEM_MC_STORE_GREG_U16
8714#define IEM_MC_STORE_GREG_U32_CONST IEM_MC_STORE_GREG_U32
8715#define IEM_MC_STORE_GREG_U64_CONST IEM_MC_STORE_GREG_U64
8716#define IEM_MC_CLEAR_HIGH_GREG_U64(a_iGReg) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= UINT32_MAX
8717#define IEM_MC_CLEAR_HIGH_GREG_U64_BY_REF(a_pu32Dst) do { (a_pu32Dst)[1] = 0; } while (0)
8718#define IEM_MC_STORE_FPUREG_R80_SRC_REF(a_iSt, a_pr80Src) \
8719 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[a_iSt].r80 = *(a_pr80Src); } while (0)
8720
8721#define IEM_MC_REF_GREG_U8(a_pu8Dst, a_iGReg) (a_pu8Dst) = iemGRegRefU8(pIemCpu, (a_iGReg))
8722#define IEM_MC_REF_GREG_U16(a_pu16Dst, a_iGReg) (a_pu16Dst) = (uint16_t *)iemGRegRef(pIemCpu, (a_iGReg))
8723/** @todo User of IEM_MC_REF_GREG_U32 needs to clear the high bits on commit.
8724 * Use IEM_MC_CLEAR_HIGH_GREG_U64_BY_REF! */
8725#define IEM_MC_REF_GREG_U32(a_pu32Dst, a_iGReg) (a_pu32Dst) = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg))
8726#define IEM_MC_REF_GREG_U64(a_pu64Dst, a_iGReg) (a_pu64Dst) = (uint64_t *)iemGRegRef(pIemCpu, (a_iGReg))
8727/** @note Not for IOPL or IF testing or modification. */
8728#define IEM_MC_REF_EFLAGS(a_pEFlags) (a_pEFlags) = &(pIemCpu)->CTX_SUFF(pCtx)->eflags.u
8729
8730#define IEM_MC_ADD_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) += (a_u8Value)
8731#define IEM_MC_ADD_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) += (a_u16Value)
8732#define IEM_MC_ADD_GREG_U32(a_iGReg, a_u32Value) \
8733 do { \
8734 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
8735 *pu32Reg += (a_u32Value); \
8736 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
8737 } while (0)
8738#define IEM_MC_ADD_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) += (a_u64Value)
8739
8740#define IEM_MC_SUB_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) -= (a_u8Value)
8741#define IEM_MC_SUB_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) -= (a_u16Value)
8742#define IEM_MC_SUB_GREG_U32(a_iGReg, a_u32Value) \
8743 do { \
8744 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
8745 *pu32Reg -= (a_u32Value); \
8746 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
8747 } while (0)
8748#define IEM_MC_SUB_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) -= (a_u64Value)
8749#define IEM_MC_SUB_LOCAL_U16(a_u16Value, a_u16Const) do { (a_u16Value) -= a_u16Const; } while (0)
8750
8751#define IEM_MC_ADD_GREG_U8_TO_LOCAL(a_u8Value, a_iGReg) do { (a_u8Value) += iemGRegFetchU8( pIemCpu, (a_iGReg)); } while (0)
8752#define IEM_MC_ADD_GREG_U16_TO_LOCAL(a_u16Value, a_iGReg) do { (a_u16Value) += iemGRegFetchU16(pIemCpu, (a_iGReg)); } while (0)
8753#define IEM_MC_ADD_GREG_U32_TO_LOCAL(a_u32Value, a_iGReg) do { (a_u32Value) += iemGRegFetchU32(pIemCpu, (a_iGReg)); } while (0)
8754#define IEM_MC_ADD_GREG_U64_TO_LOCAL(a_u64Value, a_iGReg) do { (a_u64Value) += iemGRegFetchU64(pIemCpu, (a_iGReg)); } while (0)
8755#define IEM_MC_ADD_LOCAL_S16_TO_EFF_ADDR(a_EffAddr, a_i16) do { (a_EffAddr) += (a_i16); } while (0)
8756#define IEM_MC_ADD_LOCAL_S32_TO_EFF_ADDR(a_EffAddr, a_i32) do { (a_EffAddr) += (a_i32); } while (0)
8757#define IEM_MC_ADD_LOCAL_S64_TO_EFF_ADDR(a_EffAddr, a_i64) do { (a_EffAddr) += (a_i64); } while (0)
8758
8759#define IEM_MC_AND_LOCAL_U8(a_u8Local, a_u8Mask) do { (a_u8Local) &= (a_u8Mask); } while (0)
8760#define IEM_MC_AND_LOCAL_U16(a_u16Local, a_u16Mask) do { (a_u16Local) &= (a_u16Mask); } while (0)
8761#define IEM_MC_AND_LOCAL_U32(a_u32Local, a_u32Mask) do { (a_u32Local) &= (a_u32Mask); } while (0)
8762#define IEM_MC_AND_LOCAL_U64(a_u64Local, a_u64Mask) do { (a_u64Local) &= (a_u64Mask); } while (0)
8763
8764#define IEM_MC_AND_ARG_U16(a_u16Arg, a_u16Mask) do { (a_u16Arg) &= (a_u16Mask); } while (0)
8765#define IEM_MC_AND_ARG_U32(a_u32Arg, a_u32Mask) do { (a_u32Arg) &= (a_u32Mask); } while (0)
8766#define IEM_MC_AND_ARG_U64(a_u64Arg, a_u64Mask) do { (a_u64Arg) &= (a_u64Mask); } while (0)
8767
8768#define IEM_MC_OR_LOCAL_U8(a_u8Local, a_u8Mask) do { (a_u8Local) |= (a_u8Mask); } while (0)
8769#define IEM_MC_OR_LOCAL_U16(a_u16Local, a_u16Mask) do { (a_u16Local) |= (a_u16Mask); } while (0)
8770#define IEM_MC_OR_LOCAL_U32(a_u32Local, a_u32Mask) do { (a_u32Local) |= (a_u32Mask); } while (0)
8771
8772#define IEM_MC_SAR_LOCAL_S16(a_i16Local, a_cShift) do { (a_i16Local) >>= (a_cShift); } while (0)
8773#define IEM_MC_SAR_LOCAL_S32(a_i32Local, a_cShift) do { (a_i32Local) >>= (a_cShift); } while (0)
8774#define IEM_MC_SAR_LOCAL_S64(a_i64Local, a_cShift) do { (a_i64Local) >>= (a_cShift); } while (0)
8775
8776#define IEM_MC_SHL_LOCAL_S16(a_i16Local, a_cShift) do { (a_i16Local) <<= (a_cShift); } while (0)
8777#define IEM_MC_SHL_LOCAL_S32(a_i32Local, a_cShift) do { (a_i32Local) <<= (a_cShift); } while (0)
8778#define IEM_MC_SHL_LOCAL_S64(a_i64Local, a_cShift) do { (a_i64Local) <<= (a_cShift); } while (0)
8779
8780#define IEM_MC_AND_2LOCS_U32(a_u32Local, a_u32Mask) do { (a_u32Local) &= (a_u32Mask); } while (0)
8781
8782#define IEM_MC_OR_2LOCS_U32(a_u32Local, a_u32Mask) do { (a_u32Local) |= (a_u32Mask); } while (0)
8783
8784#define IEM_MC_AND_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= (a_u8Value)
8785#define IEM_MC_AND_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= (a_u16Value)
8786#define IEM_MC_AND_GREG_U32(a_iGReg, a_u32Value) \
8787 do { \
8788 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
8789 *pu32Reg &= (a_u32Value); \
8790 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
8791 } while (0)
8792#define IEM_MC_AND_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= (a_u64Value)
8793
8794#define IEM_MC_OR_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) |= (a_u8Value)
8795#define IEM_MC_OR_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) |= (a_u16Value)
8796#define IEM_MC_OR_GREG_U32(a_iGReg, a_u32Value) \
8797 do { \
8798 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
8799 *pu32Reg |= (a_u32Value); \
8800 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
8801 } while (0)
8802#define IEM_MC_OR_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) |= (a_u64Value)
8803
8804
8805/** @note Not for IOPL or IF modification. */
8806#define IEM_MC_SET_EFL_BIT(a_fBit) do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u |= (a_fBit); } while (0)
8807/** @note Not for IOPL or IF modification. */
8808#define IEM_MC_CLEAR_EFL_BIT(a_fBit) do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u &= ~(a_fBit); } while (0)
8809/** @note Not for IOPL or IF modification. */
8810#define IEM_MC_FLIP_EFL_BIT(a_fBit) do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u ^= (a_fBit); } while (0)
8811
8812#define IEM_MC_CLEAR_FSW_EX() do { (pIemCpu)->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.FSW &= X86_FSW_C_MASK | X86_FSW_TOP_MASK; } while (0)
8813
8814
8815#define IEM_MC_FETCH_MREG_U64(a_u64Value, a_iMReg) \
8816 do { (a_u64Value) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx; } while (0)
8817#define IEM_MC_FETCH_MREG_U32(a_u32Value, a_iMReg) \
8818 do { (a_u32Value) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].au32[0]; } while (0)
8819#define IEM_MC_STORE_MREG_U64(a_iMReg, a_u64Value) \
8820 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx = (a_u64Value); } while (0)
8821#define IEM_MC_STORE_MREG_U32_ZX_U64(a_iMReg, a_u32Value) \
8822 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx = (uint32_t)(a_u32Value); } while (0)
8823#define IEM_MC_REF_MREG_U64(a_pu64Dst, a_iMReg) \
8824 (a_pu64Dst) = (&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx)
8825#define IEM_MC_REF_MREG_U64_CONST(a_pu64Dst, a_iMReg) \
8826 (a_pu64Dst) = ((uint64_t const *)&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx)
8827#define IEM_MC_REF_MREG_U32_CONST(a_pu32Dst, a_iMReg) \
8828 (a_pu32Dst) = ((uint32_t const *)&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx)
8829
8830#define IEM_MC_FETCH_XREG_U128(a_u128Value, a_iXReg) \
8831 do { (a_u128Value) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].xmm; } while (0)
8832#define IEM_MC_FETCH_XREG_U64(a_u64Value, a_iXReg) \
8833 do { (a_u64Value) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0]; } while (0)
8834#define IEM_MC_FETCH_XREG_U32(a_u32Value, a_iXReg) \
8835 do { (a_u32Value) = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au32[0]; } while (0)
8836#define IEM_MC_STORE_XREG_U128(a_iXReg, a_u128Value) \
8837 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].xmm = (a_u128Value); } while (0)
8838#define IEM_MC_STORE_XREG_U64_ZX_U128(a_iXReg, a_u64Value) \
8839 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0] = (a_u64Value); \
8840 pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1] = 0; \
8841 } while (0)
8842#define IEM_MC_STORE_XREG_U32_ZX_U128(a_iXReg, a_u32Value) \
8843 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0] = (uint32_t)(a_u32Value); \
8844 pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1] = 0; \
8845 } while (0)
8846#define IEM_MC_REF_XREG_U128(a_pu128Dst, a_iXReg) \
8847 (a_pu128Dst) = (&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].xmm)
8848#define IEM_MC_REF_XREG_U128_CONST(a_pu128Dst, a_iXReg) \
8849 (a_pu128Dst) = ((uint128_t const *)&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].xmm)
8850#define IEM_MC_REF_XREG_U64_CONST(a_pu64Dst, a_iXReg) \
8851 (a_pu64Dst) = ((uint64_t const *)&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0])
8852#define IEM_MC_COPY_XREG_U128(a_iXRegDst, a_iXRegSrc) \
8853 do { pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXRegDst)].xmm \
8854 = pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.aXMM[(a_iXRegSrc)].xmm; } while (0)
8855
8856#define IEM_MC_FETCH_MEM_U8(a_u8Dst, a_iSeg, a_GCPtrMem) \
8857 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem)))
8858#define IEM_MC_FETCH_MEM16_U8(a_u8Dst, a_iSeg, a_GCPtrMem16) \
8859 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem16)))
8860#define IEM_MC_FETCH_MEM32_U8(a_u8Dst, a_iSeg, a_GCPtrMem32) \
8861 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem32)))
8862
8863#define IEM_MC_FETCH_MEM_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
8864 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &(a_u16Dst), (a_iSeg), (a_GCPtrMem)))
8865#define IEM_MC_FETCH_MEM_U16_DISP(a_u16Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
8866 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &(a_u16Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
8867#define IEM_MC_FETCH_MEM_I16(a_i16Dst, a_iSeg, a_GCPtrMem) \
8868 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, (uint16_t *)&(a_i16Dst), (a_iSeg), (a_GCPtrMem)))
8869
8870#define IEM_MC_FETCH_MEM_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
8871 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &(a_u32Dst), (a_iSeg), (a_GCPtrMem)))
8872#define IEM_MC_FETCH_MEM_U32_DISP(a_u32Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
8873 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &(a_u32Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
8874#define IEM_MC_FETCH_MEM_I32(a_i32Dst, a_iSeg, a_GCPtrMem) \
8875 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, (uint32_t *)&(a_i32Dst), (a_iSeg), (a_GCPtrMem)))
8876
8877#define IEM_MC_FETCH_MEM_S32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8878 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataS32SxU64(pIemCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
8879
8880#define IEM_MC_FETCH_MEM_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8881 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
8882#define IEM_MC_FETCH_MEM_U64_DISP(a_u64Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
8883 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
8884#define IEM_MC_FETCH_MEM_U64_ALIGN_U128(a_u128Dst, a_iSeg, a_GCPtrMem) \
8885 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64AlignedU128(pIemCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem)))
8886#define IEM_MC_FETCH_MEM_I64(a_i64Dst, a_iSeg, a_GCPtrMem) \
8887 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, (uint64_t *)&(a_i64Dst), (a_iSeg), (a_GCPtrMem)))
8888
8889#define IEM_MC_FETCH_MEM_R32(a_r32Dst, a_iSeg, a_GCPtrMem) \
8890 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &(a_r32Dst).u32, (a_iSeg), (a_GCPtrMem)))
8891#define IEM_MC_FETCH_MEM_R64(a_r64Dst, a_iSeg, a_GCPtrMem) \
8892 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, &(a_r64Dst).au64[0], (a_iSeg), (a_GCPtrMem)))
8893#define IEM_MC_FETCH_MEM_R80(a_r80Dst, a_iSeg, a_GCPtrMem) \
8894 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataR80(pIemCpu, &(a_r80Dst), (a_iSeg), (a_GCPtrMem)))
8895
8896#define IEM_MC_FETCH_MEM_U128(a_u128Dst, a_iSeg, a_GCPtrMem) \
8897 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU128(pIemCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem)))
8898#define IEM_MC_FETCH_MEM_U128_ALIGN_SSE(a_u128Dst, a_iSeg, a_GCPtrMem) \
8899 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU128AlignedSse(pIemCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem)))
8900
8901
8902
8903#define IEM_MC_FETCH_MEM_U8_ZX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
8904 do { \
8905 uint8_t u8Tmp; \
8906 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
8907 (a_u16Dst) = u8Tmp; \
8908 } while (0)
8909#define IEM_MC_FETCH_MEM_U8_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
8910 do { \
8911 uint8_t u8Tmp; \
8912 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
8913 (a_u32Dst) = u8Tmp; \
8914 } while (0)
8915#define IEM_MC_FETCH_MEM_U8_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8916 do { \
8917 uint8_t u8Tmp; \
8918 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
8919 (a_u64Dst) = u8Tmp; \
8920 } while (0)
8921#define IEM_MC_FETCH_MEM_U16_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
8922 do { \
8923 uint16_t u16Tmp; \
8924 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
8925 (a_u32Dst) = u16Tmp; \
8926 } while (0)
8927#define IEM_MC_FETCH_MEM_U16_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8928 do { \
8929 uint16_t u16Tmp; \
8930 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
8931 (a_u64Dst) = u16Tmp; \
8932 } while (0)
8933#define IEM_MC_FETCH_MEM_U32_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8934 do { \
8935 uint32_t u32Tmp; \
8936 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &u32Tmp, (a_iSeg), (a_GCPtrMem))); \
8937 (a_u64Dst) = u32Tmp; \
8938 } while (0)
8939
8940#define IEM_MC_FETCH_MEM_U8_SX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
8941 do { \
8942 uint8_t u8Tmp; \
8943 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
8944 (a_u16Dst) = (int8_t)u8Tmp; \
8945 } while (0)
8946#define IEM_MC_FETCH_MEM_U8_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
8947 do { \
8948 uint8_t u8Tmp; \
8949 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
8950 (a_u32Dst) = (int8_t)u8Tmp; \
8951 } while (0)
8952#define IEM_MC_FETCH_MEM_U8_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8953 do { \
8954 uint8_t u8Tmp; \
8955 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
8956 (a_u64Dst) = (int8_t)u8Tmp; \
8957 } while (0)
8958#define IEM_MC_FETCH_MEM_U16_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
8959 do { \
8960 uint16_t u16Tmp; \
8961 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
8962 (a_u32Dst) = (int16_t)u16Tmp; \
8963 } while (0)
8964#define IEM_MC_FETCH_MEM_U16_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8965 do { \
8966 uint16_t u16Tmp; \
8967 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
8968 (a_u64Dst) = (int16_t)u16Tmp; \
8969 } while (0)
8970#define IEM_MC_FETCH_MEM_U32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
8971 do { \
8972 uint32_t u32Tmp; \
8973 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &u32Tmp, (a_iSeg), (a_GCPtrMem))); \
8974 (a_u64Dst) = (int32_t)u32Tmp; \
8975 } while (0)
8976
8977#define IEM_MC_STORE_MEM_U8(a_iSeg, a_GCPtrMem, a_u8Value) \
8978 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU8(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u8Value)))
8979#define IEM_MC_STORE_MEM_U16(a_iSeg, a_GCPtrMem, a_u16Value) \
8980 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU16(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u16Value)))
8981#define IEM_MC_STORE_MEM_U32(a_iSeg, a_GCPtrMem, a_u32Value) \
8982 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU32(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u32Value)))
8983#define IEM_MC_STORE_MEM_U64(a_iSeg, a_GCPtrMem, a_u64Value) \
8984 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU64(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u64Value)))
8985
8986#define IEM_MC_STORE_MEM_U8_CONST(a_iSeg, a_GCPtrMem, a_u8C) \
8987 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU8(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u8C)))
8988#define IEM_MC_STORE_MEM_U16_CONST(a_iSeg, a_GCPtrMem, a_u16C) \
8989 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU16(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u16C)))
8990#define IEM_MC_STORE_MEM_U32_CONST(a_iSeg, a_GCPtrMem, a_u32C) \
8991 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU32(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u32C)))
8992#define IEM_MC_STORE_MEM_U64_CONST(a_iSeg, a_GCPtrMem, a_u64C) \
8993 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU64(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u64C)))
8994
8995#define IEM_MC_STORE_MEM_I8_CONST_BY_REF( a_pi8Dst, a_i8C) *(a_pi8Dst) = (a_i8C)
8996#define IEM_MC_STORE_MEM_I16_CONST_BY_REF(a_pi16Dst, a_i16C) *(a_pi16Dst) = (a_i16C)
8997#define IEM_MC_STORE_MEM_I32_CONST_BY_REF(a_pi32Dst, a_i32C) *(a_pi32Dst) = (a_i32C)
8998#define IEM_MC_STORE_MEM_I64_CONST_BY_REF(a_pi64Dst, a_i64C) *(a_pi64Dst) = (a_i64C)
8999#define IEM_MC_STORE_MEM_NEG_QNAN_R32_BY_REF(a_pr32Dst) (a_pr32Dst)->u32 = UINT32_C(0xffc00000)
9000#define IEM_MC_STORE_MEM_NEG_QNAN_R64_BY_REF(a_pr64Dst) (a_pr64Dst)->au64[0] = UINT64_C(0xfff8000000000000)
9001#define IEM_MC_STORE_MEM_NEG_QNAN_R80_BY_REF(a_pr80Dst) \
9002 do { \
9003 (a_pr80Dst)->au64[0] = UINT64_C(0xc000000000000000); \
9004 (a_pr80Dst)->au16[4] = UINT16_C(0xffff); \
9005 } while (0)
9006
9007#define IEM_MC_STORE_MEM_U128(a_iSeg, a_GCPtrMem, a_u128Value) \
9008 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU128(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u128Value)))
9009#define IEM_MC_STORE_MEM_U128_ALIGN_SSE(a_iSeg, a_GCPtrMem, a_u128Value) \
9010 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU128AlignedSse(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u128Value)))
9011
9012
9013#define IEM_MC_PUSH_U16(a_u16Value) \
9014 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU16(pIemCpu, (a_u16Value)))
9015#define IEM_MC_PUSH_U32(a_u32Value) \
9016 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU32(pIemCpu, (a_u32Value)))
9017#define IEM_MC_PUSH_U32_SREG(a_u32Value) \
9018 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU32SReg(pIemCpu, (a_u32Value)))
9019#define IEM_MC_PUSH_U64(a_u64Value) \
9020 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU64(pIemCpu, (a_u64Value)))
9021
9022#define IEM_MC_POP_U16(a_pu16Value) \
9023 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU16(pIemCpu, (a_pu16Value)))
9024#define IEM_MC_POP_U32(a_pu32Value) \
9025 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU32(pIemCpu, (a_pu32Value)))
9026#define IEM_MC_POP_U64(a_pu64Value) \
9027 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU64(pIemCpu, (a_pu64Value)))
9028
9029/** Maps guest memory for direct or bounce buffered access.
9030 * The purpose is to pass it to an operand implementation, thus the a_iArg.
9031 * @remarks May return.
9032 */
9033#define IEM_MC_MEM_MAP(a_pMem, a_fAccess, a_iSeg, a_GCPtrMem, a_iArg) \
9034 IEM_MC_RETURN_ON_FAILURE(iemMemMap(pIemCpu, (void **)&(a_pMem), sizeof(*(a_pMem)), (a_iSeg), (a_GCPtrMem), (a_fAccess)))
9035
9036/** Maps guest memory for direct or bounce buffered access.
9037 * The purpose is to pass it to an operand implementation, thus the a_iArg.
9038 * @remarks May return.
9039 */
9040#define IEM_MC_MEM_MAP_EX(a_pvMem, a_fAccess, a_cbMem, a_iSeg, a_GCPtrMem, a_iArg) \
9041 IEM_MC_RETURN_ON_FAILURE(iemMemMap(pIemCpu, (void **)&(a_pvMem), (a_cbMem), (a_iSeg), (a_GCPtrMem), (a_fAccess)))
9042
9043/** Commits the memory and unmaps the guest memory.
9044 * @remarks May return.
9045 */
9046#define IEM_MC_MEM_COMMIT_AND_UNMAP(a_pvMem, a_fAccess) \
9047 IEM_MC_RETURN_ON_FAILURE(iemMemCommitAndUnmap(pIemCpu, (a_pvMem), (a_fAccess)))
9048
9049/** Commits the memory and unmaps the guest memory unless the FPU status word
9050 * indicates (@a a_u16FSW) and FPU control word indicates a pending exception
9051 * that would cause FLD not to store.
9052 *
9053 * The current understanding is that \#O, \#U, \#IA and \#IS will prevent a
9054 * store, while \#P will not.
9055 *
9056 * @remarks May in theory return - for now.
9057 */
9058#define IEM_MC_MEM_COMMIT_AND_UNMAP_FOR_FPU_STORE(a_pvMem, a_fAccess, a_u16FSW) \
9059 do { \
9060 if ( !(a_u16FSW & X86_FSW_ES) \
9061 || !( (a_u16FSW & (X86_FSW_UE | X86_FSW_OE | X86_FSW_IE)) \
9062 & ~(pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.FCW & X86_FCW_MASK_ALL) ) ) \
9063 IEM_MC_RETURN_ON_FAILURE(iemMemCommitAndUnmap(pIemCpu, (a_pvMem), (a_fAccess))); \
9064 } while (0)
9065
9066/** Calculate efficient address from R/M. */
9067#define IEM_MC_CALC_RM_EFF_ADDR(a_GCPtrEff, bRm, cbImm) \
9068 IEM_MC_RETURN_ON_FAILURE(iemOpHlpCalcRmEffAddr(pIemCpu, (bRm), (cbImm), &(a_GCPtrEff)))
9069
9070#define IEM_MC_CALL_VOID_AIMPL_0(a_pfn) (a_pfn)()
9071#define IEM_MC_CALL_VOID_AIMPL_1(a_pfn, a0) (a_pfn)((a0))
9072#define IEM_MC_CALL_VOID_AIMPL_2(a_pfn, a0, a1) (a_pfn)((a0), (a1))
9073#define IEM_MC_CALL_VOID_AIMPL_3(a_pfn, a0, a1, a2) (a_pfn)((a0), (a1), (a2))
9074#define IEM_MC_CALL_VOID_AIMPL_4(a_pfn, a0, a1, a2, a3) (a_pfn)((a0), (a1), (a2), (a3))
9075#define IEM_MC_CALL_AIMPL_3(a_rc, a_pfn, a0, a1, a2) (a_rc) = (a_pfn)((a0), (a1), (a2))
9076#define IEM_MC_CALL_AIMPL_4(a_rc, a_pfn, a0, a1, a2, a3) (a_rc) = (a_pfn)((a0), (a1), (a2), (a3))
9077
9078/**
9079 * Defers the rest of the instruction emulation to a C implementation routine
9080 * and returns, only taking the standard parameters.
9081 *
9082 * @param a_pfnCImpl The pointer to the C routine.
9083 * @sa IEM_DECL_IMPL_C_TYPE_0 and IEM_CIMPL_DEF_0.
9084 */
9085#define IEM_MC_CALL_CIMPL_0(a_pfnCImpl) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode)
9086
9087/**
9088 * Defers the rest of instruction emulation to a C implementation routine and
9089 * returns, taking one argument in addition to the standard ones.
9090 *
9091 * @param a_pfnCImpl The pointer to the C routine.
9092 * @param a0 The argument.
9093 */
9094#define IEM_MC_CALL_CIMPL_1(a_pfnCImpl, a0) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0)
9095
9096/**
9097 * Defers the rest of the instruction emulation to a C implementation routine
9098 * and returns, taking two arguments in addition to the standard ones.
9099 *
9100 * @param a_pfnCImpl The pointer to the C routine.
9101 * @param a0 The first extra argument.
9102 * @param a1 The second extra argument.
9103 */
9104#define IEM_MC_CALL_CIMPL_2(a_pfnCImpl, a0, a1) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1)
9105
9106/**
9107 * Defers the rest of the instruction emulation to a C implementation routine
9108 * and returns, taking three arguments in addition to the standard ones.
9109 *
9110 * @param a_pfnCImpl The pointer to the C routine.
9111 * @param a0 The first extra argument.
9112 * @param a1 The second extra argument.
9113 * @param a2 The third extra argument.
9114 */
9115#define IEM_MC_CALL_CIMPL_3(a_pfnCImpl, a0, a1, a2) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2)
9116
9117/**
9118 * Defers the rest of the instruction emulation to a C implementation routine
9119 * and returns, taking four arguments in addition to the standard ones.
9120 *
9121 * @param a_pfnCImpl The pointer to the C routine.
9122 * @param a0 The first extra argument.
9123 * @param a1 The second extra argument.
9124 * @param a2 The third extra argument.
9125 * @param a3 The fourth extra argument.
9126 */
9127#define IEM_MC_CALL_CIMPL_4(a_pfnCImpl, a0, a1, a2, a3) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2, a3)
9128
9129/**
9130 * Defers the rest of the instruction emulation to a C implementation routine
9131 * and returns, taking two arguments in addition to the standard ones.
9132 *
9133 * @param a_pfnCImpl The pointer to the C routine.
9134 * @param a0 The first extra argument.
9135 * @param a1 The second extra argument.
9136 * @param a2 The third extra argument.
9137 * @param a3 The fourth extra argument.
9138 * @param a4 The fifth extra argument.
9139 */
9140#define IEM_MC_CALL_CIMPL_5(a_pfnCImpl, a0, a1, a2, a3, a4) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2, a3, a4)
9141
9142/**
9143 * Defers the entire instruction emulation to a C implementation routine and
9144 * returns, only taking the standard parameters.
9145 *
9146 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
9147 *
9148 * @param a_pfnCImpl The pointer to the C routine.
9149 * @sa IEM_DECL_IMPL_C_TYPE_0 and IEM_CIMPL_DEF_0.
9150 */
9151#define IEM_MC_DEFER_TO_CIMPL_0(a_pfnCImpl) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode)
9152
9153/**
9154 * Defers the entire instruction emulation to a C implementation routine and
9155 * returns, taking one argument in addition to the standard ones.
9156 *
9157 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
9158 *
9159 * @param a_pfnCImpl The pointer to the C routine.
9160 * @param a0 The argument.
9161 */
9162#define IEM_MC_DEFER_TO_CIMPL_1(a_pfnCImpl, a0) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0)
9163
9164/**
9165 * Defers the entire instruction emulation to a C implementation routine and
9166 * returns, taking two arguments in addition to the standard ones.
9167 *
9168 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
9169 *
9170 * @param a_pfnCImpl The pointer to the C routine.
9171 * @param a0 The first extra argument.
9172 * @param a1 The second extra argument.
9173 */
9174#define IEM_MC_DEFER_TO_CIMPL_2(a_pfnCImpl, a0, a1) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1)
9175
9176/**
9177 * Defers the entire instruction emulation to a C implementation routine and
9178 * returns, taking three arguments in addition to the standard ones.
9179 *
9180 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
9181 *
9182 * @param a_pfnCImpl The pointer to the C routine.
9183 * @param a0 The first extra argument.
9184 * @param a1 The second extra argument.
9185 * @param a2 The third extra argument.
9186 */
9187#define IEM_MC_DEFER_TO_CIMPL_3(a_pfnCImpl, a0, a1, a2) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2)
9188
9189/**
9190 * Calls a FPU assembly implementation taking one visible argument.
9191 *
9192 * @param a_pfnAImpl Pointer to the assembly FPU routine.
9193 * @param a0 The first extra argument.
9194 */
9195#define IEM_MC_CALL_FPU_AIMPL_1(a_pfnAImpl, a0) \
9196 do { \
9197 iemFpuPrepareUsage(pIemCpu); \
9198 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0)); \
9199 } while (0)
9200
9201/**
9202 * Calls a FPU assembly implementation taking two visible arguments.
9203 *
9204 * @param a_pfnAImpl Pointer to the assembly FPU routine.
9205 * @param a0 The first extra argument.
9206 * @param a1 The second extra argument.
9207 */
9208#define IEM_MC_CALL_FPU_AIMPL_2(a_pfnAImpl, a0, a1) \
9209 do { \
9210 iemFpuPrepareUsage(pIemCpu); \
9211 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0), (a1)); \
9212 } while (0)
9213
9214/**
9215 * Calls a FPU assembly implementation taking three visible arguments.
9216 *
9217 * @param a_pfnAImpl Pointer to the assembly FPU routine.
9218 * @param a0 The first extra argument.
9219 * @param a1 The second extra argument.
9220 * @param a2 The third extra argument.
9221 */
9222#define IEM_MC_CALL_FPU_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
9223 do { \
9224 iemFpuPrepareUsage(pIemCpu); \
9225 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0), (a1), (a2)); \
9226 } while (0)
9227
9228#define IEM_MC_SET_FPU_RESULT(a_FpuData, a_FSW, a_pr80Value) \
9229 do { \
9230 (a_FpuData).FSW = (a_FSW); \
9231 (a_FpuData).r80Result = *(a_pr80Value); \
9232 } while (0)
9233
9234/** Pushes FPU result onto the stack. */
9235#define IEM_MC_PUSH_FPU_RESULT(a_FpuData) \
9236 iemFpuPushResult(pIemCpu, &a_FpuData)
9237/** Pushes FPU result onto the stack and sets the FPUDP. */
9238#define IEM_MC_PUSH_FPU_RESULT_MEM_OP(a_FpuData, a_iEffSeg, a_GCPtrEff) \
9239 iemFpuPushResultWithMemOp(pIemCpu, &a_FpuData, a_iEffSeg, a_GCPtrEff)
9240
9241/** Replaces ST0 with value one and pushes value 2 onto the FPU stack. */
9242#define IEM_MC_PUSH_FPU_RESULT_TWO(a_FpuDataTwo) \
9243 iemFpuPushResultTwo(pIemCpu, &a_FpuDataTwo)
9244
9245/** Stores FPU result in a stack register. */
9246#define IEM_MC_STORE_FPU_RESULT(a_FpuData, a_iStReg) \
9247 iemFpuStoreResult(pIemCpu, &a_FpuData, a_iStReg)
9248/** Stores FPU result in a stack register and pops the stack. */
9249#define IEM_MC_STORE_FPU_RESULT_THEN_POP(a_FpuData, a_iStReg) \
9250 iemFpuStoreResultThenPop(pIemCpu, &a_FpuData, a_iStReg)
9251/** Stores FPU result in a stack register and sets the FPUDP. */
9252#define IEM_MC_STORE_FPU_RESULT_MEM_OP(a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff) \
9253 iemFpuStoreResultWithMemOp(pIemCpu, &a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff)
9254/** Stores FPU result in a stack register, sets the FPUDP, and pops the
9255 * stack. */
9256#define IEM_MC_STORE_FPU_RESULT_WITH_MEM_OP_THEN_POP(a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff) \
9257 iemFpuStoreResultWithMemOpThenPop(pIemCpu, &a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff)
9258
9259/** Only update the FOP, FPUIP, and FPUCS. (For FNOP.) */
9260#define IEM_MC_UPDATE_FPU_OPCODE_IP() \
9261 iemFpuUpdateOpcodeAndIp(pIemCpu)
9262/** Free a stack register (for FFREE and FFREEP). */
9263#define IEM_MC_FPU_STACK_FREE(a_iStReg) \
9264 iemFpuStackFree(pIemCpu, a_iStReg)
9265/** Increment the FPU stack pointer. */
9266#define IEM_MC_FPU_STACK_INC_TOP() \
9267 iemFpuStackIncTop(pIemCpu)
9268/** Decrement the FPU stack pointer. */
9269#define IEM_MC_FPU_STACK_DEC_TOP() \
9270 iemFpuStackDecTop(pIemCpu)
9271
9272/** Updates the FSW, FOP, FPUIP, and FPUCS. */
9273#define IEM_MC_UPDATE_FSW(a_u16FSW) \
9274 iemFpuUpdateFSW(pIemCpu, a_u16FSW)
9275/** Updates the FSW with a constant value as well as FOP, FPUIP, and FPUCS. */
9276#define IEM_MC_UPDATE_FSW_CONST(a_u16FSW) \
9277 iemFpuUpdateFSW(pIemCpu, a_u16FSW)
9278/** Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS. */
9279#define IEM_MC_UPDATE_FSW_WITH_MEM_OP(a_u16FSW, a_iEffSeg, a_GCPtrEff) \
9280 iemFpuUpdateFSWWithMemOp(pIemCpu, a_u16FSW, a_iEffSeg, a_GCPtrEff)
9281/** Updates the FSW, FOP, FPUIP, and FPUCS, and then pops the stack. */
9282#define IEM_MC_UPDATE_FSW_THEN_POP(a_u16FSW) \
9283 iemFpuUpdateFSWThenPop(pIemCpu, a_u16FSW)
9284/** Updates the FSW, FOP, FPUIP, FPUCS, FPUDP and FPUDS, and then pops the
9285 * stack. */
9286#define IEM_MC_UPDATE_FSW_WITH_MEM_OP_THEN_POP(a_u16FSW, a_iEffSeg, a_GCPtrEff) \
9287 iemFpuUpdateFSWWithMemOpThenPop(pIemCpu, a_u16FSW, a_iEffSeg, a_GCPtrEff)
9288/** Updates the FSW, FOP, FPUIP, and FPUCS, and then pops the stack twice. */
9289#define IEM_MC_UPDATE_FSW_THEN_POP_POP(a_u16FSW) \
9290 iemFpuUpdateFSWThenPop(pIemCpu, a_u16FSW)
9291
9292/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. */
9293#define IEM_MC_FPU_STACK_UNDERFLOW(a_iStDst) \
9294 iemFpuStackUnderflow(pIemCpu, a_iStDst)
9295/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. Pops
9296 * stack. */
9297#define IEM_MC_FPU_STACK_UNDERFLOW_THEN_POP(a_iStDst) \
9298 iemFpuStackUnderflowThenPop(pIemCpu, a_iStDst)
9299/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS, FOP, FPUDP and
9300 * FPUDS. */
9301#define IEM_MC_FPU_STACK_UNDERFLOW_MEM_OP(a_iStDst, a_iEffSeg, a_GCPtrEff) \
9302 iemFpuStackUnderflowWithMemOp(pIemCpu, a_iStDst, a_iEffSeg, a_GCPtrEff)
9303/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS, FOP, FPUDP and
9304 * FPUDS. Pops stack. */
9305#define IEM_MC_FPU_STACK_UNDERFLOW_MEM_OP_THEN_POP(a_iStDst, a_iEffSeg, a_GCPtrEff) \
9306 iemFpuStackUnderflowWithMemOpThenPop(pIemCpu, a_iStDst, a_iEffSeg, a_GCPtrEff)
9307/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. Pops
9308 * stack twice. */
9309#define IEM_MC_FPU_STACK_UNDERFLOW_THEN_POP_POP() \
9310 iemFpuStackUnderflowThenPopPop(pIemCpu)
9311/** Raises a FPU stack underflow exception for an instruction pushing a result
9312 * value onto the stack. Sets FPUIP, FPUCS and FOP. */
9313#define IEM_MC_FPU_STACK_PUSH_UNDERFLOW() \
9314 iemFpuStackPushUnderflow(pIemCpu)
9315/** Raises a FPU stack underflow exception for an instruction pushing a result
9316 * value onto the stack and replacing ST0. Sets FPUIP, FPUCS and FOP. */
9317#define IEM_MC_FPU_STACK_PUSH_UNDERFLOW_TWO() \
9318 iemFpuStackPushUnderflowTwo(pIemCpu)
9319
9320/** Raises a FPU stack overflow exception as part of a push attempt. Sets
9321 * FPUIP, FPUCS and FOP. */
9322#define IEM_MC_FPU_STACK_PUSH_OVERFLOW() \
9323 iemFpuStackPushOverflow(pIemCpu)
9324/** Raises a FPU stack overflow exception as part of a push attempt. Sets
9325 * FPUIP, FPUCS, FOP, FPUDP and FPUDS. */
9326#define IEM_MC_FPU_STACK_PUSH_OVERFLOW_MEM_OP(a_iEffSeg, a_GCPtrEff) \
9327 iemFpuStackPushOverflowWithMemOp(pIemCpu, a_iEffSeg, a_GCPtrEff)
9328/** Indicates that we (might) have modified the FPU state. */
9329#define IEM_MC_USED_FPU() \
9330 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_FPU_REM)
9331
9332/**
9333 * Calls a MMX assembly implementation taking two visible arguments.
9334 *
9335 * @param a_pfnAImpl Pointer to the assembly MMX routine.
9336 * @param a0 The first extra argument.
9337 * @param a1 The second extra argument.
9338 */
9339#define IEM_MC_CALL_MMX_AIMPL_2(a_pfnAImpl, a0, a1) \
9340 do { \
9341 iemFpuPrepareUsage(pIemCpu); \
9342 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0), (a1)); \
9343 } while (0)
9344
9345/**
9346 * Calls a MMX assembly implementation taking three visible arguments.
9347 *
9348 * @param a_pfnAImpl Pointer to the assembly MMX routine.
9349 * @param a0 The first extra argument.
9350 * @param a1 The second extra argument.
9351 * @param a2 The third extra argument.
9352 */
9353#define IEM_MC_CALL_MMX_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
9354 do { \
9355 iemFpuPrepareUsage(pIemCpu); \
9356 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0), (a1), (a2)); \
9357 } while (0)
9358
9359
9360/**
9361 * Calls a SSE assembly implementation taking two visible arguments.
9362 *
9363 * @param a_pfnAImpl Pointer to the assembly MMX routine.
9364 * @param a0 The first extra argument.
9365 * @param a1 The second extra argument.
9366 */
9367#define IEM_MC_CALL_SSE_AIMPL_2(a_pfnAImpl, a0, a1) \
9368 do { \
9369 iemFpuPrepareUsageSse(pIemCpu); \
9370 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0), (a1)); \
9371 } while (0)
9372
9373/**
9374 * Calls a SSE assembly implementation taking three visible arguments.
9375 *
9376 * @param a_pfnAImpl Pointer to the assembly MMX routine.
9377 * @param a0 The first extra argument.
9378 * @param a1 The second extra argument.
9379 * @param a2 The third extra argument.
9380 */
9381#define IEM_MC_CALL_SSE_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
9382 do { \
9383 iemFpuPrepareUsageSse(pIemCpu); \
9384 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87, (a0), (a1), (a2)); \
9385 } while (0)
9386
9387
9388/** @note Not for IOPL or IF testing. */
9389#define IEM_MC_IF_EFL_BIT_SET(a_fBit) if (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) {
9390/** @note Not for IOPL or IF testing. */
9391#define IEM_MC_IF_EFL_BIT_NOT_SET(a_fBit) if (!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit))) {
9392/** @note Not for IOPL or IF testing. */
9393#define IEM_MC_IF_EFL_ANY_BITS_SET(a_fBits) if (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBits)) {
9394/** @note Not for IOPL or IF testing. */
9395#define IEM_MC_IF_EFL_NO_BITS_SET(a_fBits) if (!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBits))) {
9396/** @note Not for IOPL or IF testing. */
9397#define IEM_MC_IF_EFL_BITS_NE(a_fBit1, a_fBit2) \
9398 if ( !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
9399 != !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
9400/** @note Not for IOPL or IF testing. */
9401#define IEM_MC_IF_EFL_BITS_EQ(a_fBit1, a_fBit2) \
9402 if ( !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
9403 == !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
9404/** @note Not for IOPL or IF testing. */
9405#define IEM_MC_IF_EFL_BIT_SET_OR_BITS_NE(a_fBit, a_fBit1, a_fBit2) \
9406 if ( (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) \
9407 || !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
9408 != !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
9409/** @note Not for IOPL or IF testing. */
9410#define IEM_MC_IF_EFL_BIT_NOT_SET_AND_BITS_EQ(a_fBit, a_fBit1, a_fBit2) \
9411 if ( !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) \
9412 && !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
9413 == !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
9414#define IEM_MC_IF_CX_IS_NZ() if (pIemCpu->CTX_SUFF(pCtx)->cx != 0) {
9415#define IEM_MC_IF_ECX_IS_NZ() if (pIemCpu->CTX_SUFF(pCtx)->ecx != 0) {
9416#define IEM_MC_IF_RCX_IS_NZ() if (pIemCpu->CTX_SUFF(pCtx)->rcx != 0) {
9417/** @note Not for IOPL or IF testing. */
9418#define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
9419 if ( pIemCpu->CTX_SUFF(pCtx)->cx != 0 \
9420 && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
9421/** @note Not for IOPL or IF testing. */
9422#define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
9423 if ( pIemCpu->CTX_SUFF(pCtx)->ecx != 0 \
9424 && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
9425/** @note Not for IOPL or IF testing. */
9426#define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
9427 if ( pIemCpu->CTX_SUFF(pCtx)->rcx != 0 \
9428 && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
9429/** @note Not for IOPL or IF testing. */
9430#define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
9431 if ( pIemCpu->CTX_SUFF(pCtx)->cx != 0 \
9432 && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
9433/** @note Not for IOPL or IF testing. */
9434#define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
9435 if ( pIemCpu->CTX_SUFF(pCtx)->ecx != 0 \
9436 && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
9437/** @note Not for IOPL or IF testing. */
9438#define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
9439 if ( pIemCpu->CTX_SUFF(pCtx)->rcx != 0 \
9440 && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
9441#define IEM_MC_IF_LOCAL_IS_Z(a_Local) if ((a_Local) == 0) {
9442#define IEM_MC_IF_GREG_BIT_SET(a_iGReg, a_iBitNo) if (*(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) & RT_BIT_64(a_iBitNo)) {
9443#define IEM_MC_IF_FPUREG_NOT_EMPTY(a_iSt) \
9444 if (iemFpuStRegNotEmpty(pIemCpu, (a_iSt)) == VINF_SUCCESS) {
9445#define IEM_MC_IF_FPUREG_IS_EMPTY(a_iSt) \
9446 if (iemFpuStRegNotEmpty(pIemCpu, (a_iSt)) != VINF_SUCCESS) {
9447#define IEM_MC_IF_FPUREG_NOT_EMPTY_REF_R80(a_pr80Dst, a_iSt) \
9448 if (iemFpuStRegNotEmptyRef(pIemCpu, (a_iSt), &(a_pr80Dst)) == VINF_SUCCESS) {
9449#define IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80(a_pr80Dst0, a_iSt0, a_pr80Dst1, a_iSt1) \
9450 if (iemFpu2StRegsNotEmptyRef(pIemCpu, (a_iSt0), &(a_pr80Dst0), (a_iSt1), &(a_pr80Dst1)) == VINF_SUCCESS) {
9451#define IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80_FIRST(a_pr80Dst0, a_iSt0, a_iSt1) \
9452 if (iemFpu2StRegsNotEmptyRefFirst(pIemCpu, (a_iSt0), &(a_pr80Dst0), (a_iSt1)) == VINF_SUCCESS) {
9453#define IEM_MC_IF_FCW_IM() \
9454 if (pIemCpu->CTX_SUFF(pCtx)->CTX_SUFF(pXState)->x87.FCW & X86_FCW_IM) {
9455
9456#define IEM_MC_ELSE() } else {
9457#define IEM_MC_ENDIF() } do {} while (0)
9458
9459/** @} */
9460
9461
9462/** @name Opcode Debug Helpers.
9463 * @{
9464 */
9465#ifdef DEBUG
9466# define IEMOP_MNEMONIC(a_szMnemonic) \
9467 Log4(("decode - %04x:%RGv %s%s [#%u]\n", pIemCpu->CTX_SUFF(pCtx)->cs.Sel, pIemCpu->CTX_SUFF(pCtx)->rip, \
9468 pIemCpu->fPrefixes & IEM_OP_PRF_LOCK ? "lock " : "", a_szMnemonic, pIemCpu->cInstructions))
9469# define IEMOP_MNEMONIC2(a_szMnemonic, a_szOps) \
9470 Log4(("decode - %04x:%RGv %s%s %s [#%u]\n", pIemCpu->CTX_SUFF(pCtx)->cs.Sel, pIemCpu->CTX_SUFF(pCtx)->rip, \
9471 pIemCpu->fPrefixes & IEM_OP_PRF_LOCK ? "lock " : "", a_szMnemonic, a_szOps, pIemCpu->cInstructions))
9472#else
9473# define IEMOP_MNEMONIC(a_szMnemonic) do { } while (0)
9474# define IEMOP_MNEMONIC2(a_szMnemonic, a_szOps) do { } while (0)
9475#endif
9476
9477/** @} */
9478
9479
9480/** @name Opcode Helpers.
9481 * @{
9482 */
9483
9484#ifdef IN_RING3
9485# define IEMOP_HLP_MIN_CPU(a_uMinCpu, a_fOnlyIf) \
9486 do { \
9487 if (IEM_GET_TARGET_CPU(pIemCpu) >= (a_uMinCpu) || !(a_fOnlyIf)) { } \
9488 else \
9489 { \
9490 DBGFSTOP(IEMCPU_TO_VM(pIemCpu)); \
9491 return IEMOP_RAISE_INVALID_OPCODE(); \
9492 } \
9493 } while (0)
9494#else
9495# define IEMOP_HLP_MIN_CPU(a_uMinCpu, a_fOnlyIf) \
9496 do { \
9497 if (IEM_GET_TARGET_CPU(pIemCpu) >= (a_uMinCpu) || !(a_fOnlyIf)) { } \
9498 else return IEMOP_RAISE_INVALID_OPCODE(); \
9499 } while (0)
9500#endif
9501
9502/** The instruction requires a 186 or later. */
9503#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_186
9504# define IEMOP_HLP_MIN_186() do { } while (0)
9505#else
9506# define IEMOP_HLP_MIN_186() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_186, true)
9507#endif
9508
9509/** The instruction requires a 286 or later. */
9510#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_286
9511# define IEMOP_HLP_MIN_286() do { } while (0)
9512#else
9513# define IEMOP_HLP_MIN_286() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_286, true)
9514#endif
9515
9516/** The instruction requires a 386 or later. */
9517#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_386
9518# define IEMOP_HLP_MIN_386() do { } while (0)
9519#else
9520# define IEMOP_HLP_MIN_386() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_386, true)
9521#endif
9522
9523/** The instruction requires a 386 or later if the given expression is true. */
9524#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_386
9525# define IEMOP_HLP_MIN_386_EX(a_fOnlyIf) do { } while (0)
9526#else
9527# define IEMOP_HLP_MIN_386_EX(a_fOnlyIf) IEMOP_HLP_MIN_CPU(IEMTARGETCPU_386, a_fOnlyIf)
9528#endif
9529
9530/** The instruction requires a 486 or later. */
9531#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_486
9532# define IEMOP_HLP_MIN_486() do { } while (0)
9533#else
9534# define IEMOP_HLP_MIN_486() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_486, true)
9535#endif
9536
9537/** The instruction requires a Pentium (586) or later. */
9538#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_586
9539# define IEMOP_HLP_MIN_586() do { } while (0)
9540#else
9541# define IEMOP_HLP_MIN_586() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_586, true)
9542#endif
9543
9544/** The instruction requires a PentiumPro (686) or later. */
9545#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_686
9546# define IEMOP_HLP_MIN_686() do { } while (0)
9547#else
9548# define IEMOP_HLP_MIN_686() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_686, true)
9549#endif
9550
9551
9552/** The instruction raises an \#UD in real and V8086 mode. */
9553#define IEMOP_HLP_NO_REAL_OR_V86_MODE() \
9554 do \
9555 { \
9556 if (IEM_IS_REAL_OR_V86_MODE(pIemCpu)) \
9557 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
9558 } while (0)
9559
9560/** The instruction allows no lock prefixing (in this encoding), throw \#UD if
9561 * lock prefixed.
9562 * @deprecated IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX */
9563#define IEMOP_HLP_NO_LOCK_PREFIX() \
9564 do \
9565 { \
9566 if (pIemCpu->fPrefixes & IEM_OP_PRF_LOCK) \
9567 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
9568 } while (0)
9569
9570/** The instruction is not available in 64-bit mode, throw \#UD if we're in
9571 * 64-bit mode. */
9572#define IEMOP_HLP_NO_64BIT() \
9573 do \
9574 { \
9575 if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
9576 return IEMOP_RAISE_INVALID_OPCODE(); \
9577 } while (0)
9578
9579/** The instruction is only available in 64-bit mode, throw \#UD if we're not in
9580 * 64-bit mode. */
9581#define IEMOP_HLP_ONLY_64BIT() \
9582 do \
9583 { \
9584 if (pIemCpu->enmCpuMode != IEMMODE_64BIT) \
9585 return IEMOP_RAISE_INVALID_OPCODE(); \
9586 } while (0)
9587
9588/** The instruction defaults to 64-bit operand size if 64-bit mode. */
9589#define IEMOP_HLP_DEFAULT_64BIT_OP_SIZE() \
9590 do \
9591 { \
9592 if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
9593 iemRecalEffOpSize64Default(pIemCpu); \
9594 } while (0)
9595
9596/** The instruction has 64-bit operand size if 64-bit mode. */
9597#define IEMOP_HLP_64BIT_OP_SIZE() \
9598 do \
9599 { \
9600 if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
9601 pIemCpu->enmEffOpSize = pIemCpu->enmDefOpSize = IEMMODE_64BIT; \
9602 } while (0)
9603
9604/** Only a REX prefix immediately preceeding the first opcode byte takes
9605 * effect. This macro helps ensuring this as well as logging bad guest code. */
9606#define IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE(a_szPrf) \
9607 do \
9608 { \
9609 if (RT_UNLIKELY(pIemCpu->fPrefixes & IEM_OP_PRF_REX)) \
9610 { \
9611 Log5((a_szPrf ": Overriding REX prefix at %RX16! fPrefixes=%#x\n", \
9612 pIemCpu->CTX_SUFF(pCtx)->rip, pIemCpu->fPrefixes)); \
9613 pIemCpu->fPrefixes &= ~IEM_OP_PRF_REX_MASK; \
9614 pIemCpu->uRexB = 0; \
9615 pIemCpu->uRexIndex = 0; \
9616 pIemCpu->uRexReg = 0; \
9617 iemRecalEffOpSize(pIemCpu); \
9618 } \
9619 } while (0)
9620
9621/**
9622 * Done decoding.
9623 */
9624#define IEMOP_HLP_DONE_DECODING() \
9625 do \
9626 { \
9627 /*nothing for now, maybe later... */ \
9628 } while (0)
9629
9630/**
9631 * Done decoding, raise \#UD exception if lock prefix present.
9632 */
9633#define IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX() \
9634 do \
9635 { \
9636 if (RT_LIKELY(!(pIemCpu->fPrefixes & IEM_OP_PRF_LOCK))) \
9637 { /* likely */ } \
9638 else \
9639 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
9640 } while (0)
9641#define IEMOP_HLP_DECODED_NL_1(a_uDisOpNo, a_fIemOpFlags, a_uDisParam0, a_fDisOpType) \
9642 do \
9643 { \
9644 if (RT_LIKELY(!(pIemCpu->fPrefixes & IEM_OP_PRF_LOCK))) \
9645 { /* likely */ } \
9646 else \
9647 { \
9648 NOREF(a_uDisOpNo); NOREF(a_fIemOpFlags); NOREF(a_uDisParam0); NOREF(a_fDisOpType); \
9649 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
9650 } \
9651 } while (0)
9652#define IEMOP_HLP_DECODED_NL_2(a_uDisOpNo, a_fIemOpFlags, a_uDisParam0, a_uDisParam1, a_fDisOpType) \
9653 do \
9654 { \
9655 if (RT_LIKELY(!(pIemCpu->fPrefixes & IEM_OP_PRF_LOCK))) \
9656 { /* likely */ } \
9657 else \
9658 { \
9659 NOREF(a_uDisOpNo); NOREF(a_fIemOpFlags); NOREF(a_uDisParam0); NOREF(a_uDisParam1); NOREF(a_fDisOpType); \
9660 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
9661 } \
9662 } while (0)
9663/**
9664 * Done decoding, raise \#UD exception if any lock, repz or repnz prefixes
9665 * are present.
9666 */
9667#define IEMOP_HLP_DONE_DECODING_NO_LOCK_REPZ_OR_REPNZ_PREFIXES() \
9668 do \
9669 { \
9670 if (RT_LIKELY(!(pIemCpu->fPrefixes & (IEM_OP_PRF_LOCK | IEM_OP_PRF_REPNZ | IEM_OP_PRF_REPZ)))) \
9671 { /* likely */ } \
9672 else \
9673 return IEMOP_RAISE_INVALID_OPCODE(); \
9674 } while (0)
9675
9676
9677/**
9678 * Calculates the effective address of a ModR/M memory operand.
9679 *
9680 * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR.
9681 *
9682 * @return Strict VBox status code.
9683 * @param pIemCpu The IEM per CPU data.
9684 * @param bRm The ModRM byte.
9685 * @param cbImm The size of any immediate following the
9686 * effective address opcode bytes. Important for
9687 * RIP relative addressing.
9688 * @param pGCPtrEff Where to return the effective address.
9689 */
9690IEM_STATIC VBOXSTRICTRC iemOpHlpCalcRmEffAddr(PIEMCPU pIemCpu, uint8_t bRm, uint8_t cbImm, PRTGCPTR pGCPtrEff)
9691{
9692 Log5(("iemOpHlpCalcRmEffAddr: bRm=%#x\n", bRm));
9693 PCCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
9694#define SET_SS_DEF() \
9695 do \
9696 { \
9697 if (!(pIemCpu->fPrefixes & IEM_OP_PRF_SEG_MASK)) \
9698 pIemCpu->iEffSeg = X86_SREG_SS; \
9699 } while (0)
9700
9701 if (pIemCpu->enmCpuMode != IEMMODE_64BIT)
9702 {
9703/** @todo Check the effective address size crap! */
9704 if (pIemCpu->enmEffAddrMode == IEMMODE_16BIT)
9705 {
9706 uint16_t u16EffAddr;
9707
9708 /* Handle the disp16 form with no registers first. */
9709 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 6)
9710 IEM_OPCODE_GET_NEXT_U16(&u16EffAddr);
9711 else
9712 {
9713 /* Get the displacment. */
9714 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
9715 {
9716 case 0: u16EffAddr = 0; break;
9717 case 1: IEM_OPCODE_GET_NEXT_S8_SX_U16(&u16EffAddr); break;
9718 case 2: IEM_OPCODE_GET_NEXT_U16(&u16EffAddr); break;
9719 default: AssertFailedReturn(VERR_IEM_IPE_1); /* (caller checked for these) */
9720 }
9721
9722 /* Add the base and index registers to the disp. */
9723 switch (bRm & X86_MODRM_RM_MASK)
9724 {
9725 case 0: u16EffAddr += pCtx->bx + pCtx->si; break;
9726 case 1: u16EffAddr += pCtx->bx + pCtx->di; break;
9727 case 2: u16EffAddr += pCtx->bp + pCtx->si; SET_SS_DEF(); break;
9728 case 3: u16EffAddr += pCtx->bp + pCtx->di; SET_SS_DEF(); break;
9729 case 4: u16EffAddr += pCtx->si; break;
9730 case 5: u16EffAddr += pCtx->di; break;
9731 case 6: u16EffAddr += pCtx->bp; SET_SS_DEF(); break;
9732 case 7: u16EffAddr += pCtx->bx; break;
9733 }
9734 }
9735
9736 *pGCPtrEff = u16EffAddr;
9737 }
9738 else
9739 {
9740 Assert(pIemCpu->enmEffAddrMode == IEMMODE_32BIT);
9741 uint32_t u32EffAddr;
9742
9743 /* Handle the disp32 form with no registers first. */
9744 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
9745 IEM_OPCODE_GET_NEXT_U32(&u32EffAddr);
9746 else
9747 {
9748 /* Get the register (or SIB) value. */
9749 switch ((bRm & X86_MODRM_RM_MASK))
9750 {
9751 case 0: u32EffAddr = pCtx->eax; break;
9752 case 1: u32EffAddr = pCtx->ecx; break;
9753 case 2: u32EffAddr = pCtx->edx; break;
9754 case 3: u32EffAddr = pCtx->ebx; break;
9755 case 4: /* SIB */
9756 {
9757 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
9758
9759 /* Get the index and scale it. */
9760 switch ((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
9761 {
9762 case 0: u32EffAddr = pCtx->eax; break;
9763 case 1: u32EffAddr = pCtx->ecx; break;
9764 case 2: u32EffAddr = pCtx->edx; break;
9765 case 3: u32EffAddr = pCtx->ebx; break;
9766 case 4: u32EffAddr = 0; /*none */ break;
9767 case 5: u32EffAddr = pCtx->ebp; break;
9768 case 6: u32EffAddr = pCtx->esi; break;
9769 case 7: u32EffAddr = pCtx->edi; break;
9770 IEM_NOT_REACHED_DEFAULT_CASE_RET();
9771 }
9772 u32EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
9773
9774 /* add base */
9775 switch (bSib & X86_SIB_BASE_MASK)
9776 {
9777 case 0: u32EffAddr += pCtx->eax; break;
9778 case 1: u32EffAddr += pCtx->ecx; break;
9779 case 2: u32EffAddr += pCtx->edx; break;
9780 case 3: u32EffAddr += pCtx->ebx; break;
9781 case 4: u32EffAddr += pCtx->esp; SET_SS_DEF(); break;
9782 case 5:
9783 if ((bRm & X86_MODRM_MOD_MASK) != 0)
9784 {
9785 u32EffAddr += pCtx->ebp;
9786 SET_SS_DEF();
9787 }
9788 else
9789 {
9790 uint32_t u32Disp;
9791 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
9792 u32EffAddr += u32Disp;
9793 }
9794 break;
9795 case 6: u32EffAddr += pCtx->esi; break;
9796 case 7: u32EffAddr += pCtx->edi; break;
9797 IEM_NOT_REACHED_DEFAULT_CASE_RET();
9798 }
9799 break;
9800 }
9801 case 5: u32EffAddr = pCtx->ebp; SET_SS_DEF(); break;
9802 case 6: u32EffAddr = pCtx->esi; break;
9803 case 7: u32EffAddr = pCtx->edi; break;
9804 IEM_NOT_REACHED_DEFAULT_CASE_RET();
9805 }
9806
9807 /* Get and add the displacement. */
9808 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
9809 {
9810 case 0:
9811 break;
9812 case 1:
9813 {
9814 int8_t i8Disp; IEM_OPCODE_GET_NEXT_S8(&i8Disp);
9815 u32EffAddr += i8Disp;
9816 break;
9817 }
9818 case 2:
9819 {
9820 uint32_t u32Disp; IEM_OPCODE_GET_NEXT_U32(&u32Disp);
9821 u32EffAddr += u32Disp;
9822 break;
9823 }
9824 default:
9825 AssertFailedReturn(VERR_IEM_IPE_2); /* (caller checked for these) */
9826 }
9827
9828 }
9829 if (pIemCpu->enmEffAddrMode == IEMMODE_32BIT)
9830 *pGCPtrEff = u32EffAddr;
9831 else
9832 {
9833 Assert(pIemCpu->enmEffAddrMode == IEMMODE_16BIT);
9834 *pGCPtrEff = u32EffAddr & UINT16_MAX;
9835 }
9836 }
9837 }
9838 else
9839 {
9840 uint64_t u64EffAddr;
9841
9842 /* Handle the rip+disp32 form with no registers first. */
9843 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
9844 {
9845 IEM_OPCODE_GET_NEXT_S32_SX_U64(&u64EffAddr);
9846 u64EffAddr += pCtx->rip + pIemCpu->offOpcode + cbImm;
9847 }
9848 else
9849 {
9850 /* Get the register (or SIB) value. */
9851 switch ((bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB)
9852 {
9853 case 0: u64EffAddr = pCtx->rax; break;
9854 case 1: u64EffAddr = pCtx->rcx; break;
9855 case 2: u64EffAddr = pCtx->rdx; break;
9856 case 3: u64EffAddr = pCtx->rbx; break;
9857 case 5: u64EffAddr = pCtx->rbp; SET_SS_DEF(); break;
9858 case 6: u64EffAddr = pCtx->rsi; break;
9859 case 7: u64EffAddr = pCtx->rdi; break;
9860 case 8: u64EffAddr = pCtx->r8; break;
9861 case 9: u64EffAddr = pCtx->r9; break;
9862 case 10: u64EffAddr = pCtx->r10; break;
9863 case 11: u64EffAddr = pCtx->r11; break;
9864 case 13: u64EffAddr = pCtx->r13; break;
9865 case 14: u64EffAddr = pCtx->r14; break;
9866 case 15: u64EffAddr = pCtx->r15; break;
9867 /* SIB */
9868 case 4:
9869 case 12:
9870 {
9871 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
9872
9873 /* Get the index and scale it. */
9874 switch (((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK) | pIemCpu->uRexIndex)
9875 {
9876 case 0: u64EffAddr = pCtx->rax; break;
9877 case 1: u64EffAddr = pCtx->rcx; break;
9878 case 2: u64EffAddr = pCtx->rdx; break;
9879 case 3: u64EffAddr = pCtx->rbx; break;
9880 case 4: u64EffAddr = 0; /*none */ break;
9881 case 5: u64EffAddr = pCtx->rbp; break;
9882 case 6: u64EffAddr = pCtx->rsi; break;
9883 case 7: u64EffAddr = pCtx->rdi; break;
9884 case 8: u64EffAddr = pCtx->r8; break;
9885 case 9: u64EffAddr = pCtx->r9; break;
9886 case 10: u64EffAddr = pCtx->r10; break;
9887 case 11: u64EffAddr = pCtx->r11; break;
9888 case 12: u64EffAddr = pCtx->r12; break;
9889 case 13: u64EffAddr = pCtx->r13; break;
9890 case 14: u64EffAddr = pCtx->r14; break;
9891 case 15: u64EffAddr = pCtx->r15; break;
9892 IEM_NOT_REACHED_DEFAULT_CASE_RET();
9893 }
9894 u64EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
9895
9896 /* add base */
9897 switch ((bSib & X86_SIB_BASE_MASK) | pIemCpu->uRexB)
9898 {
9899 case 0: u64EffAddr += pCtx->rax; break;
9900 case 1: u64EffAddr += pCtx->rcx; break;
9901 case 2: u64EffAddr += pCtx->rdx; break;
9902 case 3: u64EffAddr += pCtx->rbx; break;
9903 case 4: u64EffAddr += pCtx->rsp; SET_SS_DEF(); break;
9904 case 6: u64EffAddr += pCtx->rsi; break;
9905 case 7: u64EffAddr += pCtx->rdi; break;
9906 case 8: u64EffAddr += pCtx->r8; break;
9907 case 9: u64EffAddr += pCtx->r9; break;
9908 case 10: u64EffAddr += pCtx->r10; break;
9909 case 11: u64EffAddr += pCtx->r11; break;
9910 case 12: u64EffAddr += pCtx->r12; break;
9911 case 14: u64EffAddr += pCtx->r14; break;
9912 case 15: u64EffAddr += pCtx->r15; break;
9913 /* complicated encodings */
9914 case 5:
9915 case 13:
9916 if ((bRm & X86_MODRM_MOD_MASK) != 0)
9917 {
9918 if (!pIemCpu->uRexB)
9919 {
9920 u64EffAddr += pCtx->rbp;
9921 SET_SS_DEF();
9922 }
9923 else
9924 u64EffAddr += pCtx->r13;
9925 }
9926 else
9927 {
9928 uint32_t u32Disp;
9929 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
9930 u64EffAddr += (int32_t)u32Disp;
9931 }
9932 break;
9933 IEM_NOT_REACHED_DEFAULT_CASE_RET();
9934 }
9935 break;
9936 }
9937 IEM_NOT_REACHED_DEFAULT_CASE_RET();
9938 }
9939
9940 /* Get and add the displacement. */
9941 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
9942 {
9943 case 0:
9944 break;
9945 case 1:
9946 {
9947 int8_t i8Disp;
9948 IEM_OPCODE_GET_NEXT_S8(&i8Disp);
9949 u64EffAddr += i8Disp;
9950 break;
9951 }
9952 case 2:
9953 {
9954 uint32_t u32Disp;
9955 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
9956 u64EffAddr += (int32_t)u32Disp;
9957 break;
9958 }
9959 IEM_NOT_REACHED_DEFAULT_CASE_RET(); /* (caller checked for these) */
9960 }
9961
9962 }
9963
9964 if (pIemCpu->enmEffAddrMode == IEMMODE_64BIT)
9965 *pGCPtrEff = u64EffAddr;
9966 else
9967 {
9968 Assert(pIemCpu->enmEffAddrMode == IEMMODE_32BIT);
9969 *pGCPtrEff = u64EffAddr & UINT32_MAX;
9970 }
9971 }
9972
9973 Log5(("iemOpHlpCalcRmEffAddr: EffAddr=%#010RGv\n", *pGCPtrEff));
9974 return VINF_SUCCESS;
9975}
9976
9977/** @} */
9978
9979
9980
9981/*
9982 * Include the instructions
9983 */
9984#include "IEMAllInstructions.cpp.h"
9985
9986
9987
9988
9989#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
9990
9991/**
9992 * Sets up execution verification mode.
9993 */
9994IEM_STATIC void iemExecVerificationModeSetup(PIEMCPU pIemCpu)
9995{
9996 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
9997 PCPUMCTX pOrgCtx = pIemCpu->CTX_SUFF(pCtx);
9998
9999 /*
10000 * Always note down the address of the current instruction.
10001 */
10002 pIemCpu->uOldCs = pOrgCtx->cs.Sel;
10003 pIemCpu->uOldRip = pOrgCtx->rip;
10004
10005 /*
10006 * Enable verification and/or logging.
10007 */
10008 bool fNewNoRem = !LogIs6Enabled(); /* logging triggers the no-rem/rem verification stuff */;
10009 if ( fNewNoRem
10010 && ( 0
10011#if 0 /* auto enable on first paged protected mode interrupt */
10012 || ( pOrgCtx->eflags.Bits.u1IF
10013 && (pOrgCtx->cr0 & (X86_CR0_PE | X86_CR0_PG)) == (X86_CR0_PE | X86_CR0_PG)
10014 && TRPMHasTrap(pVCpu)
10015 && EMGetInhibitInterruptsPC(pVCpu) != pOrgCtx->rip) )
10016#endif
10017#if 0
10018 || ( pOrgCtx->cs == 0x10
10019 && ( pOrgCtx->rip == 0x90119e3e
10020 || pOrgCtx->rip == 0x901d9810)
10021#endif
10022#if 0 /* Auto enable DSL - FPU stuff. */
10023 || ( pOrgCtx->cs == 0x10
10024 && (// pOrgCtx->rip == 0xc02ec07f
10025 //|| pOrgCtx->rip == 0xc02ec082
10026 //|| pOrgCtx->rip == 0xc02ec0c9
10027 0
10028 || pOrgCtx->rip == 0x0c010e7c4 /* fxsave */ ) )
10029#endif
10030#if 0 /* Auto enable DSL - fstp st0 stuff. */
10031 || (pOrgCtx->cs.Sel == 0x23 pOrgCtx->rip == 0x804aff7)
10032#endif
10033#if 0
10034 || pOrgCtx->rip == 0x9022bb3a
10035#endif
10036#if 0
10037 || (pOrgCtx->cs.Sel == 0x58 && pOrgCtx->rip == 0x3be) /* NT4SP1 sidt/sgdt in early loader code */
10038#endif
10039#if 0
10040 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013ec28) /* NT4SP1 first str (early boot) */
10041 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x80119e3f) /* NT4SP1 second str (early boot) */
10042#endif
10043#if 0 /* NT4SP1 - later on the blue screen, things goes wrong... */
10044 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8010a5df)
10045 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013a7c4)
10046 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013a7d2)
10047#endif
10048#if 0 /* NT4SP1 - xadd early boot. */
10049 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8019cf0f)
10050#endif
10051#if 0 /* NT4SP1 - wrmsr (intel MSR). */
10052 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8011a6d4)
10053#endif
10054#if 0 /* NT4SP1 - cmpxchg (AMD). */
10055 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x801684c1)
10056#endif
10057#if 0 /* NT4SP1 - fnstsw + 2 (AMD). */
10058 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x801c6b88+2)
10059#endif
10060#if 0 /* NT4SP1 - iret to v8086 -- too generic a place? (N/A with GAs installed) */
10061 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013bd5d)
10062
10063#endif
10064#if 0 /* NT4SP1 - iret to v8086 (executing edlin) */
10065 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013b609)
10066
10067#endif
10068#if 0 /* NT4SP1 - frstor [ecx] */
10069 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013d11f)
10070#endif
10071#if 0 /* xxxxxx - All long mode code. */
10072 || (pOrgCtx->msrEFER & MSR_K6_EFER_LMA)
10073#endif
10074#if 0 /* rep movsq linux 3.7 64-bit boot. */
10075 || (pOrgCtx->rip == 0x0000000000100241)
10076#endif
10077#if 0 /* linux 3.7 64-bit boot - '000000000215e240'. */
10078 || (pOrgCtx->rip == 0x000000000215e240)
10079#endif
10080#if 0 /* DOS's size-overridden iret to v8086. */
10081 || (pOrgCtx->rip == 0x427 && pOrgCtx->cs.Sel == 0xb8)
10082#endif
10083 )
10084 )
10085 {
10086 RTLogGroupSettings(NULL, "iem.eo.l6.l2");
10087 RTLogFlags(NULL, "enabled");
10088 fNewNoRem = false;
10089 }
10090 if (fNewNoRem != pIemCpu->fNoRem)
10091 {
10092 pIemCpu->fNoRem = fNewNoRem;
10093 if (!fNewNoRem)
10094 {
10095 LogAlways(("Enabling verification mode!\n"));
10096 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_ALL);
10097 }
10098 else
10099 LogAlways(("Disabling verification mode!\n"));
10100 }
10101
10102 /*
10103 * Switch state.
10104 */
10105 if (IEM_VERIFICATION_ENABLED(pIemCpu))
10106 {
10107 static CPUMCTX s_DebugCtx; /* Ugly! */
10108
10109 s_DebugCtx = *pOrgCtx;
10110 pIemCpu->CTX_SUFF(pCtx) = &s_DebugCtx;
10111 }
10112
10113 /*
10114 * See if there is an interrupt pending in TRPM and inject it if we can.
10115 */
10116 pIemCpu->uInjectCpl = UINT8_MAX;
10117 if ( pOrgCtx->eflags.Bits.u1IF
10118 && TRPMHasTrap(pVCpu)
10119 && EMGetInhibitInterruptsPC(pVCpu) != pOrgCtx->rip)
10120 {
10121 uint8_t u8TrapNo;
10122 TRPMEVENT enmType;
10123 RTGCUINT uErrCode;
10124 RTGCPTR uCr2;
10125 int rc2 = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrCode, &uCr2, NULL /* pu8InstLen */); AssertRC(rc2);
10126 IEMInjectTrap(pVCpu, u8TrapNo, enmType, (uint16_t)uErrCode, uCr2, 0 /* cbInstr */);
10127 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
10128 TRPMResetTrap(pVCpu);
10129 pIemCpu->uInjectCpl = pIemCpu->uCpl;
10130 }
10131
10132 /*
10133 * Reset the counters.
10134 */
10135 pIemCpu->cIOReads = 0;
10136 pIemCpu->cIOWrites = 0;
10137 pIemCpu->fIgnoreRaxRdx = false;
10138 pIemCpu->fOverlappingMovs = false;
10139 pIemCpu->fProblematicMemory = false;
10140 pIemCpu->fUndefinedEFlags = 0;
10141
10142 if (IEM_VERIFICATION_ENABLED(pIemCpu))
10143 {
10144 /*
10145 * Free all verification records.
10146 */
10147 PIEMVERIFYEVTREC pEvtRec = pIemCpu->pIemEvtRecHead;
10148 pIemCpu->pIemEvtRecHead = NULL;
10149 pIemCpu->ppIemEvtRecNext = &pIemCpu->pIemEvtRecHead;
10150 do
10151 {
10152 while (pEvtRec)
10153 {
10154 PIEMVERIFYEVTREC pNext = pEvtRec->pNext;
10155 pEvtRec->pNext = pIemCpu->pFreeEvtRec;
10156 pIemCpu->pFreeEvtRec = pEvtRec;
10157 pEvtRec = pNext;
10158 }
10159 pEvtRec = pIemCpu->pOtherEvtRecHead;
10160 pIemCpu->pOtherEvtRecHead = NULL;
10161 pIemCpu->ppOtherEvtRecNext = &pIemCpu->pOtherEvtRecHead;
10162 } while (pEvtRec);
10163 }
10164}
10165
10166
10167/**
10168 * Allocate an event record.
10169 * @returns Pointer to a record.
10170 */
10171IEM_STATIC PIEMVERIFYEVTREC iemVerifyAllocRecord(PIEMCPU pIemCpu)
10172{
10173 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
10174 return NULL;
10175
10176 PIEMVERIFYEVTREC pEvtRec = pIemCpu->pFreeEvtRec;
10177 if (pEvtRec)
10178 pIemCpu->pFreeEvtRec = pEvtRec->pNext;
10179 else
10180 {
10181 if (!pIemCpu->ppIemEvtRecNext)
10182 return NULL; /* Too early (fake PCIBIOS), ignore notification. */
10183
10184 pEvtRec = (PIEMVERIFYEVTREC)MMR3HeapAlloc(IEMCPU_TO_VM(pIemCpu), MM_TAG_EM /* lazy bird*/, sizeof(*pEvtRec));
10185 if (!pEvtRec)
10186 return NULL;
10187 }
10188 pEvtRec->enmEvent = IEMVERIFYEVENT_INVALID;
10189 pEvtRec->pNext = NULL;
10190 return pEvtRec;
10191}
10192
10193
10194/**
10195 * IOMMMIORead notification.
10196 */
10197VMM_INT_DECL(void) IEMNotifyMMIORead(PVM pVM, RTGCPHYS GCPhys, size_t cbValue)
10198{
10199 PVMCPU pVCpu = VMMGetCpu(pVM);
10200 if (!pVCpu)
10201 return;
10202 PIEMCPU pIemCpu = &pVCpu->iem.s;
10203 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10204 if (!pEvtRec)
10205 return;
10206 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
10207 pEvtRec->u.RamRead.GCPhys = GCPhys;
10208 pEvtRec->u.RamRead.cb = (uint32_t)cbValue;
10209 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
10210 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
10211}
10212
10213
10214/**
10215 * IOMMMIOWrite notification.
10216 */
10217VMM_INT_DECL(void) IEMNotifyMMIOWrite(PVM pVM, RTGCPHYS GCPhys, uint32_t u32Value, size_t cbValue)
10218{
10219 PVMCPU pVCpu = VMMGetCpu(pVM);
10220 if (!pVCpu)
10221 return;
10222 PIEMCPU pIemCpu = &pVCpu->iem.s;
10223 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10224 if (!pEvtRec)
10225 return;
10226 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_WRITE;
10227 pEvtRec->u.RamWrite.GCPhys = GCPhys;
10228 pEvtRec->u.RamWrite.cb = (uint32_t)cbValue;
10229 pEvtRec->u.RamWrite.ab[0] = RT_BYTE1(u32Value);
10230 pEvtRec->u.RamWrite.ab[1] = RT_BYTE2(u32Value);
10231 pEvtRec->u.RamWrite.ab[2] = RT_BYTE3(u32Value);
10232 pEvtRec->u.RamWrite.ab[3] = RT_BYTE4(u32Value);
10233 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
10234 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
10235}
10236
10237
10238/**
10239 * IOMIOPortRead notification.
10240 */
10241VMM_INT_DECL(void) IEMNotifyIOPortRead(PVM pVM, RTIOPORT Port, size_t cbValue)
10242{
10243 PVMCPU pVCpu = VMMGetCpu(pVM);
10244 if (!pVCpu)
10245 return;
10246 PIEMCPU pIemCpu = &pVCpu->iem.s;
10247 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10248 if (!pEvtRec)
10249 return;
10250 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_READ;
10251 pEvtRec->u.IOPortRead.Port = Port;
10252 pEvtRec->u.IOPortRead.cbValue = (uint8_t)cbValue;
10253 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
10254 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
10255}
10256
10257/**
10258 * IOMIOPortWrite notification.
10259 */
10260VMM_INT_DECL(void) IEMNotifyIOPortWrite(PVM pVM, RTIOPORT Port, uint32_t u32Value, size_t cbValue)
10261{
10262 PVMCPU pVCpu = VMMGetCpu(pVM);
10263 if (!pVCpu)
10264 return;
10265 PIEMCPU pIemCpu = &pVCpu->iem.s;
10266 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10267 if (!pEvtRec)
10268 return;
10269 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_WRITE;
10270 pEvtRec->u.IOPortWrite.Port = Port;
10271 pEvtRec->u.IOPortWrite.cbValue = (uint8_t)cbValue;
10272 pEvtRec->u.IOPortWrite.u32Value = u32Value;
10273 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
10274 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
10275}
10276
10277
10278VMM_INT_DECL(void) IEMNotifyIOPortReadString(PVM pVM, RTIOPORT Port, void *pvDst, RTGCUINTREG cTransfers, size_t cbValue)
10279{
10280 PVMCPU pVCpu = VMMGetCpu(pVM);
10281 if (!pVCpu)
10282 return;
10283 PIEMCPU pIemCpu = &pVCpu->iem.s;
10284 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10285 if (!pEvtRec)
10286 return;
10287 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_STR_READ;
10288 pEvtRec->u.IOPortStrRead.Port = Port;
10289 pEvtRec->u.IOPortStrRead.cbValue = (uint8_t)cbValue;
10290 pEvtRec->u.IOPortStrRead.cTransfers = cTransfers;
10291 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
10292 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
10293}
10294
10295
10296VMM_INT_DECL(void) IEMNotifyIOPortWriteString(PVM pVM, RTIOPORT Port, void const *pvSrc, RTGCUINTREG cTransfers, size_t cbValue)
10297{
10298 PVMCPU pVCpu = VMMGetCpu(pVM);
10299 if (!pVCpu)
10300 return;
10301 PIEMCPU pIemCpu = &pVCpu->iem.s;
10302 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10303 if (!pEvtRec)
10304 return;
10305 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_STR_WRITE;
10306 pEvtRec->u.IOPortStrWrite.Port = Port;
10307 pEvtRec->u.IOPortStrWrite.cbValue = (uint8_t)cbValue;
10308 pEvtRec->u.IOPortStrWrite.cTransfers = cTransfers;
10309 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
10310 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
10311}
10312
10313
10314/**
10315 * Fakes and records an I/O port read.
10316 *
10317 * @returns VINF_SUCCESS.
10318 * @param pIemCpu The IEM per CPU data.
10319 * @param Port The I/O port.
10320 * @param pu32Value Where to store the fake value.
10321 * @param cbValue The size of the access.
10322 */
10323IEM_STATIC VBOXSTRICTRC iemVerifyFakeIOPortRead(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t *pu32Value, size_t cbValue)
10324{
10325 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10326 if (pEvtRec)
10327 {
10328 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_READ;
10329 pEvtRec->u.IOPortRead.Port = Port;
10330 pEvtRec->u.IOPortRead.cbValue = (uint8_t)cbValue;
10331 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
10332 *pIemCpu->ppIemEvtRecNext = pEvtRec;
10333 }
10334 pIemCpu->cIOReads++;
10335 *pu32Value = 0xcccccccc;
10336 return VINF_SUCCESS;
10337}
10338
10339
10340/**
10341 * Fakes and records an I/O port write.
10342 *
10343 * @returns VINF_SUCCESS.
10344 * @param pIemCpu The IEM per CPU data.
10345 * @param Port The I/O port.
10346 * @param u32Value The value being written.
10347 * @param cbValue The size of the access.
10348 */
10349IEM_STATIC VBOXSTRICTRC iemVerifyFakeIOPortWrite(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t u32Value, size_t cbValue)
10350{
10351 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
10352 if (pEvtRec)
10353 {
10354 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_WRITE;
10355 pEvtRec->u.IOPortWrite.Port = Port;
10356 pEvtRec->u.IOPortWrite.cbValue = (uint8_t)cbValue;
10357 pEvtRec->u.IOPortWrite.u32Value = u32Value;
10358 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
10359 *pIemCpu->ppIemEvtRecNext = pEvtRec;
10360 }
10361 pIemCpu->cIOWrites++;
10362 return VINF_SUCCESS;
10363}
10364
10365
10366/**
10367 * Used to add extra details about a stub case.
10368 * @param pIemCpu The IEM per CPU state.
10369 */
10370IEM_STATIC void iemVerifyAssertMsg2(PIEMCPU pIemCpu)
10371{
10372 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
10373 PVM pVM = IEMCPU_TO_VM(pIemCpu);
10374 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
10375 char szRegs[4096];
10376 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
10377 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
10378 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
10379 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
10380 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
10381 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
10382 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
10383 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
10384 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
10385 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
10386 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
10387 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
10388 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
10389 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
10390 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
10391 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
10392 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
10393 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
10394 " efer=%016VR{efer}\n"
10395 " pat=%016VR{pat}\n"
10396 " sf_mask=%016VR{sf_mask}\n"
10397 "krnl_gs_base=%016VR{krnl_gs_base}\n"
10398 " lstar=%016VR{lstar}\n"
10399 " star=%016VR{star} cstar=%016VR{cstar}\n"
10400 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
10401 );
10402
10403 char szInstr1[256];
10404 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, pIemCpu->uOldCs, pIemCpu->uOldRip,
10405 DBGF_DISAS_FLAGS_DEFAULT_MODE,
10406 szInstr1, sizeof(szInstr1), NULL);
10407 char szInstr2[256];
10408 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
10409 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
10410 szInstr2, sizeof(szInstr2), NULL);
10411
10412 RTAssertMsg2Weak("%s%s\n%s\n", szRegs, szInstr1, szInstr2);
10413}
10414
10415
10416/**
10417 * Used by iemVerifyAssertRecord and iemVerifyAssertRecords to add a record
10418 * dump to the assertion info.
10419 *
10420 * @param pEvtRec The record to dump.
10421 */
10422IEM_STATIC void iemVerifyAssertAddRecordDump(PIEMVERIFYEVTREC pEvtRec)
10423{
10424 switch (pEvtRec->enmEvent)
10425 {
10426 case IEMVERIFYEVENT_IOPORT_READ:
10427 RTAssertMsg2Add("I/O PORT READ from %#6x, %d bytes\n",
10428 pEvtRec->u.IOPortWrite.Port,
10429 pEvtRec->u.IOPortWrite.cbValue);
10430 break;
10431 case IEMVERIFYEVENT_IOPORT_WRITE:
10432 RTAssertMsg2Add("I/O PORT WRITE to %#6x, %d bytes, value %#x\n",
10433 pEvtRec->u.IOPortWrite.Port,
10434 pEvtRec->u.IOPortWrite.cbValue,
10435 pEvtRec->u.IOPortWrite.u32Value);
10436 break;
10437 case IEMVERIFYEVENT_IOPORT_STR_READ:
10438 RTAssertMsg2Add("I/O PORT STRING READ from %#6x, %d bytes, %#x times\n",
10439 pEvtRec->u.IOPortStrWrite.Port,
10440 pEvtRec->u.IOPortStrWrite.cbValue,
10441 pEvtRec->u.IOPortStrWrite.cTransfers);
10442 break;
10443 case IEMVERIFYEVENT_IOPORT_STR_WRITE:
10444 RTAssertMsg2Add("I/O PORT STRING WRITE to %#6x, %d bytes, %#x times\n",
10445 pEvtRec->u.IOPortStrWrite.Port,
10446 pEvtRec->u.IOPortStrWrite.cbValue,
10447 pEvtRec->u.IOPortStrWrite.cTransfers);
10448 break;
10449 case IEMVERIFYEVENT_RAM_READ:
10450 RTAssertMsg2Add("RAM READ at %RGp, %#4zx bytes\n",
10451 pEvtRec->u.RamRead.GCPhys,
10452 pEvtRec->u.RamRead.cb);
10453 break;
10454 case IEMVERIFYEVENT_RAM_WRITE:
10455 RTAssertMsg2Add("RAM WRITE at %RGp, %#4zx bytes: %.*Rhxs\n",
10456 pEvtRec->u.RamWrite.GCPhys,
10457 pEvtRec->u.RamWrite.cb,
10458 (int)pEvtRec->u.RamWrite.cb,
10459 pEvtRec->u.RamWrite.ab);
10460 break;
10461 default:
10462 AssertMsgFailed(("Invalid event type %d\n", pEvtRec->enmEvent));
10463 break;
10464 }
10465}
10466
10467
10468/**
10469 * Raises an assertion on the specified record, showing the given message with
10470 * a record dump attached.
10471 *
10472 * @param pIemCpu The IEM per CPU data.
10473 * @param pEvtRec1 The first record.
10474 * @param pEvtRec2 The second record.
10475 * @param pszMsg The message explaining why we're asserting.
10476 */
10477IEM_STATIC void iemVerifyAssertRecords(PIEMCPU pIemCpu, PIEMVERIFYEVTREC pEvtRec1, PIEMVERIFYEVTREC pEvtRec2, const char *pszMsg)
10478{
10479 RTAssertMsg1(pszMsg, __LINE__, __FILE__, __PRETTY_FUNCTION__);
10480 iemVerifyAssertAddRecordDump(pEvtRec1);
10481 iemVerifyAssertAddRecordDump(pEvtRec2);
10482 iemVerifyAssertMsg2(pIemCpu);
10483 RTAssertPanic();
10484}
10485
10486
10487/**
10488 * Raises an assertion on the specified record, showing the given message with
10489 * a record dump attached.
10490 *
10491 * @param pIemCpu The IEM per CPU data.
10492 * @param pEvtRec1 The first record.
10493 * @param pszMsg The message explaining why we're asserting.
10494 */
10495IEM_STATIC void iemVerifyAssertRecord(PIEMCPU pIemCpu, PIEMVERIFYEVTREC pEvtRec, const char *pszMsg)
10496{
10497 RTAssertMsg1(pszMsg, __LINE__, __FILE__, __PRETTY_FUNCTION__);
10498 iemVerifyAssertAddRecordDump(pEvtRec);
10499 iemVerifyAssertMsg2(pIemCpu);
10500 RTAssertPanic();
10501}
10502
10503
10504/**
10505 * Verifies a write record.
10506 *
10507 * @param pIemCpu The IEM per CPU data.
10508 * @param pEvtRec The write record.
10509 * @param fRem Set if REM was doing the other executing. If clear
10510 * it was HM.
10511 */
10512IEM_STATIC void iemVerifyWriteRecord(PIEMCPU pIemCpu, PIEMVERIFYEVTREC pEvtRec, bool fRem)
10513{
10514 uint8_t abBuf[sizeof(pEvtRec->u.RamWrite.ab)]; RT_ZERO(abBuf);
10515 Assert(sizeof(abBuf) >= pEvtRec->u.RamWrite.cb);
10516 int rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), abBuf, pEvtRec->u.RamWrite.GCPhys, pEvtRec->u.RamWrite.cb);
10517 if ( RT_FAILURE(rc)
10518 || memcmp(abBuf, pEvtRec->u.RamWrite.ab, pEvtRec->u.RamWrite.cb) )
10519 {
10520 /* fend off ins */
10521 if ( !pIemCpu->cIOReads
10522 || pEvtRec->u.RamWrite.ab[0] != 0xcc
10523 || ( pEvtRec->u.RamWrite.cb != 1
10524 && pEvtRec->u.RamWrite.cb != 2
10525 && pEvtRec->u.RamWrite.cb != 4) )
10526 {
10527 /* fend off ROMs and MMIO */
10528 if ( pEvtRec->u.RamWrite.GCPhys - UINT32_C(0x000a0000) > UINT32_C(0x60000)
10529 && pEvtRec->u.RamWrite.GCPhys - UINT32_C(0xfffc0000) > UINT32_C(0x40000) )
10530 {
10531 /* fend off fxsave */
10532 if (pEvtRec->u.RamWrite.cb != 512)
10533 {
10534 const char *pszWho = fRem ? "rem" : HMR3IsVmxEnabled(IEMCPU_TO_VM(pIemCpu)->pUVM) ? "vmx" : "svm";
10535 RTAssertMsg1(NULL, __LINE__, __FILE__, __PRETTY_FUNCTION__);
10536 RTAssertMsg2Weak("Memory at %RGv differs\n", pEvtRec->u.RamWrite.GCPhys);
10537 RTAssertMsg2Add("%s: %.*Rhxs\n"
10538 "iem: %.*Rhxs\n",
10539 pszWho, pEvtRec->u.RamWrite.cb, abBuf,
10540 pEvtRec->u.RamWrite.cb, pEvtRec->u.RamWrite.ab);
10541 iemVerifyAssertAddRecordDump(pEvtRec);
10542 iemVerifyAssertMsg2(pIemCpu);
10543 RTAssertPanic();
10544 }
10545 }
10546 }
10547 }
10548
10549}
10550
10551/**
10552 * Performs the post-execution verfication checks.
10553 */
10554IEM_STATIC VBOXSTRICTRC iemExecVerificationModeCheck(PIEMCPU pIemCpu, VBOXSTRICTRC rcStrictIem)
10555{
10556 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
10557 return rcStrictIem;
10558
10559 /*
10560 * Switch back the state.
10561 */
10562 PCPUMCTX pOrgCtx = CPUMQueryGuestCtxPtr(IEMCPU_TO_VMCPU(pIemCpu));
10563 PCPUMCTX pDebugCtx = pIemCpu->CTX_SUFF(pCtx);
10564 Assert(pOrgCtx != pDebugCtx);
10565 pIemCpu->CTX_SUFF(pCtx) = pOrgCtx;
10566
10567 /*
10568 * Execute the instruction in REM.
10569 */
10570 bool fRem = false;
10571 PVM pVM = IEMCPU_TO_VM(pIemCpu);
10572 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
10573 VBOXSTRICTRC rc = VERR_EM_CANNOT_EXEC_GUEST;
10574#ifdef IEM_VERIFICATION_MODE_FULL_HM
10575 if ( HMIsEnabled(pVM)
10576 && pIemCpu->cIOReads == 0
10577 && pIemCpu->cIOWrites == 0
10578 && !pIemCpu->fProblematicMemory)
10579 {
10580 uint64_t uStartRip = pOrgCtx->rip;
10581 unsigned iLoops = 0;
10582 do
10583 {
10584 rc = EMR3HmSingleInstruction(pVM, pVCpu, EM_ONE_INS_FLAGS_RIP_CHANGE);
10585 iLoops++;
10586 } while ( rc == VINF_SUCCESS
10587 || ( rc == VINF_EM_DBG_STEPPED
10588 && VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
10589 && EMGetInhibitInterruptsPC(pVCpu) == pOrgCtx->rip)
10590 || ( pOrgCtx->rip != pDebugCtx->rip
10591 && pIemCpu->uInjectCpl != UINT8_MAX
10592 && iLoops < 8) );
10593 if (rc == VINF_EM_RESCHEDULE && pOrgCtx->rip != uStartRip)
10594 rc = VINF_SUCCESS;
10595 }
10596#endif
10597 if ( rc == VERR_EM_CANNOT_EXEC_GUEST
10598 || rc == VINF_IOM_R3_IOPORT_READ
10599 || rc == VINF_IOM_R3_IOPORT_WRITE
10600 || rc == VINF_IOM_R3_MMIO_READ
10601 || rc == VINF_IOM_R3_MMIO_READ_WRITE
10602 || rc == VINF_IOM_R3_MMIO_WRITE
10603 || rc == VINF_CPUM_R3_MSR_READ
10604 || rc == VINF_CPUM_R3_MSR_WRITE
10605 || rc == VINF_EM_RESCHEDULE
10606 )
10607 {
10608 EMRemLock(pVM);
10609 rc = REMR3EmulateInstruction(pVM, pVCpu);
10610 AssertRC(rc);
10611 EMRemUnlock(pVM);
10612 fRem = true;
10613 }
10614
10615# if 1 /* Skip unimplemented instructions for now. */
10616 if (rcStrictIem == VERR_IEM_INSTR_NOT_IMPLEMENTED)
10617 {
10618 pIemCpu->CTX_SUFF(pCtx) = pOrgCtx;
10619 if (rc == VINF_EM_DBG_STEPPED)
10620 return VINF_SUCCESS;
10621 return rc;
10622 }
10623# endif
10624
10625 /*
10626 * Compare the register states.
10627 */
10628 unsigned cDiffs = 0;
10629 if (memcmp(pOrgCtx, pDebugCtx, sizeof(*pDebugCtx)))
10630 {
10631 //Log(("REM and IEM ends up with different registers!\n"));
10632 const char *pszWho = fRem ? "rem" : HMR3IsVmxEnabled(pVM->pUVM) ? "vmx" : "svm";
10633
10634# define CHECK_FIELD(a_Field) \
10635 do \
10636 { \
10637 if (pOrgCtx->a_Field != pDebugCtx->a_Field) \
10638 { \
10639 switch (sizeof(pOrgCtx->a_Field)) \
10640 { \
10641 case 1: RTAssertMsg2Weak(" %8s differs - iem=%02x - %s=%02x\n", #a_Field, pDebugCtx->a_Field, pszWho, pOrgCtx->a_Field); break; \
10642 case 2: RTAssertMsg2Weak(" %8s differs - iem=%04x - %s=%04x\n", #a_Field, pDebugCtx->a_Field, pszWho, pOrgCtx->a_Field); break; \
10643 case 4: RTAssertMsg2Weak(" %8s differs - iem=%08x - %s=%08x\n", #a_Field, pDebugCtx->a_Field, pszWho, pOrgCtx->a_Field); break; \
10644 case 8: RTAssertMsg2Weak(" %8s differs - iem=%016llx - %s=%016llx\n", #a_Field, pDebugCtx->a_Field, pszWho, pOrgCtx->a_Field); break; \
10645 default: RTAssertMsg2Weak(" %8s differs\n", #a_Field); break; \
10646 } \
10647 cDiffs++; \
10648 } \
10649 } while (0)
10650# define CHECK_XSTATE_FIELD(a_Field) \
10651 do \
10652 { \
10653 if (pOrgXState->a_Field != pDebugXState->a_Field) \
10654 { \
10655 switch (sizeof(pOrgXState->a_Field)) \
10656 { \
10657 case 1: RTAssertMsg2Weak(" %8s differs - iem=%02x - %s=%02x\n", #a_Field, pDebugXState->a_Field, pszWho, pOrgXState->a_Field); break; \
10658 case 2: RTAssertMsg2Weak(" %8s differs - iem=%04x - %s=%04x\n", #a_Field, pDebugXState->a_Field, pszWho, pOrgXState->a_Field); break; \
10659 case 4: RTAssertMsg2Weak(" %8s differs - iem=%08x - %s=%08x\n", #a_Field, pDebugXState->a_Field, pszWho, pOrgXState->a_Field); break; \
10660 case 8: RTAssertMsg2Weak(" %8s differs - iem=%016llx - %s=%016llx\n", #a_Field, pDebugXState->a_Field, pszWho, pOrgXState->a_Field); break; \
10661 default: RTAssertMsg2Weak(" %8s differs\n", #a_Field); break; \
10662 } \
10663 cDiffs++; \
10664 } \
10665 } while (0)
10666
10667# define CHECK_BIT_FIELD(a_Field) \
10668 do \
10669 { \
10670 if (pOrgCtx->a_Field != pDebugCtx->a_Field) \
10671 { \
10672 RTAssertMsg2Weak(" %8s differs - iem=%02x - %s=%02x\n", #a_Field, pDebugCtx->a_Field, pszWho, pOrgCtx->a_Field); \
10673 cDiffs++; \
10674 } \
10675 } while (0)
10676
10677# define CHECK_SEL(a_Sel) \
10678 do \
10679 { \
10680 CHECK_FIELD(a_Sel.Sel); \
10681 CHECK_FIELD(a_Sel.Attr.u); \
10682 CHECK_FIELD(a_Sel.u64Base); \
10683 CHECK_FIELD(a_Sel.u32Limit); \
10684 CHECK_FIELD(a_Sel.fFlags); \
10685 } while (0)
10686
10687 PX86XSAVEAREA pOrgXState = pOrgCtx->CTX_SUFF(pXState);
10688 PX86XSAVEAREA pDebugXState = pDebugCtx->CTX_SUFF(pXState);
10689
10690#if 1 /* The recompiler doesn't update these the intel way. */
10691 if (fRem)
10692 {
10693 pOrgXState->x87.FOP = pDebugXState->x87.FOP;
10694 pOrgXState->x87.FPUIP = pDebugXState->x87.FPUIP;
10695 pOrgXState->x87.CS = pDebugXState->x87.CS;
10696 pOrgXState->x87.Rsrvd1 = pDebugXState->x87.Rsrvd1;
10697 pOrgXState->x87.FPUDP = pDebugXState->x87.FPUDP;
10698 pOrgXState->x87.DS = pDebugXState->x87.DS;
10699 pOrgXState->x87.Rsrvd2 = pDebugXState->x87.Rsrvd2;
10700 //pOrgXState->x87.MXCSR_MASK = pDebugXState->x87.MXCSR_MASK;
10701 if ((pOrgXState->x87.FSW & X86_FSW_TOP_MASK) == (pDebugXState->x87.FSW & X86_FSW_TOP_MASK))
10702 pOrgXState->x87.FSW = pDebugXState->x87.FSW;
10703 }
10704#endif
10705 if (memcmp(&pOrgXState->x87, &pDebugXState->x87, sizeof(pDebugXState->x87)))
10706 {
10707 RTAssertMsg2Weak(" the FPU state differs\n");
10708 cDiffs++;
10709 CHECK_XSTATE_FIELD(x87.FCW);
10710 CHECK_XSTATE_FIELD(x87.FSW);
10711 CHECK_XSTATE_FIELD(x87.FTW);
10712 CHECK_XSTATE_FIELD(x87.FOP);
10713 CHECK_XSTATE_FIELD(x87.FPUIP);
10714 CHECK_XSTATE_FIELD(x87.CS);
10715 CHECK_XSTATE_FIELD(x87.Rsrvd1);
10716 CHECK_XSTATE_FIELD(x87.FPUDP);
10717 CHECK_XSTATE_FIELD(x87.DS);
10718 CHECK_XSTATE_FIELD(x87.Rsrvd2);
10719 CHECK_XSTATE_FIELD(x87.MXCSR);
10720 CHECK_XSTATE_FIELD(x87.MXCSR_MASK);
10721 CHECK_XSTATE_FIELD(x87.aRegs[0].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[0].au64[1]);
10722 CHECK_XSTATE_FIELD(x87.aRegs[1].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[1].au64[1]);
10723 CHECK_XSTATE_FIELD(x87.aRegs[2].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[2].au64[1]);
10724 CHECK_XSTATE_FIELD(x87.aRegs[3].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[3].au64[1]);
10725 CHECK_XSTATE_FIELD(x87.aRegs[4].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[4].au64[1]);
10726 CHECK_XSTATE_FIELD(x87.aRegs[5].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[5].au64[1]);
10727 CHECK_XSTATE_FIELD(x87.aRegs[6].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[6].au64[1]);
10728 CHECK_XSTATE_FIELD(x87.aRegs[7].au64[0]); CHECK_XSTATE_FIELD(x87.aRegs[7].au64[1]);
10729 CHECK_XSTATE_FIELD(x87.aXMM[ 0].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 0].au64[1]);
10730 CHECK_XSTATE_FIELD(x87.aXMM[ 1].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 1].au64[1]);
10731 CHECK_XSTATE_FIELD(x87.aXMM[ 2].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 2].au64[1]);
10732 CHECK_XSTATE_FIELD(x87.aXMM[ 3].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 3].au64[1]);
10733 CHECK_XSTATE_FIELD(x87.aXMM[ 4].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 4].au64[1]);
10734 CHECK_XSTATE_FIELD(x87.aXMM[ 5].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 5].au64[1]);
10735 CHECK_XSTATE_FIELD(x87.aXMM[ 6].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 6].au64[1]);
10736 CHECK_XSTATE_FIELD(x87.aXMM[ 7].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 7].au64[1]);
10737 CHECK_XSTATE_FIELD(x87.aXMM[ 8].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 8].au64[1]);
10738 CHECK_XSTATE_FIELD(x87.aXMM[ 9].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[ 9].au64[1]);
10739 CHECK_XSTATE_FIELD(x87.aXMM[10].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[10].au64[1]);
10740 CHECK_XSTATE_FIELD(x87.aXMM[11].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[11].au64[1]);
10741 CHECK_XSTATE_FIELD(x87.aXMM[12].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[12].au64[1]);
10742 CHECK_XSTATE_FIELD(x87.aXMM[13].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[13].au64[1]);
10743 CHECK_XSTATE_FIELD(x87.aXMM[14].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[14].au64[1]);
10744 CHECK_XSTATE_FIELD(x87.aXMM[15].au64[0]); CHECK_XSTATE_FIELD(x87.aXMM[15].au64[1]);
10745 for (unsigned i = 0; i < RT_ELEMENTS(pOrgXState->x87.au32RsrvdRest); i++)
10746 CHECK_XSTATE_FIELD(x87.au32RsrvdRest[i]);
10747 }
10748 CHECK_FIELD(rip);
10749 uint32_t fFlagsMask = UINT32_MAX & ~pIemCpu->fUndefinedEFlags;
10750 if ((pOrgCtx->rflags.u & fFlagsMask) != (pDebugCtx->rflags.u & fFlagsMask))
10751 {
10752 RTAssertMsg2Weak(" rflags differs - iem=%08llx %s=%08llx\n", pDebugCtx->rflags.u, pszWho, pOrgCtx->rflags.u);
10753 CHECK_BIT_FIELD(rflags.Bits.u1CF);
10754 CHECK_BIT_FIELD(rflags.Bits.u1Reserved0);
10755 CHECK_BIT_FIELD(rflags.Bits.u1PF);
10756 CHECK_BIT_FIELD(rflags.Bits.u1Reserved1);
10757 CHECK_BIT_FIELD(rflags.Bits.u1AF);
10758 CHECK_BIT_FIELD(rflags.Bits.u1Reserved2);
10759 CHECK_BIT_FIELD(rflags.Bits.u1ZF);
10760 CHECK_BIT_FIELD(rflags.Bits.u1SF);
10761 CHECK_BIT_FIELD(rflags.Bits.u1TF);
10762 CHECK_BIT_FIELD(rflags.Bits.u1IF);
10763 CHECK_BIT_FIELD(rflags.Bits.u1DF);
10764 CHECK_BIT_FIELD(rflags.Bits.u1OF);
10765 CHECK_BIT_FIELD(rflags.Bits.u2IOPL);
10766 CHECK_BIT_FIELD(rflags.Bits.u1NT);
10767 CHECK_BIT_FIELD(rflags.Bits.u1Reserved3);
10768 if (0 && !fRem) /** @todo debug the occational clear RF flags when running against VT-x. */
10769 CHECK_BIT_FIELD(rflags.Bits.u1RF);
10770 CHECK_BIT_FIELD(rflags.Bits.u1VM);
10771 CHECK_BIT_FIELD(rflags.Bits.u1AC);
10772 CHECK_BIT_FIELD(rflags.Bits.u1VIF);
10773 CHECK_BIT_FIELD(rflags.Bits.u1VIP);
10774 CHECK_BIT_FIELD(rflags.Bits.u1ID);
10775 }
10776
10777 if (pIemCpu->cIOReads != 1 && !pIemCpu->fIgnoreRaxRdx)
10778 CHECK_FIELD(rax);
10779 CHECK_FIELD(rcx);
10780 if (!pIemCpu->fIgnoreRaxRdx)
10781 CHECK_FIELD(rdx);
10782 CHECK_FIELD(rbx);
10783 CHECK_FIELD(rsp);
10784 CHECK_FIELD(rbp);
10785 CHECK_FIELD(rsi);
10786 CHECK_FIELD(rdi);
10787 CHECK_FIELD(r8);
10788 CHECK_FIELD(r9);
10789 CHECK_FIELD(r10);
10790 CHECK_FIELD(r11);
10791 CHECK_FIELD(r12);
10792 CHECK_FIELD(r13);
10793 CHECK_SEL(cs);
10794 CHECK_SEL(ss);
10795 CHECK_SEL(ds);
10796 CHECK_SEL(es);
10797 CHECK_SEL(fs);
10798 CHECK_SEL(gs);
10799 CHECK_FIELD(cr0);
10800
10801 /* Klugde #1: REM fetches code and across the page boundrary and faults on the next page, while we execute
10802 the faulting instruction first: 001b:77f61ff3 66 8b 42 02 mov ax, word [edx+002h] (NT4SP1) */
10803 /* Kludge #2: CR2 differs slightly on cross page boundrary faults, we report the last address of the access
10804 while REM reports the address of the first byte on the page. Pending investigation as to which is correct. */
10805 if (pOrgCtx->cr2 != pDebugCtx->cr2)
10806 {
10807 if (pIemCpu->uOldCs == 0x1b && pIemCpu->uOldRip == 0x77f61ff3 && fRem)
10808 { /* ignore */ }
10809 else if ( (pOrgCtx->cr2 & ~(uint64_t)3) == (pDebugCtx->cr2 & ~(uint64_t)3)
10810 && (pOrgCtx->cr2 & PAGE_OFFSET_MASK) == 0
10811 && fRem)
10812 { /* ignore */ }
10813 else
10814 CHECK_FIELD(cr2);
10815 }
10816 CHECK_FIELD(cr3);
10817 CHECK_FIELD(cr4);
10818 CHECK_FIELD(dr[0]);
10819 CHECK_FIELD(dr[1]);
10820 CHECK_FIELD(dr[2]);
10821 CHECK_FIELD(dr[3]);
10822 CHECK_FIELD(dr[6]);
10823 if (!fRem || (pOrgCtx->dr[7] & ~X86_DR7_RA1_MASK) != (pDebugCtx->dr[7] & ~X86_DR7_RA1_MASK)) /* REM 'mov drX,greg' bug.*/
10824 CHECK_FIELD(dr[7]);
10825 CHECK_FIELD(gdtr.cbGdt);
10826 CHECK_FIELD(gdtr.pGdt);
10827 CHECK_FIELD(idtr.cbIdt);
10828 CHECK_FIELD(idtr.pIdt);
10829 CHECK_SEL(ldtr);
10830 CHECK_SEL(tr);
10831 CHECK_FIELD(SysEnter.cs);
10832 CHECK_FIELD(SysEnter.eip);
10833 CHECK_FIELD(SysEnter.esp);
10834 CHECK_FIELD(msrEFER);
10835 CHECK_FIELD(msrSTAR);
10836 CHECK_FIELD(msrPAT);
10837 CHECK_FIELD(msrLSTAR);
10838 CHECK_FIELD(msrCSTAR);
10839 CHECK_FIELD(msrSFMASK);
10840 CHECK_FIELD(msrKERNELGSBASE);
10841
10842 if (cDiffs != 0)
10843 {
10844 DBGFR3Info(pVM->pUVM, "cpumguest", "verbose", NULL);
10845 RTAssertMsg1(NULL, __LINE__, __FILE__, __FUNCTION__);
10846 RTAssertPanic();
10847 static bool volatile s_fEnterDebugger = true;
10848 if (s_fEnterDebugger)
10849 DBGFSTOP(pVM);
10850
10851# if 1 /* Ignore unimplemented instructions for now. */
10852 if (rcStrictIem == VERR_IEM_INSTR_NOT_IMPLEMENTED)
10853 rcStrictIem = VINF_SUCCESS;
10854# endif
10855 }
10856# undef CHECK_FIELD
10857# undef CHECK_BIT_FIELD
10858 }
10859
10860 /*
10861 * If the register state compared fine, check the verification event
10862 * records.
10863 */
10864 if (cDiffs == 0 && !pIemCpu->fOverlappingMovs)
10865 {
10866 /*
10867 * Compare verficiation event records.
10868 * - I/O port accesses should be a 1:1 match.
10869 */
10870 PIEMVERIFYEVTREC pIemRec = pIemCpu->pIemEvtRecHead;
10871 PIEMVERIFYEVTREC pOtherRec = pIemCpu->pOtherEvtRecHead;
10872 while (pIemRec && pOtherRec)
10873 {
10874 /* Since we might miss RAM writes and reads, ignore reads and check
10875 that any written memory is the same extra ones. */
10876 while ( IEMVERIFYEVENT_IS_RAM(pIemRec->enmEvent)
10877 && !IEMVERIFYEVENT_IS_RAM(pOtherRec->enmEvent)
10878 && pIemRec->pNext)
10879 {
10880 if (pIemRec->enmEvent == IEMVERIFYEVENT_RAM_WRITE)
10881 iemVerifyWriteRecord(pIemCpu, pIemRec, fRem);
10882 pIemRec = pIemRec->pNext;
10883 }
10884
10885 /* Do the compare. */
10886 if (pIemRec->enmEvent != pOtherRec->enmEvent)
10887 {
10888 iemVerifyAssertRecords(pIemCpu, pIemRec, pOtherRec, "Type mismatches");
10889 break;
10890 }
10891 bool fEquals;
10892 switch (pIemRec->enmEvent)
10893 {
10894 case IEMVERIFYEVENT_IOPORT_READ:
10895 fEquals = pIemRec->u.IOPortRead.Port == pOtherRec->u.IOPortRead.Port
10896 && pIemRec->u.IOPortRead.cbValue == pOtherRec->u.IOPortRead.cbValue;
10897 break;
10898 case IEMVERIFYEVENT_IOPORT_WRITE:
10899 fEquals = pIemRec->u.IOPortWrite.Port == pOtherRec->u.IOPortWrite.Port
10900 && pIemRec->u.IOPortWrite.cbValue == pOtherRec->u.IOPortWrite.cbValue
10901 && pIemRec->u.IOPortWrite.u32Value == pOtherRec->u.IOPortWrite.u32Value;
10902 break;
10903 case IEMVERIFYEVENT_IOPORT_STR_READ:
10904 fEquals = pIemRec->u.IOPortStrRead.Port == pOtherRec->u.IOPortStrRead.Port
10905 && pIemRec->u.IOPortStrRead.cbValue == pOtherRec->u.IOPortStrRead.cbValue
10906 && pIemRec->u.IOPortStrRead.cTransfers == pOtherRec->u.IOPortStrRead.cTransfers;
10907 break;
10908 case IEMVERIFYEVENT_IOPORT_STR_WRITE:
10909 fEquals = pIemRec->u.IOPortStrWrite.Port == pOtherRec->u.IOPortStrWrite.Port
10910 && pIemRec->u.IOPortStrWrite.cbValue == pOtherRec->u.IOPortStrWrite.cbValue
10911 && pIemRec->u.IOPortStrWrite.cTransfers == pOtherRec->u.IOPortStrWrite.cTransfers;
10912 break;
10913 case IEMVERIFYEVENT_RAM_READ:
10914 fEquals = pIemRec->u.RamRead.GCPhys == pOtherRec->u.RamRead.GCPhys
10915 && pIemRec->u.RamRead.cb == pOtherRec->u.RamRead.cb;
10916 break;
10917 case IEMVERIFYEVENT_RAM_WRITE:
10918 fEquals = pIemRec->u.RamWrite.GCPhys == pOtherRec->u.RamWrite.GCPhys
10919 && pIemRec->u.RamWrite.cb == pOtherRec->u.RamWrite.cb
10920 && !memcmp(pIemRec->u.RamWrite.ab, pOtherRec->u.RamWrite.ab, pIemRec->u.RamWrite.cb);
10921 break;
10922 default:
10923 fEquals = false;
10924 break;
10925 }
10926 if (!fEquals)
10927 {
10928 iemVerifyAssertRecords(pIemCpu, pIemRec, pOtherRec, "Mismatch");
10929 break;
10930 }
10931
10932 /* advance */
10933 pIemRec = pIemRec->pNext;
10934 pOtherRec = pOtherRec->pNext;
10935 }
10936
10937 /* Ignore extra writes and reads. */
10938 while (pIemRec && IEMVERIFYEVENT_IS_RAM(pIemRec->enmEvent))
10939 {
10940 if (pIemRec->enmEvent == IEMVERIFYEVENT_RAM_WRITE)
10941 iemVerifyWriteRecord(pIemCpu, pIemRec, fRem);
10942 pIemRec = pIemRec->pNext;
10943 }
10944 if (pIemRec != NULL)
10945 iemVerifyAssertRecord(pIemCpu, pIemRec, "Extra IEM record!");
10946 else if (pOtherRec != NULL)
10947 iemVerifyAssertRecord(pIemCpu, pOtherRec, "Extra Other record!");
10948 }
10949 pIemCpu->CTX_SUFF(pCtx) = pOrgCtx;
10950
10951 return rcStrictIem;
10952}
10953
10954#else /* !IEM_VERIFICATION_MODE_FULL || !IN_RING3 */
10955
10956/* stubs */
10957IEM_STATIC VBOXSTRICTRC iemVerifyFakeIOPortRead(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t *pu32Value, size_t cbValue)
10958{
10959 NOREF(pIemCpu); NOREF(Port); NOREF(pu32Value); NOREF(cbValue);
10960 return VERR_INTERNAL_ERROR;
10961}
10962
10963IEM_STATIC VBOXSTRICTRC iemVerifyFakeIOPortWrite(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t u32Value, size_t cbValue)
10964{
10965 NOREF(pIemCpu); NOREF(Port); NOREF(u32Value); NOREF(cbValue);
10966 return VERR_INTERNAL_ERROR;
10967}
10968
10969#endif /* !IEM_VERIFICATION_MODE_FULL || !IN_RING3 */
10970
10971
10972#ifdef LOG_ENABLED
10973/**
10974 * Logs the current instruction.
10975 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
10976 * @param pCtx The current CPU context.
10977 * @param fSameCtx Set if we have the same context information as the VMM,
10978 * clear if we may have already executed an instruction in
10979 * our debug context. When clear, we assume IEMCPU holds
10980 * valid CPU mode info.
10981 */
10982IEM_STATIC void iemLogCurInstr(PVMCPU pVCpu, PCPUMCTX pCtx, bool fSameCtx)
10983{
10984# ifdef IN_RING3
10985 if (LogIs2Enabled())
10986 {
10987 char szInstr[256];
10988 uint32_t cbInstr = 0;
10989 if (fSameCtx)
10990 DBGFR3DisasInstrEx(pVCpu->pVMR3->pUVM, pVCpu->idCpu, 0, 0,
10991 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
10992 szInstr, sizeof(szInstr), &cbInstr);
10993 else
10994 {
10995 uint32_t fFlags = 0;
10996 switch (pVCpu->iem.s.enmCpuMode)
10997 {
10998 case IEMMODE_64BIT: fFlags |= DBGF_DISAS_FLAGS_64BIT_MODE; break;
10999 case IEMMODE_32BIT: fFlags |= DBGF_DISAS_FLAGS_32BIT_MODE; break;
11000 case IEMMODE_16BIT:
11001 if (!(pCtx->cr0 & X86_CR0_PE) || pCtx->eflags.Bits.u1VM)
11002 fFlags |= DBGF_DISAS_FLAGS_16BIT_REAL_MODE;
11003 else
11004 fFlags |= DBGF_DISAS_FLAGS_16BIT_MODE;
11005 break;
11006 }
11007 DBGFR3DisasInstrEx(pVCpu->pVMR3->pUVM, pVCpu->idCpu, pCtx->cs.Sel, pCtx->rip, fFlags,
11008 szInstr, sizeof(szInstr), &cbInstr);
11009 }
11010
11011 PCX86FXSTATE pFpuCtx = &pCtx->CTX_SUFF(pXState)->x87;
11012 Log2(("****\n"
11013 " eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x\n"
11014 " eip=%08x esp=%08x ebp=%08x iopl=%d tr=%04x\n"
11015 " cs=%04x ss=%04x ds=%04x es=%04x fs=%04x gs=%04x efl=%08x\n"
11016 " fsw=%04x fcw=%04x ftw=%02x mxcsr=%04x/%04x\n"
11017 " %s\n"
11018 ,
11019 pCtx->eax, pCtx->ebx, pCtx->ecx, pCtx->edx, pCtx->esi, pCtx->edi,
11020 pCtx->eip, pCtx->esp, pCtx->ebp, pCtx->eflags.Bits.u2IOPL, pCtx->tr.Sel,
11021 pCtx->cs.Sel, pCtx->ss.Sel, pCtx->ds.Sel, pCtx->es.Sel,
11022 pCtx->fs.Sel, pCtx->gs.Sel, pCtx->eflags.u,
11023 pFpuCtx->FSW, pFpuCtx->FCW, pFpuCtx->FTW, pFpuCtx->MXCSR, pFpuCtx->MXCSR_MASK,
11024 szInstr));
11025
11026 if (LogIs3Enabled())
11027 DBGFR3Info(pVCpu->pVMR3->pUVM, "cpumguest", "verbose", NULL);
11028 }
11029 else
11030# endif
11031 LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x\n",
11032 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp, pCtx->eflags.u));
11033}
11034#endif
11035
11036
11037/**
11038 * Makes status code addjustments (pass up from I/O and access handler)
11039 * as well as maintaining statistics.
11040 *
11041 * @returns Strict VBox status code to pass up.
11042 * @param pIemCpu The IEM per CPU data.
11043 * @param rcStrict The status from executing an instruction.
11044 */
11045DECL_FORCE_INLINE(VBOXSTRICTRC) iemExecStatusCodeFiddling(PIEMCPU pIemCpu, VBOXSTRICTRC rcStrict)
11046{
11047 if (rcStrict != VINF_SUCCESS)
11048 {
11049 if (RT_SUCCESS(rcStrict))
11050 {
11051 AssertMsg( (rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST)
11052 || rcStrict == VINF_IOM_R3_IOPORT_READ
11053 || rcStrict == VINF_IOM_R3_IOPORT_WRITE
11054 || rcStrict == VINF_IOM_R3_IOPORT_COMMIT_WRITE
11055 || rcStrict == VINF_IOM_R3_MMIO_READ
11056 || rcStrict == VINF_IOM_R3_MMIO_READ_WRITE
11057 || rcStrict == VINF_IOM_R3_MMIO_WRITE
11058 || rcStrict == VINF_IOM_R3_MMIO_COMMIT_WRITE
11059 || rcStrict == VINF_CPUM_R3_MSR_READ
11060 || rcStrict == VINF_CPUM_R3_MSR_WRITE
11061 || rcStrict == VINF_EM_RAW_EMULATE_INSTR
11062 || rcStrict == VINF_EM_RAW_TO_R3
11063 || rcStrict == VINF_EM_RAW_EMULATE_IO_BLOCK
11064 /* raw-mode / virt handlers only: */
11065 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT
11066 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT
11067 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT
11068 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_IDT_FAULT
11069 || rcStrict == VINF_SELM_SYNC_GDT
11070 || rcStrict == VINF_CSAM_PENDING_ACTION
11071 || rcStrict == VINF_PATM_CHECK_PATCH_PAGE
11072 , ("rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
11073/** @todo adjust for VINF_EM_RAW_EMULATE_INSTR */
11074 int32_t const rcPassUp = pIemCpu->rcPassUp;
11075 if (rcPassUp == VINF_SUCCESS)
11076 pIemCpu->cRetInfStatuses++;
11077 else if ( rcPassUp < VINF_EM_FIRST
11078 || rcPassUp > VINF_EM_LAST
11079 || rcPassUp < VBOXSTRICTRC_VAL(rcStrict))
11080 {
11081 Log(("IEM: rcPassUp=%Rrc! rcStrict=%Rrc\n", rcPassUp, VBOXSTRICTRC_VAL(rcStrict)));
11082 pIemCpu->cRetPassUpStatus++;
11083 rcStrict = rcPassUp;
11084 }
11085 else
11086 {
11087 Log(("IEM: rcPassUp=%Rrc rcStrict=%Rrc!\n", rcPassUp, VBOXSTRICTRC_VAL(rcStrict)));
11088 pIemCpu->cRetInfStatuses++;
11089 }
11090 }
11091 else if (rcStrict == VERR_IEM_ASPECT_NOT_IMPLEMENTED)
11092 pIemCpu->cRetAspectNotImplemented++;
11093 else if (rcStrict == VERR_IEM_INSTR_NOT_IMPLEMENTED)
11094 pIemCpu->cRetInstrNotImplemented++;
11095#ifdef IEM_VERIFICATION_MODE_FULL
11096 else if (rcStrict == VERR_IEM_RESTART_INSTRUCTION)
11097 rcStrict = VINF_SUCCESS;
11098#endif
11099 else
11100 pIemCpu->cRetErrStatuses++;
11101 }
11102 else if (pIemCpu->rcPassUp != VINF_SUCCESS)
11103 {
11104 pIemCpu->cRetPassUpStatus++;
11105 rcStrict = pIemCpu->rcPassUp;
11106 }
11107
11108 return rcStrict;
11109}
11110
11111
11112/**
11113 * The actual code execution bits of IEMExecOne, IEMExecOneEx, and
11114 * IEMExecOneWithPrefetchedByPC.
11115 *
11116 * @return Strict VBox status code.
11117 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11118 * @param pIemCpu The IEM per CPU data.
11119 * @param fExecuteInhibit If set, execute the instruction following CLI,
11120 * POP SS and MOV SS,GR.
11121 */
11122DECL_FORCE_INLINE(VBOXSTRICTRC) iemExecOneInner(PVMCPU pVCpu, PIEMCPU pIemCpu, bool fExecuteInhibit)
11123{
11124 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
11125 VBOXSTRICTRC rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
11126 if (rcStrict == VINF_SUCCESS)
11127 pIemCpu->cInstructions++;
11128 if (pIemCpu->cActiveMappings > 0)
11129 iemMemRollback(pIemCpu);
11130//#ifdef DEBUG
11131// AssertMsg(pIemCpu->offOpcode == cbInstr || rcStrict != VINF_SUCCESS, ("%u %u\n", pIemCpu->offOpcode, cbInstr));
11132//#endif
11133
11134 /* Execute the next instruction as well if a cli, pop ss or
11135 mov ss, Gr has just completed successfully. */
11136 if ( fExecuteInhibit
11137 && rcStrict == VINF_SUCCESS
11138 && VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
11139 && EMGetInhibitInterruptsPC(pVCpu) == pIemCpu->CTX_SUFF(pCtx)->rip )
11140 {
11141 rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, pIemCpu->fBypassHandlers);
11142 if (rcStrict == VINF_SUCCESS)
11143 {
11144# ifdef LOG_ENABLED
11145 iemLogCurInstr(IEMCPU_TO_VMCPU(pIemCpu), pIemCpu->CTX_SUFF(pCtx), false);
11146# endif
11147 IEM_OPCODE_GET_NEXT_U8(&b);
11148 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
11149 if (rcStrict == VINF_SUCCESS)
11150 pIemCpu->cInstructions++;
11151 if (pIemCpu->cActiveMappings > 0)
11152 iemMemRollback(pIemCpu);
11153 }
11154 EMSetInhibitInterruptsPC(pVCpu, UINT64_C(0x7777555533331111));
11155 }
11156
11157 /*
11158 * Return value fiddling, statistics and sanity assertions.
11159 */
11160 rcStrict = iemExecStatusCodeFiddling(pIemCpu, rcStrict);
11161
11162 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->cs));
11163 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->ss));
11164#if defined(IEM_VERIFICATION_MODE_FULL)
11165 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->es));
11166 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->ds));
11167 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->fs));
11168 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->gs));
11169#endif
11170 return rcStrict;
11171}
11172
11173
11174#ifdef IN_RC
11175/**
11176 * Re-enters raw-mode or ensure we return to ring-3.
11177 *
11178 * @returns rcStrict, maybe modified.
11179 * @param pIemCpu The IEM CPU structure.
11180 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11181 * @param pCtx The current CPU context.
11182 * @param rcStrict The status code returne by the interpreter.
11183 */
11184DECLINLINE(VBOXSTRICTRC) iemRCRawMaybeReenter(PIEMCPU pIemCpu, PVMCPU pVCpu, PCPUMCTX pCtx, VBOXSTRICTRC rcStrict)
11185{
11186 if ( !pIemCpu->fInPatchCode
11187 && rcStrict == VINF_SUCCESS)
11188 CPUMRawEnter(pVCpu);
11189 return rcStrict;
11190}
11191#endif
11192
11193
11194/**
11195 * Execute one instruction.
11196 *
11197 * @return Strict VBox status code.
11198 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11199 */
11200VMMDECL(VBOXSTRICTRC) IEMExecOne(PVMCPU pVCpu)
11201{
11202 PIEMCPU pIemCpu = &pVCpu->iem.s;
11203
11204#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
11205 if (++pIemCpu->cVerifyDepth == 1)
11206 iemExecVerificationModeSetup(pIemCpu);
11207#endif
11208#ifdef LOG_ENABLED
11209 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
11210 iemLogCurInstr(pVCpu, pCtx, true);
11211#endif
11212
11213 /*
11214 * Do the decoding and emulation.
11215 */
11216 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
11217 if (rcStrict == VINF_SUCCESS)
11218 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
11219
11220#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
11221 /*
11222 * Assert some sanity.
11223 */
11224 if (pIemCpu->cVerifyDepth == 1)
11225 rcStrict = iemExecVerificationModeCheck(pIemCpu, rcStrict);
11226 pIemCpu->cVerifyDepth--;
11227#endif
11228#ifdef IN_RC
11229 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pIemCpu->CTX_SUFF(pCtx), rcStrict);
11230#endif
11231 if (rcStrict != VINF_SUCCESS)
11232 LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
11233 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp, pCtx->eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
11234 return rcStrict;
11235}
11236
11237
11238VMMDECL(VBOXSTRICTRC) IEMExecOneEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
11239{
11240 PIEMCPU pIemCpu = &pVCpu->iem.s;
11241 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
11242 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
11243
11244 uint32_t const cbOldWritten = pIemCpu->cbWritten;
11245 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
11246 if (rcStrict == VINF_SUCCESS)
11247 {
11248 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
11249 if (pcbWritten)
11250 *pcbWritten = pIemCpu->cbWritten - cbOldWritten;
11251 }
11252
11253#ifdef IN_RC
11254 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
11255#endif
11256 return rcStrict;
11257}
11258
11259
11260VMMDECL(VBOXSTRICTRC) IEMExecOneWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
11261 const void *pvOpcodeBytes, size_t cbOpcodeBytes)
11262{
11263 PIEMCPU pIemCpu = &pVCpu->iem.s;
11264 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
11265 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
11266
11267 VBOXSTRICTRC rcStrict;
11268 if ( cbOpcodeBytes
11269 && pCtx->rip == OpcodeBytesPC)
11270 {
11271 iemInitDecoder(pIemCpu, false);
11272 pIemCpu->cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pIemCpu->abOpcode));
11273 memcpy(pIemCpu->abOpcode, pvOpcodeBytes, pIemCpu->cbOpcode);
11274 rcStrict = VINF_SUCCESS;
11275 }
11276 else
11277 rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
11278 if (rcStrict == VINF_SUCCESS)
11279 {
11280 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
11281 }
11282
11283#ifdef IN_RC
11284 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
11285#endif
11286 return rcStrict;
11287}
11288
11289
11290VMMDECL(VBOXSTRICTRC) IEMExecOneBypassEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
11291{
11292 PIEMCPU pIemCpu = &pVCpu->iem.s;
11293 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
11294 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
11295
11296 uint32_t const cbOldWritten = pIemCpu->cbWritten;
11297 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, true);
11298 if (rcStrict == VINF_SUCCESS)
11299 {
11300 rcStrict = iemExecOneInner(pVCpu, pIemCpu, false);
11301 if (pcbWritten)
11302 *pcbWritten = pIemCpu->cbWritten - cbOldWritten;
11303 }
11304
11305#ifdef IN_RC
11306 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
11307#endif
11308 return rcStrict;
11309}
11310
11311
11312VMMDECL(VBOXSTRICTRC) IEMExecOneBypassWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
11313 const void *pvOpcodeBytes, size_t cbOpcodeBytes)
11314{
11315 PIEMCPU pIemCpu = &pVCpu->iem.s;
11316 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
11317 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
11318
11319 VBOXSTRICTRC rcStrict;
11320 if ( cbOpcodeBytes
11321 && pCtx->rip == OpcodeBytesPC)
11322 {
11323 iemInitDecoder(pIemCpu, true);
11324 pIemCpu->cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pIemCpu->abOpcode));
11325 memcpy(pIemCpu->abOpcode, pvOpcodeBytes, pIemCpu->cbOpcode);
11326 rcStrict = VINF_SUCCESS;
11327 }
11328 else
11329 rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, true);
11330 if (rcStrict == VINF_SUCCESS)
11331 rcStrict = iemExecOneInner(pVCpu, pIemCpu, false);
11332
11333#ifdef IN_RC
11334 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
11335#endif
11336 return rcStrict;
11337}
11338
11339
11340VMMDECL(VBOXSTRICTRC) IEMExecLots(PVMCPU pVCpu)
11341{
11342 PIEMCPU pIemCpu = &pVCpu->iem.s;
11343
11344 /*
11345 * See if there is an interrupt pending in TRPM and inject it if we can.
11346 */
11347#if !defined(IEM_VERIFICATION_MODE_FULL) || !defined(IN_RING3)
11348 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
11349# ifdef IEM_VERIFICATION_MODE_FULL
11350 pIemCpu->uInjectCpl = UINT8_MAX;
11351# endif
11352 if ( pCtx->eflags.Bits.u1IF
11353 && TRPMHasTrap(pVCpu)
11354 && EMGetInhibitInterruptsPC(pVCpu) != pCtx->rip)
11355 {
11356 uint8_t u8TrapNo;
11357 TRPMEVENT enmType;
11358 RTGCUINT uErrCode;
11359 RTGCPTR uCr2;
11360 int rc2 = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrCode, &uCr2, NULL /* pu8InstLen */); AssertRC(rc2);
11361 IEMInjectTrap(pVCpu, u8TrapNo, enmType, (uint16_t)uErrCode, uCr2, 0 /* cbInstr */);
11362 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
11363 TRPMResetTrap(pVCpu);
11364 }
11365#else
11366 iemExecVerificationModeSetup(pIemCpu);
11367 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
11368#endif
11369
11370 /*
11371 * Log the state.
11372 */
11373#ifdef LOG_ENABLED
11374 iemLogCurInstr(pVCpu, pCtx, true);
11375#endif
11376
11377 /*
11378 * Do the decoding and emulation.
11379 */
11380 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
11381 if (rcStrict == VINF_SUCCESS)
11382 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
11383
11384#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
11385 /*
11386 * Assert some sanity.
11387 */
11388 rcStrict = iemExecVerificationModeCheck(pIemCpu, rcStrict);
11389#endif
11390
11391 /*
11392 * Maybe re-enter raw-mode and log.
11393 */
11394#ifdef IN_RC
11395 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pIemCpu->CTX_SUFF(pCtx), rcStrict);
11396#endif
11397 if (rcStrict != VINF_SUCCESS)
11398 LogFlow(("IEMExecLots: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
11399 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp, pCtx->eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
11400 return rcStrict;
11401}
11402
11403
11404
11405/**
11406 * Injects a trap, fault, abort, software interrupt or external interrupt.
11407 *
11408 * The parameter list matches TRPMQueryTrapAll pretty closely.
11409 *
11410 * @returns Strict VBox status code.
11411 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11412 * @param u8TrapNo The trap number.
11413 * @param enmType What type is it (trap/fault/abort), software
11414 * interrupt or hardware interrupt.
11415 * @param uErrCode The error code if applicable.
11416 * @param uCr2 The CR2 value if applicable.
11417 * @param cbInstr The instruction length (only relevant for
11418 * software interrupts).
11419 */
11420VMM_INT_DECL(VBOXSTRICTRC) IEMInjectTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType, uint16_t uErrCode, RTGCPTR uCr2,
11421 uint8_t cbInstr)
11422{
11423 iemInitDecoder(&pVCpu->iem.s, false);
11424#ifdef DBGFTRACE_ENABLED
11425 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "IEMInjectTrap: %x %d %x %llx",
11426 u8TrapNo, enmType, uErrCode, uCr2);
11427#endif
11428
11429 uint32_t fFlags;
11430 switch (enmType)
11431 {
11432 case TRPM_HARDWARE_INT:
11433 Log(("IEMInjectTrap: %#4x ext\n", u8TrapNo));
11434 fFlags = IEM_XCPT_FLAGS_T_EXT_INT;
11435 uErrCode = uCr2 = 0;
11436 break;
11437
11438 case TRPM_SOFTWARE_INT:
11439 Log(("IEMInjectTrap: %#4x soft\n", u8TrapNo));
11440 fFlags = IEM_XCPT_FLAGS_T_SOFT_INT;
11441 uErrCode = uCr2 = 0;
11442 break;
11443
11444 case TRPM_TRAP:
11445 Log(("IEMInjectTrap: %#4x trap err=%#x cr2=%#RGv\n", u8TrapNo, uErrCode, uCr2));
11446 fFlags = IEM_XCPT_FLAGS_T_CPU_XCPT;
11447 if (u8TrapNo == X86_XCPT_PF)
11448 fFlags |= IEM_XCPT_FLAGS_CR2;
11449 switch (u8TrapNo)
11450 {
11451 case X86_XCPT_DF:
11452 case X86_XCPT_TS:
11453 case X86_XCPT_NP:
11454 case X86_XCPT_SS:
11455 case X86_XCPT_PF:
11456 case X86_XCPT_AC:
11457 fFlags |= IEM_XCPT_FLAGS_ERR;
11458 break;
11459
11460 case X86_XCPT_NMI:
11461 VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
11462 break;
11463 }
11464 break;
11465
11466 IEM_NOT_REACHED_DEFAULT_CASE_RET();
11467 }
11468
11469 return iemRaiseXcptOrInt(&pVCpu->iem.s, cbInstr, u8TrapNo, fFlags, uErrCode, uCr2);
11470}
11471
11472
11473/**
11474 * Injects the active TRPM event.
11475 *
11476 * @returns Strict VBox status code.
11477 * @param pVCpu The cross context virtual CPU structure.
11478 */
11479VMMDECL(VBOXSTRICTRC) IEMInjectTrpmEvent(PVMCPU pVCpu)
11480{
11481#ifndef IEM_IMPLEMENTS_TASKSWITCH
11482 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Event injection\n"));
11483#else
11484 uint8_t u8TrapNo;
11485 TRPMEVENT enmType;
11486 RTGCUINT uErrCode;
11487 RTGCUINTPTR uCr2;
11488 uint8_t cbInstr;
11489 int rc = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrCode, &uCr2, &cbInstr);
11490 if (RT_FAILURE(rc))
11491 return rc;
11492
11493 VBOXSTRICTRC rcStrict = IEMInjectTrap(pVCpu, u8TrapNo, enmType, uErrCode, uCr2, cbInstr);
11494
11495 /** @todo Are there any other codes that imply the event was successfully
11496 * delivered to the guest? See @bugref{6607}. */
11497 if ( rcStrict == VINF_SUCCESS
11498 || rcStrict == VINF_IEM_RAISED_XCPT)
11499 {
11500 TRPMResetTrap(pVCpu);
11501 }
11502 return rcStrict;
11503#endif
11504}
11505
11506
11507VMM_INT_DECL(int) IEMBreakpointSet(PVM pVM, RTGCPTR GCPtrBp)
11508{
11509 return VERR_NOT_IMPLEMENTED;
11510}
11511
11512
11513VMM_INT_DECL(int) IEMBreakpointClear(PVM pVM, RTGCPTR GCPtrBp)
11514{
11515 return VERR_NOT_IMPLEMENTED;
11516}
11517
11518
11519#if 0 /* The IRET-to-v8086 mode in PATM is very optimistic, so I don't dare do this yet. */
11520/**
11521 * Executes a IRET instruction with default operand size.
11522 *
11523 * This is for PATM.
11524 *
11525 * @returns VBox status code.
11526 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11527 * @param pCtxCore The register frame.
11528 */
11529VMM_INT_DECL(int) IEMExecInstr_iret(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore)
11530{
11531 PIEMCPU pIemCpu = &pVCpu->iem.s;
11532 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
11533
11534 iemCtxCoreToCtx(pCtx, pCtxCore);
11535 iemInitDecoder(pIemCpu);
11536 VBOXSTRICTRC rcStrict = iemCImpl_iret(pIemCpu, 1, pIemCpu->enmDefOpSize);
11537 if (rcStrict == VINF_SUCCESS)
11538 iemCtxToCtxCore(pCtxCore, pCtx);
11539 else
11540 LogFlow(("IEMExecInstr_iret: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
11541 pCtx->cs, pCtx->rip, pCtx->ss, pCtx->rsp, pCtx->eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
11542 return rcStrict;
11543}
11544#endif
11545
11546
11547/**
11548 * Macro used by the IEMExec* method to check the given instruction length.
11549 *
11550 * Will return on failure!
11551 *
11552 * @param a_cbInstr The given instruction length.
11553 * @param a_cbMin The minimum length.
11554 */
11555#define IEMEXEC_ASSERT_INSTR_LEN_RETURN(a_cbInstr, a_cbMin) \
11556 AssertMsgReturn((unsigned)(a_cbInstr) - (unsigned)(a_cbMin) <= (unsigned)15 - (unsigned)(a_cbMin), \
11557 ("cbInstr=%u cbMin=%u\n", (a_cbInstr), (a_cbMin)), VERR_IEM_INVALID_INSTR_LENGTH)
11558
11559
11560/**
11561 * Calls iemUninitExec, iemExecStatusCodeFiddling and iemRCRawMaybeReenter.
11562 *
11563 * Only calling iemRCRawMaybeReenter in raw-mode, obviously.
11564 *
11565 * @returns Fiddled strict vbox status code, ready to return to non-IEM caller.
11566 * @param pIemCpu The IEM per-CPU structure.
11567 * @param rcStrict The status code to fiddle.
11568 */
11569DECLINLINE(VBOXSTRICTRC) iemUninitExecAndFiddleStatusAndMaybeReenter(PIEMCPU pIemCpu, VBOXSTRICTRC rcStrict)
11570{
11571 iemUninitExec(pIemCpu);
11572#ifdef IN_RC
11573 return iemRCRawMaybeReenter(pIemCpu, IEMCPU_TO_VMCPU(pIemCpu), pIemCpu->CTX_SUFF(pCtx),
11574 iemExecStatusCodeFiddling(pIemCpu, rcStrict));
11575#else
11576 return iemExecStatusCodeFiddling(pIemCpu, rcStrict);
11577#endif
11578}
11579
11580
11581/**
11582 * Interface for HM and EM for executing string I/O OUT (write) instructions.
11583 *
11584 * This API ASSUMES that the caller has already verified that the guest code is
11585 * allowed to access the I/O port. (The I/O port is in the DX register in the
11586 * guest state.)
11587 *
11588 * @returns Strict VBox status code.
11589 * @param pVCpu The cross context virtual CPU structure.
11590 * @param cbValue The size of the I/O port access (1, 2, or 4).
11591 * @param enmAddrMode The addressing mode.
11592 * @param fRepPrefix Indicates whether a repeat prefix is used
11593 * (doesn't matter which for this instruction).
11594 * @param cbInstr The instruction length in bytes.
11595 * @param iEffSeg The effective segment address.
11596 * @param fIoChecked Whether the access to the I/O port has been
11597 * checked or not. It's typically checked in the
11598 * HM scenario.
11599 */
11600VMM_INT_DECL(VBOXSTRICTRC) IEMExecStringIoWrite(PVMCPU pVCpu, uint8_t cbValue, IEMMODE enmAddrMode,
11601 bool fRepPrefix, uint8_t cbInstr, uint8_t iEffSeg, bool fIoChecked)
11602{
11603 AssertMsgReturn(iEffSeg < X86_SREG_COUNT, ("%#x\n", iEffSeg), VERR_IEM_INVALID_EFF_SEG);
11604 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
11605
11606 /*
11607 * State init.
11608 */
11609 PIEMCPU pIemCpu = &pVCpu->iem.s;
11610 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11611
11612 /*
11613 * Switch orgy for getting to the right handler.
11614 */
11615 VBOXSTRICTRC rcStrict;
11616 if (fRepPrefix)
11617 {
11618 switch (enmAddrMode)
11619 {
11620 case IEMMODE_16BIT:
11621 switch (cbValue)
11622 {
11623 case 1: rcStrict = iemCImpl_rep_outs_op8_addr16(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11624 case 2: rcStrict = iemCImpl_rep_outs_op16_addr16(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11625 case 4: rcStrict = iemCImpl_rep_outs_op32_addr16(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11626 default:
11627 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11628 }
11629 break;
11630
11631 case IEMMODE_32BIT:
11632 switch (cbValue)
11633 {
11634 case 1: rcStrict = iemCImpl_rep_outs_op8_addr32(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11635 case 2: rcStrict = iemCImpl_rep_outs_op16_addr32(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11636 case 4: rcStrict = iemCImpl_rep_outs_op32_addr32(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11637 default:
11638 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11639 }
11640 break;
11641
11642 case IEMMODE_64BIT:
11643 switch (cbValue)
11644 {
11645 case 1: rcStrict = iemCImpl_rep_outs_op8_addr64(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11646 case 2: rcStrict = iemCImpl_rep_outs_op16_addr64(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11647 case 4: rcStrict = iemCImpl_rep_outs_op32_addr64(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11648 default:
11649 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11650 }
11651 break;
11652
11653 default:
11654 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
11655 }
11656 }
11657 else
11658 {
11659 switch (enmAddrMode)
11660 {
11661 case IEMMODE_16BIT:
11662 switch (cbValue)
11663 {
11664 case 1: rcStrict = iemCImpl_outs_op8_addr16(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11665 case 2: rcStrict = iemCImpl_outs_op16_addr16(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11666 case 4: rcStrict = iemCImpl_outs_op32_addr16(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11667 default:
11668 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11669 }
11670 break;
11671
11672 case IEMMODE_32BIT:
11673 switch (cbValue)
11674 {
11675 case 1: rcStrict = iemCImpl_outs_op8_addr32(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11676 case 2: rcStrict = iemCImpl_outs_op16_addr32(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11677 case 4: rcStrict = iemCImpl_outs_op32_addr32(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11678 default:
11679 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11680 }
11681 break;
11682
11683 case IEMMODE_64BIT:
11684 switch (cbValue)
11685 {
11686 case 1: rcStrict = iemCImpl_outs_op8_addr64(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11687 case 2: rcStrict = iemCImpl_outs_op16_addr64(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11688 case 4: rcStrict = iemCImpl_outs_op32_addr64(pIemCpu, cbInstr, iEffSeg, fIoChecked); break;
11689 default:
11690 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11691 }
11692 break;
11693
11694 default:
11695 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
11696 }
11697 }
11698
11699 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11700}
11701
11702
11703/**
11704 * Interface for HM and EM for executing string I/O IN (read) instructions.
11705 *
11706 * This API ASSUMES that the caller has already verified that the guest code is
11707 * allowed to access the I/O port. (The I/O port is in the DX register in the
11708 * guest state.)
11709 *
11710 * @returns Strict VBox status code.
11711 * @param pVCpu The cross context virtual CPU structure.
11712 * @param cbValue The size of the I/O port access (1, 2, or 4).
11713 * @param enmAddrMode The addressing mode.
11714 * @param fRepPrefix Indicates whether a repeat prefix is used
11715 * (doesn't matter which for this instruction).
11716 * @param cbInstr The instruction length in bytes.
11717 * @param fIoChecked Whether the access to the I/O port has been
11718 * checked or not. It's typically checked in the
11719 * HM scenario.
11720 */
11721VMM_INT_DECL(VBOXSTRICTRC) IEMExecStringIoRead(PVMCPU pVCpu, uint8_t cbValue, IEMMODE enmAddrMode,
11722 bool fRepPrefix, uint8_t cbInstr, bool fIoChecked)
11723{
11724 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
11725
11726 /*
11727 * State init.
11728 */
11729 PIEMCPU pIemCpu = &pVCpu->iem.s;
11730 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11731
11732 /*
11733 * Switch orgy for getting to the right handler.
11734 */
11735 VBOXSTRICTRC rcStrict;
11736 if (fRepPrefix)
11737 {
11738 switch (enmAddrMode)
11739 {
11740 case IEMMODE_16BIT:
11741 switch (cbValue)
11742 {
11743 case 1: rcStrict = iemCImpl_rep_ins_op8_addr16(pIemCpu, cbInstr, fIoChecked); break;
11744 case 2: rcStrict = iemCImpl_rep_ins_op16_addr16(pIemCpu, cbInstr, fIoChecked); break;
11745 case 4: rcStrict = iemCImpl_rep_ins_op32_addr16(pIemCpu, cbInstr, fIoChecked); break;
11746 default:
11747 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11748 }
11749 break;
11750
11751 case IEMMODE_32BIT:
11752 switch (cbValue)
11753 {
11754 case 1: rcStrict = iemCImpl_rep_ins_op8_addr32(pIemCpu, cbInstr, fIoChecked); break;
11755 case 2: rcStrict = iemCImpl_rep_ins_op16_addr32(pIemCpu, cbInstr, fIoChecked); break;
11756 case 4: rcStrict = iemCImpl_rep_ins_op32_addr32(pIemCpu, cbInstr, fIoChecked); break;
11757 default:
11758 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11759 }
11760 break;
11761
11762 case IEMMODE_64BIT:
11763 switch (cbValue)
11764 {
11765 case 1: rcStrict = iemCImpl_rep_ins_op8_addr64(pIemCpu, cbInstr, fIoChecked); break;
11766 case 2: rcStrict = iemCImpl_rep_ins_op16_addr64(pIemCpu, cbInstr, fIoChecked); break;
11767 case 4: rcStrict = iemCImpl_rep_ins_op32_addr64(pIemCpu, cbInstr, fIoChecked); break;
11768 default:
11769 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11770 }
11771 break;
11772
11773 default:
11774 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
11775 }
11776 }
11777 else
11778 {
11779 switch (enmAddrMode)
11780 {
11781 case IEMMODE_16BIT:
11782 switch (cbValue)
11783 {
11784 case 1: rcStrict = iemCImpl_ins_op8_addr16(pIemCpu, cbInstr, fIoChecked); break;
11785 case 2: rcStrict = iemCImpl_ins_op16_addr16(pIemCpu, cbInstr, fIoChecked); break;
11786 case 4: rcStrict = iemCImpl_ins_op32_addr16(pIemCpu, cbInstr, fIoChecked); break;
11787 default:
11788 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11789 }
11790 break;
11791
11792 case IEMMODE_32BIT:
11793 switch (cbValue)
11794 {
11795 case 1: rcStrict = iemCImpl_ins_op8_addr32(pIemCpu, cbInstr, fIoChecked); break;
11796 case 2: rcStrict = iemCImpl_ins_op16_addr32(pIemCpu, cbInstr, fIoChecked); break;
11797 case 4: rcStrict = iemCImpl_ins_op32_addr32(pIemCpu, cbInstr, fIoChecked); break;
11798 default:
11799 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11800 }
11801 break;
11802
11803 case IEMMODE_64BIT:
11804 switch (cbValue)
11805 {
11806 case 1: rcStrict = iemCImpl_ins_op8_addr64(pIemCpu, cbInstr, fIoChecked); break;
11807 case 2: rcStrict = iemCImpl_ins_op16_addr64(pIemCpu, cbInstr, fIoChecked); break;
11808 case 4: rcStrict = iemCImpl_ins_op32_addr64(pIemCpu, cbInstr, fIoChecked); break;
11809 default:
11810 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
11811 }
11812 break;
11813
11814 default:
11815 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
11816 }
11817 }
11818
11819 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11820}
11821
11822
11823/**
11824 * Interface for rawmode to write execute an OUT instruction.
11825 *
11826 * @returns Strict VBox status code.
11827 * @param pVCpu The cross context virtual CPU structure.
11828 * @param cbInstr The instruction length in bytes.
11829 * @param u16Port The port to read.
11830 * @param cbReg The register size.
11831 *
11832 * @remarks In ring-0 not all of the state needs to be synced in.
11833 */
11834VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedOut(PVMCPU pVCpu, uint8_t cbInstr, uint16_t u16Port, uint8_t cbReg)
11835{
11836 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
11837 Assert(cbReg <= 4 && cbReg != 3);
11838
11839 PIEMCPU pIemCpu = &pVCpu->iem.s;
11840 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11841 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_out, u16Port, cbReg);
11842 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11843}
11844
11845
11846/**
11847 * Interface for rawmode to write execute an IN instruction.
11848 *
11849 * @returns Strict VBox status code.
11850 * @param pVCpu The cross context virtual CPU structure.
11851 * @param cbInstr The instruction length in bytes.
11852 * @param u16Port The port to read.
11853 * @param cbReg The register size.
11854 */
11855VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedIn(PVMCPU pVCpu, uint8_t cbInstr, uint16_t u16Port, uint8_t cbReg)
11856{
11857 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
11858 Assert(cbReg <= 4 && cbReg != 3);
11859
11860 PIEMCPU pIemCpu = &pVCpu->iem.s;
11861 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11862 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_in, u16Port, cbReg);
11863 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11864}
11865
11866
11867/**
11868 * Interface for HM and EM to write to a CRx register.
11869 *
11870 * @returns Strict VBox status code.
11871 * @param pVCpu The cross context virtual CPU structure.
11872 * @param cbInstr The instruction length in bytes.
11873 * @param iCrReg The control register number (destination).
11874 * @param iGReg The general purpose register number (source).
11875 *
11876 * @remarks In ring-0 not all of the state needs to be synced in.
11877 */
11878VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedMovCRxWrite(PVMCPU pVCpu, uint8_t cbInstr, uint8_t iCrReg, uint8_t iGReg)
11879{
11880 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
11881 Assert(iCrReg < 16);
11882 Assert(iGReg < 16);
11883
11884 PIEMCPU pIemCpu = &pVCpu->iem.s;
11885 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11886 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_mov_Cd_Rd, iCrReg, iGReg);
11887 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11888}
11889
11890
11891/**
11892 * Interface for HM and EM to read from a CRx register.
11893 *
11894 * @returns Strict VBox status code.
11895 * @param pVCpu The cross context virtual CPU structure.
11896 * @param cbInstr The instruction length in bytes.
11897 * @param iGReg The general purpose register number (destination).
11898 * @param iCrReg The control register number (source).
11899 *
11900 * @remarks In ring-0 not all of the state needs to be synced in.
11901 */
11902VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedMovCRxRead(PVMCPU pVCpu, uint8_t cbInstr, uint8_t iGReg, uint8_t iCrReg)
11903{
11904 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
11905 Assert(iCrReg < 16);
11906 Assert(iGReg < 16);
11907
11908 PIEMCPU pIemCpu = &pVCpu->iem.s;
11909 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11910 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_mov_Rd_Cd, iGReg, iCrReg);
11911 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11912}
11913
11914
11915/**
11916 * Interface for HM and EM to clear the CR0[TS] bit.
11917 *
11918 * @returns Strict VBox status code.
11919 * @param pVCpu The cross context virtual CPU structure.
11920 * @param cbInstr The instruction length in bytes.
11921 *
11922 * @remarks In ring-0 not all of the state needs to be synced in.
11923 */
11924VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedClts(PVMCPU pVCpu, uint8_t cbInstr)
11925{
11926 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
11927
11928 PIEMCPU pIemCpu = &pVCpu->iem.s;
11929 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11930 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_clts);
11931 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11932}
11933
11934
11935/**
11936 * Interface for HM and EM to emulate the LMSW instruction (loads CR0).
11937 *
11938 * @returns Strict VBox status code.
11939 * @param pVCpu The cross context virtual CPU structure.
11940 * @param cbInstr The instruction length in bytes.
11941 * @param uValue The value to load into CR0.
11942 *
11943 * @remarks In ring-0 not all of the state needs to be synced in.
11944 */
11945VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedLmsw(PVMCPU pVCpu, uint8_t cbInstr, uint16_t uValue)
11946{
11947 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
11948
11949 PIEMCPU pIemCpu = &pVCpu->iem.s;
11950 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11951 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_1(iemCImpl_lmsw, uValue);
11952 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11953}
11954
11955
11956/**
11957 * Interface for HM and EM to emulate the XSETBV instruction (loads XCRx).
11958 *
11959 * Takes input values in ecx and edx:eax of the CPU context of the calling EMT.
11960 *
11961 * @returns Strict VBox status code.
11962 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
11963 * @param cbInstr The instruction length in bytes.
11964 * @remarks In ring-0 not all of the state needs to be synced in.
11965 * @thread EMT(pVCpu)
11966 */
11967VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedXsetbv(PVMCPU pVCpu, uint8_t cbInstr)
11968{
11969 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
11970
11971 PIEMCPU pIemCpu = &pVCpu->iem.s;
11972 iemInitExec(pIemCpu, false /*fBypassHandlers*/);
11973 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_xsetbv);
11974 return iemUninitExecAndFiddleStatusAndMaybeReenter(pIemCpu, rcStrict);
11975}
11976
11977#ifdef IN_RING3
11978
11979/**
11980 * Handles the unlikely and probably fatal merge cases.
11981 *
11982 * @returns Merged status code.
11983 * @param rcStrict Current EM status code.
11984 * @param rcStrictCommit The IOM I/O or MMIO write commit status to merge
11985 * with @a rcStrict.
11986 * @param iMemMap The memory mapping index. For error reporting only.
11987 * @param pIemCpu The IEMCPU structure of the calling EMT, for error
11988 * reporting only.
11989 */
11990DECL_NO_INLINE(static, VBOXSTRICTRC) iemR3MergeStatusSlow(VBOXSTRICTRC rcStrict, VBOXSTRICTRC rcStrictCommit,
11991 unsigned iMemMap, PIEMCPU pIemCpu)
11992{
11993 if (RT_FAILURE_NP(rcStrict))
11994 return rcStrict;
11995
11996 if (RT_FAILURE_NP(rcStrictCommit))
11997 return rcStrictCommit;
11998
11999 if (rcStrict == rcStrictCommit)
12000 return rcStrictCommit;
12001
12002 AssertLogRelMsgFailed(("rcStrictCommit=%Rrc rcStrict=%Rrc iMemMap=%u fAccess=%#x FirstPg=%RGp LB %u SecondPg=%RGp LB %u\n",
12003 VBOXSTRICTRC_VAL(rcStrictCommit), VBOXSTRICTRC_VAL(rcStrict), iMemMap,
12004 pIemCpu->aMemMappings[iMemMap].fAccess,
12005 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, pIemCpu->aMemBbMappings[iMemMap].cbFirst,
12006 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, pIemCpu->aMemBbMappings[iMemMap].cbSecond));
12007 return VERR_IOM_FF_STATUS_IPE;
12008}
12009
12010
12011/**
12012 * Helper for IOMR3ProcessForceFlag.
12013 *
12014 * @returns Merged status code.
12015 * @param rcStrict Current EM status code.
12016 * @param rcStrictCommit The IOM I/O or MMIO write commit status to merge
12017 * with @a rcStrict.
12018 * @param iMemMap The memory mapping index. For error reporting only.
12019 * @param pIemCpu The IEMCPU structure of the calling EMT, for error
12020 * reporting only.
12021 */
12022DECLINLINE(VBOXSTRICTRC) iemR3MergeStatus(VBOXSTRICTRC rcStrict, VBOXSTRICTRC rcStrictCommit, unsigned iMemMap, PIEMCPU pIemCpu)
12023{
12024 /* Simple. */
12025 if (RT_LIKELY(rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_RAW_TO_R3))
12026 return rcStrictCommit;
12027
12028 if (RT_LIKELY(rcStrictCommit == VINF_SUCCESS))
12029 return rcStrict;
12030
12031 /* EM scheduling status codes. */
12032 if (RT_LIKELY( rcStrict >= VINF_EM_FIRST
12033 && rcStrict <= VINF_EM_LAST))
12034 {
12035 if (RT_LIKELY( rcStrictCommit >= VINF_EM_FIRST
12036 && rcStrictCommit <= VINF_EM_LAST))
12037 return rcStrict < rcStrictCommit ? rcStrict : rcStrictCommit;
12038 }
12039
12040 /* Unlikely */
12041 return iemR3MergeStatusSlow(rcStrict, rcStrictCommit, iMemMap, pIemCpu);
12042}
12043
12044
12045/**
12046 * Called by force-flag handling code when VMCPU_FF_IEM is set.
12047 *
12048 * @returns Merge between @a rcStrict and what the commit operation returned.
12049 * @param pVM The cross context VM structure.
12050 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
12051 * @param rcStrict The status code returned by ring-0 or raw-mode.
12052 */
12053VMMR3_INT_DECL(VBOXSTRICTRC) IEMR3ProcessForceFlag(PVM pVM, PVMCPU pVCpu, VBOXSTRICTRC rcStrict)
12054{
12055 PIEMCPU pIemCpu = &pVCpu->iem.s;
12056
12057 /*
12058 * Reset the pending commit.
12059 */
12060 AssertMsg( (pIemCpu->aMemMappings[0].fAccess | pIemCpu->aMemMappings[1].fAccess | pIemCpu->aMemMappings[2].fAccess)
12061 & (IEM_ACCESS_PENDING_R3_WRITE_1ST | IEM_ACCESS_PENDING_R3_WRITE_2ND),
12062 ("%#x %#x %#x\n",
12063 pIemCpu->aMemMappings[0].fAccess, pIemCpu->aMemMappings[1].fAccess, pIemCpu->aMemMappings[2].fAccess));
12064 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_IEM);
12065
12066 /*
12067 * Commit the pending bounce buffers (usually just one).
12068 */
12069 unsigned cBufs = 0;
12070 unsigned iMemMap = RT_ELEMENTS(pIemCpu->aMemMappings);
12071 while (iMemMap-- > 0)
12072 if (pIemCpu->aMemMappings[iMemMap].fAccess & (IEM_ACCESS_PENDING_R3_WRITE_1ST | IEM_ACCESS_PENDING_R3_WRITE_2ND))
12073 {
12074 Assert(pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE);
12075 Assert(pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED);
12076 Assert(!pIemCpu->aMemBbMappings[iMemMap].fUnassigned);
12077
12078 uint16_t const cbFirst = pIemCpu->aMemBbMappings[iMemMap].cbFirst;
12079 uint16_t const cbSecond = pIemCpu->aMemBbMappings[iMemMap].cbSecond;
12080 uint8_t const *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
12081
12082 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_PENDING_R3_WRITE_1ST)
12083 {
12084 VBOXSTRICTRC rcStrictCommit1 = PGMPhysWrite(pVM,
12085 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
12086 pbBuf,
12087 cbFirst,
12088 PGMACCESSORIGIN_IEM);
12089 rcStrict = iemR3MergeStatus(rcStrict, rcStrictCommit1, iMemMap, pIemCpu);
12090 Log(("IEMR3ProcessForceFlag: iMemMap=%u GCPhysFirst=%RGp LB %#x %Rrc => %Rrc\n",
12091 iMemMap, pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
12092 VBOXSTRICTRC_VAL(rcStrictCommit1), VBOXSTRICTRC_VAL(rcStrict)));
12093 }
12094
12095 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_PENDING_R3_WRITE_2ND)
12096 {
12097 VBOXSTRICTRC rcStrictCommit2 = PGMPhysWrite(pVM,
12098 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
12099 pbBuf + cbFirst,
12100 cbSecond,
12101 PGMACCESSORIGIN_IEM);
12102 rcStrict = iemR3MergeStatus(rcStrict, rcStrictCommit2, iMemMap, pIemCpu);
12103 Log(("IEMR3ProcessForceFlag: iMemMap=%u GCPhysSecond=%RGp LB %#x %Rrc => %Rrc\n",
12104 iMemMap, pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond,
12105 VBOXSTRICTRC_VAL(rcStrictCommit2), VBOXSTRICTRC_VAL(rcStrict)));
12106 }
12107 cBufs++;
12108 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
12109 }
12110
12111 AssertMsg(cBufs > 0 && cBufs == pIemCpu->cActiveMappings,
12112 ("cBufs=%u cActiveMappings=%u - %#x %#x %#x\n", cBufs, pIemCpu->cActiveMappings,
12113 pIemCpu->aMemMappings[0].fAccess, pIemCpu->aMemMappings[1].fAccess, pIemCpu->aMemMappings[2].fAccess));
12114 pIemCpu->cActiveMappings = 0;
12115 return rcStrict;
12116}
12117
12118#endif /* IN_RING3 */
12119
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette