VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/IEMAll.cpp@ 76211

Last change on this file since 76211 was 76041, checked in by vboxsync, 6 years ago

VMM/IEM: Nested VMX: bugref:9180 VMLAUNCH/VMRESUME interface.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 644.0 KB
Line 
1/* $Id: IEMAll.cpp 76041 2018-12-07 08:35:21Z vboxsync $ */
2/** @file
3 * IEM - Interpreted Execution Manager - All Contexts.
4 */
5
6/*
7 * Copyright (C) 2011-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/** @page pg_iem IEM - Interpreted Execution Manager
20 *
21 * The interpreted exeuction manager (IEM) is for executing short guest code
22 * sequences that are causing too many exits / virtualization traps. It will
23 * also be used to interpret single instructions, thus replacing the selective
24 * interpreters in EM and IOM.
25 *
26 * Design goals:
27 * - Relatively small footprint, although we favour speed and correctness
28 * over size.
29 * - Reasonably fast.
30 * - Correctly handle lock prefixed instructions.
31 * - Complete instruction set - eventually.
32 * - Refactorable into a recompiler, maybe.
33 * - Replace EMInterpret*.
34 *
35 * Using the existing disassembler has been considered, however this is thought
36 * to conflict with speed as the disassembler chews things a bit too much while
37 * leaving us with a somewhat complicated state to interpret afterwards.
38 *
39 *
40 * The current code is very much work in progress. You've been warned!
41 *
42 *
43 * @section sec_iem_fpu_instr FPU Instructions
44 *
45 * On x86 and AMD64 hosts, the FPU instructions are implemented by executing the
46 * same or equivalent instructions on the host FPU. To make life easy, we also
47 * let the FPU prioritize the unmasked exceptions for us. This however, only
48 * works reliably when CR0.NE is set, i.e. when using \#MF instead the IRQ 13
49 * for FPU exception delivery, because with CR0.NE=0 there is a window where we
50 * can trigger spurious FPU exceptions.
51 *
52 * The guest FPU state is not loaded into the host CPU and kept there till we
53 * leave IEM because the calling conventions have declared an all year open
54 * season on much of the FPU state. For instance an innocent looking call to
55 * memcpy might end up using a whole bunch of XMM or MM registers if the
56 * particular implementation finds it worthwhile.
57 *
58 *
59 * @section sec_iem_logging Logging
60 *
61 * The IEM code uses the \"IEM\" log group for the main logging. The different
62 * logging levels/flags are generally used for the following purposes:
63 * - Level 1 (Log) : Errors, exceptions, interrupts and such major events.
64 * - Flow (LogFlow): Basic enter/exit IEM state info.
65 * - Level 2 (Log2): ?
66 * - Level 3 (Log3): More detailed enter/exit IEM state info.
67 * - Level 4 (Log4): Decoding mnemonics w/ EIP.
68 * - Level 5 (Log5): Decoding details.
69 * - Level 6 (Log6): Enables/disables the lockstep comparison with REM.
70 * - Level 7 (Log7): iret++ execution logging.
71 * - Level 8 (Log8): Memory writes.
72 * - Level 9 (Log9): Memory reads.
73 *
74 */
75
76//#define IEM_LOG_MEMORY_WRITES
77#define IEM_IMPLEMENTS_TASKSWITCH
78
79/* Disabled warning C4505: 'iemRaisePageFaultJmp' : unreferenced local function has been removed */
80#ifdef _MSC_VER
81# pragma warning(disable:4505)
82#endif
83
84
85/*********************************************************************************************************************************
86* Header Files *
87*********************************************************************************************************************************/
88#define LOG_GROUP LOG_GROUP_IEM
89#define VMCPU_INCL_CPUM_GST_CTX
90#include <VBox/vmm/iem.h>
91#include <VBox/vmm/cpum.h>
92#include <VBox/vmm/apic.h>
93#include <VBox/vmm/pdm.h>
94#include <VBox/vmm/pgm.h>
95#include <VBox/vmm/iom.h>
96#include <VBox/vmm/em.h>
97#include <VBox/vmm/hm.h>
98#include <VBox/vmm/nem.h>
99#include <VBox/vmm/gim.h>
100#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
101# include <VBox/vmm/em.h>
102# include <VBox/vmm/hm_svm.h>
103#endif
104#include <VBox/vmm/tm.h>
105#include <VBox/vmm/dbgf.h>
106#include <VBox/vmm/dbgftrace.h>
107#ifdef VBOX_WITH_RAW_MODE_NOT_R0
108# include <VBox/vmm/patm.h>
109# if defined(VBOX_WITH_CALL_RECORD) || defined(REM_MONITOR_CODE_PAGES)
110# include <VBox/vmm/csam.h>
111# endif
112#endif
113#include "IEMInternal.h"
114#include <VBox/vmm/vm.h>
115#include <VBox/log.h>
116#include <VBox/err.h>
117#include <VBox/param.h>
118#include <VBox/dis.h>
119#include <VBox/disopcode.h>
120#include <iprt/asm-math.h>
121#include <iprt/assert.h>
122#include <iprt/string.h>
123#include <iprt/x86.h>
124
125
126/*********************************************************************************************************************************
127* Structures and Typedefs *
128*********************************************************************************************************************************/
129/** @typedef PFNIEMOP
130 * Pointer to an opcode decoder function.
131 */
132
133/** @def FNIEMOP_DEF
134 * Define an opcode decoder function.
135 *
136 * We're using macors for this so that adding and removing parameters as well as
137 * tweaking compiler specific attributes becomes easier. See FNIEMOP_CALL
138 *
139 * @param a_Name The function name.
140 */
141
142/** @typedef PFNIEMOPRM
143 * Pointer to an opcode decoder function with RM byte.
144 */
145
146/** @def FNIEMOPRM_DEF
147 * Define an opcode decoder function with RM byte.
148 *
149 * We're using macors for this so that adding and removing parameters as well as
150 * tweaking compiler specific attributes becomes easier. See FNIEMOP_CALL_1
151 *
152 * @param a_Name The function name.
153 */
154
155#if defined(__GNUC__) && defined(RT_ARCH_X86)
156typedef VBOXSTRICTRC (__attribute__((__fastcall__)) * PFNIEMOP)(PVMCPU pVCpu);
157typedef VBOXSTRICTRC (__attribute__((__fastcall__)) * PFNIEMOPRM)(PVMCPU pVCpu, uint8_t bRm);
158# define FNIEMOP_DEF(a_Name) \
159 IEM_STATIC VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PVMCPU pVCpu)
160# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
161 IEM_STATIC VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PVMCPU pVCpu, a_Type0 a_Name0)
162# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
163 IEM_STATIC VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PVMCPU pVCpu, a_Type0 a_Name0, a_Type1 a_Name1)
164
165#elif defined(_MSC_VER) && defined(RT_ARCH_X86)
166typedef VBOXSTRICTRC (__fastcall * PFNIEMOP)(PVMCPU pVCpu);
167typedef VBOXSTRICTRC (__fastcall * PFNIEMOPRM)(PVMCPU pVCpu, uint8_t bRm);
168# define FNIEMOP_DEF(a_Name) \
169 IEM_STATIC /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PVMCPU pVCpu) RT_NO_THROW_DEF
170# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
171 IEM_STATIC /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PVMCPU pVCpu, a_Type0 a_Name0) RT_NO_THROW_DEF
172# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
173 IEM_STATIC /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PVMCPU pVCpu, a_Type0 a_Name0, a_Type1 a_Name1) RT_NO_THROW_DEF
174
175#elif defined(__GNUC__)
176typedef VBOXSTRICTRC (* PFNIEMOP)(PVMCPU pVCpu);
177typedef VBOXSTRICTRC (* PFNIEMOPRM)(PVMCPU pVCpu, uint8_t bRm);
178# define FNIEMOP_DEF(a_Name) \
179 IEM_STATIC VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PVMCPU pVCpu)
180# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
181 IEM_STATIC VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PVMCPU pVCpu, a_Type0 a_Name0)
182# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
183 IEM_STATIC VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PVMCPU pVCpu, a_Type0 a_Name0, a_Type1 a_Name1)
184
185#else
186typedef VBOXSTRICTRC (* PFNIEMOP)(PVMCPU pVCpu);
187typedef VBOXSTRICTRC (* PFNIEMOPRM)(PVMCPU pVCpu, uint8_t bRm);
188# define FNIEMOP_DEF(a_Name) \
189 IEM_STATIC VBOXSTRICTRC a_Name(PVMCPU pVCpu) RT_NO_THROW_DEF
190# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
191 IEM_STATIC VBOXSTRICTRC a_Name(PVMCPU pVCpu, a_Type0 a_Name0) RT_NO_THROW_DEF
192# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
193 IEM_STATIC VBOXSTRICTRC a_Name(PVMCPU pVCpu, a_Type0 a_Name0, a_Type1 a_Name1) RT_NO_THROW_DEF
194
195#endif
196#define FNIEMOPRM_DEF(a_Name) FNIEMOP_DEF_1(a_Name, uint8_t, bRm)
197
198
199/**
200 * Selector descriptor table entry as fetched by iemMemFetchSelDesc.
201 */
202typedef union IEMSELDESC
203{
204 /** The legacy view. */
205 X86DESC Legacy;
206 /** The long mode view. */
207 X86DESC64 Long;
208} IEMSELDESC;
209/** Pointer to a selector descriptor table entry. */
210typedef IEMSELDESC *PIEMSELDESC;
211
212/**
213 * CPU exception classes.
214 */
215typedef enum IEMXCPTCLASS
216{
217 IEMXCPTCLASS_BENIGN,
218 IEMXCPTCLASS_CONTRIBUTORY,
219 IEMXCPTCLASS_PAGE_FAULT,
220 IEMXCPTCLASS_DOUBLE_FAULT
221} IEMXCPTCLASS;
222
223
224/*********************************************************************************************************************************
225* Defined Constants And Macros *
226*********************************************************************************************************************************/
227/** @def IEM_WITH_SETJMP
228 * Enables alternative status code handling using setjmps.
229 *
230 * This adds a bit of expense via the setjmp() call since it saves all the
231 * non-volatile registers. However, it eliminates return code checks and allows
232 * for more optimal return value passing (return regs instead of stack buffer).
233 */
234#if defined(DOXYGEN_RUNNING) || defined(RT_OS_WINDOWS) || 1
235# define IEM_WITH_SETJMP
236#endif
237
238/** Used to shut up GCC warnings about variables that 'may be used uninitialized'
239 * due to GCC lacking knowledge about the value range of a switch. */
240#define IEM_NOT_REACHED_DEFAULT_CASE_RET() default: AssertFailedReturn(VERR_IPE_NOT_REACHED_DEFAULT_CASE)
241
242/** Variant of IEM_NOT_REACHED_DEFAULT_CASE_RET that returns a custom value. */
243#define IEM_NOT_REACHED_DEFAULT_CASE_RET2(a_RetValue) default: AssertFailedReturn(a_RetValue)
244
245/**
246 * Returns IEM_RETURN_ASPECT_NOT_IMPLEMENTED, and in debug builds logs the
247 * occation.
248 */
249#ifdef LOG_ENABLED
250# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED() \
251 do { \
252 /*Log*/ LogAlways(("%s: returning IEM_RETURN_ASPECT_NOT_IMPLEMENTED (line %d)\n", __FUNCTION__, __LINE__)); \
253 return VERR_IEM_ASPECT_NOT_IMPLEMENTED; \
254 } while (0)
255#else
256# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED() \
257 return VERR_IEM_ASPECT_NOT_IMPLEMENTED
258#endif
259
260/**
261 * Returns IEM_RETURN_ASPECT_NOT_IMPLEMENTED, and in debug builds logs the
262 * occation using the supplied logger statement.
263 *
264 * @param a_LoggerArgs What to log on failure.
265 */
266#ifdef LOG_ENABLED
267# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(a_LoggerArgs) \
268 do { \
269 LogAlways((LOG_FN_FMT ": ", __PRETTY_FUNCTION__)); LogAlways(a_LoggerArgs); \
270 /*LogFunc(a_LoggerArgs);*/ \
271 return VERR_IEM_ASPECT_NOT_IMPLEMENTED; \
272 } while (0)
273#else
274# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(a_LoggerArgs) \
275 return VERR_IEM_ASPECT_NOT_IMPLEMENTED
276#endif
277
278/**
279 * Call an opcode decoder function.
280 *
281 * We're using macors for this so that adding and removing parameters can be
282 * done as we please. See FNIEMOP_DEF.
283 */
284#define FNIEMOP_CALL(a_pfn) (a_pfn)(pVCpu)
285
286/**
287 * Call a common opcode decoder function taking one extra argument.
288 *
289 * We're using macors for this so that adding and removing parameters can be
290 * done as we please. See FNIEMOP_DEF_1.
291 */
292#define FNIEMOP_CALL_1(a_pfn, a0) (a_pfn)(pVCpu, a0)
293
294/**
295 * Call a common opcode decoder function taking one extra argument.
296 *
297 * We're using macors for this so that adding and removing parameters can be
298 * done as we please. See FNIEMOP_DEF_1.
299 */
300#define FNIEMOP_CALL_2(a_pfn, a0, a1) (a_pfn)(pVCpu, a0, a1)
301
302/**
303 * Check if we're currently executing in real or virtual 8086 mode.
304 *
305 * @returns @c true if it is, @c false if not.
306 * @param a_pVCpu The IEM state of the current CPU.
307 */
308#define IEM_IS_REAL_OR_V86_MODE(a_pVCpu) (CPUMIsGuestInRealOrV86ModeEx(IEM_GET_CTX(a_pVCpu)))
309
310/**
311 * Check if we're currently executing in virtual 8086 mode.
312 *
313 * @returns @c true if it is, @c false if not.
314 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
315 */
316#define IEM_IS_V86_MODE(a_pVCpu) (CPUMIsGuestInV86ModeEx(IEM_GET_CTX(a_pVCpu)))
317
318/**
319 * Check if we're currently executing in long mode.
320 *
321 * @returns @c true if it is, @c false if not.
322 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
323 */
324#define IEM_IS_LONG_MODE(a_pVCpu) (CPUMIsGuestInLongModeEx(IEM_GET_CTX(a_pVCpu)))
325
326/**
327 * Check if we're currently executing in a 64-bit code segment.
328 *
329 * @returns @c true if it is, @c false if not.
330 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
331 */
332#define IEM_IS_64BIT_CODE(a_pVCpu) (CPUMIsGuestIn64BitCodeEx(IEM_GET_CTX(a_pVCpu)))
333
334/**
335 * Check if we're currently executing in real mode.
336 *
337 * @returns @c true if it is, @c false if not.
338 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
339 */
340#define IEM_IS_REAL_MODE(a_pVCpu) (CPUMIsGuestInRealModeEx(IEM_GET_CTX(a_pVCpu)))
341
342/**
343 * Returns a (const) pointer to the CPUMFEATURES for the guest CPU.
344 * @returns PCCPUMFEATURES
345 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
346 */
347#define IEM_GET_GUEST_CPU_FEATURES(a_pVCpu) (&((a_pVCpu)->CTX_SUFF(pVM)->cpum.ro.GuestFeatures))
348
349/**
350 * Returns a (const) pointer to the CPUMFEATURES for the host CPU.
351 * @returns PCCPUMFEATURES
352 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
353 */
354#define IEM_GET_HOST_CPU_FEATURES(a_pVCpu) (&((a_pVCpu)->CTX_SUFF(pVM)->cpum.ro.HostFeatures))
355
356/**
357 * Evaluates to true if we're presenting an Intel CPU to the guest.
358 */
359#define IEM_IS_GUEST_CPU_INTEL(a_pVCpu) ( (a_pVCpu)->iem.s.enmCpuVendor == CPUMCPUVENDOR_INTEL )
360
361/**
362 * Evaluates to true if we're presenting an AMD CPU to the guest.
363 */
364#define IEM_IS_GUEST_CPU_AMD(a_pVCpu) ( (a_pVCpu)->iem.s.enmCpuVendor == CPUMCPUVENDOR_AMD )
365
366/**
367 * Check if the address is canonical.
368 */
369#define IEM_IS_CANONICAL(a_u64Addr) X86_IS_CANONICAL(a_u64Addr)
370
371/**
372 * Gets the effective VEX.VVVV value.
373 *
374 * The 4th bit is ignored if not 64-bit code.
375 * @returns effective V-register value.
376 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
377 */
378#define IEM_GET_EFFECTIVE_VVVV(a_pVCpu) \
379 ((a_pVCpu)->iem.s.enmCpuMode == IEMMODE_64BIT ? (a_pVCpu)->iem.s.uVex3rdReg : (a_pVCpu)->iem.s.uVex3rdReg & 7)
380
381/** @def IEM_USE_UNALIGNED_DATA_ACCESS
382 * Use unaligned accesses instead of elaborate byte assembly. */
383#if defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86) || defined(DOXYGEN_RUNNING)
384# define IEM_USE_UNALIGNED_DATA_ACCESS
385#endif
386
387#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
388
389/**
390 * Check if the guest has entered VMX root operation.
391 */
392# define IEM_VMX_IS_ROOT_MODE(a_pVCpu) (CPUMIsGuestInVmxRootMode(IEM_GET_CTX(a_pVCpu)))
393
394/**
395 * Check if the guest has entered VMX non-root operation.
396 */
397# define IEM_VMX_IS_NON_ROOT_MODE(a_pVCpu) (CPUMIsGuestInVmxNonRootMode(IEM_GET_CTX(a_pVCpu)))
398
399/**
400 * Check if the nested-guest has the given Pin-based VM-execution control set.
401 */
402# define IEM_VMX_IS_PINCTLS_SET(a_pVCpu, a_PinCtl) \
403 (CPUMIsGuestVmxPinCtlsSet((a_pVCpu), IEM_GET_CTX(a_pVCpu), (a_PinCtl)))
404
405/**
406 * Check if the nested-guest has the given Processor-based VM-execution control set.
407 */
408#define IEM_VMX_IS_PROCCTLS_SET(a_pVCpu, a_ProcCtl) \
409 (CPUMIsGuestVmxProcCtlsSet((a_pVCpu), IEM_GET_CTX(a_pVCpu), (a_ProcCtl)))
410
411/**
412 * Check if the nested-guest has the given Secondary Processor-based VM-execution
413 * control set.
414 */
415#define IEM_VMX_IS_PROCCTLS2_SET(a_pVCpu, a_ProcCtl2) \
416 (CPUMIsGuestVmxProcCtls2Set((a_pVCpu), IEM_GET_CTX(a_pVCpu), (a_ProcCtl2)))
417
418/**
419 * Invokes the VMX VM-exit handler for an instruction intercept.
420 */
421# define IEM_VMX_VMEXIT_INSTR_RET(a_pVCpu, a_uExitReason, a_cbInstr) \
422 do { return iemVmxVmexitInstr((a_pVCpu), (a_uExitReason), (a_cbInstr)); } while (0)
423
424/**
425 * Invokes the VMX VM-exit handler for an instruction intercept where the
426 * instruction provides additional VM-exit information.
427 */
428# define IEM_VMX_VMEXIT_INSTR_NEEDS_INFO_RET(a_pVCpu, a_uExitReason, a_uInstrId, a_cbInstr) \
429 do { return iemVmxVmexitInstrNeedsInfo((a_pVCpu), (a_uExitReason), (a_uInstrId), (a_cbInstr)); } while (0)
430
431/**
432 * Invokes the VMX VM-exit handler for a task switch.
433 */
434# define IEM_VMX_VMEXIT_TASK_SWITCH_RET(a_pVCpu, a_enmTaskSwitch, a_SelNewTss, a_cbInstr) \
435 do { return iemVmxVmexitTaskSwitch((a_pVCpu), (a_enmTaskSwitch), (a_SelNewTss), (a_cbInstr)); } while (0)
436
437/**
438 * Invokes the VMX VM-exit handler for MWAIT.
439 */
440# define IEM_VMX_VMEXIT_MWAIT_RET(a_pVCpu, a_fMonitorArmed, a_cbInstr) \
441 do { return iemVmxVmexitInstrMwait((a_pVCpu), (a_fMonitorArmed), (a_cbInstr)); } while (0)
442
443/**
444 * Invokes the VMX VM-exit handle for triple faults.
445 */
446# define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu) \
447 do { return iemVmxVmexitTripleFault(a_pVCpu); } while (0)
448
449#else
450# define IEM_VMX_IS_ROOT_MODE(a_pVCpu) (false)
451# define IEM_VMX_IS_NON_ROOT_MODE(a_pVCpu) (false)
452# define IEM_VMX_IS_PINCTLS_SET(a_pVCpu, a_cbInstr) (false)
453# define IEM_VMX_IS_PROCCTLS_SET(a_pVCpu, a_cbInstr) (false)
454# define IEM_VMX_IS_PROCCTLS2_SET(a_pVCpu, a_cbInstr) (false)
455# define IEM_VMX_VMEXIT_INSTR_RET(a_pVCpu, a_uExitReason, a_cbInstr) do { return VERR_VMX_IPE_1; } while (0)
456# define IEM_VMX_VMEXIT_INSTR_NEEDS_INFO_RET(a_pVCpu, a_uExitReason, a_uInstrId, a_cbInstr) do { return VERR_VMX_IPE_1; } while (0)
457# define IEM_VMX_VMEXIT_TASK_SWITCH_RET(a_pVCpu, a_enmTaskSwitch, a_SelNewTss, a_cbInstr) do { return VERR_VMX_IPE_1; } while (0)
458# define IEM_VMX_VMEXIT_MWAIT_RET(a_pVCpu, a_fMonitorArmed, a_cbInstr) do { return VERR_VMX_IPE_1; } while (0)
459# define IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(a_pVCpu) do { return VERR_VMX_IPE_1; } while (0)
460
461#endif
462
463#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
464/**
465 * Check if an SVM control/instruction intercept is set.
466 */
467# define IEM_SVM_IS_CTRL_INTERCEPT_SET(a_pVCpu, a_Intercept) \
468 (CPUMIsGuestSvmCtrlInterceptSet(a_pVCpu, IEM_GET_CTX(a_pVCpu), (a_Intercept)))
469
470/**
471 * Check if an SVM read CRx intercept is set.
472 */
473# define IEM_SVM_IS_READ_CR_INTERCEPT_SET(a_pVCpu, a_uCr) \
474 (CPUMIsGuestSvmReadCRxInterceptSet(a_pVCpu, IEM_GET_CTX(a_pVCpu), (a_uCr)))
475
476/**
477 * Check if an SVM write CRx intercept is set.
478 */
479# define IEM_SVM_IS_WRITE_CR_INTERCEPT_SET(a_pVCpu, a_uCr) \
480 (CPUMIsGuestSvmWriteCRxInterceptSet(a_pVCpu, IEM_GET_CTX(a_pVCpu), (a_uCr)))
481
482/**
483 * Check if an SVM read DRx intercept is set.
484 */
485# define IEM_SVM_IS_READ_DR_INTERCEPT_SET(a_pVCpu, a_uDr) \
486 (CPUMIsGuestSvmReadDRxInterceptSet(a_pVCpu, IEM_GET_CTX(a_pVCpu), (a_uDr)))
487
488/**
489 * Check if an SVM write DRx intercept is set.
490 */
491# define IEM_SVM_IS_WRITE_DR_INTERCEPT_SET(a_pVCpu, a_uDr) \
492 (CPUMIsGuestSvmWriteDRxInterceptSet(a_pVCpu, IEM_GET_CTX(a_pVCpu), (a_uDr)))
493
494/**
495 * Check if an SVM exception intercept is set.
496 */
497# define IEM_SVM_IS_XCPT_INTERCEPT_SET(a_pVCpu, a_uVector) \
498 (CPUMIsGuestSvmXcptInterceptSet(a_pVCpu, IEM_GET_CTX(a_pVCpu), (a_uVector)))
499
500/**
501 * Invokes the SVM \#VMEXIT handler for the nested-guest.
502 */
503# define IEM_SVM_VMEXIT_RET(a_pVCpu, a_uExitCode, a_uExitInfo1, a_uExitInfo2) \
504 do { return iemSvmVmexit((a_pVCpu), (a_uExitCode), (a_uExitInfo1), (a_uExitInfo2)); } while (0)
505
506/**
507 * Invokes the 'MOV CRx' SVM \#VMEXIT handler after constructing the
508 * corresponding decode assist information.
509 */
510# define IEM_SVM_CRX_VMEXIT_RET(a_pVCpu, a_uExitCode, a_enmAccessCrX, a_iGReg) \
511 do \
512 { \
513 uint64_t uExitInfo1; \
514 if ( IEM_GET_GUEST_CPU_FEATURES(a_pVCpu)->fSvmDecodeAssists \
515 && (a_enmAccessCrX) == IEMACCESSCRX_MOV_CRX) \
516 uExitInfo1 = SVM_EXIT1_MOV_CRX_MASK | ((a_iGReg) & 7); \
517 else \
518 uExitInfo1 = 0; \
519 IEM_SVM_VMEXIT_RET(a_pVCpu, a_uExitCode, uExitInfo1, 0); \
520 } while (0)
521
522/** Check and handles SVM nested-guest instruction intercept and updates
523 * NRIP if needed.
524 */
525# define IEM_SVM_CHECK_INSTR_INTERCEPT(a_pVCpu, a_Intercept, a_uExitCode, a_uExitInfo1, a_uExitInfo2) \
526 do \
527 { \
528 if (IEM_SVM_IS_CTRL_INTERCEPT_SET(a_pVCpu, a_Intercept)) \
529 { \
530 IEM_SVM_UPDATE_NRIP(a_pVCpu); \
531 IEM_SVM_VMEXIT_RET(a_pVCpu, a_uExitCode, a_uExitInfo1, a_uExitInfo2); \
532 } \
533 } while (0)
534
535/** Checks and handles SVM nested-guest CR0 read intercept. */
536# define IEM_SVM_CHECK_READ_CR0_INTERCEPT(a_pVCpu, a_uExitInfo1, a_uExitInfo2) \
537 do \
538 { \
539 if (!IEM_SVM_IS_READ_CR_INTERCEPT_SET(a_pVCpu, 0)) \
540 { /* probably likely */ } \
541 else \
542 { \
543 IEM_SVM_UPDATE_NRIP(a_pVCpu); \
544 IEM_SVM_VMEXIT_RET(a_pVCpu, SVM_EXIT_READ_CR0, a_uExitInfo1, a_uExitInfo2); \
545 } \
546 } while (0)
547
548/**
549 * Updates the NextRIP (NRI) field in the nested-guest VMCB.
550 */
551# define IEM_SVM_UPDATE_NRIP(a_pVCpu) \
552 do { \
553 if (IEM_GET_GUEST_CPU_FEATURES(a_pVCpu)->fSvmNextRipSave) \
554 CPUMGuestSvmUpdateNRip(a_pVCpu, IEM_GET_CTX(a_pVCpu), IEM_GET_INSTR_LEN(a_pVCpu)); \
555 } while (0)
556
557#else
558# define IEM_SVM_IS_CTRL_INTERCEPT_SET(a_pVCpu, a_Intercept) (false)
559# define IEM_SVM_IS_READ_CR_INTERCEPT_SET(a_pVCpu, a_uCr) (false)
560# define IEM_SVM_IS_WRITE_CR_INTERCEPT_SET(a_pVCpu, a_uCr) (false)
561# define IEM_SVM_IS_READ_DR_INTERCEPT_SET(a_pVCpu, a_uDr) (false)
562# define IEM_SVM_IS_WRITE_DR_INTERCEPT_SET(a_pVCpu, a_uDr) (false)
563# define IEM_SVM_IS_XCPT_INTERCEPT_SET(a_pVCpu, a_uVector) (false)
564# define IEM_SVM_VMEXIT_RET(a_pVCpu, a_uExitCode, a_uExitInfo1, a_uExitInfo2) do { return VERR_SVM_IPE_1; } while (0)
565# define IEM_SVM_CRX_VMEXIT_RET(a_pVCpu, a_uExitCode, a_enmAccessCrX, a_iGReg) do { return VERR_SVM_IPE_1; } while (0)
566# define IEM_SVM_CHECK_INSTR_INTERCEPT(a_pVCpu, a_Intercept, a_uExitCode, a_uExitInfo1, a_uExitInfo2) do { } while (0)
567# define IEM_SVM_CHECK_READ_CR0_INTERCEPT(a_pVCpu, a_uExitInfo1, a_uExitInfo2) do { } while (0)
568# define IEM_SVM_UPDATE_NRIP(a_pVCpu) do { } while (0)
569
570#endif
571
572
573/*********************************************************************************************************************************
574* Global Variables *
575*********************************************************************************************************************************/
576extern const PFNIEMOP g_apfnOneByteMap[256]; /* not static since we need to forward declare it. */
577
578
579/** Function table for the ADD instruction. */
580IEM_STATIC const IEMOPBINSIZES g_iemAImpl_add =
581{
582 iemAImpl_add_u8, iemAImpl_add_u8_locked,
583 iemAImpl_add_u16, iemAImpl_add_u16_locked,
584 iemAImpl_add_u32, iemAImpl_add_u32_locked,
585 iemAImpl_add_u64, iemAImpl_add_u64_locked
586};
587
588/** Function table for the ADC instruction. */
589IEM_STATIC const IEMOPBINSIZES g_iemAImpl_adc =
590{
591 iemAImpl_adc_u8, iemAImpl_adc_u8_locked,
592 iemAImpl_adc_u16, iemAImpl_adc_u16_locked,
593 iemAImpl_adc_u32, iemAImpl_adc_u32_locked,
594 iemAImpl_adc_u64, iemAImpl_adc_u64_locked
595};
596
597/** Function table for the SUB instruction. */
598IEM_STATIC const IEMOPBINSIZES g_iemAImpl_sub =
599{
600 iemAImpl_sub_u8, iemAImpl_sub_u8_locked,
601 iemAImpl_sub_u16, iemAImpl_sub_u16_locked,
602 iemAImpl_sub_u32, iemAImpl_sub_u32_locked,
603 iemAImpl_sub_u64, iemAImpl_sub_u64_locked
604};
605
606/** Function table for the SBB instruction. */
607IEM_STATIC const IEMOPBINSIZES g_iemAImpl_sbb =
608{
609 iemAImpl_sbb_u8, iemAImpl_sbb_u8_locked,
610 iemAImpl_sbb_u16, iemAImpl_sbb_u16_locked,
611 iemAImpl_sbb_u32, iemAImpl_sbb_u32_locked,
612 iemAImpl_sbb_u64, iemAImpl_sbb_u64_locked
613};
614
615/** Function table for the OR instruction. */
616IEM_STATIC const IEMOPBINSIZES g_iemAImpl_or =
617{
618 iemAImpl_or_u8, iemAImpl_or_u8_locked,
619 iemAImpl_or_u16, iemAImpl_or_u16_locked,
620 iemAImpl_or_u32, iemAImpl_or_u32_locked,
621 iemAImpl_or_u64, iemAImpl_or_u64_locked
622};
623
624/** Function table for the XOR instruction. */
625IEM_STATIC const IEMOPBINSIZES g_iemAImpl_xor =
626{
627 iemAImpl_xor_u8, iemAImpl_xor_u8_locked,
628 iemAImpl_xor_u16, iemAImpl_xor_u16_locked,
629 iemAImpl_xor_u32, iemAImpl_xor_u32_locked,
630 iemAImpl_xor_u64, iemAImpl_xor_u64_locked
631};
632
633/** Function table for the AND instruction. */
634IEM_STATIC const IEMOPBINSIZES g_iemAImpl_and =
635{
636 iemAImpl_and_u8, iemAImpl_and_u8_locked,
637 iemAImpl_and_u16, iemAImpl_and_u16_locked,
638 iemAImpl_and_u32, iemAImpl_and_u32_locked,
639 iemAImpl_and_u64, iemAImpl_and_u64_locked
640};
641
642/** Function table for the CMP instruction.
643 * @remarks Making operand order ASSUMPTIONS.
644 */
645IEM_STATIC const IEMOPBINSIZES g_iemAImpl_cmp =
646{
647 iemAImpl_cmp_u8, NULL,
648 iemAImpl_cmp_u16, NULL,
649 iemAImpl_cmp_u32, NULL,
650 iemAImpl_cmp_u64, NULL
651};
652
653/** Function table for the TEST instruction.
654 * @remarks Making operand order ASSUMPTIONS.
655 */
656IEM_STATIC const IEMOPBINSIZES g_iemAImpl_test =
657{
658 iemAImpl_test_u8, NULL,
659 iemAImpl_test_u16, NULL,
660 iemAImpl_test_u32, NULL,
661 iemAImpl_test_u64, NULL
662};
663
664/** Function table for the BT instruction. */
665IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bt =
666{
667 NULL, NULL,
668 iemAImpl_bt_u16, NULL,
669 iemAImpl_bt_u32, NULL,
670 iemAImpl_bt_u64, NULL
671};
672
673/** Function table for the BTC instruction. */
674IEM_STATIC const IEMOPBINSIZES g_iemAImpl_btc =
675{
676 NULL, NULL,
677 iemAImpl_btc_u16, iemAImpl_btc_u16_locked,
678 iemAImpl_btc_u32, iemAImpl_btc_u32_locked,
679 iemAImpl_btc_u64, iemAImpl_btc_u64_locked
680};
681
682/** Function table for the BTR instruction. */
683IEM_STATIC const IEMOPBINSIZES g_iemAImpl_btr =
684{
685 NULL, NULL,
686 iemAImpl_btr_u16, iemAImpl_btr_u16_locked,
687 iemAImpl_btr_u32, iemAImpl_btr_u32_locked,
688 iemAImpl_btr_u64, iemAImpl_btr_u64_locked
689};
690
691/** Function table for the BTS instruction. */
692IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bts =
693{
694 NULL, NULL,
695 iemAImpl_bts_u16, iemAImpl_bts_u16_locked,
696 iemAImpl_bts_u32, iemAImpl_bts_u32_locked,
697 iemAImpl_bts_u64, iemAImpl_bts_u64_locked
698};
699
700/** Function table for the BSF instruction. */
701IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bsf =
702{
703 NULL, NULL,
704 iemAImpl_bsf_u16, NULL,
705 iemAImpl_bsf_u32, NULL,
706 iemAImpl_bsf_u64, NULL
707};
708
709/** Function table for the BSR instruction. */
710IEM_STATIC const IEMOPBINSIZES g_iemAImpl_bsr =
711{
712 NULL, NULL,
713 iemAImpl_bsr_u16, NULL,
714 iemAImpl_bsr_u32, NULL,
715 iemAImpl_bsr_u64, NULL
716};
717
718/** Function table for the IMUL instruction. */
719IEM_STATIC const IEMOPBINSIZES g_iemAImpl_imul_two =
720{
721 NULL, NULL,
722 iemAImpl_imul_two_u16, NULL,
723 iemAImpl_imul_two_u32, NULL,
724 iemAImpl_imul_two_u64, NULL
725};
726
727/** Group 1 /r lookup table. */
728IEM_STATIC const PCIEMOPBINSIZES g_apIemImplGrp1[8] =
729{
730 &g_iemAImpl_add,
731 &g_iemAImpl_or,
732 &g_iemAImpl_adc,
733 &g_iemAImpl_sbb,
734 &g_iemAImpl_and,
735 &g_iemAImpl_sub,
736 &g_iemAImpl_xor,
737 &g_iemAImpl_cmp
738};
739
740/** Function table for the INC instruction. */
741IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_inc =
742{
743 iemAImpl_inc_u8, iemAImpl_inc_u8_locked,
744 iemAImpl_inc_u16, iemAImpl_inc_u16_locked,
745 iemAImpl_inc_u32, iemAImpl_inc_u32_locked,
746 iemAImpl_inc_u64, iemAImpl_inc_u64_locked
747};
748
749/** Function table for the DEC instruction. */
750IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_dec =
751{
752 iemAImpl_dec_u8, iemAImpl_dec_u8_locked,
753 iemAImpl_dec_u16, iemAImpl_dec_u16_locked,
754 iemAImpl_dec_u32, iemAImpl_dec_u32_locked,
755 iemAImpl_dec_u64, iemAImpl_dec_u64_locked
756};
757
758/** Function table for the NEG instruction. */
759IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_neg =
760{
761 iemAImpl_neg_u8, iemAImpl_neg_u8_locked,
762 iemAImpl_neg_u16, iemAImpl_neg_u16_locked,
763 iemAImpl_neg_u32, iemAImpl_neg_u32_locked,
764 iemAImpl_neg_u64, iemAImpl_neg_u64_locked
765};
766
767/** Function table for the NOT instruction. */
768IEM_STATIC const IEMOPUNARYSIZES g_iemAImpl_not =
769{
770 iemAImpl_not_u8, iemAImpl_not_u8_locked,
771 iemAImpl_not_u16, iemAImpl_not_u16_locked,
772 iemAImpl_not_u32, iemAImpl_not_u32_locked,
773 iemAImpl_not_u64, iemAImpl_not_u64_locked
774};
775
776
777/** Function table for the ROL instruction. */
778IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_rol =
779{
780 iemAImpl_rol_u8,
781 iemAImpl_rol_u16,
782 iemAImpl_rol_u32,
783 iemAImpl_rol_u64
784};
785
786/** Function table for the ROR instruction. */
787IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_ror =
788{
789 iemAImpl_ror_u8,
790 iemAImpl_ror_u16,
791 iemAImpl_ror_u32,
792 iemAImpl_ror_u64
793};
794
795/** Function table for the RCL instruction. */
796IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_rcl =
797{
798 iemAImpl_rcl_u8,
799 iemAImpl_rcl_u16,
800 iemAImpl_rcl_u32,
801 iemAImpl_rcl_u64
802};
803
804/** Function table for the RCR instruction. */
805IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_rcr =
806{
807 iemAImpl_rcr_u8,
808 iemAImpl_rcr_u16,
809 iemAImpl_rcr_u32,
810 iemAImpl_rcr_u64
811};
812
813/** Function table for the SHL instruction. */
814IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_shl =
815{
816 iemAImpl_shl_u8,
817 iemAImpl_shl_u16,
818 iemAImpl_shl_u32,
819 iemAImpl_shl_u64
820};
821
822/** Function table for the SHR instruction. */
823IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_shr =
824{
825 iemAImpl_shr_u8,
826 iemAImpl_shr_u16,
827 iemAImpl_shr_u32,
828 iemAImpl_shr_u64
829};
830
831/** Function table for the SAR instruction. */
832IEM_STATIC const IEMOPSHIFTSIZES g_iemAImpl_sar =
833{
834 iemAImpl_sar_u8,
835 iemAImpl_sar_u16,
836 iemAImpl_sar_u32,
837 iemAImpl_sar_u64
838};
839
840
841/** Function table for the MUL instruction. */
842IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_mul =
843{
844 iemAImpl_mul_u8,
845 iemAImpl_mul_u16,
846 iemAImpl_mul_u32,
847 iemAImpl_mul_u64
848};
849
850/** Function table for the IMUL instruction working implicitly on rAX. */
851IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_imul =
852{
853 iemAImpl_imul_u8,
854 iemAImpl_imul_u16,
855 iemAImpl_imul_u32,
856 iemAImpl_imul_u64
857};
858
859/** Function table for the DIV instruction. */
860IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_div =
861{
862 iemAImpl_div_u8,
863 iemAImpl_div_u16,
864 iemAImpl_div_u32,
865 iemAImpl_div_u64
866};
867
868/** Function table for the MUL instruction. */
869IEM_STATIC const IEMOPMULDIVSIZES g_iemAImpl_idiv =
870{
871 iemAImpl_idiv_u8,
872 iemAImpl_idiv_u16,
873 iemAImpl_idiv_u32,
874 iemAImpl_idiv_u64
875};
876
877/** Function table for the SHLD instruction */
878IEM_STATIC const IEMOPSHIFTDBLSIZES g_iemAImpl_shld =
879{
880 iemAImpl_shld_u16,
881 iemAImpl_shld_u32,
882 iemAImpl_shld_u64,
883};
884
885/** Function table for the SHRD instruction */
886IEM_STATIC const IEMOPSHIFTDBLSIZES g_iemAImpl_shrd =
887{
888 iemAImpl_shrd_u16,
889 iemAImpl_shrd_u32,
890 iemAImpl_shrd_u64,
891};
892
893
894/** Function table for the PUNPCKLBW instruction */
895IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpcklbw = { iemAImpl_punpcklbw_u64, iemAImpl_punpcklbw_u128 };
896/** Function table for the PUNPCKLBD instruction */
897IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpcklwd = { iemAImpl_punpcklwd_u64, iemAImpl_punpcklwd_u128 };
898/** Function table for the PUNPCKLDQ instruction */
899IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpckldq = { iemAImpl_punpckldq_u64, iemAImpl_punpckldq_u128 };
900/** Function table for the PUNPCKLQDQ instruction */
901IEM_STATIC const IEMOPMEDIAF1L1 g_iemAImpl_punpcklqdq = { NULL, iemAImpl_punpcklqdq_u128 };
902
903/** Function table for the PUNPCKHBW instruction */
904IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhbw = { iemAImpl_punpckhbw_u64, iemAImpl_punpckhbw_u128 };
905/** Function table for the PUNPCKHBD instruction */
906IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhwd = { iemAImpl_punpckhwd_u64, iemAImpl_punpckhwd_u128 };
907/** Function table for the PUNPCKHDQ instruction */
908IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhdq = { iemAImpl_punpckhdq_u64, iemAImpl_punpckhdq_u128 };
909/** Function table for the PUNPCKHQDQ instruction */
910IEM_STATIC const IEMOPMEDIAF1H1 g_iemAImpl_punpckhqdq = { NULL, iemAImpl_punpckhqdq_u128 };
911
912/** Function table for the PXOR instruction */
913IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pxor = { iemAImpl_pxor_u64, iemAImpl_pxor_u128 };
914/** Function table for the PCMPEQB instruction */
915IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pcmpeqb = { iemAImpl_pcmpeqb_u64, iemAImpl_pcmpeqb_u128 };
916/** Function table for the PCMPEQW instruction */
917IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pcmpeqw = { iemAImpl_pcmpeqw_u64, iemAImpl_pcmpeqw_u128 };
918/** Function table for the PCMPEQD instruction */
919IEM_STATIC const IEMOPMEDIAF2 g_iemAImpl_pcmpeqd = { iemAImpl_pcmpeqd_u64, iemAImpl_pcmpeqd_u128 };
920
921
922#if defined(IEM_LOG_MEMORY_WRITES)
923/** What IEM just wrote. */
924uint8_t g_abIemWrote[256];
925/** How much IEM just wrote. */
926size_t g_cbIemWrote;
927#endif
928
929
930/*********************************************************************************************************************************
931* Internal Functions *
932*********************************************************************************************************************************/
933IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFaultWithErr(PVMCPU pVCpu, uint16_t uErr);
934IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFaultCurrentTSS(PVMCPU pVCpu);
935IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFault0(PVMCPU pVCpu);
936IEM_STATIC VBOXSTRICTRC iemRaiseTaskSwitchFaultBySelector(PVMCPU pVCpu, uint16_t uSel);
937/*IEM_STATIC VBOXSTRICTRC iemRaiseSelectorNotPresent(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess);*/
938IEM_STATIC VBOXSTRICTRC iemRaiseSelectorNotPresentBySelector(PVMCPU pVCpu, uint16_t uSel);
939IEM_STATIC VBOXSTRICTRC iemRaiseSelectorNotPresentWithErr(PVMCPU pVCpu, uint16_t uErr);
940IEM_STATIC VBOXSTRICTRC iemRaiseStackSelectorNotPresentBySelector(PVMCPU pVCpu, uint16_t uSel);
941IEM_STATIC VBOXSTRICTRC iemRaiseStackSelectorNotPresentWithErr(PVMCPU pVCpu, uint16_t uErr);
942IEM_STATIC VBOXSTRICTRC iemRaiseGeneralProtectionFault(PVMCPU pVCpu, uint16_t uErr);
943IEM_STATIC VBOXSTRICTRC iemRaiseGeneralProtectionFault0(PVMCPU pVCpu);
944IEM_STATIC VBOXSTRICTRC iemRaiseGeneralProtectionFaultBySelector(PVMCPU pVCpu, RTSEL uSel);
945IEM_STATIC VBOXSTRICTRC iemRaiseSelectorBounds(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess);
946IEM_STATIC VBOXSTRICTRC iemRaiseSelectorBoundsBySelector(PVMCPU pVCpu, RTSEL Sel);
947IEM_STATIC VBOXSTRICTRC iemRaiseSelectorInvalidAccess(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess);
948IEM_STATIC VBOXSTRICTRC iemRaisePageFault(PVMCPU pVCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc);
949IEM_STATIC VBOXSTRICTRC iemRaiseAlignmentCheckException(PVMCPU pVCpu);
950#ifdef IEM_WITH_SETJMP
951DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaisePageFaultJmp(PVMCPU pVCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc);
952DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseGeneralProtectionFault0Jmp(PVMCPU pVCpu);
953DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseSelectorBoundsJmp(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess);
954DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseSelectorBoundsBySelectorJmp(PVMCPU pVCpu, RTSEL Sel);
955DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseSelectorInvalidAccessJmp(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess);
956#endif
957
958IEM_STATIC VBOXSTRICTRC iemMemMap(PVMCPU pVCpu, void **ppvMem, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess);
959IEM_STATIC VBOXSTRICTRC iemMemCommitAndUnmap(PVMCPU pVCpu, void *pvMem, uint32_t fAccess);
960IEM_STATIC VBOXSTRICTRC iemMemFetchDataU32(PVMCPU pVCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
961IEM_STATIC VBOXSTRICTRC iemMemFetchDataU64(PVMCPU pVCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
962IEM_STATIC VBOXSTRICTRC iemMemFetchSysU8(PVMCPU pVCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
963IEM_STATIC VBOXSTRICTRC iemMemFetchSysU16(PVMCPU pVCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
964IEM_STATIC VBOXSTRICTRC iemMemFetchSysU32(PVMCPU pVCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
965IEM_STATIC VBOXSTRICTRC iemMemFetchSysU64(PVMCPU pVCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
966IEM_STATIC VBOXSTRICTRC iemMemFetchSelDescWithErr(PVMCPU pVCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt, uint16_t uErrorCode);
967IEM_STATIC VBOXSTRICTRC iemMemFetchSelDesc(PVMCPU pVCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt);
968IEM_STATIC VBOXSTRICTRC iemMemStackPushCommitSpecial(PVMCPU pVCpu, void *pvMem, uint64_t uNewRsp);
969IEM_STATIC VBOXSTRICTRC iemMemStackPushBeginSpecial(PVMCPU pVCpu, size_t cbMem, void **ppvMem, uint64_t *puNewRsp);
970IEM_STATIC VBOXSTRICTRC iemMemStackPushU32(PVMCPU pVCpu, uint32_t u32Value);
971IEM_STATIC VBOXSTRICTRC iemMemStackPushU16(PVMCPU pVCpu, uint16_t u16Value);
972IEM_STATIC VBOXSTRICTRC iemMemMarkSelDescAccessed(PVMCPU pVCpu, uint16_t uSel);
973IEM_STATIC uint16_t iemSRegFetchU16(PVMCPU pVCpu, uint8_t iSegReg);
974IEM_STATIC uint64_t iemSRegBaseFetchU64(PVMCPU pVCpu, uint8_t iSegReg);
975
976#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
977IEM_STATIC VBOXSTRICTRC iemVmxVmexitTaskSwitch(PVMCPU pVCpu, IEMTASKSWITCH enmTaskSwitch, RTSEL SelNewTss, uint8_t cbInstr);
978IEM_STATIC VBOXSTRICTRC iemVmxVmexitEvent(PVMCPU pVCpu, uint8_t uVector, uint32_t fFlags, uint32_t uErrCode, uint64_t uCr2, uint8_t cbInstr);
979IEM_STATIC VBOXSTRICTRC iemVmxVmexitTripleFault(PVMCPU pVCpu);
980IEM_STATIC VBOXSTRICTRC iemVmxVmexitPreemptTimer(PVMCPU pVCpu);
981IEM_STATIC VBOXSTRICTRC iemVmxVmexitExtInt(PVMCPU pVCpu, uint8_t uVector, bool fIntPending);
982IEM_STATIC VBOXSTRICTRC iemVmxVmexitStartupIpi(PVMCPU pVCpu, uint8_t uVector);
983IEM_STATIC VBOXSTRICTRC iemVmxVmexitInitIpi(PVMCPU pVCpu);
984IEM_STATIC VBOXSTRICTRC iemVmxVmexitIntWindow(PVMCPU pVCpu);
985IEM_STATIC VBOXSTRICTRC iemVmxVmexitMtf(PVMCPU pVCpu);
986IEM_STATIC VBOXSTRICTRC iemVmxVirtApicAccessMem(PVMCPU pVCpu, uint16_t offAccess, size_t cbAccess, void *pvData, uint32_t fAccess);
987IEM_STATIC VBOXSTRICTRC iemVmxVmexitApicAccess(PVMCPU pVCpu, uint16_t offAccess, uint32_t fAccess);
988IEM_STATIC VBOXSTRICTRC iemVmxVirtApicAccessMsrRead(PVMCPU pVCpu, uint32_t idMsr, uint64_t *pu64Value);
989IEM_STATIC VBOXSTRICTRC iemVmxVirtApicAccessMsrWrite(PVMCPU pVCpu, uint32_t idMsr, uint64_t u64Value);
990#endif
991
992#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
993IEM_STATIC VBOXSTRICTRC iemSvmVmexit(PVMCPU pVCpu, uint64_t uExitCode, uint64_t uExitInfo1, uint64_t uExitInfo2);
994IEM_STATIC VBOXSTRICTRC iemHandleSvmEventIntercept(PVMCPU pVCpu, uint8_t u8Vector, uint32_t fFlags, uint32_t uErr, uint64_t uCr2);
995#endif
996
997
998/**
999 * Sets the pass up status.
1000 *
1001 * @returns VINF_SUCCESS.
1002 * @param pVCpu The cross context virtual CPU structure of the
1003 * calling thread.
1004 * @param rcPassUp The pass up status. Must be informational.
1005 * VINF_SUCCESS is not allowed.
1006 */
1007IEM_STATIC int iemSetPassUpStatus(PVMCPU pVCpu, VBOXSTRICTRC rcPassUp)
1008{
1009 AssertRC(VBOXSTRICTRC_VAL(rcPassUp)); Assert(rcPassUp != VINF_SUCCESS);
1010
1011 int32_t const rcOldPassUp = pVCpu->iem.s.rcPassUp;
1012 if (rcOldPassUp == VINF_SUCCESS)
1013 pVCpu->iem.s.rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
1014 /* If both are EM scheduling codes, use EM priority rules. */
1015 else if ( rcOldPassUp >= VINF_EM_FIRST && rcOldPassUp <= VINF_EM_LAST
1016 && rcPassUp >= VINF_EM_FIRST && rcPassUp <= VINF_EM_LAST)
1017 {
1018 if (rcPassUp < rcOldPassUp)
1019 {
1020 Log(("IEM: rcPassUp=%Rrc! rcOldPassUp=%Rrc\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
1021 pVCpu->iem.s.rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
1022 }
1023 else
1024 Log(("IEM: rcPassUp=%Rrc rcOldPassUp=%Rrc!\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
1025 }
1026 /* Override EM scheduling with specific status code. */
1027 else if (rcOldPassUp >= VINF_EM_FIRST && rcOldPassUp <= VINF_EM_LAST)
1028 {
1029 Log(("IEM: rcPassUp=%Rrc! rcOldPassUp=%Rrc\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
1030 pVCpu->iem.s.rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
1031 }
1032 /* Don't override specific status code, first come first served. */
1033 else
1034 Log(("IEM: rcPassUp=%Rrc rcOldPassUp=%Rrc!\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
1035 return VINF_SUCCESS;
1036}
1037
1038
1039/**
1040 * Calculates the CPU mode.
1041 *
1042 * This is mainly for updating IEMCPU::enmCpuMode.
1043 *
1044 * @returns CPU mode.
1045 * @param pVCpu The cross context virtual CPU structure of the
1046 * calling thread.
1047 */
1048DECLINLINE(IEMMODE) iemCalcCpuMode(PVMCPU pVCpu)
1049{
1050 if (CPUMIsGuestIn64BitCodeEx(&pVCpu->cpum.GstCtx))
1051 return IEMMODE_64BIT;
1052 if (pVCpu->cpum.GstCtx.cs.Attr.n.u1DefBig) /** @todo check if this is correct... */
1053 return IEMMODE_32BIT;
1054 return IEMMODE_16BIT;
1055}
1056
1057
1058/**
1059 * Initializes the execution state.
1060 *
1061 * @param pVCpu The cross context virtual CPU structure of the
1062 * calling thread.
1063 * @param fBypassHandlers Whether to bypass access handlers.
1064 *
1065 * @remarks Callers of this must call iemUninitExec() to undo potentially fatal
1066 * side-effects in strict builds.
1067 */
1068DECLINLINE(void) iemInitExec(PVMCPU pVCpu, bool fBypassHandlers)
1069{
1070 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK);
1071 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IEM));
1072
1073#if defined(VBOX_STRICT) && !defined(VBOX_WITH_RAW_MODE_NOT_R0)
1074 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
1075 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
1076 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.es));
1077 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ds));
1078 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.fs));
1079 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.gs));
1080 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ldtr));
1081 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.tr));
1082#endif
1083
1084#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1085 CPUMGuestLazyLoadHiddenCsAndSs(pVCpu);
1086#endif
1087 pVCpu->iem.s.uCpl = CPUMGetGuestCPL(pVCpu);
1088 pVCpu->iem.s.enmCpuMode = iemCalcCpuMode(pVCpu);
1089#ifdef VBOX_STRICT
1090 pVCpu->iem.s.enmDefAddrMode = (IEMMODE)0xfe;
1091 pVCpu->iem.s.enmEffAddrMode = (IEMMODE)0xfe;
1092 pVCpu->iem.s.enmDefOpSize = (IEMMODE)0xfe;
1093 pVCpu->iem.s.enmEffOpSize = (IEMMODE)0xfe;
1094 pVCpu->iem.s.fPrefixes = 0xfeedbeef;
1095 pVCpu->iem.s.uRexReg = 127;
1096 pVCpu->iem.s.uRexB = 127;
1097 pVCpu->iem.s.offModRm = 127;
1098 pVCpu->iem.s.uRexIndex = 127;
1099 pVCpu->iem.s.iEffSeg = 127;
1100 pVCpu->iem.s.idxPrefix = 127;
1101 pVCpu->iem.s.uVex3rdReg = 127;
1102 pVCpu->iem.s.uVexLength = 127;
1103 pVCpu->iem.s.fEvexStuff = 127;
1104 pVCpu->iem.s.uFpuOpcode = UINT16_MAX;
1105# ifdef IEM_WITH_CODE_TLB
1106 pVCpu->iem.s.offInstrNextByte = UINT16_MAX;
1107 pVCpu->iem.s.pbInstrBuf = NULL;
1108 pVCpu->iem.s.cbInstrBuf = UINT16_MAX;
1109 pVCpu->iem.s.cbInstrBufTotal = UINT16_MAX;
1110 pVCpu->iem.s.offCurInstrStart = INT16_MAX;
1111 pVCpu->iem.s.uInstrBufPc = UINT64_C(0xc0ffc0ffcff0c0ff);
1112# else
1113 pVCpu->iem.s.offOpcode = 127;
1114 pVCpu->iem.s.cbOpcode = 127;
1115# endif
1116#endif
1117
1118 pVCpu->iem.s.cActiveMappings = 0;
1119 pVCpu->iem.s.iNextMapping = 0;
1120 pVCpu->iem.s.rcPassUp = VINF_SUCCESS;
1121 pVCpu->iem.s.fBypassHandlers = fBypassHandlers;
1122#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1123 pVCpu->iem.s.fInPatchCode = pVCpu->iem.s.uCpl == 0
1124 && pVCpu->cpum.GstCtx.cs.u64Base == 0
1125 && pVCpu->cpum.GstCtx.cs.u32Limit == UINT32_MAX
1126 && PATMIsPatchGCAddr(pVCpu->CTX_SUFF(pVM), pVCpu->cpum.GstCtx.eip);
1127 if (!pVCpu->iem.s.fInPatchCode)
1128 CPUMRawLeave(pVCpu, VINF_SUCCESS);
1129#endif
1130}
1131
1132#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
1133/**
1134 * Performs a minimal reinitialization of the execution state.
1135 *
1136 * This is intended to be used by VM-exits, SMM, LOADALL and other similar
1137 * 'world-switch' types operations on the CPU. Currently only nested
1138 * hardware-virtualization uses it.
1139 *
1140 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
1141 */
1142IEM_STATIC void iemReInitExec(PVMCPU pVCpu)
1143{
1144 IEMMODE const enmMode = iemCalcCpuMode(pVCpu);
1145 uint8_t const uCpl = CPUMGetGuestCPL(pVCpu);
1146
1147 pVCpu->iem.s.uCpl = uCpl;
1148 pVCpu->iem.s.enmCpuMode = enmMode;
1149 pVCpu->iem.s.enmDefAddrMode = enmMode; /** @todo check if this is correct... */
1150 pVCpu->iem.s.enmEffAddrMode = enmMode;
1151 if (enmMode != IEMMODE_64BIT)
1152 {
1153 pVCpu->iem.s.enmDefOpSize = enmMode; /** @todo check if this is correct... */
1154 pVCpu->iem.s.enmEffOpSize = enmMode;
1155 }
1156 else
1157 {
1158 pVCpu->iem.s.enmDefOpSize = IEMMODE_32BIT;
1159 pVCpu->iem.s.enmEffOpSize = enmMode;
1160 }
1161 pVCpu->iem.s.iEffSeg = X86_SREG_DS;
1162#ifndef IEM_WITH_CODE_TLB
1163 /** @todo Shouldn't we be doing this in IEMTlbInvalidateAll()? */
1164 pVCpu->iem.s.offOpcode = 0;
1165 pVCpu->iem.s.cbOpcode = 0;
1166#endif
1167 pVCpu->iem.s.rcPassUp = VINF_SUCCESS;
1168}
1169#endif
1170
1171/**
1172 * Counterpart to #iemInitExec that undoes evil strict-build stuff.
1173 *
1174 * @param pVCpu The cross context virtual CPU structure of the
1175 * calling thread.
1176 */
1177DECLINLINE(void) iemUninitExec(PVMCPU pVCpu)
1178{
1179 /* Note! do not touch fInPatchCode here! (see iemUninitExecAndFiddleStatusAndMaybeReenter) */
1180#ifdef VBOX_STRICT
1181# ifdef IEM_WITH_CODE_TLB
1182 NOREF(pVCpu);
1183# else
1184 pVCpu->iem.s.cbOpcode = 0;
1185# endif
1186#else
1187 NOREF(pVCpu);
1188#endif
1189}
1190
1191
1192/**
1193 * Initializes the decoder state.
1194 *
1195 * iemReInitDecoder is mostly a copy of this function.
1196 *
1197 * @param pVCpu The cross context virtual CPU structure of the
1198 * calling thread.
1199 * @param fBypassHandlers Whether to bypass access handlers.
1200 */
1201DECLINLINE(void) iemInitDecoder(PVMCPU pVCpu, bool fBypassHandlers)
1202{
1203 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_MUST_MASK);
1204 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IEM));
1205
1206#if defined(VBOX_STRICT) && !defined(VBOX_WITH_RAW_MODE_NOT_R0)
1207 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
1208 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
1209 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.es));
1210 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ds));
1211 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.fs));
1212 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.gs));
1213 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ldtr));
1214 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.tr));
1215#endif
1216
1217#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1218 CPUMGuestLazyLoadHiddenCsAndSs(pVCpu);
1219#endif
1220 pVCpu->iem.s.uCpl = CPUMGetGuestCPL(pVCpu);
1221 IEMMODE enmMode = iemCalcCpuMode(pVCpu);
1222 pVCpu->iem.s.enmCpuMode = enmMode;
1223 pVCpu->iem.s.enmDefAddrMode = enmMode; /** @todo check if this is correct... */
1224 pVCpu->iem.s.enmEffAddrMode = enmMode;
1225 if (enmMode != IEMMODE_64BIT)
1226 {
1227 pVCpu->iem.s.enmDefOpSize = enmMode; /** @todo check if this is correct... */
1228 pVCpu->iem.s.enmEffOpSize = enmMode;
1229 }
1230 else
1231 {
1232 pVCpu->iem.s.enmDefOpSize = IEMMODE_32BIT;
1233 pVCpu->iem.s.enmEffOpSize = IEMMODE_32BIT;
1234 }
1235 pVCpu->iem.s.fPrefixes = 0;
1236 pVCpu->iem.s.uRexReg = 0;
1237 pVCpu->iem.s.uRexB = 0;
1238 pVCpu->iem.s.uRexIndex = 0;
1239 pVCpu->iem.s.idxPrefix = 0;
1240 pVCpu->iem.s.uVex3rdReg = 0;
1241 pVCpu->iem.s.uVexLength = 0;
1242 pVCpu->iem.s.fEvexStuff = 0;
1243 pVCpu->iem.s.iEffSeg = X86_SREG_DS;
1244#ifdef IEM_WITH_CODE_TLB
1245 pVCpu->iem.s.pbInstrBuf = NULL;
1246 pVCpu->iem.s.offInstrNextByte = 0;
1247 pVCpu->iem.s.offCurInstrStart = 0;
1248# ifdef VBOX_STRICT
1249 pVCpu->iem.s.cbInstrBuf = UINT16_MAX;
1250 pVCpu->iem.s.cbInstrBufTotal = UINT16_MAX;
1251 pVCpu->iem.s.uInstrBufPc = UINT64_C(0xc0ffc0ffcff0c0ff);
1252# endif
1253#else
1254 pVCpu->iem.s.offOpcode = 0;
1255 pVCpu->iem.s.cbOpcode = 0;
1256#endif
1257 pVCpu->iem.s.offModRm = 0;
1258 pVCpu->iem.s.cActiveMappings = 0;
1259 pVCpu->iem.s.iNextMapping = 0;
1260 pVCpu->iem.s.rcPassUp = VINF_SUCCESS;
1261 pVCpu->iem.s.fBypassHandlers = fBypassHandlers;
1262#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1263 pVCpu->iem.s.fInPatchCode = pVCpu->iem.s.uCpl == 0
1264 && pVCpu->cpum.GstCtx.cs.u64Base == 0
1265 && pVCpu->cpum.GstCtx.cs.u32Limit == UINT32_MAX
1266 && PATMIsPatchGCAddr(pVCpu->CTX_SUFF(pVM), pVCpu->cpum.GstCtx.eip);
1267 if (!pVCpu->iem.s.fInPatchCode)
1268 CPUMRawLeave(pVCpu, VINF_SUCCESS);
1269#endif
1270
1271#ifdef DBGFTRACE_ENABLED
1272 switch (enmMode)
1273 {
1274 case IEMMODE_64BIT:
1275 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I64/%u %08llx", pVCpu->iem.s.uCpl, pVCpu->cpum.GstCtx.rip);
1276 break;
1277 case IEMMODE_32BIT:
1278 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I32/%u %04x:%08x", pVCpu->iem.s.uCpl, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip);
1279 break;
1280 case IEMMODE_16BIT:
1281 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I16/%u %04x:%04x", pVCpu->iem.s.uCpl, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip);
1282 break;
1283 }
1284#endif
1285}
1286
1287
1288/**
1289 * Reinitializes the decoder state 2nd+ loop of IEMExecLots.
1290 *
1291 * This is mostly a copy of iemInitDecoder.
1292 *
1293 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
1294 */
1295DECLINLINE(void) iemReInitDecoder(PVMCPU pVCpu)
1296{
1297 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IEM));
1298
1299#if defined(VBOX_STRICT) && !defined(VBOX_WITH_RAW_MODE_NOT_R0)
1300 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
1301 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
1302 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.es));
1303 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ds));
1304 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.fs));
1305 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.gs));
1306 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ldtr));
1307 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.tr));
1308#endif
1309
1310 pVCpu->iem.s.uCpl = CPUMGetGuestCPL(pVCpu); /** @todo this should be updated during execution! */
1311 IEMMODE enmMode = iemCalcCpuMode(pVCpu);
1312 pVCpu->iem.s.enmCpuMode = enmMode; /** @todo this should be updated during execution! */
1313 pVCpu->iem.s.enmDefAddrMode = enmMode; /** @todo check if this is correct... */
1314 pVCpu->iem.s.enmEffAddrMode = enmMode;
1315 if (enmMode != IEMMODE_64BIT)
1316 {
1317 pVCpu->iem.s.enmDefOpSize = enmMode; /** @todo check if this is correct... */
1318 pVCpu->iem.s.enmEffOpSize = enmMode;
1319 }
1320 else
1321 {
1322 pVCpu->iem.s.enmDefOpSize = IEMMODE_32BIT;
1323 pVCpu->iem.s.enmEffOpSize = IEMMODE_32BIT;
1324 }
1325 pVCpu->iem.s.fPrefixes = 0;
1326 pVCpu->iem.s.uRexReg = 0;
1327 pVCpu->iem.s.uRexB = 0;
1328 pVCpu->iem.s.uRexIndex = 0;
1329 pVCpu->iem.s.idxPrefix = 0;
1330 pVCpu->iem.s.uVex3rdReg = 0;
1331 pVCpu->iem.s.uVexLength = 0;
1332 pVCpu->iem.s.fEvexStuff = 0;
1333 pVCpu->iem.s.iEffSeg = X86_SREG_DS;
1334#ifdef IEM_WITH_CODE_TLB
1335 if (pVCpu->iem.s.pbInstrBuf)
1336 {
1337 uint64_t off = (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT ? pVCpu->cpum.GstCtx.rip : pVCpu->cpum.GstCtx.eip + (uint32_t)pVCpu->cpum.GstCtx.cs.u64Base)
1338 - pVCpu->iem.s.uInstrBufPc;
1339 if (off < pVCpu->iem.s.cbInstrBufTotal)
1340 {
1341 pVCpu->iem.s.offInstrNextByte = (uint32_t)off;
1342 pVCpu->iem.s.offCurInstrStart = (uint16_t)off;
1343 if ((uint16_t)off + 15 <= pVCpu->iem.s.cbInstrBufTotal)
1344 pVCpu->iem.s.cbInstrBuf = (uint16_t)off + 15;
1345 else
1346 pVCpu->iem.s.cbInstrBuf = pVCpu->iem.s.cbInstrBufTotal;
1347 }
1348 else
1349 {
1350 pVCpu->iem.s.pbInstrBuf = NULL;
1351 pVCpu->iem.s.offInstrNextByte = 0;
1352 pVCpu->iem.s.offCurInstrStart = 0;
1353 pVCpu->iem.s.cbInstrBuf = 0;
1354 pVCpu->iem.s.cbInstrBufTotal = 0;
1355 }
1356 }
1357 else
1358 {
1359 pVCpu->iem.s.offInstrNextByte = 0;
1360 pVCpu->iem.s.offCurInstrStart = 0;
1361 pVCpu->iem.s.cbInstrBuf = 0;
1362 pVCpu->iem.s.cbInstrBufTotal = 0;
1363 }
1364#else
1365 pVCpu->iem.s.cbOpcode = 0;
1366 pVCpu->iem.s.offOpcode = 0;
1367#endif
1368 pVCpu->iem.s.offModRm = 0;
1369 Assert(pVCpu->iem.s.cActiveMappings == 0);
1370 pVCpu->iem.s.iNextMapping = 0;
1371 Assert(pVCpu->iem.s.rcPassUp == VINF_SUCCESS);
1372 Assert(pVCpu->iem.s.fBypassHandlers == false);
1373#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1374 if (!pVCpu->iem.s.fInPatchCode)
1375 { /* likely */ }
1376 else
1377 {
1378 pVCpu->iem.s.fInPatchCode = pVCpu->iem.s.uCpl == 0
1379 && pVCpu->cpum.GstCtx.cs.u64Base == 0
1380 && pVCpu->cpum.GstCtx.cs.u32Limit == UINT32_MAX
1381 && PATMIsPatchGCAddr(pVCpu->CTX_SUFF(pVM), pVCpu->cpum.GstCtx.eip);
1382 if (!pVCpu->iem.s.fInPatchCode)
1383 CPUMRawLeave(pVCpu, VINF_SUCCESS);
1384 }
1385#endif
1386
1387#ifdef DBGFTRACE_ENABLED
1388 switch (enmMode)
1389 {
1390 case IEMMODE_64BIT:
1391 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I64/%u %08llx", pVCpu->iem.s.uCpl, pVCpu->cpum.GstCtx.rip);
1392 break;
1393 case IEMMODE_32BIT:
1394 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I32/%u %04x:%08x", pVCpu->iem.s.uCpl, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip);
1395 break;
1396 case IEMMODE_16BIT:
1397 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I16/%u %04x:%04x", pVCpu->iem.s.uCpl, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip);
1398 break;
1399 }
1400#endif
1401}
1402
1403
1404
1405/**
1406 * Prefetch opcodes the first time when starting executing.
1407 *
1408 * @returns Strict VBox status code.
1409 * @param pVCpu The cross context virtual CPU structure of the
1410 * calling thread.
1411 * @param fBypassHandlers Whether to bypass access handlers.
1412 */
1413IEM_STATIC VBOXSTRICTRC iemInitDecoderAndPrefetchOpcodes(PVMCPU pVCpu, bool fBypassHandlers)
1414{
1415 iemInitDecoder(pVCpu, fBypassHandlers);
1416
1417#ifdef IEM_WITH_CODE_TLB
1418 /** @todo Do ITLB lookup here. */
1419
1420#else /* !IEM_WITH_CODE_TLB */
1421
1422 /*
1423 * What we're doing here is very similar to iemMemMap/iemMemBounceBufferMap.
1424 *
1425 * First translate CS:rIP to a physical address.
1426 */
1427 uint32_t cbToTryRead;
1428 RTGCPTR GCPtrPC;
1429 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
1430 {
1431 cbToTryRead = PAGE_SIZE;
1432 GCPtrPC = pVCpu->cpum.GstCtx.rip;
1433 if (IEM_IS_CANONICAL(GCPtrPC))
1434 cbToTryRead = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
1435 else
1436 return iemRaiseGeneralProtectionFault0(pVCpu);
1437 }
1438 else
1439 {
1440 uint32_t GCPtrPC32 = pVCpu->cpum.GstCtx.eip;
1441 AssertMsg(!(GCPtrPC32 & ~(uint32_t)UINT16_MAX) || pVCpu->iem.s.enmCpuMode == IEMMODE_32BIT, ("%04x:%RX64\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
1442 if (GCPtrPC32 <= pVCpu->cpum.GstCtx.cs.u32Limit)
1443 cbToTryRead = pVCpu->cpum.GstCtx.cs.u32Limit - GCPtrPC32 + 1;
1444 else
1445 return iemRaiseSelectorBounds(pVCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
1446 if (cbToTryRead) { /* likely */ }
1447 else /* overflowed */
1448 {
1449 Assert(GCPtrPC32 == 0); Assert(pVCpu->cpum.GstCtx.cs.u32Limit == UINT32_MAX);
1450 cbToTryRead = UINT32_MAX;
1451 }
1452 GCPtrPC = (uint32_t)pVCpu->cpum.GstCtx.cs.u64Base + GCPtrPC32;
1453 Assert(GCPtrPC <= UINT32_MAX);
1454 }
1455
1456# ifdef VBOX_WITH_RAW_MODE_NOT_R0
1457 /* Allow interpretation of patch manager code blocks since they can for
1458 instance throw #PFs for perfectly good reasons. */
1459 if (pVCpu->iem.s.fInPatchCode)
1460 {
1461 size_t cbRead = 0;
1462 int rc = PATMReadPatchCode(pVCpu->CTX_SUFF(pVM), GCPtrPC, pVCpu->iem.s.abOpcode, sizeof(pVCpu->iem.s.abOpcode), &cbRead);
1463 AssertRCReturn(rc, rc);
1464 pVCpu->iem.s.cbOpcode = (uint8_t)cbRead; Assert(pVCpu->iem.s.cbOpcode == cbRead); Assert(cbRead > 0);
1465 return VINF_SUCCESS;
1466 }
1467# endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
1468
1469 RTGCPHYS GCPhys;
1470 uint64_t fFlags;
1471 int rc = PGMGstGetPage(pVCpu, GCPtrPC, &fFlags, &GCPhys);
1472 if (RT_SUCCESS(rc)) { /* probable */ }
1473 else
1474 {
1475 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - rc=%Rrc\n", GCPtrPC, rc));
1476 return iemRaisePageFault(pVCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, rc);
1477 }
1478 if ((fFlags & X86_PTE_US) || pVCpu->iem.s.uCpl != 3) { /* likely */ }
1479 else
1480 {
1481 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - supervisor page\n", GCPtrPC));
1482 return iemRaisePageFault(pVCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1483 }
1484 if (!(fFlags & X86_PTE_PAE_NX) || !(pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_NXE)) { /* likely */ }
1485 else
1486 {
1487 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - NX\n", GCPtrPC));
1488 return iemRaisePageFault(pVCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1489 }
1490 GCPhys |= GCPtrPC & PAGE_OFFSET_MASK;
1491 /** @todo Check reserved bits and such stuff. PGM is better at doing
1492 * that, so do it when implementing the guest virtual address
1493 * TLB... */
1494
1495 /*
1496 * Read the bytes at this address.
1497 */
1498 PVM pVM = pVCpu->CTX_SUFF(pVM);
1499# if defined(IN_RING3) && defined(VBOX_WITH_RAW_MODE_NOT_R0)
1500 size_t cbActual;
1501 if ( PATMIsEnabled(pVM)
1502 && RT_SUCCESS(PATMR3ReadOrgInstr(pVM, GCPtrPC, pVCpu->iem.s.abOpcode, sizeof(pVCpu->iem.s.abOpcode), &cbActual)))
1503 {
1504 Log4(("decode - Read %u unpatched bytes at %RGv\n", cbActual, GCPtrPC));
1505 Assert(cbActual > 0);
1506 pVCpu->iem.s.cbOpcode = (uint8_t)cbActual;
1507 }
1508 else
1509# endif
1510 {
1511 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
1512 if (cbToTryRead > cbLeftOnPage)
1513 cbToTryRead = cbLeftOnPage;
1514 if (cbToTryRead > sizeof(pVCpu->iem.s.abOpcode))
1515 cbToTryRead = sizeof(pVCpu->iem.s.abOpcode);
1516
1517 if (!pVCpu->iem.s.fBypassHandlers)
1518 {
1519 VBOXSTRICTRC rcStrict = PGMPhysRead(pVM, GCPhys, pVCpu->iem.s.abOpcode, cbToTryRead, PGMACCESSORIGIN_IEM);
1520 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
1521 { /* likely */ }
1522 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
1523 {
1524 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n",
1525 GCPtrPC, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1526 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
1527 }
1528 else
1529 {
1530 Log((RT_SUCCESS(rcStrict)
1531 ? "iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
1532 : "iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
1533 GCPtrPC, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1534 return rcStrict;
1535 }
1536 }
1537 else
1538 {
1539 rc = PGMPhysSimpleReadGCPhys(pVM, pVCpu->iem.s.abOpcode, GCPhys, cbToTryRead);
1540 if (RT_SUCCESS(rc))
1541 { /* likely */ }
1542 else
1543 {
1544 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read error - rc=%Rrc (!!)\n",
1545 GCPtrPC, GCPhys, rc, cbToTryRead));
1546 return rc;
1547 }
1548 }
1549 pVCpu->iem.s.cbOpcode = cbToTryRead;
1550 }
1551#endif /* !IEM_WITH_CODE_TLB */
1552 return VINF_SUCCESS;
1553}
1554
1555
1556/**
1557 * Invalidates the IEM TLBs.
1558 *
1559 * This is called internally as well as by PGM when moving GC mappings.
1560 *
1561 * @returns
1562 * @param pVCpu The cross context virtual CPU structure of the calling
1563 * thread.
1564 * @param fVmm Set when PGM calls us with a remapping.
1565 */
1566VMM_INT_DECL(void) IEMTlbInvalidateAll(PVMCPU pVCpu, bool fVmm)
1567{
1568#ifdef IEM_WITH_CODE_TLB
1569 pVCpu->iem.s.cbInstrBufTotal = 0;
1570 pVCpu->iem.s.CodeTlb.uTlbRevision += IEMTLB_REVISION_INCR;
1571 if (pVCpu->iem.s.CodeTlb.uTlbRevision != 0)
1572 { /* very likely */ }
1573 else
1574 {
1575 pVCpu->iem.s.CodeTlb.uTlbRevision = IEMTLB_REVISION_INCR;
1576 unsigned i = RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries);
1577 while (i-- > 0)
1578 pVCpu->iem.s.CodeTlb.aEntries[i].uTag = 0;
1579 }
1580#endif
1581
1582#ifdef IEM_WITH_DATA_TLB
1583 pVCpu->iem.s.DataTlb.uTlbRevision += IEMTLB_REVISION_INCR;
1584 if (pVCpu->iem.s.DataTlb.uTlbRevision != 0)
1585 { /* very likely */ }
1586 else
1587 {
1588 pVCpu->iem.s.DataTlb.uTlbRevision = IEMTLB_REVISION_INCR;
1589 unsigned i = RT_ELEMENTS(pVCpu->iem.s.DataTlb.aEntries);
1590 while (i-- > 0)
1591 pVCpu->iem.s.DataTlb.aEntries[i].uTag = 0;
1592 }
1593#endif
1594 NOREF(pVCpu); NOREF(fVmm);
1595}
1596
1597
1598/**
1599 * Invalidates a page in the TLBs.
1600 *
1601 * @param pVCpu The cross context virtual CPU structure of the calling
1602 * thread.
1603 * @param GCPtr The address of the page to invalidate
1604 */
1605VMM_INT_DECL(void) IEMTlbInvalidatePage(PVMCPU pVCpu, RTGCPTR GCPtr)
1606{
1607#if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
1608 GCPtr = GCPtr >> X86_PAGE_SHIFT;
1609 AssertCompile(RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries) == 256);
1610 AssertCompile(RT_ELEMENTS(pVCpu->iem.s.DataTlb.aEntries) == 256);
1611 uintptr_t idx = (uint8_t)GCPtr;
1612
1613# ifdef IEM_WITH_CODE_TLB
1614 if (pVCpu->iem.s.CodeTlb.aEntries[idx].uTag == (GCPtr | pVCpu->iem.s.CodeTlb.uTlbRevision))
1615 {
1616 pVCpu->iem.s.CodeTlb.aEntries[idx].uTag = 0;
1617 if (GCPtr == (pVCpu->iem.s.uInstrBufPc >> X86_PAGE_SHIFT))
1618 pVCpu->iem.s.cbInstrBufTotal = 0;
1619 }
1620# endif
1621
1622# ifdef IEM_WITH_DATA_TLB
1623 if (pVCpu->iem.s.DataTlb.aEntries[idx].uTag == (GCPtr | pVCpu->iem.s.DataTlb.uTlbRevision))
1624 pVCpu->iem.s.DataTlb.aEntries[idx].uTag = 0;
1625# endif
1626#else
1627 NOREF(pVCpu); NOREF(GCPtr);
1628#endif
1629}
1630
1631
1632/**
1633 * Invalidates the host physical aspects of the IEM TLBs.
1634 *
1635 * This is called internally as well as by PGM when moving GC mappings.
1636 *
1637 * @param pVCpu The cross context virtual CPU structure of the calling
1638 * thread.
1639 */
1640VMM_INT_DECL(void) IEMTlbInvalidateAllPhysical(PVMCPU pVCpu)
1641{
1642#if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
1643 /* Note! This probably won't end up looking exactly like this, but it give an idea... */
1644
1645# ifdef IEM_WITH_CODE_TLB
1646 pVCpu->iem.s.cbInstrBufTotal = 0;
1647# endif
1648 uint64_t uTlbPhysRev = pVCpu->iem.s.CodeTlb.uTlbPhysRev + IEMTLB_PHYS_REV_INCR;
1649 if (uTlbPhysRev != 0)
1650 {
1651 pVCpu->iem.s.CodeTlb.uTlbPhysRev = uTlbPhysRev;
1652 pVCpu->iem.s.DataTlb.uTlbPhysRev = uTlbPhysRev;
1653 }
1654 else
1655 {
1656 pVCpu->iem.s.CodeTlb.uTlbPhysRev = IEMTLB_PHYS_REV_INCR;
1657 pVCpu->iem.s.DataTlb.uTlbPhysRev = IEMTLB_PHYS_REV_INCR;
1658
1659 unsigned i;
1660# ifdef IEM_WITH_CODE_TLB
1661 i = RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries);
1662 while (i-- > 0)
1663 {
1664 pVCpu->iem.s.CodeTlb.aEntries[i].pbMappingR3 = NULL;
1665 pVCpu->iem.s.CodeTlb.aEntries[i].fFlagsAndPhysRev &= ~(IEMTLBE_F_PG_NO_WRITE | IEMTLBE_F_PG_NO_READ | IEMTLBE_F_PHYS_REV);
1666 }
1667# endif
1668# ifdef IEM_WITH_DATA_TLB
1669 i = RT_ELEMENTS(pVCpu->iem.s.DataTlb.aEntries);
1670 while (i-- > 0)
1671 {
1672 pVCpu->iem.s.DataTlb.aEntries[i].pbMappingR3 = NULL;
1673 pVCpu->iem.s.DataTlb.aEntries[i].fFlagsAndPhysRev &= ~(IEMTLBE_F_PG_NO_WRITE | IEMTLBE_F_PG_NO_READ | IEMTLBE_F_PHYS_REV);
1674 }
1675# endif
1676 }
1677#else
1678 NOREF(pVCpu);
1679#endif
1680}
1681
1682
1683/**
1684 * Invalidates the host physical aspects of the IEM TLBs.
1685 *
1686 * This is called internally as well as by PGM when moving GC mappings.
1687 *
1688 * @param pVM The cross context VM structure.
1689 *
1690 * @remarks Caller holds the PGM lock.
1691 */
1692VMM_INT_DECL(void) IEMTlbInvalidateAllPhysicalAllCpus(PVM pVM)
1693{
1694 RT_NOREF_PV(pVM);
1695}
1696
1697#ifdef IEM_WITH_CODE_TLB
1698
1699/**
1700 * Tries to fetches @a cbDst opcode bytes, raise the appropriate exception on
1701 * failure and jumps.
1702 *
1703 * We end up here for a number of reasons:
1704 * - pbInstrBuf isn't yet initialized.
1705 * - Advancing beyond the buffer boundrary (e.g. cross page).
1706 * - Advancing beyond the CS segment limit.
1707 * - Fetching from non-mappable page (e.g. MMIO).
1708 *
1709 * @param pVCpu The cross context virtual CPU structure of the
1710 * calling thread.
1711 * @param pvDst Where to return the bytes.
1712 * @param cbDst Number of bytes to read.
1713 *
1714 * @todo Make cbDst = 0 a way of initializing pbInstrBuf?
1715 */
1716IEM_STATIC void iemOpcodeFetchBytesJmp(PVMCPU pVCpu, size_t cbDst, void *pvDst)
1717{
1718#ifdef IN_RING3
1719 for (;;)
1720 {
1721 Assert(cbDst <= 8);
1722 uint32_t offBuf = pVCpu->iem.s.offInstrNextByte;
1723
1724 /*
1725 * We might have a partial buffer match, deal with that first to make the
1726 * rest simpler. This is the first part of the cross page/buffer case.
1727 */
1728 if (pVCpu->iem.s.pbInstrBuf != NULL)
1729 {
1730 if (offBuf < pVCpu->iem.s.cbInstrBuf)
1731 {
1732 Assert(offBuf + cbDst > pVCpu->iem.s.cbInstrBuf);
1733 uint32_t const cbCopy = pVCpu->iem.s.cbInstrBuf - pVCpu->iem.s.offInstrNextByte;
1734 memcpy(pvDst, &pVCpu->iem.s.pbInstrBuf[offBuf], cbCopy);
1735
1736 cbDst -= cbCopy;
1737 pvDst = (uint8_t *)pvDst + cbCopy;
1738 offBuf += cbCopy;
1739 pVCpu->iem.s.offInstrNextByte += offBuf;
1740 }
1741 }
1742
1743 /*
1744 * Check segment limit, figuring how much we're allowed to access at this point.
1745 *
1746 * We will fault immediately if RIP is past the segment limit / in non-canonical
1747 * territory. If we do continue, there are one or more bytes to read before we
1748 * end up in trouble and we need to do that first before faulting.
1749 */
1750 RTGCPTR GCPtrFirst;
1751 uint32_t cbMaxRead;
1752 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
1753 {
1754 GCPtrFirst = pVCpu->cpum.GstCtx.rip + (offBuf - (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart);
1755 if (RT_LIKELY(IEM_IS_CANONICAL(GCPtrFirst)))
1756 { /* likely */ }
1757 else
1758 iemRaiseGeneralProtectionFault0Jmp(pVCpu);
1759 cbMaxRead = X86_PAGE_SIZE - ((uint32_t)GCPtrFirst & X86_PAGE_OFFSET_MASK);
1760 }
1761 else
1762 {
1763 GCPtrFirst = pVCpu->cpum.GstCtx.eip + (offBuf - (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart);
1764 Assert(!(GCPtrFirst & ~(uint32_t)UINT16_MAX) || pVCpu->iem.s.enmCpuMode == IEMMODE_32BIT);
1765 if (RT_LIKELY((uint32_t)GCPtrFirst <= pVCpu->cpum.GstCtx.cs.u32Limit))
1766 { /* likely */ }
1767 else
1768 iemRaiseSelectorBoundsJmp(pVCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
1769 cbMaxRead = pVCpu->cpum.GstCtx.cs.u32Limit - (uint32_t)GCPtrFirst + 1;
1770 if (cbMaxRead != 0)
1771 { /* likely */ }
1772 else
1773 {
1774 /* Overflowed because address is 0 and limit is max. */
1775 Assert(GCPtrFirst == 0); Assert(pVCpu->cpum.GstCtx.cs.u32Limit == UINT32_MAX);
1776 cbMaxRead = X86_PAGE_SIZE;
1777 }
1778 GCPtrFirst = (uint32_t)GCPtrFirst + (uint32_t)pVCpu->cpum.GstCtx.cs.u64Base;
1779 uint32_t cbMaxRead2 = X86_PAGE_SIZE - ((uint32_t)GCPtrFirst & X86_PAGE_OFFSET_MASK);
1780 if (cbMaxRead2 < cbMaxRead)
1781 cbMaxRead = cbMaxRead2;
1782 /** @todo testcase: unreal modes, both huge 16-bit and 32-bit. */
1783 }
1784
1785 /*
1786 * Get the TLB entry for this piece of code.
1787 */
1788 uint64_t uTag = (GCPtrFirst >> X86_PAGE_SHIFT) | pVCpu->iem.s.CodeTlb.uTlbRevision;
1789 AssertCompile(RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries) == 256);
1790 PIEMTLBENTRY pTlbe = &pVCpu->iem.s.CodeTlb.aEntries[(uint8_t)uTag];
1791 if (pTlbe->uTag == uTag)
1792 {
1793 /* likely when executing lots of code, otherwise unlikely */
1794# ifdef VBOX_WITH_STATISTICS
1795 pVCpu->iem.s.CodeTlb.cTlbHits++;
1796# endif
1797 }
1798 else
1799 {
1800 pVCpu->iem.s.CodeTlb.cTlbMisses++;
1801# ifdef VBOX_WITH_RAW_MODE_NOT_R0
1802 if (PATMIsPatchGCAddr(pVCpu->CTX_SUFF(pVM), pVCpu->cpum.GstCtx.eip))
1803 {
1804 pTlbe->uTag = uTag;
1805 pTlbe->fFlagsAndPhysRev = IEMTLBE_F_PATCH_CODE | IEMTLBE_F_PT_NO_WRITE | IEMTLBE_F_PT_NO_USER
1806 | IEMTLBE_F_PT_NO_WRITE | IEMTLBE_F_PT_NO_DIRTY | IEMTLBE_F_NO_MAPPINGR3;
1807 pTlbe->GCPhys = NIL_RTGCPHYS;
1808 pTlbe->pbMappingR3 = NULL;
1809 }
1810 else
1811# endif
1812 {
1813 RTGCPHYS GCPhys;
1814 uint64_t fFlags;
1815 int rc = PGMGstGetPage(pVCpu, GCPtrFirst, &fFlags, &GCPhys);
1816 if (RT_FAILURE(rc))
1817 {
1818 Log(("iemOpcodeFetchMoreBytes: %RGv - rc=%Rrc\n", GCPtrFirst, rc));
1819 iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, rc);
1820 }
1821
1822 AssertCompile(IEMTLBE_F_PT_NO_EXEC == 1);
1823 pTlbe->uTag = uTag;
1824 pTlbe->fFlagsAndPhysRev = (~fFlags & (X86_PTE_US | X86_PTE_RW | X86_PTE_D)) | (fFlags >> X86_PTE_PAE_BIT_NX);
1825 pTlbe->GCPhys = GCPhys;
1826 pTlbe->pbMappingR3 = NULL;
1827 }
1828 }
1829
1830 /*
1831 * Check TLB page table level access flags.
1832 */
1833 if (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PT_NO_USER | IEMTLBE_F_PT_NO_EXEC))
1834 {
1835 if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_USER) && pVCpu->iem.s.uCpl == 3)
1836 {
1837 Log(("iemOpcodeFetchBytesJmp: %RGv - supervisor page\n", GCPtrFirst));
1838 iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1839 }
1840 if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_EXEC) && (pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_NXE))
1841 {
1842 Log(("iemOpcodeFetchMoreBytes: %RGv - NX\n", GCPtrFirst));
1843 iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
1844 }
1845 }
1846
1847# ifdef VBOX_WITH_RAW_MODE_NOT_R0
1848 /*
1849 * Allow interpretation of patch manager code blocks since they can for
1850 * instance throw #PFs for perfectly good reasons.
1851 */
1852 if (!(pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PATCH_CODE))
1853 { /* no unlikely */ }
1854 else
1855 {
1856 /** @todo Could be optimized this a little in ring-3 if we liked. */
1857 size_t cbRead = 0;
1858 int rc = PATMReadPatchCode(pVCpu->CTX_SUFF(pVM), GCPtrFirst, pvDst, cbDst, &cbRead);
1859 AssertRCStmt(rc, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), rc));
1860 AssertStmt(cbRead == cbDst, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VERR_IEM_IPE_1));
1861 return;
1862 }
1863# endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
1864
1865 /*
1866 * Look up the physical page info if necessary.
1867 */
1868 if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PHYS_REV) == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
1869 { /* not necessary */ }
1870 else
1871 {
1872 AssertCompile(PGMIEMGCPHYS2PTR_F_NO_WRITE == IEMTLBE_F_PG_NO_WRITE);
1873 AssertCompile(PGMIEMGCPHYS2PTR_F_NO_READ == IEMTLBE_F_PG_NO_READ);
1874 AssertCompile(PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3 == IEMTLBE_F_NO_MAPPINGR3);
1875 pTlbe->fFlagsAndPhysRev &= ~( IEMTLBE_F_PHYS_REV
1876 | IEMTLBE_F_NO_MAPPINGR3 | IEMTLBE_F_PG_NO_READ | IEMTLBE_F_PG_NO_WRITE);
1877 int rc = PGMPhysIemGCPhys2PtrNoLock(pVCpu->CTX_SUFF(pVM), pVCpu, pTlbe->GCPhys, &pVCpu->iem.s.CodeTlb.uTlbPhysRev,
1878 &pTlbe->pbMappingR3, &pTlbe->fFlagsAndPhysRev);
1879 AssertRCStmt(rc, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), rc));
1880 }
1881
1882# if defined(IN_RING3) || (defined(IN_RING0) && !defined(VBOX_WITH_2X_4GB_ADDR_SPACE))
1883 /*
1884 * Try do a direct read using the pbMappingR3 pointer.
1885 */
1886 if ( (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PHYS_REV | IEMTLBE_F_NO_MAPPINGR3 | IEMTLBE_F_PG_NO_READ))
1887 == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
1888 {
1889 uint32_t const offPg = (GCPtrFirst & X86_PAGE_OFFSET_MASK);
1890 pVCpu->iem.s.cbInstrBufTotal = offPg + cbMaxRead;
1891 if (offBuf == (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart)
1892 {
1893 pVCpu->iem.s.cbInstrBuf = offPg + RT_MIN(15, cbMaxRead);
1894 pVCpu->iem.s.offCurInstrStart = (int16_t)offPg;
1895 }
1896 else
1897 {
1898 uint32_t const cbInstr = offBuf - (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart;
1899 Assert(cbInstr < cbMaxRead);
1900 pVCpu->iem.s.cbInstrBuf = offPg + RT_MIN(cbMaxRead + cbInstr, 15) - cbInstr;
1901 pVCpu->iem.s.offCurInstrStart = (int16_t)(offPg - cbInstr);
1902 }
1903 if (cbDst <= cbMaxRead)
1904 {
1905 pVCpu->iem.s.offInstrNextByte = offPg + (uint32_t)cbDst;
1906 pVCpu->iem.s.uInstrBufPc = GCPtrFirst & ~(RTGCPTR)X86_PAGE_OFFSET_MASK;
1907 pVCpu->iem.s.pbInstrBuf = pTlbe->pbMappingR3;
1908 memcpy(pvDst, &pTlbe->pbMappingR3[offPg], cbDst);
1909 return;
1910 }
1911 pVCpu->iem.s.pbInstrBuf = NULL;
1912
1913 memcpy(pvDst, &pTlbe->pbMappingR3[offPg], cbMaxRead);
1914 pVCpu->iem.s.offInstrNextByte = offPg + cbMaxRead;
1915 }
1916 else
1917# endif
1918#if 0
1919 /*
1920 * If there is no special read handling, so we can read a bit more and
1921 * put it in the prefetch buffer.
1922 */
1923 if ( cbDst < cbMaxRead
1924 && (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PHYS_REV | IEMTLBE_F_PG_NO_READ)) == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
1925 {
1926 VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), pTlbe->GCPhys,
1927 &pVCpu->iem.s.abOpcode[0], cbToTryRead, PGMACCESSORIGIN_IEM);
1928 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
1929 { /* likely */ }
1930 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
1931 {
1932 Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n",
1933 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1934 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
1935 AssertStmt(rcStrict == VINF_SUCCESS, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICRC_VAL(rcStrict)));
1936 }
1937 else
1938 {
1939 Log((RT_SUCCESS(rcStrict)
1940 ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
1941 : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
1942 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
1943 longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
1944 }
1945 }
1946 /*
1947 * Special read handling, so only read exactly what's needed.
1948 * This is a highly unlikely scenario.
1949 */
1950 else
1951#endif
1952 {
1953 pVCpu->iem.s.CodeTlb.cTlbSlowReadPath++;
1954 uint32_t const cbToRead = RT_MIN((uint32_t)cbDst, cbMaxRead);
1955 VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), pTlbe->GCPhys + (GCPtrFirst & X86_PAGE_OFFSET_MASK),
1956 pvDst, cbToRead, PGMACCESSORIGIN_IEM);
1957 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
1958 { /* likely */ }
1959 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
1960 {
1961 Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n",
1962 GCPtrFirst, pTlbe->GCPhys + (GCPtrFirst & X86_PAGE_OFFSET_MASK), VBOXSTRICTRC_VAL(rcStrict), cbToRead));
1963 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
1964 AssertStmt(rcStrict == VINF_SUCCESS, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(rcStrict)));
1965 }
1966 else
1967 {
1968 Log((RT_SUCCESS(rcStrict)
1969 ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
1970 : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
1971 GCPtrFirst, pTlbe->GCPhys + (GCPtrFirst & X86_PAGE_OFFSET_MASK), VBOXSTRICTRC_VAL(rcStrict), cbToRead));
1972 longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
1973 }
1974 pVCpu->iem.s.offInstrNextByte = offBuf + cbToRead;
1975 if (cbToRead == cbDst)
1976 return;
1977 }
1978
1979 /*
1980 * More to read, loop.
1981 */
1982 cbDst -= cbMaxRead;
1983 pvDst = (uint8_t *)pvDst + cbMaxRead;
1984 }
1985#else
1986 RT_NOREF(pvDst, cbDst);
1987 longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VERR_INTERNAL_ERROR);
1988#endif
1989}
1990
1991#else
1992
1993/**
1994 * Try fetch at least @a cbMin bytes more opcodes, raise the appropriate
1995 * exception if it fails.
1996 *
1997 * @returns Strict VBox status code.
1998 * @param pVCpu The cross context virtual CPU structure of the
1999 * calling thread.
2000 * @param cbMin The minimum number of bytes relative offOpcode
2001 * that must be read.
2002 */
2003IEM_STATIC VBOXSTRICTRC iemOpcodeFetchMoreBytes(PVMCPU pVCpu, size_t cbMin)
2004{
2005 /*
2006 * What we're doing here is very similar to iemMemMap/iemMemBounceBufferMap.
2007 *
2008 * First translate CS:rIP to a physical address.
2009 */
2010 uint8_t cbLeft = pVCpu->iem.s.cbOpcode - pVCpu->iem.s.offOpcode; Assert(cbLeft < cbMin);
2011 uint32_t cbToTryRead;
2012 RTGCPTR GCPtrNext;
2013 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
2014 {
2015 cbToTryRead = PAGE_SIZE;
2016 GCPtrNext = pVCpu->cpum.GstCtx.rip + pVCpu->iem.s.cbOpcode;
2017 if (!IEM_IS_CANONICAL(GCPtrNext))
2018 return iemRaiseGeneralProtectionFault0(pVCpu);
2019 }
2020 else
2021 {
2022 uint32_t GCPtrNext32 = pVCpu->cpum.GstCtx.eip;
2023 Assert(!(GCPtrNext32 & ~(uint32_t)UINT16_MAX) || pVCpu->iem.s.enmCpuMode == IEMMODE_32BIT);
2024 GCPtrNext32 += pVCpu->iem.s.cbOpcode;
2025 if (GCPtrNext32 > pVCpu->cpum.GstCtx.cs.u32Limit)
2026 return iemRaiseSelectorBounds(pVCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
2027 cbToTryRead = pVCpu->cpum.GstCtx.cs.u32Limit - GCPtrNext32 + 1;
2028 if (!cbToTryRead) /* overflowed */
2029 {
2030 Assert(GCPtrNext32 == 0); Assert(pVCpu->cpum.GstCtx.cs.u32Limit == UINT32_MAX);
2031 cbToTryRead = UINT32_MAX;
2032 /** @todo check out wrapping around the code segment. */
2033 }
2034 if (cbToTryRead < cbMin - cbLeft)
2035 return iemRaiseSelectorBounds(pVCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
2036 GCPtrNext = (uint32_t)pVCpu->cpum.GstCtx.cs.u64Base + GCPtrNext32;
2037 }
2038
2039 /* Only read up to the end of the page, and make sure we don't read more
2040 than the opcode buffer can hold. */
2041 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrNext & PAGE_OFFSET_MASK);
2042 if (cbToTryRead > cbLeftOnPage)
2043 cbToTryRead = cbLeftOnPage;
2044 if (cbToTryRead > sizeof(pVCpu->iem.s.abOpcode) - pVCpu->iem.s.cbOpcode)
2045 cbToTryRead = sizeof(pVCpu->iem.s.abOpcode) - pVCpu->iem.s.cbOpcode;
2046/** @todo r=bird: Convert assertion into undefined opcode exception? */
2047 Assert(cbToTryRead >= cbMin - cbLeft); /* ASSUMPTION based on iemInitDecoderAndPrefetchOpcodes. */
2048
2049# ifdef VBOX_WITH_RAW_MODE_NOT_R0
2050 /* Allow interpretation of patch manager code blocks since they can for
2051 instance throw #PFs for perfectly good reasons. */
2052 if (pVCpu->iem.s.fInPatchCode)
2053 {
2054 size_t cbRead = 0;
2055 int rc = PATMReadPatchCode(pVCpu->CTX_SUFF(pVM), GCPtrNext, pVCpu->iem.s.abOpcode, cbToTryRead, &cbRead);
2056 AssertRCReturn(rc, rc);
2057 pVCpu->iem.s.cbOpcode = (uint8_t)cbRead; Assert(pVCpu->iem.s.cbOpcode == cbRead); Assert(cbRead > 0);
2058 return VINF_SUCCESS;
2059 }
2060# endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
2061
2062 RTGCPHYS GCPhys;
2063 uint64_t fFlags;
2064 int rc = PGMGstGetPage(pVCpu, GCPtrNext, &fFlags, &GCPhys);
2065 if (RT_FAILURE(rc))
2066 {
2067 Log(("iemOpcodeFetchMoreBytes: %RGv - rc=%Rrc\n", GCPtrNext, rc));
2068 return iemRaisePageFault(pVCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, rc);
2069 }
2070 if (!(fFlags & X86_PTE_US) && pVCpu->iem.s.uCpl == 3)
2071 {
2072 Log(("iemOpcodeFetchMoreBytes: %RGv - supervisor page\n", GCPtrNext));
2073 return iemRaisePageFault(pVCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
2074 }
2075 if ((fFlags & X86_PTE_PAE_NX) && (pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_NXE))
2076 {
2077 Log(("iemOpcodeFetchMoreBytes: %RGv - NX\n", GCPtrNext));
2078 return iemRaisePageFault(pVCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
2079 }
2080 GCPhys |= GCPtrNext & PAGE_OFFSET_MASK;
2081 Log5(("GCPtrNext=%RGv GCPhys=%RGp cbOpcodes=%#x\n", GCPtrNext, GCPhys, pVCpu->iem.s.cbOpcode));
2082 /** @todo Check reserved bits and such stuff. PGM is better at doing
2083 * that, so do it when implementing the guest virtual address
2084 * TLB... */
2085
2086 /*
2087 * Read the bytes at this address.
2088 *
2089 * We read all unpatched bytes in iemInitDecoderAndPrefetchOpcodes already,
2090 * and since PATM should only patch the start of an instruction there
2091 * should be no need to check again here.
2092 */
2093 if (!pVCpu->iem.s.fBypassHandlers)
2094 {
2095 VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), GCPhys, &pVCpu->iem.s.abOpcode[pVCpu->iem.s.cbOpcode],
2096 cbToTryRead, PGMACCESSORIGIN_IEM);
2097 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
2098 { /* likely */ }
2099 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
2100 {
2101 Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n",
2102 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
2103 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
2104 }
2105 else
2106 {
2107 Log((RT_SUCCESS(rcStrict)
2108 ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
2109 : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
2110 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
2111 return rcStrict;
2112 }
2113 }
2114 else
2115 {
2116 rc = PGMPhysSimpleReadGCPhys(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.abOpcode[pVCpu->iem.s.cbOpcode], GCPhys, cbToTryRead);
2117 if (RT_SUCCESS(rc))
2118 { /* likely */ }
2119 else
2120 {
2121 Log(("iemOpcodeFetchMoreBytes: %RGv - read error - rc=%Rrc (!!)\n", GCPtrNext, rc));
2122 return rc;
2123 }
2124 }
2125 pVCpu->iem.s.cbOpcode += cbToTryRead;
2126 Log5(("%.*Rhxs\n", pVCpu->iem.s.cbOpcode, pVCpu->iem.s.abOpcode));
2127
2128 return VINF_SUCCESS;
2129}
2130
2131#endif /* !IEM_WITH_CODE_TLB */
2132#ifndef IEM_WITH_SETJMP
2133
2134/**
2135 * Deals with the problematic cases that iemOpcodeGetNextU8 doesn't like.
2136 *
2137 * @returns Strict VBox status code.
2138 * @param pVCpu The cross context virtual CPU structure of the
2139 * calling thread.
2140 * @param pb Where to return the opcode byte.
2141 */
2142DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU8Slow(PVMCPU pVCpu, uint8_t *pb)
2143{
2144 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 1);
2145 if (rcStrict == VINF_SUCCESS)
2146 {
2147 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2148 *pb = pVCpu->iem.s.abOpcode[offOpcode];
2149 pVCpu->iem.s.offOpcode = offOpcode + 1;
2150 }
2151 else
2152 *pb = 0;
2153 return rcStrict;
2154}
2155
2156
2157/**
2158 * Fetches the next opcode byte.
2159 *
2160 * @returns Strict VBox status code.
2161 * @param pVCpu The cross context virtual CPU structure of the
2162 * calling thread.
2163 * @param pu8 Where to return the opcode byte.
2164 */
2165DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU8(PVMCPU pVCpu, uint8_t *pu8)
2166{
2167 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
2168 if (RT_LIKELY((uint8_t)offOpcode < pVCpu->iem.s.cbOpcode))
2169 {
2170 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 1;
2171 *pu8 = pVCpu->iem.s.abOpcode[offOpcode];
2172 return VINF_SUCCESS;
2173 }
2174 return iemOpcodeGetNextU8Slow(pVCpu, pu8);
2175}
2176
2177#else /* IEM_WITH_SETJMP */
2178
2179/**
2180 * Deals with the problematic cases that iemOpcodeGetNextU8Jmp doesn't like, longjmp on error.
2181 *
2182 * @returns The opcode byte.
2183 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2184 */
2185DECL_NO_INLINE(IEM_STATIC, uint8_t) iemOpcodeGetNextU8SlowJmp(PVMCPU pVCpu)
2186{
2187# ifdef IEM_WITH_CODE_TLB
2188 uint8_t u8;
2189 iemOpcodeFetchBytesJmp(pVCpu, sizeof(u8), &u8);
2190 return u8;
2191# else
2192 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 1);
2193 if (rcStrict == VINF_SUCCESS)
2194 return pVCpu->iem.s.abOpcode[pVCpu->iem.s.offOpcode++];
2195 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
2196# endif
2197}
2198
2199
2200/**
2201 * Fetches the next opcode byte, longjmp on error.
2202 *
2203 * @returns The opcode byte.
2204 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2205 */
2206DECLINLINE(uint8_t) iemOpcodeGetNextU8Jmp(PVMCPU pVCpu)
2207{
2208# ifdef IEM_WITH_CODE_TLB
2209 uintptr_t offBuf = pVCpu->iem.s.offInstrNextByte;
2210 uint8_t const *pbBuf = pVCpu->iem.s.pbInstrBuf;
2211 if (RT_LIKELY( pbBuf != NULL
2212 && offBuf < pVCpu->iem.s.cbInstrBuf))
2213 {
2214 pVCpu->iem.s.offInstrNextByte = (uint32_t)offBuf + 1;
2215 return pbBuf[offBuf];
2216 }
2217# else
2218 uintptr_t offOpcode = pVCpu->iem.s.offOpcode;
2219 if (RT_LIKELY((uint8_t)offOpcode < pVCpu->iem.s.cbOpcode))
2220 {
2221 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 1;
2222 return pVCpu->iem.s.abOpcode[offOpcode];
2223 }
2224# endif
2225 return iemOpcodeGetNextU8SlowJmp(pVCpu);
2226}
2227
2228#endif /* IEM_WITH_SETJMP */
2229
2230/**
2231 * Fetches the next opcode byte, returns automatically on failure.
2232 *
2233 * @param a_pu8 Where to return the opcode byte.
2234 * @remark Implicitly references pVCpu.
2235 */
2236#ifndef IEM_WITH_SETJMP
2237# define IEM_OPCODE_GET_NEXT_U8(a_pu8) \
2238 do \
2239 { \
2240 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU8(pVCpu, (a_pu8)); \
2241 if (rcStrict2 == VINF_SUCCESS) \
2242 { /* likely */ } \
2243 else \
2244 return rcStrict2; \
2245 } while (0)
2246#else
2247# define IEM_OPCODE_GET_NEXT_U8(a_pu8) (*(a_pu8) = iemOpcodeGetNextU8Jmp(pVCpu))
2248#endif /* IEM_WITH_SETJMP */
2249
2250
2251#ifndef IEM_WITH_SETJMP
2252/**
2253 * Fetches the next signed byte from the opcode stream.
2254 *
2255 * @returns Strict VBox status code.
2256 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2257 * @param pi8 Where to return the signed byte.
2258 */
2259DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8(PVMCPU pVCpu, int8_t *pi8)
2260{
2261 return iemOpcodeGetNextU8(pVCpu, (uint8_t *)pi8);
2262}
2263#endif /* !IEM_WITH_SETJMP */
2264
2265
2266/**
2267 * Fetches the next signed byte from the opcode stream, returning automatically
2268 * on failure.
2269 *
2270 * @param a_pi8 Where to return the signed byte.
2271 * @remark Implicitly references pVCpu.
2272 */
2273#ifndef IEM_WITH_SETJMP
2274# define IEM_OPCODE_GET_NEXT_S8(a_pi8) \
2275 do \
2276 { \
2277 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8(pVCpu, (a_pi8)); \
2278 if (rcStrict2 != VINF_SUCCESS) \
2279 return rcStrict2; \
2280 } while (0)
2281#else /* IEM_WITH_SETJMP */
2282# define IEM_OPCODE_GET_NEXT_S8(a_pi8) (*(a_pi8) = (int8_t)iemOpcodeGetNextU8Jmp(pVCpu))
2283
2284#endif /* IEM_WITH_SETJMP */
2285
2286#ifndef IEM_WITH_SETJMP
2287
2288/**
2289 * Deals with the problematic cases that iemOpcodeGetNextS8SxU16 doesn't like.
2290 *
2291 * @returns Strict VBox status code.
2292 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2293 * @param pu16 Where to return the opcode dword.
2294 */
2295DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS8SxU16Slow(PVMCPU pVCpu, uint16_t *pu16)
2296{
2297 uint8_t u8;
2298 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pVCpu, &u8);
2299 if (rcStrict == VINF_SUCCESS)
2300 *pu16 = (int8_t)u8;
2301 return rcStrict;
2302}
2303
2304
2305/**
2306 * Fetches the next signed byte from the opcode stream, extending it to
2307 * unsigned 16-bit.
2308 *
2309 * @returns Strict VBox status code.
2310 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2311 * @param pu16 Where to return the unsigned word.
2312 */
2313DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU16(PVMCPU pVCpu, uint16_t *pu16)
2314{
2315 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
2316 if (RT_UNLIKELY(offOpcode >= pVCpu->iem.s.cbOpcode))
2317 return iemOpcodeGetNextS8SxU16Slow(pVCpu, pu16);
2318
2319 *pu16 = (int8_t)pVCpu->iem.s.abOpcode[offOpcode];
2320 pVCpu->iem.s.offOpcode = offOpcode + 1;
2321 return VINF_SUCCESS;
2322}
2323
2324#endif /* !IEM_WITH_SETJMP */
2325
2326/**
2327 * Fetches the next signed byte from the opcode stream and sign-extending it to
2328 * a word, returning automatically on failure.
2329 *
2330 * @param a_pu16 Where to return the word.
2331 * @remark Implicitly references pVCpu.
2332 */
2333#ifndef IEM_WITH_SETJMP
2334# define IEM_OPCODE_GET_NEXT_S8_SX_U16(a_pu16) \
2335 do \
2336 { \
2337 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU16(pVCpu, (a_pu16)); \
2338 if (rcStrict2 != VINF_SUCCESS) \
2339 return rcStrict2; \
2340 } while (0)
2341#else
2342# define IEM_OPCODE_GET_NEXT_S8_SX_U16(a_pu16) (*(a_pu16) = (int8_t)iemOpcodeGetNextU8Jmp(pVCpu))
2343#endif
2344
2345#ifndef IEM_WITH_SETJMP
2346
2347/**
2348 * Deals with the problematic cases that iemOpcodeGetNextS8SxU32 doesn't like.
2349 *
2350 * @returns Strict VBox status code.
2351 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2352 * @param pu32 Where to return the opcode dword.
2353 */
2354DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS8SxU32Slow(PVMCPU pVCpu, uint32_t *pu32)
2355{
2356 uint8_t u8;
2357 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pVCpu, &u8);
2358 if (rcStrict == VINF_SUCCESS)
2359 *pu32 = (int8_t)u8;
2360 return rcStrict;
2361}
2362
2363
2364/**
2365 * Fetches the next signed byte from the opcode stream, extending it to
2366 * unsigned 32-bit.
2367 *
2368 * @returns Strict VBox status code.
2369 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2370 * @param pu32 Where to return the unsigned dword.
2371 */
2372DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU32(PVMCPU pVCpu, uint32_t *pu32)
2373{
2374 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
2375 if (RT_UNLIKELY(offOpcode >= pVCpu->iem.s.cbOpcode))
2376 return iemOpcodeGetNextS8SxU32Slow(pVCpu, pu32);
2377
2378 *pu32 = (int8_t)pVCpu->iem.s.abOpcode[offOpcode];
2379 pVCpu->iem.s.offOpcode = offOpcode + 1;
2380 return VINF_SUCCESS;
2381}
2382
2383#endif /* !IEM_WITH_SETJMP */
2384
2385/**
2386 * Fetches the next signed byte from the opcode stream and sign-extending it to
2387 * a word, returning automatically on failure.
2388 *
2389 * @param a_pu32 Where to return the word.
2390 * @remark Implicitly references pVCpu.
2391 */
2392#ifndef IEM_WITH_SETJMP
2393#define IEM_OPCODE_GET_NEXT_S8_SX_U32(a_pu32) \
2394 do \
2395 { \
2396 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU32(pVCpu, (a_pu32)); \
2397 if (rcStrict2 != VINF_SUCCESS) \
2398 return rcStrict2; \
2399 } while (0)
2400#else
2401# define IEM_OPCODE_GET_NEXT_S8_SX_U32(a_pu32) (*(a_pu32) = (int8_t)iemOpcodeGetNextU8Jmp(pVCpu))
2402#endif
2403
2404#ifndef IEM_WITH_SETJMP
2405
2406/**
2407 * Deals with the problematic cases that iemOpcodeGetNextS8SxU64 doesn't like.
2408 *
2409 * @returns Strict VBox status code.
2410 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2411 * @param pu64 Where to return the opcode qword.
2412 */
2413DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS8SxU64Slow(PVMCPU pVCpu, uint64_t *pu64)
2414{
2415 uint8_t u8;
2416 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pVCpu, &u8);
2417 if (rcStrict == VINF_SUCCESS)
2418 *pu64 = (int8_t)u8;
2419 return rcStrict;
2420}
2421
2422
2423/**
2424 * Fetches the next signed byte from the opcode stream, extending it to
2425 * unsigned 64-bit.
2426 *
2427 * @returns Strict VBox status code.
2428 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2429 * @param pu64 Where to return the unsigned qword.
2430 */
2431DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU64(PVMCPU pVCpu, uint64_t *pu64)
2432{
2433 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
2434 if (RT_UNLIKELY(offOpcode >= pVCpu->iem.s.cbOpcode))
2435 return iemOpcodeGetNextS8SxU64Slow(pVCpu, pu64);
2436
2437 *pu64 = (int8_t)pVCpu->iem.s.abOpcode[offOpcode];
2438 pVCpu->iem.s.offOpcode = offOpcode + 1;
2439 return VINF_SUCCESS;
2440}
2441
2442#endif /* !IEM_WITH_SETJMP */
2443
2444
2445/**
2446 * Fetches the next signed byte from the opcode stream and sign-extending it to
2447 * a word, returning automatically on failure.
2448 *
2449 * @param a_pu64 Where to return the word.
2450 * @remark Implicitly references pVCpu.
2451 */
2452#ifndef IEM_WITH_SETJMP
2453# define IEM_OPCODE_GET_NEXT_S8_SX_U64(a_pu64) \
2454 do \
2455 { \
2456 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU64(pVCpu, (a_pu64)); \
2457 if (rcStrict2 != VINF_SUCCESS) \
2458 return rcStrict2; \
2459 } while (0)
2460#else
2461# define IEM_OPCODE_GET_NEXT_S8_SX_U64(a_pu64) (*(a_pu64) = (int8_t)iemOpcodeGetNextU8Jmp(pVCpu))
2462#endif
2463
2464
2465#ifndef IEM_WITH_SETJMP
2466/**
2467 * Fetches the next opcode byte.
2468 *
2469 * @returns Strict VBox status code.
2470 * @param pVCpu The cross context virtual CPU structure of the
2471 * calling thread.
2472 * @param pu8 Where to return the opcode byte.
2473 */
2474DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextRm(PVMCPU pVCpu, uint8_t *pu8)
2475{
2476 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
2477 pVCpu->iem.s.offModRm = offOpcode;
2478 if (RT_LIKELY((uint8_t)offOpcode < pVCpu->iem.s.cbOpcode))
2479 {
2480 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 1;
2481 *pu8 = pVCpu->iem.s.abOpcode[offOpcode];
2482 return VINF_SUCCESS;
2483 }
2484 return iemOpcodeGetNextU8Slow(pVCpu, pu8);
2485}
2486#else /* IEM_WITH_SETJMP */
2487/**
2488 * Fetches the next opcode byte, longjmp on error.
2489 *
2490 * @returns The opcode byte.
2491 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2492 */
2493DECLINLINE(uint8_t) iemOpcodeGetNextRmJmp(PVMCPU pVCpu)
2494{
2495# ifdef IEM_WITH_CODE_TLB
2496 uintptr_t offBuf = pVCpu->iem.s.offInstrNextByte;
2497 pVCpu->iem.s.offModRm = offBuf;
2498 uint8_t const *pbBuf = pVCpu->iem.s.pbInstrBuf;
2499 if (RT_LIKELY( pbBuf != NULL
2500 && offBuf < pVCpu->iem.s.cbInstrBuf))
2501 {
2502 pVCpu->iem.s.offInstrNextByte = (uint32_t)offBuf + 1;
2503 return pbBuf[offBuf];
2504 }
2505# else
2506 uintptr_t offOpcode = pVCpu->iem.s.offOpcode;
2507 pVCpu->iem.s.offModRm = offOpcode;
2508 if (RT_LIKELY((uint8_t)offOpcode < pVCpu->iem.s.cbOpcode))
2509 {
2510 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 1;
2511 return pVCpu->iem.s.abOpcode[offOpcode];
2512 }
2513# endif
2514 return iemOpcodeGetNextU8SlowJmp(pVCpu);
2515}
2516#endif /* IEM_WITH_SETJMP */
2517
2518/**
2519 * Fetches the next opcode byte, which is a ModR/M byte, returns automatically
2520 * on failure.
2521 *
2522 * Will note down the position of the ModR/M byte for VT-x exits.
2523 *
2524 * @param a_pbRm Where to return the RM opcode byte.
2525 * @remark Implicitly references pVCpu.
2526 */
2527#ifndef IEM_WITH_SETJMP
2528# define IEM_OPCODE_GET_NEXT_RM(a_pbRm) \
2529 do \
2530 { \
2531 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextRm(pVCpu, (a_pbRm)); \
2532 if (rcStrict2 == VINF_SUCCESS) \
2533 { /* likely */ } \
2534 else \
2535 return rcStrict2; \
2536 } while (0)
2537#else
2538# define IEM_OPCODE_GET_NEXT_RM(a_pbRm) (*(a_pbRm) = iemOpcodeGetNextRmJmp(pVCpu))
2539#endif /* IEM_WITH_SETJMP */
2540
2541
2542#ifndef IEM_WITH_SETJMP
2543
2544/**
2545 * Deals with the problematic cases that iemOpcodeGetNextU16 doesn't like.
2546 *
2547 * @returns Strict VBox status code.
2548 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2549 * @param pu16 Where to return the opcode word.
2550 */
2551DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU16Slow(PVMCPU pVCpu, uint16_t *pu16)
2552{
2553 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 2);
2554 if (rcStrict == VINF_SUCCESS)
2555 {
2556 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2557# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2558 *pu16 = *(uint16_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2559# else
2560 *pu16 = RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2561# endif
2562 pVCpu->iem.s.offOpcode = offOpcode + 2;
2563 }
2564 else
2565 *pu16 = 0;
2566 return rcStrict;
2567}
2568
2569
2570/**
2571 * Fetches the next opcode word.
2572 *
2573 * @returns Strict VBox status code.
2574 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2575 * @param pu16 Where to return the opcode word.
2576 */
2577DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16(PVMCPU pVCpu, uint16_t *pu16)
2578{
2579 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
2580 if (RT_LIKELY((uint8_t)offOpcode + 2 <= pVCpu->iem.s.cbOpcode))
2581 {
2582 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 2;
2583# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2584 *pu16 = *(uint16_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2585# else
2586 *pu16 = RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2587# endif
2588 return VINF_SUCCESS;
2589 }
2590 return iemOpcodeGetNextU16Slow(pVCpu, pu16);
2591}
2592
2593#else /* IEM_WITH_SETJMP */
2594
2595/**
2596 * Deals with the problematic cases that iemOpcodeGetNextU16Jmp doesn't like, longjmp on error
2597 *
2598 * @returns The opcode word.
2599 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2600 */
2601DECL_NO_INLINE(IEM_STATIC, uint16_t) iemOpcodeGetNextU16SlowJmp(PVMCPU pVCpu)
2602{
2603# ifdef IEM_WITH_CODE_TLB
2604 uint16_t u16;
2605 iemOpcodeFetchBytesJmp(pVCpu, sizeof(u16), &u16);
2606 return u16;
2607# else
2608 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 2);
2609 if (rcStrict == VINF_SUCCESS)
2610 {
2611 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2612 pVCpu->iem.s.offOpcode += 2;
2613# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2614 return *(uint16_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2615# else
2616 return RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2617# endif
2618 }
2619 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
2620# endif
2621}
2622
2623
2624/**
2625 * Fetches the next opcode word, longjmp on error.
2626 *
2627 * @returns The opcode word.
2628 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2629 */
2630DECLINLINE(uint16_t) iemOpcodeGetNextU16Jmp(PVMCPU pVCpu)
2631{
2632# ifdef IEM_WITH_CODE_TLB
2633 uintptr_t offBuf = pVCpu->iem.s.offInstrNextByte;
2634 uint8_t const *pbBuf = pVCpu->iem.s.pbInstrBuf;
2635 if (RT_LIKELY( pbBuf != NULL
2636 && offBuf + 2 <= pVCpu->iem.s.cbInstrBuf))
2637 {
2638 pVCpu->iem.s.offInstrNextByte = (uint32_t)offBuf + 2;
2639# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2640 return *(uint16_t const *)&pbBuf[offBuf];
2641# else
2642 return RT_MAKE_U16(pbBuf[offBuf], pbBuf[offBuf + 1]);
2643# endif
2644 }
2645# else
2646 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
2647 if (RT_LIKELY((uint8_t)offOpcode + 2 <= pVCpu->iem.s.cbOpcode))
2648 {
2649 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 2;
2650# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2651 return *(uint16_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2652# else
2653 return RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2654# endif
2655 }
2656# endif
2657 return iemOpcodeGetNextU16SlowJmp(pVCpu);
2658}
2659
2660#endif /* IEM_WITH_SETJMP */
2661
2662
2663/**
2664 * Fetches the next opcode word, returns automatically on failure.
2665 *
2666 * @param a_pu16 Where to return the opcode word.
2667 * @remark Implicitly references pVCpu.
2668 */
2669#ifndef IEM_WITH_SETJMP
2670# define IEM_OPCODE_GET_NEXT_U16(a_pu16) \
2671 do \
2672 { \
2673 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16(pVCpu, (a_pu16)); \
2674 if (rcStrict2 != VINF_SUCCESS) \
2675 return rcStrict2; \
2676 } while (0)
2677#else
2678# define IEM_OPCODE_GET_NEXT_U16(a_pu16) (*(a_pu16) = iemOpcodeGetNextU16Jmp(pVCpu))
2679#endif
2680
2681#ifndef IEM_WITH_SETJMP
2682
2683/**
2684 * Deals with the problematic cases that iemOpcodeGetNextU16ZxU32 doesn't like.
2685 *
2686 * @returns Strict VBox status code.
2687 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2688 * @param pu32 Where to return the opcode double word.
2689 */
2690DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU16ZxU32Slow(PVMCPU pVCpu, uint32_t *pu32)
2691{
2692 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 2);
2693 if (rcStrict == VINF_SUCCESS)
2694 {
2695 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2696 *pu32 = RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2697 pVCpu->iem.s.offOpcode = offOpcode + 2;
2698 }
2699 else
2700 *pu32 = 0;
2701 return rcStrict;
2702}
2703
2704
2705/**
2706 * Fetches the next opcode word, zero extending it to a double word.
2707 *
2708 * @returns Strict VBox status code.
2709 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2710 * @param pu32 Where to return the opcode double word.
2711 */
2712DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16ZxU32(PVMCPU pVCpu, uint32_t *pu32)
2713{
2714 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
2715 if (RT_UNLIKELY(offOpcode + 2 > pVCpu->iem.s.cbOpcode))
2716 return iemOpcodeGetNextU16ZxU32Slow(pVCpu, pu32);
2717
2718 *pu32 = RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2719 pVCpu->iem.s.offOpcode = offOpcode + 2;
2720 return VINF_SUCCESS;
2721}
2722
2723#endif /* !IEM_WITH_SETJMP */
2724
2725
2726/**
2727 * Fetches the next opcode word and zero extends it to a double word, returns
2728 * automatically on failure.
2729 *
2730 * @param a_pu32 Where to return the opcode double word.
2731 * @remark Implicitly references pVCpu.
2732 */
2733#ifndef IEM_WITH_SETJMP
2734# define IEM_OPCODE_GET_NEXT_U16_ZX_U32(a_pu32) \
2735 do \
2736 { \
2737 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16ZxU32(pVCpu, (a_pu32)); \
2738 if (rcStrict2 != VINF_SUCCESS) \
2739 return rcStrict2; \
2740 } while (0)
2741#else
2742# define IEM_OPCODE_GET_NEXT_U16_ZX_U32(a_pu32) (*(a_pu32) = iemOpcodeGetNextU16Jmp(pVCpu))
2743#endif
2744
2745#ifndef IEM_WITH_SETJMP
2746
2747/**
2748 * Deals with the problematic cases that iemOpcodeGetNextU16ZxU64 doesn't like.
2749 *
2750 * @returns Strict VBox status code.
2751 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2752 * @param pu64 Where to return the opcode quad word.
2753 */
2754DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU16ZxU64Slow(PVMCPU pVCpu, uint64_t *pu64)
2755{
2756 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 2);
2757 if (rcStrict == VINF_SUCCESS)
2758 {
2759 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2760 *pu64 = RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2761 pVCpu->iem.s.offOpcode = offOpcode + 2;
2762 }
2763 else
2764 *pu64 = 0;
2765 return rcStrict;
2766}
2767
2768
2769/**
2770 * Fetches the next opcode word, zero extending it to a quad word.
2771 *
2772 * @returns Strict VBox status code.
2773 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2774 * @param pu64 Where to return the opcode quad word.
2775 */
2776DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16ZxU64(PVMCPU pVCpu, uint64_t *pu64)
2777{
2778 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
2779 if (RT_UNLIKELY(offOpcode + 2 > pVCpu->iem.s.cbOpcode))
2780 return iemOpcodeGetNextU16ZxU64Slow(pVCpu, pu64);
2781
2782 *pu64 = RT_MAKE_U16(pVCpu->iem.s.abOpcode[offOpcode], pVCpu->iem.s.abOpcode[offOpcode + 1]);
2783 pVCpu->iem.s.offOpcode = offOpcode + 2;
2784 return VINF_SUCCESS;
2785}
2786
2787#endif /* !IEM_WITH_SETJMP */
2788
2789/**
2790 * Fetches the next opcode word and zero extends it to a quad word, returns
2791 * automatically on failure.
2792 *
2793 * @param a_pu64 Where to return the opcode quad word.
2794 * @remark Implicitly references pVCpu.
2795 */
2796#ifndef IEM_WITH_SETJMP
2797# define IEM_OPCODE_GET_NEXT_U16_ZX_U64(a_pu64) \
2798 do \
2799 { \
2800 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16ZxU64(pVCpu, (a_pu64)); \
2801 if (rcStrict2 != VINF_SUCCESS) \
2802 return rcStrict2; \
2803 } while (0)
2804#else
2805# define IEM_OPCODE_GET_NEXT_U16_ZX_U64(a_pu64) (*(a_pu64) = iemOpcodeGetNextU16Jmp(pVCpu))
2806#endif
2807
2808
2809#ifndef IEM_WITH_SETJMP
2810/**
2811 * Fetches the next signed word from the opcode stream.
2812 *
2813 * @returns Strict VBox status code.
2814 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2815 * @param pi16 Where to return the signed word.
2816 */
2817DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS16(PVMCPU pVCpu, int16_t *pi16)
2818{
2819 return iemOpcodeGetNextU16(pVCpu, (uint16_t *)pi16);
2820}
2821#endif /* !IEM_WITH_SETJMP */
2822
2823
2824/**
2825 * Fetches the next signed word from the opcode stream, returning automatically
2826 * on failure.
2827 *
2828 * @param a_pi16 Where to return the signed word.
2829 * @remark Implicitly references pVCpu.
2830 */
2831#ifndef IEM_WITH_SETJMP
2832# define IEM_OPCODE_GET_NEXT_S16(a_pi16) \
2833 do \
2834 { \
2835 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS16(pVCpu, (a_pi16)); \
2836 if (rcStrict2 != VINF_SUCCESS) \
2837 return rcStrict2; \
2838 } while (0)
2839#else
2840# define IEM_OPCODE_GET_NEXT_S16(a_pi16) (*(a_pi16) = (int16_t)iemOpcodeGetNextU16Jmp(pVCpu))
2841#endif
2842
2843#ifndef IEM_WITH_SETJMP
2844
2845/**
2846 * Deals with the problematic cases that iemOpcodeGetNextU32 doesn't like.
2847 *
2848 * @returns Strict VBox status code.
2849 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2850 * @param pu32 Where to return the opcode dword.
2851 */
2852DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU32Slow(PVMCPU pVCpu, uint32_t *pu32)
2853{
2854 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 4);
2855 if (rcStrict == VINF_SUCCESS)
2856 {
2857 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2858# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2859 *pu32 = *(uint32_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2860# else
2861 *pu32 = RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
2862 pVCpu->iem.s.abOpcode[offOpcode + 1],
2863 pVCpu->iem.s.abOpcode[offOpcode + 2],
2864 pVCpu->iem.s.abOpcode[offOpcode + 3]);
2865# endif
2866 pVCpu->iem.s.offOpcode = offOpcode + 4;
2867 }
2868 else
2869 *pu32 = 0;
2870 return rcStrict;
2871}
2872
2873
2874/**
2875 * Fetches the next opcode dword.
2876 *
2877 * @returns Strict VBox status code.
2878 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2879 * @param pu32 Where to return the opcode double word.
2880 */
2881DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU32(PVMCPU pVCpu, uint32_t *pu32)
2882{
2883 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
2884 if (RT_LIKELY((uint8_t)offOpcode + 4 <= pVCpu->iem.s.cbOpcode))
2885 {
2886 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 4;
2887# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2888 *pu32 = *(uint32_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2889# else
2890 *pu32 = RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
2891 pVCpu->iem.s.abOpcode[offOpcode + 1],
2892 pVCpu->iem.s.abOpcode[offOpcode + 2],
2893 pVCpu->iem.s.abOpcode[offOpcode + 3]);
2894# endif
2895 return VINF_SUCCESS;
2896 }
2897 return iemOpcodeGetNextU32Slow(pVCpu, pu32);
2898}
2899
2900#else /* !IEM_WITH_SETJMP */
2901
2902/**
2903 * Deals with the problematic cases that iemOpcodeGetNextU32Jmp doesn't like, longjmp on error.
2904 *
2905 * @returns The opcode dword.
2906 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2907 */
2908DECL_NO_INLINE(IEM_STATIC, uint32_t) iemOpcodeGetNextU32SlowJmp(PVMCPU pVCpu)
2909{
2910# ifdef IEM_WITH_CODE_TLB
2911 uint32_t u32;
2912 iemOpcodeFetchBytesJmp(pVCpu, sizeof(u32), &u32);
2913 return u32;
2914# else
2915 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 4);
2916 if (rcStrict == VINF_SUCCESS)
2917 {
2918 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
2919 pVCpu->iem.s.offOpcode = offOpcode + 4;
2920# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2921 return *(uint32_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2922# else
2923 return RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
2924 pVCpu->iem.s.abOpcode[offOpcode + 1],
2925 pVCpu->iem.s.abOpcode[offOpcode + 2],
2926 pVCpu->iem.s.abOpcode[offOpcode + 3]);
2927# endif
2928 }
2929 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
2930# endif
2931}
2932
2933
2934/**
2935 * Fetches the next opcode dword, longjmp on error.
2936 *
2937 * @returns The opcode dword.
2938 * @param pVCpu The cross context virtual CPU structure of the calling thread.
2939 */
2940DECLINLINE(uint32_t) iemOpcodeGetNextU32Jmp(PVMCPU pVCpu)
2941{
2942# ifdef IEM_WITH_CODE_TLB
2943 uintptr_t offBuf = pVCpu->iem.s.offInstrNextByte;
2944 uint8_t const *pbBuf = pVCpu->iem.s.pbInstrBuf;
2945 if (RT_LIKELY( pbBuf != NULL
2946 && offBuf + 4 <= pVCpu->iem.s.cbInstrBuf))
2947 {
2948 pVCpu->iem.s.offInstrNextByte = (uint32_t)offBuf + 4;
2949# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2950 return *(uint32_t const *)&pbBuf[offBuf];
2951# else
2952 return RT_MAKE_U32_FROM_U8(pbBuf[offBuf],
2953 pbBuf[offBuf + 1],
2954 pbBuf[offBuf + 2],
2955 pbBuf[offBuf + 3]);
2956# endif
2957 }
2958# else
2959 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
2960 if (RT_LIKELY((uint8_t)offOpcode + 4 <= pVCpu->iem.s.cbOpcode))
2961 {
2962 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 4;
2963# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
2964 return *(uint32_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
2965# else
2966 return RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
2967 pVCpu->iem.s.abOpcode[offOpcode + 1],
2968 pVCpu->iem.s.abOpcode[offOpcode + 2],
2969 pVCpu->iem.s.abOpcode[offOpcode + 3]);
2970# endif
2971 }
2972# endif
2973 return iemOpcodeGetNextU32SlowJmp(pVCpu);
2974}
2975
2976#endif /* !IEM_WITH_SETJMP */
2977
2978
2979/**
2980 * Fetches the next opcode dword, returns automatically on failure.
2981 *
2982 * @param a_pu32 Where to return the opcode dword.
2983 * @remark Implicitly references pVCpu.
2984 */
2985#ifndef IEM_WITH_SETJMP
2986# define IEM_OPCODE_GET_NEXT_U32(a_pu32) \
2987 do \
2988 { \
2989 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU32(pVCpu, (a_pu32)); \
2990 if (rcStrict2 != VINF_SUCCESS) \
2991 return rcStrict2; \
2992 } while (0)
2993#else
2994# define IEM_OPCODE_GET_NEXT_U32(a_pu32) (*(a_pu32) = iemOpcodeGetNextU32Jmp(pVCpu))
2995#endif
2996
2997#ifndef IEM_WITH_SETJMP
2998
2999/**
3000 * Deals with the problematic cases that iemOpcodeGetNextU32ZxU64 doesn't like.
3001 *
3002 * @returns Strict VBox status code.
3003 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3004 * @param pu64 Where to return the opcode dword.
3005 */
3006DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU32ZxU64Slow(PVMCPU pVCpu, uint64_t *pu64)
3007{
3008 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 4);
3009 if (rcStrict == VINF_SUCCESS)
3010 {
3011 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
3012 *pu64 = RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3013 pVCpu->iem.s.abOpcode[offOpcode + 1],
3014 pVCpu->iem.s.abOpcode[offOpcode + 2],
3015 pVCpu->iem.s.abOpcode[offOpcode + 3]);
3016 pVCpu->iem.s.offOpcode = offOpcode + 4;
3017 }
3018 else
3019 *pu64 = 0;
3020 return rcStrict;
3021}
3022
3023
3024/**
3025 * Fetches the next opcode dword, zero extending it to a quad word.
3026 *
3027 * @returns Strict VBox status code.
3028 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3029 * @param pu64 Where to return the opcode quad word.
3030 */
3031DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU32ZxU64(PVMCPU pVCpu, uint64_t *pu64)
3032{
3033 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
3034 if (RT_UNLIKELY(offOpcode + 4 > pVCpu->iem.s.cbOpcode))
3035 return iemOpcodeGetNextU32ZxU64Slow(pVCpu, pu64);
3036
3037 *pu64 = RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3038 pVCpu->iem.s.abOpcode[offOpcode + 1],
3039 pVCpu->iem.s.abOpcode[offOpcode + 2],
3040 pVCpu->iem.s.abOpcode[offOpcode + 3]);
3041 pVCpu->iem.s.offOpcode = offOpcode + 4;
3042 return VINF_SUCCESS;
3043}
3044
3045#endif /* !IEM_WITH_SETJMP */
3046
3047
3048/**
3049 * Fetches the next opcode dword and zero extends it to a quad word, returns
3050 * automatically on failure.
3051 *
3052 * @param a_pu64 Where to return the opcode quad word.
3053 * @remark Implicitly references pVCpu.
3054 */
3055#ifndef IEM_WITH_SETJMP
3056# define IEM_OPCODE_GET_NEXT_U32_ZX_U64(a_pu64) \
3057 do \
3058 { \
3059 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU32ZxU64(pVCpu, (a_pu64)); \
3060 if (rcStrict2 != VINF_SUCCESS) \
3061 return rcStrict2; \
3062 } while (0)
3063#else
3064# define IEM_OPCODE_GET_NEXT_U32_ZX_U64(a_pu64) (*(a_pu64) = iemOpcodeGetNextU32Jmp(pVCpu))
3065#endif
3066
3067
3068#ifndef IEM_WITH_SETJMP
3069/**
3070 * Fetches the next signed double word from the opcode stream.
3071 *
3072 * @returns Strict VBox status code.
3073 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3074 * @param pi32 Where to return the signed double word.
3075 */
3076DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS32(PVMCPU pVCpu, int32_t *pi32)
3077{
3078 return iemOpcodeGetNextU32(pVCpu, (uint32_t *)pi32);
3079}
3080#endif
3081
3082/**
3083 * Fetches the next signed double word from the opcode stream, returning
3084 * automatically on failure.
3085 *
3086 * @param a_pi32 Where to return the signed double word.
3087 * @remark Implicitly references pVCpu.
3088 */
3089#ifndef IEM_WITH_SETJMP
3090# define IEM_OPCODE_GET_NEXT_S32(a_pi32) \
3091 do \
3092 { \
3093 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS32(pVCpu, (a_pi32)); \
3094 if (rcStrict2 != VINF_SUCCESS) \
3095 return rcStrict2; \
3096 } while (0)
3097#else
3098# define IEM_OPCODE_GET_NEXT_S32(a_pi32) (*(a_pi32) = (int32_t)iemOpcodeGetNextU32Jmp(pVCpu))
3099#endif
3100
3101#ifndef IEM_WITH_SETJMP
3102
3103/**
3104 * Deals with the problematic cases that iemOpcodeGetNextS32SxU64 doesn't like.
3105 *
3106 * @returns Strict VBox status code.
3107 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3108 * @param pu64 Where to return the opcode qword.
3109 */
3110DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextS32SxU64Slow(PVMCPU pVCpu, uint64_t *pu64)
3111{
3112 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 4);
3113 if (rcStrict == VINF_SUCCESS)
3114 {
3115 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
3116 *pu64 = (int32_t)RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3117 pVCpu->iem.s.abOpcode[offOpcode + 1],
3118 pVCpu->iem.s.abOpcode[offOpcode + 2],
3119 pVCpu->iem.s.abOpcode[offOpcode + 3]);
3120 pVCpu->iem.s.offOpcode = offOpcode + 4;
3121 }
3122 else
3123 *pu64 = 0;
3124 return rcStrict;
3125}
3126
3127
3128/**
3129 * Fetches the next opcode dword, sign extending it into a quad word.
3130 *
3131 * @returns Strict VBox status code.
3132 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3133 * @param pu64 Where to return the opcode quad word.
3134 */
3135DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS32SxU64(PVMCPU pVCpu, uint64_t *pu64)
3136{
3137 uint8_t const offOpcode = pVCpu->iem.s.offOpcode;
3138 if (RT_UNLIKELY(offOpcode + 4 > pVCpu->iem.s.cbOpcode))
3139 return iemOpcodeGetNextS32SxU64Slow(pVCpu, pu64);
3140
3141 int32_t i32 = RT_MAKE_U32_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3142 pVCpu->iem.s.abOpcode[offOpcode + 1],
3143 pVCpu->iem.s.abOpcode[offOpcode + 2],
3144 pVCpu->iem.s.abOpcode[offOpcode + 3]);
3145 *pu64 = i32;
3146 pVCpu->iem.s.offOpcode = offOpcode + 4;
3147 return VINF_SUCCESS;
3148}
3149
3150#endif /* !IEM_WITH_SETJMP */
3151
3152
3153/**
3154 * Fetches the next opcode double word and sign extends it to a quad word,
3155 * returns automatically on failure.
3156 *
3157 * @param a_pu64 Where to return the opcode quad word.
3158 * @remark Implicitly references pVCpu.
3159 */
3160#ifndef IEM_WITH_SETJMP
3161# define IEM_OPCODE_GET_NEXT_S32_SX_U64(a_pu64) \
3162 do \
3163 { \
3164 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS32SxU64(pVCpu, (a_pu64)); \
3165 if (rcStrict2 != VINF_SUCCESS) \
3166 return rcStrict2; \
3167 } while (0)
3168#else
3169# define IEM_OPCODE_GET_NEXT_S32_SX_U64(a_pu64) (*(a_pu64) = (int32_t)iemOpcodeGetNextU32Jmp(pVCpu))
3170#endif
3171
3172#ifndef IEM_WITH_SETJMP
3173
3174/**
3175 * Deals with the problematic cases that iemOpcodeGetNextU64 doesn't like.
3176 *
3177 * @returns Strict VBox status code.
3178 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3179 * @param pu64 Where to return the opcode qword.
3180 */
3181DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemOpcodeGetNextU64Slow(PVMCPU pVCpu, uint64_t *pu64)
3182{
3183 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 8);
3184 if (rcStrict == VINF_SUCCESS)
3185 {
3186 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
3187# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
3188 *pu64 = *(uint64_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
3189# else
3190 *pu64 = RT_MAKE_U64_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3191 pVCpu->iem.s.abOpcode[offOpcode + 1],
3192 pVCpu->iem.s.abOpcode[offOpcode + 2],
3193 pVCpu->iem.s.abOpcode[offOpcode + 3],
3194 pVCpu->iem.s.abOpcode[offOpcode + 4],
3195 pVCpu->iem.s.abOpcode[offOpcode + 5],
3196 pVCpu->iem.s.abOpcode[offOpcode + 6],
3197 pVCpu->iem.s.abOpcode[offOpcode + 7]);
3198# endif
3199 pVCpu->iem.s.offOpcode = offOpcode + 8;
3200 }
3201 else
3202 *pu64 = 0;
3203 return rcStrict;
3204}
3205
3206
3207/**
3208 * Fetches the next opcode qword.
3209 *
3210 * @returns Strict VBox status code.
3211 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3212 * @param pu64 Where to return the opcode qword.
3213 */
3214DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU64(PVMCPU pVCpu, uint64_t *pu64)
3215{
3216 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
3217 if (RT_LIKELY((uint8_t)offOpcode + 8 <= pVCpu->iem.s.cbOpcode))
3218 {
3219# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
3220 *pu64 = *(uint64_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
3221# else
3222 *pu64 = RT_MAKE_U64_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3223 pVCpu->iem.s.abOpcode[offOpcode + 1],
3224 pVCpu->iem.s.abOpcode[offOpcode + 2],
3225 pVCpu->iem.s.abOpcode[offOpcode + 3],
3226 pVCpu->iem.s.abOpcode[offOpcode + 4],
3227 pVCpu->iem.s.abOpcode[offOpcode + 5],
3228 pVCpu->iem.s.abOpcode[offOpcode + 6],
3229 pVCpu->iem.s.abOpcode[offOpcode + 7]);
3230# endif
3231 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 8;
3232 return VINF_SUCCESS;
3233 }
3234 return iemOpcodeGetNextU64Slow(pVCpu, pu64);
3235}
3236
3237#else /* IEM_WITH_SETJMP */
3238
3239/**
3240 * Deals with the problematic cases that iemOpcodeGetNextU64Jmp doesn't like, longjmp on error.
3241 *
3242 * @returns The opcode qword.
3243 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3244 */
3245DECL_NO_INLINE(IEM_STATIC, uint64_t) iemOpcodeGetNextU64SlowJmp(PVMCPU pVCpu)
3246{
3247# ifdef IEM_WITH_CODE_TLB
3248 uint64_t u64;
3249 iemOpcodeFetchBytesJmp(pVCpu, sizeof(u64), &u64);
3250 return u64;
3251# else
3252 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pVCpu, 8);
3253 if (rcStrict == VINF_SUCCESS)
3254 {
3255 uint8_t offOpcode = pVCpu->iem.s.offOpcode;
3256 pVCpu->iem.s.offOpcode = offOpcode + 8;
3257# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
3258 return *(uint64_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
3259# else
3260 return RT_MAKE_U64_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3261 pVCpu->iem.s.abOpcode[offOpcode + 1],
3262 pVCpu->iem.s.abOpcode[offOpcode + 2],
3263 pVCpu->iem.s.abOpcode[offOpcode + 3],
3264 pVCpu->iem.s.abOpcode[offOpcode + 4],
3265 pVCpu->iem.s.abOpcode[offOpcode + 5],
3266 pVCpu->iem.s.abOpcode[offOpcode + 6],
3267 pVCpu->iem.s.abOpcode[offOpcode + 7]);
3268# endif
3269 }
3270 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
3271# endif
3272}
3273
3274
3275/**
3276 * Fetches the next opcode qword, longjmp on error.
3277 *
3278 * @returns The opcode qword.
3279 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3280 */
3281DECLINLINE(uint64_t) iemOpcodeGetNextU64Jmp(PVMCPU pVCpu)
3282{
3283# ifdef IEM_WITH_CODE_TLB
3284 uintptr_t offBuf = pVCpu->iem.s.offInstrNextByte;
3285 uint8_t const *pbBuf = pVCpu->iem.s.pbInstrBuf;
3286 if (RT_LIKELY( pbBuf != NULL
3287 && offBuf + 8 <= pVCpu->iem.s.cbInstrBuf))
3288 {
3289 pVCpu->iem.s.offInstrNextByte = (uint32_t)offBuf + 8;
3290# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
3291 return *(uint64_t const *)&pbBuf[offBuf];
3292# else
3293 return RT_MAKE_U64_FROM_U8(pbBuf[offBuf],
3294 pbBuf[offBuf + 1],
3295 pbBuf[offBuf + 2],
3296 pbBuf[offBuf + 3],
3297 pbBuf[offBuf + 4],
3298 pbBuf[offBuf + 5],
3299 pbBuf[offBuf + 6],
3300 pbBuf[offBuf + 7]);
3301# endif
3302 }
3303# else
3304 uintptr_t const offOpcode = pVCpu->iem.s.offOpcode;
3305 if (RT_LIKELY((uint8_t)offOpcode + 8 <= pVCpu->iem.s.cbOpcode))
3306 {
3307 pVCpu->iem.s.offOpcode = (uint8_t)offOpcode + 8;
3308# ifdef IEM_USE_UNALIGNED_DATA_ACCESS
3309 return *(uint64_t const *)&pVCpu->iem.s.abOpcode[offOpcode];
3310# else
3311 return RT_MAKE_U64_FROM_U8(pVCpu->iem.s.abOpcode[offOpcode],
3312 pVCpu->iem.s.abOpcode[offOpcode + 1],
3313 pVCpu->iem.s.abOpcode[offOpcode + 2],
3314 pVCpu->iem.s.abOpcode[offOpcode + 3],
3315 pVCpu->iem.s.abOpcode[offOpcode + 4],
3316 pVCpu->iem.s.abOpcode[offOpcode + 5],
3317 pVCpu->iem.s.abOpcode[offOpcode + 6],
3318 pVCpu->iem.s.abOpcode[offOpcode + 7]);
3319# endif
3320 }
3321# endif
3322 return iemOpcodeGetNextU64SlowJmp(pVCpu);
3323}
3324
3325#endif /* IEM_WITH_SETJMP */
3326
3327/**
3328 * Fetches the next opcode quad word, returns automatically on failure.
3329 *
3330 * @param a_pu64 Where to return the opcode quad word.
3331 * @remark Implicitly references pVCpu.
3332 */
3333#ifndef IEM_WITH_SETJMP
3334# define IEM_OPCODE_GET_NEXT_U64(a_pu64) \
3335 do \
3336 { \
3337 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU64(pVCpu, (a_pu64)); \
3338 if (rcStrict2 != VINF_SUCCESS) \
3339 return rcStrict2; \
3340 } while (0)
3341#else
3342# define IEM_OPCODE_GET_NEXT_U64(a_pu64) ( *(a_pu64) = iemOpcodeGetNextU64Jmp(pVCpu) )
3343#endif
3344
3345
3346/** @name Misc Worker Functions.
3347 * @{
3348 */
3349
3350/**
3351 * Gets the exception class for the specified exception vector.
3352 *
3353 * @returns The class of the specified exception.
3354 * @param uVector The exception vector.
3355 */
3356IEM_STATIC IEMXCPTCLASS iemGetXcptClass(uint8_t uVector)
3357{
3358 Assert(uVector <= X86_XCPT_LAST);
3359 switch (uVector)
3360 {
3361 case X86_XCPT_DE:
3362 case X86_XCPT_TS:
3363 case X86_XCPT_NP:
3364 case X86_XCPT_SS:
3365 case X86_XCPT_GP:
3366 case X86_XCPT_SX: /* AMD only */
3367 return IEMXCPTCLASS_CONTRIBUTORY;
3368
3369 case X86_XCPT_PF:
3370 case X86_XCPT_VE: /* Intel only */
3371 return IEMXCPTCLASS_PAGE_FAULT;
3372
3373 case X86_XCPT_DF:
3374 return IEMXCPTCLASS_DOUBLE_FAULT;
3375 }
3376 return IEMXCPTCLASS_BENIGN;
3377}
3378
3379
3380/**
3381 * Evaluates how to handle an exception caused during delivery of another event
3382 * (exception / interrupt).
3383 *
3384 * @returns How to handle the recursive exception.
3385 * @param pVCpu The cross context virtual CPU structure of the
3386 * calling thread.
3387 * @param fPrevFlags The flags of the previous event.
3388 * @param uPrevVector The vector of the previous event.
3389 * @param fCurFlags The flags of the current exception.
3390 * @param uCurVector The vector of the current exception.
3391 * @param pfXcptRaiseInfo Where to store additional information about the
3392 * exception condition. Optional.
3393 */
3394VMM_INT_DECL(IEMXCPTRAISE) IEMEvaluateRecursiveXcpt(PVMCPU pVCpu, uint32_t fPrevFlags, uint8_t uPrevVector, uint32_t fCurFlags,
3395 uint8_t uCurVector, PIEMXCPTRAISEINFO pfXcptRaiseInfo)
3396{
3397 /*
3398 * Only CPU exceptions can be raised while delivering other events, software interrupt
3399 * (INTn/INT3/INTO/ICEBP) generated exceptions cannot occur as the current (second) exception.
3400 */
3401 AssertReturn(fCurFlags & IEM_XCPT_FLAGS_T_CPU_XCPT, IEMXCPTRAISE_INVALID);
3402 Assert(pVCpu); RT_NOREF(pVCpu);
3403 Log2(("IEMEvaluateRecursiveXcpt: uPrevVector=%#x uCurVector=%#x\n", uPrevVector, uCurVector));
3404
3405 IEMXCPTRAISE enmRaise = IEMXCPTRAISE_CURRENT_XCPT;
3406 IEMXCPTRAISEINFO fRaiseInfo = IEMXCPTRAISEINFO_NONE;
3407 if (fPrevFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
3408 {
3409 IEMXCPTCLASS enmPrevXcptClass = iemGetXcptClass(uPrevVector);
3410 if (enmPrevXcptClass != IEMXCPTCLASS_BENIGN)
3411 {
3412 IEMXCPTCLASS enmCurXcptClass = iemGetXcptClass(uCurVector);
3413 if ( enmPrevXcptClass == IEMXCPTCLASS_PAGE_FAULT
3414 && ( enmCurXcptClass == IEMXCPTCLASS_PAGE_FAULT
3415 || enmCurXcptClass == IEMXCPTCLASS_CONTRIBUTORY))
3416 {
3417 enmRaise = IEMXCPTRAISE_DOUBLE_FAULT;
3418 fRaiseInfo = enmCurXcptClass == IEMXCPTCLASS_PAGE_FAULT ? IEMXCPTRAISEINFO_PF_PF
3419 : IEMXCPTRAISEINFO_PF_CONTRIBUTORY_XCPT;
3420 Log2(("IEMEvaluateRecursiveXcpt: Vectoring page fault. uPrevVector=%#x uCurVector=%#x uCr2=%#RX64\n", uPrevVector,
3421 uCurVector, pVCpu->cpum.GstCtx.cr2));
3422 }
3423 else if ( enmPrevXcptClass == IEMXCPTCLASS_CONTRIBUTORY
3424 && enmCurXcptClass == IEMXCPTCLASS_CONTRIBUTORY)
3425 {
3426 enmRaise = IEMXCPTRAISE_DOUBLE_FAULT;
3427 Log2(("IEMEvaluateRecursiveXcpt: uPrevVector=%#x uCurVector=%#x -> #DF\n", uPrevVector, uCurVector));
3428 }
3429 else if ( enmPrevXcptClass == IEMXCPTCLASS_DOUBLE_FAULT
3430 && ( enmCurXcptClass == IEMXCPTCLASS_CONTRIBUTORY
3431 || enmCurXcptClass == IEMXCPTCLASS_PAGE_FAULT))
3432 {
3433 enmRaise = IEMXCPTRAISE_TRIPLE_FAULT;
3434 Log2(("IEMEvaluateRecursiveXcpt: #DF handler raised a %#x exception -> triple fault\n", uCurVector));
3435 }
3436 }
3437 else
3438 {
3439 if (uPrevVector == X86_XCPT_NMI)
3440 {
3441 fRaiseInfo = IEMXCPTRAISEINFO_NMI_XCPT;
3442 if (uCurVector == X86_XCPT_PF)
3443 {
3444 fRaiseInfo |= IEMXCPTRAISEINFO_NMI_PF;
3445 Log2(("IEMEvaluateRecursiveXcpt: NMI delivery caused a page fault\n"));
3446 }
3447 }
3448 else if ( uPrevVector == X86_XCPT_AC
3449 && uCurVector == X86_XCPT_AC)
3450 {
3451 enmRaise = IEMXCPTRAISE_CPU_HANG;
3452 fRaiseInfo = IEMXCPTRAISEINFO_AC_AC;
3453 Log2(("IEMEvaluateRecursiveXcpt: Recursive #AC - Bad guest\n"));
3454 }
3455 }
3456 }
3457 else if (fPrevFlags & IEM_XCPT_FLAGS_T_EXT_INT)
3458 {
3459 fRaiseInfo = IEMXCPTRAISEINFO_EXT_INT_XCPT;
3460 if (uCurVector == X86_XCPT_PF)
3461 fRaiseInfo |= IEMXCPTRAISEINFO_EXT_INT_PF;
3462 }
3463 else
3464 {
3465 Assert(fPrevFlags & IEM_XCPT_FLAGS_T_SOFT_INT);
3466 fRaiseInfo = IEMXCPTRAISEINFO_SOFT_INT_XCPT;
3467 }
3468
3469 if (pfXcptRaiseInfo)
3470 *pfXcptRaiseInfo = fRaiseInfo;
3471 return enmRaise;
3472}
3473
3474
3475/**
3476 * Enters the CPU shutdown state initiated by a triple fault or other
3477 * unrecoverable conditions.
3478 *
3479 * @returns Strict VBox status code.
3480 * @param pVCpu The cross context virtual CPU structure of the
3481 * calling thread.
3482 */
3483IEM_STATIC VBOXSTRICTRC iemInitiateCpuShutdown(PVMCPU pVCpu)
3484{
3485 if (IEM_VMX_IS_NON_ROOT_MODE(pVCpu))
3486 IEM_VMX_VMEXIT_TRIPLE_FAULT_RET(pVCpu);
3487
3488 if (IEM_SVM_IS_CTRL_INTERCEPT_SET(pVCpu, SVM_CTRL_INTERCEPT_SHUTDOWN))
3489 {
3490 Log2(("shutdown: Guest intercept -> #VMEXIT\n"));
3491 IEM_SVM_VMEXIT_RET(pVCpu, SVM_EXIT_SHUTDOWN, 0 /* uExitInfo1 */, 0 /* uExitInfo2 */);
3492 }
3493
3494 RT_NOREF(pVCpu);
3495 return VINF_EM_TRIPLE_FAULT;
3496}
3497
3498
3499/**
3500 * Validates a new SS segment.
3501 *
3502 * @returns VBox strict status code.
3503 * @param pVCpu The cross context virtual CPU structure of the
3504 * calling thread.
3505 * @param NewSS The new SS selctor.
3506 * @param uCpl The CPL to load the stack for.
3507 * @param pDesc Where to return the descriptor.
3508 */
3509IEM_STATIC VBOXSTRICTRC iemMiscValidateNewSS(PVMCPU pVCpu, RTSEL NewSS, uint8_t uCpl, PIEMSELDESC pDesc)
3510{
3511 /* Null selectors are not allowed (we're not called for dispatching
3512 interrupts with SS=0 in long mode). */
3513 if (!(NewSS & X86_SEL_MASK_OFF_RPL))
3514 {
3515 Log(("iemMiscValidateNewSSandRsp: %#x - null selector -> #TS(0)\n", NewSS));
3516 return iemRaiseTaskSwitchFault0(pVCpu);
3517 }
3518
3519 /** @todo testcase: check that the TSS.ssX RPL is checked. Also check when. */
3520 if ((NewSS & X86_SEL_RPL) != uCpl)
3521 {
3522 Log(("iemMiscValidateNewSSandRsp: %#x - RPL and CPL (%d) differs -> #TS\n", NewSS, uCpl));
3523 return iemRaiseTaskSwitchFaultBySelector(pVCpu, NewSS);
3524 }
3525
3526 /*
3527 * Read the descriptor.
3528 */
3529 VBOXSTRICTRC rcStrict = iemMemFetchSelDesc(pVCpu, pDesc, NewSS, X86_XCPT_TS);
3530 if (rcStrict != VINF_SUCCESS)
3531 return rcStrict;
3532
3533 /*
3534 * Perform the descriptor validation documented for LSS, POP SS and MOV SS.
3535 */
3536 if (!pDesc->Legacy.Gen.u1DescType)
3537 {
3538 Log(("iemMiscValidateNewSSandRsp: %#x - system selector (%#x) -> #TS\n", NewSS, pDesc->Legacy.Gen.u4Type));
3539 return iemRaiseTaskSwitchFaultBySelector(pVCpu, NewSS);
3540 }
3541
3542 if ( (pDesc->Legacy.Gen.u4Type & X86_SEL_TYPE_CODE)
3543 || !(pDesc->Legacy.Gen.u4Type & X86_SEL_TYPE_WRITE) )
3544 {
3545 Log(("iemMiscValidateNewSSandRsp: %#x - code or read only (%#x) -> #TS\n", NewSS, pDesc->Legacy.Gen.u4Type));
3546 return iemRaiseTaskSwitchFaultBySelector(pVCpu, NewSS);
3547 }
3548 if (pDesc->Legacy.Gen.u2Dpl != uCpl)
3549 {
3550 Log(("iemMiscValidateNewSSandRsp: %#x - DPL (%d) and CPL (%d) differs -> #TS\n", NewSS, pDesc->Legacy.Gen.u2Dpl, uCpl));
3551 return iemRaiseTaskSwitchFaultBySelector(pVCpu, NewSS);
3552 }
3553
3554 /* Is it there? */
3555 /** @todo testcase: Is this checked before the canonical / limit check below? */
3556 if (!pDesc->Legacy.Gen.u1Present)
3557 {
3558 Log(("iemMiscValidateNewSSandRsp: %#x - segment not present -> #NP\n", NewSS));
3559 return iemRaiseSelectorNotPresentBySelector(pVCpu, NewSS);
3560 }
3561
3562 return VINF_SUCCESS;
3563}
3564
3565
3566/**
3567 * Gets the correct EFLAGS regardless of whether PATM stores parts of them or
3568 * not.
3569 *
3570 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
3571 */
3572#ifdef VBOX_WITH_RAW_MODE_NOT_R0
3573# define IEMMISC_GET_EFL(a_pVCpu) ( CPUMRawGetEFlags(a_pVCpu) )
3574#else
3575# define IEMMISC_GET_EFL(a_pVCpu) ( (a_pVCpu)->cpum.GstCtx.eflags.u )
3576#endif
3577
3578/**
3579 * Updates the EFLAGS in the correct manner wrt. PATM.
3580 *
3581 * @param a_pVCpu The cross context virtual CPU structure of the calling thread.
3582 * @param a_fEfl The new EFLAGS.
3583 */
3584#ifdef VBOX_WITH_RAW_MODE_NOT_R0
3585# define IEMMISC_SET_EFL(a_pVCpu, a_fEfl) CPUMRawSetEFlags((a_pVCpu), a_fEfl)
3586#else
3587# define IEMMISC_SET_EFL(a_pVCpu, a_fEfl) do { (a_pVCpu)->cpum.GstCtx.eflags.u = (a_fEfl); } while (0)
3588#endif
3589
3590
3591/** @} */
3592
3593/** @name Raising Exceptions.
3594 *
3595 * @{
3596 */
3597
3598
3599/**
3600 * Loads the specified stack far pointer from the TSS.
3601 *
3602 * @returns VBox strict status code.
3603 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3604 * @param uCpl The CPL to load the stack for.
3605 * @param pSelSS Where to return the new stack segment.
3606 * @param puEsp Where to return the new stack pointer.
3607 */
3608IEM_STATIC VBOXSTRICTRC iemRaiseLoadStackFromTss32Or16(PVMCPU pVCpu, uint8_t uCpl, PRTSEL pSelSS, uint32_t *puEsp)
3609{
3610 VBOXSTRICTRC rcStrict;
3611 Assert(uCpl < 4);
3612
3613 IEM_CTX_IMPORT_RET(pVCpu, CPUMCTX_EXTRN_TR | CPUMCTX_EXTRN_GDTR | CPUMCTX_EXTRN_LDTR);
3614 switch (pVCpu->cpum.GstCtx.tr.Attr.n.u4Type)
3615 {
3616 /*
3617 * 16-bit TSS (X86TSS16).
3618 */
3619 case X86_SEL_TYPE_SYS_286_TSS_AVAIL: AssertFailed(); RT_FALL_THRU();
3620 case X86_SEL_TYPE_SYS_286_TSS_BUSY:
3621 {
3622 uint32_t off = uCpl * 4 + 2;
3623 if (off + 4 <= pVCpu->cpum.GstCtx.tr.u32Limit)
3624 {
3625 /** @todo check actual access pattern here. */
3626 uint32_t u32Tmp = 0; /* gcc maybe... */
3627 rcStrict = iemMemFetchSysU32(pVCpu, &u32Tmp, UINT8_MAX, pVCpu->cpum.GstCtx.tr.u64Base + off);
3628 if (rcStrict == VINF_SUCCESS)
3629 {
3630 *puEsp = RT_LOWORD(u32Tmp);
3631 *pSelSS = RT_HIWORD(u32Tmp);
3632 return VINF_SUCCESS;
3633 }
3634 }
3635 else
3636 {
3637 Log(("LoadStackFromTss32Or16: out of bounds! uCpl=%d, u32Limit=%#x TSS16\n", uCpl, pVCpu->cpum.GstCtx.tr.u32Limit));
3638 rcStrict = iemRaiseTaskSwitchFaultCurrentTSS(pVCpu);
3639 }
3640 break;
3641 }
3642
3643 /*
3644 * 32-bit TSS (X86TSS32).
3645 */
3646 case X86_SEL_TYPE_SYS_386_TSS_AVAIL: AssertFailed(); RT_FALL_THRU();
3647 case X86_SEL_TYPE_SYS_386_TSS_BUSY:
3648 {
3649 uint32_t off = uCpl * 8 + 4;
3650 if (off + 7 <= pVCpu->cpum.GstCtx.tr.u32Limit)
3651 {
3652/** @todo check actual access pattern here. */
3653 uint64_t u64Tmp;
3654 rcStrict = iemMemFetchSysU64(pVCpu, &u64Tmp, UINT8_MAX, pVCpu->cpum.GstCtx.tr.u64Base + off);
3655 if (rcStrict == VINF_SUCCESS)
3656 {
3657 *puEsp = u64Tmp & UINT32_MAX;
3658 *pSelSS = (RTSEL)(u64Tmp >> 32);
3659 return VINF_SUCCESS;
3660 }
3661 }
3662 else
3663 {
3664 Log(("LoadStackFromTss32Or16: out of bounds! uCpl=%d, u32Limit=%#x TSS16\n", uCpl, pVCpu->cpum.GstCtx.tr.u32Limit));
3665 rcStrict = iemRaiseTaskSwitchFaultCurrentTSS(pVCpu);
3666 }
3667 break;
3668 }
3669
3670 default:
3671 AssertFailed();
3672 rcStrict = VERR_IEM_IPE_4;
3673 break;
3674 }
3675
3676 *puEsp = 0; /* make gcc happy */
3677 *pSelSS = 0; /* make gcc happy */
3678 return rcStrict;
3679}
3680
3681
3682/**
3683 * Loads the specified stack pointer from the 64-bit TSS.
3684 *
3685 * @returns VBox strict status code.
3686 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3687 * @param uCpl The CPL to load the stack for.
3688 * @param uIst The interrupt stack table index, 0 if to use uCpl.
3689 * @param puRsp Where to return the new stack pointer.
3690 */
3691IEM_STATIC VBOXSTRICTRC iemRaiseLoadStackFromTss64(PVMCPU pVCpu, uint8_t uCpl, uint8_t uIst, uint64_t *puRsp)
3692{
3693 Assert(uCpl < 4);
3694 Assert(uIst < 8);
3695 *puRsp = 0; /* make gcc happy */
3696
3697 IEM_CTX_IMPORT_RET(pVCpu, CPUMCTX_EXTRN_TR | CPUMCTX_EXTRN_GDTR | CPUMCTX_EXTRN_LDTR);
3698 AssertReturn(pVCpu->cpum.GstCtx.tr.Attr.n.u4Type == AMD64_SEL_TYPE_SYS_TSS_BUSY, VERR_IEM_IPE_5);
3699
3700 uint32_t off;
3701 if (uIst)
3702 off = (uIst - 1) * sizeof(uint64_t) + RT_UOFFSETOF(X86TSS64, ist1);
3703 else
3704 off = uCpl * sizeof(uint64_t) + RT_UOFFSETOF(X86TSS64, rsp0);
3705 if (off + sizeof(uint64_t) > pVCpu->cpum.GstCtx.tr.u32Limit)
3706 {
3707 Log(("iemRaiseLoadStackFromTss64: out of bounds! uCpl=%d uIst=%d, u32Limit=%#x\n", uCpl, uIst, pVCpu->cpum.GstCtx.tr.u32Limit));
3708 return iemRaiseTaskSwitchFaultCurrentTSS(pVCpu);
3709 }
3710
3711 return iemMemFetchSysU64(pVCpu, puRsp, UINT8_MAX, pVCpu->cpum.GstCtx.tr.u64Base + off);
3712}
3713
3714
3715/**
3716 * Adjust the CPU state according to the exception being raised.
3717 *
3718 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3719 * @param u8Vector The exception that has been raised.
3720 */
3721DECLINLINE(void) iemRaiseXcptAdjustState(PVMCPU pVCpu, uint8_t u8Vector)
3722{
3723 switch (u8Vector)
3724 {
3725 case X86_XCPT_DB:
3726 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_DR7);
3727 pVCpu->cpum.GstCtx.dr[7] &= ~X86_DR7_GD;
3728 break;
3729 /** @todo Read the AMD and Intel exception reference... */
3730 }
3731}
3732
3733
3734/**
3735 * Implements exceptions and interrupts for real mode.
3736 *
3737 * @returns VBox strict status code.
3738 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3739 * @param cbInstr The number of bytes to offset rIP by in the return
3740 * address.
3741 * @param u8Vector The interrupt / exception vector number.
3742 * @param fFlags The flags.
3743 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
3744 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
3745 */
3746IEM_STATIC VBOXSTRICTRC
3747iemRaiseXcptOrIntInRealMode(PVMCPU pVCpu,
3748 uint8_t cbInstr,
3749 uint8_t u8Vector,
3750 uint32_t fFlags,
3751 uint16_t uErr,
3752 uint64_t uCr2)
3753{
3754 NOREF(uErr); NOREF(uCr2);
3755 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
3756
3757 /*
3758 * Read the IDT entry.
3759 */
3760 if (pVCpu->cpum.GstCtx.idtr.cbIdt < UINT32_C(4) * u8Vector + 3)
3761 {
3762 Log(("RaiseXcptOrIntInRealMode: %#x is out of bounds (%#x)\n", u8Vector, pVCpu->cpum.GstCtx.idtr.cbIdt));
3763 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
3764 }
3765 RTFAR16 Idte;
3766 VBOXSTRICTRC rcStrict = iemMemFetchDataU32(pVCpu, (uint32_t *)&Idte, UINT8_MAX, pVCpu->cpum.GstCtx.idtr.pIdt + UINT32_C(4) * u8Vector);
3767 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
3768 {
3769 Log(("iemRaiseXcptOrIntInRealMode: failed to fetch IDT entry! vec=%#x rc=%Rrc\n", u8Vector, VBOXSTRICTRC_VAL(rcStrict)));
3770 return rcStrict;
3771 }
3772
3773 /*
3774 * Push the stack frame.
3775 */
3776 uint16_t *pu16Frame;
3777 uint64_t uNewRsp;
3778 rcStrict = iemMemStackPushBeginSpecial(pVCpu, 6, (void **)&pu16Frame, &uNewRsp);
3779 if (rcStrict != VINF_SUCCESS)
3780 return rcStrict;
3781
3782 uint32_t fEfl = IEMMISC_GET_EFL(pVCpu);
3783#if IEM_CFG_TARGET_CPU == IEMTARGETCPU_DYNAMIC
3784 AssertCompile(IEMTARGETCPU_8086 <= IEMTARGETCPU_186 && IEMTARGETCPU_V20 <= IEMTARGETCPU_186 && IEMTARGETCPU_286 > IEMTARGETCPU_186);
3785 if (pVCpu->iem.s.uTargetCpu <= IEMTARGETCPU_186)
3786 fEfl |= UINT16_C(0xf000);
3787#endif
3788 pu16Frame[2] = (uint16_t)fEfl;
3789 pu16Frame[1] = (uint16_t)pVCpu->cpum.GstCtx.cs.Sel;
3790 pu16Frame[0] = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pVCpu->cpum.GstCtx.ip + cbInstr : pVCpu->cpum.GstCtx.ip;
3791 rcStrict = iemMemStackPushCommitSpecial(pVCpu, pu16Frame, uNewRsp);
3792 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
3793 return rcStrict;
3794
3795 /*
3796 * Load the vector address into cs:ip and make exception specific state
3797 * adjustments.
3798 */
3799 pVCpu->cpum.GstCtx.cs.Sel = Idte.sel;
3800 pVCpu->cpum.GstCtx.cs.ValidSel = Idte.sel;
3801 pVCpu->cpum.GstCtx.cs.fFlags = CPUMSELREG_FLAGS_VALID;
3802 pVCpu->cpum.GstCtx.cs.u64Base = (uint32_t)Idte.sel << 4;
3803 /** @todo do we load attribs and limit as well? Should we check against limit like far jump? */
3804 pVCpu->cpum.GstCtx.rip = Idte.off;
3805 fEfl &= ~(X86_EFL_IF | X86_EFL_TF | X86_EFL_AC);
3806 IEMMISC_SET_EFL(pVCpu, fEfl);
3807
3808 /** @todo do we actually do this in real mode? */
3809 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
3810 iemRaiseXcptAdjustState(pVCpu, u8Vector);
3811
3812 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
3813}
3814
3815
3816/**
3817 * Loads a NULL data selector into when coming from V8086 mode.
3818 *
3819 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3820 * @param pSReg Pointer to the segment register.
3821 */
3822IEM_STATIC void iemHlpLoadNullDataSelectorOnV86Xcpt(PVMCPU pVCpu, PCPUMSELREG pSReg)
3823{
3824 pSReg->Sel = 0;
3825 pSReg->ValidSel = 0;
3826 if (IEM_IS_GUEST_CPU_INTEL(pVCpu))
3827 {
3828 /* VT-x (Intel 3960x) doesn't change the base and limit, clears and sets the following attributes */
3829 pSReg->Attr.u &= X86DESCATTR_DT | X86DESCATTR_TYPE | X86DESCATTR_DPL | X86DESCATTR_G | X86DESCATTR_D;
3830 pSReg->Attr.u |= X86DESCATTR_UNUSABLE;
3831 }
3832 else
3833 {
3834 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
3835 /** @todo check this on AMD-V */
3836 pSReg->u64Base = 0;
3837 pSReg->u32Limit = 0;
3838 }
3839}
3840
3841
3842/**
3843 * Loads a segment selector during a task switch in V8086 mode.
3844 *
3845 * @param pSReg Pointer to the segment register.
3846 * @param uSel The selector value to load.
3847 */
3848IEM_STATIC void iemHlpLoadSelectorInV86Mode(PCPUMSELREG pSReg, uint16_t uSel)
3849{
3850 /* See Intel spec. 26.3.1.2 "Checks on Guest Segment Registers". */
3851 pSReg->Sel = uSel;
3852 pSReg->ValidSel = uSel;
3853 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
3854 pSReg->u64Base = uSel << 4;
3855 pSReg->u32Limit = 0xffff;
3856 pSReg->Attr.u = 0xf3;
3857}
3858
3859
3860/**
3861 * Loads a NULL data selector into a selector register, both the hidden and
3862 * visible parts, in protected mode.
3863 *
3864 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3865 * @param pSReg Pointer to the segment register.
3866 * @param uRpl The RPL.
3867 */
3868IEM_STATIC void iemHlpLoadNullDataSelectorProt(PVMCPU pVCpu, PCPUMSELREG pSReg, RTSEL uRpl)
3869{
3870 /** @todo Testcase: write a testcase checking what happends when loading a NULL
3871 * data selector in protected mode. */
3872 pSReg->Sel = uRpl;
3873 pSReg->ValidSel = uRpl;
3874 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
3875 if (IEM_IS_GUEST_CPU_INTEL(pVCpu))
3876 {
3877 /* VT-x (Intel 3960x) observed doing something like this. */
3878 pSReg->Attr.u = X86DESCATTR_UNUSABLE | X86DESCATTR_G | X86DESCATTR_D | (pVCpu->iem.s.uCpl << X86DESCATTR_DPL_SHIFT);
3879 pSReg->u32Limit = UINT32_MAX;
3880 pSReg->u64Base = 0;
3881 }
3882 else
3883 {
3884 pSReg->Attr.u = X86DESCATTR_UNUSABLE;
3885 pSReg->u32Limit = 0;
3886 pSReg->u64Base = 0;
3887 }
3888}
3889
3890
3891/**
3892 * Loads a segment selector during a task switch in protected mode.
3893 *
3894 * In this task switch scenario, we would throw \#TS exceptions rather than
3895 * \#GPs.
3896 *
3897 * @returns VBox strict status code.
3898 * @param pVCpu The cross context virtual CPU structure of the calling thread.
3899 * @param pSReg Pointer to the segment register.
3900 * @param uSel The new selector value.
3901 *
3902 * @remarks This does _not_ handle CS or SS.
3903 * @remarks This expects pVCpu->iem.s.uCpl to be up to date.
3904 */
3905IEM_STATIC VBOXSTRICTRC iemHlpTaskSwitchLoadDataSelectorInProtMode(PVMCPU pVCpu, PCPUMSELREG pSReg, uint16_t uSel)
3906{
3907 Assert(pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT);
3908
3909 /* Null data selector. */
3910 if (!(uSel & X86_SEL_MASK_OFF_RPL))
3911 {
3912 iemHlpLoadNullDataSelectorProt(pVCpu, pSReg, uSel);
3913 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, pSReg));
3914 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_HIDDEN_SEL_REGS);
3915 return VINF_SUCCESS;
3916 }
3917
3918 /* Fetch the descriptor. */
3919 IEMSELDESC Desc;
3920 VBOXSTRICTRC rcStrict = iemMemFetchSelDesc(pVCpu, &Desc, uSel, X86_XCPT_TS);
3921 if (rcStrict != VINF_SUCCESS)
3922 {
3923 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: failed to fetch selector. uSel=%u rc=%Rrc\n", uSel,
3924 VBOXSTRICTRC_VAL(rcStrict)));
3925 return rcStrict;
3926 }
3927
3928 /* Must be a data segment or readable code segment. */
3929 if ( !Desc.Legacy.Gen.u1DescType
3930 || (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ)) == X86_SEL_TYPE_CODE)
3931 {
3932 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: invalid segment type. uSel=%u Desc.u4Type=%#x\n", uSel,
3933 Desc.Legacy.Gen.u4Type));
3934 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uSel & X86_SEL_MASK_OFF_RPL);
3935 }
3936
3937 /* Check privileges for data segments and non-conforming code segments. */
3938 if ( (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
3939 != (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
3940 {
3941 /* The RPL and the new CPL must be less than or equal to the DPL. */
3942 if ( (unsigned)(uSel & X86_SEL_RPL) > Desc.Legacy.Gen.u2Dpl
3943 || (pVCpu->iem.s.uCpl > Desc.Legacy.Gen.u2Dpl))
3944 {
3945 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: Invalid priv. uSel=%u uSel.RPL=%u DPL=%u CPL=%u\n",
3946 uSel, (uSel & X86_SEL_RPL), Desc.Legacy.Gen.u2Dpl, pVCpu->iem.s.uCpl));
3947 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uSel & X86_SEL_MASK_OFF_RPL);
3948 }
3949 }
3950
3951 /* Is it there? */
3952 if (!Desc.Legacy.Gen.u1Present)
3953 {
3954 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: Segment not present. uSel=%u\n", uSel));
3955 return iemRaiseSelectorNotPresentWithErr(pVCpu, uSel & X86_SEL_MASK_OFF_RPL);
3956 }
3957
3958 /* The base and limit. */
3959 uint32_t cbLimit = X86DESC_LIMIT_G(&Desc.Legacy);
3960 uint64_t u64Base = X86DESC_BASE(&Desc.Legacy);
3961
3962 /*
3963 * Ok, everything checked out fine. Now set the accessed bit before
3964 * committing the result into the registers.
3965 */
3966 if (!(Desc.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
3967 {
3968 rcStrict = iemMemMarkSelDescAccessed(pVCpu, uSel);
3969 if (rcStrict != VINF_SUCCESS)
3970 return rcStrict;
3971 Desc.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
3972 }
3973
3974 /* Commit */
3975 pSReg->Sel = uSel;
3976 pSReg->Attr.u = X86DESC_GET_HID_ATTR(&Desc.Legacy);
3977 pSReg->u32Limit = cbLimit;
3978 pSReg->u64Base = u64Base; /** @todo testcase/investigate: seen claims that the upper half of the base remains unchanged... */
3979 pSReg->ValidSel = uSel;
3980 pSReg->fFlags = CPUMSELREG_FLAGS_VALID;
3981 if (IEM_IS_GUEST_CPU_INTEL(pVCpu))
3982 pSReg->Attr.u &= ~X86DESCATTR_UNUSABLE;
3983
3984 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, pSReg));
3985 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_HIDDEN_SEL_REGS);
3986 return VINF_SUCCESS;
3987}
3988
3989
3990/**
3991 * Performs a task switch.
3992 *
3993 * If the task switch is the result of a JMP, CALL or IRET instruction, the
3994 * caller is responsible for performing the necessary checks (like DPL, TSS
3995 * present etc.) which are specific to JMP/CALL/IRET. See Intel Instruction
3996 * reference for JMP, CALL, IRET.
3997 *
3998 * If the task switch is the due to a software interrupt or hardware exception,
3999 * the caller is responsible for validating the TSS selector and descriptor. See
4000 * Intel Instruction reference for INT n.
4001 *
4002 * @returns VBox strict status code.
4003 * @param pVCpu The cross context virtual CPU structure of the calling thread.
4004 * @param enmTaskSwitch The cause of the task switch.
4005 * @param uNextEip The EIP effective after the task switch.
4006 * @param fFlags The flags, see IEM_XCPT_FLAGS_XXX.
4007 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
4008 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
4009 * @param SelTSS The TSS selector of the new task.
4010 * @param pNewDescTSS Pointer to the new TSS descriptor.
4011 */
4012IEM_STATIC VBOXSTRICTRC
4013iemTaskSwitch(PVMCPU pVCpu,
4014 IEMTASKSWITCH enmTaskSwitch,
4015 uint32_t uNextEip,
4016 uint32_t fFlags,
4017 uint16_t uErr,
4018 uint64_t uCr2,
4019 RTSEL SelTSS,
4020 PIEMSELDESC pNewDescTSS)
4021{
4022 Assert(!IEM_IS_REAL_MODE(pVCpu));
4023 Assert(pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT);
4024 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
4025
4026 uint32_t const uNewTSSType = pNewDescTSS->Legacy.Gate.u4Type;
4027 Assert( uNewTSSType == X86_SEL_TYPE_SYS_286_TSS_AVAIL
4028 || uNewTSSType == X86_SEL_TYPE_SYS_286_TSS_BUSY
4029 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_AVAIL
4030 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_BUSY);
4031
4032 bool const fIsNewTSS386 = ( uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_AVAIL
4033 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_BUSY);
4034
4035 Log(("iemTaskSwitch: enmTaskSwitch=%u NewTSS=%#x fIsNewTSS386=%RTbool EIP=%#RX32 uNextEip=%#RX32\n", enmTaskSwitch, SelTSS,
4036 fIsNewTSS386, pVCpu->cpum.GstCtx.eip, uNextEip));
4037
4038 /* Update CR2 in case it's a page-fault. */
4039 /** @todo This should probably be done much earlier in IEM/PGM. See
4040 * @bugref{5653#c49}. */
4041 if (fFlags & IEM_XCPT_FLAGS_CR2)
4042 pVCpu->cpum.GstCtx.cr2 = uCr2;
4043
4044 /*
4045 * Check the new TSS limit. See Intel spec. 6.15 "Exception and Interrupt Reference"
4046 * subsection "Interrupt 10 - Invalid TSS Exception (#TS)".
4047 */
4048 uint32_t const uNewTSSLimit = pNewDescTSS->Legacy.Gen.u16LimitLow | (pNewDescTSS->Legacy.Gen.u4LimitHigh << 16);
4049 uint32_t const uNewTSSLimitMin = fIsNewTSS386 ? X86_SEL_TYPE_SYS_386_TSS_LIMIT_MIN : X86_SEL_TYPE_SYS_286_TSS_LIMIT_MIN;
4050 if (uNewTSSLimit < uNewTSSLimitMin)
4051 {
4052 Log(("iemTaskSwitch: Invalid new TSS limit. enmTaskSwitch=%u uNewTSSLimit=%#x uNewTSSLimitMin=%#x -> #TS\n",
4053 enmTaskSwitch, uNewTSSLimit, uNewTSSLimitMin));
4054 return iemRaiseTaskSwitchFaultWithErr(pVCpu, SelTSS & X86_SEL_MASK_OFF_RPL);
4055 }
4056
4057 /*
4058 * Task switches in VMX non-root mode always cause task switches.
4059 * The new TSS must have been read and validated (DPL, limits etc.) before a
4060 * task-switch VM-exit commences.
4061 *
4062 * See Intel spec. 25.4.2 ".Treatment of Task Switches"
4063 */
4064 if (IEM_VMX_IS_NON_ROOT_MODE(pVCpu))
4065 {
4066 Log(("iemTaskSwitch: Guest intercept (source=%u, sel=%#x) -> VM-exit.\n", enmTaskSwitch, SelTSS));
4067 IEM_VMX_VMEXIT_TASK_SWITCH_RET(pVCpu, enmTaskSwitch, SelTSS, uNextEip - pVCpu->cpum.GstCtx.eip);
4068 }
4069
4070 /*
4071 * The SVM nested-guest intercept for task-switch takes priority over all exceptions
4072 * after validating the incoming (new) TSS, see AMD spec. 15.14.1 "Task Switch Intercept".
4073 */
4074 if (IEM_SVM_IS_CTRL_INTERCEPT_SET(pVCpu, SVM_CTRL_INTERCEPT_TASK_SWITCH))
4075 {
4076 uint32_t const uExitInfo1 = SelTSS;
4077 uint32_t uExitInfo2 = uErr;
4078 switch (enmTaskSwitch)
4079 {
4080 case IEMTASKSWITCH_JUMP: uExitInfo2 |= SVM_EXIT2_TASK_SWITCH_JUMP; break;
4081 case IEMTASKSWITCH_IRET: uExitInfo2 |= SVM_EXIT2_TASK_SWITCH_IRET; break;
4082 default: break;
4083 }
4084 if (fFlags & IEM_XCPT_FLAGS_ERR)
4085 uExitInfo2 |= SVM_EXIT2_TASK_SWITCH_HAS_ERROR_CODE;
4086 if (pVCpu->cpum.GstCtx.eflags.Bits.u1RF)
4087 uExitInfo2 |= SVM_EXIT2_TASK_SWITCH_EFLAGS_RF;
4088
4089 Log(("iemTaskSwitch: Guest intercept -> #VMEXIT. uExitInfo1=%#RX64 uExitInfo2=%#RX64\n", uExitInfo1, uExitInfo2));
4090 IEM_SVM_VMEXIT_RET(pVCpu, SVM_EXIT_TASK_SWITCH, uExitInfo1, uExitInfo2);
4091 RT_NOREF2(uExitInfo1, uExitInfo2);
4092 }
4093
4094 /*
4095 * Check the current TSS limit. The last written byte to the current TSS during the
4096 * task switch will be 2 bytes at offset 0x5C (32-bit) and 1 byte at offset 0x28 (16-bit).
4097 * See Intel spec. 7.2.1 "Task-State Segment (TSS)" for static and dynamic fields.
4098 *
4099 * The AMD docs doesn't mention anything about limit checks with LTR which suggests you can
4100 * end up with smaller than "legal" TSS limits.
4101 */
4102 uint32_t const uCurTSSLimit = pVCpu->cpum.GstCtx.tr.u32Limit;
4103 uint32_t const uCurTSSLimitMin = fIsNewTSS386 ? 0x5F : 0x29;
4104 if (uCurTSSLimit < uCurTSSLimitMin)
4105 {
4106 Log(("iemTaskSwitch: Invalid current TSS limit. enmTaskSwitch=%u uCurTSSLimit=%#x uCurTSSLimitMin=%#x -> #TS\n",
4107 enmTaskSwitch, uCurTSSLimit, uCurTSSLimitMin));
4108 return iemRaiseTaskSwitchFaultWithErr(pVCpu, SelTSS & X86_SEL_MASK_OFF_RPL);
4109 }
4110
4111 /*
4112 * Verify that the new TSS can be accessed and map it. Map only the required contents
4113 * and not the entire TSS.
4114 */
4115 void *pvNewTSS;
4116 uint32_t cbNewTSS = uNewTSSLimitMin + 1;
4117 RTGCPTR GCPtrNewTSS = X86DESC_BASE(&pNewDescTSS->Legacy);
4118 AssertCompile(sizeof(X86TSS32) == X86_SEL_TYPE_SYS_386_TSS_LIMIT_MIN + 1);
4119 /** @todo Handle if the TSS crosses a page boundary. Intel specifies that it may
4120 * not perform correct translation if this happens. See Intel spec. 7.2.1
4121 * "Task-State Segment" */
4122 VBOXSTRICTRC rcStrict = iemMemMap(pVCpu, &pvNewTSS, cbNewTSS, UINT8_MAX, GCPtrNewTSS, IEM_ACCESS_SYS_RW);
4123 if (rcStrict != VINF_SUCCESS)
4124 {
4125 Log(("iemTaskSwitch: Failed to read new TSS. enmTaskSwitch=%u cbNewTSS=%u uNewTSSLimit=%u rc=%Rrc\n", enmTaskSwitch,
4126 cbNewTSS, uNewTSSLimit, VBOXSTRICTRC_VAL(rcStrict)));
4127 return rcStrict;
4128 }
4129
4130 /*
4131 * Clear the busy bit in current task's TSS descriptor if it's a task switch due to JMP/IRET.
4132 */
4133 uint32_t u32EFlags = pVCpu->cpum.GstCtx.eflags.u32;
4134 if ( enmTaskSwitch == IEMTASKSWITCH_JUMP
4135 || enmTaskSwitch == IEMTASKSWITCH_IRET)
4136 {
4137 PX86DESC pDescCurTSS;
4138 rcStrict = iemMemMap(pVCpu, (void **)&pDescCurTSS, sizeof(*pDescCurTSS), UINT8_MAX,
4139 pVCpu->cpum.GstCtx.gdtr.pGdt + (pVCpu->cpum.GstCtx.tr.Sel & X86_SEL_MASK), IEM_ACCESS_SYS_RW);
4140 if (rcStrict != VINF_SUCCESS)
4141 {
4142 Log(("iemTaskSwitch: Failed to read new TSS descriptor in GDT. enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
4143 enmTaskSwitch, pVCpu->cpum.GstCtx.gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
4144 return rcStrict;
4145 }
4146
4147 pDescCurTSS->Gate.u4Type &= ~X86_SEL_TYPE_SYS_TSS_BUSY_MASK;
4148 rcStrict = iemMemCommitAndUnmap(pVCpu, pDescCurTSS, IEM_ACCESS_SYS_RW);
4149 if (rcStrict != VINF_SUCCESS)
4150 {
4151 Log(("iemTaskSwitch: Failed to commit new TSS descriptor in GDT. enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
4152 enmTaskSwitch, pVCpu->cpum.GstCtx.gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
4153 return rcStrict;
4154 }
4155
4156 /* Clear EFLAGS.NT (Nested Task) in the eflags memory image, if it's a task switch due to an IRET. */
4157 if (enmTaskSwitch == IEMTASKSWITCH_IRET)
4158 {
4159 Assert( uNewTSSType == X86_SEL_TYPE_SYS_286_TSS_BUSY
4160 || uNewTSSType == X86_SEL_TYPE_SYS_386_TSS_BUSY);
4161 u32EFlags &= ~X86_EFL_NT;
4162 }
4163 }
4164
4165 /*
4166 * Save the CPU state into the current TSS.
4167 */
4168 RTGCPTR GCPtrCurTSS = pVCpu->cpum.GstCtx.tr.u64Base;
4169 if (GCPtrNewTSS == GCPtrCurTSS)
4170 {
4171 Log(("iemTaskSwitch: Switching to the same TSS! enmTaskSwitch=%u GCPtr[Cur|New]TSS=%#RGv\n", enmTaskSwitch, GCPtrCurTSS));
4172 Log(("uCurCr3=%#x uCurEip=%#x uCurEflags=%#x uCurEax=%#x uCurEsp=%#x uCurEbp=%#x uCurCS=%#04x uCurSS=%#04x uCurLdt=%#x\n",
4173 pVCpu->cpum.GstCtx.cr3, pVCpu->cpum.GstCtx.eip, pVCpu->cpum.GstCtx.eflags.u32, pVCpu->cpum.GstCtx.eax,
4174 pVCpu->cpum.GstCtx.esp, pVCpu->cpum.GstCtx.ebp, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.ss.Sel,
4175 pVCpu->cpum.GstCtx.ldtr.Sel));
4176 }
4177 if (fIsNewTSS386)
4178 {
4179 /*
4180 * Verify that the current TSS (32-bit) can be accessed, only the minimum required size.
4181 * See Intel spec. 7.2.1 "Task-State Segment (TSS)" for static and dynamic fields.
4182 */
4183 void *pvCurTSS32;
4184 uint32_t offCurTSS = RT_UOFFSETOF(X86TSS32, eip);
4185 uint32_t cbCurTSS = RT_UOFFSETOF(X86TSS32, selLdt) - RT_UOFFSETOF(X86TSS32, eip);
4186 AssertCompile(RTASSERT_OFFSET_OF(X86TSS32, selLdt) - RTASSERT_OFFSET_OF(X86TSS32, eip) == 64);
4187 rcStrict = iemMemMap(pVCpu, &pvCurTSS32, cbCurTSS, UINT8_MAX, GCPtrCurTSS + offCurTSS, IEM_ACCESS_SYS_RW);
4188 if (rcStrict != VINF_SUCCESS)
4189 {
4190 Log(("iemTaskSwitch: Failed to read current 32-bit TSS. enmTaskSwitch=%u GCPtrCurTSS=%#RGv cb=%u rc=%Rrc\n",
4191 enmTaskSwitch, GCPtrCurTSS, cbCurTSS, VBOXSTRICTRC_VAL(rcStrict)));
4192 return rcStrict;
4193 }
4194
4195 /* !! WARNING !! Access -only- the members (dynamic fields) that are mapped, i.e interval [offCurTSS..cbCurTSS). */
4196 PX86TSS32 pCurTSS32 = (PX86TSS32)((uintptr_t)pvCurTSS32 - offCurTSS);
4197 pCurTSS32->eip = uNextEip;
4198 pCurTSS32->eflags = u32EFlags;
4199 pCurTSS32->eax = pVCpu->cpum.GstCtx.eax;
4200 pCurTSS32->ecx = pVCpu->cpum.GstCtx.ecx;
4201 pCurTSS32->edx = pVCpu->cpum.GstCtx.edx;
4202 pCurTSS32->ebx = pVCpu->cpum.GstCtx.ebx;
4203 pCurTSS32->esp = pVCpu->cpum.GstCtx.esp;
4204 pCurTSS32->ebp = pVCpu->cpum.GstCtx.ebp;
4205 pCurTSS32->esi = pVCpu->cpum.GstCtx.esi;
4206 pCurTSS32->edi = pVCpu->cpum.GstCtx.edi;
4207 pCurTSS32->es = pVCpu->cpum.GstCtx.es.Sel;
4208 pCurTSS32->cs = pVCpu->cpum.GstCtx.cs.Sel;
4209 pCurTSS32->ss = pVCpu->cpum.GstCtx.ss.Sel;
4210 pCurTSS32->ds = pVCpu->cpum.GstCtx.ds.Sel;
4211 pCurTSS32->fs = pVCpu->cpum.GstCtx.fs.Sel;
4212 pCurTSS32->gs = pVCpu->cpum.GstCtx.gs.Sel;
4213
4214 rcStrict = iemMemCommitAndUnmap(pVCpu, pvCurTSS32, IEM_ACCESS_SYS_RW);
4215 if (rcStrict != VINF_SUCCESS)
4216 {
4217 Log(("iemTaskSwitch: Failed to commit current 32-bit TSS. enmTaskSwitch=%u rc=%Rrc\n", enmTaskSwitch,
4218 VBOXSTRICTRC_VAL(rcStrict)));
4219 return rcStrict;
4220 }
4221 }
4222 else
4223 {
4224 /*
4225 * Verify that the current TSS (16-bit) can be accessed. Again, only the minimum required size.
4226 */
4227 void *pvCurTSS16;
4228 uint32_t offCurTSS = RT_UOFFSETOF(X86TSS16, ip);
4229 uint32_t cbCurTSS = RT_UOFFSETOF(X86TSS16, selLdt) - RT_UOFFSETOF(X86TSS16, ip);
4230 AssertCompile(RTASSERT_OFFSET_OF(X86TSS16, selLdt) - RTASSERT_OFFSET_OF(X86TSS16, ip) == 28);
4231 rcStrict = iemMemMap(pVCpu, &pvCurTSS16, cbCurTSS, UINT8_MAX, GCPtrCurTSS + offCurTSS, IEM_ACCESS_SYS_RW);
4232 if (rcStrict != VINF_SUCCESS)
4233 {
4234 Log(("iemTaskSwitch: Failed to read current 16-bit TSS. enmTaskSwitch=%u GCPtrCurTSS=%#RGv cb=%u rc=%Rrc\n",
4235 enmTaskSwitch, GCPtrCurTSS, cbCurTSS, VBOXSTRICTRC_VAL(rcStrict)));
4236 return rcStrict;
4237 }
4238
4239 /* !! WARNING !! Access -only- the members (dynamic fields) that are mapped, i.e interval [offCurTSS..cbCurTSS). */
4240 PX86TSS16 pCurTSS16 = (PX86TSS16)((uintptr_t)pvCurTSS16 - offCurTSS);
4241 pCurTSS16->ip = uNextEip;
4242 pCurTSS16->flags = u32EFlags;
4243 pCurTSS16->ax = pVCpu->cpum.GstCtx.ax;
4244 pCurTSS16->cx = pVCpu->cpum.GstCtx.cx;
4245 pCurTSS16->dx = pVCpu->cpum.GstCtx.dx;
4246 pCurTSS16->bx = pVCpu->cpum.GstCtx.bx;
4247 pCurTSS16->sp = pVCpu->cpum.GstCtx.sp;
4248 pCurTSS16->bp = pVCpu->cpum.GstCtx.bp;
4249 pCurTSS16->si = pVCpu->cpum.GstCtx.si;
4250 pCurTSS16->di = pVCpu->cpum.GstCtx.di;
4251 pCurTSS16->es = pVCpu->cpum.GstCtx.es.Sel;
4252 pCurTSS16->cs = pVCpu->cpum.GstCtx.cs.Sel;
4253 pCurTSS16->ss = pVCpu->cpum.GstCtx.ss.Sel;
4254 pCurTSS16->ds = pVCpu->cpum.GstCtx.ds.Sel;
4255
4256 rcStrict = iemMemCommitAndUnmap(pVCpu, pvCurTSS16, IEM_ACCESS_SYS_RW);
4257 if (rcStrict != VINF_SUCCESS)
4258 {
4259 Log(("iemTaskSwitch: Failed to commit current 16-bit TSS. enmTaskSwitch=%u rc=%Rrc\n", enmTaskSwitch,
4260 VBOXSTRICTRC_VAL(rcStrict)));
4261 return rcStrict;
4262 }
4263 }
4264
4265 /*
4266 * Update the previous task link field for the new TSS, if the task switch is due to a CALL/INT_XCPT.
4267 */
4268 if ( enmTaskSwitch == IEMTASKSWITCH_CALL
4269 || enmTaskSwitch == IEMTASKSWITCH_INT_XCPT)
4270 {
4271 /* 16 or 32-bit TSS doesn't matter, we only access the first, common 16-bit field (selPrev) here. */
4272 PX86TSS32 pNewTSS = (PX86TSS32)pvNewTSS;
4273 pNewTSS->selPrev = pVCpu->cpum.GstCtx.tr.Sel;
4274 }
4275
4276 /*
4277 * Read the state from the new TSS into temporaries. Setting it immediately as the new CPU state is tricky,
4278 * it's done further below with error handling (e.g. CR3 changes will go through PGM).
4279 */
4280 uint32_t uNewCr3, uNewEip, uNewEflags, uNewEax, uNewEcx, uNewEdx, uNewEbx, uNewEsp, uNewEbp, uNewEsi, uNewEdi;
4281 uint16_t uNewES, uNewCS, uNewSS, uNewDS, uNewFS, uNewGS, uNewLdt;
4282 bool fNewDebugTrap;
4283 if (fIsNewTSS386)
4284 {
4285 PX86TSS32 pNewTSS32 = (PX86TSS32)pvNewTSS;
4286 uNewCr3 = (pVCpu->cpum.GstCtx.cr0 & X86_CR0_PG) ? pNewTSS32->cr3 : 0;
4287 uNewEip = pNewTSS32->eip;
4288 uNewEflags = pNewTSS32->eflags;
4289 uNewEax = pNewTSS32->eax;
4290 uNewEcx = pNewTSS32->ecx;
4291 uNewEdx = pNewTSS32->edx;
4292 uNewEbx = pNewTSS32->ebx;
4293 uNewEsp = pNewTSS32->esp;
4294 uNewEbp = pNewTSS32->ebp;
4295 uNewEsi = pNewTSS32->esi;
4296 uNewEdi = pNewTSS32->edi;
4297 uNewES = pNewTSS32->es;
4298 uNewCS = pNewTSS32->cs;
4299 uNewSS = pNewTSS32->ss;
4300 uNewDS = pNewTSS32->ds;
4301 uNewFS = pNewTSS32->fs;
4302 uNewGS = pNewTSS32->gs;
4303 uNewLdt = pNewTSS32->selLdt;
4304 fNewDebugTrap = RT_BOOL(pNewTSS32->fDebugTrap);
4305 }
4306 else
4307 {
4308 PX86TSS16 pNewTSS16 = (PX86TSS16)pvNewTSS;
4309 uNewCr3 = 0;
4310 uNewEip = pNewTSS16->ip;
4311 uNewEflags = pNewTSS16->flags;
4312 uNewEax = UINT32_C(0xffff0000) | pNewTSS16->ax;
4313 uNewEcx = UINT32_C(0xffff0000) | pNewTSS16->cx;
4314 uNewEdx = UINT32_C(0xffff0000) | pNewTSS16->dx;
4315 uNewEbx = UINT32_C(0xffff0000) | pNewTSS16->bx;
4316 uNewEsp = UINT32_C(0xffff0000) | pNewTSS16->sp;
4317 uNewEbp = UINT32_C(0xffff0000) | pNewTSS16->bp;
4318 uNewEsi = UINT32_C(0xffff0000) | pNewTSS16->si;
4319 uNewEdi = UINT32_C(0xffff0000) | pNewTSS16->di;
4320 uNewES = pNewTSS16->es;
4321 uNewCS = pNewTSS16->cs;
4322 uNewSS = pNewTSS16->ss;
4323 uNewDS = pNewTSS16->ds;
4324 uNewFS = 0;
4325 uNewGS = 0;
4326 uNewLdt = pNewTSS16->selLdt;
4327 fNewDebugTrap = false;
4328 }
4329
4330 if (GCPtrNewTSS == GCPtrCurTSS)
4331 Log(("uNewCr3=%#x uNewEip=%#x uNewEflags=%#x uNewEax=%#x uNewEsp=%#x uNewEbp=%#x uNewCS=%#04x uNewSS=%#04x uNewLdt=%#x\n",
4332 uNewCr3, uNewEip, uNewEflags, uNewEax, uNewEsp, uNewEbp, uNewCS, uNewSS, uNewLdt));
4333
4334 /*
4335 * We're done accessing the new TSS.
4336 */
4337 rcStrict = iemMemCommitAndUnmap(pVCpu, pvNewTSS, IEM_ACCESS_SYS_RW);
4338 if (rcStrict != VINF_SUCCESS)
4339 {
4340 Log(("iemTaskSwitch: Failed to commit new TSS. enmTaskSwitch=%u rc=%Rrc\n", enmTaskSwitch, VBOXSTRICTRC_VAL(rcStrict)));
4341 return rcStrict;
4342 }
4343
4344 /*
4345 * Set the busy bit in the new TSS descriptor, if the task switch is a JMP/CALL/INT_XCPT.
4346 */
4347 if (enmTaskSwitch != IEMTASKSWITCH_IRET)
4348 {
4349 rcStrict = iemMemMap(pVCpu, (void **)&pNewDescTSS, sizeof(*pNewDescTSS), UINT8_MAX,
4350 pVCpu->cpum.GstCtx.gdtr.pGdt + (SelTSS & X86_SEL_MASK), IEM_ACCESS_SYS_RW);
4351 if (rcStrict != VINF_SUCCESS)
4352 {
4353 Log(("iemTaskSwitch: Failed to read new TSS descriptor in GDT (2). enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
4354 enmTaskSwitch, pVCpu->cpum.GstCtx.gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
4355 return rcStrict;
4356 }
4357
4358 /* Check that the descriptor indicates the new TSS is available (not busy). */
4359 AssertMsg( pNewDescTSS->Legacy.Gate.u4Type == X86_SEL_TYPE_SYS_286_TSS_AVAIL
4360 || pNewDescTSS->Legacy.Gate.u4Type == X86_SEL_TYPE_SYS_386_TSS_AVAIL,
4361 ("Invalid TSS descriptor type=%#x", pNewDescTSS->Legacy.Gate.u4Type));
4362
4363 pNewDescTSS->Legacy.Gate.u4Type |= X86_SEL_TYPE_SYS_TSS_BUSY_MASK;
4364 rcStrict = iemMemCommitAndUnmap(pVCpu, pNewDescTSS, IEM_ACCESS_SYS_RW);
4365 if (rcStrict != VINF_SUCCESS)
4366 {
4367 Log(("iemTaskSwitch: Failed to commit new TSS descriptor in GDT (2). enmTaskSwitch=%u pGdt=%#RX64 rc=%Rrc\n",
4368 enmTaskSwitch, pVCpu->cpum.GstCtx.gdtr.pGdt, VBOXSTRICTRC_VAL(rcStrict)));
4369 return rcStrict;
4370 }
4371 }
4372
4373 /*
4374 * From this point on, we're technically in the new task. We will defer exceptions
4375 * until the completion of the task switch but before executing any instructions in the new task.
4376 */
4377 pVCpu->cpum.GstCtx.tr.Sel = SelTSS;
4378 pVCpu->cpum.GstCtx.tr.ValidSel = SelTSS;
4379 pVCpu->cpum.GstCtx.tr.fFlags = CPUMSELREG_FLAGS_VALID;
4380 pVCpu->cpum.GstCtx.tr.Attr.u = X86DESC_GET_HID_ATTR(&pNewDescTSS->Legacy);
4381 pVCpu->cpum.GstCtx.tr.u32Limit = X86DESC_LIMIT_G(&pNewDescTSS->Legacy);
4382 pVCpu->cpum.GstCtx.tr.u64Base = X86DESC_BASE(&pNewDescTSS->Legacy);
4383 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_TR);
4384
4385 /* Set the busy bit in TR. */
4386 pVCpu->cpum.GstCtx.tr.Attr.n.u4Type |= X86_SEL_TYPE_SYS_TSS_BUSY_MASK;
4387 /* Set EFLAGS.NT (Nested Task) in the eflags loaded from the new TSS, if it's a task switch due to a CALL/INT_XCPT. */
4388 if ( enmTaskSwitch == IEMTASKSWITCH_CALL
4389 || enmTaskSwitch == IEMTASKSWITCH_INT_XCPT)
4390 {
4391 uNewEflags |= X86_EFL_NT;
4392 }
4393
4394 pVCpu->cpum.GstCtx.dr[7] &= ~X86_DR7_LE_ALL; /** @todo Should we clear DR7.LE bit too? */
4395 pVCpu->cpum.GstCtx.cr0 |= X86_CR0_TS;
4396 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_CR0);
4397
4398 pVCpu->cpum.GstCtx.eip = uNewEip;
4399 pVCpu->cpum.GstCtx.eax = uNewEax;
4400 pVCpu->cpum.GstCtx.ecx = uNewEcx;
4401 pVCpu->cpum.GstCtx.edx = uNewEdx;
4402 pVCpu->cpum.GstCtx.ebx = uNewEbx;
4403 pVCpu->cpum.GstCtx.esp = uNewEsp;
4404 pVCpu->cpum.GstCtx.ebp = uNewEbp;
4405 pVCpu->cpum.GstCtx.esi = uNewEsi;
4406 pVCpu->cpum.GstCtx.edi = uNewEdi;
4407
4408 uNewEflags &= X86_EFL_LIVE_MASK;
4409 uNewEflags |= X86_EFL_RA1_MASK;
4410 IEMMISC_SET_EFL(pVCpu, uNewEflags);
4411
4412 /*
4413 * Switch the selectors here and do the segment checks later. If we throw exceptions, the selectors
4414 * will be valid in the exception handler. We cannot update the hidden parts until we've switched CR3
4415 * due to the hidden part data originating from the guest LDT/GDT which is accessed through paging.
4416 */
4417 pVCpu->cpum.GstCtx.es.Sel = uNewES;
4418 pVCpu->cpum.GstCtx.es.Attr.u &= ~X86DESCATTR_P;
4419
4420 pVCpu->cpum.GstCtx.cs.Sel = uNewCS;
4421 pVCpu->cpum.GstCtx.cs.Attr.u &= ~X86DESCATTR_P;
4422
4423 pVCpu->cpum.GstCtx.ss.Sel = uNewSS;
4424 pVCpu->cpum.GstCtx.ss.Attr.u &= ~X86DESCATTR_P;
4425
4426 pVCpu->cpum.GstCtx.ds.Sel = uNewDS;
4427 pVCpu->cpum.GstCtx.ds.Attr.u &= ~X86DESCATTR_P;
4428
4429 pVCpu->cpum.GstCtx.fs.Sel = uNewFS;
4430 pVCpu->cpum.GstCtx.fs.Attr.u &= ~X86DESCATTR_P;
4431
4432 pVCpu->cpum.GstCtx.gs.Sel = uNewGS;
4433 pVCpu->cpum.GstCtx.gs.Attr.u &= ~X86DESCATTR_P;
4434 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_HIDDEN_SEL_REGS);
4435
4436 pVCpu->cpum.GstCtx.ldtr.Sel = uNewLdt;
4437 pVCpu->cpum.GstCtx.ldtr.fFlags = CPUMSELREG_FLAGS_STALE;
4438 pVCpu->cpum.GstCtx.ldtr.Attr.u &= ~X86DESCATTR_P;
4439 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_LDTR);
4440
4441 if (IEM_IS_GUEST_CPU_INTEL(pVCpu))
4442 {
4443 pVCpu->cpum.GstCtx.es.Attr.u |= X86DESCATTR_UNUSABLE;
4444 pVCpu->cpum.GstCtx.cs.Attr.u |= X86DESCATTR_UNUSABLE;
4445 pVCpu->cpum.GstCtx.ss.Attr.u |= X86DESCATTR_UNUSABLE;
4446 pVCpu->cpum.GstCtx.ds.Attr.u |= X86DESCATTR_UNUSABLE;
4447 pVCpu->cpum.GstCtx.fs.Attr.u |= X86DESCATTR_UNUSABLE;
4448 pVCpu->cpum.GstCtx.gs.Attr.u |= X86DESCATTR_UNUSABLE;
4449 pVCpu->cpum.GstCtx.ldtr.Attr.u |= X86DESCATTR_UNUSABLE;
4450 }
4451
4452 /*
4453 * Switch CR3 for the new task.
4454 */
4455 if ( fIsNewTSS386
4456 && (pVCpu->cpum.GstCtx.cr0 & X86_CR0_PG))
4457 {
4458 /** @todo Should we update and flush TLBs only if CR3 value actually changes? */
4459 int rc = CPUMSetGuestCR3(pVCpu, uNewCr3);
4460 AssertRCSuccessReturn(rc, rc);
4461
4462 /* Inform PGM. */
4463 rc = PGMFlushTLB(pVCpu, pVCpu->cpum.GstCtx.cr3, !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PGE));
4464 AssertRCReturn(rc, rc);
4465 /* ignore informational status codes */
4466
4467 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_CR3);
4468 }
4469
4470 /*
4471 * Switch LDTR for the new task.
4472 */
4473 if (!(uNewLdt & X86_SEL_MASK_OFF_RPL))
4474 iemHlpLoadNullDataSelectorProt(pVCpu, &pVCpu->cpum.GstCtx.ldtr, uNewLdt);
4475 else
4476 {
4477 Assert(!pVCpu->cpum.GstCtx.ldtr.Attr.n.u1Present); /* Ensures that LDT.TI check passes in iemMemFetchSelDesc() below. */
4478
4479 IEMSELDESC DescNewLdt;
4480 rcStrict = iemMemFetchSelDesc(pVCpu, &DescNewLdt, uNewLdt, X86_XCPT_TS);
4481 if (rcStrict != VINF_SUCCESS)
4482 {
4483 Log(("iemTaskSwitch: fetching LDT failed. enmTaskSwitch=%u uNewLdt=%u cbGdt=%u rc=%Rrc\n", enmTaskSwitch,
4484 uNewLdt, pVCpu->cpum.GstCtx.gdtr.cbGdt, VBOXSTRICTRC_VAL(rcStrict)));
4485 return rcStrict;
4486 }
4487 if ( !DescNewLdt.Legacy.Gen.u1Present
4488 || DescNewLdt.Legacy.Gen.u1DescType
4489 || DescNewLdt.Legacy.Gen.u4Type != X86_SEL_TYPE_SYS_LDT)
4490 {
4491 Log(("iemTaskSwitch: Invalid LDT. enmTaskSwitch=%u uNewLdt=%u DescNewLdt.Legacy.u=%#RX64 -> #TS\n", enmTaskSwitch,
4492 uNewLdt, DescNewLdt.Legacy.u));
4493 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewLdt & X86_SEL_MASK_OFF_RPL);
4494 }
4495
4496 pVCpu->cpum.GstCtx.ldtr.ValidSel = uNewLdt;
4497 pVCpu->cpum.GstCtx.ldtr.fFlags = CPUMSELREG_FLAGS_VALID;
4498 pVCpu->cpum.GstCtx.ldtr.u64Base = X86DESC_BASE(&DescNewLdt.Legacy);
4499 pVCpu->cpum.GstCtx.ldtr.u32Limit = X86DESC_LIMIT_G(&DescNewLdt.Legacy);
4500 pVCpu->cpum.GstCtx.ldtr.Attr.u = X86DESC_GET_HID_ATTR(&DescNewLdt.Legacy);
4501 if (IEM_IS_GUEST_CPU_INTEL(pVCpu))
4502 pVCpu->cpum.GstCtx.ldtr.Attr.u &= ~X86DESCATTR_UNUSABLE;
4503 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ldtr));
4504 }
4505
4506 IEMSELDESC DescSS;
4507 if (IEM_IS_V86_MODE(pVCpu))
4508 {
4509 pVCpu->iem.s.uCpl = 3;
4510 iemHlpLoadSelectorInV86Mode(&pVCpu->cpum.GstCtx.es, uNewES);
4511 iemHlpLoadSelectorInV86Mode(&pVCpu->cpum.GstCtx.cs, uNewCS);
4512 iemHlpLoadSelectorInV86Mode(&pVCpu->cpum.GstCtx.ss, uNewSS);
4513 iemHlpLoadSelectorInV86Mode(&pVCpu->cpum.GstCtx.ds, uNewDS);
4514 iemHlpLoadSelectorInV86Mode(&pVCpu->cpum.GstCtx.fs, uNewFS);
4515 iemHlpLoadSelectorInV86Mode(&pVCpu->cpum.GstCtx.gs, uNewGS);
4516
4517 /* quick fix: fake DescSS. */ /** @todo fix the code further down? */
4518 DescSS.Legacy.u = 0;
4519 DescSS.Legacy.Gen.u16LimitLow = (uint16_t)pVCpu->cpum.GstCtx.ss.u32Limit;
4520 DescSS.Legacy.Gen.u4LimitHigh = pVCpu->cpum.GstCtx.ss.u32Limit >> 16;
4521 DescSS.Legacy.Gen.u16BaseLow = (uint16_t)pVCpu->cpum.GstCtx.ss.u64Base;
4522 DescSS.Legacy.Gen.u8BaseHigh1 = (uint8_t)(pVCpu->cpum.GstCtx.ss.u64Base >> 16);
4523 DescSS.Legacy.Gen.u8BaseHigh2 = (uint8_t)(pVCpu->cpum.GstCtx.ss.u64Base >> 24);
4524 DescSS.Legacy.Gen.u4Type = X86_SEL_TYPE_RW_ACC;
4525 DescSS.Legacy.Gen.u2Dpl = 3;
4526 }
4527 else
4528 {
4529 uint8_t uNewCpl = (uNewCS & X86_SEL_RPL);
4530
4531 /*
4532 * Load the stack segment for the new task.
4533 */
4534 if (!(uNewSS & X86_SEL_MASK_OFF_RPL))
4535 {
4536 Log(("iemTaskSwitch: Null stack segment. enmTaskSwitch=%u uNewSS=%#x -> #TS\n", enmTaskSwitch, uNewSS));
4537 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
4538 }
4539
4540 /* Fetch the descriptor. */
4541 rcStrict = iemMemFetchSelDesc(pVCpu, &DescSS, uNewSS, X86_XCPT_TS);
4542 if (rcStrict != VINF_SUCCESS)
4543 {
4544 Log(("iemTaskSwitch: failed to fetch SS. uNewSS=%#x rc=%Rrc\n", uNewSS,
4545 VBOXSTRICTRC_VAL(rcStrict)));
4546 return rcStrict;
4547 }
4548
4549 /* SS must be a data segment and writable. */
4550 if ( !DescSS.Legacy.Gen.u1DescType
4551 || (DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE)
4552 || !(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_WRITE))
4553 {
4554 Log(("iemTaskSwitch: SS invalid descriptor type. uNewSS=%#x u1DescType=%u u4Type=%#x\n",
4555 uNewSS, DescSS.Legacy.Gen.u1DescType, DescSS.Legacy.Gen.u4Type));
4556 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
4557 }
4558
4559 /* The SS.RPL, SS.DPL, CS.RPL (CPL) must be equal. */
4560 if ( (uNewSS & X86_SEL_RPL) != uNewCpl
4561 || DescSS.Legacy.Gen.u2Dpl != uNewCpl)
4562 {
4563 Log(("iemTaskSwitch: Invalid priv. for SS. uNewSS=%#x SS.DPL=%u uNewCpl=%u -> #TS\n", uNewSS, DescSS.Legacy.Gen.u2Dpl,
4564 uNewCpl));
4565 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
4566 }
4567
4568 /* Is it there? */
4569 if (!DescSS.Legacy.Gen.u1Present)
4570 {
4571 Log(("iemTaskSwitch: SS not present. uNewSS=%#x -> #NP\n", uNewSS));
4572 return iemRaiseSelectorNotPresentWithErr(pVCpu, uNewSS & X86_SEL_MASK_OFF_RPL);
4573 }
4574
4575 uint32_t cbLimit = X86DESC_LIMIT_G(&DescSS.Legacy);
4576 uint64_t u64Base = X86DESC_BASE(&DescSS.Legacy);
4577
4578 /* Set the accessed bit before committing the result into SS. */
4579 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
4580 {
4581 rcStrict = iemMemMarkSelDescAccessed(pVCpu, uNewSS);
4582 if (rcStrict != VINF_SUCCESS)
4583 return rcStrict;
4584 DescSS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
4585 }
4586
4587 /* Commit SS. */
4588 pVCpu->cpum.GstCtx.ss.Sel = uNewSS;
4589 pVCpu->cpum.GstCtx.ss.ValidSel = uNewSS;
4590 pVCpu->cpum.GstCtx.ss.Attr.u = X86DESC_GET_HID_ATTR(&DescSS.Legacy);
4591 pVCpu->cpum.GstCtx.ss.u32Limit = cbLimit;
4592 pVCpu->cpum.GstCtx.ss.u64Base = u64Base;
4593 pVCpu->cpum.GstCtx.ss.fFlags = CPUMSELREG_FLAGS_VALID;
4594 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
4595
4596 /* CPL has changed, update IEM before loading rest of segments. */
4597 pVCpu->iem.s.uCpl = uNewCpl;
4598
4599 /*
4600 * Load the data segments for the new task.
4601 */
4602 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pVCpu, &pVCpu->cpum.GstCtx.es, uNewES);
4603 if (rcStrict != VINF_SUCCESS)
4604 return rcStrict;
4605 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pVCpu, &pVCpu->cpum.GstCtx.ds, uNewDS);
4606 if (rcStrict != VINF_SUCCESS)
4607 return rcStrict;
4608 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pVCpu, &pVCpu->cpum.GstCtx.fs, uNewFS);
4609 if (rcStrict != VINF_SUCCESS)
4610 return rcStrict;
4611 rcStrict = iemHlpTaskSwitchLoadDataSelectorInProtMode(pVCpu, &pVCpu->cpum.GstCtx.gs, uNewGS);
4612 if (rcStrict != VINF_SUCCESS)
4613 return rcStrict;
4614
4615 /*
4616 * Load the code segment for the new task.
4617 */
4618 if (!(uNewCS & X86_SEL_MASK_OFF_RPL))
4619 {
4620 Log(("iemTaskSwitch #TS: Null code segment. enmTaskSwitch=%u uNewCS=%#x\n", enmTaskSwitch, uNewCS));
4621 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
4622 }
4623
4624 /* Fetch the descriptor. */
4625 IEMSELDESC DescCS;
4626 rcStrict = iemMemFetchSelDesc(pVCpu, &DescCS, uNewCS, X86_XCPT_TS);
4627 if (rcStrict != VINF_SUCCESS)
4628 {
4629 Log(("iemTaskSwitch: failed to fetch CS. uNewCS=%u rc=%Rrc\n", uNewCS, VBOXSTRICTRC_VAL(rcStrict)));
4630 return rcStrict;
4631 }
4632
4633 /* CS must be a code segment. */
4634 if ( !DescCS.Legacy.Gen.u1DescType
4635 || !(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE))
4636 {
4637 Log(("iemTaskSwitch: CS invalid descriptor type. uNewCS=%#x u1DescType=%u u4Type=%#x -> #TS\n", uNewCS,
4638 DescCS.Legacy.Gen.u1DescType, DescCS.Legacy.Gen.u4Type));
4639 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
4640 }
4641
4642 /* For conforming CS, DPL must be less than or equal to the RPL. */
4643 if ( (DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF)
4644 && DescCS.Legacy.Gen.u2Dpl > (uNewCS & X86_SEL_RPL))
4645 {
4646 Log(("iemTaskSwitch: confirming CS DPL > RPL. uNewCS=%#x u4Type=%#x DPL=%u -> #TS\n", uNewCS, DescCS.Legacy.Gen.u4Type,
4647 DescCS.Legacy.Gen.u2Dpl));
4648 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
4649 }
4650
4651 /* For non-conforming CS, DPL must match RPL. */
4652 if ( !(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF)
4653 && DescCS.Legacy.Gen.u2Dpl != (uNewCS & X86_SEL_RPL))
4654 {
4655 Log(("iemTaskSwitch: non-confirming CS DPL RPL mismatch. uNewCS=%#x u4Type=%#x DPL=%u -> #TS\n", uNewCS,
4656 DescCS.Legacy.Gen.u4Type, DescCS.Legacy.Gen.u2Dpl));
4657 return iemRaiseTaskSwitchFaultWithErr(pVCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
4658 }
4659
4660 /* Is it there? */
4661 if (!DescCS.Legacy.Gen.u1Present)
4662 {
4663 Log(("iemTaskSwitch: CS not present. uNewCS=%#x -> #NP\n", uNewCS));
4664 return iemRaiseSelectorNotPresentWithErr(pVCpu, uNewCS & X86_SEL_MASK_OFF_RPL);
4665 }
4666
4667 cbLimit = X86DESC_LIMIT_G(&DescCS.Legacy);
4668 u64Base = X86DESC_BASE(&DescCS.Legacy);
4669
4670 /* Set the accessed bit before committing the result into CS. */
4671 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
4672 {
4673 rcStrict = iemMemMarkSelDescAccessed(pVCpu, uNewCS);
4674 if (rcStrict != VINF_SUCCESS)
4675 return rcStrict;
4676 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
4677 }
4678
4679 /* Commit CS. */
4680 pVCpu->cpum.GstCtx.cs.Sel = uNewCS;
4681 pVCpu->cpum.GstCtx.cs.ValidSel = uNewCS;
4682 pVCpu->cpum.GstCtx.cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
4683 pVCpu->cpum.GstCtx.cs.u32Limit = cbLimit;
4684 pVCpu->cpum.GstCtx.cs.u64Base = u64Base;
4685 pVCpu->cpum.GstCtx.cs.fFlags = CPUMSELREG_FLAGS_VALID;
4686 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
4687 }
4688
4689 /** @todo Debug trap. */
4690 if (fIsNewTSS386 && fNewDebugTrap)
4691 Log(("iemTaskSwitch: Debug Trap set in new TSS. Not implemented!\n"));
4692
4693 /*
4694 * Construct the error code masks based on what caused this task switch.
4695 * See Intel Instruction reference for INT.
4696 */
4697 uint16_t uExt;
4698 if ( enmTaskSwitch == IEMTASKSWITCH_INT_XCPT
4699 && !(fFlags & IEM_XCPT_FLAGS_T_SOFT_INT))
4700 {
4701 uExt = 1;
4702 }
4703 else
4704 uExt = 0;
4705
4706 /*
4707 * Push any error code on to the new stack.
4708 */
4709 if (fFlags & IEM_XCPT_FLAGS_ERR)
4710 {
4711 Assert(enmTaskSwitch == IEMTASKSWITCH_INT_XCPT);
4712 uint32_t cbLimitSS = X86DESC_LIMIT_G(&DescSS.Legacy);
4713 uint8_t const cbStackFrame = fIsNewTSS386 ? 4 : 2;
4714
4715 /* Check that there is sufficient space on the stack. */
4716 /** @todo Factor out segment limit checking for normal/expand down segments
4717 * into a separate function. */
4718 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_DOWN))
4719 {
4720 if ( pVCpu->cpum.GstCtx.esp - 1 > cbLimitSS
4721 || pVCpu->cpum.GstCtx.esp < cbStackFrame)
4722 {
4723 /** @todo Intel says \#SS(EXT) for INT/XCPT, I couldn't figure out AMD yet. */
4724 Log(("iemTaskSwitch: SS=%#x ESP=%#x cbStackFrame=%#x is out of bounds -> #SS\n",
4725 pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.esp, cbStackFrame));
4726 return iemRaiseStackSelectorNotPresentWithErr(pVCpu, uExt);
4727 }
4728 }
4729 else
4730 {
4731 if ( pVCpu->cpum.GstCtx.esp - 1 > (DescSS.Legacy.Gen.u1DefBig ? UINT32_MAX : UINT32_C(0xffff))
4732 || pVCpu->cpum.GstCtx.esp - cbStackFrame < cbLimitSS + UINT32_C(1))
4733 {
4734 Log(("iemTaskSwitch: SS=%#x ESP=%#x cbStackFrame=%#x (expand down) is out of bounds -> #SS\n",
4735 pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.esp, cbStackFrame));
4736 return iemRaiseStackSelectorNotPresentWithErr(pVCpu, uExt);
4737 }
4738 }
4739
4740
4741 if (fIsNewTSS386)
4742 rcStrict = iemMemStackPushU32(pVCpu, uErr);
4743 else
4744 rcStrict = iemMemStackPushU16(pVCpu, uErr);
4745 if (rcStrict != VINF_SUCCESS)
4746 {
4747 Log(("iemTaskSwitch: Can't push error code to new task's stack. %s-bit TSS. rc=%Rrc\n",
4748 fIsNewTSS386 ? "32" : "16", VBOXSTRICTRC_VAL(rcStrict)));
4749 return rcStrict;
4750 }
4751 }
4752
4753 /* Check the new EIP against the new CS limit. */
4754 if (pVCpu->cpum.GstCtx.eip > pVCpu->cpum.GstCtx.cs.u32Limit)
4755 {
4756 Log(("iemHlpTaskSwitchLoadDataSelectorInProtMode: New EIP exceeds CS limit. uNewEIP=%#RX32 CS limit=%u -> #GP(0)\n",
4757 pVCpu->cpum.GstCtx.eip, pVCpu->cpum.GstCtx.cs.u32Limit));
4758 /** @todo Intel says \#GP(EXT) for INT/XCPT, I couldn't figure out AMD yet. */
4759 return iemRaiseGeneralProtectionFault(pVCpu, uExt);
4760 }
4761
4762 Log(("iemTaskSwitch: Success! New CS:EIP=%#04x:%#x SS=%#04x\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip,
4763 pVCpu->cpum.GstCtx.ss.Sel));
4764 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
4765}
4766
4767
4768/**
4769 * Implements exceptions and interrupts for protected mode.
4770 *
4771 * @returns VBox strict status code.
4772 * @param pVCpu The cross context virtual CPU structure of the calling thread.
4773 * @param cbInstr The number of bytes to offset rIP by in the return
4774 * address.
4775 * @param u8Vector The interrupt / exception vector number.
4776 * @param fFlags The flags.
4777 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
4778 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
4779 */
4780IEM_STATIC VBOXSTRICTRC
4781iemRaiseXcptOrIntInProtMode(PVMCPU pVCpu,
4782 uint8_t cbInstr,
4783 uint8_t u8Vector,
4784 uint32_t fFlags,
4785 uint16_t uErr,
4786 uint64_t uCr2)
4787{
4788 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
4789
4790 /*
4791 * Read the IDT entry.
4792 */
4793 if (pVCpu->cpum.GstCtx.idtr.cbIdt < UINT32_C(8) * u8Vector + 7)
4794 {
4795 Log(("RaiseXcptOrIntInProtMode: %#x is out of bounds (%#x)\n", u8Vector, pVCpu->cpum.GstCtx.idtr.cbIdt));
4796 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
4797 }
4798 X86DESC Idte;
4799 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pVCpu, &Idte.u, UINT8_MAX,
4800 pVCpu->cpum.GstCtx.idtr.pIdt + UINT32_C(8) * u8Vector);
4801 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
4802 {
4803 Log(("iemRaiseXcptOrIntInProtMode: failed to fetch IDT entry! vec=%#x rc=%Rrc\n", u8Vector, VBOXSTRICTRC_VAL(rcStrict)));
4804 return rcStrict;
4805 }
4806 Log(("iemRaiseXcptOrIntInProtMode: vec=%#x P=%u DPL=%u DT=%u:%u A=%u %04x:%04x%04x\n",
4807 u8Vector, Idte.Gate.u1Present, Idte.Gate.u2Dpl, Idte.Gate.u1DescType, Idte.Gate.u4Type,
4808 Idte.Gate.u5ParmCount, Idte.Gate.u16Sel, Idte.Gate.u16OffsetHigh, Idte.Gate.u16OffsetLow));
4809
4810 /*
4811 * Check the descriptor type, DPL and such.
4812 * ASSUMES this is done in the same order as described for call-gate calls.
4813 */
4814 if (Idte.Gate.u1DescType)
4815 {
4816 Log(("RaiseXcptOrIntInProtMode %#x - not system selector (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
4817 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
4818 }
4819 bool fTaskGate = false;
4820 uint8_t f32BitGate = true;
4821 uint32_t fEflToClear = X86_EFL_TF | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM;
4822 switch (Idte.Gate.u4Type)
4823 {
4824 case X86_SEL_TYPE_SYS_UNDEFINED:
4825 case X86_SEL_TYPE_SYS_286_TSS_AVAIL:
4826 case X86_SEL_TYPE_SYS_LDT:
4827 case X86_SEL_TYPE_SYS_286_TSS_BUSY:
4828 case X86_SEL_TYPE_SYS_286_CALL_GATE:
4829 case X86_SEL_TYPE_SYS_UNDEFINED2:
4830 case X86_SEL_TYPE_SYS_386_TSS_AVAIL:
4831 case X86_SEL_TYPE_SYS_UNDEFINED3:
4832 case X86_SEL_TYPE_SYS_386_TSS_BUSY:
4833 case X86_SEL_TYPE_SYS_386_CALL_GATE:
4834 case X86_SEL_TYPE_SYS_UNDEFINED4:
4835 {
4836 /** @todo check what actually happens when the type is wrong...
4837 * esp. call gates. */
4838 Log(("RaiseXcptOrIntInProtMode %#x - invalid type (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
4839 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
4840 }
4841
4842 case X86_SEL_TYPE_SYS_286_INT_GATE:
4843 f32BitGate = false;
4844 RT_FALL_THRU();
4845 case X86_SEL_TYPE_SYS_386_INT_GATE:
4846 fEflToClear |= X86_EFL_IF;
4847 break;
4848
4849 case X86_SEL_TYPE_SYS_TASK_GATE:
4850 fTaskGate = true;
4851#ifndef IEM_IMPLEMENTS_TASKSWITCH
4852 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Task gates\n"));
4853#endif
4854 break;
4855
4856 case X86_SEL_TYPE_SYS_286_TRAP_GATE:
4857 f32BitGate = false;
4858 case X86_SEL_TYPE_SYS_386_TRAP_GATE:
4859 break;
4860
4861 IEM_NOT_REACHED_DEFAULT_CASE_RET();
4862 }
4863
4864 /* Check DPL against CPL if applicable. */
4865 if (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
4866 {
4867 if (pVCpu->iem.s.uCpl > Idte.Gate.u2Dpl)
4868 {
4869 Log(("RaiseXcptOrIntInProtMode %#x - CPL (%d) > DPL (%d) -> #GP\n", u8Vector, pVCpu->iem.s.uCpl, Idte.Gate.u2Dpl));
4870 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
4871 }
4872 }
4873
4874 /* Is it there? */
4875 if (!Idte.Gate.u1Present)
4876 {
4877 Log(("RaiseXcptOrIntInProtMode %#x - not present -> #NP\n", u8Vector));
4878 return iemRaiseSelectorNotPresentWithErr(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
4879 }
4880
4881 /* Is it a task-gate? */
4882 if (fTaskGate)
4883 {
4884 /*
4885 * Construct the error code masks based on what caused this task switch.
4886 * See Intel Instruction reference for INT.
4887 */
4888 uint16_t const uExt = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? 0 : 1;
4889 uint16_t const uSelMask = X86_SEL_MASK_OFF_RPL;
4890 RTSEL SelTSS = Idte.Gate.u16Sel;
4891
4892 /*
4893 * Fetch the TSS descriptor in the GDT.
4894 */
4895 IEMSELDESC DescTSS;
4896 rcStrict = iemMemFetchSelDescWithErr(pVCpu, &DescTSS, SelTSS, X86_XCPT_GP, (SelTSS & uSelMask) | uExt);
4897 if (rcStrict != VINF_SUCCESS)
4898 {
4899 Log(("RaiseXcptOrIntInProtMode %#x - failed to fetch TSS selector %#x, rc=%Rrc\n", u8Vector, SelTSS,
4900 VBOXSTRICTRC_VAL(rcStrict)));
4901 return rcStrict;
4902 }
4903
4904 /* The TSS descriptor must be a system segment and be available (not busy). */
4905 if ( DescTSS.Legacy.Gen.u1DescType
4906 || ( DescTSS.Legacy.Gen.u4Type != X86_SEL_TYPE_SYS_286_TSS_AVAIL
4907 && DescTSS.Legacy.Gen.u4Type != X86_SEL_TYPE_SYS_386_TSS_AVAIL))
4908 {
4909 Log(("RaiseXcptOrIntInProtMode %#x - TSS selector %#x of task gate not a system descriptor or not available %#RX64\n",
4910 u8Vector, SelTSS, DescTSS.Legacy.au64));
4911 return iemRaiseGeneralProtectionFault(pVCpu, (SelTSS & uSelMask) | uExt);
4912 }
4913
4914 /* The TSS must be present. */
4915 if (!DescTSS.Legacy.Gen.u1Present)
4916 {
4917 Log(("RaiseXcptOrIntInProtMode %#x - TSS selector %#x not present %#RX64\n", u8Vector, SelTSS, DescTSS.Legacy.au64));
4918 return iemRaiseSelectorNotPresentWithErr(pVCpu, (SelTSS & uSelMask) | uExt);
4919 }
4920
4921 /* Do the actual task switch. */
4922 return iemTaskSwitch(pVCpu, IEMTASKSWITCH_INT_XCPT,
4923 (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pVCpu->cpum.GstCtx.eip + cbInstr : pVCpu->cpum.GstCtx.eip,
4924 fFlags, uErr, uCr2, SelTSS, &DescTSS);
4925 }
4926
4927 /* A null CS is bad. */
4928 RTSEL NewCS = Idte.Gate.u16Sel;
4929 if (!(NewCS & X86_SEL_MASK_OFF_RPL))
4930 {
4931 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x -> #GP\n", u8Vector, NewCS));
4932 return iemRaiseGeneralProtectionFault0(pVCpu);
4933 }
4934
4935 /* Fetch the descriptor for the new CS. */
4936 IEMSELDESC DescCS;
4937 rcStrict = iemMemFetchSelDesc(pVCpu, &DescCS, NewCS, X86_XCPT_GP); /** @todo correct exception? */
4938 if (rcStrict != VINF_SUCCESS)
4939 {
4940 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - rc=%Rrc\n", u8Vector, NewCS, VBOXSTRICTRC_VAL(rcStrict)));
4941 return rcStrict;
4942 }
4943
4944 /* Must be a code segment. */
4945 if (!DescCS.Legacy.Gen.u1DescType)
4946 {
4947 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - system selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
4948 return iemRaiseGeneralProtectionFault(pVCpu, NewCS & X86_SEL_MASK_OFF_RPL);
4949 }
4950 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE))
4951 {
4952 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - data selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
4953 return iemRaiseGeneralProtectionFault(pVCpu, NewCS & X86_SEL_MASK_OFF_RPL);
4954 }
4955
4956 /* Don't allow lowering the privilege level. */
4957 /** @todo Does the lowering of privileges apply to software interrupts
4958 * only? This has bearings on the more-privileged or
4959 * same-privilege stack behavior further down. A testcase would
4960 * be nice. */
4961 if (DescCS.Legacy.Gen.u2Dpl > pVCpu->iem.s.uCpl)
4962 {
4963 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - DPL (%d) > CPL (%d) -> #GP\n",
4964 u8Vector, NewCS, DescCS.Legacy.Gen.u2Dpl, pVCpu->iem.s.uCpl));
4965 return iemRaiseGeneralProtectionFault(pVCpu, NewCS & X86_SEL_MASK_OFF_RPL);
4966 }
4967
4968 /* Make sure the selector is present. */
4969 if (!DescCS.Legacy.Gen.u1Present)
4970 {
4971 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - segment not present -> #NP\n", u8Vector, NewCS));
4972 return iemRaiseSelectorNotPresentBySelector(pVCpu, NewCS);
4973 }
4974
4975 /* Check the new EIP against the new CS limit. */
4976 uint32_t const uNewEip = Idte.Gate.u4Type == X86_SEL_TYPE_SYS_286_INT_GATE
4977 || Idte.Gate.u4Type == X86_SEL_TYPE_SYS_286_TRAP_GATE
4978 ? Idte.Gate.u16OffsetLow
4979 : Idte.Gate.u16OffsetLow | ((uint32_t)Idte.Gate.u16OffsetHigh << 16);
4980 uint32_t cbLimitCS = X86DESC_LIMIT_G(&DescCS.Legacy);
4981 if (uNewEip > cbLimitCS)
4982 {
4983 Log(("RaiseXcptOrIntInProtMode %#x - EIP=%#x > cbLimitCS=%#x (CS=%#x) -> #GP(0)\n",
4984 u8Vector, uNewEip, cbLimitCS, NewCS));
4985 return iemRaiseGeneralProtectionFault(pVCpu, 0);
4986 }
4987 Log7(("iemRaiseXcptOrIntInProtMode: new EIP=%#x CS=%#x\n", uNewEip, NewCS));
4988
4989 /* Calc the flag image to push. */
4990 uint32_t fEfl = IEMMISC_GET_EFL(pVCpu);
4991 if (fFlags & (IEM_XCPT_FLAGS_DRx_INSTR_BP | IEM_XCPT_FLAGS_T_SOFT_INT))
4992 fEfl &= ~X86_EFL_RF;
4993 else
4994 fEfl |= X86_EFL_RF; /* Vagueness is all I've found on this so far... */ /** @todo Automatically pushing EFLAGS.RF. */
4995
4996 /* From V8086 mode only go to CPL 0. */
4997 uint8_t const uNewCpl = DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF
4998 ? pVCpu->iem.s.uCpl : DescCS.Legacy.Gen.u2Dpl;
4999 if ((fEfl & X86_EFL_VM) && uNewCpl != 0) /** @todo When exactly is this raised? */
5000 {
5001 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - New CPL (%d) != 0 w/ VM=1 -> #GP\n", u8Vector, NewCS, uNewCpl));
5002 return iemRaiseGeneralProtectionFault(pVCpu, 0);
5003 }
5004
5005 /*
5006 * If the privilege level changes, we need to get a new stack from the TSS.
5007 * This in turns means validating the new SS and ESP...
5008 */
5009 if (uNewCpl != pVCpu->iem.s.uCpl)
5010 {
5011 RTSEL NewSS;
5012 uint32_t uNewEsp;
5013 rcStrict = iemRaiseLoadStackFromTss32Or16(pVCpu, uNewCpl, &NewSS, &uNewEsp);
5014 if (rcStrict != VINF_SUCCESS)
5015 return rcStrict;
5016
5017 IEMSELDESC DescSS;
5018 rcStrict = iemMiscValidateNewSS(pVCpu, NewSS, uNewCpl, &DescSS);
5019 if (rcStrict != VINF_SUCCESS)
5020 return rcStrict;
5021 /* If the new SS is 16-bit, we are only going to use SP, not ESP. */
5022 if (!DescSS.Legacy.Gen.u1DefBig)
5023 {
5024 Log(("iemRaiseXcptOrIntInProtMode: Forcing ESP=%#x to 16 bits\n", uNewEsp));
5025 uNewEsp = (uint16_t)uNewEsp;
5026 }
5027
5028 Log7(("iemRaiseXcptOrIntInProtMode: New SS=%#x ESP=%#x (from TSS); current SS=%#x ESP=%#x\n", NewSS, uNewEsp, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.esp));
5029
5030 /* Check that there is sufficient space for the stack frame. */
5031 uint32_t cbLimitSS = X86DESC_LIMIT_G(&DescSS.Legacy);
5032 uint8_t const cbStackFrame = !(fEfl & X86_EFL_VM)
5033 ? (fFlags & IEM_XCPT_FLAGS_ERR ? 12 : 10) << f32BitGate
5034 : (fFlags & IEM_XCPT_FLAGS_ERR ? 20 : 18) << f32BitGate;
5035
5036 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_DOWN))
5037 {
5038 if ( uNewEsp - 1 > cbLimitSS
5039 || uNewEsp < cbStackFrame)
5040 {
5041 Log(("RaiseXcptOrIntInProtMode: %#x - SS=%#x ESP=%#x cbStackFrame=%#x is out of bounds -> #GP\n",
5042 u8Vector, NewSS, uNewEsp, cbStackFrame));
5043 return iemRaiseSelectorBoundsBySelector(pVCpu, NewSS);
5044 }
5045 }
5046 else
5047 {
5048 if ( uNewEsp - 1 > (DescSS.Legacy.Gen.u1DefBig ? UINT32_MAX : UINT16_MAX)
5049 || uNewEsp - cbStackFrame < cbLimitSS + UINT32_C(1))
5050 {
5051 Log(("RaiseXcptOrIntInProtMode: %#x - SS=%#x ESP=%#x cbStackFrame=%#x (expand down) is out of bounds -> #GP\n",
5052 u8Vector, NewSS, uNewEsp, cbStackFrame));
5053 return iemRaiseSelectorBoundsBySelector(pVCpu, NewSS);
5054 }
5055 }
5056
5057 /*
5058 * Start making changes.
5059 */
5060
5061 /* Set the new CPL so that stack accesses use it. */
5062 uint8_t const uOldCpl = pVCpu->iem.s.uCpl;
5063 pVCpu->iem.s.uCpl = uNewCpl;
5064
5065 /* Create the stack frame. */
5066 RTPTRUNION uStackFrame;
5067 rcStrict = iemMemMap(pVCpu, &uStackFrame.pv, cbStackFrame, UINT8_MAX,
5068 uNewEsp - cbStackFrame + X86DESC_BASE(&DescSS.Legacy), IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS); /* _SYS is a hack ... */
5069 if (rcStrict != VINF_SUCCESS)
5070 return rcStrict;
5071 void * const pvStackFrame = uStackFrame.pv;
5072 if (f32BitGate)
5073 {
5074 if (fFlags & IEM_XCPT_FLAGS_ERR)
5075 *uStackFrame.pu32++ = uErr;
5076 uStackFrame.pu32[0] = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pVCpu->cpum.GstCtx.eip + cbInstr : pVCpu->cpum.GstCtx.eip;
5077 uStackFrame.pu32[1] = (pVCpu->cpum.GstCtx.cs.Sel & ~X86_SEL_RPL) | uOldCpl;
5078 uStackFrame.pu32[2] = fEfl;
5079 uStackFrame.pu32[3] = pVCpu->cpum.GstCtx.esp;
5080 uStackFrame.pu32[4] = pVCpu->cpum.GstCtx.ss.Sel;
5081 Log7(("iemRaiseXcptOrIntInProtMode: 32-bit push SS=%#x ESP=%#x\n", pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.esp));
5082 if (fEfl & X86_EFL_VM)
5083 {
5084 uStackFrame.pu32[1] = pVCpu->cpum.GstCtx.cs.Sel;
5085 uStackFrame.pu32[5] = pVCpu->cpum.GstCtx.es.Sel;
5086 uStackFrame.pu32[6] = pVCpu->cpum.GstCtx.ds.Sel;
5087 uStackFrame.pu32[7] = pVCpu->cpum.GstCtx.fs.Sel;
5088 uStackFrame.pu32[8] = pVCpu->cpum.GstCtx.gs.Sel;
5089 }
5090 }
5091 else
5092 {
5093 if (fFlags & IEM_XCPT_FLAGS_ERR)
5094 *uStackFrame.pu16++ = uErr;
5095 uStackFrame.pu16[0] = (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT) ? pVCpu->cpum.GstCtx.ip + cbInstr : pVCpu->cpum.GstCtx.ip;
5096 uStackFrame.pu16[1] = (pVCpu->cpum.GstCtx.cs.Sel & ~X86_SEL_RPL) | uOldCpl;
5097 uStackFrame.pu16[2] = fEfl;
5098 uStackFrame.pu16[3] = pVCpu->cpum.GstCtx.sp;
5099 uStackFrame.pu16[4] = pVCpu->cpum.GstCtx.ss.Sel;
5100 Log7(("iemRaiseXcptOrIntInProtMode: 16-bit push SS=%#x SP=%#x\n", pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.sp));
5101 if (fEfl & X86_EFL_VM)
5102 {
5103 uStackFrame.pu16[1] = pVCpu->cpum.GstCtx.cs.Sel;
5104 uStackFrame.pu16[5] = pVCpu->cpum.GstCtx.es.Sel;
5105 uStackFrame.pu16[6] = pVCpu->cpum.GstCtx.ds.Sel;
5106 uStackFrame.pu16[7] = pVCpu->cpum.GstCtx.fs.Sel;
5107 uStackFrame.pu16[8] = pVCpu->cpum.GstCtx.gs.Sel;
5108 }
5109 }
5110 rcStrict = iemMemCommitAndUnmap(pVCpu, pvStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS);
5111 if (rcStrict != VINF_SUCCESS)
5112 return rcStrict;
5113
5114 /* Mark the selectors 'accessed' (hope this is the correct time). */
5115 /** @todo testcase: excatly _when_ are the accessed bits set - before or
5116 * after pushing the stack frame? (Write protect the gdt + stack to
5117 * find out.) */
5118 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
5119 {
5120 rcStrict = iemMemMarkSelDescAccessed(pVCpu, NewCS);
5121 if (rcStrict != VINF_SUCCESS)
5122 return rcStrict;
5123 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
5124 }
5125
5126 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
5127 {
5128 rcStrict = iemMemMarkSelDescAccessed(pVCpu, NewSS);
5129 if (rcStrict != VINF_SUCCESS)
5130 return rcStrict;
5131 DescSS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
5132 }
5133
5134 /*
5135 * Start comitting the register changes (joins with the DPL=CPL branch).
5136 */
5137 pVCpu->cpum.GstCtx.ss.Sel = NewSS;
5138 pVCpu->cpum.GstCtx.ss.ValidSel = NewSS;
5139 pVCpu->cpum.GstCtx.ss.fFlags = CPUMSELREG_FLAGS_VALID;
5140 pVCpu->cpum.GstCtx.ss.u32Limit = cbLimitSS;
5141 pVCpu->cpum.GstCtx.ss.u64Base = X86DESC_BASE(&DescSS.Legacy);
5142 pVCpu->cpum.GstCtx.ss.Attr.u = X86DESC_GET_HID_ATTR(&DescSS.Legacy);
5143 /** @todo When coming from 32-bit code and operating with a 16-bit TSS and
5144 * 16-bit handler, the high word of ESP remains unchanged (i.e. only
5145 * SP is loaded).
5146 * Need to check the other combinations too:
5147 * - 16-bit TSS, 32-bit handler
5148 * - 32-bit TSS, 16-bit handler */
5149 if (!pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
5150 pVCpu->cpum.GstCtx.sp = (uint16_t)(uNewEsp - cbStackFrame);
5151 else
5152 pVCpu->cpum.GstCtx.rsp = uNewEsp - cbStackFrame;
5153
5154 if (fEfl & X86_EFL_VM)
5155 {
5156 iemHlpLoadNullDataSelectorOnV86Xcpt(pVCpu, &pVCpu->cpum.GstCtx.gs);
5157 iemHlpLoadNullDataSelectorOnV86Xcpt(pVCpu, &pVCpu->cpum.GstCtx.fs);
5158 iemHlpLoadNullDataSelectorOnV86Xcpt(pVCpu, &pVCpu->cpum.GstCtx.es);
5159 iemHlpLoadNullDataSelectorOnV86Xcpt(pVCpu, &pVCpu->cpum.GstCtx.ds);
5160 }
5161 }
5162 /*
5163 * Same privilege, no stack change and smaller stack frame.
5164 */
5165 else
5166 {
5167 uint64_t uNewRsp;
5168 RTPTRUNION uStackFrame;
5169 uint8_t const cbStackFrame = (fFlags & IEM_XCPT_FLAGS_ERR ? 8 : 6) << f32BitGate;
5170 rcStrict = iemMemStackPushBeginSpecial(pVCpu, cbStackFrame, &uStackFrame.pv, &uNewRsp);
5171 if (rcStrict != VINF_SUCCESS)
5172 return rcStrict;
5173 void * const pvStackFrame = uStackFrame.pv;
5174
5175 if (f32BitGate)
5176 {
5177 if (fFlags & IEM_XCPT_FLAGS_ERR)
5178 *uStackFrame.pu32++ = uErr;
5179 uStackFrame.pu32[0] = fFlags & IEM_XCPT_FLAGS_T_SOFT_INT ? pVCpu->cpum.GstCtx.eip + cbInstr : pVCpu->cpum.GstCtx.eip;
5180 uStackFrame.pu32[1] = (pVCpu->cpum.GstCtx.cs.Sel & ~X86_SEL_RPL) | pVCpu->iem.s.uCpl;
5181 uStackFrame.pu32[2] = fEfl;
5182 }
5183 else
5184 {
5185 if (fFlags & IEM_XCPT_FLAGS_ERR)
5186 *uStackFrame.pu16++ = uErr;
5187 uStackFrame.pu16[0] = fFlags & IEM_XCPT_FLAGS_T_SOFT_INT ? pVCpu->cpum.GstCtx.eip + cbInstr : pVCpu->cpum.GstCtx.eip;
5188 uStackFrame.pu16[1] = (pVCpu->cpum.GstCtx.cs.Sel & ~X86_SEL_RPL) | pVCpu->iem.s.uCpl;
5189 uStackFrame.pu16[2] = fEfl;
5190 }
5191 rcStrict = iemMemCommitAndUnmap(pVCpu, pvStackFrame, IEM_ACCESS_STACK_W); /* don't use the commit here */
5192 if (rcStrict != VINF_SUCCESS)
5193 return rcStrict;
5194
5195 /* Mark the CS selector as 'accessed'. */
5196 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
5197 {
5198 rcStrict = iemMemMarkSelDescAccessed(pVCpu, NewCS);
5199 if (rcStrict != VINF_SUCCESS)
5200 return rcStrict;
5201 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
5202 }
5203
5204 /*
5205 * Start committing the register changes (joins with the other branch).
5206 */
5207 pVCpu->cpum.GstCtx.rsp = uNewRsp;
5208 }
5209
5210 /* ... register committing continues. */
5211 pVCpu->cpum.GstCtx.cs.Sel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
5212 pVCpu->cpum.GstCtx.cs.ValidSel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
5213 pVCpu->cpum.GstCtx.cs.fFlags = CPUMSELREG_FLAGS_VALID;
5214 pVCpu->cpum.GstCtx.cs.u32Limit = cbLimitCS;
5215 pVCpu->cpum.GstCtx.cs.u64Base = X86DESC_BASE(&DescCS.Legacy);
5216 pVCpu->cpum.GstCtx.cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
5217
5218 pVCpu->cpum.GstCtx.rip = uNewEip; /* (The entire register is modified, see pe16_32 bs3kit tests.) */
5219 fEfl &= ~fEflToClear;
5220 IEMMISC_SET_EFL(pVCpu, fEfl);
5221
5222 if (fFlags & IEM_XCPT_FLAGS_CR2)
5223 pVCpu->cpum.GstCtx.cr2 = uCr2;
5224
5225 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
5226 iemRaiseXcptAdjustState(pVCpu, u8Vector);
5227
5228 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
5229}
5230
5231
5232/**
5233 * Implements exceptions and interrupts for long mode.
5234 *
5235 * @returns VBox strict status code.
5236 * @param pVCpu The cross context virtual CPU structure of the calling thread.
5237 * @param cbInstr The number of bytes to offset rIP by in the return
5238 * address.
5239 * @param u8Vector The interrupt / exception vector number.
5240 * @param fFlags The flags.
5241 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
5242 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
5243 */
5244IEM_STATIC VBOXSTRICTRC
5245iemRaiseXcptOrIntInLongMode(PVMCPU pVCpu,
5246 uint8_t cbInstr,
5247 uint8_t u8Vector,
5248 uint32_t fFlags,
5249 uint16_t uErr,
5250 uint64_t uCr2)
5251{
5252 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
5253
5254 /*
5255 * Read the IDT entry.
5256 */
5257 uint16_t offIdt = (uint16_t)u8Vector << 4;
5258 if (pVCpu->cpum.GstCtx.idtr.cbIdt < offIdt + 7)
5259 {
5260 Log(("iemRaiseXcptOrIntInLongMode: %#x is out of bounds (%#x)\n", u8Vector, pVCpu->cpum.GstCtx.idtr.cbIdt));
5261 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
5262 }
5263 X86DESC64 Idte;
5264 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pVCpu, &Idte.au64[0], UINT8_MAX, pVCpu->cpum.GstCtx.idtr.pIdt + offIdt);
5265 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
5266 rcStrict = iemMemFetchSysU64(pVCpu, &Idte.au64[1], UINT8_MAX, pVCpu->cpum.GstCtx.idtr.pIdt + offIdt + 8);
5267 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
5268 {
5269 Log(("iemRaiseXcptOrIntInLongMode: failed to fetch IDT entry! vec=%#x rc=%Rrc\n", u8Vector, VBOXSTRICTRC_VAL(rcStrict)));
5270 return rcStrict;
5271 }
5272 Log(("iemRaiseXcptOrIntInLongMode: vec=%#x P=%u DPL=%u DT=%u:%u IST=%u %04x:%08x%04x%04x\n",
5273 u8Vector, Idte.Gate.u1Present, Idte.Gate.u2Dpl, Idte.Gate.u1DescType, Idte.Gate.u4Type,
5274 Idte.Gate.u3IST, Idte.Gate.u16Sel, Idte.Gate.u32OffsetTop, Idte.Gate.u16OffsetHigh, Idte.Gate.u16OffsetLow));
5275
5276 /*
5277 * Check the descriptor type, DPL and such.
5278 * ASSUMES this is done in the same order as described for call-gate calls.
5279 */
5280 if (Idte.Gate.u1DescType)
5281 {
5282 Log(("iemRaiseXcptOrIntInLongMode %#x - not system selector (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
5283 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
5284 }
5285 uint32_t fEflToClear = X86_EFL_TF | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM;
5286 switch (Idte.Gate.u4Type)
5287 {
5288 case AMD64_SEL_TYPE_SYS_INT_GATE:
5289 fEflToClear |= X86_EFL_IF;
5290 break;
5291 case AMD64_SEL_TYPE_SYS_TRAP_GATE:
5292 break;
5293
5294 default:
5295 Log(("iemRaiseXcptOrIntInLongMode %#x - invalid type (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
5296 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
5297 }
5298
5299 /* Check DPL against CPL if applicable. */
5300 if (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
5301 {
5302 if (pVCpu->iem.s.uCpl > Idte.Gate.u2Dpl)
5303 {
5304 Log(("iemRaiseXcptOrIntInLongMode %#x - CPL (%d) > DPL (%d) -> #GP\n", u8Vector, pVCpu->iem.s.uCpl, Idte.Gate.u2Dpl));
5305 return iemRaiseGeneralProtectionFault(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
5306 }
5307 }
5308
5309 /* Is it there? */
5310 if (!Idte.Gate.u1Present)
5311 {
5312 Log(("iemRaiseXcptOrIntInLongMode %#x - not present -> #NP\n", u8Vector));
5313 return iemRaiseSelectorNotPresentWithErr(pVCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
5314 }
5315
5316 /* A null CS is bad. */
5317 RTSEL NewCS = Idte.Gate.u16Sel;
5318 if (!(NewCS & X86_SEL_MASK_OFF_RPL))
5319 {
5320 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x -> #GP\n", u8Vector, NewCS));
5321 return iemRaiseGeneralProtectionFault0(pVCpu);
5322 }
5323
5324 /* Fetch the descriptor for the new CS. */
5325 IEMSELDESC DescCS;
5326 rcStrict = iemMemFetchSelDesc(pVCpu, &DescCS, NewCS, X86_XCPT_GP);
5327 if (rcStrict != VINF_SUCCESS)
5328 {
5329 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - rc=%Rrc\n", u8Vector, NewCS, VBOXSTRICTRC_VAL(rcStrict)));
5330 return rcStrict;
5331 }
5332
5333 /* Must be a 64-bit code segment. */
5334 if (!DescCS.Long.Gen.u1DescType)
5335 {
5336 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - system selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
5337 return iemRaiseGeneralProtectionFault(pVCpu, NewCS & X86_SEL_MASK_OFF_RPL);
5338 }
5339 if ( !DescCS.Long.Gen.u1Long
5340 || DescCS.Long.Gen.u1DefBig
5341 || !(DescCS.Long.Gen.u4Type & X86_SEL_TYPE_CODE) )
5342 {
5343 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - not 64-bit code selector (%#x, L=%u, D=%u) -> #GP\n",
5344 u8Vector, NewCS, DescCS.Legacy.Gen.u4Type, DescCS.Long.Gen.u1Long, DescCS.Long.Gen.u1DefBig));
5345 return iemRaiseGeneralProtectionFault(pVCpu, NewCS & X86_SEL_MASK_OFF_RPL);
5346 }
5347
5348 /* Don't allow lowering the privilege level. For non-conforming CS
5349 selectors, the CS.DPL sets the privilege level the trap/interrupt
5350 handler runs at. For conforming CS selectors, the CPL remains
5351 unchanged, but the CS.DPL must be <= CPL. */
5352 /** @todo Testcase: Interrupt handler with CS.DPL=1, interrupt dispatched
5353 * when CPU in Ring-0. Result \#GP? */
5354 if (DescCS.Legacy.Gen.u2Dpl > pVCpu->iem.s.uCpl)
5355 {
5356 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - DPL (%d) > CPL (%d) -> #GP\n",
5357 u8Vector, NewCS, DescCS.Legacy.Gen.u2Dpl, pVCpu->iem.s.uCpl));
5358 return iemRaiseGeneralProtectionFault(pVCpu, NewCS & X86_SEL_MASK_OFF_RPL);
5359 }
5360
5361
5362 /* Make sure the selector is present. */
5363 if (!DescCS.Legacy.Gen.u1Present)
5364 {
5365 Log(("iemRaiseXcptOrIntInLongMode %#x - CS=%#x - segment not present -> #NP\n", u8Vector, NewCS));
5366 return iemRaiseSelectorNotPresentBySelector(pVCpu, NewCS);
5367 }
5368
5369 /* Check that the new RIP is canonical. */
5370 uint64_t const uNewRip = Idte.Gate.u16OffsetLow
5371 | ((uint32_t)Idte.Gate.u16OffsetHigh << 16)
5372 | ((uint64_t)Idte.Gate.u32OffsetTop << 32);
5373 if (!IEM_IS_CANONICAL(uNewRip))
5374 {
5375 Log(("iemRaiseXcptOrIntInLongMode %#x - RIP=%#RX64 - Not canonical -> #GP(0)\n", u8Vector, uNewRip));
5376 return iemRaiseGeneralProtectionFault0(pVCpu);
5377 }
5378
5379 /*
5380 * If the privilege level changes or if the IST isn't zero, we need to get
5381 * a new stack from the TSS.
5382 */
5383 uint64_t uNewRsp;
5384 uint8_t const uNewCpl = DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF
5385 ? pVCpu->iem.s.uCpl : DescCS.Legacy.Gen.u2Dpl;
5386 if ( uNewCpl != pVCpu->iem.s.uCpl
5387 || Idte.Gate.u3IST != 0)
5388 {
5389 rcStrict = iemRaiseLoadStackFromTss64(pVCpu, uNewCpl, Idte.Gate.u3IST, &uNewRsp);
5390 if (rcStrict != VINF_SUCCESS)
5391 return rcStrict;
5392 }
5393 else
5394 uNewRsp = pVCpu->cpum.GstCtx.rsp;
5395 uNewRsp &= ~(uint64_t)0xf;
5396
5397 /*
5398 * Calc the flag image to push.
5399 */
5400 uint32_t fEfl = IEMMISC_GET_EFL(pVCpu);
5401 if (fFlags & (IEM_XCPT_FLAGS_DRx_INSTR_BP | IEM_XCPT_FLAGS_T_SOFT_INT))
5402 fEfl &= ~X86_EFL_RF;
5403 else
5404 fEfl |= X86_EFL_RF; /* Vagueness is all I've found on this so far... */ /** @todo Automatically pushing EFLAGS.RF. */
5405
5406 /*
5407 * Start making changes.
5408 */
5409 /* Set the new CPL so that stack accesses use it. */
5410 uint8_t const uOldCpl = pVCpu->iem.s.uCpl;
5411 pVCpu->iem.s.uCpl = uNewCpl;
5412
5413 /* Create the stack frame. */
5414 uint32_t cbStackFrame = sizeof(uint64_t) * (5 + !!(fFlags & IEM_XCPT_FLAGS_ERR));
5415 RTPTRUNION uStackFrame;
5416 rcStrict = iemMemMap(pVCpu, &uStackFrame.pv, cbStackFrame, UINT8_MAX,
5417 uNewRsp - cbStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS); /* _SYS is a hack ... */
5418 if (rcStrict != VINF_SUCCESS)
5419 return rcStrict;
5420 void * const pvStackFrame = uStackFrame.pv;
5421
5422 if (fFlags & IEM_XCPT_FLAGS_ERR)
5423 *uStackFrame.pu64++ = uErr;
5424 uStackFrame.pu64[0] = fFlags & IEM_XCPT_FLAGS_T_SOFT_INT ? pVCpu->cpum.GstCtx.rip + cbInstr : pVCpu->cpum.GstCtx.rip;
5425 uStackFrame.pu64[1] = (pVCpu->cpum.GstCtx.cs.Sel & ~X86_SEL_RPL) | uOldCpl; /* CPL paranoia */
5426 uStackFrame.pu64[2] = fEfl;
5427 uStackFrame.pu64[3] = pVCpu->cpum.GstCtx.rsp;
5428 uStackFrame.pu64[4] = pVCpu->cpum.GstCtx.ss.Sel;
5429 rcStrict = iemMemCommitAndUnmap(pVCpu, pvStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS);
5430 if (rcStrict != VINF_SUCCESS)
5431 return rcStrict;
5432
5433 /* Mark the CS selectors 'accessed' (hope this is the correct time). */
5434 /** @todo testcase: excatly _when_ are the accessed bits set - before or
5435 * after pushing the stack frame? (Write protect the gdt + stack to
5436 * find out.) */
5437 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
5438 {
5439 rcStrict = iemMemMarkSelDescAccessed(pVCpu, NewCS);
5440 if (rcStrict != VINF_SUCCESS)
5441 return rcStrict;
5442 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
5443 }
5444
5445 /*
5446 * Start comitting the register changes.
5447 */
5448 /** @todo research/testcase: Figure out what VT-x and AMD-V loads into the
5449 * hidden registers when interrupting 32-bit or 16-bit code! */
5450 if (uNewCpl != uOldCpl)
5451 {
5452 pVCpu->cpum.GstCtx.ss.Sel = 0 | uNewCpl;
5453 pVCpu->cpum.GstCtx.ss.ValidSel = 0 | uNewCpl;
5454 pVCpu->cpum.GstCtx.ss.fFlags = CPUMSELREG_FLAGS_VALID;
5455 pVCpu->cpum.GstCtx.ss.u32Limit = UINT32_MAX;
5456 pVCpu->cpum.GstCtx.ss.u64Base = 0;
5457 pVCpu->cpum.GstCtx.ss.Attr.u = (uNewCpl << X86DESCATTR_DPL_SHIFT) | X86DESCATTR_UNUSABLE;
5458 }
5459 pVCpu->cpum.GstCtx.rsp = uNewRsp - cbStackFrame;
5460 pVCpu->cpum.GstCtx.cs.Sel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
5461 pVCpu->cpum.GstCtx.cs.ValidSel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
5462 pVCpu->cpum.GstCtx.cs.fFlags = CPUMSELREG_FLAGS_VALID;
5463 pVCpu->cpum.GstCtx.cs.u32Limit = X86DESC_LIMIT_G(&DescCS.Legacy);
5464 pVCpu->cpum.GstCtx.cs.u64Base = X86DESC_BASE(&DescCS.Legacy);
5465 pVCpu->cpum.GstCtx.cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
5466 pVCpu->cpum.GstCtx.rip = uNewRip;
5467
5468 fEfl &= ~fEflToClear;
5469 IEMMISC_SET_EFL(pVCpu, fEfl);
5470
5471 if (fFlags & IEM_XCPT_FLAGS_CR2)
5472 pVCpu->cpum.GstCtx.cr2 = uCr2;
5473
5474 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
5475 iemRaiseXcptAdjustState(pVCpu, u8Vector);
5476
5477 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
5478}
5479
5480
5481/**
5482 * Implements exceptions and interrupts.
5483 *
5484 * All exceptions and interrupts goes thru this function!
5485 *
5486 * @returns VBox strict status code.
5487 * @param pVCpu The cross context virtual CPU structure of the calling thread.
5488 * @param cbInstr The number of bytes to offset rIP by in the return
5489 * address.
5490 * @param u8Vector The interrupt / exception vector number.
5491 * @param fFlags The flags.
5492 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
5493 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
5494 */
5495DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC)
5496iemRaiseXcptOrInt(PVMCPU pVCpu,
5497 uint8_t cbInstr,
5498 uint8_t u8Vector,
5499 uint32_t fFlags,
5500 uint16_t uErr,
5501 uint64_t uCr2)
5502{
5503 /*
5504 * Get all the state that we might need here.
5505 */
5506 IEM_CTX_IMPORT_RET(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
5507 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_XCPT_MASK);
5508
5509#ifndef IEM_WITH_CODE_TLB /** @todo we're doing it afterwards too, that should suffice... */
5510 /*
5511 * Flush prefetch buffer
5512 */
5513 pVCpu->iem.s.cbOpcode = pVCpu->iem.s.offOpcode;
5514#endif
5515
5516 /*
5517 * Perform the V8086 IOPL check and upgrade the fault without nesting.
5518 */
5519 if ( pVCpu->cpum.GstCtx.eflags.Bits.u1VM
5520 && pVCpu->cpum.GstCtx.eflags.Bits.u2IOPL != 3
5521 && (fFlags & (IEM_XCPT_FLAGS_T_SOFT_INT | IEM_XCPT_FLAGS_BP_INSTR)) == IEM_XCPT_FLAGS_T_SOFT_INT
5522 && (pVCpu->cpum.GstCtx.cr0 & X86_CR0_PE) )
5523 {
5524 Log(("iemRaiseXcptOrInt: V8086 IOPL check failed for int %#x -> #GP(0)\n", u8Vector));
5525 fFlags = IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR;
5526 u8Vector = X86_XCPT_GP;
5527 uErr = 0;
5528 }
5529#ifdef DBGFTRACE_ENABLED
5530 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "Xcpt/%u: %02x %u %x %x %llx %04x:%04llx %04x:%04llx",
5531 pVCpu->iem.s.cXcptRecursions, u8Vector, cbInstr, fFlags, uErr, uCr2,
5532 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp);
5533#endif
5534
5535#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
5536 if (IEM_VMX_IS_NON_ROOT_MODE(pVCpu))
5537 {
5538 VBOXSTRICTRC rcStrict0 = iemVmxVmexitEvent(pVCpu, u8Vector, fFlags, uErr, uCr2, cbInstr);
5539 if (rcStrict0 != VINF_VMX_INTERCEPT_NOT_ACTIVE)
5540 return rcStrict0;
5541 }
5542#endif
5543
5544#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
5545 if (CPUMIsGuestInSvmNestedHwVirtMode(IEM_GET_CTX(pVCpu)))
5546 {
5547 /*
5548 * If the event is being injected as part of VMRUN, it isn't subject to event
5549 * intercepts in the nested-guest. However, secondary exceptions that occur
5550 * during injection of any event -are- subject to exception intercepts.
5551 *
5552 * See AMD spec. 15.20 "Event Injection".
5553 */
5554 if (!pVCpu->cpum.GstCtx.hwvirt.svm.fInterceptEvents)
5555 pVCpu->cpum.GstCtx.hwvirt.svm.fInterceptEvents = true;
5556 else
5557 {
5558 /*
5559 * Check and handle if the event being raised is intercepted.
5560 */
5561 VBOXSTRICTRC rcStrict0 = iemHandleSvmEventIntercept(pVCpu, u8Vector, fFlags, uErr, uCr2);
5562 if (rcStrict0 != VINF_SVM_INTERCEPT_NOT_ACTIVE)
5563 return rcStrict0;
5564 }
5565 }
5566#endif /* VBOX_WITH_NESTED_HWVIRT_SVM */
5567
5568 /*
5569 * Do recursion accounting.
5570 */
5571 uint8_t const uPrevXcpt = pVCpu->iem.s.uCurXcpt;
5572 uint32_t const fPrevXcpt = pVCpu->iem.s.fCurXcpt;
5573 if (pVCpu->iem.s.cXcptRecursions == 0)
5574 Log(("iemRaiseXcptOrInt: %#x at %04x:%RGv cbInstr=%#x fFlags=%#x uErr=%#x uCr2=%llx\n",
5575 u8Vector, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, cbInstr, fFlags, uErr, uCr2));
5576 else
5577 {
5578 Log(("iemRaiseXcptOrInt: %#x at %04x:%RGv cbInstr=%#x fFlags=%#x uErr=%#x uCr2=%llx; prev=%#x depth=%d flags=%#x\n",
5579 u8Vector, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, cbInstr, fFlags, uErr, uCr2, pVCpu->iem.s.uCurXcpt,
5580 pVCpu->iem.s.cXcptRecursions + 1, fPrevXcpt));
5581
5582 if (pVCpu->iem.s.cXcptRecursions >= 4)
5583 {
5584#ifdef DEBUG_bird
5585 AssertFailed();
5586#endif
5587 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Too many fault nestings.\n"));
5588 }
5589
5590 /*
5591 * Evaluate the sequence of recurring events.
5592 */
5593 IEMXCPTRAISE enmRaise = IEMEvaluateRecursiveXcpt(pVCpu, fPrevXcpt, uPrevXcpt, fFlags, u8Vector,
5594 NULL /* pXcptRaiseInfo */);
5595 if (enmRaise == IEMXCPTRAISE_CURRENT_XCPT)
5596 { /* likely */ }
5597 else if (enmRaise == IEMXCPTRAISE_DOUBLE_FAULT)
5598 {
5599 Log2(("iemRaiseXcptOrInt: Raising double fault. uPrevXcpt=%#x\n", uPrevXcpt));
5600 fFlags = IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR;
5601 u8Vector = X86_XCPT_DF;
5602 uErr = 0;
5603 /** @todo NSTVMX: Do we need to do something here for VMX? */
5604 /* SVM nested-guest #DF intercepts need to be checked now. See AMD spec. 15.12 "Exception Intercepts". */
5605 if (IEM_SVM_IS_XCPT_INTERCEPT_SET(pVCpu, X86_XCPT_DF))
5606 IEM_SVM_VMEXIT_RET(pVCpu, SVM_EXIT_XCPT_DF, 0 /* uExitInfo1 */, 0 /* uExitInfo2 */);
5607 }
5608 else if (enmRaise == IEMXCPTRAISE_TRIPLE_FAULT)
5609 {
5610 Log2(("iemRaiseXcptOrInt: Raising triple fault. uPrevXcpt=%#x\n", uPrevXcpt));
5611 return iemInitiateCpuShutdown(pVCpu);
5612 }
5613 else if (enmRaise == IEMXCPTRAISE_CPU_HANG)
5614 {
5615 /* If a nested-guest enters an endless CPU loop condition, we'll emulate it; otherwise guru. */
5616 Log2(("iemRaiseXcptOrInt: CPU hang condition detected\n"));
5617 if ( !CPUMIsGuestInSvmNestedHwVirtMode(IEM_GET_CTX(pVCpu))
5618 && !CPUMIsGuestInVmxNonRootMode(IEM_GET_CTX(pVCpu)))
5619 return VERR_EM_GUEST_CPU_HANG;
5620 }
5621 else
5622 {
5623 AssertMsgFailed(("Unexpected condition! enmRaise=%#x uPrevXcpt=%#x fPrevXcpt=%#x, u8Vector=%#x fFlags=%#x\n",
5624 enmRaise, uPrevXcpt, fPrevXcpt, u8Vector, fFlags));
5625 return VERR_IEM_IPE_9;
5626 }
5627
5628 /*
5629 * The 'EXT' bit is set when an exception occurs during deliver of an external
5630 * event (such as an interrupt or earlier exception)[1]. Privileged software
5631 * exception (INT1) also sets the EXT bit[2]. Exceptions generated by software
5632 * interrupts and INTO, INT3 instructions, the 'EXT' bit will not be set.
5633 *
5634 * [1] - Intel spec. 6.13 "Error Code"
5635 * [2] - Intel spec. 26.5.1.1 "Details of Vectored-Event Injection".
5636 * [3] - Intel Instruction reference for INT n.
5637 */
5638 if ( (fPrevXcpt & (IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_T_EXT_INT | IEM_XCPT_FLAGS_ICEBP_INSTR))
5639 && (fFlags & IEM_XCPT_FLAGS_ERR)
5640 && u8Vector != X86_XCPT_PF
5641 && u8Vector != X86_XCPT_DF)
5642 {
5643 uErr |= X86_TRAP_ERR_EXTERNAL;
5644 }
5645 }
5646
5647 pVCpu->iem.s.cXcptRecursions++;
5648 pVCpu->iem.s.uCurXcpt = u8Vector;
5649 pVCpu->iem.s.fCurXcpt = fFlags;
5650 pVCpu->iem.s.uCurXcptErr = uErr;
5651 pVCpu->iem.s.uCurXcptCr2 = uCr2;
5652
5653 /*
5654 * Extensive logging.
5655 */
5656#if defined(LOG_ENABLED) && defined(IN_RING3)
5657 if (LogIs3Enabled())
5658 {
5659 IEM_CTX_IMPORT_RET(pVCpu, CPUMCTX_EXTRN_DR_MASK);
5660 PVM pVM = pVCpu->CTX_SUFF(pVM);
5661 char szRegs[4096];
5662 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
5663 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
5664 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
5665 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
5666 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
5667 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
5668 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
5669 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
5670 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
5671 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
5672 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
5673 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
5674 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
5675 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
5676 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
5677 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
5678 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
5679 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
5680 " efer=%016VR{efer}\n"
5681 " pat=%016VR{pat}\n"
5682 " sf_mask=%016VR{sf_mask}\n"
5683 "krnl_gs_base=%016VR{krnl_gs_base}\n"
5684 " lstar=%016VR{lstar}\n"
5685 " star=%016VR{star} cstar=%016VR{cstar}\n"
5686 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
5687 );
5688
5689 char szInstr[256];
5690 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
5691 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
5692 szInstr, sizeof(szInstr), NULL);
5693 Log3(("%s%s\n", szRegs, szInstr));
5694 }
5695#endif /* LOG_ENABLED */
5696
5697 /*
5698 * Call the mode specific worker function.
5699 */
5700 VBOXSTRICTRC rcStrict;
5701 if (!(pVCpu->cpum.GstCtx.cr0 & X86_CR0_PE))
5702 rcStrict = iemRaiseXcptOrIntInRealMode(pVCpu, cbInstr, u8Vector, fFlags, uErr, uCr2);
5703 else if (pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_LMA)
5704 rcStrict = iemRaiseXcptOrIntInLongMode(pVCpu, cbInstr, u8Vector, fFlags, uErr, uCr2);
5705 else
5706 rcStrict = iemRaiseXcptOrIntInProtMode(pVCpu, cbInstr, u8Vector, fFlags, uErr, uCr2);
5707
5708 /* Flush the prefetch buffer. */
5709#ifdef IEM_WITH_CODE_TLB
5710 pVCpu->iem.s.pbInstrBuf = NULL;
5711#else
5712 pVCpu->iem.s.cbOpcode = IEM_GET_INSTR_LEN(pVCpu);
5713#endif
5714
5715 /*
5716 * Unwind.
5717 */
5718 pVCpu->iem.s.cXcptRecursions--;
5719 pVCpu->iem.s.uCurXcpt = uPrevXcpt;
5720 pVCpu->iem.s.fCurXcpt = fPrevXcpt;
5721 Log(("iemRaiseXcptOrInt: returns %Rrc (vec=%#x); cs:rip=%04x:%RGv ss:rsp=%04x:%RGv cpl=%u depth=%d\n",
5722 VBOXSTRICTRC_VAL(rcStrict), u8Vector, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.esp, pVCpu->iem.s.uCpl,
5723 pVCpu->iem.s.cXcptRecursions + 1));
5724 return rcStrict;
5725}
5726
5727#ifdef IEM_WITH_SETJMP
5728/**
5729 * See iemRaiseXcptOrInt. Will not return.
5730 */
5731IEM_STATIC DECL_NO_RETURN(void)
5732iemRaiseXcptOrIntJmp(PVMCPU pVCpu,
5733 uint8_t cbInstr,
5734 uint8_t u8Vector,
5735 uint32_t fFlags,
5736 uint16_t uErr,
5737 uint64_t uCr2)
5738{
5739 VBOXSTRICTRC rcStrict = iemRaiseXcptOrInt(pVCpu, cbInstr, u8Vector, fFlags, uErr, uCr2);
5740 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
5741}
5742#endif
5743
5744
5745/** \#DE - 00. */
5746DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseDivideError(PVMCPU pVCpu)
5747{
5748 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_DE, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
5749}
5750
5751
5752/** \#DB - 01.
5753 * @note This automatically clear DR7.GD. */
5754DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseDebugException(PVMCPU pVCpu)
5755{
5756 /** @todo set/clear RF. */
5757 pVCpu->cpum.GstCtx.dr[7] &= ~X86_DR7_GD;
5758 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_DB, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
5759}
5760
5761
5762/** \#BR - 05. */
5763DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseBoundRangeExceeded(PVMCPU pVCpu)
5764{
5765 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_BR, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
5766}
5767
5768
5769/** \#UD - 06. */
5770DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseUndefinedOpcode(PVMCPU pVCpu)
5771{
5772 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
5773}
5774
5775
5776/** \#NM - 07. */
5777DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseDeviceNotAvailable(PVMCPU pVCpu)
5778{
5779 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_NM, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
5780}
5781
5782
5783/** \#TS(err) - 0a. */
5784DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFaultWithErr(PVMCPU pVCpu, uint16_t uErr)
5785{
5786 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
5787}
5788
5789
5790/** \#TS(tr) - 0a. */
5791DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFaultCurrentTSS(PVMCPU pVCpu)
5792{
5793 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
5794 pVCpu->cpum.GstCtx.tr.Sel, 0);
5795}
5796
5797
5798/** \#TS(0) - 0a. */
5799DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFault0(PVMCPU pVCpu)
5800{
5801 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
5802 0, 0);
5803}
5804
5805
5806/** \#TS(err) - 0a. */
5807DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseTaskSwitchFaultBySelector(PVMCPU pVCpu, uint16_t uSel)
5808{
5809 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
5810 uSel & X86_SEL_MASK_OFF_RPL, 0);
5811}
5812
5813
5814/** \#NP(err) - 0b. */
5815DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorNotPresentWithErr(PVMCPU pVCpu, uint16_t uErr)
5816{
5817 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
5818}
5819
5820
5821/** \#NP(sel) - 0b. */
5822DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorNotPresentBySelector(PVMCPU pVCpu, uint16_t uSel)
5823{
5824 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
5825 uSel & ~X86_SEL_RPL, 0);
5826}
5827
5828
5829/** \#SS(seg) - 0c. */
5830DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseStackSelectorNotPresentBySelector(PVMCPU pVCpu, uint16_t uSel)
5831{
5832 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_SS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
5833 uSel & ~X86_SEL_RPL, 0);
5834}
5835
5836
5837/** \#SS(err) - 0c. */
5838DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseStackSelectorNotPresentWithErr(PVMCPU pVCpu, uint16_t uErr)
5839{
5840 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_SS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
5841}
5842
5843
5844/** \#GP(n) - 0d. */
5845DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseGeneralProtectionFault(PVMCPU pVCpu, uint16_t uErr)
5846{
5847 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
5848}
5849
5850
5851/** \#GP(0) - 0d. */
5852DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseGeneralProtectionFault0(PVMCPU pVCpu)
5853{
5854 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5855}
5856
5857#ifdef IEM_WITH_SETJMP
5858/** \#GP(0) - 0d. */
5859DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseGeneralProtectionFault0Jmp(PVMCPU pVCpu)
5860{
5861 iemRaiseXcptOrIntJmp(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5862}
5863#endif
5864
5865
5866/** \#GP(sel) - 0d. */
5867DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseGeneralProtectionFaultBySelector(PVMCPU pVCpu, RTSEL Sel)
5868{
5869 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
5870 Sel & ~X86_SEL_RPL, 0);
5871}
5872
5873
5874/** \#GP(0) - 0d. */
5875DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseNotCanonical(PVMCPU pVCpu)
5876{
5877 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5878}
5879
5880
5881/** \#GP(sel) - 0d. */
5882DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorBounds(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess)
5883{
5884 NOREF(iSegReg); NOREF(fAccess);
5885 return iemRaiseXcptOrInt(pVCpu, 0, iSegReg == X86_SREG_SS ? X86_XCPT_SS : X86_XCPT_GP,
5886 IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5887}
5888
5889#ifdef IEM_WITH_SETJMP
5890/** \#GP(sel) - 0d, longjmp. */
5891DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseSelectorBoundsJmp(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess)
5892{
5893 NOREF(iSegReg); NOREF(fAccess);
5894 iemRaiseXcptOrIntJmp(pVCpu, 0, iSegReg == X86_SREG_SS ? X86_XCPT_SS : X86_XCPT_GP,
5895 IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5896}
5897#endif
5898
5899/** \#GP(sel) - 0d. */
5900DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorBoundsBySelector(PVMCPU pVCpu, RTSEL Sel)
5901{
5902 NOREF(Sel);
5903 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5904}
5905
5906#ifdef IEM_WITH_SETJMP
5907/** \#GP(sel) - 0d, longjmp. */
5908DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseSelectorBoundsBySelectorJmp(PVMCPU pVCpu, RTSEL Sel)
5909{
5910 NOREF(Sel);
5911 iemRaiseXcptOrIntJmp(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5912}
5913#endif
5914
5915
5916/** \#GP(sel) - 0d. */
5917DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseSelectorInvalidAccess(PVMCPU pVCpu, uint32_t iSegReg, uint32_t fAccess)
5918{
5919 NOREF(iSegReg); NOREF(fAccess);
5920 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5921}
5922
5923#ifdef IEM_WITH_SETJMP
5924/** \#GP(sel) - 0d, longjmp. */
5925DECL_NO_INLINE(IEM_STATIC, DECL_NO_RETURN(void)) iemRaiseSelectorInvalidAccessJmp(PVMCPU pVCpu, uint32_t iSegReg,
5926 uint32_t fAccess)
5927{
5928 NOREF(iSegReg); NOREF(fAccess);
5929 iemRaiseXcptOrIntJmp(pVCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
5930}
5931#endif
5932
5933
5934/** \#PF(n) - 0e. */
5935DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaisePageFault(PVMCPU pVCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc)
5936{
5937 uint16_t uErr;
5938 switch (rc)
5939 {
5940 case VERR_PAGE_NOT_PRESENT:
5941 case VERR_PAGE_TABLE_NOT_PRESENT:
5942 case VERR_PAGE_DIRECTORY_PTR_NOT_PRESENT:
5943 case VERR_PAGE_MAP_LEVEL4_NOT_PRESENT:
5944 uErr = 0;
5945 break;
5946
5947 default:
5948 AssertMsgFailed(("%Rrc\n", rc));
5949 RT_FALL_THRU();
5950 case VERR_ACCESS_DENIED:
5951 uErr = X86_TRAP_PF_P;
5952 break;
5953
5954 /** @todo reserved */
5955 }
5956
5957 if (pVCpu->iem.s.uCpl == 3)
5958 uErr |= X86_TRAP_PF_US;
5959
5960 if ( (fAccess & IEM_ACCESS_WHAT_MASK) == IEM_ACCESS_WHAT_CODE
5961 && ( (pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE)
5962 && (pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_NXE) ) )
5963 uErr |= X86_TRAP_PF_ID;
5964
5965#if 0 /* This is so much non-sense, really. Why was it done like that? */
5966 /* Note! RW access callers reporting a WRITE protection fault, will clear
5967 the READ flag before calling. So, read-modify-write accesses (RW)
5968 can safely be reported as READ faults. */
5969 if ((fAccess & (IEM_ACCESS_TYPE_WRITE | IEM_ACCESS_TYPE_READ)) == IEM_ACCESS_TYPE_WRITE)
5970 uErr |= X86_TRAP_PF_RW;
5971#else
5972 if (fAccess & IEM_ACCESS_TYPE_WRITE)
5973 {
5974 if (!(fAccess & IEM_ACCESS_TYPE_READ))
5975 uErr |= X86_TRAP_PF_RW;
5976 }
5977#endif
5978
5979 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_PF, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR | IEM_XCPT_FLAGS_CR2,
5980 uErr, GCPtrWhere);
5981}
5982
5983#ifdef IEM_WITH_SETJMP
5984/** \#PF(n) - 0e, longjmp. */
5985IEM_STATIC DECL_NO_RETURN(void) iemRaisePageFaultJmp(PVMCPU pVCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc)
5986{
5987 longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(iemRaisePageFault(pVCpu, GCPtrWhere, fAccess, rc)));
5988}
5989#endif
5990
5991
5992/** \#MF(0) - 10. */
5993DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseMathFault(PVMCPU pVCpu)
5994{
5995 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_MF, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
5996}
5997
5998
5999/** \#AC(0) - 11. */
6000DECL_NO_INLINE(IEM_STATIC, VBOXSTRICTRC) iemRaiseAlignmentCheckException(PVMCPU pVCpu)
6001{
6002 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_AC, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
6003}
6004
6005
6006/**
6007 * Macro for calling iemCImplRaiseDivideError().
6008 *
6009 * This enables us to add/remove arguments and force different levels of
6010 * inlining as we wish.
6011 *
6012 * @return Strict VBox status code.
6013 */
6014#define IEMOP_RAISE_DIVIDE_ERROR() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseDivideError)
6015IEM_CIMPL_DEF_0(iemCImplRaiseDivideError)
6016{
6017 NOREF(cbInstr);
6018 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_DE, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
6019}
6020
6021
6022/**
6023 * Macro for calling iemCImplRaiseInvalidLockPrefix().
6024 *
6025 * This enables us to add/remove arguments and force different levels of
6026 * inlining as we wish.
6027 *
6028 * @return Strict VBox status code.
6029 */
6030#define IEMOP_RAISE_INVALID_LOCK_PREFIX() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseInvalidLockPrefix)
6031IEM_CIMPL_DEF_0(iemCImplRaiseInvalidLockPrefix)
6032{
6033 NOREF(cbInstr);
6034 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
6035}
6036
6037
6038/**
6039 * Macro for calling iemCImplRaiseInvalidOpcode().
6040 *
6041 * This enables us to add/remove arguments and force different levels of
6042 * inlining as we wish.
6043 *
6044 * @return Strict VBox status code.
6045 */
6046#define IEMOP_RAISE_INVALID_OPCODE() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseInvalidOpcode)
6047IEM_CIMPL_DEF_0(iemCImplRaiseInvalidOpcode)
6048{
6049 NOREF(cbInstr);
6050 return iemRaiseXcptOrInt(pVCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
6051}
6052
6053
6054/** @} */
6055
6056
6057/*
6058 *
6059 * Helpers routines.
6060 * Helpers routines.
6061 * Helpers routines.
6062 *
6063 */
6064
6065/**
6066 * Recalculates the effective operand size.
6067 *
6068 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6069 */
6070IEM_STATIC void iemRecalEffOpSize(PVMCPU pVCpu)
6071{
6072 switch (pVCpu->iem.s.enmCpuMode)
6073 {
6074 case IEMMODE_16BIT:
6075 pVCpu->iem.s.enmEffOpSize = pVCpu->iem.s.fPrefixes & IEM_OP_PRF_SIZE_OP ? IEMMODE_32BIT : IEMMODE_16BIT;
6076 break;
6077 case IEMMODE_32BIT:
6078 pVCpu->iem.s.enmEffOpSize = pVCpu->iem.s.fPrefixes & IEM_OP_PRF_SIZE_OP ? IEMMODE_16BIT : IEMMODE_32BIT;
6079 break;
6080 case IEMMODE_64BIT:
6081 switch (pVCpu->iem.s.fPrefixes & (IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP))
6082 {
6083 case 0:
6084 pVCpu->iem.s.enmEffOpSize = pVCpu->iem.s.enmDefOpSize;
6085 break;
6086 case IEM_OP_PRF_SIZE_OP:
6087 pVCpu->iem.s.enmEffOpSize = IEMMODE_16BIT;
6088 break;
6089 case IEM_OP_PRF_SIZE_REX_W:
6090 case IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP:
6091 pVCpu->iem.s.enmEffOpSize = IEMMODE_64BIT;
6092 break;
6093 }
6094 break;
6095 default:
6096 AssertFailed();
6097 }
6098}
6099
6100
6101/**
6102 * Sets the default operand size to 64-bit and recalculates the effective
6103 * operand size.
6104 *
6105 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6106 */
6107IEM_STATIC void iemRecalEffOpSize64Default(PVMCPU pVCpu)
6108{
6109 Assert(pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT);
6110 pVCpu->iem.s.enmDefOpSize = IEMMODE_64BIT;
6111 if ((pVCpu->iem.s.fPrefixes & (IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP)) != IEM_OP_PRF_SIZE_OP)
6112 pVCpu->iem.s.enmEffOpSize = IEMMODE_64BIT;
6113 else
6114 pVCpu->iem.s.enmEffOpSize = IEMMODE_16BIT;
6115}
6116
6117
6118/*
6119 *
6120 * Common opcode decoders.
6121 * Common opcode decoders.
6122 * Common opcode decoders.
6123 *
6124 */
6125//#include <iprt/mem.h>
6126
6127/**
6128 * Used to add extra details about a stub case.
6129 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6130 */
6131IEM_STATIC void iemOpStubMsg2(PVMCPU pVCpu)
6132{
6133#if defined(LOG_ENABLED) && defined(IN_RING3)
6134 PVM pVM = pVCpu->CTX_SUFF(pVM);
6135 char szRegs[4096];
6136 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
6137 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
6138 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
6139 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
6140 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
6141 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
6142 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
6143 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
6144 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
6145 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
6146 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
6147 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
6148 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
6149 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
6150 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
6151 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
6152 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
6153 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
6154 " efer=%016VR{efer}\n"
6155 " pat=%016VR{pat}\n"
6156 " sf_mask=%016VR{sf_mask}\n"
6157 "krnl_gs_base=%016VR{krnl_gs_base}\n"
6158 " lstar=%016VR{lstar}\n"
6159 " star=%016VR{star} cstar=%016VR{cstar}\n"
6160 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
6161 );
6162
6163 char szInstr[256];
6164 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
6165 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
6166 szInstr, sizeof(szInstr), NULL);
6167
6168 RTAssertMsg2Weak("%s%s\n", szRegs, szInstr);
6169#else
6170 RTAssertMsg2Weak("cs:rip=%04x:%RX64\n", pVCpu->cpum.GstCtx.cs, pVCpu->cpum.GstCtx.rip);
6171#endif
6172}
6173
6174/**
6175 * Complains about a stub.
6176 *
6177 * Providing two versions of this macro, one for daily use and one for use when
6178 * working on IEM.
6179 */
6180#if 0
6181# define IEMOP_BITCH_ABOUT_STUB() \
6182 do { \
6183 RTAssertMsg1(NULL, __LINE__, __FILE__, __FUNCTION__); \
6184 iemOpStubMsg2(pVCpu); \
6185 RTAssertPanic(); \
6186 } while (0)
6187#else
6188# define IEMOP_BITCH_ABOUT_STUB() Log(("Stub: %s (line %d)\n", __FUNCTION__, __LINE__));
6189#endif
6190
6191/** Stubs an opcode. */
6192#define FNIEMOP_STUB(a_Name) \
6193 FNIEMOP_DEF(a_Name) \
6194 { \
6195 RT_NOREF_PV(pVCpu); \
6196 IEMOP_BITCH_ABOUT_STUB(); \
6197 return VERR_IEM_INSTR_NOT_IMPLEMENTED; \
6198 } \
6199 typedef int ignore_semicolon
6200
6201/** Stubs an opcode. */
6202#define FNIEMOP_STUB_1(a_Name, a_Type0, a_Name0) \
6203 FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
6204 { \
6205 RT_NOREF_PV(pVCpu); \
6206 RT_NOREF_PV(a_Name0); \
6207 IEMOP_BITCH_ABOUT_STUB(); \
6208 return VERR_IEM_INSTR_NOT_IMPLEMENTED; \
6209 } \
6210 typedef int ignore_semicolon
6211
6212/** Stubs an opcode which currently should raise \#UD. */
6213#define FNIEMOP_UD_STUB(a_Name) \
6214 FNIEMOP_DEF(a_Name) \
6215 { \
6216 Log(("Unsupported instruction %Rfn\n", __FUNCTION__)); \
6217 return IEMOP_RAISE_INVALID_OPCODE(); \
6218 } \
6219 typedef int ignore_semicolon
6220
6221/** Stubs an opcode which currently should raise \#UD. */
6222#define FNIEMOP_UD_STUB_1(a_Name, a_Type0, a_Name0) \
6223 FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
6224 { \
6225 RT_NOREF_PV(pVCpu); \
6226 RT_NOREF_PV(a_Name0); \
6227 Log(("Unsupported instruction %Rfn\n", __FUNCTION__)); \
6228 return IEMOP_RAISE_INVALID_OPCODE(); \
6229 } \
6230 typedef int ignore_semicolon
6231
6232
6233
6234/** @name Register Access.
6235 * @{
6236 */
6237
6238/**
6239 * Gets a reference (pointer) to the specified hidden segment register.
6240 *
6241 * @returns Hidden register reference.
6242 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6243 * @param iSegReg The segment register.
6244 */
6245IEM_STATIC PCPUMSELREG iemSRegGetHid(PVMCPU pVCpu, uint8_t iSegReg)
6246{
6247 Assert(iSegReg < X86_SREG_COUNT);
6248 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
6249 PCPUMSELREG pSReg = &pVCpu->cpum.GstCtx.aSRegs[iSegReg];
6250
6251#ifdef VBOX_WITH_RAW_MODE_NOT_R0
6252 if (RT_LIKELY(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, pSReg)))
6253 { /* likely */ }
6254 else
6255 CPUMGuestLazyLoadHiddenSelectorReg(pVCpu, pSReg);
6256#else
6257 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, pSReg));
6258#endif
6259 return pSReg;
6260}
6261
6262
6263/**
6264 * Ensures that the given hidden segment register is up to date.
6265 *
6266 * @returns Hidden register reference.
6267 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6268 * @param pSReg The segment register.
6269 */
6270IEM_STATIC PCPUMSELREG iemSRegUpdateHid(PVMCPU pVCpu, PCPUMSELREG pSReg)
6271{
6272#ifdef VBOX_WITH_RAW_MODE_NOT_R0
6273 if (!CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, pSReg))
6274 CPUMGuestLazyLoadHiddenSelectorReg(pVCpu, pSReg);
6275#else
6276 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, pSReg));
6277 NOREF(pVCpu);
6278#endif
6279 return pSReg;
6280}
6281
6282
6283/**
6284 * Gets a reference (pointer) to the specified segment register (the selector
6285 * value).
6286 *
6287 * @returns Pointer to the selector variable.
6288 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6289 * @param iSegReg The segment register.
6290 */
6291DECLINLINE(uint16_t *) iemSRegRef(PVMCPU pVCpu, uint8_t iSegReg)
6292{
6293 Assert(iSegReg < X86_SREG_COUNT);
6294 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
6295 return &pVCpu->cpum.GstCtx.aSRegs[iSegReg].Sel;
6296}
6297
6298
6299/**
6300 * Fetches the selector value of a segment register.
6301 *
6302 * @returns The selector value.
6303 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6304 * @param iSegReg The segment register.
6305 */
6306DECLINLINE(uint16_t) iemSRegFetchU16(PVMCPU pVCpu, uint8_t iSegReg)
6307{
6308 Assert(iSegReg < X86_SREG_COUNT);
6309 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
6310 return pVCpu->cpum.GstCtx.aSRegs[iSegReg].Sel;
6311}
6312
6313
6314/**
6315 * Fetches the base address value of a segment register.
6316 *
6317 * @returns The selector value.
6318 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6319 * @param iSegReg The segment register.
6320 */
6321DECLINLINE(uint64_t) iemSRegBaseFetchU64(PVMCPU pVCpu, uint8_t iSegReg)
6322{
6323 Assert(iSegReg < X86_SREG_COUNT);
6324 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
6325 return pVCpu->cpum.GstCtx.aSRegs[iSegReg].u64Base;
6326}
6327
6328
6329/**
6330 * Gets a reference (pointer) to the specified general purpose register.
6331 *
6332 * @returns Register reference.
6333 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6334 * @param iReg The general purpose register.
6335 */
6336DECLINLINE(void *) iemGRegRef(PVMCPU pVCpu, uint8_t iReg)
6337{
6338 Assert(iReg < 16);
6339 return &pVCpu->cpum.GstCtx.aGRegs[iReg];
6340}
6341
6342
6343/**
6344 * Gets a reference (pointer) to the specified 8-bit general purpose register.
6345 *
6346 * Because of AH, CH, DH and BH we cannot use iemGRegRef directly here.
6347 *
6348 * @returns Register reference.
6349 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6350 * @param iReg The register.
6351 */
6352DECLINLINE(uint8_t *) iemGRegRefU8(PVMCPU pVCpu, uint8_t iReg)
6353{
6354 if (iReg < 4 || (pVCpu->iem.s.fPrefixes & IEM_OP_PRF_REX))
6355 {
6356 Assert(iReg < 16);
6357 return &pVCpu->cpum.GstCtx.aGRegs[iReg].u8;
6358 }
6359 /* high 8-bit register. */
6360 Assert(iReg < 8);
6361 return &pVCpu->cpum.GstCtx.aGRegs[iReg & 3].bHi;
6362}
6363
6364
6365/**
6366 * Gets a reference (pointer) to the specified 16-bit general purpose register.
6367 *
6368 * @returns Register reference.
6369 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6370 * @param iReg The register.
6371 */
6372DECLINLINE(uint16_t *) iemGRegRefU16(PVMCPU pVCpu, uint8_t iReg)
6373{
6374 Assert(iReg < 16);
6375 return &pVCpu->cpum.GstCtx.aGRegs[iReg].u16;
6376}
6377
6378
6379/**
6380 * Gets a reference (pointer) to the specified 32-bit general purpose register.
6381 *
6382 * @returns Register reference.
6383 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6384 * @param iReg The register.
6385 */
6386DECLINLINE(uint32_t *) iemGRegRefU32(PVMCPU pVCpu, uint8_t iReg)
6387{
6388 Assert(iReg < 16);
6389 return &pVCpu->cpum.GstCtx.aGRegs[iReg].u32;
6390}
6391
6392
6393/**
6394 * Gets a reference (pointer) to the specified 64-bit general purpose register.
6395 *
6396 * @returns Register reference.
6397 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6398 * @param iReg The register.
6399 */
6400DECLINLINE(uint64_t *) iemGRegRefU64(PVMCPU pVCpu, uint8_t iReg)
6401{
6402 Assert(iReg < 64);
6403 return &pVCpu->cpum.GstCtx.aGRegs[iReg].u64;
6404}
6405
6406
6407/**
6408 * Gets a reference (pointer) to the specified segment register's base address.
6409 *
6410 * @returns Segment register base address reference.
6411 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6412 * @param iSegReg The segment selector.
6413 */
6414DECLINLINE(uint64_t *) iemSRegBaseRefU64(PVMCPU pVCpu, uint8_t iSegReg)
6415{
6416 Assert(iSegReg < X86_SREG_COUNT);
6417 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
6418 return &pVCpu->cpum.GstCtx.aSRegs[iSegReg].u64Base;
6419}
6420
6421
6422/**
6423 * Fetches the value of a 8-bit general purpose register.
6424 *
6425 * @returns The register value.
6426 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6427 * @param iReg The register.
6428 */
6429DECLINLINE(uint8_t) iemGRegFetchU8(PVMCPU pVCpu, uint8_t iReg)
6430{
6431 return *iemGRegRefU8(pVCpu, iReg);
6432}
6433
6434
6435/**
6436 * Fetches the value of a 16-bit general purpose register.
6437 *
6438 * @returns The register value.
6439 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6440 * @param iReg The register.
6441 */
6442DECLINLINE(uint16_t) iemGRegFetchU16(PVMCPU pVCpu, uint8_t iReg)
6443{
6444 Assert(iReg < 16);
6445 return pVCpu->cpum.GstCtx.aGRegs[iReg].u16;
6446}
6447
6448
6449/**
6450 * Fetches the value of a 32-bit general purpose register.
6451 *
6452 * @returns The register value.
6453 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6454 * @param iReg The register.
6455 */
6456DECLINLINE(uint32_t) iemGRegFetchU32(PVMCPU pVCpu, uint8_t iReg)
6457{
6458 Assert(iReg < 16);
6459 return pVCpu->cpum.GstCtx.aGRegs[iReg].u32;
6460}
6461
6462
6463/**
6464 * Fetches the value of a 64-bit general purpose register.
6465 *
6466 * @returns The register value.
6467 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6468 * @param iReg The register.
6469 */
6470DECLINLINE(uint64_t) iemGRegFetchU64(PVMCPU pVCpu, uint8_t iReg)
6471{
6472 Assert(iReg < 16);
6473 return pVCpu->cpum.GstCtx.aGRegs[iReg].u64;
6474}
6475
6476
6477/**
6478 * Adds a 8-bit signed jump offset to RIP/EIP/IP.
6479 *
6480 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
6481 * segment limit.
6482 *
6483 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6484 * @param offNextInstr The offset of the next instruction.
6485 */
6486IEM_STATIC VBOXSTRICTRC iemRegRipRelativeJumpS8(PVMCPU pVCpu, int8_t offNextInstr)
6487{
6488 switch (pVCpu->iem.s.enmEffOpSize)
6489 {
6490 case IEMMODE_16BIT:
6491 {
6492 uint16_t uNewIp = pVCpu->cpum.GstCtx.ip + offNextInstr + IEM_GET_INSTR_LEN(pVCpu);
6493 if ( uNewIp > pVCpu->cpum.GstCtx.cs.u32Limit
6494 && pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
6495 return iemRaiseGeneralProtectionFault0(pVCpu);
6496 pVCpu->cpum.GstCtx.rip = uNewIp;
6497 break;
6498 }
6499
6500 case IEMMODE_32BIT:
6501 {
6502 Assert(pVCpu->cpum.GstCtx.rip <= UINT32_MAX);
6503 Assert(pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT);
6504
6505 uint32_t uNewEip = pVCpu->cpum.GstCtx.eip + offNextInstr + IEM_GET_INSTR_LEN(pVCpu);
6506 if (uNewEip > pVCpu->cpum.GstCtx.cs.u32Limit)
6507 return iemRaiseGeneralProtectionFault0(pVCpu);
6508 pVCpu->cpum.GstCtx.rip = uNewEip;
6509 break;
6510 }
6511
6512 case IEMMODE_64BIT:
6513 {
6514 Assert(pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT);
6515
6516 uint64_t uNewRip = pVCpu->cpum.GstCtx.rip + offNextInstr + IEM_GET_INSTR_LEN(pVCpu);
6517 if (!IEM_IS_CANONICAL(uNewRip))
6518 return iemRaiseGeneralProtectionFault0(pVCpu);
6519 pVCpu->cpum.GstCtx.rip = uNewRip;
6520 break;
6521 }
6522
6523 IEM_NOT_REACHED_DEFAULT_CASE_RET();
6524 }
6525
6526 pVCpu->cpum.GstCtx.eflags.Bits.u1RF = 0;
6527
6528#ifndef IEM_WITH_CODE_TLB
6529 /* Flush the prefetch buffer. */
6530 pVCpu->iem.s.cbOpcode = IEM_GET_INSTR_LEN(pVCpu);
6531#endif
6532
6533 return VINF_SUCCESS;
6534}
6535
6536
6537/**
6538 * Adds a 16-bit signed jump offset to RIP/EIP/IP.
6539 *
6540 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
6541 * segment limit.
6542 *
6543 * @returns Strict VBox status code.
6544 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6545 * @param offNextInstr The offset of the next instruction.
6546 */
6547IEM_STATIC VBOXSTRICTRC iemRegRipRelativeJumpS16(PVMCPU pVCpu, int16_t offNextInstr)
6548{
6549 Assert(pVCpu->iem.s.enmEffOpSize == IEMMODE_16BIT);
6550
6551 uint16_t uNewIp = pVCpu->cpum.GstCtx.ip + offNextInstr + IEM_GET_INSTR_LEN(pVCpu);
6552 if ( uNewIp > pVCpu->cpum.GstCtx.cs.u32Limit
6553 && pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
6554 return iemRaiseGeneralProtectionFault0(pVCpu);
6555 /** @todo Test 16-bit jump in 64-bit mode. possible? */
6556 pVCpu->cpum.GstCtx.rip = uNewIp;
6557 pVCpu->cpum.GstCtx.eflags.Bits.u1RF = 0;
6558
6559#ifndef IEM_WITH_CODE_TLB
6560 /* Flush the prefetch buffer. */
6561 pVCpu->iem.s.cbOpcode = IEM_GET_INSTR_LEN(pVCpu);
6562#endif
6563
6564 return VINF_SUCCESS;
6565}
6566
6567
6568/**
6569 * Adds a 32-bit signed jump offset to RIP/EIP/IP.
6570 *
6571 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
6572 * segment limit.
6573 *
6574 * @returns Strict VBox status code.
6575 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6576 * @param offNextInstr The offset of the next instruction.
6577 */
6578IEM_STATIC VBOXSTRICTRC iemRegRipRelativeJumpS32(PVMCPU pVCpu, int32_t offNextInstr)
6579{
6580 Assert(pVCpu->iem.s.enmEffOpSize != IEMMODE_16BIT);
6581
6582 if (pVCpu->iem.s.enmEffOpSize == IEMMODE_32BIT)
6583 {
6584 Assert(pVCpu->cpum.GstCtx.rip <= UINT32_MAX); Assert(pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT);
6585
6586 uint32_t uNewEip = pVCpu->cpum.GstCtx.eip + offNextInstr + IEM_GET_INSTR_LEN(pVCpu);
6587 if (uNewEip > pVCpu->cpum.GstCtx.cs.u32Limit)
6588 return iemRaiseGeneralProtectionFault0(pVCpu);
6589 pVCpu->cpum.GstCtx.rip = uNewEip;
6590 }
6591 else
6592 {
6593 Assert(pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT);
6594
6595 uint64_t uNewRip = pVCpu->cpum.GstCtx.rip + offNextInstr + IEM_GET_INSTR_LEN(pVCpu);
6596 if (!IEM_IS_CANONICAL(uNewRip))
6597 return iemRaiseGeneralProtectionFault0(pVCpu);
6598 pVCpu->cpum.GstCtx.rip = uNewRip;
6599 }
6600 pVCpu->cpum.GstCtx.eflags.Bits.u1RF = 0;
6601
6602#ifndef IEM_WITH_CODE_TLB
6603 /* Flush the prefetch buffer. */
6604 pVCpu->iem.s.cbOpcode = IEM_GET_INSTR_LEN(pVCpu);
6605#endif
6606
6607 return VINF_SUCCESS;
6608}
6609
6610
6611/**
6612 * Performs a near jump to the specified address.
6613 *
6614 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
6615 * segment limit.
6616 *
6617 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6618 * @param uNewRip The new RIP value.
6619 */
6620IEM_STATIC VBOXSTRICTRC iemRegRipJump(PVMCPU pVCpu, uint64_t uNewRip)
6621{
6622 switch (pVCpu->iem.s.enmEffOpSize)
6623 {
6624 case IEMMODE_16BIT:
6625 {
6626 Assert(uNewRip <= UINT16_MAX);
6627 if ( uNewRip > pVCpu->cpum.GstCtx.cs.u32Limit
6628 && pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
6629 return iemRaiseGeneralProtectionFault0(pVCpu);
6630 /** @todo Test 16-bit jump in 64-bit mode. */
6631 pVCpu->cpum.GstCtx.rip = uNewRip;
6632 break;
6633 }
6634
6635 case IEMMODE_32BIT:
6636 {
6637 Assert(uNewRip <= UINT32_MAX);
6638 Assert(pVCpu->cpum.GstCtx.rip <= UINT32_MAX);
6639 Assert(pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT);
6640
6641 if (uNewRip > pVCpu->cpum.GstCtx.cs.u32Limit)
6642 return iemRaiseGeneralProtectionFault0(pVCpu);
6643 pVCpu->cpum.GstCtx.rip = uNewRip;
6644 break;
6645 }
6646
6647 case IEMMODE_64BIT:
6648 {
6649 Assert(pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT);
6650
6651 if (!IEM_IS_CANONICAL(uNewRip))
6652 return iemRaiseGeneralProtectionFault0(pVCpu);
6653 pVCpu->cpum.GstCtx.rip = uNewRip;
6654 break;
6655 }
6656
6657 IEM_NOT_REACHED_DEFAULT_CASE_RET();
6658 }
6659
6660 pVCpu->cpum.GstCtx.eflags.Bits.u1RF = 0;
6661
6662#ifndef IEM_WITH_CODE_TLB
6663 /* Flush the prefetch buffer. */
6664 pVCpu->iem.s.cbOpcode = IEM_GET_INSTR_LEN(pVCpu);
6665#endif
6666
6667 return VINF_SUCCESS;
6668}
6669
6670
6671/**
6672 * Get the address of the top of the stack.
6673 *
6674 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6675 */
6676DECLINLINE(RTGCPTR) iemRegGetEffRsp(PCVMCPU pVCpu)
6677{
6678 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6679 return pVCpu->cpum.GstCtx.rsp;
6680 if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6681 return pVCpu->cpum.GstCtx.esp;
6682 return pVCpu->cpum.GstCtx.sp;
6683}
6684
6685
6686/**
6687 * Updates the RIP/EIP/IP to point to the next instruction.
6688 *
6689 * This function leaves the EFLAGS.RF flag alone.
6690 *
6691 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6692 * @param cbInstr The number of bytes to add.
6693 */
6694IEM_STATIC void iemRegAddToRipKeepRF(PVMCPU pVCpu, uint8_t cbInstr)
6695{
6696 switch (pVCpu->iem.s.enmCpuMode)
6697 {
6698 case IEMMODE_16BIT:
6699 Assert(pVCpu->cpum.GstCtx.rip <= UINT16_MAX);
6700 pVCpu->cpum.GstCtx.eip += cbInstr;
6701 pVCpu->cpum.GstCtx.eip &= UINT32_C(0xffff);
6702 break;
6703
6704 case IEMMODE_32BIT:
6705 pVCpu->cpum.GstCtx.eip += cbInstr;
6706 Assert(pVCpu->cpum.GstCtx.rip <= UINT32_MAX);
6707 break;
6708
6709 case IEMMODE_64BIT:
6710 pVCpu->cpum.GstCtx.rip += cbInstr;
6711 break;
6712 default: AssertFailed();
6713 }
6714}
6715
6716
6717#if 0
6718/**
6719 * Updates the RIP/EIP/IP to point to the next instruction.
6720 *
6721 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6722 */
6723IEM_STATIC void iemRegUpdateRipKeepRF(PVMCPU pVCpu)
6724{
6725 return iemRegAddToRipKeepRF(pVCpu, IEM_GET_INSTR_LEN(pVCpu));
6726}
6727#endif
6728
6729
6730
6731/**
6732 * Updates the RIP/EIP/IP to point to the next instruction and clears EFLAGS.RF.
6733 *
6734 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6735 * @param cbInstr The number of bytes to add.
6736 */
6737IEM_STATIC void iemRegAddToRipAndClearRF(PVMCPU pVCpu, uint8_t cbInstr)
6738{
6739 pVCpu->cpum.GstCtx.eflags.Bits.u1RF = 0;
6740
6741 AssertCompile(IEMMODE_16BIT == 0 && IEMMODE_32BIT == 1 && IEMMODE_64BIT == 2);
6742#if ARCH_BITS >= 64
6743 static uint64_t const s_aRipMasks[] = { UINT64_C(0xffffffff), UINT64_C(0xffffffff), UINT64_MAX };
6744 Assert(pVCpu->cpum.GstCtx.rip <= s_aRipMasks[(unsigned)pVCpu->iem.s.enmCpuMode]);
6745 pVCpu->cpum.GstCtx.rip = (pVCpu->cpum.GstCtx.rip + cbInstr) & s_aRipMasks[(unsigned)pVCpu->iem.s.enmCpuMode];
6746#else
6747 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6748 pVCpu->cpum.GstCtx.rip += cbInstr;
6749 else
6750 pVCpu->cpum.GstCtx.eip += cbInstr;
6751#endif
6752}
6753
6754
6755/**
6756 * Updates the RIP/EIP/IP to point to the next instruction and clears EFLAGS.RF.
6757 *
6758 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6759 */
6760IEM_STATIC void iemRegUpdateRipAndClearRF(PVMCPU pVCpu)
6761{
6762 return iemRegAddToRipAndClearRF(pVCpu, IEM_GET_INSTR_LEN(pVCpu));
6763}
6764
6765
6766/**
6767 * Adds to the stack pointer.
6768 *
6769 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6770 * @param cbToAdd The number of bytes to add (8-bit!).
6771 */
6772DECLINLINE(void) iemRegAddToRsp(PVMCPU pVCpu, uint8_t cbToAdd)
6773{
6774 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6775 pVCpu->cpum.GstCtx.rsp += cbToAdd;
6776 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6777 pVCpu->cpum.GstCtx.esp += cbToAdd;
6778 else
6779 pVCpu->cpum.GstCtx.sp += cbToAdd;
6780}
6781
6782
6783/**
6784 * Subtracts from the stack pointer.
6785 *
6786 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6787 * @param cbToSub The number of bytes to subtract (8-bit!).
6788 */
6789DECLINLINE(void) iemRegSubFromRsp(PVMCPU pVCpu, uint8_t cbToSub)
6790{
6791 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6792 pVCpu->cpum.GstCtx.rsp -= cbToSub;
6793 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6794 pVCpu->cpum.GstCtx.esp -= cbToSub;
6795 else
6796 pVCpu->cpum.GstCtx.sp -= cbToSub;
6797}
6798
6799
6800/**
6801 * Adds to the temporary stack pointer.
6802 *
6803 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6804 * @param pTmpRsp The temporary SP/ESP/RSP to update.
6805 * @param cbToAdd The number of bytes to add (16-bit).
6806 */
6807DECLINLINE(void) iemRegAddToRspEx(PCVMCPU pVCpu, PRTUINT64U pTmpRsp, uint16_t cbToAdd)
6808{
6809 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6810 pTmpRsp->u += cbToAdd;
6811 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6812 pTmpRsp->DWords.dw0 += cbToAdd;
6813 else
6814 pTmpRsp->Words.w0 += cbToAdd;
6815}
6816
6817
6818/**
6819 * Subtracts from the temporary stack pointer.
6820 *
6821 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6822 * @param pTmpRsp The temporary SP/ESP/RSP to update.
6823 * @param cbToSub The number of bytes to subtract.
6824 * @remarks The @a cbToSub argument *MUST* be 16-bit, iemCImpl_enter is
6825 * expecting that.
6826 */
6827DECLINLINE(void) iemRegSubFromRspEx(PCVMCPU pVCpu, PRTUINT64U pTmpRsp, uint16_t cbToSub)
6828{
6829 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6830 pTmpRsp->u -= cbToSub;
6831 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6832 pTmpRsp->DWords.dw0 -= cbToSub;
6833 else
6834 pTmpRsp->Words.w0 -= cbToSub;
6835}
6836
6837
6838/**
6839 * Calculates the effective stack address for a push of the specified size as
6840 * well as the new RSP value (upper bits may be masked).
6841 *
6842 * @returns Effective stack addressf for the push.
6843 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6844 * @param cbItem The size of the stack item to pop.
6845 * @param puNewRsp Where to return the new RSP value.
6846 */
6847DECLINLINE(RTGCPTR) iemRegGetRspForPush(PCVMCPU pVCpu, uint8_t cbItem, uint64_t *puNewRsp)
6848{
6849 RTUINT64U uTmpRsp;
6850 RTGCPTR GCPtrTop;
6851 uTmpRsp.u = pVCpu->cpum.GstCtx.rsp;
6852
6853 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6854 GCPtrTop = uTmpRsp.u -= cbItem;
6855 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6856 GCPtrTop = uTmpRsp.DWords.dw0 -= cbItem;
6857 else
6858 GCPtrTop = uTmpRsp.Words.w0 -= cbItem;
6859 *puNewRsp = uTmpRsp.u;
6860 return GCPtrTop;
6861}
6862
6863
6864/**
6865 * Gets the current stack pointer and calculates the value after a pop of the
6866 * specified size.
6867 *
6868 * @returns Current stack pointer.
6869 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6870 * @param cbItem The size of the stack item to pop.
6871 * @param puNewRsp Where to return the new RSP value.
6872 */
6873DECLINLINE(RTGCPTR) iemRegGetRspForPop(PCVMCPU pVCpu, uint8_t cbItem, uint64_t *puNewRsp)
6874{
6875 RTUINT64U uTmpRsp;
6876 RTGCPTR GCPtrTop;
6877 uTmpRsp.u = pVCpu->cpum.GstCtx.rsp;
6878
6879 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6880 {
6881 GCPtrTop = uTmpRsp.u;
6882 uTmpRsp.u += cbItem;
6883 }
6884 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6885 {
6886 GCPtrTop = uTmpRsp.DWords.dw0;
6887 uTmpRsp.DWords.dw0 += cbItem;
6888 }
6889 else
6890 {
6891 GCPtrTop = uTmpRsp.Words.w0;
6892 uTmpRsp.Words.w0 += cbItem;
6893 }
6894 *puNewRsp = uTmpRsp.u;
6895 return GCPtrTop;
6896}
6897
6898
6899/**
6900 * Calculates the effective stack address for a push of the specified size as
6901 * well as the new temporary RSP value (upper bits may be masked).
6902 *
6903 * @returns Effective stack addressf for the push.
6904 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6905 * @param pTmpRsp The temporary stack pointer. This is updated.
6906 * @param cbItem The size of the stack item to pop.
6907 */
6908DECLINLINE(RTGCPTR) iemRegGetRspForPushEx(PCVMCPU pVCpu, PRTUINT64U pTmpRsp, uint8_t cbItem)
6909{
6910 RTGCPTR GCPtrTop;
6911
6912 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6913 GCPtrTop = pTmpRsp->u -= cbItem;
6914 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6915 GCPtrTop = pTmpRsp->DWords.dw0 -= cbItem;
6916 else
6917 GCPtrTop = pTmpRsp->Words.w0 -= cbItem;
6918 return GCPtrTop;
6919}
6920
6921
6922/**
6923 * Gets the effective stack address for a pop of the specified size and
6924 * calculates and updates the temporary RSP.
6925 *
6926 * @returns Current stack pointer.
6927 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6928 * @param pTmpRsp The temporary stack pointer. This is updated.
6929 * @param cbItem The size of the stack item to pop.
6930 */
6931DECLINLINE(RTGCPTR) iemRegGetRspForPopEx(PCVMCPU pVCpu, PRTUINT64U pTmpRsp, uint8_t cbItem)
6932{
6933 RTGCPTR GCPtrTop;
6934 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
6935 {
6936 GCPtrTop = pTmpRsp->u;
6937 pTmpRsp->u += cbItem;
6938 }
6939 else if (pVCpu->cpum.GstCtx.ss.Attr.n.u1DefBig)
6940 {
6941 GCPtrTop = pTmpRsp->DWords.dw0;
6942 pTmpRsp->DWords.dw0 += cbItem;
6943 }
6944 else
6945 {
6946 GCPtrTop = pTmpRsp->Words.w0;
6947 pTmpRsp->Words.w0 += cbItem;
6948 }
6949 return GCPtrTop;
6950}
6951
6952/** @} */
6953
6954
6955/** @name FPU access and helpers.
6956 *
6957 * @{
6958 */
6959
6960
6961/**
6962 * Hook for preparing to use the host FPU.
6963 *
6964 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
6965 *
6966 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6967 */
6968DECLINLINE(void) iemFpuPrepareUsage(PVMCPU pVCpu)
6969{
6970#ifdef IN_RING3
6971 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_FPU_REM);
6972#else
6973 CPUMRZFpuStatePrepareHostCpuForUse(pVCpu);
6974#endif
6975 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
6976}
6977
6978
6979/**
6980 * Hook for preparing to use the host FPU for SSE.
6981 *
6982 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
6983 *
6984 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6985 */
6986DECLINLINE(void) iemFpuPrepareUsageSse(PVMCPU pVCpu)
6987{
6988 iemFpuPrepareUsage(pVCpu);
6989}
6990
6991
6992/**
6993 * Hook for preparing to use the host FPU for AVX.
6994 *
6995 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
6996 *
6997 * @param pVCpu The cross context virtual CPU structure of the calling thread.
6998 */
6999DECLINLINE(void) iemFpuPrepareUsageAvx(PVMCPU pVCpu)
7000{
7001 iemFpuPrepareUsage(pVCpu);
7002}
7003
7004
7005/**
7006 * Hook for actualizing the guest FPU state before the interpreter reads it.
7007 *
7008 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
7009 *
7010 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7011 */
7012DECLINLINE(void) iemFpuActualizeStateForRead(PVMCPU pVCpu)
7013{
7014#ifdef IN_RING3
7015 NOREF(pVCpu);
7016#else
7017 CPUMRZFpuStateActualizeForRead(pVCpu);
7018#endif
7019 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
7020}
7021
7022
7023/**
7024 * Hook for actualizing the guest FPU state before the interpreter changes it.
7025 *
7026 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
7027 *
7028 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7029 */
7030DECLINLINE(void) iemFpuActualizeStateForChange(PVMCPU pVCpu)
7031{
7032#ifdef IN_RING3
7033 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_FPU_REM);
7034#else
7035 CPUMRZFpuStateActualizeForChange(pVCpu);
7036#endif
7037 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
7038}
7039
7040
7041/**
7042 * Hook for actualizing the guest XMM0..15 and MXCSR register state for read
7043 * only.
7044 *
7045 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
7046 *
7047 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7048 */
7049DECLINLINE(void) iemFpuActualizeSseStateForRead(PVMCPU pVCpu)
7050{
7051#if defined(IN_RING3) || defined(VBOX_WITH_KERNEL_USING_XMM)
7052 NOREF(pVCpu);
7053#else
7054 CPUMRZFpuStateActualizeSseForRead(pVCpu);
7055#endif
7056 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
7057}
7058
7059
7060/**
7061 * Hook for actualizing the guest XMM0..15 and MXCSR register state for
7062 * read+write.
7063 *
7064 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
7065 *
7066 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7067 */
7068DECLINLINE(void) iemFpuActualizeSseStateForChange(PVMCPU pVCpu)
7069{
7070#if defined(IN_RING3) || defined(VBOX_WITH_KERNEL_USING_XMM)
7071 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_FPU_REM);
7072#else
7073 CPUMRZFpuStateActualizeForChange(pVCpu);
7074#endif
7075 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
7076}
7077
7078
7079/**
7080 * Hook for actualizing the guest YMM0..15 and MXCSR register state for read
7081 * only.
7082 *
7083 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
7084 *
7085 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7086 */
7087DECLINLINE(void) iemFpuActualizeAvxStateForRead(PVMCPU pVCpu)
7088{
7089#ifdef IN_RING3
7090 NOREF(pVCpu);
7091#else
7092 CPUMRZFpuStateActualizeAvxForRead(pVCpu);
7093#endif
7094 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
7095}
7096
7097
7098/**
7099 * Hook for actualizing the guest YMM0..15 and MXCSR register state for
7100 * read+write.
7101 *
7102 * This is necessary in ring-0 and raw-mode context (nop in ring-3).
7103 *
7104 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7105 */
7106DECLINLINE(void) iemFpuActualizeAvxStateForChange(PVMCPU pVCpu)
7107{
7108#ifdef IN_RING3
7109 CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_FPU_REM);
7110#else
7111 CPUMRZFpuStateActualizeForChange(pVCpu);
7112#endif
7113 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_X87 | CPUMCTX_EXTRN_SSE_AVX | CPUMCTX_EXTRN_OTHER_XSAVE | CPUMCTX_EXTRN_XCRx);
7114}
7115
7116
7117/**
7118 * Stores a QNaN value into a FPU register.
7119 *
7120 * @param pReg Pointer to the register.
7121 */
7122DECLINLINE(void) iemFpuStoreQNan(PRTFLOAT80U pReg)
7123{
7124 pReg->au32[0] = UINT32_C(0x00000000);
7125 pReg->au32[1] = UINT32_C(0xc0000000);
7126 pReg->au16[4] = UINT16_C(0xffff);
7127}
7128
7129
7130/**
7131 * Updates the FOP, FPU.CS and FPUIP registers.
7132 *
7133 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7134 * @param pFpuCtx The FPU context.
7135 */
7136DECLINLINE(void) iemFpuUpdateOpcodeAndIpWorker(PVMCPU pVCpu, PX86FXSTATE pFpuCtx)
7137{
7138 Assert(pVCpu->iem.s.uFpuOpcode != UINT16_MAX);
7139 pFpuCtx->FOP = pVCpu->iem.s.uFpuOpcode;
7140 /** @todo x87.CS and FPUIP needs to be kept seperately. */
7141 if (IEM_IS_REAL_OR_V86_MODE(pVCpu))
7142 {
7143 /** @todo Testcase: making assumptions about how FPUIP and FPUDP are handled
7144 * happens in real mode here based on the fnsave and fnstenv images. */
7145 pFpuCtx->CS = 0;
7146 pFpuCtx->FPUIP = pVCpu->cpum.GstCtx.eip | ((uint32_t)pVCpu->cpum.GstCtx.cs.Sel << 4);
7147 }
7148 else
7149 {
7150 pFpuCtx->CS = pVCpu->cpum.GstCtx.cs.Sel;
7151 pFpuCtx->FPUIP = pVCpu->cpum.GstCtx.rip;
7152 }
7153}
7154
7155
7156/**
7157 * Updates the x87.DS and FPUDP registers.
7158 *
7159 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7160 * @param pFpuCtx The FPU context.
7161 * @param iEffSeg The effective segment register.
7162 * @param GCPtrEff The effective address relative to @a iEffSeg.
7163 */
7164DECLINLINE(void) iemFpuUpdateDP(PVMCPU pVCpu, PX86FXSTATE pFpuCtx, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7165{
7166 RTSEL sel;
7167 switch (iEffSeg)
7168 {
7169 case X86_SREG_DS: sel = pVCpu->cpum.GstCtx.ds.Sel; break;
7170 case X86_SREG_SS: sel = pVCpu->cpum.GstCtx.ss.Sel; break;
7171 case X86_SREG_CS: sel = pVCpu->cpum.GstCtx.cs.Sel; break;
7172 case X86_SREG_ES: sel = pVCpu->cpum.GstCtx.es.Sel; break;
7173 case X86_SREG_FS: sel = pVCpu->cpum.GstCtx.fs.Sel; break;
7174 case X86_SREG_GS: sel = pVCpu->cpum.GstCtx.gs.Sel; break;
7175 default:
7176 AssertMsgFailed(("%d\n", iEffSeg));
7177 sel = pVCpu->cpum.GstCtx.ds.Sel;
7178 }
7179 /** @todo pFpuCtx->DS and FPUDP needs to be kept seperately. */
7180 if (IEM_IS_REAL_OR_V86_MODE(pVCpu))
7181 {
7182 pFpuCtx->DS = 0;
7183 pFpuCtx->FPUDP = (uint32_t)GCPtrEff + ((uint32_t)sel << 4);
7184 }
7185 else
7186 {
7187 pFpuCtx->DS = sel;
7188 pFpuCtx->FPUDP = GCPtrEff;
7189 }
7190}
7191
7192
7193/**
7194 * Rotates the stack registers in the push direction.
7195 *
7196 * @param pFpuCtx The FPU context.
7197 * @remarks This is a complete waste of time, but fxsave stores the registers in
7198 * stack order.
7199 */
7200DECLINLINE(void) iemFpuRotateStackPush(PX86FXSTATE pFpuCtx)
7201{
7202 RTFLOAT80U r80Tmp = pFpuCtx->aRegs[7].r80;
7203 pFpuCtx->aRegs[7].r80 = pFpuCtx->aRegs[6].r80;
7204 pFpuCtx->aRegs[6].r80 = pFpuCtx->aRegs[5].r80;
7205 pFpuCtx->aRegs[5].r80 = pFpuCtx->aRegs[4].r80;
7206 pFpuCtx->aRegs[4].r80 = pFpuCtx->aRegs[3].r80;
7207 pFpuCtx->aRegs[3].r80 = pFpuCtx->aRegs[2].r80;
7208 pFpuCtx->aRegs[2].r80 = pFpuCtx->aRegs[1].r80;
7209 pFpuCtx->aRegs[1].r80 = pFpuCtx->aRegs[0].r80;
7210 pFpuCtx->aRegs[0].r80 = r80Tmp;
7211}
7212
7213
7214/**
7215 * Rotates the stack registers in the pop direction.
7216 *
7217 * @param pFpuCtx The FPU context.
7218 * @remarks This is a complete waste of time, but fxsave stores the registers in
7219 * stack order.
7220 */
7221DECLINLINE(void) iemFpuRotateStackPop(PX86FXSTATE pFpuCtx)
7222{
7223 RTFLOAT80U r80Tmp = pFpuCtx->aRegs[0].r80;
7224 pFpuCtx->aRegs[0].r80 = pFpuCtx->aRegs[1].r80;
7225 pFpuCtx->aRegs[1].r80 = pFpuCtx->aRegs[2].r80;
7226 pFpuCtx->aRegs[2].r80 = pFpuCtx->aRegs[3].r80;
7227 pFpuCtx->aRegs[3].r80 = pFpuCtx->aRegs[4].r80;
7228 pFpuCtx->aRegs[4].r80 = pFpuCtx->aRegs[5].r80;
7229 pFpuCtx->aRegs[5].r80 = pFpuCtx->aRegs[6].r80;
7230 pFpuCtx->aRegs[6].r80 = pFpuCtx->aRegs[7].r80;
7231 pFpuCtx->aRegs[7].r80 = r80Tmp;
7232}
7233
7234
7235/**
7236 * Updates FSW and pushes a FPU result onto the FPU stack if no pending
7237 * exception prevents it.
7238 *
7239 * @param pResult The FPU operation result to push.
7240 * @param pFpuCtx The FPU context.
7241 */
7242IEM_STATIC void iemFpuMaybePushResult(PIEMFPURESULT pResult, PX86FXSTATE pFpuCtx)
7243{
7244 /* Update FSW and bail if there are pending exceptions afterwards. */
7245 uint16_t fFsw = pFpuCtx->FSW & ~X86_FSW_C_MASK;
7246 fFsw |= pResult->FSW & ~X86_FSW_TOP_MASK;
7247 if ( (fFsw & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
7248 & ~(pFpuCtx->FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
7249 {
7250 pFpuCtx->FSW = fFsw;
7251 return;
7252 }
7253
7254 uint16_t iNewTop = (X86_FSW_TOP_GET(fFsw) + 7) & X86_FSW_TOP_SMASK;
7255 if (!(pFpuCtx->FTW & RT_BIT(iNewTop)))
7256 {
7257 /* All is fine, push the actual value. */
7258 pFpuCtx->FTW |= RT_BIT(iNewTop);
7259 pFpuCtx->aRegs[7].r80 = pResult->r80Result;
7260 }
7261 else if (pFpuCtx->FCW & X86_FCW_IM)
7262 {
7263 /* Masked stack overflow, push QNaN. */
7264 fFsw |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1;
7265 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
7266 }
7267 else
7268 {
7269 /* Raise stack overflow, don't push anything. */
7270 pFpuCtx->FSW |= pResult->FSW & ~X86_FSW_C_MASK;
7271 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1 | X86_FSW_B | X86_FSW_ES;
7272 return;
7273 }
7274
7275 fFsw &= ~X86_FSW_TOP_MASK;
7276 fFsw |= iNewTop << X86_FSW_TOP_SHIFT;
7277 pFpuCtx->FSW = fFsw;
7278
7279 iemFpuRotateStackPush(pFpuCtx);
7280}
7281
7282
7283/**
7284 * Stores a result in a FPU register and updates the FSW and FTW.
7285 *
7286 * @param pFpuCtx The FPU context.
7287 * @param pResult The result to store.
7288 * @param iStReg Which FPU register to store it in.
7289 */
7290IEM_STATIC void iemFpuStoreResultOnly(PX86FXSTATE pFpuCtx, PIEMFPURESULT pResult, uint8_t iStReg)
7291{
7292 Assert(iStReg < 8);
7293 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
7294 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7295 pFpuCtx->FSW |= pResult->FSW & ~X86_FSW_TOP_MASK;
7296 pFpuCtx->FTW |= RT_BIT(iReg);
7297 pFpuCtx->aRegs[iStReg].r80 = pResult->r80Result;
7298}
7299
7300
7301/**
7302 * Only updates the FPU status word (FSW) with the result of the current
7303 * instruction.
7304 *
7305 * @param pFpuCtx The FPU context.
7306 * @param u16FSW The FSW output of the current instruction.
7307 */
7308IEM_STATIC void iemFpuUpdateFSWOnly(PX86FXSTATE pFpuCtx, uint16_t u16FSW)
7309{
7310 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7311 pFpuCtx->FSW |= u16FSW & ~X86_FSW_TOP_MASK;
7312}
7313
7314
7315/**
7316 * Pops one item off the FPU stack if no pending exception prevents it.
7317 *
7318 * @param pFpuCtx The FPU context.
7319 */
7320IEM_STATIC void iemFpuMaybePopOne(PX86FXSTATE pFpuCtx)
7321{
7322 /* Check pending exceptions. */
7323 uint16_t uFSW = pFpuCtx->FSW;
7324 if ( (pFpuCtx->FSW & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
7325 & ~(pFpuCtx->FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
7326 return;
7327
7328 /* TOP--. */
7329 uint16_t iOldTop = uFSW & X86_FSW_TOP_MASK;
7330 uFSW &= ~X86_FSW_TOP_MASK;
7331 uFSW |= (iOldTop + (UINT16_C(9) << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
7332 pFpuCtx->FSW = uFSW;
7333
7334 /* Mark the previous ST0 as empty. */
7335 iOldTop >>= X86_FSW_TOP_SHIFT;
7336 pFpuCtx->FTW &= ~RT_BIT(iOldTop);
7337
7338 /* Rotate the registers. */
7339 iemFpuRotateStackPop(pFpuCtx);
7340}
7341
7342
7343/**
7344 * Pushes a FPU result onto the FPU stack if no pending exception prevents it.
7345 *
7346 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7347 * @param pResult The FPU operation result to push.
7348 */
7349IEM_STATIC void iemFpuPushResult(PVMCPU pVCpu, PIEMFPURESULT pResult)
7350{
7351 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7352 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7353 iemFpuMaybePushResult(pResult, pFpuCtx);
7354}
7355
7356
7357/**
7358 * Pushes a FPU result onto the FPU stack if no pending exception prevents it,
7359 * and sets FPUDP and FPUDS.
7360 *
7361 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7362 * @param pResult The FPU operation result to push.
7363 * @param iEffSeg The effective segment register.
7364 * @param GCPtrEff The effective address relative to @a iEffSeg.
7365 */
7366IEM_STATIC void iemFpuPushResultWithMemOp(PVMCPU pVCpu, PIEMFPURESULT pResult, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7367{
7368 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7369 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7370 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7371 iemFpuMaybePushResult(pResult, pFpuCtx);
7372}
7373
7374
7375/**
7376 * Replace ST0 with the first value and push the second onto the FPU stack,
7377 * unless a pending exception prevents it.
7378 *
7379 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7380 * @param pResult The FPU operation result to store and push.
7381 */
7382IEM_STATIC void iemFpuPushResultTwo(PVMCPU pVCpu, PIEMFPURESULTTWO pResult)
7383{
7384 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7385 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7386
7387 /* Update FSW and bail if there are pending exceptions afterwards. */
7388 uint16_t fFsw = pFpuCtx->FSW & ~X86_FSW_C_MASK;
7389 fFsw |= pResult->FSW & ~X86_FSW_TOP_MASK;
7390 if ( (fFsw & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
7391 & ~(pFpuCtx->FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
7392 {
7393 pFpuCtx->FSW = fFsw;
7394 return;
7395 }
7396
7397 uint16_t iNewTop = (X86_FSW_TOP_GET(fFsw) + 7) & X86_FSW_TOP_SMASK;
7398 if (!(pFpuCtx->FTW & RT_BIT(iNewTop)))
7399 {
7400 /* All is fine, push the actual value. */
7401 pFpuCtx->FTW |= RT_BIT(iNewTop);
7402 pFpuCtx->aRegs[0].r80 = pResult->r80Result1;
7403 pFpuCtx->aRegs[7].r80 = pResult->r80Result2;
7404 }
7405 else if (pFpuCtx->FCW & X86_FCW_IM)
7406 {
7407 /* Masked stack overflow, push QNaN. */
7408 fFsw |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1;
7409 iemFpuStoreQNan(&pFpuCtx->aRegs[0].r80);
7410 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
7411 }
7412 else
7413 {
7414 /* Raise stack overflow, don't push anything. */
7415 pFpuCtx->FSW |= pResult->FSW & ~X86_FSW_C_MASK;
7416 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1 | X86_FSW_B | X86_FSW_ES;
7417 return;
7418 }
7419
7420 fFsw &= ~X86_FSW_TOP_MASK;
7421 fFsw |= iNewTop << X86_FSW_TOP_SHIFT;
7422 pFpuCtx->FSW = fFsw;
7423
7424 iemFpuRotateStackPush(pFpuCtx);
7425}
7426
7427
7428/**
7429 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, and
7430 * FOP.
7431 *
7432 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7433 * @param pResult The result to store.
7434 * @param iStReg Which FPU register to store it in.
7435 */
7436IEM_STATIC void iemFpuStoreResult(PVMCPU pVCpu, PIEMFPURESULT pResult, uint8_t iStReg)
7437{
7438 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7439 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7440 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
7441}
7442
7443
7444/**
7445 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, and
7446 * FOP, and then pops the stack.
7447 *
7448 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7449 * @param pResult The result to store.
7450 * @param iStReg Which FPU register to store it in.
7451 */
7452IEM_STATIC void iemFpuStoreResultThenPop(PVMCPU pVCpu, PIEMFPURESULT pResult, uint8_t iStReg)
7453{
7454 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7455 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7456 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
7457 iemFpuMaybePopOne(pFpuCtx);
7458}
7459
7460
7461/**
7462 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, FOP,
7463 * FPUDP, and FPUDS.
7464 *
7465 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7466 * @param pResult The result to store.
7467 * @param iStReg Which FPU register to store it in.
7468 * @param iEffSeg The effective memory operand selector register.
7469 * @param GCPtrEff The effective memory operand offset.
7470 */
7471IEM_STATIC void iemFpuStoreResultWithMemOp(PVMCPU pVCpu, PIEMFPURESULT pResult, uint8_t iStReg,
7472 uint8_t iEffSeg, RTGCPTR GCPtrEff)
7473{
7474 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7475 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7476 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7477 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
7478}
7479
7480
7481/**
7482 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, FOP,
7483 * FPUDP, and FPUDS, and then pops the stack.
7484 *
7485 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7486 * @param pResult The result to store.
7487 * @param iStReg Which FPU register to store it in.
7488 * @param iEffSeg The effective memory operand selector register.
7489 * @param GCPtrEff The effective memory operand offset.
7490 */
7491IEM_STATIC void iemFpuStoreResultWithMemOpThenPop(PVMCPU pVCpu, PIEMFPURESULT pResult,
7492 uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7493{
7494 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7495 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7496 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7497 iemFpuStoreResultOnly(pFpuCtx, pResult, iStReg);
7498 iemFpuMaybePopOne(pFpuCtx);
7499}
7500
7501
7502/**
7503 * Updates the FOP, FPUIP, and FPUCS. For FNOP.
7504 *
7505 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7506 */
7507IEM_STATIC void iemFpuUpdateOpcodeAndIp(PVMCPU pVCpu)
7508{
7509 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7510 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7511}
7512
7513
7514/**
7515 * Marks the specified stack register as free (for FFREE).
7516 *
7517 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7518 * @param iStReg The register to free.
7519 */
7520IEM_STATIC void iemFpuStackFree(PVMCPU pVCpu, uint8_t iStReg)
7521{
7522 Assert(iStReg < 8);
7523 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7524 uint8_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
7525 pFpuCtx->FTW &= ~RT_BIT(iReg);
7526}
7527
7528
7529/**
7530 * Increments FSW.TOP, i.e. pops an item off the stack without freeing it.
7531 *
7532 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7533 */
7534IEM_STATIC void iemFpuStackIncTop(PVMCPU pVCpu)
7535{
7536 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7537 uint16_t uFsw = pFpuCtx->FSW;
7538 uint16_t uTop = uFsw & X86_FSW_TOP_MASK;
7539 uTop = (uTop + (1 << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
7540 uFsw &= ~X86_FSW_TOP_MASK;
7541 uFsw |= uTop;
7542 pFpuCtx->FSW = uFsw;
7543}
7544
7545
7546/**
7547 * Decrements FSW.TOP, i.e. push an item off the stack without storing anything.
7548 *
7549 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7550 */
7551IEM_STATIC void iemFpuStackDecTop(PVMCPU pVCpu)
7552{
7553 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7554 uint16_t uFsw = pFpuCtx->FSW;
7555 uint16_t uTop = uFsw & X86_FSW_TOP_MASK;
7556 uTop = (uTop + (7 << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
7557 uFsw &= ~X86_FSW_TOP_MASK;
7558 uFsw |= uTop;
7559 pFpuCtx->FSW = uFsw;
7560}
7561
7562
7563/**
7564 * Updates the FSW, FOP, FPUIP, and FPUCS.
7565 *
7566 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7567 * @param u16FSW The FSW from the current instruction.
7568 */
7569IEM_STATIC void iemFpuUpdateFSW(PVMCPU pVCpu, uint16_t u16FSW)
7570{
7571 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7572 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7573 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
7574}
7575
7576
7577/**
7578 * Updates the FSW, FOP, FPUIP, and FPUCS, then pops the stack.
7579 *
7580 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7581 * @param u16FSW The FSW from the current instruction.
7582 */
7583IEM_STATIC void iemFpuUpdateFSWThenPop(PVMCPU pVCpu, uint16_t u16FSW)
7584{
7585 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7586 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7587 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
7588 iemFpuMaybePopOne(pFpuCtx);
7589}
7590
7591
7592/**
7593 * Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS.
7594 *
7595 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7596 * @param u16FSW The FSW from the current instruction.
7597 * @param iEffSeg The effective memory operand selector register.
7598 * @param GCPtrEff The effective memory operand offset.
7599 */
7600IEM_STATIC void iemFpuUpdateFSWWithMemOp(PVMCPU pVCpu, uint16_t u16FSW, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7601{
7602 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7603 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7604 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7605 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
7606}
7607
7608
7609/**
7610 * Updates the FSW, FOP, FPUIP, and FPUCS, then pops the stack twice.
7611 *
7612 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7613 * @param u16FSW The FSW from the current instruction.
7614 */
7615IEM_STATIC void iemFpuUpdateFSWThenPopPop(PVMCPU pVCpu, uint16_t u16FSW)
7616{
7617 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7618 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7619 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
7620 iemFpuMaybePopOne(pFpuCtx);
7621 iemFpuMaybePopOne(pFpuCtx);
7622}
7623
7624
7625/**
7626 * Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS, then pops the stack.
7627 *
7628 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7629 * @param u16FSW The FSW from the current instruction.
7630 * @param iEffSeg The effective memory operand selector register.
7631 * @param GCPtrEff The effective memory operand offset.
7632 */
7633IEM_STATIC void iemFpuUpdateFSWWithMemOpThenPop(PVMCPU pVCpu, uint16_t u16FSW, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7634{
7635 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7636 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7637 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7638 iemFpuUpdateFSWOnly(pFpuCtx, u16FSW);
7639 iemFpuMaybePopOne(pFpuCtx);
7640}
7641
7642
7643/**
7644 * Worker routine for raising an FPU stack underflow exception.
7645 *
7646 * @param pFpuCtx The FPU context.
7647 * @param iStReg The stack register being accessed.
7648 */
7649IEM_STATIC void iemFpuStackUnderflowOnly(PX86FXSTATE pFpuCtx, uint8_t iStReg)
7650{
7651 Assert(iStReg < 8 || iStReg == UINT8_MAX);
7652 if (pFpuCtx->FCW & X86_FCW_IM)
7653 {
7654 /* Masked underflow. */
7655 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7656 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF;
7657 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
7658 if (iStReg != UINT8_MAX)
7659 {
7660 pFpuCtx->FTW |= RT_BIT(iReg);
7661 iemFpuStoreQNan(&pFpuCtx->aRegs[iStReg].r80);
7662 }
7663 }
7664 else
7665 {
7666 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7667 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
7668 }
7669}
7670
7671
7672/**
7673 * Raises a FPU stack underflow exception.
7674 *
7675 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7676 * @param iStReg The destination register that should be loaded
7677 * with QNaN if \#IS is not masked. Specify
7678 * UINT8_MAX if none (like for fcom).
7679 */
7680DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackUnderflow(PVMCPU pVCpu, uint8_t iStReg)
7681{
7682 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7683 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7684 iemFpuStackUnderflowOnly(pFpuCtx, iStReg);
7685}
7686
7687
7688DECL_NO_INLINE(IEM_STATIC, void)
7689iemFpuStackUnderflowWithMemOp(PVMCPU pVCpu, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7690{
7691 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7692 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7693 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7694 iemFpuStackUnderflowOnly(pFpuCtx, iStReg);
7695}
7696
7697
7698DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackUnderflowThenPop(PVMCPU pVCpu, uint8_t iStReg)
7699{
7700 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7701 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7702 iemFpuStackUnderflowOnly(pFpuCtx, iStReg);
7703 iemFpuMaybePopOne(pFpuCtx);
7704}
7705
7706
7707DECL_NO_INLINE(IEM_STATIC, void)
7708iemFpuStackUnderflowWithMemOpThenPop(PVMCPU pVCpu, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7709{
7710 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7711 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7712 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7713 iemFpuStackUnderflowOnly(pFpuCtx, iStReg);
7714 iemFpuMaybePopOne(pFpuCtx);
7715}
7716
7717
7718DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackUnderflowThenPopPop(PVMCPU pVCpu)
7719{
7720 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7721 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7722 iemFpuStackUnderflowOnly(pFpuCtx, UINT8_MAX);
7723 iemFpuMaybePopOne(pFpuCtx);
7724 iemFpuMaybePopOne(pFpuCtx);
7725}
7726
7727
7728DECL_NO_INLINE(IEM_STATIC, void)
7729iemFpuStackPushUnderflow(PVMCPU pVCpu)
7730{
7731 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7732 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7733
7734 if (pFpuCtx->FCW & X86_FCW_IM)
7735 {
7736 /* Masked overflow - Push QNaN. */
7737 uint16_t iNewTop = (X86_FSW_TOP_GET(pFpuCtx->FSW) + 7) & X86_FSW_TOP_SMASK;
7738 pFpuCtx->FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
7739 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF;
7740 pFpuCtx->FSW |= iNewTop << X86_FSW_TOP_SHIFT;
7741 pFpuCtx->FTW |= RT_BIT(iNewTop);
7742 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
7743 iemFpuRotateStackPush(pFpuCtx);
7744 }
7745 else
7746 {
7747 /* Exception pending - don't change TOP or the register stack. */
7748 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7749 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
7750 }
7751}
7752
7753
7754DECL_NO_INLINE(IEM_STATIC, void)
7755iemFpuStackPushUnderflowTwo(PVMCPU pVCpu)
7756{
7757 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7758 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7759
7760 if (pFpuCtx->FCW & X86_FCW_IM)
7761 {
7762 /* Masked overflow - Push QNaN. */
7763 uint16_t iNewTop = (X86_FSW_TOP_GET(pFpuCtx->FSW) + 7) & X86_FSW_TOP_SMASK;
7764 pFpuCtx->FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
7765 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF;
7766 pFpuCtx->FSW |= iNewTop << X86_FSW_TOP_SHIFT;
7767 pFpuCtx->FTW |= RT_BIT(iNewTop);
7768 iemFpuStoreQNan(&pFpuCtx->aRegs[0].r80);
7769 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
7770 iemFpuRotateStackPush(pFpuCtx);
7771 }
7772 else
7773 {
7774 /* Exception pending - don't change TOP or the register stack. */
7775 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7776 pFpuCtx->FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
7777 }
7778}
7779
7780
7781/**
7782 * Worker routine for raising an FPU stack overflow exception on a push.
7783 *
7784 * @param pFpuCtx The FPU context.
7785 */
7786IEM_STATIC void iemFpuStackPushOverflowOnly(PX86FXSTATE pFpuCtx)
7787{
7788 if (pFpuCtx->FCW & X86_FCW_IM)
7789 {
7790 /* Masked overflow. */
7791 uint16_t iNewTop = (X86_FSW_TOP_GET(pFpuCtx->FSW) + 7) & X86_FSW_TOP_SMASK;
7792 pFpuCtx->FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
7793 pFpuCtx->FSW |= X86_FSW_C1 | X86_FSW_IE | X86_FSW_SF;
7794 pFpuCtx->FSW |= iNewTop << X86_FSW_TOP_SHIFT;
7795 pFpuCtx->FTW |= RT_BIT(iNewTop);
7796 iemFpuStoreQNan(&pFpuCtx->aRegs[7].r80);
7797 iemFpuRotateStackPush(pFpuCtx);
7798 }
7799 else
7800 {
7801 /* Exception pending - don't change TOP or the register stack. */
7802 pFpuCtx->FSW &= ~X86_FSW_C_MASK;
7803 pFpuCtx->FSW |= X86_FSW_C1 | X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
7804 }
7805}
7806
7807
7808/**
7809 * Raises a FPU stack overflow exception on a push.
7810 *
7811 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7812 */
7813DECL_NO_INLINE(IEM_STATIC, void) iemFpuStackPushOverflow(PVMCPU pVCpu)
7814{
7815 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7816 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7817 iemFpuStackPushOverflowOnly(pFpuCtx);
7818}
7819
7820
7821/**
7822 * Raises a FPU stack overflow exception on a push with a memory operand.
7823 *
7824 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7825 * @param iEffSeg The effective memory operand selector register.
7826 * @param GCPtrEff The effective memory operand offset.
7827 */
7828DECL_NO_INLINE(IEM_STATIC, void)
7829iemFpuStackPushOverflowWithMemOp(PVMCPU pVCpu, uint8_t iEffSeg, RTGCPTR GCPtrEff)
7830{
7831 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7832 iemFpuUpdateDP(pVCpu, pFpuCtx, iEffSeg, GCPtrEff);
7833 iemFpuUpdateOpcodeAndIpWorker(pVCpu, pFpuCtx);
7834 iemFpuStackPushOverflowOnly(pFpuCtx);
7835}
7836
7837
7838IEM_STATIC int iemFpuStRegNotEmpty(PVMCPU pVCpu, uint8_t iStReg)
7839{
7840 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7841 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
7842 if (pFpuCtx->FTW & RT_BIT(iReg))
7843 return VINF_SUCCESS;
7844 return VERR_NOT_FOUND;
7845}
7846
7847
7848IEM_STATIC int iemFpuStRegNotEmptyRef(PVMCPU pVCpu, uint8_t iStReg, PCRTFLOAT80U *ppRef)
7849{
7850 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7851 uint16_t iReg = (X86_FSW_TOP_GET(pFpuCtx->FSW) + iStReg) & X86_FSW_TOP_SMASK;
7852 if (pFpuCtx->FTW & RT_BIT(iReg))
7853 {
7854 *ppRef = &pFpuCtx->aRegs[iStReg].r80;
7855 return VINF_SUCCESS;
7856 }
7857 return VERR_NOT_FOUND;
7858}
7859
7860
7861IEM_STATIC int iemFpu2StRegsNotEmptyRef(PVMCPU pVCpu, uint8_t iStReg0, PCRTFLOAT80U *ppRef0,
7862 uint8_t iStReg1, PCRTFLOAT80U *ppRef1)
7863{
7864 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7865 uint16_t iTop = X86_FSW_TOP_GET(pFpuCtx->FSW);
7866 uint16_t iReg0 = (iTop + iStReg0) & X86_FSW_TOP_SMASK;
7867 uint16_t iReg1 = (iTop + iStReg1) & X86_FSW_TOP_SMASK;
7868 if ((pFpuCtx->FTW & (RT_BIT(iReg0) | RT_BIT(iReg1))) == (RT_BIT(iReg0) | RT_BIT(iReg1)))
7869 {
7870 *ppRef0 = &pFpuCtx->aRegs[iStReg0].r80;
7871 *ppRef1 = &pFpuCtx->aRegs[iStReg1].r80;
7872 return VINF_SUCCESS;
7873 }
7874 return VERR_NOT_FOUND;
7875}
7876
7877
7878IEM_STATIC int iemFpu2StRegsNotEmptyRefFirst(PVMCPU pVCpu, uint8_t iStReg0, PCRTFLOAT80U *ppRef0, uint8_t iStReg1)
7879{
7880 PX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
7881 uint16_t iTop = X86_FSW_TOP_GET(pFpuCtx->FSW);
7882 uint16_t iReg0 = (iTop + iStReg0) & X86_FSW_TOP_SMASK;
7883 uint16_t iReg1 = (iTop + iStReg1) & X86_FSW_TOP_SMASK;
7884 if ((pFpuCtx->FTW & (RT_BIT(iReg0) | RT_BIT(iReg1))) == (RT_BIT(iReg0) | RT_BIT(iReg1)))
7885 {
7886 *ppRef0 = &pFpuCtx->aRegs[iStReg0].r80;
7887 return VINF_SUCCESS;
7888 }
7889 return VERR_NOT_FOUND;
7890}
7891
7892
7893/**
7894 * Updates the FPU exception status after FCW is changed.
7895 *
7896 * @param pFpuCtx The FPU context.
7897 */
7898IEM_STATIC void iemFpuRecalcExceptionStatus(PX86FXSTATE pFpuCtx)
7899{
7900 uint16_t u16Fsw = pFpuCtx->FSW;
7901 if ((u16Fsw & X86_FSW_XCPT_MASK) & ~(pFpuCtx->FCW & X86_FCW_XCPT_MASK))
7902 u16Fsw |= X86_FSW_ES | X86_FSW_B;
7903 else
7904 u16Fsw &= ~(X86_FSW_ES | X86_FSW_B);
7905 pFpuCtx->FSW = u16Fsw;
7906}
7907
7908
7909/**
7910 * Calculates the full FTW (FPU tag word) for use in FNSTENV and FNSAVE.
7911 *
7912 * @returns The full FTW.
7913 * @param pFpuCtx The FPU context.
7914 */
7915IEM_STATIC uint16_t iemFpuCalcFullFtw(PCX86FXSTATE pFpuCtx)
7916{
7917 uint8_t const u8Ftw = (uint8_t)pFpuCtx->FTW;
7918 uint16_t u16Ftw = 0;
7919 unsigned const iTop = X86_FSW_TOP_GET(pFpuCtx->FSW);
7920 for (unsigned iSt = 0; iSt < 8; iSt++)
7921 {
7922 unsigned const iReg = (iSt + iTop) & 7;
7923 if (!(u8Ftw & RT_BIT(iReg)))
7924 u16Ftw |= 3 << (iReg * 2); /* empty */
7925 else
7926 {
7927 uint16_t uTag;
7928 PCRTFLOAT80U const pr80Reg = &pFpuCtx->aRegs[iSt].r80;
7929 if (pr80Reg->s.uExponent == 0x7fff)
7930 uTag = 2; /* Exponent is all 1's => Special. */
7931 else if (pr80Reg->s.uExponent == 0x0000)
7932 {
7933 if (pr80Reg->s.u64Mantissa == 0x0000)
7934 uTag = 1; /* All bits are zero => Zero. */
7935 else
7936 uTag = 2; /* Must be special. */
7937 }
7938 else if (pr80Reg->s.u64Mantissa & RT_BIT_64(63)) /* The J bit. */
7939 uTag = 0; /* Valid. */
7940 else
7941 uTag = 2; /* Must be special. */
7942
7943 u16Ftw |= uTag << (iReg * 2); /* empty */
7944 }
7945 }
7946
7947 return u16Ftw;
7948}
7949
7950
7951/**
7952 * Converts a full FTW to a compressed one (for use in FLDENV and FRSTOR).
7953 *
7954 * @returns The compressed FTW.
7955 * @param u16FullFtw The full FTW to convert.
7956 */
7957IEM_STATIC uint16_t iemFpuCompressFtw(uint16_t u16FullFtw)
7958{
7959 uint8_t u8Ftw = 0;
7960 for (unsigned i = 0; i < 8; i++)
7961 {
7962 if ((u16FullFtw & 3) != 3 /*empty*/)
7963 u8Ftw |= RT_BIT(i);
7964 u16FullFtw >>= 2;
7965 }
7966
7967 return u8Ftw;
7968}
7969
7970/** @} */
7971
7972
7973/** @name Memory access.
7974 *
7975 * @{
7976 */
7977
7978
7979/**
7980 * Updates the IEMCPU::cbWritten counter if applicable.
7981 *
7982 * @param pVCpu The cross context virtual CPU structure of the calling thread.
7983 * @param fAccess The access being accounted for.
7984 * @param cbMem The access size.
7985 */
7986DECL_FORCE_INLINE(void) iemMemUpdateWrittenCounter(PVMCPU pVCpu, uint32_t fAccess, size_t cbMem)
7987{
7988 if ( (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_STACK | IEM_ACCESS_TYPE_WRITE)
7989 || (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_DATA | IEM_ACCESS_TYPE_WRITE) )
7990 pVCpu->iem.s.cbWritten += (uint32_t)cbMem;
7991}
7992
7993
7994/**
7995 * Checks if the given segment can be written to, raise the appropriate
7996 * exception if not.
7997 *
7998 * @returns VBox strict status code.
7999 *
8000 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8001 * @param pHid Pointer to the hidden register.
8002 * @param iSegReg The register number.
8003 * @param pu64BaseAddr Where to return the base address to use for the
8004 * segment. (In 64-bit code it may differ from the
8005 * base in the hidden segment.)
8006 */
8007IEM_STATIC VBOXSTRICTRC
8008iemMemSegCheckWriteAccessEx(PVMCPU pVCpu, PCCPUMSELREGHID pHid, uint8_t iSegReg, uint64_t *pu64BaseAddr)
8009{
8010 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
8011
8012 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
8013 *pu64BaseAddr = iSegReg < X86_SREG_FS ? 0 : pHid->u64Base;
8014 else
8015 {
8016 if (!pHid->Attr.n.u1Present)
8017 {
8018 uint16_t uSel = iemSRegFetchU16(pVCpu, iSegReg);
8019 AssertRelease(uSel == 0);
8020 Log(("iemMemSegCheckWriteAccessEx: %#x (index %u) - bad selector -> #GP\n", uSel, iSegReg));
8021 return iemRaiseGeneralProtectionFault0(pVCpu);
8022 }
8023
8024 if ( ( (pHid->Attr.n.u4Type & X86_SEL_TYPE_CODE)
8025 || !(pHid->Attr.n.u4Type & X86_SEL_TYPE_WRITE) )
8026 && pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT )
8027 return iemRaiseSelectorInvalidAccess(pVCpu, iSegReg, IEM_ACCESS_DATA_W);
8028 *pu64BaseAddr = pHid->u64Base;
8029 }
8030 return VINF_SUCCESS;
8031}
8032
8033
8034/**
8035 * Checks if the given segment can be read from, raise the appropriate
8036 * exception if not.
8037 *
8038 * @returns VBox strict status code.
8039 *
8040 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8041 * @param pHid Pointer to the hidden register.
8042 * @param iSegReg The register number.
8043 * @param pu64BaseAddr Where to return the base address to use for the
8044 * segment. (In 64-bit code it may differ from the
8045 * base in the hidden segment.)
8046 */
8047IEM_STATIC VBOXSTRICTRC
8048iemMemSegCheckReadAccessEx(PVMCPU pVCpu, PCCPUMSELREGHID pHid, uint8_t iSegReg, uint64_t *pu64BaseAddr)
8049{
8050 IEM_CTX_ASSERT(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
8051
8052 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
8053 *pu64BaseAddr = iSegReg < X86_SREG_FS ? 0 : pHid->u64Base;
8054 else
8055 {
8056 if (!pHid->Attr.n.u1Present)
8057 {
8058 uint16_t uSel = iemSRegFetchU16(pVCpu, iSegReg);
8059 AssertRelease(uSel == 0);
8060 Log(("iemMemSegCheckReadAccessEx: %#x (index %u) - bad selector -> #GP\n", uSel, iSegReg));
8061 return iemRaiseGeneralProtectionFault0(pVCpu);
8062 }
8063
8064 if ((pHid->Attr.n.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ)) == X86_SEL_TYPE_CODE)
8065 return iemRaiseSelectorInvalidAccess(pVCpu, iSegReg, IEM_ACCESS_DATA_R);
8066 *pu64BaseAddr = pHid->u64Base;
8067 }
8068 return VINF_SUCCESS;
8069}
8070
8071
8072/**
8073 * Applies the segment limit, base and attributes.
8074 *
8075 * This may raise a \#GP or \#SS.
8076 *
8077 * @returns VBox strict status code.
8078 *
8079 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8080 * @param fAccess The kind of access which is being performed.
8081 * @param iSegReg The index of the segment register to apply.
8082 * This is UINT8_MAX if none (for IDT, GDT, LDT,
8083 * TSS, ++).
8084 * @param cbMem The access size.
8085 * @param pGCPtrMem Pointer to the guest memory address to apply
8086 * segmentation to. Input and output parameter.
8087 */
8088IEM_STATIC VBOXSTRICTRC
8089iemMemApplySegment(PVMCPU pVCpu, uint32_t fAccess, uint8_t iSegReg, size_t cbMem, PRTGCPTR pGCPtrMem)
8090{
8091 if (iSegReg == UINT8_MAX)
8092 return VINF_SUCCESS;
8093
8094 IEM_CTX_IMPORT_RET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
8095 PCPUMSELREGHID pSel = iemSRegGetHid(pVCpu, iSegReg);
8096 switch (pVCpu->iem.s.enmCpuMode)
8097 {
8098 case IEMMODE_16BIT:
8099 case IEMMODE_32BIT:
8100 {
8101 RTGCPTR32 GCPtrFirst32 = (RTGCPTR32)*pGCPtrMem;
8102 RTGCPTR32 GCPtrLast32 = GCPtrFirst32 + (uint32_t)cbMem - 1;
8103
8104 if ( pSel->Attr.n.u1Present
8105 && !pSel->Attr.n.u1Unusable)
8106 {
8107 Assert(pSel->Attr.n.u1DescType);
8108 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_CODE))
8109 {
8110 if ( (fAccess & IEM_ACCESS_TYPE_WRITE)
8111 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_WRITE) )
8112 return iemRaiseSelectorInvalidAccess(pVCpu, iSegReg, fAccess);
8113
8114 if (!IEM_IS_REAL_OR_V86_MODE(pVCpu))
8115 {
8116 /** @todo CPL check. */
8117 }
8118
8119 /*
8120 * There are two kinds of data selectors, normal and expand down.
8121 */
8122 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_DOWN))
8123 {
8124 if ( GCPtrFirst32 > pSel->u32Limit
8125 || GCPtrLast32 > pSel->u32Limit) /* yes, in real mode too (since 80286). */
8126 return iemRaiseSelectorBounds(pVCpu, iSegReg, fAccess);
8127 }
8128 else
8129 {
8130 /*
8131 * The upper boundary is defined by the B bit, not the G bit!
8132 */
8133 if ( GCPtrFirst32 < pSel->u32Limit + UINT32_C(1)
8134 || GCPtrLast32 > (pSel->Attr.n.u1DefBig ? UINT32_MAX : UINT32_C(0xffff)))
8135 return iemRaiseSelectorBounds(pVCpu, iSegReg, fAccess);
8136 }
8137 *pGCPtrMem = GCPtrFirst32 += (uint32_t)pSel->u64Base;
8138 }
8139 else
8140 {
8141
8142 /*
8143 * Code selector and usually be used to read thru, writing is
8144 * only permitted in real and V8086 mode.
8145 */
8146 if ( ( (fAccess & IEM_ACCESS_TYPE_WRITE)
8147 || ( (fAccess & IEM_ACCESS_TYPE_READ)
8148 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_READ)) )
8149 && !IEM_IS_REAL_OR_V86_MODE(pVCpu) )
8150 return iemRaiseSelectorInvalidAccess(pVCpu, iSegReg, fAccess);
8151
8152 if ( GCPtrFirst32 > pSel->u32Limit
8153 || GCPtrLast32 > pSel->u32Limit) /* yes, in real mode too (since 80286). */
8154 return iemRaiseSelectorBounds(pVCpu, iSegReg, fAccess);
8155
8156 if (!IEM_IS_REAL_OR_V86_MODE(pVCpu))
8157 {
8158 /** @todo CPL check. */
8159 }
8160
8161 *pGCPtrMem = GCPtrFirst32 += (uint32_t)pSel->u64Base;
8162 }
8163 }
8164 else
8165 return iemRaiseGeneralProtectionFault0(pVCpu);
8166 return VINF_SUCCESS;
8167 }
8168
8169 case IEMMODE_64BIT:
8170 {
8171 RTGCPTR GCPtrMem = *pGCPtrMem;
8172 if (iSegReg == X86_SREG_GS || iSegReg == X86_SREG_FS)
8173 *pGCPtrMem = GCPtrMem + pSel->u64Base;
8174
8175 Assert(cbMem >= 1);
8176 if (RT_LIKELY(X86_IS_CANONICAL(GCPtrMem) && X86_IS_CANONICAL(GCPtrMem + cbMem - 1)))
8177 return VINF_SUCCESS;
8178 /** @todo We should probably raise \#SS(0) here if segment is SS; see AMD spec.
8179 * 4.12.2 "Data Limit Checks in 64-bit Mode". */
8180 return iemRaiseGeneralProtectionFault0(pVCpu);
8181 }
8182
8183 default:
8184 AssertFailedReturn(VERR_IEM_IPE_7);
8185 }
8186}
8187
8188
8189/**
8190 * Translates a virtual address to a physical physical address and checks if we
8191 * can access the page as specified.
8192 *
8193 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8194 * @param GCPtrMem The virtual address.
8195 * @param fAccess The intended access.
8196 * @param pGCPhysMem Where to return the physical address.
8197 */
8198IEM_STATIC VBOXSTRICTRC
8199iemMemPageTranslateAndCheckAccess(PVMCPU pVCpu, RTGCPTR GCPtrMem, uint32_t fAccess, PRTGCPHYS pGCPhysMem)
8200{
8201 /** @todo Need a different PGM interface here. We're currently using
8202 * generic / REM interfaces. this won't cut it for R0 & RC. */
8203 /** @todo If/when PGM handles paged real-mode, we can remove the hack in
8204 * iemSvmHandleWorldSwitch to work around raising a page-fault here. */
8205 RTGCPHYS GCPhys;
8206 uint64_t fFlags;
8207 int rc = PGMGstGetPage(pVCpu, GCPtrMem, &fFlags, &GCPhys);
8208 if (RT_FAILURE(rc))
8209 {
8210 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - failed to fetch page -> #PF\n", GCPtrMem));
8211 /** @todo Check unassigned memory in unpaged mode. */
8212 /** @todo Reserved bits in page tables. Requires new PGM interface. */
8213 *pGCPhysMem = NIL_RTGCPHYS;
8214 return iemRaisePageFault(pVCpu, GCPtrMem, fAccess, rc);
8215 }
8216
8217 /* If the page is writable and does not have the no-exec bit set, all
8218 access is allowed. Otherwise we'll have to check more carefully... */
8219 if ((fFlags & (X86_PTE_RW | X86_PTE_US | X86_PTE_PAE_NX)) != (X86_PTE_RW | X86_PTE_US))
8220 {
8221 /* Write to read only memory? */
8222 if ( (fAccess & IEM_ACCESS_TYPE_WRITE)
8223 && !(fFlags & X86_PTE_RW)
8224 && ( (pVCpu->iem.s.uCpl == 3
8225 && !(fAccess & IEM_ACCESS_WHAT_SYS))
8226 || (pVCpu->cpum.GstCtx.cr0 & X86_CR0_WP)))
8227 {
8228 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - read-only page -> #PF\n", GCPtrMem));
8229 *pGCPhysMem = NIL_RTGCPHYS;
8230 return iemRaisePageFault(pVCpu, GCPtrMem, fAccess & ~IEM_ACCESS_TYPE_READ, VERR_ACCESS_DENIED);
8231 }
8232
8233 /* Kernel memory accessed by userland? */
8234 if ( !(fFlags & X86_PTE_US)
8235 && pVCpu->iem.s.uCpl == 3
8236 && !(fAccess & IEM_ACCESS_WHAT_SYS))
8237 {
8238 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - user access to kernel page -> #PF\n", GCPtrMem));
8239 *pGCPhysMem = NIL_RTGCPHYS;
8240 return iemRaisePageFault(pVCpu, GCPtrMem, fAccess, VERR_ACCESS_DENIED);
8241 }
8242
8243 /* Executing non-executable memory? */
8244 if ( (fAccess & IEM_ACCESS_TYPE_EXEC)
8245 && (fFlags & X86_PTE_PAE_NX)
8246 && (pVCpu->cpum.GstCtx.msrEFER & MSR_K6_EFER_NXE) )
8247 {
8248 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - NX -> #PF\n", GCPtrMem));
8249 *pGCPhysMem = NIL_RTGCPHYS;
8250 return iemRaisePageFault(pVCpu, GCPtrMem, fAccess & ~(IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_WRITE),
8251 VERR_ACCESS_DENIED);
8252 }
8253 }
8254
8255 /*
8256 * Set the dirty / access flags.
8257 * ASSUMES this is set when the address is translated rather than on committ...
8258 */
8259 /** @todo testcase: check when A and D bits are actually set by the CPU. */
8260 uint32_t fAccessedDirty = fAccess & IEM_ACCESS_TYPE_WRITE ? X86_PTE_D | X86_PTE_A : X86_PTE_A;
8261 if ((fFlags & fAccessedDirty) != fAccessedDirty)
8262 {
8263 int rc2 = PGMGstModifyPage(pVCpu, GCPtrMem, 1, fAccessedDirty, ~(uint64_t)fAccessedDirty);
8264 AssertRC(rc2);
8265 }
8266
8267 GCPhys |= GCPtrMem & PAGE_OFFSET_MASK;
8268 *pGCPhysMem = GCPhys;
8269 return VINF_SUCCESS;
8270}
8271
8272
8273
8274/**
8275 * Maps a physical page.
8276 *
8277 * @returns VBox status code (see PGMR3PhysTlbGCPhys2Ptr).
8278 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8279 * @param GCPhysMem The physical address.
8280 * @param fAccess The intended access.
8281 * @param ppvMem Where to return the mapping address.
8282 * @param pLock The PGM lock.
8283 */
8284IEM_STATIC int iemMemPageMap(PVMCPU pVCpu, RTGCPHYS GCPhysMem, uint32_t fAccess, void **ppvMem, PPGMPAGEMAPLOCK pLock)
8285{
8286#ifdef IEM_LOG_MEMORY_WRITES
8287 if (fAccess & IEM_ACCESS_TYPE_WRITE)
8288 return VERR_PGM_PHYS_TLB_CATCH_ALL;
8289#endif
8290
8291 /** @todo This API may require some improving later. A private deal with PGM
8292 * regarding locking and unlocking needs to be struct. A couple of TLBs
8293 * living in PGM, but with publicly accessible inlined access methods
8294 * could perhaps be an even better solution. */
8295 int rc = PGMPhysIemGCPhys2Ptr(pVCpu->CTX_SUFF(pVM), pVCpu,
8296 GCPhysMem,
8297 RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE),
8298 pVCpu->iem.s.fBypassHandlers,
8299 ppvMem,
8300 pLock);
8301 /*Log(("PGMPhysIemGCPhys2Ptr %Rrc pLock=%.*Rhxs\n", rc, sizeof(*pLock), pLock));*/
8302 AssertMsg(rc == VINF_SUCCESS || RT_FAILURE_NP(rc), ("%Rrc\n", rc));
8303
8304 return rc;
8305}
8306
8307
8308/**
8309 * Unmap a page previously mapped by iemMemPageMap.
8310 *
8311 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8312 * @param GCPhysMem The physical address.
8313 * @param fAccess The intended access.
8314 * @param pvMem What iemMemPageMap returned.
8315 * @param pLock The PGM lock.
8316 */
8317DECLINLINE(void) iemMemPageUnmap(PVMCPU pVCpu, RTGCPHYS GCPhysMem, uint32_t fAccess, const void *pvMem, PPGMPAGEMAPLOCK pLock)
8318{
8319 NOREF(pVCpu);
8320 NOREF(GCPhysMem);
8321 NOREF(fAccess);
8322 NOREF(pvMem);
8323 PGMPhysReleasePageMappingLock(pVCpu->CTX_SUFF(pVM), pLock);
8324}
8325
8326
8327/**
8328 * Looks up a memory mapping entry.
8329 *
8330 * @returns The mapping index (positive) or VERR_NOT_FOUND (negative).
8331 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8332 * @param pvMem The memory address.
8333 * @param fAccess The access to.
8334 */
8335DECLINLINE(int) iemMapLookup(PVMCPU pVCpu, void *pvMem, uint32_t fAccess)
8336{
8337 Assert(pVCpu->iem.s.cActiveMappings <= RT_ELEMENTS(pVCpu->iem.s.aMemMappings));
8338 fAccess &= IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK;
8339 if ( pVCpu->iem.s.aMemMappings[0].pv == pvMem
8340 && (pVCpu->iem.s.aMemMappings[0].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
8341 return 0;
8342 if ( pVCpu->iem.s.aMemMappings[1].pv == pvMem
8343 && (pVCpu->iem.s.aMemMappings[1].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
8344 return 1;
8345 if ( pVCpu->iem.s.aMemMappings[2].pv == pvMem
8346 && (pVCpu->iem.s.aMemMappings[2].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
8347 return 2;
8348 return VERR_NOT_FOUND;
8349}
8350
8351
8352/**
8353 * Finds a free memmap entry when using iNextMapping doesn't work.
8354 *
8355 * @returns Memory mapping index, 1024 on failure.
8356 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8357 */
8358IEM_STATIC unsigned iemMemMapFindFree(PVMCPU pVCpu)
8359{
8360 /*
8361 * The easy case.
8362 */
8363 if (pVCpu->iem.s.cActiveMappings == 0)
8364 {
8365 pVCpu->iem.s.iNextMapping = 1;
8366 return 0;
8367 }
8368
8369 /* There should be enough mappings for all instructions. */
8370 AssertReturn(pVCpu->iem.s.cActiveMappings < RT_ELEMENTS(pVCpu->iem.s.aMemMappings), 1024);
8371
8372 for (unsigned i = 0; i < RT_ELEMENTS(pVCpu->iem.s.aMemMappings); i++)
8373 if (pVCpu->iem.s.aMemMappings[i].fAccess == IEM_ACCESS_INVALID)
8374 return i;
8375
8376 AssertFailedReturn(1024);
8377}
8378
8379
8380/**
8381 * Commits a bounce buffer that needs writing back and unmaps it.
8382 *
8383 * @returns Strict VBox status code.
8384 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8385 * @param iMemMap The index of the buffer to commit.
8386 * @param fPostponeFail Whether we can postpone writer failures to ring-3.
8387 * Always false in ring-3, obviously.
8388 */
8389IEM_STATIC VBOXSTRICTRC iemMemBounceBufferCommitAndUnmap(PVMCPU pVCpu, unsigned iMemMap, bool fPostponeFail)
8390{
8391 Assert(pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED);
8392 Assert(pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE);
8393#ifdef IN_RING3
8394 Assert(!fPostponeFail);
8395 RT_NOREF_PV(fPostponeFail);
8396#endif
8397
8398 /*
8399 * Do the writing.
8400 */
8401 PVM pVM = pVCpu->CTX_SUFF(pVM);
8402 if (!pVCpu->iem.s.aMemBbMappings[iMemMap].fUnassigned)
8403 {
8404 uint16_t const cbFirst = pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst;
8405 uint16_t const cbSecond = pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond;
8406 uint8_t const *pbBuf = &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[0];
8407 if (!pVCpu->iem.s.fBypassHandlers)
8408 {
8409 /*
8410 * Carefully and efficiently dealing with access handler return
8411 * codes make this a little bloated.
8412 */
8413 VBOXSTRICTRC rcStrict = PGMPhysWrite(pVM,
8414 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst,
8415 pbBuf,
8416 cbFirst,
8417 PGMACCESSORIGIN_IEM);
8418 if (rcStrict == VINF_SUCCESS)
8419 {
8420 if (cbSecond)
8421 {
8422 rcStrict = PGMPhysWrite(pVM,
8423 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond,
8424 pbBuf + cbFirst,
8425 cbSecond,
8426 PGMACCESSORIGIN_IEM);
8427 if (rcStrict == VINF_SUCCESS)
8428 { /* nothing */ }
8429 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
8430 {
8431 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc\n",
8432 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
8433 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
8434 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8435 }
8436#ifndef IN_RING3
8437 else if (fPostponeFail)
8438 {
8439 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (postponed)\n",
8440 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
8441 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
8442 pVCpu->iem.s.aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_2ND;
8443 VMCPU_FF_SET(pVCpu, VMCPU_FF_IEM);
8444 return iemSetPassUpStatus(pVCpu, rcStrict);
8445 }
8446#endif
8447 else
8448 {
8449 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
8450 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
8451 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
8452 return rcStrict;
8453 }
8454 }
8455 }
8456 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
8457 {
8458 if (!cbSecond)
8459 {
8460 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc\n",
8461 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict) ));
8462 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8463 }
8464 else
8465 {
8466 VBOXSTRICTRC rcStrict2 = PGMPhysWrite(pVM,
8467 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond,
8468 pbBuf + cbFirst,
8469 cbSecond,
8470 PGMACCESSORIGIN_IEM);
8471 if (rcStrict2 == VINF_SUCCESS)
8472 {
8473 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc GCPhysSecond=%RGp/%#x\n",
8474 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
8475 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond));
8476 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8477 }
8478 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict2))
8479 {
8480 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc GCPhysSecond=%RGp/%#x %Rrc\n",
8481 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
8482 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict2) ));
8483 PGM_PHYS_RW_DO_UPDATE_STRICT_RC(rcStrict, rcStrict2);
8484 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8485 }
8486#ifndef IN_RING3
8487 else if (fPostponeFail)
8488 {
8489 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (postponed)\n",
8490 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
8491 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
8492 pVCpu->iem.s.aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_2ND;
8493 VMCPU_FF_SET(pVCpu, VMCPU_FF_IEM);
8494 return iemSetPassUpStatus(pVCpu, rcStrict);
8495 }
8496#endif
8497 else
8498 {
8499 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
8500 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
8501 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict2) ));
8502 return rcStrict2;
8503 }
8504 }
8505 }
8506#ifndef IN_RING3
8507 else if (fPostponeFail)
8508 {
8509 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (postponed)\n",
8510 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
8511 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, VBOXSTRICTRC_VAL(rcStrict) ));
8512 if (!cbSecond)
8513 pVCpu->iem.s.aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_1ST;
8514 else
8515 pVCpu->iem.s.aMemMappings[iMemMap].fAccess |= IEM_ACCESS_PENDING_R3_WRITE_1ST | IEM_ACCESS_PENDING_R3_WRITE_2ND;
8516 VMCPU_FF_SET(pVCpu, VMCPU_FF_IEM);
8517 return iemSetPassUpStatus(pVCpu, rcStrict);
8518 }
8519#endif
8520 else
8521 {
8522 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysWrite GCPhysFirst=%RGp/%#x %Rrc [GCPhysSecond=%RGp/%#x] (!!)\n",
8523 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, VBOXSTRICTRC_VAL(rcStrict),
8524 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond));
8525 return rcStrict;
8526 }
8527 }
8528 else
8529 {
8530 /*
8531 * No access handlers, much simpler.
8532 */
8533 int rc = PGMPhysSimpleWriteGCPhys(pVM, pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, pbBuf, cbFirst);
8534 if (RT_SUCCESS(rc))
8535 {
8536 if (cbSecond)
8537 {
8538 rc = PGMPhysSimpleWriteGCPhys(pVM, pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, pbBuf + cbFirst, cbSecond);
8539 if (RT_SUCCESS(rc))
8540 { /* likely */ }
8541 else
8542 {
8543 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysSimpleWriteGCPhys GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
8544 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
8545 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, rc));
8546 return rc;
8547 }
8548 }
8549 }
8550 else
8551 {
8552 Log(("iemMemBounceBufferCommitAndUnmap: PGMPhysSimpleWriteGCPhys GCPhysFirst=%RGp/%#x %Rrc [GCPhysSecond=%RGp/%#x] (!!)\n",
8553 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst, rc,
8554 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond));
8555 return rc;
8556 }
8557 }
8558 }
8559
8560#if defined(IEM_LOG_MEMORY_WRITES)
8561 Log(("IEM Wrote %RGp: %.*Rhxs\n", pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst,
8562 RT_MAX(RT_MIN(pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst, 64), 1), &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[0]));
8563 if (pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond)
8564 Log(("IEM Wrote %RGp: %.*Rhxs [2nd page]\n", pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond,
8565 RT_MIN(pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond, 64),
8566 &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst]));
8567
8568 size_t cbWrote = pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst + pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond;
8569 g_cbIemWrote = cbWrote;
8570 memcpy(g_abIemWrote, &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[0], RT_MIN(cbWrote, sizeof(g_abIemWrote)));
8571#endif
8572
8573 /*
8574 * Free the mapping entry.
8575 */
8576 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
8577 Assert(pVCpu->iem.s.cActiveMappings != 0);
8578 pVCpu->iem.s.cActiveMappings--;
8579 return VINF_SUCCESS;
8580}
8581
8582
8583/**
8584 * iemMemMap worker that deals with a request crossing pages.
8585 */
8586IEM_STATIC VBOXSTRICTRC
8587iemMemBounceBufferMapCrossPage(PVMCPU pVCpu, int iMemMap, void **ppvMem, size_t cbMem, RTGCPTR GCPtrFirst, uint32_t fAccess)
8588{
8589 /*
8590 * Do the address translations.
8591 */
8592 RTGCPHYS GCPhysFirst;
8593 VBOXSTRICTRC rcStrict = iemMemPageTranslateAndCheckAccess(pVCpu, GCPtrFirst, fAccess, &GCPhysFirst);
8594 if (rcStrict != VINF_SUCCESS)
8595 return rcStrict;
8596
8597 RTGCPHYS GCPhysSecond;
8598 rcStrict = iemMemPageTranslateAndCheckAccess(pVCpu, (GCPtrFirst + (cbMem - 1)) & ~(RTGCPTR)PAGE_OFFSET_MASK,
8599 fAccess, &GCPhysSecond);
8600 if (rcStrict != VINF_SUCCESS)
8601 return rcStrict;
8602 GCPhysSecond &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
8603
8604 PVM pVM = pVCpu->CTX_SUFF(pVM);
8605
8606 /*
8607 * Read in the current memory content if it's a read, execute or partial
8608 * write access.
8609 */
8610 uint8_t *pbBuf = &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[0];
8611 uint32_t const cbFirstPage = PAGE_SIZE - (GCPhysFirst & PAGE_OFFSET_MASK);
8612 uint32_t const cbSecondPage = (uint32_t)(cbMem - cbFirstPage);
8613
8614 if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
8615 {
8616 if (!pVCpu->iem.s.fBypassHandlers)
8617 {
8618 /*
8619 * Must carefully deal with access handler status codes here,
8620 * makes the code a bit bloated.
8621 */
8622 rcStrict = PGMPhysRead(pVM, GCPhysFirst, pbBuf, cbFirstPage, PGMACCESSORIGIN_IEM);
8623 if (rcStrict == VINF_SUCCESS)
8624 {
8625 rcStrict = PGMPhysRead(pVM, GCPhysSecond, pbBuf + cbFirstPage, cbSecondPage, PGMACCESSORIGIN_IEM);
8626 if (rcStrict == VINF_SUCCESS)
8627 { /*likely */ }
8628 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
8629 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8630 else
8631 {
8632 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysSecond=%RGp rcStrict2=%Rrc (!!)\n",
8633 GCPhysSecond, VBOXSTRICTRC_VAL(rcStrict) ));
8634 return rcStrict;
8635 }
8636 }
8637 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
8638 {
8639 VBOXSTRICTRC rcStrict2 = PGMPhysRead(pVM, GCPhysSecond, pbBuf + cbFirstPage, cbSecondPage, PGMACCESSORIGIN_IEM);
8640 if (PGM_PHYS_RW_IS_SUCCESS(rcStrict2))
8641 {
8642 PGM_PHYS_RW_DO_UPDATE_STRICT_RC(rcStrict, rcStrict2);
8643 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8644 }
8645 else
8646 {
8647 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysSecond=%RGp rcStrict2=%Rrc (rcStrict=%Rrc) (!!)\n",
8648 GCPhysSecond, VBOXSTRICTRC_VAL(rcStrict2), VBOXSTRICTRC_VAL(rcStrict2) ));
8649 return rcStrict2;
8650 }
8651 }
8652 else
8653 {
8654 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysFirst=%RGp rcStrict=%Rrc (!!)\n",
8655 GCPhysFirst, VBOXSTRICTRC_VAL(rcStrict) ));
8656 return rcStrict;
8657 }
8658 }
8659 else
8660 {
8661 /*
8662 * No informational status codes here, much more straight forward.
8663 */
8664 int rc = PGMPhysSimpleReadGCPhys(pVM, pbBuf, GCPhysFirst, cbFirstPage);
8665 if (RT_SUCCESS(rc))
8666 {
8667 Assert(rc == VINF_SUCCESS);
8668 rc = PGMPhysSimpleReadGCPhys(pVM, pbBuf + cbFirstPage, GCPhysSecond, cbSecondPage);
8669 if (RT_SUCCESS(rc))
8670 Assert(rc == VINF_SUCCESS);
8671 else
8672 {
8673 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysSecond=%RGp rc=%Rrc (!!)\n", GCPhysSecond, rc));
8674 return rc;
8675 }
8676 }
8677 else
8678 {
8679 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysFirst=%RGp rc=%Rrc (!!)\n", GCPhysFirst, rc));
8680 return rc;
8681 }
8682 }
8683 }
8684#ifdef VBOX_STRICT
8685 else
8686 memset(pbBuf, 0xcc, cbMem);
8687 if (cbMem < sizeof(pVCpu->iem.s.aBounceBuffers[iMemMap].ab))
8688 memset(pbBuf + cbMem, 0xaa, sizeof(pVCpu->iem.s.aBounceBuffers[iMemMap].ab) - cbMem);
8689#endif
8690
8691 /*
8692 * Commit the bounce buffer entry.
8693 */
8694 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst = GCPhysFirst;
8695 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond = GCPhysSecond;
8696 pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst = (uint16_t)cbFirstPage;
8697 pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond = (uint16_t)cbSecondPage;
8698 pVCpu->iem.s.aMemBbMappings[iMemMap].fUnassigned = false;
8699 pVCpu->iem.s.aMemMappings[iMemMap].pv = pbBuf;
8700 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = fAccess | IEM_ACCESS_BOUNCE_BUFFERED;
8701 pVCpu->iem.s.iNextMapping = iMemMap + 1;
8702 pVCpu->iem.s.cActiveMappings++;
8703
8704 iemMemUpdateWrittenCounter(pVCpu, fAccess, cbMem);
8705 *ppvMem = pbBuf;
8706 return VINF_SUCCESS;
8707}
8708
8709
8710/**
8711 * iemMemMap woker that deals with iemMemPageMap failures.
8712 */
8713IEM_STATIC VBOXSTRICTRC iemMemBounceBufferMapPhys(PVMCPU pVCpu, unsigned iMemMap, void **ppvMem, size_t cbMem,
8714 RTGCPHYS GCPhysFirst, uint32_t fAccess, VBOXSTRICTRC rcMap)
8715{
8716 /*
8717 * Filter out conditions we can handle and the ones which shouldn't happen.
8718 */
8719 if ( rcMap != VERR_PGM_PHYS_TLB_CATCH_WRITE
8720 && rcMap != VERR_PGM_PHYS_TLB_CATCH_ALL
8721 && rcMap != VERR_PGM_PHYS_TLB_UNASSIGNED)
8722 {
8723 AssertReturn(RT_FAILURE_NP(rcMap), VERR_IEM_IPE_8);
8724 return rcMap;
8725 }
8726 pVCpu->iem.s.cPotentialExits++;
8727
8728 /*
8729 * Read in the current memory content if it's a read, execute or partial
8730 * write access.
8731 */
8732 uint8_t *pbBuf = &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[0];
8733 if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
8734 {
8735 if (rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED)
8736 memset(pbBuf, 0xff, cbMem);
8737 else
8738 {
8739 int rc;
8740 if (!pVCpu->iem.s.fBypassHandlers)
8741 {
8742 VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), GCPhysFirst, pbBuf, cbMem, PGMACCESSORIGIN_IEM);
8743 if (rcStrict == VINF_SUCCESS)
8744 { /* nothing */ }
8745 else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
8746 rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
8747 else
8748 {
8749 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysFirst=%RGp rcStrict=%Rrc (!!)\n",
8750 GCPhysFirst, VBOXSTRICTRC_VAL(rcStrict) ));
8751 return rcStrict;
8752 }
8753 }
8754 else
8755 {
8756 rc = PGMPhysSimpleReadGCPhys(pVCpu->CTX_SUFF(pVM), pbBuf, GCPhysFirst, cbMem);
8757 if (RT_SUCCESS(rc))
8758 { /* likely */ }
8759 else
8760 {
8761 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysFirst=%RGp rcStrict=%Rrc (!!)\n",
8762 GCPhysFirst, rc));
8763 return rc;
8764 }
8765 }
8766 }
8767 }
8768#ifdef VBOX_STRICT
8769 else
8770 memset(pbBuf, 0xcc, cbMem);
8771#endif
8772#ifdef VBOX_STRICT
8773 if (cbMem < sizeof(pVCpu->iem.s.aBounceBuffers[iMemMap].ab))
8774 memset(pbBuf + cbMem, 0xaa, sizeof(pVCpu->iem.s.aBounceBuffers[iMemMap].ab) - cbMem);
8775#endif
8776
8777 /*
8778 * Commit the bounce buffer entry.
8779 */
8780 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst = GCPhysFirst;
8781 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond = NIL_RTGCPHYS;
8782 pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst = (uint16_t)cbMem;
8783 pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond = 0;
8784 pVCpu->iem.s.aMemBbMappings[iMemMap].fUnassigned = rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED;
8785 pVCpu->iem.s.aMemMappings[iMemMap].pv = pbBuf;
8786 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = fAccess | IEM_ACCESS_BOUNCE_BUFFERED;
8787 pVCpu->iem.s.iNextMapping = iMemMap + 1;
8788 pVCpu->iem.s.cActiveMappings++;
8789
8790 iemMemUpdateWrittenCounter(pVCpu, fAccess, cbMem);
8791 *ppvMem = pbBuf;
8792 return VINF_SUCCESS;
8793}
8794
8795
8796
8797/**
8798 * Maps the specified guest memory for the given kind of access.
8799 *
8800 * This may be using bounce buffering of the memory if it's crossing a page
8801 * boundary or if there is an access handler installed for any of it. Because
8802 * of lock prefix guarantees, we're in for some extra clutter when this
8803 * happens.
8804 *
8805 * This may raise a \#GP, \#SS, \#PF or \#AC.
8806 *
8807 * @returns VBox strict status code.
8808 *
8809 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8810 * @param ppvMem Where to return the pointer to the mapped
8811 * memory.
8812 * @param cbMem The number of bytes to map. This is usually 1,
8813 * 2, 4, 6, 8, 12, 16, 32 or 512. When used by
8814 * string operations it can be up to a page.
8815 * @param iSegReg The index of the segment register to use for
8816 * this access. The base and limits are checked.
8817 * Use UINT8_MAX to indicate that no segmentation
8818 * is required (for IDT, GDT and LDT accesses).
8819 * @param GCPtrMem The address of the guest memory.
8820 * @param fAccess How the memory is being accessed. The
8821 * IEM_ACCESS_TYPE_XXX bit is used to figure out
8822 * how to map the memory, while the
8823 * IEM_ACCESS_WHAT_XXX bit is used when raising
8824 * exceptions.
8825 */
8826IEM_STATIC VBOXSTRICTRC
8827iemMemMap(PVMCPU pVCpu, void **ppvMem, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess)
8828{
8829 /*
8830 * Check the input and figure out which mapping entry to use.
8831 */
8832 Assert(cbMem <= 64 || cbMem == 512 || cbMem == 256 || cbMem == 108 || cbMem == 104 || cbMem == 102 || cbMem == 94); /* 512 is the max! */
8833 Assert(~(fAccess & ~(IEM_ACCESS_TYPE_MASK | IEM_ACCESS_WHAT_MASK)));
8834 Assert(pVCpu->iem.s.cActiveMappings < RT_ELEMENTS(pVCpu->iem.s.aMemMappings));
8835
8836 unsigned iMemMap = pVCpu->iem.s.iNextMapping;
8837 if ( iMemMap >= RT_ELEMENTS(pVCpu->iem.s.aMemMappings)
8838 || pVCpu->iem.s.aMemMappings[iMemMap].fAccess != IEM_ACCESS_INVALID)
8839 {
8840 iMemMap = iemMemMapFindFree(pVCpu);
8841 AssertLogRelMsgReturn(iMemMap < RT_ELEMENTS(pVCpu->iem.s.aMemMappings),
8842 ("active=%d fAccess[0] = {%#x, %#x, %#x}\n", pVCpu->iem.s.cActiveMappings,
8843 pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemMappings[1].fAccess,
8844 pVCpu->iem.s.aMemMappings[2].fAccess),
8845 VERR_IEM_IPE_9);
8846 }
8847
8848 /*
8849 * Map the memory, checking that we can actually access it. If something
8850 * slightly complicated happens, fall back on bounce buffering.
8851 */
8852 VBOXSTRICTRC rcStrict = iemMemApplySegment(pVCpu, fAccess, iSegReg, cbMem, &GCPtrMem);
8853 if (rcStrict != VINF_SUCCESS)
8854 return rcStrict;
8855
8856 if ((GCPtrMem & PAGE_OFFSET_MASK) + cbMem > PAGE_SIZE) /* Crossing a page boundary? */
8857 return iemMemBounceBufferMapCrossPage(pVCpu, iMemMap, ppvMem, cbMem, GCPtrMem, fAccess);
8858
8859 RTGCPHYS GCPhysFirst;
8860 rcStrict = iemMemPageTranslateAndCheckAccess(pVCpu, GCPtrMem, fAccess, &GCPhysFirst);
8861 if (rcStrict != VINF_SUCCESS)
8862 return rcStrict;
8863
8864 if (fAccess & IEM_ACCESS_TYPE_WRITE)
8865 Log8(("IEM WR %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
8866 if (fAccess & IEM_ACCESS_TYPE_READ)
8867 Log9(("IEM RD %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
8868
8869 void *pvMem;
8870 rcStrict = iemMemPageMap(pVCpu, GCPhysFirst, fAccess, &pvMem, &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
8871 if (rcStrict != VINF_SUCCESS)
8872 return iemMemBounceBufferMapPhys(pVCpu, iMemMap, ppvMem, cbMem, GCPhysFirst, fAccess, rcStrict);
8873
8874 /*
8875 * Fill in the mapping table entry.
8876 */
8877 pVCpu->iem.s.aMemMappings[iMemMap].pv = pvMem;
8878 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = fAccess;
8879 pVCpu->iem.s.iNextMapping = iMemMap + 1;
8880 pVCpu->iem.s.cActiveMappings++;
8881
8882 iemMemUpdateWrittenCounter(pVCpu, fAccess, cbMem);
8883 *ppvMem = pvMem;
8884
8885 return VINF_SUCCESS;
8886}
8887
8888
8889/**
8890 * Commits the guest memory if bounce buffered and unmaps it.
8891 *
8892 * @returns Strict VBox status code.
8893 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8894 * @param pvMem The mapping.
8895 * @param fAccess The kind of access.
8896 */
8897IEM_STATIC VBOXSTRICTRC iemMemCommitAndUnmap(PVMCPU pVCpu, void *pvMem, uint32_t fAccess)
8898{
8899 int iMemMap = iemMapLookup(pVCpu, pvMem, fAccess);
8900 AssertReturn(iMemMap >= 0, iMemMap);
8901
8902 /* If it's bounce buffered, we may need to write back the buffer. */
8903 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED)
8904 {
8905 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE)
8906 return iemMemBounceBufferCommitAndUnmap(pVCpu, iMemMap, false /*fPostponeFail*/);
8907 }
8908 /* Otherwise unlock it. */
8909 else
8910 PGMPhysReleasePageMappingLock(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
8911
8912 /* Free the entry. */
8913 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
8914 Assert(pVCpu->iem.s.cActiveMappings != 0);
8915 pVCpu->iem.s.cActiveMappings--;
8916 return VINF_SUCCESS;
8917}
8918
8919#ifdef IEM_WITH_SETJMP
8920
8921/**
8922 * Maps the specified guest memory for the given kind of access, longjmp on
8923 * error.
8924 *
8925 * This may be using bounce buffering of the memory if it's crossing a page
8926 * boundary or if there is an access handler installed for any of it. Because
8927 * of lock prefix guarantees, we're in for some extra clutter when this
8928 * happens.
8929 *
8930 * This may raise a \#GP, \#SS, \#PF or \#AC.
8931 *
8932 * @returns Pointer to the mapped memory.
8933 *
8934 * @param pVCpu The cross context virtual CPU structure of the calling thread.
8935 * @param cbMem The number of bytes to map. This is usually 1,
8936 * 2, 4, 6, 8, 12, 16, 32 or 512. When used by
8937 * string operations it can be up to a page.
8938 * @param iSegReg The index of the segment register to use for
8939 * this access. The base and limits are checked.
8940 * Use UINT8_MAX to indicate that no segmentation
8941 * is required (for IDT, GDT and LDT accesses).
8942 * @param GCPtrMem The address of the guest memory.
8943 * @param fAccess How the memory is being accessed. The
8944 * IEM_ACCESS_TYPE_XXX bit is used to figure out
8945 * how to map the memory, while the
8946 * IEM_ACCESS_WHAT_XXX bit is used when raising
8947 * exceptions.
8948 */
8949IEM_STATIC void *iemMemMapJmp(PVMCPU pVCpu, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess)
8950{
8951 /*
8952 * Check the input and figure out which mapping entry to use.
8953 */
8954 Assert(cbMem <= 64 || cbMem == 512 || cbMem == 108 || cbMem == 104 || cbMem == 94); /* 512 is the max! */
8955 Assert(~(fAccess & ~(IEM_ACCESS_TYPE_MASK | IEM_ACCESS_WHAT_MASK)));
8956 Assert(pVCpu->iem.s.cActiveMappings < RT_ELEMENTS(pVCpu->iem.s.aMemMappings));
8957
8958 unsigned iMemMap = pVCpu->iem.s.iNextMapping;
8959 if ( iMemMap >= RT_ELEMENTS(pVCpu->iem.s.aMemMappings)
8960 || pVCpu->iem.s.aMemMappings[iMemMap].fAccess != IEM_ACCESS_INVALID)
8961 {
8962 iMemMap = iemMemMapFindFree(pVCpu);
8963 AssertLogRelMsgStmt(iMemMap < RT_ELEMENTS(pVCpu->iem.s.aMemMappings),
8964 ("active=%d fAccess[0] = {%#x, %#x, %#x}\n", pVCpu->iem.s.cActiveMappings,
8965 pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemMappings[1].fAccess,
8966 pVCpu->iem.s.aMemMappings[2].fAccess),
8967 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VERR_IEM_IPE_9));
8968 }
8969
8970 /*
8971 * Map the memory, checking that we can actually access it. If something
8972 * slightly complicated happens, fall back on bounce buffering.
8973 */
8974 VBOXSTRICTRC rcStrict = iemMemApplySegment(pVCpu, fAccess, iSegReg, cbMem, &GCPtrMem);
8975 if (rcStrict == VINF_SUCCESS) { /*likely*/ }
8976 else longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
8977
8978 /* Crossing a page boundary? */
8979 if ((GCPtrMem & PAGE_OFFSET_MASK) + cbMem <= PAGE_SIZE)
8980 { /* No (likely). */ }
8981 else
8982 {
8983 void *pvMem;
8984 rcStrict = iemMemBounceBufferMapCrossPage(pVCpu, iMemMap, &pvMem, cbMem, GCPtrMem, fAccess);
8985 if (rcStrict == VINF_SUCCESS)
8986 return pvMem;
8987 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
8988 }
8989
8990 RTGCPHYS GCPhysFirst;
8991 rcStrict = iemMemPageTranslateAndCheckAccess(pVCpu, GCPtrMem, fAccess, &GCPhysFirst);
8992 if (rcStrict == VINF_SUCCESS) { /*likely*/ }
8993 else longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
8994
8995 if (fAccess & IEM_ACCESS_TYPE_WRITE)
8996 Log8(("IEM WR %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
8997 if (fAccess & IEM_ACCESS_TYPE_READ)
8998 Log9(("IEM RD %RGv (%RGp) LB %#zx\n", GCPtrMem, GCPhysFirst, cbMem));
8999
9000 void *pvMem;
9001 rcStrict = iemMemPageMap(pVCpu, GCPhysFirst, fAccess, &pvMem, &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
9002 if (rcStrict == VINF_SUCCESS)
9003 { /* likely */ }
9004 else
9005 {
9006 rcStrict = iemMemBounceBufferMapPhys(pVCpu, iMemMap, &pvMem, cbMem, GCPhysFirst, fAccess, rcStrict);
9007 if (rcStrict == VINF_SUCCESS)
9008 return pvMem;
9009 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
9010 }
9011
9012 /*
9013 * Fill in the mapping table entry.
9014 */
9015 pVCpu->iem.s.aMemMappings[iMemMap].pv = pvMem;
9016 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = fAccess;
9017 pVCpu->iem.s.iNextMapping = iMemMap + 1;
9018 pVCpu->iem.s.cActiveMappings++;
9019
9020 iemMemUpdateWrittenCounter(pVCpu, fAccess, cbMem);
9021 return pvMem;
9022}
9023
9024
9025/**
9026 * Commits the guest memory if bounce buffered and unmaps it, longjmp on error.
9027 *
9028 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9029 * @param pvMem The mapping.
9030 * @param fAccess The kind of access.
9031 */
9032IEM_STATIC void iemMemCommitAndUnmapJmp(PVMCPU pVCpu, void *pvMem, uint32_t fAccess)
9033{
9034 int iMemMap = iemMapLookup(pVCpu, pvMem, fAccess);
9035 AssertStmt(iMemMap >= 0, longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), iMemMap));
9036
9037 /* If it's bounce buffered, we may need to write back the buffer. */
9038 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED)
9039 {
9040 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE)
9041 {
9042 VBOXSTRICTRC rcStrict = iemMemBounceBufferCommitAndUnmap(pVCpu, iMemMap, false /*fPostponeFail*/);
9043 if (rcStrict == VINF_SUCCESS)
9044 return;
9045 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
9046 }
9047 }
9048 /* Otherwise unlock it. */
9049 else
9050 PGMPhysReleasePageMappingLock(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
9051
9052 /* Free the entry. */
9053 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
9054 Assert(pVCpu->iem.s.cActiveMappings != 0);
9055 pVCpu->iem.s.cActiveMappings--;
9056}
9057
9058#endif /* IEM_WITH_SETJMP */
9059
9060#ifndef IN_RING3
9061/**
9062 * Commits the guest memory if bounce buffered and unmaps it, if any bounce
9063 * buffer part shows trouble it will be postponed to ring-3 (sets FF and stuff).
9064 *
9065 * Allows the instruction to be completed and retired, while the IEM user will
9066 * return to ring-3 immediately afterwards and do the postponed writes there.
9067 *
9068 * @returns VBox status code (no strict statuses). Caller must check
9069 * VMCPU_FF_IEM before repeating string instructions and similar stuff.
9070 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9071 * @param pvMem The mapping.
9072 * @param fAccess The kind of access.
9073 */
9074IEM_STATIC VBOXSTRICTRC iemMemCommitAndUnmapPostponeTroubleToR3(PVMCPU pVCpu, void *pvMem, uint32_t fAccess)
9075{
9076 int iMemMap = iemMapLookup(pVCpu, pvMem, fAccess);
9077 AssertReturn(iMemMap >= 0, iMemMap);
9078
9079 /* If it's bounce buffered, we may need to write back the buffer. */
9080 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED)
9081 {
9082 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE)
9083 return iemMemBounceBufferCommitAndUnmap(pVCpu, iMemMap, true /*fPostponeFail*/);
9084 }
9085 /* Otherwise unlock it. */
9086 else
9087 PGMPhysReleasePageMappingLock(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
9088
9089 /* Free the entry. */
9090 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
9091 Assert(pVCpu->iem.s.cActiveMappings != 0);
9092 pVCpu->iem.s.cActiveMappings--;
9093 return VINF_SUCCESS;
9094}
9095#endif
9096
9097
9098/**
9099 * Rollbacks mappings, releasing page locks and such.
9100 *
9101 * The caller shall only call this after checking cActiveMappings.
9102 *
9103 * @returns Strict VBox status code to pass up.
9104 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9105 */
9106IEM_STATIC void iemMemRollback(PVMCPU pVCpu)
9107{
9108 Assert(pVCpu->iem.s.cActiveMappings > 0);
9109
9110 uint32_t iMemMap = RT_ELEMENTS(pVCpu->iem.s.aMemMappings);
9111 while (iMemMap-- > 0)
9112 {
9113 uint32_t const fAccess = pVCpu->iem.s.aMemMappings[iMemMap].fAccess;
9114 if (fAccess != IEM_ACCESS_INVALID)
9115 {
9116 AssertMsg(!(fAccess & ~IEM_ACCESS_VALID_MASK) && fAccess != 0, ("%#x\n", fAccess));
9117 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
9118 if (!(fAccess & IEM_ACCESS_BOUNCE_BUFFERED))
9119 PGMPhysReleasePageMappingLock(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.aMemMappingLocks[iMemMap].Lock);
9120 AssertMsg(pVCpu->iem.s.cActiveMappings > 0,
9121 ("iMemMap=%u fAccess=%#x pv=%p GCPhysFirst=%RGp GCPhysSecond=%RGp\n",
9122 iMemMap, fAccess, pVCpu->iem.s.aMemMappings[iMemMap].pv,
9123 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond));
9124 pVCpu->iem.s.cActiveMappings--;
9125 }
9126 }
9127}
9128
9129
9130/**
9131 * Fetches a data byte.
9132 *
9133 * @returns Strict VBox status code.
9134 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9135 * @param pu8Dst Where to return the byte.
9136 * @param iSegReg The index of the segment register to use for
9137 * this access. The base and limits are checked.
9138 * @param GCPtrMem The address of the guest memory.
9139 */
9140IEM_STATIC VBOXSTRICTRC iemMemFetchDataU8(PVMCPU pVCpu, uint8_t *pu8Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9141{
9142 /* The lazy approach for now... */
9143 uint8_t const *pu8Src;
9144 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu8Src, sizeof(*pu8Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9145 if (rc == VINF_SUCCESS)
9146 {
9147 *pu8Dst = *pu8Src;
9148 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu8Src, IEM_ACCESS_DATA_R);
9149 }
9150 return rc;
9151}
9152
9153
9154#ifdef IEM_WITH_SETJMP
9155/**
9156 * Fetches a data byte, longjmp on error.
9157 *
9158 * @returns The byte.
9159 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9160 * @param iSegReg The index of the segment register to use for
9161 * this access. The base and limits are checked.
9162 * @param GCPtrMem The address of the guest memory.
9163 */
9164DECL_NO_INLINE(IEM_STATIC, uint8_t) iemMemFetchDataU8Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem)
9165{
9166 /* The lazy approach for now... */
9167 uint8_t const *pu8Src = (uint8_t const *)iemMemMapJmp(pVCpu, sizeof(*pu8Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9168 uint8_t const bRet = *pu8Src;
9169 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu8Src, IEM_ACCESS_DATA_R);
9170 return bRet;
9171}
9172#endif /* IEM_WITH_SETJMP */
9173
9174
9175/**
9176 * Fetches a data word.
9177 *
9178 * @returns Strict VBox status code.
9179 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9180 * @param pu16Dst Where to return the word.
9181 * @param iSegReg The index of the segment register to use for
9182 * this access. The base and limits are checked.
9183 * @param GCPtrMem The address of the guest memory.
9184 */
9185IEM_STATIC VBOXSTRICTRC iemMemFetchDataU16(PVMCPU pVCpu, uint16_t *pu16Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9186{
9187 /* The lazy approach for now... */
9188 uint16_t const *pu16Src;
9189 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Src, sizeof(*pu16Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9190 if (rc == VINF_SUCCESS)
9191 {
9192 *pu16Dst = *pu16Src;
9193 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu16Src, IEM_ACCESS_DATA_R);
9194 }
9195 return rc;
9196}
9197
9198
9199#ifdef IEM_WITH_SETJMP
9200/**
9201 * Fetches a data word, longjmp on error.
9202 *
9203 * @returns The word
9204 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9205 * @param iSegReg The index of the segment register to use for
9206 * this access. The base and limits are checked.
9207 * @param GCPtrMem The address of the guest memory.
9208 */
9209DECL_NO_INLINE(IEM_STATIC, uint16_t) iemMemFetchDataU16Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem)
9210{
9211 /* The lazy approach for now... */
9212 uint16_t const *pu16Src = (uint16_t const *)iemMemMapJmp(pVCpu, sizeof(*pu16Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9213 uint16_t const u16Ret = *pu16Src;
9214 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu16Src, IEM_ACCESS_DATA_R);
9215 return u16Ret;
9216}
9217#endif
9218
9219
9220/**
9221 * Fetches a data dword.
9222 *
9223 * @returns Strict VBox status code.
9224 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9225 * @param pu32Dst Where to return the dword.
9226 * @param iSegReg The index of the segment register to use for
9227 * this access. The base and limits are checked.
9228 * @param GCPtrMem The address of the guest memory.
9229 */
9230IEM_STATIC VBOXSTRICTRC iemMemFetchDataU32(PVMCPU pVCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9231{
9232 /* The lazy approach for now... */
9233 uint32_t const *pu32Src;
9234 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Src, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9235 if (rc == VINF_SUCCESS)
9236 {
9237 *pu32Dst = *pu32Src;
9238 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu32Src, IEM_ACCESS_DATA_R);
9239 }
9240 return rc;
9241}
9242
9243
9244#ifdef IEM_WITH_SETJMP
9245
9246IEM_STATIC RTGCPTR iemMemApplySegmentToReadJmp(PVMCPU pVCpu, uint8_t iSegReg, size_t cbMem, RTGCPTR GCPtrMem)
9247{
9248 Assert(cbMem >= 1);
9249 Assert(iSegReg < X86_SREG_COUNT);
9250
9251 /*
9252 * 64-bit mode is simpler.
9253 */
9254 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
9255 {
9256 if (iSegReg >= X86_SREG_FS)
9257 {
9258 IEM_CTX_IMPORT_JMP(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
9259 PCPUMSELREGHID pSel = iemSRegGetHid(pVCpu, iSegReg);
9260 GCPtrMem += pSel->u64Base;
9261 }
9262
9263 if (RT_LIKELY(X86_IS_CANONICAL(GCPtrMem) && X86_IS_CANONICAL(GCPtrMem + cbMem - 1)))
9264 return GCPtrMem;
9265 }
9266 /*
9267 * 16-bit and 32-bit segmentation.
9268 */
9269 else
9270 {
9271 IEM_CTX_IMPORT_JMP(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
9272 PCPUMSELREGHID pSel = iemSRegGetHid(pVCpu, iSegReg);
9273 if ( (pSel->Attr.u & (X86DESCATTR_P | X86DESCATTR_UNUSABLE | X86_SEL_TYPE_CODE | X86_SEL_TYPE_DOWN))
9274 == X86DESCATTR_P /* data, expand up */
9275 || (pSel->Attr.u & (X86DESCATTR_P | X86DESCATTR_UNUSABLE | X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ))
9276 == (X86DESCATTR_P | X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ) /* code, read-only */ )
9277 {
9278 /* expand up */
9279 uint32_t GCPtrLast32 = (uint32_t)GCPtrMem + (uint32_t)cbMem;
9280 if (RT_LIKELY( GCPtrLast32 > pSel->u32Limit
9281 && GCPtrLast32 > (uint32_t)GCPtrMem))
9282 return (uint32_t)GCPtrMem + (uint32_t)pSel->u64Base;
9283 }
9284 else if ( (pSel->Attr.u & (X86DESCATTR_P | X86DESCATTR_UNUSABLE | X86_SEL_TYPE_CODE | X86_SEL_TYPE_DOWN))
9285 == (X86DESCATTR_P | X86_SEL_TYPE_DOWN) /* data, expand down */ )
9286 {
9287 /* expand down */
9288 uint32_t GCPtrLast32 = (uint32_t)GCPtrMem + (uint32_t)cbMem;
9289 if (RT_LIKELY( (uint32_t)GCPtrMem > pSel->u32Limit
9290 && GCPtrLast32 <= (pSel->Attr.n.u1DefBig ? UINT32_MAX : UINT32_C(0xffff))
9291 && GCPtrLast32 > (uint32_t)GCPtrMem))
9292 return (uint32_t)GCPtrMem + (uint32_t)pSel->u64Base;
9293 }
9294 else
9295 iemRaiseSelectorInvalidAccessJmp(pVCpu, iSegReg, IEM_ACCESS_DATA_R);
9296 iemRaiseSelectorBoundsJmp(pVCpu, iSegReg, IEM_ACCESS_DATA_R);
9297 }
9298 iemRaiseGeneralProtectionFault0Jmp(pVCpu);
9299}
9300
9301
9302IEM_STATIC RTGCPTR iemMemApplySegmentToWriteJmp(PVMCPU pVCpu, uint8_t iSegReg, size_t cbMem, RTGCPTR GCPtrMem)
9303{
9304 Assert(cbMem >= 1);
9305 Assert(iSegReg < X86_SREG_COUNT);
9306
9307 /*
9308 * 64-bit mode is simpler.
9309 */
9310 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
9311 {
9312 if (iSegReg >= X86_SREG_FS)
9313 {
9314 IEM_CTX_IMPORT_JMP(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
9315 PCPUMSELREGHID pSel = iemSRegGetHid(pVCpu, iSegReg);
9316 GCPtrMem += pSel->u64Base;
9317 }
9318
9319 if (RT_LIKELY(X86_IS_CANONICAL(GCPtrMem) && X86_IS_CANONICAL(GCPtrMem + cbMem - 1)))
9320 return GCPtrMem;
9321 }
9322 /*
9323 * 16-bit and 32-bit segmentation.
9324 */
9325 else
9326 {
9327 IEM_CTX_IMPORT_JMP(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(iSegReg));
9328 PCPUMSELREGHID pSel = iemSRegGetHid(pVCpu, iSegReg);
9329 uint32_t const fRelevantAttrs = pSel->Attr.u & ( X86DESCATTR_P | X86DESCATTR_UNUSABLE
9330 | X86_SEL_TYPE_CODE | X86_SEL_TYPE_WRITE | X86_SEL_TYPE_DOWN);
9331 if (fRelevantAttrs == (X86DESCATTR_P | X86_SEL_TYPE_WRITE)) /* data, expand up */
9332 {
9333 /* expand up */
9334 uint32_t GCPtrLast32 = (uint32_t)GCPtrMem + (uint32_t)cbMem;
9335 if (RT_LIKELY( GCPtrLast32 > pSel->u32Limit
9336 && GCPtrLast32 > (uint32_t)GCPtrMem))
9337 return (uint32_t)GCPtrMem + (uint32_t)pSel->u64Base;
9338 }
9339 else if (fRelevantAttrs == (X86DESCATTR_P | X86_SEL_TYPE_WRITE | X86_SEL_TYPE_DOWN)) /* data, expand up */
9340 {
9341 /* expand down */
9342 uint32_t GCPtrLast32 = (uint32_t)GCPtrMem + (uint32_t)cbMem;
9343 if (RT_LIKELY( (uint32_t)GCPtrMem > pSel->u32Limit
9344 && GCPtrLast32 <= (pSel->Attr.n.u1DefBig ? UINT32_MAX : UINT32_C(0xffff))
9345 && GCPtrLast32 > (uint32_t)GCPtrMem))
9346 return (uint32_t)GCPtrMem + (uint32_t)pSel->u64Base;
9347 }
9348 else
9349 iemRaiseSelectorInvalidAccessJmp(pVCpu, iSegReg, IEM_ACCESS_DATA_W);
9350 iemRaiseSelectorBoundsJmp(pVCpu, iSegReg, IEM_ACCESS_DATA_W);
9351 }
9352 iemRaiseGeneralProtectionFault0Jmp(pVCpu);
9353}
9354
9355
9356/**
9357 * Fetches a data dword, longjmp on error, fallback/safe version.
9358 *
9359 * @returns The dword
9360 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9361 * @param iSegReg The index of the segment register to use for
9362 * this access. The base and limits are checked.
9363 * @param GCPtrMem The address of the guest memory.
9364 */
9365IEM_STATIC uint32_t iemMemFetchDataU32SafeJmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem)
9366{
9367 uint32_t const *pu32Src = (uint32_t const *)iemMemMapJmp(pVCpu, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9368 uint32_t const u32Ret = *pu32Src;
9369 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu32Src, IEM_ACCESS_DATA_R);
9370 return u32Ret;
9371}
9372
9373
9374/**
9375 * Fetches a data dword, longjmp on error.
9376 *
9377 * @returns The dword
9378 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9379 * @param iSegReg The index of the segment register to use for
9380 * this access. The base and limits are checked.
9381 * @param GCPtrMem The address of the guest memory.
9382 */
9383DECL_NO_INLINE(IEM_STATIC, uint32_t) iemMemFetchDataU32Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem)
9384{
9385# ifdef IEM_WITH_DATA_TLB
9386 RTGCPTR GCPtrEff = iemMemApplySegmentToReadJmp(pVCpu, iSegReg, sizeof(uint32_t), GCPtrMem);
9387 if (RT_LIKELY((GCPtrEff & X86_PAGE_OFFSET_MASK) <= X86_PAGE_SIZE - sizeof(uint32_t)))
9388 {
9389 /// @todo more later.
9390 }
9391
9392 return iemMemFetchDataU32SafeJmp(pVCpu, iSegReg, GCPtrMem);
9393# else
9394 /* The lazy approach. */
9395 uint32_t const *pu32Src = (uint32_t const *)iemMemMapJmp(pVCpu, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9396 uint32_t const u32Ret = *pu32Src;
9397 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu32Src, IEM_ACCESS_DATA_R);
9398 return u32Ret;
9399# endif
9400}
9401#endif
9402
9403
9404#ifdef SOME_UNUSED_FUNCTION
9405/**
9406 * Fetches a data dword and sign extends it to a qword.
9407 *
9408 * @returns Strict VBox status code.
9409 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9410 * @param pu64Dst Where to return the sign extended value.
9411 * @param iSegReg The index of the segment register to use for
9412 * this access. The base and limits are checked.
9413 * @param GCPtrMem The address of the guest memory.
9414 */
9415IEM_STATIC VBOXSTRICTRC iemMemFetchDataS32SxU64(PVMCPU pVCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9416{
9417 /* The lazy approach for now... */
9418 int32_t const *pi32Src;
9419 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pi32Src, sizeof(*pi32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9420 if (rc == VINF_SUCCESS)
9421 {
9422 *pu64Dst = *pi32Src;
9423 rc = iemMemCommitAndUnmap(pVCpu, (void *)pi32Src, IEM_ACCESS_DATA_R);
9424 }
9425#ifdef __GNUC__ /* warning: GCC may be a royal pain */
9426 else
9427 *pu64Dst = 0;
9428#endif
9429 return rc;
9430}
9431#endif
9432
9433
9434/**
9435 * Fetches a data qword.
9436 *
9437 * @returns Strict VBox status code.
9438 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9439 * @param pu64Dst Where to return the qword.
9440 * @param iSegReg The index of the segment register to use for
9441 * this access. The base and limits are checked.
9442 * @param GCPtrMem The address of the guest memory.
9443 */
9444IEM_STATIC VBOXSTRICTRC iemMemFetchDataU64(PVMCPU pVCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9445{
9446 /* The lazy approach for now... */
9447 uint64_t const *pu64Src;
9448 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9449 if (rc == VINF_SUCCESS)
9450 {
9451 *pu64Dst = *pu64Src;
9452 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
9453 }
9454 return rc;
9455}
9456
9457
9458#ifdef IEM_WITH_SETJMP
9459/**
9460 * Fetches a data qword, longjmp on error.
9461 *
9462 * @returns The qword.
9463 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9464 * @param iSegReg The index of the segment register to use for
9465 * this access. The base and limits are checked.
9466 * @param GCPtrMem The address of the guest memory.
9467 */
9468DECL_NO_INLINE(IEM_STATIC, uint64_t) iemMemFetchDataU64Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem)
9469{
9470 /* The lazy approach for now... */
9471 uint64_t const *pu64Src = (uint64_t const *)iemMemMapJmp(pVCpu, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9472 uint64_t const u64Ret = *pu64Src;
9473 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
9474 return u64Ret;
9475}
9476#endif
9477
9478
9479/**
9480 * Fetches a data qword, aligned at a 16 byte boundrary (for SSE).
9481 *
9482 * @returns Strict VBox status code.
9483 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9484 * @param pu64Dst Where to return the qword.
9485 * @param iSegReg The index of the segment register to use for
9486 * this access. The base and limits are checked.
9487 * @param GCPtrMem The address of the guest memory.
9488 */
9489IEM_STATIC VBOXSTRICTRC iemMemFetchDataU64AlignedU128(PVMCPU pVCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9490{
9491 /* The lazy approach for now... */
9492 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on SSE stuff. */
9493 if (RT_UNLIKELY(GCPtrMem & 15))
9494 return iemRaiseGeneralProtectionFault0(pVCpu);
9495
9496 uint64_t const *pu64Src;
9497 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9498 if (rc == VINF_SUCCESS)
9499 {
9500 *pu64Dst = *pu64Src;
9501 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
9502 }
9503 return rc;
9504}
9505
9506
9507#ifdef IEM_WITH_SETJMP
9508/**
9509 * Fetches a data qword, longjmp on error.
9510 *
9511 * @returns The qword.
9512 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9513 * @param iSegReg The index of the segment register to use for
9514 * this access. The base and limits are checked.
9515 * @param GCPtrMem The address of the guest memory.
9516 */
9517DECL_NO_INLINE(IEM_STATIC, uint64_t) iemMemFetchDataU64AlignedU128Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem)
9518{
9519 /* The lazy approach for now... */
9520 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on SSE stuff. */
9521 if (RT_LIKELY(!(GCPtrMem & 15)))
9522 {
9523 uint64_t const *pu64Src = (uint64_t const *)iemMemMapJmp(pVCpu, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9524 uint64_t const u64Ret = *pu64Src;
9525 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
9526 return u64Ret;
9527 }
9528
9529 VBOXSTRICTRC rc = iemRaiseGeneralProtectionFault0(pVCpu);
9530 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rc));
9531}
9532#endif
9533
9534
9535/**
9536 * Fetches a data tword.
9537 *
9538 * @returns Strict VBox status code.
9539 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9540 * @param pr80Dst Where to return the tword.
9541 * @param iSegReg The index of the segment register to use for
9542 * this access. The base and limits are checked.
9543 * @param GCPtrMem The address of the guest memory.
9544 */
9545IEM_STATIC VBOXSTRICTRC iemMemFetchDataR80(PVMCPU pVCpu, PRTFLOAT80U pr80Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9546{
9547 /* The lazy approach for now... */
9548 PCRTFLOAT80U pr80Src;
9549 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pr80Src, sizeof(*pr80Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9550 if (rc == VINF_SUCCESS)
9551 {
9552 *pr80Dst = *pr80Src;
9553 rc = iemMemCommitAndUnmap(pVCpu, (void *)pr80Src, IEM_ACCESS_DATA_R);
9554 }
9555 return rc;
9556}
9557
9558
9559#ifdef IEM_WITH_SETJMP
9560/**
9561 * Fetches a data tword, longjmp on error.
9562 *
9563 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9564 * @param pr80Dst Where to return the tword.
9565 * @param iSegReg The index of the segment register to use for
9566 * this access. The base and limits are checked.
9567 * @param GCPtrMem The address of the guest memory.
9568 */
9569DECL_NO_INLINE(IEM_STATIC, void) iemMemFetchDataR80Jmp(PVMCPU pVCpu, PRTFLOAT80U pr80Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9570{
9571 /* The lazy approach for now... */
9572 PCRTFLOAT80U pr80Src = (PCRTFLOAT80U)iemMemMapJmp(pVCpu, sizeof(*pr80Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9573 *pr80Dst = *pr80Src;
9574 iemMemCommitAndUnmapJmp(pVCpu, (void *)pr80Src, IEM_ACCESS_DATA_R);
9575}
9576#endif
9577
9578
9579/**
9580 * Fetches a data dqword (double qword), generally SSE related.
9581 *
9582 * @returns Strict VBox status code.
9583 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9584 * @param pu128Dst Where to return the qword.
9585 * @param iSegReg The index of the segment register to use for
9586 * this access. The base and limits are checked.
9587 * @param GCPtrMem The address of the guest memory.
9588 */
9589IEM_STATIC VBOXSTRICTRC iemMemFetchDataU128(PVMCPU pVCpu, PRTUINT128U pu128Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9590{
9591 /* The lazy approach for now... */
9592 PCRTUINT128U pu128Src;
9593 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu128Src, sizeof(*pu128Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9594 if (rc == VINF_SUCCESS)
9595 {
9596 pu128Dst->au64[0] = pu128Src->au64[0];
9597 pu128Dst->au64[1] = pu128Src->au64[1];
9598 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu128Src, IEM_ACCESS_DATA_R);
9599 }
9600 return rc;
9601}
9602
9603
9604#ifdef IEM_WITH_SETJMP
9605/**
9606 * Fetches a data dqword (double qword), generally SSE related.
9607 *
9608 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9609 * @param pu128Dst Where to return the qword.
9610 * @param iSegReg The index of the segment register to use for
9611 * this access. The base and limits are checked.
9612 * @param GCPtrMem The address of the guest memory.
9613 */
9614IEM_STATIC void iemMemFetchDataU128Jmp(PVMCPU pVCpu, PRTUINT128U pu128Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9615{
9616 /* The lazy approach for now... */
9617 PCRTUINT128U pu128Src = (PCRTUINT128U)iemMemMapJmp(pVCpu, sizeof(*pu128Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9618 pu128Dst->au64[0] = pu128Src->au64[0];
9619 pu128Dst->au64[1] = pu128Src->au64[1];
9620 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu128Src, IEM_ACCESS_DATA_R);
9621}
9622#endif
9623
9624
9625/**
9626 * Fetches a data dqword (double qword) at an aligned address, generally SSE
9627 * related.
9628 *
9629 * Raises \#GP(0) if not aligned.
9630 *
9631 * @returns Strict VBox status code.
9632 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9633 * @param pu128Dst Where to return the qword.
9634 * @param iSegReg The index of the segment register to use for
9635 * this access. The base and limits are checked.
9636 * @param GCPtrMem The address of the guest memory.
9637 */
9638IEM_STATIC VBOXSTRICTRC iemMemFetchDataU128AlignedSse(PVMCPU pVCpu, PRTUINT128U pu128Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9639{
9640 /* The lazy approach for now... */
9641 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on SSE stuff. */
9642 if ( (GCPtrMem & 15)
9643 && !(pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.MXCSR & X86_MXCSR_MM)) /** @todo should probably check this *after* applying seg.u64Base... Check real HW. */
9644 return iemRaiseGeneralProtectionFault0(pVCpu);
9645
9646 PCRTUINT128U pu128Src;
9647 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu128Src, sizeof(*pu128Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9648 if (rc == VINF_SUCCESS)
9649 {
9650 pu128Dst->au64[0] = pu128Src->au64[0];
9651 pu128Dst->au64[1] = pu128Src->au64[1];
9652 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu128Src, IEM_ACCESS_DATA_R);
9653 }
9654 return rc;
9655}
9656
9657
9658#ifdef IEM_WITH_SETJMP
9659/**
9660 * Fetches a data dqword (double qword) at an aligned address, generally SSE
9661 * related, longjmp on error.
9662 *
9663 * Raises \#GP(0) if not aligned.
9664 *
9665 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9666 * @param pu128Dst Where to return the qword.
9667 * @param iSegReg The index of the segment register to use for
9668 * this access. The base and limits are checked.
9669 * @param GCPtrMem The address of the guest memory.
9670 */
9671DECL_NO_INLINE(IEM_STATIC, void) iemMemFetchDataU128AlignedSseJmp(PVMCPU pVCpu, PRTUINT128U pu128Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9672{
9673 /* The lazy approach for now... */
9674 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on SSE stuff. */
9675 if ( (GCPtrMem & 15) == 0
9676 || (pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.MXCSR & X86_MXCSR_MM)) /** @todo should probably check this *after* applying seg.u64Base... Check real HW. */
9677 {
9678 PCRTUINT128U pu128Src = (PCRTUINT128U)iemMemMapJmp(pVCpu, sizeof(*pu128Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9679 pu128Dst->au64[0] = pu128Src->au64[0];
9680 pu128Dst->au64[1] = pu128Src->au64[1];
9681 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu128Src, IEM_ACCESS_DATA_R);
9682 return;
9683 }
9684
9685 VBOXSTRICTRC rcStrict = iemRaiseGeneralProtectionFault0(pVCpu);
9686 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
9687}
9688#endif
9689
9690
9691/**
9692 * Fetches a data oword (octo word), generally AVX related.
9693 *
9694 * @returns Strict VBox status code.
9695 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9696 * @param pu256Dst Where to return the qword.
9697 * @param iSegReg The index of the segment register to use for
9698 * this access. The base and limits are checked.
9699 * @param GCPtrMem The address of the guest memory.
9700 */
9701IEM_STATIC VBOXSTRICTRC iemMemFetchDataU256(PVMCPU pVCpu, PRTUINT256U pu256Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9702{
9703 /* The lazy approach for now... */
9704 PCRTUINT256U pu256Src;
9705 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu256Src, sizeof(*pu256Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9706 if (rc == VINF_SUCCESS)
9707 {
9708 pu256Dst->au64[0] = pu256Src->au64[0];
9709 pu256Dst->au64[1] = pu256Src->au64[1];
9710 pu256Dst->au64[2] = pu256Src->au64[2];
9711 pu256Dst->au64[3] = pu256Src->au64[3];
9712 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu256Src, IEM_ACCESS_DATA_R);
9713 }
9714 return rc;
9715}
9716
9717
9718#ifdef IEM_WITH_SETJMP
9719/**
9720 * Fetches a data oword (octo word), generally AVX related.
9721 *
9722 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9723 * @param pu256Dst Where to return the qword.
9724 * @param iSegReg The index of the segment register to use for
9725 * this access. The base and limits are checked.
9726 * @param GCPtrMem The address of the guest memory.
9727 */
9728IEM_STATIC void iemMemFetchDataU256Jmp(PVMCPU pVCpu, PRTUINT256U pu256Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9729{
9730 /* The lazy approach for now... */
9731 PCRTUINT256U pu256Src = (PCRTUINT256U)iemMemMapJmp(pVCpu, sizeof(*pu256Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9732 pu256Dst->au64[0] = pu256Src->au64[0];
9733 pu256Dst->au64[1] = pu256Src->au64[1];
9734 pu256Dst->au64[2] = pu256Src->au64[2];
9735 pu256Dst->au64[3] = pu256Src->au64[3];
9736 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu256Src, IEM_ACCESS_DATA_R);
9737}
9738#endif
9739
9740
9741/**
9742 * Fetches a data oword (octo word) at an aligned address, generally AVX
9743 * related.
9744 *
9745 * Raises \#GP(0) if not aligned.
9746 *
9747 * @returns Strict VBox status code.
9748 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9749 * @param pu256Dst Where to return the qword.
9750 * @param iSegReg The index of the segment register to use for
9751 * this access. The base and limits are checked.
9752 * @param GCPtrMem The address of the guest memory.
9753 */
9754IEM_STATIC VBOXSTRICTRC iemMemFetchDataU256AlignedSse(PVMCPU pVCpu, PRTUINT256U pu256Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9755{
9756 /* The lazy approach for now... */
9757 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on AVX stuff. */
9758 if (GCPtrMem & 31)
9759 return iemRaiseGeneralProtectionFault0(pVCpu);
9760
9761 PCRTUINT256U pu256Src;
9762 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu256Src, sizeof(*pu256Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9763 if (rc == VINF_SUCCESS)
9764 {
9765 pu256Dst->au64[0] = pu256Src->au64[0];
9766 pu256Dst->au64[1] = pu256Src->au64[1];
9767 pu256Dst->au64[2] = pu256Src->au64[2];
9768 pu256Dst->au64[3] = pu256Src->au64[3];
9769 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu256Src, IEM_ACCESS_DATA_R);
9770 }
9771 return rc;
9772}
9773
9774
9775#ifdef IEM_WITH_SETJMP
9776/**
9777 * Fetches a data oword (octo word) at an aligned address, generally AVX
9778 * related, longjmp on error.
9779 *
9780 * Raises \#GP(0) if not aligned.
9781 *
9782 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9783 * @param pu256Dst Where to return the qword.
9784 * @param iSegReg The index of the segment register to use for
9785 * this access. The base and limits are checked.
9786 * @param GCPtrMem The address of the guest memory.
9787 */
9788DECL_NO_INLINE(IEM_STATIC, void) iemMemFetchDataU256AlignedSseJmp(PVMCPU pVCpu, PRTUINT256U pu256Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
9789{
9790 /* The lazy approach for now... */
9791 /** @todo testcase: Ordering of \#SS(0) vs \#GP() vs \#PF on AVX stuff. */
9792 if ((GCPtrMem & 31) == 0)
9793 {
9794 PCRTUINT256U pu256Src = (PCRTUINT256U)iemMemMapJmp(pVCpu, sizeof(*pu256Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
9795 pu256Dst->au64[0] = pu256Src->au64[0];
9796 pu256Dst->au64[1] = pu256Src->au64[1];
9797 pu256Dst->au64[2] = pu256Src->au64[2];
9798 pu256Dst->au64[3] = pu256Src->au64[3];
9799 iemMemCommitAndUnmapJmp(pVCpu, (void *)pu256Src, IEM_ACCESS_DATA_R);
9800 return;
9801 }
9802
9803 VBOXSTRICTRC rcStrict = iemRaiseGeneralProtectionFault0(pVCpu);
9804 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
9805}
9806#endif
9807
9808
9809
9810/**
9811 * Fetches a descriptor register (lgdt, lidt).
9812 *
9813 * @returns Strict VBox status code.
9814 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9815 * @param pcbLimit Where to return the limit.
9816 * @param pGCPtrBase Where to return the base.
9817 * @param iSegReg The index of the segment register to use for
9818 * this access. The base and limits are checked.
9819 * @param GCPtrMem The address of the guest memory.
9820 * @param enmOpSize The effective operand size.
9821 */
9822IEM_STATIC VBOXSTRICTRC iemMemFetchDataXdtr(PVMCPU pVCpu, uint16_t *pcbLimit, PRTGCPTR pGCPtrBase, uint8_t iSegReg,
9823 RTGCPTR GCPtrMem, IEMMODE enmOpSize)
9824{
9825 /*
9826 * Just like SIDT and SGDT, the LIDT and LGDT instructions are a
9827 * little special:
9828 * - The two reads are done separately.
9829 * - Operand size override works in 16-bit and 32-bit code, but 64-bit.
9830 * - We suspect the 386 to actually commit the limit before the base in
9831 * some cases (search for 386 in bs3CpuBasic2_lidt_lgdt_One). We
9832 * don't try emulate this eccentric behavior, because it's not well
9833 * enough understood and rather hard to trigger.
9834 * - The 486 seems to do a dword limit read when the operand size is 32-bit.
9835 */
9836 VBOXSTRICTRC rcStrict;
9837 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
9838 {
9839 rcStrict = iemMemFetchDataU16(pVCpu, pcbLimit, iSegReg, GCPtrMem);
9840 if (rcStrict == VINF_SUCCESS)
9841 rcStrict = iemMemFetchDataU64(pVCpu, pGCPtrBase, iSegReg, GCPtrMem + 2);
9842 }
9843 else
9844 {
9845 uint32_t uTmp = 0; /* (Visual C++ maybe used uninitialized) */
9846 if (enmOpSize == IEMMODE_32BIT)
9847 {
9848 if (IEM_GET_TARGET_CPU(pVCpu) != IEMTARGETCPU_486)
9849 {
9850 rcStrict = iemMemFetchDataU16(pVCpu, pcbLimit, iSegReg, GCPtrMem);
9851 if (rcStrict == VINF_SUCCESS)
9852 rcStrict = iemMemFetchDataU32(pVCpu, &uTmp, iSegReg, GCPtrMem + 2);
9853 }
9854 else
9855 {
9856 rcStrict = iemMemFetchDataU32(pVCpu, &uTmp, iSegReg, GCPtrMem);
9857 if (rcStrict == VINF_SUCCESS)
9858 {
9859 *pcbLimit = (uint16_t)uTmp;
9860 rcStrict = iemMemFetchDataU32(pVCpu, &uTmp, iSegReg, GCPtrMem + 2);
9861 }
9862 }
9863 if (rcStrict == VINF_SUCCESS)
9864 *pGCPtrBase = uTmp;
9865 }
9866 else
9867 {
9868 rcStrict = iemMemFetchDataU16(pVCpu, pcbLimit, iSegReg, GCPtrMem);
9869 if (rcStrict == VINF_SUCCESS)
9870 {
9871 rcStrict = iemMemFetchDataU32(pVCpu, &uTmp, iSegReg, GCPtrMem + 2);
9872 if (rcStrict == VINF_SUCCESS)
9873 *pGCPtrBase = uTmp & UINT32_C(0x00ffffff);
9874 }
9875 }
9876 }
9877 return rcStrict;
9878}
9879
9880
9881
9882/**
9883 * Stores a data byte.
9884 *
9885 * @returns Strict VBox status code.
9886 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9887 * @param iSegReg The index of the segment register to use for
9888 * this access. The base and limits are checked.
9889 * @param GCPtrMem The address of the guest memory.
9890 * @param u8Value The value to store.
9891 */
9892IEM_STATIC VBOXSTRICTRC iemMemStoreDataU8(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint8_t u8Value)
9893{
9894 /* The lazy approach for now... */
9895 uint8_t *pu8Dst;
9896 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu8Dst, sizeof(*pu8Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
9897 if (rc == VINF_SUCCESS)
9898 {
9899 *pu8Dst = u8Value;
9900 rc = iemMemCommitAndUnmap(pVCpu, pu8Dst, IEM_ACCESS_DATA_W);
9901 }
9902 return rc;
9903}
9904
9905
9906#ifdef IEM_WITH_SETJMP
9907/**
9908 * Stores a data byte, longjmp on error.
9909 *
9910 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9911 * @param iSegReg The index of the segment register to use for
9912 * this access. The base and limits are checked.
9913 * @param GCPtrMem The address of the guest memory.
9914 * @param u8Value The value to store.
9915 */
9916IEM_STATIC void iemMemStoreDataU8Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint8_t u8Value)
9917{
9918 /* The lazy approach for now... */
9919 uint8_t *pu8Dst = (uint8_t *)iemMemMapJmp(pVCpu, sizeof(*pu8Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
9920 *pu8Dst = u8Value;
9921 iemMemCommitAndUnmapJmp(pVCpu, pu8Dst, IEM_ACCESS_DATA_W);
9922}
9923#endif
9924
9925
9926/**
9927 * Stores a data word.
9928 *
9929 * @returns Strict VBox status code.
9930 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9931 * @param iSegReg The index of the segment register to use for
9932 * this access. The base and limits are checked.
9933 * @param GCPtrMem The address of the guest memory.
9934 * @param u16Value The value to store.
9935 */
9936IEM_STATIC VBOXSTRICTRC iemMemStoreDataU16(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint16_t u16Value)
9937{
9938 /* The lazy approach for now... */
9939 uint16_t *pu16Dst;
9940 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Dst, sizeof(*pu16Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
9941 if (rc == VINF_SUCCESS)
9942 {
9943 *pu16Dst = u16Value;
9944 rc = iemMemCommitAndUnmap(pVCpu, pu16Dst, IEM_ACCESS_DATA_W);
9945 }
9946 return rc;
9947}
9948
9949
9950#ifdef IEM_WITH_SETJMP
9951/**
9952 * Stores a data word, longjmp on error.
9953 *
9954 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9955 * @param iSegReg The index of the segment register to use for
9956 * this access. The base and limits are checked.
9957 * @param GCPtrMem The address of the guest memory.
9958 * @param u16Value The value to store.
9959 */
9960IEM_STATIC void iemMemStoreDataU16Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint16_t u16Value)
9961{
9962 /* The lazy approach for now... */
9963 uint16_t *pu16Dst = (uint16_t *)iemMemMapJmp(pVCpu, sizeof(*pu16Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
9964 *pu16Dst = u16Value;
9965 iemMemCommitAndUnmapJmp(pVCpu, pu16Dst, IEM_ACCESS_DATA_W);
9966}
9967#endif
9968
9969
9970/**
9971 * Stores a data dword.
9972 *
9973 * @returns Strict VBox status code.
9974 * @param pVCpu The cross context virtual CPU structure of the calling thread.
9975 * @param iSegReg The index of the segment register to use for
9976 * this access. The base and limits are checked.
9977 * @param GCPtrMem The address of the guest memory.
9978 * @param u32Value The value to store.
9979 */
9980IEM_STATIC VBOXSTRICTRC iemMemStoreDataU32(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t u32Value)
9981{
9982 /* The lazy approach for now... */
9983 uint32_t *pu32Dst;
9984 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Dst, sizeof(*pu32Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
9985 if (rc == VINF_SUCCESS)
9986 {
9987 *pu32Dst = u32Value;
9988 rc = iemMemCommitAndUnmap(pVCpu, pu32Dst, IEM_ACCESS_DATA_W);
9989 }
9990 return rc;
9991}
9992
9993
9994#ifdef IEM_WITH_SETJMP
9995/**
9996 * Stores a data dword.
9997 *
9998 * @returns Strict VBox status code.
9999 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10000 * @param iSegReg The index of the segment register to use for
10001 * this access. The base and limits are checked.
10002 * @param GCPtrMem The address of the guest memory.
10003 * @param u32Value The value to store.
10004 */
10005IEM_STATIC void iemMemStoreDataU32Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t u32Value)
10006{
10007 /* The lazy approach for now... */
10008 uint32_t *pu32Dst = (uint32_t *)iemMemMapJmp(pVCpu, sizeof(*pu32Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10009 *pu32Dst = u32Value;
10010 iemMemCommitAndUnmapJmp(pVCpu, pu32Dst, IEM_ACCESS_DATA_W);
10011}
10012#endif
10013
10014
10015/**
10016 * Stores a data qword.
10017 *
10018 * @returns Strict VBox status code.
10019 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10020 * @param iSegReg The index of the segment register to use for
10021 * this access. The base and limits are checked.
10022 * @param GCPtrMem The address of the guest memory.
10023 * @param u64Value The value to store.
10024 */
10025IEM_STATIC VBOXSTRICTRC iemMemStoreDataU64(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint64_t u64Value)
10026{
10027 /* The lazy approach for now... */
10028 uint64_t *pu64Dst;
10029 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Dst, sizeof(*pu64Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10030 if (rc == VINF_SUCCESS)
10031 {
10032 *pu64Dst = u64Value;
10033 rc = iemMemCommitAndUnmap(pVCpu, pu64Dst, IEM_ACCESS_DATA_W);
10034 }
10035 return rc;
10036}
10037
10038
10039#ifdef IEM_WITH_SETJMP
10040/**
10041 * Stores a data qword, longjmp on error.
10042 *
10043 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10044 * @param iSegReg The index of the segment register to use for
10045 * this access. The base and limits are checked.
10046 * @param GCPtrMem The address of the guest memory.
10047 * @param u64Value The value to store.
10048 */
10049IEM_STATIC void iemMemStoreDataU64Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint64_t u64Value)
10050{
10051 /* The lazy approach for now... */
10052 uint64_t *pu64Dst = (uint64_t *)iemMemMapJmp(pVCpu, sizeof(*pu64Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10053 *pu64Dst = u64Value;
10054 iemMemCommitAndUnmapJmp(pVCpu, pu64Dst, IEM_ACCESS_DATA_W);
10055}
10056#endif
10057
10058
10059/**
10060 * Stores a data dqword.
10061 *
10062 * @returns Strict VBox status code.
10063 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10064 * @param iSegReg The index of the segment register to use for
10065 * this access. The base and limits are checked.
10066 * @param GCPtrMem The address of the guest memory.
10067 * @param u128Value The value to store.
10068 */
10069IEM_STATIC VBOXSTRICTRC iemMemStoreDataU128(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, RTUINT128U u128Value)
10070{
10071 /* The lazy approach for now... */
10072 PRTUINT128U pu128Dst;
10073 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu128Dst, sizeof(*pu128Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10074 if (rc == VINF_SUCCESS)
10075 {
10076 pu128Dst->au64[0] = u128Value.au64[0];
10077 pu128Dst->au64[1] = u128Value.au64[1];
10078 rc = iemMemCommitAndUnmap(pVCpu, pu128Dst, IEM_ACCESS_DATA_W);
10079 }
10080 return rc;
10081}
10082
10083
10084#ifdef IEM_WITH_SETJMP
10085/**
10086 * Stores a data dqword, longjmp on error.
10087 *
10088 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10089 * @param iSegReg The index of the segment register to use for
10090 * this access. The base and limits are checked.
10091 * @param GCPtrMem The address of the guest memory.
10092 * @param u128Value The value to store.
10093 */
10094IEM_STATIC void iemMemStoreDataU128Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, RTUINT128U u128Value)
10095{
10096 /* The lazy approach for now... */
10097 PRTUINT128U pu128Dst = (PRTUINT128U)iemMemMapJmp(pVCpu, sizeof(*pu128Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10098 pu128Dst->au64[0] = u128Value.au64[0];
10099 pu128Dst->au64[1] = u128Value.au64[1];
10100 iemMemCommitAndUnmapJmp(pVCpu, pu128Dst, IEM_ACCESS_DATA_W);
10101}
10102#endif
10103
10104
10105/**
10106 * Stores a data dqword, SSE aligned.
10107 *
10108 * @returns Strict VBox status code.
10109 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10110 * @param iSegReg The index of the segment register to use for
10111 * this access. The base and limits are checked.
10112 * @param GCPtrMem The address of the guest memory.
10113 * @param u128Value The value to store.
10114 */
10115IEM_STATIC VBOXSTRICTRC iemMemStoreDataU128AlignedSse(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, RTUINT128U u128Value)
10116{
10117 /* The lazy approach for now... */
10118 if ( (GCPtrMem & 15)
10119 && !(pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.MXCSR & X86_MXCSR_MM)) /** @todo should probably check this *after* applying seg.u64Base... Check real HW. */
10120 return iemRaiseGeneralProtectionFault0(pVCpu);
10121
10122 PRTUINT128U pu128Dst;
10123 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu128Dst, sizeof(*pu128Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10124 if (rc == VINF_SUCCESS)
10125 {
10126 pu128Dst->au64[0] = u128Value.au64[0];
10127 pu128Dst->au64[1] = u128Value.au64[1];
10128 rc = iemMemCommitAndUnmap(pVCpu, pu128Dst, IEM_ACCESS_DATA_W);
10129 }
10130 return rc;
10131}
10132
10133
10134#ifdef IEM_WITH_SETJMP
10135/**
10136 * Stores a data dqword, SSE aligned.
10137 *
10138 * @returns Strict VBox status code.
10139 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10140 * @param iSegReg The index of the segment register to use for
10141 * this access. The base and limits are checked.
10142 * @param GCPtrMem The address of the guest memory.
10143 * @param u128Value The value to store.
10144 */
10145DECL_NO_INLINE(IEM_STATIC, void)
10146iemMemStoreDataU128AlignedSseJmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, RTUINT128U u128Value)
10147{
10148 /* The lazy approach for now... */
10149 if ( (GCPtrMem & 15) == 0
10150 || (pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.MXCSR & X86_MXCSR_MM)) /** @todo should probably check this *after* applying seg.u64Base... Check real HW. */
10151 {
10152 PRTUINT128U pu128Dst = (PRTUINT128U)iemMemMapJmp(pVCpu, sizeof(*pu128Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10153 pu128Dst->au64[0] = u128Value.au64[0];
10154 pu128Dst->au64[1] = u128Value.au64[1];
10155 iemMemCommitAndUnmapJmp(pVCpu, pu128Dst, IEM_ACCESS_DATA_W);
10156 return;
10157 }
10158
10159 VBOXSTRICTRC rcStrict = iemRaiseGeneralProtectionFault0(pVCpu);
10160 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
10161}
10162#endif
10163
10164
10165/**
10166 * Stores a data dqword.
10167 *
10168 * @returns Strict VBox status code.
10169 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10170 * @param iSegReg The index of the segment register to use for
10171 * this access. The base and limits are checked.
10172 * @param GCPtrMem The address of the guest memory.
10173 * @param pu256Value Pointer to the value to store.
10174 */
10175IEM_STATIC VBOXSTRICTRC iemMemStoreDataU256(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, PCRTUINT256U pu256Value)
10176{
10177 /* The lazy approach for now... */
10178 PRTUINT256U pu256Dst;
10179 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu256Dst, sizeof(*pu256Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10180 if (rc == VINF_SUCCESS)
10181 {
10182 pu256Dst->au64[0] = pu256Value->au64[0];
10183 pu256Dst->au64[1] = pu256Value->au64[1];
10184 pu256Dst->au64[2] = pu256Value->au64[2];
10185 pu256Dst->au64[3] = pu256Value->au64[3];
10186 rc = iemMemCommitAndUnmap(pVCpu, pu256Dst, IEM_ACCESS_DATA_W);
10187 }
10188 return rc;
10189}
10190
10191
10192#ifdef IEM_WITH_SETJMP
10193/**
10194 * Stores a data dqword, longjmp on error.
10195 *
10196 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10197 * @param iSegReg The index of the segment register to use for
10198 * this access. The base and limits are checked.
10199 * @param GCPtrMem The address of the guest memory.
10200 * @param pu256Value Pointer to the value to store.
10201 */
10202IEM_STATIC void iemMemStoreDataU256Jmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, PCRTUINT256U pu256Value)
10203{
10204 /* The lazy approach for now... */
10205 PRTUINT256U pu256Dst = (PRTUINT256U)iemMemMapJmp(pVCpu, sizeof(*pu256Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10206 pu256Dst->au64[0] = pu256Value->au64[0];
10207 pu256Dst->au64[1] = pu256Value->au64[1];
10208 pu256Dst->au64[2] = pu256Value->au64[2];
10209 pu256Dst->au64[3] = pu256Value->au64[3];
10210 iemMemCommitAndUnmapJmp(pVCpu, pu256Dst, IEM_ACCESS_DATA_W);
10211}
10212#endif
10213
10214
10215/**
10216 * Stores a data dqword, AVX aligned.
10217 *
10218 * @returns Strict VBox status code.
10219 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10220 * @param iSegReg The index of the segment register to use for
10221 * this access. The base and limits are checked.
10222 * @param GCPtrMem The address of the guest memory.
10223 * @param pu256Value Pointer to the value to store.
10224 */
10225IEM_STATIC VBOXSTRICTRC iemMemStoreDataU256AlignedAvx(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, PCRTUINT256U pu256Value)
10226{
10227 /* The lazy approach for now... */
10228 if (GCPtrMem & 31)
10229 return iemRaiseGeneralProtectionFault0(pVCpu);
10230
10231 PRTUINT256U pu256Dst;
10232 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu256Dst, sizeof(*pu256Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10233 if (rc == VINF_SUCCESS)
10234 {
10235 pu256Dst->au64[0] = pu256Value->au64[0];
10236 pu256Dst->au64[1] = pu256Value->au64[1];
10237 pu256Dst->au64[2] = pu256Value->au64[2];
10238 pu256Dst->au64[3] = pu256Value->au64[3];
10239 rc = iemMemCommitAndUnmap(pVCpu, pu256Dst, IEM_ACCESS_DATA_W);
10240 }
10241 return rc;
10242}
10243
10244
10245#ifdef IEM_WITH_SETJMP
10246/**
10247 * Stores a data dqword, AVX aligned.
10248 *
10249 * @returns Strict VBox status code.
10250 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10251 * @param iSegReg The index of the segment register to use for
10252 * this access. The base and limits are checked.
10253 * @param GCPtrMem The address of the guest memory.
10254 * @param pu256Value Pointer to the value to store.
10255 */
10256DECL_NO_INLINE(IEM_STATIC, void)
10257iemMemStoreDataU256AlignedAvxJmp(PVMCPU pVCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, PCRTUINT256U pu256Value)
10258{
10259 /* The lazy approach for now... */
10260 if ((GCPtrMem & 31) == 0)
10261 {
10262 PRTUINT256U pu256Dst = (PRTUINT256U)iemMemMapJmp(pVCpu, sizeof(*pu256Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
10263 pu256Dst->au64[0] = pu256Value->au64[0];
10264 pu256Dst->au64[1] = pu256Value->au64[1];
10265 pu256Dst->au64[2] = pu256Value->au64[2];
10266 pu256Dst->au64[3] = pu256Value->au64[3];
10267 iemMemCommitAndUnmapJmp(pVCpu, pu256Dst, IEM_ACCESS_DATA_W);
10268 return;
10269 }
10270
10271 VBOXSTRICTRC rcStrict = iemRaiseGeneralProtectionFault0(pVCpu);
10272 longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
10273}
10274#endif
10275
10276
10277/**
10278 * Stores a descriptor register (sgdt, sidt).
10279 *
10280 * @returns Strict VBox status code.
10281 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10282 * @param cbLimit The limit.
10283 * @param GCPtrBase The base address.
10284 * @param iSegReg The index of the segment register to use for
10285 * this access. The base and limits are checked.
10286 * @param GCPtrMem The address of the guest memory.
10287 */
10288IEM_STATIC VBOXSTRICTRC
10289iemMemStoreDataXdtr(PVMCPU pVCpu, uint16_t cbLimit, RTGCPTR GCPtrBase, uint8_t iSegReg, RTGCPTR GCPtrMem)
10290{
10291 /*
10292 * The SIDT and SGDT instructions actually stores the data using two
10293 * independent writes. The instructions does not respond to opsize prefixes.
10294 */
10295 VBOXSTRICTRC rcStrict = iemMemStoreDataU16(pVCpu, iSegReg, GCPtrMem, cbLimit);
10296 if (rcStrict == VINF_SUCCESS)
10297 {
10298 if (pVCpu->iem.s.enmCpuMode == IEMMODE_16BIT)
10299 rcStrict = iemMemStoreDataU32(pVCpu, iSegReg, GCPtrMem + 2,
10300 IEM_GET_TARGET_CPU(pVCpu) <= IEMTARGETCPU_286
10301 ? (uint32_t)GCPtrBase | UINT32_C(0xff000000) : (uint32_t)GCPtrBase);
10302 else if (pVCpu->iem.s.enmCpuMode == IEMMODE_32BIT)
10303 rcStrict = iemMemStoreDataU32(pVCpu, iSegReg, GCPtrMem + 2, (uint32_t)GCPtrBase);
10304 else
10305 rcStrict = iemMemStoreDataU64(pVCpu, iSegReg, GCPtrMem + 2, GCPtrBase);
10306 }
10307 return rcStrict;
10308}
10309
10310
10311/**
10312 * Pushes a word onto the stack.
10313 *
10314 * @returns Strict VBox status code.
10315 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10316 * @param u16Value The value to push.
10317 */
10318IEM_STATIC VBOXSTRICTRC iemMemStackPushU16(PVMCPU pVCpu, uint16_t u16Value)
10319{
10320 /* Increment the stack pointer. */
10321 uint64_t uNewRsp;
10322 RTGCPTR GCPtrTop = iemRegGetRspForPush(pVCpu, 2, &uNewRsp);
10323
10324 /* Write the word the lazy way. */
10325 uint16_t *pu16Dst;
10326 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Dst, sizeof(*pu16Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10327 if (rc == VINF_SUCCESS)
10328 {
10329 *pu16Dst = u16Value;
10330 rc = iemMemCommitAndUnmap(pVCpu, pu16Dst, IEM_ACCESS_STACK_W);
10331 }
10332
10333 /* Commit the new RSP value unless we an access handler made trouble. */
10334 if (rc == VINF_SUCCESS)
10335 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10336
10337 return rc;
10338}
10339
10340
10341/**
10342 * Pushes a dword onto the stack.
10343 *
10344 * @returns Strict VBox status code.
10345 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10346 * @param u32Value The value to push.
10347 */
10348IEM_STATIC VBOXSTRICTRC iemMemStackPushU32(PVMCPU pVCpu, uint32_t u32Value)
10349{
10350 /* Increment the stack pointer. */
10351 uint64_t uNewRsp;
10352 RTGCPTR GCPtrTop = iemRegGetRspForPush(pVCpu, 4, &uNewRsp);
10353
10354 /* Write the dword the lazy way. */
10355 uint32_t *pu32Dst;
10356 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10357 if (rc == VINF_SUCCESS)
10358 {
10359 *pu32Dst = u32Value;
10360 rc = iemMemCommitAndUnmap(pVCpu, pu32Dst, IEM_ACCESS_STACK_W);
10361 }
10362
10363 /* Commit the new RSP value unless we an access handler made trouble. */
10364 if (rc == VINF_SUCCESS)
10365 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10366
10367 return rc;
10368}
10369
10370
10371/**
10372 * Pushes a dword segment register value onto the stack.
10373 *
10374 * @returns Strict VBox status code.
10375 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10376 * @param u32Value The value to push.
10377 */
10378IEM_STATIC VBOXSTRICTRC iemMemStackPushU32SReg(PVMCPU pVCpu, uint32_t u32Value)
10379{
10380 /* Increment the stack pointer. */
10381 uint64_t uNewRsp;
10382 RTGCPTR GCPtrTop = iemRegGetRspForPush(pVCpu, 4, &uNewRsp);
10383
10384 /* The intel docs talks about zero extending the selector register
10385 value. My actual intel CPU here might be zero extending the value
10386 but it still only writes the lower word... */
10387 /** @todo Test this on new HW and on AMD and in 64-bit mode. Also test what
10388 * happens when crossing an electric page boundrary, is the high word checked
10389 * for write accessibility or not? Probably it is. What about segment limits?
10390 * It appears this behavior is also shared with trap error codes.
10391 *
10392 * Docs indicate the behavior changed maybe in Pentium or Pentium Pro. Check
10393 * ancient hardware when it actually did change. */
10394 uint16_t *pu16Dst;
10395 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Dst, sizeof(uint32_t), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_RW);
10396 if (rc == VINF_SUCCESS)
10397 {
10398 *pu16Dst = (uint16_t)u32Value;
10399 rc = iemMemCommitAndUnmap(pVCpu, pu16Dst, IEM_ACCESS_STACK_RW);
10400 }
10401
10402 /* Commit the new RSP value unless we an access handler made trouble. */
10403 if (rc == VINF_SUCCESS)
10404 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10405
10406 return rc;
10407}
10408
10409
10410/**
10411 * Pushes a qword onto the stack.
10412 *
10413 * @returns Strict VBox status code.
10414 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10415 * @param u64Value The value to push.
10416 */
10417IEM_STATIC VBOXSTRICTRC iemMemStackPushU64(PVMCPU pVCpu, uint64_t u64Value)
10418{
10419 /* Increment the stack pointer. */
10420 uint64_t uNewRsp;
10421 RTGCPTR GCPtrTop = iemRegGetRspForPush(pVCpu, 8, &uNewRsp);
10422
10423 /* Write the word the lazy way. */
10424 uint64_t *pu64Dst;
10425 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Dst, sizeof(*pu64Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10426 if (rc == VINF_SUCCESS)
10427 {
10428 *pu64Dst = u64Value;
10429 rc = iemMemCommitAndUnmap(pVCpu, pu64Dst, IEM_ACCESS_STACK_W);
10430 }
10431
10432 /* Commit the new RSP value unless we an access handler made trouble. */
10433 if (rc == VINF_SUCCESS)
10434 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10435
10436 return rc;
10437}
10438
10439
10440/**
10441 * Pops a word from the stack.
10442 *
10443 * @returns Strict VBox status code.
10444 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10445 * @param pu16Value Where to store the popped value.
10446 */
10447IEM_STATIC VBOXSTRICTRC iemMemStackPopU16(PVMCPU pVCpu, uint16_t *pu16Value)
10448{
10449 /* Increment the stack pointer. */
10450 uint64_t uNewRsp;
10451 RTGCPTR GCPtrTop = iemRegGetRspForPop(pVCpu, 2, &uNewRsp);
10452
10453 /* Write the word the lazy way. */
10454 uint16_t const *pu16Src;
10455 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Src, sizeof(*pu16Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10456 if (rc == VINF_SUCCESS)
10457 {
10458 *pu16Value = *pu16Src;
10459 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu16Src, IEM_ACCESS_STACK_R);
10460
10461 /* Commit the new RSP value. */
10462 if (rc == VINF_SUCCESS)
10463 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10464 }
10465
10466 return rc;
10467}
10468
10469
10470/**
10471 * Pops a dword from the stack.
10472 *
10473 * @returns Strict VBox status code.
10474 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10475 * @param pu32Value Where to store the popped value.
10476 */
10477IEM_STATIC VBOXSTRICTRC iemMemStackPopU32(PVMCPU pVCpu, uint32_t *pu32Value)
10478{
10479 /* Increment the stack pointer. */
10480 uint64_t uNewRsp;
10481 RTGCPTR GCPtrTop = iemRegGetRspForPop(pVCpu, 4, &uNewRsp);
10482
10483 /* Write the word the lazy way. */
10484 uint32_t const *pu32Src;
10485 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Src, sizeof(*pu32Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10486 if (rc == VINF_SUCCESS)
10487 {
10488 *pu32Value = *pu32Src;
10489 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu32Src, IEM_ACCESS_STACK_R);
10490
10491 /* Commit the new RSP value. */
10492 if (rc == VINF_SUCCESS)
10493 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10494 }
10495
10496 return rc;
10497}
10498
10499
10500/**
10501 * Pops a qword from the stack.
10502 *
10503 * @returns Strict VBox status code.
10504 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10505 * @param pu64Value Where to store the popped value.
10506 */
10507IEM_STATIC VBOXSTRICTRC iemMemStackPopU64(PVMCPU pVCpu, uint64_t *pu64Value)
10508{
10509 /* Increment the stack pointer. */
10510 uint64_t uNewRsp;
10511 RTGCPTR GCPtrTop = iemRegGetRspForPop(pVCpu, 8, &uNewRsp);
10512
10513 /* Write the word the lazy way. */
10514 uint64_t const *pu64Src;
10515 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Src, sizeof(*pu64Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10516 if (rc == VINF_SUCCESS)
10517 {
10518 *pu64Value = *pu64Src;
10519 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu64Src, IEM_ACCESS_STACK_R);
10520
10521 /* Commit the new RSP value. */
10522 if (rc == VINF_SUCCESS)
10523 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10524 }
10525
10526 return rc;
10527}
10528
10529
10530/**
10531 * Pushes a word onto the stack, using a temporary stack pointer.
10532 *
10533 * @returns Strict VBox status code.
10534 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10535 * @param u16Value The value to push.
10536 * @param pTmpRsp Pointer to the temporary stack pointer.
10537 */
10538IEM_STATIC VBOXSTRICTRC iemMemStackPushU16Ex(PVMCPU pVCpu, uint16_t u16Value, PRTUINT64U pTmpRsp)
10539{
10540 /* Increment the stack pointer. */
10541 RTUINT64U NewRsp = *pTmpRsp;
10542 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(pVCpu, &NewRsp, 2);
10543
10544 /* Write the word the lazy way. */
10545 uint16_t *pu16Dst;
10546 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Dst, sizeof(*pu16Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10547 if (rc == VINF_SUCCESS)
10548 {
10549 *pu16Dst = u16Value;
10550 rc = iemMemCommitAndUnmap(pVCpu, pu16Dst, IEM_ACCESS_STACK_W);
10551 }
10552
10553 /* Commit the new RSP value unless we an access handler made trouble. */
10554 if (rc == VINF_SUCCESS)
10555 *pTmpRsp = NewRsp;
10556
10557 return rc;
10558}
10559
10560
10561/**
10562 * Pushes a dword onto the stack, using a temporary stack pointer.
10563 *
10564 * @returns Strict VBox status code.
10565 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10566 * @param u32Value The value to push.
10567 * @param pTmpRsp Pointer to the temporary stack pointer.
10568 */
10569IEM_STATIC VBOXSTRICTRC iemMemStackPushU32Ex(PVMCPU pVCpu, uint32_t u32Value, PRTUINT64U pTmpRsp)
10570{
10571 /* Increment the stack pointer. */
10572 RTUINT64U NewRsp = *pTmpRsp;
10573 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(pVCpu, &NewRsp, 4);
10574
10575 /* Write the word the lazy way. */
10576 uint32_t *pu32Dst;
10577 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10578 if (rc == VINF_SUCCESS)
10579 {
10580 *pu32Dst = u32Value;
10581 rc = iemMemCommitAndUnmap(pVCpu, pu32Dst, IEM_ACCESS_STACK_W);
10582 }
10583
10584 /* Commit the new RSP value unless we an access handler made trouble. */
10585 if (rc == VINF_SUCCESS)
10586 *pTmpRsp = NewRsp;
10587
10588 return rc;
10589}
10590
10591
10592/**
10593 * Pushes a dword onto the stack, using a temporary stack pointer.
10594 *
10595 * @returns Strict VBox status code.
10596 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10597 * @param u64Value The value to push.
10598 * @param pTmpRsp Pointer to the temporary stack pointer.
10599 */
10600IEM_STATIC VBOXSTRICTRC iemMemStackPushU64Ex(PVMCPU pVCpu, uint64_t u64Value, PRTUINT64U pTmpRsp)
10601{
10602 /* Increment the stack pointer. */
10603 RTUINT64U NewRsp = *pTmpRsp;
10604 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(pVCpu, &NewRsp, 8);
10605
10606 /* Write the word the lazy way. */
10607 uint64_t *pu64Dst;
10608 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Dst, sizeof(*pu64Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10609 if (rc == VINF_SUCCESS)
10610 {
10611 *pu64Dst = u64Value;
10612 rc = iemMemCommitAndUnmap(pVCpu, pu64Dst, IEM_ACCESS_STACK_W);
10613 }
10614
10615 /* Commit the new RSP value unless we an access handler made trouble. */
10616 if (rc == VINF_SUCCESS)
10617 *pTmpRsp = NewRsp;
10618
10619 return rc;
10620}
10621
10622
10623/**
10624 * Pops a word from the stack, using a temporary stack pointer.
10625 *
10626 * @returns Strict VBox status code.
10627 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10628 * @param pu16Value Where to store the popped value.
10629 * @param pTmpRsp Pointer to the temporary stack pointer.
10630 */
10631IEM_STATIC VBOXSTRICTRC iemMemStackPopU16Ex(PVMCPU pVCpu, uint16_t *pu16Value, PRTUINT64U pTmpRsp)
10632{
10633 /* Increment the stack pointer. */
10634 RTUINT64U NewRsp = *pTmpRsp;
10635 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pVCpu, &NewRsp, 2);
10636
10637 /* Write the word the lazy way. */
10638 uint16_t const *pu16Src;
10639 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Src, sizeof(*pu16Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10640 if (rc == VINF_SUCCESS)
10641 {
10642 *pu16Value = *pu16Src;
10643 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu16Src, IEM_ACCESS_STACK_R);
10644
10645 /* Commit the new RSP value. */
10646 if (rc == VINF_SUCCESS)
10647 *pTmpRsp = NewRsp;
10648 }
10649
10650 return rc;
10651}
10652
10653
10654/**
10655 * Pops a dword from the stack, using a temporary stack pointer.
10656 *
10657 * @returns Strict VBox status code.
10658 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10659 * @param pu32Value Where to store the popped value.
10660 * @param pTmpRsp Pointer to the temporary stack pointer.
10661 */
10662IEM_STATIC VBOXSTRICTRC iemMemStackPopU32Ex(PVMCPU pVCpu, uint32_t *pu32Value, PRTUINT64U pTmpRsp)
10663{
10664 /* Increment the stack pointer. */
10665 RTUINT64U NewRsp = *pTmpRsp;
10666 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pVCpu, &NewRsp, 4);
10667
10668 /* Write the word the lazy way. */
10669 uint32_t const *pu32Src;
10670 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Src, sizeof(*pu32Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10671 if (rc == VINF_SUCCESS)
10672 {
10673 *pu32Value = *pu32Src;
10674 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu32Src, IEM_ACCESS_STACK_R);
10675
10676 /* Commit the new RSP value. */
10677 if (rc == VINF_SUCCESS)
10678 *pTmpRsp = NewRsp;
10679 }
10680
10681 return rc;
10682}
10683
10684
10685/**
10686 * Pops a qword from the stack, using a temporary stack pointer.
10687 *
10688 * @returns Strict VBox status code.
10689 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10690 * @param pu64Value Where to store the popped value.
10691 * @param pTmpRsp Pointer to the temporary stack pointer.
10692 */
10693IEM_STATIC VBOXSTRICTRC iemMemStackPopU64Ex(PVMCPU pVCpu, uint64_t *pu64Value, PRTUINT64U pTmpRsp)
10694{
10695 /* Increment the stack pointer. */
10696 RTUINT64U NewRsp = *pTmpRsp;
10697 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pVCpu, &NewRsp, 8);
10698
10699 /* Write the word the lazy way. */
10700 uint64_t const *pu64Src;
10701 VBOXSTRICTRC rcStrict = iemMemMap(pVCpu, (void **)&pu64Src, sizeof(*pu64Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10702 if (rcStrict == VINF_SUCCESS)
10703 {
10704 *pu64Value = *pu64Src;
10705 rcStrict = iemMemCommitAndUnmap(pVCpu, (void *)pu64Src, IEM_ACCESS_STACK_R);
10706
10707 /* Commit the new RSP value. */
10708 if (rcStrict == VINF_SUCCESS)
10709 *pTmpRsp = NewRsp;
10710 }
10711
10712 return rcStrict;
10713}
10714
10715
10716/**
10717 * Begin a special stack push (used by interrupt, exceptions and such).
10718 *
10719 * This will raise \#SS or \#PF if appropriate.
10720 *
10721 * @returns Strict VBox status code.
10722 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10723 * @param cbMem The number of bytes to push onto the stack.
10724 * @param ppvMem Where to return the pointer to the stack memory.
10725 * As with the other memory functions this could be
10726 * direct access or bounce buffered access, so
10727 * don't commit register until the commit call
10728 * succeeds.
10729 * @param puNewRsp Where to return the new RSP value. This must be
10730 * passed unchanged to
10731 * iemMemStackPushCommitSpecial().
10732 */
10733IEM_STATIC VBOXSTRICTRC iemMemStackPushBeginSpecial(PVMCPU pVCpu, size_t cbMem, void **ppvMem, uint64_t *puNewRsp)
10734{
10735 Assert(cbMem < UINT8_MAX);
10736 RTGCPTR GCPtrTop = iemRegGetRspForPush(pVCpu, (uint8_t)cbMem, puNewRsp);
10737 return iemMemMap(pVCpu, ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
10738}
10739
10740
10741/**
10742 * Commits a special stack push (started by iemMemStackPushBeginSpecial).
10743 *
10744 * This will update the rSP.
10745 *
10746 * @returns Strict VBox status code.
10747 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10748 * @param pvMem The pointer returned by
10749 * iemMemStackPushBeginSpecial().
10750 * @param uNewRsp The new RSP value returned by
10751 * iemMemStackPushBeginSpecial().
10752 */
10753IEM_STATIC VBOXSTRICTRC iemMemStackPushCommitSpecial(PVMCPU pVCpu, void *pvMem, uint64_t uNewRsp)
10754{
10755 VBOXSTRICTRC rcStrict = iemMemCommitAndUnmap(pVCpu, pvMem, IEM_ACCESS_STACK_W);
10756 if (rcStrict == VINF_SUCCESS)
10757 pVCpu->cpum.GstCtx.rsp = uNewRsp;
10758 return rcStrict;
10759}
10760
10761
10762/**
10763 * Begin a special stack pop (used by iret, retf and such).
10764 *
10765 * This will raise \#SS or \#PF if appropriate.
10766 *
10767 * @returns Strict VBox status code.
10768 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10769 * @param cbMem The number of bytes to pop from the stack.
10770 * @param ppvMem Where to return the pointer to the stack memory.
10771 * @param puNewRsp Where to return the new RSP value. This must be
10772 * assigned to CPUMCTX::rsp manually some time
10773 * after iemMemStackPopDoneSpecial() has been
10774 * called.
10775 */
10776IEM_STATIC VBOXSTRICTRC iemMemStackPopBeginSpecial(PVMCPU pVCpu, size_t cbMem, void const **ppvMem, uint64_t *puNewRsp)
10777{
10778 Assert(cbMem < UINT8_MAX);
10779 RTGCPTR GCPtrTop = iemRegGetRspForPop(pVCpu, (uint8_t)cbMem, puNewRsp);
10780 return iemMemMap(pVCpu, (void **)ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10781}
10782
10783
10784/**
10785 * Continue a special stack pop (used by iret and retf).
10786 *
10787 * This will raise \#SS or \#PF if appropriate.
10788 *
10789 * @returns Strict VBox status code.
10790 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10791 * @param cbMem The number of bytes to pop from the stack.
10792 * @param ppvMem Where to return the pointer to the stack memory.
10793 * @param puNewRsp Where to return the new RSP value. This must be
10794 * assigned to CPUMCTX::rsp manually some time
10795 * after iemMemStackPopDoneSpecial() has been
10796 * called.
10797 */
10798IEM_STATIC VBOXSTRICTRC iemMemStackPopContinueSpecial(PVMCPU pVCpu, size_t cbMem, void const **ppvMem, uint64_t *puNewRsp)
10799{
10800 Assert(cbMem < UINT8_MAX);
10801 RTUINT64U NewRsp;
10802 NewRsp.u = *puNewRsp;
10803 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(pVCpu, &NewRsp, 8);
10804 *puNewRsp = NewRsp.u;
10805 return iemMemMap(pVCpu, (void **)ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
10806}
10807
10808
10809/**
10810 * Done with a special stack pop (started by iemMemStackPopBeginSpecial or
10811 * iemMemStackPopContinueSpecial).
10812 *
10813 * The caller will manually commit the rSP.
10814 *
10815 * @returns Strict VBox status code.
10816 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10817 * @param pvMem The pointer returned by
10818 * iemMemStackPopBeginSpecial() or
10819 * iemMemStackPopContinueSpecial().
10820 */
10821IEM_STATIC VBOXSTRICTRC iemMemStackPopDoneSpecial(PVMCPU pVCpu, void const *pvMem)
10822{
10823 return iemMemCommitAndUnmap(pVCpu, (void *)pvMem, IEM_ACCESS_STACK_R);
10824}
10825
10826
10827/**
10828 * Fetches a system table byte.
10829 *
10830 * @returns Strict VBox status code.
10831 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10832 * @param pbDst Where to return the byte.
10833 * @param iSegReg The index of the segment register to use for
10834 * this access. The base and limits are checked.
10835 * @param GCPtrMem The address of the guest memory.
10836 */
10837IEM_STATIC VBOXSTRICTRC iemMemFetchSysU8(PVMCPU pVCpu, uint8_t *pbDst, uint8_t iSegReg, RTGCPTR GCPtrMem)
10838{
10839 /* The lazy approach for now... */
10840 uint8_t const *pbSrc;
10841 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pbSrc, sizeof(*pbSrc), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
10842 if (rc == VINF_SUCCESS)
10843 {
10844 *pbDst = *pbSrc;
10845 rc = iemMemCommitAndUnmap(pVCpu, (void *)pbSrc, IEM_ACCESS_SYS_R);
10846 }
10847 return rc;
10848}
10849
10850
10851/**
10852 * Fetches a system table word.
10853 *
10854 * @returns Strict VBox status code.
10855 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10856 * @param pu16Dst Where to return the word.
10857 * @param iSegReg The index of the segment register to use for
10858 * this access. The base and limits are checked.
10859 * @param GCPtrMem The address of the guest memory.
10860 */
10861IEM_STATIC VBOXSTRICTRC iemMemFetchSysU16(PVMCPU pVCpu, uint16_t *pu16Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
10862{
10863 /* The lazy approach for now... */
10864 uint16_t const *pu16Src;
10865 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu16Src, sizeof(*pu16Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
10866 if (rc == VINF_SUCCESS)
10867 {
10868 *pu16Dst = *pu16Src;
10869 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu16Src, IEM_ACCESS_SYS_R);
10870 }
10871 return rc;
10872}
10873
10874
10875/**
10876 * Fetches a system table dword.
10877 *
10878 * @returns Strict VBox status code.
10879 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10880 * @param pu32Dst Where to return the dword.
10881 * @param iSegReg The index of the segment register to use for
10882 * this access. The base and limits are checked.
10883 * @param GCPtrMem The address of the guest memory.
10884 */
10885IEM_STATIC VBOXSTRICTRC iemMemFetchSysU32(PVMCPU pVCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
10886{
10887 /* The lazy approach for now... */
10888 uint32_t const *pu32Src;
10889 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu32Src, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
10890 if (rc == VINF_SUCCESS)
10891 {
10892 *pu32Dst = *pu32Src;
10893 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu32Src, IEM_ACCESS_SYS_R);
10894 }
10895 return rc;
10896}
10897
10898
10899/**
10900 * Fetches a system table qword.
10901 *
10902 * @returns Strict VBox status code.
10903 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10904 * @param pu64Dst Where to return the qword.
10905 * @param iSegReg The index of the segment register to use for
10906 * this access. The base and limits are checked.
10907 * @param GCPtrMem The address of the guest memory.
10908 */
10909IEM_STATIC VBOXSTRICTRC iemMemFetchSysU64(PVMCPU pVCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
10910{
10911 /* The lazy approach for now... */
10912 uint64_t const *pu64Src;
10913 VBOXSTRICTRC rc = iemMemMap(pVCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
10914 if (rc == VINF_SUCCESS)
10915 {
10916 *pu64Dst = *pu64Src;
10917 rc = iemMemCommitAndUnmap(pVCpu, (void *)pu64Src, IEM_ACCESS_SYS_R);
10918 }
10919 return rc;
10920}
10921
10922
10923/**
10924 * Fetches a descriptor table entry with caller specified error code.
10925 *
10926 * @returns Strict VBox status code.
10927 * @param pVCpu The cross context virtual CPU structure of the calling thread.
10928 * @param pDesc Where to return the descriptor table entry.
10929 * @param uSel The selector which table entry to fetch.
10930 * @param uXcpt The exception to raise on table lookup error.
10931 * @param uErrorCode The error code associated with the exception.
10932 */
10933IEM_STATIC VBOXSTRICTRC
10934iemMemFetchSelDescWithErr(PVMCPU pVCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt, uint16_t uErrorCode)
10935{
10936 AssertPtr(pDesc);
10937 IEM_CTX_IMPORT_RET(pVCpu, CPUMCTX_EXTRN_GDTR | CPUMCTX_EXTRN_LDTR);
10938
10939 /** @todo did the 286 require all 8 bytes to be accessible? */
10940 /*
10941 * Get the selector table base and check bounds.
10942 */
10943 RTGCPTR GCPtrBase;
10944 if (uSel & X86_SEL_LDT)
10945 {
10946 if ( !pVCpu->cpum.GstCtx.ldtr.Attr.n.u1Present
10947 || (uSel | X86_SEL_RPL_LDT) > pVCpu->cpum.GstCtx.ldtr.u32Limit )
10948 {
10949 Log(("iemMemFetchSelDesc: LDT selector %#x is out of bounds (%3x) or ldtr is NP (%#x)\n",
10950 uSel, pVCpu->cpum.GstCtx.ldtr.u32Limit, pVCpu->cpum.GstCtx.ldtr.Sel));
10951 return iemRaiseXcptOrInt(pVCpu, 0, uXcpt, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
10952 uErrorCode, 0);
10953 }
10954
10955 Assert(pVCpu->cpum.GstCtx.ldtr.Attr.n.u1Present);
10956 GCPtrBase = pVCpu->cpum.GstCtx.ldtr.u64Base;
10957 }
10958 else
10959 {
10960 if ((uSel | X86_SEL_RPL_LDT) > pVCpu->cpum.GstCtx.gdtr.cbGdt)
10961 {
10962 Log(("iemMemFetchSelDesc: GDT selector %#x is out of bounds (%3x)\n", uSel, pVCpu->cpum.GstCtx.gdtr.cbGdt));
10963 return iemRaiseXcptOrInt(pVCpu, 0, uXcpt, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
10964 uErrorCode, 0);
10965 }
10966 GCPtrBase = pVCpu->cpum.GstCtx.gdtr.pGdt;
10967 }
10968
10969 /*
10970 * Read the legacy descriptor and maybe the long mode extensions if
10971 * required.
10972 */
10973 VBOXSTRICTRC rcStrict;
10974 if (IEM_GET_TARGET_CPU(pVCpu) > IEMTARGETCPU_286)
10975 rcStrict = iemMemFetchSysU64(pVCpu, &pDesc->Legacy.u, UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK));
10976 else
10977 {
10978 rcStrict = iemMemFetchSysU16(pVCpu, &pDesc->Legacy.au16[0], UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK) + 0);
10979 if (rcStrict == VINF_SUCCESS)
10980 rcStrict = iemMemFetchSysU16(pVCpu, &pDesc->Legacy.au16[1], UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK) + 2);
10981 if (rcStrict == VINF_SUCCESS)
10982 rcStrict = iemMemFetchSysU16(pVCpu, &pDesc->Legacy.au16[2], UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK) + 4);
10983 if (rcStrict == VINF_SUCCESS)
10984 pDesc->Legacy.au16[3] = 0;
10985 else
10986 return rcStrict;
10987 }
10988
10989 if (rcStrict == VINF_SUCCESS)
10990 {
10991 if ( !IEM_IS_LONG_MODE(pVCpu)
10992 || pDesc->Legacy.Gen.u1DescType)
10993 pDesc->Long.au64[1] = 0;
10994 else if ((uint32_t)(uSel | X86_SEL_RPL_LDT) + 8 <= (uSel & X86_SEL_LDT ? pVCpu->cpum.GstCtx.ldtr.u32Limit : pVCpu->cpum.GstCtx.gdtr.cbGdt))
10995 rcStrict = iemMemFetchSysU64(pVCpu, &pDesc->Long.au64[1], UINT8_MAX, GCPtrBase + (uSel | X86_SEL_RPL_LDT) + 1);
10996 else
10997 {
10998 Log(("iemMemFetchSelDesc: system selector %#x is out of bounds\n", uSel));
10999 /** @todo is this the right exception? */
11000 return iemRaiseXcptOrInt(pVCpu, 0, uXcpt, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErrorCode, 0);
11001 }
11002 }
11003 return rcStrict;
11004}
11005
11006
11007/**
11008 * Fetches a descriptor table entry.
11009 *
11010 * @returns Strict VBox status code.
11011 * @param pVCpu The cross context virtual CPU structure of the calling thread.
11012 * @param pDesc Where to return the descriptor table entry.
11013 * @param uSel The selector which table entry to fetch.
11014 * @param uXcpt The exception to raise on table lookup error.
11015 */
11016IEM_STATIC VBOXSTRICTRC iemMemFetchSelDesc(PVMCPU pVCpu, PIEMSELDESC pDesc, uint16_t uSel, uint8_t uXcpt)
11017{
11018 return iemMemFetchSelDescWithErr(pVCpu, pDesc, uSel, uXcpt, uSel & X86_SEL_MASK_OFF_RPL);
11019}
11020
11021
11022/**
11023 * Fakes a long mode stack selector for SS = 0.
11024 *
11025 * @param pDescSs Where to return the fake stack descriptor.
11026 * @param uDpl The DPL we want.
11027 */
11028IEM_STATIC void iemMemFakeStackSelDesc(PIEMSELDESC pDescSs, uint32_t uDpl)
11029{
11030 pDescSs->Long.au64[0] = 0;
11031 pDescSs->Long.au64[1] = 0;
11032 pDescSs->Long.Gen.u4Type = X86_SEL_TYPE_RW_ACC;
11033 pDescSs->Long.Gen.u1DescType = 1; /* 1 = code / data, 0 = system. */
11034 pDescSs->Long.Gen.u2Dpl = uDpl;
11035 pDescSs->Long.Gen.u1Present = 1;
11036 pDescSs->Long.Gen.u1Long = 1;
11037}
11038
11039
11040/**
11041 * Marks the selector descriptor as accessed (only non-system descriptors).
11042 *
11043 * This function ASSUMES that iemMemFetchSelDesc has be called previously and
11044 * will therefore skip the limit checks.
11045 *
11046 * @returns Strict VBox status code.
11047 * @param pVCpu The cross context virtual CPU structure of the calling thread.
11048 * @param uSel The selector.
11049 */
11050IEM_STATIC VBOXSTRICTRC iemMemMarkSelDescAccessed(PVMCPU pVCpu, uint16_t uSel)
11051{
11052 /*
11053 * Get the selector table base and calculate the entry address.
11054 */
11055 RTGCPTR GCPtr = uSel & X86_SEL_LDT
11056 ? pVCpu->cpum.GstCtx.ldtr.u64Base
11057 : pVCpu->cpum.GstCtx.gdtr.pGdt;
11058 GCPtr += uSel & X86_SEL_MASK;
11059
11060 /*
11061 * ASMAtomicBitSet will assert if the address is misaligned, so do some
11062 * ugly stuff to avoid this. This will make sure it's an atomic access
11063 * as well more or less remove any question about 8-bit or 32-bit accesss.
11064 */
11065 VBOXSTRICTRC rcStrict;
11066 uint32_t volatile *pu32;
11067 if ((GCPtr & 3) == 0)
11068 {
11069 /* The normal case, map the 32-bit bits around the accessed bit (40). */
11070 GCPtr += 2 + 2;
11071 rcStrict = iemMemMap(pVCpu, (void **)&pu32, 4, UINT8_MAX, GCPtr, IEM_ACCESS_SYS_RW);
11072 if (rcStrict != VINF_SUCCESS)
11073 return rcStrict;
11074 ASMAtomicBitSet(pu32, 8); /* X86_SEL_TYPE_ACCESSED is 1, but it is preceeded by u8BaseHigh1. */
11075 }
11076 else
11077 {
11078 /* The misaligned GDT/LDT case, map the whole thing. */
11079 rcStrict = iemMemMap(pVCpu, (void **)&pu32, 8, UINT8_MAX, GCPtr, IEM_ACCESS_SYS_RW);
11080 if (rcStrict != VINF_SUCCESS)
11081 return rcStrict;
11082 switch ((uintptr_t)pu32 & 3)
11083 {
11084 case 0: ASMAtomicBitSet(pu32, 40 + 0 - 0); break;
11085 case 1: ASMAtomicBitSet((uint8_t volatile *)pu32 + 3, 40 + 0 - 24); break;
11086 case 2: ASMAtomicBitSet((uint8_t volatile *)pu32 + 2, 40 + 0 - 16); break;
11087 case 3: ASMAtomicBitSet((uint8_t volatile *)pu32 + 1, 40 + 0 - 8); break;
11088 }
11089 }
11090
11091 return iemMemCommitAndUnmap(pVCpu, (void *)pu32, IEM_ACCESS_SYS_RW);
11092}
11093
11094/** @} */
11095
11096
11097/*
11098 * Include the C/C++ implementation of instruction.
11099 */
11100#include "IEMAllCImpl.cpp.h"
11101
11102
11103
11104/** @name "Microcode" macros.
11105 *
11106 * The idea is that we should be able to use the same code to interpret
11107 * instructions as well as recompiler instructions. Thus this obfuscation.
11108 *
11109 * @{
11110 */
11111#define IEM_MC_BEGIN(a_cArgs, a_cLocals) {
11112#define IEM_MC_END() }
11113#define IEM_MC_PAUSE() do {} while (0)
11114#define IEM_MC_CONTINUE() do {} while (0)
11115
11116/** Internal macro. */
11117#define IEM_MC_RETURN_ON_FAILURE(a_Expr) \
11118 do \
11119 { \
11120 VBOXSTRICTRC rcStrict2 = a_Expr; \
11121 if (rcStrict2 != VINF_SUCCESS) \
11122 return rcStrict2; \
11123 } while (0)
11124
11125
11126#define IEM_MC_ADVANCE_RIP() iemRegUpdateRipAndClearRF(pVCpu)
11127#define IEM_MC_REL_JMP_S8(a_i8) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS8(pVCpu, a_i8))
11128#define IEM_MC_REL_JMP_S16(a_i16) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS16(pVCpu, a_i16))
11129#define IEM_MC_REL_JMP_S32(a_i32) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS32(pVCpu, a_i32))
11130#define IEM_MC_SET_RIP_U16(a_u16NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pVCpu), (a_u16NewIP)))
11131#define IEM_MC_SET_RIP_U32(a_u32NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pVCpu), (a_u32NewIP)))
11132#define IEM_MC_SET_RIP_U64(a_u64NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pVCpu), (a_u64NewIP)))
11133#define IEM_MC_RAISE_DIVIDE_ERROR() return iemRaiseDivideError(pVCpu)
11134#define IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE() \
11135 do { \
11136 if (pVCpu->cpum.GstCtx.cr0 & (X86_CR0_EM | X86_CR0_TS)) \
11137 return iemRaiseDeviceNotAvailable(pVCpu); \
11138 } while (0)
11139#define IEM_MC_MAYBE_RAISE_WAIT_DEVICE_NOT_AVAILABLE() \
11140 do { \
11141 if ((pVCpu->cpum.GstCtx.cr0 & (X86_CR0_MP | X86_CR0_TS)) == (X86_CR0_MP | X86_CR0_TS)) \
11142 return iemRaiseDeviceNotAvailable(pVCpu); \
11143 } while (0)
11144#define IEM_MC_MAYBE_RAISE_FPU_XCPT() \
11145 do { \
11146 if (pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FSW & X86_FSW_ES) \
11147 return iemRaiseMathFault(pVCpu); \
11148 } while (0)
11149#define IEM_MC_MAYBE_RAISE_AVX2_RELATED_XCPT() \
11150 do { \
11151 if ( (pVCpu->cpum.GstCtx.aXcr[0] & (XSAVE_C_YMM | XSAVE_C_SSE)) != (XSAVE_C_YMM | XSAVE_C_SSE) \
11152 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSXSAVE) \
11153 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fAvx2) \
11154 return iemRaiseUndefinedOpcode(pVCpu); \
11155 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11156 return iemRaiseDeviceNotAvailable(pVCpu); \
11157 } while (0)
11158#define IEM_MC_MAYBE_RAISE_AVX_RELATED_XCPT() \
11159 do { \
11160 if ( (pVCpu->cpum.GstCtx.aXcr[0] & (XSAVE_C_YMM | XSAVE_C_SSE)) != (XSAVE_C_YMM | XSAVE_C_SSE) \
11161 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSXSAVE) \
11162 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fAvx) \
11163 return iemRaiseUndefinedOpcode(pVCpu); \
11164 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11165 return iemRaiseDeviceNotAvailable(pVCpu); \
11166 } while (0)
11167#define IEM_MC_MAYBE_RAISE_SSE41_RELATED_XCPT() \
11168 do { \
11169 if ( (pVCpu->cpum.GstCtx.cr0 & X86_CR0_EM) \
11170 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSFXSR) \
11171 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSse41) \
11172 return iemRaiseUndefinedOpcode(pVCpu); \
11173 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11174 return iemRaiseDeviceNotAvailable(pVCpu); \
11175 } while (0)
11176#define IEM_MC_MAYBE_RAISE_SSE3_RELATED_XCPT() \
11177 do { \
11178 if ( (pVCpu->cpum.GstCtx.cr0 & X86_CR0_EM) \
11179 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSFXSR) \
11180 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSse3) \
11181 return iemRaiseUndefinedOpcode(pVCpu); \
11182 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11183 return iemRaiseDeviceNotAvailable(pVCpu); \
11184 } while (0)
11185#define IEM_MC_MAYBE_RAISE_SSE2_RELATED_XCPT() \
11186 do { \
11187 if ( (pVCpu->cpum.GstCtx.cr0 & X86_CR0_EM) \
11188 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSFXSR) \
11189 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSse2) \
11190 return iemRaiseUndefinedOpcode(pVCpu); \
11191 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11192 return iemRaiseDeviceNotAvailable(pVCpu); \
11193 } while (0)
11194#define IEM_MC_MAYBE_RAISE_SSE_RELATED_XCPT() \
11195 do { \
11196 if ( (pVCpu->cpum.GstCtx.cr0 & X86_CR0_EM) \
11197 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_OSFXSR) \
11198 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSse) \
11199 return iemRaiseUndefinedOpcode(pVCpu); \
11200 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11201 return iemRaiseDeviceNotAvailable(pVCpu); \
11202 } while (0)
11203#define IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT() \
11204 do { \
11205 if ( (pVCpu->cpum.GstCtx.cr0 & X86_CR0_EM) \
11206 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fMmx) \
11207 return iemRaiseUndefinedOpcode(pVCpu); \
11208 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11209 return iemRaiseDeviceNotAvailable(pVCpu); \
11210 } while (0)
11211#define IEM_MC_MAYBE_RAISE_MMX_RELATED_XCPT_CHECK_SSE_OR_MMXEXT() \
11212 do { \
11213 if ( (pVCpu->cpum.GstCtx.cr0 & X86_CR0_EM) \
11214 || ( !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fSse \
11215 && !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fAmdMmxExts) ) \
11216 return iemRaiseUndefinedOpcode(pVCpu); \
11217 if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_TS) \
11218 return iemRaiseDeviceNotAvailable(pVCpu); \
11219 } while (0)
11220#define IEM_MC_RAISE_GP0_IF_CPL_NOT_ZERO() \
11221 do { \
11222 if (pVCpu->iem.s.uCpl != 0) \
11223 return iemRaiseGeneralProtectionFault0(pVCpu); \
11224 } while (0)
11225#define IEM_MC_RAISE_GP0_IF_EFF_ADDR_UNALIGNED(a_EffAddr, a_cbAlign) \
11226 do { \
11227 if (!((a_EffAddr) & ((a_cbAlign) - 1))) { /* likely */ } \
11228 else return iemRaiseGeneralProtectionFault0(pVCpu); \
11229 } while (0)
11230#define IEM_MC_MAYBE_RAISE_FSGSBASE_XCPT() \
11231 do { \
11232 if ( pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT \
11233 || !IEM_GET_GUEST_CPU_FEATURES(pVCpu)->fFsGsBase \
11234 || !(pVCpu->cpum.GstCtx.cr4 & X86_CR4_FSGSBASE)) \
11235 return iemRaiseUndefinedOpcode(pVCpu); \
11236 } while (0)
11237#define IEM_MC_MAYBE_RAISE_NON_CANONICAL_ADDR_GP0(a_u64Addr) \
11238 do { \
11239 if (!IEM_IS_CANONICAL(a_u64Addr)) \
11240 return iemRaiseGeneralProtectionFault0(pVCpu); \
11241 } while (0)
11242
11243
11244#define IEM_MC_LOCAL(a_Type, a_Name) a_Type a_Name
11245#define IEM_MC_LOCAL_CONST(a_Type, a_Name, a_Value) a_Type const a_Name = (a_Value)
11246#define IEM_MC_REF_LOCAL(a_pRefArg, a_Local) (a_pRefArg) = &(a_Local)
11247#define IEM_MC_ARG(a_Type, a_Name, a_iArg) a_Type a_Name
11248#define IEM_MC_ARG_CONST(a_Type, a_Name, a_Value, a_iArg) a_Type const a_Name = (a_Value)
11249#define IEM_MC_ARG_LOCAL_REF(a_Type, a_Name, a_Local, a_iArg) a_Type const a_Name = &(a_Local)
11250#define IEM_MC_ARG_LOCAL_EFLAGS(a_pName, a_Name, a_iArg) \
11251 uint32_t a_Name; \
11252 uint32_t *a_pName = &a_Name
11253#define IEM_MC_COMMIT_EFLAGS(a_EFlags) \
11254 do { pVCpu->cpum.GstCtx.eflags.u = (a_EFlags); Assert(pVCpu->cpum.GstCtx.eflags.u & X86_EFL_1); } while (0)
11255
11256#define IEM_MC_ASSIGN(a_VarOrArg, a_CVariableOrConst) (a_VarOrArg) = (a_CVariableOrConst)
11257#define IEM_MC_ASSIGN_TO_SMALLER IEM_MC_ASSIGN
11258
11259#define IEM_MC_FETCH_GREG_U8(a_u8Dst, a_iGReg) (a_u8Dst) = iemGRegFetchU8(pVCpu, (a_iGReg))
11260#define IEM_MC_FETCH_GREG_U8_ZX_U16(a_u16Dst, a_iGReg) (a_u16Dst) = iemGRegFetchU8(pVCpu, (a_iGReg))
11261#define IEM_MC_FETCH_GREG_U8_ZX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU8(pVCpu, (a_iGReg))
11262#define IEM_MC_FETCH_GREG_U8_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU8(pVCpu, (a_iGReg))
11263#define IEM_MC_FETCH_GREG_U8_SX_U16(a_u16Dst, a_iGReg) (a_u16Dst) = (int8_t)iemGRegFetchU8(pVCpu, (a_iGReg))
11264#define IEM_MC_FETCH_GREG_U8_SX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = (int8_t)iemGRegFetchU8(pVCpu, (a_iGReg))
11265#define IEM_MC_FETCH_GREG_U8_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int8_t)iemGRegFetchU8(pVCpu, (a_iGReg))
11266#define IEM_MC_FETCH_GREG_U16(a_u16Dst, a_iGReg) (a_u16Dst) = iemGRegFetchU16(pVCpu, (a_iGReg))
11267#define IEM_MC_FETCH_GREG_U16_ZX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU16(pVCpu, (a_iGReg))
11268#define IEM_MC_FETCH_GREG_U16_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU16(pVCpu, (a_iGReg))
11269#define IEM_MC_FETCH_GREG_U16_SX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = (int16_t)iemGRegFetchU16(pVCpu, (a_iGReg))
11270#define IEM_MC_FETCH_GREG_U16_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int16_t)iemGRegFetchU16(pVCpu, (a_iGReg))
11271#define IEM_MC_FETCH_GREG_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU32(pVCpu, (a_iGReg))
11272#define IEM_MC_FETCH_GREG_U32_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU32(pVCpu, (a_iGReg))
11273#define IEM_MC_FETCH_GREG_U32_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int32_t)iemGRegFetchU32(pVCpu, (a_iGReg))
11274#define IEM_MC_FETCH_GREG_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU64(pVCpu, (a_iGReg))
11275#define IEM_MC_FETCH_GREG_U64_ZX_U64 IEM_MC_FETCH_GREG_U64
11276#define IEM_MC_FETCH_SREG_U16(a_u16Dst, a_iSReg) do { \
11277 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11278 (a_u16Dst) = iemSRegFetchU16(pVCpu, (a_iSReg)); \
11279 } while (0)
11280#define IEM_MC_FETCH_SREG_ZX_U32(a_u32Dst, a_iSReg) do { \
11281 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11282 (a_u32Dst) = iemSRegFetchU16(pVCpu, (a_iSReg)); \
11283 } while (0)
11284#define IEM_MC_FETCH_SREG_ZX_U64(a_u64Dst, a_iSReg) do { \
11285 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11286 (a_u64Dst) = iemSRegFetchU16(pVCpu, (a_iSReg)); \
11287 } while (0)
11288/** @todo IEM_MC_FETCH_SREG_BASE_U64 & IEM_MC_FETCH_SREG_BASE_U32 probably aren't worth it... */
11289#define IEM_MC_FETCH_SREG_BASE_U64(a_u64Dst, a_iSReg) do { \
11290 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11291 (a_u64Dst) = iemSRegBaseFetchU64(pVCpu, (a_iSReg)); \
11292 } while (0)
11293#define IEM_MC_FETCH_SREG_BASE_U32(a_u32Dst, a_iSReg) do { \
11294 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11295 (a_u32Dst) = iemSRegBaseFetchU64(pVCpu, (a_iSReg)); \
11296 } while (0)
11297/** @note Not for IOPL or IF testing or modification. */
11298#define IEM_MC_FETCH_EFLAGS(a_EFlags) (a_EFlags) = pVCpu->cpum.GstCtx.eflags.u
11299#define IEM_MC_FETCH_EFLAGS_U8(a_EFlags) (a_EFlags) = (uint8_t)pVCpu->cpum.GstCtx.eflags.u
11300#define IEM_MC_FETCH_FSW(a_u16Fsw) (a_u16Fsw) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FSW
11301#define IEM_MC_FETCH_FCW(a_u16Fcw) (a_u16Fcw) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FCW
11302
11303#define IEM_MC_STORE_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8( pVCpu, (a_iGReg)) = (a_u8Value)
11304#define IEM_MC_STORE_GREG_U16(a_iGReg, a_u16Value) *iemGRegRefU16(pVCpu, (a_iGReg)) = (a_u16Value)
11305#define IEM_MC_STORE_GREG_U32(a_iGReg, a_u32Value) *iemGRegRefU64(pVCpu, (a_iGReg)) = (uint32_t)(a_u32Value) /* clear high bits. */
11306#define IEM_MC_STORE_GREG_U64(a_iGReg, a_u64Value) *iemGRegRefU64(pVCpu, (a_iGReg)) = (a_u64Value)
11307#define IEM_MC_STORE_GREG_U8_CONST IEM_MC_STORE_GREG_U8
11308#define IEM_MC_STORE_GREG_U16_CONST IEM_MC_STORE_GREG_U16
11309#define IEM_MC_STORE_GREG_U32_CONST IEM_MC_STORE_GREG_U32
11310#define IEM_MC_STORE_GREG_U64_CONST IEM_MC_STORE_GREG_U64
11311#define IEM_MC_CLEAR_HIGH_GREG_U64(a_iGReg) *iemGRegRefU64(pVCpu, (a_iGReg)) &= UINT32_MAX
11312#define IEM_MC_CLEAR_HIGH_GREG_U64_BY_REF(a_pu32Dst) do { (a_pu32Dst)[1] = 0; } while (0)
11313/** @todo IEM_MC_STORE_SREG_BASE_U64 & IEM_MC_STORE_SREG_BASE_U32 aren't worth it... */
11314#define IEM_MC_STORE_SREG_BASE_U64(a_iSReg, a_u64Value) do { \
11315 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11316 *iemSRegBaseRefU64(pVCpu, (a_iSReg)) = (a_u64Value); \
11317 } while (0)
11318#define IEM_MC_STORE_SREG_BASE_U32(a_iSReg, a_u32Value) do { \
11319 IEM_CTX_IMPORT_NORET(pVCpu, CPUMCTX_EXTRN_SREG_FROM_IDX(a_iSReg)); \
11320 *iemSRegBaseRefU64(pVCpu, (a_iSReg)) = (uint32_t)(a_u32Value); /* clear high bits. */ \
11321 } while (0)
11322#define IEM_MC_STORE_FPUREG_R80_SRC_REF(a_iSt, a_pr80Src) \
11323 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[a_iSt].r80 = *(a_pr80Src); } while (0)
11324
11325
11326#define IEM_MC_REF_GREG_U8(a_pu8Dst, a_iGReg) (a_pu8Dst) = iemGRegRefU8( pVCpu, (a_iGReg))
11327#define IEM_MC_REF_GREG_U16(a_pu16Dst, a_iGReg) (a_pu16Dst) = iemGRegRefU16(pVCpu, (a_iGReg))
11328/** @todo User of IEM_MC_REF_GREG_U32 needs to clear the high bits on commit.
11329 * Use IEM_MC_CLEAR_HIGH_GREG_U64_BY_REF! */
11330#define IEM_MC_REF_GREG_U32(a_pu32Dst, a_iGReg) (a_pu32Dst) = iemGRegRefU32(pVCpu, (a_iGReg))
11331#define IEM_MC_REF_GREG_U64(a_pu64Dst, a_iGReg) (a_pu64Dst) = iemGRegRefU64(pVCpu, (a_iGReg))
11332/** @note Not for IOPL or IF testing or modification. */
11333#define IEM_MC_REF_EFLAGS(a_pEFlags) (a_pEFlags) = &pVCpu->cpum.GstCtx.eflags.u
11334
11335#define IEM_MC_ADD_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8( pVCpu, (a_iGReg)) += (a_u8Value)
11336#define IEM_MC_ADD_GREG_U16(a_iGReg, a_u16Value) *iemGRegRefU16(pVCpu, (a_iGReg)) += (a_u16Value)
11337#define IEM_MC_ADD_GREG_U32(a_iGReg, a_u32Value) \
11338 do { \
11339 uint32_t *pu32Reg = iemGRegRefU32(pVCpu, (a_iGReg)); \
11340 *pu32Reg += (a_u32Value); \
11341 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
11342 } while (0)
11343#define IEM_MC_ADD_GREG_U64(a_iGReg, a_u64Value) *iemGRegRefU64(pVCpu, (a_iGReg)) += (a_u64Value)
11344
11345#define IEM_MC_SUB_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8( pVCpu, (a_iGReg)) -= (a_u8Value)
11346#define IEM_MC_SUB_GREG_U16(a_iGReg, a_u16Value) *iemGRegRefU16(pVCpu, (a_iGReg)) -= (a_u16Value)
11347#define IEM_MC_SUB_GREG_U32(a_iGReg, a_u32Value) \
11348 do { \
11349 uint32_t *pu32Reg = iemGRegRefU32(pVCpu, (a_iGReg)); \
11350 *pu32Reg -= (a_u32Value); \
11351 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
11352 } while (0)
11353#define IEM_MC_SUB_GREG_U64(a_iGReg, a_u64Value) *iemGRegRefU64(pVCpu, (a_iGReg)) -= (a_u64Value)
11354#define IEM_MC_SUB_LOCAL_U16(a_u16Value, a_u16Const) do { (a_u16Value) -= a_u16Const; } while (0)
11355
11356#define IEM_MC_ADD_GREG_U8_TO_LOCAL(a_u8Value, a_iGReg) do { (a_u8Value) += iemGRegFetchU8( pVCpu, (a_iGReg)); } while (0)
11357#define IEM_MC_ADD_GREG_U16_TO_LOCAL(a_u16Value, a_iGReg) do { (a_u16Value) += iemGRegFetchU16(pVCpu, (a_iGReg)); } while (0)
11358#define IEM_MC_ADD_GREG_U32_TO_LOCAL(a_u32Value, a_iGReg) do { (a_u32Value) += iemGRegFetchU32(pVCpu, (a_iGReg)); } while (0)
11359#define IEM_MC_ADD_GREG_U64_TO_LOCAL(a_u64Value, a_iGReg) do { (a_u64Value) += iemGRegFetchU64(pVCpu, (a_iGReg)); } while (0)
11360#define IEM_MC_ADD_LOCAL_S16_TO_EFF_ADDR(a_EffAddr, a_i16) do { (a_EffAddr) += (a_i16); } while (0)
11361#define IEM_MC_ADD_LOCAL_S32_TO_EFF_ADDR(a_EffAddr, a_i32) do { (a_EffAddr) += (a_i32); } while (0)
11362#define IEM_MC_ADD_LOCAL_S64_TO_EFF_ADDR(a_EffAddr, a_i64) do { (a_EffAddr) += (a_i64); } while (0)
11363
11364#define IEM_MC_AND_LOCAL_U8(a_u8Local, a_u8Mask) do { (a_u8Local) &= (a_u8Mask); } while (0)
11365#define IEM_MC_AND_LOCAL_U16(a_u16Local, a_u16Mask) do { (a_u16Local) &= (a_u16Mask); } while (0)
11366#define IEM_MC_AND_LOCAL_U32(a_u32Local, a_u32Mask) do { (a_u32Local) &= (a_u32Mask); } while (0)
11367#define IEM_MC_AND_LOCAL_U64(a_u64Local, a_u64Mask) do { (a_u64Local) &= (a_u64Mask); } while (0)
11368
11369#define IEM_MC_AND_ARG_U16(a_u16Arg, a_u16Mask) do { (a_u16Arg) &= (a_u16Mask); } while (0)
11370#define IEM_MC_AND_ARG_U32(a_u32Arg, a_u32Mask) do { (a_u32Arg) &= (a_u32Mask); } while (0)
11371#define IEM_MC_AND_ARG_U64(a_u64Arg, a_u64Mask) do { (a_u64Arg) &= (a_u64Mask); } while (0)
11372
11373#define IEM_MC_OR_LOCAL_U8(a_u8Local, a_u8Mask) do { (a_u8Local) |= (a_u8Mask); } while (0)
11374#define IEM_MC_OR_LOCAL_U16(a_u16Local, a_u16Mask) do { (a_u16Local) |= (a_u16Mask); } while (0)
11375#define IEM_MC_OR_LOCAL_U32(a_u32Local, a_u32Mask) do { (a_u32Local) |= (a_u32Mask); } while (0)
11376
11377#define IEM_MC_SAR_LOCAL_S16(a_i16Local, a_cShift) do { (a_i16Local) >>= (a_cShift); } while (0)
11378#define IEM_MC_SAR_LOCAL_S32(a_i32Local, a_cShift) do { (a_i32Local) >>= (a_cShift); } while (0)
11379#define IEM_MC_SAR_LOCAL_S64(a_i64Local, a_cShift) do { (a_i64Local) >>= (a_cShift); } while (0)
11380
11381#define IEM_MC_SHL_LOCAL_S16(a_i16Local, a_cShift) do { (a_i16Local) <<= (a_cShift); } while (0)
11382#define IEM_MC_SHL_LOCAL_S32(a_i32Local, a_cShift) do { (a_i32Local) <<= (a_cShift); } while (0)
11383#define IEM_MC_SHL_LOCAL_S64(a_i64Local, a_cShift) do { (a_i64Local) <<= (a_cShift); } while (0)
11384
11385#define IEM_MC_AND_2LOCS_U32(a_u32Local, a_u32Mask) do { (a_u32Local) &= (a_u32Mask); } while (0)
11386
11387#define IEM_MC_OR_2LOCS_U32(a_u32Local, a_u32Mask) do { (a_u32Local) |= (a_u32Mask); } while (0)
11388
11389#define IEM_MC_AND_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8( pVCpu, (a_iGReg)) &= (a_u8Value)
11390#define IEM_MC_AND_GREG_U16(a_iGReg, a_u16Value) *iemGRegRefU16(pVCpu, (a_iGReg)) &= (a_u16Value)
11391#define IEM_MC_AND_GREG_U32(a_iGReg, a_u32Value) \
11392 do { \
11393 uint32_t *pu32Reg = iemGRegRefU32(pVCpu, (a_iGReg)); \
11394 *pu32Reg &= (a_u32Value); \
11395 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
11396 } while (0)
11397#define IEM_MC_AND_GREG_U64(a_iGReg, a_u64Value) *iemGRegRefU64(pVCpu, (a_iGReg)) &= (a_u64Value)
11398
11399#define IEM_MC_OR_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8( pVCpu, (a_iGReg)) |= (a_u8Value)
11400#define IEM_MC_OR_GREG_U16(a_iGReg, a_u16Value) *iemGRegRefU16(pVCpu, (a_iGReg)) |= (a_u16Value)
11401#define IEM_MC_OR_GREG_U32(a_iGReg, a_u32Value) \
11402 do { \
11403 uint32_t *pu32Reg = iemGRegRefU32(pVCpu, (a_iGReg)); \
11404 *pu32Reg |= (a_u32Value); \
11405 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
11406 } while (0)
11407#define IEM_MC_OR_GREG_U64(a_iGReg, a_u64Value) *iemGRegRefU64(pVCpu, (a_iGReg)) |= (a_u64Value)
11408
11409
11410/** @note Not for IOPL or IF modification. */
11411#define IEM_MC_SET_EFL_BIT(a_fBit) do { pVCpu->cpum.GstCtx.eflags.u |= (a_fBit); } while (0)
11412/** @note Not for IOPL or IF modification. */
11413#define IEM_MC_CLEAR_EFL_BIT(a_fBit) do { pVCpu->cpum.GstCtx.eflags.u &= ~(a_fBit); } while (0)
11414/** @note Not for IOPL or IF modification. */
11415#define IEM_MC_FLIP_EFL_BIT(a_fBit) do { pVCpu->cpum.GstCtx.eflags.u ^= (a_fBit); } while (0)
11416
11417#define IEM_MC_CLEAR_FSW_EX() do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FSW &= X86_FSW_C_MASK | X86_FSW_TOP_MASK; } while (0)
11418
11419/** Switches the FPU state to MMX mode (FSW.TOS=0, FTW=0) if necessary. */
11420#define IEM_MC_FPU_TO_MMX_MODE() do { \
11421 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FSW &= ~X86_FSW_TOP_MASK; \
11422 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FTW = 0xff; \
11423 } while (0)
11424
11425/** Switches the FPU state from MMX mode (FTW=0xffff). */
11426#define IEM_MC_FPU_FROM_MMX_MODE() do { \
11427 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FTW = 0; \
11428 } while (0)
11429
11430#define IEM_MC_FETCH_MREG_U64(a_u64Value, a_iMReg) \
11431 do { (a_u64Value) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx; } while (0)
11432#define IEM_MC_FETCH_MREG_U32(a_u32Value, a_iMReg) \
11433 do { (a_u32Value) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].au32[0]; } while (0)
11434#define IEM_MC_STORE_MREG_U64(a_iMReg, a_u64Value) do { \
11435 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx = (a_u64Value); \
11436 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].au32[2] = 0xffff; \
11437 } while (0)
11438#define IEM_MC_STORE_MREG_U32_ZX_U64(a_iMReg, a_u32Value) do { \
11439 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx = (uint32_t)(a_u32Value); \
11440 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].au32[2] = 0xffff; \
11441 } while (0)
11442#define IEM_MC_REF_MREG_U64(a_pu64Dst, a_iMReg) /** @todo need to set high word to 0xffff on commit (see IEM_MC_STORE_MREG_U64) */ \
11443 (a_pu64Dst) = (&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx)
11444#define IEM_MC_REF_MREG_U64_CONST(a_pu64Dst, a_iMReg) \
11445 (a_pu64Dst) = ((uint64_t const *)&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx)
11446#define IEM_MC_REF_MREG_U32_CONST(a_pu32Dst, a_iMReg) \
11447 (a_pu32Dst) = ((uint32_t const *)&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aRegs[(a_iMReg)].mmx)
11448
11449#define IEM_MC_FETCH_XREG_U128(a_u128Value, a_iXReg) \
11450 do { (a_u128Value).au64[0] = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0]; \
11451 (a_u128Value).au64[1] = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1]; \
11452 } while (0)
11453#define IEM_MC_FETCH_XREG_U64(a_u64Value, a_iXReg) \
11454 do { (a_u64Value) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0]; } while (0)
11455#define IEM_MC_FETCH_XREG_U32(a_u32Value, a_iXReg) \
11456 do { (a_u32Value) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au32[0]; } while (0)
11457#define IEM_MC_FETCH_XREG_HI_U64(a_u64Value, a_iXReg) \
11458 do { (a_u64Value) = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1]; } while (0)
11459#define IEM_MC_STORE_XREG_U128(a_iXReg, a_u128Value) \
11460 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0] = (a_u128Value).au64[0]; \
11461 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1] = (a_u128Value).au64[1]; \
11462 } while (0)
11463#define IEM_MC_STORE_XREG_U64(a_iXReg, a_u64Value) \
11464 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0] = (a_u64Value); } while (0)
11465#define IEM_MC_STORE_XREG_U64_ZX_U128(a_iXReg, a_u64Value) \
11466 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0] = (a_u64Value); \
11467 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1] = 0; \
11468 } while (0)
11469#define IEM_MC_STORE_XREG_U32(a_iXReg, a_u32Value) \
11470 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au32[0] = (a_u32Value); } while (0)
11471#define IEM_MC_STORE_XREG_U32_ZX_U128(a_iXReg, a_u32Value) \
11472 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0] = (uint32_t)(a_u32Value); \
11473 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1] = 0; \
11474 } while (0)
11475#define IEM_MC_STORE_XREG_HI_U64(a_iXReg, a_u64Value) \
11476 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[1] = (a_u64Value); } while (0)
11477#define IEM_MC_REF_XREG_U128(a_pu128Dst, a_iXReg) \
11478 (a_pu128Dst) = (&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].uXmm)
11479#define IEM_MC_REF_XREG_U128_CONST(a_pu128Dst, a_iXReg) \
11480 (a_pu128Dst) = ((PCRTUINT128U)&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].uXmm)
11481#define IEM_MC_REF_XREG_U64_CONST(a_pu64Dst, a_iXReg) \
11482 (a_pu64Dst) = ((uint64_t const *)&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXReg)].au64[0])
11483#define IEM_MC_COPY_XREG_U128(a_iXRegDst, a_iXRegSrc) \
11484 do { pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXRegDst)].au64[0] \
11485 = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXRegSrc)].au64[0]; \
11486 pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXRegDst)].au64[1] \
11487 = pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aXMM[(a_iXRegSrc)].au64[1]; \
11488 } while (0)
11489
11490#define IEM_MC_FETCH_YREG_U32(a_u32Dst, a_iYRegSrc) \
11491 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11492 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11493 (a_u32Dst) = pXStateTmp->x87.aXMM[iYRegSrcTmp].au32[0]; \
11494 } while (0)
11495#define IEM_MC_FETCH_YREG_U64(a_u64Dst, a_iYRegSrc) \
11496 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11497 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11498 (a_u64Dst) = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[0]; \
11499 } while (0)
11500#define IEM_MC_FETCH_YREG_U128(a_u128Dst, a_iYRegSrc) \
11501 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11502 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11503 (a_u128Dst).au64[0] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[0]; \
11504 (a_u128Dst).au64[1] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[1]; \
11505 } while (0)
11506#define IEM_MC_FETCH_YREG_U256(a_u256Dst, a_iYRegSrc) \
11507 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11508 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11509 (a_u256Dst).au64[0] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[0]; \
11510 (a_u256Dst).au64[1] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[1]; \
11511 (a_u256Dst).au64[2] = pXStateTmp->u.YmmHi.aYmmHi[iYRegSrcTmp].au64[0]; \
11512 (a_u256Dst).au64[3] = pXStateTmp->u.YmmHi.aYmmHi[iYRegSrcTmp].au64[1]; \
11513 } while (0)
11514
11515#define IEM_MC_INT_CLEAR_ZMM_256_UP(a_pXState, a_iXRegDst) do { /* For AVX512 and AVX1024 support. */ } while (0)
11516#define IEM_MC_STORE_YREG_U32_ZX_VLMAX(a_iYRegDst, a_u32Src) \
11517 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11518 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11519 pXStateTmp->x87.aXMM[iYRegDstTmp].au32[0] = (a_u32Src); \
11520 pXStateTmp->x87.aXMM[iYRegDstTmp].au32[1] = 0; \
11521 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = 0; \
11522 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11523 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11524 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11525 } while (0)
11526#define IEM_MC_STORE_YREG_U64_ZX_VLMAX(a_iYRegDst, a_u64Src) \
11527 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11528 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11529 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = (a_u64Src); \
11530 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = 0; \
11531 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11532 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11533 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11534 } while (0)
11535#define IEM_MC_STORE_YREG_U128_ZX_VLMAX(a_iYRegDst, a_u128Src) \
11536 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11537 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11538 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = (a_u128Src).au64[0]; \
11539 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = (a_u128Src).au64[1]; \
11540 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11541 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11542 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11543 } while (0)
11544#define IEM_MC_STORE_YREG_U256_ZX_VLMAX(a_iYRegDst, a_u256Src) \
11545 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11546 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11547 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = (a_u256Src).au64[0]; \
11548 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = (a_u256Src).au64[1]; \
11549 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = (a_u256Src).au64[2]; \
11550 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = (a_u256Src).au64[3]; \
11551 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11552 } while (0)
11553
11554#define IEM_MC_REF_YREG_U128(a_pu128Dst, a_iYReg) \
11555 (a_pu128Dst) = (&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aYMM[(a_iYReg)].uXmm)
11556#define IEM_MC_REF_YREG_U128_CONST(a_pu128Dst, a_iYReg) \
11557 (a_pu128Dst) = ((PCRTUINT128U)&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aYMM[(a_iYReg)].uXmm)
11558#define IEM_MC_REF_YREG_U64_CONST(a_pu64Dst, a_iYReg) \
11559 (a_pu64Dst) = ((uint64_t const *)&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.aYMM[(a_iYReg)].au64[0])
11560#define IEM_MC_CLEAR_YREG_128_UP(a_iYReg) \
11561 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11562 uintptr_t const iYRegTmp = (a_iYReg); \
11563 pXStateTmp->u.YmmHi.aYmmHi[iYRegTmp].au64[0] = 0; \
11564 pXStateTmp->u.YmmHi.aYmmHi[iYRegTmp].au64[1] = 0; \
11565 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegTmp); \
11566 } while (0)
11567
11568#define IEM_MC_COPY_YREG_U256_ZX_VLMAX(a_iYRegDst, a_iYRegSrc) \
11569 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11570 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11571 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11572 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[0]; \
11573 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[1]; \
11574 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = pXStateTmp->u.YmmHi.aYmmHi[iYRegSrcTmp].au64[0]; \
11575 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = pXStateTmp->u.YmmHi.aYmmHi[iYRegSrcTmp].au64[1]; \
11576 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11577 } while (0)
11578#define IEM_MC_COPY_YREG_U128_ZX_VLMAX(a_iYRegDst, a_iYRegSrc) \
11579 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11580 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11581 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11582 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[0]; \
11583 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[1]; \
11584 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11585 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11586 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11587 } while (0)
11588#define IEM_MC_COPY_YREG_U64_ZX_VLMAX(a_iYRegDst, a_iYRegSrc) \
11589 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11590 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11591 uintptr_t const iYRegSrcTmp = (a_iYRegSrc); \
11592 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = pXStateTmp->x87.aXMM[iYRegSrcTmp].au64[0]; \
11593 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = 0; \
11594 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11595 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11596 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11597 } while (0)
11598
11599#define IEM_MC_MERGE_YREG_U32_U96_ZX_VLMAX(a_iYRegDst, a_iYRegSrc32, a_iYRegSrcHx) \
11600 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11601 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11602 uintptr_t const iYRegSrc32Tmp = (a_iYRegSrc32); \
11603 uintptr_t const iYRegSrcHxTmp = (a_iYRegSrcHx); \
11604 pXStateTmp->x87.aXMM[iYRegDstTmp].au32[0] = pXStateTmp->x87.aXMM[iYRegSrc32Tmp].au32[0]; \
11605 pXStateTmp->x87.aXMM[iYRegDstTmp].au32[1] = pXStateTmp->x87.aXMM[iYRegSrcHxTmp].au32[1]; \
11606 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = pXStateTmp->x87.aXMM[iYRegSrcHxTmp].au64[1]; \
11607 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11608 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11609 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11610 } while (0)
11611#define IEM_MC_MERGE_YREG_U64_U64_ZX_VLMAX(a_iYRegDst, a_iYRegSrc64, a_iYRegSrcHx) \
11612 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11613 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11614 uintptr_t const iYRegSrc64Tmp = (a_iYRegSrc64); \
11615 uintptr_t const iYRegSrcHxTmp = (a_iYRegSrcHx); \
11616 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = pXStateTmp->x87.aXMM[iYRegSrc64Tmp].au64[0]; \
11617 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = pXStateTmp->x87.aXMM[iYRegSrcHxTmp].au64[1]; \
11618 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11619 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11620 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11621 } while (0)
11622#define IEM_MC_MERGE_YREG_U64HI_U64_ZX_VLMAX(a_iYRegDst, a_iYRegSrc64, a_iYRegSrcHx) /* for vmovhlps */ \
11623 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11624 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11625 uintptr_t const iYRegSrc64Tmp = (a_iYRegSrc64); \
11626 uintptr_t const iYRegSrcHxTmp = (a_iYRegSrcHx); \
11627 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = pXStateTmp->x87.aXMM[iYRegSrc64Tmp].au64[1]; \
11628 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = pXStateTmp->x87.aXMM[iYRegSrcHxTmp].au64[1]; \
11629 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11630 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11631 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11632 } while (0)
11633#define IEM_MC_MERGE_YREG_U64LOCAL_U64_ZX_VLMAX(a_iYRegDst, a_u64Local, a_iYRegSrcHx) \
11634 do { PX86XSAVEAREA pXStateTmp = pVCpu->cpum.GstCtx.CTX_SUFF(pXState); \
11635 uintptr_t const iYRegDstTmp = (a_iYRegDst); \
11636 uintptr_t const iYRegSrcHxTmp = (a_iYRegSrcHx); \
11637 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[0] = (a_u64Local); \
11638 pXStateTmp->x87.aXMM[iYRegDstTmp].au64[1] = pXStateTmp->x87.aXMM[iYRegSrcHxTmp].au64[1]; \
11639 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[0] = 0; \
11640 pXStateTmp->u.YmmHi.aYmmHi[iYRegDstTmp].au64[1] = 0; \
11641 IEM_MC_INT_CLEAR_ZMM_256_UP(pXStateTmp, iYRegDstTmp); \
11642 } while (0)
11643
11644#ifndef IEM_WITH_SETJMP
11645# define IEM_MC_FETCH_MEM_U8(a_u8Dst, a_iSeg, a_GCPtrMem) \
11646 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem)))
11647# define IEM_MC_FETCH_MEM16_U8(a_u8Dst, a_iSeg, a_GCPtrMem16) \
11648 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem16)))
11649# define IEM_MC_FETCH_MEM32_U8(a_u8Dst, a_iSeg, a_GCPtrMem32) \
11650 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem32)))
11651#else
11652# define IEM_MC_FETCH_MEM_U8(a_u8Dst, a_iSeg, a_GCPtrMem) \
11653 ((a_u8Dst) = iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11654# define IEM_MC_FETCH_MEM16_U8(a_u8Dst, a_iSeg, a_GCPtrMem16) \
11655 ((a_u8Dst) = iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem16)))
11656# define IEM_MC_FETCH_MEM32_U8(a_u8Dst, a_iSeg, a_GCPtrMem32) \
11657 ((a_u8Dst) = iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem32)))
11658#endif
11659
11660#ifndef IEM_WITH_SETJMP
11661# define IEM_MC_FETCH_MEM_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
11662 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, &(a_u16Dst), (a_iSeg), (a_GCPtrMem)))
11663# define IEM_MC_FETCH_MEM_U16_DISP(a_u16Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
11664 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, &(a_u16Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
11665# define IEM_MC_FETCH_MEM_I16(a_i16Dst, a_iSeg, a_GCPtrMem) \
11666 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, (uint16_t *)&(a_i16Dst), (a_iSeg), (a_GCPtrMem)))
11667#else
11668# define IEM_MC_FETCH_MEM_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
11669 ((a_u16Dst) = iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11670# define IEM_MC_FETCH_MEM_U16_DISP(a_u16Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
11671 ((a_u16Dst) = iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
11672# define IEM_MC_FETCH_MEM_I16(a_i16Dst, a_iSeg, a_GCPtrMem) \
11673 ((a_i16Dst) = (int16_t)iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11674#endif
11675
11676#ifndef IEM_WITH_SETJMP
11677# define IEM_MC_FETCH_MEM_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11678 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pVCpu, &(a_u32Dst), (a_iSeg), (a_GCPtrMem)))
11679# define IEM_MC_FETCH_MEM_U32_DISP(a_u32Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
11680 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pVCpu, &(a_u32Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
11681# define IEM_MC_FETCH_MEM_I32(a_i32Dst, a_iSeg, a_GCPtrMem) \
11682 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pVCpu, (uint32_t *)&(a_i32Dst), (a_iSeg), (a_GCPtrMem)))
11683#else
11684# define IEM_MC_FETCH_MEM_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11685 ((a_u32Dst) = iemMemFetchDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11686# define IEM_MC_FETCH_MEM_U32_DISP(a_u32Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
11687 ((a_u32Dst) = iemMemFetchDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
11688# define IEM_MC_FETCH_MEM_I32(a_i32Dst, a_iSeg, a_GCPtrMem) \
11689 ((a_i32Dst) = (int32_t)iemMemFetchDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11690#endif
11691
11692#ifdef SOME_UNUSED_FUNCTION
11693# define IEM_MC_FETCH_MEM_S32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11694 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataS32SxU64(pVCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
11695#endif
11696
11697#ifndef IEM_WITH_SETJMP
11698# define IEM_MC_FETCH_MEM_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11699 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pVCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
11700# define IEM_MC_FETCH_MEM_U64_DISP(a_u64Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
11701 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pVCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
11702# define IEM_MC_FETCH_MEM_U64_ALIGN_U128(a_u64Dst, a_iSeg, a_GCPtrMem) \
11703 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64AlignedU128(pVCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
11704# define IEM_MC_FETCH_MEM_I64(a_i64Dst, a_iSeg, a_GCPtrMem) \
11705 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pVCpu, (uint64_t *)&(a_i64Dst), (a_iSeg), (a_GCPtrMem)))
11706#else
11707# define IEM_MC_FETCH_MEM_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11708 ((a_u64Dst) = iemMemFetchDataU64Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11709# define IEM_MC_FETCH_MEM_U64_DISP(a_u64Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
11710 ((a_u64Dst) = iemMemFetchDataU64Jmp(pVCpu, (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
11711# define IEM_MC_FETCH_MEM_U64_ALIGN_U128(a_u64Dst, a_iSeg, a_GCPtrMem) \
11712 ((a_u64Dst) = iemMemFetchDataU64AlignedU128Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11713# define IEM_MC_FETCH_MEM_I64(a_i64Dst, a_iSeg, a_GCPtrMem) \
11714 ((a_i64Dst) = (int64_t)iemMemFetchDataU64Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11715#endif
11716
11717#ifndef IEM_WITH_SETJMP
11718# define IEM_MC_FETCH_MEM_R32(a_r32Dst, a_iSeg, a_GCPtrMem) \
11719 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pVCpu, &(a_r32Dst).u32, (a_iSeg), (a_GCPtrMem)))
11720# define IEM_MC_FETCH_MEM_R64(a_r64Dst, a_iSeg, a_GCPtrMem) \
11721 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pVCpu, &(a_r64Dst).au64[0], (a_iSeg), (a_GCPtrMem)))
11722# define IEM_MC_FETCH_MEM_R80(a_r80Dst, a_iSeg, a_GCPtrMem) \
11723 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataR80(pVCpu, &(a_r80Dst), (a_iSeg), (a_GCPtrMem)))
11724#else
11725# define IEM_MC_FETCH_MEM_R32(a_r32Dst, a_iSeg, a_GCPtrMem) \
11726 ((a_r32Dst).u32 = iemMemFetchDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11727# define IEM_MC_FETCH_MEM_R64(a_r64Dst, a_iSeg, a_GCPtrMem) \
11728 ((a_r64Dst).au64[0] = iemMemFetchDataU64Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11729# define IEM_MC_FETCH_MEM_R80(a_r80Dst, a_iSeg, a_GCPtrMem) \
11730 iemMemFetchDataR80Jmp(pVCpu, &(a_r80Dst), (a_iSeg), (a_GCPtrMem))
11731#endif
11732
11733#ifndef IEM_WITH_SETJMP
11734# define IEM_MC_FETCH_MEM_U128(a_u128Dst, a_iSeg, a_GCPtrMem) \
11735 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU128(pVCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem)))
11736# define IEM_MC_FETCH_MEM_U128_ALIGN_SSE(a_u128Dst, a_iSeg, a_GCPtrMem) \
11737 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU128AlignedSse(pVCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem)))
11738#else
11739# define IEM_MC_FETCH_MEM_U128(a_u128Dst, a_iSeg, a_GCPtrMem) \
11740 iemMemFetchDataU128Jmp(pVCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem))
11741# define IEM_MC_FETCH_MEM_U128_ALIGN_SSE(a_u128Dst, a_iSeg, a_GCPtrMem) \
11742 iemMemFetchDataU128AlignedSseJmp(pVCpu, &(a_u128Dst), (a_iSeg), (a_GCPtrMem))
11743#endif
11744
11745#ifndef IEM_WITH_SETJMP
11746# define IEM_MC_FETCH_MEM_U256(a_u256Dst, a_iSeg, a_GCPtrMem) \
11747 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU256(pVCpu, &(a_u256Dst), (a_iSeg), (a_GCPtrMem)))
11748# define IEM_MC_FETCH_MEM_U256_ALIGN_AVX(a_u256Dst, a_iSeg, a_GCPtrMem) \
11749 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU256AlignedSse(pVCpu, &(a_u256Dst), (a_iSeg), (a_GCPtrMem)))
11750#else
11751# define IEM_MC_FETCH_MEM_U256(a_u256Dst, a_iSeg, a_GCPtrMem) \
11752 iemMemFetchDataU256Jmp(pVCpu, &(a_u256Dst), (a_iSeg), (a_GCPtrMem))
11753# define IEM_MC_FETCH_MEM_U256_ALIGN_AVX(a_u256Dst, a_iSeg, a_GCPtrMem) \
11754 iemMemFetchDataU256AlignedSseJmp(pVCpu, &(a_u256Dst), (a_iSeg), (a_GCPtrMem))
11755#endif
11756
11757
11758
11759#ifndef IEM_WITH_SETJMP
11760# define IEM_MC_FETCH_MEM_U8_ZX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
11761 do { \
11762 uint8_t u8Tmp; \
11763 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
11764 (a_u16Dst) = u8Tmp; \
11765 } while (0)
11766# define IEM_MC_FETCH_MEM_U8_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11767 do { \
11768 uint8_t u8Tmp; \
11769 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
11770 (a_u32Dst) = u8Tmp; \
11771 } while (0)
11772# define IEM_MC_FETCH_MEM_U8_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11773 do { \
11774 uint8_t u8Tmp; \
11775 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
11776 (a_u64Dst) = u8Tmp; \
11777 } while (0)
11778# define IEM_MC_FETCH_MEM_U16_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11779 do { \
11780 uint16_t u16Tmp; \
11781 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
11782 (a_u32Dst) = u16Tmp; \
11783 } while (0)
11784# define IEM_MC_FETCH_MEM_U16_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11785 do { \
11786 uint16_t u16Tmp; \
11787 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
11788 (a_u64Dst) = u16Tmp; \
11789 } while (0)
11790# define IEM_MC_FETCH_MEM_U32_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11791 do { \
11792 uint32_t u32Tmp; \
11793 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pVCpu, &u32Tmp, (a_iSeg), (a_GCPtrMem))); \
11794 (a_u64Dst) = u32Tmp; \
11795 } while (0)
11796#else /* IEM_WITH_SETJMP */
11797# define IEM_MC_FETCH_MEM_U8_ZX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
11798 ((a_u16Dst) = iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11799# define IEM_MC_FETCH_MEM_U8_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11800 ((a_u32Dst) = iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11801# define IEM_MC_FETCH_MEM_U8_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11802 ((a_u64Dst) = iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11803# define IEM_MC_FETCH_MEM_U16_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11804 ((a_u32Dst) = iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11805# define IEM_MC_FETCH_MEM_U16_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11806 ((a_u64Dst) = iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11807# define IEM_MC_FETCH_MEM_U32_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11808 ((a_u64Dst) = iemMemFetchDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11809#endif /* IEM_WITH_SETJMP */
11810
11811#ifndef IEM_WITH_SETJMP
11812# define IEM_MC_FETCH_MEM_U8_SX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
11813 do { \
11814 uint8_t u8Tmp; \
11815 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
11816 (a_u16Dst) = (int8_t)u8Tmp; \
11817 } while (0)
11818# define IEM_MC_FETCH_MEM_U8_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11819 do { \
11820 uint8_t u8Tmp; \
11821 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
11822 (a_u32Dst) = (int8_t)u8Tmp; \
11823 } while (0)
11824# define IEM_MC_FETCH_MEM_U8_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11825 do { \
11826 uint8_t u8Tmp; \
11827 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pVCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
11828 (a_u64Dst) = (int8_t)u8Tmp; \
11829 } while (0)
11830# define IEM_MC_FETCH_MEM_U16_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11831 do { \
11832 uint16_t u16Tmp; \
11833 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
11834 (a_u32Dst) = (int16_t)u16Tmp; \
11835 } while (0)
11836# define IEM_MC_FETCH_MEM_U16_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11837 do { \
11838 uint16_t u16Tmp; \
11839 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pVCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
11840 (a_u64Dst) = (int16_t)u16Tmp; \
11841 } while (0)
11842# define IEM_MC_FETCH_MEM_U32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11843 do { \
11844 uint32_t u32Tmp; \
11845 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pVCpu, &u32Tmp, (a_iSeg), (a_GCPtrMem))); \
11846 (a_u64Dst) = (int32_t)u32Tmp; \
11847 } while (0)
11848#else /* IEM_WITH_SETJMP */
11849# define IEM_MC_FETCH_MEM_U8_SX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
11850 ((a_u16Dst) = (int8_t)iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11851# define IEM_MC_FETCH_MEM_U8_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11852 ((a_u32Dst) = (int8_t)iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11853# define IEM_MC_FETCH_MEM_U8_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11854 ((a_u64Dst) = (int8_t)iemMemFetchDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11855# define IEM_MC_FETCH_MEM_U16_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
11856 ((a_u32Dst) = (int16_t)iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11857# define IEM_MC_FETCH_MEM_U16_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11858 ((a_u64Dst) = (int16_t)iemMemFetchDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11859# define IEM_MC_FETCH_MEM_U32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
11860 ((a_u64Dst) = (int32_t)iemMemFetchDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem)))
11861#endif /* IEM_WITH_SETJMP */
11862
11863#ifndef IEM_WITH_SETJMP
11864# define IEM_MC_STORE_MEM_U8(a_iSeg, a_GCPtrMem, a_u8Value) \
11865 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU8(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u8Value)))
11866# define IEM_MC_STORE_MEM_U16(a_iSeg, a_GCPtrMem, a_u16Value) \
11867 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU16(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u16Value)))
11868# define IEM_MC_STORE_MEM_U32(a_iSeg, a_GCPtrMem, a_u32Value) \
11869 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU32(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u32Value)))
11870# define IEM_MC_STORE_MEM_U64(a_iSeg, a_GCPtrMem, a_u64Value) \
11871 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU64(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u64Value)))
11872#else
11873# define IEM_MC_STORE_MEM_U8(a_iSeg, a_GCPtrMem, a_u8Value) \
11874 iemMemStoreDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u8Value))
11875# define IEM_MC_STORE_MEM_U16(a_iSeg, a_GCPtrMem, a_u16Value) \
11876 iemMemStoreDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u16Value))
11877# define IEM_MC_STORE_MEM_U32(a_iSeg, a_GCPtrMem, a_u32Value) \
11878 iemMemStoreDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u32Value))
11879# define IEM_MC_STORE_MEM_U64(a_iSeg, a_GCPtrMem, a_u64Value) \
11880 iemMemStoreDataU64Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u64Value))
11881#endif
11882
11883#ifndef IEM_WITH_SETJMP
11884# define IEM_MC_STORE_MEM_U8_CONST(a_iSeg, a_GCPtrMem, a_u8C) \
11885 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU8(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u8C)))
11886# define IEM_MC_STORE_MEM_U16_CONST(a_iSeg, a_GCPtrMem, a_u16C) \
11887 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU16(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u16C)))
11888# define IEM_MC_STORE_MEM_U32_CONST(a_iSeg, a_GCPtrMem, a_u32C) \
11889 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU32(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u32C)))
11890# define IEM_MC_STORE_MEM_U64_CONST(a_iSeg, a_GCPtrMem, a_u64C) \
11891 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU64(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u64C)))
11892#else
11893# define IEM_MC_STORE_MEM_U8_CONST(a_iSeg, a_GCPtrMem, a_u8C) \
11894 iemMemStoreDataU8Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u8C))
11895# define IEM_MC_STORE_MEM_U16_CONST(a_iSeg, a_GCPtrMem, a_u16C) \
11896 iemMemStoreDataU16Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u16C))
11897# define IEM_MC_STORE_MEM_U32_CONST(a_iSeg, a_GCPtrMem, a_u32C) \
11898 iemMemStoreDataU32Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u32C))
11899# define IEM_MC_STORE_MEM_U64_CONST(a_iSeg, a_GCPtrMem, a_u64C) \
11900 iemMemStoreDataU64Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u64C))
11901#endif
11902
11903#define IEM_MC_STORE_MEM_I8_CONST_BY_REF( a_pi8Dst, a_i8C) *(a_pi8Dst) = (a_i8C)
11904#define IEM_MC_STORE_MEM_I16_CONST_BY_REF(a_pi16Dst, a_i16C) *(a_pi16Dst) = (a_i16C)
11905#define IEM_MC_STORE_MEM_I32_CONST_BY_REF(a_pi32Dst, a_i32C) *(a_pi32Dst) = (a_i32C)
11906#define IEM_MC_STORE_MEM_I64_CONST_BY_REF(a_pi64Dst, a_i64C) *(a_pi64Dst) = (a_i64C)
11907#define IEM_MC_STORE_MEM_NEG_QNAN_R32_BY_REF(a_pr32Dst) (a_pr32Dst)->u32 = UINT32_C(0xffc00000)
11908#define IEM_MC_STORE_MEM_NEG_QNAN_R64_BY_REF(a_pr64Dst) (a_pr64Dst)->au64[0] = UINT64_C(0xfff8000000000000)
11909#define IEM_MC_STORE_MEM_NEG_QNAN_R80_BY_REF(a_pr80Dst) \
11910 do { \
11911 (a_pr80Dst)->au64[0] = UINT64_C(0xc000000000000000); \
11912 (a_pr80Dst)->au16[4] = UINT16_C(0xffff); \
11913 } while (0)
11914
11915#ifndef IEM_WITH_SETJMP
11916# define IEM_MC_STORE_MEM_U128(a_iSeg, a_GCPtrMem, a_u128Value) \
11917 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU128(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u128Value)))
11918# define IEM_MC_STORE_MEM_U128_ALIGN_SSE(a_iSeg, a_GCPtrMem, a_u128Value) \
11919 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU128AlignedSse(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u128Value)))
11920#else
11921# define IEM_MC_STORE_MEM_U128(a_iSeg, a_GCPtrMem, a_u128Value) \
11922 iemMemStoreDataU128Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u128Value))
11923# define IEM_MC_STORE_MEM_U128_ALIGN_SSE(a_iSeg, a_GCPtrMem, a_u128Value) \
11924 iemMemStoreDataU128AlignedSseJmp(pVCpu, (a_iSeg), (a_GCPtrMem), (a_u128Value))
11925#endif
11926
11927#ifndef IEM_WITH_SETJMP
11928# define IEM_MC_STORE_MEM_U256(a_iSeg, a_GCPtrMem, a_u256Value) \
11929 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU256(pVCpu, (a_iSeg), (a_GCPtrMem), &(a_u256Value)))
11930# define IEM_MC_STORE_MEM_U256_ALIGN_AVX(a_iSeg, a_GCPtrMem, a_u256Value) \
11931 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU256AlignedAvx(pVCpu, (a_iSeg), (a_GCPtrMem), &(a_u256Value)))
11932#else
11933# define IEM_MC_STORE_MEM_U256(a_iSeg, a_GCPtrMem, a_u256Value) \
11934 iemMemStoreDataU256Jmp(pVCpu, (a_iSeg), (a_GCPtrMem), &(a_u256Value))
11935# define IEM_MC_STORE_MEM_U256_ALIGN_AVX(a_iSeg, a_GCPtrMem, a_u256Value) \
11936 iemMemStoreDataU256AlignedAvxJmp(pVCpu, (a_iSeg), (a_GCPtrMem), &(a_u256Value))
11937#endif
11938
11939
11940#define IEM_MC_PUSH_U16(a_u16Value) \
11941 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU16(pVCpu, (a_u16Value)))
11942#define IEM_MC_PUSH_U32(a_u32Value) \
11943 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU32(pVCpu, (a_u32Value)))
11944#define IEM_MC_PUSH_U32_SREG(a_u32Value) \
11945 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU32SReg(pVCpu, (a_u32Value)))
11946#define IEM_MC_PUSH_U64(a_u64Value) \
11947 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU64(pVCpu, (a_u64Value)))
11948
11949#define IEM_MC_POP_U16(a_pu16Value) \
11950 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU16(pVCpu, (a_pu16Value)))
11951#define IEM_MC_POP_U32(a_pu32Value) \
11952 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU32(pVCpu, (a_pu32Value)))
11953#define IEM_MC_POP_U64(a_pu64Value) \
11954 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU64(pVCpu, (a_pu64Value)))
11955
11956/** Maps guest memory for direct or bounce buffered access.
11957 * The purpose is to pass it to an operand implementation, thus the a_iArg.
11958 * @remarks May return.
11959 */
11960#define IEM_MC_MEM_MAP(a_pMem, a_fAccess, a_iSeg, a_GCPtrMem, a_iArg) \
11961 IEM_MC_RETURN_ON_FAILURE(iemMemMap(pVCpu, (void **)&(a_pMem), sizeof(*(a_pMem)), (a_iSeg), (a_GCPtrMem), (a_fAccess)))
11962
11963/** Maps guest memory for direct or bounce buffered access.
11964 * The purpose is to pass it to an operand implementation, thus the a_iArg.
11965 * @remarks May return.
11966 */
11967#define IEM_MC_MEM_MAP_EX(a_pvMem, a_fAccess, a_cbMem, a_iSeg, a_GCPtrMem, a_iArg) \
11968 IEM_MC_RETURN_ON_FAILURE(iemMemMap(pVCpu, (void **)&(a_pvMem), (a_cbMem), (a_iSeg), (a_GCPtrMem), (a_fAccess)))
11969
11970/** Commits the memory and unmaps the guest memory.
11971 * @remarks May return.
11972 */
11973#define IEM_MC_MEM_COMMIT_AND_UNMAP(a_pvMem, a_fAccess) \
11974 IEM_MC_RETURN_ON_FAILURE(iemMemCommitAndUnmap(pVCpu, (a_pvMem), (a_fAccess)))
11975
11976/** Commits the memory and unmaps the guest memory unless the FPU status word
11977 * indicates (@a a_u16FSW) and FPU control word indicates a pending exception
11978 * that would cause FLD not to store.
11979 *
11980 * The current understanding is that \#O, \#U, \#IA and \#IS will prevent a
11981 * store, while \#P will not.
11982 *
11983 * @remarks May in theory return - for now.
11984 */
11985#define IEM_MC_MEM_COMMIT_AND_UNMAP_FOR_FPU_STORE(a_pvMem, a_fAccess, a_u16FSW) \
11986 do { \
11987 if ( !(a_u16FSW & X86_FSW_ES) \
11988 || !( (a_u16FSW & (X86_FSW_UE | X86_FSW_OE | X86_FSW_IE)) \
11989 & ~(pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FCW & X86_FCW_MASK_ALL) ) ) \
11990 IEM_MC_RETURN_ON_FAILURE(iemMemCommitAndUnmap(pVCpu, (a_pvMem), (a_fAccess))); \
11991 } while (0)
11992
11993/** Calculate efficient address from R/M. */
11994#ifndef IEM_WITH_SETJMP
11995# define IEM_MC_CALC_RM_EFF_ADDR(a_GCPtrEff, bRm, cbImm) \
11996 IEM_MC_RETURN_ON_FAILURE(iemOpHlpCalcRmEffAddr(pVCpu, (bRm), (cbImm), &(a_GCPtrEff)))
11997#else
11998# define IEM_MC_CALC_RM_EFF_ADDR(a_GCPtrEff, bRm, cbImm) \
11999 ((a_GCPtrEff) = iemOpHlpCalcRmEffAddrJmp(pVCpu, (bRm), (cbImm)))
12000#endif
12001
12002#define IEM_MC_CALL_VOID_AIMPL_0(a_pfn) (a_pfn)()
12003#define IEM_MC_CALL_VOID_AIMPL_1(a_pfn, a0) (a_pfn)((a0))
12004#define IEM_MC_CALL_VOID_AIMPL_2(a_pfn, a0, a1) (a_pfn)((a0), (a1))
12005#define IEM_MC_CALL_VOID_AIMPL_3(a_pfn, a0, a1, a2) (a_pfn)((a0), (a1), (a2))
12006#define IEM_MC_CALL_VOID_AIMPL_4(a_pfn, a0, a1, a2, a3) (a_pfn)((a0), (a1), (a2), (a3))
12007#define IEM_MC_CALL_AIMPL_3(a_rc, a_pfn, a0, a1, a2) (a_rc) = (a_pfn)((a0), (a1), (a2))
12008#define IEM_MC_CALL_AIMPL_4(a_rc, a_pfn, a0, a1, a2, a3) (a_rc) = (a_pfn)((a0), (a1), (a2), (a3))
12009
12010/**
12011 * Defers the rest of the instruction emulation to a C implementation routine
12012 * and returns, only taking the standard parameters.
12013 *
12014 * @param a_pfnCImpl The pointer to the C routine.
12015 * @sa IEM_DECL_IMPL_C_TYPE_0 and IEM_CIMPL_DEF_0.
12016 */
12017#define IEM_MC_CALL_CIMPL_0(a_pfnCImpl) return (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu))
12018
12019/**
12020 * Defers the rest of instruction emulation to a C implementation routine and
12021 * returns, taking one argument in addition to the standard ones.
12022 *
12023 * @param a_pfnCImpl The pointer to the C routine.
12024 * @param a0 The argument.
12025 */
12026#define IEM_MC_CALL_CIMPL_1(a_pfnCImpl, a0) return (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0)
12027
12028/**
12029 * Defers the rest of the instruction emulation to a C implementation routine
12030 * and returns, taking two arguments in addition to the standard ones.
12031 *
12032 * @param a_pfnCImpl The pointer to the C routine.
12033 * @param a0 The first extra argument.
12034 * @param a1 The second extra argument.
12035 */
12036#define IEM_MC_CALL_CIMPL_2(a_pfnCImpl, a0, a1) return (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0, a1)
12037
12038/**
12039 * Defers the rest of the instruction emulation to a C implementation routine
12040 * and returns, taking three arguments in addition to the standard ones.
12041 *
12042 * @param a_pfnCImpl The pointer to the C routine.
12043 * @param a0 The first extra argument.
12044 * @param a1 The second extra argument.
12045 * @param a2 The third extra argument.
12046 */
12047#define IEM_MC_CALL_CIMPL_3(a_pfnCImpl, a0, a1, a2) return (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0, a1, a2)
12048
12049/**
12050 * Defers the rest of the instruction emulation to a C implementation routine
12051 * and returns, taking four arguments in addition to the standard ones.
12052 *
12053 * @param a_pfnCImpl The pointer to the C routine.
12054 * @param a0 The first extra argument.
12055 * @param a1 The second extra argument.
12056 * @param a2 The third extra argument.
12057 * @param a3 The fourth extra argument.
12058 */
12059#define IEM_MC_CALL_CIMPL_4(a_pfnCImpl, a0, a1, a2, a3) return (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0, a1, a2, a3)
12060
12061/**
12062 * Defers the rest of the instruction emulation to a C implementation routine
12063 * and returns, taking two arguments in addition to the standard ones.
12064 *
12065 * @param a_pfnCImpl The pointer to the C routine.
12066 * @param a0 The first extra argument.
12067 * @param a1 The second extra argument.
12068 * @param a2 The third extra argument.
12069 * @param a3 The fourth extra argument.
12070 * @param a4 The fifth extra argument.
12071 */
12072#define IEM_MC_CALL_CIMPL_5(a_pfnCImpl, a0, a1, a2, a3, a4) return (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0, a1, a2, a3, a4)
12073
12074/**
12075 * Defers the entire instruction emulation to a C implementation routine and
12076 * returns, only taking the standard parameters.
12077 *
12078 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
12079 *
12080 * @param a_pfnCImpl The pointer to the C routine.
12081 * @sa IEM_DECL_IMPL_C_TYPE_0 and IEM_CIMPL_DEF_0.
12082 */
12083#define IEM_MC_DEFER_TO_CIMPL_0(a_pfnCImpl) (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu))
12084
12085/**
12086 * Defers the entire instruction emulation to a C implementation routine and
12087 * returns, taking one argument in addition to the standard ones.
12088 *
12089 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
12090 *
12091 * @param a_pfnCImpl The pointer to the C routine.
12092 * @param a0 The argument.
12093 */
12094#define IEM_MC_DEFER_TO_CIMPL_1(a_pfnCImpl, a0) (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0)
12095
12096/**
12097 * Defers the entire instruction emulation to a C implementation routine and
12098 * returns, taking two arguments in addition to the standard ones.
12099 *
12100 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
12101 *
12102 * @param a_pfnCImpl The pointer to the C routine.
12103 * @param a0 The first extra argument.
12104 * @param a1 The second extra argument.
12105 */
12106#define IEM_MC_DEFER_TO_CIMPL_2(a_pfnCImpl, a0, a1) (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0, a1)
12107
12108/**
12109 * Defers the entire instruction emulation to a C implementation routine and
12110 * returns, taking three arguments in addition to the standard ones.
12111 *
12112 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
12113 *
12114 * @param a_pfnCImpl The pointer to the C routine.
12115 * @param a0 The first extra argument.
12116 * @param a1 The second extra argument.
12117 * @param a2 The third extra argument.
12118 */
12119#define IEM_MC_DEFER_TO_CIMPL_3(a_pfnCImpl, a0, a1, a2) (a_pfnCImpl)(pVCpu, IEM_GET_INSTR_LEN(pVCpu), a0, a1, a2)
12120
12121/**
12122 * Calls a FPU assembly implementation taking one visible argument.
12123 *
12124 * @param a_pfnAImpl Pointer to the assembly FPU routine.
12125 * @param a0 The first extra argument.
12126 */
12127#define IEM_MC_CALL_FPU_AIMPL_1(a_pfnAImpl, a0) \
12128 do { \
12129 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0)); \
12130 } while (0)
12131
12132/**
12133 * Calls a FPU assembly implementation taking two visible arguments.
12134 *
12135 * @param a_pfnAImpl Pointer to the assembly FPU routine.
12136 * @param a0 The first extra argument.
12137 * @param a1 The second extra argument.
12138 */
12139#define IEM_MC_CALL_FPU_AIMPL_2(a_pfnAImpl, a0, a1) \
12140 do { \
12141 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0), (a1)); \
12142 } while (0)
12143
12144/**
12145 * Calls a FPU assembly implementation taking three visible arguments.
12146 *
12147 * @param a_pfnAImpl Pointer to the assembly FPU routine.
12148 * @param a0 The first extra argument.
12149 * @param a1 The second extra argument.
12150 * @param a2 The third extra argument.
12151 */
12152#define IEM_MC_CALL_FPU_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
12153 do { \
12154 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0), (a1), (a2)); \
12155 } while (0)
12156
12157#define IEM_MC_SET_FPU_RESULT(a_FpuData, a_FSW, a_pr80Value) \
12158 do { \
12159 (a_FpuData).FSW = (a_FSW); \
12160 (a_FpuData).r80Result = *(a_pr80Value); \
12161 } while (0)
12162
12163/** Pushes FPU result onto the stack. */
12164#define IEM_MC_PUSH_FPU_RESULT(a_FpuData) \
12165 iemFpuPushResult(pVCpu, &a_FpuData)
12166/** Pushes FPU result onto the stack and sets the FPUDP. */
12167#define IEM_MC_PUSH_FPU_RESULT_MEM_OP(a_FpuData, a_iEffSeg, a_GCPtrEff) \
12168 iemFpuPushResultWithMemOp(pVCpu, &a_FpuData, a_iEffSeg, a_GCPtrEff)
12169
12170/** Replaces ST0 with value one and pushes value 2 onto the FPU stack. */
12171#define IEM_MC_PUSH_FPU_RESULT_TWO(a_FpuDataTwo) \
12172 iemFpuPushResultTwo(pVCpu, &a_FpuDataTwo)
12173
12174/** Stores FPU result in a stack register. */
12175#define IEM_MC_STORE_FPU_RESULT(a_FpuData, a_iStReg) \
12176 iemFpuStoreResult(pVCpu, &a_FpuData, a_iStReg)
12177/** Stores FPU result in a stack register and pops the stack. */
12178#define IEM_MC_STORE_FPU_RESULT_THEN_POP(a_FpuData, a_iStReg) \
12179 iemFpuStoreResultThenPop(pVCpu, &a_FpuData, a_iStReg)
12180/** Stores FPU result in a stack register and sets the FPUDP. */
12181#define IEM_MC_STORE_FPU_RESULT_MEM_OP(a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff) \
12182 iemFpuStoreResultWithMemOp(pVCpu, &a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff)
12183/** Stores FPU result in a stack register, sets the FPUDP, and pops the
12184 * stack. */
12185#define IEM_MC_STORE_FPU_RESULT_WITH_MEM_OP_THEN_POP(a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff) \
12186 iemFpuStoreResultWithMemOpThenPop(pVCpu, &a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff)
12187
12188/** Only update the FOP, FPUIP, and FPUCS. (For FNOP.) */
12189#define IEM_MC_UPDATE_FPU_OPCODE_IP() \
12190 iemFpuUpdateOpcodeAndIp(pVCpu)
12191/** Free a stack register (for FFREE and FFREEP). */
12192#define IEM_MC_FPU_STACK_FREE(a_iStReg) \
12193 iemFpuStackFree(pVCpu, a_iStReg)
12194/** Increment the FPU stack pointer. */
12195#define IEM_MC_FPU_STACK_INC_TOP() \
12196 iemFpuStackIncTop(pVCpu)
12197/** Decrement the FPU stack pointer. */
12198#define IEM_MC_FPU_STACK_DEC_TOP() \
12199 iemFpuStackDecTop(pVCpu)
12200
12201/** Updates the FSW, FOP, FPUIP, and FPUCS. */
12202#define IEM_MC_UPDATE_FSW(a_u16FSW) \
12203 iemFpuUpdateFSW(pVCpu, a_u16FSW)
12204/** Updates the FSW with a constant value as well as FOP, FPUIP, and FPUCS. */
12205#define IEM_MC_UPDATE_FSW_CONST(a_u16FSW) \
12206 iemFpuUpdateFSW(pVCpu, a_u16FSW)
12207/** Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS. */
12208#define IEM_MC_UPDATE_FSW_WITH_MEM_OP(a_u16FSW, a_iEffSeg, a_GCPtrEff) \
12209 iemFpuUpdateFSWWithMemOp(pVCpu, a_u16FSW, a_iEffSeg, a_GCPtrEff)
12210/** Updates the FSW, FOP, FPUIP, and FPUCS, and then pops the stack. */
12211#define IEM_MC_UPDATE_FSW_THEN_POP(a_u16FSW) \
12212 iemFpuUpdateFSWThenPop(pVCpu, a_u16FSW)
12213/** Updates the FSW, FOP, FPUIP, FPUCS, FPUDP and FPUDS, and then pops the
12214 * stack. */
12215#define IEM_MC_UPDATE_FSW_WITH_MEM_OP_THEN_POP(a_u16FSW, a_iEffSeg, a_GCPtrEff) \
12216 iemFpuUpdateFSWWithMemOpThenPop(pVCpu, a_u16FSW, a_iEffSeg, a_GCPtrEff)
12217/** Updates the FSW, FOP, FPUIP, and FPUCS, and then pops the stack twice. */
12218#define IEM_MC_UPDATE_FSW_THEN_POP_POP(a_u16FSW) \
12219 iemFpuUpdateFSWThenPopPop(pVCpu, a_u16FSW)
12220
12221/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. */
12222#define IEM_MC_FPU_STACK_UNDERFLOW(a_iStDst) \
12223 iemFpuStackUnderflow(pVCpu, a_iStDst)
12224/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. Pops
12225 * stack. */
12226#define IEM_MC_FPU_STACK_UNDERFLOW_THEN_POP(a_iStDst) \
12227 iemFpuStackUnderflowThenPop(pVCpu, a_iStDst)
12228/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS, FOP, FPUDP and
12229 * FPUDS. */
12230#define IEM_MC_FPU_STACK_UNDERFLOW_MEM_OP(a_iStDst, a_iEffSeg, a_GCPtrEff) \
12231 iemFpuStackUnderflowWithMemOp(pVCpu, a_iStDst, a_iEffSeg, a_GCPtrEff)
12232/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS, FOP, FPUDP and
12233 * FPUDS. Pops stack. */
12234#define IEM_MC_FPU_STACK_UNDERFLOW_MEM_OP_THEN_POP(a_iStDst, a_iEffSeg, a_GCPtrEff) \
12235 iemFpuStackUnderflowWithMemOpThenPop(pVCpu, a_iStDst, a_iEffSeg, a_GCPtrEff)
12236/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. Pops
12237 * stack twice. */
12238#define IEM_MC_FPU_STACK_UNDERFLOW_THEN_POP_POP() \
12239 iemFpuStackUnderflowThenPopPop(pVCpu)
12240/** Raises a FPU stack underflow exception for an instruction pushing a result
12241 * value onto the stack. Sets FPUIP, FPUCS and FOP. */
12242#define IEM_MC_FPU_STACK_PUSH_UNDERFLOW() \
12243 iemFpuStackPushUnderflow(pVCpu)
12244/** Raises a FPU stack underflow exception for an instruction pushing a result
12245 * value onto the stack and replacing ST0. Sets FPUIP, FPUCS and FOP. */
12246#define IEM_MC_FPU_STACK_PUSH_UNDERFLOW_TWO() \
12247 iemFpuStackPushUnderflowTwo(pVCpu)
12248
12249/** Raises a FPU stack overflow exception as part of a push attempt. Sets
12250 * FPUIP, FPUCS and FOP. */
12251#define IEM_MC_FPU_STACK_PUSH_OVERFLOW() \
12252 iemFpuStackPushOverflow(pVCpu)
12253/** Raises a FPU stack overflow exception as part of a push attempt. Sets
12254 * FPUIP, FPUCS, FOP, FPUDP and FPUDS. */
12255#define IEM_MC_FPU_STACK_PUSH_OVERFLOW_MEM_OP(a_iEffSeg, a_GCPtrEff) \
12256 iemFpuStackPushOverflowWithMemOp(pVCpu, a_iEffSeg, a_GCPtrEff)
12257/** Prepares for using the FPU state.
12258 * Ensures that we can use the host FPU in the current context (RC+R0.
12259 * Ensures the guest FPU state in the CPUMCTX is up to date. */
12260#define IEM_MC_PREPARE_FPU_USAGE() iemFpuPrepareUsage(pVCpu)
12261/** Actualizes the guest FPU state so it can be accessed read-only fashion. */
12262#define IEM_MC_ACTUALIZE_FPU_STATE_FOR_READ() iemFpuActualizeStateForRead(pVCpu)
12263/** Actualizes the guest FPU state so it can be accessed and modified. */
12264#define IEM_MC_ACTUALIZE_FPU_STATE_FOR_CHANGE() iemFpuActualizeStateForChange(pVCpu)
12265
12266/** Prepares for using the SSE state.
12267 * Ensures that we can use the host SSE/FPU in the current context (RC+R0.
12268 * Ensures the guest SSE state in the CPUMCTX is up to date. */
12269#define IEM_MC_PREPARE_SSE_USAGE() iemFpuPrepareUsageSse(pVCpu)
12270/** Actualizes the guest XMM0..15 and MXCSR register state for read-only access. */
12271#define IEM_MC_ACTUALIZE_SSE_STATE_FOR_READ() iemFpuActualizeSseStateForRead(pVCpu)
12272/** Actualizes the guest XMM0..15 and MXCSR register state for read-write access. */
12273#define IEM_MC_ACTUALIZE_SSE_STATE_FOR_CHANGE() iemFpuActualizeSseStateForChange(pVCpu)
12274
12275/** Prepares for using the AVX state.
12276 * Ensures that we can use the host AVX/FPU in the current context (RC+R0.
12277 * Ensures the guest AVX state in the CPUMCTX is up to date.
12278 * @note This will include the AVX512 state too when support for it is added
12279 * due to the zero extending feature of VEX instruction. */
12280#define IEM_MC_PREPARE_AVX_USAGE() iemFpuPrepareUsageAvx(pVCpu)
12281/** Actualizes the guest XMM0..15 and MXCSR register state for read-only access. */
12282#define IEM_MC_ACTUALIZE_AVX_STATE_FOR_READ() iemFpuActualizeAvxStateForRead(pVCpu)
12283/** Actualizes the guest YMM0..15 and MXCSR register state for read-write access. */
12284#define IEM_MC_ACTUALIZE_AVX_STATE_FOR_CHANGE() iemFpuActualizeAvxStateForChange(pVCpu)
12285
12286/**
12287 * Calls a MMX assembly implementation taking two visible arguments.
12288 *
12289 * @param a_pfnAImpl Pointer to the assembly MMX routine.
12290 * @param a0 The first extra argument.
12291 * @param a1 The second extra argument.
12292 */
12293#define IEM_MC_CALL_MMX_AIMPL_2(a_pfnAImpl, a0, a1) \
12294 do { \
12295 IEM_MC_PREPARE_FPU_USAGE(); \
12296 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0), (a1)); \
12297 } while (0)
12298
12299/**
12300 * Calls a MMX assembly implementation taking three visible arguments.
12301 *
12302 * @param a_pfnAImpl Pointer to the assembly MMX routine.
12303 * @param a0 The first extra argument.
12304 * @param a1 The second extra argument.
12305 * @param a2 The third extra argument.
12306 */
12307#define IEM_MC_CALL_MMX_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
12308 do { \
12309 IEM_MC_PREPARE_FPU_USAGE(); \
12310 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0), (a1), (a2)); \
12311 } while (0)
12312
12313
12314/**
12315 * Calls a SSE assembly implementation taking two visible arguments.
12316 *
12317 * @param a_pfnAImpl Pointer to the assembly SSE routine.
12318 * @param a0 The first extra argument.
12319 * @param a1 The second extra argument.
12320 */
12321#define IEM_MC_CALL_SSE_AIMPL_2(a_pfnAImpl, a0, a1) \
12322 do { \
12323 IEM_MC_PREPARE_SSE_USAGE(); \
12324 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0), (a1)); \
12325 } while (0)
12326
12327/**
12328 * Calls a SSE assembly implementation taking three visible arguments.
12329 *
12330 * @param a_pfnAImpl Pointer to the assembly SSE routine.
12331 * @param a0 The first extra argument.
12332 * @param a1 The second extra argument.
12333 * @param a2 The third extra argument.
12334 */
12335#define IEM_MC_CALL_SSE_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
12336 do { \
12337 IEM_MC_PREPARE_SSE_USAGE(); \
12338 a_pfnAImpl(&pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87, (a0), (a1), (a2)); \
12339 } while (0)
12340
12341
12342/** Declares implicit arguments for IEM_MC_CALL_AVX_AIMPL_2,
12343 * IEM_MC_CALL_AVX_AIMPL_3, IEM_MC_CALL_AVX_AIMPL_4, ... */
12344#define IEM_MC_IMPLICIT_AVX_AIMPL_ARGS() \
12345 IEM_MC_ARG_CONST(PX86XSAVEAREA, pXState, pVCpu->cpum.GstCtx.CTX_SUFF(pXState), 0)
12346
12347/**
12348 * Calls a AVX assembly implementation taking two visible arguments.
12349 *
12350 * There is one implicit zero'th argument, a pointer to the extended state.
12351 *
12352 * @param a_pfnAImpl Pointer to the assembly AVX routine.
12353 * @param a1 The first extra argument.
12354 * @param a2 The second extra argument.
12355 */
12356#define IEM_MC_CALL_AVX_AIMPL_2(a_pfnAImpl, a1, a2) \
12357 do { \
12358 IEM_MC_PREPARE_AVX_USAGE(); \
12359 a_pfnAImpl(pXState, (a1), (a2)); \
12360 } while (0)
12361
12362/**
12363 * Calls a AVX assembly implementation taking three visible arguments.
12364 *
12365 * There is one implicit zero'th argument, a pointer to the extended state.
12366 *
12367 * @param a_pfnAImpl Pointer to the assembly AVX routine.
12368 * @param a1 The first extra argument.
12369 * @param a2 The second extra argument.
12370 * @param a3 The third extra argument.
12371 */
12372#define IEM_MC_CALL_AVX_AIMPL_3(a_pfnAImpl, a1, a2, a3) \
12373 do { \
12374 IEM_MC_PREPARE_AVX_USAGE(); \
12375 a_pfnAImpl(pXState, (a1), (a2), (a3)); \
12376 } while (0)
12377
12378/** @note Not for IOPL or IF testing. */
12379#define IEM_MC_IF_EFL_BIT_SET(a_fBit) if (pVCpu->cpum.GstCtx.eflags.u & (a_fBit)) {
12380/** @note Not for IOPL or IF testing. */
12381#define IEM_MC_IF_EFL_BIT_NOT_SET(a_fBit) if (!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit))) {
12382/** @note Not for IOPL or IF testing. */
12383#define IEM_MC_IF_EFL_ANY_BITS_SET(a_fBits) if (pVCpu->cpum.GstCtx.eflags.u & (a_fBits)) {
12384/** @note Not for IOPL or IF testing. */
12385#define IEM_MC_IF_EFL_NO_BITS_SET(a_fBits) if (!(pVCpu->cpum.GstCtx.eflags.u & (a_fBits))) {
12386/** @note Not for IOPL or IF testing. */
12387#define IEM_MC_IF_EFL_BITS_NE(a_fBit1, a_fBit2) \
12388 if ( !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit1)) \
12389 != !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit2)) ) {
12390/** @note Not for IOPL or IF testing. */
12391#define IEM_MC_IF_EFL_BITS_EQ(a_fBit1, a_fBit2) \
12392 if ( !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit1)) \
12393 == !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit2)) ) {
12394/** @note Not for IOPL or IF testing. */
12395#define IEM_MC_IF_EFL_BIT_SET_OR_BITS_NE(a_fBit, a_fBit1, a_fBit2) \
12396 if ( (pVCpu->cpum.GstCtx.eflags.u & (a_fBit)) \
12397 || !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit1)) \
12398 != !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit2)) ) {
12399/** @note Not for IOPL or IF testing. */
12400#define IEM_MC_IF_EFL_BIT_NOT_SET_AND_BITS_EQ(a_fBit, a_fBit1, a_fBit2) \
12401 if ( !(pVCpu->cpum.GstCtx.eflags.u & (a_fBit)) \
12402 && !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit1)) \
12403 == !!(pVCpu->cpum.GstCtx.eflags.u & (a_fBit2)) ) {
12404#define IEM_MC_IF_CX_IS_NZ() if (pVCpu->cpum.GstCtx.cx != 0) {
12405#define IEM_MC_IF_ECX_IS_NZ() if (pVCpu->cpum.GstCtx.ecx != 0) {
12406#define IEM_MC_IF_RCX_IS_NZ() if (pVCpu->cpum.GstCtx.rcx != 0) {
12407/** @note Not for IOPL or IF testing. */
12408#define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
12409 if ( pVCpu->cpum.GstCtx.cx != 0 \
12410 && (pVCpu->cpum.GstCtx.eflags.u & a_fBit)) {
12411/** @note Not for IOPL or IF testing. */
12412#define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
12413 if ( pVCpu->cpum.GstCtx.ecx != 0 \
12414 && (pVCpu->cpum.GstCtx.eflags.u & a_fBit)) {
12415/** @note Not for IOPL or IF testing. */
12416#define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
12417 if ( pVCpu->cpum.GstCtx.rcx != 0 \
12418 && (pVCpu->cpum.GstCtx.eflags.u & a_fBit)) {
12419/** @note Not for IOPL or IF testing. */
12420#define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
12421 if ( pVCpu->cpum.GstCtx.cx != 0 \
12422 && !(pVCpu->cpum.GstCtx.eflags.u & a_fBit)) {
12423/** @note Not for IOPL or IF testing. */
12424#define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
12425 if ( pVCpu->cpum.GstCtx.ecx != 0 \
12426 && !(pVCpu->cpum.GstCtx.eflags.u & a_fBit)) {
12427/** @note Not for IOPL or IF testing. */
12428#define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
12429 if ( pVCpu->cpum.GstCtx.rcx != 0 \
12430 && !(pVCpu->cpum.GstCtx.eflags.u & a_fBit)) {
12431#define IEM_MC_IF_LOCAL_IS_Z(a_Local) if ((a_Local) == 0) {
12432#define IEM_MC_IF_GREG_BIT_SET(a_iGReg, a_iBitNo) if (iemGRegFetchU64(pVCpu, (a_iGReg)) & RT_BIT_64(a_iBitNo)) {
12433
12434#define IEM_MC_IF_FPUREG_NOT_EMPTY(a_iSt) \
12435 if (iemFpuStRegNotEmpty(pVCpu, (a_iSt)) == VINF_SUCCESS) {
12436#define IEM_MC_IF_FPUREG_IS_EMPTY(a_iSt) \
12437 if (iemFpuStRegNotEmpty(pVCpu, (a_iSt)) != VINF_SUCCESS) {
12438#define IEM_MC_IF_FPUREG_NOT_EMPTY_REF_R80(a_pr80Dst, a_iSt) \
12439 if (iemFpuStRegNotEmptyRef(pVCpu, (a_iSt), &(a_pr80Dst)) == VINF_SUCCESS) {
12440#define IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80(a_pr80Dst0, a_iSt0, a_pr80Dst1, a_iSt1) \
12441 if (iemFpu2StRegsNotEmptyRef(pVCpu, (a_iSt0), &(a_pr80Dst0), (a_iSt1), &(a_pr80Dst1)) == VINF_SUCCESS) {
12442#define IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80_FIRST(a_pr80Dst0, a_iSt0, a_iSt1) \
12443 if (iemFpu2StRegsNotEmptyRefFirst(pVCpu, (a_iSt0), &(a_pr80Dst0), (a_iSt1)) == VINF_SUCCESS) {
12444#define IEM_MC_IF_FCW_IM() \
12445 if (pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87.FCW & X86_FCW_IM) {
12446
12447#define IEM_MC_ELSE() } else {
12448#define IEM_MC_ENDIF() } do {} while (0)
12449
12450/** @} */
12451
12452
12453/** @name Opcode Debug Helpers.
12454 * @{
12455 */
12456#ifdef VBOX_WITH_STATISTICS
12457# define IEMOP_INC_STATS(a_Stats) do { pVCpu->iem.s.CTX_SUFF(pStats)->a_Stats += 1; } while (0)
12458#else
12459# define IEMOP_INC_STATS(a_Stats) do { } while (0)
12460#endif
12461
12462#ifdef DEBUG
12463# define IEMOP_MNEMONIC(a_Stats, a_szMnemonic) \
12464 do { \
12465 IEMOP_INC_STATS(a_Stats); \
12466 Log4(("decode - %04x:%RGv %s%s [#%u]\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, \
12467 pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK ? "lock " : "", a_szMnemonic, pVCpu->iem.s.cInstructions)); \
12468 } while (0)
12469
12470# define IEMOP_MNEMONIC0EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_fDisHints, a_fIemHints) \
12471 do { \
12472 IEMOP_MNEMONIC(a_Stats, a_szMnemonic); \
12473 (void)RT_CONCAT(IEMOPFORM_, a_Form); \
12474 (void)RT_CONCAT(OP_,a_Upper); \
12475 (void)(a_fDisHints); \
12476 (void)(a_fIemHints); \
12477 } while (0)
12478
12479# define IEMOP_MNEMONIC1EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_fDisHints, a_fIemHints) \
12480 do { \
12481 IEMOP_MNEMONIC(a_Stats, a_szMnemonic); \
12482 (void)RT_CONCAT(IEMOPFORM_, a_Form); \
12483 (void)RT_CONCAT(OP_,a_Upper); \
12484 (void)RT_CONCAT(OP_PARM_,a_Op1); \
12485 (void)(a_fDisHints); \
12486 (void)(a_fIemHints); \
12487 } while (0)
12488
12489# define IEMOP_MNEMONIC2EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_fDisHints, a_fIemHints) \
12490 do { \
12491 IEMOP_MNEMONIC(a_Stats, a_szMnemonic); \
12492 (void)RT_CONCAT(IEMOPFORM_, a_Form); \
12493 (void)RT_CONCAT(OP_,a_Upper); \
12494 (void)RT_CONCAT(OP_PARM_,a_Op1); \
12495 (void)RT_CONCAT(OP_PARM_,a_Op2); \
12496 (void)(a_fDisHints); \
12497 (void)(a_fIemHints); \
12498 } while (0)
12499
12500# define IEMOP_MNEMONIC3EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_fDisHints, a_fIemHints) \
12501 do { \
12502 IEMOP_MNEMONIC(a_Stats, a_szMnemonic); \
12503 (void)RT_CONCAT(IEMOPFORM_, a_Form); \
12504 (void)RT_CONCAT(OP_,a_Upper); \
12505 (void)RT_CONCAT(OP_PARM_,a_Op1); \
12506 (void)RT_CONCAT(OP_PARM_,a_Op2); \
12507 (void)RT_CONCAT(OP_PARM_,a_Op3); \
12508 (void)(a_fDisHints); \
12509 (void)(a_fIemHints); \
12510 } while (0)
12511
12512# define IEMOP_MNEMONIC4EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_Op4, a_fDisHints, a_fIemHints) \
12513 do { \
12514 IEMOP_MNEMONIC(a_Stats, a_szMnemonic); \
12515 (void)RT_CONCAT(IEMOPFORM_, a_Form); \
12516 (void)RT_CONCAT(OP_,a_Upper); \
12517 (void)RT_CONCAT(OP_PARM_,a_Op1); \
12518 (void)RT_CONCAT(OP_PARM_,a_Op2); \
12519 (void)RT_CONCAT(OP_PARM_,a_Op3); \
12520 (void)RT_CONCAT(OP_PARM_,a_Op4); \
12521 (void)(a_fDisHints); \
12522 (void)(a_fIemHints); \
12523 } while (0)
12524
12525#else
12526# define IEMOP_MNEMONIC(a_Stats, a_szMnemonic) IEMOP_INC_STATS(a_Stats)
12527
12528# define IEMOP_MNEMONIC0EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_fDisHints, a_fIemHints) \
12529 IEMOP_MNEMONIC(a_Stats, a_szMnemonic)
12530# define IEMOP_MNEMONIC1EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_fDisHints, a_fIemHints) \
12531 IEMOP_MNEMONIC(a_Stats, a_szMnemonic)
12532# define IEMOP_MNEMONIC2EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_fDisHints, a_fIemHints) \
12533 IEMOP_MNEMONIC(a_Stats, a_szMnemonic)
12534# define IEMOP_MNEMONIC3EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_fDisHints, a_fIemHints) \
12535 IEMOP_MNEMONIC(a_Stats, a_szMnemonic)
12536# define IEMOP_MNEMONIC4EX(a_Stats, a_szMnemonic, a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_Op4, a_fDisHints, a_fIemHints) \
12537 IEMOP_MNEMONIC(a_Stats, a_szMnemonic)
12538
12539#endif
12540
12541#define IEMOP_MNEMONIC0(a_Form, a_Upper, a_Lower, a_fDisHints, a_fIemHints) \
12542 IEMOP_MNEMONIC0EX(a_Lower, \
12543 #a_Lower, \
12544 a_Form, a_Upper, a_Lower, a_fDisHints, a_fIemHints)
12545#define IEMOP_MNEMONIC1(a_Form, a_Upper, a_Lower, a_Op1, a_fDisHints, a_fIemHints) \
12546 IEMOP_MNEMONIC1EX(RT_CONCAT3(a_Lower,_,a_Op1), \
12547 #a_Lower " " #a_Op1, \
12548 a_Form, a_Upper, a_Lower, a_Op1, a_fDisHints, a_fIemHints)
12549#define IEMOP_MNEMONIC2(a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_fDisHints, a_fIemHints) \
12550 IEMOP_MNEMONIC2EX(RT_CONCAT5(a_Lower,_,a_Op1,_,a_Op2), \
12551 #a_Lower " " #a_Op1 "," #a_Op2, \
12552 a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_fDisHints, a_fIemHints)
12553#define IEMOP_MNEMONIC3(a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_fDisHints, a_fIemHints) \
12554 IEMOP_MNEMONIC3EX(RT_CONCAT7(a_Lower,_,a_Op1,_,a_Op2,_,a_Op3), \
12555 #a_Lower " " #a_Op1 "," #a_Op2 "," #a_Op3, \
12556 a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_fDisHints, a_fIemHints)
12557#define IEMOP_MNEMONIC4(a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_Op4, a_fDisHints, a_fIemHints) \
12558 IEMOP_MNEMONIC4EX(RT_CONCAT9(a_Lower,_,a_Op1,_,a_Op2,_,a_Op3,_,a_Op4), \
12559 #a_Lower " " #a_Op1 "," #a_Op2 "," #a_Op3 "," #a_Op4, \
12560 a_Form, a_Upper, a_Lower, a_Op1, a_Op2, a_Op3, a_Op4, a_fDisHints, a_fIemHints)
12561
12562/** @} */
12563
12564
12565/** @name Opcode Helpers.
12566 * @{
12567 */
12568
12569#ifdef IN_RING3
12570# define IEMOP_HLP_MIN_CPU(a_uMinCpu, a_fOnlyIf) \
12571 do { \
12572 if (IEM_GET_TARGET_CPU(pVCpu) >= (a_uMinCpu) || !(a_fOnlyIf)) { } \
12573 else \
12574 { \
12575 (void)DBGFSTOP(pVCpu->CTX_SUFF(pVM)); \
12576 return IEMOP_RAISE_INVALID_OPCODE(); \
12577 } \
12578 } while (0)
12579#else
12580# define IEMOP_HLP_MIN_CPU(a_uMinCpu, a_fOnlyIf) \
12581 do { \
12582 if (IEM_GET_TARGET_CPU(pVCpu) >= (a_uMinCpu) || !(a_fOnlyIf)) { } \
12583 else return IEMOP_RAISE_INVALID_OPCODE(); \
12584 } while (0)
12585#endif
12586
12587/** The instruction requires a 186 or later. */
12588#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_186
12589# define IEMOP_HLP_MIN_186() do { } while (0)
12590#else
12591# define IEMOP_HLP_MIN_186() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_186, true)
12592#endif
12593
12594/** The instruction requires a 286 or later. */
12595#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_286
12596# define IEMOP_HLP_MIN_286() do { } while (0)
12597#else
12598# define IEMOP_HLP_MIN_286() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_286, true)
12599#endif
12600
12601/** The instruction requires a 386 or later. */
12602#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_386
12603# define IEMOP_HLP_MIN_386() do { } while (0)
12604#else
12605# define IEMOP_HLP_MIN_386() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_386, true)
12606#endif
12607
12608/** The instruction requires a 386 or later if the given expression is true. */
12609#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_386
12610# define IEMOP_HLP_MIN_386_EX(a_fOnlyIf) do { } while (0)
12611#else
12612# define IEMOP_HLP_MIN_386_EX(a_fOnlyIf) IEMOP_HLP_MIN_CPU(IEMTARGETCPU_386, a_fOnlyIf)
12613#endif
12614
12615/** The instruction requires a 486 or later. */
12616#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_486
12617# define IEMOP_HLP_MIN_486() do { } while (0)
12618#else
12619# define IEMOP_HLP_MIN_486() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_486, true)
12620#endif
12621
12622/** The instruction requires a Pentium (586) or later. */
12623#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_PENTIUM
12624# define IEMOP_HLP_MIN_586() do { } while (0)
12625#else
12626# define IEMOP_HLP_MIN_586() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_PENTIUM, true)
12627#endif
12628
12629/** The instruction requires a PentiumPro (686) or later. */
12630#if IEM_CFG_TARGET_CPU >= IEMTARGETCPU_PPRO
12631# define IEMOP_HLP_MIN_686() do { } while (0)
12632#else
12633# define IEMOP_HLP_MIN_686() IEMOP_HLP_MIN_CPU(IEMTARGETCPU_PPRO, true)
12634#endif
12635
12636
12637/** The instruction raises an \#UD in real and V8086 mode. */
12638#define IEMOP_HLP_NO_REAL_OR_V86_MODE() \
12639 do \
12640 { \
12641 if (!IEM_IS_REAL_OR_V86_MODE(pVCpu)) { /* likely */ } \
12642 else return IEMOP_RAISE_INVALID_OPCODE(); \
12643 } while (0)
12644
12645#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
12646/** This instruction raises an \#UD in real and V8086 mode or when not using a
12647 * 64-bit code segment when in long mode (applicable to all VMX instructions
12648 * except VMCALL).
12649 */
12650#define IEMOP_HLP_VMX_INSTR(a_szInstr, a_InsDiagPrefix) \
12651 do \
12652 { \
12653 if ( !IEM_IS_REAL_OR_V86_MODE(pVCpu) \
12654 && ( !IEM_IS_LONG_MODE(pVCpu) \
12655 || IEM_IS_64BIT_CODE(pVCpu))) \
12656 { /* likely */ } \
12657 else \
12658 { \
12659 if (IEM_IS_REAL_OR_V86_MODE(pVCpu)) \
12660 { \
12661 pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = a_InsDiagPrefix##_RealOrV86Mode; \
12662 Log5((a_szInstr ": Real or v8086 mode -> #UD\n")); \
12663 return IEMOP_RAISE_INVALID_OPCODE(); \
12664 } \
12665 if (IEM_IS_LONG_MODE(pVCpu) && !IEM_IS_64BIT_CODE(pVCpu)) \
12666 { \
12667 pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = a_InsDiagPrefix##_LongModeCS; \
12668 Log5((a_szInstr ": Long mode without 64-bit code segment -> #UD\n")); \
12669 return IEMOP_RAISE_INVALID_OPCODE(); \
12670 } \
12671 } \
12672 } while (0)
12673
12674/** The instruction can only be executed in VMX operation (VMX root mode and
12675 * non-root mode).
12676 *
12677 * @note Update IEM_VMX_IN_VMX_OPERATION if changes are made here.
12678 */
12679# define IEMOP_HLP_IN_VMX_OPERATION(a_szInstr, a_InsDiagPrefix) \
12680 do \
12681 { \
12682 if (IEM_VMX_IS_ROOT_MODE(pVCpu)) { /* likely */ } \
12683 else \
12684 { \
12685 pVCpu->cpum.GstCtx.hwvirt.vmx.enmDiag = a_InsDiagPrefix##_VmxRoot; \
12686 Log5((a_szInstr ": Not in VMX operation (root mode) -> #UD\n")); \
12687 return IEMOP_RAISE_INVALID_OPCODE(); \
12688 } \
12689 } while (0)
12690#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
12691
12692/** The instruction is not available in 64-bit mode, throw \#UD if we're in
12693 * 64-bit mode. */
12694#define IEMOP_HLP_NO_64BIT() \
12695 do \
12696 { \
12697 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT) \
12698 return IEMOP_RAISE_INVALID_OPCODE(); \
12699 } while (0)
12700
12701/** The instruction is only available in 64-bit mode, throw \#UD if we're not in
12702 * 64-bit mode. */
12703#define IEMOP_HLP_ONLY_64BIT() \
12704 do \
12705 { \
12706 if (pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT) \
12707 return IEMOP_RAISE_INVALID_OPCODE(); \
12708 } while (0)
12709
12710/** The instruction defaults to 64-bit operand size if 64-bit mode. */
12711#define IEMOP_HLP_DEFAULT_64BIT_OP_SIZE() \
12712 do \
12713 { \
12714 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT) \
12715 iemRecalEffOpSize64Default(pVCpu); \
12716 } while (0)
12717
12718/** The instruction has 64-bit operand size if 64-bit mode. */
12719#define IEMOP_HLP_64BIT_OP_SIZE() \
12720 do \
12721 { \
12722 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT) \
12723 pVCpu->iem.s.enmEffOpSize = pVCpu->iem.s.enmDefOpSize = IEMMODE_64BIT; \
12724 } while (0)
12725
12726/** Only a REX prefix immediately preceeding the first opcode byte takes
12727 * effect. This macro helps ensuring this as well as logging bad guest code. */
12728#define IEMOP_HLP_CLEAR_REX_NOT_BEFORE_OPCODE(a_szPrf) \
12729 do \
12730 { \
12731 if (RT_UNLIKELY(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_REX)) \
12732 { \
12733 Log5((a_szPrf ": Overriding REX prefix at %RX16! fPrefixes=%#x\n", pVCpu->cpum.GstCtx.rip, pVCpu->iem.s.fPrefixes)); \
12734 pVCpu->iem.s.fPrefixes &= ~IEM_OP_PRF_REX_MASK; \
12735 pVCpu->iem.s.uRexB = 0; \
12736 pVCpu->iem.s.uRexIndex = 0; \
12737 pVCpu->iem.s.uRexReg = 0; \
12738 iemRecalEffOpSize(pVCpu); \
12739 } \
12740 } while (0)
12741
12742/**
12743 * Done decoding.
12744 */
12745#define IEMOP_HLP_DONE_DECODING() \
12746 do \
12747 { \
12748 /*nothing for now, maybe later... */ \
12749 } while (0)
12750
12751/**
12752 * Done decoding, raise \#UD exception if lock prefix present.
12753 */
12754#define IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX() \
12755 do \
12756 { \
12757 if (RT_LIKELY(!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))) \
12758 { /* likely */ } \
12759 else \
12760 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
12761 } while (0)
12762
12763
12764/**
12765 * Done decoding VEX instruction, raise \#UD exception if any lock, rex, repz,
12766 * repnz or size prefixes are present, or if in real or v8086 mode.
12767 */
12768#define IEMOP_HLP_DONE_VEX_DECODING() \
12769 do \
12770 { \
12771 if (RT_LIKELY( !( pVCpu->iem.s.fPrefixes \
12772 & (IEM_OP_PRF_LOCK | IEM_OP_PRF_REPZ | IEM_OP_PRF_REPNZ | IEM_OP_PRF_SIZE_OP | IEM_OP_PRF_REX)) \
12773 && !IEM_IS_REAL_OR_V86_MODE(pVCpu) )) \
12774 { /* likely */ } \
12775 else \
12776 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
12777 } while (0)
12778
12779/**
12780 * Done decoding VEX instruction, raise \#UD exception if any lock, rex, repz,
12781 * repnz or size prefixes are present, or if in real or v8086 mode.
12782 */
12783#define IEMOP_HLP_DONE_VEX_DECODING_L0() \
12784 do \
12785 { \
12786 if (RT_LIKELY( !( pVCpu->iem.s.fPrefixes \
12787 & (IEM_OP_PRF_LOCK | IEM_OP_PRF_REPZ | IEM_OP_PRF_REPNZ | IEM_OP_PRF_SIZE_OP | IEM_OP_PRF_REX)) \
12788 && !IEM_IS_REAL_OR_V86_MODE(pVCpu) \
12789 && pVCpu->iem.s.uVexLength == 0)) \
12790 { /* likely */ } \
12791 else \
12792 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
12793 } while (0)
12794
12795
12796/**
12797 * Done decoding VEX instruction, raise \#UD exception if any lock, rex, repz,
12798 * repnz or size prefixes are present, or if the VEX.VVVV field doesn't indicate
12799 * register 0, or if in real or v8086 mode.
12800 */
12801#define IEMOP_HLP_DONE_VEX_DECODING_NO_VVVV() \
12802 do \
12803 { \
12804 if (RT_LIKELY( !( pVCpu->iem.s.fPrefixes \
12805 & (IEM_OP_PRF_LOCK | IEM_OP_PRF_REPZ | IEM_OP_PRF_REPNZ | IEM_OP_PRF_SIZE_OP | IEM_OP_PRF_REX)) \
12806 && !pVCpu->iem.s.uVex3rdReg \
12807 && !IEM_IS_REAL_OR_V86_MODE(pVCpu) )) \
12808 { /* likely */ } \
12809 else \
12810 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
12811 } while (0)
12812
12813/**
12814 * Done decoding VEX, no V, L=0.
12815 * Raises \#UD exception if rex, rep, opsize or lock prefixes are present, if
12816 * we're in real or v8086 mode, if VEX.V!=0xf, or if VEX.L!=0.
12817 */
12818#define IEMOP_HLP_DONE_VEX_DECODING_L0_AND_NO_VVVV() \
12819 do \
12820 { \
12821 if (RT_LIKELY( !( pVCpu->iem.s.fPrefixes \
12822 & (IEM_OP_PRF_LOCK | IEM_OP_PRF_SIZE_OP | IEM_OP_PRF_REPZ | IEM_OP_PRF_REPNZ | IEM_OP_PRF_REX)) \
12823 && pVCpu->iem.s.uVexLength == 0 \
12824 && pVCpu->iem.s.uVex3rdReg == 0 \
12825 && !IEM_IS_REAL_OR_V86_MODE(pVCpu))) \
12826 { /* likely */ } \
12827 else \
12828 return IEMOP_RAISE_INVALID_OPCODE(); \
12829 } while (0)
12830
12831#define IEMOP_HLP_DECODED_NL_1(a_uDisOpNo, a_fIemOpFlags, a_uDisParam0, a_fDisOpType) \
12832 do \
12833 { \
12834 if (RT_LIKELY(!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))) \
12835 { /* likely */ } \
12836 else \
12837 { \
12838 NOREF(a_uDisOpNo); NOREF(a_fIemOpFlags); NOREF(a_uDisParam0); NOREF(a_fDisOpType); \
12839 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
12840 } \
12841 } while (0)
12842#define IEMOP_HLP_DECODED_NL_2(a_uDisOpNo, a_fIemOpFlags, a_uDisParam0, a_uDisParam1, a_fDisOpType) \
12843 do \
12844 { \
12845 if (RT_LIKELY(!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))) \
12846 { /* likely */ } \
12847 else \
12848 { \
12849 NOREF(a_uDisOpNo); NOREF(a_fIemOpFlags); NOREF(a_uDisParam0); NOREF(a_uDisParam1); NOREF(a_fDisOpType); \
12850 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
12851 } \
12852 } while (0)
12853
12854/**
12855 * Done decoding, raise \#UD exception if any lock, repz or repnz prefixes
12856 * are present.
12857 */
12858#define IEMOP_HLP_DONE_DECODING_NO_LOCK_REPZ_OR_REPNZ_PREFIXES() \
12859 do \
12860 { \
12861 if (RT_LIKELY(!(pVCpu->iem.s.fPrefixes & (IEM_OP_PRF_LOCK | IEM_OP_PRF_REPNZ | IEM_OP_PRF_REPZ)))) \
12862 { /* likely */ } \
12863 else \
12864 return IEMOP_RAISE_INVALID_OPCODE(); \
12865 } while (0)
12866
12867/**
12868 * Done decoding, raise \#UD exception if any operand-size override, repz or repnz
12869 * prefixes are present.
12870 */
12871#define IEMOP_HLP_DONE_DECODING_NO_SIZE_OP_REPZ_OR_REPNZ_PREFIXES() \
12872 do \
12873 { \
12874 if (RT_LIKELY(!(pVCpu->iem.s.fPrefixes & (IEM_OP_PRF_SIZE_OP | IEM_OP_PRF_REPNZ | IEM_OP_PRF_REPZ)))) \
12875 { /* likely */ } \
12876 else \
12877 return IEMOP_RAISE_INVALID_OPCODE(); \
12878 } while (0)
12879
12880
12881/**
12882 * Calculates the effective address of a ModR/M memory operand.
12883 *
12884 * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR.
12885 *
12886 * @return Strict VBox status code.
12887 * @param pVCpu The cross context virtual CPU structure of the calling thread.
12888 * @param bRm The ModRM byte.
12889 * @param cbImm The size of any immediate following the
12890 * effective address opcode bytes. Important for
12891 * RIP relative addressing.
12892 * @param pGCPtrEff Where to return the effective address.
12893 */
12894IEM_STATIC VBOXSTRICTRC iemOpHlpCalcRmEffAddr(PVMCPU pVCpu, uint8_t bRm, uint8_t cbImm, PRTGCPTR pGCPtrEff)
12895{
12896 Log5(("iemOpHlpCalcRmEffAddr: bRm=%#x\n", bRm));
12897# define SET_SS_DEF() \
12898 do \
12899 { \
12900 if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_SEG_MASK)) \
12901 pVCpu->iem.s.iEffSeg = X86_SREG_SS; \
12902 } while (0)
12903
12904 if (pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT)
12905 {
12906/** @todo Check the effective address size crap! */
12907 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_16BIT)
12908 {
12909 uint16_t u16EffAddr;
12910
12911 /* Handle the disp16 form with no registers first. */
12912 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 6)
12913 IEM_OPCODE_GET_NEXT_U16(&u16EffAddr);
12914 else
12915 {
12916 /* Get the displacment. */
12917 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
12918 {
12919 case 0: u16EffAddr = 0; break;
12920 case 1: IEM_OPCODE_GET_NEXT_S8_SX_U16(&u16EffAddr); break;
12921 case 2: IEM_OPCODE_GET_NEXT_U16(&u16EffAddr); break;
12922 default: AssertFailedReturn(VERR_IEM_IPE_1); /* (caller checked for these) */
12923 }
12924
12925 /* Add the base and index registers to the disp. */
12926 switch (bRm & X86_MODRM_RM_MASK)
12927 {
12928 case 0: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.si; break;
12929 case 1: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.di; break;
12930 case 2: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.si; SET_SS_DEF(); break;
12931 case 3: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.di; SET_SS_DEF(); break;
12932 case 4: u16EffAddr += pVCpu->cpum.GstCtx.si; break;
12933 case 5: u16EffAddr += pVCpu->cpum.GstCtx.di; break;
12934 case 6: u16EffAddr += pVCpu->cpum.GstCtx.bp; SET_SS_DEF(); break;
12935 case 7: u16EffAddr += pVCpu->cpum.GstCtx.bx; break;
12936 }
12937 }
12938
12939 *pGCPtrEff = u16EffAddr;
12940 }
12941 else
12942 {
12943 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT);
12944 uint32_t u32EffAddr;
12945
12946 /* Handle the disp32 form with no registers first. */
12947 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
12948 IEM_OPCODE_GET_NEXT_U32(&u32EffAddr);
12949 else
12950 {
12951 /* Get the register (or SIB) value. */
12952 switch ((bRm & X86_MODRM_RM_MASK))
12953 {
12954 case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
12955 case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
12956 case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
12957 case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
12958 case 4: /* SIB */
12959 {
12960 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
12961
12962 /* Get the index and scale it. */
12963 switch ((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
12964 {
12965 case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
12966 case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
12967 case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
12968 case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
12969 case 4: u32EffAddr = 0; /*none */ break;
12970 case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; break;
12971 case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
12972 case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
12973 IEM_NOT_REACHED_DEFAULT_CASE_RET();
12974 }
12975 u32EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
12976
12977 /* add base */
12978 switch (bSib & X86_SIB_BASE_MASK)
12979 {
12980 case 0: u32EffAddr += pVCpu->cpum.GstCtx.eax; break;
12981 case 1: u32EffAddr += pVCpu->cpum.GstCtx.ecx; break;
12982 case 2: u32EffAddr += pVCpu->cpum.GstCtx.edx; break;
12983 case 3: u32EffAddr += pVCpu->cpum.GstCtx.ebx; break;
12984 case 4: u32EffAddr += pVCpu->cpum.GstCtx.esp; SET_SS_DEF(); break;
12985 case 5:
12986 if ((bRm & X86_MODRM_MOD_MASK) != 0)
12987 {
12988 u32EffAddr += pVCpu->cpum.GstCtx.ebp;
12989 SET_SS_DEF();
12990 }
12991 else
12992 {
12993 uint32_t u32Disp;
12994 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
12995 u32EffAddr += u32Disp;
12996 }
12997 break;
12998 case 6: u32EffAddr += pVCpu->cpum.GstCtx.esi; break;
12999 case 7: u32EffAddr += pVCpu->cpum.GstCtx.edi; break;
13000 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13001 }
13002 break;
13003 }
13004 case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; SET_SS_DEF(); break;
13005 case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
13006 case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
13007 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13008 }
13009
13010 /* Get and add the displacement. */
13011 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13012 {
13013 case 0:
13014 break;
13015 case 1:
13016 {
13017 int8_t i8Disp; IEM_OPCODE_GET_NEXT_S8(&i8Disp);
13018 u32EffAddr += i8Disp;
13019 break;
13020 }
13021 case 2:
13022 {
13023 uint32_t u32Disp; IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13024 u32EffAddr += u32Disp;
13025 break;
13026 }
13027 default:
13028 AssertFailedReturn(VERR_IEM_IPE_2); /* (caller checked for these) */
13029 }
13030
13031 }
13032 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT)
13033 *pGCPtrEff = u32EffAddr;
13034 else
13035 {
13036 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_16BIT);
13037 *pGCPtrEff = u32EffAddr & UINT16_MAX;
13038 }
13039 }
13040 }
13041 else
13042 {
13043 uint64_t u64EffAddr;
13044
13045 /* Handle the rip+disp32 form with no registers first. */
13046 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
13047 {
13048 IEM_OPCODE_GET_NEXT_S32_SX_U64(&u64EffAddr);
13049 u64EffAddr += pVCpu->cpum.GstCtx.rip + IEM_GET_INSTR_LEN(pVCpu) + cbImm;
13050 }
13051 else
13052 {
13053 /* Get the register (or SIB) value. */
13054 switch ((bRm & X86_MODRM_RM_MASK) | pVCpu->iem.s.uRexB)
13055 {
13056 case 0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
13057 case 1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
13058 case 2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
13059 case 3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
13060 case 5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; SET_SS_DEF(); break;
13061 case 6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
13062 case 7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
13063 case 8: u64EffAddr = pVCpu->cpum.GstCtx.r8; break;
13064 case 9: u64EffAddr = pVCpu->cpum.GstCtx.r9; break;
13065 case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
13066 case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
13067 case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
13068 case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
13069 case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
13070 /* SIB */
13071 case 4:
13072 case 12:
13073 {
13074 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
13075
13076 /* Get the index and scale it. */
13077 switch (((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK) | pVCpu->iem.s.uRexIndex)
13078 {
13079 case 0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
13080 case 1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
13081 case 2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
13082 case 3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
13083 case 4: u64EffAddr = 0; /*none */ break;
13084 case 5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; break;
13085 case 6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
13086 case 7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
13087 case 8: u64EffAddr = pVCpu->cpum.GstCtx.r8; break;
13088 case 9: u64EffAddr = pVCpu->cpum.GstCtx.r9; break;
13089 case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
13090 case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
13091 case 12: u64EffAddr = pVCpu->cpum.GstCtx.r12; break;
13092 case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
13093 case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
13094 case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
13095 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13096 }
13097 u64EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
13098
13099 /* add base */
13100 switch ((bSib & X86_SIB_BASE_MASK) | pVCpu->iem.s.uRexB)
13101 {
13102 case 0: u64EffAddr += pVCpu->cpum.GstCtx.rax; break;
13103 case 1: u64EffAddr += pVCpu->cpum.GstCtx.rcx; break;
13104 case 2: u64EffAddr += pVCpu->cpum.GstCtx.rdx; break;
13105 case 3: u64EffAddr += pVCpu->cpum.GstCtx.rbx; break;
13106 case 4: u64EffAddr += pVCpu->cpum.GstCtx.rsp; SET_SS_DEF(); break;
13107 case 6: u64EffAddr += pVCpu->cpum.GstCtx.rsi; break;
13108 case 7: u64EffAddr += pVCpu->cpum.GstCtx.rdi; break;
13109 case 8: u64EffAddr += pVCpu->cpum.GstCtx.r8; break;
13110 case 9: u64EffAddr += pVCpu->cpum.GstCtx.r9; break;
13111 case 10: u64EffAddr += pVCpu->cpum.GstCtx.r10; break;
13112 case 11: u64EffAddr += pVCpu->cpum.GstCtx.r11; break;
13113 case 12: u64EffAddr += pVCpu->cpum.GstCtx.r12; break;
13114 case 14: u64EffAddr += pVCpu->cpum.GstCtx.r14; break;
13115 case 15: u64EffAddr += pVCpu->cpum.GstCtx.r15; break;
13116 /* complicated encodings */
13117 case 5:
13118 case 13:
13119 if ((bRm & X86_MODRM_MOD_MASK) != 0)
13120 {
13121 if (!pVCpu->iem.s.uRexB)
13122 {
13123 u64EffAddr += pVCpu->cpum.GstCtx.rbp;
13124 SET_SS_DEF();
13125 }
13126 else
13127 u64EffAddr += pVCpu->cpum.GstCtx.r13;
13128 }
13129 else
13130 {
13131 uint32_t u32Disp;
13132 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13133 u64EffAddr += (int32_t)u32Disp;
13134 }
13135 break;
13136 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13137 }
13138 break;
13139 }
13140 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13141 }
13142
13143 /* Get and add the displacement. */
13144 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13145 {
13146 case 0:
13147 break;
13148 case 1:
13149 {
13150 int8_t i8Disp;
13151 IEM_OPCODE_GET_NEXT_S8(&i8Disp);
13152 u64EffAddr += i8Disp;
13153 break;
13154 }
13155 case 2:
13156 {
13157 uint32_t u32Disp;
13158 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13159 u64EffAddr += (int32_t)u32Disp;
13160 break;
13161 }
13162 IEM_NOT_REACHED_DEFAULT_CASE_RET(); /* (caller checked for these) */
13163 }
13164
13165 }
13166
13167 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_64BIT)
13168 *pGCPtrEff = u64EffAddr;
13169 else
13170 {
13171 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT);
13172 *pGCPtrEff = u64EffAddr & UINT32_MAX;
13173 }
13174 }
13175
13176 Log5(("iemOpHlpCalcRmEffAddr: EffAddr=%#010RGv\n", *pGCPtrEff));
13177 return VINF_SUCCESS;
13178}
13179
13180
13181/**
13182 * Calculates the effective address of a ModR/M memory operand.
13183 *
13184 * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR.
13185 *
13186 * @return Strict VBox status code.
13187 * @param pVCpu The cross context virtual CPU structure of the calling thread.
13188 * @param bRm The ModRM byte.
13189 * @param cbImm The size of any immediate following the
13190 * effective address opcode bytes. Important for
13191 * RIP relative addressing.
13192 * @param pGCPtrEff Where to return the effective address.
13193 * @param offRsp RSP displacement.
13194 */
13195IEM_STATIC VBOXSTRICTRC iemOpHlpCalcRmEffAddrEx(PVMCPU pVCpu, uint8_t bRm, uint8_t cbImm, PRTGCPTR pGCPtrEff, int8_t offRsp)
13196{
13197 Log5(("iemOpHlpCalcRmEffAddr: bRm=%#x\n", bRm));
13198# define SET_SS_DEF() \
13199 do \
13200 { \
13201 if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_SEG_MASK)) \
13202 pVCpu->iem.s.iEffSeg = X86_SREG_SS; \
13203 } while (0)
13204
13205 if (pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT)
13206 {
13207/** @todo Check the effective address size crap! */
13208 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_16BIT)
13209 {
13210 uint16_t u16EffAddr;
13211
13212 /* Handle the disp16 form with no registers first. */
13213 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 6)
13214 IEM_OPCODE_GET_NEXT_U16(&u16EffAddr);
13215 else
13216 {
13217 /* Get the displacment. */
13218 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13219 {
13220 case 0: u16EffAddr = 0; break;
13221 case 1: IEM_OPCODE_GET_NEXT_S8_SX_U16(&u16EffAddr); break;
13222 case 2: IEM_OPCODE_GET_NEXT_U16(&u16EffAddr); break;
13223 default: AssertFailedReturn(VERR_IEM_IPE_1); /* (caller checked for these) */
13224 }
13225
13226 /* Add the base and index registers to the disp. */
13227 switch (bRm & X86_MODRM_RM_MASK)
13228 {
13229 case 0: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.si; break;
13230 case 1: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.di; break;
13231 case 2: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.si; SET_SS_DEF(); break;
13232 case 3: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.di; SET_SS_DEF(); break;
13233 case 4: u16EffAddr += pVCpu->cpum.GstCtx.si; break;
13234 case 5: u16EffAddr += pVCpu->cpum.GstCtx.di; break;
13235 case 6: u16EffAddr += pVCpu->cpum.GstCtx.bp; SET_SS_DEF(); break;
13236 case 7: u16EffAddr += pVCpu->cpum.GstCtx.bx; break;
13237 }
13238 }
13239
13240 *pGCPtrEff = u16EffAddr;
13241 }
13242 else
13243 {
13244 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT);
13245 uint32_t u32EffAddr;
13246
13247 /* Handle the disp32 form with no registers first. */
13248 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
13249 IEM_OPCODE_GET_NEXT_U32(&u32EffAddr);
13250 else
13251 {
13252 /* Get the register (or SIB) value. */
13253 switch ((bRm & X86_MODRM_RM_MASK))
13254 {
13255 case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
13256 case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
13257 case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
13258 case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
13259 case 4: /* SIB */
13260 {
13261 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
13262
13263 /* Get the index and scale it. */
13264 switch ((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
13265 {
13266 case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
13267 case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
13268 case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
13269 case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
13270 case 4: u32EffAddr = 0; /*none */ break;
13271 case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; break;
13272 case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
13273 case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
13274 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13275 }
13276 u32EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
13277
13278 /* add base */
13279 switch (bSib & X86_SIB_BASE_MASK)
13280 {
13281 case 0: u32EffAddr += pVCpu->cpum.GstCtx.eax; break;
13282 case 1: u32EffAddr += pVCpu->cpum.GstCtx.ecx; break;
13283 case 2: u32EffAddr += pVCpu->cpum.GstCtx.edx; break;
13284 case 3: u32EffAddr += pVCpu->cpum.GstCtx.ebx; break;
13285 case 4:
13286 u32EffAddr += pVCpu->cpum.GstCtx.esp + offRsp;
13287 SET_SS_DEF();
13288 break;
13289 case 5:
13290 if ((bRm & X86_MODRM_MOD_MASK) != 0)
13291 {
13292 u32EffAddr += pVCpu->cpum.GstCtx.ebp;
13293 SET_SS_DEF();
13294 }
13295 else
13296 {
13297 uint32_t u32Disp;
13298 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13299 u32EffAddr += u32Disp;
13300 }
13301 break;
13302 case 6: u32EffAddr += pVCpu->cpum.GstCtx.esi; break;
13303 case 7: u32EffAddr += pVCpu->cpum.GstCtx.edi; break;
13304 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13305 }
13306 break;
13307 }
13308 case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; SET_SS_DEF(); break;
13309 case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
13310 case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
13311 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13312 }
13313
13314 /* Get and add the displacement. */
13315 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13316 {
13317 case 0:
13318 break;
13319 case 1:
13320 {
13321 int8_t i8Disp; IEM_OPCODE_GET_NEXT_S8(&i8Disp);
13322 u32EffAddr += i8Disp;
13323 break;
13324 }
13325 case 2:
13326 {
13327 uint32_t u32Disp; IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13328 u32EffAddr += u32Disp;
13329 break;
13330 }
13331 default:
13332 AssertFailedReturn(VERR_IEM_IPE_2); /* (caller checked for these) */
13333 }
13334
13335 }
13336 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT)
13337 *pGCPtrEff = u32EffAddr;
13338 else
13339 {
13340 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_16BIT);
13341 *pGCPtrEff = u32EffAddr & UINT16_MAX;
13342 }
13343 }
13344 }
13345 else
13346 {
13347 uint64_t u64EffAddr;
13348
13349 /* Handle the rip+disp32 form with no registers first. */
13350 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
13351 {
13352 IEM_OPCODE_GET_NEXT_S32_SX_U64(&u64EffAddr);
13353 u64EffAddr += pVCpu->cpum.GstCtx.rip + IEM_GET_INSTR_LEN(pVCpu) + cbImm;
13354 }
13355 else
13356 {
13357 /* Get the register (or SIB) value. */
13358 switch ((bRm & X86_MODRM_RM_MASK) | pVCpu->iem.s.uRexB)
13359 {
13360 case 0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
13361 case 1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
13362 case 2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
13363 case 3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
13364 case 5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; SET_SS_DEF(); break;
13365 case 6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
13366 case 7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
13367 case 8: u64EffAddr = pVCpu->cpum.GstCtx.r8; break;
13368 case 9: u64EffAddr = pVCpu->cpum.GstCtx.r9; break;
13369 case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
13370 case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
13371 case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
13372 case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
13373 case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
13374 /* SIB */
13375 case 4:
13376 case 12:
13377 {
13378 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
13379
13380 /* Get the index and scale it. */
13381 switch (((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK) | pVCpu->iem.s.uRexIndex)
13382 {
13383 case 0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
13384 case 1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
13385 case 2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
13386 case 3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
13387 case 4: u64EffAddr = 0; /*none */ break;
13388 case 5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; break;
13389 case 6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
13390 case 7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
13391 case 8: u64EffAddr = pVCpu->cpum.GstCtx.r8; break;
13392 case 9: u64EffAddr = pVCpu->cpum.GstCtx.r9; break;
13393 case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
13394 case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
13395 case 12: u64EffAddr = pVCpu->cpum.GstCtx.r12; break;
13396 case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
13397 case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
13398 case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
13399 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13400 }
13401 u64EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
13402
13403 /* add base */
13404 switch ((bSib & X86_SIB_BASE_MASK) | pVCpu->iem.s.uRexB)
13405 {
13406 case 0: u64EffAddr += pVCpu->cpum.GstCtx.rax; break;
13407 case 1: u64EffAddr += pVCpu->cpum.GstCtx.rcx; break;
13408 case 2: u64EffAddr += pVCpu->cpum.GstCtx.rdx; break;
13409 case 3: u64EffAddr += pVCpu->cpum.GstCtx.rbx; break;
13410 case 4: u64EffAddr += pVCpu->cpum.GstCtx.rsp + offRsp; SET_SS_DEF(); break;
13411 case 6: u64EffAddr += pVCpu->cpum.GstCtx.rsi; break;
13412 case 7: u64EffAddr += pVCpu->cpum.GstCtx.rdi; break;
13413 case 8: u64EffAddr += pVCpu->cpum.GstCtx.r8; break;
13414 case 9: u64EffAddr += pVCpu->cpum.GstCtx.r9; break;
13415 case 10: u64EffAddr += pVCpu->cpum.GstCtx.r10; break;
13416 case 11: u64EffAddr += pVCpu->cpum.GstCtx.r11; break;
13417 case 12: u64EffAddr += pVCpu->cpum.GstCtx.r12; break;
13418 case 14: u64EffAddr += pVCpu->cpum.GstCtx.r14; break;
13419 case 15: u64EffAddr += pVCpu->cpum.GstCtx.r15; break;
13420 /* complicated encodings */
13421 case 5:
13422 case 13:
13423 if ((bRm & X86_MODRM_MOD_MASK) != 0)
13424 {
13425 if (!pVCpu->iem.s.uRexB)
13426 {
13427 u64EffAddr += pVCpu->cpum.GstCtx.rbp;
13428 SET_SS_DEF();
13429 }
13430 else
13431 u64EffAddr += pVCpu->cpum.GstCtx.r13;
13432 }
13433 else
13434 {
13435 uint32_t u32Disp;
13436 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13437 u64EffAddr += (int32_t)u32Disp;
13438 }
13439 break;
13440 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13441 }
13442 break;
13443 }
13444 IEM_NOT_REACHED_DEFAULT_CASE_RET();
13445 }
13446
13447 /* Get and add the displacement. */
13448 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13449 {
13450 case 0:
13451 break;
13452 case 1:
13453 {
13454 int8_t i8Disp;
13455 IEM_OPCODE_GET_NEXT_S8(&i8Disp);
13456 u64EffAddr += i8Disp;
13457 break;
13458 }
13459 case 2:
13460 {
13461 uint32_t u32Disp;
13462 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13463 u64EffAddr += (int32_t)u32Disp;
13464 break;
13465 }
13466 IEM_NOT_REACHED_DEFAULT_CASE_RET(); /* (caller checked for these) */
13467 }
13468
13469 }
13470
13471 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_64BIT)
13472 *pGCPtrEff = u64EffAddr;
13473 else
13474 {
13475 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT);
13476 *pGCPtrEff = u64EffAddr & UINT32_MAX;
13477 }
13478 }
13479
13480 Log5(("iemOpHlpCalcRmEffAddr: EffAddr=%#010RGv\n", *pGCPtrEff));
13481 return VINF_SUCCESS;
13482}
13483
13484
13485#ifdef IEM_WITH_SETJMP
13486/**
13487 * Calculates the effective address of a ModR/M memory operand.
13488 *
13489 * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR.
13490 *
13491 * May longjmp on internal error.
13492 *
13493 * @return The effective address.
13494 * @param pVCpu The cross context virtual CPU structure of the calling thread.
13495 * @param bRm The ModRM byte.
13496 * @param cbImm The size of any immediate following the
13497 * effective address opcode bytes. Important for
13498 * RIP relative addressing.
13499 */
13500IEM_STATIC RTGCPTR iemOpHlpCalcRmEffAddrJmp(PVMCPU pVCpu, uint8_t bRm, uint8_t cbImm)
13501{
13502 Log5(("iemOpHlpCalcRmEffAddrJmp: bRm=%#x\n", bRm));
13503# define SET_SS_DEF() \
13504 do \
13505 { \
13506 if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_SEG_MASK)) \
13507 pVCpu->iem.s.iEffSeg = X86_SREG_SS; \
13508 } while (0)
13509
13510 if (pVCpu->iem.s.enmCpuMode != IEMMODE_64BIT)
13511 {
13512/** @todo Check the effective address size crap! */
13513 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_16BIT)
13514 {
13515 uint16_t u16EffAddr;
13516
13517 /* Handle the disp16 form with no registers first. */
13518 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 6)
13519 IEM_OPCODE_GET_NEXT_U16(&u16EffAddr);
13520 else
13521 {
13522 /* Get the displacment. */
13523 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13524 {
13525 case 0: u16EffAddr = 0; break;
13526 case 1: IEM_OPCODE_GET_NEXT_S8_SX_U16(&u16EffAddr); break;
13527 case 2: IEM_OPCODE_GET_NEXT_U16(&u16EffAddr); break;
13528 default: AssertFailedStmt(longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VERR_IEM_IPE_1)); /* (caller checked for these) */
13529 }
13530
13531 /* Add the base and index registers to the disp. */
13532 switch (bRm & X86_MODRM_RM_MASK)
13533 {
13534 case 0: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.si; break;
13535 case 1: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.di; break;
13536 case 2: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.si; SET_SS_DEF(); break;
13537 case 3: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.di; SET_SS_DEF(); break;
13538 case 4: u16EffAddr += pVCpu->cpum.GstCtx.si; break;
13539 case 5: u16EffAddr += pVCpu->cpum.GstCtx.di; break;
13540 case 6: u16EffAddr += pVCpu->cpum.GstCtx.bp; SET_SS_DEF(); break;
13541 case 7: u16EffAddr += pVCpu->cpum.GstCtx.bx; break;
13542 }
13543 }
13544
13545 Log5(("iemOpHlpCalcRmEffAddrJmp: EffAddr=%#06RX16\n", u16EffAddr));
13546 return u16EffAddr;
13547 }
13548
13549 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT);
13550 uint32_t u32EffAddr;
13551
13552 /* Handle the disp32 form with no registers first. */
13553 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
13554 IEM_OPCODE_GET_NEXT_U32(&u32EffAddr);
13555 else
13556 {
13557 /* Get the register (or SIB) value. */
13558 switch ((bRm & X86_MODRM_RM_MASK))
13559 {
13560 case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
13561 case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
13562 case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
13563 case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
13564 case 4: /* SIB */
13565 {
13566 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
13567
13568 /* Get the index and scale it. */
13569 switch ((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
13570 {
13571 case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
13572 case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
13573 case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
13574 case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
13575 case 4: u32EffAddr = 0; /*none */ break;
13576 case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; break;
13577 case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
13578 case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
13579 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX);
13580 }
13581 u32EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
13582
13583 /* add base */
13584 switch (bSib & X86_SIB_BASE_MASK)
13585 {
13586 case 0: u32EffAddr += pVCpu->cpum.GstCtx.eax; break;
13587 case 1: u32EffAddr += pVCpu->cpum.GstCtx.ecx; break;
13588 case 2: u32EffAddr += pVCpu->cpum.GstCtx.edx; break;
13589 case 3: u32EffAddr += pVCpu->cpum.GstCtx.ebx; break;
13590 case 4: u32EffAddr += pVCpu->cpum.GstCtx.esp; SET_SS_DEF(); break;
13591 case 5:
13592 if ((bRm & X86_MODRM_MOD_MASK) != 0)
13593 {
13594 u32EffAddr += pVCpu->cpum.GstCtx.ebp;
13595 SET_SS_DEF();
13596 }
13597 else
13598 {
13599 uint32_t u32Disp;
13600 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13601 u32EffAddr += u32Disp;
13602 }
13603 break;
13604 case 6: u32EffAddr += pVCpu->cpum.GstCtx.esi; break;
13605 case 7: u32EffAddr += pVCpu->cpum.GstCtx.edi; break;
13606 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX);
13607 }
13608 break;
13609 }
13610 case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; SET_SS_DEF(); break;
13611 case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
13612 case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
13613 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX);
13614 }
13615
13616 /* Get and add the displacement. */
13617 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13618 {
13619 case 0:
13620 break;
13621 case 1:
13622 {
13623 int8_t i8Disp; IEM_OPCODE_GET_NEXT_S8(&i8Disp);
13624 u32EffAddr += i8Disp;
13625 break;
13626 }
13627 case 2:
13628 {
13629 uint32_t u32Disp; IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13630 u32EffAddr += u32Disp;
13631 break;
13632 }
13633 default:
13634 AssertFailedStmt(longjmp(*pVCpu->iem.s.CTX_SUFF(pJmpBuf), VERR_IEM_IPE_2)); /* (caller checked for these) */
13635 }
13636 }
13637
13638 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT)
13639 {
13640 Log5(("iemOpHlpCalcRmEffAddrJmp: EffAddr=%#010RX32\n", u32EffAddr));
13641 return u32EffAddr;
13642 }
13643 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_16BIT);
13644 Log5(("iemOpHlpCalcRmEffAddrJmp: EffAddr=%#06RX32\n", u32EffAddr & UINT16_MAX));
13645 return u32EffAddr & UINT16_MAX;
13646 }
13647
13648 uint64_t u64EffAddr;
13649
13650 /* Handle the rip+disp32 form with no registers first. */
13651 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
13652 {
13653 IEM_OPCODE_GET_NEXT_S32_SX_U64(&u64EffAddr);
13654 u64EffAddr += pVCpu->cpum.GstCtx.rip + IEM_GET_INSTR_LEN(pVCpu) + cbImm;
13655 }
13656 else
13657 {
13658 /* Get the register (or SIB) value. */
13659 switch ((bRm & X86_MODRM_RM_MASK) | pVCpu->iem.s.uRexB)
13660 {
13661 case 0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
13662 case 1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
13663 case 2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
13664 case 3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
13665 case 5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; SET_SS_DEF(); break;
13666 case 6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
13667 case 7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
13668 case 8: u64EffAddr = pVCpu->cpum.GstCtx.r8; break;
13669 case 9: u64EffAddr = pVCpu->cpum.GstCtx.r9; break;
13670 case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
13671 case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
13672 case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
13673 case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
13674 case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
13675 /* SIB */
13676 case 4:
13677 case 12:
13678 {
13679 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
13680
13681 /* Get the index and scale it. */
13682 switch (((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK) | pVCpu->iem.s.uRexIndex)
13683 {
13684 case 0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
13685 case 1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
13686 case 2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
13687 case 3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
13688 case 4: u64EffAddr = 0; /*none */ break;
13689 case 5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; break;
13690 case 6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
13691 case 7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
13692 case 8: u64EffAddr = pVCpu->cpum.GstCtx.r8; break;
13693 case 9: u64EffAddr = pVCpu->cpum.GstCtx.r9; break;
13694 case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
13695 case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
13696 case 12: u64EffAddr = pVCpu->cpum.GstCtx.r12; break;
13697 case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
13698 case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
13699 case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
13700 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX);
13701 }
13702 u64EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
13703
13704 /* add base */
13705 switch ((bSib & X86_SIB_BASE_MASK) | pVCpu->iem.s.uRexB)
13706 {
13707 case 0: u64EffAddr += pVCpu->cpum.GstCtx.rax; break;
13708 case 1: u64EffAddr += pVCpu->cpum.GstCtx.rcx; break;
13709 case 2: u64EffAddr += pVCpu->cpum.GstCtx.rdx; break;
13710 case 3: u64EffAddr += pVCpu->cpum.GstCtx.rbx; break;
13711 case 4: u64EffAddr += pVCpu->cpum.GstCtx.rsp; SET_SS_DEF(); break;
13712 case 6: u64EffAddr += pVCpu->cpum.GstCtx.rsi; break;
13713 case 7: u64EffAddr += pVCpu->cpum.GstCtx.rdi; break;
13714 case 8: u64EffAddr += pVCpu->cpum.GstCtx.r8; break;
13715 case 9: u64EffAddr += pVCpu->cpum.GstCtx.r9; break;
13716 case 10: u64EffAddr += pVCpu->cpum.GstCtx.r10; break;
13717 case 11: u64EffAddr += pVCpu->cpum.GstCtx.r11; break;
13718 case 12: u64EffAddr += pVCpu->cpum.GstCtx.r12; break;
13719 case 14: u64EffAddr += pVCpu->cpum.GstCtx.r14; break;
13720 case 15: u64EffAddr += pVCpu->cpum.GstCtx.r15; break;
13721 /* complicated encodings */
13722 case 5:
13723 case 13:
13724 if ((bRm & X86_MODRM_MOD_MASK) != 0)
13725 {
13726 if (!pVCpu->iem.s.uRexB)
13727 {
13728 u64EffAddr += pVCpu->cpum.GstCtx.rbp;
13729 SET_SS_DEF();
13730 }
13731 else
13732 u64EffAddr += pVCpu->cpum.GstCtx.r13;
13733 }
13734 else
13735 {
13736 uint32_t u32Disp;
13737 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13738 u64EffAddr += (int32_t)u32Disp;
13739 }
13740 break;
13741 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX);
13742 }
13743 break;
13744 }
13745 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX);
13746 }
13747
13748 /* Get and add the displacement. */
13749 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
13750 {
13751 case 0:
13752 break;
13753 case 1:
13754 {
13755 int8_t i8Disp;
13756 IEM_OPCODE_GET_NEXT_S8(&i8Disp);
13757 u64EffAddr += i8Disp;
13758 break;
13759 }
13760 case 2:
13761 {
13762 uint32_t u32Disp;
13763 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
13764 u64EffAddr += (int32_t)u32Disp;
13765 break;
13766 }
13767 IEM_NOT_REACHED_DEFAULT_CASE_RET2(RTGCPTR_MAX); /* (caller checked for these) */
13768 }
13769
13770 }
13771
13772 if (pVCpu->iem.s.enmEffAddrMode == IEMMODE_64BIT)
13773 {
13774 Log5(("iemOpHlpCalcRmEffAddrJmp: EffAddr=%#010RGv\n", u64EffAddr));
13775 return u64EffAddr;
13776 }
13777 Assert(pVCpu->iem.s.enmEffAddrMode == IEMMODE_32BIT);
13778 Log5(("iemOpHlpCalcRmEffAddrJmp: EffAddr=%#010RGv\n", u64EffAddr & UINT32_MAX));
13779 return u64EffAddr & UINT32_MAX;
13780}
13781#endif /* IEM_WITH_SETJMP */
13782
13783/** @} */
13784
13785
13786
13787/*
13788 * Include the instructions
13789 */
13790#include "IEMAllInstructions.cpp.h"
13791
13792
13793
13794#ifdef LOG_ENABLED
13795/**
13796 * Logs the current instruction.
13797 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
13798 * @param fSameCtx Set if we have the same context information as the VMM,
13799 * clear if we may have already executed an instruction in
13800 * our debug context. When clear, we assume IEMCPU holds
13801 * valid CPU mode info.
13802 *
13803 * The @a fSameCtx parameter is now misleading and obsolete.
13804 * @param pszFunction The IEM function doing the execution.
13805 */
13806IEM_STATIC void iemLogCurInstr(PVMCPU pVCpu, bool fSameCtx, const char *pszFunction)
13807{
13808# ifdef IN_RING3
13809 if (LogIs2Enabled())
13810 {
13811 char szInstr[256];
13812 uint32_t cbInstr = 0;
13813 if (fSameCtx)
13814 DBGFR3DisasInstrEx(pVCpu->pVMR3->pUVM, pVCpu->idCpu, 0, 0,
13815 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
13816 szInstr, sizeof(szInstr), &cbInstr);
13817 else
13818 {
13819 uint32_t fFlags = 0;
13820 switch (pVCpu->iem.s.enmCpuMode)
13821 {
13822 case IEMMODE_64BIT: fFlags |= DBGF_DISAS_FLAGS_64BIT_MODE; break;
13823 case IEMMODE_32BIT: fFlags |= DBGF_DISAS_FLAGS_32BIT_MODE; break;
13824 case IEMMODE_16BIT:
13825 if (!(pVCpu->cpum.GstCtx.cr0 & X86_CR0_PE) || pVCpu->cpum.GstCtx.eflags.Bits.u1VM)
13826 fFlags |= DBGF_DISAS_FLAGS_16BIT_REAL_MODE;
13827 else
13828 fFlags |= DBGF_DISAS_FLAGS_16BIT_MODE;
13829 break;
13830 }
13831 DBGFR3DisasInstrEx(pVCpu->pVMR3->pUVM, pVCpu->idCpu, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, fFlags,
13832 szInstr, sizeof(szInstr), &cbInstr);
13833 }
13834
13835 PCX86FXSTATE pFpuCtx = &pVCpu->cpum.GstCtx.CTX_SUFF(pXState)->x87;
13836 Log2(("**** %s\n"
13837 " eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x\n"
13838 " eip=%08x esp=%08x ebp=%08x iopl=%d tr=%04x\n"
13839 " cs=%04x ss=%04x ds=%04x es=%04x fs=%04x gs=%04x efl=%08x\n"
13840 " fsw=%04x fcw=%04x ftw=%02x mxcsr=%04x/%04x\n"
13841 " %s\n"
13842 , pszFunction,
13843 pVCpu->cpum.GstCtx.eax, pVCpu->cpum.GstCtx.ebx, pVCpu->cpum.GstCtx.ecx, pVCpu->cpum.GstCtx.edx, pVCpu->cpum.GstCtx.esi, pVCpu->cpum.GstCtx.edi,
13844 pVCpu->cpum.GstCtx.eip, pVCpu->cpum.GstCtx.esp, pVCpu->cpum.GstCtx.ebp, pVCpu->cpum.GstCtx.eflags.Bits.u2IOPL, pVCpu->cpum.GstCtx.tr.Sel,
13845 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.ds.Sel, pVCpu->cpum.GstCtx.es.Sel,
13846 pVCpu->cpum.GstCtx.fs.Sel, pVCpu->cpum.GstCtx.gs.Sel, pVCpu->cpum.GstCtx.eflags.u,
13847 pFpuCtx->FSW, pFpuCtx->FCW, pFpuCtx->FTW, pFpuCtx->MXCSR, pFpuCtx->MXCSR_MASK,
13848 szInstr));
13849
13850 if (LogIs3Enabled())
13851 DBGFR3InfoEx(pVCpu->pVMR3->pUVM, pVCpu->idCpu, "cpumguest", "verbose", NULL);
13852 }
13853 else
13854# endif
13855 LogFlow(("%s: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x\n", pszFunction, pVCpu->cpum.GstCtx.cs.Sel,
13856 pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.eflags.u));
13857 RT_NOREF_PV(pVCpu); RT_NOREF_PV(fSameCtx);
13858}
13859#endif /* LOG_ENABLED */
13860
13861
13862/**
13863 * Makes status code addjustments (pass up from I/O and access handler)
13864 * as well as maintaining statistics.
13865 *
13866 * @returns Strict VBox status code to pass up.
13867 * @param pVCpu The cross context virtual CPU structure of the calling thread.
13868 * @param rcStrict The status from executing an instruction.
13869 */
13870DECL_FORCE_INLINE(VBOXSTRICTRC) iemExecStatusCodeFiddling(PVMCPU pVCpu, VBOXSTRICTRC rcStrict)
13871{
13872 if (rcStrict != VINF_SUCCESS)
13873 {
13874 if (RT_SUCCESS(rcStrict))
13875 {
13876 AssertMsg( (rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST)
13877 || rcStrict == VINF_IOM_R3_IOPORT_READ
13878 || rcStrict == VINF_IOM_R3_IOPORT_WRITE
13879 || rcStrict == VINF_IOM_R3_IOPORT_COMMIT_WRITE
13880 || rcStrict == VINF_IOM_R3_MMIO_READ
13881 || rcStrict == VINF_IOM_R3_MMIO_READ_WRITE
13882 || rcStrict == VINF_IOM_R3_MMIO_WRITE
13883 || rcStrict == VINF_IOM_R3_MMIO_COMMIT_WRITE
13884 || rcStrict == VINF_CPUM_R3_MSR_READ
13885 || rcStrict == VINF_CPUM_R3_MSR_WRITE
13886 || rcStrict == VINF_EM_RAW_EMULATE_INSTR
13887 || rcStrict == VINF_EM_RAW_TO_R3
13888 || rcStrict == VINF_EM_TRIPLE_FAULT
13889 || rcStrict == VINF_GIM_R3_HYPERCALL
13890 /* raw-mode / virt handlers only: */
13891 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_GDT_FAULT
13892 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_TSS_FAULT
13893 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_LDT_FAULT
13894 || rcStrict == VINF_EM_RAW_EMULATE_INSTR_IDT_FAULT
13895 || rcStrict == VINF_SELM_SYNC_GDT
13896 || rcStrict == VINF_CSAM_PENDING_ACTION
13897 || rcStrict == VINF_PATM_CHECK_PATCH_PAGE
13898 /* nested hw.virt codes: */
13899 || rcStrict == VINF_VMX_VMEXIT
13900 || rcStrict == VINF_VMX_MODIFIES_BEHAVIOR
13901 || rcStrict == VINF_SVM_VMEXIT
13902 , ("rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
13903/** @todo adjust for VINF_EM_RAW_EMULATE_INSTR. */
13904 int32_t const rcPassUp = pVCpu->iem.s.rcPassUp;
13905#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
13906 if ( rcStrict == VINF_VMX_VMEXIT
13907 && rcPassUp == VINF_SUCCESS)
13908 rcStrict = VINF_SUCCESS;
13909 else
13910#endif
13911#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
13912 if ( rcStrict == VINF_SVM_VMEXIT
13913 && rcPassUp == VINF_SUCCESS)
13914 rcStrict = VINF_SUCCESS;
13915 else
13916#endif
13917 if (rcPassUp == VINF_SUCCESS)
13918 pVCpu->iem.s.cRetInfStatuses++;
13919 else if ( rcPassUp < VINF_EM_FIRST
13920 || rcPassUp > VINF_EM_LAST
13921 || rcPassUp < VBOXSTRICTRC_VAL(rcStrict))
13922 {
13923 Log(("IEM: rcPassUp=%Rrc! rcStrict=%Rrc\n", rcPassUp, VBOXSTRICTRC_VAL(rcStrict)));
13924 pVCpu->iem.s.cRetPassUpStatus++;
13925 rcStrict = rcPassUp;
13926 }
13927 else
13928 {
13929 Log(("IEM: rcPassUp=%Rrc rcStrict=%Rrc!\n", rcPassUp, VBOXSTRICTRC_VAL(rcStrict)));
13930 pVCpu->iem.s.cRetInfStatuses++;
13931 }
13932 }
13933 else if (rcStrict == VERR_IEM_ASPECT_NOT_IMPLEMENTED)
13934 pVCpu->iem.s.cRetAspectNotImplemented++;
13935 else if (rcStrict == VERR_IEM_INSTR_NOT_IMPLEMENTED)
13936 pVCpu->iem.s.cRetInstrNotImplemented++;
13937 else
13938 pVCpu->iem.s.cRetErrStatuses++;
13939 }
13940 else if (pVCpu->iem.s.rcPassUp != VINF_SUCCESS)
13941 {
13942 pVCpu->iem.s.cRetPassUpStatus++;
13943 rcStrict = pVCpu->iem.s.rcPassUp;
13944 }
13945
13946 return rcStrict;
13947}
13948
13949
13950/**
13951 * The actual code execution bits of IEMExecOne, IEMExecOneEx, and
13952 * IEMExecOneWithPrefetchedByPC.
13953 *
13954 * Similar code is found in IEMExecLots.
13955 *
13956 * @return Strict VBox status code.
13957 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
13958 * @param fExecuteInhibit If set, execute the instruction following CLI,
13959 * POP SS and MOV SS,GR.
13960 * @param pszFunction The calling function name.
13961 */
13962DECLINLINE(VBOXSTRICTRC) iemExecOneInner(PVMCPU pVCpu, bool fExecuteInhibit, const char *pszFunction)
13963{
13964 AssertMsg(pVCpu->iem.s.aMemMappings[0].fAccess == IEM_ACCESS_INVALID, ("0: %#x %RGp\n", pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemBbMappings[0].GCPhysFirst));
13965 AssertMsg(pVCpu->iem.s.aMemMappings[1].fAccess == IEM_ACCESS_INVALID, ("1: %#x %RGp\n", pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemBbMappings[1].GCPhysFirst));
13966 AssertMsg(pVCpu->iem.s.aMemMappings[2].fAccess == IEM_ACCESS_INVALID, ("2: %#x %RGp\n", pVCpu->iem.s.aMemMappings[2].fAccess, pVCpu->iem.s.aMemBbMappings[2].GCPhysFirst));
13967 RT_NOREF_PV(pszFunction);
13968
13969#ifdef IEM_WITH_SETJMP
13970 VBOXSTRICTRC rcStrict;
13971 jmp_buf JmpBuf;
13972 jmp_buf *pSavedJmpBuf = pVCpu->iem.s.CTX_SUFF(pJmpBuf);
13973 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = &JmpBuf;
13974 if ((rcStrict = setjmp(JmpBuf)) == 0)
13975 {
13976 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
13977 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
13978 }
13979 else
13980 pVCpu->iem.s.cLongJumps++;
13981 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = pSavedJmpBuf;
13982#else
13983 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
13984 VBOXSTRICTRC rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
13985#endif
13986 if (rcStrict == VINF_SUCCESS)
13987 pVCpu->iem.s.cInstructions++;
13988 if (pVCpu->iem.s.cActiveMappings > 0)
13989 {
13990 Assert(rcStrict != VINF_SUCCESS);
13991 iemMemRollback(pVCpu);
13992 }
13993 AssertMsg(pVCpu->iem.s.aMemMappings[0].fAccess == IEM_ACCESS_INVALID, ("0: %#x %RGp\n", pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemBbMappings[0].GCPhysFirst));
13994 AssertMsg(pVCpu->iem.s.aMemMappings[1].fAccess == IEM_ACCESS_INVALID, ("1: %#x %RGp\n", pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemBbMappings[1].GCPhysFirst));
13995 AssertMsg(pVCpu->iem.s.aMemMappings[2].fAccess == IEM_ACCESS_INVALID, ("2: %#x %RGp\n", pVCpu->iem.s.aMemMappings[2].fAccess, pVCpu->iem.s.aMemBbMappings[2].GCPhysFirst));
13996
13997//#ifdef DEBUG
13998// AssertMsg(IEM_GET_INSTR_LEN(pVCpu) == cbInstr || rcStrict != VINF_SUCCESS, ("%u %u\n", IEM_GET_INSTR_LEN(pVCpu), cbInstr));
13999//#endif
14000
14001#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
14002 /*
14003 * Perform any VMX nested-guest instruction boundary actions.
14004 *
14005 * If any of these causes a VM-exit, we must skip executing the next
14006 * instruction (so we set fExecuteInhibit to false).
14007 */
14008 if ( rcStrict == VINF_SUCCESS
14009 && CPUMIsGuestInVmxNonRootMode(IEM_GET_CTX(pVCpu)))
14010 {
14011 /* TPR-below threshold/APIC write has the highest priority. */
14012 if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_APIC_WRITE))
14013 {
14014 rcStrict = iemVmxApicWriteEmulation(pVCpu);
14015 if (rcStrict != VINF_SUCCESS)
14016 fExecuteInhibit = false;
14017 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_APIC_WRITE));
14018 }
14019 /* MTF takes priority over VMX-preemption timer. */
14020 else if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_MTF))
14021 {
14022 rcStrict = iemVmxVmexitMtf(pVCpu);
14023 fExecuteInhibit = false;
14024 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_MTF));
14025 }
14026 /** Finally, check if the VMX preemption timer has expired. */
14027 else if (VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_PREEMPT_TIMER))
14028 {
14029 rcStrict = iemVmxVmexitPreemptTimer(pVCpu);
14030 if (rcStrict == VINF_VMX_INTERCEPT_NOT_ACTIVE)
14031 rcStrict = VINF_SUCCESS;
14032 else
14033 {
14034 Assert(!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_VMX_PREEMPT_TIMER));
14035 fExecuteInhibit = false;
14036 }
14037 }
14038 }
14039#endif
14040
14041 /* Execute the next instruction as well if a cli, pop ss or
14042 mov ss, Gr has just completed successfully. */
14043 if ( fExecuteInhibit
14044 && rcStrict == VINF_SUCCESS
14045 && VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
14046 && EMGetInhibitInterruptsPC(pVCpu) == pVCpu->cpum.GstCtx.rip )
14047 {
14048 rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, pVCpu->iem.s.fBypassHandlers);
14049 if (rcStrict == VINF_SUCCESS)
14050 {
14051#ifdef LOG_ENABLED
14052 iemLogCurInstr(pVCpu, false, pszFunction);
14053#endif
14054#ifdef IEM_WITH_SETJMP
14055 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = &JmpBuf;
14056 if ((rcStrict = setjmp(JmpBuf)) == 0)
14057 {
14058 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
14059 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
14060 }
14061 else
14062 pVCpu->iem.s.cLongJumps++;
14063 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = pSavedJmpBuf;
14064#else
14065 IEM_OPCODE_GET_NEXT_U8(&b);
14066 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
14067#endif
14068 if (rcStrict == VINF_SUCCESS)
14069 pVCpu->iem.s.cInstructions++;
14070 if (pVCpu->iem.s.cActiveMappings > 0)
14071 {
14072 Assert(rcStrict != VINF_SUCCESS);
14073 iemMemRollback(pVCpu);
14074 }
14075 AssertMsg(pVCpu->iem.s.aMemMappings[0].fAccess == IEM_ACCESS_INVALID, ("0: %#x %RGp\n", pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemBbMappings[0].GCPhysFirst));
14076 AssertMsg(pVCpu->iem.s.aMemMappings[1].fAccess == IEM_ACCESS_INVALID, ("1: %#x %RGp\n", pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemBbMappings[1].GCPhysFirst));
14077 AssertMsg(pVCpu->iem.s.aMemMappings[2].fAccess == IEM_ACCESS_INVALID, ("2: %#x %RGp\n", pVCpu->iem.s.aMemMappings[2].fAccess, pVCpu->iem.s.aMemBbMappings[2].GCPhysFirst));
14078 }
14079 else if (pVCpu->iem.s.cActiveMappings > 0)
14080 iemMemRollback(pVCpu);
14081 EMSetInhibitInterruptsPC(pVCpu, UINT64_C(0x7777555533331111));
14082 }
14083
14084 /*
14085 * Return value fiddling, statistics and sanity assertions.
14086 */
14087 rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
14088
14089 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
14090 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
14091 return rcStrict;
14092}
14093
14094
14095#ifdef IN_RC
14096/**
14097 * Re-enters raw-mode or ensure we return to ring-3.
14098 *
14099 * @returns rcStrict, maybe modified.
14100 * @param pVCpu The cross context virtual CPU structure of the calling thread.
14101 * @param rcStrict The status code returne by the interpreter.
14102 */
14103DECLINLINE(VBOXSTRICTRC) iemRCRawMaybeReenter(PVMCPU pVCpu, VBOXSTRICTRC rcStrict)
14104{
14105 if ( !pVCpu->iem.s.fInPatchCode
14106 && ( rcStrict == VINF_SUCCESS
14107 || rcStrict == VERR_IEM_INSTR_NOT_IMPLEMENTED /* pgmPoolAccessPfHandlerFlush */
14108 || rcStrict == VERR_IEM_ASPECT_NOT_IMPLEMENTED /* ditto */ ) )
14109 {
14110 if (pVCpu->cpum.GstCtx.eflags.Bits.u1IF || rcStrict != VINF_SUCCESS)
14111 CPUMRawEnter(pVCpu);
14112 else
14113 {
14114 Log(("iemRCRawMaybeReenter: VINF_EM_RESCHEDULE\n"));
14115 rcStrict = VINF_EM_RESCHEDULE;
14116 }
14117 }
14118 return rcStrict;
14119}
14120#endif
14121
14122
14123/**
14124 * Execute one instruction.
14125 *
14126 * @return Strict VBox status code.
14127 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
14128 */
14129VMMDECL(VBOXSTRICTRC) IEMExecOne(PVMCPU pVCpu)
14130{
14131#ifdef LOG_ENABLED
14132 iemLogCurInstr(pVCpu, true, "IEMExecOne");
14133#endif
14134
14135 /*
14136 * Do the decoding and emulation.
14137 */
14138 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
14139 if (rcStrict == VINF_SUCCESS)
14140 rcStrict = iemExecOneInner(pVCpu, true, "IEMExecOne");
14141 else if (pVCpu->iem.s.cActiveMappings > 0)
14142 iemMemRollback(pVCpu);
14143
14144#ifdef IN_RC
14145 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14146#endif
14147 if (rcStrict != VINF_SUCCESS)
14148 LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
14149 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
14150 return rcStrict;
14151}
14152
14153
14154VMMDECL(VBOXSTRICTRC) IEMExecOneEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
14155{
14156 AssertReturn(CPUMCTX2CORE(IEM_GET_CTX(pVCpu)) == pCtxCore, VERR_IEM_IPE_3);
14157
14158 uint32_t const cbOldWritten = pVCpu->iem.s.cbWritten;
14159 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
14160 if (rcStrict == VINF_SUCCESS)
14161 {
14162 rcStrict = iemExecOneInner(pVCpu, true, "IEMExecOneEx");
14163 if (pcbWritten)
14164 *pcbWritten = pVCpu->iem.s.cbWritten - cbOldWritten;
14165 }
14166 else if (pVCpu->iem.s.cActiveMappings > 0)
14167 iemMemRollback(pVCpu);
14168
14169#ifdef IN_RC
14170 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14171#endif
14172 return rcStrict;
14173}
14174
14175
14176VMMDECL(VBOXSTRICTRC) IEMExecOneWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
14177 const void *pvOpcodeBytes, size_t cbOpcodeBytes)
14178{
14179 AssertReturn(CPUMCTX2CORE(IEM_GET_CTX(pVCpu)) == pCtxCore, VERR_IEM_IPE_3);
14180
14181 VBOXSTRICTRC rcStrict;
14182 if ( cbOpcodeBytes
14183 && pVCpu->cpum.GstCtx.rip == OpcodeBytesPC)
14184 {
14185 iemInitDecoder(pVCpu, false);
14186#ifdef IEM_WITH_CODE_TLB
14187 pVCpu->iem.s.uInstrBufPc = OpcodeBytesPC;
14188 pVCpu->iem.s.pbInstrBuf = (uint8_t const *)pvOpcodeBytes;
14189 pVCpu->iem.s.cbInstrBufTotal = (uint16_t)RT_MIN(X86_PAGE_SIZE, cbOpcodeBytes);
14190 pVCpu->iem.s.offCurInstrStart = 0;
14191 pVCpu->iem.s.offInstrNextByte = 0;
14192#else
14193 pVCpu->iem.s.cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pVCpu->iem.s.abOpcode));
14194 memcpy(pVCpu->iem.s.abOpcode, pvOpcodeBytes, pVCpu->iem.s.cbOpcode);
14195#endif
14196 rcStrict = VINF_SUCCESS;
14197 }
14198 else
14199 rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
14200 if (rcStrict == VINF_SUCCESS)
14201 rcStrict = iemExecOneInner(pVCpu, true, "IEMExecOneWithPrefetchedByPC");
14202 else if (pVCpu->iem.s.cActiveMappings > 0)
14203 iemMemRollback(pVCpu);
14204
14205#ifdef IN_RC
14206 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14207#endif
14208 return rcStrict;
14209}
14210
14211
14212VMMDECL(VBOXSTRICTRC) IEMExecOneBypassEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
14213{
14214 AssertReturn(CPUMCTX2CORE(IEM_GET_CTX(pVCpu)) == pCtxCore, VERR_IEM_IPE_3);
14215
14216 uint32_t const cbOldWritten = pVCpu->iem.s.cbWritten;
14217 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, true);
14218 if (rcStrict == VINF_SUCCESS)
14219 {
14220 rcStrict = iemExecOneInner(pVCpu, false, "IEMExecOneBypassEx");
14221 if (pcbWritten)
14222 *pcbWritten = pVCpu->iem.s.cbWritten - cbOldWritten;
14223 }
14224 else if (pVCpu->iem.s.cActiveMappings > 0)
14225 iemMemRollback(pVCpu);
14226
14227#ifdef IN_RC
14228 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14229#endif
14230 return rcStrict;
14231}
14232
14233
14234VMMDECL(VBOXSTRICTRC) IEMExecOneBypassWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
14235 const void *pvOpcodeBytes, size_t cbOpcodeBytes)
14236{
14237 AssertReturn(CPUMCTX2CORE(IEM_GET_CTX(pVCpu)) == pCtxCore, VERR_IEM_IPE_3);
14238
14239 VBOXSTRICTRC rcStrict;
14240 if ( cbOpcodeBytes
14241 && pVCpu->cpum.GstCtx.rip == OpcodeBytesPC)
14242 {
14243 iemInitDecoder(pVCpu, true);
14244#ifdef IEM_WITH_CODE_TLB
14245 pVCpu->iem.s.uInstrBufPc = OpcodeBytesPC;
14246 pVCpu->iem.s.pbInstrBuf = (uint8_t const *)pvOpcodeBytes;
14247 pVCpu->iem.s.cbInstrBufTotal = (uint16_t)RT_MIN(X86_PAGE_SIZE, cbOpcodeBytes);
14248 pVCpu->iem.s.offCurInstrStart = 0;
14249 pVCpu->iem.s.offInstrNextByte = 0;
14250#else
14251 pVCpu->iem.s.cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pVCpu->iem.s.abOpcode));
14252 memcpy(pVCpu->iem.s.abOpcode, pvOpcodeBytes, pVCpu->iem.s.cbOpcode);
14253#endif
14254 rcStrict = VINF_SUCCESS;
14255 }
14256 else
14257 rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, true);
14258 if (rcStrict == VINF_SUCCESS)
14259 rcStrict = iemExecOneInner(pVCpu, false, "IEMExecOneBypassWithPrefetchedByPC");
14260 else if (pVCpu->iem.s.cActiveMappings > 0)
14261 iemMemRollback(pVCpu);
14262
14263#ifdef IN_RC
14264 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14265#endif
14266 return rcStrict;
14267}
14268
14269
14270/**
14271 * For debugging DISGetParamSize, may come in handy.
14272 *
14273 * @returns Strict VBox status code.
14274 * @param pVCpu The cross context virtual CPU structure of the
14275 * calling EMT.
14276 * @param pCtxCore The context core structure.
14277 * @param OpcodeBytesPC The PC of the opcode bytes.
14278 * @param pvOpcodeBytes Prefeched opcode bytes.
14279 * @param cbOpcodeBytes Number of prefetched bytes.
14280 * @param pcbWritten Where to return the number of bytes written.
14281 * Optional.
14282 */
14283VMMDECL(VBOXSTRICTRC) IEMExecOneBypassWithPrefetchedByPCWritten(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
14284 const void *pvOpcodeBytes, size_t cbOpcodeBytes,
14285 uint32_t *pcbWritten)
14286{
14287 AssertReturn(CPUMCTX2CORE(IEM_GET_CTX(pVCpu)) == pCtxCore, VERR_IEM_IPE_3);
14288
14289 uint32_t const cbOldWritten = pVCpu->iem.s.cbWritten;
14290 VBOXSTRICTRC rcStrict;
14291 if ( cbOpcodeBytes
14292 && pVCpu->cpum.GstCtx.rip == OpcodeBytesPC)
14293 {
14294 iemInitDecoder(pVCpu, true);
14295#ifdef IEM_WITH_CODE_TLB
14296 pVCpu->iem.s.uInstrBufPc = OpcodeBytesPC;
14297 pVCpu->iem.s.pbInstrBuf = (uint8_t const *)pvOpcodeBytes;
14298 pVCpu->iem.s.cbInstrBufTotal = (uint16_t)RT_MIN(X86_PAGE_SIZE, cbOpcodeBytes);
14299 pVCpu->iem.s.offCurInstrStart = 0;
14300 pVCpu->iem.s.offInstrNextByte = 0;
14301#else
14302 pVCpu->iem.s.cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pVCpu->iem.s.abOpcode));
14303 memcpy(pVCpu->iem.s.abOpcode, pvOpcodeBytes, pVCpu->iem.s.cbOpcode);
14304#endif
14305 rcStrict = VINF_SUCCESS;
14306 }
14307 else
14308 rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, true);
14309 if (rcStrict == VINF_SUCCESS)
14310 {
14311 rcStrict = iemExecOneInner(pVCpu, false, "IEMExecOneBypassWithPrefetchedByPCWritten");
14312 if (pcbWritten)
14313 *pcbWritten = pVCpu->iem.s.cbWritten - cbOldWritten;
14314 }
14315 else if (pVCpu->iem.s.cActiveMappings > 0)
14316 iemMemRollback(pVCpu);
14317
14318#ifdef IN_RC
14319 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14320#endif
14321 return rcStrict;
14322}
14323
14324
14325VMMDECL(VBOXSTRICTRC) IEMExecLots(PVMCPU pVCpu, uint32_t *pcInstructions)
14326{
14327 uint32_t const cInstructionsAtStart = pVCpu->iem.s.cInstructions;
14328
14329 /*
14330 * See if there is an interrupt pending in TRPM, inject it if we can.
14331 */
14332 /** @todo Can we centralize this under CPUMCanInjectInterrupt()? */
14333#if defined(VBOX_WITH_NESTED_HWVIRT_SVM)
14334 bool fIntrEnabled = CPUMGetGuestGif(&pVCpu->cpum.GstCtx);
14335 if (fIntrEnabled)
14336 {
14337 if (CPUMIsGuestInSvmNestedHwVirtMode(IEM_GET_CTX(pVCpu)))
14338 fIntrEnabled = CPUMIsGuestSvmPhysIntrEnabled(pVCpu, IEM_GET_CTX(pVCpu));
14339 else
14340 fIntrEnabled = pVCpu->cpum.GstCtx.eflags.Bits.u1IF;
14341 }
14342#else
14343 bool fIntrEnabled = pVCpu->cpum.GstCtx.eflags.Bits.u1IF;
14344#endif
14345 if ( fIntrEnabled
14346 && TRPMHasTrap(pVCpu)
14347 && EMGetInhibitInterruptsPC(pVCpu) != pVCpu->cpum.GstCtx.rip)
14348 {
14349 uint8_t u8TrapNo;
14350 TRPMEVENT enmType;
14351 RTGCUINT uErrCode;
14352 RTGCPTR uCr2;
14353 int rc2 = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrCode, &uCr2, NULL /* pu8InstLen */); AssertRC(rc2);
14354 IEMInjectTrap(pVCpu, u8TrapNo, enmType, (uint16_t)uErrCode, uCr2, 0 /* cbInstr */);
14355 TRPMResetTrap(pVCpu);
14356 }
14357
14358 /*
14359 * Initial decoder init w/ prefetch, then setup setjmp.
14360 */
14361 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
14362 if (rcStrict == VINF_SUCCESS)
14363 {
14364#ifdef IEM_WITH_SETJMP
14365 jmp_buf JmpBuf;
14366 jmp_buf *pSavedJmpBuf = pVCpu->iem.s.CTX_SUFF(pJmpBuf);
14367 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = &JmpBuf;
14368 pVCpu->iem.s.cActiveMappings = 0;
14369 if ((rcStrict = setjmp(JmpBuf)) == 0)
14370#endif
14371 {
14372 /*
14373 * The run loop. We limit ourselves to 4096 instructions right now.
14374 */
14375 PVM pVM = pVCpu->CTX_SUFF(pVM);
14376 uint32_t cInstr = 4096;
14377 for (;;)
14378 {
14379 /*
14380 * Log the state.
14381 */
14382#ifdef LOG_ENABLED
14383 iemLogCurInstr(pVCpu, true, "IEMExecLots");
14384#endif
14385
14386 /*
14387 * Do the decoding and emulation.
14388 */
14389 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
14390 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
14391 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
14392 {
14393 Assert(pVCpu->iem.s.cActiveMappings == 0);
14394 pVCpu->iem.s.cInstructions++;
14395 if (RT_LIKELY(pVCpu->iem.s.rcPassUp == VINF_SUCCESS))
14396 {
14397 uint64_t fCpu = pVCpu->fLocalForcedActions
14398 & ( VMCPU_FF_ALL_MASK & ~( VMCPU_FF_PGM_SYNC_CR3
14399 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
14400 | VMCPU_FF_TLB_FLUSH
14401#ifdef VBOX_WITH_RAW_MODE
14402 | VMCPU_FF_TRPM_SYNC_IDT
14403 | VMCPU_FF_SELM_SYNC_TSS
14404 | VMCPU_FF_SELM_SYNC_GDT
14405 | VMCPU_FF_SELM_SYNC_LDT
14406#endif
14407 | VMCPU_FF_INHIBIT_INTERRUPTS
14408 | VMCPU_FF_BLOCK_NMIS
14409 | VMCPU_FF_UNHALT ));
14410
14411 if (RT_LIKELY( ( !fCpu
14412 || ( !(fCpu & ~(VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC))
14413 && !pVCpu->cpum.GstCtx.rflags.Bits.u1IF) )
14414 && !VM_FF_IS_ANY_SET(pVM, VM_FF_ALL_MASK) ))
14415 {
14416 if (cInstr-- > 0)
14417 {
14418 Assert(pVCpu->iem.s.cActiveMappings == 0);
14419 iemReInitDecoder(pVCpu);
14420 continue;
14421 }
14422 }
14423 }
14424 Assert(pVCpu->iem.s.cActiveMappings == 0);
14425 }
14426 else if (pVCpu->iem.s.cActiveMappings > 0)
14427 iemMemRollback(pVCpu);
14428 rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
14429 break;
14430 }
14431 }
14432#ifdef IEM_WITH_SETJMP
14433 else
14434 {
14435 if (pVCpu->iem.s.cActiveMappings > 0)
14436 iemMemRollback(pVCpu);
14437 pVCpu->iem.s.cLongJumps++;
14438 }
14439 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = pSavedJmpBuf;
14440#endif
14441
14442 /*
14443 * Assert hidden register sanity (also done in iemInitDecoder and iemReInitDecoder).
14444 */
14445 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
14446 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
14447 }
14448 else
14449 {
14450 if (pVCpu->iem.s.cActiveMappings > 0)
14451 iemMemRollback(pVCpu);
14452
14453#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
14454 /*
14455 * When a nested-guest causes an exception intercept (e.g. #PF) when fetching
14456 * code as part of instruction execution, we need this to fix-up VINF_SVM_VMEXIT.
14457 */
14458 rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
14459#endif
14460 }
14461
14462 /*
14463 * Maybe re-enter raw-mode and log.
14464 */
14465#ifdef IN_RC
14466 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14467#endif
14468 if (rcStrict != VINF_SUCCESS)
14469 LogFlow(("IEMExecLots: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
14470 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
14471 if (pcInstructions)
14472 *pcInstructions = pVCpu->iem.s.cInstructions - cInstructionsAtStart;
14473 return rcStrict;
14474}
14475
14476
14477/**
14478 * Interface used by EMExecuteExec, does exit statistics and limits.
14479 *
14480 * @returns Strict VBox status code.
14481 * @param pVCpu The cross context virtual CPU structure.
14482 * @param fWillExit To be defined.
14483 * @param cMinInstructions Minimum number of instructions to execute before checking for FFs.
14484 * @param cMaxInstructions Maximum number of instructions to execute.
14485 * @param cMaxInstructionsWithoutExits
14486 * The max number of instructions without exits.
14487 * @param pStats Where to return statistics.
14488 */
14489VMMDECL(VBOXSTRICTRC) IEMExecForExits(PVMCPU pVCpu, uint32_t fWillExit, uint32_t cMinInstructions, uint32_t cMaxInstructions,
14490 uint32_t cMaxInstructionsWithoutExits, PIEMEXECFOREXITSTATS pStats)
14491{
14492 NOREF(fWillExit); /** @todo define flexible exit crits */
14493
14494 /*
14495 * Initialize return stats.
14496 */
14497 pStats->cInstructions = 0;
14498 pStats->cExits = 0;
14499 pStats->cMaxExitDistance = 0;
14500 pStats->cReserved = 0;
14501
14502 /*
14503 * Initial decoder init w/ prefetch, then setup setjmp.
14504 */
14505 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
14506 if (rcStrict == VINF_SUCCESS)
14507 {
14508#ifdef IEM_WITH_SETJMP
14509 jmp_buf JmpBuf;
14510 jmp_buf *pSavedJmpBuf = pVCpu->iem.s.CTX_SUFF(pJmpBuf);
14511 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = &JmpBuf;
14512 pVCpu->iem.s.cActiveMappings = 0;
14513 if ((rcStrict = setjmp(JmpBuf)) == 0)
14514#endif
14515 {
14516#ifdef IN_RING0
14517 bool const fCheckPreemptionPending = !RTThreadPreemptIsPossible() || !RTThreadPreemptIsEnabled(NIL_RTTHREAD);
14518#endif
14519 uint32_t cInstructionSinceLastExit = 0;
14520
14521 /*
14522 * The run loop. We limit ourselves to 4096 instructions right now.
14523 */
14524 PVM pVM = pVCpu->CTX_SUFF(pVM);
14525 for (;;)
14526 {
14527 /*
14528 * Log the state.
14529 */
14530#ifdef LOG_ENABLED
14531 iemLogCurInstr(pVCpu, true, "IEMExecForExits");
14532#endif
14533
14534 /*
14535 * Do the decoding and emulation.
14536 */
14537 uint32_t const cPotentialExits = pVCpu->iem.s.cPotentialExits;
14538
14539 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
14540 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
14541
14542 if ( cPotentialExits != pVCpu->iem.s.cPotentialExits
14543 && cInstructionSinceLastExit > 0 /* don't count the first */ )
14544 {
14545 pStats->cExits += 1;
14546 if (cInstructionSinceLastExit > pStats->cMaxExitDistance)
14547 pStats->cMaxExitDistance = cInstructionSinceLastExit;
14548 cInstructionSinceLastExit = 0;
14549 }
14550
14551 if (RT_LIKELY(rcStrict == VINF_SUCCESS))
14552 {
14553 Assert(pVCpu->iem.s.cActiveMappings == 0);
14554 pVCpu->iem.s.cInstructions++;
14555 pStats->cInstructions++;
14556 cInstructionSinceLastExit++;
14557 if (RT_LIKELY(pVCpu->iem.s.rcPassUp == VINF_SUCCESS))
14558 {
14559 uint64_t fCpu = pVCpu->fLocalForcedActions
14560 & ( VMCPU_FF_ALL_MASK & ~( VMCPU_FF_PGM_SYNC_CR3
14561 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
14562 | VMCPU_FF_TLB_FLUSH
14563#ifdef VBOX_WITH_RAW_MODE
14564 | VMCPU_FF_TRPM_SYNC_IDT
14565 | VMCPU_FF_SELM_SYNC_TSS
14566 | VMCPU_FF_SELM_SYNC_GDT
14567 | VMCPU_FF_SELM_SYNC_LDT
14568#endif
14569 | VMCPU_FF_INHIBIT_INTERRUPTS
14570 | VMCPU_FF_BLOCK_NMIS
14571 | VMCPU_FF_UNHALT ));
14572
14573 if (RT_LIKELY( ( ( !fCpu
14574 || ( !(fCpu & ~(VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC))
14575 && !pVCpu->cpum.GstCtx.rflags.Bits.u1IF))
14576 && !VM_FF_IS_ANY_SET(pVM, VM_FF_ALL_MASK) )
14577 || pStats->cInstructions < cMinInstructions))
14578 {
14579 if (pStats->cInstructions < cMaxInstructions)
14580 {
14581 if (cInstructionSinceLastExit <= cMaxInstructionsWithoutExits)
14582 {
14583#ifdef IN_RING0
14584 if ( !fCheckPreemptionPending
14585 || !RTThreadPreemptIsPending(NIL_RTTHREAD))
14586#endif
14587 {
14588 Assert(pVCpu->iem.s.cActiveMappings == 0);
14589 iemReInitDecoder(pVCpu);
14590 continue;
14591 }
14592#ifdef IN_RING0
14593 rcStrict = VINF_EM_RAW_INTERRUPT;
14594 break;
14595#endif
14596 }
14597 }
14598 }
14599 Assert(!(fCpu & VMCPU_FF_IEM));
14600 }
14601 Assert(pVCpu->iem.s.cActiveMappings == 0);
14602 }
14603 else if (pVCpu->iem.s.cActiveMappings > 0)
14604 iemMemRollback(pVCpu);
14605 rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
14606 break;
14607 }
14608 }
14609#ifdef IEM_WITH_SETJMP
14610 else
14611 {
14612 if (pVCpu->iem.s.cActiveMappings > 0)
14613 iemMemRollback(pVCpu);
14614 pVCpu->iem.s.cLongJumps++;
14615 }
14616 pVCpu->iem.s.CTX_SUFF(pJmpBuf) = pSavedJmpBuf;
14617#endif
14618
14619 /*
14620 * Assert hidden register sanity (also done in iemInitDecoder and iemReInitDecoder).
14621 */
14622 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
14623 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
14624 }
14625 else
14626 {
14627 if (pVCpu->iem.s.cActiveMappings > 0)
14628 iemMemRollback(pVCpu);
14629
14630#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
14631 /*
14632 * When a nested-guest causes an exception intercept (e.g. #PF) when fetching
14633 * code as part of instruction execution, we need this to fix-up VINF_SVM_VMEXIT.
14634 */
14635 rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
14636#endif
14637 }
14638
14639 /*
14640 * Maybe re-enter raw-mode and log.
14641 */
14642#ifdef IN_RC
14643 rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
14644#endif
14645 if (rcStrict != VINF_SUCCESS)
14646 LogFlow(("IEMExecForExits: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc; ins=%u exits=%u maxdist=%u\n",
14647 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp,
14648 pVCpu->cpum.GstCtx.eflags.u, VBOXSTRICTRC_VAL(rcStrict), pStats->cInstructions, pStats->cExits, pStats->cMaxExitDistance));
14649 return rcStrict;
14650}
14651
14652
14653/**
14654 * Injects a trap, fault, abort, software interrupt or external interrupt.
14655 *
14656 * The parameter list matches TRPMQueryTrapAll pretty closely.
14657 *
14658 * @returns Strict VBox status code.
14659 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
14660 * @param u8TrapNo The trap number.
14661 * @param enmType What type is it (trap/fault/abort), software
14662 * interrupt or hardware interrupt.
14663 * @param uErrCode The error code if applicable.
14664 * @param uCr2 The CR2 value if applicable.
14665 * @param cbInstr The instruction length (only relevant for
14666 * software interrupts).
14667 */
14668VMM_INT_DECL(VBOXSTRICTRC) IEMInjectTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType, uint16_t uErrCode, RTGCPTR uCr2,
14669 uint8_t cbInstr)
14670{
14671 iemInitDecoder(pVCpu, false);
14672#ifdef DBGFTRACE_ENABLED
14673 RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "IEMInjectTrap: %x %d %x %llx",
14674 u8TrapNo, enmType, uErrCode, uCr2);
14675#endif
14676
14677 uint32_t fFlags;
14678 switch (enmType)
14679 {
14680 case TRPM_HARDWARE_INT:
14681 Log(("IEMInjectTrap: %#4x ext\n", u8TrapNo));
14682 fFlags = IEM_XCPT_FLAGS_T_EXT_INT;
14683 uErrCode = uCr2 = 0;
14684 break;
14685
14686 case TRPM_SOFTWARE_INT:
14687 Log(("IEMInjectTrap: %#4x soft\n", u8TrapNo));
14688 fFlags = IEM_XCPT_FLAGS_T_SOFT_INT;
14689 uErrCode = uCr2 = 0;
14690 break;
14691
14692 case TRPM_TRAP:
14693 Log(("IEMInjectTrap: %#4x trap err=%#x cr2=%#RGv\n", u8TrapNo, uErrCode, uCr2));
14694 fFlags = IEM_XCPT_FLAGS_T_CPU_XCPT;
14695 if (u8TrapNo == X86_XCPT_PF)
14696 fFlags |= IEM_XCPT_FLAGS_CR2;
14697 switch (u8TrapNo)
14698 {
14699 case X86_XCPT_DF:
14700 case X86_XCPT_TS:
14701 case X86_XCPT_NP:
14702 case X86_XCPT_SS:
14703 case X86_XCPT_PF:
14704 case X86_XCPT_AC:
14705 fFlags |= IEM_XCPT_FLAGS_ERR;
14706 break;
14707
14708 case X86_XCPT_NMI:
14709 VMCPU_FF_SET(pVCpu, VMCPU_FF_BLOCK_NMIS);
14710 break;
14711 }
14712 break;
14713
14714 IEM_NOT_REACHED_DEFAULT_CASE_RET();
14715 }
14716
14717 VBOXSTRICTRC rcStrict = iemRaiseXcptOrInt(pVCpu, cbInstr, u8TrapNo, fFlags, uErrCode, uCr2);
14718
14719 if (pVCpu->iem.s.cActiveMappings > 0)
14720 iemMemRollback(pVCpu);
14721
14722 return rcStrict;
14723}
14724
14725
14726/**
14727 * Injects the active TRPM event.
14728 *
14729 * @returns Strict VBox status code.
14730 * @param pVCpu The cross context virtual CPU structure.
14731 */
14732VMMDECL(VBOXSTRICTRC) IEMInjectTrpmEvent(PVMCPU pVCpu)
14733{
14734#ifndef IEM_IMPLEMENTS_TASKSWITCH
14735 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Event injection\n"));
14736#else
14737 uint8_t u8TrapNo;
14738 TRPMEVENT enmType;
14739 RTGCUINT uErrCode;
14740 RTGCUINTPTR uCr2;
14741 uint8_t cbInstr;
14742 int rc = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrCode, &uCr2, &cbInstr);
14743 if (RT_FAILURE(rc))
14744 return rc;
14745
14746 VBOXSTRICTRC rcStrict = IEMInjectTrap(pVCpu, u8TrapNo, enmType, uErrCode, uCr2, cbInstr);
14747# ifdef VBOX_WITH_NESTED_HWVIRT_SVM
14748 if (rcStrict == VINF_SVM_VMEXIT)
14749 rcStrict = VINF_SUCCESS;
14750# endif
14751
14752 /** @todo Are there any other codes that imply the event was successfully
14753 * delivered to the guest? See @bugref{6607}. */
14754 if ( rcStrict == VINF_SUCCESS
14755 || rcStrict == VINF_IEM_RAISED_XCPT)
14756 TRPMResetTrap(pVCpu);
14757
14758 return rcStrict;
14759#endif
14760}
14761
14762
14763VMM_INT_DECL(int) IEMBreakpointSet(PVM pVM, RTGCPTR GCPtrBp)
14764{
14765 RT_NOREF_PV(pVM); RT_NOREF_PV(GCPtrBp);
14766 return VERR_NOT_IMPLEMENTED;
14767}
14768
14769
14770VMM_INT_DECL(int) IEMBreakpointClear(PVM pVM, RTGCPTR GCPtrBp)
14771{
14772 RT_NOREF_PV(pVM); RT_NOREF_PV(GCPtrBp);
14773 return VERR_NOT_IMPLEMENTED;
14774}
14775
14776
14777#if 0 /* The IRET-to-v8086 mode in PATM is very optimistic, so I don't dare do this yet. */
14778/**
14779 * Executes a IRET instruction with default operand size.
14780 *
14781 * This is for PATM.
14782 *
14783 * @returns VBox status code.
14784 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
14785 * @param pCtxCore The register frame.
14786 */
14787VMM_INT_DECL(int) IEMExecInstr_iret(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore)
14788{
14789 PCPUMCTX pCtx = IEM_GET_CTX(pVCpu);
14790
14791 iemCtxCoreToCtx(pCtx, pCtxCore);
14792 iemInitDecoder(pVCpu);
14793 VBOXSTRICTRC rcStrict = iemCImpl_iret(pVCpu, 1, pVCpu->iem.s.enmDefOpSize);
14794 if (rcStrict == VINF_SUCCESS)
14795 iemCtxToCtxCore(pCtxCore, pCtx);
14796 else
14797 LogFlow(("IEMExecInstr_iret: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
14798 pVCpu->cpum.GstCtx.cs, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss, pVCpu->cpum.GstCtx.rsp, pVCpu->cpum.GstCtx.eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
14799 return rcStrict;
14800}
14801#endif
14802
14803
14804/**
14805 * Macro used by the IEMExec* method to check the given instruction length.
14806 *
14807 * Will return on failure!
14808 *
14809 * @param a_cbInstr The given instruction length.
14810 * @param a_cbMin The minimum length.
14811 */
14812#define IEMEXEC_ASSERT_INSTR_LEN_RETURN(a_cbInstr, a_cbMin) \
14813 AssertMsgReturn((unsigned)(a_cbInstr) - (unsigned)(a_cbMin) <= (unsigned)15 - (unsigned)(a_cbMin), \
14814 ("cbInstr=%u cbMin=%u\n", (a_cbInstr), (a_cbMin)), VERR_IEM_INVALID_INSTR_LENGTH)
14815
14816
14817/**
14818 * Calls iemUninitExec, iemExecStatusCodeFiddling and iemRCRawMaybeReenter.
14819 *
14820 * Only calling iemRCRawMaybeReenter in raw-mode, obviously.
14821 *
14822 * @returns Fiddled strict vbox status code, ready to return to non-IEM caller.
14823 * @param pVCpu The cross context virtual CPU structure of the calling thread.
14824 * @param rcStrict The status code to fiddle.
14825 */
14826DECLINLINE(VBOXSTRICTRC) iemUninitExecAndFiddleStatusAndMaybeReenter(PVMCPU pVCpu, VBOXSTRICTRC rcStrict)
14827{
14828 iemUninitExec(pVCpu);
14829#ifdef IN_RC
14830 return iemRCRawMaybeReenter(pVCpu, iemExecStatusCodeFiddling(pVCpu, rcStrict));
14831#else
14832 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
14833#endif
14834}
14835
14836
14837/**
14838 * Interface for HM and EM for executing string I/O OUT (write) instructions.
14839 *
14840 * This API ASSUMES that the caller has already verified that the guest code is
14841 * allowed to access the I/O port. (The I/O port is in the DX register in the
14842 * guest state.)
14843 *
14844 * @returns Strict VBox status code.
14845 * @param pVCpu The cross context virtual CPU structure.
14846 * @param cbValue The size of the I/O port access (1, 2, or 4).
14847 * @param enmAddrMode The addressing mode.
14848 * @param fRepPrefix Indicates whether a repeat prefix is used
14849 * (doesn't matter which for this instruction).
14850 * @param cbInstr The instruction length in bytes.
14851 * @param iEffSeg The effective segment address.
14852 * @param fIoChecked Whether the access to the I/O port has been
14853 * checked or not. It's typically checked in the
14854 * HM scenario.
14855 */
14856VMM_INT_DECL(VBOXSTRICTRC) IEMExecStringIoWrite(PVMCPU pVCpu, uint8_t cbValue, IEMMODE enmAddrMode,
14857 bool fRepPrefix, uint8_t cbInstr, uint8_t iEffSeg, bool fIoChecked)
14858{
14859 AssertMsgReturn(iEffSeg < X86_SREG_COUNT, ("%#x\n", iEffSeg), VERR_IEM_INVALID_EFF_SEG);
14860 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
14861
14862 /*
14863 * State init.
14864 */
14865 iemInitExec(pVCpu, false /*fBypassHandlers*/);
14866
14867 /*
14868 * Switch orgy for getting to the right handler.
14869 */
14870 VBOXSTRICTRC rcStrict;
14871 if (fRepPrefix)
14872 {
14873 switch (enmAddrMode)
14874 {
14875 case IEMMODE_16BIT:
14876 switch (cbValue)
14877 {
14878 case 1: rcStrict = iemCImpl_rep_outs_op8_addr16(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14879 case 2: rcStrict = iemCImpl_rep_outs_op16_addr16(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14880 case 4: rcStrict = iemCImpl_rep_outs_op32_addr16(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14881 default:
14882 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
14883 }
14884 break;
14885
14886 case IEMMODE_32BIT:
14887 switch (cbValue)
14888 {
14889 case 1: rcStrict = iemCImpl_rep_outs_op8_addr32(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14890 case 2: rcStrict = iemCImpl_rep_outs_op16_addr32(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14891 case 4: rcStrict = iemCImpl_rep_outs_op32_addr32(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14892 default:
14893 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
14894 }
14895 break;
14896
14897 case IEMMODE_64BIT:
14898 switch (cbValue)
14899 {
14900 case 1: rcStrict = iemCImpl_rep_outs_op8_addr64(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14901 case 2: rcStrict = iemCImpl_rep_outs_op16_addr64(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14902 case 4: rcStrict = iemCImpl_rep_outs_op32_addr64(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14903 default:
14904 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
14905 }
14906 break;
14907
14908 default:
14909 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
14910 }
14911 }
14912 else
14913 {
14914 switch (enmAddrMode)
14915 {
14916 case IEMMODE_16BIT:
14917 switch (cbValue)
14918 {
14919 case 1: rcStrict = iemCImpl_outs_op8_addr16(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14920 case 2: rcStrict = iemCImpl_outs_op16_addr16(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14921 case 4: rcStrict = iemCImpl_outs_op32_addr16(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14922 default:
14923 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
14924 }
14925 break;
14926
14927 case IEMMODE_32BIT:
14928 switch (cbValue)
14929 {
14930 case 1: rcStrict = iemCImpl_outs_op8_addr32(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14931 case 2: rcStrict = iemCImpl_outs_op16_addr32(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14932 case 4: rcStrict = iemCImpl_outs_op32_addr32(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14933 default:
14934 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
14935 }
14936 break;
14937
14938 case IEMMODE_64BIT:
14939 switch (cbValue)
14940 {
14941 case 1: rcStrict = iemCImpl_outs_op8_addr64(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14942 case 2: rcStrict = iemCImpl_outs_op16_addr64(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14943 case 4: rcStrict = iemCImpl_outs_op32_addr64(pVCpu, cbInstr, iEffSeg, fIoChecked); break;
14944 default:
14945 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
14946 }
14947 break;
14948
14949 default:
14950 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
14951 }
14952 }
14953
14954 if (pVCpu->iem.s.cActiveMappings)
14955 iemMemRollback(pVCpu);
14956
14957 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
14958}
14959
14960
14961/**
14962 * Interface for HM and EM for executing string I/O IN (read) instructions.
14963 *
14964 * This API ASSUMES that the caller has already verified that the guest code is
14965 * allowed to access the I/O port. (The I/O port is in the DX register in the
14966 * guest state.)
14967 *
14968 * @returns Strict VBox status code.
14969 * @param pVCpu The cross context virtual CPU structure.
14970 * @param cbValue The size of the I/O port access (1, 2, or 4).
14971 * @param enmAddrMode The addressing mode.
14972 * @param fRepPrefix Indicates whether a repeat prefix is used
14973 * (doesn't matter which for this instruction).
14974 * @param cbInstr The instruction length in bytes.
14975 * @param fIoChecked Whether the access to the I/O port has been
14976 * checked or not. It's typically checked in the
14977 * HM scenario.
14978 */
14979VMM_INT_DECL(VBOXSTRICTRC) IEMExecStringIoRead(PVMCPU pVCpu, uint8_t cbValue, IEMMODE enmAddrMode,
14980 bool fRepPrefix, uint8_t cbInstr, bool fIoChecked)
14981{
14982 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
14983
14984 /*
14985 * State init.
14986 */
14987 iemInitExec(pVCpu, false /*fBypassHandlers*/);
14988
14989 /*
14990 * Switch orgy for getting to the right handler.
14991 */
14992 VBOXSTRICTRC rcStrict;
14993 if (fRepPrefix)
14994 {
14995 switch (enmAddrMode)
14996 {
14997 case IEMMODE_16BIT:
14998 switch (cbValue)
14999 {
15000 case 1: rcStrict = iemCImpl_rep_ins_op8_addr16(pVCpu, cbInstr, fIoChecked); break;
15001 case 2: rcStrict = iemCImpl_rep_ins_op16_addr16(pVCpu, cbInstr, fIoChecked); break;
15002 case 4: rcStrict = iemCImpl_rep_ins_op32_addr16(pVCpu, cbInstr, fIoChecked); break;
15003 default:
15004 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
15005 }
15006 break;
15007
15008 case IEMMODE_32BIT:
15009 switch (cbValue)
15010 {
15011 case 1: rcStrict = iemCImpl_rep_ins_op8_addr32(pVCpu, cbInstr, fIoChecked); break;
15012 case 2: rcStrict = iemCImpl_rep_ins_op16_addr32(pVCpu, cbInstr, fIoChecked); break;
15013 case 4: rcStrict = iemCImpl_rep_ins_op32_addr32(pVCpu, cbInstr, fIoChecked); break;
15014 default:
15015 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
15016 }
15017 break;
15018
15019 case IEMMODE_64BIT:
15020 switch (cbValue)
15021 {
15022 case 1: rcStrict = iemCImpl_rep_ins_op8_addr64(pVCpu, cbInstr, fIoChecked); break;
15023 case 2: rcStrict = iemCImpl_rep_ins_op16_addr64(pVCpu, cbInstr, fIoChecked); break;
15024 case 4: rcStrict = iemCImpl_rep_ins_op32_addr64(pVCpu, cbInstr, fIoChecked); break;
15025 default:
15026 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
15027 }
15028 break;
15029
15030 default:
15031 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
15032 }
15033 }
15034 else
15035 {
15036 switch (enmAddrMode)
15037 {
15038 case IEMMODE_16BIT:
15039 switch (cbValue)
15040 {
15041 case 1: rcStrict = iemCImpl_ins_op8_addr16(pVCpu, cbInstr, fIoChecked); break;
15042 case 2: rcStrict = iemCImpl_ins_op16_addr16(pVCpu, cbInstr, fIoChecked); break;
15043 case 4: rcStrict = iemCImpl_ins_op32_addr16(pVCpu, cbInstr, fIoChecked); break;
15044 default:
15045 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
15046 }
15047 break;
15048
15049 case IEMMODE_32BIT:
15050 switch (cbValue)
15051 {
15052 case 1: rcStrict = iemCImpl_ins_op8_addr32(pVCpu, cbInstr, fIoChecked); break;
15053 case 2: rcStrict = iemCImpl_ins_op16_addr32(pVCpu, cbInstr, fIoChecked); break;
15054 case 4: rcStrict = iemCImpl_ins_op32_addr32(pVCpu, cbInstr, fIoChecked); break;
15055 default:
15056 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
15057 }
15058 break;
15059
15060 case IEMMODE_64BIT:
15061 switch (cbValue)
15062 {
15063 case 1: rcStrict = iemCImpl_ins_op8_addr64(pVCpu, cbInstr, fIoChecked); break;
15064 case 2: rcStrict = iemCImpl_ins_op16_addr64(pVCpu, cbInstr, fIoChecked); break;
15065 case 4: rcStrict = iemCImpl_ins_op32_addr64(pVCpu, cbInstr, fIoChecked); break;
15066 default:
15067 AssertMsgFailedReturn(("cbValue=%#x\n", cbValue), VERR_IEM_INVALID_OPERAND_SIZE);
15068 }
15069 break;
15070
15071 default:
15072 AssertMsgFailedReturn(("enmAddrMode=%d\n", enmAddrMode), VERR_IEM_INVALID_ADDRESS_MODE);
15073 }
15074 }
15075
15076 Assert(pVCpu->iem.s.cActiveMappings == 0 || VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_IEM));
15077 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15078}
15079
15080
15081/**
15082 * Interface for rawmode to write execute an OUT instruction.
15083 *
15084 * @returns Strict VBox status code.
15085 * @param pVCpu The cross context virtual CPU structure.
15086 * @param cbInstr The instruction length in bytes.
15087 * @param u16Port The port to read.
15088 * @param fImm Whether the port is specified using an immediate operand or
15089 * using the implicit DX register.
15090 * @param cbReg The register size.
15091 *
15092 * @remarks In ring-0 not all of the state needs to be synced in.
15093 */
15094VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedOut(PVMCPU pVCpu, uint8_t cbInstr, uint16_t u16Port, bool fImm, uint8_t cbReg)
15095{
15096 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
15097 Assert(cbReg <= 4 && cbReg != 3);
15098
15099 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15100 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_3(iemCImpl_out, u16Port, fImm, cbReg);
15101 Assert(!pVCpu->iem.s.cActiveMappings);
15102 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15103}
15104
15105
15106/**
15107 * Interface for rawmode to write execute an IN instruction.
15108 *
15109 * @returns Strict VBox status code.
15110 * @param pVCpu The cross context virtual CPU structure.
15111 * @param cbInstr The instruction length in bytes.
15112 * @param u16Port The port to read.
15113 * @param fImm Whether the port is specified using an immediate operand or
15114 * using the implicit DX.
15115 * @param cbReg The register size.
15116 */
15117VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedIn(PVMCPU pVCpu, uint8_t cbInstr, uint16_t u16Port, bool fImm, uint8_t cbReg)
15118{
15119 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
15120 Assert(cbReg <= 4 && cbReg != 3);
15121
15122 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15123 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_3(iemCImpl_in, u16Port, fImm, cbReg);
15124 Assert(!pVCpu->iem.s.cActiveMappings);
15125 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15126}
15127
15128
15129/**
15130 * Interface for HM and EM to write to a CRx register.
15131 *
15132 * @returns Strict VBox status code.
15133 * @param pVCpu The cross context virtual CPU structure.
15134 * @param cbInstr The instruction length in bytes.
15135 * @param iCrReg The control register number (destination).
15136 * @param iGReg The general purpose register number (source).
15137 *
15138 * @remarks In ring-0 not all of the state needs to be synced in.
15139 */
15140VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedMovCRxWrite(PVMCPU pVCpu, uint8_t cbInstr, uint8_t iCrReg, uint8_t iGReg)
15141{
15142 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15143 Assert(iCrReg < 16);
15144 Assert(iGReg < 16);
15145
15146 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15147 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_mov_Cd_Rd, iCrReg, iGReg);
15148 Assert(!pVCpu->iem.s.cActiveMappings);
15149 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15150}
15151
15152
15153/**
15154 * Interface for HM and EM to read from a CRx register.
15155 *
15156 * @returns Strict VBox status code.
15157 * @param pVCpu The cross context virtual CPU structure.
15158 * @param cbInstr The instruction length in bytes.
15159 * @param iGReg The general purpose register number (destination).
15160 * @param iCrReg The control register number (source).
15161 *
15162 * @remarks In ring-0 not all of the state needs to be synced in.
15163 */
15164VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedMovCRxRead(PVMCPU pVCpu, uint8_t cbInstr, uint8_t iGReg, uint8_t iCrReg)
15165{
15166 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15167 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_CR3 | CPUMCTX_EXTRN_CR4
15168 | CPUMCTX_EXTRN_APIC_TPR);
15169 Assert(iCrReg < 16);
15170 Assert(iGReg < 16);
15171
15172 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15173 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_mov_Rd_Cd, iGReg, iCrReg);
15174 Assert(!pVCpu->iem.s.cActiveMappings);
15175 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15176}
15177
15178
15179/**
15180 * Interface for HM and EM to clear the CR0[TS] bit.
15181 *
15182 * @returns Strict VBox status code.
15183 * @param pVCpu The cross context virtual CPU structure.
15184 * @param cbInstr The instruction length in bytes.
15185 *
15186 * @remarks In ring-0 not all of the state needs to be synced in.
15187 */
15188VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedClts(PVMCPU pVCpu, uint8_t cbInstr)
15189{
15190 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15191
15192 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15193 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_clts);
15194 Assert(!pVCpu->iem.s.cActiveMappings);
15195 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15196}
15197
15198
15199/**
15200 * Interface for HM and EM to emulate the LMSW instruction (loads CR0).
15201 *
15202 * @returns Strict VBox status code.
15203 * @param pVCpu The cross context virtual CPU structure.
15204 * @param cbInstr The instruction length in bytes.
15205 * @param uValue The value to load into CR0.
15206 * @param GCPtrEffDst The guest-linear address if the LMSW instruction has a
15207 * memory operand. Otherwise pass NIL_RTGCPTR.
15208 *
15209 * @remarks In ring-0 not all of the state needs to be synced in.
15210 */
15211VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedLmsw(PVMCPU pVCpu, uint8_t cbInstr, uint16_t uValue, RTGCPTR GCPtrEffDst)
15212{
15213 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15214
15215 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15216 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_2(iemCImpl_lmsw, uValue, GCPtrEffDst);
15217 Assert(!pVCpu->iem.s.cActiveMappings);
15218 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15219}
15220
15221
15222/**
15223 * Interface for HM and EM to emulate the XSETBV instruction (loads XCRx).
15224 *
15225 * Takes input values in ecx and edx:eax of the CPU context of the calling EMT.
15226 *
15227 * @returns Strict VBox status code.
15228 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15229 * @param cbInstr The instruction length in bytes.
15230 * @remarks In ring-0 not all of the state needs to be synced in.
15231 * @thread EMT(pVCpu)
15232 */
15233VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedXsetbv(PVMCPU pVCpu, uint8_t cbInstr)
15234{
15235 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15236
15237 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15238 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_xsetbv);
15239 Assert(!pVCpu->iem.s.cActiveMappings);
15240 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15241}
15242
15243
15244/**
15245 * Interface for HM and EM to emulate the WBINVD instruction.
15246 *
15247 * @returns Strict VBox status code.
15248 * @param pVCpu The cross context virtual CPU structure.
15249 * @param cbInstr The instruction length in bytes.
15250 *
15251 * @remarks In ring-0 not all of the state needs to be synced in.
15252 */
15253VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedWbinvd(PVMCPU pVCpu, uint8_t cbInstr)
15254{
15255 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15256
15257 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15258 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_wbinvd);
15259 Assert(!pVCpu->iem.s.cActiveMappings);
15260 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15261}
15262
15263
15264/**
15265 * Interface for HM and EM to emulate the INVD instruction.
15266 *
15267 * @returns Strict VBox status code.
15268 * @param pVCpu The cross context virtual CPU structure.
15269 * @param cbInstr The instruction length in bytes.
15270 *
15271 * @remarks In ring-0 not all of the state needs to be synced in.
15272 */
15273VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedInvd(PVMCPU pVCpu, uint8_t cbInstr)
15274{
15275 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15276
15277 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15278 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_invd);
15279 Assert(!pVCpu->iem.s.cActiveMappings);
15280 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15281}
15282
15283
15284/**
15285 * Interface for HM and EM to emulate the INVLPG instruction.
15286 *
15287 * @returns Strict VBox status code.
15288 * @retval VINF_PGM_SYNC_CR3
15289 *
15290 * @param pVCpu The cross context virtual CPU structure.
15291 * @param cbInstr The instruction length in bytes.
15292 * @param GCPtrPage The effective address of the page to invalidate.
15293 *
15294 * @remarks In ring-0 not all of the state needs to be synced in.
15295 */
15296VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedInvlpg(PVMCPU pVCpu, uint8_t cbInstr, RTGCPTR GCPtrPage)
15297{
15298 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15299
15300 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15301 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_1(iemCImpl_invlpg, GCPtrPage);
15302 Assert(!pVCpu->iem.s.cActiveMappings);
15303 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15304}
15305
15306
15307/**
15308 * Interface for HM and EM to emulate the CPUID instruction.
15309 *
15310 * @returns Strict VBox status code.
15311 *
15312 * @param pVCpu The cross context virtual CPU structure.
15313 * @param cbInstr The instruction length in bytes.
15314 *
15315 * @remarks Not all of the state needs to be synced in, the usual pluss RAX and RCX.
15316 */
15317VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedCpuid(PVMCPU pVCpu, uint8_t cbInstr)
15318{
15319 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15320 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_RAX | CPUMCTX_EXTRN_RCX);
15321
15322 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15323 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_cpuid);
15324 Assert(!pVCpu->iem.s.cActiveMappings);
15325 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15326}
15327
15328
15329/**
15330 * Interface for HM and EM to emulate the RDPMC instruction.
15331 *
15332 * @returns Strict VBox status code.
15333 *
15334 * @param pVCpu The cross context virtual CPU structure.
15335 * @param cbInstr The instruction length in bytes.
15336 *
15337 * @remarks Not all of the state needs to be synced in.
15338 */
15339VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedRdpmc(PVMCPU pVCpu, uint8_t cbInstr)
15340{
15341 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15342 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_CR4);
15343
15344 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15345 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_rdpmc);
15346 Assert(!pVCpu->iem.s.cActiveMappings);
15347 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15348}
15349
15350
15351/**
15352 * Interface for HM and EM to emulate the RDTSC instruction.
15353 *
15354 * @returns Strict VBox status code.
15355 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15356 *
15357 * @param pVCpu The cross context virtual CPU structure.
15358 * @param cbInstr The instruction length in bytes.
15359 *
15360 * @remarks Not all of the state needs to be synced in.
15361 */
15362VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedRdtsc(PVMCPU pVCpu, uint8_t cbInstr)
15363{
15364 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15365 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_CR4);
15366
15367 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15368 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_rdtsc);
15369 Assert(!pVCpu->iem.s.cActiveMappings);
15370 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15371}
15372
15373
15374/**
15375 * Interface for HM and EM to emulate the RDTSCP instruction.
15376 *
15377 * @returns Strict VBox status code.
15378 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15379 *
15380 * @param pVCpu The cross context virtual CPU structure.
15381 * @param cbInstr The instruction length in bytes.
15382 *
15383 * @remarks Not all of the state needs to be synced in. Recommended
15384 * to include CPUMCTX_EXTRN_TSC_AUX, to avoid extra fetch call.
15385 */
15386VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedRdtscp(PVMCPU pVCpu, uint8_t cbInstr)
15387{
15388 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15389 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_CR4 | CPUMCTX_EXTRN_TSC_AUX);
15390
15391 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15392 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_rdtscp);
15393 Assert(!pVCpu->iem.s.cActiveMappings);
15394 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15395}
15396
15397
15398/**
15399 * Interface for HM and EM to emulate the RDMSR instruction.
15400 *
15401 * @returns Strict VBox status code.
15402 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15403 *
15404 * @param pVCpu The cross context virtual CPU structure.
15405 * @param cbInstr The instruction length in bytes.
15406 *
15407 * @remarks Not all of the state needs to be synced in. Requires RCX and
15408 * (currently) all MSRs.
15409 */
15410VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedRdmsr(PVMCPU pVCpu, uint8_t cbInstr)
15411{
15412 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15413 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_RCX | CPUMCTX_EXTRN_ALL_MSRS);
15414
15415 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15416 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_rdmsr);
15417 Assert(!pVCpu->iem.s.cActiveMappings);
15418 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15419}
15420
15421
15422/**
15423 * Interface for HM and EM to emulate the WRMSR instruction.
15424 *
15425 * @returns Strict VBox status code.
15426 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15427 *
15428 * @param pVCpu The cross context virtual CPU structure.
15429 * @param cbInstr The instruction length in bytes.
15430 *
15431 * @remarks Not all of the state needs to be synced in. Requires RCX, RAX, RDX,
15432 * and (currently) all MSRs.
15433 */
15434VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedWrmsr(PVMCPU pVCpu, uint8_t cbInstr)
15435{
15436 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 2);
15437 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK
15438 | CPUMCTX_EXTRN_RCX | CPUMCTX_EXTRN_RAX | CPUMCTX_EXTRN_RDX | CPUMCTX_EXTRN_ALL_MSRS);
15439
15440 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15441 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_wrmsr);
15442 Assert(!pVCpu->iem.s.cActiveMappings);
15443 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15444}
15445
15446
15447/**
15448 * Interface for HM and EM to emulate the MONITOR instruction.
15449 *
15450 * @returns Strict VBox status code.
15451 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15452 *
15453 * @param pVCpu The cross context virtual CPU structure.
15454 * @param cbInstr The instruction length in bytes.
15455 *
15456 * @remarks Not all of the state needs to be synced in.
15457 * @remarks ASSUMES the default segment of DS and no segment override prefixes
15458 * are used.
15459 */
15460VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedMonitor(PVMCPU pVCpu, uint8_t cbInstr)
15461{
15462 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15463 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_DS);
15464
15465 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15466 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_1(iemCImpl_monitor, X86_SREG_DS);
15467 Assert(!pVCpu->iem.s.cActiveMappings);
15468 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15469}
15470
15471
15472/**
15473 * Interface for HM and EM to emulate the MWAIT instruction.
15474 *
15475 * @returns Strict VBox status code.
15476 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15477 *
15478 * @param pVCpu The cross context virtual CPU structure.
15479 * @param cbInstr The instruction length in bytes.
15480 *
15481 * @remarks Not all of the state needs to be synced in.
15482 */
15483VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedMwait(PVMCPU pVCpu, uint8_t cbInstr)
15484{
15485 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15486
15487 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15488 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_mwait);
15489 Assert(!pVCpu->iem.s.cActiveMappings);
15490 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15491}
15492
15493
15494/**
15495 * Interface for HM and EM to emulate the HLT instruction.
15496 *
15497 * @returns Strict VBox status code.
15498 * @retval VINF_IEM_RAISED_XCPT (VINF_EM_RESCHEDULE) if exception is raised.
15499 *
15500 * @param pVCpu The cross context virtual CPU structure.
15501 * @param cbInstr The instruction length in bytes.
15502 *
15503 * @remarks Not all of the state needs to be synced in.
15504 */
15505VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedHlt(PVMCPU pVCpu, uint8_t cbInstr)
15506{
15507 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 1);
15508
15509 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15510 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_hlt);
15511 Assert(!pVCpu->iem.s.cActiveMappings);
15512 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15513}
15514
15515
15516/**
15517 * Checks if IEM is in the process of delivering an event (interrupt or
15518 * exception).
15519 *
15520 * @returns true if we're in the process of raising an interrupt or exception,
15521 * false otherwise.
15522 * @param pVCpu The cross context virtual CPU structure.
15523 * @param puVector Where to store the vector associated with the
15524 * currently delivered event, optional.
15525 * @param pfFlags Where to store th event delivery flags (see
15526 * IEM_XCPT_FLAGS_XXX), optional.
15527 * @param puErr Where to store the error code associated with the
15528 * event, optional.
15529 * @param puCr2 Where to store the CR2 associated with the event,
15530 * optional.
15531 * @remarks The caller should check the flags to determine if the error code and
15532 * CR2 are valid for the event.
15533 */
15534VMM_INT_DECL(bool) IEMGetCurrentXcpt(PVMCPU pVCpu, uint8_t *puVector, uint32_t *pfFlags, uint32_t *puErr, uint64_t *puCr2)
15535{
15536 bool const fRaisingXcpt = pVCpu->iem.s.cXcptRecursions > 0;
15537 if (fRaisingXcpt)
15538 {
15539 if (puVector)
15540 *puVector = pVCpu->iem.s.uCurXcpt;
15541 if (pfFlags)
15542 *pfFlags = pVCpu->iem.s.fCurXcpt;
15543 if (puErr)
15544 *puErr = pVCpu->iem.s.uCurXcptErr;
15545 if (puCr2)
15546 *puCr2 = pVCpu->iem.s.uCurXcptCr2;
15547 }
15548 return fRaisingXcpt;
15549}
15550
15551#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
15552
15553/**
15554 * Interface for HM and EM to emulate the CLGI instruction.
15555 *
15556 * @returns Strict VBox status code.
15557 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15558 * @param cbInstr The instruction length in bytes.
15559 * @thread EMT(pVCpu)
15560 */
15561VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedClgi(PVMCPU pVCpu, uint8_t cbInstr)
15562{
15563 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15564
15565 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15566 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_clgi);
15567 Assert(!pVCpu->iem.s.cActiveMappings);
15568 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15569}
15570
15571
15572/**
15573 * Interface for HM and EM to emulate the STGI instruction.
15574 *
15575 * @returns Strict VBox status code.
15576 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15577 * @param cbInstr The instruction length in bytes.
15578 * @thread EMT(pVCpu)
15579 */
15580VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedStgi(PVMCPU pVCpu, uint8_t cbInstr)
15581{
15582 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15583
15584 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15585 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_stgi);
15586 Assert(!pVCpu->iem.s.cActiveMappings);
15587 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15588}
15589
15590
15591/**
15592 * Interface for HM and EM to emulate the VMLOAD instruction.
15593 *
15594 * @returns Strict VBox status code.
15595 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15596 * @param cbInstr The instruction length in bytes.
15597 * @thread EMT(pVCpu)
15598 */
15599VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmload(PVMCPU pVCpu, uint8_t cbInstr)
15600{
15601 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15602
15603 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15604 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_vmload);
15605 Assert(!pVCpu->iem.s.cActiveMappings);
15606 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15607}
15608
15609
15610/**
15611 * Interface for HM and EM to emulate the VMSAVE instruction.
15612 *
15613 * @returns Strict VBox status code.
15614 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15615 * @param cbInstr The instruction length in bytes.
15616 * @thread EMT(pVCpu)
15617 */
15618VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmsave(PVMCPU pVCpu, uint8_t cbInstr)
15619{
15620 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15621
15622 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15623 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_vmsave);
15624 Assert(!pVCpu->iem.s.cActiveMappings);
15625 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15626}
15627
15628
15629/**
15630 * Interface for HM and EM to emulate the INVLPGA instruction.
15631 *
15632 * @returns Strict VBox status code.
15633 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15634 * @param cbInstr The instruction length in bytes.
15635 * @thread EMT(pVCpu)
15636 */
15637VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedInvlpga(PVMCPU pVCpu, uint8_t cbInstr)
15638{
15639 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15640
15641 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15642 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_invlpga);
15643 Assert(!pVCpu->iem.s.cActiveMappings);
15644 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15645}
15646
15647
15648/**
15649 * Interface for HM and EM to emulate the VMRUN instruction.
15650 *
15651 * @returns Strict VBox status code.
15652 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15653 * @param cbInstr The instruction length in bytes.
15654 * @thread EMT(pVCpu)
15655 */
15656VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmrun(PVMCPU pVCpu, uint8_t cbInstr)
15657{
15658 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
15659 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_SVM_VMRUN_MASK);
15660
15661 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15662 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_vmrun);
15663 Assert(!pVCpu->iem.s.cActiveMappings);
15664 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
15665}
15666
15667
15668/**
15669 * Interface for HM and EM to emulate \#VMEXIT.
15670 *
15671 * @returns Strict VBox status code.
15672 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15673 * @param uExitCode The exit code.
15674 * @param uExitInfo1 The exit info. 1 field.
15675 * @param uExitInfo2 The exit info. 2 field.
15676 * @thread EMT(pVCpu)
15677 */
15678VMM_INT_DECL(VBOXSTRICTRC) IEMExecSvmVmexit(PVMCPU pVCpu, uint64_t uExitCode, uint64_t uExitInfo1, uint64_t uExitInfo2)
15679{
15680 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_SVM_VMEXIT_MASK);
15681 VBOXSTRICTRC rcStrict = iemSvmVmexit(pVCpu, uExitCode, uExitInfo1, uExitInfo2);
15682 if (pVCpu->iem.s.cActiveMappings)
15683 iemMemRollback(pVCpu);
15684 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15685}
15686
15687#endif /* VBOX_WITH_NESTED_HWVIRT_SVM */
15688
15689#ifdef VBOX_WITH_NESTED_HWVIRT_VMX
15690
15691/**
15692 * Interface for HM and EM to virtualize x2APIC MSR accesses.
15693 *
15694 * @returns Strict VBox status code.
15695 * @retval VINF_VMX_MODIFIES_BEHAVIOR if the MSR access was virtualized.
15696 * @retval VINF_VMX_INTERCEPT_NOT_ACTIVE if the MSR access must be handled by
15697 * the x2APIC device.
15698 * @retval VERR_OUT_RANGE if the caller must raise \#GP(0).
15699 *
15700 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15701 * @param idMsr The MSR being read.
15702 * @param pu64Value Pointer to the value being written or where to store the
15703 * value being read.
15704 * @param fWrite Whether this is an MSR write or read access.
15705 * @thread EMT(pVCpu)
15706 */
15707VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVirtApicAccessMsr(PVMCPU pVCpu, uint32_t idMsr, uint64_t *pu64Value, bool fWrite)
15708{
15709 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK);
15710 Assert(pu64Value);
15711
15712 VBOXSTRICTRC rcStrict;
15713 if (!fWrite)
15714 rcStrict = iemVmxVirtApicAccessMsrRead(pVCpu, idMsr, pu64Value);
15715 else
15716 rcStrict = iemVmxVirtApicAccessMsrWrite(pVCpu, idMsr, *pu64Value);
15717 if (pVCpu->iem.s.cActiveMappings)
15718 iemMemRollback(pVCpu);
15719 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15720
15721}
15722
15723
15724/**
15725 * Interface for HM and EM to virtualize memory-mapped APIC accesses.
15726 *
15727 * @returns Strict VBox status code.
15728 * @retval VINF_VMX_MODIFIES_BEHAVIOR if the memory access was virtualized.
15729 * @retval VINF_VMX_VMEXIT if the access causes a VM-exit.
15730 *
15731 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15732 * @param offAccess The offset of the register being accessed (within the
15733 * APIC-access page).
15734 * @param cbAccess The size of the access in bytes.
15735 * @param pvData Pointer to the data being written or where to store the data
15736 * being read.
15737 * @param fWrite Whether this is a write or read access.
15738 * @thread EMT(pVCpu)
15739 */
15740VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVirtApicAccessMem(PVMCPU pVCpu, uint16_t offAccess, size_t cbAccess, void *pvData,
15741 bool fWrite)
15742{
15743 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15744 Assert(pvData);
15745
15746 /** @todo NSTVMX: Unfortunately, the caller has no idea about instruction fetch
15747 * accesses, so we only use read/write here. Maybe in the future the PGM
15748 * physical handler will be extended to include this information? */
15749 uint32_t const fAccess = fWrite ? IEM_ACCESS_TYPE_WRITE : IEM_ACCESS_TYPE_READ;
15750 VBOXSTRICTRC rcStrict = iemVmxVirtApicAccessMem(pVCpu, offAccess, cbAccess, pvData, fAccess);
15751 if (pVCpu->iem.s.cActiveMappings)
15752 iemMemRollback(pVCpu);
15753 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15754}
15755
15756
15757/**
15758 * Interface for HM and EM to perform an APIC-write emulation which may cause a
15759 * VM-exit.
15760 *
15761 * @returns Strict VBox status code.
15762 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15763 * @thread EMT(pVCpu)
15764 */
15765VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitApicWrite(PVMCPU pVCpu)
15766{
15767 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15768
15769 VBOXSTRICTRC rcStrict = iemVmxApicWriteEmulation(pVCpu);
15770 if (pVCpu->iem.s.cActiveMappings)
15771 iemMemRollback(pVCpu);
15772 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15773}
15774
15775
15776/**
15777 * Interface for HM and EM to emulate VM-exit due to expiry of the preemption timer.
15778 *
15779 * @returns Strict VBox status code.
15780 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15781 * @thread EMT(pVCpu)
15782 */
15783VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitPreemptTimer(PVMCPU pVCpu)
15784{
15785 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15786 VBOXSTRICTRC rcStrict = iemVmxVmexitPreemptTimer(pVCpu);
15787 if (pVCpu->iem.s.cActiveMappings)
15788 iemMemRollback(pVCpu);
15789 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15790}
15791
15792
15793/**
15794 * Interface for HM and EM to emulate VM-exit due to external interrupts.
15795 *
15796 * @returns Strict VBox status code.
15797 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15798 * @param uVector The external interrupt vector.
15799 * @param fIntPending Whether the external interrupt is pending or
15800 * acknowdledged in the interrupt controller.
15801 * @thread EMT(pVCpu)
15802 */
15803VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitExtInt(PVMCPU pVCpu, uint8_t uVector, bool fIntPending)
15804{
15805 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15806 VBOXSTRICTRC rcStrict = iemVmxVmexitExtInt(pVCpu, uVector, fIntPending);
15807 if (pVCpu->iem.s.cActiveMappings)
15808 iemMemRollback(pVCpu);
15809 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15810}
15811
15812
15813/**
15814 * Interface for HM and EM to emulate VM-exit due to startup-IPI (SIPI).
15815 *
15816 * @returns Strict VBox status code.
15817 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15818 * @param uVector The SIPI vector.
15819 * @thread EMT(pVCpu)
15820 */
15821VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitStartupIpi(PVMCPU pVCpu, uint8_t uVector)
15822{
15823 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15824 VBOXSTRICTRC rcStrict = iemVmxVmexitStartupIpi(pVCpu, uVector);
15825 if (pVCpu->iem.s.cActiveMappings)
15826 iemMemRollback(pVCpu);
15827 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15828}
15829
15830
15831/**
15832 * Interface for HM and EM to emulate VM-exit due to init-IPI (INIT).
15833 *
15834 * @returns Strict VBox status code.
15835 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15836 * @thread EMT(pVCpu)
15837 */
15838VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitInitIpi(PVMCPU pVCpu)
15839{
15840 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15841 VBOXSTRICTRC rcStrict = iemVmxVmexitInitIpi(pVCpu);
15842 if (pVCpu->iem.s.cActiveMappings)
15843 iemMemRollback(pVCpu);
15844 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15845}
15846
15847
15848/**
15849 * Interface for HM and EM to emulate VM-exits for interrupt-windows.
15850 *
15851 * @returns Strict VBox status code.
15852 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15853 * @thread EMT(pVCpu)
15854 */
15855VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitIntWindow(PVMCPU pVCpu)
15856{
15857 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15858 VBOXSTRICTRC rcStrict = iemVmxVmexitIntWindow(pVCpu);
15859 if (pVCpu->iem.s.cActiveMappings)
15860 iemMemRollback(pVCpu);
15861 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15862}
15863
15864
15865/**
15866 * Interface for HM and EM to emulate VM-exits Monitor-Trap Flag (MTF).
15867 *
15868 * @returns Strict VBox status code.
15869 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15870 * @thread EMT(pVCpu)
15871 */
15872VMM_INT_DECL(VBOXSTRICTRC) IEMExecVmxVmexitMtf(PVMCPU pVCpu)
15873{
15874 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMEXIT_MASK);
15875 VBOXSTRICTRC rcStrict = iemVmxVmexitMtf(pVCpu);
15876 if (pVCpu->iem.s.cActiveMappings)
15877 iemMemRollback(pVCpu);
15878 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15879}
15880
15881
15882/**
15883 * Interface for HM and EM to emulate the VMREAD instruction.
15884 *
15885 * @returns Strict VBox status code.
15886 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15887 * @param pExitInfo Pointer to the VM-exit information struct.
15888 * @thread EMT(pVCpu)
15889 */
15890VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmread(PVMCPU pVCpu, PCVMXVEXITINFO pExitInfo)
15891{
15892 IEMEXEC_ASSERT_INSTR_LEN_RETURN(pExitInfo->cbInstr, 3);
15893 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
15894 Assert(pExitInfo);
15895
15896 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15897
15898 VBOXSTRICTRC rcStrict;
15899 uint8_t const cbInstr = pExitInfo->cbInstr;
15900 uint32_t const uFieldEnc = iemGRegFetchU64(pVCpu, pExitInfo->InstrInfo.VmreadVmwrite.iReg2);
15901 if (pExitInfo->InstrInfo.VmreadVmwrite.fIsRegOperand)
15902 {
15903 if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
15904 {
15905 uint64_t *pu64Dst = iemGRegRefU64(pVCpu, pExitInfo->InstrInfo.VmreadVmwrite.iReg1);
15906 rcStrict = iemVmxVmreadReg64(pVCpu, cbInstr, pu64Dst, uFieldEnc, pExitInfo);
15907 }
15908 else
15909 {
15910 uint32_t *pu32Dst = iemGRegRefU32(pVCpu, pExitInfo->InstrInfo.VmreadVmwrite.iReg1);
15911 rcStrict = iemVmxVmreadReg32(pVCpu, cbInstr, pu32Dst, uFieldEnc, pExitInfo);
15912 }
15913 }
15914 else
15915 {
15916 RTGCPTR GCPtrDst = pExitInfo->GCPtrEffAddr;
15917 uint8_t iEffSeg = pExitInfo->InstrInfo.VmreadVmwrite.iSegReg;
15918 IEMMODE enmEffAddrMode = (IEMMODE)pExitInfo->InstrInfo.VmreadVmwrite.u3AddrSize;
15919 rcStrict = iemVmxVmreadMem(pVCpu, cbInstr, iEffSeg, enmEffAddrMode, GCPtrDst, uFieldEnc, pExitInfo);
15920 }
15921 if (pVCpu->iem.s.cActiveMappings)
15922 iemMemRollback(pVCpu);
15923 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15924}
15925
15926
15927/**
15928 * Interface for HM and EM to emulate the VMWRITE instruction.
15929 *
15930 * @returns Strict VBox status code.
15931 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15932 * @param pExitInfo Pointer to the VM-exit information struct.
15933 * @thread EMT(pVCpu)
15934 */
15935VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmwrite(PVMCPU pVCpu, PCVMXVEXITINFO pExitInfo)
15936{
15937 IEMEXEC_ASSERT_INSTR_LEN_RETURN(pExitInfo->cbInstr, 3);
15938 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
15939 Assert(pExitInfo);
15940
15941 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15942
15943 uint64_t u64Val;
15944 uint8_t iEffSeg;
15945 IEMMODE enmEffAddrMode;
15946 if (pExitInfo->InstrInfo.VmreadVmwrite.fIsRegOperand)
15947 {
15948 u64Val = iemGRegFetchU64(pVCpu, pExitInfo->InstrInfo.VmreadVmwrite.iReg1);
15949 iEffSeg = UINT8_MAX;
15950 enmEffAddrMode = UINT8_MAX;
15951 }
15952 else
15953 {
15954 u64Val = pExitInfo->GCPtrEffAddr;
15955 iEffSeg = pExitInfo->InstrInfo.VmreadVmwrite.iSegReg;
15956 enmEffAddrMode = (IEMMODE)pExitInfo->InstrInfo.VmreadVmwrite.u3AddrSize;
15957 }
15958 uint8_t const cbInstr = pExitInfo->cbInstr;
15959 uint32_t const uFieldEnc = iemGRegFetchU64(pVCpu, pExitInfo->InstrInfo.VmreadVmwrite.iReg2);
15960 VBOXSTRICTRC rcStrict = iemVmxVmwrite(pVCpu, cbInstr, iEffSeg, enmEffAddrMode, u64Val, uFieldEnc, pExitInfo);
15961 if (pVCpu->iem.s.cActiveMappings)
15962 iemMemRollback(pVCpu);
15963 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15964}
15965
15966
15967/**
15968 * Interface for HM and EM to emulate the VMPTRLD instruction.
15969 *
15970 * @returns Strict VBox status code.
15971 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15972 * @param pExitInfo Pointer to the VM-exit information struct.
15973 * @thread EMT(pVCpu)
15974 */
15975VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmptrld(PVMCPU pVCpu, PCVMXVEXITINFO pExitInfo)
15976{
15977 Assert(pExitInfo);
15978 IEMEXEC_ASSERT_INSTR_LEN_RETURN(pExitInfo->cbInstr, 3);
15979 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
15980
15981 iemInitExec(pVCpu, false /*fBypassHandlers*/);
15982
15983 uint8_t const iEffSeg = pExitInfo->InstrInfo.VmxXsave.iSegReg;
15984 uint8_t const cbInstr = pExitInfo->cbInstr;
15985 RTGCPTR const GCPtrVmcs = pExitInfo->GCPtrEffAddr;
15986 VBOXSTRICTRC rcStrict = iemVmxVmptrld(pVCpu, cbInstr, iEffSeg, GCPtrVmcs, pExitInfo);
15987 if (pVCpu->iem.s.cActiveMappings)
15988 iemMemRollback(pVCpu);
15989 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
15990}
15991
15992
15993/**
15994 * Interface for HM and EM to emulate the VMPTRST instruction.
15995 *
15996 * @returns Strict VBox status code.
15997 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
15998 * @param pExitInfo Pointer to the VM-exit information struct.
15999 * @thread EMT(pVCpu)
16000 */
16001VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmptrst(PVMCPU pVCpu, PCVMXVEXITINFO pExitInfo)
16002{
16003 Assert(pExitInfo);
16004 IEMEXEC_ASSERT_INSTR_LEN_RETURN(pExitInfo->cbInstr, 3);
16005 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
16006
16007 iemInitExec(pVCpu, false /*fBypassHandlers*/);
16008
16009 uint8_t const iEffSeg = pExitInfo->InstrInfo.VmxXsave.iSegReg;
16010 uint8_t const cbInstr = pExitInfo->cbInstr;
16011 RTGCPTR const GCPtrVmcs = pExitInfo->GCPtrEffAddr;
16012 VBOXSTRICTRC rcStrict = iemVmxVmptrst(pVCpu, cbInstr, iEffSeg, GCPtrVmcs, pExitInfo);
16013 if (pVCpu->iem.s.cActiveMappings)
16014 iemMemRollback(pVCpu);
16015 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
16016}
16017
16018
16019/**
16020 * Interface for HM and EM to emulate the VMCLEAR instruction.
16021 *
16022 * @returns Strict VBox status code.
16023 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
16024 * @param pExitInfo Pointer to the VM-exit information struct.
16025 * @thread EMT(pVCpu)
16026 */
16027VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmclear(PVMCPU pVCpu, PCVMXVEXITINFO pExitInfo)
16028{
16029 Assert(pExitInfo);
16030 IEMEXEC_ASSERT_INSTR_LEN_RETURN(pExitInfo->cbInstr, 3);
16031 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
16032
16033 iemInitExec(pVCpu, false /*fBypassHandlers*/);
16034
16035 uint8_t const iEffSeg = pExitInfo->InstrInfo.VmxXsave.iSegReg;
16036 uint8_t const cbInstr = pExitInfo->cbInstr;
16037 RTGCPTR const GCPtrVmcs = pExitInfo->GCPtrEffAddr;
16038 VBOXSTRICTRC rcStrict = iemVmxVmclear(pVCpu, cbInstr, iEffSeg, GCPtrVmcs, pExitInfo);
16039 if (pVCpu->iem.s.cActiveMappings)
16040 iemMemRollback(pVCpu);
16041 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
16042}
16043
16044
16045/**
16046 * Interface for HM and EM to emulate the VMLAUNCH/VMRESUME instruction.
16047 *
16048 * @returns Strict VBox status code.
16049 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
16050 * @param cbInstr The instruction length in bytes.
16051 * @param uInstrId The instruction ID (VMXINSTRID_VMLAUNCH or
16052 * VMXINSTRID_VMRESUME).
16053 * @thread EMT(pVCpu)
16054 */
16055VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmlaunchVmresume(PVMCPU pVCpu, uint8_t cbInstr, VMXINSTRID uInstrId)
16056{
16057 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
16058 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_VMX_VMENTRY_MASK);
16059
16060 iemInitExec(pVCpu, false /*fBypassHandlers*/);
16061 VBOXSTRICTRC rcStrict = iemVmxVmlaunchVmresume(pVCpu, cbInstr, uInstrId);
16062 if (pVCpu->iem.s.cActiveMappings)
16063 iemMemRollback(pVCpu);
16064 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
16065}
16066
16067
16068/**
16069 * Interface for HM and EM to emulate the VMXON instruction.
16070 *
16071 * @returns Strict VBox status code.
16072 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
16073 * @param pExitInfo Pointer to the VM-exit information struct.
16074 * @thread EMT(pVCpu)
16075 */
16076VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmxon(PVMCPU pVCpu, PCVMXVEXITINFO pExitInfo)
16077{
16078 Assert(pExitInfo);
16079 IEMEXEC_ASSERT_INSTR_LEN_RETURN(pExitInfo->cbInstr, 3);
16080 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
16081
16082 iemInitExec(pVCpu, false /*fBypassHandlers*/);
16083
16084 uint8_t const iEffSeg = pExitInfo->InstrInfo.VmxXsave.iSegReg;
16085 uint8_t const cbInstr = pExitInfo->cbInstr;
16086 RTGCPTR const GCPtrVmxon = pExitInfo->GCPtrEffAddr;
16087 VBOXSTRICTRC rcStrict = iemVmxVmxon(pVCpu, cbInstr, iEffSeg, GCPtrVmxon, pExitInfo);
16088 if (pVCpu->iem.s.cActiveMappings)
16089 iemMemRollback(pVCpu);
16090 return iemExecStatusCodeFiddling(pVCpu, rcStrict);
16091}
16092
16093
16094/**
16095 * Interface for HM and EM to emulate the VMXOFF instruction.
16096 *
16097 * @returns Strict VBox status code.
16098 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
16099 * @param cbInstr The instruction length in bytes.
16100 * @thread EMT(pVCpu)
16101 */
16102VMM_INT_DECL(VBOXSTRICTRC) IEMExecDecodedVmxoff(PVMCPU pVCpu, uint8_t cbInstr)
16103{
16104 IEMEXEC_ASSERT_INSTR_LEN_RETURN(cbInstr, 3);
16105 IEM_CTX_ASSERT(pVCpu, IEM_CPUMCTX_EXTRN_EXEC_DECODED_NO_MEM_MASK | CPUMCTX_EXTRN_HM_VMX_MASK);
16106
16107 iemInitExec(pVCpu, false /*fBypassHandlers*/);
16108 VBOXSTRICTRC rcStrict = IEM_CIMPL_CALL_0(iemCImpl_vmxoff);
16109 Assert(!pVCpu->iem.s.cActiveMappings);
16110 return iemUninitExecAndFiddleStatusAndMaybeReenter(pVCpu, rcStrict);
16111}
16112
16113
16114/**
16115 * @callback_method_impl{FNPGMPHYSHANDLER, VMX APIC-access page accesses}
16116 *
16117 * @remarks The @a pvUser argument is currently unused.
16118 */
16119PGM_ALL_CB2_DECL(VBOXSTRICTRC) iemVmxApicAccessPageHandler(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhysFault, void *pvPhys,
16120 void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType,
16121 PGMACCESSORIGIN enmOrigin, void *pvUser)
16122{
16123 RT_NOREF4(pVM, pvPhys, enmOrigin, pvUser);
16124
16125 RTGCPHYS const GCPhysAccessBase = GCPhysFault & ~(RTGCPHYS)PAGE_OFFSET_MASK;
16126 if (CPUMIsGuestInVmxNonRootMode(IEM_GET_CTX(pVCpu)))
16127 {
16128 Assert(CPUMIsGuestVmxProcCtls2Set(pVCpu, IEM_GET_CTX(pVCpu), VMX_PROC_CTLS2_VIRT_APIC_ACCESS));
16129 Assert(CPUMGetGuestVmxApicAccessPageAddr(pVCpu, IEM_GET_CTX(pVCpu)) == GCPhysAccessBase);
16130
16131 /** @todo NSTVMX: How are we to distinguish instruction fetch accesses here?
16132 * Currently they will go through as read accesses. */
16133 uint32_t const fAccess = enmAccessType == PGMACCESSTYPE_WRITE ? IEM_ACCESS_TYPE_WRITE : IEM_ACCESS_TYPE_READ;
16134 uint16_t const offAccess = GCPhysFault & PAGE_OFFSET_MASK;
16135 VBOXSTRICTRC rcStrict = iemVmxVirtApicAccessMem(pVCpu, offAccess, cbBuf, pvBuf, fAccess);
16136 if (RT_FAILURE(rcStrict))
16137 return rcStrict;
16138
16139 /* Any access on this APIC-access page has been handled, caller should not carry out the access. */
16140 return VINF_SUCCESS;
16141 }
16142
16143 Log(("iemVmxApicAccessPageHandler: Access outside VMX non-root mode, deregistering page at %#RGp\n", GCPhysAccessBase));
16144 int rc = PGMHandlerPhysicalDeregister(pVM, GCPhysAccessBase);
16145 if (RT_FAILURE(rc))
16146 return rc;
16147
16148 /* Instruct the caller of this handler to perform the read/write as normal memory. */
16149 return VINF_PGM_HANDLER_DO_DEFAULT;
16150}
16151
16152#endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
16153
16154#ifdef IN_RING3
16155
16156/**
16157 * Handles the unlikely and probably fatal merge cases.
16158 *
16159 * @returns Merged status code.
16160 * @param rcStrict Current EM status code.
16161 * @param rcStrictCommit The IOM I/O or MMIO write commit status to merge
16162 * with @a rcStrict.
16163 * @param iMemMap The memory mapping index. For error reporting only.
16164 * @param pVCpu The cross context virtual CPU structure of the calling
16165 * thread, for error reporting only.
16166 */
16167DECL_NO_INLINE(static, VBOXSTRICTRC) iemR3MergeStatusSlow(VBOXSTRICTRC rcStrict, VBOXSTRICTRC rcStrictCommit,
16168 unsigned iMemMap, PVMCPU pVCpu)
16169{
16170 if (RT_FAILURE_NP(rcStrict))
16171 return rcStrict;
16172
16173 if (RT_FAILURE_NP(rcStrictCommit))
16174 return rcStrictCommit;
16175
16176 if (rcStrict == rcStrictCommit)
16177 return rcStrictCommit;
16178
16179 AssertLogRelMsgFailed(("rcStrictCommit=%Rrc rcStrict=%Rrc iMemMap=%u fAccess=%#x FirstPg=%RGp LB %u SecondPg=%RGp LB %u\n",
16180 VBOXSTRICTRC_VAL(rcStrictCommit), VBOXSTRICTRC_VAL(rcStrict), iMemMap,
16181 pVCpu->iem.s.aMemMappings[iMemMap].fAccess,
16182 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst,
16183 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond));
16184 return VERR_IOM_FF_STATUS_IPE;
16185}
16186
16187
16188/**
16189 * Helper for IOMR3ProcessForceFlag.
16190 *
16191 * @returns Merged status code.
16192 * @param rcStrict Current EM status code.
16193 * @param rcStrictCommit The IOM I/O or MMIO write commit status to merge
16194 * with @a rcStrict.
16195 * @param iMemMap The memory mapping index. For error reporting only.
16196 * @param pVCpu The cross context virtual CPU structure of the calling
16197 * thread, for error reporting only.
16198 */
16199DECLINLINE(VBOXSTRICTRC) iemR3MergeStatus(VBOXSTRICTRC rcStrict, VBOXSTRICTRC rcStrictCommit, unsigned iMemMap, PVMCPU pVCpu)
16200{
16201 /* Simple. */
16202 if (RT_LIKELY(rcStrict == VINF_SUCCESS || rcStrict == VINF_EM_RAW_TO_R3))
16203 return rcStrictCommit;
16204
16205 if (RT_LIKELY(rcStrictCommit == VINF_SUCCESS))
16206 return rcStrict;
16207
16208 /* EM scheduling status codes. */
16209 if (RT_LIKELY( rcStrict >= VINF_EM_FIRST
16210 && rcStrict <= VINF_EM_LAST))
16211 {
16212 if (RT_LIKELY( rcStrictCommit >= VINF_EM_FIRST
16213 && rcStrictCommit <= VINF_EM_LAST))
16214 return rcStrict < rcStrictCommit ? rcStrict : rcStrictCommit;
16215 }
16216
16217 /* Unlikely */
16218 return iemR3MergeStatusSlow(rcStrict, rcStrictCommit, iMemMap, pVCpu);
16219}
16220
16221
16222/**
16223 * Called by force-flag handling code when VMCPU_FF_IEM is set.
16224 *
16225 * @returns Merge between @a rcStrict and what the commit operation returned.
16226 * @param pVM The cross context VM structure.
16227 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
16228 * @param rcStrict The status code returned by ring-0 or raw-mode.
16229 */
16230VMMR3_INT_DECL(VBOXSTRICTRC) IEMR3ProcessForceFlag(PVM pVM, PVMCPU pVCpu, VBOXSTRICTRC rcStrict)
16231{
16232 /*
16233 * Reset the pending commit.
16234 */
16235 AssertMsg( (pVCpu->iem.s.aMemMappings[0].fAccess | pVCpu->iem.s.aMemMappings[1].fAccess | pVCpu->iem.s.aMemMappings[2].fAccess)
16236 & (IEM_ACCESS_PENDING_R3_WRITE_1ST | IEM_ACCESS_PENDING_R3_WRITE_2ND),
16237 ("%#x %#x %#x\n",
16238 pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemMappings[2].fAccess));
16239 VMCPU_FF_CLEAR(pVCpu, VMCPU_FF_IEM);
16240
16241 /*
16242 * Commit the pending bounce buffers (usually just one).
16243 */
16244 unsigned cBufs = 0;
16245 unsigned iMemMap = RT_ELEMENTS(pVCpu->iem.s.aMemMappings);
16246 while (iMemMap-- > 0)
16247 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & (IEM_ACCESS_PENDING_R3_WRITE_1ST | IEM_ACCESS_PENDING_R3_WRITE_2ND))
16248 {
16249 Assert(pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE);
16250 Assert(pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED);
16251 Assert(!pVCpu->iem.s.aMemBbMappings[iMemMap].fUnassigned);
16252
16253 uint16_t const cbFirst = pVCpu->iem.s.aMemBbMappings[iMemMap].cbFirst;
16254 uint16_t const cbSecond = pVCpu->iem.s.aMemBbMappings[iMemMap].cbSecond;
16255 uint8_t const *pbBuf = &pVCpu->iem.s.aBounceBuffers[iMemMap].ab[0];
16256
16257 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_PENDING_R3_WRITE_1ST)
16258 {
16259 VBOXSTRICTRC rcStrictCommit1 = PGMPhysWrite(pVM,
16260 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst,
16261 pbBuf,
16262 cbFirst,
16263 PGMACCESSORIGIN_IEM);
16264 rcStrict = iemR3MergeStatus(rcStrict, rcStrictCommit1, iMemMap, pVCpu);
16265 Log(("IEMR3ProcessForceFlag: iMemMap=%u GCPhysFirst=%RGp LB %#x %Rrc => %Rrc\n",
16266 iMemMap, pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
16267 VBOXSTRICTRC_VAL(rcStrictCommit1), VBOXSTRICTRC_VAL(rcStrict)));
16268 }
16269
16270 if (pVCpu->iem.s.aMemMappings[iMemMap].fAccess & IEM_ACCESS_PENDING_R3_WRITE_2ND)
16271 {
16272 VBOXSTRICTRC rcStrictCommit2 = PGMPhysWrite(pVM,
16273 pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond,
16274 pbBuf + cbFirst,
16275 cbSecond,
16276 PGMACCESSORIGIN_IEM);
16277 rcStrict = iemR3MergeStatus(rcStrict, rcStrictCommit2, iMemMap, pVCpu);
16278 Log(("IEMR3ProcessForceFlag: iMemMap=%u GCPhysSecond=%RGp LB %#x %Rrc => %Rrc\n",
16279 iMemMap, pVCpu->iem.s.aMemBbMappings[iMemMap].GCPhysSecond, cbSecond,
16280 VBOXSTRICTRC_VAL(rcStrictCommit2), VBOXSTRICTRC_VAL(rcStrict)));
16281 }
16282 cBufs++;
16283 pVCpu->iem.s.aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
16284 }
16285
16286 AssertMsg(cBufs > 0 && cBufs == pVCpu->iem.s.cActiveMappings,
16287 ("cBufs=%u cActiveMappings=%u - %#x %#x %#x\n", cBufs, pVCpu->iem.s.cActiveMappings,
16288 pVCpu->iem.s.aMemMappings[0].fAccess, pVCpu->iem.s.aMemMappings[1].fAccess, pVCpu->iem.s.aMemMappings[2].fAccess));
16289 pVCpu->iem.s.cActiveMappings = 0;
16290 return rcStrict;
16291}
16292
16293#endif /* IN_RING3 */
16294
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette