Changeset 47568 in vbox for trunk/src/VBox

Timestamp:

Aug 7, 2013 3:11:58 AM (11 years ago)

Author:

vboxsync

Message:

IEM: LAR,LSL,ARPL, and some tracing (RTTraceBuf*).

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAll.cpp (modified) (9 diffs)
• VMMAll/IEMAllAImplC.cpp (modified) (1 diff)
• VMMAll/IEMAllCImpl.cpp.h (modified) (10 diffs)
• VMMAll/IEMAllInstructions.cpp.h (modified) (2 diffs)
• include/IEMInternal.h (modified) (1 diff)
• testcase/tstIEMCheckMc.cpp (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -91 +91 @@
 #include <VBox/vmm/tm.h>
 #include <VBox/vmm/dbgf.h>
+#include <VBox/vmm/dbgftrace.h>
 #ifdef VBOX_WITH_RAW_MODE_NOT_R0
 # include <VBox/vmm/patm.h>
@@ -898 +899 @@
     if (!pIemCpu->fInPatchCode)
         CPUMRawLeave(pVCpu, CPUMCTX2CORE(pCtx), VINF_SUCCESS);
+#endif
+
+#ifdef DBGFTRACE_ENABLED
+    switch (enmMode)
+    {
+        case IEMMODE_64BIT:
+            RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I64/%u %08llx", pIemCpu->uCpl, pCtx->rip);
+            break;
+        case IEMMODE_32BIT:
+            RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I32/%u %04x:%08x", pIemCpu->uCpl, pCtx->cs.Sel, pCtx->eip);
+            break;
+        case IEMMODE_16BIT:
+            RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "I16/%u %04x:%04x", pIemCpu->uCpl, pCtx->cs.Sel, pCtx->eip);
+            break;
+    }
 #endif
 }
@@ -2862 +2878 @@
         uErr     = 0;
     }
+#ifdef DBGFTRACE_ENABLED
+    RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "Xcpt/%u: %02x %u %x %x %llx %04x:%04llx %04x:%04llx",
+                      pIemCpu->cXcptRecursions, u8Vector, cbInstr, fFlags, uErr, uCr2,
+                      pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp);
+#endif
 
     /*
@@ -7564 +7585 @@
 /**
  * Defers the rest of the instruction emulation to a C implementation routine
- * and returns, taking two arguments in addition to the standard ones.
+ * and returns, taking three arguments in addition to the standard ones.
  *
  * @param   a_pfnCImpl      The pointer to the C routine.
@@ -7572 +7593 @@
  */
 #define IEM_MC_CALL_CIMPL_3(a_pfnCImpl, a0, a1, a2)     return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2)
+
+/**
+ * Defers the rest of the instruction emulation to a C implementation routine
+ * and returns, taking four arguments in addition to the standard ones.
+ *
+ * @param   a_pfnCImpl      The pointer to the C routine.
+ * @param   a0              The first extra argument.
+ * @param   a1              The second extra argument.
+ * @param   a2              The third extra argument.
+ * @param   a3              The fourth extra argument.
+ */
+#define IEM_MC_CALL_CIMPL_4(a_pfnCImpl, a0, a1, a2, a3)     return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2, a3)
 
 /**
@@ -8366 +8399 @@
      * Enable verification and/or logging.
      */
-    pIemCpu->fNoRem  = !LogIs6Enabled(); /* logging triggers the no-rem/rem verification stuff */
-    if (    pIemCpu->fNoRem
+    bool fNewNoRem = !LogIs6Enabled(); /* logging triggers the no-rem/rem verification stuff */;
+    if (    fNewNoRem
         && (   0
 #if 0 /* auto enable on first paged protected mode interrupt */
@@ -8438 +8471 @@
             || (pOrgCtx->rip == 0x000000000215e240)
 #endif
-#if 1 /* DOS's size-overridden iret to v8086. */
+#if 0 /* DOS's size-overridden iret to v8086. */
             || (pOrgCtx->rip == 0x427 && pOrgCtx->cs.Sel == 0xb8)
+#endif
+#if 1 /* Win3.1: port 64 interception in v8086 mofr */
+            || (pOrgCtx->rip == 0xe9d6 && pOrgCtx->cs.Sel == 0xf000 && pOrgCtx->eflags.Bits.u1VM
+                && pOrgCtx->tr.u64Base == 0x80049e8c && pOrgCtx->tr.u32Limit == 0x2069)
 #endif
            )
@@ -8446 +8483 @@
         RTLogGroupSettings(NULL, "iem.eo.l6.l2");
         RTLogFlags(NULL, "enabled");
-        pIemCpu->fNoRem = false;
+        fNewNoRem = false;
+    }
+    if (fNewNoRem != pIemCpu->fNoRem)
+    {
+        pIemCpu->fNoRem = fNewNoRem;
+        if (!fNewNoRem)
+        {
+            LogAlways(("Enabling verification mode!\n"));
+            CPUMSetChangedFlags(pVCpu, CPUM_CHANGED_ALL);
+        }
+        else
+            LogAlways(("Disabling verification mode!\n"));
     }
 
@@ -9592 +9640 @@
 {
     iemInitDecoder(&pVCpu->iem.s, false);
+#ifdef DBGFTRACE_ENABLED
+    RTTraceBufAddMsgF(pVCpu->CTX_SUFF(pVM)->CTX_SUFF(hTraceBuf), "IEMInjectTrap: %x %d %x %llx",
+                      u8TrapNo, enmType, uErrCode, uCr2);
+#endif
 
     uint32_t fFlags;

trunk/src/VBox/VMM/VMMAll/IEMAllAImplC.cpp

@@ -59 +59 @@
 #endif /* RT_ARCH_X86 */
 
+
+IEM_DECL_IMPL_DEF(void, iemAImpl_arpl,(uint16_t *pu16Dst, uint16_t u16Src, uint32_t *pEFlags))
+{
+    if ((*pu16Dst & X86_SEL_RPL) < (u16Src & X86_SEL_RPL))
+    {
+        *pu16Dst &= X86_SEL_MASK_OFF_RPL;
+        *pu16Dst |= u16Src & X86_SEL_RPL;
+
+        *pEFlags |= X86_EFL_ZF;
+    }
+    else
+        *pEFlags &= ~X86_EFL_ZF;
+}
+

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

@@ -2101 +2101 @@
     if (rcStrict != VINF_SUCCESS)
         return rcStrict;
+#ifdef DBGFTRACE_ENABLED
+    RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "iret/rm %04x:%04x -> %04x:%04x %x %04llx",
+                      pCtx->cs.Sel, pCtx->eip, uNewCs, uNewEip, uNewFlags, uNewRsp);
+#endif
+
     pCtx->rip           = uNewEip;
     pCtx->cs.Sel        = uNewCs;
@@ -2177 +2182 @@
      * Commit the operation.
      */
+    uNewFlags &= X86_EFL_LIVE_MASK;
+    uNewFlags |= X86_EFL_RA1_MASK;
+#ifdef DBGFTRACE_ENABLED
+    RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "iret/p/v %04x:%08x -> %04x:%04x %x %04x:%04x",
+                      pCtx->cs.Sel, pCtx->eip, uNewCs, uNewEip, uNewFlags, uNewSs, uNewEsp);
+#endif
+
+    IEMMISC_SET_EFL(pIemCpu, pCtx, uNewFlags);
     iemCImplCommonV8086LoadSeg(&pCtx->cs, uNewCs);
     iemCImplCommonV8086LoadSeg(&pCtx->ss, uNewSs);
@@ -2185 +2198 @@
     pCtx->rip      = uNewEip;
     pCtx->rsp      = uNewEsp;
-    uNewFlags &= X86_EFL_LIVE_MASK;
-    uNewFlags |= X86_EFL_RA1_MASK;
-    IEMMISC_SET_EFL(pIemCpu, pCtx, uNewFlags);
     pIemCpu->uCpl  = 3;
 
@@ -2424 +2434 @@
         }
 
+        uint32_t fEFlagsMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF
+                             | X86_EFL_TF | X86_EFL_DF | X86_EFL_OF | X86_EFL_NT;
+        if (enmEffOpSize != IEMMODE_16BIT)
+            fEFlagsMask |= X86_EFL_RF | X86_EFL_AC | X86_EFL_ID;
+        if (pIemCpu->uCpl == 0)
+            fEFlagsMask |= X86_EFL_IF | X86_EFL_IOPL | X86_EFL_VIF | X86_EFL_VIP; /* VM is 0 */
+        else if (pIemCpu->uCpl <= pCtx->eflags.Bits.u2IOPL)
+            fEFlagsMask |= X86_EFL_IF;
+        uint32_t fEFlagsNew = IEMMISC_GET_EFL(pIemCpu, pCtx);
+        fEFlagsNew         &= ~fEFlagsMask;
+        fEFlagsNew         |= uNewFlags & fEFlagsMask;
+#ifdef DBGFTRACE_ENABLED
+        RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "iret/%up%u %04x:%08x -> %04x:%04x %x %04x:%04x",
+                          pIemCpu->uCpl, uNewCs & X86_SEL_RPL, pCtx->cs.Sel, pCtx->eip,
+                          uNewCs, uNewEip, uNewFlags,  uNewSS, uNewESP);
+#endif
+
+        IEMMISC_SET_EFL(pIemCpu, pCtx, fEFlagsNew);
         pCtx->rip           = uNewEip;
         pCtx->cs.Sel        = uNewCs;
@@ -2439 +2467 @@
         pCtx->ss.u64Base    = X86DESC_BASE(&DescSS.Legacy);
 
-        uint32_t fEFlagsMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF
-                             | X86_EFL_TF | X86_EFL_DF | X86_EFL_OF | X86_EFL_NT;
-        if (enmEffOpSize != IEMMODE_16BIT)
-            fEFlagsMask |= X86_EFL_RF | X86_EFL_AC | X86_EFL_ID;
-        if (pIemCpu->uCpl == 0)
-            fEFlagsMask |= X86_EFL_IF | X86_EFL_IOPL | X86_EFL_VIF | X86_EFL_VIP; /* VM is 0 */
-        else if (pIemCpu->uCpl <= pCtx->eflags.Bits.u2IOPL)
-            fEFlagsMask |= X86_EFL_IF;
-        uint32_t fEFlagsNew = IEMMISC_GET_EFL(pIemCpu, pCtx);
-        fEFlagsNew         &= ~fEFlagsMask;
-        fEFlagsNew         |= uNewFlags & fEFlagsMask;
-        IEMMISC_SET_EFL(pIemCpu, pCtx, fEFlagsNew);
-
         pIemCpu->uCpl       = uNewCs & X86_SEL_RPL;
         iemHlpAdjustSelectorForNewCpl(pIemCpu, uNewCs & X86_SEL_RPL, &pCtx->ds);
@@ -2483 +2498 @@
             DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
         }
-
-        pCtx->rip           = uNewEip;
-        pCtx->cs.Sel        = uNewCs;
-        pCtx->cs.ValidSel   = uNewCs;
-        pCtx->cs.fFlags     = CPUMSELREG_FLAGS_VALID;
-        pCtx->cs.Attr.u     = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
-        pCtx->cs.u32Limit   = cbLimitCS;
-        pCtx->cs.u64Base    = X86DESC_BASE(&DescCS.Legacy);
-        pCtx->rsp           = uNewRsp;
 
         X86EFLAGS NewEfl;
@@ -2505 +2511 @@
         NewEfl.u           &= ~fEFlagsMask;
         NewEfl.u           |= fEFlagsMask & uNewFlags;
+#ifdef DBGFTRACE_ENABLED
+        RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "iret/%up %04x:%08x -> %04x:%04x %x %04x:%04llx",
+                          pIemCpu->uCpl, pCtx->cs.Sel, pCtx->eip,
+                          uNewCs, uNewEip, uNewFlags, pCtx->ss.Sel, uNewRsp);
+#endif
+
         IEMMISC_SET_EFL(pIemCpu, pCtx, NewEfl.u);
+        pCtx->rip           = uNewEip;
+        pCtx->cs.Sel        = uNewCs;
+        pCtx->cs.ValidSel   = uNewCs;
+        pCtx->cs.fFlags     = CPUMSELREG_FLAGS_VALID;
+        pCtx->cs.Attr.u     = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
+        pCtx->cs.u32Limit   = cbLimitCS;
+        pCtx->cs.u64Base    = X86DESC_BASE(&DescCS.Legacy);
+        pCtx->rsp           = uNewRsp;
         /* Done! */
     }
@@ -2742 +2762 @@
     }
 
+    uint32_t fEFlagsMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF
+                         | X86_EFL_TF | X86_EFL_DF | X86_EFL_OF | X86_EFL_NT;
+    if (enmEffOpSize != IEMMODE_16BIT)
+        fEFlagsMask |= X86_EFL_RF | X86_EFL_AC | X86_EFL_ID;
+    if (pIemCpu->uCpl == 0)
+        fEFlagsMask |= X86_EFL_IF | X86_EFL_IOPL | X86_EFL_VIF | X86_EFL_VIP; /* VM is ignored */
+    else if (pIemCpu->uCpl <= pCtx->eflags.Bits.u2IOPL)
+        fEFlagsMask |= X86_EFL_IF;
+    uint32_t fEFlagsNew = IEMMISC_GET_EFL(pIemCpu, pCtx);
+    fEFlagsNew         &= ~fEFlagsMask;
+    fEFlagsNew         |= uNewFlags & fEFlagsMask;
+#ifdef DBGFTRACE_ENABLED
+    RTTraceBufAddMsgF(IEMCPU_TO_VM(pIemCpu)->CTX_SUFF(hTraceBuf), "iret/%ul%u %08llx -> %04x:%04llx %llx %04x:%04llx",
+                      pIemCpu->uCpl, uNewCpl, pCtx->rip, uNewCs, uNewRip, uNewFlags, uNewSs, uNewRsp);
+#endif
+
+    IEMMISC_SET_EFL(pIemCpu, pCtx, fEFlagsNew);
     pCtx->rip           = uNewRip;
     pCtx->cs.Sel        = uNewCs;
@@ -2768 +2805 @@
         Log2(("iretq new SS: base=%#RX64 lim=%#x attr=%#x\n", pCtx->ss.u64Base, pCtx->ss.u32Limit, pCtx->ss.Attr.u));
     }
-
-    uint32_t fEFlagsMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF
-                         | X86_EFL_TF | X86_EFL_DF | X86_EFL_OF | X86_EFL_NT;
-    if (enmEffOpSize != IEMMODE_16BIT)
-        fEFlagsMask |= X86_EFL_RF | X86_EFL_AC | X86_EFL_ID;
-    if (pIemCpu->uCpl == 0)
-        fEFlagsMask |= X86_EFL_IF | X86_EFL_IOPL | X86_EFL_VIF | X86_EFL_VIP; /* VM is ignored */
-    else if (pIemCpu->uCpl <= pCtx->eflags.Bits.u2IOPL)
-        fEFlagsMask |= X86_EFL_IF;
-    uint32_t fEFlagsNew = IEMMISC_GET_EFL(pIemCpu, pCtx);
-    fEFlagsNew         &= ~fEFlagsMask;
-    fEFlagsNew         |= uNewFlags & fEFlagsMask;
-    IEMMISC_SET_EFL(pIemCpu, pCtx, fEFlagsNew);
 
     if (pIemCpu->uCpl != uNewCpl)
@@ -3327 +3351 @@
 
 /**
- * Implements verr (fWrite = false) and verw (fWrite = true).
- */
-IEM_CIMPL_DEF_2(iemCImpl_VerX, uint16_t, uSel, bool, fWrite)
-{
+ * Helper for VERR, VERW, LAR, and LSL and loads the descriptor into memory.
+ *
+ * @retval VINF_SUCCESS on success.
+ * @retval VINF_IEM_SELECTOR_NOT_OK if the selector isn't ok.
+ * @retval iemMemFetchSysU64 return value.
+ *
+ * @param   pIemCpu             The IEM state of the calling EMT.
+ * @param   uSel                The selector value.
+ * @param   fAllowSysDesc       Whether system descriptors are OK or not.
+ * @param   pDesc               Where to return the descriptor on success.
+ */
+static VBOXSTRICTRC iemCImpl_LoadDescHelper(PIEMCPU pIemCpu, uint16_t uSel, bool fAllowSysDesc, PIEMSELDESC pDesc)
+{
+    pDesc->Long.au64[0] = 0;
+    pDesc->Long.au64[1] = 0;
+
+    if (!(uSel & X86_SEL_MASK_OFF_RPL)) /** @todo test this on 64-bit. */
+        return VINF_IEM_SELECTOR_NOT_OK;
+
+    /* Within the table limits? */
     PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
-    Assert(!IEM_IS_REAL_OR_V86_MODE(pIemCpu));
-
-    /** @todo figure whether the accessed bit is set or not. */
-
-    bool fAccessible = true;
-    if (!(uSel & X86_SEL_MASK_OFF_RPL))
-        fAccessible = false; /** @todo test this on 64-bit. */
+    RTGCPTR GCPtrBase;
+    if (uSel & X86_SEL_LDT)
+    {
+        if (   !pCtx->ldtr.Attr.n.u1Present
+            || (uSel | X86_SEL_RPL_LDT) > pCtx->ldtr.u32Limit )
+            return VINF_IEM_SELECTOR_NOT_OK;
+        GCPtrBase = pCtx->ldtr.u64Base;
+    }
     else
     {
-        /* Fetch the descriptor. */
-        RTGCPTR GCPtrBase;
-        if (uSel & X86_SEL_LDT)
-        {
-            if (   !pCtx->ldtr.Attr.n.u1Present
-                || (uSel | X86_SEL_RPL_LDT) > pCtx->ldtr.u32Limit )
-                fAccessible = false;
-            GCPtrBase = pCtx->ldtr.u64Base;
-        }
-        else
-        {
-            if ((uSel | X86_SEL_RPL_LDT) > pCtx->gdtr.cbGdt)
-                fAccessible = false;
-            GCPtrBase = pCtx->gdtr.pGdt;
-        }
-        if (fAccessible)
-        {
-            IEMSELDESC Desc;
-            VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &Desc.Legacy.u, UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK));
+        if ((uSel | X86_SEL_RPL_LDT) > pCtx->gdtr.cbGdt)
+            return VINF_IEM_SELECTOR_NOT_OK;
+        GCPtrBase = pCtx->gdtr.pGdt;
+    }
+
+    /* Fetch the descriptor. */
+    VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &pDesc->Legacy.u, UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK));
+    if (rcStrict != VINF_SUCCESS)
+        return rcStrict;
+    if (!pDesc->Legacy.Gen.u1DescType)
+    {
+        if (!fAllowSysDesc)
+            return VINF_IEM_SELECTOR_NOT_OK;
+        if (CPUMIsGuestInLongModeEx(pCtx))
+        {
+            rcStrict = iemMemFetchSysU64(pIemCpu, &pDesc->Long.au64[1], UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK) + 8);
             if (rcStrict != VINF_SUCCESS)
                 return rcStrict;
-
-            /* Check the descriptor, order doesn't matter much here. */
-            if (   !Desc.Legacy.Gen.u1DescType
-                || !Desc.Legacy.Gen.u1Present)
+        }
+
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Implements verr (fWrite = false) and verw (fWrite = true).
+ */
+IEM_CIMPL_DEF_2(iemCImpl_VerX, uint16_t, uSel, bool, fWrite)
+{
+    Assert(!IEM_IS_REAL_OR_V86_MODE(pIemCpu));
+
+    /** @todo figure whether the accessed bit is set or not. */
+
+    bool         fAccessible = true;
+    IEMSELDESC   Desc;
+    VBOXSTRICTRC rcStrict = iemCImpl_LoadDescHelper(pIemCpu, uSel, false /*fAllowSysDesc*/, &Desc);
+    if (rcStrict == VINF_SUCCESS)
+    {
+        /* Check the descriptor, order doesn't matter much here. */
+        if (   !Desc.Legacy.Gen.u1DescType
+            || !Desc.Legacy.Gen.u1Present)
+            fAccessible = false;
+        else
+        {
+            if (  fWrite
+                ? (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_WRITE)) != X86_SEL_TYPE_WRITE
+                : (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ))  == X86_SEL_TYPE_CODE)
                 fAccessible = false;
+
+            /** @todo testcase for the conforming behavior. */
+            if (   (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
+                != (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
+            {
+                if ((unsigned)(uSel & X86_SEL_RPL) > Desc.Legacy.Gen.u2Dpl)
+                    fAccessible = false;
+                else if (pIemCpu->uCpl > Desc.Legacy.Gen.u2Dpl)
+                    fAccessible = false;
+            }
+        }
+
+    }
+    else if (rcStrict == VINF_IEM_SELECTOR_NOT_OK)
+        fAccessible = false;
+    else
+        return rcStrict;
+
+    /* commit */
+    pIemCpu->CTX_SUFF(pCtx)->eflags.Bits.u1ZF = fAccessible;
+
+    iemRegAddToRip(pIemCpu, cbInstr);
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Implements LAR and LSL with 64-bit operand size.
+ *
+ * @returns VINF_SUCCESS.
+ * @param   pu16Dst         Pointer to the destination register.
+ * @param   uSel            The selector to load details for.
+ * @param   pEFlags         Pointer to the eflags register.
+ * @param   fIsLar          true = LAR, false = LSL.
+ */
+IEM_CIMPL_DEF_4(iemCImpl_LarLsl_u64, uint64_t *, pu64Dst, uint16_t, uSel, uint32_t *, pEFlags, bool, fIsLar)
+{
+    Assert(!IEM_IS_REAL_OR_V86_MODE(pIemCpu));
+
+    /** @todo figure whether the accessed bit is set or not. */
+
+    bool         fDescOk = true;
+    IEMSELDESC   Desc;
+    VBOXSTRICTRC rcStrict = iemCImpl_LoadDescHelper(pIemCpu, uSel, false /*fAllowSysDesc*/, &Desc);
+    if (rcStrict == VINF_SUCCESS)
+    {
+        /*
+         * Check the descriptor type.
+         */
+        if (!Desc.Legacy.Gen.u1DescType)
+        {
+            if (CPUMIsGuestInLongModeEx(pIemCpu->CTX_SUFF(pCtx)))
+            {
+                if (Desc.Long.Gen.u5Zeros)
+                    fDescOk = false;
+                else
+                    switch (Desc.Long.Gen.u4Type)
+                    {
+                        /** @todo Intel lists 0 as valid for LSL, verify whether that's correct */
+                        case AMD64_SEL_TYPE_SYS_TSS_AVAIL:
+                        case AMD64_SEL_TYPE_SYS_TSS_BUSY:
+                        case AMD64_SEL_TYPE_SYS_LDT: /** @todo Intel lists this as invalid for LAR, AMD and 32-bit does otherwise. */
+                            break;
+                        case AMD64_SEL_TYPE_SYS_CALL_GATE:
+                            fDescOk = fIsLar;
+                            break;
+                        default:
+                            fDescOk = false;
+                            break;
+                    }
+            }
             else
             {
-                if (  fWrite
-                    ? (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_WRITE)) != X86_SEL_TYPE_WRITE
-                    : (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ))  == X86_SEL_TYPE_CODE)
-                    fAccessible = false;
-
-                /** @todo testcase for the conforming behavior. */
-                if (   (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
-                    != (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF))
+                switch (Desc.Long.Gen.u4Type)
                 {
-                    if ((unsigned)(uSel & X86_SEL_RPL) > Desc.Legacy.Gen.u2Dpl)
-                        fAccessible = false;
-                    else if (pIemCpu->uCpl > Desc.Legacy.Gen.u2Dpl)
-                        fAccessible = false;
+                    case X86_SEL_TYPE_SYS_286_TSS_AVAIL:
+                    case X86_SEL_TYPE_SYS_286_TSS_BUSY:
+                    case X86_SEL_TYPE_SYS_386_TSS_AVAIL:
+                    case X86_SEL_TYPE_SYS_386_TSS_BUSY:
+                    case X86_SEL_TYPE_SYS_LDT:
+                        break;
+                    case X86_SEL_TYPE_SYS_286_CALL_GATE:
+                    case X86_SEL_TYPE_SYS_TASK_GATE:
+                    case X86_SEL_TYPE_SYS_386_CALL_GATE:
+                        fDescOk = fIsLar;
+                        break;
+                    default:
+                        fDescOk = false;
+                        break;
                 }
             }
         }
-    }
-
-    /* commit */
-    pIemCpu->CTX_SUFF(pCtx)->eflags.Bits.u1ZF = fAccessible;
-
+        if (fDescOk)
+        {
+            /*
+             * Check the RPL/DPL/CPL interaction..
+             */
+            /** @todo testcase for the conforming behavior. */
+            if (   (Desc.Legacy.Gen.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF)) != (X86_SEL_TYPE_CODE | X86_SEL_TYPE_CONF)
+                || !Desc.Legacy.Gen.u1DescType)
+            {
+                if ((unsigned)(uSel & X86_SEL_RPL) > Desc.Legacy.Gen.u2Dpl)
+                    fDescOk = false;
+                else if (pIemCpu->uCpl > Desc.Legacy.Gen.u2Dpl)
+                    fDescOk = false;
+            }
+        }
+
+        if (fDescOk)
+        {
+            /*
+             * All fine, start committing the result.
+             */
+            if (fIsLar)
+                *pu64Dst = Desc.Legacy.au32[1] & UINT32_C(0x00ffff00);
+            else
+                *pu64Dst = X86DESC_LIMIT_G(&Desc.Legacy);
+        }
+
+    }
+    else if (rcStrict == VINF_IEM_SELECTOR_NOT_OK)
+        fDescOk = false;
+    else
+        return rcStrict;
+
+    /* commit flags value and advance rip. */
+    pIemCpu->CTX_SUFF(pCtx)->eflags.Bits.u1ZF = fDescOk;
     iemRegAddToRip(pIemCpu, cbInstr);
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Implements LAR and LSL with 16-bit operand size.
+ *
+ * @returns VINF_SUCCESS.
+ * @param   pu16Dst         Pointer to the destination register.
+ * @param   u16Sel          The selector to load details for.
+ * @param   pEFlags         Pointer to the eflags register.
+ * @param   fIsLar          true = LAR, false = LSL.
+ */
+IEM_CIMPL_DEF_4(iemCImpl_LarLsl_u16, uint16_t *, pu16Dst, uint16_t, uSel, uint32_t *, pEFlags, bool, fIsLar)
+{
+    uint64_t u64TmpDst = *pu16Dst;
+    IEM_CIMPL_CALL_4(iemCImpl_LarLsl_u64, &u64TmpDst, uSel, pEFlags, fIsLar);
+    *pu16Dst = (uint16_t)u64TmpDst;
     return VINF_SUCCESS;
 }

trunk/src/VBox/VMM/VMMAll/IEMAllInstructions.cpp.h

@@ -1135 +1135 @@
 }
 
+/** Opcode 0x0f 0x00 /3. */
+FNIEMOP_DEF_1(iemOpCommonLarLsl_Gv_Ew, bool, fIsLar)
+{
+    IEMOP_HLP_NO_REAL_OR_V86_MODE();
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+
+    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+    {
+        IEMOP_HLP_DECODED_NL_2(fIsLar ? OP_LAR : OP_LSL, IEMOPFORM_RM_REG, OP_PARM_Gv, OP_PARM_Ew, DISOPTYPE_DANGEROUS | DISOPTYPE_PRIVILEGED_NOTRAP);
+        switch (pIemCpu->enmEffOpSize)
+        {
+            case IEMMODE_16BIT:
+            {
+                IEM_MC_BEGIN(4, 0);
+                IEM_MC_ARG(uint16_t *,  pu16Dst,           0);
+                IEM_MC_ARG(uint16_t,    u16Sel,            1);
+                IEM_MC_ARG(uint32_t *,  pEFlags,           2);
+                IEM_MC_ARG_CONST(bool,  fIsLarArg, fIsLar, 3);
+
+                IEM_MC_REF_GREG_U16(pu16Dst, ((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg);
+                IEM_MC_FETCH_GREG_U16(u16Sel, (bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB);
+                IEM_MC_REF_EFLAGS(pEFlags);
+                IEM_MC_CALL_CIMPL_4(iemCImpl_LarLsl_u16, pu16Dst, u16Sel, pEFlags, fIsLarArg);
+
+                IEM_MC_END();
+                return VINF_SUCCESS;
+            }
+
+            case IEMMODE_32BIT:
+            case IEMMODE_64BIT:
+            {
+                IEM_MC_BEGIN(4, 0);
+                IEM_MC_ARG(uint64_t *,  pu64Dst,           0);
+                IEM_MC_ARG(uint16_t,    u16Sel,            1);
+                IEM_MC_ARG(uint32_t *,  pEFlags,           2);
+                IEM_MC_ARG_CONST(bool,  fIsLarArg, fIsLar, 3);
+
+                IEM_MC_REF_GREG_U64(pu64Dst, ((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg);
+                IEM_MC_FETCH_GREG_U16(u16Sel, (bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB);
+                IEM_MC_REF_EFLAGS(pEFlags);
+                IEM_MC_CALL_CIMPL_4(iemCImpl_LarLsl_u64, pu64Dst, u16Sel, pEFlags, fIsLarArg);
+
+                IEM_MC_END();
+                return VINF_SUCCESS;
+            }
+
+            IEM_NOT_REACHED_DEFAULT_CASE_RET();
+        }
+    }
+    else
+    {
+        switch (pIemCpu->enmEffOpSize)
+        {
+            case IEMMODE_16BIT:
+            {
+                IEM_MC_BEGIN(4, 1);
+                IEM_MC_ARG(uint16_t *,  pu16Dst,           0);
+                IEM_MC_ARG(uint16_t,    u16Sel,            1);
+                IEM_MC_ARG(uint32_t *,  pEFlags,           2);
+                IEM_MC_ARG_CONST(bool,  fIsLarArg, fIsLar, 3);
+                IEM_MC_LOCAL(RTGCPTR,   GCPtrEffSrc);
+
+                IEM_MC_CALC_RM_EFF_ADDR(GCPtrEffSrc, bRm, 0);
+                IEMOP_HLP_DECODED_NL_2(fIsLar ? OP_LAR : OP_LSL, IEMOPFORM_RM_MEM, OP_PARM_Gv, OP_PARM_Ew, DISOPTYPE_DANGEROUS | DISOPTYPE_PRIVILEGED_NOTRAP);
+
+                IEM_MC_FETCH_MEM_U16(u16Sel, pIemCpu->iEffSeg, GCPtrEffSrc);
+                IEM_MC_REF_GREG_U16(pu16Dst, ((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg);
+                IEM_MC_REF_EFLAGS(pEFlags);
+                IEM_MC_CALL_CIMPL_4(iemCImpl_LarLsl_u16, pu16Dst, u16Sel, pEFlags, fIsLarArg);
+
+                IEM_MC_END();
+                return VINF_SUCCESS;
+            }
+
+            case IEMMODE_32BIT:
+            case IEMMODE_64BIT:
+            {
+                IEM_MC_BEGIN(4, 1);
+                IEM_MC_ARG(uint64_t *,  pu64Dst,           0);
+                IEM_MC_ARG(uint16_t,    u16Sel,            1);
+                IEM_MC_ARG(uint32_t *,  pEFlags,           2);
+                IEM_MC_ARG_CONST(bool,  fIsLarArg, fIsLar, 3);
+                IEM_MC_LOCAL(RTGCPTR,   GCPtrEffSrc);
+
+                IEM_MC_CALC_RM_EFF_ADDR(GCPtrEffSrc, bRm, 0);
+                IEMOP_HLP_DECODED_NL_2(fIsLar ? OP_LAR : OP_LSL, IEMOPFORM_RM_MEM, OP_PARM_Gv, OP_PARM_Ew, DISOPTYPE_DANGEROUS | DISOPTYPE_PRIVILEGED_NOTRAP);
+
+                IEM_MC_FETCH_MEM_U16(u16Sel, pIemCpu->iEffSeg, GCPtrEffSrc);
+                IEM_MC_REF_GREG_U64(pu64Dst, ((bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK) | pIemCpu->uRexReg);
+                IEM_MC_REF_EFLAGS(pEFlags);
+                IEM_MC_CALL_CIMPL_4(iemCImpl_LarLsl_u64, pu64Dst, u16Sel, pEFlags, fIsLarArg);
+
+                IEM_MC_END();
+                return VINF_SUCCESS;
+            }
+
+            IEM_NOT_REACHED_DEFAULT_CASE_RET();
+        }
+    }
+}
+
+
 
 /** Opcode 0x0f 0x02. */
-FNIEMOP_STUB(iemOp_lar_Gv_Ew);
+FNIEMOP_DEF(iemOp_lar_Gv_Ew)
+{
+    IEMOP_MNEMONIC("lar Gv,Ew");
+    return FNIEMOP_CALL_1(iemOpCommonLarLsl_Gv_Ew, true);
+}
+
+
 /** Opcode 0x0f 0x03. */
-FNIEMOP_STUB(iemOp_lsl_Gv_Ew);
+FNIEMOP_DEF(iemOp_lsl_Gv_Ew)
+{
+    IEMOP_MNEMONIC("lsl Gv,Ew");
+    return FNIEMOP_CALL_1(iemOpCommonLarLsl_Gv_Ew, false);
+}
 
 
@@ -7928 +8040 @@
 FNIEMOP_STUB(iemOp_bound_Gv_Ma);
 
+
 /** Opcode 0x63 - non-64-bit modes. */
-FNIEMOP_STUB(iemOp_arpl_Ew_Gw);
+FNIEMOP_DEF(iemOp_arpl_Ew_Gw)
+{
+    IEMOP_MNEMONIC("arpl Ew,Gw");
+    IEMOP_HLP_NO_REAL_OR_V86_MODE();
+    uint8_t bRm; IEM_OPCODE_GET_NEXT_U8(&bRm);
+
+    if ((bRm & X86_MODRM_MOD_MASK) == (3 << X86_MODRM_MOD_SHIFT))
+    {
+        /* Register */
+        IEMOP_HLP_DECODED_NL_2(OP_ARPL, IEMOPFORM_MR_REG, OP_PARM_Ew, OP_PARM_Gw, DISOPTYPE_HARMLESS);
+        IEM_MC_BEGIN(3, 0);
+        IEM_MC_ARG(uint16_t *,      pu16Dst,    0);
+        IEM_MC_ARG(uint16_t,        u16Src,     1);
+        IEM_MC_ARG(uint32_t *,      pEFlags,    2);
+
+        IEM_MC_FETCH_GREG_U16(u16Src, (bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK);
+        IEM_MC_REF_GREG_U16(pu16Dst, (bRm & X86_MODRM_RM_MASK));
+        IEM_MC_REF_EFLAGS(pEFlags);
+        IEM_MC_CALL_VOID_AIMPL_3(iemAImpl_arpl, pu16Dst, u16Src, pEFlags);
+
+        IEM_MC_ADVANCE_RIP();
+        IEM_MC_END();
+    }
+    else
+    {
+        /* Memory */
+        IEM_MC_BEGIN(3, 2);
+        IEM_MC_ARG(uint16_t *, pu16Dst,          0);
+        IEM_MC_ARG(uint16_t,   u16Src,           1);
+        IEM_MC_ARG_LOCAL_EFLAGS(pEFlags, EFlags, 2);
+        IEM_MC_LOCAL(RTGCPTR, GCPtrEffDst);
+
+        IEM_MC_CALC_RM_EFF_ADDR(GCPtrEffDst, bRm, 0);
+        IEMOP_HLP_DECODED_NL_2(OP_ARPL, IEMOPFORM_MR_REG, OP_PARM_Ew, OP_PARM_Gw, DISOPTYPE_HARMLESS);
+        IEM_MC_MEM_MAP(pu16Dst, IEM_ACCESS_DATA_RW, pIemCpu->iEffSeg, GCPtrEffDst, 0 /*arg*/);
+        IEM_MC_FETCH_GREG_U16(u16Src, (bRm >> X86_MODRM_REG_SHIFT) & X86_MODRM_REG_SMASK);
+        IEM_MC_FETCH_EFLAGS(EFlags);
+        IEM_MC_CALL_VOID_AIMPL_3(iemAImpl_arpl, pu16Dst, u16Src, pEFlags);
+
+        IEM_MC_MEM_COMMIT_AND_UNMAP(pu16Dst, IEM_ACCESS_DATA_RW);
+        IEM_MC_COMMIT_EFLAGS(EFlags);
+        IEM_MC_ADVANCE_RIP();
+        IEM_MC_END();
+    }
+    return VINF_SUCCESS;
+
+}
 
 

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -896 +896 @@
 /** @}  */
 
+/** @name Misc.
+ * @{ */
+FNIEMAIMPLBINU16 iemAImpl_arpl;
+/** @} */
+
 
 /** @name FPU operations taking a 32-bit float argument

trunk/src/VBox/VMM/testcase/tstIEMCheckMc.cpp

@@ -574 +574 @@
 #define IEM_MC_CALL_CIMPL_3(a_pfnCImpl, a0, a1, a2) \
     do { CHK_CALL_ARG(a0, 0); CHK_CALL_ARG(a1, 1); CHK_CALL_ARG(a2, 2); } while (0)
+#define IEM_MC_CALL_CIMPL_4(a_pfnCImpl, a0, a1, a2, a3) \
+    do { CHK_CALL_ARG(a0, 0); CHK_CALL_ARG(a1, 1); CHK_CALL_ARG(a2, 2); CHK_CALL_ARG(a3, 3); } while (0)
 #define IEM_MC_CALL_CIMPL_5(a_pfnCImpl, a0, a1, a2, a3, a4) \
     do { CHK_CALL_ARG(a0, 0); CHK_CALL_ARG(a1, 1); CHK_CALL_ARG(a2, 2); CHK_CALL_ARG(a3, 3); CHK_CALL_ARG(a4, 4);  } while (0)