VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/EMAll.cpp@ 25837

Last change on this file since 25837 was 25554, checked in by vboxsync, 15 years ago

trpmGCTrap0dHandler: use EMInterpretDisasOneEx
EMInterpretDisasOneEx: do not directly access RC pointers
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 116.0 KB
Line 
1/* $Id: EMAll.cpp 25554 2009-12-22 10:09:05Z vboxsync $ */
2/** @file
3 * EM - Execution Monitor(/Manager) - All contexts
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Header Files *
24*******************************************************************************/
25#define LOG_GROUP LOG_GROUP_EM
26#include <VBox/em.h>
27#include <VBox/mm.h>
28#include <VBox/selm.h>
29#include <VBox/patm.h>
30#include <VBox/csam.h>
31#include <VBox/pgm.h>
32#include <VBox/iom.h>
33#include <VBox/stam.h>
34#include "EMInternal.h"
35#include <VBox/vm.h>
36#include <VBox/vmm.h>
37#include <VBox/hwaccm.h>
38#include <VBox/tm.h>
39#include <VBox/pdmapi.h>
40
41#include <VBox/param.h>
42#include <VBox/err.h>
43#include <VBox/dis.h>
44#include <VBox/disopcode.h>
45#include <VBox/log.h>
46#include <iprt/assert.h>
47#include <iprt/asm.h>
48#include <iprt/string.h>
49
50
51/*******************************************************************************
52* Defined Constants And Macros *
53*******************************************************************************/
54/** @def EM_ASSERT_FAULT_RETURN
55 * Safety check.
56 *
57 * Could in theory misfire on a cross page boundary access...
58 *
59 * Currently disabled because the CSAM (+ PATM) patch monitoring occasionally
60 * turns up an alias page instead of the original faulting one and annoying the
61 * heck out of anyone running a debug build. See @bugref{2609} and @bugref{1931}.
62 */
63#if 0
64# define EM_ASSERT_FAULT_RETURN(expr, rc) AssertReturn(expr, rc)
65#else
66# define EM_ASSERT_FAULT_RETURN(expr, rc) do { } while (0)
67#endif
68
69/* Used to pass information during instruction disassembly. */
70typedef struct
71{
72 PVM pVM;
73 PVMCPU pVCpu;
74 RTGCPTR GCPtr;
75 uint8_t aOpcode[8];
76} EMDISSTATE, *PEMDISSTATE;
77
78/*******************************************************************************
79* Internal Functions *
80*******************************************************************************/
81DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize);
82
83
84
85/**
86 * Get the current execution manager status.
87 *
88 * @returns Current status.
89 * @param pVCpu The VMCPU to operate on.
90 */
91VMMDECL(EMSTATE) EMGetState(PVMCPU pVCpu)
92{
93 return pVCpu->em.s.enmState;
94}
95
96/**
97 * Sets the current execution manager status. (use only when you know what you're doing!)
98 *
99 * @param pVCpu The VMCPU to operate on.
100 */
101VMMDECL(void) EMSetState(PVMCPU pVCpu, EMSTATE enmNewState)
102{
103 /* Only allowed combination: */
104 Assert(pVCpu->em.s.enmState == EMSTATE_WAIT_SIPI && enmNewState == EMSTATE_HALTED);
105 pVCpu->em.s.enmState = enmNewState;
106}
107
108
109/**
110 * Read callback for disassembly function; supports reading bytes that cross a page boundary
111 *
112 * @returns VBox status code.
113 * @param pSrc GC source pointer
114 * @param pDest HC destination pointer
115 * @param cb Number of bytes to read
116 * @param dwUserdata Callback specific user data (pDis)
117 *
118 */
119DECLCALLBACK(int) EMReadBytes(RTUINTPTR pSrc, uint8_t *pDest, unsigned cb, void *pvUserdata)
120{
121 PDISCPUSTATE pDis = (PDISCPUSTATE)pvUserdata;
122 PEMDISSTATE pState = (PEMDISSTATE)pDis->apvUserData[0];
123 PVM pVM = pState->pVM;
124 PVMCPU pVCpu = pState->pVCpu;
125
126# ifdef IN_RING0
127 int rc;
128
129 if ( pState->GCPtr
130 && pSrc + cb <= pState->GCPtr + sizeof(pState->aOpcode))
131 {
132 unsigned offset = pSrc - pState->GCPtr;
133
134 Assert(pSrc >= pState->GCPtr);
135
136 for (unsigned i=0; i<cb; i++)
137 {
138 pDest[i] = pState->aOpcode[offset + i];
139 }
140 return VINF_SUCCESS;
141 }
142
143 rc = PGMPhysSimpleReadGCPtr(pVCpu, pDest, pSrc, cb);
144 AssertMsgRC(rc, ("PGMPhysSimpleReadGCPtr failed for pSrc=%RGv cb=%x rc=%d\n", pSrc, cb, rc));
145# elif defined(IN_RING3)
146 if (!PATMIsPatchGCAddr(pVM, pSrc))
147 {
148 int rc = PGMPhysSimpleReadGCPtr(pVCpu, pDest, pSrc, cb);
149 AssertRC(rc);
150 }
151 else
152 memcpy(pDest, PATMR3GCPtrToHCPtr(pVM, pSrc), cb);
153
154# elif defined(IN_RC)
155 if (!PATMIsPatchGCAddr(pVM, (RTRCPTR)pSrc))
156 {
157 int rc = MMGCRamRead(pVM, pDest, (void *)pSrc, cb);
158 if (rc == VERR_ACCESS_DENIED)
159 {
160 /* Recently flushed; access the data manually. */
161 rc = PGMPhysSimpleReadGCPtr(pVCpu, pDest, pSrc, cb);
162 AssertRC(rc);
163 }
164 }
165 else /* the hypervisor region is always present. */
166 memcpy(pDest, (RTRCPTR)pSrc, cb);
167
168# endif /* IN_RING3 */
169 return VINF_SUCCESS;
170}
171
172
173#ifndef IN_RC
174DECLINLINE(int) emDisCoreOne(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
175{
176 EMDISSTATE State;
177
178 State.pVM = pVM;
179 State.pVCpu = pVCpu;
180 int rc = PGMPhysSimpleReadGCPtr(pVCpu, &State.aOpcode, InstrGC, sizeof(State.aOpcode));
181 if (RT_SUCCESS(rc))
182 {
183 State.GCPtr = InstrGC;
184 }
185 else
186 {
187 if (PAGE_ADDRESS(InstrGC) == PAGE_ADDRESS(InstrGC + sizeof(State.aOpcode) - 1))
188 {
189 if (rc == VERR_PAGE_TABLE_NOT_PRESENT)
190 HWACCMInvalidatePage(pVCpu, InstrGC);
191
192 Log(("emDisCoreOne: read failed with %d\n", rc));
193 return rc;
194 }
195 State.GCPtr = NIL_RTGCPTR;
196 }
197 return DISCoreOneEx(InstrGC, pDis->mode, EMReadBytes, &State, pDis, pOpsize);
198}
199
200#else /* IN_RC */
201
202DECLINLINE(int) emDisCoreOne(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, RTGCUINTPTR InstrGC, uint32_t *pOpsize)
203{
204 EMDISSTATE State;
205
206 State.pVM = pVM;
207 State.pVCpu = pVCpu;
208 State.GCPtr = InstrGC;
209
210 return DISCoreOneEx(InstrGC, pDis->mode, EMReadBytes, &State, pDis, pOpsize);
211}
212
213#endif /* IN_RC */
214
215
216/**
217 * Disassembles one instruction.
218 *
219 * @returns VBox status code, see SELMToFlatEx and EMInterpretDisasOneEx for
220 * details.
221 * @retval VERR_INTERNAL_ERROR on DISCoreOneEx failure.
222 *
223 * @param pVM The VM handle.
224 * @param pVCpu The VMCPU handle.
225 * @param pCtxCore The context core (used for both the mode and instruction).
226 * @param pDis Where to return the parsed instruction info.
227 * @param pcbInstr Where to return the instruction size. (optional)
228 */
229VMMDECL(int) EMInterpretDisasOne(PVM pVM, PVMCPU pVCpu, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pDis, unsigned *pcbInstr)
230{
231 RTGCPTR GCPtrInstr;
232 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pCtxCore, pCtxCore->rip, 0, &GCPtrInstr);
233 if (RT_FAILURE(rc))
234 {
235 Log(("EMInterpretDisasOne: Failed to convert %RTsel:%RGv (cpl=%d) - rc=%Rrc !!\n",
236 pCtxCore->cs, (RTGCPTR)pCtxCore->rip, pCtxCore->ss & X86_SEL_RPL, rc));
237 return rc;
238 }
239 return EMInterpretDisasOneEx(pVM, pVCpu, (RTGCUINTPTR)GCPtrInstr, pCtxCore, pDis, pcbInstr);
240}
241
242
243/**
244 * Disassembles one instruction.
245 *
246 * This is used by internally by the interpreter and by trap/access handlers.
247 *
248 * @returns VBox status code.
249 * @retval VERR_INTERNAL_ERROR on DISCoreOneEx failure.
250 *
251 * @param pVM The VM handle.
252 * @param pVCpu The VMCPU handle.
253 * @param GCPtrInstr The flat address of the instruction.
254 * @param pCtxCore The context core (used to determine the cpu mode).
255 * @param pDis Where to return the parsed instruction info.
256 * @param pcbInstr Where to return the instruction size. (optional)
257 */
258VMMDECL(int) EMInterpretDisasOneEx(PVM pVM, PVMCPU pVCpu, RTGCUINTPTR GCPtrInstr, PCCPUMCTXCORE pCtxCore, PDISCPUSTATE pDis, unsigned *pcbInstr)
259{
260 int rc;
261 EMDISSTATE State;
262
263 State.pVM = pVM;
264 State.pVCpu = pVCpu;
265
266#ifdef IN_RC
267 State.GCPtr = GCPtrInstr;
268#else /* ring 0/3 */
269 rc = PGMPhysSimpleReadGCPtr(pVCpu, &State.aOpcode, GCPtrInstr, sizeof(State.aOpcode));
270 if (RT_SUCCESS(rc))
271 {
272 State.GCPtr = GCPtrInstr;
273 }
274 else
275 {
276 if (PAGE_ADDRESS(GCPtrInstr) == PAGE_ADDRESS(GCPtrInstr + sizeof(State.aOpcode) - 1))
277 {
278 if (rc == VERR_PAGE_TABLE_NOT_PRESENT)
279 HWACCMInvalidatePage(pVCpu, GCPtrInstr);
280
281 Log(("EMInterpretDisasOneEx: read failed with %d\n", rc));
282 return rc;
283 }
284 State.GCPtr = NIL_RTGCPTR;
285 }
286#endif
287
288 rc = DISCoreOneEx(GCPtrInstr, SELMGetCpuModeFromSelector(pVM, pCtxCore->eflags, pCtxCore->cs, (PCPUMSELREGHID)&pCtxCore->csHid),
289 EMReadBytes, &State,
290 pDis, pcbInstr);
291 if (RT_SUCCESS(rc))
292 return VINF_SUCCESS;
293 AssertMsgFailed(("DISCoreOne failed to GCPtrInstr=%RGv rc=%Rrc\n", GCPtrInstr, rc));
294 return VERR_INTERNAL_ERROR;
295}
296
297
298/**
299 * Interprets the current instruction.
300 *
301 * @returns VBox status code.
302 * @retval VINF_* Scheduling instructions.
303 * @retval VERR_EM_INTERPRETER Something we can't cope with.
304 * @retval VERR_* Fatal errors.
305 *
306 * @param pVM The VM handle.
307 * @param pVCpu The VMCPU handle.
308 * @param pRegFrame The register frame.
309 * Updates the EIP if an instruction was executed successfully.
310 * @param pvFault The fault address (CR2).
311 * @param pcbSize Size of the write (if applicable).
312 *
313 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
314 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
315 * to worry about e.g. invalid modrm combinations (!)
316 */
317VMMDECL(int) EMInterpretInstruction(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
318{
319 RTGCPTR pbCode;
320
321 LogFlow(("EMInterpretInstruction %RGv fault %RGv\n", (RTGCPTR)pRegFrame->rip, pvFault));
322 int rc = SELMToFlatEx(pVM, DIS_SELREG_CS, pRegFrame, pRegFrame->rip, 0, &pbCode);
323 if (RT_SUCCESS(rc))
324 {
325 uint32_t cbOp;
326 PDISCPUSTATE pDis = &pVCpu->em.s.DisState;
327 pDis->mode = SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->cs, &pRegFrame->csHid);
328 rc = emDisCoreOne(pVM, pVCpu, pDis, (RTGCUINTPTR)pbCode, &cbOp);
329 if (RT_SUCCESS(rc))
330 {
331 Assert(cbOp == pDis->opsize);
332 rc = EMInterpretInstructionCPU(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize);
333 if (RT_SUCCESS(rc))
334 pRegFrame->rip += cbOp; /* Move on to the next instruction. */
335
336 return rc;
337 }
338 }
339 return VERR_EM_INTERPRETER;
340}
341
342
343/**
344 * Interprets the current instruction using the supplied DISCPUSTATE structure.
345 *
346 * EIP is *NOT* updated!
347 *
348 * @returns VBox status code.
349 * @retval VINF_* Scheduling instructions. When these are returned, it
350 * starts to get a bit tricky to know whether code was
351 * executed or not... We'll address this when it becomes a problem.
352 * @retval VERR_EM_INTERPRETER Something we can't cope with.
353 * @retval VERR_* Fatal errors.
354 *
355 * @param pVM The VM handle.
356 * @param pVCpu The VMCPU handle.
357 * @param pDis The disassembler cpu state for the instruction to be
358 * interpreted.
359 * @param pRegFrame The register frame. EIP is *NOT* changed!
360 * @param pvFault The fault address (CR2).
361 * @param pcbSize Size of the write (if applicable).
362 *
363 * @remark Invalid opcode exceptions have a higher priority than GP (see Intel
364 * Architecture System Developers Manual, Vol 3, 5.5) so we don't need
365 * to worry about e.g. invalid modrm combinations (!)
366 *
367 * @todo At this time we do NOT check if the instruction overwrites vital information.
368 * Make sure this can't happen!! (will add some assertions/checks later)
369 */
370VMMDECL(int) EMInterpretInstructionCPU(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
371{
372 STAM_PROFILE_START(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
373 int rc = emInterpretInstructionCPU(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize);
374 STAM_PROFILE_STOP(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Emulate), a);
375 if (RT_SUCCESS(rc))
376 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretSucceeded));
377 else
378 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InterpretFailed));
379 return rc;
380}
381
382
383/**
384 * Interpret a port I/O instruction.
385 *
386 * @returns VBox status code suitable for scheduling.
387 * @param pVM The VM handle.
388 * @param pVCpu The VMCPU handle.
389 * @param pCtxCore The context core. This will be updated on successful return.
390 * @param pDis The instruction to interpret.
391 * @param cbOp The size of the instruction.
392 * @remark This may raise exceptions.
393 */
394VMMDECL(VBOXSTRICTRC) EMInterpretPortIO(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, PDISCPUSTATE pDis, uint32_t cbOp)
395{
396 /*
397 * Hand it on to IOM.
398 */
399#ifdef IN_RC
400 VBOXSTRICTRC rcStrict = IOMGCIOPortHandler(pVM, pCtxCore, pDis);
401 if (IOM_SUCCESS(rcStrict))
402 pCtxCore->rip += cbOp;
403 return rcStrict;
404#else
405 AssertReleaseMsgFailed(("not implemented\n"));
406 return VERR_NOT_IMPLEMENTED;
407#endif
408}
409
410
411DECLINLINE(int) emRamRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, void *pvDst, RTGCPTR GCPtrSrc, uint32_t cb)
412{
413#ifdef IN_RC
414 int rc = MMGCRamRead(pVM, pvDst, (void *)GCPtrSrc, cb);
415 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
416 return rc;
417 /*
418 * The page pool cache may end up here in some cases because it
419 * flushed one of the shadow mappings used by the trapping
420 * instruction and it either flushed the TLB or the CPU reused it.
421 */
422#endif
423 return PGMPhysInterpretedReadNoHandlers(pVCpu, pCtxCore, pvDst, GCPtrSrc, cb, /*fMayTrap*/ false);
424}
425
426
427DECLINLINE(int) emRamWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, RTGCPTR GCPtrDst, const void *pvSrc, uint32_t cb)
428{
429#ifdef IN_RC
430 int rc = MMGCRamWrite(pVM, (void *)(uintptr_t)GCPtrDst, (void *)pvSrc, cb);
431 if (RT_LIKELY(rc != VERR_ACCESS_DENIED))
432 return rc;
433 /*
434 * The page pool cache may end up here in some cases because it
435 * flushed one of the shadow mappings used by the trapping
436 * instruction and it either flushed the TLB or the CPU reused it.
437 * We want to play safe here, verifying that we've got write
438 * access doesn't cost us much (see PGMPhysGCPtr2GCPhys()).
439 */
440#endif
441 return PGMPhysInterpretedWriteNoHandlers(pVCpu, pCtxCore, GCPtrDst, pvSrc, cb, /*fMayTrap*/ false);
442}
443
444
445/** Convert sel:addr to a flat GC address. */
446DECLINLINE(RTGCPTR) emConvertToFlatAddr(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pDis, POP_PARAMETER pParam, RTGCPTR pvAddr)
447{
448 DIS_SELREG enmPrefixSeg = DISDetectSegReg(pDis, pParam);
449 return SELMToFlat(pVM, enmPrefixSeg, pRegFrame, pvAddr);
450}
451
452
453#if defined(VBOX_STRICT) || defined(LOG_ENABLED)
454/**
455 * Get the mnemonic for the disassembled instruction.
456 *
457 * GC/R0 doesn't include the strings in the DIS tables because
458 * of limited space.
459 */
460static const char *emGetMnemonic(PDISCPUSTATE pDis)
461{
462 switch (pDis->pCurInstr->opcode)
463 {
464 case OP_XCHG: return "Xchg";
465 case OP_DEC: return "Dec";
466 case OP_INC: return "Inc";
467 case OP_POP: return "Pop";
468 case OP_OR: return "Or";
469 case OP_AND: return "And";
470 case OP_MOV: return "Mov";
471 case OP_INVLPG: return "InvlPg";
472 case OP_CPUID: return "CpuId";
473 case OP_MOV_CR: return "MovCRx";
474 case OP_MOV_DR: return "MovDRx";
475 case OP_LLDT: return "LLdt";
476 case OP_LGDT: return "LGdt";
477 case OP_LIDT: return "LGdt";
478 case OP_CLTS: return "Clts";
479 case OP_MONITOR: return "Monitor";
480 case OP_MWAIT: return "MWait";
481 case OP_RDMSR: return "Rdmsr";
482 case OP_WRMSR: return "Wrmsr";
483 case OP_ADD: return "Add";
484 case OP_ADC: return "Adc";
485 case OP_SUB: return "Sub";
486 case OP_SBB: return "Sbb";
487 case OP_RDTSC: return "Rdtsc";
488 case OP_STI: return "Sti";
489 case OP_CLI: return "Cli";
490 case OP_XADD: return "XAdd";
491 case OP_HLT: return "Hlt";
492 case OP_IRET: return "Iret";
493 case OP_MOVNTPS: return "MovNTPS";
494 case OP_STOSWD: return "StosWD";
495 case OP_WBINVD: return "WbInvd";
496 case OP_XOR: return "Xor";
497 case OP_BTR: return "Btr";
498 case OP_BTS: return "Bts";
499 case OP_BTC: return "Btc";
500 case OP_LMSW: return "Lmsw";
501 case OP_SMSW: return "Smsw";
502 case OP_CMPXCHG: return pDis->prefix & PREFIX_LOCK ? "Lock CmpXchg" : "CmpXchg";
503 case OP_CMPXCHG8B: return pDis->prefix & PREFIX_LOCK ? "Lock CmpXchg8b" : "CmpXchg8b";
504
505 default:
506 Log(("Unknown opcode %d\n", pDis->pCurInstr->opcode));
507 return "???";
508 }
509}
510#endif /* VBOX_STRICT || LOG_ENABLED */
511
512
513/**
514 * XCHG instruction emulation.
515 */
516static int emInterpretXchg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
517{
518 OP_PARAMVAL param1, param2;
519
520 /* Source to make DISQueryParamVal read the register value - ugly hack */
521 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
522 if(RT_FAILURE(rc))
523 return VERR_EM_INTERPRETER;
524
525 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
526 if(RT_FAILURE(rc))
527 return VERR_EM_INTERPRETER;
528
529#ifdef IN_RC
530 if (TRPMHasTrap(pVCpu))
531 {
532 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
533 {
534#endif
535 RTGCPTR pParam1 = 0, pParam2 = 0;
536 uint64_t valpar1, valpar2;
537
538 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
539 switch(param1.type)
540 {
541 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
542 valpar1 = param1.val.val64;
543 break;
544
545 case PARMTYPE_ADDRESS:
546 pParam1 = (RTGCPTR)param1.val.val64;
547 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
548 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
549 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
550 if (RT_FAILURE(rc))
551 {
552 AssertMsgFailed(("MMGCRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
553 return VERR_EM_INTERPRETER;
554 }
555 break;
556
557 default:
558 AssertFailed();
559 return VERR_EM_INTERPRETER;
560 }
561
562 switch(param2.type)
563 {
564 case PARMTYPE_ADDRESS:
565 pParam2 = (RTGCPTR)param2.val.val64;
566 pParam2 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param2, pParam2);
567 EM_ASSERT_FAULT_RETURN(pParam2 == pvFault, VERR_EM_INTERPRETER);
568 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar2, pParam2, param2.size);
569 if (RT_FAILURE(rc))
570 {
571 AssertMsgFailed(("MMGCRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
572 }
573 break;
574
575 case PARMTYPE_IMMEDIATE:
576 valpar2 = param2.val.val64;
577 break;
578
579 default:
580 AssertFailed();
581 return VERR_EM_INTERPRETER;
582 }
583
584 /* Write value of parameter 2 to parameter 1 (reg or memory address) */
585 if (pParam1 == 0)
586 {
587 Assert(param1.type == PARMTYPE_IMMEDIATE); /* register actually */
588 switch(param1.size)
589 {
590 case 1: //special case for AH etc
591 rc = DISWriteReg8(pRegFrame, pDis->param1.base.reg_gen, (uint8_t )valpar2); break;
592 case 2: rc = DISWriteReg16(pRegFrame, pDis->param1.base.reg_gen, (uint16_t)valpar2); break;
593 case 4: rc = DISWriteReg32(pRegFrame, pDis->param1.base.reg_gen, (uint32_t)valpar2); break;
594 case 8: rc = DISWriteReg64(pRegFrame, pDis->param1.base.reg_gen, valpar2); break;
595 default: AssertFailedReturn(VERR_EM_INTERPRETER);
596 }
597 if (RT_FAILURE(rc))
598 return VERR_EM_INTERPRETER;
599 }
600 else
601 {
602 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar2, param1.size);
603 if (RT_FAILURE(rc))
604 {
605 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
606 return VERR_EM_INTERPRETER;
607 }
608 }
609
610 /* Write value of parameter 1 to parameter 2 (reg or memory address) */
611 if (pParam2 == 0)
612 {
613 Assert(param2.type == PARMTYPE_IMMEDIATE); /* register actually */
614 switch(param2.size)
615 {
616 case 1: //special case for AH etc
617 rc = DISWriteReg8(pRegFrame, pDis->param2.base.reg_gen, (uint8_t )valpar1); break;
618 case 2: rc = DISWriteReg16(pRegFrame, pDis->param2.base.reg_gen, (uint16_t)valpar1); break;
619 case 4: rc = DISWriteReg32(pRegFrame, pDis->param2.base.reg_gen, (uint32_t)valpar1); break;
620 case 8: rc = DISWriteReg64(pRegFrame, pDis->param2.base.reg_gen, valpar1); break;
621 default: AssertFailedReturn(VERR_EM_INTERPRETER);
622 }
623 if (RT_FAILURE(rc))
624 return VERR_EM_INTERPRETER;
625 }
626 else
627 {
628 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam2, &valpar1, param2.size);
629 if (RT_FAILURE(rc))
630 {
631 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
632 return VERR_EM_INTERPRETER;
633 }
634 }
635
636 *pcbSize = param2.size;
637 return VINF_SUCCESS;
638#ifdef IN_RC
639 }
640 }
641#endif
642 return VERR_EM_INTERPRETER;
643}
644
645
646/**
647 * INC and DEC emulation.
648 */
649static int emInterpretIncDec(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
650 PFNEMULATEPARAM2 pfnEmulate)
651{
652 OP_PARAMVAL param1;
653
654 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
655 if(RT_FAILURE(rc))
656 return VERR_EM_INTERPRETER;
657
658#ifdef IN_RC
659 if (TRPMHasTrap(pVCpu))
660 {
661 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
662 {
663#endif
664 RTGCPTR pParam1 = 0;
665 uint64_t valpar1;
666
667 if (param1.type == PARMTYPE_ADDRESS)
668 {
669 pParam1 = (RTGCPTR)param1.val.val64;
670 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
671#ifdef IN_RC
672 /* Safety check (in theory it could cross a page boundary and fault there though) */
673 AssertReturn(pParam1 == pvFault, VERR_EM_INTERPRETER);
674#endif
675 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
676 if (RT_FAILURE(rc))
677 {
678 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
679 return VERR_EM_INTERPRETER;
680 }
681 }
682 else
683 {
684 AssertFailed();
685 return VERR_EM_INTERPRETER;
686 }
687
688 uint32_t eflags;
689
690 eflags = pfnEmulate(&valpar1, param1.size);
691
692 /* Write result back */
693 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
694 if (RT_FAILURE(rc))
695 {
696 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
697 return VERR_EM_INTERPRETER;
698 }
699
700 /* Update guest's eflags and finish. */
701 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
702 | (eflags & (X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
703
704 /* All done! */
705 *pcbSize = param1.size;
706 return VINF_SUCCESS;
707#ifdef IN_RC
708 }
709 }
710#endif
711 return VERR_EM_INTERPRETER;
712}
713
714
715/**
716 * POP Emulation.
717 */
718static int emInterpretPop(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
719{
720 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
721 OP_PARAMVAL param1;
722 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
723 if(RT_FAILURE(rc))
724 return VERR_EM_INTERPRETER;
725
726#ifdef IN_RC
727 if (TRPMHasTrap(pVCpu))
728 {
729 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
730 {
731#endif
732 RTGCPTR pParam1 = 0;
733 uint32_t valpar1;
734 RTGCPTR pStackVal;
735
736 /* Read stack value first */
737 if (SELMGetCpuModeFromSelector(pVM, pRegFrame->eflags, pRegFrame->ss, &pRegFrame->ssHid) == CPUMODE_16BIT)
738 return VERR_EM_INTERPRETER; /* No legacy 16 bits stuff here, please. */
739
740 /* Convert address; don't bother checking limits etc, as we only read here */
741 pStackVal = SELMToFlat(pVM, DIS_SELREG_SS, pRegFrame, (RTGCPTR)pRegFrame->esp);
742 if (pStackVal == 0)
743 return VERR_EM_INTERPRETER;
744
745 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pStackVal, param1.size);
746 if (RT_FAILURE(rc))
747 {
748 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
749 return VERR_EM_INTERPRETER;
750 }
751
752 if (param1.type == PARMTYPE_ADDRESS)
753 {
754 pParam1 = (RTGCPTR)param1.val.val64;
755
756 /* pop [esp+xx] uses esp after the actual pop! */
757 AssertCompile(USE_REG_ESP == USE_REG_SP);
758 if ( (pDis->param1.flags & USE_BASE)
759 && (pDis->param1.flags & (USE_REG_GEN16|USE_REG_GEN32))
760 && pDis->param1.base.reg_gen == USE_REG_ESP
761 )
762 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + param1.size);
763
764 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
765 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault || (RTGCPTR)pRegFrame->esp == pvFault, VERR_EM_INTERPRETER);
766 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
767 if (RT_FAILURE(rc))
768 {
769 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
770 return VERR_EM_INTERPRETER;
771 }
772
773 /* Update ESP as the last step */
774 pRegFrame->esp += param1.size;
775 }
776 else
777 {
778#ifndef DEBUG_bird // annoying assertion.
779 AssertFailed();
780#endif
781 return VERR_EM_INTERPRETER;
782 }
783
784 /* All done! */
785 *pcbSize = param1.size;
786 return VINF_SUCCESS;
787#ifdef IN_RC
788 }
789 }
790#endif
791 return VERR_EM_INTERPRETER;
792}
793
794
795/**
796 * XOR/OR/AND Emulation.
797 */
798static int emInterpretOrXorAnd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
799 PFNEMULATEPARAM3 pfnEmulate)
800{
801 OP_PARAMVAL param1, param2;
802
803 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
804 if(RT_FAILURE(rc))
805 return VERR_EM_INTERPRETER;
806
807 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
808 if(RT_FAILURE(rc))
809 return VERR_EM_INTERPRETER;
810
811#ifdef IN_RC
812 if (TRPMHasTrap(pVCpu))
813 {
814 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
815 {
816#endif
817 RTGCPTR pParam1;
818 uint64_t valpar1, valpar2;
819
820 if (pDis->param1.size != pDis->param2.size)
821 {
822 if (pDis->param1.size < pDis->param2.size)
823 {
824 AssertMsgFailed(("%s at %RGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip, pDis->param1.size, pDis->param2.size)); /* should never happen! */
825 return VERR_EM_INTERPRETER;
826 }
827 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
828 pDis->param2.size = pDis->param1.size;
829 param2.size = param1.size;
830 }
831
832 /* The destination is always a virtual address */
833 if (param1.type == PARMTYPE_ADDRESS)
834 {
835 pParam1 = (RTGCPTR)param1.val.val64;
836 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
837 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
838 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
839 if (RT_FAILURE(rc))
840 {
841 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
842 return VERR_EM_INTERPRETER;
843 }
844 }
845 else
846 {
847 AssertFailed();
848 return VERR_EM_INTERPRETER;
849 }
850
851 /* Register or immediate data */
852 switch(param2.type)
853 {
854 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
855 valpar2 = param2.val.val64;
856 break;
857
858 default:
859 AssertFailed();
860 return VERR_EM_INTERPRETER;
861 }
862
863 LogFlow(("emInterpretOrXorAnd %s %RGv %RX64 - %RX64 size %d (%d)\n", emGetMnemonic(pDis), pParam1, valpar1, valpar2, param2.size, param1.size));
864
865 /* Data read, emulate instruction. */
866 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
867
868 LogFlow(("emInterpretOrXorAnd %s result %RX64\n", emGetMnemonic(pDis), valpar1));
869
870 /* Update guest's eflags and finish. */
871 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
872 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
873
874 /* And write it back */
875 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
876 if (RT_SUCCESS(rc))
877 {
878 /* All done! */
879 *pcbSize = param2.size;
880 return VINF_SUCCESS;
881 }
882#ifdef IN_RC
883 }
884 }
885#endif
886 return VERR_EM_INTERPRETER;
887}
888
889
890/**
891 * LOCK XOR/OR/AND Emulation.
892 */
893static int emInterpretLockOrXorAnd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
894 uint32_t *pcbSize, PFNEMULATELOCKPARAM3 pfnEmulate)
895{
896 void *pvParam1;
897 OP_PARAMVAL param1, param2;
898
899#if HC_ARCH_BITS == 32
900 Assert(pDis->param1.size <= 4);
901#endif
902
903 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
904 if(RT_FAILURE(rc))
905 return VERR_EM_INTERPRETER;
906
907 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
908 if(RT_FAILURE(rc))
909 return VERR_EM_INTERPRETER;
910
911 if (pDis->param1.size != pDis->param2.size)
912 {
913 AssertMsgReturn(pDis->param1.size >= pDis->param2.size, /* should never happen! */
914 ("%s at %RGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip, pDis->param1.size, pDis->param2.size),
915 VERR_EM_INTERPRETER);
916
917 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
918 pDis->param2.size = pDis->param1.size;
919 param2.size = param1.size;
920 }
921
922#ifdef IN_RC
923 /* Safety check (in theory it could cross a page boundary and fault there though) */
924 Assert( TRPMHasTrap(pVCpu)
925 && (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW));
926 EM_ASSERT_FAULT_RETURN(GCPtrPar1 == pvFault, VERR_EM_INTERPRETER);
927#endif
928
929 /* Register and immediate data == PARMTYPE_IMMEDIATE */
930 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
931 RTGCUINTREG ValPar2 = param2.val.val64;
932
933 /* The destination is always a virtual address */
934 AssertReturn(param1.type == PARMTYPE_ADDRESS, VERR_EM_INTERPRETER);
935
936 RTGCPTR GCPtrPar1 = param1.val.val64;
937 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
938#ifdef IN_RC
939 pvParam1 = (void *)GCPtrPar1;
940#else
941 PGMPAGEMAPLOCK Lock;
942 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
943 AssertRCReturn(rc, VERR_EM_INTERPRETER);
944#endif
945
946 /* Try emulate it with a one-shot #PF handler in place. (RC) */
947 Log2(("%s %RGv imm%d=%RX64\n", emGetMnemonic(pDis), GCPtrPar1, pDis->param2.size*8, ValPar2));
948
949 RTGCUINTREG32 eflags = 0;
950#ifdef IN_RC
951 MMGCRamRegisterTrapHandler(pVM);
952#endif
953 rc = pfnEmulate(pvParam1, ValPar2, pDis->param2.size, &eflags);
954#ifdef IN_RC
955 MMGCRamDeregisterTrapHandler(pVM);
956#else
957 PGMPhysReleasePageMappingLock(pVM, &Lock);
958#endif
959 if (RT_FAILURE(rc))
960 {
961 Log(("%s %RGv imm%d=%RX64-> emulation failed due to page fault!\n", emGetMnemonic(pDis), GCPtrPar1, pDis->param2.size*8, ValPar2));
962 return VERR_EM_INTERPRETER;
963 }
964
965 /* Update guest's eflags and finish. */
966 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
967 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
968
969 *pcbSize = param2.size;
970 return VINF_SUCCESS;
971}
972
973
974/**
975 * ADD, ADC & SUB Emulation.
