VirtualBox

source: vbox/trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-basic-2-template.c@ 102117

Last change on this file since 102117 was 102117, checked in by vboxsync, 14 months ago

ValKit/bs3-cpu-basic-2: 16-bit lea/addressing testcase. bugref:10371

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 66.1 KB
Line 
1/* $Id: bs3-cpu-basic-2-template.c 102117 2023-11-15 21:34:30Z vboxsync $ */
2/** @file
3 * BS3Kit - bs3-cpu-basic-2, C code template.
4 */
5
6/*
7 * Copyright (C) 2007-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37
38/*********************************************************************************************************************************
39* Header Files *
40*********************************************************************************************************************************/
41#include <iprt/asm.h>
42#include <iprt/asm-amd64-x86.h>
43
44
45/*********************************************************************************************************************************
46* Defined Constants And Macros *
47*********************************************************************************************************************************/
48#undef CHECK_MEMBER
49#define CHECK_MEMBER(a_szName, a_szFmt, a_Actual, a_Expected) \
50 do \
51 { \
52 if ((a_Actual) == (a_Expected)) { /* likely */ } \
53 else bs3CpuBasic2_FailedF(a_szName "=" a_szFmt " expected " a_szFmt, (a_Actual), (a_Expected)); \
54 } while (0)
55
56
57#ifdef BS3_INSTANTIATING_MODE
58# undef MyBs3Idt
59# undef MY_SYS_SEL_R0_CS
60# undef MY_SYS_SEL_R0_CS_CNF
61# undef MY_SYS_SEL_R0_DS
62# undef MY_SYS_SEL_R0_SS
63# if BS3_MODE_IS_16BIT_SYS(TMPL_MODE)
64# define MyBs3Idt Bs3Idt16
65# define MY_SYS_SEL_R0_CS BS3_SEL_R0_CS16
66# define MY_SYS_SEL_R0_CS_CNF BS3_SEL_R0_CS16_CNF
67# define MY_SYS_SEL_R0_DS BS3_SEL_R0_DS16
68# define MY_SYS_SEL_R0_SS BS3_SEL_R0_SS16
69# elif BS3_MODE_IS_32BIT_SYS(TMPL_MODE)
70# define MyBs3Idt Bs3Idt32
71# define MY_SYS_SEL_R0_CS BS3_SEL_R0_CS32
72# define MY_SYS_SEL_R0_CS_CNF BS3_SEL_R0_CS32_CNF
73# define MY_SYS_SEL_R0_DS BS3_SEL_R0_DS32
74# define MY_SYS_SEL_R0_SS BS3_SEL_R0_SS32
75# elif BS3_MODE_IS_64BIT_SYS(TMPL_MODE)
76# define MyBs3Idt Bs3Idt64
77# define MY_SYS_SEL_R0_CS BS3_SEL_R0_CS64
78# define MY_SYS_SEL_R0_CS_CNF BS3_SEL_R0_CS64_CNF
79# define MY_SYS_SEL_R0_DS BS3_SEL_R0_DS64
80# define MY_SYS_SEL_R0_SS BS3_SEL_R0_DS64
81# else
82# error "TMPL_MODE"
83# endif
84#endif
85
86
87/*********************************************************************************************************************************
88* Structures and Typedefs *
89*********************************************************************************************************************************/
90#ifdef BS3_INSTANTIATING_CMN
91typedef struct BS3CB2INVLDESCTYPE
92{
93 uint8_t u4Type;
94 uint8_t u1DescType;
95} BS3CB2INVLDESCTYPE;
96#endif
97
98
99/*********************************************************************************************************************************
100* External Symbols *
101*********************************************************************************************************************************/
102#ifdef BS3_INSTANTIATING_CMN
103extern FNBS3FAR bs3CpuBasic2_Int80;
104extern FNBS3FAR bs3CpuBasic2_Int81;
105extern FNBS3FAR bs3CpuBasic2_Int82;
106extern FNBS3FAR bs3CpuBasic2_Int83;
107extern FNBS3FAR bs3CpuBasic2_ud2;
108# define g_bs3CpuBasic2_ud2_FlatAddr BS3_DATA_NM(g_bs3CpuBasic2_ud2_FlatAddr)
109extern uint32_t g_bs3CpuBasic2_ud2_FlatAddr;
110#endif
111
112
113/*********************************************************************************************************************************
114* Global Variables *
115*********************************************************************************************************************************/
116#ifdef BS3_INSTANTIATING_CMN
117# define g_pszTestMode BS3_CMN_NM(g_pszTestMode)
118static const char BS3_FAR *g_pszTestMode = (const char *)1;
119# define g_bTestMode BS3_CMN_NM(g_bTestMode)
120static uint8_t g_bTestMode = 1;
121# define g_f16BitSys BS3_CMN_NM(g_f16BitSys)
122static bool g_f16BitSys = 1;
123
124
125/** Table containing invalid CS selector types. */
126static const BS3CB2INVLDESCTYPE g_aInvalidCsTypes[] =
127{
128 { X86_SEL_TYPE_RO, 1 },
129 { X86_SEL_TYPE_RO_ACC, 1 },
130 { X86_SEL_TYPE_RW, 1 },
131 { X86_SEL_TYPE_RW_ACC, 1 },
132 { X86_SEL_TYPE_RO_DOWN, 1 },
133 { X86_SEL_TYPE_RO_DOWN_ACC, 1 },
134 { X86_SEL_TYPE_RW_DOWN, 1 },
135 { X86_SEL_TYPE_RW_DOWN_ACC, 1 },
136 { 0, 0 },
137 { 1, 0 },
138 { 2, 0 },
139 { 3, 0 },
140 { 4, 0 },
141 { 5, 0 },
142 { 6, 0 },
143 { 7, 0 },
144 { 8, 0 },
145 { 9, 0 },
146 { 10, 0 },
147 { 11, 0 },
148 { 12, 0 },
149 { 13, 0 },
150 { 14, 0 },
151 { 15, 0 },
152};
153
154/** Table containing invalid SS selector types. */
155static const BS3CB2INVLDESCTYPE g_aInvalidSsTypes[] =
156{
157 { X86_SEL_TYPE_EO, 1 },
158 { X86_SEL_TYPE_EO_ACC, 1 },
159 { X86_SEL_TYPE_ER, 1 },
160 { X86_SEL_TYPE_ER_ACC, 1 },
161 { X86_SEL_TYPE_EO_CONF, 1 },
162 { X86_SEL_TYPE_EO_CONF_ACC, 1 },
163 { X86_SEL_TYPE_ER_CONF, 1 },
164 { X86_SEL_TYPE_ER_CONF_ACC, 1 },
165 { 0, 0 },
166 { 1, 0 },
167 { 2, 0 },
168 { 3, 0 },
169 { 4, 0 },
170 { 5, 0 },
171 { 6, 0 },
172 { 7, 0 },
173 { 8, 0 },
174 { 9, 0 },
175 { 10, 0 },
176 { 11, 0 },
177 { 12, 0 },
178 { 13, 0 },
179 { 14, 0 },
180 { 15, 0 },
181};
182
183#endif /* BS3_INSTANTIATING_CMN - global */
184
185#ifdef BS3_INSTANTIATING_CMN
186
187/**
188 * Wrapper around Bs3TestFailedF that prefixes the error with g_usBs3TestStep
189 * and g_pszTestMode.
190 */
191# define bs3CpuBasic2_FailedF BS3_CMN_NM(bs3CpuBasic2_FailedF)
192BS3_DECL_NEAR(void) bs3CpuBasic2_FailedF(const char *pszFormat, ...)
193{
194 va_list va;
195
196 char szTmp[168];
197 va_start(va, pszFormat);
198 Bs3StrPrintfV(szTmp, sizeof(szTmp), pszFormat, va);
199 va_end(va);
200
201 Bs3TestFailedF("%u - %s: %s", g_usBs3TestStep, g_pszTestMode, szTmp);
202}
203
204
205/**
206 * Compares trap stuff.
207 */
208# define bs3CpuBasic2_CompareIntCtx1 BS3_CMN_NM(bs3CpuBasic2_CompareIntCtx1)
209BS3_DECL_NEAR(void) bs3CpuBasic2_CompareIntCtx1(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint8_t bXcpt)
210{
211 uint16_t const cErrorsBefore = Bs3TestSubErrorCount();
212 CHECK_MEMBER("bXcpt", "%#04x", pTrapCtx->bXcpt, bXcpt);
213 CHECK_MEMBER("bErrCd", "%#06RX64", pTrapCtx->uErrCd, 0);
214 Bs3TestCheckRegCtxEx(&pTrapCtx->Ctx, pStartCtx, 2 /*int xx*/, 0 /*cbSpAdjust*/, 0 /*fExtraEfl*/, g_pszTestMode, g_usBs3TestStep);
215 if (Bs3TestSubErrorCount() != cErrorsBefore)
216 {
217 Bs3TrapPrintFrame(pTrapCtx);
218#if 1
219 Bs3TestPrintf("Halting: g_uBs3CpuDetected=%#x\n", g_uBs3CpuDetected);
220 Bs3TestPrintf("Halting in CompareTrapCtx1: bXcpt=%#x\n", bXcpt);
221 ASMHalt();
222#endif
223 }
224}
225
226
227/**
228 * Compares trap stuff.
229 */
230# define bs3CpuBasic2_CompareTrapCtx2 BS3_CMN_NM(bs3CpuBasic2_CompareTrapCtx2)
231BS3_DECL_NEAR(void) bs3CpuBasic2_CompareTrapCtx2(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint16_t cbIpAdjust,
232 uint8_t bXcpt, uint16_t uHandlerCs)
233{
234 uint16_t const cErrorsBefore = Bs3TestSubErrorCount();
235 CHECK_MEMBER("bXcpt", "%#04x", pTrapCtx->bXcpt, bXcpt);
236 CHECK_MEMBER("bErrCd", "%#06RX64", pTrapCtx->uErrCd, 0);
237 CHECK_MEMBER("uHandlerCs", "%#06x", pTrapCtx->uHandlerCs, uHandlerCs);
238 Bs3TestCheckRegCtxEx(&pTrapCtx->Ctx, pStartCtx, cbIpAdjust, 0 /*cbSpAdjust*/, 0 /*fExtraEfl*/, g_pszTestMode, g_usBs3TestStep);
239 if (Bs3TestSubErrorCount() != cErrorsBefore)
240 {
241 Bs3TrapPrintFrame(pTrapCtx);
242#if 1
243 Bs3TestPrintf("Halting: g_uBs3CpuDetected=%#x\n", g_uBs3CpuDetected);
244 Bs3TestPrintf("Halting in CompareTrapCtx2: bXcpt=%#x\n", bXcpt);
245 ASMHalt();
246#endif
247 }
248}
249
250/**
251 * Compares a CPU trap.
252 */
253# define bs3CpuBasic2_CompareCpuTrapCtx BS3_CMN_NM(bs3CpuBasic2_CompareCpuTrapCtx)
254BS3_DECL_NEAR(void) bs3CpuBasic2_CompareCpuTrapCtx(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint16_t uErrCd,
255 uint8_t bXcpt, bool f486ResumeFlagHint)
256{
257 uint16_t const cErrorsBefore = Bs3TestSubErrorCount();
258 uint32_t fExtraEfl;
259
260 CHECK_MEMBER("bXcpt", "%#04x", pTrapCtx->bXcpt, bXcpt);
261 CHECK_MEMBER("bErrCd", "%#06RX16", (uint16_t)pTrapCtx->uErrCd, (uint16_t)uErrCd); /* 486 only writes a word */
262
263 fExtraEfl = X86_EFL_RF;
264 if ( g_f16BitSys
265 || ( !f486ResumeFlagHint
266 && (g_uBs3CpuDetected & BS3CPU_TYPE_MASK) <= BS3CPU_80486 ) )
267 fExtraEfl = 0;
268 else
269 fExtraEfl = X86_EFL_RF;
270#if 0 /** @todo Running on an AMD Phenom II X6 1100T under AMD-V I'm not getting good X86_EFL_RF results. Enable this to get on with other work. */
271 fExtraEfl = pTrapCtx->Ctx.rflags.u32 & X86_EFL_RF;
272#endif
273 Bs3TestCheckRegCtxEx(&pTrapCtx->Ctx, pStartCtx, 0 /*cbIpAdjust*/, 0 /*cbSpAdjust*/, fExtraEfl, g_pszTestMode, g_usBs3TestStep);
274 if (Bs3TestSubErrorCount() != cErrorsBefore)
275 {
276 Bs3TrapPrintFrame(pTrapCtx);
277#if 1
278 Bs3TestPrintf("Halting: g_uBs3CpuDetected=%#x\n", g_uBs3CpuDetected);
279 Bs3TestPrintf("Halting: bXcpt=%#x uErrCd=%#x\n", bXcpt, uErrCd);
280 ASMHalt();
281#endif
282 }
283}
284
285
286/**
287 * Compares \#GP trap.
288 */
289# define bs3CpuBasic2_CompareGpCtx BS3_CMN_NM(bs3CpuBasic2_CompareGpCtx)
290BS3_DECL_NEAR(void) bs3CpuBasic2_CompareGpCtx(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint16_t uErrCd)
291{
292 bs3CpuBasic2_CompareCpuTrapCtx(pTrapCtx, pStartCtx, uErrCd, X86_XCPT_GP, true /*f486ResumeFlagHint*/);
293}
294
295/**
296 * Compares \#NP trap.
297 */
298# define bs3CpuBasic2_CompareNpCtx BS3_CMN_NM(bs3CpuBasic2_CompareNpCtx)
299BS3_DECL_NEAR(void) bs3CpuBasic2_CompareNpCtx(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint16_t uErrCd)
300{
301 bs3CpuBasic2_CompareCpuTrapCtx(pTrapCtx, pStartCtx, uErrCd, X86_XCPT_NP, true /*f486ResumeFlagHint*/);
302}
303
304/**
305 * Compares \#SS trap.
306 */
307# define bs3CpuBasic2_CompareSsCtx BS3_CMN_NM(bs3CpuBasic2_CompareSsCtx)
308BS3_DECL_NEAR(void) bs3CpuBasic2_CompareSsCtx(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint16_t uErrCd, bool f486ResumeFlagHint)
309{
310 bs3CpuBasic2_CompareCpuTrapCtx(pTrapCtx, pStartCtx, uErrCd, X86_XCPT_SS, f486ResumeFlagHint);
311}
312
313/**
314 * Compares \#TS trap.
315 */
316# define bs3CpuBasic2_CompareTsCtx BS3_CMN_NM(bs3CpuBasic2_CompareTsCtx)
317BS3_DECL_NEAR(void) bs3CpuBasic2_CompareTsCtx(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx, uint16_t uErrCd)
318{
319 bs3CpuBasic2_CompareCpuTrapCtx(pTrapCtx, pStartCtx, uErrCd, X86_XCPT_TS, false /*f486ResumeFlagHint*/);
320}
321
322/**
323 * Compares \#PF trap.
324 */
325# define bs3CpuBasic2_ComparePfCtx BS3_CMN_NM(bs3CpuBasic2_ComparePfCtx)
326BS3_DECL_NEAR(void) bs3CpuBasic2_ComparePfCtx(PCBS3TRAPFRAME pTrapCtx, PBS3REGCTX pStartCtx, uint16_t uErrCd, uint64_t uCr2Expected)
327{
328 uint64_t const uCr2Saved = pStartCtx->cr2.u;
329 pStartCtx->cr2.u = uCr2Expected;
330 bs3CpuBasic2_CompareCpuTrapCtx(pTrapCtx, pStartCtx, uErrCd, X86_XCPT_PF, true /*f486ResumeFlagHint*/);
331 pStartCtx->cr2.u = uCr2Saved;
332}
333
334/**
335 * Compares \#UD trap.
336 */
337# define bs3CpuBasic2_CompareUdCtx BS3_CMN_NM(bs3CpuBasic2_CompareUdCtx)
338BS3_DECL_NEAR(void) bs3CpuBasic2_CompareUdCtx(PCBS3TRAPFRAME pTrapCtx, PCBS3REGCTX pStartCtx)
339{
340 bs3CpuBasic2_CompareCpuTrapCtx(pTrapCtx, pStartCtx, 0 /*no error code*/, X86_XCPT_UD, true /*f486ResumeFlagHint*/);
341}
342
343
344# define bs3CpuBasic2_RaiseXcpt1Common BS3_CMN_NM(bs3CpuBasic2_RaiseXcpt1Common)
345BS3_DECL_NEAR(void) bs3CpuBasic2_RaiseXcpt1Common(uint16_t const uSysR0Cs, uint16_t const uSysR0CsConf, uint16_t const uSysR0Ss,
346 PX86DESC const paIdt, unsigned const cIdteShift)
347{
348 BS3TRAPFRAME TrapCtx;
349 BS3REGCTX Ctx80;
350 BS3REGCTX Ctx81;
351 BS3REGCTX Ctx82;
352 BS3REGCTX Ctx83;
353 BS3REGCTX CtxTmp;
354 BS3REGCTX CtxTmp2;
355 PBS3REGCTX apCtx8x[4];
356 unsigned iCtx;
357 unsigned iRing;
358 unsigned iDpl;
359 unsigned iRpl;
360 unsigned i, j, k;
361 uint32_t uExpected;
362 bool const f486Plus = (g_uBs3CpuDetected & BS3CPU_TYPE_MASK) >= BS3CPU_80486;
363# if TMPL_BITS == 16
364 bool const f386Plus = (g_uBs3CpuDetected & BS3CPU_TYPE_MASK) >= BS3CPU_80386;
365 bool const f286 = (g_uBs3CpuDetected & BS3CPU_TYPE_MASK) == BS3CPU_80286;
366# else
367 bool const f286 = false;
368 bool const f386Plus = true;
369 int rc;
370 uint8_t *pbIdtCopyAlloc;
371 PX86DESC pIdtCopy;
372 const unsigned cbIdte = 1 << (3 + cIdteShift);
373 RTCCUINTXREG uCr0Saved = ASMGetCR0();
374 RTGDTR GdtrSaved;
375# endif
376 RTIDTR IdtrSaved;
377 RTIDTR Idtr;
378
379 ASMGetIDTR(&IdtrSaved);
380# if TMPL_BITS != 16
381 ASMGetGDTR(&GdtrSaved);
382# endif
383
384 /* make sure they're allocated */
385 Bs3MemZero(&TrapCtx, sizeof(TrapCtx));
386 Bs3MemZero(&Ctx80, sizeof(Ctx80));
387 Bs3MemZero(&Ctx81, sizeof(Ctx81));
388 Bs3MemZero(&Ctx82, sizeof(Ctx82));
389 Bs3MemZero(&Ctx83, sizeof(Ctx83));
390 Bs3MemZero(&CtxTmp, sizeof(CtxTmp));
391 Bs3MemZero(&CtxTmp2, sizeof(CtxTmp2));
392
393 /* Context array. */
394 apCtx8x[0] = &Ctx80;
395 apCtx8x[1] = &Ctx81;
396 apCtx8x[2] = &Ctx82;
397 apCtx8x[3] = &Ctx83;
398
399# if TMPL_BITS != 16
400 /* Allocate memory for playing around with the IDT. */
401 pbIdtCopyAlloc = NULL;
402 if (BS3_MODE_IS_PAGED(g_bTestMode))
403 pbIdtCopyAlloc = Bs3MemAlloc(BS3MEMKIND_FLAT32, 12*_1K);
404# endif
405
406 /*
407 * IDT entry 80 thru 83 are assigned DPLs according to the number.
408 * (We'll be useing more, but this'll do for now.)
409 */
410 paIdt[0x80 << cIdteShift].Gate.u2Dpl = 0;
411 paIdt[0x81 << cIdteShift].Gate.u2Dpl = 1;
412 paIdt[0x82 << cIdteShift].Gate.u2Dpl = 2;
413 paIdt[0x83 << cIdteShift].Gate.u2Dpl = 3;
414
415 Bs3RegCtxSave(&Ctx80);
416 Ctx80.rsp.u -= 0x300;
417 Ctx80.rip.u = (uintptr_t)BS3_FP_OFF(&bs3CpuBasic2_Int80);
418# if TMPL_BITS == 16
419 Ctx80.cs = BS3_MODE_IS_RM_OR_V86(g_bTestMode) ? BS3_SEL_TEXT16 : BS3_SEL_R0_CS16;
420# elif TMPL_BITS == 32
421 g_uBs3TrapEipHint = Ctx80.rip.u32;
422# endif
423 Bs3MemCpy(&Ctx81, &Ctx80, sizeof(Ctx80));
424 Ctx81.rip.u = (uintptr_t)BS3_FP_OFF(&bs3CpuBasic2_Int81);
425 Bs3MemCpy(&Ctx82, &Ctx80, sizeof(Ctx80));
426 Ctx82.rip.u = (uintptr_t)BS3_FP_OFF(&bs3CpuBasic2_Int82);
427 Bs3MemCpy(&Ctx83, &Ctx80, sizeof(Ctx80));
428 Ctx83.rip.u = (uintptr_t)BS3_FP_OFF(&bs3CpuBasic2_Int83);
429
430 /*
431 * Check that all the above gates work from ring-0.
432 */
433 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
434 {
435 g_usBs3TestStep = iCtx;
436# if TMPL_BITS == 32
437 g_uBs3TrapEipHint = apCtx8x[iCtx]->rip.u32;
438# endif
439 Bs3TrapSetJmpAndRestore(apCtx8x[iCtx], &TrapCtx);
440 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, apCtx8x[iCtx], 0x80+iCtx /*bXcpt*/);
441 }
442
443 /*
444 * Check that the gate DPL checks works.
445 */
446 g_usBs3TestStep = 100;
447 for (iRing = 0; iRing <= 3; iRing++)
448 {
449 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
450 {
451 Bs3MemCpy(&CtxTmp, apCtx8x[iCtx], sizeof(CtxTmp));
452 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
453# if TMPL_BITS == 32
454 g_uBs3TrapEipHint = CtxTmp.rip.u32;
455# endif
456 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
457 if (iCtx < iRing)
458 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
459 else
460 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x80 + iCtx /*bXcpt*/);
461 g_usBs3TestStep++;
462 }
463 }
464
465 /*
466 * Modify the gate CS value and run the handler at a different CPL.
467 * Throw RPL variations into the mix (completely ignored) together
468 * with gate presence.
469 * 1. CPL <= GATE.DPL
470 * 2. GATE.P
471 * 3. GATE.CS.DPL <= CPL (non-conforming segments)
472 */
473 g_usBs3TestStep = 1000;
474 for (i = 0; i <= 3; i++)
475 {
476 for (iRing = 0; iRing <= 3; iRing++)
477 {
478 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
479 {
480# if TMPL_BITS == 32
481 g_uBs3TrapEipHint = apCtx8x[iCtx]->rip.u32;
482# endif
483 Bs3MemCpy(&CtxTmp, apCtx8x[iCtx], sizeof(CtxTmp));
484 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
485
486 for (j = 0; j <= 3; j++)
487 {
488 uint16_t const uCs = (uSysR0Cs | j) + (i << BS3_SEL_RING_SHIFT);
489 for (k = 0; k < 2; k++)
490 {
491 g_usBs3TestStep++;
492 /*Bs3TestPrintf("g_usBs3TestStep=%u iCtx=%u iRing=%u i=%u uCs=%04x\n", g_usBs3TestStep, iCtx, iRing, i, uCs);*/
493 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uCs;
494 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1Present = k;
495 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
496 /*Bs3TrapPrintFrame(&TrapCtx);*/
497 if (iCtx < iRing)
498 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
499 else if (k == 0)
500 bs3CpuBasic2_CompareNpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
501 else if (i > iRing)
502 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, uCs & X86_SEL_MASK_OFF_RPL);
503 else
504 {
505 uint16_t uExpectedCs = uCs & X86_SEL_MASK_OFF_RPL;
506 if (i <= iCtx && i <= iRing)
507 uExpectedCs |= i;
508 bs3CpuBasic2_CompareTrapCtx2(&TrapCtx, &CtxTmp, 2 /*int 8xh*/, 0x80 + iCtx /*bXcpt*/, uExpectedCs);
509 }
510 }
511 }
512
513 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uSysR0Cs;
514 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1Present = 1;
515 }
516 }
517 }
518 BS3_ASSERT(g_usBs3TestStep < 1600);
519
520 /*
521 * Various CS and SS related faults
522 *
523 * We temporarily reconfigure gate 80 and 83 with new CS selectors, the
524 * latter have a CS.DPL of 2 for testing ring transisions and SS loading
525 * without making it impossible to handle faults.
526 */
527 g_usBs3TestStep = 1600;
528 Bs3GdteTestPage00 = Bs3Gdt[uSysR0Cs >> X86_SEL_SHIFT];
529 Bs3GdteTestPage00.Gen.u1Present = 0;
530 Bs3GdteTestPage00.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
531 paIdt[0x80 << cIdteShift].Gate.u16Sel = BS3_SEL_TEST_PAGE_00;
532
533 /* CS.PRESENT = 0 */
534 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
535 bs3CpuBasic2_CompareNpCtx(&TrapCtx, &Ctx80, BS3_SEL_TEST_PAGE_00);
536 if (Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
537 bs3CpuBasic2_FailedF("selector was accessed");
538 g_usBs3TestStep++;
539
540 /* Check that GATE.DPL is checked before CS.PRESENT. */
541 for (iRing = 1; iRing < 4; iRing++)
542 {
543 Bs3MemCpy(&CtxTmp, &Ctx80, sizeof(CtxTmp));
544 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
545 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
546 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, (0x80 << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
547 if (Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
548 bs3CpuBasic2_FailedF("selector was accessed");
549 g_usBs3TestStep++;
550 }
551
552 /* CS.DPL mismatch takes precedence over CS.PRESENT = 0. */
553 Bs3GdteTestPage00.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
554 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
555 bs3CpuBasic2_CompareNpCtx(&TrapCtx, &Ctx80, BS3_SEL_TEST_PAGE_00);
556 if (Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
557 bs3CpuBasic2_FailedF("CS selector was accessed");
558 g_usBs3TestStep++;
559 for (iDpl = 1; iDpl < 4; iDpl++)
560 {
561 Bs3GdteTestPage00.Gen.u2Dpl = iDpl;
562 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
563 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &Ctx80, BS3_SEL_TEST_PAGE_00);
564 if (Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
565 bs3CpuBasic2_FailedF("CS selector was accessed");
566 g_usBs3TestStep++;
567 }
568
569 /* 1608: Check all the invalid CS selector types alone. */
570 Bs3GdteTestPage00 = Bs3Gdt[uSysR0Cs >> X86_SEL_SHIFT];
571 for (i = 0; i < RT_ELEMENTS(g_aInvalidCsTypes); i++)
572 {
573 Bs3GdteTestPage00.Gen.u4Type = g_aInvalidCsTypes[i].u4Type;
574 Bs3GdteTestPage00.Gen.u1DescType = g_aInvalidCsTypes[i].u1DescType;
575 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
576 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &Ctx80, BS3_SEL_TEST_PAGE_00);
577 if (Bs3GdteTestPage00.Gen.u4Type != g_aInvalidCsTypes[i].u4Type)
578 bs3CpuBasic2_FailedF("Invalid CS type %#x/%u -> %#x/%u\n",
579 g_aInvalidCsTypes[i].u4Type, g_aInvalidCsTypes[i].u1DescType,
580 Bs3GdteTestPage00.Gen.u4Type, Bs3GdteTestPage00.Gen.u1DescType);
581 g_usBs3TestStep++;
582
583 /* Incorrect CS.TYPE takes precedence over CS.PRESENT = 0. */
584 Bs3GdteTestPage00.Gen.u1Present = 0;
585 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
586 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &Ctx80, BS3_SEL_TEST_PAGE_00);
587 Bs3GdteTestPage00.Gen.u1Present = 1;
588 g_usBs3TestStep++;
589 }
590
591 /* Fix CS again. */
592 Bs3GdteTestPage00 = Bs3Gdt[uSysR0Cs >> X86_SEL_SHIFT];
593
594 /* 1632: Test SS. */
595 if (!BS3_MODE_IS_64BIT_SYS(g_bTestMode))
596 {
597 uint16_t BS3_FAR *puTssSs2 = BS3_MODE_IS_16BIT_SYS(g_bTestMode) ? &Bs3Tss16.ss2 : &Bs3Tss32.ss2;
598 uint16_t const uSavedSs2 = *puTssSs2;
599 X86DESC const SavedGate83 = paIdt[0x83 << cIdteShift];
600
601 /* Make the handler execute in ring-2. */
602 Bs3GdteTestPage02 = Bs3Gdt[(uSysR0Cs + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
603 Bs3GdteTestPage02.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
604 paIdt[0x83 << cIdteShift].Gate.u16Sel = BS3_SEL_TEST_PAGE_02 | 2;
605
606 Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
607 Bs3RegCtxConvertToRingX(&CtxTmp, 3); /* yeah, from 3 so SS:xSP is reloaded. */
608 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
609 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83);
610 if (!(Bs3GdteTestPage02.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
611 bs3CpuBasic2_FailedF("CS selector was not access");
612 g_usBs3TestStep++;
613
614 /* Create a SS.DPL=2 stack segment and check that SS2.RPL matters and
615 that we get #SS if the selector isn't present. */
616 i = 0; /* used for cycling thru invalid CS types */
617 for (k = 0; k < 10; k++)
618 {
619 /* k=0: present,
620 k=1: not-present,
621 k=2: present but very low limit,
622 k=3: not-present, low limit.
623 k=4: present, read-only.
624 k=5: not-present, read-only.
625 k=6: present, code-selector.
626 k=7: not-present, code-selector.
627 k=8: present, read-write / no access + system (=LDT).
628 k=9: not-present, read-write / no access + system (=LDT).
629 */
630 Bs3GdteTestPage03 = Bs3Gdt[(uSysR0Ss + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
631 Bs3GdteTestPage03.Gen.u1Present = !(k & 1);
632 if (k >= 8)
633 {
634 Bs3GdteTestPage03.Gen.u1DescType = 0; /* system */
635 Bs3GdteTestPage03.Gen.u4Type = X86_SEL_TYPE_RW; /* = LDT */
636 }
637 else if (k >= 6)
638 Bs3GdteTestPage03.Gen.u4Type = X86_SEL_TYPE_ER;
639 else if (k >= 4)
640 Bs3GdteTestPage03.Gen.u4Type = X86_SEL_TYPE_RO;
641 else if (k >= 2)
642 {
643 Bs3GdteTestPage03.Gen.u16LimitLow = 0x400;
644 Bs3GdteTestPage03.Gen.u4LimitHigh = 0;
645 Bs3GdteTestPage03.Gen.u1Granularity = 0;
646 }
647
648 for (iDpl = 0; iDpl < 4; iDpl++)
649 {
650 Bs3GdteTestPage03.Gen.u2Dpl = iDpl;
651
652 for (iRpl = 0; iRpl < 4; iRpl++)
653 {
654 *puTssSs2 = BS3_SEL_TEST_PAGE_03 | iRpl;
655 //Bs3TestPrintf("k=%u iDpl=%u iRpl=%u step=%u\n", k, iDpl, iRpl, g_usBs3TestStep);
656 Bs3GdteTestPage02.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
657 Bs3GdteTestPage03.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
658 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
659 if (iRpl != 2 || iRpl != iDpl || k >= 4)
660 bs3CpuBasic2_CompareTsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03);
661 else if (k != 0)
662 bs3CpuBasic2_CompareSsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03,
663 k == 2 /*f486ResumeFlagHint*/);
664 else
665 {
666 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83);
667 if (TrapCtx.uHandlerSs != (BS3_SEL_TEST_PAGE_03 | 2))
668 bs3CpuBasic2_FailedF("uHandlerSs=%#x expected %#x\n", TrapCtx.uHandlerSs, BS3_SEL_TEST_PAGE_03 | 2);
669 }
670 if (!(Bs3GdteTestPage02.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
671 bs3CpuBasic2_FailedF("CS selector was not access");
672 if ( TrapCtx.bXcpt == 0x83
673 || (TrapCtx.bXcpt == X86_XCPT_SS && k == 2) )
674 {
675 if (!(Bs3GdteTestPage03.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
676 bs3CpuBasic2_FailedF("SS selector was not accessed");
677 }
678 else if (Bs3GdteTestPage03.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
679 bs3CpuBasic2_FailedF("SS selector was accessed");
680 g_usBs3TestStep++;
681
682 /* +1: Modify the gate DPL to check that this is checked before SS.DPL and SS.PRESENT. */
683 paIdt[0x83 << cIdteShift].Gate.u2Dpl = 2;
684 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
685 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, (0x83 << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
686 paIdt[0x83 << cIdteShift].Gate.u2Dpl = 3;
687 g_usBs3TestStep++;
688
689 /* +2: Check the CS.DPL check is done before the SS ones. Restoring the
690 ring-0 INT 83 context triggers the CS.DPL < CPL check. */
691 Bs3TrapSetJmpAndRestore(&Ctx83, &TrapCtx);
692 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &Ctx83, BS3_SEL_TEST_PAGE_02);
693 g_usBs3TestStep++;
694
695 /* +3: Now mark the CS selector not present and check that that also triggers before SS stuff. */
696 Bs3GdteTestPage02.Gen.u1Present = 0;
697 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
698 bs3CpuBasic2_CompareNpCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_02);
699 Bs3GdteTestPage02.Gen.u1Present = 1;
700 g_usBs3TestStep++;
701
702 /* +4: Make the CS selector some invalid type and check it triggers before SS stuff. */
703 Bs3GdteTestPage02.Gen.u4Type = g_aInvalidCsTypes[i].u4Type;
704 Bs3GdteTestPage02.Gen.u1DescType = g_aInvalidCsTypes[i].u1DescType;
705 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
706 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_02);
707 Bs3GdteTestPage02.Gen.u4Type = X86_SEL_TYPE_ER_ACC;
708 Bs3GdteTestPage02.Gen.u1DescType = 1;
709 g_usBs3TestStep++;
710
711 /* +5: Now, make the CS selector limit too small and that it triggers after SS trouble.
712 The 286 had a simpler approach to these GP(0). */
713 Bs3GdteTestPage02.Gen.u16LimitLow = 0;
714 Bs3GdteTestPage02.Gen.u4LimitHigh = 0;
715 Bs3GdteTestPage02.Gen.u1Granularity = 0;
716 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
717 if (f286)
718 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, 0 /*uErrCd*/);
719 else if (iRpl != 2 || iRpl != iDpl || k >= 4)
720 bs3CpuBasic2_CompareTsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03);
721 else if (k != 0)
722 bs3CpuBasic2_CompareSsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03, k == 2 /*f486ResumeFlagHint*/);
723 else
724 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, 0 /*uErrCd*/);
725 Bs3GdteTestPage02 = Bs3Gdt[(uSysR0Cs + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
726 g_usBs3TestStep++;
727 }
728 }
729 }
730
731 /* Check all the invalid SS selector types alone. */
732 Bs3GdteTestPage02 = Bs3Gdt[(uSysR0Cs + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
733 Bs3GdteTestPage03 = Bs3Gdt[(uSysR0Ss + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
734 *puTssSs2 = BS3_SEL_TEST_PAGE_03 | 2;
735 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
736 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83);
737 g_usBs3TestStep++;
738 for (i = 0; i < RT_ELEMENTS(g_aInvalidSsTypes); i++)
739 {
740 Bs3GdteTestPage03.Gen.u4Type = g_aInvalidSsTypes[i].u4Type;
741 Bs3GdteTestPage03.Gen.u1DescType = g_aInvalidSsTypes[i].u1DescType;
742 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
743 bs3CpuBasic2_CompareTsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03);
744 if (Bs3GdteTestPage03.Gen.u4Type != g_aInvalidSsTypes[i].u4Type)
745 bs3CpuBasic2_FailedF("Invalid SS type %#x/%u -> %#x/%u\n",
746 g_aInvalidSsTypes[i].u4Type, g_aInvalidSsTypes[i].u1DescType,
747 Bs3GdteTestPage03.Gen.u4Type, Bs3GdteTestPage03.Gen.u1DescType);
748 g_usBs3TestStep++;
749 }
750
751 /*
752 * Continue the SS experiments with a expand down segment. We'll use
753 * the same setup as we already have with gate 83h being DPL and
754 * having CS.DPL=2.
755 *
756 * Expand down segments are weird. The valid area is practically speaking
757 * reversed. So, a 16-bit segment with a limit of 0x6000 will have valid
758 * addresses from 0xffff thru 0x6001.
759 *
760 * So, with expand down segments we can more easily cut partially into the
761 * pushing of the iret frame and trigger more interesting behavior than
762 * with regular "expand up" segments where the whole pushing area is either
763 * all fine or not not fine.
764 */
765 Bs3GdteTestPage02 = Bs3Gdt[(uSysR0Cs + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
766 Bs3GdteTestPage03 = Bs3Gdt[(uSysR0Ss + (2 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
767 Bs3GdteTestPage03.Gen.u2Dpl = 2;
768 Bs3GdteTestPage03.Gen.u4Type = X86_SEL_TYPE_RW_DOWN;
769 *puTssSs2 = BS3_SEL_TEST_PAGE_03 | 2;
770
771 /* First test, limit = max --> no bytes accessible --> #GP */
772 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
773 bs3CpuBasic2_CompareSsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03, true /*f486ResumeFlagHint*/);
774
775 /* Second test, limit = 0 --> all by zero byte accessible --> works */
776 Bs3GdteTestPage03.Gen.u16LimitLow = 0;
777 Bs3GdteTestPage03.Gen.u4LimitHigh = 0;
778 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
779 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83);
780
781 /* Modify the gate handler to be a dummy that immediately does UD2
782 and triggers #UD, then advance the limit down till we get the #UD. */
783 Bs3GdteTestPage03.Gen.u1Granularity = 0;
784
785 Bs3MemCpy(&CtxTmp2, &CtxTmp, sizeof(CtxTmp2)); /* #UD result context */
786 if (g_f16BitSys)
787 {
788 CtxTmp2.rip.u = g_bs3CpuBasic2_ud2_FlatAddr - BS3_ADDR_BS3TEXT16;
789 Bs3Trap16SetGate(0x83, X86_SEL_TYPE_SYS_286_INT_GATE, 3, BS3_SEL_TEST_PAGE_02, CtxTmp2.rip.u16, 0 /*cParams*/);
790 CtxTmp2.rsp.u = Bs3Tss16.sp2 - 2*5;
791 }
792 else
793 {
794 CtxTmp2.rip.u = g_bs3CpuBasic2_ud2_FlatAddr;
795 Bs3Trap32SetGate(0x83, X86_SEL_TYPE_SYS_386_INT_GATE, 3, BS3_SEL_TEST_PAGE_02, CtxTmp2.rip.u32, 0 /*cParams*/);
796 CtxTmp2.rsp.u = Bs3Tss32.esp2 - 4*5;
797 }
798 CtxTmp2.bMode = g_bTestMode; /* g_bBs3CurrentMode not changed by the UD2 handler. */
799 CtxTmp2.cs = BS3_SEL_TEST_PAGE_02 | 2;
800 CtxTmp2.ss = BS3_SEL_TEST_PAGE_03 | 2;
801 CtxTmp2.bCpl = 2;
802
803 /* test run. */
804 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
805 bs3CpuBasic2_CompareUdCtx(&TrapCtx, &CtxTmp2);
806 g_usBs3TestStep++;
807
808 /* Real run. */
809 i = (g_f16BitSys ? 2 : 4) * 6 + 1;
810 while (i-- > 0)
811 {
812 Bs3GdteTestPage03.Gen.u16LimitLow = CtxTmp2.rsp.u16 + i - 1;
813 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
814 if (i > 0)
815 bs3CpuBasic2_CompareSsCtx(&TrapCtx, &CtxTmp, BS3_SEL_TEST_PAGE_03, true /*f486ResumeFlagHint*/);
816 else
817 bs3CpuBasic2_CompareUdCtx(&TrapCtx, &CtxTmp2);
818 g_usBs3TestStep++;
819 }
820
821 /* Do a run where we do the same-ring kind of access. */
822 Bs3RegCtxConvertToRingX(&CtxTmp, 2);
823 if (g_f16BitSys)
824 {
825 CtxTmp2.rsp.u32 = CtxTmp.rsp.u32 - 2*3;
826 i = 2*3 - 1;
827 }
828 else
829 {
830 CtxTmp2.rsp.u32 = CtxTmp.rsp.u32 - 4*3;
831 i = 4*3 - 1;
832 }
833 CtxTmp.ss = BS3_SEL_TEST_PAGE_03 | 2;
834 CtxTmp2.ds = CtxTmp.ds;
835 CtxTmp2.es = CtxTmp.es;
836 CtxTmp2.fs = CtxTmp.fs;
837 CtxTmp2.gs = CtxTmp.gs;
838 while (i-- > 0)
839 {
840 Bs3GdteTestPage03.Gen.u16LimitLow = CtxTmp2.rsp.u16 + i - 1;
841 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
842 if (i > 0)
843 bs3CpuBasic2_CompareSsCtx(&TrapCtx, &CtxTmp, 0 /*BS3_SEL_TEST_PAGE_03*/, true /*f486ResumeFlagHint*/);
844 else
845 bs3CpuBasic2_CompareUdCtx(&TrapCtx, &CtxTmp2);
846 g_usBs3TestStep++;
847 }
848
849 *puTssSs2 = uSavedSs2;
850 paIdt[0x83 << cIdteShift] = SavedGate83;
851 }
852 paIdt[0x80 << cIdteShift].Gate.u16Sel = uSysR0Cs;
853 BS3_ASSERT(g_usBs3TestStep < 3000);
854
855 /*
856 * Modify the gate CS value with a conforming segment.
857 */
858 g_usBs3TestStep = 3000;
859 for (i = 0; i <= 3; i++) /* cs.dpl */
860 {
861 for (iRing = 0; iRing <= 3; iRing++)
862 {
863 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
864 {
865 Bs3MemCpy(&CtxTmp, apCtx8x[iCtx], sizeof(CtxTmp));
866 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
867# if TMPL_BITS == 32
868 g_uBs3TrapEipHint = CtxTmp.rip.u32;
869# endif
870
871 for (j = 0; j <= 3; j++) /* rpl */
872 {
873 uint16_t const uCs = (uSysR0CsConf | j) + (i << BS3_SEL_RING_SHIFT);
874 /*Bs3TestPrintf("g_usBs3TestStep=%u iCtx=%u iRing=%u i=%u uCs=%04x\n", g_usBs3TestStep, iCtx, iRing, i, uCs);*/
875 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uCs;
876 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
877 //Bs3TestPrintf("%u/%u/%u/%u: cs=%04x hcs=%04x xcpt=%02x\n", i, iRing, iCtx, j, uCs, TrapCtx.uHandlerCs, TrapCtx.bXcpt);
878 /*Bs3TrapPrintFrame(&TrapCtx);*/
879 g_usBs3TestStep++;
880 if (iCtx < iRing)
881 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
882 else if (i > iRing)
883 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, uCs & X86_SEL_MASK_OFF_RPL);
884 else
885 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x80 + iCtx /*bXcpt*/);
886 }
887 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uSysR0Cs;
888 }
889 }
890 }
891 BS3_ASSERT(g_usBs3TestStep < 3500);
892
893 /*
894 * The gates must be 64-bit in long mode.
895 */
896 if (cIdteShift != 0)
897 {
898 g_usBs3TestStep = 3500;
899 for (i = 0; i <= 3; i++)
900 {
901 for (iRing = 0; iRing <= 3; iRing++)
902 {
903 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
904 {
905 Bs3MemCpy(&CtxTmp, apCtx8x[iCtx], sizeof(CtxTmp));
906 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
907
908 for (j = 0; j < 2; j++)
909 {
910 static const uint16_t s_auCSes[2] = { BS3_SEL_R0_CS16, BS3_SEL_R0_CS32 };
911 uint16_t uCs = (s_auCSes[j] | i) + (i << BS3_SEL_RING_SHIFT);
912 g_usBs3TestStep++;
913 /*Bs3TestPrintf("g_usBs3TestStep=%u iCtx=%u iRing=%u i=%u uCs=%04x\n", g_usBs3TestStep, iCtx, iRing, i, uCs);*/
914 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uCs;
915 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
916 /*Bs3TrapPrintFrame(&TrapCtx);*/
917 if (iCtx < iRing)
918 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
919 else
920 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, uCs & X86_SEL_MASK_OFF_RPL);
921 }
922 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uSysR0Cs;
923 }
924 }
925 }
926 BS3_ASSERT(g_usBs3TestStep < 4000);
927 }
928
929 /*
930 * IDT limit check. The 286 does not access X86DESCGATE::u16OffsetHigh.
931 */
932 g_usBs3TestStep = 5000;
933 i = (0x80 << (cIdteShift + 3)) - 1;
934 j = (0x82 << (cIdteShift + 3)) - (!f286 ? 1 : 3);
935 k = (0x83 << (cIdteShift + 3)) - 1;
936 for (; i <= k; i++, g_usBs3TestStep++)
937 {
938 Idtr.pIdt = IdtrSaved.pIdt;
939 Idtr.cbIdt = i;
940 ASMSetIDTR(&Idtr);
941 Bs3TrapSetJmpAndRestore(&Ctx81, &TrapCtx);
942 if (i < j)
943 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &Ctx81, (0x81 << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
944 else
945 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx81, 0x81 /*bXcpt*/);
946 }
947 ASMSetIDTR(&IdtrSaved);
948 BS3_ASSERT(g_usBs3TestStep < 5100);
949
950# if TMPL_BITS != 16 /* Only do the paging related stuff in 32-bit and 64-bit modes. */
951
952 /*
953 * IDT page not present. Placing the IDT copy such that 0x80 is on the
954 * first page and 0x81 is on the second page. We need proceed to move
955 * it down byte by byte to check that any inaccessible byte means #PF.
956 *
957 * Note! We must reload the alternative IDTR for each run as any kind of
958 * printing to the string (like error reporting) will cause a switch
959 * to real mode and back, reloading the default IDTR.
960 */
961 g_usBs3TestStep = 5200;
962 if (BS3_MODE_IS_PAGED(g_bTestMode) && pbIdtCopyAlloc)
963 {
964 uint32_t const uCr2Expected = Bs3SelPtrToFlat(pbIdtCopyAlloc) + _4K;
965 for (j = 0; j < cbIdte; j++)
966 {
967 pIdtCopy = (PX86DESC)&pbIdtCopyAlloc[_4K - cbIdte * 0x81 - j];
968 Bs3MemCpy(pIdtCopy, paIdt, cbIdte * 256);
969
970 Idtr.cbIdt = IdtrSaved.cbIdt;
971 Idtr.pIdt = Bs3SelPtrToFlat(pIdtCopy);
972
973 ASMSetIDTR(&Idtr);
974 Bs3TrapSetJmpAndRestore(&Ctx81, &TrapCtx);
975 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx81, 0x81 /*bXcpt*/);
976 g_usBs3TestStep++;
977
978 ASMSetIDTR(&Idtr);
979 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
980 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/);
981 g_usBs3TestStep++;
982
983 rc = Bs3PagingProtect(uCr2Expected, _4K, 0 /*fSet*/, X86_PTE_P /*fClear*/);
984 if (RT_SUCCESS(rc))
985 {
986 ASMSetIDTR(&Idtr);
987 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
988 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/);
989 g_usBs3TestStep++;
990
991 ASMSetIDTR(&Idtr);
992 Bs3TrapSetJmpAndRestore(&Ctx81, &TrapCtx);
993 if (f486Plus)
994 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx81, 0 /*uErrCd*/, uCr2Expected);
995 else
996 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx81, X86_TRAP_PF_RW /*uErrCd*/, uCr2Expected + 4 - RT_MIN(j, 4));
997 g_usBs3TestStep++;
998
999 Bs3PagingProtect(uCr2Expected, _4K, X86_PTE_P /*fSet*/, 0 /*fClear*/);
1000
1001 /* Check if that the entry type is checked after the whole IDTE has been cleared for #PF. */
1002 pIdtCopy[0x80 << cIdteShift].Gate.u4Type = 0;
1003 rc = Bs3PagingProtect(uCr2Expected, _4K, 0 /*fSet*/, X86_PTE_P /*fClear*/);
1004 if (RT_SUCCESS(rc))
1005 {
1006 ASMSetIDTR(&Idtr);
1007 Bs3TrapSetJmpAndRestore(&Ctx81, &TrapCtx);
1008 if (f486Plus)
1009 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx81, 0 /*uErrCd*/, uCr2Expected);
1010 else
1011 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx81, X86_TRAP_PF_RW /*uErrCd*/, uCr2Expected + 4 - RT_MIN(j, 4));
1012 g_usBs3TestStep++;
1013
1014 Bs3PagingProtect(uCr2Expected, _4K, X86_PTE_P /*fSet*/, 0 /*fClear*/);
1015 }
1016 }
1017 else
1018 Bs3TestPrintf("Bs3PagingProtectPtr: %d\n", i);
1019
1020 ASMSetIDTR(&IdtrSaved);
1021 }
1022 }
1023
1024 /*
1025 * The read/write and user/supervisor bits the IDT PTEs are irrelevant.
1026 */
1027 g_usBs3TestStep = 5300;
1028 if (BS3_MODE_IS_PAGED(g_bTestMode) && pbIdtCopyAlloc)
1029 {
1030 Bs3MemCpy(pbIdtCopyAlloc, paIdt, cbIdte * 256);
1031 Idtr.cbIdt = IdtrSaved.cbIdt;
1032 Idtr.pIdt = Bs3SelPtrToFlat(pbIdtCopyAlloc);
1033
1034 ASMSetIDTR(&Idtr);
1035 Bs3TrapSetJmpAndRestore(&Ctx81, &TrapCtx);
1036 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx81, 0x81 /*bXcpt*/);
1037 g_usBs3TestStep++;
1038
1039 rc = Bs3PagingProtect(Idtr.pIdt, _4K, 0 /*fSet*/, X86_PTE_RW | X86_PTE_US /*fClear*/);
1040 if (RT_SUCCESS(rc))
1041 {
1042 ASMSetIDTR(&Idtr);
1043 Bs3TrapSetJmpAndRestore(&Ctx81, &TrapCtx);
1044 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx81, 0x81 /*bXcpt*/);
1045 g_usBs3TestStep++;
1046
1047 Bs3PagingProtect(Idtr.pIdt, _4K, X86_PTE_RW | X86_PTE_US /*fSet*/, 0 /*fClear*/);
1048 }
1049 ASMSetIDTR(&IdtrSaved);
1050 }
1051
1052 /*
1053 * Check that CS.u1Accessed is set to 1. Use the test page selector #0 and #3 together
1054 * with interrupt gates 80h and 83h, respectively.
1055 */
1056/** @todo Throw in SS.u1Accessed too. */
1057 g_usBs3TestStep = 5400;
1058 if (BS3_MODE_IS_PAGED(g_bTestMode) && pbIdtCopyAlloc)
1059 {
1060 Bs3GdteTestPage00 = Bs3Gdt[uSysR0Cs >> X86_SEL_SHIFT];
1061 Bs3GdteTestPage00.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
1062 paIdt[0x80 << cIdteShift].Gate.u16Sel = BS3_SEL_TEST_PAGE_00;
1063
1064 Bs3GdteTestPage03 = Bs3Gdt[(uSysR0Cs + (3 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
1065 Bs3GdteTestPage03.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
1066 paIdt[0x83 << cIdteShift].Gate.u16Sel = BS3_SEL_TEST_PAGE_03; /* rpl is ignored, so leave it as zero. */
1067
1068 /* Check that the CS.A bit is being set on a general basis and that
1069 the special CS values work with out generic handler code. */
1070 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
1071 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/);
1072 if (!(Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
1073 bs3CpuBasic2_FailedF("u4Type=%#x, not accessed", Bs3GdteTestPage00.Gen.u4Type);
1074 g_usBs3TestStep++;
1075
1076 Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
1077 Bs3RegCtxConvertToRingX(&CtxTmp, 3);
1078 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1079 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83 /*bXcpt*/);
1080 if (!(Bs3GdteTestPage03.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
1081 bs3CpuBasic2_FailedF("u4Type=%#x, not accessed!", Bs3GdteTestPage00.Gen.u4Type);
1082 if (TrapCtx.uHandlerCs != (BS3_SEL_TEST_PAGE_03 | 3))
1083 bs3CpuBasic2_FailedF("uHandlerCs=%#x, expected %#x", TrapCtx.uHandlerCs, (BS3_SEL_TEST_PAGE_03 | 3));
1084 g_usBs3TestStep++;
1085
1086 /*
1087 * Now check that setting CS.u1Access to 1 does __NOT__ trigger a page
1088 * fault due to the RW bit being zero.
1089 * (We check both with with and without the WP bit if 80486.)
1090 */
1091 if ((g_uBs3CpuDetected & BS3CPU_TYPE_MASK) >= BS3CPU_80486)
1092 ASMSetCR0(uCr0Saved | X86_CR0_WP);
1093
1094 Bs3GdteTestPage00.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
1095 Bs3GdteTestPage03.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
1096 rc = Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, 0 /*fSet*/, X86_PTE_RW /*fClear*/);
1097 if (RT_SUCCESS(rc))
1098 {
1099 /* ring-0 handler */
1100 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
1101 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/);
1102 if (!(Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
1103 bs3CpuBasic2_FailedF("u4Type=%#x, not accessed!", Bs3GdteTestPage00.Gen.u4Type);
1104 g_usBs3TestStep++;
1105
1106 /* ring-3 handler */
1107 Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
1108 Bs3RegCtxConvertToRingX(&CtxTmp, 3);
1109 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1110 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83 /*bXcpt*/);
1111 if (!(Bs3GdteTestPage03.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
1112 bs3CpuBasic2_FailedF("u4Type=%#x, not accessed!", Bs3GdteTestPage00.Gen.u4Type);
1113 g_usBs3TestStep++;
1114
1115 /* clear WP and repeat the above. */
1116 if ((g_uBs3CpuDetected & BS3CPU_TYPE_MASK) >= BS3CPU_80486)
1117 ASMSetCR0(uCr0Saved & ~X86_CR0_WP);
1118 Bs3GdteTestPage00.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED; /* (No need to RW the page - ring-0, WP=0.) */
1119 Bs3GdteTestPage03.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED; /* (No need to RW the page - ring-0, WP=0.) */
1120
1121 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
1122 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/);
1123 if (!(Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
1124 bs3CpuBasic2_FailedF("u4Type=%#x, not accessed!", Bs3GdteTestPage00.Gen.u4Type);
1125 g_usBs3TestStep++;
1126
1127 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1128 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83 /*bXcpt*/);
1129 if (!(Bs3GdteTestPage03.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
1130 bs3CpuBasic2_FailedF("u4Type=%#x, not accessed!n", Bs3GdteTestPage03.Gen.u4Type);
1131 g_usBs3TestStep++;
1132
1133 Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, X86_PTE_RW /*fSet*/, 0 /*fClear*/);
1134 }
1135
1136 ASMSetCR0(uCr0Saved);
1137
1138 /*
1139 * While we're here, check that if the CS GDT entry is a non-present
1140 * page we do get a #PF with the rigth error code and CR2.
1141 */
1142 Bs3GdteTestPage00.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED; /* Just for fun, really a pointless gesture. */
1143 Bs3GdteTestPage03.Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
1144 rc = Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, 0 /*fSet*/, X86_PTE_P /*fClear*/);
1145 if (RT_SUCCESS(rc))
1146 {
1147 Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
1148 if (f486Plus)
1149 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx80, 0 /*uErrCd*/, GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00);
1150 else
1151 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx80, X86_TRAP_PF_RW, GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00 + 4);
1152 g_usBs3TestStep++;
1153
1154 /* Do it from ring-3 to check ErrCd, which doesn't set X86_TRAP_PF_US it turns out. */
1155 Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
1156 Bs3RegCtxConvertToRingX(&CtxTmp, 3);
1157 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1158
1159 if (f486Plus)
1160 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &CtxTmp, 0 /*uErrCd*/, GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_03);
1161 else
1162 bs3CpuBasic2_ComparePfCtx(&TrapCtx, &CtxTmp, X86_TRAP_PF_RW, GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_03 + 4);
1163 g_usBs3TestStep++;
1164
1165 Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, X86_PTE_P /*fSet*/, 0 /*fClear*/);
1166 if (Bs3GdteTestPage00.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
1167 bs3CpuBasic2_FailedF("u4Type=%#x, accessed! #1", Bs3GdteTestPage00.Gen.u4Type);
1168 if (Bs3GdteTestPage03.Gen.u4Type & X86_SEL_TYPE_ACCESSED)
1169 bs3CpuBasic2_FailedF("u4Type=%#x, accessed! #2", Bs3GdteTestPage03.Gen.u4Type);
1170 }
1171
1172 /* restore */
1173 paIdt[0x80 << cIdteShift].Gate.u16Sel = uSysR0Cs;
1174 paIdt[0x83 << cIdteShift].Gate.u16Sel = uSysR0Cs;// + (3 << BS3_SEL_RING_SHIFT) + 3;
1175 }
1176
1177# endif /* 32 || 64*/
1178
1179 /*
1180 * Check broad EFLAGS effects.
1181 */
1182 g_usBs3TestStep = 5600;
1183 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
1184 {
1185 for (iRing = 0; iRing < 4; iRing++)
1186 {
1187 Bs3MemCpy(&CtxTmp, apCtx8x[iCtx], sizeof(CtxTmp));
1188 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
1189
1190 /* all set */
1191 CtxTmp.rflags.u32 &= X86_EFL_VM | X86_EFL_1;
1192 CtxTmp.rflags.u32 |= X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF /* | X86_EFL_TF */ /*| X86_EFL_IF*/
1193 | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL /* | X86_EFL_NT*/;
1194 if (f486Plus)
1195 CtxTmp.rflags.u32 |= X86_EFL_AC;
1196 if (f486Plus && !g_f16BitSys)
1197 CtxTmp.rflags.u32 |= X86_EFL_RF;
1198 if (g_uBs3CpuDetected & BS3CPU_F_CPUID)
1199 CtxTmp.rflags.u32 |= X86_EFL_VIF | X86_EFL_VIP;
1200 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1201 CtxTmp.rflags.u32 &= ~X86_EFL_RF;
1202
1203 if (iCtx >= iRing)
1204 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x80 + iCtx /*bXcpt*/);
1205 else
1206 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
1207 uExpected = CtxTmp.rflags.u32
1208 & ( X86_EFL_1 | X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_DF
1209 | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP
1210 | X86_EFL_ID /*| X86_EFL_TF*/ /*| X86_EFL_IF*/ /*| X86_EFL_RF*/ );
1211 if (TrapCtx.fHandlerRfl != uExpected)
1212 bs3CpuBasic2_FailedF("unexpected handler rflags value: %RX64 expected %RX32; CtxTmp.rflags=%RX64 Ctx.rflags=%RX64\n",
1213 TrapCtx.fHandlerRfl, uExpected, CtxTmp.rflags.u, TrapCtx.Ctx.rflags.u);
1214 g_usBs3TestStep++;
1215
1216 /* all cleared */
1217 if ((g_uBs3CpuDetected & BS3CPU_TYPE_MASK) < BS3CPU_80286)
1218 CtxTmp.rflags.u32 = apCtx8x[iCtx]->rflags.u32 & (X86_EFL_RA1_MASK | UINT16_C(0xf000));
1219 else
1220 CtxTmp.rflags.u32 = apCtx8x[iCtx]->rflags.u32 & (X86_EFL_VM | X86_EFL_RA1_MASK);
1221 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1222 if (iCtx >= iRing)
1223 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x80 + iCtx /*bXcpt*/);
1224 else
1225 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
1226 uExpected = CtxTmp.rflags.u32;
1227 if (TrapCtx.fHandlerRfl != uExpected)
1228 bs3CpuBasic2_FailedF("unexpected handler rflags value: %RX64 expected %RX32; CtxTmp.rflags=%RX64 Ctx.rflags=%RX64\n",
1229 TrapCtx.fHandlerRfl, uExpected, CtxTmp.rflags.u, TrapCtx.Ctx.rflags.u);
1230 g_usBs3TestStep++;
1231 }
1232 }
1233
1234/** @todo CS.LIMIT / canonical(CS) */
1235
1236
1237 /*
1238 * Check invalid gate types.
1239 */
1240 g_usBs3TestStep = 32000;
1241 for (iRing = 0; iRing <= 3; iRing++)
1242 {
1243 static const uint16_t s_auCSes[] = { BS3_SEL_R0_CS16, BS3_SEL_R0_CS32, BS3_SEL_R0_CS64,
1244 BS3_SEL_TSS16, BS3_SEL_TSS32, BS3_SEL_TSS64, 0, BS3_SEL_SPARE_1f };
1245 static uint16_t const s_auInvlTypes64[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13,
1246 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1247 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f };
1248 static uint16_t const s_auInvlTypes32[] = { 0, 1, 2, 3, 8, 9, 10, 11, 13,
1249 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1250 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
1251 /*286:*/ 12, 14, 15 };
1252 uint16_t const * const pauInvTypes = cIdteShift != 0 ? s_auInvlTypes64 : s_auInvlTypes32;
1253 uint16_t const cInvTypes = cIdteShift != 0 ? RT_ELEMENTS(s_auInvlTypes64)
1254 : f386Plus ? RT_ELEMENTS(s_auInvlTypes32) - 3 : RT_ELEMENTS(s_auInvlTypes32);
1255
1256
1257 for (iCtx = 0; iCtx < RT_ELEMENTS(apCtx8x); iCtx++)
1258 {
1259 unsigned iType;
1260
1261 Bs3MemCpy(&CtxTmp, apCtx8x[iCtx], sizeof(CtxTmp));
1262 Bs3RegCtxConvertToRingX(&CtxTmp, iRing);
1263# if TMPL_BITS == 32
1264 g_uBs3TrapEipHint = CtxTmp.rip.u32;
1265# endif
1266 for (iType = 0; iType < cInvTypes; iType++)
1267 {
1268 uint8_t const bSavedType = paIdt[(0x80 + iCtx) << cIdteShift].Gate.u4Type;
1269 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1DescType = pauInvTypes[iType] >> 4;
1270 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u4Type = pauInvTypes[iType] & 0xf;
1271
1272 for (i = 0; i < 4; i++)
1273 {
1274 for (j = 0; j < RT_ELEMENTS(s_auCSes); j++)
1275 {
1276 uint16_t uCs = (unsigned)(s_auCSes[j] - BS3_SEL_R0_FIRST) < (unsigned)(4 << BS3_SEL_RING_SHIFT)
1277 ? (s_auCSes[j] | i) + (i << BS3_SEL_RING_SHIFT)
1278 : s_auCSes[j] | i;
1279 /*Bs3TestPrintf("g_usBs3TestStep=%u iCtx=%u iRing=%u i=%u uCs=%04x type=%#x\n", g_usBs3TestStep, iCtx, iRing, i, uCs, pauInvTypes[iType]);*/
1280 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uCs;
1281 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1282 g_usBs3TestStep++;
1283 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
1284
1285 /* Mark it not-present to check that invalid type takes precedence. */
1286 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1Present = 0;
1287 Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
1288 g_usBs3TestStep++;
1289 bs3CpuBasic2_CompareGpCtx(&TrapCtx, &CtxTmp, ((0x80 + iCtx) << X86_TRAP_ERR_SEL_SHIFT) | X86_TRAP_ERR_IDT);
1290 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1Present = 1;
1291 }
1292 }
1293
1294 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u16Sel = uSysR0Cs;
1295 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u4Type = bSavedType;
1296 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1DescType = 0;
1297 paIdt[(0x80 + iCtx) << cIdteShift].Gate.u1Present = 1;
1298 }
1299 }
1300 }
1301 BS3_ASSERT(g_usBs3TestStep < 62000U && g_usBs3TestStep > 32000U);
1302
1303
1304 /** @todo
1305 * - Run \#PF and \#GP (and others?) at CPLs other than zero.
1306 * - Quickly generate all faults.
1307 * - All the peculiarities v8086.
1308 */
1309
1310# if TMPL_BITS != 16
1311 Bs3MemFree(pbIdtCopyAlloc, 12*_1K);
1312# endif
1313}
1314
1315# if ARCH_BITS != 64
1316
1317/**
1318 * Worker for bs3CpuBasic2_TssGateEsp that tests the INT 80 from outer rings.
1319 */
1320# define bs3CpuBasic2_TssGateEsp_AltStackOuterRing BS3_CMN_NM(bs3CpuBasic2_TssGateEsp_AltStackOuterRing)
1321BS3_DECL_NEAR(void) bs3CpuBasic2_TssGateEsp_AltStackOuterRing(PCBS3REGCTX pCtx, uint8_t bRing, uint8_t *pbAltStack,
1322 size_t cbAltStack, bool f16BitStack, bool f16BitTss,
1323 bool f16BitHandler, unsigned uLine)
1324{
1325 uint8_t const cbIretFrame = f16BitHandler ? 5*2 : 5*4;
1326 BS3REGCTX Ctx2;
1327 BS3TRAPFRAME TrapCtx;
1328 uint8_t *pbTmp;
1329 g_usBs3TestStep = uLine;
1330
1331 Bs3MemCpy(&Ctx2, pCtx, sizeof(Ctx2));
1332 Bs3RegCtxConvertToRingX(&Ctx2, bRing);
1333
1334 if (pbAltStack)
1335 {
1336 Ctx2.rsp.u = Bs3SelPtrToFlat(pbAltStack + 0x1980);
1337 Bs3MemZero(pbAltStack, cbAltStack);
1338 }
1339
1340 Bs3TrapSetJmpAndRestore(&Ctx2, &TrapCtx);
1341
1342 if (!f16BitStack && f16BitTss)
1343 Ctx2.rsp.u &= UINT16_MAX;
1344
1345 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx2, 0x80 /*bXcpt*/);
1346 CHECK_MEMBER("bCpl", "%u", TrapCtx.Ctx.bCpl, bRing);
1347 CHECK_MEMBER("cbIretFrame", "%#x", TrapCtx.cbIretFrame, cbIretFrame);
1348
1349 if (pbAltStack)
1350 {
1351 uint64_t uExpectedRsp = (f16BitTss ? Bs3Tss16.sp0 : Bs3Tss32.esp0) - cbIretFrame;
1352 if (f16BitStack)
1353 {
1354 uExpectedRsp &= UINT16_MAX;
1355 uExpectedRsp |= Ctx2.rsp.u & ~(uint64_t)UINT16_MAX;
1356 }
1357 if ( TrapCtx.uHandlerRsp != uExpectedRsp
1358 || TrapCtx.uHandlerSs != (f16BitTss ? Bs3Tss16.ss0 : Bs3Tss32.ss0))
1359 bs3CpuBasic2_FailedF("handler SS:ESP=%04x:%08RX64, expected %04x:%08RX16",
1360 TrapCtx.uHandlerSs, TrapCtx.uHandlerRsp, Bs3Tss16.ss0, uExpectedRsp);
1361
1362 pbTmp = (uint8_t *)ASMMemFirstNonZero(pbAltStack, cbAltStack);
1363 if ((f16BitStack || TrapCtx.uHandlerRsp <= UINT16_MAX) && pbTmp != NULL)
1364 bs3CpuBasic2_FailedF("someone touched the alt stack (%p) with SS:ESP=%04x:%#RX32: %p=%02x",
1365 pbAltStack, Ctx2.ss, Ctx2.rsp.u32, pbTmp, *pbTmp);
1366 else if (!f16BitStack && TrapCtx.uHandlerRsp > UINT16_MAX && pbTmp == NULL)
1367 bs3CpuBasic2_FailedF("the alt stack (%p) was not used SS:ESP=%04x:%#RX32\n", pbAltStack, Ctx2.ss, Ctx2.rsp.u32);
1368 }
1369}
1370
1371# define bs3CpuBasic2_TssGateEspCommon BS3_CMN_NM(bs3CpuBasic2_TssGateEspCommon)
1372BS3_DECL_NEAR(void) bs3CpuBasic2_TssGateEspCommon(bool const g_f16BitSys, PX86DESC const paIdt, unsigned const cIdteShift)
1373{
1374 BS3TRAPFRAME TrapCtx;
1375 BS3REGCTX Ctx;
1376 BS3REGCTX Ctx2;
1377# if TMPL_BITS == 16
1378 uint8_t *pbTmp;
1379# endif
1380
1381 /* make sure they're allocated */
1382 Bs3MemZero(&Ctx, sizeof(Ctx));
1383 Bs3MemZero(&Ctx2, sizeof(Ctx2));
1384 Bs3MemZero(&TrapCtx, sizeof(TrapCtx));
1385
1386 Bs3RegCtxSave(&Ctx);
1387 Ctx.rsp.u -= 0x80;
1388
1389 Bs3RegCtxSetRipCsFromLnkPtr(&Ctx, bs3CpuBasic2_Int80);
1390# if TMPL_BITS == 32
1391 g_uBs3TrapEipHint = Ctx.rip.u32;
1392# endif
1393
1394 /*
1395 * We'll be using IDT entry 80 and 81 here. The first one will be
1396 * accessible from all DPLs, the latter not. So, start with setting
1397 * the DPLs.
1398 */
1399 paIdt[0x80 << cIdteShift].Gate.u2Dpl = 3;
1400 paIdt[0x81 << cIdteShift].Gate.u2Dpl = 0;
1401
1402 /*
1403 * Check that the basic stuff works first.
1404 */
1405 Bs3TrapSetJmpAndRestore(&Ctx, &TrapCtx);
1406 g_usBs3TestStep = __LINE__;
1407 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx, 0x80 /*bXcpt*/);
1408
1409 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 1, NULL, 0, g_f16BitSys, g_f16BitSys, g_f16BitSys, __LINE__);
1410 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 2, NULL, 0, g_f16BitSys, g_f16BitSys, g_f16BitSys, __LINE__);
1411 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 3, NULL, 0, g_f16BitSys, g_f16BitSys, g_f16BitSys, __LINE__);
1412
1413 /*
1414 * Check that the upper part of ESP is preserved when doing .
1415 */
1416 if ((g_uBs3CpuDetected & BS3CPU_TYPE_MASK) >= BS3CPU_80386)
1417 {
1418 size_t const cbAltStack = _8K;
1419 uint8_t *pbAltStack = Bs3MemAllocZ(BS3MEMKIND_TILED, cbAltStack);
1420 if (pbAltStack)
1421 {
1422 /* same ring */
1423 g_usBs3TestStep = __LINE__;
1424 Bs3MemCpy(&Ctx2, &Ctx, sizeof(Ctx2));
1425 Ctx2.rsp.u = Bs3SelPtrToFlat(pbAltStack + 0x1980);
1426 if (Bs3TrapSetJmp(&TrapCtx))
1427 Bs3RegCtxRestore(&Ctx2, 0); /* (does not return) */
1428 bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx2, 0x80 /*bXcpt*/);
1429# if TMPL_BITS == 16
1430 if ((pbTmp = (uint8_t *)ASMMemFirstNonZero(pbAltStack, cbAltStack)) != NULL)
1431 bs3CpuBasic2_FailedF("someone touched the alt stack (%p) with SS:ESP=%04x:%#RX32: %p=%02x\n",
1432 pbAltStack, Ctx2.ss, Ctx2.rsp.u32, pbTmp, *pbTmp);
1433# else
1434 if (ASMMemIsZero(pbAltStack, cbAltStack))
1435 bs3CpuBasic2_FailedF("alt stack wasn't used despite SS:ESP=%04x:%#RX32\n", Ctx2.ss, Ctx2.rsp.u32);
1436# endif
1437
1438 /* Different rings (load SS0:SP0 from TSS). */
1439 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 1, pbAltStack, cbAltStack,
1440 g_f16BitSys, g_f16BitSys, g_f16BitSys, __LINE__);
1441 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 2, pbAltStack, cbAltStack,
1442 g_f16BitSys, g_f16BitSys, g_f16BitSys, __LINE__);
1443 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 3, pbAltStack, cbAltStack,
1444 g_f16BitSys, g_f16BitSys, g_f16BitSys, __LINE__);
1445
1446 /* Different rings but switch the SS bitness in the TSS. */
1447 if (g_f16BitSys)
1448 {
1449 Bs3Tss16.ss0 = BS3_SEL_R0_SS32;
1450 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 1, pbAltStack, cbAltStack,
1451 false, g_f16BitSys, g_f16BitSys, __LINE__);
1452 Bs3Tss16.ss0 = BS3_SEL_R0_SS16;
1453 }
1454 else
1455 {
1456 Bs3Tss32.ss0 = BS3_SEL_R0_SS16;
1457 bs3CpuBasic2_TssGateEsp_AltStackOuterRing(&Ctx, 1, pbAltStack, cbAltStack,
1458 true, g_f16BitSys, g_f16BitSys, __LINE__);
1459 Bs3Tss32.ss0 = BS3_SEL_R0_SS32;
1460 }
1461
1462 Bs3MemFree(pbAltStack, cbAltStack);
1463 }
1464 else
1465 Bs3TestPrintf("%s: Skipping ESP check, alloc failed\n", g_pszTestMode);
1466 }
1467 else
1468 Bs3TestPrintf("%s: Skipping ESP check, CPU too old\n", g_pszTestMode);
1469}
1470
1471# endif /* ARCH_BITS != 64 */
1472
1473
1474extern BS3_DECL_FAR(void) BS3_CMN_FAR_NM(bs3CpuBasic2_lea_16)(void);
1475
1476BS3_DECL_FAR(uint8_t) BS3_CMN_NM(bs3CpuBasic2_Lea)(uint8_t bMode)
1477{
1478# if ARCH_BITS != 64
1479 /* Repeat the test so the native recompiler get a chance to kick in... */
1480 unsigned i;
1481 for (i = 0; i < 64; i++)
1482 BS3_CMN_FAR_NM(bs3CpuBasic2_lea_16)();
1483# endif
1484
1485 RT_NOREF(bMode);
1486 return UINT8_MAX;
1487}
1488
1489
1490#endif /* BS3_INSTANTIATING_CMN */
1491
1492
1493/*
1494 * Mode specific code.
1495 * Mode specific code.
1496 * Mode specific code.
1497 */
1498#ifdef BS3_INSTANTIATING_MODE
1499
1500BS3_DECL_FAR(uint8_t) TMPL_NM(bs3CpuBasic2_TssGateEsp)(uint8_t bMode)
1501{
1502 uint8_t bRet = 0;
1503
1504 g_pszTestMode = TMPL_NM(g_szBs3ModeName);
1505 g_bTestMode = bMode;
1506 g_f16BitSys = BS3_MODE_IS_16BIT_SYS(TMPL_MODE);
1507
1508# if TMPL_MODE == BS3_MODE_PE16 \
1509 || TMPL_MODE == BS3_MODE_PE16_32 \
1510 || TMPL_MODE == BS3_MODE_PP16 \
1511 || TMPL_MODE == BS3_MODE_PP16_32 \
1512 || TMPL_MODE == BS3_MODE_PAE16 \
1513 || TMPL_MODE == BS3_MODE_PAE16_32 \
1514 || TMPL_MODE == BS3_MODE_PE32
1515 bs3CpuBasic2_TssGateEspCommon(BS3_MODE_IS_16BIT_SYS(TMPL_MODE),
1516 (PX86DESC)MyBs3Idt,
1517 BS3_MODE_IS_64BIT_SYS(TMPL_MODE) ? 1 : 0);
1518# else
1519 bRet = BS3TESTDOMODE_SKIPPED;
1520# endif
1521
1522 /*
1523 * Re-initialize the IDT.
1524 */
1525 Bs3TrapInit();
1526 return bRet;
1527}
1528
1529
1530BS3_DECL_FAR(uint8_t) TMPL_NM(bs3CpuBasic2_RaiseXcpt1)(uint8_t bMode)
1531{
1532 g_pszTestMode = TMPL_NM(g_szBs3ModeName);
1533 g_bTestMode = bMode;
1534 g_f16BitSys = BS3_MODE_IS_16BIT_SYS(TMPL_MODE);
1535
1536# if !BS3_MODE_IS_RM_OR_V86(TMPL_MODE)
1537
1538 /*
1539 * Pass to common worker which is only compiled once per mode.
1540 */
1541 bs3CpuBasic2_RaiseXcpt1Common(MY_SYS_SEL_R0_CS,
1542 MY_SYS_SEL_R0_CS_CNF,
1543 MY_SYS_SEL_R0_SS,
1544 (PX86DESC)MyBs3Idt,
1545 BS3_MODE_IS_64BIT_SYS(TMPL_MODE) ? 1 : 0);
1546
1547 /*
1548 * Re-initialize the IDT.
1549 */
1550 Bs3TrapInit();
1551 return 0;
1552# elif TMPL_MODE == BS3_MODE_RM
1553
1554 /*
1555 * Check
1556 */
1557 /** @todo check */
1558 return BS3TESTDOMODE_SKIPPED;
1559
1560# else
1561 return BS3TESTDOMODE_SKIPPED;
1562# endif
1563}
1564
1565#endif /* BS3_INSTANTIATING_MODE */
1566
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette