4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 #define CPU_NO_GLOBAL_REGS
22 #include "host-utils.h"
27 #define raise_exception_err(a, b)\
30 fprintf(logfile, "raise_exception line=%d\n", __LINE__);\
31 (raise_exception_err)(a, b);\
35 const uint8_t parity_table[256] = {
36 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
37 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
38 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
39 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
40 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
41 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
42 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
43 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
44 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
45 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
46 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
47 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
48 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
49 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
50 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
51 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
52 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
53 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
54 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
55 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
56 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
57 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
58 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
59 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
60 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
61 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
62 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
63 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
64 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
65 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
66 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
67 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
71 const uint8_t rclw_table[32] = {
72 0, 1, 2, 3, 4, 5, 6, 7,
73 8, 9,10,11,12,13,14,15,
74 16, 0, 1, 2, 3, 4, 5, 6,
75 7, 8, 9,10,11,12,13,14,
79 const uint8_t rclb_table[32] = {
80 0, 1, 2, 3, 4, 5, 6, 7,
81 8, 0, 1, 2, 3, 4, 5, 6,
82 7, 8, 0, 1, 2, 3, 4, 5,
83 6, 7, 8, 0, 1, 2, 3, 4,
86 const CPU86_LDouble f15rk[7] =
88 0.00000000000000000000L,
89 1.00000000000000000000L,
90 3.14159265358979323851L, /*pi*/
91 0.30102999566398119523L, /*lg2*/
92 0.69314718055994530943L, /*ln2*/
93 1.44269504088896340739L, /*l2e*/
94 3.32192809488736234781L, /*l2t*/
97 /* broken thread support */
99 spinlock_t global_cpu_lock = SPIN_LOCK_UNLOCKED;
101 void helper_lock(void)
103 spin_lock(&global_cpu_lock);
106 void helper_unlock(void)
108 spin_unlock(&global_cpu_lock);
111 void helper_write_eflags(target_ulong t0, uint32_t update_mask)
113 load_eflags(t0, update_mask);
116 target_ulong helper_read_eflags(void)
119 eflags = cc_table[CC_OP].compute_all();
120 eflags |= (DF & DF_MASK);
121 eflags |= env->eflags & ~(VM_MASK | RF_MASK);
125 /* return non zero if error */
126 static inline int load_segment(uint32_t *e1_ptr, uint32_t *e2_ptr,
137 index = selector & ~7;
138 if ((index + 7) > dt->limit)
140 ptr = dt->base + index;
141 *e1_ptr = ldl_kernel(ptr);
142 *e2_ptr = ldl_kernel(ptr + 4);
146 static inline unsigned int get_seg_limit(uint32_t e1, uint32_t e2)
149 limit = (e1 & 0xffff) | (e2 & 0x000f0000);
150 if (e2 & DESC_G_MASK)
151 limit = (limit << 12) | 0xfff;
155 static inline uint32_t get_seg_base(uint32_t e1, uint32_t e2)
157 return ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
160 static inline void load_seg_cache_raw_dt(SegmentCache *sc, uint32_t e1, uint32_t e2)
162 sc->base = get_seg_base(e1, e2);
163 sc->limit = get_seg_limit(e1, e2);
167 /* init the segment cache in vm86 mode. */
168 static inline void load_seg_vm(int seg, int selector)
171 cpu_x86_load_seg_cache(env, seg, selector,
172 (selector << 4), 0xffff, 0);
175 static inline void get_ss_esp_from_tss(uint32_t *ss_ptr,
176 uint32_t *esp_ptr, int dpl)
178 int type, index, shift;
183 printf("TR: base=%p limit=%x\n", env->tr.base, env->tr.limit);
184 for(i=0;i<env->tr.limit;i++) {
185 printf("%02x ", env->tr.base[i]);
186 if ((i & 7) == 7) printf("\n");
192 if (!(env->tr.flags & DESC_P_MASK))
193 cpu_abort(env, "invalid tss");
194 type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
196 cpu_abort(env, "invalid tss type");
198 index = (dpl * 4 + 2) << shift;
199 if (index + (4 << shift) - 1 > env->tr.limit)
200 raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
202 *esp_ptr = lduw_kernel(env->tr.base + index);
203 *ss_ptr = lduw_kernel(env->tr.base + index + 2);
205 *esp_ptr = ldl_kernel(env->tr.base + index);
206 *ss_ptr = lduw_kernel(env->tr.base + index + 4);
210 /* XXX: merge with load_seg() */
211 static void tss_load_seg(int seg_reg, int selector)
216 if ((selector & 0xfffc) != 0) {
217 if (load_segment(&e1, &e2, selector) != 0)
218 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
219 if (!(e2 & DESC_S_MASK))
220 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
222 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
223 cpl = env->hflags & HF_CPL_MASK;
224 if (seg_reg == R_CS) {
225 if (!(e2 & DESC_CS_MASK))
226 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
227 /* XXX: is it correct ? */
229 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
230 if ((e2 & DESC_C_MASK) && dpl > rpl)
231 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
232 } else if (seg_reg == R_SS) {
233 /* SS must be writable data */
234 if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK))
235 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
236 if (dpl != cpl || dpl != rpl)
237 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
239 /* not readable code */
240 if ((e2 & DESC_CS_MASK) && !(e2 & DESC_R_MASK))
241 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
242 /* if data or non conforming code, checks the rights */
243 if (((e2 >> DESC_TYPE_SHIFT) & 0xf) < 12) {
244 if (dpl < cpl || dpl < rpl)
245 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
248 if (!(e2 & DESC_P_MASK))
249 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
250 cpu_x86_load_seg_cache(env, seg_reg, selector,
251 get_seg_base(e1, e2),
252 get_seg_limit(e1, e2),
255 if (seg_reg == R_SS || seg_reg == R_CS)
256 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
260 #define SWITCH_TSS_JMP 0
261 #define SWITCH_TSS_IRET 1
262 #define SWITCH_TSS_CALL 2
264 /* XXX: restore CPU state in registers (PowerPC case) */
265 static void switch_tss(int tss_selector,
266 uint32_t e1, uint32_t e2, int source,
269 int tss_limit, tss_limit_max, type, old_tss_limit_max, old_type, v1, v2, i;
270 target_ulong tss_base;
271 uint32_t new_regs[8], new_segs[6];
272 uint32_t new_eflags, new_eip, new_cr3, new_ldt, new_trap;
273 uint32_t old_eflags, eflags_mask;
278 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
280 if (loglevel & CPU_LOG_PCALL)
281 fprintf(logfile, "switch_tss: sel=0x%04x type=%d src=%d\n", tss_selector, type, source);
284 /* if task gate, we read the TSS segment and we load it */
286 if (!(e2 & DESC_P_MASK))
287 raise_exception_err(EXCP0B_NOSEG, tss_selector & 0xfffc);
288 tss_selector = e1 >> 16;
289 if (tss_selector & 4)
290 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
291 if (load_segment(&e1, &e2, tss_selector) != 0)
292 raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
293 if (e2 & DESC_S_MASK)
294 raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
295 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
297 raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
300 if (!(e2 & DESC_P_MASK))
301 raise_exception_err(EXCP0B_NOSEG, tss_selector & 0xfffc);
307 tss_limit = get_seg_limit(e1, e2);
308 tss_base = get_seg_base(e1, e2);
309 if ((tss_selector & 4) != 0 ||
310 tss_limit < tss_limit_max)
311 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
312 old_type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
314 old_tss_limit_max = 103;
316 old_tss_limit_max = 43;
318 /* read all the registers from the new TSS */
321 new_cr3 = ldl_kernel(tss_base + 0x1c);
322 new_eip = ldl_kernel(tss_base + 0x20);
323 new_eflags = ldl_kernel(tss_base + 0x24);
324 for(i = 0; i < 8; i++)
325 new_regs[i] = ldl_kernel(tss_base + (0x28 + i * 4));
326 for(i = 0; i < 6; i++)
327 new_segs[i] = lduw_kernel(tss_base + (0x48 + i * 4));
328 new_ldt = lduw_kernel(tss_base + 0x60);
329 new_trap = ldl_kernel(tss_base + 0x64);
333 new_eip = lduw_kernel(tss_base + 0x0e);
334 new_eflags = lduw_kernel(tss_base + 0x10);
335 for(i = 0; i < 8; i++)
336 new_regs[i] = lduw_kernel(tss_base + (0x12 + i * 2)) | 0xffff0000;
337 for(i = 0; i < 4; i++)
338 new_segs[i] = lduw_kernel(tss_base + (0x22 + i * 4));
339 new_ldt = lduw_kernel(tss_base + 0x2a);
345 /* NOTE: we must avoid memory exceptions during the task switch,
346 so we make dummy accesses before */
347 /* XXX: it can still fail in some cases, so a bigger hack is
348 necessary to valid the TLB after having done the accesses */
350 v1 = ldub_kernel(env->tr.base);
351 v2 = ldub_kernel(env->tr.base + old_tss_limit_max);
352 stb_kernel(env->tr.base, v1);
353 stb_kernel(env->tr.base + old_tss_limit_max, v2);
355 /* clear busy bit (it is restartable) */
356 if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_IRET) {
359 ptr = env->gdt.base + (env->tr.selector & ~7);
360 e2 = ldl_kernel(ptr + 4);
361 e2 &= ~DESC_TSS_BUSY_MASK;
362 stl_kernel(ptr + 4, e2);
364 old_eflags = compute_eflags();
365 if (source == SWITCH_TSS_IRET)
366 old_eflags &= ~NT_MASK;
368 /* save the current state in the old TSS */
371 stl_kernel(env->tr.base + 0x20, next_eip);
372 stl_kernel(env->tr.base + 0x24, old_eflags);
373 stl_kernel(env->tr.base + (0x28 + 0 * 4), EAX);
374 stl_kernel(env->tr.base + (0x28 + 1 * 4), ECX);
375 stl_kernel(env->tr.base + (0x28 + 2 * 4), EDX);
376 stl_kernel(env->tr.base + (0x28 + 3 * 4), EBX);
377 stl_kernel(env->tr.base + (0x28 + 4 * 4), ESP);
378 stl_kernel(env->tr.base + (0x28 + 5 * 4), EBP);
379 stl_kernel(env->tr.base + (0x28 + 6 * 4), ESI);
380 stl_kernel(env->tr.base + (0x28 + 7 * 4), EDI);
381 for(i = 0; i < 6; i++)
382 stw_kernel(env->tr.base + (0x48 + i * 4), env->segs[i].selector);
385 stw_kernel(env->tr.base + 0x0e, next_eip);
386 stw_kernel(env->tr.base + 0x10, old_eflags);
387 stw_kernel(env->tr.base + (0x12 + 0 * 2), EAX);
388 stw_kernel(env->tr.base + (0x12 + 1 * 2), ECX);
389 stw_kernel(env->tr.base + (0x12 + 2 * 2), EDX);
390 stw_kernel(env->tr.base + (0x12 + 3 * 2), EBX);
391 stw_kernel(env->tr.base + (0x12 + 4 * 2), ESP);
392 stw_kernel(env->tr.base + (0x12 + 5 * 2), EBP);
393 stw_kernel(env->tr.base + (0x12 + 6 * 2), ESI);
394 stw_kernel(env->tr.base + (0x12 + 7 * 2), EDI);
395 for(i = 0; i < 4; i++)
396 stw_kernel(env->tr.base + (0x22 + i * 4), env->segs[i].selector);
399 /* now if an exception occurs, it will occurs in the next task
402 if (source == SWITCH_TSS_CALL) {
403 stw_kernel(tss_base, env->tr.selector);
404 new_eflags |= NT_MASK;
408 if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_CALL) {
411 ptr = env->gdt.base + (tss_selector & ~7);
412 e2 = ldl_kernel(ptr + 4);
413 e2 |= DESC_TSS_BUSY_MASK;
414 stl_kernel(ptr + 4, e2);
417 /* set the new CPU state */
418 /* from this point, any exception which occurs can give problems */
419 env->cr[0] |= CR0_TS_MASK;
420 env->hflags |= HF_TS_MASK;
421 env->tr.selector = tss_selector;
422 env->tr.base = tss_base;
423 env->tr.limit = tss_limit;
424 env->tr.flags = e2 & ~DESC_TSS_BUSY_MASK;
426 if ((type & 8) && (env->cr[0] & CR0_PG_MASK)) {
427 cpu_x86_update_cr3(env, new_cr3);
430 /* load all registers without an exception, then reload them with
431 possible exception */
433 eflags_mask = TF_MASK | AC_MASK | ID_MASK |
434 IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK;
436 eflags_mask &= 0xffff;
437 load_eflags(new_eflags, eflags_mask);
438 /* XXX: what to do in 16 bit case ? */
447 if (new_eflags & VM_MASK) {
448 for(i = 0; i < 6; i++)
449 load_seg_vm(i, new_segs[i]);
450 /* in vm86, CPL is always 3 */
451 cpu_x86_set_cpl(env, 3);
453 /* CPL is set the RPL of CS */
454 cpu_x86_set_cpl(env, new_segs[R_CS] & 3);
455 /* first just selectors as the rest may trigger exceptions */
456 for(i = 0; i < 6; i++)
457 cpu_x86_load_seg_cache(env, i, new_segs[i], 0, 0, 0);
460 env->ldt.selector = new_ldt & ~4;
467 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
469 if ((new_ldt & 0xfffc) != 0) {
471 index = new_ldt & ~7;
472 if ((index + 7) > dt->limit)
473 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
474 ptr = dt->base + index;
475 e1 = ldl_kernel(ptr);
476 e2 = ldl_kernel(ptr + 4);
477 if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2)
478 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
479 if (!(e2 & DESC_P_MASK))
480 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
481 load_seg_cache_raw_dt(&env->ldt, e1, e2);
484 /* load the segments */
485 if (!(new_eflags & VM_MASK)) {
486 tss_load_seg(R_CS, new_segs[R_CS]);
487 tss_load_seg(R_SS, new_segs[R_SS]);
488 tss_load_seg(R_ES, new_segs[R_ES]);
489 tss_load_seg(R_DS, new_segs[R_DS]);
490 tss_load_seg(R_FS, new_segs[R_FS]);
491 tss_load_seg(R_GS, new_segs[R_GS]);
494 /* check that EIP is in the CS segment limits */
495 if (new_eip > env->segs[R_CS].limit) {
496 /* XXX: different exception if CALL ? */
497 raise_exception_err(EXCP0D_GPF, 0);
501 /* check if Port I/O is allowed in TSS */
502 static inline void check_io(int addr, int size)
504 int io_offset, val, mask;
506 /* TSS must be a valid 32 bit one */
507 if (!(env->tr.flags & DESC_P_MASK) ||
508 ((env->tr.flags >> DESC_TYPE_SHIFT) & 0xf) != 9 ||
511 io_offset = lduw_kernel(env->tr.base + 0x66);
512 io_offset += (addr >> 3);
513 /* Note: the check needs two bytes */
514 if ((io_offset + 1) > env->tr.limit)
516 val = lduw_kernel(env->tr.base + io_offset);
518 mask = (1 << size) - 1;
519 /* all bits must be zero to allow the I/O */
520 if ((val & mask) != 0) {
522 raise_exception_err(EXCP0D_GPF, 0);
526 void helper_check_iob(uint32_t t0)
531 void helper_check_iow(uint32_t t0)
536 void helper_check_iol(uint32_t t0)
541 void helper_outb(uint32_t port, uint32_t data)
543 cpu_outb(env, port, data & 0xff);
546 target_ulong helper_inb(uint32_t port)
548 return cpu_inb(env, port);
551 void helper_outw(uint32_t port, uint32_t data)
553 cpu_outw(env, port, data & 0xffff);
556 target_ulong helper_inw(uint32_t port)
558 return cpu_inw(env, port);
561 void helper_outl(uint32_t port, uint32_t data)
563 cpu_outl(env, port, data);
566 target_ulong helper_inl(uint32_t port)
568 return cpu_inl(env, port);
571 static inline unsigned int get_sp_mask(unsigned int e2)
573 if (e2 & DESC_B_MASK)
580 #define SET_ESP(val, sp_mask)\
582 if ((sp_mask) == 0xffff)\
583 ESP = (ESP & ~0xffff) | ((val) & 0xffff);\
584 else if ((sp_mask) == 0xffffffffLL)\
585 ESP = (uint32_t)(val);\
590 #define SET_ESP(val, sp_mask) ESP = (ESP & ~(sp_mask)) | ((val) & (sp_mask))
593 /* XXX: add a is_user flag to have proper security support */
594 #define PUSHW(ssp, sp, sp_mask, val)\
597 stw_kernel((ssp) + (sp & (sp_mask)), (val));\
600 #define PUSHL(ssp, sp, sp_mask, val)\
603 stl_kernel((ssp) + (sp & (sp_mask)), (val));\
606 #define POPW(ssp, sp, sp_mask, val)\
608 val = lduw_kernel((ssp) + (sp & (sp_mask)));\
612 #define POPL(ssp, sp, sp_mask, val)\
614 val = (uint32_t)ldl_kernel((ssp) + (sp & (sp_mask)));\
618 /* protected mode interrupt */
619 static void do_interrupt_protected(int intno, int is_int, int error_code,
620 unsigned int next_eip, int is_hw)
623 target_ulong ptr, ssp;
624 int type, dpl, selector, ss_dpl, cpl;
625 int has_error_code, new_stack, shift;
626 uint32_t e1, e2, offset, ss, esp, ss_e1, ss_e2;
627 uint32_t old_eip, sp_mask;
630 if (!is_int && !is_hw) {
649 if (intno * 8 + 7 > dt->limit)
650 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
651 ptr = dt->base + intno * 8;
652 e1 = ldl_kernel(ptr);
653 e2 = ldl_kernel(ptr + 4);
654 /* check gate type */
655 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
657 case 5: /* task gate */
658 /* must do that check here to return the correct error code */
659 if (!(e2 & DESC_P_MASK))
660 raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
661 switch_tss(intno * 8, e1, e2, SWITCH_TSS_CALL, old_eip);
662 if (has_error_code) {
665 /* push the error code */
666 type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
668 if (env->segs[R_SS].flags & DESC_B_MASK)
672 esp = (ESP - (2 << shift)) & mask;
673 ssp = env->segs[R_SS].base + esp;
675 stl_kernel(ssp, error_code);
677 stw_kernel(ssp, error_code);
681 case 6: /* 286 interrupt gate */
682 case 7: /* 286 trap gate */
683 case 14: /* 386 interrupt gate */
684 case 15: /* 386 trap gate */
687 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
690 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
691 cpl = env->hflags & HF_CPL_MASK;
692 /* check privilege if software int */
693 if (is_int && dpl < cpl)
694 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
695 /* check valid bit */
696 if (!(e2 & DESC_P_MASK))
697 raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
699 offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
700 if ((selector & 0xfffc) == 0)
701 raise_exception_err(EXCP0D_GPF, 0);
703 if (load_segment(&e1, &e2, selector) != 0)
704 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
705 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
706 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
707 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
709 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
710 if (!(e2 & DESC_P_MASK))
711 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
712 if (!(e2 & DESC_C_MASK) && dpl < cpl) {
713 /* to inner privilege */
714 get_ss_esp_from_tss(&ss, &esp, dpl);
715 if ((ss & 0xfffc) == 0)
716 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
718 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
719 if (load_segment(&ss_e1, &ss_e2, ss) != 0)
720 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
721 ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
723 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
724 if (!(ss_e2 & DESC_S_MASK) ||
725 (ss_e2 & DESC_CS_MASK) ||
726 !(ss_e2 & DESC_W_MASK))
727 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
728 if (!(ss_e2 & DESC_P_MASK))
729 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
731 sp_mask = get_sp_mask(ss_e2);
732 ssp = get_seg_base(ss_e1, ss_e2);
733 } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
734 /* to same privilege */
735 if (env->eflags & VM_MASK)
736 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
738 sp_mask = get_sp_mask(env->segs[R_SS].flags);
739 ssp = env->segs[R_SS].base;
743 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
744 new_stack = 0; /* avoid warning */
745 sp_mask = 0; /* avoid warning */
746 ssp = 0; /* avoid warning */
747 esp = 0; /* avoid warning */
753 /* XXX: check that enough room is available */
754 push_size = 6 + (new_stack << 2) + (has_error_code << 1);
755 if (env->eflags & VM_MASK)
761 if (env->eflags & VM_MASK) {
762 PUSHL(ssp, esp, sp_mask, env->segs[R_GS].selector);
763 PUSHL(ssp, esp, sp_mask, env->segs[R_FS].selector);
764 PUSHL(ssp, esp, sp_mask, env->segs[R_DS].selector);
765 PUSHL(ssp, esp, sp_mask, env->segs[R_ES].selector);
767 PUSHL(ssp, esp, sp_mask, env->segs[R_SS].selector);
768 PUSHL(ssp, esp, sp_mask, ESP);
770 PUSHL(ssp, esp, sp_mask, compute_eflags());
771 PUSHL(ssp, esp, sp_mask, env->segs[R_CS].selector);
772 PUSHL(ssp, esp, sp_mask, old_eip);
773 if (has_error_code) {
774 PUSHL(ssp, esp, sp_mask, error_code);
778 if (env->eflags & VM_MASK) {
779 PUSHW(ssp, esp, sp_mask, env->segs[R_GS].selector);
780 PUSHW(ssp, esp, sp_mask, env->segs[R_FS].selector);
781 PUSHW(ssp, esp, sp_mask, env->segs[R_DS].selector);
782 PUSHW(ssp, esp, sp_mask, env->segs[R_ES].selector);
784 PUSHW(ssp, esp, sp_mask, env->segs[R_SS].selector);
785 PUSHW(ssp, esp, sp_mask, ESP);
787 PUSHW(ssp, esp, sp_mask, compute_eflags());
788 PUSHW(ssp, esp, sp_mask, env->segs[R_CS].selector);
789 PUSHW(ssp, esp, sp_mask, old_eip);
790 if (has_error_code) {
791 PUSHW(ssp, esp, sp_mask, error_code);
796 if (env->eflags & VM_MASK) {
797 cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0, 0);
798 cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0, 0);
799 cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0, 0);
800 cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0, 0);
802 ss = (ss & ~3) | dpl;
803 cpu_x86_load_seg_cache(env, R_SS, ss,
804 ssp, get_seg_limit(ss_e1, ss_e2), ss_e2);
806 SET_ESP(esp, sp_mask);
808 selector = (selector & ~3) | dpl;
809 cpu_x86_load_seg_cache(env, R_CS, selector,
810 get_seg_base(e1, e2),
811 get_seg_limit(e1, e2),
813 cpu_x86_set_cpl(env, dpl);
816 /* interrupt gate clear IF mask */
817 if ((type & 1) == 0) {
818 env->eflags &= ~IF_MASK;
820 env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
825 #define PUSHQ(sp, val)\
828 stq_kernel(sp, (val));\
831 #define POPQ(sp, val)\
833 val = ldq_kernel(sp);\
837 static inline target_ulong get_rsp_from_tss(int level)
842 printf("TR: base=" TARGET_FMT_lx " limit=%x\n",
843 env->tr.base, env->tr.limit);
846 if (!(env->tr.flags & DESC_P_MASK))
847 cpu_abort(env, "invalid tss");
848 index = 8 * level + 4;
849 if ((index + 7) > env->tr.limit)
850 raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
851 return ldq_kernel(env->tr.base + index);
854 /* 64 bit interrupt */
855 static void do_interrupt64(int intno, int is_int, int error_code,
856 target_ulong next_eip, int is_hw)
860 int type, dpl, selector, cpl, ist;
861 int has_error_code, new_stack;
862 uint32_t e1, e2, e3, ss;
863 target_ulong old_eip, esp, offset;
866 if (!is_int && !is_hw) {
885 if (intno * 16 + 15 > dt->limit)
886 raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
887 ptr = dt->base + intno * 16;
888 e1 = ldl_kernel(ptr);
889 e2 = ldl_kernel(ptr + 4);
890 e3 = ldl_kernel(ptr + 8);
891 /* check gate type */
892 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
894 case 14: /* 386 interrupt gate */
895 case 15: /* 386 trap gate */
898 raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
901 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
902 cpl = env->hflags & HF_CPL_MASK;
903 /* check privilege if software int */
904 if (is_int && dpl < cpl)
905 raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
906 /* check valid bit */
907 if (!(e2 & DESC_P_MASK))
908 raise_exception_err(EXCP0B_NOSEG, intno * 16 + 2);
910 offset = ((target_ulong)e3 << 32) | (e2 & 0xffff0000) | (e1 & 0x0000ffff);
912 if ((selector & 0xfffc) == 0)
913 raise_exception_err(EXCP0D_GPF, 0);
915 if (load_segment(&e1, &e2, selector) != 0)
916 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
917 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
918 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
919 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
921 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
922 if (!(e2 & DESC_P_MASK))
923 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
924 if (!(e2 & DESC_L_MASK) || (e2 & DESC_B_MASK))
925 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
926 if ((!(e2 & DESC_C_MASK) && dpl < cpl) || ist != 0) {
927 /* to inner privilege */
929 esp = get_rsp_from_tss(ist + 3);
931 esp = get_rsp_from_tss(dpl);
932 esp &= ~0xfLL; /* align stack */
935 } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
936 /* to same privilege */
937 if (env->eflags & VM_MASK)
938 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
941 esp = get_rsp_from_tss(ist + 3);
944 esp &= ~0xfLL; /* align stack */
947 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
948 new_stack = 0; /* avoid warning */
949 esp = 0; /* avoid warning */
952 PUSHQ(esp, env->segs[R_SS].selector);
954 PUSHQ(esp, compute_eflags());
955 PUSHQ(esp, env->segs[R_CS].selector);
957 if (has_error_code) {
958 PUSHQ(esp, error_code);
963 cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, 0);
967 selector = (selector & ~3) | dpl;
968 cpu_x86_load_seg_cache(env, R_CS, selector,
969 get_seg_base(e1, e2),
970 get_seg_limit(e1, e2),
972 cpu_x86_set_cpl(env, dpl);
975 /* interrupt gate clear IF mask */
976 if ((type & 1) == 0) {
977 env->eflags &= ~IF_MASK;
979 env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
983 #if defined(CONFIG_USER_ONLY)
984 void helper_syscall(int next_eip_addend)
986 env->exception_index = EXCP_SYSCALL;
987 env->exception_next_eip = env->eip + next_eip_addend;
991 void helper_syscall(int next_eip_addend)
995 if (!(env->efer & MSR_EFER_SCE)) {
996 raise_exception_err(EXCP06_ILLOP, 0);
998 selector = (env->star >> 32) & 0xffff;
1000 if (env->hflags & HF_LMA_MASK) {
1003 ECX = env->eip + next_eip_addend;
1004 env->regs[11] = compute_eflags();
1006 code64 = env->hflags & HF_CS64_MASK;
1008 cpu_x86_set_cpl(env, 0);
1009 cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
1011 DESC_G_MASK | DESC_P_MASK |
1013 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
1014 cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
1016 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1018 DESC_W_MASK | DESC_A_MASK);
1019 env->eflags &= ~env->fmask;
1020 load_eflags(env->eflags, 0);
1022 env->eip = env->lstar;
1024 env->eip = env->cstar;
1028 ECX = (uint32_t)(env->eip + next_eip_addend);
1030 cpu_x86_set_cpl(env, 0);
1031 cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
1033 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1035 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1036 cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
1038 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1040 DESC_W_MASK | DESC_A_MASK);
1041 env->eflags &= ~(IF_MASK | RF_MASK | VM_MASK);
1042 env->eip = (uint32_t)env->star;
1047 void helper_sysret(int dflag)
1051 if (!(env->efer & MSR_EFER_SCE)) {
1052 raise_exception_err(EXCP06_ILLOP, 0);
1054 cpl = env->hflags & HF_CPL_MASK;
1055 if (!(env->cr[0] & CR0_PE_MASK) || cpl != 0) {
1056 raise_exception_err(EXCP0D_GPF, 0);
1058 selector = (env->star >> 48) & 0xffff;
1059 #ifdef TARGET_X86_64
1060 if (env->hflags & HF_LMA_MASK) {
1062 cpu_x86_load_seg_cache(env, R_CS, (selector + 16) | 3,
1064 DESC_G_MASK | DESC_P_MASK |
1065 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1066 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
1070 cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1072 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1073 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1074 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1075 env->eip = (uint32_t)ECX;
1077 cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1079 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1080 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1081 DESC_W_MASK | DESC_A_MASK);
1082 load_eflags((uint32_t)(env->regs[11]), TF_MASK | AC_MASK | ID_MASK |
1083 IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK);
1084 cpu_x86_set_cpl(env, 3);
1088 cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1090 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1091 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1092 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1093 env->eip = (uint32_t)ECX;
1094 cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1096 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1097 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1098 DESC_W_MASK | DESC_A_MASK);
1099 env->eflags |= IF_MASK;
1100 cpu_x86_set_cpl(env, 3);
1103 if (kqemu_is_ok(env)) {
1104 if (env->hflags & HF_LMA_MASK)
1105 CC_OP = CC_OP_EFLAGS;
1106 env->exception_index = -1;
1112 /* real mode interrupt */
1113 static void do_interrupt_real(int intno, int is_int, int error_code,
1114 unsigned int next_eip)
1117 target_ulong ptr, ssp;
1119 uint32_t offset, esp;
1120 uint32_t old_cs, old_eip;
1122 /* real mode (simpler !) */
1124 if (intno * 4 + 3 > dt->limit)
1125 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
1126 ptr = dt->base + intno * 4;
1127 offset = lduw_kernel(ptr);
1128 selector = lduw_kernel(ptr + 2);
1130 ssp = env->segs[R_SS].base;
1135 old_cs = env->segs[R_CS].selector;
1136 /* XXX: use SS segment size ? */
1137 PUSHW(ssp, esp, 0xffff, compute_eflags());
1138 PUSHW(ssp, esp, 0xffff, old_cs);
1139 PUSHW(ssp, esp, 0xffff, old_eip);
1141 /* update processor state */
1142 ESP = (ESP & ~0xffff) | (esp & 0xffff);
1144 env->segs[R_CS].selector = selector;
1145 env->segs[R_CS].base = (selector << 4);
1146 env->eflags &= ~(IF_MASK | TF_MASK | AC_MASK | RF_MASK);
1149 /* fake user mode interrupt */
1150 void do_interrupt_user(int intno, int is_int, int error_code,
1151 target_ulong next_eip)
1155 int dpl, cpl, shift;
1159 if (env->hflags & HF_LMA_MASK) {
1164 ptr = dt->base + (intno << shift);
1165 e2 = ldl_kernel(ptr + 4);
1167 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1168 cpl = env->hflags & HF_CPL_MASK;
1169 /* check privilege if software int */
1170 if (is_int && dpl < cpl)
1171 raise_exception_err(EXCP0D_GPF, (intno << shift) + 2);
1173 /* Since we emulate only user space, we cannot do more than
1174 exiting the emulation with the suitable exception and error
1181 * Begin execution of an interruption. is_int is TRUE if coming from
1182 * the int instruction. next_eip is the EIP value AFTER the interrupt
1183 * instruction. It is only relevant if is_int is TRUE.
1185 void do_interrupt(int intno, int is_int, int error_code,
1186 target_ulong next_eip, int is_hw)
1188 if (loglevel & CPU_LOG_INT) {
1189 if ((env->cr[0] & CR0_PE_MASK)) {
1191 fprintf(logfile, "%6d: v=%02x e=%04x i=%d cpl=%d IP=%04x:" TARGET_FMT_lx " pc=" TARGET_FMT_lx " SP=%04x:" TARGET_FMT_lx,
1192 count, intno, error_code, is_int,
1193 env->hflags & HF_CPL_MASK,
1194 env->segs[R_CS].selector, EIP,
1195 (int)env->segs[R_CS].base + EIP,
1196 env->segs[R_SS].selector, ESP);
1197 if (intno == 0x0e) {
1198 fprintf(logfile, " CR2=" TARGET_FMT_lx, env->cr[2]);
1200 fprintf(logfile, " EAX=" TARGET_FMT_lx, EAX);
1202 fprintf(logfile, "\n");
1203 cpu_dump_state(env, logfile, fprintf, X86_DUMP_CCOP);
1208 fprintf(logfile, " code=");
1209 ptr = env->segs[R_CS].base + env->eip;
1210 for(i = 0; i < 16; i++) {
1211 fprintf(logfile, " %02x", ldub(ptr + i));
1213 fprintf(logfile, "\n");
1219 if (env->cr[0] & CR0_PE_MASK) {
1221 if (env->hflags & HF_LMA_MASK) {
1222 do_interrupt64(intno, is_int, error_code, next_eip, is_hw);
1226 do_interrupt_protected(intno, is_int, error_code, next_eip, is_hw);
1229 do_interrupt_real(intno, is_int, error_code, next_eip);
1234 * Check nested exceptions and change to double or triple fault if
1235 * needed. It should only be called, if this is not an interrupt.
1236 * Returns the new exception number.
1238 static int check_exception(int intno, int *error_code)
1240 int first_contributory = env->old_exception == 0 ||
1241 (env->old_exception >= 10 &&
1242 env->old_exception <= 13);
1243 int second_contributory = intno == 0 ||
1244 (intno >= 10 && intno <= 13);
1246 if (loglevel & CPU_LOG_INT)
1247 fprintf(logfile, "check_exception old: 0x%x new 0x%x\n",
1248 env->old_exception, intno);
1250 if (env->old_exception == EXCP08_DBLE)
1251 cpu_abort(env, "triple fault");
1253 if ((first_contributory && second_contributory)
1254 || (env->old_exception == EXCP0E_PAGE &&
1255 (second_contributory || (intno == EXCP0E_PAGE)))) {
1256 intno = EXCP08_DBLE;
1260 if (second_contributory || (intno == EXCP0E_PAGE) ||
1261 (intno == EXCP08_DBLE))
1262 env->old_exception = intno;
1268 * Signal an interruption. It is executed in the main CPU loop.
1269 * is_int is TRUE if coming from the int instruction. next_eip is the
1270 * EIP value AFTER the interrupt instruction. It is only relevant if
1273 void raise_interrupt(int intno, int is_int, int error_code,
1274 int next_eip_addend)
1277 helper_svm_check_intercept_param(SVM_EXIT_EXCP_BASE + intno, error_code);
1278 intno = check_exception(intno, &error_code);
1280 helper_svm_check_intercept_param(SVM_EXIT_SWINT, 0);
1283 env->exception_index = intno;
1284 env->error_code = error_code;
1285 env->exception_is_int = is_int;
1286 env->exception_next_eip = env->eip + next_eip_addend;
1290 /* shortcuts to generate exceptions */
1292 void (raise_exception_err)(int exception_index, int error_code)
1294 raise_interrupt(exception_index, 0, error_code, 0);
1297 void raise_exception(int exception_index)
1299 raise_interrupt(exception_index, 0, 0, 0);
1304 #if defined(CONFIG_USER_ONLY)
1306 void do_smm_enter(void)
1310 void helper_rsm(void)
1316 #ifdef TARGET_X86_64
1317 #define SMM_REVISION_ID 0x00020064
1319 #define SMM_REVISION_ID 0x00020000
1322 void do_smm_enter(void)
1324 target_ulong sm_state;
1328 if (loglevel & CPU_LOG_INT) {
1329 fprintf(logfile, "SMM: enter\n");
1330 cpu_dump_state(env, logfile, fprintf, X86_DUMP_CCOP);
1333 env->hflags |= HF_SMM_MASK;
1334 cpu_smm_update(env);
1336 sm_state = env->smbase + 0x8000;
1338 #ifdef TARGET_X86_64
1339 for(i = 0; i < 6; i++) {
1341 offset = 0x7e00 + i * 16;
1342 stw_phys(sm_state + offset, dt->selector);
1343 stw_phys(sm_state + offset + 2, (dt->flags >> 8) & 0xf0ff);
1344 stl_phys(sm_state + offset + 4, dt->limit);
1345 stq_phys(sm_state + offset + 8, dt->base);
1348 stq_phys(sm_state + 0x7e68, env->gdt.base);
1349 stl_phys(sm_state + 0x7e64, env->gdt.limit);
1351 stw_phys(sm_state + 0x7e70, env->ldt.selector);
1352 stq_phys(sm_state + 0x7e78, env->ldt.base);
1353 stl_phys(sm_state + 0x7e74, env->ldt.limit);
1354 stw_phys(sm_state + 0x7e72, (env->ldt.flags >> 8) & 0xf0ff);
1356 stq_phys(sm_state + 0x7e88, env->idt.base);
1357 stl_phys(sm_state + 0x7e84, env->idt.limit);
1359 stw_phys(sm_state + 0x7e90, env->tr.selector);
1360 stq_phys(sm_state + 0x7e98, env->tr.base);
1361 stl_phys(sm_state + 0x7e94, env->tr.limit);
1362 stw_phys(sm_state + 0x7e92, (env->tr.flags >> 8) & 0xf0ff);
1364 stq_phys(sm_state + 0x7ed0, env->efer);
1366 stq_phys(sm_state + 0x7ff8, EAX);
1367 stq_phys(sm_state + 0x7ff0, ECX);
1368 stq_phys(sm_state + 0x7fe8, EDX);
1369 stq_phys(sm_state + 0x7fe0, EBX);
1370 stq_phys(sm_state + 0x7fd8, ESP);
1371 stq_phys(sm_state + 0x7fd0, EBP);
1372 stq_phys(sm_state + 0x7fc8, ESI);
1373 stq_phys(sm_state + 0x7fc0, EDI);
1374 for(i = 8; i < 16; i++)
1375 stq_phys(sm_state + 0x7ff8 - i * 8, env->regs[i]);
1376 stq_phys(sm_state + 0x7f78, env->eip);
1377 stl_phys(sm_state + 0x7f70, compute_eflags());
1378 stl_phys(sm_state + 0x7f68, env->dr[6]);
1379 stl_phys(sm_state + 0x7f60, env->dr[7]);
1381 stl_phys(sm_state + 0x7f48, env->cr[4]);
1382 stl_phys(sm_state + 0x7f50, env->cr[3]);
1383 stl_phys(sm_state + 0x7f58, env->cr[0]);
1385 stl_phys(sm_state + 0x7efc, SMM_REVISION_ID);
1386 stl_phys(sm_state + 0x7f00, env->smbase);
1388 stl_phys(sm_state + 0x7ffc, env->cr[0]);
1389 stl_phys(sm_state + 0x7ff8, env->cr[3]);
1390 stl_phys(sm_state + 0x7ff4, compute_eflags());
1391 stl_phys(sm_state + 0x7ff0, env->eip);
1392 stl_phys(sm_state + 0x7fec, EDI);
1393 stl_phys(sm_state + 0x7fe8, ESI);
1394 stl_phys(sm_state + 0x7fe4, EBP);
1395 stl_phys(sm_state + 0x7fe0, ESP);
1396 stl_phys(sm_state + 0x7fdc, EBX);
1397 stl_phys(sm_state + 0x7fd8, EDX);
1398 stl_phys(sm_state + 0x7fd4, ECX);
1399 stl_phys(sm_state + 0x7fd0, EAX);
1400 stl_phys(sm_state + 0x7fcc, env->dr[6]);
1401 stl_phys(sm_state + 0x7fc8, env->dr[7]);
1403 stl_phys(sm_state + 0x7fc4, env->tr.selector);
1404 stl_phys(sm_state + 0x7f64, env->tr.base);
1405 stl_phys(sm_state + 0x7f60, env->tr.limit);
1406 stl_phys(sm_state + 0x7f5c, (env->tr.flags >> 8) & 0xf0ff);
1408 stl_phys(sm_state + 0x7fc0, env->ldt.selector);
1409 stl_phys(sm_state + 0x7f80, env->ldt.base);
1410 stl_phys(sm_state + 0x7f7c, env->ldt.limit);
1411 stl_phys(sm_state + 0x7f78, (env->ldt.flags >> 8) & 0xf0ff);
1413 stl_phys(sm_state + 0x7f74, env->gdt.base);
1414 stl_phys(sm_state + 0x7f70, env->gdt.limit);
1416 stl_phys(sm_state + 0x7f58, env->idt.base);
1417 stl_phys(sm_state + 0x7f54, env->idt.limit);
1419 for(i = 0; i < 6; i++) {
1422 offset = 0x7f84 + i * 12;
1424 offset = 0x7f2c + (i - 3) * 12;
1425 stl_phys(sm_state + 0x7fa8 + i * 4, dt->selector);
1426 stl_phys(sm_state + offset + 8, dt->base);
1427 stl_phys(sm_state + offset + 4, dt->limit);
1428 stl_phys(sm_state + offset, (dt->flags >> 8) & 0xf0ff);
1430 stl_phys(sm_state + 0x7f14, env->cr[4]);
1432 stl_phys(sm_state + 0x7efc, SMM_REVISION_ID);
1433 stl_phys(sm_state + 0x7ef8, env->smbase);
1435 /* init SMM cpu state */
1437 #ifdef TARGET_X86_64
1438 cpu_load_efer(env, 0);
1440 load_eflags(0, ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1441 env->eip = 0x00008000;
1442 cpu_x86_load_seg_cache(env, R_CS, (env->smbase >> 4) & 0xffff, env->smbase,
1444 cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffffffff, 0);
1445 cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0xffffffff, 0);
1446 cpu_x86_load_seg_cache(env, R_SS, 0, 0, 0xffffffff, 0);
1447 cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0xffffffff, 0);
1448 cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0xffffffff, 0);
1450 cpu_x86_update_cr0(env,
1451 env->cr[0] & ~(CR0_PE_MASK | CR0_EM_MASK | CR0_TS_MASK | CR0_PG_MASK));
1452 cpu_x86_update_cr4(env, 0);
1453 env->dr[7] = 0x00000400;
1454 CC_OP = CC_OP_EFLAGS;
1457 void helper_rsm(void)
1459 target_ulong sm_state;
1463 sm_state = env->smbase + 0x8000;
1464 #ifdef TARGET_X86_64
1465 cpu_load_efer(env, ldq_phys(sm_state + 0x7ed0));
1467 for(i = 0; i < 6; i++) {
1468 offset = 0x7e00 + i * 16;
1469 cpu_x86_load_seg_cache(env, i,
1470 lduw_phys(sm_state + offset),
1471 ldq_phys(sm_state + offset + 8),
1472 ldl_phys(sm_state + offset + 4),
1473 (lduw_phys(sm_state + offset + 2) & 0xf0ff) << 8);
1476 env->gdt.base = ldq_phys(sm_state + 0x7e68);
1477 env->gdt.limit = ldl_phys(sm_state + 0x7e64);
1479 env->ldt.selector = lduw_phys(sm_state + 0x7e70);
1480 env->ldt.base = ldq_phys(sm_state + 0x7e78);
1481 env->ldt.limit = ldl_phys(sm_state + 0x7e74);
1482 env->ldt.flags = (lduw_phys(sm_state + 0x7e72) & 0xf0ff) << 8;
1484 env->idt.base = ldq_phys(sm_state + 0x7e88);
1485 env->idt.limit = ldl_phys(sm_state + 0x7e84);
1487 env->tr.selector = lduw_phys(sm_state + 0x7e90);
1488 env->tr.base = ldq_phys(sm_state + 0x7e98);
1489 env->tr.limit = ldl_phys(sm_state + 0x7e94);
1490 env->tr.flags = (lduw_phys(sm_state + 0x7e92) & 0xf0ff) << 8;
1492 EAX = ldq_phys(sm_state + 0x7ff8);
1493 ECX = ldq_phys(sm_state + 0x7ff0);
1494 EDX = ldq_phys(sm_state + 0x7fe8);
1495 EBX = ldq_phys(sm_state + 0x7fe0);
1496 ESP = ldq_phys(sm_state + 0x7fd8);
1497 EBP = ldq_phys(sm_state + 0x7fd0);
1498 ESI = ldq_phys(sm_state + 0x7fc8);
1499 EDI = ldq_phys(sm_state + 0x7fc0);
1500 for(i = 8; i < 16; i++)
1501 env->regs[i] = ldq_phys(sm_state + 0x7ff8 - i * 8);
1502 env->eip = ldq_phys(sm_state + 0x7f78);
1503 load_eflags(ldl_phys(sm_state + 0x7f70),
1504 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1505 env->dr[6] = ldl_phys(sm_state + 0x7f68);
1506 env->dr[7] = ldl_phys(sm_state + 0x7f60);
1508 cpu_x86_update_cr4(env, ldl_phys(sm_state + 0x7f48));
1509 cpu_x86_update_cr3(env, ldl_phys(sm_state + 0x7f50));
1510 cpu_x86_update_cr0(env, ldl_phys(sm_state + 0x7f58));
1512 val = ldl_phys(sm_state + 0x7efc); /* revision ID */
1513 if (val & 0x20000) {
1514 env->smbase = ldl_phys(sm_state + 0x7f00) & ~0x7fff;
1517 cpu_x86_update_cr0(env, ldl_phys(sm_state + 0x7ffc));
1518 cpu_x86_update_cr3(env, ldl_phys(sm_state + 0x7ff8));
1519 load_eflags(ldl_phys(sm_state + 0x7ff4),
1520 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1521 env->eip = ldl_phys(sm_state + 0x7ff0);
1522 EDI = ldl_phys(sm_state + 0x7fec);
1523 ESI = ldl_phys(sm_state + 0x7fe8);
1524 EBP = ldl_phys(sm_state + 0x7fe4);
1525 ESP = ldl_phys(sm_state + 0x7fe0);
1526 EBX = ldl_phys(sm_state + 0x7fdc);
1527 EDX = ldl_phys(sm_state + 0x7fd8);
1528 ECX = ldl_phys(sm_state + 0x7fd4);
1529 EAX = ldl_phys(sm_state + 0x7fd0);
1530 env->dr[6] = ldl_phys(sm_state + 0x7fcc);
1531 env->dr[7] = ldl_phys(sm_state + 0x7fc8);
1533 env->tr.selector = ldl_phys(sm_state + 0x7fc4) & 0xffff;
1534 env->tr.base = ldl_phys(sm_state + 0x7f64);
1535 env->tr.limit = ldl_phys(sm_state + 0x7f60);
1536 env->tr.flags = (ldl_phys(sm_state + 0x7f5c) & 0xf0ff) << 8;
1538 env->ldt.selector = ldl_phys(sm_state + 0x7fc0) & 0xffff;
1539 env->ldt.base = ldl_phys(sm_state + 0x7f80);
1540 env->ldt.limit = ldl_phys(sm_state + 0x7f7c);
1541 env->ldt.flags = (ldl_phys(sm_state + 0x7f78) & 0xf0ff) << 8;
1543 env->gdt.base = ldl_phys(sm_state + 0x7f74);
1544 env->gdt.limit = ldl_phys(sm_state + 0x7f70);
1546 env->idt.base = ldl_phys(sm_state + 0x7f58);
1547 env->idt.limit = ldl_phys(sm_state + 0x7f54);
1549 for(i = 0; i < 6; i++) {
1551 offset = 0x7f84 + i * 12;
1553 offset = 0x7f2c + (i - 3) * 12;
1554 cpu_x86_load_seg_cache(env, i,
1555 ldl_phys(sm_state + 0x7fa8 + i * 4) & 0xffff,
1556 ldl_phys(sm_state + offset + 8),
1557 ldl_phys(sm_state + offset + 4),
1558 (ldl_phys(sm_state + offset) & 0xf0ff) << 8);
1560 cpu_x86_update_cr4(env, ldl_phys(sm_state + 0x7f14));
1562 val = ldl_phys(sm_state + 0x7efc); /* revision ID */
1563 if (val & 0x20000) {
1564 env->smbase = ldl_phys(sm_state + 0x7ef8) & ~0x7fff;
1567 CC_OP = CC_OP_EFLAGS;
1568 env->hflags &= ~HF_SMM_MASK;
1569 cpu_smm_update(env);
1571 if (loglevel & CPU_LOG_INT) {
1572 fprintf(logfile, "SMM: after RSM\n");
1573 cpu_dump_state(env, logfile, fprintf, X86_DUMP_CCOP);
1577 #endif /* !CONFIG_USER_ONLY */
1580 /* division, flags are undefined */
1582 void helper_divb_AL(target_ulong t0)
1584 unsigned int num, den, q, r;
1586 num = (EAX & 0xffff);
1589 raise_exception(EXCP00_DIVZ);
1593 raise_exception(EXCP00_DIVZ);
1595 r = (num % den) & 0xff;
1596 EAX = (EAX & ~0xffff) | (r << 8) | q;
1599 void helper_idivb_AL(target_ulong t0)
1606 raise_exception(EXCP00_DIVZ);
1610 raise_exception(EXCP00_DIVZ);
1612 r = (num % den) & 0xff;
1613 EAX = (EAX & ~0xffff) | (r << 8) | q;
1616 void helper_divw_AX(target_ulong t0)
1618 unsigned int num, den, q, r;
1620 num = (EAX & 0xffff) | ((EDX & 0xffff) << 16);
1621 den = (t0 & 0xffff);
1623 raise_exception(EXCP00_DIVZ);
1627 raise_exception(EXCP00_DIVZ);
1629 r = (num % den) & 0xffff;
1630 EAX = (EAX & ~0xffff) | q;
1631 EDX = (EDX & ~0xffff) | r;
1634 void helper_idivw_AX(target_ulong t0)
1638 num = (EAX & 0xffff) | ((EDX & 0xffff) << 16);
1641 raise_exception(EXCP00_DIVZ);
1644 if (q != (int16_t)q)
1645 raise_exception(EXCP00_DIVZ);
1647 r = (num % den) & 0xffff;
1648 EAX = (EAX & ~0xffff) | q;
1649 EDX = (EDX & ~0xffff) | r;
1652 void helper_divl_EAX(target_ulong t0)
1654 unsigned int den, r;
1657 num = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
1660 raise_exception(EXCP00_DIVZ);
1665 raise_exception(EXCP00_DIVZ);
1670 void helper_idivl_EAX(target_ulong t0)
1675 num = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
1678 raise_exception(EXCP00_DIVZ);
1682 if (q != (int32_t)q)
1683 raise_exception(EXCP00_DIVZ);
1690 /* XXX: exception */
1691 void helper_aam(int base)
1697 EAX = (EAX & ~0xffff) | al | (ah << 8);
1701 void helper_aad(int base)
1705 ah = (EAX >> 8) & 0xff;
1706 al = ((ah * base) + al) & 0xff;
1707 EAX = (EAX & ~0xffff) | al;
1711 void helper_aaa(void)
1717 eflags = cc_table[CC_OP].compute_all();
1720 ah = (EAX >> 8) & 0xff;
1722 icarry = (al > 0xf9);
1723 if (((al & 0x0f) > 9 ) || af) {
1724 al = (al + 6) & 0x0f;
1725 ah = (ah + 1 + icarry) & 0xff;
1726 eflags |= CC_C | CC_A;
1728 eflags &= ~(CC_C | CC_A);
1731 EAX = (EAX & ~0xffff) | al | (ah << 8);
1736 void helper_aas(void)
1742 eflags = cc_table[CC_OP].compute_all();
1745 ah = (EAX >> 8) & 0xff;
1748 if (((al & 0x0f) > 9 ) || af) {
1749 al = (al - 6) & 0x0f;
1750 ah = (ah - 1 - icarry) & 0xff;
1751 eflags |= CC_C | CC_A;
1753 eflags &= ~(CC_C | CC_A);
1756 EAX = (EAX & ~0xffff) | al | (ah << 8);
1761 void helper_daa(void)
1766 eflags = cc_table[CC_OP].compute_all();
1772 if (((al & 0x0f) > 9 ) || af) {
1773 al = (al + 6) & 0xff;
1776 if ((al > 0x9f) || cf) {
1777 al = (al + 0x60) & 0xff;
1780 EAX = (EAX & ~0xff) | al;
1781 /* well, speed is not an issue here, so we compute the flags by hand */
1782 eflags |= (al == 0) << 6; /* zf */
1783 eflags |= parity_table[al]; /* pf */
1784 eflags |= (al & 0x80); /* sf */
1789 void helper_das(void)
1791 int al, al1, af, cf;
1794 eflags = cc_table[CC_OP].compute_all();
1801 if (((al & 0x0f) > 9 ) || af) {
1805 al = (al - 6) & 0xff;
1807 if ((al1 > 0x99) || cf) {
1808 al = (al - 0x60) & 0xff;
1811 EAX = (EAX & ~0xff) | al;
1812 /* well, speed is not an issue here, so we compute the flags by hand */
1813 eflags |= (al == 0) << 6; /* zf */
1814 eflags |= parity_table[al]; /* pf */
1815 eflags |= (al & 0x80); /* sf */
1820 void helper_into(int next_eip_addend)
1823 eflags = cc_table[CC_OP].compute_all();
1824 if (eflags & CC_O) {
1825 raise_interrupt(EXCP04_INTO, 1, 0, next_eip_addend);
1829 void helper_cmpxchg8b(target_ulong a0)
1834 eflags = cc_table[CC_OP].compute_all();
1836 if (d == (((uint64_t)EDX << 32) | (uint32_t)EAX)) {
1837 stq(a0, ((uint64_t)ECX << 32) | (uint32_t)EBX);
1840 /* always do the store */
1842 EDX = (uint32_t)(d >> 32);
1849 #ifdef TARGET_X86_64
1850 void helper_cmpxchg16b(target_ulong a0)
1855 if ((a0 & 0xf) != 0)
1856 raise_exception(EXCP0D_GPF);
1857 eflags = cc_table[CC_OP].compute_all();
1860 if (d0 == EAX && d1 == EDX) {
1865 /* always do the store */
1876 void helper_single_step(void)
1878 env->dr[6] |= 0x4000;
1879 raise_exception(EXCP01_SSTP);
1882 void helper_cpuid(void)
1886 helper_svm_check_intercept_param(SVM_EXIT_CPUID, 0);
1888 index = (uint32_t)EAX;
1889 /* test if maximum index reached */
1890 if (index & 0x80000000) {
1891 if (index > env->cpuid_xlevel)
1892 index = env->cpuid_level;
1894 if (index > env->cpuid_level)
1895 index = env->cpuid_level;
1900 EAX = env->cpuid_level;
1901 EBX = env->cpuid_vendor1;
1902 EDX = env->cpuid_vendor2;
1903 ECX = env->cpuid_vendor3;
1906 EAX = env->cpuid_version;
1907 EBX = (env->cpuid_apic_id << 24) | 8 << 8; /* CLFLUSH size in quad words, Linux wants it. */
1908 ECX = env->cpuid_ext_features;
1909 EDX = env->cpuid_features;
1912 /* cache info: needed for Pentium Pro compatibility */
1919 EAX = env->cpuid_xlevel;
1920 EBX = env->cpuid_vendor1;
1921 EDX = env->cpuid_vendor2;
1922 ECX = env->cpuid_vendor3;
1925 EAX = env->cpuid_features;
1927 ECX = env->cpuid_ext3_features;
1928 EDX = env->cpuid_ext2_features;
1933 EAX = env->cpuid_model[(index - 0x80000002) * 4 + 0];
1934 EBX = env->cpuid_model[(index - 0x80000002) * 4 + 1];
1935 ECX = env->cpuid_model[(index - 0x80000002) * 4 + 2];
1936 EDX = env->cpuid_model[(index - 0x80000002) * 4 + 3];
1939 /* cache info (L1 cache) */
1946 /* cache info (L2 cache) */
1953 /* virtual & phys address size in low 2 bytes. */
1954 /* XXX: This value must match the one used in the MMU code. */
1955 if (env->cpuid_ext2_features & CPUID_EXT2_LM) {
1956 /* 64 bit processor */
1957 #if defined(USE_KQEMU)
1958 EAX = 0x00003020; /* 48 bits virtual, 32 bits physical */
1960 /* XXX: The physical address space is limited to 42 bits in exec.c. */
1961 EAX = 0x00003028; /* 48 bits virtual, 40 bits physical */
1964 #if defined(USE_KQEMU)
1965 EAX = 0x00000020; /* 32 bits physical */
1967 EAX = 0x00000024; /* 36 bits physical */
1981 /* reserved values: zero */
1990 void helper_enter_level(int level, int data32, target_ulong t1)
1993 uint32_t esp_mask, esp, ebp;
1995 esp_mask = get_sp_mask(env->segs[R_SS].flags);
1996 ssp = env->segs[R_SS].base;
2005 stl(ssp + (esp & esp_mask), ldl(ssp + (ebp & esp_mask)));
2008 stl(ssp + (esp & esp_mask), t1);
2015 stw(ssp + (esp & esp_mask), lduw(ssp + (ebp & esp_mask)));
2018 stw(ssp + (esp & esp_mask), t1);
2022 #ifdef TARGET_X86_64
2023 void helper_enter64_level(int level, int data64, target_ulong t1)
2025 target_ulong esp, ebp;
2045 stw(esp, lduw(ebp));
2053 void helper_lldt(int selector)
2057 int index, entry_limit;
2061 if ((selector & 0xfffc) == 0) {
2062 /* XXX: NULL selector case: invalid LDT */
2067 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2069 index = selector & ~7;
2070 #ifdef TARGET_X86_64
2071 if (env->hflags & HF_LMA_MASK)
2076 if ((index + entry_limit) > dt->limit)
2077 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2078 ptr = dt->base + index;
2079 e1 = ldl_kernel(ptr);
2080 e2 = ldl_kernel(ptr + 4);
2081 if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2)
2082 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2083 if (!(e2 & DESC_P_MASK))
2084 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2085 #ifdef TARGET_X86_64
2086 if (env->hflags & HF_LMA_MASK) {
2088 e3 = ldl_kernel(ptr + 8);
2089 load_seg_cache_raw_dt(&env->ldt, e1, e2);
2090 env->ldt.base |= (target_ulong)e3 << 32;
2094 load_seg_cache_raw_dt(&env->ldt, e1, e2);
2097 env->ldt.selector = selector;
2100 void helper_ltr(int selector)
2104 int index, type, entry_limit;
2108 if ((selector & 0xfffc) == 0) {
2109 /* NULL selector case: invalid TR */
2115 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2117 index = selector & ~7;
2118 #ifdef TARGET_X86_64
2119 if (env->hflags & HF_LMA_MASK)
2124 if ((index + entry_limit) > dt->limit)
2125 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2126 ptr = dt->base + index;
2127 e1 = ldl_kernel(ptr);
2128 e2 = ldl_kernel(ptr + 4);
2129 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2130 if ((e2 & DESC_S_MASK) ||
2131 (type != 1 && type != 9))
2132 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2133 if (!(e2 & DESC_P_MASK))
2134 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2135 #ifdef TARGET_X86_64
2136 if (env->hflags & HF_LMA_MASK) {
2138 e3 = ldl_kernel(ptr + 8);
2139 e4 = ldl_kernel(ptr + 12);
2140 if ((e4 >> DESC_TYPE_SHIFT) & 0xf)
2141 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2142 load_seg_cache_raw_dt(&env->tr, e1, e2);
2143 env->tr.base |= (target_ulong)e3 << 32;
2147 load_seg_cache_raw_dt(&env->tr, e1, e2);
2149 e2 |= DESC_TSS_BUSY_MASK;
2150 stl_kernel(ptr + 4, e2);
2152 env->tr.selector = selector;
2155 /* only works if protected mode and not VM86. seg_reg must be != R_CS */
2156 void helper_load_seg(int seg_reg, int selector)
2165 cpl = env->hflags & HF_CPL_MASK;
2166 if ((selector & 0xfffc) == 0) {
2167 /* null selector case */
2169 #ifdef TARGET_X86_64
2170 && (!(env->hflags & HF_CS64_MASK) || cpl == 3)
2173 raise_exception_err(EXCP0D_GPF, 0);
2174 cpu_x86_load_seg_cache(env, seg_reg, selector, 0, 0, 0);
2181 index = selector & ~7;
2182 if ((index + 7) > dt->limit)
2183 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2184 ptr = dt->base + index;
2185 e1 = ldl_kernel(ptr);
2186 e2 = ldl_kernel(ptr + 4);
2188 if (!(e2 & DESC_S_MASK))
2189 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2191 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2192 if (seg_reg == R_SS) {
2193 /* must be writable segment */
2194 if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK))
2195 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2196 if (rpl != cpl || dpl != cpl)
2197 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2199 /* must be readable segment */
2200 if ((e2 & (DESC_CS_MASK | DESC_R_MASK)) == DESC_CS_MASK)
2201 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2203 if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
2204 /* if not conforming code, test rights */
2205 if (dpl < cpl || dpl < rpl)
2206 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2210 if (!(e2 & DESC_P_MASK)) {
2211 if (seg_reg == R_SS)
2212 raise_exception_err(EXCP0C_STACK, selector & 0xfffc);
2214 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2217 /* set the access bit if not already set */
2218 if (!(e2 & DESC_A_MASK)) {
2220 stl_kernel(ptr + 4, e2);
2223 cpu_x86_load_seg_cache(env, seg_reg, selector,
2224 get_seg_base(e1, e2),
2225 get_seg_limit(e1, e2),
2228 fprintf(logfile, "load_seg: sel=0x%04x base=0x%08lx limit=0x%08lx flags=%08x\n",
2229 selector, (unsigned long)sc->base, sc->limit, sc->flags);
2234 /* protected mode jump */
2235 void helper_ljmp_protected(int new_cs, target_ulong new_eip,
2236 int next_eip_addend)
2239 uint32_t e1, e2, cpl, dpl, rpl, limit;
2240 target_ulong next_eip;
2242 if ((new_cs & 0xfffc) == 0)
2243 raise_exception_err(EXCP0D_GPF, 0);
2244 if (load_segment(&e1, &e2, new_cs) != 0)
2245 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2246 cpl = env->hflags & HF_CPL_MASK;
2247 if (e2 & DESC_S_MASK) {
2248 if (!(e2 & DESC_CS_MASK))
2249 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2250 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2251 if (e2 & DESC_C_MASK) {
2252 /* conforming code segment */
2254 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2256 /* non conforming code segment */
2259 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2261 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2263 if (!(e2 & DESC_P_MASK))
2264 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2265 limit = get_seg_limit(e1, e2);
2266 if (new_eip > limit &&
2267 !(env->hflags & HF_LMA_MASK) && !(e2 & DESC_L_MASK))
2268 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2269 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2270 get_seg_base(e1, e2), limit, e2);
2273 /* jump to call or task gate */
2274 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2276 cpl = env->hflags & HF_CPL_MASK;
2277 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2279 case 1: /* 286 TSS */
2280 case 9: /* 386 TSS */
2281 case 5: /* task gate */
2282 if (dpl < cpl || dpl < rpl)
2283 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2284 next_eip = env->eip + next_eip_addend;
2285 switch_tss(new_cs, e1, e2, SWITCH_TSS_JMP, next_eip);
2286 CC_OP = CC_OP_EFLAGS;
2288 case 4: /* 286 call gate */
2289 case 12: /* 386 call gate */
2290 if ((dpl < cpl) || (dpl < rpl))
2291 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2292 if (!(e2 & DESC_P_MASK))
2293 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2295 new_eip = (e1 & 0xffff);
2297 new_eip |= (e2 & 0xffff0000);
2298 if (load_segment(&e1, &e2, gate_cs) != 0)
2299 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2300 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2301 /* must be code segment */
2302 if (((e2 & (DESC_S_MASK | DESC_CS_MASK)) !=
2303 (DESC_S_MASK | DESC_CS_MASK)))
2304 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2305 if (((e2 & DESC_C_MASK) && (dpl > cpl)) ||
2306 (!(e2 & DESC_C_MASK) && (dpl != cpl)))
2307 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2308 if (!(e2 & DESC_P_MASK))
2309 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2310 limit = get_seg_limit(e1, e2);
2311 if (new_eip > limit)
2312 raise_exception_err(EXCP0D_GPF, 0);
2313 cpu_x86_load_seg_cache(env, R_CS, (gate_cs & 0xfffc) | cpl,
2314 get_seg_base(e1, e2), limit, e2);
2318 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2324 /* real mode call */
2325 void helper_lcall_real(int new_cs, target_ulong new_eip1,
2326 int shift, int next_eip)
2329 uint32_t esp, esp_mask;
2334 esp_mask = get_sp_mask(env->segs[R_SS].flags);
2335 ssp = env->segs[R_SS].base;
2337 PUSHL(ssp, esp, esp_mask, env->segs[R_CS].selector);
2338 PUSHL(ssp, esp, esp_mask, next_eip);
2340 PUSHW(ssp, esp, esp_mask, env->segs[R_CS].selector);
2341 PUSHW(ssp, esp, esp_mask, next_eip);
2344 SET_ESP(esp, esp_mask);
2346 env->segs[R_CS].selector = new_cs;
2347 env->segs[R_CS].base = (new_cs << 4);
2350 /* protected mode call */
2351 void helper_lcall_protected(int new_cs, target_ulong new_eip,
2352 int shift, int next_eip_addend)
2355 uint32_t e1, e2, cpl, dpl, rpl, selector, offset, param_count;
2356 uint32_t ss, ss_e1, ss_e2, sp, type, ss_dpl, sp_mask;
2357 uint32_t val, limit, old_sp_mask;
2358 target_ulong ssp, old_ssp, next_eip;
2360 next_eip = env->eip + next_eip_addend;
2362 if (loglevel & CPU_LOG_PCALL) {
2363 fprintf(logfile, "lcall %04x:%08x s=%d\n",
2364 new_cs, (uint32_t)new_eip, shift);
2365 cpu_dump_state(env, logfile, fprintf, X86_DUMP_CCOP);
2368 if ((new_cs & 0xfffc) == 0)
2369 raise_exception_err(EXCP0D_GPF, 0);
2370 if (load_segment(&e1, &e2, new_cs) != 0)
2371 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2372 cpl = env->hflags & HF_CPL_MASK;
2374 if (loglevel & CPU_LOG_PCALL) {
2375 fprintf(logfile, "desc=%08x:%08x\n", e1, e2);
2378 if (e2 & DESC_S_MASK) {
2379 if (!(e2 & DESC_CS_MASK))
2380 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2381 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2382 if (e2 & DESC_C_MASK) {
2383 /* conforming code segment */
2385 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2387 /* non conforming code segment */
2390 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2392 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2394 if (!(e2 & DESC_P_MASK))
2395 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2397 #ifdef TARGET_X86_64
2398 /* XXX: check 16/32 bit cases in long mode */
2403 PUSHQ(rsp, env->segs[R_CS].selector);
2404 PUSHQ(rsp, next_eip);
2405 /* from this point, not restartable */
2407 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2408 get_seg_base(e1, e2),
2409 get_seg_limit(e1, e2), e2);
2415 sp_mask = get_sp_mask(env->segs[R_SS].flags);
2416 ssp = env->segs[R_SS].base;
2418 PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
2419 PUSHL(ssp, sp, sp_mask, next_eip);
2421 PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
2422 PUSHW(ssp, sp, sp_mask, next_eip);
2425 limit = get_seg_limit(e1, e2);
2426 if (new_eip > limit)
2427 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2428 /* from this point, not restartable */
2429 SET_ESP(sp, sp_mask);
2430 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2431 get_seg_base(e1, e2), limit, e2);
2435 /* check gate type */
2436 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
2437 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2440 case 1: /* available 286 TSS */
2441 case 9: /* available 386 TSS */
2442 case 5: /* task gate */
2443 if (dpl < cpl || dpl < rpl)
2444 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2445 switch_tss(new_cs, e1, e2, SWITCH_TSS_CALL, next_eip);
2446 CC_OP = CC_OP_EFLAGS;
2448 case 4: /* 286 call gate */
2449 case 12: /* 386 call gate */
2452 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2457 if (dpl < cpl || dpl < rpl)
2458 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2459 /* check valid bit */
2460 if (!(e2 & DESC_P_MASK))
2461 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2462 selector = e1 >> 16;
2463 offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
2464 param_count = e2 & 0x1f;
2465 if ((selector & 0xfffc) == 0)
2466 raise_exception_err(EXCP0D_GPF, 0);
2468 if (load_segment(&e1, &e2, selector) != 0)
2469 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2470 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
2471 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2472 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2474 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2475 if (!(e2 & DESC_P_MASK))
2476 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2478 if (!(e2 & DESC_C_MASK) && dpl < cpl) {
2479 /* to inner privilege */
2480 get_ss_esp_from_tss(&ss, &sp, dpl);
2482 if (loglevel & CPU_LOG_PCALL)
2483 fprintf(logfile, "new ss:esp=%04x:%08x param_count=%d ESP=" TARGET_FMT_lx "\n",
2484 ss, sp, param_count, ESP);
2486 if ((ss & 0xfffc) == 0)
2487 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2488 if ((ss & 3) != dpl)
2489 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2490 if (load_segment(&ss_e1, &ss_e2, ss) != 0)
2491 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2492 ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2494 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2495 if (!(ss_e2 & DESC_S_MASK) ||
2496 (ss_e2 & DESC_CS_MASK) ||
2497 !(ss_e2 & DESC_W_MASK))
2498 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2499 if (!(ss_e2 & DESC_P_MASK))
2500 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2502 // push_size = ((param_count * 2) + 8) << shift;
2504 old_sp_mask = get_sp_mask(env->segs[R_SS].flags);
2505 old_ssp = env->segs[R_SS].base;
2507 sp_mask = get_sp_mask(ss_e2);
2508 ssp = get_seg_base(ss_e1, ss_e2);
2510 PUSHL(ssp, sp, sp_mask, env->segs[R_SS].selector);
2511 PUSHL(ssp, sp, sp_mask, ESP);
2512 for(i = param_count - 1; i >= 0; i--) {
2513 val = ldl_kernel(old_ssp + ((ESP + i * 4) & old_sp_mask));
2514 PUSHL(ssp, sp, sp_mask, val);
2517 PUSHW(ssp, sp, sp_mask, env->segs[R_SS].selector);
2518 PUSHW(ssp, sp, sp_mask, ESP);
2519 for(i = param_count - 1; i >= 0; i--) {
2520 val = lduw_kernel(old_ssp + ((ESP + i * 2) & old_sp_mask));
2521 PUSHW(ssp, sp, sp_mask, val);
2526 /* to same privilege */
2528 sp_mask = get_sp_mask(env->segs[R_SS].flags);
2529 ssp = env->segs[R_SS].base;
2530 // push_size = (4 << shift);
2535 PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
2536 PUSHL(ssp, sp, sp_mask, next_eip);
2538 PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
2539 PUSHW(ssp, sp, sp_mask, next_eip);
2542 /* from this point, not restartable */
2545 ss = (ss & ~3) | dpl;
2546 cpu_x86_load_seg_cache(env, R_SS, ss,
2548 get_seg_limit(ss_e1, ss_e2),
2552 selector = (selector & ~3) | dpl;
2553 cpu_x86_load_seg_cache(env, R_CS, selector,
2554 get_seg_base(e1, e2),
2555 get_seg_limit(e1, e2),
2557 cpu_x86_set_cpl(env, dpl);
2558 SET_ESP(sp, sp_mask);
2562 if (kqemu_is_ok(env)) {
2563 env->exception_index = -1;
2569 /* real and vm86 mode iret */
2570 void helper_iret_real(int shift)
2572 uint32_t sp, new_cs, new_eip, new_eflags, sp_mask;
2576 sp_mask = 0xffff; /* XXXX: use SS segment size ? */
2578 ssp = env->segs[R_SS].base;
2581 POPL(ssp, sp, sp_mask, new_eip);
2582 POPL(ssp, sp, sp_mask, new_cs);
2584 POPL(ssp, sp, sp_mask, new_eflags);
2587 POPW(ssp, sp, sp_mask, new_eip);
2588 POPW(ssp, sp, sp_mask, new_cs);
2589 POPW(ssp, sp, sp_mask, new_eflags);
2591 ESP = (ESP & ~sp_mask) | (sp & sp_mask);
2592 load_seg_vm(R_CS, new_cs);
2594 if (env->eflags & VM_MASK)
2595 eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | RF_MASK | NT_MASK;
2597 eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | IOPL_MASK | RF_MASK | NT_MASK;
2599 eflags_mask &= 0xffff;
2600 load_eflags(new_eflags, eflags_mask);
2601 env->hflags2 &= ~HF2_NMI_MASK;
2604 static inline void validate_seg(int seg_reg, int cpl)
2609 /* XXX: on x86_64, we do not want to nullify FS and GS because
2610 they may still contain a valid base. I would be interested to
2611 know how a real x86_64 CPU behaves */
2612 if ((seg_reg == R_FS || seg_reg == R_GS) &&
2613 (env->segs[seg_reg].selector & 0xfffc) == 0)
2616 e2 = env->segs[seg_reg].flags;
2617 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2618 if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
2619 /* data or non conforming code segment */
2621 cpu_x86_load_seg_cache(env, seg_reg, 0, 0, 0, 0);
2626 /* protected mode iret */
2627 static inline void helper_ret_protected(int shift, int is_iret, int addend)
2629 uint32_t new_cs, new_eflags, new_ss;
2630 uint32_t new_es, new_ds, new_fs, new_gs;
2631 uint32_t e1, e2, ss_e1, ss_e2;
2632 int cpl, dpl, rpl, eflags_mask, iopl;
2633 target_ulong ssp, sp, new_eip, new_esp, sp_mask;
2635 #ifdef TARGET_X86_64
2640 sp_mask = get_sp_mask(env->segs[R_SS].flags);
2642 ssp = env->segs[R_SS].base;
2643 new_eflags = 0; /* avoid warning */
2644 #ifdef TARGET_X86_64
2650 POPQ(sp, new_eflags);
2656 POPL(ssp, sp, sp_mask, new_eip);
2657 POPL(ssp, sp, sp_mask, new_cs);
2660 POPL(ssp, sp, sp_mask, new_eflags);
2661 if (new_eflags & VM_MASK)
2662 goto return_to_vm86;
2666 POPW(ssp, sp, sp_mask, new_eip);
2667 POPW(ssp, sp, sp_mask, new_cs);
2669 POPW(ssp, sp, sp_mask, new_eflags);
2672 if (loglevel & CPU_LOG_PCALL) {
2673 fprintf(logfile, "lret new %04x:" TARGET_FMT_lx " s=%d addend=0x%x\n",
2674 new_cs, new_eip, shift, addend);
2675 cpu_dump_state(env, logfile, fprintf, X86_DUMP_CCOP);
2678 if ((new_cs & 0xfffc) == 0)
2679 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2680 if (load_segment(&e1, &e2, new_cs) != 0)
2681 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2682 if (!(e2 & DESC_S_MASK) ||
2683 !(e2 & DESC_CS_MASK))
2684 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2685 cpl = env->hflags & HF_CPL_MASK;
2688 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2689 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2690 if (e2 & DESC_C_MASK) {
2692 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2695 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2697 if (!(e2 & DESC_P_MASK))
2698 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2701 if (rpl == cpl && (!(env->hflags & HF_CS64_MASK) ||
2702 ((env->hflags & HF_CS64_MASK) && !is_iret))) {
2703 /* return to same privilege level */
2704 cpu_x86_load_seg_cache(env, R_CS, new_cs,
2705 get_seg_base(e1, e2),
2706 get_seg_limit(e1, e2),
2709 /* return to different privilege level */
2710 #ifdef TARGET_X86_64
2719 POPL(ssp, sp, sp_mask, new_esp);
2720 POPL(ssp, sp, sp_mask, new_ss);
2724 POPW(ssp, sp, sp_mask, new_esp);
2725 POPW(ssp, sp, sp_mask, new_ss);
2728 if (loglevel & CPU_LOG_PCALL) {
2729 fprintf(logfile, "new ss:esp=%04x:" TARGET_FMT_lx "\n",
2733 if ((new_ss & 0xfffc) == 0) {
2734 #ifdef TARGET_X86_64
2735 /* NULL ss is allowed in long mode if cpl != 3*/
2736 /* XXX: test CS64 ? */
2737 if ((env->hflags & HF_LMA_MASK) && rpl != 3) {
2738 cpu_x86_load_seg_cache(env, R_SS, new_ss,
2740 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2741 DESC_S_MASK | (rpl << DESC_DPL_SHIFT) |
2742 DESC_W_MASK | DESC_A_MASK);
2743 ss_e2 = DESC_B_MASK; /* XXX: should not be needed ? */
2747 raise_exception_err(EXCP0D_GPF, 0);
2750 if ((new_ss & 3) != rpl)
2751 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2752 if (load_segment(&ss_e1, &ss_e2, new_ss) != 0)
2753 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2754 if (!(ss_e2 & DESC_S_MASK) ||
2755 (ss_e2 & DESC_CS_MASK) ||
2756 !(ss_e2 & DESC_W_MASK))
2757 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2758 dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2760 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2761 if (!(ss_e2 & DESC_P_MASK))
2762 raise_exception_err(EXCP0B_NOSEG, new_ss & 0xfffc);
2763 cpu_x86_load_seg_cache(env, R_SS, new_ss,
2764 get_seg_base(ss_e1, ss_e2),
2765 get_seg_limit(ss_e1, ss_e2),
2769 cpu_x86_load_seg_cache(env, R_CS, new_cs,
2770 get_seg_base(e1, e2),
2771 get_seg_limit(e1, e2),
2773 cpu_x86_set_cpl(env, rpl);
2775 #ifdef TARGET_X86_64
2776 if (env->hflags & HF_CS64_MASK)
2780 sp_mask = get_sp_mask(ss_e2);
2782 /* validate data segments */
2783 validate_seg(R_ES, rpl);
2784 validate_seg(R_DS, rpl);
2785 validate_seg(R_FS, rpl);
2786 validate_seg(R_GS, rpl);
2790 SET_ESP(sp, sp_mask);
2793 /* NOTE: 'cpl' is the _old_ CPL */
2794 eflags_mask = TF_MASK | AC_MASK | ID_MASK | RF_MASK | NT_MASK;
2796 eflags_mask |= IOPL_MASK;
2797 iopl = (env->eflags >> IOPL_SHIFT) & 3;
2799 eflags_mask |= IF_MASK;
2801 eflags_mask &= 0xffff;
2802 load_eflags(new_eflags, eflags_mask);
2807 POPL(ssp, sp, sp_mask, new_esp);
2808 POPL(ssp, sp, sp_mask, new_ss);
2809 POPL(ssp, sp, sp_mask, new_es);
2810 POPL(ssp, sp, sp_mask, new_ds);
2811 POPL(ssp, sp, sp_mask, new_fs);
2812 POPL(ssp, sp, sp_mask, new_gs);
2814 /* modify processor state */
2815 load_eflags(new_eflags, TF_MASK | AC_MASK | ID_MASK |
2816 IF_MASK | IOPL_MASK | VM_MASK | NT_MASK | VIF_MASK | VIP_MASK);
2817 load_seg_vm(R_CS, new_cs & 0xffff);
2818 cpu_x86_set_cpl(env, 3);
2819 load_seg_vm(R_SS, new_ss & 0xffff);
2820 load_seg_vm(R_ES, new_es & 0xffff);
2821 load_seg_vm(R_DS, new_ds & 0xffff);
2822 load_seg_vm(R_FS, new_fs & 0xffff);
2823 load_seg_vm(R_GS, new_gs & 0xffff);
2825 env->eip = new_eip & 0xffff;
2829 void helper_iret_protected(int shift, int next_eip)
2831 int tss_selector, type;
2834 /* specific case for TSS */
2835 if (env->eflags & NT_MASK) {
2836 #ifdef TARGET_X86_64
2837 if (env->hflags & HF_LMA_MASK)
2838 raise_exception_err(EXCP0D_GPF, 0);
2840 tss_selector = lduw_kernel(env->tr.base + 0);
2841 if (tss_selector & 4)
2842 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2843 if (load_segment(&e1, &e2, tss_selector) != 0)
2844 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2845 type = (e2 >> DESC_TYPE_SHIFT) & 0x17;
2846 /* NOTE: we check both segment and busy TSS */
2848 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2849 switch_tss(tss_selector, e1, e2, SWITCH_TSS_IRET, next_eip);
2851 helper_ret_protected(shift, 1, 0);
2853 env->hflags2 &= ~HF2_NMI_MASK;
2855 if (kqemu_is_ok(env)) {
2856 CC_OP = CC_OP_EFLAGS;
2857 env->exception_index = -1;
2863 void helper_lret_protected(int shift, int addend)
2865 helper_ret_protected(shift, 0, addend);
2867 if (kqemu_is_ok(env)) {
2868 env->exception_index = -1;
2874 void helper_sysenter(void)
2876 if (env->sysenter_cs == 0) {
2877 raise_exception_err(EXCP0D_GPF, 0);
2879 env->eflags &= ~(VM_MASK | IF_MASK | RF_MASK);
2880 cpu_x86_set_cpl(env, 0);
2881 cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2883 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2885 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2886 cpu_x86_load_seg_cache(env, R_SS, (env->sysenter_cs + 8) & 0xfffc,
2888 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2890 DESC_W_MASK | DESC_A_MASK);
2891 ESP = env->sysenter_esp;
2892 EIP = env->sysenter_eip;
2895 void helper_sysexit(void)
2899 cpl = env->hflags & HF_CPL_MASK;
2900 if (env->sysenter_cs == 0 || cpl != 0) {
2901 raise_exception_err(EXCP0D_GPF, 0);
2903 cpu_x86_set_cpl(env, 3);
2904 cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 16) & 0xfffc) | 3,
2906 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2907 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2908 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2909 cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 24) & 0xfffc) | 3,
2911 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2912 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2913 DESC_W_MASK | DESC_A_MASK);
2917 if (kqemu_is_ok(env)) {
2918 env->exception_index = -1;
2924 #if defined(CONFIG_USER_ONLY)
2925 target_ulong helper_read_crN(int reg)
2930 void helper_write_crN(int reg, target_ulong t0)
2934 target_ulong helper_read_crN(int reg)
2938 helper_svm_check_intercept_param(SVM_EXIT_READ_CR0 + reg, 0);
2944 if (!(env->hflags2 & HF2_VINTR_MASK)) {
2945 val = cpu_get_apic_tpr(env);
2954 void helper_write_crN(int reg, target_ulong t0)
2956 helper_svm_check_intercept_param(SVM_EXIT_WRITE_CR0 + reg, 0);
2959 cpu_x86_update_cr0(env, t0);
2962 cpu_x86_update_cr3(env, t0);
2965 cpu_x86_update_cr4(env, t0);
2968 if (!(env->hflags2 & HF2_VINTR_MASK)) {
2969 cpu_set_apic_tpr(env, t0);
2971 env->v_tpr = t0 & 0x0f;
2980 void helper_lmsw(target_ulong t0)
2982 /* only 4 lower bits of CR0 are modified. PE cannot be set to zero
2983 if already set to one. */
2984 t0 = (env->cr[0] & ~0xe) | (t0 & 0xf);
2985 helper_write_crN(0, t0);
2988 void helper_clts(void)
2990 env->cr[0] &= ~CR0_TS_MASK;
2991 env->hflags &= ~HF_TS_MASK;
2995 void helper_movl_drN_T0(int reg, target_ulong t0)
3000 void helper_invlpg(target_ulong addr)
3002 helper_svm_check_intercept_param(SVM_EXIT_INVLPG, 0);
3003 tlb_flush_page(env, addr);
3006 void helper_rdtsc(void)
3010 if ((env->cr[4] & CR4_TSD_MASK) && ((env->hflags & HF_CPL_MASK) != 0)) {
3011 raise_exception(EXCP0D_GPF);
3013 helper_svm_check_intercept_param(SVM_EXIT_RDTSC, 0);
3015 val = cpu_get_tsc(env) + env->tsc_offset;
3016 EAX = (uint32_t)(val);
3017 EDX = (uint32_t)(val >> 32);
3020 void helper_rdpmc(void)
3022 if ((env->cr[4] & CR4_PCE_MASK) && ((env->hflags & HF_CPL_MASK) != 0)) {
3023 raise_exception(EXCP0D_GPF);
3025 helper_svm_check_intercept_param(SVM_EXIT_RDPMC, 0);
3027 /* currently unimplemented */
3028 raise_exception_err(EXCP06_ILLOP, 0);
3031 #if defined(CONFIG_USER_ONLY)
3032 void helper_wrmsr(void)
3036 void helper_rdmsr(void)
3040 void helper_wrmsr(void)
3044 helper_svm_check_intercept_param(SVM_EXIT_MSR, 1);
3046 val = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
3048 switch((uint32_t)ECX) {
3049 case MSR_IA32_SYSENTER_CS:
3050 env->sysenter_cs = val & 0xffff;
3052 case MSR_IA32_SYSENTER_ESP:
3053 env->sysenter_esp = val;
3055 case MSR_IA32_SYSENTER_EIP:
3056 env->sysenter_eip = val;
3058 case MSR_IA32_APICBASE:
3059 cpu_set_apic_base(env, val);
3063 uint64_t update_mask;
3065 if (env->cpuid_ext2_features & CPUID_EXT2_SYSCALL)
3066 update_mask |= MSR_EFER_SCE;
3067 if (env->cpuid_ext2_features & CPUID_EXT2_LM)
3068 update_mask |= MSR_EFER_LME;
3069 if (env->cpuid_ext2_features & CPUID_EXT2_FFXSR)
3070 update_mask |= MSR_EFER_FFXSR;
3071 if (env->cpuid_ext2_features & CPUID_EXT2_NX)
3072 update_mask |= MSR_EFER_NXE;
3073 if (env->cpuid_ext3_features & CPUID_EXT3_SVM)
3074 update_mask |= MSR_EFER_SVME;
3075 cpu_load_efer(env, (env->efer & ~update_mask) |
3076 (val & update_mask));
3085 case MSR_VM_HSAVE_PA:
3086 env->vm_hsave = val;
3088 #ifdef TARGET_X86_64
3099 env->segs[R_FS].base = val;
3102 env->segs[R_GS].base = val;
3104 case MSR_KERNELGSBASE:
3105 env->kernelgsbase = val;
3109 /* XXX: exception ? */
3114 void helper_rdmsr(void)
3118 helper_svm_check_intercept_param(SVM_EXIT_MSR, 0);
3120 switch((uint32_t)ECX) {
3121 case MSR_IA32_SYSENTER_CS:
3122 val = env->sysenter_cs;
3124 case MSR_IA32_SYSENTER_ESP:
3125 val = env->sysenter_esp;
3127 case MSR_IA32_SYSENTER_EIP:
3128 val = env->sysenter_eip;
3130 case MSR_IA32_APICBASE:
3131 val = cpu_get_apic_base(env);
3142 case MSR_VM_HSAVE_PA:
3143 val = env->vm_hsave;
3145 #ifdef TARGET_X86_64
3156 val = env->segs[R_FS].base;
3159 val = env->segs[R_GS].base;
3161 case MSR_KERNELGSBASE:
3162 val = env->kernelgsbase;
3166 case MSR_QPI_COMMBASE:
3167 if (env->kqemu_enabled) {
3168 val = kqemu_comm_base;
3175 /* XXX: exception ? */
3179 EAX = (uint32_t)(val);
3180 EDX = (uint32_t)(val >> 32);
3184 target_ulong helper_lsl(target_ulong selector1)
3187 uint32_t e1, e2, eflags, selector;
3188 int rpl, dpl, cpl, type;
3190 selector = selector1 & 0xffff;
3191 eflags = cc_table[CC_OP].compute_all();
3192 if (load_segment(&e1, &e2, selector) != 0)
3195 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3196 cpl = env->hflags & HF_CPL_MASK;
3197 if (e2 & DESC_S_MASK) {
3198 if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
3201 if (dpl < cpl || dpl < rpl)
3205 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
3216 if (dpl < cpl || dpl < rpl) {
3218 CC_SRC = eflags & ~CC_Z;
3222 limit = get_seg_limit(e1, e2);
3223 CC_SRC = eflags | CC_Z;
3227 target_ulong helper_lar(target_ulong selector1)
3229 uint32_t e1, e2, eflags, selector;
3230 int rpl, dpl, cpl, type;
3232 selector = selector1 & 0xffff;
3233 eflags = cc_table[CC_OP].compute_all();
3234 if ((selector & 0xfffc) == 0)
3236 if (load_segment(&e1, &e2, selector) != 0)
3239 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3240 cpl = env->hflags & HF_CPL_MASK;
3241 if (e2 & DESC_S_MASK) {
3242 if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
3245 if (dpl < cpl || dpl < rpl)
3249 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
3263 if (dpl < cpl || dpl < rpl) {
3265 CC_SRC = eflags & ~CC_Z;
3269 CC_SRC = eflags | CC_Z;
3270 return e2 & 0x00f0ff00;
3273 void helper_verr(target_ulong selector1)
3275 uint32_t e1, e2, eflags, selector;
3278 selector = selector1 & 0xffff;
3279 eflags = cc_table[CC_OP].compute_all();
3280 if ((selector & 0xfffc) == 0)
3282 if (load_segment(&e1, &e2, selector) != 0)
3284 if (!(e2 & DESC_S_MASK))
3287 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3288 cpl = env->hflags & HF_CPL_MASK;
3289 if (e2 & DESC_CS_MASK) {
3290 if (!(e2 & DESC_R_MASK))
3292 if (!(e2 & DESC_C_MASK)) {
3293 if (dpl < cpl || dpl < rpl)
3297 if (dpl < cpl || dpl < rpl) {
3299 CC_SRC = eflags & ~CC_Z;
3303 CC_SRC = eflags | CC_Z;
3306 void helper_verw(target_ulong selector1)
3308 uint32_t e1, e2, eflags, selector;
3311 selector = selector1 & 0xffff;
3312 eflags = cc_table[CC_OP].compute_all();
3313 if ((selector & 0xfffc) == 0)
3315 if (load_segment(&e1, &e2, selector) != 0)
3317 if (!(e2 & DESC_S_MASK))
3320 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3321 cpl = env->hflags & HF_CPL_MASK;
3322 if (e2 & DESC_CS_MASK) {
3325 if (dpl < cpl || dpl < rpl)
3327 if (!(e2 & DESC_W_MASK)) {
3329 CC_SRC = eflags & ~CC_Z;
3333 CC_SRC = eflags | CC_Z;
3336 /* x87 FPU helpers */
3338 static void fpu_set_exception(int mask)
3341 if (env->fpus & (~env->fpuc & FPUC_EM))
3342 env->fpus |= FPUS_SE | FPUS_B;
3345 static inline CPU86_LDouble helper_fdiv(CPU86_LDouble a, CPU86_LDouble b)
3348 fpu_set_exception(FPUS_ZE);
3352 void fpu_raise_exception(void)
3354 if (env->cr[0] & CR0_NE_MASK) {
3355 raise_exception(EXCP10_COPR);
3357 #if !defined(CONFIG_USER_ONLY)
3364 void helper_flds_FT0(uint32_t val)
3371 FT0 = float32_to_floatx(u.f, &env->fp_status);
3374 void helper_fldl_FT0(uint64_t val)
3381 FT0 = float64_to_floatx(u.f, &env->fp_status);
3384 void helper_fildl_FT0(int32_t val)
3386 FT0 = int32_to_floatx(val, &env->fp_status);
3389 void helper_flds_ST0(uint32_t val)
3396 new_fpstt = (env->fpstt - 1) & 7;
3398 env->fpregs[new_fpstt].d = float32_to_floatx(u.f, &env->fp_status);
3399 env->fpstt = new_fpstt;
3400 env->fptags[new_fpstt] = 0; /* validate stack entry */
3403 void helper_fldl_ST0(uint64_t val)
3410 new_fpstt = (env->fpstt - 1) & 7;
3412 env->fpregs[new_fpstt].d = float64_to_floatx(u.f, &env->fp_status);
3413 env->fpstt = new_fpstt;
3414 env->fptags[new_fpstt] = 0; /* validate stack entry */
3417 void helper_fildl_ST0(int32_t val)
3420 new_fpstt = (env->fpstt - 1) & 7;
3421 env->fpregs[new_fpstt].d = int32_to_floatx(val, &env->fp_status);
3422 env->fpstt = new_fpstt;
3423 env->fptags[new_fpstt] = 0; /* validate stack entry */
3426 void helper_fildll_ST0(int64_t val)
3429 new_fpstt = (env->fpstt - 1) & 7;
3430 env->fpregs[new_fpstt].d = int64_to_floatx(val, &env->fp_status);
3431 env->fpstt = new_fpstt;
3432 env->fptags[new_fpstt] = 0; /* validate stack entry */
3435 uint32_t helper_fsts_ST0(void)
3441 u.f = floatx_to_float32(ST0, &env->fp_status);
3445 uint64_t helper_fstl_ST0(void)
3451 u.f = floatx_to_float64(ST0, &env->fp_status);
3455 int32_t helper_fist_ST0(void)
3458 val = floatx_to_int32(ST0, &env->fp_status);
3459 if (val != (int16_t)val)
3464 int32_t helper_fistl_ST0(void)
3467 val = floatx_to_int32(ST0, &env->fp_status);
3471 int64_t helper_fistll_ST0(void)
3474 val = floatx_to_int64(ST0, &env->fp_status);
3478 int32_t helper_fistt_ST0(void)
3481 val = floatx_to_int32_round_to_zero(ST0, &env->fp_status);
3482 if (val != (int16_t)val)
3487 int32_t helper_fisttl_ST0(void)
3490 val = floatx_to_int32_round_to_zero(ST0, &env->fp_status);
3494 int64_t helper_fisttll_ST0(void)
3497 val = floatx_to_int64_round_to_zero(ST0, &env->fp_status);
3501 void helper_fldt_ST0(target_ulong ptr)
3504 new_fpstt = (env->fpstt - 1) & 7;
3505 env->fpregs[new_fpstt].d = helper_fldt(ptr);
3506 env->fpstt = new_fpstt;
3507 env->fptags[new_fpstt] = 0; /* validate stack entry */
3510 void helper_fstt_ST0(target_ulong ptr)
3512 helper_fstt(ST0, ptr);
3515 void helper_fpush(void)
3520 void helper_fpop(void)
3525 void helper_fdecstp(void)
3527 env->fpstt = (env->fpstt - 1) & 7;
3528 env->fpus &= (~0x4700);
3531 void helper_fincstp(void)
3533 env->fpstt = (env->fpstt + 1) & 7;
3534 env->fpus &= (~0x4700);
3539 void helper_ffree_STN(int st_index)
3541 env->fptags[(env->fpstt + st_index) & 7] = 1;
3544 void helper_fmov_ST0_FT0(void)
3549 void helper_fmov_FT0_STN(int st_index)
3554 void helper_fmov_ST0_STN(int st_index)
3559 void helper_fmov_STN_ST0(int st_index)
3564 void helper_fxchg_ST0_STN(int st_index)
3572 /* FPU operations */
3574 static const int fcom_ccval[4] = {0x0100, 0x4000, 0x0000, 0x4500};
3576 void helper_fcom_ST0_FT0(void)
3580 ret = floatx_compare(ST0, FT0, &env->fp_status);
3581 env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret + 1];
3585 void helper_fucom_ST0_FT0(void)
3589 ret = floatx_compare_quiet(ST0, FT0, &env->fp_status);
3590 env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret+ 1];
3594 static const int fcomi_ccval[4] = {CC_C, CC_Z, 0, CC_Z | CC_P | CC_C};
3596 void helper_fcomi_ST0_FT0(void)
3601 ret = floatx_compare(ST0, FT0, &env->fp_status);
3602 eflags = cc_table[CC_OP].compute_all();
3603 eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
3608 void helper_fucomi_ST0_FT0(void)
3613 ret = floatx_compare_quiet(ST0, FT0, &env->fp_status);
3614 eflags = cc_table[CC_OP].compute_all();
3615 eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
3620 void helper_fadd_ST0_FT0(void)
3625 void helper_fmul_ST0_FT0(void)
3630 void helper_fsub_ST0_FT0(void)
3635 void helper_fsubr_ST0_FT0(void)
3640 void helper_fdiv_ST0_FT0(void)
3642 ST0 = helper_fdiv(ST0, FT0);
3645 void helper_fdivr_ST0_FT0(void)
3647 ST0 = helper_fdiv(FT0, ST0);
3650 /* fp operations between STN and ST0 */
3652 void helper_fadd_STN_ST0(int st_index)
3654 ST(st_index) += ST0;
3657 void helper_fmul_STN_ST0(int st_index)
3659 ST(st_index) *= ST0;
3662 void helper_fsub_STN_ST0(int st_index)
3664 ST(st_index) -= ST0;
3667 void helper_fsubr_STN_ST0(int st_index)
3674 void helper_fdiv_STN_ST0(int st_index)
3678 *p = helper_fdiv(*p, ST0);
3681 void helper_fdivr_STN_ST0(int st_index)
3685 *p = helper_fdiv(ST0, *p);
3688 /* misc FPU operations */
3689 void helper_fchs_ST0(void)
3691 ST0 = floatx_chs(ST0);
3694 void helper_fabs_ST0(void)
3696 ST0 = floatx_abs(ST0);
3699 void helper_fld1_ST0(void)
3704 void helper_fldl2t_ST0(void)
3709 void helper_fldl2e_ST0(void)
3714 void helper_fldpi_ST0(void)
3719 void helper_fldlg2_ST0(void)
3724 void helper_fldln2_ST0(void)
3729 void helper_fldz_ST0(void)
3734 void helper_fldz_FT0(void)
3739 uint32_t helper_fnstsw(void)
3741 return (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
3744 uint32_t helper_fnstcw(void)
3749 static void update_fp_status(void)
3753 /* set rounding mode */
3754 switch(env->fpuc & RC_MASK) {
3757 rnd_type = float_round_nearest_even;
3760 rnd_type = float_round_down;
3763 rnd_type = float_round_up;
3766 rnd_type = float_round_to_zero;
3769 set_float_rounding_mode(rnd_type, &env->fp_status);
3771 switch((env->fpuc >> 8) & 3) {
3783 set_floatx80_rounding_precision(rnd_type, &env->fp_status);
3787 void helper_fldcw(uint32_t val)
3793 void helper_fclex(void)
3795 env->fpus &= 0x7f00;
3798 void helper_fwait(void)
3800 if (env->fpus & FPUS_SE)
3801 fpu_raise_exception();
3805 void helper_fninit(void)
3822 void helper_fbld_ST0(target_ulong ptr)
3830 for(i = 8; i >= 0; i--) {
3832 val = (val * 100) + ((v >> 4) * 10) + (v & 0xf);
3835 if (ldub(ptr + 9) & 0x80)
3841 void helper_fbst_ST0(target_ulong ptr)
3844 target_ulong mem_ref, mem_end;
3847 val = floatx_to_int64(ST0, &env->fp_status);
3849 mem_end = mem_ref + 9;
3856 while (mem_ref < mem_end) {
3861 v = ((v / 10) << 4) | (v % 10);
3864 while (mem_ref < mem_end) {
3869 void helper_f2xm1(void)
3871 ST0 = pow(2.0,ST0) - 1.0;
3874 void helper_fyl2x(void)
3876 CPU86_LDouble fptemp;
3880 fptemp = log(fptemp)/log(2.0); /* log2(ST) */
3884 env->fpus &= (~0x4700);
3889 void helper_fptan(void)
3891 CPU86_LDouble fptemp;
3894 if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
3900 env->fpus &= (~0x400); /* C2 <-- 0 */
3901 /* the above code is for |arg| < 2**52 only */
3905 void helper_fpatan(void)
3907 CPU86_LDouble fptemp, fpsrcop;
3911 ST1 = atan2(fpsrcop,fptemp);
3915 void helper_fxtract(void)
3917 CPU86_LDoubleU temp;
3918 unsigned int expdif;
3921 expdif = EXPD(temp) - EXPBIAS;
3922 /*DP exponent bias*/
3929 void helper_fprem1(void)
3931 CPU86_LDouble dblq, fpsrcop, fptemp;
3932 CPU86_LDoubleU fpsrcop1, fptemp1;
3934 signed long long int q;
3936 if (isinf(ST0) || isnan(ST0) || isnan(ST1) || (ST1 == 0.0)) {
3937 ST0 = 0.0 / 0.0; /* NaN */
3938 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
3944 fpsrcop1.d = fpsrcop;
3946 expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
3949 /* optimisation? taken from the AMD docs */
3950 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
3951 /* ST0 is unchanged */
3956 dblq = fpsrcop / fptemp;
3957 /* round dblq towards nearest integer */
3959 ST0 = fpsrcop - fptemp * dblq;
3961 /* convert dblq to q by truncating towards zero */
3963 q = (signed long long int)(-dblq);
3965 q = (signed long long int)dblq;
3967 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
3968 /* (C0,C3,C1) <-- (q2,q1,q0) */
3969 env->fpus |= (q & 0x4) << (8 - 2); /* (C0) <-- q2 */
3970 env->fpus |= (q & 0x2) << (14 - 1); /* (C3) <-- q1 */
3971 env->fpus |= (q & 0x1) << (9 - 0); /* (C1) <-- q0 */
3973 env->fpus |= 0x400; /* C2 <-- 1 */
3974 fptemp = pow(2.0, expdif - 50);
3975 fpsrcop = (ST0 / ST1) / fptemp;
3976 /* fpsrcop = integer obtained by chopping */
3977 fpsrcop = (fpsrcop < 0.0) ?
3978 -(floor(fabs(fpsrcop))) : floor(fpsrcop);
3979 ST0 -= (ST1 * fpsrcop * fptemp);
3983 void helper_fprem(void)
3985 CPU86_LDouble dblq, fpsrcop, fptemp;
3986 CPU86_LDoubleU fpsrcop1, fptemp1;
3988 signed long long int q;
3990 if (isinf(ST0) || isnan(ST0) || isnan(ST1) || (ST1 == 0.0)) {
3991 ST0 = 0.0 / 0.0; /* NaN */
3992 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
3996 fpsrcop = (CPU86_LDouble)ST0;
3997 fptemp = (CPU86_LDouble)ST1;
3998 fpsrcop1.d = fpsrcop;
4000 expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
4003 /* optimisation? taken from the AMD docs */
4004 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4005 /* ST0 is unchanged */
4009 if ( expdif < 53 ) {
4010 dblq = fpsrcop/*ST0*/ / fptemp/*ST1*/;
4011 /* round dblq towards zero */
4012 dblq = (dblq < 0.0) ? ceil(dblq) : floor(dblq);
4013 ST0 = fpsrcop/*ST0*/ - fptemp * dblq;
4015 /* convert dblq to q by truncating towards zero */
4017 q = (signed long long int)(-dblq);
4019 q = (signed long long int)dblq;
4021 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4022 /* (C0,C3,C1) <-- (q2,q1,q0) */
4023 env->fpus |= (q & 0x4) << (8 - 2); /* (C0) <-- q2 */
4024 env->fpus |= (q & 0x2) << (14 - 1); /* (C3) <-- q1 */
4025 env->fpus |= (q & 0x1) << (9 - 0); /* (C1) <-- q0 */
4027 int N = 32 + (expdif % 32); /* as per AMD docs */
4028 env->fpus |= 0x400; /* C2 <-- 1 */
4029 fptemp = pow(2.0, (double)(expdif - N));
4030 fpsrcop = (ST0 / ST1) / fptemp;
4031 /* fpsrcop = integer obtained by chopping */
4032 fpsrcop = (fpsrcop < 0.0) ?
4033 -(floor(fabs(fpsrcop))) : floor(fpsrcop);
4034 ST0 -= (ST1 * fpsrcop * fptemp);
4038 void helper_fyl2xp1(void)
4040 CPU86_LDouble fptemp;
4043 if ((fptemp+1.0)>0.0) {
4044 fptemp = log(fptemp+1.0) / log(2.0); /* log2(ST+1.0) */
4048 env->fpus &= (~0x4700);
4053 void helper_fsqrt(void)
4055 CPU86_LDouble fptemp;
4059 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4065 void helper_fsincos(void)
4067 CPU86_LDouble fptemp;
4070 if ((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4076 env->fpus &= (~0x400); /* C2 <-- 0 */
4077 /* the above code is for |arg| < 2**63 only */
4081 void helper_frndint(void)
4083 ST0 = floatx_round_to_int(ST0, &env->fp_status);
4086 void helper_fscale(void)
4088 ST0 = ldexp (ST0, (int)(ST1));
4091 void helper_fsin(void)
4093 CPU86_LDouble fptemp;
4096 if ((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4100 env->fpus &= (~0x400); /* C2 <-- 0 */
4101 /* the above code is for |arg| < 2**53 only */
4105 void helper_fcos(void)
4107 CPU86_LDouble fptemp;
4110 if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4114 env->fpus &= (~0x400); /* C2 <-- 0 */
4115 /* the above code is for |arg5 < 2**63 only */
4119 void helper_fxam_ST0(void)
4121 CPU86_LDoubleU temp;
4126 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4128 env->fpus |= 0x200; /* C1 <-- 1 */
4130 /* XXX: test fptags too */
4131 expdif = EXPD(temp);
4132 if (expdif == MAXEXPD) {
4133 #ifdef USE_X86LDOUBLE
4134 if (MANTD(temp) == 0x8000000000000000ULL)
4136 if (MANTD(temp) == 0)
4138 env->fpus |= 0x500 /*Infinity*/;
4140 env->fpus |= 0x100 /*NaN*/;
4141 } else if (expdif == 0) {
4142 if (MANTD(temp) == 0)
4143 env->fpus |= 0x4000 /*Zero*/;
4145 env->fpus |= 0x4400 /*Denormal*/;
4151 void helper_fstenv(target_ulong ptr, int data32)
4153 int fpus, fptag, exp, i;
4157 fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4159 for (i=7; i>=0; i--) {
4161 if (env->fptags[i]) {
4164 tmp.d = env->fpregs[i].d;
4167 if (exp == 0 && mant == 0) {
4170 } else if (exp == 0 || exp == MAXEXPD
4171 #ifdef USE_X86LDOUBLE
4172 || (mant & (1LL << 63)) == 0
4175 /* NaNs, infinity, denormal */
4182 stl(ptr, env->fpuc);
4184 stl(ptr + 8, fptag);
4185 stl(ptr + 12, 0); /* fpip */
4186 stl(ptr + 16, 0); /* fpcs */
4187 stl(ptr + 20, 0); /* fpoo */
4188 stl(ptr + 24, 0); /* fpos */
4191 stw(ptr, env->fpuc);
4193 stw(ptr + 4, fptag);
4201 void helper_fldenv(target_ulong ptr, int data32)
4206 env->fpuc = lduw(ptr);
4207 fpus = lduw(ptr + 4);
4208 fptag = lduw(ptr + 8);
4211 env->fpuc = lduw(ptr);
4212 fpus = lduw(ptr + 2);
4213 fptag = lduw(ptr + 4);
4215 env->fpstt = (fpus >> 11) & 7;
4216 env->fpus = fpus & ~0x3800;
4217 for(i = 0;i < 8; i++) {
4218 env->fptags[i] = ((fptag & 3) == 3);
4223 void helper_fsave(target_ulong ptr, int data32)
4228 helper_fstenv(ptr, data32);
4230 ptr += (14 << data32);
4231 for(i = 0;i < 8; i++) {
4233 helper_fstt(tmp, ptr);
4251 void helper_frstor(target_ulong ptr, int data32)
4256 helper_fldenv(ptr, data32);
4257 ptr += (14 << data32);
4259 for(i = 0;i < 8; i++) {
4260 tmp = helper_fldt(ptr);
4266 void helper_fxsave(target_ulong ptr, int data64)
4268 int fpus, fptag, i, nb_xmm_regs;
4272 fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4274 for(i = 0; i < 8; i++) {
4275 fptag |= (env->fptags[i] << i);
4277 stw(ptr, env->fpuc);
4279 stw(ptr + 4, fptag ^ 0xff);
4280 #ifdef TARGET_X86_64
4282 stq(ptr + 0x08, 0); /* rip */
4283 stq(ptr + 0x10, 0); /* rdp */
4287 stl(ptr + 0x08, 0); /* eip */
4288 stl(ptr + 0x0c, 0); /* sel */
4289 stl(ptr + 0x10, 0); /* dp */
4290 stl(ptr + 0x14, 0); /* sel */
4294 for(i = 0;i < 8; i++) {
4296 helper_fstt(tmp, addr);
4300 if (env->cr[4] & CR4_OSFXSR_MASK) {
4301 /* XXX: finish it */
4302 stl(ptr + 0x18, env->mxcsr); /* mxcsr */
4303 stl(ptr + 0x1c, 0x0000ffff); /* mxcsr_mask */
4304 if (env->hflags & HF_CS64_MASK)
4309 for(i = 0; i < nb_xmm_regs; i++) {
4310 stq(addr, env->xmm_regs[i].XMM_Q(0));
4311 stq(addr + 8, env->xmm_regs[i].XMM_Q(1));
4317 void helper_fxrstor(target_ulong ptr, int data64)
4319 int i, fpus, fptag, nb_xmm_regs;
4323 env->fpuc = lduw(ptr);
4324 fpus = lduw(ptr + 2);
4325 fptag = lduw(ptr + 4);
4326 env->fpstt = (fpus >> 11) & 7;
4327 env->fpus = fpus & ~0x3800;
4329 for(i = 0;i < 8; i++) {
4330 env->fptags[i] = ((fptag >> i) & 1);
4334 for(i = 0;i < 8; i++) {
4335 tmp = helper_fldt(addr);
4340 if (env->cr[4] & CR4_OSFXSR_MASK) {
4341 /* XXX: finish it */
4342 env->mxcsr = ldl(ptr + 0x18);
4344 if (env->hflags & HF_CS64_MASK)
4349 for(i = 0; i < nb_xmm_regs; i++) {
4350 env->xmm_regs[i].XMM_Q(0) = ldq(addr);
4351 env->xmm_regs[i].XMM_Q(1) = ldq(addr + 8);
4357 #ifndef USE_X86LDOUBLE
4359 void cpu_get_fp80(uint64_t *pmant, uint16_t *pexp, CPU86_LDouble f)
4361 CPU86_LDoubleU temp;
4366 *pmant = (MANTD(temp) << 11) | (1LL << 63);
4367 /* exponent + sign */
4368 e = EXPD(temp) - EXPBIAS + 16383;
4369 e |= SIGND(temp) >> 16;
4373 CPU86_LDouble cpu_set_fp80(uint64_t mant, uint16_t upper)
4375 CPU86_LDoubleU temp;
4379 /* XXX: handle overflow ? */
4380 e = (upper & 0x7fff) - 16383 + EXPBIAS; /* exponent */
4381 e |= (upper >> 4) & 0x800; /* sign */
4382 ll = (mant >> 11) & ((1LL << 52) - 1);
4384 temp.l.upper = (e << 20) | (ll >> 32);
4387 temp.ll = ll | ((uint64_t)e << 52);
4394 void cpu_get_fp80(uint64_t *pmant, uint16_t *pexp, CPU86_LDouble f)
4396 CPU86_LDoubleU temp;
4399 *pmant = temp.l.lower;
4400 *pexp = temp.l.upper;
4403 CPU86_LDouble cpu_set_fp80(uint64_t mant, uint16_t upper)
4405 CPU86_LDoubleU temp;
4407 temp.l.upper = upper;
4408 temp.l.lower = mant;
4413 #ifdef TARGET_X86_64
4415 //#define DEBUG_MULDIV
4417 static void add128(uint64_t *plow, uint64_t *phigh, uint64_t a, uint64_t b)
4426 static void neg128(uint64_t *plow, uint64_t *phigh)
4430 add128(plow, phigh, 1, 0);
4433 /* return TRUE if overflow */
4434 static int div64(uint64_t *plow, uint64_t *phigh, uint64_t b)
4436 uint64_t q, r, a1, a0;
4449 /* XXX: use a better algorithm */
4450 for(i = 0; i < 64; i++) {
4452 a1 = (a1 << 1) | (a0 >> 63);
4453 if (ab || a1 >= b) {
4459 a0 = (a0 << 1) | qb;
4461 #if defined(DEBUG_MULDIV)
4462 printf("div: 0x%016" PRIx64 "%016" PRIx64 " / 0x%016" PRIx64 ": q=0x%016" PRIx64 " r=0x%016" PRIx64 "\n",
4463 *phigh, *plow, b, a0, a1);
4471 /* return TRUE if overflow */
4472 static int idiv64(uint64_t *plow, uint64_t *phigh, int64_t b)
4475 sa = ((int64_t)*phigh < 0);
4477 neg128(plow, phigh);
4481 if (div64(plow, phigh, b) != 0)
4484 if (*plow > (1ULL << 63))
4488 if (*plow >= (1ULL << 63))
4496 void helper_mulq_EAX_T0(target_ulong t0)
4500 mulu64(&r0, &r1, EAX, t0);
4507 void helper_imulq_EAX_T0(target_ulong t0)
4511 muls64(&r0, &r1, EAX, t0);
4515 CC_SRC = ((int64_t)r1 != ((int64_t)r0 >> 63));
4518 target_ulong helper_imulq_T0_T1(target_ulong t0, target_ulong t1)
4522 muls64(&r0, &r1, t0, t1);
4524 CC_SRC = ((int64_t)r1 != ((int64_t)r0 >> 63));
4528 void helper_divq_EAX(target_ulong t0)
4532 raise_exception(EXCP00_DIVZ);
4536 if (div64(&r0, &r1, t0))
4537 raise_exception(EXCP00_DIVZ);
4542 void helper_idivq_EAX(target_ulong t0)
4546 raise_exception(EXCP00_DIVZ);
4550 if (idiv64(&r0, &r1, t0))
4551 raise_exception(EXCP00_DIVZ);
4557 static void do_hlt(void)
4559 env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */
4561 env->exception_index = EXCP_HLT;
4565 void helper_hlt(int next_eip_addend)
4567 helper_svm_check_intercept_param(SVM_EXIT_HLT, 0);
4568 EIP += next_eip_addend;
4573 void helper_monitor(target_ulong ptr)
4575 if ((uint32_t)ECX != 0)
4576 raise_exception(EXCP0D_GPF);
4577 /* XXX: store address ? */
4578 helper_svm_check_intercept_param(SVM_EXIT_MONITOR, 0);
4581 void helper_mwait(int next_eip_addend)
4583 if ((uint32_t)ECX != 0)
4584 raise_exception(EXCP0D_GPF);
4585 helper_svm_check_intercept_param(SVM_EXIT_MWAIT, 0);
4586 EIP += next_eip_addend;
4588 /* XXX: not complete but not completely erroneous */
4589 if (env->cpu_index != 0 || env->next_cpu != NULL) {
4590 /* more than one CPU: do not sleep because another CPU may
4597 void helper_debug(void)
4599 env->exception_index = EXCP_DEBUG;
4603 void helper_raise_interrupt(int intno, int next_eip_addend)
4605 raise_interrupt(intno, 1, 0, next_eip_addend);
4608 void helper_raise_exception(int exception_index)
4610 raise_exception(exception_index);
4613 void helper_cli(void)
4615 env->eflags &= ~IF_MASK;
4618 void helper_sti(void)
4620 env->eflags |= IF_MASK;
4624 /* vm86plus instructions */
4625 void helper_cli_vm(void)
4627 env->eflags &= ~VIF_MASK;
4630 void helper_sti_vm(void)
4632 env->eflags |= VIF_MASK;
4633 if (env->eflags & VIP_MASK) {
4634 raise_exception(EXCP0D_GPF);
4639 void helper_set_inhibit_irq(void)
4641 env->hflags |= HF_INHIBIT_IRQ_MASK;
4644 void helper_reset_inhibit_irq(void)
4646 env->hflags &= ~HF_INHIBIT_IRQ_MASK;
4649 void helper_boundw(target_ulong a0, int v)
4653 high = ldsw(a0 + 2);
4655 if (v < low || v > high) {
4656 raise_exception(EXCP05_BOUND);
4661 void helper_boundl(target_ulong a0, int v)
4666 if (v < low || v > high) {
4667 raise_exception(EXCP05_BOUND);
4672 static float approx_rsqrt(float a)
4674 return 1.0 / sqrt(a);
4677 static float approx_rcp(float a)
4682 #if !defined(CONFIG_USER_ONLY)
4684 #define MMUSUFFIX _mmu
4687 #include "softmmu_template.h"
4690 #include "softmmu_template.h"
4693 #include "softmmu_template.h"
4696 #include "softmmu_template.h"
4700 /* try to fill the TLB and return an exception if error. If retaddr is
4701 NULL, it means that the function was called in C code (i.e. not
4702 from generated code or from helper.c) */
4703 /* XXX: fix it to restore all registers */
4704 void tlb_fill(target_ulong addr, int is_write, int mmu_idx, void *retaddr)
4706 TranslationBlock *tb;
4709 CPUX86State *saved_env;
4711 /* XXX: hack to restore env in all cases, even if not called from
4714 env = cpu_single_env;
4716 ret = cpu_x86_handle_mmu_fault(env, addr, is_write, mmu_idx, 1);
4719 /* now we have a real cpu fault */
4720 pc = (unsigned long)retaddr;
4721 tb = tb_find_pc(pc);
4723 /* the PC is inside the translated code. It means that we have
4724 a virtual CPU fault */
4725 cpu_restore_state(tb, env, pc, NULL);
4728 raise_exception_err(env->exception_index, env->error_code);
4734 /* Secure Virtual Machine helpers */
4736 #if defined(CONFIG_USER_ONLY)
4738 void helper_vmrun(int aflag, int next_eip_addend)
4741 void helper_vmmcall(void)
4744 void helper_vmload(int aflag)
4747 void helper_vmsave(int aflag)
4750 void helper_stgi(void)
4753 void helper_clgi(void)
4756 void helper_skinit(void)
4759 void helper_invlpga(int aflag)
4762 void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
4765 void helper_svm_check_intercept_param(uint32_t type, uint64_t param)
4769 void helper_svm_check_io(uint32_t port, uint32_t param,
4770 uint32_t next_eip_addend)
4775 static inline void svm_save_seg(target_phys_addr_t addr,
4776 const SegmentCache *sc)
4778 stw_phys(addr + offsetof(struct vmcb_seg, selector),
4780 stq_phys(addr + offsetof(struct vmcb_seg, base),
4782 stl_phys(addr + offsetof(struct vmcb_seg, limit),
4784 stw_phys(addr + offsetof(struct vmcb_seg, attrib),
4785 ((sc->flags >> 8) & 0xff) | ((sc->flags >> 12) & 0x0f00));
4788 static inline void svm_load_seg(target_phys_addr_t addr, SegmentCache *sc)
4792 sc->selector = lduw_phys(addr + offsetof(struct vmcb_seg, selector));
4793 sc->base = ldq_phys(addr + offsetof(struct vmcb_seg, base));
4794 sc->limit = ldl_phys(addr + offsetof(struct vmcb_seg, limit));
4795 flags = lduw_phys(addr + offsetof(struct vmcb_seg, attrib));
4796 sc->flags = ((flags & 0xff) << 8) | ((flags & 0x0f00) << 12);
4799 static inline void svm_load_seg_cache(target_phys_addr_t addr,
4800 CPUState *env, int seg_reg)
4802 SegmentCache sc1, *sc = &sc1;
4803 svm_load_seg(addr, sc);
4804 cpu_x86_load_seg_cache(env, seg_reg, sc->selector,
4805 sc->base, sc->limit, sc->flags);
4808 void helper_vmrun(int aflag, int next_eip_addend)
4814 helper_svm_check_intercept_param(SVM_EXIT_VMRUN, 0);
4819 addr = (uint32_t)EAX;
4821 if (loglevel & CPU_LOG_TB_IN_ASM)
4822 fprintf(logfile,"vmrun! " TARGET_FMT_lx "\n", addr);
4824 env->vm_vmcb = addr;
4826 /* save the current CPU state in the hsave page */
4827 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.base), env->gdt.base);
4828 stl_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit), env->gdt.limit);
4830 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.base), env->idt.base);
4831 stl_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.limit), env->idt.limit);
4833 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr0), env->cr[0]);
4834 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr2), env->cr[2]);
4835 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr3), env->cr[3]);
4836 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr4), env->cr[4]);
4837 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr6), env->dr[6]);
4838 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr7), env->dr[7]);
4840 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.efer), env->efer);
4841 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rflags), compute_eflags());
4843 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.es),
4845 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.cs),
4847 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ss),
4849 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ds),
4852 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip),
4853 EIP + next_eip_addend);
4854 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp), ESP);
4855 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax), EAX);
4857 /* load the interception bitmaps so we do not need to access the
4859 env->intercept = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept));
4860 env->intercept_cr_read = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_cr_read));
4861 env->intercept_cr_write = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_cr_write));
4862 env->intercept_dr_read = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_dr_read));
4863 env->intercept_dr_write = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_dr_write));
4864 env->intercept_exceptions = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_exceptions));
4866 /* enable intercepts */
4867 env->hflags |= HF_SVMI_MASK;
4869 env->tsc_offset = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.tsc_offset));
4871 env->gdt.base = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base));
4872 env->gdt.limit = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit));
4874 env->idt.base = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.base));
4875 env->idt.limit = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit));
4877 /* clear exit_info_2 so we behave like the real hardware */
4878 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2), 0);
4880 cpu_x86_update_cr0(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr0)));
4881 cpu_x86_update_cr4(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr4)));
4882 cpu_x86_update_cr3(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr3)));
4883 env->cr[2] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr2));
4884 int_ctl = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
4885 env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
4886 if (int_ctl & V_INTR_MASKING_MASK) {
4887 env->v_tpr = int_ctl & V_TPR_MASK;
4888 env->hflags2 |= HF2_VINTR_MASK;
4889 if (env->eflags & IF_MASK)
4890 env->hflags2 |= HF2_HIF_MASK;
4894 ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.efer)));
4896 load_eflags(ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rflags)),
4897 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
4898 CC_OP = CC_OP_EFLAGS;
4900 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.es),
4902 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.cs),
4904 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.ss),
4906 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.ds),
4909 EIP = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rip));
4911 ESP = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rsp));
4912 EAX = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rax));
4913 env->dr[7] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr7));
4914 env->dr[6] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr6));
4915 cpu_x86_set_cpl(env, ldub_phys(env->vm_vmcb + offsetof(struct vmcb, save.cpl)));
4917 /* FIXME: guest state consistency checks */
4919 switch(ldub_phys(env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) {
4920 case TLB_CONTROL_DO_NOTHING:
4922 case TLB_CONTROL_FLUSH_ALL_ASID:
4923 /* FIXME: this is not 100% correct but should work for now */
4928 env->hflags2 |= HF2_GIF_MASK;
4930 if (int_ctl & V_IRQ_MASK) {
4931 env->interrupt_request |= CPU_INTERRUPT_VIRQ;
4934 /* maybe we need to inject an event */
4935 event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
4936 if (event_inj & SVM_EVTINJ_VALID) {
4937 uint8_t vector = event_inj & SVM_EVTINJ_VEC_MASK;
4938 uint16_t valid_err = event_inj & SVM_EVTINJ_VALID_ERR;
4939 uint32_t event_inj_err = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err));
4940 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), event_inj & ~SVM_EVTINJ_VALID);
4942 if (loglevel & CPU_LOG_TB_IN_ASM)
4943 fprintf(logfile, "Injecting(%#hx): ", valid_err);
4944 /* FIXME: need to implement valid_err */
4945 switch (event_inj & SVM_EVTINJ_TYPE_MASK) {
4946 case SVM_EVTINJ_TYPE_INTR:
4947 env->exception_index = vector;
4948 env->error_code = event_inj_err;
4949 env->exception_is_int = 0;
4950 env->exception_next_eip = -1;
4951 if (loglevel & CPU_LOG_TB_IN_ASM)
4952 fprintf(logfile, "INTR");
4953 /* XXX: is it always correct ? */
4954 do_interrupt(vector, 0, 0, 0, 1);
4956 case SVM_EVTINJ_TYPE_NMI:
4957 env->exception_index = EXCP02_NMI;
4958 env->error_code = event_inj_err;
4959 env->exception_is_int = 0;
4960 env->exception_next_eip = EIP;
4961 if (loglevel & CPU_LOG_TB_IN_ASM)
4962 fprintf(logfile, "NMI");
4965 case SVM_EVTINJ_TYPE_EXEPT:
4966 env->exception_index = vector;
4967 env->error_code = event_inj_err;
4968 env->exception_is_int = 0;
4969 env->exception_next_eip = -1;
4970 if (loglevel & CPU_LOG_TB_IN_ASM)
4971 fprintf(logfile, "EXEPT");
4974 case SVM_EVTINJ_TYPE_SOFT:
4975 env->exception_index = vector;
4976 env->error_code = event_inj_err;
4977 env->exception_is_int = 1;
4978 env->exception_next_eip = EIP;
4979 if (loglevel & CPU_LOG_TB_IN_ASM)
4980 fprintf(logfile, "SOFT");
4984 if (loglevel & CPU_LOG_TB_IN_ASM)
4985 fprintf(logfile, " %#x %#x\n", env->exception_index, env->error_code);
4989 void helper_vmmcall(void)
4991 helper_svm_check_intercept_param(SVM_EXIT_VMMCALL, 0);
4992 raise_exception(EXCP06_ILLOP);
4995 void helper_vmload(int aflag)
4998 helper_svm_check_intercept_param(SVM_EXIT_VMLOAD, 0);
5003 addr = (uint32_t)EAX;
5005 if (loglevel & CPU_LOG_TB_IN_ASM)
5006 fprintf(logfile,"vmload! " TARGET_FMT_lx "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
5007 addr, ldq_phys(addr + offsetof(struct vmcb, save.fs.base)),
5008 env->segs[R_FS].base);
5010 svm_load_seg_cache(addr + offsetof(struct vmcb, save.fs),
5012 svm_load_seg_cache(addr + offsetof(struct vmcb, save.gs),
5014 svm_load_seg(addr + offsetof(struct vmcb, save.tr),
5016 svm_load_seg(addr + offsetof(struct vmcb, save.ldtr),
5019 #ifdef TARGET_X86_64
5020 env->kernelgsbase = ldq_phys(addr + offsetof(struct vmcb, save.kernel_gs_base));
5021 env->lstar = ldq_phys(addr + offsetof(struct vmcb, save.lstar));
5022 env->cstar = ldq_phys(addr + offsetof(struct vmcb, save.cstar));
5023 env->fmask = ldq_phys(addr + offsetof(struct vmcb, save.sfmask));
5025 env->star = ldq_phys(addr + offsetof(struct vmcb, save.star));
5026 env->sysenter_cs = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_cs));
5027 env->sysenter_esp = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_esp));
5028 env->sysenter_eip = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_eip));
5031 void helper_vmsave(int aflag)
5034 helper_svm_check_intercept_param(SVM_EXIT_VMSAVE, 0);
5039 addr = (uint32_t)EAX;
5041 if (loglevel & CPU_LOG_TB_IN_ASM)
5042 fprintf(logfile,"vmsave! " TARGET_FMT_lx "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
5043 addr, ldq_phys(addr + offsetof(struct vmcb, save.fs.base)),
5044 env->segs[R_FS].base);
5046 svm_save_seg(addr + offsetof(struct vmcb, save.fs),
5048 svm_save_seg(addr + offsetof(struct vmcb, save.gs),
5050 svm_save_seg(addr + offsetof(struct vmcb, save.tr),
5052 svm_save_seg(addr + offsetof(struct vmcb, save.ldtr),
5055 #ifdef TARGET_X86_64
5056 stq_phys(addr + offsetof(struct vmcb, save.kernel_gs_base), env->kernelgsbase);
5057 stq_phys(addr + offsetof(struct vmcb, save.lstar), env->lstar);
5058 stq_phys(addr + offsetof(struct vmcb, save.cstar), env->cstar);
5059 stq_phys(addr + offsetof(struct vmcb, save.sfmask), env->fmask);
5061 stq_phys(addr + offsetof(struct vmcb, save.star), env->star);
5062 stq_phys(addr + offsetof(struct vmcb, save.sysenter_cs), env->sysenter_cs);
5063 stq_phys(addr + offsetof(struct vmcb, save.sysenter_esp), env->sysenter_esp);
5064 stq_phys(addr + offsetof(struct vmcb, save.sysenter_eip), env->sysenter_eip);
5067 void helper_stgi(void)
5069 helper_svm_check_intercept_param(SVM_EXIT_STGI, 0);
5070 env->hflags2 |= HF2_GIF_MASK;
5073 void helper_clgi(void)
5075 helper_svm_check_intercept_param(SVM_EXIT_CLGI, 0);
5076 env->hflags2 &= ~HF2_GIF_MASK;
5079 void helper_skinit(void)
5081 helper_svm_check_intercept_param(SVM_EXIT_SKINIT, 0);
5082 /* XXX: not implemented */
5083 raise_exception(EXCP06_ILLOP);
5086 void helper_invlpga(int aflag)
5089 helper_svm_check_intercept_param(SVM_EXIT_INVLPGA, 0);
5094 addr = (uint32_t)EAX;
5096 /* XXX: could use the ASID to see if it is needed to do the
5098 tlb_flush_page(env, addr);
5101 void helper_svm_check_intercept_param(uint32_t type, uint64_t param)
5103 if (likely(!(env->hflags & HF_SVMI_MASK)))
5106 case SVM_EXIT_READ_CR0 ... SVM_EXIT_READ_CR0 + 8:
5107 if (env->intercept_cr_read & (1 << (type - SVM_EXIT_READ_CR0))) {
5108 helper_vmexit(type, param);
5111 case SVM_EXIT_WRITE_CR0 ... SVM_EXIT_WRITE_CR0 + 8:
5112 if (env->intercept_cr_write & (1 << (type - SVM_EXIT_WRITE_CR0))) {
5113 helper_vmexit(type, param);
5116 case SVM_EXIT_READ_DR0 ... SVM_EXIT_READ_DR0 + 7:
5117 if (env->intercept_dr_read & (1 << (type - SVM_EXIT_READ_DR0))) {
5118 helper_vmexit(type, param);
5121 case SVM_EXIT_WRITE_DR0 ... SVM_EXIT_WRITE_DR0 + 7:
5122 if (env->intercept_dr_write & (1 << (type - SVM_EXIT_WRITE_DR0))) {
5123 helper_vmexit(type, param);
5126 case SVM_EXIT_EXCP_BASE ... SVM_EXIT_EXCP_BASE + 31:
5127 if (env->intercept_exceptions & (1 << (type - SVM_EXIT_EXCP_BASE))) {
5128 helper_vmexit(type, param);
5132 if (env->intercept & (1ULL << (SVM_EXIT_MSR - SVM_EXIT_INTR))) {
5133 /* FIXME: this should be read in at vmrun (faster this way?) */
5134 uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.msrpm_base_pa));
5136 switch((uint32_t)ECX) {
5141 case 0xc0000000 ... 0xc0001fff:
5142 t0 = (8192 + ECX - 0xc0000000) * 2;
5146 case 0xc0010000 ... 0xc0011fff:
5147 t0 = (16384 + ECX - 0xc0010000) * 2;
5152 helper_vmexit(type, param);
5157 if (ldub_phys(addr + t1) & ((1 << param) << t0))
5158 helper_vmexit(type, param);
5162 if (env->intercept & (1ULL << (type - SVM_EXIT_INTR))) {
5163 helper_vmexit(type, param);
5169 void helper_svm_check_io(uint32_t port, uint32_t param,
5170 uint32_t next_eip_addend)
5172 if (env->intercept & (1ULL << (SVM_EXIT_IOIO - SVM_EXIT_INTR))) {
5173 /* FIXME: this should be read in at vmrun (faster this way?) */
5174 uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.iopm_base_pa));
5175 uint16_t mask = (1 << ((param >> 4) & 7)) - 1;
5176 if(lduw_phys(addr + port / 8) & (mask << (port & 7))) {
5178 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2),
5179 env->eip + next_eip_addend);
5180 helper_vmexit(SVM_EXIT_IOIO, param | (port << 16));
5185 /* Note: currently only 32 bits of exit_code are used */
5186 void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
5190 if (loglevel & CPU_LOG_TB_IN_ASM)
5191 fprintf(logfile,"vmexit(%08x, %016" PRIx64 ", %016" PRIx64 ", " TARGET_FMT_lx ")!\n",
5192 exit_code, exit_info_1,
5193 ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2)),
5196 if(env->hflags & HF_INHIBIT_IRQ_MASK) {
5197 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_state), SVM_INTERRUPT_SHADOW_MASK);
5198 env->hflags &= ~HF_INHIBIT_IRQ_MASK;
5200 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_state), 0);
5203 /* Save the VM state in the vmcb */
5204 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.es),
5206 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.cs),
5208 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.ss),
5210 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.ds),
5213 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base), env->gdt.base);
5214 stl_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit), env->gdt.limit);
5216 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.base), env->idt.base);
5217 stl_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit), env->idt.limit);
5219 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.efer), env->efer);
5220 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr0), env->cr[0]);
5221 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr2), env->cr[2]);
5222 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr3), env->cr[3]);
5223 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr4), env->cr[4]);
5225 int_ctl = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
5226 int_ctl &= ~(V_TPR_MASK | V_IRQ_MASK);
5227 int_ctl |= env->v_tpr & V_TPR_MASK;
5228 if (env->interrupt_request & CPU_INTERRUPT_VIRQ)
5229 int_ctl |= V_IRQ_MASK;
5230 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl), int_ctl);
5232 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rflags), compute_eflags());
5233 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rip), env->eip);
5234 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rsp), ESP);
5235 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rax), EAX);
5236 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr7), env->dr[7]);
5237 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr6), env->dr[6]);
5238 stb_phys(env->vm_vmcb + offsetof(struct vmcb, save.cpl), env->hflags & HF_CPL_MASK);
5240 /* Reload the host state from vm_hsave */
5241 env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
5242 env->hflags &= ~HF_SVMI_MASK;
5244 env->intercept_exceptions = 0;
5245 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
5246 env->tsc_offset = 0;
5248 env->gdt.base = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.base));
5249 env->gdt.limit = ldl_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit));
5251 env->idt.base = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.base));
5252 env->idt.limit = ldl_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.limit));
5254 cpu_x86_update_cr0(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr0)) | CR0_PE_MASK);
5255 cpu_x86_update_cr4(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr4)));
5256 cpu_x86_update_cr3(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr3)));
5257 /* we need to set the efer after the crs so the hidden flags get
5260 ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.efer)));
5262 load_eflags(ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rflags)),
5263 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
5264 CC_OP = CC_OP_EFLAGS;
5266 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.es),
5268 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.cs),
5270 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.ss),
5272 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.ds),
5275 EIP = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip));
5276 ESP = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp));
5277 EAX = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax));
5279 env->dr[6] = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr6));
5280 env->dr[7] = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr7));
5283 cpu_x86_set_cpl(env, 0);
5284 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_code), exit_code);
5285 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_1), exit_info_1);
5287 env->hflags2 &= ~HF2_GIF_MASK;
5288 /* FIXME: Resets the current ASID register to zero (host ASID). */
5290 /* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */
5292 /* Clears the TSC_OFFSET inside the processor. */
5294 /* If the host is in PAE mode, the processor reloads the host's PDPEs
5295 from the page table indicated the host's CR3. If the PDPEs contain
5296 illegal state, the processor causes a shutdown. */
5298 /* Forces CR0.PE = 1, RFLAGS.VM = 0. */
5299 env->cr[0] |= CR0_PE_MASK;
5300 env->eflags &= ~VM_MASK;
5302 /* Disables all breakpoints in the host DR7 register. */
5304 /* Checks the reloaded host state for consistency. */
5306 /* If the host's rIP reloaded by #VMEXIT is outside the limit of the
5307 host's code segment or non-canonical (in the case of long mode), a
5308 #GP fault is delivered inside the host.) */
5310 /* remove any pending exception */
5311 env->exception_index = -1;
5312 env->error_code = 0;
5313 env->old_exception = -1;
5321 /* XXX: optimize by storing fptt and fptags in the static cpu state */
5322 void helper_enter_mmx(void)
5325 *(uint32_t *)(env->fptags) = 0;
5326 *(uint32_t *)(env->fptags + 4) = 0;
5329 void helper_emms(void)
5331 /* set to empty state */
5332 *(uint32_t *)(env->fptags) = 0x01010101;
5333 *(uint32_t *)(env->fptags + 4) = 0x01010101;
5337 void helper_movq(uint64_t *d, uint64_t *s)
5343 #include "ops_sse.h"
5346 #include "ops_sse.h"
5349 #include "helper_template.h"
5353 #include "helper_template.h"
5357 #include "helper_template.h"
5360 #ifdef TARGET_X86_64
5363 #include "helper_template.h"
5368 /* bit operations */
5369 target_ulong helper_bsf(target_ulong t0)
5376 while ((res & 1) == 0) {
5383 target_ulong helper_bsr(target_ulong t0)
5386 target_ulong res, mask;
5389 count = TARGET_LONG_BITS - 1;
5390 mask = (target_ulong)1 << (TARGET_LONG_BITS - 1);
5391 while ((res & mask) == 0) {
5399 static int compute_all_eflags(void)
5404 static int compute_c_eflags(void)
5406 return CC_SRC & CC_C;
5409 CCTable cc_table[CC_OP_NB] = {
5410 [CC_OP_DYNAMIC] = { /* should never happen */ },
5412 [CC_OP_EFLAGS] = { compute_all_eflags, compute_c_eflags },
5414 [CC_OP_MULB] = { compute_all_mulb, compute_c_mull },
5415 [CC_OP_MULW] = { compute_all_mulw, compute_c_mull },
5416 [CC_OP_MULL] = { compute_all_mull, compute_c_mull },
5418 [CC_OP_ADDB] = { compute_all_addb, compute_c_addb },
5419 [CC_OP_ADDW] = { compute_all_addw, compute_c_addw },
5420 [CC_OP_ADDL] = { compute_all_addl, compute_c_addl },
5422 [CC_OP_ADCB] = { compute_all_adcb, compute_c_adcb },
5423 [CC_OP_ADCW] = { compute_all_adcw, compute_c_adcw },
5424 [CC_OP_ADCL] = { compute_all_adcl, compute_c_adcl },
5426 [CC_OP_SUBB] = { compute_all_subb, compute_c_subb },
5427 [CC_OP_SUBW] = { compute_all_subw, compute_c_subw },
5428 [CC_OP_SUBL] = { compute_all_subl, compute_c_subl },
5430 [CC_OP_SBBB] = { compute_all_sbbb, compute_c_sbbb },
5431 [CC_OP_SBBW] = { compute_all_sbbw, compute_c_sbbw },
5432 [CC_OP_SBBL] = { compute_all_sbbl, compute_c_sbbl },
5434 [CC_OP_LOGICB] = { compute_all_logicb, compute_c_logicb },
5435 [CC_OP_LOGICW] = { compute_all_logicw, compute_c_logicw },
5436 [CC_OP_LOGICL] = { compute_all_logicl, compute_c_logicl },
5438 [CC_OP_INCB] = { compute_all_incb, compute_c_incl },
5439 [CC_OP_INCW] = { compute_all_incw, compute_c_incl },
5440 [CC_OP_INCL] = { compute_all_incl, compute_c_incl },
5442 [CC_OP_DECB] = { compute_all_decb, compute_c_incl },
5443 [CC_OP_DECW] = { compute_all_decw, compute_c_incl },
5444 [CC_OP_DECL] = { compute_all_decl, compute_c_incl },
5446 [CC_OP_SHLB] = { compute_all_shlb, compute_c_shlb },
5447 [CC_OP_SHLW] = { compute_all_shlw, compute_c_shlw },
5448 [CC_OP_SHLL] = { compute_all_shll, compute_c_shll },
5450 [CC_OP_SARB] = { compute_all_sarb, compute_c_sarl },
5451 [CC_OP_SARW] = { compute_all_sarw, compute_c_sarl },
5452 [CC_OP_SARL] = { compute_all_sarl, compute_c_sarl },
5454 #ifdef TARGET_X86_64
5455 [CC_OP_MULQ] = { compute_all_mulq, compute_c_mull },
5457 [CC_OP_ADDQ] = { compute_all_addq, compute_c_addq },
5459 [CC_OP_ADCQ] = { compute_all_adcq, compute_c_adcq },
5461 [CC_OP_SUBQ] = { compute_all_subq, compute_c_subq },
5463 [CC_OP_SBBQ] = { compute_all_sbbq, compute_c_sbbq },
5465 [CC_OP_LOGICQ] = { compute_all_logicq, compute_c_logicq },
5467 [CC_OP_INCQ] = { compute_all_incq, compute_c_incl },
5469 [CC_OP_DECQ] = { compute_all_decq, compute_c_incl },
5471 [CC_OP_SHLQ] = { compute_all_shlq, compute_c_shlq },
5473 [CC_OP_SARQ] = { compute_all_sarq, compute_c_sarl },
projects / qemu / blob