976 */
977static int emInterpretAddSub(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
978 PFNEMULATEPARAM3 pfnEmulate)
979{
980 OP_PARAMVAL param1, param2;
981 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
982 if(RT_FAILURE(rc))
983 return VERR_EM_INTERPRETER;
984
985 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
986 if(RT_FAILURE(rc))
987 return VERR_EM_INTERPRETER;
988
989#ifdef IN_RC
990 if (TRPMHasTrap(pVCpu))
991 {
992 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
993 {
994#endif
995 RTGCPTR pParam1;
996 uint64_t valpar1, valpar2;
997
998 if (pDis->param1.size != pDis->param2.size)
999 {
1000 if (pDis->param1.size < pDis->param2.size)
1001 {
1002 AssertMsgFailed(("%s at %RGv parameter mismatch %d vs %d!!\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip, pDis->param1.size, pDis->param2.size)); /* should never happen! */
1003 return VERR_EM_INTERPRETER;
1004 }
1005 /* Or %Ev, Ib -> just a hack to save some space; the data width of the 1st parameter determines the real width */
1006 pDis->param2.size = pDis->param1.size;
1007 param2.size = param1.size;
1008 }
1009
1010 /* The destination is always a virtual address */
1011 if (param1.type == PARMTYPE_ADDRESS)
1012 {
1013 pParam1 = (RTGCPTR)param1.val.val64;
1014 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
1015 EM_ASSERT_FAULT_RETURN(pParam1 == pvFault, VERR_EM_INTERPRETER);
1016 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, param1.size);
1017 if (RT_FAILURE(rc))
1018 {
1019 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
1020 return VERR_EM_INTERPRETER;
1021 }
1022 }
1023 else
1024 {
1025#ifndef DEBUG_bird
1026 AssertFailed();
1027#endif
1028 return VERR_EM_INTERPRETER;
1029 }
1030
1031 /* Register or immediate data */
1032 switch(param2.type)
1033 {
1034 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1035 valpar2 = param2.val.val64;
1036 break;
1037
1038 default:
1039 AssertFailed();
1040 return VERR_EM_INTERPRETER;
1041 }
1042
1043 /* Data read, emulate instruction. */
1044 uint32_t eflags = pfnEmulate(&valpar1, valpar2, param2.size);
1045
1046 /* Update guest's eflags and finish. */
1047 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1048 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1049
1050 /* And write it back */
1051 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, param1.size);
1052 if (RT_SUCCESS(rc))
1053 {
1054 /* All done! */
1055 *pcbSize = param2.size;
1056 return VINF_SUCCESS;
1057 }
1058#ifdef IN_RC
1059 }
1060 }
1061#endif
1062 return VERR_EM_INTERPRETER;
1063}
1064
1065
1066/**
1067 * ADC Emulation.
1068 */
1069static int emInterpretAdc(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1070{
1071 if (pRegFrame->eflags.Bits.u1CF)
1072 return emInterpretAddSub(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, EMEmulateAdcWithCarrySet);
1073 else
1074 return emInterpretAddSub(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, EMEmulateAdd);
1075}
1076
1077
1078/**
1079 * BTR/C/S Emulation.
1080 */
1081static int emInterpretBitTest(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize,
1082 PFNEMULATEPARAM2UINT32 pfnEmulate)
1083{
1084 OP_PARAMVAL param1, param2;
1085 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
1086 if(RT_FAILURE(rc))
1087 return VERR_EM_INTERPRETER;
1088
1089 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1090 if(RT_FAILURE(rc))
1091 return VERR_EM_INTERPRETER;
1092
1093#ifdef IN_RC
1094 if (TRPMHasTrap(pVCpu))
1095 {
1096 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1097 {
1098#endif
1099 RTGCPTR pParam1;
1100 uint64_t valpar1 = 0, valpar2;
1101 uint32_t eflags;
1102
1103 /* The destination is always a virtual address */
1104 if (param1.type != PARMTYPE_ADDRESS)
1105 return VERR_EM_INTERPRETER;
1106
1107 pParam1 = (RTGCPTR)param1.val.val64;
1108 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
1109
1110 /* Register or immediate data */
1111 switch(param2.type)
1112 {
1113 case PARMTYPE_IMMEDIATE: /* both immediate data and register (ugly) */
1114 valpar2 = param2.val.val64;
1115 break;
1116
1117 default:
1118 AssertFailed();
1119 return VERR_EM_INTERPRETER;
1120 }
1121
1122 Log2(("emInterpret%s: pvFault=%RGv pParam1=%RGv val2=%x\n", emGetMnemonic(pDis), pvFault, pParam1, valpar2));
1123 pParam1 = (RTGCPTR)((RTGCUINTPTR)pParam1 + valpar2/8);
1124 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)pParam1 & ~3) == pvFault, VERR_EM_INTERPRETER);
1125 rc = emRamRead(pVM, pVCpu, pRegFrame, &valpar1, pParam1, 1);
1126 if (RT_FAILURE(rc))
1127 {
1128 AssertMsgFailed(("emRamRead %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
1129 return VERR_EM_INTERPRETER;
1130 }
1131
1132 Log2(("emInterpretBtx: val=%x\n", valpar1));
1133 /* Data read, emulate bit test instruction. */
1134 eflags = pfnEmulate(&valpar1, valpar2 & 0x7);
1135
1136 Log2(("emInterpretBtx: val=%x CF=%d\n", valpar1, !!(eflags & X86_EFL_CF)));
1137
1138 /* Update guest's eflags and finish. */
1139 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1140 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1141
1142 /* And write it back */
1143 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &valpar1, 1);
1144 if (RT_SUCCESS(rc))
1145 {
1146 /* All done! */
1147 *pcbSize = 1;
1148 return VINF_SUCCESS;
1149 }
1150#ifdef IN_RC
1151 }
1152 }
1153#endif
1154 return VERR_EM_INTERPRETER;
1155}
1156
1157
1158/**
1159 * LOCK BTR/C/S Emulation.
1160 */
1161static int emInterpretLockBitTest(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault,
1162 uint32_t *pcbSize, PFNEMULATELOCKPARAM2 pfnEmulate)
1163{
1164 void *pvParam1;
1165
1166 OP_PARAMVAL param1, param2;
1167 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
1168 if(RT_FAILURE(rc))
1169 return VERR_EM_INTERPRETER;
1170
1171 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1172 if(RT_FAILURE(rc))
1173 return VERR_EM_INTERPRETER;
1174
1175 /* The destination is always a virtual address */
1176 if (param1.type != PARMTYPE_ADDRESS)
1177 return VERR_EM_INTERPRETER;
1178
1179 /* Register and immediate data == PARMTYPE_IMMEDIATE */
1180 AssertReturn(param2.type == PARMTYPE_IMMEDIATE, VERR_EM_INTERPRETER);
1181 uint64_t ValPar2 = param2.val.val64;
1182
1183 /* Adjust the parameters so what we're dealing with is a bit within the byte pointed to. */
1184 RTGCPTR GCPtrPar1 = param1.val.val64;
1185 GCPtrPar1 = (GCPtrPar1 + ValPar2 / 8);
1186 ValPar2 &= 7;
1187
1188 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
1189#ifdef IN_RC
1190 Assert(TRPMHasTrap(pVCpu));
1191 EM_ASSERT_FAULT_RETURN((RTGCPTR)((RTGCUINTPTR)GCPtrPar1 & ~(RTGCUINTPTR)3) == pvFault, VERR_EM_INTERPRETER);
1192#endif
1193
1194#ifdef IN_RC
1195 pvParam1 = (void *)GCPtrPar1;
1196#else
1197 PGMPAGEMAPLOCK Lock;
1198 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
1199 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1200#endif
1201
1202 Log2(("emInterpretLockBitTest %s: pvFault=%RGv GCPtrPar1=%RGv imm=%RX64\n", emGetMnemonic(pDis), pvFault, GCPtrPar1, ValPar2));
1203
1204 /* Try emulate it with a one-shot #PF handler in place. (RC) */
1205 RTGCUINTREG32 eflags = 0;
1206#ifdef IN_RC
1207 MMGCRamRegisterTrapHandler(pVM);
1208#endif
1209 rc = pfnEmulate(pvParam1, ValPar2, &eflags);
1210#ifdef IN_RC
1211 MMGCRamDeregisterTrapHandler(pVM);
1212#else
1213 PGMPhysReleasePageMappingLock(pVM, &Lock);
1214#endif
1215 if (RT_FAILURE(rc))
1216 {
1217 Log(("emInterpretLockBitTest %s: %RGv imm%d=%RX64 -> emulation failed due to page fault!\n",
1218 emGetMnemonic(pDis), GCPtrPar1, pDis->param2.size*8, ValPar2));
1219 return VERR_EM_INTERPRETER;
1220 }
1221
1222 Log2(("emInterpretLockBitTest %s: GCPtrPar1=%RGv imm=%RX64 CF=%d\n", emGetMnemonic(pDis), GCPtrPar1, ValPar2, !!(eflags & X86_EFL_CF)));
1223
1224 /* Update guest's eflags and finish. */
1225 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1226 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1227
1228 *pcbSize = 1;
1229 return VINF_SUCCESS;
1230}
1231
1232
1233/**
1234 * MOV emulation.
1235 */
1236static int emInterpretMov(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1237{
1238 OP_PARAMVAL param1, param2;
1239 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_DEST);
1240 if(RT_FAILURE(rc))
1241 return VERR_EM_INTERPRETER;
1242
1243 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1244 if(RT_FAILURE(rc))
1245 return VERR_EM_INTERPRETER;
1246
1247#ifdef IN_RC
1248 if (TRPMHasTrap(pVCpu))
1249 {
1250 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1251 {
1252#else
1253 /** @todo Make this the default and don't rely on TRPM information. */
1254 if (param1.type == PARMTYPE_ADDRESS)
1255 {
1256#endif
1257 RTGCPTR pDest;
1258 uint64_t val64;
1259
1260 switch(param1.type)
1261 {
1262 case PARMTYPE_IMMEDIATE:
1263 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1264 return VERR_EM_INTERPRETER;
1265 /* fallthru */
1266
1267 case PARMTYPE_ADDRESS:
1268 pDest = (RTGCPTR)param1.val.val64;
1269 pDest = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pDest);
1270 break;
1271
1272 default:
1273 AssertFailed();
1274 return VERR_EM_INTERPRETER;
1275 }
1276
1277 switch(param2.type)
1278 {
1279 case PARMTYPE_IMMEDIATE: /* register type is translated to this one too */
1280 val64 = param2.val.val64;
1281 break;
1282
1283 default:
1284 Log(("emInterpretMov: unexpected type=%d rip=%RGv\n", param2.type, (RTGCPTR)pRegFrame->rip));
1285 return VERR_EM_INTERPRETER;
1286 }
1287#ifdef LOG_ENABLED
1288 if (pDis->mode == CPUMODE_64BIT)
1289 LogFlow(("EMInterpretInstruction at %RGv: OP_MOV %RGv <- %RX64 (%d) &val64=%RHv\n", (RTGCPTR)pRegFrame->rip, pDest, val64, param2.size, &val64));
1290 else
1291 LogFlow(("EMInterpretInstruction at %08RX64: OP_MOV %RGv <- %08X (%d) &val64=%RHv\n", pRegFrame->rip, pDest, (uint32_t)val64, param2.size, &val64));
1292#endif
1293
1294 Assert(param2.size <= 8 && param2.size > 0);
1295 EM_ASSERT_FAULT_RETURN(pDest == pvFault, VERR_EM_INTERPRETER);
1296 rc = emRamWrite(pVM, pVCpu, pRegFrame, pDest, &val64, param2.size);
1297 if (RT_FAILURE(rc))
1298 return VERR_EM_INTERPRETER;
1299
1300 *pcbSize = param2.size;
1301 }
1302 else
1303 { /* read fault */
1304 RTGCPTR pSrc;
1305 uint64_t val64;
1306
1307 /* Source */
1308 switch(param2.type)
1309 {
1310 case PARMTYPE_IMMEDIATE:
1311 if(!(param2.flags & (PARAM_VAL32|PARAM_VAL64)))
1312 return VERR_EM_INTERPRETER;
1313 /* fallthru */
1314
1315 case PARMTYPE_ADDRESS:
1316 pSrc = (RTGCPTR)param2.val.val64;
1317 pSrc = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param2, pSrc);
1318 break;
1319
1320 default:
1321 return VERR_EM_INTERPRETER;
1322 }
1323
1324 Assert(param1.size <= 8 && param1.size > 0);
1325 EM_ASSERT_FAULT_RETURN(pSrc == pvFault, VERR_EM_INTERPRETER);
1326 rc = emRamRead(pVM, pVCpu, pRegFrame, &val64, pSrc, param1.size);
1327 if (RT_FAILURE(rc))
1328 return VERR_EM_INTERPRETER;
1329
1330 /* Destination */
1331 switch(param1.type)
1332 {
1333 case PARMTYPE_REGISTER:
1334 switch(param1.size)
1335 {
1336 case 1: rc = DISWriteReg8(pRegFrame, pDis->param1.base.reg_gen, (uint8_t) val64); break;
1337 case 2: rc = DISWriteReg16(pRegFrame, pDis->param1.base.reg_gen, (uint16_t)val64); break;
1338 case 4: rc = DISWriteReg32(pRegFrame, pDis->param1.base.reg_gen, (uint32_t)val64); break;
1339 case 8: rc = DISWriteReg64(pRegFrame, pDis->param1.base.reg_gen, val64); break;
1340 default:
1341 return VERR_EM_INTERPRETER;
1342 }
1343 if (RT_FAILURE(rc))
1344 return rc;
1345 break;
1346
1347 default:
1348 return VERR_EM_INTERPRETER;
1349 }
1350#ifdef LOG_ENABLED
1351 if (pDis->mode == CPUMODE_64BIT)
1352 LogFlow(("EMInterpretInstruction: OP_MOV %RGv -> %RX64 (%d)\n", pSrc, val64, param1.size));
1353 else
1354 LogFlow(("EMInterpretInstruction: OP_MOV %RGv -> %08X (%d)\n", pSrc, (uint32_t)val64, param1.size));
1355#endif
1356 }
1357 return VINF_SUCCESS;
1358#ifdef IN_RC
1359 }
1360#endif
1361 return VERR_EM_INTERPRETER;
1362}
1363
1364
1365#ifndef IN_RC
1366/**
1367 * [REP] STOSWD emulation
1368 */
1369static int emInterpretStosWD(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1370{
1371 int rc;
1372 RTGCPTR GCDest, GCOffset;
1373 uint32_t cbSize;
1374 uint64_t cTransfers;
1375 int offIncrement;
1376
1377 /* Don't support any but these three prefix bytes. */
1378 if ((pDis->prefix & ~(PREFIX_ADDRSIZE|PREFIX_OPSIZE|PREFIX_REP|PREFIX_REX)))
1379 return VERR_EM_INTERPRETER;
1380
1381 switch (pDis->addrmode)
1382 {
1383 case CPUMODE_16BIT:
1384 GCOffset = pRegFrame->di;
1385 cTransfers = pRegFrame->cx;
1386 break;
1387 case CPUMODE_32BIT:
1388 GCOffset = pRegFrame->edi;
1389 cTransfers = pRegFrame->ecx;
1390 break;
1391 case CPUMODE_64BIT:
1392 GCOffset = pRegFrame->rdi;
1393 cTransfers = pRegFrame->rcx;
1394 break;
1395 default:
1396 AssertFailed();
1397 return VERR_EM_INTERPRETER;
1398 }
1399
1400 GCDest = SELMToFlat(pVM, DIS_SELREG_ES, pRegFrame, GCOffset);
1401 switch (pDis->opmode)
1402 {
1403 case CPUMODE_16BIT:
1404 cbSize = 2;
1405 break;
1406 case CPUMODE_32BIT:
1407 cbSize = 4;
1408 break;
1409 case CPUMODE_64BIT:
1410 cbSize = 8;
1411 break;
1412 default:
1413 AssertFailed();
1414 return VERR_EM_INTERPRETER;
1415 }
1416
1417 offIncrement = pRegFrame->eflags.Bits.u1DF ? -(signed)cbSize : (signed)cbSize;
1418
1419 if (!(pDis->prefix & PREFIX_REP))
1420 {
1421 LogFlow(("emInterpretStosWD dest=%04X:%RGv (%RGv) cbSize=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize));
1422
1423 rc = emRamWrite(pVM, pVCpu, pRegFrame, GCDest, &pRegFrame->rax, cbSize);
1424 if (RT_FAILURE(rc))
1425 return VERR_EM_INTERPRETER;
1426 Assert(rc == VINF_SUCCESS);
1427
1428 /* Update (e/r)di. */
1429 switch (pDis->addrmode)
1430 {
1431 case CPUMODE_16BIT:
1432 pRegFrame->di += offIncrement;
1433 break;
1434 case CPUMODE_32BIT:
1435 pRegFrame->edi += offIncrement;
1436 break;
1437 case CPUMODE_64BIT:
1438 pRegFrame->rdi += offIncrement;
1439 break;
1440 default:
1441 AssertFailed();
1442 return VERR_EM_INTERPRETER;
1443 }
1444
1445 }
1446 else
1447 {
1448 if (!cTransfers)
1449 return VINF_SUCCESS;
1450
1451 /*
1452 * Do *not* try emulate cross page stuff here because we don't know what might
1453 * be waiting for us on the subsequent pages. The caller has only asked us to
1454 * ignore access handlers fro the current page.
1455 * This also fends off big stores which would quickly kill PGMR0DynMap.
1456 */
1457 if ( cbSize > PAGE_SIZE
1458 || cTransfers > PAGE_SIZE
1459 || (GCDest >> PAGE_SHIFT) != ((GCDest + offIncrement * cTransfers) >> PAGE_SHIFT))
1460 {
1461 Log(("STOSWD is crosses pages, chicken out to the recompiler; GCDest=%RGv cbSize=%#x offIncrement=%d cTransfers=%#x\n",
1462 GCDest, cbSize, offIncrement, cTransfers));
1463 return VERR_EM_INTERPRETER;
1464 }
1465
1466 LogFlow(("emInterpretStosWD dest=%04X:%RGv (%RGv) cbSize=%d cTransfers=%x DF=%d\n", pRegFrame->es, GCOffset, GCDest, cbSize, cTransfers, pRegFrame->eflags.Bits.u1DF));
1467 /* Access verification first; we currently can't recover properly from traps inside this instruction */
1468 rc = PGMVerifyAccess(pVCpu, GCDest - ((offIncrement > 0) ? 0 : ((cTransfers-1) * cbSize)),
1469 cTransfers * cbSize,
1470 X86_PTE_RW | (CPUMGetGuestCPL(pVCpu, pRegFrame) == 3 ? X86_PTE_US : 0));
1471 if (rc != VINF_SUCCESS)
1472 {
1473 Log(("STOSWD will generate a trap -> recompiler, rc=%d\n", rc));
1474 return VERR_EM_INTERPRETER;
1475 }
1476
1477 /* REP case */
1478 while (cTransfers)
1479 {
1480 rc = emRamWrite(pVM, pVCpu, pRegFrame, GCDest, &pRegFrame->rax, cbSize);
1481 if (RT_FAILURE(rc))
1482 {
1483 rc = VERR_EM_INTERPRETER;
1484 break;
1485 }
1486
1487 Assert(rc == VINF_SUCCESS);
1488 GCOffset += offIncrement;
1489 GCDest += offIncrement;
1490 cTransfers--;
1491 }
1492
1493 /* Update the registers. */
1494 switch (pDis->addrmode)
1495 {
1496 case CPUMODE_16BIT:
1497 pRegFrame->di = GCOffset;
1498 pRegFrame->cx = cTransfers;
1499 break;
1500 case CPUMODE_32BIT:
1501 pRegFrame->edi = GCOffset;
1502 pRegFrame->ecx = cTransfers;
1503 break;
1504 case CPUMODE_64BIT:
1505 pRegFrame->rdi = GCOffset;
1506 pRegFrame->rcx = cTransfers;
1507 break;
1508 default:
1509 AssertFailed();
1510 return VERR_EM_INTERPRETER;
1511 }
1512 }
1513
1514 *pcbSize = cbSize;
1515 return rc;
1516}
1517#endif /* !IN_RC */
1518
1519#ifndef IN_RC
1520
1521/**
1522 * [LOCK] CMPXCHG emulation.
1523 */
1524static int emInterpretCmpXchg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1525{
1526 OP_PARAMVAL param1, param2;
1527
1528#if HC_ARCH_BITS == 32 && !defined(VBOX_WITH_HYBRID_32BIT_KERNEL_IN_R0)
1529 Assert(pDis->param1.size <= 4);
1530#endif
1531
1532 /* Source to make DISQueryParamVal read the register value - ugly hack */
1533 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1534 if(RT_FAILURE(rc))
1535 return VERR_EM_INTERPRETER;
1536
1537 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1538 if(RT_FAILURE(rc))
1539 return VERR_EM_INTERPRETER;
1540
1541 uint64_t valpar;
1542 switch(param2.type)
1543 {
1544 case PARMTYPE_IMMEDIATE: /* register actually */
1545 valpar = param2.val.val64;
1546 break;
1547
1548 default:
1549 return VERR_EM_INTERPRETER;
1550 }
1551
1552 PGMPAGEMAPLOCK Lock;
1553 RTGCPTR GCPtrPar1;
1554 void *pvParam1;
1555 uint64_t eflags;
1556
1557 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
1558 switch(param1.type)
1559 {
1560 case PARMTYPE_ADDRESS:
1561 GCPtrPar1 = param1.val.val64;
1562 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
1563
1564 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
1565 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1566 break;
1567
1568 default:
1569 return VERR_EM_INTERPRETER;
1570 }
1571
1572 LogFlow(("%s %RGv rax=%RX64 %RX64\n", emGetMnemonic(pDis), GCPtrPar1, pRegFrame->rax, valpar));
1573
1574 if (pDis->prefix & PREFIX_LOCK)
1575 eflags = EMEmulateLockCmpXchg(pvParam1, &pRegFrame->rax, valpar, pDis->param2.size);
1576 else
1577 eflags = EMEmulateCmpXchg(pvParam1, &pRegFrame->rax, valpar, pDis->param2.size);
1578
1579 LogFlow(("%s %RGv rax=%RX64 %RX64 ZF=%d\n", emGetMnemonic(pDis), GCPtrPar1, pRegFrame->rax, valpar, !!(eflags & X86_EFL_ZF)));
1580
1581 /* Update guest's eflags and finish. */
1582 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1583 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1584
1585 *pcbSize = param2.size;
1586 PGMPhysReleasePageMappingLock(pVM, &Lock);
1587 return VINF_SUCCESS;
1588}
1589
1590
1591/**
1592 * [LOCK] CMPXCHG8B emulation.
1593 */
1594static int emInterpretCmpXchg8b(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1595{
1596 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1597 OP_PARAMVAL param1;
1598
1599 /* Source to make DISQueryParamVal read the register value - ugly hack */
1600 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1601 if(RT_FAILURE(rc))
1602 return VERR_EM_INTERPRETER;
1603
1604 RTGCPTR GCPtrPar1;
1605 void *pvParam1;
1606 uint64_t eflags;
1607 PGMPAGEMAPLOCK Lock;
1608
1609 AssertReturn(pDis->param1.size == 8, VERR_EM_INTERPRETER);
1610 switch(param1.type)
1611 {
1612 case PARMTYPE_ADDRESS:
1613 GCPtrPar1 = param1.val.val64;
1614 GCPtrPar1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, GCPtrPar1);
1615
1616 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrPar1, &pvParam1, &Lock);
1617 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1618 break;
1619
1620 default:
1621 return VERR_EM_INTERPRETER;
1622 }
1623
1624 LogFlow(("%s %RGv=%08x eax=%08x\n", emGetMnemonic(pDis), pvParam1, pRegFrame->eax));
1625
1626 if (pDis->prefix & PREFIX_LOCK)
1627 eflags = EMEmulateLockCmpXchg8b(pvParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx);
1628 else
1629 eflags = EMEmulateCmpXchg8b(pvParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx);
1630
1631 LogFlow(("%s %RGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pDis), pvParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1632
1633 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1634 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1635 | (eflags & (X86_EFL_ZF));
1636
1637 *pcbSize = 8;
1638 PGMPhysReleasePageMappingLock(pVM, &Lock);
1639 return VINF_SUCCESS;
1640}
1641
1642#else /* IN_RC */
1643
1644/**
1645 * [LOCK] CMPXCHG emulation.
1646 */
1647static int emInterpretCmpXchg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1648{
1649 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1650 OP_PARAMVAL param1, param2;
1651
1652 /* Source to make DISQueryParamVal read the register value - ugly hack */
1653 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1654 if(RT_FAILURE(rc))
1655 return VERR_EM_INTERPRETER;
1656
1657 rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param2, &param2, PARAM_SOURCE);
1658 if(RT_FAILURE(rc))
1659 return VERR_EM_INTERPRETER;
1660
1661 if (TRPMHasTrap(pVCpu))
1662 {
1663 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1664 {
1665 RTRCPTR pParam1;
1666 uint32_t valpar, eflags;
1667
1668 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
1669 switch(param1.type)
1670 {
1671 case PARMTYPE_ADDRESS:
1672 pParam1 = (RTRCPTR)param1.val.val64;
1673 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1674 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1675 break;
1676
1677 default:
1678 return VERR_EM_INTERPRETER;
1679 }
1680
1681 switch(param2.type)
1682 {
1683 case PARMTYPE_IMMEDIATE: /* register actually */
1684 valpar = param2.val.val32;
1685 break;
1686
1687 default:
1688 return VERR_EM_INTERPRETER;
1689 }
1690
1691 LogFlow(("%s %RRv eax=%08x %08x\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, valpar));
1692
1693 MMGCRamRegisterTrapHandler(pVM);
1694 if (pDis->prefix & PREFIX_LOCK)
1695 rc = EMGCEmulateLockCmpXchg(pParam1, &pRegFrame->eax, valpar, pDis->param2.size, &eflags);
1696 else
1697 rc = EMGCEmulateCmpXchg(pParam1, &pRegFrame->eax, valpar, pDis->param2.size, &eflags);
1698 MMGCRamDeregisterTrapHandler(pVM);
1699
1700 if (RT_FAILURE(rc))
1701 {
1702 Log(("%s %RGv eax=%08x %08x -> emulation failed due to page fault!\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, valpar));
1703 return VERR_EM_INTERPRETER;
1704 }
1705
1706 LogFlow(("%s %RRv eax=%08x %08x ZF=%d\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, valpar, !!(eflags & X86_EFL_ZF)));
1707
1708 /* Update guest's eflags and finish. */
1709 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1710 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1711
1712 *pcbSize = param2.size;
1713 return VINF_SUCCESS;
1714 }
1715 }
1716 return VERR_EM_INTERPRETER;
1717}
1718
1719
1720/**
1721 * [LOCK] CMPXCHG8B emulation.
1722 */
1723static int emInterpretCmpXchg8b(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1724{
1725 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1726 OP_PARAMVAL param1;
1727
1728 /* Source to make DISQueryParamVal read the register value - ugly hack */
1729 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1730 if(RT_FAILURE(rc))
1731 return VERR_EM_INTERPRETER;
1732
1733 if (TRPMHasTrap(pVCpu))
1734 {
1735 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1736 {
1737 RTRCPTR pParam1;
1738 uint32_t eflags;
1739
1740 AssertReturn(pDis->param1.size == 8, VERR_EM_INTERPRETER);
1741 switch(param1.type)
1742 {
1743 case PARMTYPE_ADDRESS:
1744 pParam1 = (RTRCPTR)param1.val.val64;
1745 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1746 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1747 break;
1748
1749 default:
1750 return VERR_EM_INTERPRETER;
1751 }
1752
1753 LogFlow(("%s %RRv=%08x eax=%08x\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax));
1754
1755 MMGCRamRegisterTrapHandler(pVM);
1756 if (pDis->prefix & PREFIX_LOCK)
1757 rc = EMGCEmulateLockCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1758 else
1759 rc = EMGCEmulateCmpXchg8b(pParam1, &pRegFrame->eax, &pRegFrame->edx, pRegFrame->ebx, pRegFrame->ecx, &eflags);
1760 MMGCRamDeregisterTrapHandler(pVM);
1761
1762 if (RT_FAILURE(rc))
1763 {
1764 Log(("%s %RGv=%08x eax=%08x -> emulation failed due to page fault!\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax));
1765 return VERR_EM_INTERPRETER;
1766 }
1767
1768 LogFlow(("%s %RGv=%08x eax=%08x ZF=%d\n", emGetMnemonic(pDis), pParam1, pRegFrame->eax, !!(eflags & X86_EFL_ZF)));
1769
1770 /* Update guest's eflags and finish; note that *only* ZF is affected. */
1771 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_ZF))
1772 | (eflags & (X86_EFL_ZF));
1773
1774 *pcbSize = 8;
1775 return VINF_SUCCESS;
1776 }
1777 }
1778 return VERR_EM_INTERPRETER;
1779}
1780
1781#endif /* IN_RC */
1782
1783#ifdef IN_RC
1784/**
1785 * [LOCK] XADD emulation.
1786 */
1787static int emInterpretXAdd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1788{
1789 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
1790 OP_PARAMVAL param1;
1791 uint32_t *pParamReg2;
1792 size_t cbSizeParamReg2;
1793
1794 /* Source to make DISQueryParamVal read the register value - ugly hack */
1795 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1796 if(RT_FAILURE(rc))
1797 return VERR_EM_INTERPRETER;
1798
1799 rc = DISQueryParamRegPtr(pRegFrame, pDis, &pDis->param2, (void **)&pParamReg2, &cbSizeParamReg2);
1800 Assert(cbSizeParamReg2 <= 4);
1801 if(RT_FAILURE(rc))
1802 return VERR_EM_INTERPRETER;
1803
1804 if (TRPMHasTrap(pVCpu))
1805 {
1806 if (TRPMGetErrorCode(pVCpu) & X86_TRAP_PF_RW)
1807 {
1808 RTRCPTR pParam1;
1809 uint32_t eflags;
1810
1811 AssertReturn(pDis->param1.size == pDis->param2.size, VERR_EM_INTERPRETER);
1812 switch(param1.type)
1813 {
1814 case PARMTYPE_ADDRESS:
1815 pParam1 = (RTRCPTR)param1.val.val64;
1816 pParam1 = (RTRCPTR)emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, (RTGCPTR)(RTRCUINTPTR)pParam1);
1817 EM_ASSERT_FAULT_RETURN(pParam1 == (RTRCPTR)pvFault, VERR_EM_INTERPRETER);
1818 break;
1819
1820 default:
1821 return VERR_EM_INTERPRETER;
1822 }
1823
1824 LogFlow(("XAdd %RRv=%08x reg=%08x\n", pParam1, *pParamReg2));
1825
1826 MMGCRamRegisterTrapHandler(pVM);
1827 if (pDis->prefix & PREFIX_LOCK)
1828 rc = EMGCEmulateLockXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1829 else
1830 rc = EMGCEmulateXAdd(pParam1, pParamReg2, cbSizeParamReg2, &eflags);
1831 MMGCRamDeregisterTrapHandler(pVM);
1832
1833 if (RT_FAILURE(rc))
1834 {
1835 Log(("XAdd %RGv reg=%08x -> emulation failed due to page fault!\n", pParam1, *pParamReg2));
1836 return VERR_EM_INTERPRETER;
1837 }
1838
1839 LogFlow(("XAdd %RGv reg=%08x ZF=%d\n", pParam1, *pParamReg2, !!(eflags & X86_EFL_ZF)));
1840
1841 /* Update guest's eflags and finish. */
1842 pRegFrame->eflags.u32 = (pRegFrame->eflags.u32 & ~(X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF))
1843 | (eflags & (X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_OF));
1844
1845 *pcbSize = cbSizeParamReg2;
1846 return VINF_SUCCESS;
1847 }
1848 }
1849 return VERR_EM_INTERPRETER;
1850}
1851#endif /* IN_RC */
1852
1853
1854#ifdef IN_RC
1855/**
1856 * Interpret IRET (currently only to V86 code)
1857 *
1858 * @returns VBox status code.
1859 * @param pVM The VM handle.
1860 * @param pVCpu The VMCPU handle.
1861 * @param pRegFrame The register frame.
1862 *
1863 */
1864VMMDECL(int) EMInterpretIret(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
1865{
1866 RTGCUINTPTR pIretStack = (RTGCUINTPTR)pRegFrame->esp;
1867 RTGCUINTPTR eip, cs, esp, ss, eflags, ds, es, fs, gs, uMask;
1868 int rc;
1869
1870 Assert(!CPUMIsGuestIn64BitCode(pVCpu, pRegFrame));
1871
1872 rc = emRamRead(pVM, pVCpu, pRegFrame, &eip, (RTGCPTR)pIretStack , 4);
1873 rc |= emRamRead(pVM, pVCpu, pRegFrame, &cs, (RTGCPTR)(pIretStack + 4), 4);
1874 rc |= emRamRead(pVM, pVCpu, pRegFrame, &eflags, (RTGCPTR)(pIretStack + 8), 4);
1875 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1876 AssertReturn(eflags & X86_EFL_VM, VERR_EM_INTERPRETER);
1877
1878 rc |= emRamRead(pVM, pVCpu, pRegFrame, &esp, (RTGCPTR)(pIretStack + 12), 4);
1879 rc |= emRamRead(pVM, pVCpu, pRegFrame, &ss, (RTGCPTR)(pIretStack + 16), 4);
1880 rc |= emRamRead(pVM, pVCpu, pRegFrame, &es, (RTGCPTR)(pIretStack + 20), 4);
1881 rc |= emRamRead(pVM, pVCpu, pRegFrame, &ds, (RTGCPTR)(pIretStack + 24), 4);
1882 rc |= emRamRead(pVM, pVCpu, pRegFrame, &fs, (RTGCPTR)(pIretStack + 28), 4);
1883 rc |= emRamRead(pVM, pVCpu, pRegFrame, &gs, (RTGCPTR)(pIretStack + 32), 4);
1884 AssertRCReturn(rc, VERR_EM_INTERPRETER);
1885
1886 pRegFrame->eip = eip & 0xffff;
1887 pRegFrame->cs = cs;
1888
1889 /* Mask away all reserved bits */
1890 uMask = X86_EFL_CF | X86_EFL_PF | X86_EFL_AF | X86_EFL_ZF | X86_EFL_SF | X86_EFL_TF | X86_EFL_IF | X86_EFL_DF | X86_EFL_OF | X86_EFL_IOPL | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM | X86_EFL_AC | X86_EFL_VIF | X86_EFL_VIP | X86_EFL_ID;
1891 eflags &= uMask;
1892
1893#ifndef IN_RING0
1894 CPUMRawSetEFlags(pVCpu, pRegFrame, eflags);
1895#endif
1896 Assert((pRegFrame->eflags.u32 & (X86_EFL_IF|X86_EFL_IOPL)) == X86_EFL_IF);
1897
1898 pRegFrame->esp = esp;
1899 pRegFrame->ss = ss;
1900 pRegFrame->ds = ds;
1901 pRegFrame->es = es;
1902 pRegFrame->fs = fs;
1903 pRegFrame->gs = gs;
1904
1905 return VINF_SUCCESS;
1906}
1907#endif /* IN_RC */
1908
1909
1910/**
1911 * IRET Emulation.
1912 */
1913static int emInterpretIret(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1914{
1915 /* only allow direct calls to EMInterpretIret for now */
1916 return VERR_EM_INTERPRETER;
1917}
1918
1919/**
1920 * WBINVD Emulation.
1921 */
1922static int emInterpretWbInvd(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1923{
1924 /* Nothing to do. */
1925 return VINF_SUCCESS;
1926}
1927
1928
1929/**
1930 * Interpret INVLPG
1931 *
1932 * @returns VBox status code.
1933 * @param pVM The VM handle.
1934 * @param pVCpu The VMCPU handle.
1935 * @param pRegFrame The register frame.
1936 * @param pAddrGC Operand address
1937 *
1938 */
1939VMMDECL(int) EMInterpretInvlpg(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, RTGCPTR pAddrGC)
1940{
1941 int rc;
1942
1943 /** @todo is addr always a flat linear address or ds based
1944 * (in absence of segment override prefixes)????
1945 */
1946#ifdef IN_RC
1947 LogFlow(("RC: EMULATE: invlpg %RGv\n", pAddrGC));
1948#endif
1949 rc = PGMInvalidatePage(pVCpu, pAddrGC);
1950 if ( rc == VINF_SUCCESS
1951 || rc == VINF_PGM_SYNC_CR3 /* we can rely on the FF */)
1952 return VINF_SUCCESS;
1953 AssertMsgReturn(rc == VINF_EM_RAW_EMULATE_INSTR,
1954 ("%Rrc addr=%RGv\n", rc, pAddrGC),
1955 VERR_EM_INTERPRETER);
1956 return rc;
1957}
1958
1959
1960/**
1961 * INVLPG Emulation.
1962 */
1963static int emInterpretInvlPg(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
1964{
1965 OP_PARAMVAL param1;
1966 RTGCPTR addr;
1967
1968 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
1969 if(RT_FAILURE(rc))
1970 return VERR_EM_INTERPRETER;
1971
1972 switch(param1.type)
1973 {
1974 case PARMTYPE_IMMEDIATE:
1975 case PARMTYPE_ADDRESS:
1976 if(!(param1.flags & (PARAM_VAL32|PARAM_VAL64)))
1977 return VERR_EM_INTERPRETER;
1978 addr = (RTGCPTR)param1.val.val64;
1979 break;
1980
1981 default:
1982 return VERR_EM_INTERPRETER;
1983 }
1984
1985 /** @todo is addr always a flat linear address or ds based
1986 * (in absence of segment override prefixes)????
1987 */
1988#ifdef IN_RC
1989 LogFlow(("RC: EMULATE: invlpg %RGv\n", addr));
1990#endif
1991 rc = PGMInvalidatePage(pVCpu, addr);
1992 if ( rc == VINF_SUCCESS
1993 || rc == VINF_PGM_SYNC_CR3 /* we can rely on the FF */)
1994 return VINF_SUCCESS;
1995 AssertMsgReturn(rc == VINF_EM_RAW_EMULATE_INSTR,
1996 ("%Rrc addr=%RGv\n", rc, addr),
1997 VERR_EM_INTERPRETER);
1998 return rc;
1999}
2000
2001
2002/**
2003 * Interpret CPUID given the parameters in the CPU context
2004 *
2005 * @returns VBox status code.
2006 * @param pVM The VM handle.
2007 * @param pVCpu The VMCPU handle.
2008 * @param pRegFrame The register frame.
2009 *
2010 */
2011VMMDECL(int) EMInterpretCpuId(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2012{
2013 uint32_t iLeaf = pRegFrame->eax;
2014
2015 /* cpuid clears the high dwords of the affected 64 bits registers. */
2016 pRegFrame->rax = 0;
2017 pRegFrame->rbx = 0;
2018 pRegFrame->rcx &= UINT64_C(0x00000000ffffffff);
2019 pRegFrame->rdx = 0;
2020
2021 /* Note: operates the same in 64 and non-64 bits mode. */
2022 CPUMGetGuestCpuId(pVCpu, iLeaf, &pRegFrame->eax, &pRegFrame->ebx, &pRegFrame->ecx, &pRegFrame->edx);
2023 Log(("Emulate: CPUID %x -> %08x %08x %08x %08x\n", iLeaf, pRegFrame->eax, pRegFrame->ebx, pRegFrame->ecx, pRegFrame->edx));
2024 return VINF_SUCCESS;
2025}
2026
2027
2028/**
2029 * CPUID Emulation.
2030 */
2031static int emInterpretCpuId(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2032{
2033 int rc = EMInterpretCpuId(pVM, pVCpu, pRegFrame);
2034 return rc;
2035}
2036
2037
2038/**
2039 * Interpret CRx read
2040 *
2041 * @returns VBox status code.
2042 * @param pVM The VM handle.
2043 * @param pVCpu The VMCPU handle.
2044 * @param pRegFrame The register frame.
2045 * @param DestRegGen General purpose register index (USE_REG_E**))
2046 * @param SrcRegCRx CRx register index (USE_REG_CR*)
2047 *
2048 */
2049VMMDECL(int) EMInterpretCRxRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegCrx)
2050{
2051 int rc;
2052 uint64_t val64;
2053
2054 if (SrcRegCrx == USE_REG_CR8)
2055 {
2056 val64 = 0;
2057 rc = PDMApicGetTPR(pVCpu, (uint8_t *)&val64, NULL);
2058 AssertMsgRCReturn(rc, ("PDMApicGetTPR failed\n"), VERR_EM_INTERPRETER);
2059 val64 >>= 4; /* bits 7-4 contain the task priority that go in cr8, bits 3-0*/
2060 }
2061 else
2062 {
2063 rc = CPUMGetGuestCRx(pVCpu, SrcRegCrx, &val64);
2064 AssertMsgRCReturn(rc, ("CPUMGetGuestCRx %d failed\n", SrcRegCrx), VERR_EM_INTERPRETER);
2065 }
2066
2067 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2068 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2069 else
2070 rc = DISWriteReg32(pRegFrame, DestRegGen, val64);
2071
2072 if(RT_SUCCESS(rc))
2073 {
2074 LogFlow(("MOV_CR: gen32=%d CR=%d val=%RX64\n", DestRegGen, SrcRegCrx, val64));
2075 return VINF_SUCCESS;
2076 }
2077 return VERR_EM_INTERPRETER;
2078}
2079
2080
2081
2082/**
2083 * Interpret CLTS
2084 *
2085 * @returns VBox status code.
2086 * @param pVM The VM handle.
2087 * @param pVCpu The VMCPU handle.
2088 *
2089 */
2090VMMDECL(int) EMInterpretCLTS(PVM pVM, PVMCPU pVCpu)
2091{
2092 uint64_t cr0 = CPUMGetGuestCR0(pVCpu);
2093 if (!(cr0 & X86_CR0_TS))
2094 return VINF_SUCCESS;
2095 return CPUMSetGuestCR0(pVCpu, cr0 & ~X86_CR0_TS);
2096}
2097
2098/**
2099 * CLTS Emulation.
2100 */
2101static int emInterpretClts(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2102{
2103 return EMInterpretCLTS(pVM, pVCpu);
2104}
2105
2106
2107/**
2108 * Update CRx
2109 *
2110 * @returns VBox status code.
2111 * @param pVM The VM handle.
2112 * @param pVCpu The VMCPU handle.
2113 * @param pRegFrame The register frame.
2114 * @param DestRegCRx CRx register index (USE_REG_CR*)
2115 * @param val New CRx value
2116 *
2117 */
2118static int emUpdateCRx(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint64_t val)
2119{
2120 uint64_t oldval;
2121 uint64_t msrEFER;
2122 int rc, rc2;
2123
2124 /** @todo Clean up this mess. */
2125 LogFlow(("EMInterpretCRxWrite at %RGv CR%d <- %RX64\n", (RTGCPTR)pRegFrame->rip, DestRegCrx, val));
2126 switch (DestRegCrx)
2127 {
2128 case USE_REG_CR0:
2129 oldval = CPUMGetGuestCR0(pVCpu);
2130#ifdef IN_RC
2131 /* CR0.WP and CR0.AM changes require a reschedule run in ring 3. */
2132 if ( (val & (X86_CR0_WP | X86_CR0_AM))
2133 != (oldval & (X86_CR0_WP | X86_CR0_AM)))
2134 return VERR_EM_INTERPRETER;
2135#endif
2136 rc = VINF_SUCCESS;
2137 CPUMSetGuestCR0(pVCpu, val);
2138 val = CPUMGetGuestCR0(pVCpu);
2139 if ( (oldval & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE))
2140 != (val & (X86_CR0_PG | X86_CR0_WP | X86_CR0_PE)))
2141 {
2142 /* global flush */
2143 rc = PGMFlushTLB(pVCpu, CPUMGetGuestCR3(pVCpu), true /* global */);
2144 AssertRCReturn(rc, rc);
2145 }
2146
2147 /* Deal with long mode enabling/disabling. */
2148 msrEFER = CPUMGetGuestEFER(pVCpu);
2149 if (msrEFER & MSR_K6_EFER_LME)
2150 {
2151 if ( !(oldval & X86_CR0_PG)
2152 && (val & X86_CR0_PG))
2153 {
2154 /* Illegal to have an active 64 bits CS selector (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2155 if (pRegFrame->csHid.Attr.n.u1Long)
2156 {
2157 AssertMsgFailed(("Illegal enabling of paging with CS.u1Long = 1!!\n"));
2158 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2159 }
2160
2161 /* Illegal to switch to long mode before activating PAE first (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2162 if (!(CPUMGetGuestCR4(pVCpu) & X86_CR4_PAE))
2163 {
2164 AssertMsgFailed(("Illegal enabling of paging with PAE disabled!!\n"));
2165 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
2166 }
2167 msrEFER |= MSR_K6_EFER_LMA;
2168 }
2169 else
2170 if ( (oldval & X86_CR0_PG)
2171 && !(val & X86_CR0_PG))
2172 {
2173 msrEFER &= ~MSR_K6_EFER_LMA;
2174 /* @todo Do we need to cut off rip here? High dword of rip is undefined, so it shouldn't really matter. */
2175 }
2176 CPUMSetGuestEFER(pVCpu, msrEFER);
2177 }
2178 rc2 = PGMChangeMode(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR4(pVCpu), CPUMGetGuestEFER(pVCpu));
2179 return rc2 == VINF_SUCCESS ? rc : rc2;
2180
2181 case USE_REG_CR2:
2182 rc = CPUMSetGuestCR2(pVCpu, val); AssertRC(rc);
2183 return VINF_SUCCESS;
2184
2185 case USE_REG_CR3:
2186 /* Reloading the current CR3 means the guest just wants to flush the TLBs */
2187 rc = CPUMSetGuestCR3(pVCpu, val); AssertRC(rc);
2188 if (CPUMGetGuestCR0(pVCpu) & X86_CR0_PG)
2189 {
2190 /* flush */
2191 rc = PGMFlushTLB(pVCpu, val, !(CPUMGetGuestCR4(pVCpu) & X86_CR4_PGE));
2192 AssertRCReturn(rc, rc);
2193 }
2194 return rc;
2195
2196 case USE_REG_CR4:
2197 oldval = CPUMGetGuestCR4(pVCpu);
2198 rc = CPUMSetGuestCR4(pVCpu, val); AssertRC(rc);
2199 val = CPUMGetGuestCR4(pVCpu);
2200
2201 /* Illegal to disable PAE when long mode is active. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
2202 msrEFER = CPUMGetGuestEFER(pVCpu);
2203 if ( (msrEFER & MSR_K6_EFER_LMA)
2204 && (oldval & X86_CR4_PAE)
2205 && !(val & X86_CR4_PAE))
2206 {
2207 return VERR_EM_INTERPRETER; /** @todo generate #GP(0) */
2208 }
2209
2210 rc = VINF_SUCCESS;
2211 if ( (oldval & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE))
2212 != (val & (X86_CR4_PGE|X86_CR4_PAE|X86_CR4_PSE)))
2213 {
2214 /* global flush */
2215 rc = PGMFlushTLB(pVCpu, CPUMGetGuestCR3(pVCpu), true /* global */);
2216 AssertRCReturn(rc, rc);
2217 }
2218
2219 /* Feeling extremely lazy. */
2220# ifdef IN_RC
2221 if ( (oldval & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME))
2222 != (val & (X86_CR4_OSFSXR|X86_CR4_OSXMMEEXCPT|X86_CR4_PCE|X86_CR4_MCE|X86_CR4_PAE|X86_CR4_DE|X86_CR4_TSD|X86_CR4_PVI|X86_CR4_VME)))
2223 {
2224 Log(("emInterpretMovCRx: CR4: %#RX64->%#RX64 => R3\n", oldval, val));
2225 VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
2226 }
2227# endif
2228 if ((val ^ oldval) & X86_CR4_VME)
2229 VMCPU_FF_SET(pVCpu, VMCPU_FF_SELM_SYNC_TSS);
2230
2231 rc2 = PGMChangeMode(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR4(pVCpu), CPUMGetGuestEFER(pVCpu));
2232 return rc2 == VINF_SUCCESS ? rc : rc2;
2233
2234 case USE_REG_CR8:
2235 return PDMApicSetTPR(pVCpu, val << 4); /* cr8 bits 3-0 correspond to bits 7-4 of the task priority mmio register. */
2236
2237 default:
2238 AssertFailed();
2239 case USE_REG_CR1: /* illegal op */
2240 break;
2241 }
2242 return VERR_EM_INTERPRETER;
2243}
2244
2245/**
2246 * Interpret CRx write
2247 *
2248 * @returns VBox status code.
2249 * @param pVM The VM handle.
2250 * @param pVCpu The VMCPU handle.
2251 * @param pRegFrame The register frame.
2252 * @param DestRegCRx CRx register index (USE_REG_CR*)
2253 * @param SrcRegGen General purpose register index (USE_REG_E**))
2254 *
2255 */
2256VMMDECL(int) EMInterpretCRxWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegCrx, uint32_t SrcRegGen)
2257{
2258 uint64_t val;
2259 int rc;
2260
2261 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2262 {
2263 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2264 }
2265 else
2266 {
2267 uint32_t val32;
2268 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2269 val = val32;
2270 }
2271
2272 if (RT_SUCCESS(rc))
2273 return emUpdateCRx(pVM, pVCpu, pRegFrame, DestRegCrx, val);
2274
2275 return VERR_EM_INTERPRETER;
2276}
2277
2278/**
2279 * Interpret LMSW
2280 *
2281 * @returns VBox status code.
2282 * @param pVM The VM handle.
2283 * @param pVCpu The VMCPU handle.
2284 * @param pRegFrame The register frame.
2285 * @param u16Data LMSW source data.
2286 *
2287 */
2288VMMDECL(int) EMInterpretLMSW(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint16_t u16Data)
2289{
2290 uint64_t OldCr0 = CPUMGetGuestCR0(pVCpu);
2291
2292 /* Only PE, MP, EM and TS can be changed; note that PE can't be cleared by this instruction. */
2293 uint64_t NewCr0 = ( OldCr0 & ~( X86_CR0_MP | X86_CR0_EM | X86_CR0_TS))
2294 | (u16Data & (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS));
2295
2296 return emUpdateCRx(pVM, pVCpu, pRegFrame, USE_REG_CR0, NewCr0);
2297}
2298
2299/**
2300 * LMSW Emulation.
2301 */
2302static int emInterpretLmsw(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2303{
2304 OP_PARAMVAL param1;
2305 uint32_t val;
2306
2307 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2308 if(RT_FAILURE(rc))
2309 return VERR_EM_INTERPRETER;
2310
2311 switch(param1.type)
2312 {
2313 case PARMTYPE_IMMEDIATE:
2314 case PARMTYPE_ADDRESS:
2315 if(!(param1.flags & PARAM_VAL16))
2316 return VERR_EM_INTERPRETER;
2317 val = param1.val.val32;
2318 break;
2319
2320 default:
2321 return VERR_EM_INTERPRETER;
2322 }
2323
2324 LogFlow(("emInterpretLmsw %x\n", val));
2325 return EMInterpretLMSW(pVM, pVCpu, pRegFrame, val);
2326}
2327
2328#ifdef EM_EMULATE_SMSW
2329/**
2330 * SMSW Emulation.
2331 */
2332static int emInterpretSmsw(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2333{
2334 OP_PARAMVAL param1;
2335 uint64_t cr0 = CPUMGetGuestCR0(pVCpu);
2336
2337 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2338 if(RT_FAILURE(rc))
2339 return VERR_EM_INTERPRETER;
2340
2341 switch(param1.type)
2342 {
2343 case PARMTYPE_IMMEDIATE:
2344 if(param1.size != sizeof(uint16_t))
2345 return VERR_EM_INTERPRETER;
2346 LogFlow(("emInterpretSmsw %d <- cr0 (%x)\n", pDis->param1.base.reg_gen, cr0));
2347 rc = DISWriteReg16(pRegFrame, pDis->param1.base.reg_gen, cr0);
2348 break;
2349
2350 case PARMTYPE_ADDRESS:
2351 {
2352 RTGCPTR pParam1;
2353
2354 /* Actually forced to 16 bits regardless of the operand size. */
2355 if(param1.size != sizeof(uint16_t))
2356 return VERR_EM_INTERPRETER;
2357
2358 pParam1 = (RTGCPTR)param1.val.val64;
2359 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, pParam1);
2360 LogFlow(("emInterpretSmsw %VGv <- cr0 (%x)\n", pParam1, cr0));
2361
2362 rc = emRamWrite(pVM, pVCpu, pRegFrame, pParam1, &cr0, sizeof(uint16_t));
2363 if (RT_FAILURE(rc))
2364 {
2365 AssertMsgFailed(("emRamWrite %RGv size=%d failed with %Rrc\n", pParam1, param1.size, rc));
2366 return VERR_EM_INTERPRETER;
2367 }
2368 break;
2369 }
2370
2371 default:
2372 return VERR_EM_INTERPRETER;
2373 }
2374
2375 LogFlow(("emInterpretSmsw %x\n", cr0));
2376 return rc;
2377}
2378#endif
2379
2380/**
2381 * MOV CRx
2382 */
2383static int emInterpretMovCRx(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2384{
2385 if ((pDis->param1.flags == USE_REG_GEN32 || pDis->param1.flags == USE_REG_GEN64) && pDis->param2.flags == USE_REG_CR)
2386 return EMInterpretCRxRead(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_gen, pDis->param2.base.reg_ctrl);
2387
2388 if (pDis->param1.flags == USE_REG_CR && (pDis->param2.flags == USE_REG_GEN32 || pDis->param2.flags == USE_REG_GEN64))
2389 return EMInterpretCRxWrite(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_ctrl, pDis->param2.base.reg_gen);
2390
2391 AssertMsgFailedReturn(("Unexpected control register move\n"), VERR_EM_INTERPRETER);
2392 return VERR_EM_INTERPRETER;
2393}
2394
2395
2396/**
2397 * Interpret DRx write
2398 *
2399 * @returns VBox status code.
2400 * @param pVM The VM handle.
2401 * @param pVCpu The VMCPU handle.
2402 * @param pRegFrame The register frame.
2403 * @param DestRegDRx DRx register index (USE_REG_DR*)
2404 * @param SrcRegGen General purpose register index (USE_REG_E**))
2405 *
2406 */
2407VMMDECL(int) EMInterpretDRxWrite(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegDrx, uint32_t SrcRegGen)
2408{
2409 uint64_t val;
2410 int rc;
2411
2412 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2413 {
2414 rc = DISFetchReg64(pRegFrame, SrcRegGen, &val);
2415 }
2416 else
2417 {
2418 uint32_t val32;
2419 rc = DISFetchReg32(pRegFrame, SrcRegGen, &val32);
2420 val = val32;
2421 }
2422
2423 if (RT_SUCCESS(rc))
2424 {
2425 /** @todo we don't fail if illegal bits are set/cleared for e.g. dr7 */
2426 rc = CPUMSetGuestDRx(pVCpu, DestRegDrx, val);
2427 if (RT_SUCCESS(rc))
2428 return rc;
2429 AssertMsgFailed(("CPUMSetGuestDRx %d failed\n", DestRegDrx));
2430 }
2431 return VERR_EM_INTERPRETER;
2432}
2433
2434
2435/**
2436 * Interpret DRx read
2437 *
2438 * @returns VBox status code.
2439 * @param pVM The VM handle.
2440 * @param pVCpu The VMCPU handle.
2441 * @param pRegFrame The register frame.
2442 * @param DestRegGen General purpose register index (USE_REG_E**))
2443 * @param SrcRegDRx DRx register index (USE_REG_DR*)
2444 *
2445 */
2446VMMDECL(int) EMInterpretDRxRead(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, uint32_t DestRegGen, uint32_t SrcRegDrx)
2447{
2448 uint64_t val64;
2449
2450 int rc = CPUMGetGuestDRx(pVCpu, SrcRegDrx, &val64);
2451 AssertMsgRCReturn(rc, ("CPUMGetGuestDRx %d failed\n", SrcRegDrx), VERR_EM_INTERPRETER);
2452 if (CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
2453 {
2454 rc = DISWriteReg64(pRegFrame, DestRegGen, val64);
2455 }
2456 else
2457 rc = DISWriteReg32(pRegFrame, DestRegGen, (uint32_t)val64);
2458
2459 if (RT_SUCCESS(rc))
2460 return VINF_SUCCESS;
2461
2462 return VERR_EM_INTERPRETER;
2463}
2464
2465
2466/**
2467 * MOV DRx
2468 */
2469static int emInterpretMovDRx(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2470{
2471 int rc = VERR_EM_INTERPRETER;
2472
2473 if((pDis->param1.flags == USE_REG_GEN32 || pDis->param1.flags == USE_REG_GEN64) && pDis->param2.flags == USE_REG_DBG)
2474 {
2475 rc = EMInterpretDRxRead(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_gen, pDis->param2.base.reg_dbg);
2476 }
2477 else
2478 if(pDis->param1.flags == USE_REG_DBG && (pDis->param2.flags == USE_REG_GEN32 || pDis->param2.flags == USE_REG_GEN64))
2479 {
2480 rc = EMInterpretDRxWrite(pVM, pVCpu, pRegFrame, pDis->param1.base.reg_dbg, pDis->param2.base.reg_gen);
2481 }
2482 else
2483 AssertMsgFailed(("Unexpected debug register move\n"));
2484
2485 return rc;
2486}
2487
2488
2489/**
2490 * LLDT Emulation.
2491 */
2492static int emInterpretLLdt(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2493{
2494 OP_PARAMVAL param1;
2495 RTSEL sel;
2496
2497 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2498 if(RT_FAILURE(rc))
2499 return VERR_EM_INTERPRETER;
2500
2501 switch(param1.type)
2502 {
2503 case PARMTYPE_ADDRESS:
2504 return VERR_EM_INTERPRETER; //feeling lazy right now
2505
2506 case PARMTYPE_IMMEDIATE:
2507 if(!(param1.flags & PARAM_VAL16))
2508 return VERR_EM_INTERPRETER;
2509 sel = (RTSEL)param1.val.val16;
2510 break;
2511
2512 default:
2513 return VERR_EM_INTERPRETER;
2514 }
2515
2516#ifdef IN_RING0
2517 /* Only for the VT-x real-mode emulation case. */
2518 AssertReturn(CPUMIsGuestInRealMode(pVCpu), VERR_EM_INTERPRETER);
2519 CPUMSetGuestLDTR(pVCpu, sel);
2520 return VINF_SUCCESS;
2521#else
2522 if (sel == 0)
2523 {
2524 if (CPUMGetHyperLDTR(pVCpu) == 0)
2525 {
2526 // this simple case is most frequent in Windows 2000 (31k - boot & shutdown)
2527 return VINF_SUCCESS;
2528 }
2529 }
2530 //still feeling lazy
2531 return VERR_EM_INTERPRETER;
2532#endif
2533}
2534
2535#ifdef IN_RING0
2536/**
2537 * LIDT/LGDT Emulation.
2538 */
2539static int emInterpretLIGdt(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2540{
2541 OP_PARAMVAL param1;
2542 RTGCPTR pParam1;
2543 X86XDTR32 dtr32;
2544
2545 Log(("Emulate %s at %RGv\n", emGetMnemonic(pDis), (RTGCPTR)pRegFrame->rip));
2546
2547 /* Only for the VT-x real-mode emulation case. */
2548 AssertReturn(CPUMIsGuestInRealMode(pVCpu), VERR_EM_INTERPRETER);
2549
2550 int rc = DISQueryParamVal(pRegFrame, pDis, &pDis->param1, &param1, PARAM_SOURCE);
2551 if(RT_FAILURE(rc))
2552 return VERR_EM_INTERPRETER;
2553
2554 switch(param1.type)
2555 {
2556 case PARMTYPE_ADDRESS:
2557 pParam1 = emConvertToFlatAddr(pVM, pRegFrame, pDis, &pDis->param1, param1.val.val16);
2558 break;
2559
2560 default:
2561 return VERR_EM_INTERPRETER;
2562 }
2563
2564 rc = emRamRead(pVM, pVCpu, pRegFrame, &dtr32, pParam1, sizeof(dtr32));
2565 AssertRCReturn(rc, VERR_EM_INTERPRETER);
2566
2567 if (!(pDis->prefix & PREFIX_OPSIZE))
2568 dtr32.uAddr &= 0xffffff; /* 16 bits operand size */
2569
2570 if (pDis->pCurInstr->opcode == OP_LIDT)
2571 CPUMSetGuestIDTR(pVCpu, dtr32.uAddr, dtr32.cb);
2572 else
2573 CPUMSetGuestGDTR(pVCpu, dtr32.uAddr, dtr32.cb);
2574
2575 return VINF_SUCCESS;
2576}
2577#endif
2578
2579
2580#ifdef IN_RC
2581/**
2582 * STI Emulation.
2583 *
2584 * @remark the instruction following sti is guaranteed to be executed before any interrupts are dispatched
2585 */
2586static int emInterpretSti(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2587{
2588 PPATMGCSTATE pGCState = PATMQueryGCState(pVM);
2589
2590 if(!pGCState)
2591 {
2592 Assert(pGCState);
2593 return VERR_EM_INTERPRETER;
2594 }
2595 pGCState->uVMFlags |= X86_EFL_IF;
2596
2597 Assert(pRegFrame->eflags.u32 & X86_EFL_IF);
2598 Assert(pvFault == SELMToFlat(pVM, DIS_SELREG_CS, pRegFrame, (RTGCPTR)pRegFrame->rip));
2599
2600 pVCpu->em.s.GCPtrInhibitInterrupts = pRegFrame->eip + pDis->opsize;
2601 VMCPU_FF_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
2602
2603 return VINF_SUCCESS;
2604}
2605#endif /* IN_RC */
2606
2607
2608/**
2609 * HLT Emulation.
2610 */
2611static int emInterpretHlt(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2612{
2613 return VINF_EM_HALT;
2614}
2615
2616
2617/**
2618 * Interpret RDTSC
2619 *
2620 * @returns VBox status code.
2621 * @param pVM The VM handle.
2622 * @param pVCpu The VMCPU handle.
2623 * @param pRegFrame The register frame.
2624 *
2625 */
2626VMMDECL(int) EMInterpretRdtsc(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2627{
2628 unsigned uCR4 = CPUMGetGuestCR4(pVCpu);
2629
2630 if (uCR4 & X86_CR4_TSD)
2631 return VERR_EM_INTERPRETER; /* genuine #GP */
2632
2633 uint64_t uTicks = TMCpuTickGet(pVCpu);
2634
2635 /* Same behaviour in 32 & 64 bits mode */
2636 pRegFrame->rax = (uint32_t)uTicks;
2637 pRegFrame->rdx = (uTicks >> 32ULL);
2638
2639 return VINF_SUCCESS;
2640}
2641
2642/**
2643 * Interpret RDTSCP
2644 *
2645 * @returns VBox status code.
2646 * @param pVM The VM handle.
2647 * @param pVCpu The VMCPU handle.
2648 * @param pCtx The CPU context.
2649 *
2650 */
2651VMMDECL(int) EMInterpretRdtscp(PVM pVM, PVMCPU pVCpu, PCPUMCTX pCtx)
2652{
2653 unsigned uCR4 = CPUMGetGuestCR4(pVCpu);
2654
2655 if (!CPUMGetGuestCpuIdFeature(pVM, CPUMCPUIDFEATURE_RDTSCP))
2656 {
2657 AssertFailed();
2658 return VERR_EM_INTERPRETER; /* genuine #UD */
2659 }
2660
2661 if (uCR4 & X86_CR4_TSD)
2662 return VERR_EM_INTERPRETER; /* genuine #GP */
2663
2664 uint64_t uTicks = TMCpuTickGet(pVCpu);
2665
2666 /* Same behaviour in 32 & 64 bits mode */
2667 pCtx->rax = (uint32_t)uTicks;
2668 pCtx->rdx = (uTicks >> 32ULL);
2669 /* Low dword of the TSC_AUX msr only. */
2670 pCtx->rcx = (uint32_t)CPUMGetGuestMsr(pVCpu, MSR_K8_TSC_AUX);
2671
2672 return VINF_SUCCESS;
2673}
2674
2675/**
2676 * RDTSC Emulation.
2677 */
2678static int emInterpretRdtsc(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2679{
2680 return EMInterpretRdtsc(pVM, pVCpu, pRegFrame);
2681}
2682
2683/**
2684 * Interpret RDPMC
2685 *
2686 * @returns VBox status code.
2687 * @param pVM The VM handle.
2688 * @param pVCpu The VMCPU handle.
2689 * @param pRegFrame The register frame.
2690 *
2691 */
2692VMMDECL(int) EMInterpretRdpmc(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2693{
2694 unsigned uCR4 = CPUMGetGuestCR4(pVCpu);
2695
2696 /* If X86_CR4_PCE is not set, then CPL must be zero. */
2697 if ( !(uCR4 & X86_CR4_PCE)
2698 && CPUMGetGuestCPL(pVCpu, pRegFrame) != 0)
2699 {
2700 Assert(CPUMGetGuestCR0(pVCpu) & X86_CR0_PE);
2701 return VERR_EM_INTERPRETER; /* genuine #GP */
2702 }
2703
2704 /* Just return zero here; rather tricky to properly emulate this, especially as the specs are a mess. */
2705 pRegFrame->rax = 0;
2706 pRegFrame->rdx = 0;
2707 /* @todo We should trigger a #GP here if the cpu doesn't support the index in ecx. */
2708 return VINF_SUCCESS;
2709}
2710
2711/**
2712 * RDPMC Emulation
2713 */
2714static int emInterpretRdpmc(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2715{
2716 return EMInterpretRdpmc(pVM, pVCpu, pRegFrame);
2717}
2718
2719/**
2720 * MONITOR Emulation.
2721 */
2722static int emInterpretMonitor(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2723{
2724 uint32_t u32Dummy, u32ExtFeatures, cpl;
2725
2726 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
2727 if (pRegFrame->ecx != 0)
2728 return VERR_EM_INTERPRETER; /* illegal value. */
2729
2730 /* Get the current privilege level. */
2731 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
2732 if (cpl != 0)
2733 return VERR_EM_INTERPRETER; /* supervisor only */
2734
2735 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2736 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2737 return VERR_EM_INTERPRETER; /* not supported */
2738
2739 return VINF_SUCCESS;
2740}
2741
2742
2743/**
2744 * MWAIT Emulation.
2745 */
2746VMMDECL(int) EMInterpretMWait(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2747{
2748 uint32_t u32Dummy, u32ExtFeatures, cpl;
2749
2750 /* @todo bit 1 is supposed to tell the cpu to wake us up on interrupts even if IF is cleared.
2751 * Not sure which models. Intel docs say ecx and eax must be zero for Pentium 4 CPUs
2752 * CPUID.05H.ECX[0] defines support for power management extensions (eax)
2753 */
2754 if (pRegFrame->ecx != 0)
2755 return VERR_EM_INTERPRETER; /* illegal value. */
2756
2757 /* Get the current privilege level. */
2758 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
2759 if (cpl != 0)
2760 return VERR_EM_INTERPRETER; /* supervisor only */
2761
2762 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32ExtFeatures, &u32Dummy);
2763 if (!(u32ExtFeatures & X86_CPUID_FEATURE_ECX_MONITOR))
2764 return VERR_EM_INTERPRETER; /* not supported */
2765
2766 /** @todo not completely correct */
2767 return VINF_EM_HALT;
2768}
2769
2770static int emInterpretMWait(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2771{
2772 Assert(pDis->mode != CPUMODE_64BIT); /** @todo check */
2773
2774 return EMInterpretMWait(pVM, pVCpu, pRegFrame);
2775}
2776
2777
2778#ifdef LOG_ENABLED
2779static const char *emMSRtoString(uint32_t uMsr)
2780{
2781 switch (uMsr)
2782 {
2783 case MSR_IA32_APICBASE:
2784 return "MSR_IA32_APICBASE";
2785 case MSR_IA32_CR_PAT:
2786 return "MSR_IA32_CR_PAT";
2787 case MSR_IA32_SYSENTER_CS:
2788 return "MSR_IA32_SYSENTER_CS";
2789 case MSR_IA32_SYSENTER_EIP:
2790 return "MSR_IA32_SYSENTER_EIP";
2791 case MSR_IA32_SYSENTER_ESP:
2792 return "MSR_IA32_SYSENTER_ESP";
2793 case MSR_K6_EFER:
2794 return "MSR_K6_EFER";
2795 case MSR_K8_SF_MASK:
2796 return "MSR_K8_SF_MASK";
2797 case MSR_K6_STAR:
2798 return "MSR_K6_STAR";
2799 case MSR_K8_LSTAR:
2800 return "MSR_K8_LSTAR";
2801 case MSR_K8_CSTAR:
2802 return "MSR_K8_CSTAR";
2803 case MSR_K8_FS_BASE:
2804 return "MSR_K8_FS_BASE";
2805 case MSR_K8_GS_BASE:
2806 return "MSR_K8_GS_BASE";
2807 case MSR_K8_KERNEL_GS_BASE:
2808 return "MSR_K8_KERNEL_GS_BASE";
2809 case MSR_K8_TSC_AUX:
2810 return "MSR_K8_TSC_AUX";
2811 case MSR_IA32_BIOS_SIGN_ID:
2812 return "Unsupported MSR_IA32_BIOS_SIGN_ID";
2813 case MSR_IA32_PLATFORM_ID:
2814 return "Unsupported MSR_IA32_PLATFORM_ID";
2815 case MSR_IA32_BIOS_UPDT_TRIG:
2816 return "Unsupported MSR_IA32_BIOS_UPDT_TRIG";
2817 case MSR_IA32_TSC:
2818 return "MSR_IA32_TSC";
2819 case MSR_IA32_MTRR_CAP:
2820 return "Unsupported MSR_IA32_MTRR_CAP";
2821 case MSR_IA32_MCP_CAP:
2822 return "Unsupported MSR_IA32_MCP_CAP";
2823 case MSR_IA32_MCP_STATUS:
2824 return "Unsupported MSR_IA32_MCP_STATUS";
2825 case MSR_IA32_MCP_CTRL:
2826 return "Unsupported MSR_IA32_MCP_CTRL";
2827 case MSR_IA32_MTRR_DEF_TYPE:
2828 return "Unsupported MSR_IA32_MTRR_DEF_TYPE";
2829 case MSR_K7_EVNTSEL0:
2830 return "Unsupported MSR_K7_EVNTSEL0";
2831 case MSR_K7_EVNTSEL1:
2832 return "Unsupported MSR_K7_EVNTSEL1";
2833 case MSR_K7_EVNTSEL2:
2834 return "Unsupported MSR_K7_EVNTSEL2";
2835 case MSR_K7_EVNTSEL3:
2836 return "Unsupported MSR_K7_EVNTSEL3";
2837 case MSR_IA32_MC0_CTL:
2838 return "Unsupported MSR_IA32_MC0_CTL";
2839 case MSR_IA32_MC0_STATUS:
2840 return "Unsupported MSR_IA32_MC0_STATUS";
2841 case MSR_IA32_PERFEVTSEL0:
2842 return "Unsupported MSR_IA32_PERFEVTSEL0";
2843 case MSR_IA32_PERFEVTSEL1:
2844 return "Unsupported MSR_IA32_PERFEVTSEL1";
2845 case MSR_IA32_PERF_STATUS:
2846 return "MSR_IA32_PERF_STATUS";
2847 case MSR_IA32_PERF_CTL:
2848 return "Unsupported MSR_IA32_PERF_CTL";
2849 case MSR_K7_PERFCTR0:
2850 return "Unsupported MSR_K7_PERFCTR0";
2851 case MSR_K7_PERFCTR1:
2852 return "Unsupported MSR_K7_PERFCTR1";
2853 case MSR_K7_PERFCTR2:
2854 return "Unsupported MSR_K7_PERFCTR2";
2855 case MSR_K7_PERFCTR3:
2856 return "Unsupported MSR_K7_PERFCTR3";
2857 }
2858 return "Unknown MSR";
2859}
2860#endif /* LOG_ENABLED */
2861
2862
2863/**
2864 * Interpret RDMSR
2865 *
2866 * @returns VBox status code.
2867 * @param pVM The VM handle.
2868 * @param pVCpu The VMCPU handle.
2869 * @param pRegFrame The register frame.
2870 *
2871 */
2872VMMDECL(int) EMInterpretRdmsr(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
2873{
2874 uint32_t u32Dummy, u32Features, cpl;
2875 uint64_t val;
2876 CPUMCTX *pCtx;
2877 int rc = VINF_SUCCESS;
2878
2879 /** @todo According to the Intel manuals, there's a REX version of RDMSR that is slightly different.
2880 * That version clears the high dwords of both RDX & RAX */
2881 pCtx = CPUMQueryGuestCtxPtr(pVCpu);
2882
2883 /* Get the current privilege level. */
2884 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
2885 if (cpl != 0)
2886 return VERR_EM_INTERPRETER; /* supervisor only */
2887
2888 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
2889 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
2890 return VERR_EM_INTERPRETER; /* not supported */
2891
2892 switch (pRegFrame->ecx)
2893 {
2894 case MSR_IA32_TSC:
2895 val = TMCpuTickGet(pVCpu);
2896 break;
2897
2898 case MSR_IA32_APICBASE:
2899 rc = PDMApicGetBase(pVM, &val);
2900 AssertRC(rc);
2901 break;
2902
2903 case MSR_IA32_CR_PAT:
2904 val = pCtx->msrPAT;
2905 break;
2906
2907 case MSR_IA32_SYSENTER_CS:
2908 val = pCtx->SysEnter.cs;
2909 break;
2910
2911 case MSR_IA32_SYSENTER_EIP:
2912 val = pCtx->SysEnter.eip;
2913 break;
2914
2915 case MSR_IA32_SYSENTER_ESP:
2916 val = pCtx->SysEnter.esp;
2917 break;
2918
2919 case MSR_K6_EFER:
2920 val = pCtx->msrEFER;
2921 break;
2922
2923 case MSR_K8_SF_MASK:
2924 val = pCtx->msrSFMASK;
2925 break;
2926
2927 case MSR_K6_STAR:
2928 val = pCtx->msrSTAR;
2929 break;
2930
2931 case MSR_K8_LSTAR:
2932 val = pCtx->msrLSTAR;
2933 break;
2934
2935 case MSR_K8_CSTAR:
2936 val = pCtx->msrCSTAR;
2937 break;
2938
2939 case MSR_K8_FS_BASE:
2940 val = pCtx->fsHid.u64Base;
2941 break;
2942
2943 case MSR_K8_GS_BASE:
2944 val = pCtx->gsHid.u64Base;
2945 break;
2946
2947 case MSR_K8_KERNEL_GS_BASE:
2948 val = pCtx->msrKERNELGSBASE;
2949 break;
2950
2951 case MSR_K8_TSC_AUX:
2952 val = CPUMGetGuestMsr(pVCpu, MSR_K8_TSC_AUX);
2953 break;
2954
2955 case MSR_IA32_PERF_STATUS:
2956 val = CPUMGetGuestMsr(pVCpu, MSR_IA32_PERF_STATUS);
2957 break;
2958
2959#if 0 /*def IN_RING0 */
2960 case MSR_IA32_PLATFORM_ID:
2961 case MSR_IA32_BIOS_SIGN_ID:
2962 if (CPUMGetCPUVendor(pVM) == CPUMCPUVENDOR_INTEL)
2963 {
2964 /* Available since the P6 family. VT-x implies that this feature is present. */
2965 if (pRegFrame->ecx == MSR_IA32_PLATFORM_ID)
2966 val = ASMRdMsr(MSR_IA32_PLATFORM_ID);
2967 else
2968 if (pRegFrame->ecx == MSR_IA32_BIOS_SIGN_ID)
2969 val = ASMRdMsr(MSR_IA32_BIOS_SIGN_ID);
2970 break;
2971 }
2972 /* no break */
2973#endif
2974 default:
2975 /* In X2APIC specification this range is reserved for APIC control. */
2976 if ( pRegFrame->ecx >= MSR_IA32_APIC_START
2977 && pRegFrame->ecx < MSR_IA32_APIC_END)
2978 rc = PDMApicReadMSR(pVM, pVCpu->idCpu, pRegFrame->ecx, &val);
2979 else
2980 /* We should actually trigger a #GP here, but don't as that will cause more trouble. */
2981 val = 0;
2982 break;
2983 }
2984 LogFlow(("EMInterpretRdmsr %s (%x) -> val=%RX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
2985 if (rc == VINF_SUCCESS)
2986 {
2987 pRegFrame->rax = (uint32_t) val;
2988 pRegFrame->rdx = (uint32_t)(val >> 32);
2989 }
2990 return rc;
2991}
2992
2993
2994/**
2995 * RDMSR Emulation.
2996 */
2997static int emInterpretRdmsr(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
2998{
2999 /* Note: the Intel manual claims there's a REX version of RDMSR that's slightly different, so we play safe by completely disassembling the instruction. */
3000 Assert(!(pDis->prefix & PREFIX_REX));
3001 return EMInterpretRdmsr(pVM, pVCpu, pRegFrame);
3002}
3003
3004
3005/**
3006 * Interpret WRMSR
3007 *
3008 * @returns VBox status code.
3009 * @param pVM The VM handle.
3010 * @param pVCpu The VMCPU handle.
3011 * @param pRegFrame The register frame.
3012 */
3013VMMDECL(int) EMInterpretWrmsr(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame)
3014{
3015 uint32_t u32Dummy, u32Features, cpl;
3016 uint64_t val;
3017 CPUMCTX *pCtx;
3018
3019 /* Note: works the same in 32 and 64 bits modes. */
3020 pCtx = CPUMQueryGuestCtxPtr(pVCpu);
3021
3022 /* Get the current privilege level. */
3023 cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
3024 if (cpl != 0)
3025 return VERR_EM_INTERPRETER; /* supervisor only */
3026
3027 CPUMGetGuestCpuId(pVCpu, 1, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
3028 if (!(u32Features & X86_CPUID_FEATURE_EDX_MSR))
3029 return VERR_EM_INTERPRETER; /* not supported */
3030
3031 val = RT_MAKE_U64(pRegFrame->eax, pRegFrame->edx);
3032 LogFlow(("EMInterpretWrmsr %s (%x) val=%RX64\n", emMSRtoString(pRegFrame->ecx), pRegFrame->ecx, val));
3033 switch (pRegFrame->ecx)
3034 {
3035 case MSR_IA32_TSC:
3036 TMCpuTickSet(pVM, pVCpu, val);
3037 break;
3038
3039 case MSR_IA32_APICBASE:
3040 {
3041 int rc = PDMApicSetBase(pVM, val);
3042 AssertRC(rc);
3043 break;
3044 }
3045
3046 case MSR_IA32_CR_PAT:
3047 pCtx->msrPAT = val;
3048 break;
3049
3050 case MSR_IA32_SYSENTER_CS:
3051 pCtx->SysEnter.cs = val & 0xffff; /* 16 bits selector */
3052 break;
3053
3054 case MSR_IA32_SYSENTER_EIP:
3055 pCtx->SysEnter.eip = val;
3056 break;
3057
3058 case MSR_IA32_SYSENTER_ESP:
3059 pCtx->SysEnter.esp = val;
3060 break;
3061
3062 case MSR_K6_EFER:
3063 {
3064 uint64_t uMask = 0;
3065 uint64_t oldval = pCtx->msrEFER;
3066
3067 /* Filter out those bits the guest is allowed to change. (e.g. LMA is read-only) */
3068 CPUMGetGuestCpuId(pVCpu, 0x80000001, &u32Dummy, &u32Dummy, &u32Dummy, &u32Features);
3069 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_NX)
3070 uMask |= MSR_K6_EFER_NXE;
3071 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_LONG_MODE)
3072 uMask |= MSR_K6_EFER_LME;
3073 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_SEP)
3074 uMask |= MSR_K6_EFER_SCE;
3075 if (u32Features & X86_CPUID_AMD_FEATURE_EDX_FFXSR)
3076 uMask |= MSR_K6_EFER_FFXSR;
3077
3078 /* Check for illegal MSR_K6_EFER_LME transitions: not allowed to change LME if paging is enabled. (AMD Arch. Programmer's Manual Volume 2: Table 14-5) */
3079 if ( ((pCtx->msrEFER & MSR_K6_EFER_LME) != (val & uMask & MSR_K6_EFER_LME))
3080 && (pCtx->cr0 & X86_CR0_PG))
3081 {
3082 AssertMsgFailed(("Illegal MSR_K6_EFER_LME change: paging is enabled!!\n"));
3083 return VERR_EM_INTERPRETER; /* @todo generate #GP(0) */
3084 }
3085
3086 /* There are a few more: e.g. MSR_K6_EFER_LMSLE */
3087 AssertMsg(!(val & ~(MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA /* ignored anyway */ |MSR_K6_EFER_SCE|MSR_K6_EFER_FFXSR)), ("Unexpected value %RX64\n", val));
3088 pCtx->msrEFER = (pCtx->msrEFER & ~uMask) | (val & uMask);
3089
3090 /* AMD64 Architecture Programmer's Manual: 15.15 TLB Control; flush the TLB if MSR_K6_EFER_NXE, MSR_K6_EFER_LME or MSR_K6_EFER_LMA are changed. */
3091 if ((oldval & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)) != (pCtx->msrEFER & (MSR_K6_EFER_NXE|MSR_K6_EFER_LME|MSR_K6_EFER_LMA)))
3092 HWACCMFlushTLB(pVCpu);
3093
3094 break;
3095 }
3096
3097 case MSR_K8_SF_MASK:
3098 pCtx->msrSFMASK = val;
3099 break;
3100
3101 case MSR_K6_STAR:
3102 pCtx->msrSTAR = val;
3103 break;
3104
3105 case MSR_K8_LSTAR:
3106 pCtx->msrLSTAR = val;
3107 break;
3108
3109 case MSR_K8_CSTAR:
3110 pCtx->msrCSTAR = val;
3111 break;
3112
3113 case MSR_K8_FS_BASE:
3114 pCtx->fsHid.u64Base = val;
3115 break;
3116
3117 case MSR_K8_GS_BASE:
3118 pCtx->gsHid.u64Base = val;
3119 break;
3120
3121 case MSR_K8_KERNEL_GS_BASE:
3122 pCtx->msrKERNELGSBASE = val;
3123 break;
3124
3125 case MSR_K8_TSC_AUX:
3126 CPUMSetGuestMsr(pVCpu, MSR_K8_TSC_AUX, val);
3127 break;
3128
3129 default:
3130 /* In X2APIC specification this range is reserved for APIC control. */
3131 if ( pRegFrame->ecx >= MSR_IA32_APIC_START
3132 && pRegFrame->ecx < MSR_IA32_APIC_END)
3133 return PDMApicWriteMSR(pVM, pVCpu->idCpu, pRegFrame->ecx, val);
3134
3135 /* We should actually trigger a #GP here, but don't as that might cause more trouble. */
3136 break;
3137 }
3138 return VINF_SUCCESS;
3139}
3140
3141
3142/**
3143 * WRMSR Emulation.
3144 */
3145static int emInterpretWrmsr(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
3146{
3147 return EMInterpretWrmsr(pVM, pVCpu, pRegFrame);
3148}
3149
3150
3151/**
3152 * Internal worker.
3153 * @copydoc EMInterpretInstructionCPU
3154 */
3155DECLINLINE(int) emInterpretInstructionCPU(PVM pVM, PVMCPU pVCpu, PDISCPUSTATE pDis, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, uint32_t *pcbSize)
3156{
3157 Assert(pcbSize);
3158 *pcbSize = 0;
3159
3160 /*
3161 * Only supervisor guest code!!
3162 * And no complicated prefixes.
3163 */
3164 /* Get the current privilege level. */
3165 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pRegFrame);
3166 if ( cpl != 0
3167 && pDis->pCurInstr->opcode != OP_RDTSC) /* rdtsc requires emulation in ring 3 as well */
3168 {
3169 Log(("WARNING: refusing instruction emulation for user-mode code!!\n"));
3170 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedUserMode));
3171 return VERR_EM_INTERPRETER;
3172 }
3173
3174#ifdef IN_RC
3175 if ( (pDis->prefix & (PREFIX_REPNE | PREFIX_REP))
3176 || ( (pDis->prefix & PREFIX_LOCK)
3177 && pDis->pCurInstr->opcode != OP_CMPXCHG
3178 && pDis->pCurInstr->opcode != OP_CMPXCHG8B
3179 && pDis->pCurInstr->opcode != OP_XADD
3180 && pDis->pCurInstr->opcode != OP_OR
3181 && pDis->pCurInstr->opcode != OP_AND
3182 && pDis->pCurInstr->opcode != OP_XOR
3183 && pDis->pCurInstr->opcode != OP_BTR
3184 )
3185 )
3186#else
3187 if ( (pDis->prefix & PREFIX_REPNE)
3188 || ( (pDis->prefix & PREFIX_REP)
3189 && pDis->pCurInstr->opcode != OP_STOSWD
3190 )
3191 || ( (pDis->prefix & PREFIX_LOCK)
3192 && pDis->pCurInstr->opcode != OP_OR
3193 && pDis->pCurInstr->opcode != OP_AND
3194 && pDis->pCurInstr->opcode != OP_XOR
3195 && pDis->pCurInstr->opcode != OP_BTR
3196 && pDis->pCurInstr->opcode != OP_CMPXCHG
3197 && pDis->pCurInstr->opcode != OP_CMPXCHG8B
3198 )
3199 )
3200#endif
3201 {
3202 //Log(("EMInterpretInstruction: wrong prefix!!\n"));
3203 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedPrefix));
3204 return VERR_EM_INTERPRETER;
3205 }
3206
3207#if HC_ARCH_BITS == 32
3208 /*
3209 * Unable to emulate most >4 bytes accesses in 32 bits mode.
3210 * Whitelisted instructions are safe.
3211 */
3212 if ( pDis->param1.size > 4
3213 && CPUMIsGuestIn64BitCode(pVCpu, pRegFrame))
3214 {
3215 uint32_t uOpCode = pDis->pCurInstr->opcode;
3216 if ( uOpCode != OP_STOSWD
3217 && uOpCode != OP_MOV
3218 && uOpCode != OP_CMPXCHG8B
3219 && uOpCode != OP_XCHG
3220 && uOpCode != OP_BTS
3221 && uOpCode != OP_BTR
3222 && uOpCode != OP_BTC
3223# ifdef VBOX_WITH_HYBRID_32BIT_KERNEL_IN_R0
3224 && uOpCode != OP_CMPXCHG /* solaris */
3225 && uOpCode != OP_AND /* windows */
3226 && uOpCode != OP_OR /* windows */
3227 && uOpCode != OP_XOR /* because we can */
3228 && uOpCode != OP_ADD /* windows (dripple) */
3229 && uOpCode != OP_ADC /* because we can */
3230 && uOpCode != OP_SUB /* because we can */
3231 /** @todo OP_BTS or is that a different kind of failure? */
3232# endif
3233 )
3234 {
3235# ifdef VBOX_WITH_STATISTICS
3236 switch (pDis->pCurInstr->opcode)
3237 {
3238# define INTERPRET_FAILED_CASE(opcode, Instr) \
3239 case opcode: STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); break;
3240 INTERPRET_FAILED_CASE(OP_XCHG,Xchg);
3241 INTERPRET_FAILED_CASE(OP_DEC,Dec);
3242 INTERPRET_FAILED_CASE(OP_INC,Inc);
3243 INTERPRET_FAILED_CASE(OP_POP,Pop);
3244 INTERPRET_FAILED_CASE(OP_OR, Or);
3245 INTERPRET_FAILED_CASE(OP_XOR,Xor);
3246 INTERPRET_FAILED_CASE(OP_AND,And);
3247 INTERPRET_FAILED_CASE(OP_MOV,Mov);
3248 INTERPRET_FAILED_CASE(OP_STOSWD,StosWD);
3249 INTERPRET_FAILED_CASE(OP_INVLPG,InvlPg);
3250 INTERPRET_FAILED_CASE(OP_CPUID,CpuId);
3251 INTERPRET_FAILED_CASE(OP_MOV_CR,MovCRx);
3252 INTERPRET_FAILED_CASE(OP_MOV_DR,MovDRx);
3253 INTERPRET_FAILED_CASE(OP_LLDT,LLdt);
3254 INTERPRET_FAILED_CASE(OP_LIDT,LIdt);
3255 INTERPRET_FAILED_CASE(OP_LGDT,LGdt);
3256 INTERPRET_FAILED_CASE(OP_LMSW,Lmsw);
3257 INTERPRET_FAILED_CASE(OP_CLTS,Clts);
3258 INTERPRET_FAILED_CASE(OP_MONITOR,Monitor);
3259 INTERPRET_FAILED_CASE(OP_MWAIT,MWait);
3260 INTERPRET_FAILED_CASE(OP_RDMSR,Rdmsr);
3261 INTERPRET_FAILED_CASE(OP_WRMSR,Wrmsr);
3262 INTERPRET_FAILED_CASE(OP_ADD,Add);
3263 INTERPRET_FAILED_CASE(OP_SUB,Sub);
3264 INTERPRET_FAILED_CASE(OP_ADC,Adc);
3265 INTERPRET_FAILED_CASE(OP_BTR,Btr);
3266 INTERPRET_FAILED_CASE(OP_BTS,Bts);
3267 INTERPRET_FAILED_CASE(OP_BTC,Btc);
3268 INTERPRET_FAILED_CASE(OP_RDTSC,Rdtsc);
3269 INTERPRET_FAILED_CASE(OP_CMPXCHG, CmpXchg);
3270 INTERPRET_FAILED_CASE(OP_STI, Sti);
3271 INTERPRET_FAILED_CASE(OP_XADD,XAdd);
3272 INTERPRET_FAILED_CASE(OP_CMPXCHG8B,CmpXchg8b);
3273 INTERPRET_FAILED_CASE(OP_HLT, Hlt);
3274 INTERPRET_FAILED_CASE(OP_IRET,Iret);
3275 INTERPRET_FAILED_CASE(OP_WBINVD,WbInvd);
3276 INTERPRET_FAILED_CASE(OP_MOVNTPS,MovNTPS);
3277# undef INTERPRET_FAILED_CASE
3278 default:
3279 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedMisc));
3280 break;
3281 }
3282# endif /* VBOX_WITH_STATISTICS */
3283 return VERR_EM_INTERPRETER;
3284 }
3285 }
3286#endif
3287
3288 int rc;
3289#if (defined(VBOX_STRICT) || defined(LOG_ENABLED))
3290 LogFlow(("emInterpretInstructionCPU %s\n", emGetMnemonic(pDis)));
3291#endif
3292 switch (pDis->pCurInstr->opcode)
3293 {
3294 /*
3295 * Macros for generating the right case statements.
3296 */
3297# define INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
3298 case opcode:\
3299 if (pDis->prefix & PREFIX_LOCK) \
3300 rc = emInterpretLock##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, pfnEmulateLock); \
3301 else \
3302 rc = emInterpret##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, pfnEmulate); \
3303 if (RT_SUCCESS(rc)) \
3304 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3305 else \
3306 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3307 return rc
3308#define INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate) \
3309 case opcode:\
3310 rc = emInterpret##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize, pfnEmulate); \
3311 if (RT_SUCCESS(rc)) \
3312 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3313 else \
3314 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3315 return rc
3316
3317#define INTERPRET_CASE_EX_PARAM2(opcode, Instr, InstrFn, pfnEmulate) \
3318 INTERPRET_CASE_EX_PARAM3(opcode, Instr, InstrFn, pfnEmulate)
3319#define INTERPRET_CASE_EX_LOCK_PARAM2(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock) \
3320 INTERPRET_CASE_EX_LOCK_PARAM3(opcode, Instr, InstrFn, pfnEmulate, pfnEmulateLock)
3321
3322#define INTERPRET_CASE(opcode, Instr) \
3323 case opcode:\
3324 rc = emInterpret##Instr(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize); \
3325 if (RT_SUCCESS(rc)) \
3326 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3327 else \
3328 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3329 return rc
3330
3331#define INTERPRET_CASE_EX_DUAL_PARAM2(opcode, Instr, InstrFn) \
3332 case opcode:\
3333 rc = emInterpret##InstrFn(pVM, pVCpu, pDis, pRegFrame, pvFault, pcbSize); \
3334 if (RT_SUCCESS(rc)) \
3335 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Instr)); \
3336 else \
3337 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); \
3338 return rc
3339
3340#define INTERPRET_STAT_CASE(opcode, Instr) \
3341 case opcode: STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,Failed##Instr)); return VERR_EM_INTERPRETER;
3342
3343 /*
3344 * The actual case statements.
3345 */
3346 INTERPRET_CASE(OP_XCHG,Xchg);
3347 INTERPRET_CASE_EX_PARAM2(OP_DEC,Dec, IncDec, EMEmulateDec);
3348 INTERPRET_CASE_EX_PARAM2(OP_INC,Inc, IncDec, EMEmulateInc);
3349 INTERPRET_CASE(OP_POP,Pop);
3350 INTERPRET_CASE_EX_LOCK_PARAM3(OP_OR, Or, OrXorAnd, EMEmulateOr, EMEmulateLockOr);
3351 INTERPRET_CASE_EX_LOCK_PARAM3(OP_XOR,Xor, OrXorAnd, EMEmulateXor, EMEmulateLockXor);
3352 INTERPRET_CASE_EX_LOCK_PARAM3(OP_AND,And, OrXorAnd, EMEmulateAnd, EMEmulateLockAnd);
3353 INTERPRET_CASE(OP_MOV,Mov);
3354#ifndef IN_RC
3355 INTERPRET_CASE(OP_STOSWD,StosWD);
3356#endif
3357 INTERPRET_CASE(OP_INVLPG,InvlPg);
3358 INTERPRET_CASE(OP_CPUID,CpuId);
3359 INTERPRET_CASE(OP_MOV_CR,MovCRx);
3360 INTERPRET_CASE(OP_MOV_DR,MovDRx);
3361#ifdef IN_RING0
3362 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LIDT, LIdt, LIGdt);
3363 INTERPRET_CASE_EX_DUAL_PARAM2(OP_LGDT, LGdt, LIGdt);
3364#endif
3365 INTERPRET_CASE(OP_LLDT,LLdt);
3366 INTERPRET_CASE(OP_LMSW,Lmsw);
3367#ifdef EM_EMULATE_SMSW
3368 INTERPRET_CASE(OP_SMSW,Smsw);
3369#endif
3370 INTERPRET_CASE(OP_CLTS,Clts);
3371 INTERPRET_CASE(OP_MONITOR, Monitor);
3372 INTERPRET_CASE(OP_MWAIT, MWait);
3373 INTERPRET_CASE(OP_RDMSR, Rdmsr);
3374 INTERPRET_CASE(OP_WRMSR, Wrmsr);
3375 INTERPRET_CASE_EX_PARAM3(OP_ADD,Add, AddSub, EMEmulateAdd);
3376 INTERPRET_CASE_EX_PARAM3(OP_SUB,Sub, AddSub, EMEmulateSub);
3377 INTERPRET_CASE(OP_ADC,Adc);
3378 INTERPRET_CASE_EX_LOCK_PARAM2(OP_BTR,Btr, BitTest, EMEmulateBtr, EMEmulateLockBtr);
3379 INTERPRET_CASE_EX_PARAM2(OP_BTS,Bts, BitTest, EMEmulateBts);
3380 INTERPRET_CASE_EX_PARAM2(OP_BTC,Btc, BitTest, EMEmulateBtc);
3381 INTERPRET_CASE(OP_RDPMC,Rdpmc);
3382 INTERPRET_CASE(OP_RDTSC,Rdtsc);
3383 INTERPRET_CASE(OP_CMPXCHG, CmpXchg);
3384#ifdef IN_RC
3385 INTERPRET_CASE(OP_STI,Sti);
3386 INTERPRET_CASE(OP_XADD, XAdd);
3387#endif
3388 INTERPRET_CASE(OP_CMPXCHG8B, CmpXchg8b);
3389 INTERPRET_CASE(OP_HLT,Hlt);
3390 INTERPRET_CASE(OP_IRET,Iret);
3391 INTERPRET_CASE(OP_WBINVD,WbInvd);
3392#ifdef VBOX_WITH_STATISTICS
3393# ifndef IN_RC
3394 INTERPRET_STAT_CASE(OP_XADD, XAdd);
3395# endif
3396 INTERPRET_STAT_CASE(OP_MOVNTPS,MovNTPS);
3397#endif
3398
3399 default:
3400 Log3(("emInterpretInstructionCPU: opcode=%d\n", pDis->pCurInstr->opcode));
3401 STAM_COUNTER_INC(&pVCpu->em.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FailedMisc));
3402 return VERR_EM_INTERPRETER;
3403
3404#undef INTERPRET_CASE_EX_PARAM2
3405#undef INTERPRET_STAT_CASE
3406#undef INTERPRET_CASE_EX
3407#undef INTERPRET_CASE
3408 } /* switch (opcode) */
3409 AssertFailed();
3410 return VERR_INTERNAL_ERROR;
3411}
3412
3413
3414/**
3415 * Sets the PC for which interrupts should be inhibited.
3416 *
3417 * @param pVCpu The VMCPU handle.
3418 * @param PC The PC.
3419 */
3420VMMDECL(void) EMSetInhibitInterruptsPC(PVMCPU pVCpu, RTGCUINTPTR PC)
3421{
3422 pVCpu->em.s.GCPtrInhibitInterrupts = PC;
3423 VMCPU_FF_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS);
3424}
3425
3426
3427/**
3428 * Gets the PC for which interrupts should be inhibited.
3429 *
3430 * There are a few instructions which inhibits or delays interrupts
3431 * for the instruction following them. These instructions are:
3432 * - STI
3433 * - MOV SS, r/m16
3434 * - POP SS
3435 *
3436 * @returns The PC for which interrupts should be inhibited.
3437 * @param pVCpu The VMCPU handle.
3438 *
3439 */
3440VMMDECL(RTGCUINTPTR) EMGetInhibitInterruptsPC(PVMCPU pVCpu)
3441{
3442 return pVCpu->em.s.GCPtrInhibitInterrupts;
3443}
3444
3445/**
3446 * Locks REM execution to a single VCpu
3447 *
3448 * @param pVM VM handle.
3449 */
3450VMMDECL(void) EMRemLock(PVM pVM)
3451{
3452 if (!PDMCritSectIsInitialized(&pVM->em.s.CritSectREM))
3453 return; /* early init */
3454
3455 Assert(!PGMIsLockOwner(pVM) && !IOMIsLockOwner(pVM));
3456 int rc = PDMCritSectEnter(&pVM->em.s.CritSectREM, VERR_SEM_BUSY);
3457 AssertMsg(rc == VINF_SUCCESS, ("%Rrc\n", rc));
3458}
3459
3460/**
3461 * Unlocks REM execution
3462 *
3463 * @param pVM VM handle.
3464 */
3465VMMDECL(void) EMRemUnlock(PVM pVM)
3466{
3467 if (!PDMCritSectIsInitialized(&pVM->em.s.CritSectREM))
3468 return; /* early init */
3469
3470 PDMCritSectLeave(&pVM->em.s.CritSectREM);
3471}
3472
3473/**
3474 * Check if this VCPU currently owns the REM lock.
3475 *
3476 * @returns bool owner/not owner
3477 * @param pVM The VM to operate on.
3478 */
3479VMMDECL(bool) EMRemIsLockOwner(PVM pVM)
3480{
3481 return PDMCritSectIsOwner(&pVM->em.s.CritSectREM);
3482}
3483
3484/**
3485 * Try to acquire the REM lock.
3486 *
3487 * @returns VBox status code
3488 * @param pVM The VM to operate on.
3489 */
3490VMMDECL(int) EMTryEnterRemLock(PVM pVM)
3491{
3492 return PDMCritSectTryEnter(&pVM->em.s.CritSectREM);
3493}
3494
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette