VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/IEMAll.cpp@ 46727

Last change on this file since 46727 was 46486, checked in by vboxsync, 12 years ago

IEM: movsxd

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 315.5 KB
Line 
1/* $Id: IEMAll.cpp 46486 2013-06-10 22:14:40Z vboxsync $ */
2/** @file
3 * IEM - Interpreted Execution Manager - All Contexts.
4 */
5
6/*
7 * Copyright (C) 2011-2013 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/** @page pg_iem IEM - Interpreted Execution Manager
20 *
21 * The interpreted exeuction manager (IEM) is for executing short guest code
22 * sequences that are causing too many exits / virtualization traps. It will
23 * also be used to interpret single instructions, thus replacing the selective
24 * interpreters in EM and IOM.
25 *
26 * Design goals:
27 * - Relatively small footprint, although we favour speed and correctness
28 * over size.
29 * - Reasonably fast.
30 * - Correctly handle lock prefixed instructions.
31 * - Complete instruction set - eventually.
32 * - Refactorable into a recompiler, maybe.
33 * - Replace EMInterpret*.
34 *
35 * Using the existing disassembler has been considered, however this is thought
36 * to conflict with speed as the disassembler chews things a bit too much while
37 * leaving us with a somewhat complicated state to interpret afterwards.
38 *
39 *
40 * The current code is very much work in progress. You've been warned!
41 *
42 *
43 * @section sec_iem_fpu_instr FPU Instructions
44 *
45 * On x86 and AMD64 hosts, the FPU instructions are implemented by executing the
46 * same or equivalent instructions on the host FPU. To make life easy, we also
47 * let the FPU prioritize the unmasked exceptions for us. This however, only
48 * works reliably when CR0.NE is set, i.e. when using \#MF instead the IRQ 13
49 * for FPU exception delivery, because with CR0.NE=0 there is a window where we
50 * can trigger spurious FPU exceptions.
51 *
52 * The guest FPU state is not loaded into the host CPU and kept there till we
53 * leave IEM because the calling conventions have declared an all year open
54 * season on much of the FPU state. For instance an innocent looking call to
55 * memcpy might end up using a whole bunch of XMM or MM registers if the
56 * particular implementation finds it worthwhile.
57 *
58 *
59 * @section sec_iem_logging Logging
60 *
61 * The IEM code uses the \"IEM\" log group for the main logging. The different
62 * logging levels/flags are generally used for the following purposes:
63 * - Level 1 (Log) : Errors, exceptions, interrupts and such major events.
64 * - Flow (LogFlow): Basic enter/exit IEM state info.
65 * - Level 2 (Log2): ?
66 * - Level 3 (Log3): More detailed enter/exit IEM state info.
67 * - Level 4 (Log4): Decoding mnemonics w/ EIP.
68 * - Level 5 (Log5): Decoding details.
69 * - Level 6 (Log6): Enables/disables the lockstep comparison with REM.
70 *
71 */
72
73/** @def IEM_VERIFICATION_MODE_MINIMAL
74 * Use for pitting IEM against EM or something else in ring-0 or raw-mode
75 * context. */
76//#define IEM_VERIFICATION_MODE_MINIMAL
77//#define IEM_LOG_MEMORY_WRITES
78
79/*******************************************************************************
80* Header Files *
81*******************************************************************************/
82#define LOG_GROUP LOG_GROUP_IEM
83#include <VBox/vmm/iem.h>
84#include <VBox/vmm/cpum.h>
85#include <VBox/vmm/pgm.h>
86#include <internal/pgm.h>
87#include <VBox/vmm/iom.h>
88#include <VBox/vmm/em.h>
89#include <VBox/vmm/hm.h>
90#include <VBox/vmm/tm.h>
91#include <VBox/vmm/dbgf.h>
92#ifdef VBOX_WITH_RAW_MODE_NOT_R0
93# include <VBox/vmm/patm.h>
94#endif
95#include "IEMInternal.h"
96#ifdef IEM_VERIFICATION_MODE_FULL
97# include <VBox/vmm/rem.h>
98# include <VBox/vmm/mm.h>
99#endif
100#include <VBox/vmm/vm.h>
101#include <VBox/log.h>
102#include <VBox/err.h>
103#include <VBox/param.h>
104#include <iprt/assert.h>
105#include <iprt/string.h>
106#include <iprt/x86.h>
107
108
109/*******************************************************************************
110* Structures and Typedefs *
111*******************************************************************************/
112/** @typedef PFNIEMOP
113 * Pointer to an opcode decoder function.
114 */
115
116/** @def FNIEMOP_DEF
117 * Define an opcode decoder function.
118 *
119 * We're using macors for this so that adding and removing parameters as well as
120 * tweaking compiler specific attributes becomes easier. See FNIEMOP_CALL
121 *
122 * @param a_Name The function name.
123 */
124
125
126#if defined(__GNUC__) && defined(RT_ARCH_X86)
127typedef VBOXSTRICTRC (__attribute__((__fastcall__)) * PFNIEMOP)(PIEMCPU pIemCpu);
128# define FNIEMOP_DEF(a_Name) \
129 static VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PIEMCPU pIemCpu)
130# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
131 static VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0)
132# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
133 static VBOXSTRICTRC __attribute__((__fastcall__, __nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1)
134
135#elif defined(_MSC_VER) && defined(RT_ARCH_X86)
136typedef VBOXSTRICTRC (__fastcall * PFNIEMOP)(PIEMCPU pIemCpu);
137# define FNIEMOP_DEF(a_Name) \
138 static /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PIEMCPU pIemCpu) RT_NO_THROW
139# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
140 static /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0) RT_NO_THROW
141# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
142 static /*__declspec(naked)*/ VBOXSTRICTRC __fastcall a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1) RT_NO_THROW
143
144#elif defined(__GNUC__)
145typedef VBOXSTRICTRC (* PFNIEMOP)(PIEMCPU pIemCpu);
146# define FNIEMOP_DEF(a_Name) \
147 static VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PIEMCPU pIemCpu)
148# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
149 static VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0)
150# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
151 static VBOXSTRICTRC __attribute__((__nothrow__)) a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1)
152
153#else
154typedef VBOXSTRICTRC (* PFNIEMOP)(PIEMCPU pIemCpu);
155# define FNIEMOP_DEF(a_Name) \
156 static VBOXSTRICTRC a_Name(PIEMCPU pIemCpu) RT_NO_THROW
157# define FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
158 static VBOXSTRICTRC a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0) RT_NO_THROW
159# define FNIEMOP_DEF_2(a_Name, a_Type0, a_Name0, a_Type1, a_Name1) \
160 static VBOXSTRICTRC a_Name(PIEMCPU pIemCpu, a_Type0 a_Name0, a_Type1 a_Name1) RT_NO_THROW
161
162#endif
163
164
165/**
166 * Selector descriptor table entry as fetched by iemMemFetchSelDesc.
167 */
168typedef union IEMSELDESC
169{
170 /** The legacy view. */
171 X86DESC Legacy;
172 /** The long mode view. */
173 X86DESC64 Long;
174} IEMSELDESC;
175/** Pointer to a selector descriptor table entry. */
176typedef IEMSELDESC *PIEMSELDESC;
177
178
179/*******************************************************************************
180* Defined Constants And Macros *
181*******************************************************************************/
182/** @name IEM status codes.
183 *
184 * Not quite sure how this will play out in the end, just aliasing safe status
185 * codes for now.
186 *
187 * @{ */
188#define VINF_IEM_RAISED_XCPT VINF_EM_RESCHEDULE
189/** @} */
190
191/** Temporary hack to disable the double execution. Will be removed in favor
192 * of a dedicated execution mode in EM. */
193//#define IEM_VERIFICATION_MODE_NO_REM
194
195/** Used to shut up GCC warnings about variables that 'may be used uninitialized'
196 * due to GCC lacking knowledge about the value range of a switch. */
197#define IEM_NOT_REACHED_DEFAULT_CASE_RET() default: AssertFailedReturn(VERR_IPE_NOT_REACHED_DEFAULT_CASE)
198
199/**
200 * Returns IEM_RETURN_ASPECT_NOT_IMPLEMENTED, and in debug builds logs the
201 * occation.
202 */
203#ifdef LOG_ENABLED
204# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED() \
205 do { \
206 Log(("%s: returning IEM_RETURN_ASPECT_NOT_IMPLEMENTED (line %d)\n", __FUNCTION__, __LINE__)); \
207 return VERR_IEM_ASPECT_NOT_IMPLEMENTED; \
208 } while (0)
209#else
210# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED() \
211 return VERR_IEM_ASPECT_NOT_IMPLEMENTED
212#endif
213
214/**
215 * Returns IEM_RETURN_ASPECT_NOT_IMPLEMENTED, and in debug builds logs the
216 * occation using the supplied logger statement.
217 *
218 * @param a_LoggerArgs What to log on failure.
219 */
220#ifdef LOG_ENABLED
221# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(a_LoggerArgs) \
222 do { \
223 LogFunc(a_LoggerArgs); \
224 return VERR_IEM_ASPECT_NOT_IMPLEMENTED; \
225 } while (0)
226#else
227# define IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(a_LoggerArgs) \
228 return VERR_IEM_ASPECT_NOT_IMPLEMENTED
229#endif
230
231/**
232 * Call an opcode decoder function.
233 *
234 * We're using macors for this so that adding and removing parameters can be
235 * done as we please. See FNIEMOP_DEF.
236 */
237#define FNIEMOP_CALL(a_pfn) (a_pfn)(pIemCpu)
238
239/**
240 * Call a common opcode decoder function taking one extra argument.
241 *
242 * We're using macors for this so that adding and removing parameters can be
243 * done as we please. See FNIEMOP_DEF_1.
244 */
245#define FNIEMOP_CALL_1(a_pfn, a0) (a_pfn)(pIemCpu, a0)
246
247/**
248 * Call a common opcode decoder function taking one extra argument.
249 *
250 * We're using macors for this so that adding and removing parameters can be
251 * done as we please. See FNIEMOP_DEF_1.
252 */
253#define FNIEMOP_CALL_2(a_pfn, a0, a1) (a_pfn)(pIemCpu, a0, a1)
254
255/**
256 * Check if we're currently executing in real or virtual 8086 mode.
257 *
258 * @returns @c true if it is, @c false if not.
259 * @param a_pIemCpu The IEM state of the current CPU.
260 */
261#define IEM_IS_REAL_OR_V86_MODE(a_pIemCpu) (CPUMIsGuestInRealOrV86ModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
262
263/**
264 * Check if we're currently executing in long mode.
265 *
266 * @returns @c true if it is, @c false if not.
267 * @param a_pIemCpu The IEM state of the current CPU.
268 */
269#define IEM_IS_LONG_MODE(a_pIemCpu) (CPUMIsGuestInLongModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
270
271/**
272 * Check if we're currently executing in real mode.
273 *
274 * @returns @c true if it is, @c false if not.
275 * @param a_pIemCpu The IEM state of the current CPU.
276 */
277#define IEM_IS_REAL_MODE(a_pIemCpu) (CPUMIsGuestInRealModeEx((a_pIemCpu)->CTX_SUFF(pCtx)))
278
279/**
280 * Tests if an AMD CPUID feature (extended) is marked present - ECX.
281 */
282#define IEM_IS_AMD_CPUID_FEATURE_PRESENT_ECX(a_fEcx) iemRegIsAmdCpuIdFeaturePresent(pIemCpu, 0, (a_fEcx))
283
284/**
285 * Tests if an AMD CPUID feature (extended) is marked present - EDX.
286 */
287#define IEM_IS_AMD_CPUID_FEATURE_PRESENT_EDX(a_fEdx) iemRegIsAmdCpuIdFeaturePresent(pIemCpu, (a_fEdx), 0)
288
289/**
290 * Tests if at least on of the specified AMD CPUID features (extended) are
291 * marked present.
292 */
293#define IEM_IS_AMD_CPUID_FEATURES_ANY_PRESENT(a_fEdx, a_fEcx) iemRegIsAmdCpuIdFeaturePresent(pIemCpu, (a_fEdx), (a_fEcx))
294
295/**
296 * Checks if an Intel CPUID feature is present.
297 */
298#define IEM_IS_INTEL_CPUID_FEATURE_PRESENT_EDX(a_fEdx) \
299 ( ((a_fEdx) & (X86_CPUID_FEATURE_EDX_TSC | 0)) \
300 || iemRegIsIntelCpuIdFeaturePresent(pIemCpu, (a_fEdx), 0) )
301
302/**
303 * Evaluates to true if we're presenting an Intel CPU to the guest.
304 */
305#define IEM_IS_GUEST_CPU_INTEL(a_pIemCpu) (true) /** @todo determin this once and store it the CPU structure */
306
307/**
308 * Evaluates to true if we're presenting an AMD CPU to the guest.
309 */
310#define IEM_IS_GUEST_CPU_AMD(a_pIemCpu) (false) /** @todo determin this once and store it the CPU structure */
311
312/**
313 * Check if the address is canonical.
314 */
315#define IEM_IS_CANONICAL(a_u64Addr) ((uint64_t)(a_u64Addr) + UINT64_C(0x800000000000) < UINT64_C(0x1000000000000))
316
317
318/*******************************************************************************
319* Global Variables *
320*******************************************************************************/
321extern const PFNIEMOP g_apfnOneByteMap[256]; /* not static since we need to forward declare it. */
322
323
324/** Function table for the ADD instruction. */
325static const IEMOPBINSIZES g_iemAImpl_add =
326{
327 iemAImpl_add_u8, iemAImpl_add_u8_locked,
328 iemAImpl_add_u16, iemAImpl_add_u16_locked,
329 iemAImpl_add_u32, iemAImpl_add_u32_locked,
330 iemAImpl_add_u64, iemAImpl_add_u64_locked
331};
332
333/** Function table for the ADC instruction. */
334static const IEMOPBINSIZES g_iemAImpl_adc =
335{
336 iemAImpl_adc_u8, iemAImpl_adc_u8_locked,
337 iemAImpl_adc_u16, iemAImpl_adc_u16_locked,
338 iemAImpl_adc_u32, iemAImpl_adc_u32_locked,
339 iemAImpl_adc_u64, iemAImpl_adc_u64_locked
340};
341
342/** Function table for the SUB instruction. */
343static const IEMOPBINSIZES g_iemAImpl_sub =
344{
345 iemAImpl_sub_u8, iemAImpl_sub_u8_locked,
346 iemAImpl_sub_u16, iemAImpl_sub_u16_locked,
347 iemAImpl_sub_u32, iemAImpl_sub_u32_locked,
348 iemAImpl_sub_u64, iemAImpl_sub_u64_locked
349};
350
351/** Function table for the SBB instruction. */
352static const IEMOPBINSIZES g_iemAImpl_sbb =
353{
354 iemAImpl_sbb_u8, iemAImpl_sbb_u8_locked,
355 iemAImpl_sbb_u16, iemAImpl_sbb_u16_locked,
356 iemAImpl_sbb_u32, iemAImpl_sbb_u32_locked,
357 iemAImpl_sbb_u64, iemAImpl_sbb_u64_locked
358};
359
360/** Function table for the OR instruction. */
361static const IEMOPBINSIZES g_iemAImpl_or =
362{
363 iemAImpl_or_u8, iemAImpl_or_u8_locked,
364 iemAImpl_or_u16, iemAImpl_or_u16_locked,
365 iemAImpl_or_u32, iemAImpl_or_u32_locked,
366 iemAImpl_or_u64, iemAImpl_or_u64_locked
367};
368
369/** Function table for the XOR instruction. */
370static const IEMOPBINSIZES g_iemAImpl_xor =
371{
372 iemAImpl_xor_u8, iemAImpl_xor_u8_locked,
373 iemAImpl_xor_u16, iemAImpl_xor_u16_locked,
374 iemAImpl_xor_u32, iemAImpl_xor_u32_locked,
375 iemAImpl_xor_u64, iemAImpl_xor_u64_locked
376};
377
378/** Function table for the AND instruction. */
379static const IEMOPBINSIZES g_iemAImpl_and =
380{
381 iemAImpl_and_u8, iemAImpl_and_u8_locked,
382 iemAImpl_and_u16, iemAImpl_and_u16_locked,
383 iemAImpl_and_u32, iemAImpl_and_u32_locked,
384 iemAImpl_and_u64, iemAImpl_and_u64_locked
385};
386
387/** Function table for the CMP instruction.
388 * @remarks Making operand order ASSUMPTIONS.
389 */
390static const IEMOPBINSIZES g_iemAImpl_cmp =
391{
392 iemAImpl_cmp_u8, NULL,
393 iemAImpl_cmp_u16, NULL,
394 iemAImpl_cmp_u32, NULL,
395 iemAImpl_cmp_u64, NULL
396};
397
398/** Function table for the TEST instruction.
399 * @remarks Making operand order ASSUMPTIONS.
400 */
401static const IEMOPBINSIZES g_iemAImpl_test =
402{
403 iemAImpl_test_u8, NULL,
404 iemAImpl_test_u16, NULL,
405 iemAImpl_test_u32, NULL,
406 iemAImpl_test_u64, NULL
407};
408
409/** Function table for the BT instruction. */
410static const IEMOPBINSIZES g_iemAImpl_bt =
411{
412 NULL, NULL,
413 iemAImpl_bt_u16, NULL,
414 iemAImpl_bt_u32, NULL,
415 iemAImpl_bt_u64, NULL
416};
417
418/** Function table for the BTC instruction. */
419static const IEMOPBINSIZES g_iemAImpl_btc =
420{
421 NULL, NULL,
422 iemAImpl_btc_u16, iemAImpl_btc_u16_locked,
423 iemAImpl_btc_u32, iemAImpl_btc_u32_locked,
424 iemAImpl_btc_u64, iemAImpl_btc_u64_locked
425};
426
427/** Function table for the BTR instruction. */
428static const IEMOPBINSIZES g_iemAImpl_btr =
429{
430 NULL, NULL,
431 iemAImpl_btr_u16, iemAImpl_btr_u16_locked,
432 iemAImpl_btr_u32, iemAImpl_btr_u32_locked,
433 iemAImpl_btr_u64, iemAImpl_btr_u64_locked
434};
435
436/** Function table for the BTS instruction. */
437static const IEMOPBINSIZES g_iemAImpl_bts =
438{
439 NULL, NULL,
440 iemAImpl_bts_u16, iemAImpl_bts_u16_locked,
441 iemAImpl_bts_u32, iemAImpl_bts_u32_locked,
442 iemAImpl_bts_u64, iemAImpl_bts_u64_locked
443};
444
445/** Function table for the BSF instruction. */
446static const IEMOPBINSIZES g_iemAImpl_bsf =
447{
448 NULL, NULL,
449 iemAImpl_bsf_u16, NULL,
450 iemAImpl_bsf_u32, NULL,
451 iemAImpl_bsf_u64, NULL
452};
453
454/** Function table for the BSR instruction. */
455static const IEMOPBINSIZES g_iemAImpl_bsr =
456{
457 NULL, NULL,
458 iemAImpl_bsr_u16, NULL,
459 iemAImpl_bsr_u32, NULL,
460 iemAImpl_bsr_u64, NULL
461};
462
463/** Function table for the IMUL instruction. */
464static const IEMOPBINSIZES g_iemAImpl_imul_two =
465{
466 NULL, NULL,
467 iemAImpl_imul_two_u16, NULL,
468 iemAImpl_imul_two_u32, NULL,
469 iemAImpl_imul_two_u64, NULL
470};
471
472/** Group 1 /r lookup table. */
473static const PCIEMOPBINSIZES g_apIemImplGrp1[8] =
474{
475 &g_iemAImpl_add,
476 &g_iemAImpl_or,
477 &g_iemAImpl_adc,
478 &g_iemAImpl_sbb,
479 &g_iemAImpl_and,
480 &g_iemAImpl_sub,
481 &g_iemAImpl_xor,
482 &g_iemAImpl_cmp
483};
484
485/** Function table for the INC instruction. */
486static const IEMOPUNARYSIZES g_iemAImpl_inc =
487{
488 iemAImpl_inc_u8, iemAImpl_inc_u8_locked,
489 iemAImpl_inc_u16, iemAImpl_inc_u16_locked,
490 iemAImpl_inc_u32, iemAImpl_inc_u32_locked,
491 iemAImpl_inc_u64, iemAImpl_inc_u64_locked
492};
493
494/** Function table for the DEC instruction. */
495static const IEMOPUNARYSIZES g_iemAImpl_dec =
496{
497 iemAImpl_dec_u8, iemAImpl_dec_u8_locked,
498 iemAImpl_dec_u16, iemAImpl_dec_u16_locked,
499 iemAImpl_dec_u32, iemAImpl_dec_u32_locked,
500 iemAImpl_dec_u64, iemAImpl_dec_u64_locked
501};
502
503/** Function table for the NEG instruction. */
504static const IEMOPUNARYSIZES g_iemAImpl_neg =
505{
506 iemAImpl_neg_u8, iemAImpl_neg_u8_locked,
507 iemAImpl_neg_u16, iemAImpl_neg_u16_locked,
508 iemAImpl_neg_u32, iemAImpl_neg_u32_locked,
509 iemAImpl_neg_u64, iemAImpl_neg_u64_locked
510};
511
512/** Function table for the NOT instruction. */
513static const IEMOPUNARYSIZES g_iemAImpl_not =
514{
515 iemAImpl_not_u8, iemAImpl_not_u8_locked,
516 iemAImpl_not_u16, iemAImpl_not_u16_locked,
517 iemAImpl_not_u32, iemAImpl_not_u32_locked,
518 iemAImpl_not_u64, iemAImpl_not_u64_locked
519};
520
521
522/** Function table for the ROL instruction. */
523static const IEMOPSHIFTSIZES g_iemAImpl_rol =
524{
525 iemAImpl_rol_u8,
526 iemAImpl_rol_u16,
527 iemAImpl_rol_u32,
528 iemAImpl_rol_u64
529};
530
531/** Function table for the ROR instruction. */
532static const IEMOPSHIFTSIZES g_iemAImpl_ror =
533{
534 iemAImpl_ror_u8,
535 iemAImpl_ror_u16,
536 iemAImpl_ror_u32,
537 iemAImpl_ror_u64
538};
539
540/** Function table for the RCL instruction. */
541static const IEMOPSHIFTSIZES g_iemAImpl_rcl =
542{
543 iemAImpl_rcl_u8,
544 iemAImpl_rcl_u16,
545 iemAImpl_rcl_u32,
546 iemAImpl_rcl_u64
547};
548
549/** Function table for the RCR instruction. */
550static const IEMOPSHIFTSIZES g_iemAImpl_rcr =
551{
552 iemAImpl_rcr_u8,
553 iemAImpl_rcr_u16,
554 iemAImpl_rcr_u32,
555 iemAImpl_rcr_u64
556};
557
558/** Function table for the SHL instruction. */
559static const IEMOPSHIFTSIZES g_iemAImpl_shl =
560{
561 iemAImpl_shl_u8,
562 iemAImpl_shl_u16,
563 iemAImpl_shl_u32,
564 iemAImpl_shl_u64
565};
566
567/** Function table for the SHR instruction. */
568static const IEMOPSHIFTSIZES g_iemAImpl_shr =
569{
570 iemAImpl_shr_u8,
571 iemAImpl_shr_u16,
572 iemAImpl_shr_u32,
573 iemAImpl_shr_u64
574};
575
576/** Function table for the SAR instruction. */
577static const IEMOPSHIFTSIZES g_iemAImpl_sar =
578{
579 iemAImpl_sar_u8,
580 iemAImpl_sar_u16,
581 iemAImpl_sar_u32,
582 iemAImpl_sar_u64
583};
584
585
586/** Function table for the MUL instruction. */
587static const IEMOPMULDIVSIZES g_iemAImpl_mul =
588{
589 iemAImpl_mul_u8,
590 iemAImpl_mul_u16,
591 iemAImpl_mul_u32,
592 iemAImpl_mul_u64
593};
594
595/** Function table for the IMUL instruction working implicitly on rAX. */
596static const IEMOPMULDIVSIZES g_iemAImpl_imul =
597{
598 iemAImpl_imul_u8,
599 iemAImpl_imul_u16,
600 iemAImpl_imul_u32,
601 iemAImpl_imul_u64
602};
603
604/** Function table for the DIV instruction. */
605static const IEMOPMULDIVSIZES g_iemAImpl_div =
606{
607 iemAImpl_div_u8,
608 iemAImpl_div_u16,
609 iemAImpl_div_u32,
610 iemAImpl_div_u64
611};
612
613/** Function table for the MUL instruction. */
614static const IEMOPMULDIVSIZES g_iemAImpl_idiv =
615{
616 iemAImpl_idiv_u8,
617 iemAImpl_idiv_u16,
618 iemAImpl_idiv_u32,
619 iemAImpl_idiv_u64
620};
621
622/** Function table for the SHLD instruction */
623static const IEMOPSHIFTDBLSIZES g_iemAImpl_shld =
624{
625 iemAImpl_shld_u16,
626 iemAImpl_shld_u32,
627 iemAImpl_shld_u64,
628};
629
630/** Function table for the SHRD instruction */
631static const IEMOPSHIFTDBLSIZES g_iemAImpl_shrd =
632{
633 iemAImpl_shrd_u16,
634 iemAImpl_shrd_u32,
635 iemAImpl_shrd_u64,
636};
637
638
639#if defined(IEM_VERIFICATION_MODE_MINIMAL) || defined(IEM_LOG_MEMORY_WRITES)
640/** What IEM just wrote. */
641uint8_t g_abIemWrote[256];
642/** How much IEM just wrote. */
643size_t g_cbIemWrote;
644#endif
645
646
647/*******************************************************************************
648* Internal Functions *
649*******************************************************************************/
650static VBOXSTRICTRC iemRaiseTaskSwitchFaultCurrentTSS(PIEMCPU pIemCpu);
651/*static VBOXSTRICTRC iemRaiseSelectorNotPresent(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess);*/
652static VBOXSTRICTRC iemRaiseSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel);
653static VBOXSTRICTRC iemRaiseSelectorNotPresentWithErr(PIEMCPU pIemCpu, uint16_t uErr);
654static VBOXSTRICTRC iemRaiseStackSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel);
655static VBOXSTRICTRC iemRaiseGeneralProtectionFault(PIEMCPU pIemCpu, uint16_t uErr);
656static VBOXSTRICTRC iemRaiseGeneralProtectionFault0(PIEMCPU pIemCpu);
657static VBOXSTRICTRC iemRaiseGeneralProtectionFaultBySelector(PIEMCPU pIemCpu, RTSEL uSel);
658static VBOXSTRICTRC iemRaiseSelectorBounds(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess);
659static VBOXSTRICTRC iemRaiseSelectorBoundsBySelector(PIEMCPU pIemCpu, RTSEL Sel);
660static VBOXSTRICTRC iemRaiseSelectorInvalidAccess(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess);
661static VBOXSTRICTRC iemRaisePageFault(PIEMCPU pIemCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc);
662static VBOXSTRICTRC iemRaiseAlignmentCheckException(PIEMCPU pIemCpu);
663static VBOXSTRICTRC iemMemMap(PIEMCPU pIemCpu, void **ppvMem, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess);
664static VBOXSTRICTRC iemMemCommitAndUnmap(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess);
665static VBOXSTRICTRC iemMemFetchDataU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
666static VBOXSTRICTRC iemMemFetchDataU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
667static VBOXSTRICTRC iemMemFetchSysU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
668static VBOXSTRICTRC iemMemFetchSysU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem);
669static VBOXSTRICTRC iemMemFetchSelDesc(PIEMCPU pIemCpu, PIEMSELDESC pDesc, uint16_t uSel);
670static VBOXSTRICTRC iemMemStackPushCommitSpecial(PIEMCPU pIemCpu, void *pvMem, uint64_t uNewRsp);
671static VBOXSTRICTRC iemMemStackPushBeginSpecial(PIEMCPU pIemCpu, size_t cbMem, void **ppvMem, uint64_t *puNewRsp);
672static VBOXSTRICTRC iemMemMarkSelDescAccessed(PIEMCPU pIemCpu, uint16_t uSel);
673static uint16_t iemSRegFetchU16(PIEMCPU pIemCpu, uint8_t iSegReg);
674
675#if defined(IEM_VERIFICATION_MODE_FULL) && !defined(IEM_VERIFICATION_MODE_MINIMAL)
676static PIEMVERIFYEVTREC iemVerifyAllocRecord(PIEMCPU pIemCpu);
677#endif
678static VBOXSTRICTRC iemVerifyFakeIOPortRead(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t *pu32Value, size_t cbValue);
679static VBOXSTRICTRC iemVerifyFakeIOPortWrite(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t u32Value, size_t cbValue);
680
681
682/**
683 * Sets the pass up status.
684 *
685 * @returns VINF_SUCCESS.
686 * @param pIemCpu The per CPU IEM state of the calling thread.
687 * @param rcPassUp The pass up status. Must be informational.
688 * VINF_SUCCESS is not allowed.
689 */
690static int iemSetPassUpStatus(PIEMCPU pIemCpu, VBOXSTRICTRC rcPassUp)
691{
692 AssertRC(VBOXSTRICTRC_VAL(rcPassUp)); Assert(rcPassUp != VINF_SUCCESS);
693
694 int32_t const rcOldPassUp = pIemCpu->rcPassUp;
695 if (rcOldPassUp == VINF_SUCCESS)
696 pIemCpu->rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
697 /* If both are EM scheduling code, use EM priority rules. */
698 else if ( rcOldPassUp >= VINF_EM_FIRST && rcOldPassUp <= VINF_EM_LAST
699 && rcPassUp >= VINF_EM_FIRST && rcPassUp <= VINF_EM_LAST)
700 {
701 if (rcPassUp < rcOldPassUp)
702 {
703 Log(("IEM: rcPassUp=%Rrc! rcOldPassUp=%Rrc\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
704 pIemCpu->rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
705 }
706 else
707 Log(("IEM: rcPassUp=%Rrc rcOldPassUp=%Rrc!\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
708 }
709 /* Override EM scheduling with specific status code. */
710 else if (rcOldPassUp >= VINF_EM_FIRST && rcOldPassUp <= VINF_EM_LAST)
711 {
712 Log(("IEM: rcPassUp=%Rrc! rcOldPassUp=%Rrc\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
713 pIemCpu->rcPassUp = VBOXSTRICTRC_VAL(rcPassUp);
714 }
715 /* Don't override specific status code, first come first served. */
716 else
717 Log(("IEM: rcPassUp=%Rrc rcOldPassUp=%Rrc!\n", VBOXSTRICTRC_VAL(rcPassUp), rcOldPassUp));
718 return VINF_SUCCESS;
719}
720
721
722/**
723 * Initializes the decoder state.
724 *
725 * @param pIemCpu The per CPU IEM state.
726 * @param fBypassHandlers Whether to bypass access handlers.
727 */
728DECLINLINE(void) iemInitDecoder(PIEMCPU pIemCpu, bool fBypassHandlers)
729{
730 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
731 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
732
733#if defined(VBOX_STRICT) && (defined(IEM_VERIFICATION_MODE_FULL) || !defined(VBOX_WITH_RAW_MODE_NOT_R0))
734 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->cs));
735 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ss));
736 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->es));
737 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ds));
738 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->fs));
739 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->gs));
740 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->ldtr));
741 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pCtx->tr));
742#endif
743
744#ifdef VBOX_WITH_RAW_MODE_NOT_R0
745 CPUMGuestLazyLoadHiddenCsAndSs(pVCpu);
746#endif
747 pIemCpu->uCpl = CPUMGetGuestCPL(pVCpu);
748#ifdef IEM_VERIFICATION_MODE_FULL
749 if (pIemCpu->uInjectCpl != UINT8_MAX)
750 pIemCpu->uCpl = pIemCpu->uInjectCpl;
751#endif
752 IEMMODE enmMode = CPUMIsGuestIn64BitCodeEx(pCtx)
753 ? IEMMODE_64BIT
754 : pCtx->cs.Attr.n.u1DefBig /** @todo check if this is correct... */
755 ? IEMMODE_32BIT
756 : IEMMODE_16BIT;
757 pIemCpu->enmCpuMode = enmMode;
758 pIemCpu->enmDefAddrMode = enmMode; /** @todo check if this is correct... */
759 pIemCpu->enmEffAddrMode = enmMode;
760 if (enmMode != IEMMODE_64BIT)
761 {
762 pIemCpu->enmDefOpSize = enmMode; /** @todo check if this is correct... */
763 pIemCpu->enmEffOpSize = enmMode;
764 }
765 else
766 {
767 pIemCpu->enmDefOpSize = IEMMODE_32BIT;
768 pIemCpu->enmEffOpSize = IEMMODE_32BIT;
769 }
770 pIemCpu->fPrefixes = 0;
771 pIemCpu->uRexReg = 0;
772 pIemCpu->uRexB = 0;
773 pIemCpu->uRexIndex = 0;
774 pIemCpu->iEffSeg = X86_SREG_DS;
775 pIemCpu->offOpcode = 0;
776 pIemCpu->cbOpcode = 0;
777 pIemCpu->cActiveMappings = 0;
778 pIemCpu->iNextMapping = 0;
779 pIemCpu->rcPassUp = VINF_SUCCESS;
780 pIemCpu->fBypassHandlers = fBypassHandlers;
781#ifdef IN_RC
782 pIemCpu->fInPatchCode = pIemCpu->uCpl == 0
783 && pCtx->cs.u64Base == 0
784 && pCtx->cs.u32Limit == UINT32_MAX
785 && PATMIsPatchGCAddr(IEMCPU_TO_VM(pIemCpu), pCtx->eip);
786 if (!pIemCpu->fInPatchCode)
787 CPUMRawLeave(pVCpu, CPUMCTX2CORE(pCtx), VINF_SUCCESS);
788#endif
789}
790
791
792/**
793 * Prefetch opcodes the first time when starting executing.
794 *
795 * @returns Strict VBox status code.
796 * @param pIemCpu The IEM state.
797 * @param fBypassHandlers Whether to bypass access handlers.
798 */
799static VBOXSTRICTRC iemInitDecoderAndPrefetchOpcodes(PIEMCPU pIemCpu, bool fBypassHandlers)
800{
801#ifdef IEM_VERIFICATION_MODE_FULL
802 uint8_t const cbOldOpcodes = pIemCpu->cbOpcode;
803#endif
804 iemInitDecoder(pIemCpu, fBypassHandlers);
805
806 /*
807 * What we're doing here is very similar to iemMemMap/iemMemBounceBufferMap.
808 *
809 * First translate CS:rIP to a physical address.
810 */
811 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
812 uint32_t cbToTryRead;
813 RTGCPTR GCPtrPC;
814 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
815 {
816 cbToTryRead = PAGE_SIZE;
817 GCPtrPC = pCtx->rip;
818 if (!IEM_IS_CANONICAL(GCPtrPC))
819 return iemRaiseGeneralProtectionFault0(pIemCpu);
820 cbToTryRead = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
821 }
822 else
823 {
824 uint32_t GCPtrPC32 = pCtx->eip;
825 AssertMsg(!(GCPtrPC32 & ~(uint32_t)UINT16_MAX) || pIemCpu->enmCpuMode == IEMMODE_32BIT, ("%04x:%RX64\n", pCtx->cs.Sel, pCtx->rip));
826 if (GCPtrPC32 > pCtx->cs.u32Limit)
827 return iemRaiseSelectorBounds(pIemCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
828 cbToTryRead = pCtx->cs.u32Limit - GCPtrPC32 + 1;
829 GCPtrPC = pCtx->cs.u64Base + GCPtrPC32;
830 }
831
832#if defined(IN_RC) && defined(VBOX_WITH_RAW_MODE)
833 /* Allow interpretation of patch manager code blocks since they can for
834 instance throw #PFs for perfectly good reasons. */
835 if (pIemCpu->fInPatchCode)
836 {
837 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
838 if (cbToTryRead > cbLeftOnPage)
839 cbToTryRead = cbLeftOnPage;
840 if (cbToTryRead > sizeof(pIemCpu->abOpcode))
841 cbToTryRead = sizeof(pIemCpu->abOpcode);
842 memcpy(pIemCpu->abOpcode, (void const *)(uintptr_t)GCPtrPC, cbToTryRead);
843 pIemCpu->cbOpcode = cbToTryRead;
844 return VINF_SUCCESS;
845 }
846#endif
847
848 RTGCPHYS GCPhys;
849 uint64_t fFlags;
850 int rc = PGMGstGetPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrPC, &fFlags, &GCPhys);
851 if (RT_FAILURE(rc))
852 {
853 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - rc=%Rrc\n", GCPtrPC, rc));
854 return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, rc);
855 }
856 if (!(fFlags & X86_PTE_US) && pIemCpu->uCpl == 3)
857 {
858 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - supervisor page\n", GCPtrPC));
859 return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
860 }
861 if ((fFlags & X86_PTE_PAE_NX) && (pCtx->msrEFER & MSR_K6_EFER_NXE))
862 {
863 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv - NX\n", GCPtrPC));
864 return iemRaisePageFault(pIemCpu, GCPtrPC, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
865 }
866 GCPhys |= GCPtrPC & PAGE_OFFSET_MASK;
867 /** @todo Check reserved bits and such stuff. PGM is better at doing
868 * that, so do it when implementing the guest virtual address
869 * TLB... */
870
871#ifdef IEM_VERIFICATION_MODE_FULL
872 /*
873 * Optimistic optimization: Use unconsumed opcode bytes from the previous
874 * instruction.
875 */
876 /** @todo optimize this differently by not using PGMPhysRead. */
877 RTGCPHYS const offPrevOpcodes = GCPhys - pIemCpu->GCPhysOpcodes;
878 pIemCpu->GCPhysOpcodes = GCPhys;
879 if ( offPrevOpcodes < cbOldOpcodes
880 && PAGE_SIZE - (GCPhys & PAGE_OFFSET_MASK) > sizeof(pIemCpu->abOpcode))
881 {
882 uint8_t cbNew = cbOldOpcodes - (uint8_t)offPrevOpcodes;
883 memmove(&pIemCpu->abOpcode[0], &pIemCpu->abOpcode[offPrevOpcodes], cbNew);
884 pIemCpu->cbOpcode = cbNew;
885 return VINF_SUCCESS;
886 }
887#endif
888
889 /*
890 * Read the bytes at this address.
891 */
892 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrPC & PAGE_OFFSET_MASK);
893 if (cbToTryRead > cbLeftOnPage)
894 cbToTryRead = cbLeftOnPage;
895 if (cbToTryRead > sizeof(pIemCpu->abOpcode))
896 cbToTryRead = sizeof(pIemCpu->abOpcode);
897 /** @todo PATM: Read original, unpatched bytes? EMAll.cpp doesn't seem to be
898 * doing that. */
899 if (!pIemCpu->fBypassHandlers)
900 rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhys, pIemCpu->abOpcode, cbToTryRead);
901 else
902 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), pIemCpu->abOpcode, GCPhys, cbToTryRead);
903 if (rc != VINF_SUCCESS)
904 {
905 /** @todo status code handling */
906 Log(("iemInitDecoderAndPrefetchOpcodes: %RGv/%RGp LB %#x - read error - rc=%Rrc (!!)\n",
907 GCPtrPC, GCPhys, rc, cbToTryRead));
908 return rc;
909 }
910 pIemCpu->cbOpcode = cbToTryRead;
911
912 return VINF_SUCCESS;
913}
914
915
916/**
917 * Try fetch at least @a cbMin bytes more opcodes, raise the appropriate
918 * exception if it fails.
919 *
920 * @returns Strict VBox status code.
921 * @param pIemCpu The IEM state.
922 * @param cbMin Where to return the opcode byte.
923 */
924static VBOXSTRICTRC iemOpcodeFetchMoreBytes(PIEMCPU pIemCpu, size_t cbMin)
925{
926 /*
927 * What we're doing here is very similar to iemMemMap/iemMemBounceBufferMap.
928 *
929 * First translate CS:rIP to a physical address.
930 */
931 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
932 uint8_t cbLeft = pIemCpu->cbOpcode - pIemCpu->offOpcode; Assert(cbLeft < cbMin);
933 uint32_t cbToTryRead;
934 RTGCPTR GCPtrNext;
935 if (pIemCpu->enmCpuMode == IEMMODE_64BIT)
936 {
937 cbToTryRead = PAGE_SIZE;
938 GCPtrNext = pCtx->rip + pIemCpu->cbOpcode;
939 if (!IEM_IS_CANONICAL(GCPtrNext))
940 return iemRaiseGeneralProtectionFault0(pIemCpu);
941 cbToTryRead = PAGE_SIZE - (GCPtrNext & PAGE_OFFSET_MASK);
942 Assert(cbToTryRead >= cbMin - cbLeft); /* ASSUMPTION based on iemInitDecoderAndPrefetchOpcodes. */
943 }
944 else
945 {
946 uint32_t GCPtrNext32 = pCtx->eip;
947 Assert(!(GCPtrNext32 & ~(uint32_t)UINT16_MAX) || pIemCpu->enmCpuMode == IEMMODE_32BIT);
948 GCPtrNext32 += pIemCpu->cbOpcode;
949 if (GCPtrNext32 > pCtx->cs.u32Limit)
950 return iemRaiseSelectorBounds(pIemCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
951 cbToTryRead = pCtx->cs.u32Limit - GCPtrNext32 + 1;
952 if (cbToTryRead < cbMin - cbLeft)
953 return iemRaiseSelectorBounds(pIemCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
954 GCPtrNext = pCtx->cs.u64Base + GCPtrNext32;
955 }
956
957 RTGCPHYS GCPhys;
958 uint64_t fFlags;
959 int rc = PGMGstGetPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrNext, &fFlags, &GCPhys);
960 if (RT_FAILURE(rc))
961 {
962 Log(("iemOpcodeFetchMoreBytes: %RGv - rc=%Rrc\n", GCPtrNext, rc));
963 return iemRaisePageFault(pIemCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, rc);
964 }
965 if (!(fFlags & X86_PTE_US) && pIemCpu->uCpl == 3)
966 {
967 Log(("iemOpcodeFetchMoreBytes: %RGv - supervisor page\n", GCPtrNext));
968 return iemRaisePageFault(pIemCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
969 }
970 if ((fFlags & X86_PTE_PAE_NX) && (pCtx->msrEFER & MSR_K6_EFER_NXE))
971 {
972 Log(("iemOpcodeFetchMoreBytes: %RGv - NX\n", GCPtrNext));
973 return iemRaisePageFault(pIemCpu, GCPtrNext, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
974 }
975 GCPhys |= GCPtrNext & PAGE_OFFSET_MASK;
976 Log5(("GCPtrNext=%RGv GCPhys=%RGp cbOpcodes=%#x\n", GCPtrNext, GCPhys, pIemCpu->cbOpcode));
977 /** @todo Check reserved bits and such stuff. PGM is better at doing
978 * that, so do it when implementing the guest virtual address
979 * TLB... */
980
981 /*
982 * Read the bytes at this address.
983 */
984 uint32_t cbLeftOnPage = PAGE_SIZE - (GCPtrNext & PAGE_OFFSET_MASK);
985 if (cbToTryRead > cbLeftOnPage)
986 cbToTryRead = cbLeftOnPage;
987 if (cbToTryRead > sizeof(pIemCpu->abOpcode) - pIemCpu->cbOpcode)
988 cbToTryRead = sizeof(pIemCpu->abOpcode) - pIemCpu->cbOpcode;
989 Assert(cbToTryRead >= cbMin - cbLeft);
990 if (!pIemCpu->fBypassHandlers)
991 rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhys, &pIemCpu->abOpcode[pIemCpu->cbOpcode], cbToTryRead);
992 else
993 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), &pIemCpu->abOpcode[pIemCpu->cbOpcode], GCPhys, cbToTryRead);
994 if (rc != VINF_SUCCESS)
995 {
996 /** @todo status code handling */
997 Log(("iemOpcodeFetchMoreBytes: %RGv - read error - rc=%Rrc (!!)\n", GCPtrNext, rc));
998 return rc;
999 }
1000 pIemCpu->cbOpcode += cbToTryRead;
1001 Log5(("%.*Rhxs\n", pIemCpu->cbOpcode, pIemCpu->abOpcode));
1002
1003 return VINF_SUCCESS;
1004}
1005
1006
1007/**
1008 * Deals with the problematic cases that iemOpcodeGetNextU8 doesn't like.
1009 *
1010 * @returns Strict VBox status code.
1011 * @param pIemCpu The IEM state.
1012 * @param pb Where to return the opcode byte.
1013 */
1014DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU8Slow(PIEMCPU pIemCpu, uint8_t *pb)
1015{
1016 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 1);
1017 if (rcStrict == VINF_SUCCESS)
1018 {
1019 uint8_t offOpcode = pIemCpu->offOpcode;
1020 *pb = pIemCpu->abOpcode[offOpcode];
1021 pIemCpu->offOpcode = offOpcode + 1;
1022 }
1023 else
1024 *pb = 0;
1025 return rcStrict;
1026}
1027
1028
1029/**
1030 * Fetches the next opcode byte.
1031 *
1032 * @returns Strict VBox status code.
1033 * @param pIemCpu The IEM state.
1034 * @param pu8 Where to return the opcode byte.
1035 */
1036DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU8(PIEMCPU pIemCpu, uint8_t *pu8)
1037{
1038 uint8_t const offOpcode = pIemCpu->offOpcode;
1039 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1040 return iemOpcodeGetNextU8Slow(pIemCpu, pu8);
1041
1042 *pu8 = pIemCpu->abOpcode[offOpcode];
1043 pIemCpu->offOpcode = offOpcode + 1;
1044 return VINF_SUCCESS;
1045}
1046
1047
1048/**
1049 * Fetches the next opcode byte, returns automatically on failure.
1050 *
1051 * @param a_pu8 Where to return the opcode byte.
1052 * @remark Implicitly references pIemCpu.
1053 */
1054#define IEM_OPCODE_GET_NEXT_U8(a_pu8) \
1055 do \
1056 { \
1057 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU8(pIemCpu, (a_pu8)); \
1058 if (rcStrict2 != VINF_SUCCESS) \
1059 return rcStrict2; \
1060 } while (0)
1061
1062
1063/**
1064 * Fetches the next signed byte from the opcode stream.
1065 *
1066 * @returns Strict VBox status code.
1067 * @param pIemCpu The IEM state.
1068 * @param pi8 Where to return the signed byte.
1069 */
1070DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8(PIEMCPU pIemCpu, int8_t *pi8)
1071{
1072 return iemOpcodeGetNextU8(pIemCpu, (uint8_t *)pi8);
1073}
1074
1075
1076/**
1077 * Fetches the next signed byte from the opcode stream, returning automatically
1078 * on failure.
1079 *
1080 * @param pi8 Where to return the signed byte.
1081 * @remark Implicitly references pIemCpu.
1082 */
1083#define IEM_OPCODE_GET_NEXT_S8(a_pi8) \
1084 do \
1085 { \
1086 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8(pIemCpu, (a_pi8)); \
1087 if (rcStrict2 != VINF_SUCCESS) \
1088 return rcStrict2; \
1089 } while (0)
1090
1091
1092/**
1093 * Deals with the problematic cases that iemOpcodeGetNextS8SxU16 doesn't like.
1094 *
1095 * @returns Strict VBox status code.
1096 * @param pIemCpu The IEM state.
1097 * @param pu16 Where to return the opcode dword.
1098 */
1099DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextS8SxU16Slow(PIEMCPU pIemCpu, uint16_t *pu16)
1100{
1101 uint8_t u8;
1102 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pIemCpu, &u8);
1103 if (rcStrict == VINF_SUCCESS)
1104 *pu16 = (int8_t)u8;
1105 return rcStrict;
1106}
1107
1108
1109/**
1110 * Fetches the next signed byte from the opcode stream, extending it to
1111 * unsigned 16-bit.
1112 *
1113 * @returns Strict VBox status code.
1114 * @param pIemCpu The IEM state.
1115 * @param pu16 Where to return the unsigned word.
1116 */
1117DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU16(PIEMCPU pIemCpu, uint16_t *pu16)
1118{
1119 uint8_t const offOpcode = pIemCpu->offOpcode;
1120 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1121 return iemOpcodeGetNextS8SxU16Slow(pIemCpu, pu16);
1122
1123 *pu16 = (int8_t)pIemCpu->abOpcode[offOpcode];
1124 pIemCpu->offOpcode = offOpcode + 1;
1125 return VINF_SUCCESS;
1126}
1127
1128
1129/**
1130 * Fetches the next signed byte from the opcode stream and sign-extending it to
1131 * a word, returning automatically on failure.
1132 *
1133 * @param pu16 Where to return the word.
1134 * @remark Implicitly references pIemCpu.
1135 */
1136#define IEM_OPCODE_GET_NEXT_S8_SX_U16(a_pu16) \
1137 do \
1138 { \
1139 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU16(pIemCpu, (a_pu16)); \
1140 if (rcStrict2 != VINF_SUCCESS) \
1141 return rcStrict2; \
1142 } while (0)
1143
1144
1145/**
1146 * Deals with the problematic cases that iemOpcodeGetNextS8SxU32 doesn't like.
1147 *
1148 * @returns Strict VBox status code.
1149 * @param pIemCpu The IEM state.
1150 * @param pu32 Where to return the opcode dword.
1151 */
1152DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextS8SxU32Slow(PIEMCPU pIemCpu, uint32_t *pu32)
1153{
1154 uint8_t u8;
1155 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pIemCpu, &u8);
1156 if (rcStrict == VINF_SUCCESS)
1157 *pu32 = (int8_t)u8;
1158 return rcStrict;
1159}
1160
1161
1162/**
1163 * Fetches the next signed byte from the opcode stream, extending it to
1164 * unsigned 32-bit.
1165 *
1166 * @returns Strict VBox status code.
1167 * @param pIemCpu The IEM state.
1168 * @param pu32 Where to return the unsigned dword.
1169 */
1170DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU32(PIEMCPU pIemCpu, uint32_t *pu32)
1171{
1172 uint8_t const offOpcode = pIemCpu->offOpcode;
1173 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1174 return iemOpcodeGetNextS8SxU32Slow(pIemCpu, pu32);
1175
1176 *pu32 = (int8_t)pIemCpu->abOpcode[offOpcode];
1177 pIemCpu->offOpcode = offOpcode + 1;
1178 return VINF_SUCCESS;
1179}
1180
1181
1182/**
1183 * Fetches the next signed byte from the opcode stream and sign-extending it to
1184 * a word, returning automatically on failure.
1185 *
1186 * @param pu32 Where to return the word.
1187 * @remark Implicitly references pIemCpu.
1188 */
1189#define IEM_OPCODE_GET_NEXT_S8_SX_U32(a_pu32) \
1190 do \
1191 { \
1192 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU32(pIemCpu, (a_pu32)); \
1193 if (rcStrict2 != VINF_SUCCESS) \
1194 return rcStrict2; \
1195 } while (0)
1196
1197
1198/**
1199 * Deals with the problematic cases that iemOpcodeGetNextS8SxU64 doesn't like.
1200 *
1201 * @returns Strict VBox status code.
1202 * @param pIemCpu The IEM state.
1203 * @param pu64 Where to return the opcode qword.
1204 */
1205DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextS8SxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1206{
1207 uint8_t u8;
1208 VBOXSTRICTRC rcStrict = iemOpcodeGetNextU8Slow(pIemCpu, &u8);
1209 if (rcStrict == VINF_SUCCESS)
1210 *pu64 = (int8_t)u8;
1211 return rcStrict;
1212}
1213
1214
1215/**
1216 * Fetches the next signed byte from the opcode stream, extending it to
1217 * unsigned 64-bit.
1218 *
1219 * @returns Strict VBox status code.
1220 * @param pIemCpu The IEM state.
1221 * @param pu64 Where to return the unsigned qword.
1222 */
1223DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS8SxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1224{
1225 uint8_t const offOpcode = pIemCpu->offOpcode;
1226 if (RT_UNLIKELY(offOpcode >= pIemCpu->cbOpcode))
1227 return iemOpcodeGetNextS8SxU64Slow(pIemCpu, pu64);
1228
1229 *pu64 = (int8_t)pIemCpu->abOpcode[offOpcode];
1230 pIemCpu->offOpcode = offOpcode + 1;
1231 return VINF_SUCCESS;
1232}
1233
1234
1235/**
1236 * Fetches the next signed byte from the opcode stream and sign-extending it to
1237 * a word, returning automatically on failure.
1238 *
1239 * @param pu64 Where to return the word.
1240 * @remark Implicitly references pIemCpu.
1241 */
1242#define IEM_OPCODE_GET_NEXT_S8_SX_U64(a_pu64) \
1243 do \
1244 { \
1245 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS8SxU64(pIemCpu, (a_pu64)); \
1246 if (rcStrict2 != VINF_SUCCESS) \
1247 return rcStrict2; \
1248 } while (0)
1249
1250
1251/**
1252 * Deals with the problematic cases that iemOpcodeGetNextU16 doesn't like.
1253 *
1254 * @returns Strict VBox status code.
1255 * @param pIemCpu The IEM state.
1256 * @param pu16 Where to return the opcode word.
1257 */
1258DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU16Slow(PIEMCPU pIemCpu, uint16_t *pu16)
1259{
1260 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 2);
1261 if (rcStrict == VINF_SUCCESS)
1262 {
1263 uint8_t offOpcode = pIemCpu->offOpcode;
1264 *pu16 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1265 pIemCpu->offOpcode = offOpcode + 2;
1266 }
1267 else
1268 *pu16 = 0;
1269 return rcStrict;
1270}
1271
1272
1273/**
1274 * Fetches the next opcode word.
1275 *
1276 * @returns Strict VBox status code.
1277 * @param pIemCpu The IEM state.
1278 * @param pu16 Where to return the opcode word.
1279 */
1280DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16(PIEMCPU pIemCpu, uint16_t *pu16)
1281{
1282 uint8_t const offOpcode = pIemCpu->offOpcode;
1283 if (RT_UNLIKELY(offOpcode + 2 > pIemCpu->cbOpcode))
1284 return iemOpcodeGetNextU16Slow(pIemCpu, pu16);
1285
1286 *pu16 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1287 pIemCpu->offOpcode = offOpcode + 2;
1288 return VINF_SUCCESS;
1289}
1290
1291
1292/**
1293 * Fetches the next opcode word, returns automatically on failure.
1294 *
1295 * @param a_pu16 Where to return the opcode word.
1296 * @remark Implicitly references pIemCpu.
1297 */
1298#define IEM_OPCODE_GET_NEXT_U16(a_pu16) \
1299 do \
1300 { \
1301 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16(pIemCpu, (a_pu16)); \
1302 if (rcStrict2 != VINF_SUCCESS) \
1303 return rcStrict2; \
1304 } while (0)
1305
1306
1307/**
1308 * Deals with the problematic cases that iemOpcodeGetNextU16ZxU32 doesn't like.
1309 *
1310 * @returns Strict VBox status code.
1311 * @param pIemCpu The IEM state.
1312 * @param pu32 Where to return the opcode double word.
1313 */
1314DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU16ZxU32Slow(PIEMCPU pIemCpu, uint32_t *pu32)
1315{
1316 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 2);
1317 if (rcStrict == VINF_SUCCESS)
1318 {
1319 uint8_t offOpcode = pIemCpu->offOpcode;
1320 *pu32 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1321 pIemCpu->offOpcode = offOpcode + 2;
1322 }
1323 else
1324 *pu32 = 0;
1325 return rcStrict;
1326}
1327
1328
1329/**
1330 * Fetches the next opcode word, zero extending it to a double word.
1331 *
1332 * @returns Strict VBox status code.
1333 * @param pIemCpu The IEM state.
1334 * @param pu32 Where to return the opcode double word.
1335 */
1336DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16ZxU32(PIEMCPU pIemCpu, uint32_t *pu32)
1337{
1338 uint8_t const offOpcode = pIemCpu->offOpcode;
1339 if (RT_UNLIKELY(offOpcode + 2 > pIemCpu->cbOpcode))
1340 return iemOpcodeGetNextU16ZxU32Slow(pIemCpu, pu32);
1341
1342 *pu32 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1343 pIemCpu->offOpcode = offOpcode + 2;
1344 return VINF_SUCCESS;
1345}
1346
1347
1348/**
1349 * Fetches the next opcode word and zero extends it to a double word, returns
1350 * automatically on failure.
1351 *
1352 * @param a_pu32 Where to return the opcode double word.
1353 * @remark Implicitly references pIemCpu.
1354 */
1355#define IEM_OPCODE_GET_NEXT_U16_ZX_U32(a_pu32) \
1356 do \
1357 { \
1358 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16ZxU32(pIemCpu, (a_pu32)); \
1359 if (rcStrict2 != VINF_SUCCESS) \
1360 return rcStrict2; \
1361 } while (0)
1362
1363
1364/**
1365 * Deals with the problematic cases that iemOpcodeGetNextU16ZxU64 doesn't like.
1366 *
1367 * @returns Strict VBox status code.
1368 * @param pIemCpu The IEM state.
1369 * @param pu64 Where to return the opcode quad word.
1370 */
1371DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU16ZxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1372{
1373 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 2);
1374 if (rcStrict == VINF_SUCCESS)
1375 {
1376 uint8_t offOpcode = pIemCpu->offOpcode;
1377 *pu64 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1378 pIemCpu->offOpcode = offOpcode + 2;
1379 }
1380 else
1381 *pu64 = 0;
1382 return rcStrict;
1383}
1384
1385
1386/**
1387 * Fetches the next opcode word, zero extending it to a quad word.
1388 *
1389 * @returns Strict VBox status code.
1390 * @param pIemCpu The IEM state.
1391 * @param pu64 Where to return the opcode quad word.
1392 */
1393DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU16ZxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1394{
1395 uint8_t const offOpcode = pIemCpu->offOpcode;
1396 if (RT_UNLIKELY(offOpcode + 2 > pIemCpu->cbOpcode))
1397 return iemOpcodeGetNextU16ZxU64Slow(pIemCpu, pu64);
1398
1399 *pu64 = RT_MAKE_U16(pIemCpu->abOpcode[offOpcode], pIemCpu->abOpcode[offOpcode + 1]);
1400 pIemCpu->offOpcode = offOpcode + 2;
1401 return VINF_SUCCESS;
1402}
1403
1404
1405/**
1406 * Fetches the next opcode word and zero extends it to a quad word, returns
1407 * automatically on failure.
1408 *
1409 * @param a_pu64 Where to return the opcode quad word.
1410 * @remark Implicitly references pIemCpu.
1411 */
1412#define IEM_OPCODE_GET_NEXT_U16_ZX_U64(a_pu64) \
1413 do \
1414 { \
1415 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU16ZxU64(pIemCpu, (a_pu64)); \
1416 if (rcStrict2 != VINF_SUCCESS) \
1417 return rcStrict2; \
1418 } while (0)
1419
1420
1421/**
1422 * Fetches the next signed word from the opcode stream.
1423 *
1424 * @returns Strict VBox status code.
1425 * @param pIemCpu The IEM state.
1426 * @param pi16 Where to return the signed word.
1427 */
1428DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS16(PIEMCPU pIemCpu, int16_t *pi16)
1429{
1430 return iemOpcodeGetNextU16(pIemCpu, (uint16_t *)pi16);
1431}
1432
1433
1434/**
1435 * Fetches the next signed word from the opcode stream, returning automatically
1436 * on failure.
1437 *
1438 * @param pi16 Where to return the signed word.
1439 * @remark Implicitly references pIemCpu.
1440 */
1441#define IEM_OPCODE_GET_NEXT_S16(a_pi16) \
1442 do \
1443 { \
1444 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS16(pIemCpu, (a_pi16)); \
1445 if (rcStrict2 != VINF_SUCCESS) \
1446 return rcStrict2; \
1447 } while (0)
1448
1449
1450/**
1451 * Deals with the problematic cases that iemOpcodeGetNextU32 doesn't like.
1452 *
1453 * @returns Strict VBox status code.
1454 * @param pIemCpu The IEM state.
1455 * @param pu32 Where to return the opcode dword.
1456 */
1457DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU32Slow(PIEMCPU pIemCpu, uint32_t *pu32)
1458{
1459 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 4);
1460 if (rcStrict == VINF_SUCCESS)
1461 {
1462 uint8_t offOpcode = pIemCpu->offOpcode;
1463 *pu32 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1464 pIemCpu->abOpcode[offOpcode + 1],
1465 pIemCpu->abOpcode[offOpcode + 2],
1466 pIemCpu->abOpcode[offOpcode + 3]);
1467 pIemCpu->offOpcode = offOpcode + 4;
1468 }
1469 else
1470 *pu32 = 0;
1471 return rcStrict;
1472}
1473
1474
1475/**
1476 * Fetches the next opcode dword.
1477 *
1478 * @returns Strict VBox status code.
1479 * @param pIemCpu The IEM state.
1480 * @param pu32 Where to return the opcode double word.
1481 */
1482DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU32(PIEMCPU pIemCpu, uint32_t *pu32)
1483{
1484 uint8_t const offOpcode = pIemCpu->offOpcode;
1485 if (RT_UNLIKELY(offOpcode + 4 > pIemCpu->cbOpcode))
1486 return iemOpcodeGetNextU32Slow(pIemCpu, pu32);
1487
1488 *pu32 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1489 pIemCpu->abOpcode[offOpcode + 1],
1490 pIemCpu->abOpcode[offOpcode + 2],
1491 pIemCpu->abOpcode[offOpcode + 3]);
1492 pIemCpu->offOpcode = offOpcode + 4;
1493 return VINF_SUCCESS;
1494}
1495
1496
1497/**
1498 * Fetches the next opcode dword, returns automatically on failure.
1499 *
1500 * @param a_pu32 Where to return the opcode dword.
1501 * @remark Implicitly references pIemCpu.
1502 */
1503#define IEM_OPCODE_GET_NEXT_U32(a_pu32) \
1504 do \
1505 { \
1506 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU32(pIemCpu, (a_pu32)); \
1507 if (rcStrict2 != VINF_SUCCESS) \
1508 return rcStrict2; \
1509 } while (0)
1510
1511
1512/**
1513 * Deals with the problematic cases that iemOpcodeGetNextU32ZxU64 doesn't like.
1514 *
1515 * @returns Strict VBox status code.
1516 * @param pIemCpu The IEM state.
1517 * @param pu32 Where to return the opcode dword.
1518 */
1519DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU32ZxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1520{
1521 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 4);
1522 if (rcStrict == VINF_SUCCESS)
1523 {
1524 uint8_t offOpcode = pIemCpu->offOpcode;
1525 *pu64 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1526 pIemCpu->abOpcode[offOpcode + 1],
1527 pIemCpu->abOpcode[offOpcode + 2],
1528 pIemCpu->abOpcode[offOpcode + 3]);
1529 pIemCpu->offOpcode = offOpcode + 4;
1530 }
1531 else
1532 *pu64 = 0;
1533 return rcStrict;
1534}
1535
1536
1537/**
1538 * Fetches the next opcode dword, zero extending it to a quad word.
1539 *
1540 * @returns Strict VBox status code.
1541 * @param pIemCpu The IEM state.
1542 * @param pu64 Where to return the opcode quad word.
1543 */
1544DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU32ZxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1545{
1546 uint8_t const offOpcode = pIemCpu->offOpcode;
1547 if (RT_UNLIKELY(offOpcode + 4 > pIemCpu->cbOpcode))
1548 return iemOpcodeGetNextU32ZxU64Slow(pIemCpu, pu64);
1549
1550 *pu64 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1551 pIemCpu->abOpcode[offOpcode + 1],
1552 pIemCpu->abOpcode[offOpcode + 2],
1553 pIemCpu->abOpcode[offOpcode + 3]);
1554 pIemCpu->offOpcode = offOpcode + 4;
1555 return VINF_SUCCESS;
1556}
1557
1558
1559/**
1560 * Fetches the next opcode dword and zero extends it to a quad word, returns
1561 * automatically on failure.
1562 *
1563 * @param a_pu64 Where to return the opcode quad word.
1564 * @remark Implicitly references pIemCpu.
1565 */
1566#define IEM_OPCODE_GET_NEXT_U32_ZX_U64(a_pu64) \
1567 do \
1568 { \
1569 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU32ZxU64(pIemCpu, (a_pu64)); \
1570 if (rcStrict2 != VINF_SUCCESS) \
1571 return rcStrict2; \
1572 } while (0)
1573
1574
1575/**
1576 * Fetches the next signed double word from the opcode stream.
1577 *
1578 * @returns Strict VBox status code.
1579 * @param pIemCpu The IEM state.
1580 * @param pi32 Where to return the signed double word.
1581 */
1582DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS32(PIEMCPU pIemCpu, int32_t *pi32)
1583{
1584 return iemOpcodeGetNextU32(pIemCpu, (uint32_t *)pi32);
1585}
1586
1587/**
1588 * Fetches the next signed double word from the opcode stream, returning
1589 * automatically on failure.
1590 *
1591 * @param pi32 Where to return the signed double word.
1592 * @remark Implicitly references pIemCpu.
1593 */
1594#define IEM_OPCODE_GET_NEXT_S32(a_pi32) \
1595 do \
1596 { \
1597 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS32(pIemCpu, (a_pi32)); \
1598 if (rcStrict2 != VINF_SUCCESS) \
1599 return rcStrict2; \
1600 } while (0)
1601
1602
1603/**
1604 * Deals with the problematic cases that iemOpcodeGetNextS32SxU64 doesn't like.
1605 *
1606 * @returns Strict VBox status code.
1607 * @param pIemCpu The IEM state.
1608 * @param pu64 Where to return the opcode qword.
1609 */
1610DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextS32SxU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1611{
1612 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 4);
1613 if (rcStrict == VINF_SUCCESS)
1614 {
1615 uint8_t offOpcode = pIemCpu->offOpcode;
1616 *pu64 = (int32_t)RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1617 pIemCpu->abOpcode[offOpcode + 1],
1618 pIemCpu->abOpcode[offOpcode + 2],
1619 pIemCpu->abOpcode[offOpcode + 3]);
1620 pIemCpu->offOpcode = offOpcode + 4;
1621 }
1622 else
1623 *pu64 = 0;
1624 return rcStrict;
1625}
1626
1627
1628/**
1629 * Fetches the next opcode dword, sign extending it into a quad word.
1630 *
1631 * @returns Strict VBox status code.
1632 * @param pIemCpu The IEM state.
1633 * @param pu64 Where to return the opcode quad word.
1634 */
1635DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextS32SxU64(PIEMCPU pIemCpu, uint64_t *pu64)
1636{
1637 uint8_t const offOpcode = pIemCpu->offOpcode;
1638 if (RT_UNLIKELY(offOpcode + 4 > pIemCpu->cbOpcode))
1639 return iemOpcodeGetNextS32SxU64Slow(pIemCpu, pu64);
1640
1641 int32_t i32 = RT_MAKE_U32_FROM_U8(pIemCpu->abOpcode[offOpcode],
1642 pIemCpu->abOpcode[offOpcode + 1],
1643 pIemCpu->abOpcode[offOpcode + 2],
1644 pIemCpu->abOpcode[offOpcode + 3]);
1645 *pu64 = i32;
1646 pIemCpu->offOpcode = offOpcode + 4;
1647 return VINF_SUCCESS;
1648}
1649
1650
1651/**
1652 * Fetches the next opcode double word and sign extends it to a quad word,
1653 * returns automatically on failure.
1654 *
1655 * @param a_pu64 Where to return the opcode quad word.
1656 * @remark Implicitly references pIemCpu.
1657 */
1658#define IEM_OPCODE_GET_NEXT_S32_SX_U64(a_pu64) \
1659 do \
1660 { \
1661 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextS32SxU64(pIemCpu, (a_pu64)); \
1662 if (rcStrict2 != VINF_SUCCESS) \
1663 return rcStrict2; \
1664 } while (0)
1665
1666
1667/**
1668 * Deals with the problematic cases that iemOpcodeGetNextU64 doesn't like.
1669 *
1670 * @returns Strict VBox status code.
1671 * @param pIemCpu The IEM state.
1672 * @param pu64 Where to return the opcode qword.
1673 */
1674DECL_NO_INLINE(static, VBOXSTRICTRC) iemOpcodeGetNextU64Slow(PIEMCPU pIemCpu, uint64_t *pu64)
1675{
1676 VBOXSTRICTRC rcStrict = iemOpcodeFetchMoreBytes(pIemCpu, 8);
1677 if (rcStrict == VINF_SUCCESS)
1678 {
1679 uint8_t offOpcode = pIemCpu->offOpcode;
1680 *pu64 = RT_MAKE_U64_FROM_U8(pIemCpu->abOpcode[offOpcode],
1681 pIemCpu->abOpcode[offOpcode + 1],
1682 pIemCpu->abOpcode[offOpcode + 2],
1683 pIemCpu->abOpcode[offOpcode + 3],
1684 pIemCpu->abOpcode[offOpcode + 4],
1685 pIemCpu->abOpcode[offOpcode + 5],
1686 pIemCpu->abOpcode[offOpcode + 6],
1687 pIemCpu->abOpcode[offOpcode + 7]);
1688 pIemCpu->offOpcode = offOpcode + 8;
1689 }
1690 else
1691 *pu64 = 0;
1692 return rcStrict;
1693}
1694
1695
1696/**
1697 * Fetches the next opcode qword.
1698 *
1699 * @returns Strict VBox status code.
1700 * @param pIemCpu The IEM state.
1701 * @param pu64 Where to return the opcode qword.
1702 */
1703DECLINLINE(VBOXSTRICTRC) iemOpcodeGetNextU64(PIEMCPU pIemCpu, uint64_t *pu64)
1704{
1705 uint8_t const offOpcode = pIemCpu->offOpcode;
1706 if (RT_UNLIKELY(offOpcode + 8 > pIemCpu->cbOpcode))
1707 return iemOpcodeGetNextU64Slow(pIemCpu, pu64);
1708
1709 *pu64 = RT_MAKE_U64_FROM_U8(pIemCpu->abOpcode[offOpcode],
1710 pIemCpu->abOpcode[offOpcode + 1],
1711 pIemCpu->abOpcode[offOpcode + 2],
1712 pIemCpu->abOpcode[offOpcode + 3],
1713 pIemCpu->abOpcode[offOpcode + 4],
1714 pIemCpu->abOpcode[offOpcode + 5],
1715 pIemCpu->abOpcode[offOpcode + 6],
1716 pIemCpu->abOpcode[offOpcode + 7]);
1717 pIemCpu->offOpcode = offOpcode + 8;
1718 return VINF_SUCCESS;
1719}
1720
1721
1722/**
1723 * Fetches the next opcode quad word, returns automatically on failure.
1724 *
1725 * @param a_pu64 Where to return the opcode quad word.
1726 * @remark Implicitly references pIemCpu.
1727 */
1728#define IEM_OPCODE_GET_NEXT_U64(a_pu64) \
1729 do \
1730 { \
1731 VBOXSTRICTRC rcStrict2 = iemOpcodeGetNextU64(pIemCpu, (a_pu64)); \
1732 if (rcStrict2 != VINF_SUCCESS) \
1733 return rcStrict2; \
1734 } while (0)
1735
1736
1737/** @name Misc Worker Functions.
1738 * @{
1739 */
1740
1741
1742/**
1743 * Validates a new SS segment.
1744 *
1745 * @returns VBox strict status code.
1746 * @param pIemCpu The IEM per CPU instance data.
1747 * @param pCtx The CPU context.
1748 * @param NewSS The new SS selctor.
1749 * @param uCpl The CPL to load the stack for.
1750 * @param pDesc Where to return the descriptor.
1751 */
1752static VBOXSTRICTRC iemMiscValidateNewSS(PIEMCPU pIemCpu, PCCPUMCTX pCtx, RTSEL NewSS, uint8_t uCpl, PIEMSELDESC pDesc)
1753{
1754 NOREF(pCtx);
1755
1756 /* Null selectors are not allowed (we're not called for dispatching
1757 interrupts with SS=0 in long mode). */
1758 if (!(NewSS & X86_SEL_MASK_OFF_RPL))
1759 {
1760 Log(("iemMiscValidateNewSSandRsp: #x - null selector -> #GP(0)\n", NewSS));
1761 return iemRaiseGeneralProtectionFault0(pIemCpu);
1762 }
1763
1764 /*
1765 * Read the descriptor.
1766 */
1767 VBOXSTRICTRC rcStrict = iemMemFetchSelDesc(pIemCpu, pDesc, NewSS);
1768 if (rcStrict != VINF_SUCCESS)
1769 return rcStrict;
1770
1771 /*
1772 * Perform the descriptor validation documented for LSS, POP SS and MOV SS.
1773 */
1774 if (!pDesc->Legacy.Gen.u1DescType)
1775 {
1776 Log(("iemMiscValidateNewSSandRsp: %#x - system selector -> #GP\n", NewSS, pDesc->Legacy.Gen.u4Type));
1777 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, NewSS);
1778 }
1779
1780 if ( (pDesc->Legacy.Gen.u4Type & X86_SEL_TYPE_CODE)
1781 || !(pDesc->Legacy.Gen.u4Type & X86_SEL_TYPE_WRITE) )
1782 {
1783 Log(("iemMiscValidateNewSSandRsp: %#x - code or read only (%#x) -> #GP\n", NewSS, pDesc->Legacy.Gen.u4Type));
1784 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, NewSS);
1785 }
1786 /** @todo testcase: check if the TSS.ssX RPL is checked. */
1787 if ((NewSS & X86_SEL_RPL) != uCpl)
1788 {
1789 Log(("iemMiscValidateNewSSandRsp: %#x - RPL and CPL (%d) differs -> #GP\n", NewSS, uCpl));
1790 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, NewSS);
1791 }
1792 if (pDesc->Legacy.Gen.u2Dpl != uCpl)
1793 {
1794 Log(("iemMiscValidateNewSSandRsp: %#x - DPL (%d) and CPL (%d) differs -> #GP\n", NewSS, pDesc->Legacy.Gen.u2Dpl, uCpl));
1795 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, NewSS);
1796 }
1797
1798 /* Is it there? */
1799 /** @todo testcase: Is this checked before the canonical / limit check below? */
1800 if (!pDesc->Legacy.Gen.u1Present)
1801 {
1802 Log(("iemMiscValidateNewSSandRsp: %#x - segment not present -> #NP\n", NewSS));
1803 return iemRaiseSelectorNotPresentBySelector(pIemCpu, NewSS);
1804 }
1805
1806 return VINF_SUCCESS;
1807}
1808
1809
1810/**
1811 * Gets the correct EFLAGS regardless of whether PATM stores parts of them or
1812 * not.
1813 *
1814 * @param a_pIemCpu The IEM per CPU data.
1815 * @param a_pCtx The CPU context.
1816 */
1817#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1818# define IEMMISC_GET_EFL(a_pIemCpu, a_pCtx) \
1819 ( IEM_VERIFICATION_ENABLED(a_pIemCpu) \
1820 ? (a_pCtx)->eflags.u \
1821 : CPUMRawGetEFlags(IEMCPU_TO_VMCPU(a_pIemCpu)) )
1822#else
1823# define IEMMISC_GET_EFL(a_pIemCpu, a_pCtx) \
1824 ( (a_pCtx)->eflags.u )
1825#endif
1826
1827/**
1828 * Updates the EFLAGS in the correct manner wrt. PATM.
1829 *
1830 * @param a_pIemCpu The IEM per CPU data.
1831 * @param a_pCtx The CPU context.
1832 */
1833#ifdef VBOX_WITH_RAW_MODE_NOT_R0
1834# define IEMMISC_SET_EFL(a_pIemCpu, a_pCtx, a_fEfl) \
1835 do { \
1836 if (IEM_VERIFICATION_ENABLED(a_pIemCpu)) \
1837 (a_pCtx)->eflags.u = (a_fEfl); \
1838 else \
1839 CPUMRawSetEFlags(IEMCPU_TO_VMCPU(a_pIemCpu), a_fEfl); \
1840 } while (0)
1841#else
1842# define IEMMISC_SET_EFL(a_pIemCpu, a_pCtx, a_fEfl) \
1843 do { \
1844 (a_pCtx)->eflags.u = (a_fEfl); \
1845 } while (0)
1846#endif
1847
1848
1849/** @} */
1850
1851/** @name Raising Exceptions.
1852 *
1853 * @{
1854 */
1855
1856/** @name IEM_XCPT_FLAGS_XXX - flags for iemRaiseXcptOrInt.
1857 * @{ */
1858/** CPU exception. */
1859#define IEM_XCPT_FLAGS_T_CPU_XCPT RT_BIT_32(0)
1860/** External interrupt (from PIC, APIC, whatever). */
1861#define IEM_XCPT_FLAGS_T_EXT_INT RT_BIT_32(1)
1862/** Software interrupt (int, into or bound). */
1863#define IEM_XCPT_FLAGS_T_SOFT_INT RT_BIT_32(2)
1864/** Takes an error code. */
1865#define IEM_XCPT_FLAGS_ERR RT_BIT_32(3)
1866/** Takes a CR2. */
1867#define IEM_XCPT_FLAGS_CR2 RT_BIT_32(4)
1868/** Generated by the breakpoint instruction. */
1869#define IEM_XCPT_FLAGS_BP_INSTR RT_BIT_32(5)
1870/** @} */
1871
1872/**
1873 * Loads the specified stack far pointer from the TSS.
1874 *
1875 * @returns VBox strict status code.
1876 * @param pIemCpu The IEM per CPU instance data.
1877 * @param pCtx The CPU context.
1878 * @param uCpl The CPL to load the stack for.
1879 * @param pSelSS Where to return the new stack segment.
1880 * @param puEsp Where to return the new stack pointer.
1881 */
1882static VBOXSTRICTRC iemRaiseLoadStackFromTss32Or16(PIEMCPU pIemCpu, PCCPUMCTX pCtx, uint8_t uCpl,
1883 PRTSEL pSelSS, uint32_t *puEsp)
1884{
1885 VBOXSTRICTRC rcStrict;
1886 Assert(uCpl < 4);
1887 *puEsp = 0; /* make gcc happy */
1888 *pSelSS = 0; /* make gcc happy */
1889
1890 switch (pCtx->tr.Attr.n.u4Type)
1891 {
1892 /*
1893 * 16-bit TSS (X86TSS16).
1894 */
1895 case X86_SEL_TYPE_SYS_286_TSS_AVAIL: AssertFailed();
1896 case X86_SEL_TYPE_SYS_286_TSS_BUSY:
1897 {
1898 uint32_t off = uCpl * 4 + 2;
1899 if (off + 4 > pCtx->tr.u32Limit)
1900 {
1901 Log(("LoadStackFromTss32Or16: out of bounds! uCpl=%d, u32Limit=%#x TSS16\n", uCpl, pCtx->tr.u32Limit));
1902 return iemRaiseTaskSwitchFaultCurrentTSS(pIemCpu);
1903 }
1904
1905 uint32_t u32Tmp = 0; /* gcc maybe... */
1906 rcStrict = iemMemFetchSysU32(pIemCpu, &u32Tmp, UINT8_MAX, pCtx->tr.u64Base + off);
1907 if (rcStrict == VINF_SUCCESS)
1908 {
1909 *puEsp = RT_LOWORD(u32Tmp);
1910 *pSelSS = RT_HIWORD(u32Tmp);
1911 return VINF_SUCCESS;
1912 }
1913 break;
1914 }
1915
1916 /*
1917 * 32-bit TSS (X86TSS32).
1918 */
1919 case X86_SEL_TYPE_SYS_386_TSS_AVAIL: AssertFailed();
1920 case X86_SEL_TYPE_SYS_386_TSS_BUSY:
1921 {
1922 uint32_t off = uCpl * 8 + 4;
1923 if (off + 7 > pCtx->tr.u32Limit)
1924 {
1925 Log(("LoadStackFromTss32Or16: out of bounds! uCpl=%d, u32Limit=%#x TSS16\n", uCpl, pCtx->tr.u32Limit));
1926 return iemRaiseTaskSwitchFaultCurrentTSS(pIemCpu);
1927 }
1928
1929 uint64_t u64Tmp;
1930 rcStrict = iemMemFetchSysU64(pIemCpu, &u64Tmp, UINT8_MAX, pCtx->tr.u64Base + off);
1931 if (rcStrict == VINF_SUCCESS)
1932 {
1933 *puEsp = u64Tmp & UINT32_MAX;
1934 *pSelSS = (RTSEL)(u64Tmp >> 32);
1935 return VINF_SUCCESS;
1936 }
1937 break;
1938 }
1939
1940 default:
1941 AssertFailedReturn(VERR_INTERNAL_ERROR_2);
1942 }
1943 return rcStrict;
1944}
1945
1946
1947/**
1948 * Adjust the CPU state according to the exception being raised.
1949 *
1950 * @param pCtx The CPU context.
1951 * @param u8Vector The exception that has been raised.
1952 */
1953DECLINLINE(void) iemRaiseXcptAdjustState(PCPUMCTX pCtx, uint8_t u8Vector)
1954{
1955 switch (u8Vector)
1956 {
1957 case X86_XCPT_DB:
1958 pCtx->dr[7] &= ~X86_DR7_GD;
1959 break;
1960 /** @todo Read the AMD and Intel exception reference... */
1961 }
1962}
1963
1964
1965/**
1966 * Implements exceptions and interrupts for real mode.
1967 *
1968 * @returns VBox strict status code.
1969 * @param pIemCpu The IEM per CPU instance data.
1970 * @param pCtx The CPU context.
1971 * @param cbInstr The number of bytes to offset rIP by in the return
1972 * address.
1973 * @param u8Vector The interrupt / exception vector number.
1974 * @param fFlags The flags.
1975 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
1976 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
1977 */
1978static VBOXSTRICTRC
1979iemRaiseXcptOrIntInRealMode(PIEMCPU pIemCpu,
1980 PCPUMCTX pCtx,
1981 uint8_t cbInstr,
1982 uint8_t u8Vector,
1983 uint32_t fFlags,
1984 uint16_t uErr,
1985 uint64_t uCr2)
1986{
1987 AssertReturn(pIemCpu->enmCpuMode == IEMMODE_16BIT, VERR_INTERNAL_ERROR_3);
1988 NOREF(uErr); NOREF(uCr2);
1989
1990 /*
1991 * Read the IDT entry.
1992 */
1993 if (pCtx->idtr.cbIdt < UINT32_C(4) * u8Vector + 3)
1994 {
1995 Log(("RaiseXcptOrIntInRealMode: %#x is out of bounds (%#x)\n", u8Vector, pCtx->idtr.cbIdt));
1996 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
1997 }
1998 RTFAR16 Idte;
1999 VBOXSTRICTRC rcStrict = iemMemFetchDataU32(pIemCpu, (uint32_t *)&Idte, UINT8_MAX,
2000 pCtx->idtr.pIdt + UINT32_C(4) * u8Vector);
2001 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2002 return rcStrict;
2003
2004 /*
2005 * Push the stack frame.
2006 */
2007 uint16_t *pu16Frame;
2008 uint64_t uNewRsp;
2009 rcStrict = iemMemStackPushBeginSpecial(pIemCpu, 6, (void **)&pu16Frame, &uNewRsp);
2010 if (rcStrict != VINF_SUCCESS)
2011 return rcStrict;
2012
2013 uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
2014 pu16Frame[2] = (uint16_t)fEfl;
2015 pu16Frame[1] = (uint16_t)pCtx->cs.Sel;
2016 pu16Frame[0] = pCtx->ip + cbInstr;
2017 rcStrict = iemMemStackPushCommitSpecial(pIemCpu, pu16Frame, uNewRsp);
2018 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2019 return rcStrict;
2020
2021 /*
2022 * Load the vector address into cs:ip and make exception specific state
2023 * adjustments.
2024 */
2025 pCtx->cs.Sel = Idte.sel;
2026 pCtx->cs.ValidSel = Idte.sel;
2027 pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
2028 pCtx->cs.u64Base = (uint32_t)Idte.sel << 4;
2029 /** @todo do we load attribs and limit as well? Should we check against limit like far jump? */
2030 pCtx->rip = Idte.off;
2031 fEfl &= ~X86_EFL_IF;
2032 IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
2033
2034 /** @todo do we actually do this in real mode? */
2035 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
2036 iemRaiseXcptAdjustState(pCtx, u8Vector);
2037
2038 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
2039}
2040
2041
2042/**
2043 * Implements exceptions and interrupts for protected mode.
2044 *
2045 * @returns VBox strict status code.
2046 * @param pIemCpu The IEM per CPU instance data.
2047 * @param pCtx The CPU context.
2048 * @param cbInstr The number of bytes to offset rIP by in the return
2049 * address.
2050 * @param u8Vector The interrupt / exception vector number.
2051 * @param fFlags The flags.
2052 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
2053 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
2054 */
2055static VBOXSTRICTRC
2056iemRaiseXcptOrIntInProtMode(PIEMCPU pIemCpu,
2057 PCPUMCTX pCtx,
2058 uint8_t cbInstr,
2059 uint8_t u8Vector,
2060 uint32_t fFlags,
2061 uint16_t uErr,
2062 uint64_t uCr2)
2063{
2064 NOREF(cbInstr);
2065
2066 /*
2067 * Read the IDT entry.
2068 */
2069 if (pCtx->idtr.cbIdt < UINT32_C(8) * u8Vector + 7)
2070 {
2071 Log(("RaiseXcptOrIntInProtMode: %#x is out of bounds (%#x)\n", u8Vector, pCtx->idtr.cbIdt));
2072 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
2073 }
2074 X86DESC Idte;
2075 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &Idte.u, UINT8_MAX,
2076 pCtx->idtr.pIdt + UINT32_C(8) * u8Vector);
2077 if (RT_UNLIKELY(rcStrict != VINF_SUCCESS))
2078 return rcStrict;
2079 Log(("iemRaiseXcptOrIntInProtMode: vec=%#x P=%u DPL=%u DT=%u:%u A=%u %04x:%04x%04x\n",
2080 u8Vector, Idte.Gate.u1Present, Idte.Gate.u2Dpl, Idte.Gate.u1DescType, Idte.Gate.u4Type,
2081 Idte.Gate.u4ParmCount, Idte.Gate.u16Sel, Idte.Gate.u16OffsetHigh, Idte.Gate.u16OffsetLow));
2082
2083 /*
2084 * Check the descriptor type, DPL and such.
2085 * ASSUMES this is done in the same order as described for call-gate calls.
2086 */
2087 if (Idte.Gate.u1DescType)
2088 {
2089 Log(("RaiseXcptOrIntInProtMode %#x - not system selector (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
2090 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
2091 }
2092 uint32_t fEflToClear = X86_EFL_TF | X86_EFL_NT | X86_EFL_RF | X86_EFL_VM;
2093 switch (Idte.Gate.u4Type)
2094 {
2095 case X86_SEL_TYPE_SYS_UNDEFINED:
2096 case X86_SEL_TYPE_SYS_286_TSS_AVAIL:
2097 case X86_SEL_TYPE_SYS_LDT:
2098 case X86_SEL_TYPE_SYS_286_TSS_BUSY:
2099 case X86_SEL_TYPE_SYS_286_CALL_GATE:
2100 case X86_SEL_TYPE_SYS_UNDEFINED2:
2101 case X86_SEL_TYPE_SYS_386_TSS_AVAIL:
2102 case X86_SEL_TYPE_SYS_UNDEFINED3:
2103 case X86_SEL_TYPE_SYS_386_TSS_BUSY:
2104 case X86_SEL_TYPE_SYS_386_CALL_GATE:
2105 case X86_SEL_TYPE_SYS_UNDEFINED4:
2106 {
2107 /** @todo check what actually happens when the type is wrong...
2108 * esp. call gates. */
2109 Log(("RaiseXcptOrIntInProtMode %#x - invalid type (%#x) -> #GP\n", u8Vector, Idte.Gate.u4Type));
2110 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
2111 }
2112
2113 case X86_SEL_TYPE_SYS_286_INT_GATE:
2114 case X86_SEL_TYPE_SYS_386_INT_GATE:
2115 fEflToClear |= X86_EFL_IF;
2116 break;
2117
2118 case X86_SEL_TYPE_SYS_TASK_GATE:
2119 /** @todo task gates. */
2120 AssertFailedReturn(VERR_NOT_SUPPORTED);
2121
2122 case X86_SEL_TYPE_SYS_286_TRAP_GATE:
2123 case X86_SEL_TYPE_SYS_386_TRAP_GATE:
2124 break;
2125
2126 IEM_NOT_REACHED_DEFAULT_CASE_RET();
2127 }
2128
2129 /* Check DPL against CPL if applicable. */
2130 if (fFlags & IEM_XCPT_FLAGS_T_SOFT_INT)
2131 {
2132 if (pIemCpu->uCpl > Idte.Gate.u2Dpl)
2133 {
2134 Log(("RaiseXcptOrIntInProtMode %#x - CPL (%d) > DPL (%d) -> #GP\n", u8Vector, pIemCpu->uCpl, Idte.Gate.u2Dpl));
2135 return iemRaiseGeneralProtectionFault(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
2136 }
2137 }
2138
2139 /* Is it there? */
2140 if (!Idte.Gate.u1Present)
2141 {
2142 Log(("RaiseXcptOrIntInProtMode %#x - not present -> #NP\n", u8Vector));
2143 return iemRaiseSelectorNotPresentWithErr(pIemCpu, X86_TRAP_ERR_IDT | ((uint16_t)u8Vector << X86_TRAP_ERR_SEL_SHIFT));
2144 }
2145
2146 /* A null CS is bad. */
2147 RTSEL NewCS = Idte.Gate.u16Sel;
2148 if (!(NewCS & X86_SEL_MASK_OFF_RPL))
2149 {
2150 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x -> #GP\n", u8Vector, NewCS));
2151 return iemRaiseGeneralProtectionFault0(pIemCpu);
2152 }
2153
2154 /* Fetch the descriptor for the new CS. */
2155 IEMSELDESC DescCS;
2156 rcStrict = iemMemFetchSelDesc(pIemCpu, &DescCS, NewCS);
2157 if (rcStrict != VINF_SUCCESS)
2158 {
2159 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - rc=%Rrc\n", u8Vector, NewCS, VBOXSTRICTRC_VAL(rcStrict)));
2160 return rcStrict;
2161 }
2162
2163 /* Must be a code segment. */
2164 if (!DescCS.Legacy.Gen.u1DescType)
2165 {
2166 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - system selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
2167 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
2168 }
2169 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CODE))
2170 {
2171 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - data selector (%#x) -> #GP\n", u8Vector, NewCS, DescCS.Legacy.Gen.u4Type));
2172 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
2173 }
2174
2175 /* Don't allow lowering the privilege level. */
2176 /** @todo Does the lowering of privileges apply to software interrupts
2177 * only? This has bearings on the more-privileged or
2178 * same-privilege stack behavior further down. A testcase would
2179 * be nice. */
2180 if (DescCS.Legacy.Gen.u2Dpl > pIemCpu->uCpl)
2181 {
2182 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - DPL (%d) > CPL (%d) -> #GP\n",
2183 u8Vector, NewCS, DescCS.Legacy.Gen.u2Dpl, pIemCpu->uCpl));
2184 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
2185 }
2186 /** @todo is the RPL of the interrupt/trap gate descriptor checked? */
2187
2188 /* Check the new EIP against the new CS limit. */
2189 uint32_t const uNewEip = Idte.Gate.u4Type == X86_SEL_TYPE_SYS_286_INT_GATE
2190 || Idte.Gate.u4Type == X86_SEL_TYPE_SYS_286_TRAP_GATE
2191 ? Idte.Gate.u16OffsetLow
2192 : Idte.Gate.u16OffsetLow | ((uint32_t)Idte.Gate.u16OffsetHigh << 16);
2193 uint32_t cbLimitCS = X86DESC_LIMIT_G(&DescCS.Legacy);
2194 if (uNewEip > cbLimitCS)
2195 {
2196 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - DPL (%d) > CPL (%d) -> #GP\n",
2197 u8Vector, NewCS, DescCS.Legacy.Gen.u2Dpl, pIemCpu->uCpl));
2198 return iemRaiseGeneralProtectionFault(pIemCpu, NewCS & X86_SEL_MASK_OFF_RPL);
2199 }
2200
2201 /* Make sure the selector is present. */
2202 if (!DescCS.Legacy.Gen.u1Present)
2203 {
2204 Log(("RaiseXcptOrIntInProtMode %#x - CS=%#x - segment not present -> #NP\n", u8Vector, NewCS));
2205 return iemRaiseSelectorNotPresentBySelector(pIemCpu, NewCS);
2206 }
2207
2208 /*
2209 * If the privilege level changes, we need to get a new stack from the TSS.
2210 * This in turns means validating the new SS and ESP...
2211 */
2212 uint32_t fEfl = IEMMISC_GET_EFL(pIemCpu, pCtx);
2213 uint8_t const uNewCpl = DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_CONF
2214 ? pIemCpu->uCpl : DescCS.Legacy.Gen.u2Dpl;
2215 if (uNewCpl != pIemCpu->uCpl)
2216 {
2217 RTSEL NewSS;
2218 uint32_t uNewEsp;
2219 rcStrict = iemRaiseLoadStackFromTss32Or16(pIemCpu, pCtx, uNewCpl, &NewSS, &uNewEsp);
2220 if (rcStrict != VINF_SUCCESS)
2221 return rcStrict;
2222
2223 IEMSELDESC DescSS;
2224 rcStrict = iemMiscValidateNewSS(pIemCpu, pCtx, NewSS, uNewCpl, &DescSS);
2225 if (rcStrict != VINF_SUCCESS)
2226 return rcStrict;
2227
2228 /* Check that there is sufficient space for the stack frame. */
2229 uint32_t cbLimitSS = X86DESC_LIMIT_G(&DescSS.Legacy);
2230 if (DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_DOWN)
2231 {
2232 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Expand down segments\n")); /** @todo Implement expand down segment support. */
2233 }
2234
2235 uint8_t const cbStackFrame = fFlags & IEM_XCPT_FLAGS_ERR ? 24 : 20;
2236 if ( uNewEsp - 1 > cbLimitSS
2237 || uNewEsp < cbStackFrame)
2238 {
2239 Log(("RaiseXcptOrIntInProtMode: %#x - SS=%#x ESP=%#x cbStackFrame=%#x is out of bounds -> #GP\n",
2240 u8Vector, NewSS, uNewEsp, cbStackFrame));
2241 return iemRaiseSelectorBoundsBySelector(pIemCpu, NewSS);
2242 }
2243
2244 /*
2245 * Start making changes.
2246 */
2247
2248 /* Create the stack frame. */
2249 RTPTRUNION uStackFrame;
2250 rcStrict = iemMemMap(pIemCpu, &uStackFrame.pv, cbStackFrame, UINT8_MAX,
2251 uNewEsp - cbStackFrame + X86DESC_BASE(&DescSS.Legacy), IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS); /* _SYS is a hack ... */
2252 if (rcStrict != VINF_SUCCESS)
2253 return rcStrict;
2254 void * const pvStackFrame = uStackFrame.pv;
2255
2256 if (fFlags & IEM_XCPT_FLAGS_ERR)
2257 *uStackFrame.pu32++ = uErr;
2258 uStackFrame.pu32[0] = (fFlags & (IEM_XCPT_FLAGS_T_SOFT_INT | IEM_XCPT_FLAGS_BP_INSTR)) == IEM_XCPT_FLAGS_T_SOFT_INT
2259 ? pCtx->eip + cbInstr : pCtx->eip;
2260 uStackFrame.pu32[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
2261 uStackFrame.pu32[2] = fEfl;
2262 uStackFrame.pu32[3] = pCtx->esp;
2263 uStackFrame.pu32[4] = pCtx->ss.Sel;
2264 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvStackFrame, IEM_ACCESS_STACK_W | IEM_ACCESS_WHAT_SYS);
2265 if (rcStrict != VINF_SUCCESS)
2266 return rcStrict;
2267
2268 /* Mark the selectors 'accessed' (hope this is the correct time). */
2269 /** @todo testcase: excatly _when_ are the accessed bits set - before or
2270 * after pushing the stack frame? (Write protect the gdt + stack to
2271 * find out.) */
2272 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
2273 {
2274 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewCS);
2275 if (rcStrict != VINF_SUCCESS)
2276 return rcStrict;
2277 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
2278 }
2279
2280 if (!(DescSS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
2281 {
2282 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewSS);
2283 if (rcStrict != VINF_SUCCESS)
2284 return rcStrict;
2285 DescSS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
2286 }
2287
2288 /*
2289 * Start comitting the register changes (joins with the DPL=CPL branch).
2290 */
2291 pCtx->ss.Sel = NewSS;
2292 pCtx->ss.ValidSel = NewSS;
2293 pCtx->ss.fFlags = CPUMSELREG_FLAGS_VALID;
2294 pCtx->ss.u32Limit = cbLimitSS;
2295 pCtx->ss.u64Base = X86DESC_BASE(&DescSS.Legacy);
2296 pCtx->ss.Attr.u = X86DESC_GET_HID_ATTR(&DescSS.Legacy);
2297 pCtx->rsp = uNewEsp - cbStackFrame; /** @todo Is the high word cleared for 16-bit stacks and/or interrupt handlers? */
2298 pIemCpu->uCpl = uNewCpl;
2299 }
2300 /*
2301 * Same privilege, no stack change and smaller stack frame.
2302 */
2303 else
2304 {
2305 uint64_t uNewRsp;
2306 RTPTRUNION uStackFrame;
2307 uint8_t const cbStackFrame = fFlags & IEM_XCPT_FLAGS_ERR ? 16 : 12;
2308 rcStrict = iemMemStackPushBeginSpecial(pIemCpu, cbStackFrame, &uStackFrame.pv, &uNewRsp);
2309 if (rcStrict != VINF_SUCCESS)
2310 return rcStrict;
2311 void * const pvStackFrame = uStackFrame.pv;
2312
2313 if (fFlags & IEM_XCPT_FLAGS_ERR)
2314 *uStackFrame.pu32++ = uErr;
2315 uStackFrame.pu32[0] = (fFlags & (IEM_XCPT_FLAGS_T_SOFT_INT | IEM_XCPT_FLAGS_BP_INSTR)) == IEM_XCPT_FLAGS_T_SOFT_INT
2316 ? pCtx->eip + cbInstr : pCtx->eip;
2317 uStackFrame.pu32[1] = (pCtx->cs.Sel & ~X86_SEL_RPL) | pIemCpu->uCpl;
2318 uStackFrame.pu32[2] = fEfl;
2319 rcStrict = iemMemCommitAndUnmap(pIemCpu, pvStackFrame, IEM_ACCESS_STACK_W); /* don't use the commit here */
2320 if (rcStrict != VINF_SUCCESS)
2321 return rcStrict;
2322
2323 /* Mark the CS selector as 'accessed'. */
2324 if (!(DescCS.Legacy.Gen.u4Type & X86_SEL_TYPE_ACCESSED))
2325 {
2326 rcStrict = iemMemMarkSelDescAccessed(pIemCpu, NewCS);
2327 if (rcStrict != VINF_SUCCESS)
2328 return rcStrict;
2329 DescCS.Legacy.Gen.u4Type |= X86_SEL_TYPE_ACCESSED;
2330 }
2331
2332 /*
2333 * Start committing the register changes (joins with the other branch).
2334 */
2335 pCtx->rsp = uNewRsp;
2336 }
2337
2338 /* ... register committing continues. */
2339 pCtx->cs.Sel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
2340 pCtx->cs.ValidSel = (NewCS & ~X86_SEL_RPL) | uNewCpl;
2341 pCtx->cs.fFlags = CPUMSELREG_FLAGS_VALID;
2342 pCtx->cs.u32Limit = cbLimitCS;
2343 pCtx->cs.u64Base = X86DESC_BASE(&DescCS.Legacy);
2344 pCtx->cs.Attr.u = X86DESC_GET_HID_ATTR(&DescCS.Legacy);
2345
2346 pCtx->rip = uNewEip;
2347 fEfl &= ~fEflToClear;
2348 IEMMISC_SET_EFL(pIemCpu, pCtx, fEfl);
2349
2350 if (fFlags & IEM_XCPT_FLAGS_CR2)
2351 pCtx->cr2 = uCr2;
2352
2353 if (fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT)
2354 iemRaiseXcptAdjustState(pCtx, u8Vector);
2355
2356 return fFlags & IEM_XCPT_FLAGS_T_CPU_XCPT ? VINF_IEM_RAISED_XCPT : VINF_SUCCESS;
2357}
2358
2359
2360/**
2361 * Implements exceptions and interrupts for V8086 mode.
2362 *
2363 * @returns VBox strict status code.
2364 * @param pIemCpu The IEM per CPU instance data.
2365 * @param pCtx The CPU context.
2366 * @param cbInstr The number of bytes to offset rIP by in the return
2367 * address.
2368 * @param u8Vector The interrupt / exception vector number.
2369 * @param fFlags The flags.
2370 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
2371 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
2372 */
2373static VBOXSTRICTRC
2374iemRaiseXcptOrIntInV8086Mode(PIEMCPU pIemCpu,
2375 PCPUMCTX pCtx,
2376 uint8_t cbInstr,
2377 uint8_t u8Vector,
2378 uint32_t fFlags,
2379 uint16_t uErr,
2380 uint64_t uCr2)
2381{
2382 NOREF(pIemCpu); NOREF(pCtx); NOREF(cbInstr); NOREF(u8Vector); NOREF(fFlags); NOREF(uErr); NOREF(uCr2);
2383 /** @todo implement me. */
2384 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("V8086 exception / interrupt dispatching\n"));
2385}
2386
2387
2388/**
2389 * Implements exceptions and interrupts for long mode.
2390 *
2391 * @returns VBox strict status code.
2392 * @param pIemCpu The IEM per CPU instance data.
2393 * @param pCtx The CPU context.
2394 * @param cbInstr The number of bytes to offset rIP by in the return
2395 * address.
2396 * @param u8Vector The interrupt / exception vector number.
2397 * @param fFlags The flags.
2398 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
2399 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
2400 */
2401static VBOXSTRICTRC
2402iemRaiseXcptOrIntInLongMode(PIEMCPU pIemCpu,
2403 PCPUMCTX pCtx,
2404 uint8_t cbInstr,
2405 uint8_t u8Vector,
2406 uint32_t fFlags,
2407 uint16_t uErr,
2408 uint64_t uCr2)
2409{
2410 NOREF(pIemCpu); NOREF(pCtx); NOREF(cbInstr); NOREF(u8Vector); NOREF(fFlags); NOREF(uErr); NOREF(uCr2);
2411 /** @todo implement me. */
2412 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("long mode exception / interrupt dispatching\n"));
2413}
2414
2415
2416/**
2417 * Implements exceptions and interrupts.
2418 *
2419 * All exceptions and interrupts goes thru this function!
2420 *
2421 * @returns VBox strict status code.
2422 * @param pIemCpu The IEM per CPU instance data.
2423 * @param cbInstr The number of bytes to offset rIP by in the return
2424 * address.
2425 * @param u8Vector The interrupt / exception vector number.
2426 * @param fFlags The flags.
2427 * @param uErr The error value if IEM_XCPT_FLAGS_ERR is set.
2428 * @param uCr2 The CR2 value if IEM_XCPT_FLAGS_CR2 is set.
2429 */
2430DECL_NO_INLINE(static, VBOXSTRICTRC)
2431iemRaiseXcptOrInt(PIEMCPU pIemCpu,
2432 uint8_t cbInstr,
2433 uint8_t u8Vector,
2434 uint32_t fFlags,
2435 uint16_t uErr,
2436 uint64_t uCr2)
2437{
2438 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
2439
2440 /*
2441 * Do recursion accounting.
2442 */
2443 uint8_t const uPrevXcpt = pIemCpu->uCurXcpt;
2444 uint32_t const fPrevXcpt = pIemCpu->fCurXcpt;
2445 if (pIemCpu->cXcptRecursions == 0)
2446 Log(("iemRaiseXcptOrInt: %#x at %04x:%RGv cbInstr=%#x fFlags=%#x uErr=%#x uCr2=%llx\n",
2447 u8Vector, pCtx->cs.Sel, pCtx->rip, cbInstr, fFlags, uErr, uCr2));
2448 else
2449 {
2450 Log(("iemRaiseXcptOrInt: %#x at %04x:%RGv cbInstr=%#x fFlags=%#x uErr=%#x uCr2=%llx; prev=%#x depth=%d flags=%#x\n",
2451 u8Vector, pCtx->cs.Sel, pCtx->rip, cbInstr, fFlags, uErr, uCr2, pIemCpu->uCurXcpt, pIemCpu->cXcptRecursions + 1, fPrevXcpt));
2452
2453 /** @todo double and tripple faults. */
2454 if (pIemCpu->cXcptRecursions >= 3)
2455 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Too many fault nestings.\n"));
2456
2457 /** @todo set X86_TRAP_ERR_EXTERNAL when appropriate.
2458 if (fPrevXcpt & IEM_XCPT_FLAGS_T_EXT_INT)
2459 {
2460 ....
2461 } */
2462 }
2463 pIemCpu->cXcptRecursions++;
2464 pIemCpu->uCurXcpt = u8Vector;
2465 pIemCpu->fCurXcpt = fFlags;
2466
2467 /*
2468 * Extensive logging.
2469 */
2470#if defined(LOG_ENABLED) && defined(IN_RING3)
2471 if (LogIs3Enabled())
2472 {
2473 PVM pVM = IEMCPU_TO_VM(pIemCpu);
2474 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
2475 char szRegs[4096];
2476 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
2477 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
2478 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
2479 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
2480 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
2481 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
2482 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
2483 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
2484 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
2485 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
2486 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
2487 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
2488 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
2489 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
2490 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
2491 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
2492 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
2493 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
2494 " efer=%016VR{efer}\n"
2495 " pat=%016VR{pat}\n"
2496 " sf_mask=%016VR{sf_mask}\n"
2497 "krnl_gs_base=%016VR{krnl_gs_base}\n"
2498 " lstar=%016VR{lstar}\n"
2499 " star=%016VR{star} cstar=%016VR{cstar}\n"
2500 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
2501 );
2502
2503 char szInstr[256];
2504 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
2505 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
2506 szInstr, sizeof(szInstr), NULL);
2507 Log3(("%s%s\n", szRegs, szInstr));
2508 }
2509#endif /* LOG_ENABLED */
2510
2511 /*
2512 * Call the mode specific worker function.
2513 */
2514 VBOXSTRICTRC rcStrict;
2515 if (!(pCtx->cr0 & X86_CR0_PE))
2516 rcStrict = iemRaiseXcptOrIntInRealMode( pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
2517 else if (pCtx->msrEFER & MSR_K6_EFER_LMA)
2518 rcStrict = iemRaiseXcptOrIntInLongMode( pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
2519 else if (!pCtx->eflags.Bits.u1VM)
2520 rcStrict = iemRaiseXcptOrIntInProtMode( pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
2521 else
2522 rcStrict = iemRaiseXcptOrIntInV8086Mode(pIemCpu, pCtx, cbInstr, u8Vector, fFlags, uErr, uCr2);
2523
2524 /*
2525 * Unwind.
2526 */
2527 pIemCpu->cXcptRecursions--;
2528 pIemCpu->uCurXcpt = uPrevXcpt;
2529 pIemCpu->fCurXcpt = fPrevXcpt;
2530 Log(("iemRaiseXcptOrInt: returns %Rrc (vec=%#x); cs:rip=%04x:%RGv ss:rsp=%04x:%RGv cpl=%u\n",
2531 VBOXSTRICTRC_VAL(rcStrict), u8Vector, pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->esp, pIemCpu->uCpl));
2532 return rcStrict;
2533}
2534
2535
2536/** \#DE - 00. */
2537DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseDivideError(PIEMCPU pIemCpu)
2538{
2539 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_DE, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2540}
2541
2542
2543/** \#DB - 01. */
2544DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseDebugException(PIEMCPU pIemCpu)
2545{
2546 /** @todo set/clear RF. */
2547 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_DB, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2548}
2549
2550
2551/** \#UD - 06. */
2552DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseUndefinedOpcode(PIEMCPU pIemCpu)
2553{
2554 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2555}
2556
2557
2558/** \#NM - 07. */
2559DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseDeviceNotAvailable(PIEMCPU pIemCpu)
2560{
2561 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NM, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2562}
2563
2564
2565#ifdef SOME_UNUSED_FUNCTION
2566/** \#TS(err) - 0a. */
2567DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseTaskSwitchFaultWithErr(PIEMCPU pIemCpu, uint16_t uErr)
2568{
2569 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
2570}
2571#endif
2572
2573
2574/** \#TS(tr) - 0a. */
2575DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseTaskSwitchFaultCurrentTSS(PIEMCPU pIemCpu)
2576{
2577 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_TS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
2578 pIemCpu->CTX_SUFF(pCtx)->tr.Sel, 0);
2579}
2580
2581
2582/** \#NP(err) - 0b. */
2583DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseSelectorNotPresentWithErr(PIEMCPU pIemCpu, uint16_t uErr)
2584{
2585 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
2586}
2587
2588
2589/** \#NP(seg) - 0b. */
2590DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseSelectorNotPresentBySegReg(PIEMCPU pIemCpu, uint32_t iSegReg)
2591{
2592 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
2593 iemSRegFetchU16(pIemCpu, iSegReg) & ~X86_SEL_RPL, 0);
2594}
2595
2596
2597/** \#NP(sel) - 0b. */
2598DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel)
2599{
2600 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_NP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
2601 uSel & ~X86_SEL_RPL, 0);
2602}
2603
2604
2605/** \#SS(seg) - 0c. */
2606DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseStackSelectorNotPresentBySelector(PIEMCPU pIemCpu, uint16_t uSel)
2607{
2608 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_SS, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
2609 uSel & ~X86_SEL_RPL, 0);
2610}
2611
2612
2613/** \#GP(n) - 0d. */
2614DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseGeneralProtectionFault(PIEMCPU pIemCpu, uint16_t uErr)
2615{
2616 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, uErr, 0);
2617}
2618
2619
2620/** \#GP(0) - 0d. */
2621DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseGeneralProtectionFault0(PIEMCPU pIemCpu)
2622{
2623 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
2624}
2625
2626
2627/** \#GP(sel) - 0d. */
2628DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseGeneralProtectionFaultBySelector(PIEMCPU pIemCpu, RTSEL Sel)
2629{
2630 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR,
2631 Sel & ~X86_SEL_RPL, 0);
2632}
2633
2634
2635/** \#GP(0) - 0d. */
2636DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseNotCanonical(PIEMCPU pIemCpu)
2637{
2638 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
2639}
2640
2641
2642/** \#GP(sel) - 0d. */
2643DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseSelectorBounds(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess)
2644{
2645 NOREF(iSegReg); NOREF(fAccess);
2646 return iemRaiseXcptOrInt(pIemCpu, 0, iSegReg == X86_SREG_SS ? X86_XCPT_SS : X86_XCPT_GP,
2647 IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
2648}
2649
2650
2651/** \#GP(sel) - 0d. */
2652DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseSelectorBoundsBySelector(PIEMCPU pIemCpu, RTSEL Sel)
2653{
2654 NOREF(Sel);
2655 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
2656}
2657
2658
2659/** \#GP(sel) - 0d. */
2660DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseSelectorInvalidAccess(PIEMCPU pIemCpu, uint32_t iSegReg, uint32_t fAccess)
2661{
2662 NOREF(iSegReg); NOREF(fAccess);
2663 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_GP, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR, 0, 0);
2664}
2665
2666
2667/** \#PF(n) - 0e. */
2668DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaisePageFault(PIEMCPU pIemCpu, RTGCPTR GCPtrWhere, uint32_t fAccess, int rc)
2669{
2670 uint16_t uErr;
2671 switch (rc)
2672 {
2673 case VERR_PAGE_NOT_PRESENT:
2674 case VERR_PAGE_TABLE_NOT_PRESENT:
2675 case VERR_PAGE_DIRECTORY_PTR_NOT_PRESENT:
2676 case VERR_PAGE_MAP_LEVEL4_NOT_PRESENT:
2677 uErr = 0;
2678 break;
2679
2680 default:
2681 AssertMsgFailed(("%Rrc\n", rc));
2682 case VERR_ACCESS_DENIED:
2683 uErr = X86_TRAP_PF_P;
2684 break;
2685
2686 /** @todo reserved */
2687 }
2688
2689 if (pIemCpu->uCpl == 3)
2690 uErr |= X86_TRAP_PF_US;
2691
2692 if ( (fAccess & IEM_ACCESS_WHAT_MASK) == IEM_ACCESS_WHAT_CODE
2693 && ( (pIemCpu->CTX_SUFF(pCtx)->cr4 & X86_CR4_PAE)
2694 && (pIemCpu->CTX_SUFF(pCtx)->msrEFER & MSR_K6_EFER_NXE) ) )
2695 uErr |= X86_TRAP_PF_ID;
2696
2697 /* Note! RW access callers reporting a WRITE protection fault, will clear
2698 the READ flag before calling. So, read-modify-write accesses (RW)
2699 can safely be reported as READ faults. */
2700 if ((fAccess & (IEM_ACCESS_TYPE_WRITE | IEM_ACCESS_TYPE_READ)) == IEM_ACCESS_TYPE_WRITE)
2701 uErr |= X86_TRAP_PF_RW;
2702
2703 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_PF, IEM_XCPT_FLAGS_T_CPU_XCPT | IEM_XCPT_FLAGS_ERR | IEM_XCPT_FLAGS_CR2,
2704 uErr, GCPtrWhere);
2705}
2706
2707
2708/** \#MF(0) - 10. */
2709DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseMathFault(PIEMCPU pIemCpu)
2710{
2711 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_MF, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2712}
2713
2714
2715/** \#AC(0) - 11. */
2716DECL_NO_INLINE(static, VBOXSTRICTRC) iemRaiseAlignmentCheckException(PIEMCPU pIemCpu)
2717{
2718 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_AC, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2719}
2720
2721
2722/**
2723 * Macro for calling iemCImplRaiseDivideError().
2724 *
2725 * This enables us to add/remove arguments and force different levels of
2726 * inlining as we wish.
2727 *
2728 * @return Strict VBox status code.
2729 */
2730#define IEMOP_RAISE_DIVIDE_ERROR() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseDivideError)
2731IEM_CIMPL_DEF_0(iemCImplRaiseDivideError)
2732{
2733 NOREF(cbInstr);
2734 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_DE, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2735}
2736
2737
2738/**
2739 * Macro for calling iemCImplRaiseInvalidLockPrefix().
2740 *
2741 * This enables us to add/remove arguments and force different levels of
2742 * inlining as we wish.
2743 *
2744 * @return Strict VBox status code.
2745 */
2746#define IEMOP_RAISE_INVALID_LOCK_PREFIX() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseInvalidLockPrefix)
2747IEM_CIMPL_DEF_0(iemCImplRaiseInvalidLockPrefix)
2748{
2749 NOREF(cbInstr);
2750 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2751}
2752
2753
2754/**
2755 * Macro for calling iemCImplRaiseInvalidOpcode().
2756 *
2757 * This enables us to add/remove arguments and force different levels of
2758 * inlining as we wish.
2759 *
2760 * @return Strict VBox status code.
2761 */
2762#define IEMOP_RAISE_INVALID_OPCODE() IEM_MC_DEFER_TO_CIMPL_0(iemCImplRaiseInvalidOpcode)
2763IEM_CIMPL_DEF_0(iemCImplRaiseInvalidOpcode)
2764{
2765 NOREF(cbInstr);
2766 return iemRaiseXcptOrInt(pIemCpu, 0, X86_XCPT_UD, IEM_XCPT_FLAGS_T_CPU_XCPT, 0, 0);
2767}
2768
2769
2770/** @} */
2771
2772
2773/*
2774 *
2775 * Helpers routines.
2776 * Helpers routines.
2777 * Helpers routines.
2778 *
2779 */
2780
2781/**
2782 * Recalculates the effective operand size.
2783 *
2784 * @param pIemCpu The IEM state.
2785 */
2786static void iemRecalEffOpSize(PIEMCPU pIemCpu)
2787{
2788 switch (pIemCpu->enmCpuMode)
2789 {
2790 case IEMMODE_16BIT:
2791 pIemCpu->enmEffOpSize = pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_OP ? IEMMODE_32BIT : IEMMODE_16BIT;
2792 break;
2793 case IEMMODE_32BIT:
2794 pIemCpu->enmEffOpSize = pIemCpu->fPrefixes & IEM_OP_PRF_SIZE_OP ? IEMMODE_16BIT : IEMMODE_32BIT;
2795 break;
2796 case IEMMODE_64BIT:
2797 switch (pIemCpu->fPrefixes & (IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP))
2798 {
2799 case 0:
2800 pIemCpu->enmEffOpSize = pIemCpu->enmDefOpSize;
2801 break;
2802 case IEM_OP_PRF_SIZE_OP:
2803 pIemCpu->enmEffOpSize = IEMMODE_16BIT;
2804 break;
2805 case IEM_OP_PRF_SIZE_REX_W:
2806 case IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP:
2807 pIemCpu->enmEffOpSize = IEMMODE_64BIT;
2808 break;
2809 }
2810 break;
2811 default:
2812 AssertFailed();
2813 }
2814}
2815
2816
2817/**
2818 * Sets the default operand size to 64-bit and recalculates the effective
2819 * operand size.
2820 *
2821 * @param pIemCpu The IEM state.
2822 */
2823static void iemRecalEffOpSize64Default(PIEMCPU pIemCpu)
2824{
2825 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
2826 pIemCpu->enmDefOpSize = IEMMODE_64BIT;
2827 if ((pIemCpu->fPrefixes & (IEM_OP_PRF_SIZE_REX_W | IEM_OP_PRF_SIZE_OP)) != IEM_OP_PRF_SIZE_OP)
2828 pIemCpu->enmEffOpSize = IEMMODE_64BIT;
2829 else
2830 pIemCpu->enmEffOpSize = IEMMODE_16BIT;
2831}
2832
2833
2834/*
2835 *
2836 * Common opcode decoders.
2837 * Common opcode decoders.
2838 * Common opcode decoders.
2839 *
2840 */
2841//#include <iprt/mem.h>
2842
2843/**
2844 * Used to add extra details about a stub case.
2845 * @param pIemCpu The IEM per CPU state.
2846 */
2847static void iemOpStubMsg2(PIEMCPU pIemCpu)
2848{
2849#if defined(LOG_ENABLED) && defined(IN_RING3)
2850 PVM pVM = IEMCPU_TO_VM(pIemCpu);
2851 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
2852 char szRegs[4096];
2853 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
2854 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
2855 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
2856 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
2857 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
2858 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
2859 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
2860 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
2861 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
2862 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
2863 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
2864 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
2865 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
2866 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
2867 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
2868 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
2869 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
2870 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
2871 " efer=%016VR{efer}\n"
2872 " pat=%016VR{pat}\n"
2873 " sf_mask=%016VR{sf_mask}\n"
2874 "krnl_gs_base=%016VR{krnl_gs_base}\n"
2875 " lstar=%016VR{lstar}\n"
2876 " star=%016VR{star} cstar=%016VR{cstar}\n"
2877 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
2878 );
2879
2880 char szInstr[256];
2881 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
2882 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
2883 szInstr, sizeof(szInstr), NULL);
2884
2885 RTAssertMsg2Weak("%s%s\n", szRegs, szInstr);
2886#else
2887 RTAssertMsg2Weak("cs:rip=%04x:%RX64\n", pIemCpu->CTX_SUFF(pCtx)->cs, pIemCpu->CTX_SUFF(pCtx)->rip);
2888#endif
2889}
2890
2891/**
2892 * Complains about a stub.
2893 *
2894 * Providing two versions of this macro, one for daily use and one for use when
2895 * working on IEM.
2896 */
2897#if 0
2898# define IEMOP_BITCH_ABOUT_STUB() \
2899 do { \
2900 RTAssertMsg1(NULL, __LINE__, __FILE__, __FUNCTION__); \
2901 iemOpStubMsg2(pIemCpu); \
2902 RTAssertPanic(); \
2903 } while (0)
2904#else
2905# define IEMOP_BITCH_ABOUT_STUB() Log(("Stub: %s (line %d)\n", __FUNCTION__, __LINE__));
2906#endif
2907
2908/** Stubs an opcode. */
2909#define FNIEMOP_STUB(a_Name) \
2910 FNIEMOP_DEF(a_Name) \
2911 { \
2912 IEMOP_BITCH_ABOUT_STUB(); \
2913 return VERR_IEM_INSTR_NOT_IMPLEMENTED; \
2914 } \
2915 typedef int ignore_semicolon
2916
2917/** Stubs an opcode. */
2918#define FNIEMOP_STUB_1(a_Name, a_Type0, a_Name0) \
2919 FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
2920 { \
2921 IEMOP_BITCH_ABOUT_STUB(); \
2922 NOREF(a_Name0); \
2923 return VERR_IEM_INSTR_NOT_IMPLEMENTED; \
2924 } \
2925 typedef int ignore_semicolon
2926
2927/** Stubs an opcode which currently should raise \#UD. */
2928#define FNIEMOP_UD_STUB(a_Name) \
2929 FNIEMOP_DEF(a_Name) \
2930 { \
2931 Log(("Unsupported instruction %Rfn\n", __FUNCTION__)); \
2932 return IEMOP_RAISE_INVALID_OPCODE(); \
2933 } \
2934 typedef int ignore_semicolon
2935
2936/** Stubs an opcode which currently should raise \#UD. */
2937#define FNIEMOP_UD_STUB_1(a_Name, a_Type0, a_Name0) \
2938 FNIEMOP_DEF_1(a_Name, a_Type0, a_Name0) \
2939 { \
2940 NOREF(a_Name0); \
2941 Log(("Unsupported instruction %Rfn\n", __FUNCTION__)); \
2942 return IEMOP_RAISE_INVALID_OPCODE(); \
2943 } \
2944 typedef int ignore_semicolon
2945
2946
2947
2948/** @name Register Access.
2949 * @{
2950 */
2951
2952/**
2953 * Gets a reference (pointer) to the specified hidden segment register.
2954 *
2955 * @returns Hidden register reference.
2956 * @param pIemCpu The per CPU data.
2957 * @param iSegReg The segment register.
2958 */
2959static PCPUMSELREG iemSRegGetHid(PIEMCPU pIemCpu, uint8_t iSegReg)
2960{
2961 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
2962 PCPUMSELREG pSReg;
2963 switch (iSegReg)
2964 {
2965 case X86_SREG_ES: pSReg = &pCtx->es; break;
2966 case X86_SREG_CS: pSReg = &pCtx->cs; break;
2967 case X86_SREG_SS: pSReg = &pCtx->ss; break;
2968 case X86_SREG_DS: pSReg = &pCtx->ds; break;
2969 case X86_SREG_FS: pSReg = &pCtx->fs; break;
2970 case X86_SREG_GS: pSReg = &pCtx->gs; break;
2971 default:
2972 AssertFailedReturn(NULL);
2973 }
2974#ifdef VBOX_WITH_RAW_MODE_NOT_R0
2975 if (!CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg))
2976 CPUMGuestLazyLoadHiddenSelectorReg(IEMCPU_TO_VMCPU(pIemCpu), pSReg);
2977#else
2978 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(IEMCPU_TO_VMCPU(pIemCpu), pSReg));
2979#endif
2980 return pSReg;
2981}
2982
2983
2984/**
2985 * Gets a reference (pointer) to the specified segment register (the selector
2986 * value).
2987 *
2988 * @returns Pointer to the selector variable.
2989 * @param pIemCpu The per CPU data.
2990 * @param iSegReg The segment register.
2991 */
2992static uint16_t *iemSRegRef(PIEMCPU pIemCpu, uint8_t iSegReg)
2993{
2994 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
2995 switch (iSegReg)
2996 {
2997 case X86_SREG_ES: return &pCtx->es.Sel;
2998 case X86_SREG_CS: return &pCtx->cs.Sel;
2999 case X86_SREG_SS: return &pCtx->ss.Sel;
3000 case X86_SREG_DS: return &pCtx->ds.Sel;
3001 case X86_SREG_FS: return &pCtx->fs.Sel;
3002 case X86_SREG_GS: return &pCtx->gs.Sel;
3003 }
3004 AssertFailedReturn(NULL);
3005}
3006
3007
3008/**
3009 * Fetches the selector value of a segment register.
3010 *
3011 * @returns The selector value.
3012 * @param pIemCpu The per CPU data.
3013 * @param iSegReg The segment register.
3014 */
3015static uint16_t iemSRegFetchU16(PIEMCPU pIemCpu, uint8_t iSegReg)
3016{
3017 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3018 switch (iSegReg)
3019 {
3020 case X86_SREG_ES: return pCtx->es.Sel;
3021 case X86_SREG_CS: return pCtx->cs.Sel;
3022 case X86_SREG_SS: return pCtx->ss.Sel;
3023 case X86_SREG_DS: return pCtx->ds.Sel;
3024 case X86_SREG_FS: return pCtx->fs.Sel;
3025 case X86_SREG_GS: return pCtx->gs.Sel;
3026 }
3027 AssertFailedReturn(0xffff);
3028}
3029
3030
3031/**
3032 * Gets a reference (pointer) to the specified general register.
3033 *
3034 * @returns Register reference.
3035 * @param pIemCpu The per CPU data.
3036 * @param iReg The general register.
3037 */
3038static void *iemGRegRef(PIEMCPU pIemCpu, uint8_t iReg)
3039{
3040 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3041 switch (iReg)
3042 {
3043 case X86_GREG_xAX: return &pCtx->rax;
3044 case X86_GREG_xCX: return &pCtx->rcx;
3045 case X86_GREG_xDX: return &pCtx->rdx;
3046 case X86_GREG_xBX: return &pCtx->rbx;
3047 case X86_GREG_xSP: return &pCtx->rsp;
3048 case X86_GREG_xBP: return &pCtx->rbp;
3049 case X86_GREG_xSI: return &pCtx->rsi;
3050 case X86_GREG_xDI: return &pCtx->rdi;
3051 case X86_GREG_x8: return &pCtx->r8;
3052 case X86_GREG_x9: return &pCtx->r9;
3053 case X86_GREG_x10: return &pCtx->r10;
3054 case X86_GREG_x11: return &pCtx->r11;
3055 case X86_GREG_x12: return &pCtx->r12;
3056 case X86_GREG_x13: return &pCtx->r13;
3057 case X86_GREG_x14: return &pCtx->r14;
3058 case X86_GREG_x15: return &pCtx->r15;
3059 }
3060 AssertFailedReturn(NULL);
3061}
3062
3063
3064/**
3065 * Gets a reference (pointer) to the specified 8-bit general register.
3066 *
3067 * Because of AH, CH, DH and BH we cannot use iemGRegRef directly here.
3068 *
3069 * @returns Register reference.
3070 * @param pIemCpu The per CPU data.
3071 * @param iReg The register.
3072 */
3073static uint8_t *iemGRegRefU8(PIEMCPU pIemCpu, uint8_t iReg)
3074{
3075 if (pIemCpu->fPrefixes & IEM_OP_PRF_REX)
3076 return (uint8_t *)iemGRegRef(pIemCpu, iReg);
3077
3078 uint8_t *pu8Reg = (uint8_t *)iemGRegRef(pIemCpu, iReg & 3);
3079 if (iReg >= 4)
3080 pu8Reg++;
3081 return pu8Reg;
3082}
3083
3084
3085/**
3086 * Fetches the value of a 8-bit general register.
3087 *
3088 * @returns The register value.
3089 * @param pIemCpu The per CPU data.
3090 * @param iReg The register.
3091 */
3092static uint8_t iemGRegFetchU8(PIEMCPU pIemCpu, uint8_t iReg)
3093{
3094 uint8_t const *pbSrc = iemGRegRefU8(pIemCpu, iReg);
3095 return *pbSrc;
3096}
3097
3098
3099/**
3100 * Fetches the value of a 16-bit general register.
3101 *
3102 * @returns The register value.
3103 * @param pIemCpu The per CPU data.
3104 * @param iReg The register.
3105 */
3106static uint16_t iemGRegFetchU16(PIEMCPU pIemCpu, uint8_t iReg)
3107{
3108 return *(uint16_t *)iemGRegRef(pIemCpu, iReg);
3109}
3110
3111
3112/**
3113 * Fetches the value of a 32-bit general register.
3114 *
3115 * @returns The register value.
3116 * @param pIemCpu The per CPU data.
3117 * @param iReg The register.
3118 */
3119static uint32_t iemGRegFetchU32(PIEMCPU pIemCpu, uint8_t iReg)
3120{
3121 return *(uint32_t *)iemGRegRef(pIemCpu, iReg);
3122}
3123
3124
3125/**
3126 * Fetches the value of a 64-bit general register.
3127 *
3128 * @returns The register value.
3129 * @param pIemCpu The per CPU data.
3130 * @param iReg The register.
3131 */
3132static uint64_t iemGRegFetchU64(PIEMCPU pIemCpu, uint8_t iReg)
3133{
3134 return *(uint64_t *)iemGRegRef(pIemCpu, iReg);
3135}
3136
3137
3138/**
3139 * Is the FPU state in FXSAVE format or not.
3140 *
3141 * @returns true if it is, false if it's in FNSAVE.
3142 * @param pVCpu Pointer to the VMCPU.
3143 */
3144DECLINLINE(bool) iemFRegIsFxSaveFormat(PIEMCPU pIemCpu)
3145{
3146#ifdef RT_ARCH_AMD64
3147 NOREF(pIemCpu);
3148 return true;
3149#else
3150 NOREF(pIemCpu); /// @todo return pVCpu->pVMR3->cpum.s.CPUFeatures.edx.u1FXSR;
3151 return true;
3152#endif
3153}
3154
3155
3156/**
3157 * Adds a 8-bit signed jump offset to RIP/EIP/IP.
3158 *
3159 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
3160 * segment limit.
3161 *
3162 * @param pIemCpu The per CPU data.
3163 * @param offNextInstr The offset of the next instruction.
3164 */
3165static VBOXSTRICTRC iemRegRipRelativeJumpS8(PIEMCPU pIemCpu, int8_t offNextInstr)
3166{
3167 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3168 switch (pIemCpu->enmEffOpSize)
3169 {
3170 case IEMMODE_16BIT:
3171 {
3172 uint16_t uNewIp = pCtx->ip + offNextInstr + pIemCpu->offOpcode;
3173 if ( uNewIp > pCtx->cs.u32Limit
3174 && pIemCpu->enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
3175 return iemRaiseGeneralProtectionFault0(pIemCpu);
3176 pCtx->rip = uNewIp;
3177 break;
3178 }
3179
3180 case IEMMODE_32BIT:
3181 {
3182 Assert(pCtx->rip <= UINT32_MAX);
3183 Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
3184
3185 uint32_t uNewEip = pCtx->eip + offNextInstr + pIemCpu->offOpcode;
3186 if (uNewEip > pCtx->cs.u32Limit)
3187 return iemRaiseGeneralProtectionFault0(pIemCpu);
3188 pCtx->rip = uNewEip;
3189 break;
3190 }
3191
3192 case IEMMODE_64BIT:
3193 {
3194 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
3195
3196 uint64_t uNewRip = pCtx->rip + offNextInstr + pIemCpu->offOpcode;
3197 if (!IEM_IS_CANONICAL(uNewRip))
3198 return iemRaiseGeneralProtectionFault0(pIemCpu);
3199 pCtx->rip = uNewRip;
3200 break;
3201 }
3202
3203 IEM_NOT_REACHED_DEFAULT_CASE_RET();
3204 }
3205
3206 return VINF_SUCCESS;
3207}
3208
3209
3210/**
3211 * Adds a 16-bit signed jump offset to RIP/EIP/IP.
3212 *
3213 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
3214 * segment limit.
3215 *
3216 * @returns Strict VBox status code.
3217 * @param pIemCpu The per CPU data.
3218 * @param offNextInstr The offset of the next instruction.
3219 */
3220static VBOXSTRICTRC iemRegRipRelativeJumpS16(PIEMCPU pIemCpu, int16_t offNextInstr)
3221{
3222 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3223 Assert(pIemCpu->enmEffOpSize == IEMMODE_16BIT);
3224
3225 uint16_t uNewIp = pCtx->ip + offNextInstr + pIemCpu->offOpcode;
3226 if ( uNewIp > pCtx->cs.u32Limit
3227 && pIemCpu->enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
3228 return iemRaiseGeneralProtectionFault0(pIemCpu);
3229 /** @todo Test 16-bit jump in 64-bit mode. */
3230 pCtx->rip = uNewIp;
3231
3232 return VINF_SUCCESS;
3233}
3234
3235
3236/**
3237 * Adds a 32-bit signed jump offset to RIP/EIP/IP.
3238 *
3239 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
3240 * segment limit.
3241 *
3242 * @returns Strict VBox status code.
3243 * @param pIemCpu The per CPU data.
3244 * @param offNextInstr The offset of the next instruction.
3245 */
3246static VBOXSTRICTRC iemRegRipRelativeJumpS32(PIEMCPU pIemCpu, int32_t offNextInstr)
3247{
3248 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3249 Assert(pIemCpu->enmEffOpSize != IEMMODE_16BIT);
3250
3251 if (pIemCpu->enmEffOpSize == IEMMODE_32BIT)
3252 {
3253 Assert(pCtx->rip <= UINT32_MAX); Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
3254
3255 uint32_t uNewEip = pCtx->eip + offNextInstr + pIemCpu->offOpcode;
3256 if (uNewEip > pCtx->cs.u32Limit)
3257 return iemRaiseGeneralProtectionFault0(pIemCpu);
3258 pCtx->rip = uNewEip;
3259 }
3260 else
3261 {
3262 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
3263
3264 uint64_t uNewRip = pCtx->rip + offNextInstr + pIemCpu->offOpcode;
3265 if (!IEM_IS_CANONICAL(uNewRip))
3266 return iemRaiseGeneralProtectionFault0(pIemCpu);
3267 pCtx->rip = uNewRip;
3268 }
3269 return VINF_SUCCESS;
3270}
3271
3272
3273/**
3274 * Performs a near jump to the specified address.
3275 *
3276 * May raise a \#GP(0) if the new RIP is non-canonical or outside the code
3277 * segment limit.
3278 *
3279 * @param pIemCpu The per CPU data.
3280 * @param uNewRip The new RIP value.
3281 */
3282static VBOXSTRICTRC iemRegRipJump(PIEMCPU pIemCpu, uint64_t uNewRip)
3283{
3284 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3285 switch (pIemCpu->enmEffOpSize)
3286 {
3287 case IEMMODE_16BIT:
3288 {
3289 Assert(uNewRip <= UINT16_MAX);
3290 if ( uNewRip > pCtx->cs.u32Limit
3291 && pIemCpu->enmCpuMode != IEMMODE_64BIT) /* no need to check for non-canonical. */
3292 return iemRaiseGeneralProtectionFault0(pIemCpu);
3293 /** @todo Test 16-bit jump in 64-bit mode. */
3294 pCtx->rip = uNewRip;
3295 break;
3296 }
3297
3298 case IEMMODE_32BIT:
3299 {
3300 Assert(uNewRip <= UINT32_MAX);
3301 Assert(pCtx->rip <= UINT32_MAX);
3302 Assert(pIemCpu->enmCpuMode != IEMMODE_64BIT);
3303
3304 if (uNewRip > pCtx->cs.u32Limit)
3305 return iemRaiseGeneralProtectionFault0(pIemCpu);
3306 pCtx->rip = uNewRip;
3307 break;
3308 }
3309
3310 case IEMMODE_64BIT:
3311 {
3312 Assert(pIemCpu->enmCpuMode == IEMMODE_64BIT);
3313
3314 if (!IEM_IS_CANONICAL(uNewRip))
3315 return iemRaiseGeneralProtectionFault0(pIemCpu);
3316 pCtx->rip = uNewRip;
3317 break;
3318 }
3319
3320 IEM_NOT_REACHED_DEFAULT_CASE_RET();
3321 }
3322
3323 return VINF_SUCCESS;
3324}
3325
3326
3327/**
3328 * Get the address of the top of the stack.
3329 *
3330 * @param pCtx The CPU context which SP/ESP/RSP should be
3331 * read.
3332 */
3333DECLINLINE(RTGCPTR) iemRegGetEffRsp(PCCPUMCTX pCtx)
3334{
3335 if (pCtx->ss.Attr.n.u1Long)
3336 return pCtx->rsp;
3337 if (pCtx->ss.Attr.n.u1DefBig)
3338 return pCtx->esp;
3339 return pCtx->sp;
3340}
3341
3342
3343/**
3344 * Updates the RIP/EIP/IP to point to the next instruction.
3345 *
3346 * @param pIemCpu The per CPU data.
3347 * @param cbInstr The number of bytes to add.
3348 */
3349static void iemRegAddToRip(PIEMCPU pIemCpu, uint8_t cbInstr)
3350{
3351 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3352 switch (pIemCpu->enmCpuMode)
3353 {
3354 case IEMMODE_16BIT:
3355 Assert(pCtx->rip <= UINT16_MAX);
3356 pCtx->eip += cbInstr;
3357 pCtx->eip &= UINT32_C(0xffff);
3358 break;
3359
3360 case IEMMODE_32BIT:
3361 pCtx->eip += cbInstr;
3362 Assert(pCtx->rip <= UINT32_MAX);
3363 break;
3364
3365 case IEMMODE_64BIT:
3366 pCtx->rip += cbInstr;
3367 break;
3368 default: AssertFailed();
3369 }
3370}
3371
3372
3373/**
3374 * Updates the RIP/EIP/IP to point to the next instruction.
3375 *
3376 * @param pIemCpu The per CPU data.
3377 */
3378static void iemRegUpdateRip(PIEMCPU pIemCpu)
3379{
3380 return iemRegAddToRip(pIemCpu, pIemCpu->offOpcode);
3381}
3382
3383
3384/**
3385 * Adds to the stack pointer.
3386 *
3387 * @param pCtx The CPU context which SP/ESP/RSP should be
3388 * updated.
3389 * @param cbToAdd The number of bytes to add.
3390 */
3391DECLINLINE(void) iemRegAddToRsp(PCPUMCTX pCtx, uint8_t cbToAdd)
3392{
3393 if (pCtx->ss.Attr.n.u1Long)
3394 pCtx->rsp += cbToAdd;
3395 else if (pCtx->ss.Attr.n.u1DefBig)
3396 pCtx->esp += cbToAdd;
3397 else
3398 pCtx->sp += cbToAdd;
3399}
3400
3401
3402/**
3403 * Subtracts from the stack pointer.
3404 *
3405 * @param pCtx The CPU context which SP/ESP/RSP should be
3406 * updated.
3407 * @param cbToSub The number of bytes to subtract.
3408 */
3409DECLINLINE(void) iemRegSubFromRsp(PCPUMCTX pCtx, uint8_t cbToSub)
3410{
3411 if (pCtx->ss.Attr.n.u1Long)
3412 pCtx->rsp -= cbToSub;
3413 else if (pCtx->ss.Attr.n.u1DefBig)
3414 pCtx->esp -= cbToSub;
3415 else
3416 pCtx->sp -= cbToSub;
3417}
3418
3419
3420/**
3421 * Adds to the temporary stack pointer.
3422 *
3423 * @param pTmpRsp The temporary SP/ESP/RSP to update.
3424 * @param cbToAdd The number of bytes to add.
3425 * @param pCtx Where to get the current stack mode.
3426 */
3427DECLINLINE(void) iemRegAddToRspEx(PRTUINT64U pTmpRsp, uint16_t cbToAdd, PCCPUMCTX pCtx)
3428{
3429 if (pCtx->ss.Attr.n.u1Long)
3430 pTmpRsp->u += cbToAdd;
3431 else if (pCtx->ss.Attr.n.u1DefBig)
3432 pTmpRsp->DWords.dw0 += cbToAdd;
3433 else
3434 pTmpRsp->Words.w0 += cbToAdd;
3435}
3436
3437
3438/**
3439 * Subtracts from the temporary stack pointer.
3440 *
3441 * @param pTmpRsp The temporary SP/ESP/RSP to update.
3442 * @param cbToSub The number of bytes to subtract.
3443 * @param pCtx Where to get the current stack mode.
3444 * @remarks The @a cbToSub argument *MUST* be 16-bit, iemCImpl_enter is
3445 * expecting that.
3446 */
3447DECLINLINE(void) iemRegSubFromRspEx(PRTUINT64U pTmpRsp, uint16_t cbToSub, PCCPUMCTX pCtx)
3448{
3449 if (pCtx->ss.Attr.n.u1Long)
3450 pTmpRsp->u -= cbToSub;
3451 else if (pCtx->ss.Attr.n.u1DefBig)
3452 pTmpRsp->DWords.dw0 -= cbToSub;
3453 else
3454 pTmpRsp->Words.w0 -= cbToSub;
3455}
3456
3457
3458/**
3459 * Calculates the effective stack address for a push of the specified size as
3460 * well as the new RSP value (upper bits may be masked).
3461 *
3462 * @returns Effective stack addressf for the push.
3463 * @param pCtx Where to get the current stack mode.
3464 * @param cbItem The size of the stack item to pop.
3465 * @param puNewRsp Where to return the new RSP value.
3466 */
3467DECLINLINE(RTGCPTR) iemRegGetRspForPush(PCCPUMCTX pCtx, uint8_t cbItem, uint64_t *puNewRsp)
3468{
3469 RTUINT64U uTmpRsp;
3470 RTGCPTR GCPtrTop;
3471 uTmpRsp.u = pCtx->rsp;
3472
3473 if (pCtx->ss.Attr.n.u1Long)
3474 GCPtrTop = uTmpRsp.u -= cbItem;
3475 else if (pCtx->ss.Attr.n.u1DefBig)
3476 GCPtrTop = uTmpRsp.DWords.dw0 -= cbItem;
3477 else
3478 GCPtrTop = uTmpRsp.Words.w0 -= cbItem;
3479 *puNewRsp = uTmpRsp.u;
3480 return GCPtrTop;
3481}
3482
3483
3484/**
3485 * Gets the current stack pointer and calculates the value after a pop of the
3486 * specified size.
3487 *
3488 * @returns Current stack pointer.
3489 * @param pCtx Where to get the current stack mode.
3490 * @param cbItem The size of the stack item to pop.
3491 * @param puNewRsp Where to return the new RSP value.
3492 */
3493DECLINLINE(RTGCPTR) iemRegGetRspForPop(PCCPUMCTX pCtx, uint8_t cbItem, uint64_t *puNewRsp)
3494{
3495 RTUINT64U uTmpRsp;
3496 RTGCPTR GCPtrTop;
3497 uTmpRsp.u = pCtx->rsp;
3498
3499 if (pCtx->ss.Attr.n.u1Long)
3500 {
3501 GCPtrTop = uTmpRsp.u;
3502 uTmpRsp.u += cbItem;
3503 }
3504 else if (pCtx->ss.Attr.n.u1DefBig)
3505 {
3506 GCPtrTop = uTmpRsp.DWords.dw0;
3507 uTmpRsp.DWords.dw0 += cbItem;
3508 }
3509 else
3510 {
3511 GCPtrTop = uTmpRsp.Words.w0;
3512 uTmpRsp.Words.w0 += cbItem;
3513 }
3514 *puNewRsp = uTmpRsp.u;
3515 return GCPtrTop;
3516}
3517
3518
3519/**
3520 * Calculates the effective stack address for a push of the specified size as
3521 * well as the new temporary RSP value (upper bits may be masked).
3522 *
3523 * @returns Effective stack addressf for the push.
3524 * @param pTmpRsp The temporary stack pointer. This is updated.
3525 * @param cbItem The size of the stack item to pop.
3526 * @param puNewRsp Where to return the new RSP value.
3527 */
3528DECLINLINE(RTGCPTR) iemRegGetRspForPushEx(PRTUINT64U pTmpRsp, uint8_t cbItem, PCCPUMCTX pCtx)
3529{
3530 RTGCPTR GCPtrTop;
3531
3532 if (pCtx->ss.Attr.n.u1Long)
3533 GCPtrTop = pTmpRsp->u -= cbItem;
3534 else if (pCtx->ss.Attr.n.u1DefBig)
3535 GCPtrTop = pTmpRsp->DWords.dw0 -= cbItem;
3536 else
3537 GCPtrTop = pTmpRsp->Words.w0 -= cbItem;
3538 return GCPtrTop;
3539}
3540
3541
3542/**
3543 * Gets the effective stack address for a pop of the specified size and
3544 * calculates and updates the temporary RSP.
3545 *
3546 * @returns Current stack pointer.
3547 * @param pTmpRsp The temporary stack pointer. This is updated.
3548 * @param pCtx Where to get the current stack mode.
3549 * @param cbItem The size of the stack item to pop.
3550 */
3551DECLINLINE(RTGCPTR) iemRegGetRspForPopEx(PRTUINT64U pTmpRsp, uint8_t cbItem, PCCPUMCTX pCtx)
3552{
3553 RTGCPTR GCPtrTop;
3554 if (pCtx->ss.Attr.n.u1Long)
3555 {
3556 GCPtrTop = pTmpRsp->u;
3557 pTmpRsp->u += cbItem;
3558 }
3559 else if (pCtx->ss.Attr.n.u1DefBig)
3560 {
3561 GCPtrTop = pTmpRsp->DWords.dw0;
3562 pTmpRsp->DWords.dw0 += cbItem;
3563 }
3564 else
3565 {
3566 GCPtrTop = pTmpRsp->Words.w0;
3567 pTmpRsp->Words.w0 += cbItem;
3568 }
3569 return GCPtrTop;
3570}
3571
3572
3573/**
3574 * Checks if an Intel CPUID feature bit is set.
3575 *
3576 * @returns true / false.
3577 *
3578 * @param pIemCpu The IEM per CPU data.
3579 * @param fEdx The EDX bit to test, or 0 if ECX.
3580 * @param fEcx The ECX bit to test, or 0 if EDX.
3581 * @remarks Used via IEM_IS_INTEL_CPUID_FEATURE_PRESENT_EDX,
3582 * IEM_IS_INTEL_CPUID_FEATURE_PRESENT_ECX and others.
3583 */
3584static bool iemRegIsIntelCpuIdFeaturePresent(PIEMCPU pIemCpu, uint32_t fEdx, uint32_t fEcx)
3585{
3586 uint32_t uEax, uEbx, uEcx, uEdx;
3587 CPUMGetGuestCpuId(IEMCPU_TO_VMCPU(pIemCpu), 0x00000001, &uEax, &uEbx, &uEcx, &uEdx);
3588 return (fEcx && (uEcx & fEcx))
3589 || (fEdx && (uEdx & fEdx));
3590}
3591
3592
3593/**
3594 * Checks if an AMD CPUID feature bit is set.
3595 *
3596 * @returns true / false.
3597 *
3598 * @param pIemCpu The IEM per CPU data.
3599 * @param fEdx The EDX bit to test, or 0 if ECX.
3600 * @param fEcx The ECX bit to test, or 0 if EDX.
3601 * @remarks Used via IEM_IS_AMD_CPUID_FEATURE_PRESENT_EDX,
3602 * IEM_IS_AMD_CPUID_FEATURE_PRESENT_ECX and others.
3603 */
3604static bool iemRegIsAmdCpuIdFeaturePresent(PIEMCPU pIemCpu, uint32_t fEdx, uint32_t fEcx)
3605{
3606 uint32_t uEax, uEbx, uEcx, uEdx;
3607 CPUMGetGuestCpuId(IEMCPU_TO_VMCPU(pIemCpu), 0x80000001, &uEax, &uEbx, &uEcx, &uEdx);
3608 return (fEcx && (uEcx & fEcx))
3609 || (fEdx && (uEdx & fEdx));
3610}
3611
3612/** @} */
3613
3614
3615/** @name FPU access and helpers.
3616 *
3617 * @{
3618 */
3619
3620
3621/**
3622 * Hook for preparing to use the host FPU.
3623 *
3624 * This is necessary in ring-0 and raw-mode context.
3625 *
3626 * @param pIemCpu The IEM per CPU data.
3627 */
3628DECLINLINE(void) iemFpuPrepareUsage(PIEMCPU pIemCpu)
3629{
3630#ifdef IN_RING3
3631 NOREF(pIemCpu);
3632#else
3633/** @todo RZ: FIXME */
3634//# error "Implement me"
3635#endif
3636}
3637
3638
3639/**
3640 * Stores a QNaN value into a FPU register.
3641 *
3642 * @param pReg Pointer to the register.
3643 */
3644DECLINLINE(void) iemFpuStoreQNan(PRTFLOAT80U pReg)
3645{
3646 pReg->au32[0] = UINT32_C(0x00000000);
3647 pReg->au32[1] = UINT32_C(0xc0000000);
3648 pReg->au16[4] = UINT16_C(0xffff);
3649}
3650
3651
3652/**
3653 * Updates the FOP, FPU.CS and FPUIP registers.
3654 *
3655 * @param pIemCpu The IEM per CPU data.
3656 * @param pCtx The CPU context.
3657 */
3658DECLINLINE(void) iemFpuUpdateOpcodeAndIpWorker(PIEMCPU pIemCpu, PCPUMCTX pCtx)
3659{
3660 pCtx->fpu.FOP = pIemCpu->abOpcode[pIemCpu->offFpuOpcode]
3661 | ((uint16_t)(pIemCpu->abOpcode[pIemCpu->offFpuOpcode - 1] & 0x7) << 8);
3662 /** @todo FPU.CS and FPUIP needs to be kept seperately. */
3663 if (IEM_IS_REAL_OR_V86_MODE(pIemCpu))
3664 {
3665 /** @todo Testcase: making assumptions about how FPUIP and FPUDP are handled
3666 * happens in real mode here based on the fnsave and fnstenv images. */
3667 pCtx->fpu.CS = 0;
3668 pCtx->fpu.FPUIP = pCtx->eip | ((uint32_t)pCtx->cs.Sel << 4);
3669 }
3670 else
3671 {
3672 pCtx->fpu.CS = pCtx->cs.Sel;
3673 pCtx->fpu.FPUIP = pCtx->rip;
3674 }
3675}
3676
3677
3678/**
3679 * Updates the FPU.DS and FPUDP registers.
3680 *
3681 * @param pIemCpu The IEM per CPU data.
3682 * @param pCtx The CPU context.
3683 * @param iEffSeg The effective segment register.
3684 * @param GCPtrEff The effective address relative to @a iEffSeg.
3685 */
3686DECLINLINE(void) iemFpuUpdateDP(PIEMCPU pIemCpu, PCPUMCTX pCtx, uint8_t iEffSeg, RTGCPTR GCPtrEff)
3687{
3688 RTSEL sel;
3689 switch (iEffSeg)
3690 {
3691 case X86_SREG_DS: sel = pCtx->ds.Sel; break;
3692 case X86_SREG_SS: sel = pCtx->ss.Sel; break;
3693 case X86_SREG_CS: sel = pCtx->cs.Sel; break;
3694 case X86_SREG_ES: sel = pCtx->es.Sel; break;
3695 case X86_SREG_FS: sel = pCtx->fs.Sel; break;
3696 case X86_SREG_GS: sel = pCtx->gs.Sel; break;
3697 default:
3698 AssertMsgFailed(("%d\n", iEffSeg));
3699 sel = pCtx->ds.Sel;
3700 }
3701 /** @todo FPU.DS and FPUDP needs to be kept seperately. */
3702 if (IEM_IS_REAL_OR_V86_MODE(pIemCpu))
3703 {
3704 pCtx->fpu.DS = 0;
3705 pCtx->fpu.FPUDP = (uint32_t)GCPtrEff | ((uint32_t)sel << 4);
3706 }
3707 else
3708 {
3709 pCtx->fpu.DS = sel;
3710 pCtx->fpu.FPUDP = GCPtrEff;
3711 }
3712}
3713
3714
3715/**
3716 * Rotates the stack registers in the push direction.
3717 *
3718 * @param pCtx The CPU context.
3719 * @remarks This is a complete waste of time, but fxsave stores the registers in
3720 * stack order.
3721 */
3722DECLINLINE(void) iemFpuRotateStackPush(PCPUMCTX pCtx)
3723{
3724 RTFLOAT80U r80Tmp = pCtx->fpu.aRegs[7].r80;
3725 pCtx->fpu.aRegs[7].r80 = pCtx->fpu.aRegs[6].r80;
3726 pCtx->fpu.aRegs[6].r80 = pCtx->fpu.aRegs[5].r80;
3727 pCtx->fpu.aRegs[5].r80 = pCtx->fpu.aRegs[4].r80;
3728 pCtx->fpu.aRegs[4].r80 = pCtx->fpu.aRegs[3].r80;
3729 pCtx->fpu.aRegs[3].r80 = pCtx->fpu.aRegs[2].r80;
3730 pCtx->fpu.aRegs[2].r80 = pCtx->fpu.aRegs[1].r80;
3731 pCtx->fpu.aRegs[1].r80 = pCtx->fpu.aRegs[0].r80;
3732 pCtx->fpu.aRegs[0].r80 = r80Tmp;
3733}
3734
3735
3736/**
3737 * Rotates the stack registers in the pop direction.
3738 *
3739 * @param pCtx The CPU context.
3740 * @remarks This is a complete waste of time, but fxsave stores the registers in
3741 * stack order.
3742 */
3743DECLINLINE(void) iemFpuRotateStackPop(PCPUMCTX pCtx)
3744{
3745 RTFLOAT80U r80Tmp = pCtx->fpu.aRegs[0].r80;
3746 pCtx->fpu.aRegs[0].r80 = pCtx->fpu.aRegs[1].r80;
3747 pCtx->fpu.aRegs[1].r80 = pCtx->fpu.aRegs[2].r80;
3748 pCtx->fpu.aRegs[2].r80 = pCtx->fpu.aRegs[3].r80;
3749 pCtx->fpu.aRegs[3].r80 = pCtx->fpu.aRegs[4].r80;
3750 pCtx->fpu.aRegs[4].r80 = pCtx->fpu.aRegs[5].r80;
3751 pCtx->fpu.aRegs[5].r80 = pCtx->fpu.aRegs[6].r80;
3752 pCtx->fpu.aRegs[6].r80 = pCtx->fpu.aRegs[7].r80;
3753 pCtx->fpu.aRegs[7].r80 = r80Tmp;
3754}
3755
3756
3757/**
3758 * Updates FSW and pushes a FPU result onto the FPU stack if no pending
3759 * exception prevents it.
3760 *
3761 * @param pIemCpu The IEM per CPU data.
3762 * @param pResult The FPU operation result to push.
3763 * @param pCtx The CPU context.
3764 */
3765static void iemFpuMaybePushResult(PIEMCPU pIemCpu, PIEMFPURESULT pResult, PCPUMCTX pCtx)
3766{
3767 /* Update FSW and bail if there are pending exceptions afterwards. */
3768 uint16_t fFsw = pCtx->fpu.FSW & ~X86_FSW_C_MASK;
3769 fFsw |= pResult->FSW & ~X86_FSW_TOP_MASK;
3770 if ( (fFsw & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
3771 & ~(pCtx->fpu.FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
3772 {
3773 pCtx->fpu.FSW = fFsw;
3774 return;
3775 }
3776
3777 uint16_t iNewTop = (X86_FSW_TOP_GET(fFsw) + 7) & X86_FSW_TOP_SMASK;
3778 if (!(pCtx->fpu.FTW & RT_BIT(iNewTop)))
3779 {
3780 /* All is fine, push the actual value. */
3781 pCtx->fpu.FTW |= RT_BIT(iNewTop);
3782 pCtx->fpu.aRegs[7].r80 = pResult->r80Result;
3783 }
3784 else if (pCtx->fpu.FCW & X86_FCW_IM)
3785 {
3786 /* Masked stack overflow, push QNaN. */
3787 fFsw |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1;
3788 iemFpuStoreQNan(&pCtx->fpu.aRegs[7].r80);
3789 }
3790 else
3791 {
3792 /* Raise stack overflow, don't push anything. */
3793 pCtx->fpu.FSW |= pResult->FSW & ~X86_FSW_C_MASK;
3794 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1 | X86_FSW_B | X86_FSW_ES;
3795 return;
3796 }
3797
3798 fFsw &= ~X86_FSW_TOP_MASK;
3799 fFsw |= iNewTop << X86_FSW_TOP_SHIFT;
3800 pCtx->fpu.FSW = fFsw;
3801
3802 iemFpuRotateStackPush(pCtx);
3803}
3804
3805
3806/**
3807 * Stores a result in a FPU register and updates the FSW and FTW.
3808 *
3809 * @param pIemCpu The IEM per CPU data.
3810 * @param pResult The result to store.
3811 * @param iStReg Which FPU register to store it in.
3812 * @param pCtx The CPU context.
3813 */
3814static void iemFpuStoreResultOnly(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg, PCPUMCTX pCtx)
3815{
3816 Assert(iStReg < 8);
3817 uint16_t iReg = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + iStReg) & X86_FSW_TOP_SMASK;
3818 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
3819 pCtx->fpu.FSW |= pResult->FSW & ~X86_FSW_TOP_MASK;
3820 pCtx->fpu.FTW |= RT_BIT(iReg);
3821 pCtx->fpu.aRegs[iStReg].r80 = pResult->r80Result;
3822}
3823
3824
3825/**
3826 * Only updates the FPU status word (FSW) with the result of the current
3827 * instruction.
3828 *
3829 * @param pCtx The CPU context.
3830 * @param u16FSW The FSW output of the current instruction.
3831 */
3832static void iemFpuUpdateFSWOnly(PCPUMCTX pCtx, uint16_t u16FSW)
3833{
3834 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
3835 pCtx->fpu.FSW |= u16FSW & ~X86_FSW_TOP_MASK;
3836}
3837
3838
3839/**
3840 * Pops one item off the FPU stack if no pending exception prevents it.
3841 *
3842 * @param pCtx The CPU context.
3843 */
3844static void iemFpuMaybePopOne(PCPUMCTX pCtx)
3845{
3846 /* Check pending exceptions. */
3847 uint16_t uFSW = pCtx->fpu.FSW;
3848 if ( (pCtx->fpu.FSW & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
3849 & ~(pCtx->fpu.FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
3850 return;
3851
3852 /* TOP--. */
3853 uint16_t iOldTop = uFSW & X86_FSW_TOP_MASK;
3854 uFSW &= ~X86_FSW_TOP_MASK;
3855 uFSW |= (iOldTop + (UINT16_C(9) << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
3856 pCtx->fpu.FSW = uFSW;
3857
3858 /* Mark the previous ST0 as empty. */
3859 iOldTop >>= X86_FSW_TOP_SHIFT;
3860 pCtx->fpu.FTW &= ~RT_BIT(iOldTop);
3861
3862 /* Rotate the registers. */
3863 iemFpuRotateStackPop(pCtx);
3864}
3865
3866
3867/**
3868 * Pushes a FPU result onto the FPU stack if no pending exception prevents it.
3869 *
3870 * @param pIemCpu The IEM per CPU data.
3871 * @param pResult The FPU operation result to push.
3872 */
3873static void iemFpuPushResult(PIEMCPU pIemCpu, PIEMFPURESULT pResult)
3874{
3875 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3876 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
3877 iemFpuMaybePushResult(pIemCpu, pResult, pCtx);
3878}
3879
3880
3881/**
3882 * Pushes a FPU result onto the FPU stack if no pending exception prevents it,
3883 * and sets FPUDP and FPUDS.
3884 *
3885 * @param pIemCpu The IEM per CPU data.
3886 * @param pResult The FPU operation result to push.
3887 * @param iEffSeg The effective segment register.
3888 * @param GCPtrEff The effective address relative to @a iEffSeg.
3889 */
3890static void iemFpuPushResultWithMemOp(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iEffSeg, RTGCPTR GCPtrEff)
3891{
3892 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3893 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
3894 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
3895 iemFpuMaybePushResult(pIemCpu, pResult, pCtx);
3896}
3897
3898
3899/**
3900 * Replace ST0 with the first value and push the second onto the FPU stack,
3901 * unless a pending exception prevents it.
3902 *
3903 * @param pIemCpu The IEM per CPU data.
3904 * @param pResult The FPU operation result to store and push.
3905 */
3906static void iemFpuPushResultTwo(PIEMCPU pIemCpu, PIEMFPURESULTTWO pResult)
3907{
3908 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3909 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
3910
3911 /* Update FSW and bail if there are pending exceptions afterwards. */
3912 uint16_t fFsw = pCtx->fpu.FSW & ~X86_FSW_C_MASK;
3913 fFsw |= pResult->FSW & ~X86_FSW_TOP_MASK;
3914 if ( (fFsw & (X86_FSW_IE | X86_FSW_ZE | X86_FSW_DE))
3915 & ~(pCtx->fpu.FCW & (X86_FCW_IM | X86_FCW_ZM | X86_FCW_DM)))
3916 {
3917 pCtx->fpu.FSW = fFsw;
3918 return;
3919 }
3920
3921 uint16_t iNewTop = (X86_FSW_TOP_GET(fFsw) + 7) & X86_FSW_TOP_SMASK;
3922 if (!(pCtx->fpu.FTW & RT_BIT(iNewTop)))
3923 {
3924 /* All is fine, push the actual value. */
3925 pCtx->fpu.FTW |= RT_BIT(iNewTop);
3926 pCtx->fpu.aRegs[0].r80 = pResult->r80Result1;
3927 pCtx->fpu.aRegs[7].r80 = pResult->r80Result2;
3928 }
3929 else if (pCtx->fpu.FCW & X86_FCW_IM)
3930 {
3931 /* Masked stack overflow, push QNaN. */
3932 fFsw |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1;
3933 iemFpuStoreQNan(&pCtx->fpu.aRegs[0].r80);
3934 iemFpuStoreQNan(&pCtx->fpu.aRegs[7].r80);
3935 }
3936 else
3937 {
3938 /* Raise stack overflow, don't push anything. */
3939 pCtx->fpu.FSW |= pResult->FSW & ~X86_FSW_C_MASK;
3940 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_C1 | X86_FSW_B | X86_FSW_ES;
3941 return;
3942 }
3943
3944 fFsw &= ~X86_FSW_TOP_MASK;
3945 fFsw |= iNewTop << X86_FSW_TOP_SHIFT;
3946 pCtx->fpu.FSW = fFsw;
3947
3948 iemFpuRotateStackPush(pCtx);
3949}
3950
3951
3952/**
3953 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, and
3954 * FOP.
3955 *
3956 * @param pIemCpu The IEM per CPU data.
3957 * @param pResult The result to store.
3958 * @param iStReg Which FPU register to store it in.
3959 * @param pCtx The CPU context.
3960 */
3961static void iemFpuStoreResult(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg)
3962{
3963 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3964 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
3965 iemFpuStoreResultOnly(pIemCpu, pResult, iStReg, pCtx);
3966}
3967
3968
3969/**
3970 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, and
3971 * FOP, and then pops the stack.
3972 *
3973 * @param pIemCpu The IEM per CPU data.
3974 * @param pResult The result to store.
3975 * @param iStReg Which FPU register to store it in.
3976 * @param pCtx The CPU context.
3977 */
3978static void iemFpuStoreResultThenPop(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg)
3979{
3980 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
3981 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
3982 iemFpuStoreResultOnly(pIemCpu, pResult, iStReg, pCtx);
3983 iemFpuMaybePopOne(pCtx);
3984}
3985
3986
3987/**
3988 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, FOP,
3989 * FPUDP, and FPUDS.
3990 *
3991 * @param pIemCpu The IEM per CPU data.
3992 * @param pResult The result to store.
3993 * @param iStReg Which FPU register to store it in.
3994 * @param pCtx The CPU context.
3995 * @param iEffSeg The effective memory operand selector register.
3996 * @param GCPtrEff The effective memory operand offset.
3997 */
3998static void iemFpuStoreResultWithMemOp(PIEMCPU pIemCpu, PIEMFPURESULT pResult, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
3999{
4000 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4001 iemFpuUpdateDP(pIemCpu, pIemCpu->CTX_SUFF(pCtx), iEffSeg, GCPtrEff);
4002 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4003 iemFpuStoreResultOnly(pIemCpu, pResult, iStReg, pCtx);
4004}
4005
4006
4007/**
4008 * Stores a result in a FPU register, updates the FSW, FTW, FPUIP, FPUCS, FOP,
4009 * FPUDP, and FPUDS, and then pops the stack.
4010 *
4011 * @param pIemCpu The IEM per CPU data.
4012 * @param pResult The result to store.
4013 * @param iStReg Which FPU register to store it in.
4014 * @param pCtx The CPU context.
4015 * @param iEffSeg The effective memory operand selector register.
4016 * @param GCPtrEff The effective memory operand offset.
4017 */
4018static void iemFpuStoreResultWithMemOpThenPop(PIEMCPU pIemCpu, PIEMFPURESULT pResult,
4019 uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
4020{
4021 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4022 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
4023 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4024 iemFpuStoreResultOnly(pIemCpu, pResult, iStReg, pCtx);
4025 iemFpuMaybePopOne(pCtx);
4026}
4027
4028
4029/**
4030 * Updates the FOP, FPUIP, and FPUCS. For FNOP.
4031 *
4032 * @param pIemCpu The IEM per CPU data.
4033 */
4034static void iemFpuUpdateOpcodeAndIp(PIEMCPU pIemCpu)
4035{
4036 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pIemCpu->CTX_SUFF(pCtx));
4037}
4038
4039
4040/**
4041 * Marks the specified stack register as free (for FFREE).
4042 *
4043 * @param pIemCpu The IEM per CPU data.
4044 * @param iStReg The register to free.
4045 */
4046static void iemFpuStackFree(PIEMCPU pIemCpu, uint8_t iStReg)
4047{
4048 Assert(iStReg < 8);
4049 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4050 uint8_t iReg = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + iStReg) & X86_FSW_TOP_SMASK;
4051 pCtx->fpu.FTW &= ~RT_BIT(iReg);
4052}
4053
4054
4055/**
4056 * Increments FSW.TOP, i.e. pops an item off the stack without freeing it.
4057 *
4058 * @param pIemCpu The IEM per CPU data.
4059 */
4060static void iemFpuStackIncTop(PIEMCPU pIemCpu)
4061{
4062 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4063 uint16_t uFsw = pCtx->fpu.FSW;
4064 uint16_t uTop = uFsw & X86_FSW_TOP_MASK;
4065 uTop = (uTop + (1 << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
4066 uFsw &= ~X86_FSW_TOP_MASK;
4067 uFsw |= uTop;
4068 pCtx->fpu.FSW = uFsw;
4069}
4070
4071
4072/**
4073 * Decrements FSW.TOP, i.e. push an item off the stack without storing anything.
4074 *
4075 * @param pIemCpu The IEM per CPU data.
4076 */
4077static void iemFpuStackDecTop(PIEMCPU pIemCpu)
4078{
4079 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4080 uint16_t uFsw = pCtx->fpu.FSW;
4081 uint16_t uTop = uFsw & X86_FSW_TOP_MASK;
4082 uTop = (uTop + (7 << X86_FSW_TOP_SHIFT)) & X86_FSW_TOP_MASK;
4083 uFsw &= ~X86_FSW_TOP_MASK;
4084 uFsw |= uTop;
4085 pCtx->fpu.FSW = uFsw;
4086}
4087
4088
4089/**
4090 * Updates the FSW, FOP, FPUIP, and FPUCS.
4091 *
4092 * @param pIemCpu The IEM per CPU data.
4093 * @param u16FSW The FSW from the current instruction.
4094 */
4095static void iemFpuUpdateFSW(PIEMCPU pIemCpu, uint16_t u16FSW)
4096{
4097 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4098 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4099 iemFpuUpdateFSWOnly(pCtx, u16FSW);
4100}
4101
4102
4103/**
4104 * Updates the FSW, FOP, FPUIP, and FPUCS, then pops the stack.
4105 *
4106 * @param pIemCpu The IEM per CPU data.
4107 * @param u16FSW The FSW from the current instruction.
4108 */
4109static void iemFpuUpdateFSWThenPop(PIEMCPU pIemCpu, uint16_t u16FSW)
4110{
4111 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4112 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4113 iemFpuUpdateFSWOnly(pCtx, u16FSW);
4114 iemFpuMaybePopOne(pCtx);
4115}
4116
4117
4118/**
4119 * Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS.
4120 *
4121 * @param pIemCpu The IEM per CPU data.
4122 * @param u16FSW The FSW from the current instruction.
4123 * @param iEffSeg The effective memory operand selector register.
4124 * @param GCPtrEff The effective memory operand offset.
4125 */
4126static void iemFpuUpdateFSWWithMemOp(PIEMCPU pIemCpu, uint16_t u16FSW, uint8_t iEffSeg, RTGCPTR GCPtrEff)
4127{
4128 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4129 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
4130 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4131 iemFpuUpdateFSWOnly(pCtx, u16FSW);
4132}
4133
4134
4135/**
4136 * Updates the FSW, FOP, FPUIP, and FPUCS, then pops the stack twice.
4137 *
4138 * @param pIemCpu The IEM per CPU data.
4139 * @param u16FSW The FSW from the current instruction.
4140 */
4141static void iemFpuUpdateFSWThenPopPop(PIEMCPU pIemCpu, uint16_t u16FSW)
4142{
4143 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4144 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4145 iemFpuUpdateFSWOnly(pCtx, u16FSW);
4146 iemFpuMaybePopOne(pCtx);
4147 iemFpuMaybePopOne(pCtx);
4148}
4149
4150
4151/**
4152 * Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS, then pops the stack.
4153 *
4154 * @param pIemCpu The IEM per CPU data.
4155 * @param u16FSW The FSW from the current instruction.
4156 * @param iEffSeg The effective memory operand selector register.
4157 * @param GCPtrEff The effective memory operand offset.
4158 */
4159static void iemFpuUpdateFSWWithMemOpThenPop(PIEMCPU pIemCpu, uint16_t u16FSW, uint8_t iEffSeg, RTGCPTR GCPtrEff)
4160{
4161 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4162 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
4163 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4164 iemFpuUpdateFSWOnly(pCtx, u16FSW);
4165 iemFpuMaybePopOne(pCtx);
4166}
4167
4168
4169/**
4170 * Worker routine for raising an FPU stack underflow exception.
4171 *
4172 * @param pIemCpu The IEM per CPU data.
4173 * @param iStReg The stack register being accessed.
4174 * @param pCtx The CPU context.
4175 */
4176static void iemFpuStackUnderflowOnly(PIEMCPU pIemCpu, uint8_t iStReg, PCPUMCTX pCtx)
4177{
4178 Assert(iStReg < 8 || iStReg == UINT8_MAX);
4179 if (pCtx->fpu.FCW & X86_FCW_IM)
4180 {
4181 /* Masked underflow. */
4182 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
4183 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF;
4184 uint16_t iReg = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + iStReg) & X86_FSW_TOP_SMASK;
4185 if (iStReg != UINT8_MAX)
4186 {
4187 pCtx->fpu.FTW |= RT_BIT(iReg);
4188 iemFpuStoreQNan(&pCtx->fpu.aRegs[iStReg].r80);
4189 }
4190 }
4191 else
4192 {
4193 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
4194 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
4195 }
4196}
4197
4198
4199/**
4200 * Raises a FPU stack underflow exception.
4201 *
4202 * @param pIemCpu The IEM per CPU data.
4203 * @param iStReg The destination register that should be loaded
4204 * with QNaN if \#IS is not masked. Specify
4205 * UINT8_MAX if none (like for fcom).
4206 */
4207DECL_NO_INLINE(static, void) iemFpuStackUnderflow(PIEMCPU pIemCpu, uint8_t iStReg)
4208{
4209 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4210 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4211 iemFpuStackUnderflowOnly(pIemCpu, iStReg, pCtx);
4212}
4213
4214
4215DECL_NO_INLINE(static, void)
4216iemFpuStackUnderflowWithMemOp(PIEMCPU pIemCpu, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
4217{
4218 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4219 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
4220 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4221 iemFpuStackUnderflowOnly(pIemCpu, iStReg, pCtx);
4222}
4223
4224
4225DECL_NO_INLINE(static, void) iemFpuStackUnderflowThenPop(PIEMCPU pIemCpu, uint8_t iStReg)
4226{
4227 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4228 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4229 iemFpuStackUnderflowOnly(pIemCpu, iStReg, pCtx);
4230 iemFpuMaybePopOne(pCtx);
4231}
4232
4233
4234DECL_NO_INLINE(static, void)
4235iemFpuStackUnderflowWithMemOpThenPop(PIEMCPU pIemCpu, uint8_t iStReg, uint8_t iEffSeg, RTGCPTR GCPtrEff)
4236{
4237 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4238 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
4239 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4240 iemFpuStackUnderflowOnly(pIemCpu, iStReg, pCtx);
4241 iemFpuMaybePopOne(pCtx);
4242}
4243
4244
4245DECL_NO_INLINE(static, void) iemFpuStackUnderflowThenPopPop(PIEMCPU pIemCpu)
4246{
4247 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4248 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4249 iemFpuStackUnderflowOnly(pIemCpu, UINT8_MAX, pCtx);
4250 iemFpuMaybePopOne(pCtx);
4251 iemFpuMaybePopOne(pCtx);
4252}
4253
4254
4255DECL_NO_INLINE(static, void)
4256iemFpuStackPushUnderflow(PIEMCPU pIemCpu)
4257{
4258 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4259 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4260
4261 if (pCtx->fpu.FCW & X86_FCW_IM)
4262 {
4263 /* Masked overflow - Push QNaN. */
4264 uint16_t iNewTop = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + 7) & X86_FSW_TOP_SMASK;
4265 pCtx->fpu.FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
4266 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF;
4267 pCtx->fpu.FSW |= iNewTop << X86_FSW_TOP_SHIFT;
4268 pCtx->fpu.FTW |= RT_BIT(iNewTop);
4269 iemFpuStoreQNan(&pCtx->fpu.aRegs[7].r80);
4270 iemFpuRotateStackPush(pCtx);
4271 }
4272 else
4273 {
4274 /* Exception pending - don't change TOP or the register stack. */
4275 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
4276 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
4277 }
4278}
4279
4280
4281DECL_NO_INLINE(static, void)
4282iemFpuStackPushUnderflowTwo(PIEMCPU pIemCpu)
4283{
4284 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4285 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4286
4287 if (pCtx->fpu.FCW & X86_FCW_IM)
4288 {
4289 /* Masked overflow - Push QNaN. */
4290 uint16_t iNewTop = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + 7) & X86_FSW_TOP_SMASK;
4291 pCtx->fpu.FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
4292 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF;
4293 pCtx->fpu.FSW |= iNewTop << X86_FSW_TOP_SHIFT;
4294 pCtx->fpu.FTW |= RT_BIT(iNewTop);
4295 iemFpuStoreQNan(&pCtx->fpu.aRegs[0].r80);
4296 iemFpuStoreQNan(&pCtx->fpu.aRegs[7].r80);
4297 iemFpuRotateStackPush(pCtx);
4298 }
4299 else
4300 {
4301 /* Exception pending - don't change TOP or the register stack. */
4302 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
4303 pCtx->fpu.FSW |= X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
4304 }
4305}
4306
4307
4308/**
4309 * Worker routine for raising an FPU stack overflow exception on a push.
4310 *
4311 * @param pIemCpu The IEM per CPU data.
4312 * @param pCtx The CPU context.
4313 */
4314static void iemFpuStackPushOverflowOnly(PIEMCPU pIemCpu, PCPUMCTX pCtx)
4315{
4316 if (pCtx->fpu.FCW & X86_FCW_IM)
4317 {
4318 /* Masked overflow. */
4319 uint16_t iNewTop = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + 7) & X86_FSW_TOP_SMASK;
4320 pCtx->fpu.FSW &= ~(X86_FSW_TOP_MASK | X86_FSW_C_MASK);
4321 pCtx->fpu.FSW |= X86_FSW_C1 | X86_FSW_IE | X86_FSW_SF;
4322 pCtx->fpu.FSW |= iNewTop << X86_FSW_TOP_SHIFT;
4323 pCtx->fpu.FTW |= RT_BIT(iNewTop);
4324 iemFpuStoreQNan(&pCtx->fpu.aRegs[7].r80);
4325 iemFpuRotateStackPush(pCtx);
4326 }
4327 else
4328 {
4329 /* Exception pending - don't change TOP or the register stack. */
4330 pCtx->fpu.FSW &= ~X86_FSW_C_MASK;
4331 pCtx->fpu.FSW |= X86_FSW_C1 | X86_FSW_IE | X86_FSW_SF | X86_FSW_ES | X86_FSW_B;
4332 }
4333}
4334
4335
4336/**
4337 * Raises a FPU stack overflow exception on a push.
4338 *
4339 * @param pIemCpu The IEM per CPU data.
4340 */
4341DECL_NO_INLINE(static, void) iemFpuStackPushOverflow(PIEMCPU pIemCpu)
4342{
4343 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4344 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4345 iemFpuStackPushOverflowOnly(pIemCpu, pCtx);
4346}
4347
4348
4349/**
4350 * Raises a FPU stack overflow exception on a push with a memory operand.
4351 *
4352 * @param pIemCpu The IEM per CPU data.
4353 * @param iEffSeg The effective memory operand selector register.
4354 * @param GCPtrEff The effective memory operand offset.
4355 */
4356DECL_NO_INLINE(static, void)
4357iemFpuStackPushOverflowWithMemOp(PIEMCPU pIemCpu, uint8_t iEffSeg, RTGCPTR GCPtrEff)
4358{
4359 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4360 iemFpuUpdateDP(pIemCpu, pCtx, iEffSeg, GCPtrEff);
4361 iemFpuUpdateOpcodeAndIpWorker(pIemCpu, pCtx);
4362 iemFpuStackPushOverflowOnly(pIemCpu, pCtx);
4363}
4364
4365
4366static int iemFpuStRegNotEmpty(PIEMCPU pIemCpu, uint8_t iStReg)
4367{
4368 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4369 uint16_t iReg = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + iStReg) & X86_FSW_TOP_SMASK;
4370 if (pCtx->fpu.FTW & RT_BIT(iReg))
4371 return VINF_SUCCESS;
4372 return VERR_NOT_FOUND;
4373}
4374
4375
4376static int iemFpuStRegNotEmptyRef(PIEMCPU pIemCpu, uint8_t iStReg, PCRTFLOAT80U *ppRef)
4377{
4378 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4379 uint16_t iReg = (X86_FSW_TOP_GET(pCtx->fpu.FSW) + iStReg) & X86_FSW_TOP_SMASK;
4380 if (pCtx->fpu.FTW & RT_BIT(iReg))
4381 {
4382 *ppRef = &pCtx->fpu.aRegs[iStReg].r80;
4383 return VINF_SUCCESS;
4384 }
4385 return VERR_NOT_FOUND;
4386}
4387
4388
4389static int iemFpu2StRegsNotEmptyRef(PIEMCPU pIemCpu, uint8_t iStReg0, PCRTFLOAT80U *ppRef0,
4390 uint8_t iStReg1, PCRTFLOAT80U *ppRef1)
4391{
4392 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4393 uint16_t iTop = X86_FSW_TOP_GET(pCtx->fpu.FSW);
4394 uint16_t iReg0 = (iTop + iStReg0) & X86_FSW_TOP_SMASK;
4395 uint16_t iReg1 = (iTop + iStReg1) & X86_FSW_TOP_SMASK;
4396 if ((pCtx->fpu.FTW & (RT_BIT(iReg0) | RT_BIT(iReg1))) == (RT_BIT(iReg0) | RT_BIT(iReg1)))
4397 {
4398 *ppRef0 = &pCtx->fpu.aRegs[iStReg0].r80;
4399 *ppRef1 = &pCtx->fpu.aRegs[iStReg1].r80;
4400 return VINF_SUCCESS;
4401 }
4402 return VERR_NOT_FOUND;
4403}
4404
4405
4406static int iemFpu2StRegsNotEmptyRefFirst(PIEMCPU pIemCpu, uint8_t iStReg0, PCRTFLOAT80U *ppRef0, uint8_t iStReg1)
4407{
4408 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
4409 uint16_t iTop = X86_FSW_TOP_GET(pCtx->fpu.FSW);
4410 uint16_t iReg0 = (iTop + iStReg0) & X86_FSW_TOP_SMASK;
4411 uint16_t iReg1 = (iTop + iStReg1) & X86_FSW_TOP_SMASK;
4412 if ((pCtx->fpu.FTW & (RT_BIT(iReg0) | RT_BIT(iReg1))) == (RT_BIT(iReg0) | RT_BIT(iReg1)))
4413 {
4414 *ppRef0 = &pCtx->fpu.aRegs[iStReg0].r80;
4415 return VINF_SUCCESS;
4416 }
4417 return VERR_NOT_FOUND;
4418}
4419
4420
4421/**
4422 * Updates the FPU exception status after FCW is changed.
4423 *
4424 * @param pCtx The CPU context.
4425 */
4426static void iemFpuRecalcExceptionStatus(PCPUMCTX pCtx)
4427{
4428 uint16_t u16Fsw = pCtx->fpu.FSW;
4429 if ((u16Fsw & X86_FSW_XCPT_MASK) & ~(pCtx->fpu.FCW & X86_FCW_XCPT_MASK))
4430 u16Fsw |= X86_FSW_ES | X86_FSW_B;
4431 else
4432 u16Fsw &= ~(X86_FSW_ES | X86_FSW_B);
4433 pCtx->fpu.FSW = u16Fsw;
4434}
4435
4436
4437/**
4438 * Calculates the full FTW (FPU tag word) for use in FNSTENV and FNSAVE.
4439 *
4440 * @returns The full FTW.
4441 * @param pCtx The CPU state.
4442 */
4443static uint16_t iemFpuCalcFullFtw(PCCPUMCTX pCtx)
4444{
4445 uint8_t const u8Ftw = (uint8_t)pCtx->fpu.FTW;
4446 uint16_t u16Ftw = 0;
4447 unsigned const iTop = X86_FSW_TOP_GET(pCtx->fpu.FSW);
4448 for (unsigned iSt = 0; iSt < 8; iSt++)
4449 {
4450 unsigned const iReg = (iSt + iTop) & 7;
4451 if (!(u8Ftw & RT_BIT(iReg)))
4452 u16Ftw |= 3 << (iReg * 2); /* empty */
4453 else
4454 {
4455 uint16_t uTag;
4456 PCRTFLOAT80U const pr80Reg = &pCtx->fpu.aRegs[iSt].r80;
4457 if (pr80Reg->s.uExponent == 0x7fff)
4458 uTag = 2; /* Exponent is all 1's => Special. */
4459 else if (pr80Reg->s.uExponent == 0x0000)
4460 {
4461 if (pr80Reg->s.u64Mantissa == 0x0000)
4462 uTag = 1; /* All bits are zero => Zero. */
4463 else
4464 uTag = 2; /* Must be special. */
4465 }
4466 else if (pr80Reg->s.u64Mantissa & RT_BIT_64(63)) /* The J bit. */
4467 uTag = 0; /* Valid. */
4468 else
4469 uTag = 2; /* Must be special. */
4470
4471 u16Ftw |= uTag << (iReg * 2); /* empty */
4472 }
4473 }
4474
4475 return u16Ftw;
4476}
4477
4478
4479/**
4480 * Converts a full FTW to a compressed one (for use in FLDENV and FRSTOR).
4481 *
4482 * @returns The compressed FTW.
4483 * @param u16FullFtw The full FTW to convert.
4484 */
4485static uint16_t iemFpuCompressFtw(uint16_t u16FullFtw)
4486{
4487 uint8_t u8Ftw = 0;
4488 for (unsigned i = 0; i < 8; i++)
4489 {
4490 if ((u16FullFtw & 3) != 3 /*empty*/)
4491 u8Ftw |= RT_BIT(i);
4492 u16FullFtw >>= 2;
4493 }
4494
4495 return u8Ftw;
4496}
4497
4498/** @} */
4499
4500
4501/** @name Memory access.
4502 *
4503 * @{
4504 */
4505
4506
4507/**
4508 * Updates the IEMCPU::cbWritten counter if applicable.
4509 *
4510 * @param pIemCpu The IEM per CPU data.
4511 * @param fAccess The access being accounted for.
4512 * @param cbMem The access size.
4513 */
4514DECL_FORCE_INLINE(void) iemMemUpdateWrittenCounter(PIEMCPU pIemCpu, uint32_t fAccess, size_t cbMem)
4515{
4516 if ( (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_STACK | IEM_ACCESS_TYPE_WRITE)
4517 || (fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_WRITE)) == (IEM_ACCESS_WHAT_DATA | IEM_ACCESS_TYPE_WRITE) )
4518 pIemCpu->cbWritten += (uint32_t)cbMem;
4519}
4520
4521
4522/**
4523 * Checks if the given segment can be written to, raise the appropriate
4524 * exception if not.
4525 *
4526 * @returns VBox strict status code.
4527 *
4528 * @param pIemCpu The IEM per CPU data.
4529 * @param pHid Pointer to the hidden register.
4530 * @param iSegReg The register number.
4531 */
4532static VBOXSTRICTRC iemMemSegCheckWriteAccessEx(PIEMCPU pIemCpu, PCCPUMSELREGHID pHid, uint8_t iSegReg)
4533{
4534 if (!pHid->Attr.n.u1Present)
4535 return iemRaiseSelectorNotPresentBySegReg(pIemCpu, iSegReg);
4536
4537 if ( ( (pHid->Attr.n.u4Type & X86_SEL_TYPE_CODE)
4538 || !(pHid->Attr.n.u4Type & X86_SEL_TYPE_WRITE) )
4539 && pIemCpu->enmCpuMode != IEMMODE_64BIT )
4540 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, IEM_ACCESS_DATA_W);
4541
4542 /** @todo DPL/RPL/CPL? */
4543
4544 return VINF_SUCCESS;
4545}
4546
4547
4548/**
4549 * Checks if the given segment can be read from, raise the appropriate
4550 * exception if not.
4551 *
4552 * @returns VBox strict status code.
4553 *
4554 * @param pIemCpu The IEM per CPU data.
4555 * @param pHid Pointer to the hidden register.
4556 * @param iSegReg The register number.
4557 */
4558static VBOXSTRICTRC iemMemSegCheckReadAccessEx(PIEMCPU pIemCpu, PCCPUMSELREGHID pHid, uint8_t iSegReg)
4559{
4560 if (!pHid->Attr.n.u1Present)
4561 return iemRaiseSelectorNotPresentBySegReg(pIemCpu, iSegReg);
4562
4563 if ( (pHid->Attr.n.u4Type & (X86_SEL_TYPE_CODE | X86_SEL_TYPE_READ)) == X86_SEL_TYPE_CODE
4564 && pIemCpu->enmCpuMode != IEMMODE_64BIT )
4565 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, IEM_ACCESS_DATA_R);
4566
4567 /** @todo DPL/RPL/CPL? */
4568
4569 return VINF_SUCCESS;
4570}
4571
4572
4573/**
4574 * Applies the segment limit, base and attributes.
4575 *
4576 * This may raise a \#GP or \#SS.
4577 *
4578 * @returns VBox strict status code.
4579 *
4580 * @param pIemCpu The IEM per CPU data.
4581 * @param fAccess The kind of access which is being performed.
4582 * @param iSegReg The index of the segment register to apply.
4583 * This is UINT8_MAX if none (for IDT, GDT, LDT,
4584 * TSS, ++).
4585 * @param pGCPtrMem Pointer to the guest memory address to apply
4586 * segmentation to. Input and output parameter.
4587 */
4588static VBOXSTRICTRC iemMemApplySegment(PIEMCPU pIemCpu, uint32_t fAccess, uint8_t iSegReg,
4589 size_t cbMem, PRTGCPTR pGCPtrMem)
4590{
4591 if (iSegReg == UINT8_MAX)
4592 return VINF_SUCCESS;
4593
4594 PCPUMSELREGHID pSel = iemSRegGetHid(pIemCpu, iSegReg);
4595 switch (pIemCpu->enmCpuMode)
4596 {
4597 case IEMMODE_16BIT:
4598 case IEMMODE_32BIT:
4599 {
4600 RTGCPTR32 GCPtrFirst32 = (RTGCPTR32)*pGCPtrMem;
4601 RTGCPTR32 GCPtrLast32 = GCPtrFirst32 + (uint32_t)cbMem - 1;
4602
4603 Assert(pSel->Attr.n.u1Present);
4604 Assert(pSel->Attr.n.u1DescType);
4605 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_CODE))
4606 {
4607 if ( (fAccess & IEM_ACCESS_TYPE_WRITE)
4608 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_WRITE) )
4609 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, fAccess);
4610
4611 if (!IEM_IS_REAL_OR_V86_MODE(pIemCpu))
4612 {
4613 /** @todo CPL check. */
4614 }
4615
4616 /*
4617 * There are two kinds of data selectors, normal and expand down.
4618 */
4619 if (!(pSel->Attr.n.u4Type & X86_SEL_TYPE_DOWN))
4620 {
4621 if ( GCPtrFirst32 > pSel->u32Limit
4622 || GCPtrLast32 > pSel->u32Limit) /* yes, in real mode too (since 80286). */
4623 return iemRaiseSelectorBounds(pIemCpu, iSegReg, fAccess);
4624
4625 *pGCPtrMem = GCPtrFirst32 += (uint32_t)pSel->u64Base;
4626 }
4627 else
4628 {
4629 /** @todo implement expand down segments. */
4630 IEM_RETURN_ASPECT_NOT_IMPLEMENTED_LOG(("Expand down segments\n"));
4631 }
4632 }
4633 else
4634 {
4635
4636 /*
4637 * Code selector and usually be used to read thru, writing is
4638 * only permitted in real and V8086 mode.
4639 */
4640 if ( ( (fAccess & IEM_ACCESS_TYPE_WRITE)
4641 || ( (fAccess & IEM_ACCESS_TYPE_READ)
4642 && !(pSel->Attr.n.u4Type & X86_SEL_TYPE_READ)) )
4643 && !IEM_IS_REAL_OR_V86_MODE(pIemCpu) )
4644 return iemRaiseSelectorInvalidAccess(pIemCpu, iSegReg, fAccess);
4645
4646 if ( GCPtrFirst32 > pSel->u32Limit
4647 || GCPtrLast32 > pSel->u32Limit) /* yes, in real mode too (since 80286). */
4648 return iemRaiseSelectorBounds(pIemCpu, iSegReg, fAccess);
4649
4650 if (!IEM_IS_REAL_OR_V86_MODE(pIemCpu))
4651 {
4652 /** @todo CPL check. */
4653 }
4654
4655 *pGCPtrMem = GCPtrFirst32 += (uint32_t)pSel->u64Base;
4656 }
4657 return VINF_SUCCESS;
4658 }
4659
4660 case IEMMODE_64BIT:
4661 if (iSegReg == X86_SREG_GS || iSegReg == X86_SREG_FS)
4662 *pGCPtrMem += pSel->u64Base;
4663 return VINF_SUCCESS;
4664
4665 default:
4666 AssertFailedReturn(VERR_INTERNAL_ERROR_5);
4667 }
4668}
4669
4670
4671/**
4672 * Translates a virtual address to a physical physical address and checks if we
4673 * can access the page as specified.
4674 *
4675 * @param pIemCpu The IEM per CPU data.
4676 * @param GCPtrMem The virtual address.
4677 * @param fAccess The intended access.
4678 * @param pGCPhysMem Where to return the physical address.
4679 */
4680static VBOXSTRICTRC iemMemPageTranslateAndCheckAccess(PIEMCPU pIemCpu, RTGCPTR GCPtrMem, uint32_t fAccess,
4681 PRTGCPHYS pGCPhysMem)
4682{
4683 /** @todo Need a different PGM interface here. We're currently using
4684 * generic / REM interfaces. this won't cut it for R0 & RC. */
4685 RTGCPHYS GCPhys;
4686 uint64_t fFlags;
4687 int rc = PGMGstGetPage(IEMCPU_TO_VMCPU(pIemCpu), GCPtrMem, &fFlags, &GCPhys);
4688 if (RT_FAILURE(rc))
4689 {
4690 /** @todo Check unassigned memory in unpaged mode. */
4691 /** @todo Reserved bits in page tables. Requires new PGM interface. */
4692 *pGCPhysMem = NIL_RTGCPHYS;
4693 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess, rc);
4694 }
4695
4696 /* If the page is writable and does not have the no-exec bit set, all
4697 access is allowed. Otherwise we'll have to check more carefully... */
4698 if ((fFlags & (X86_PTE_RW | X86_PTE_US | X86_PTE_PAE_NX)) != (X86_PTE_RW | X86_PTE_US))
4699 {
4700 /* Write to read only memory? */
4701 if ( (fAccess & IEM_ACCESS_TYPE_WRITE)
4702 && !(fFlags & X86_PTE_RW)
4703 && ( pIemCpu->uCpl != 0
4704 || (pIemCpu->CTX_SUFF(pCtx)->cr0 & X86_CR0_WP)))
4705 {
4706 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - read-only page -> #PF\n", GCPtrMem));
4707 *pGCPhysMem = NIL_RTGCPHYS;
4708 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess & ~IEM_ACCESS_TYPE_READ, VERR_ACCESS_DENIED);
4709 }
4710
4711 /* Kernel memory accessed by userland? */
4712 if ( !(fFlags & X86_PTE_US)
4713 && pIemCpu->uCpl == 3
4714 && !(fAccess & IEM_ACCESS_WHAT_SYS))
4715 {
4716 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - user access to kernel page -> #PF\n", GCPtrMem));
4717 *pGCPhysMem = NIL_RTGCPHYS;
4718 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess, VERR_ACCESS_DENIED);
4719 }
4720
4721 /* Executing non-executable memory? */
4722 if ( (fAccess & IEM_ACCESS_TYPE_EXEC)
4723 && (fFlags & X86_PTE_PAE_NX)
4724 && (pIemCpu->CTX_SUFF(pCtx)->msrEFER & MSR_K6_EFER_NXE) )
4725 {
4726 Log(("iemMemPageTranslateAndCheckAccess: GCPtrMem=%RGv - NX -> #PF\n", GCPtrMem));
4727 *pGCPhysMem = NIL_RTGCPHYS;
4728 return iemRaisePageFault(pIemCpu, GCPtrMem, fAccess & ~(IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_WRITE),
4729 VERR_ACCESS_DENIED);
4730 }
4731 }
4732
4733 GCPhys |= GCPtrMem & PAGE_OFFSET_MASK;
4734 *pGCPhysMem = GCPhys;
4735 return VINF_SUCCESS;
4736}
4737
4738
4739
4740/**
4741 * Maps a physical page.
4742 *
4743 * @returns VBox status code (see PGMR3PhysTlbGCPhys2Ptr).
4744 * @param pIemCpu The IEM per CPU data.
4745 * @param GCPhysMem The physical address.
4746 * @param fAccess The intended access.
4747 * @param ppvMem Where to return the mapping address.
4748 * @param pLock The PGM lock.
4749 */
4750static int iemMemPageMap(PIEMCPU pIemCpu, RTGCPHYS GCPhysMem, uint32_t fAccess, void **ppvMem, PPGMPAGEMAPLOCK pLock)
4751{
4752#ifdef IEM_VERIFICATION_MODE_FULL
4753 /* Force the alternative path so we can ignore writes. */
4754 if ((fAccess & IEM_ACCESS_TYPE_WRITE) && !pIemCpu->fNoRem)
4755 return VERR_PGM_PHYS_TLB_CATCH_ALL;
4756#endif
4757#ifdef IEM_LOG_MEMORY_WRITES
4758 if (fAccess & IEM_ACCESS_TYPE_WRITE)
4759 return VERR_PGM_PHYS_TLB_CATCH_ALL;
4760#endif
4761#ifdef IEM_VERIFICATION_MODE_MINIMAL
4762 return VERR_PGM_PHYS_TLB_CATCH_ALL;
4763#endif
4764
4765 /** @todo This API may require some improving later. A private deal with PGM
4766 * regarding locking and unlocking needs to be struct. A couple of TLBs
4767 * living in PGM, but with publicly accessible inlined access methods
4768 * could perhaps be an even better solution. */
4769 int rc = PGMPhysIemGCPhys2Ptr(IEMCPU_TO_VM(pIemCpu),
4770 GCPhysMem,
4771 RT_BOOL(fAccess & IEM_ACCESS_TYPE_WRITE),
4772 pIemCpu->fBypassHandlers,
4773 ppvMem,
4774 pLock);
4775 /*Log(("PGMPhysIemGCPhys2Ptr %Rrc pLock=%.*Rhxs\n", rc, sizeof(*pLock), pLock));*/
4776 AssertMsg(rc == VINF_SUCCESS || RT_FAILURE_NP(rc), ("%Rrc\n", rc));
4777 return rc;
4778}
4779
4780
4781/**
4782 * Unmap a page previously mapped by iemMemPageMap.
4783 *
4784 * @param pIemCpu The IEM per CPU data.
4785 * @param GCPhysMem The physical address.
4786 * @param fAccess The intended access.
4787 * @param pvMem What iemMemPageMap returned.
4788 * @param pLock The PGM lock.
4789 */
4790DECLINLINE(void) iemMemPageUnmap(PIEMCPU pIemCpu, RTGCPHYS GCPhysMem, uint32_t fAccess, const void *pvMem, PPGMPAGEMAPLOCK pLock)
4791{
4792 NOREF(pIemCpu);
4793 NOREF(GCPhysMem);
4794 NOREF(fAccess);
4795 NOREF(pvMem);
4796 PGMPhysReleasePageMappingLock(IEMCPU_TO_VM(pIemCpu), pLock);
4797}
4798
4799
4800/**
4801 * Looks up a memory mapping entry.
4802 *
4803 * @returns The mapping index (positive) or VERR_NOT_FOUND (negative).
4804 * @param pIemCpu The IEM per CPU data.
4805 * @param pvMem The memory address.
4806 * @param fAccess The access to.
4807 */
4808DECLINLINE(int) iemMapLookup(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess)
4809{
4810 fAccess &= IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK;
4811 if ( pIemCpu->aMemMappings[0].pv == pvMem
4812 && (pIemCpu->aMemMappings[0].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
4813 return 0;
4814 if ( pIemCpu->aMemMappings[1].pv == pvMem
4815 && (pIemCpu->aMemMappings[1].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
4816 return 1;
4817 if ( pIemCpu->aMemMappings[2].pv == pvMem
4818 && (pIemCpu->aMemMappings[2].fAccess & (IEM_ACCESS_WHAT_MASK | IEM_ACCESS_TYPE_MASK)) == fAccess)
4819 return 2;
4820 return VERR_NOT_FOUND;
4821}
4822
4823
4824/**
4825 * Finds a free memmap entry when using iNextMapping doesn't work.
4826 *
4827 * @returns Memory mapping index, 1024 on failure.
4828 * @param pIemCpu The IEM per CPU data.
4829 */
4830static unsigned iemMemMapFindFree(PIEMCPU pIemCpu)
4831{
4832 /*
4833 * The easy case.
4834 */
4835 if (pIemCpu->cActiveMappings == 0)
4836 {
4837 pIemCpu->iNextMapping = 1;
4838 return 0;
4839 }
4840
4841 /* There should be enough mappings for all instructions. */
4842 AssertReturn(pIemCpu->cActiveMappings < RT_ELEMENTS(pIemCpu->aMemMappings), 1024);
4843
4844 for (unsigned i = 0; i < RT_ELEMENTS(pIemCpu->aMemMappings); i++)
4845 if (pIemCpu->aMemMappings[i].fAccess == IEM_ACCESS_INVALID)
4846 return i;
4847
4848 AssertFailedReturn(1024);
4849}
4850
4851
4852/**
4853 * Commits a bounce buffer that needs writing back and unmaps it.
4854 *
4855 * @returns Strict VBox status code.
4856 * @param pIemCpu The IEM per CPU data.
4857 * @param iMemMap The index of the buffer to commit.
4858 */
4859static VBOXSTRICTRC iemMemBounceBufferCommitAndUnmap(PIEMCPU pIemCpu, unsigned iMemMap)
4860{
4861 Assert(pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED);
4862 Assert(pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE);
4863
4864 /*
4865 * Do the writing.
4866 */
4867 int rc;
4868#ifndef IEM_VERIFICATION_MODE_MINIMAL
4869 if ( !pIemCpu->aMemBbMappings[iMemMap].fUnassigned
4870 && !IEM_VERIFICATION_ENABLED(pIemCpu))
4871 {
4872 uint16_t const cbFirst = pIemCpu->aMemBbMappings[iMemMap].cbFirst;
4873 uint16_t const cbSecond = pIemCpu->aMemBbMappings[iMemMap].cbSecond;
4874 uint8_t const *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
4875 if (!pIemCpu->fBypassHandlers)
4876 {
4877 rc = PGMPhysWrite(IEMCPU_TO_VM(pIemCpu),
4878 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
4879 pbBuf,
4880 cbFirst);
4881 if (cbSecond && rc == VINF_SUCCESS)
4882 rc = PGMPhysWrite(IEMCPU_TO_VM(pIemCpu),
4883 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
4884 pbBuf + cbFirst,
4885 cbSecond);
4886 }
4887 else
4888 {
4889 rc = PGMPhysSimpleWriteGCPhys(IEMCPU_TO_VM(pIemCpu),
4890 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
4891 pbBuf,
4892 cbFirst);
4893 if (cbSecond && rc == VINF_SUCCESS)
4894 rc = PGMPhysSimpleWriteGCPhys(IEMCPU_TO_VM(pIemCpu),
4895 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
4896 pbBuf + cbFirst,
4897 cbSecond);
4898 }
4899 if (rc != VINF_SUCCESS)
4900 {
4901 /** @todo status code handling */
4902 Log(("iemMemBounceBufferCommitAndUnmap: %s GCPhysFirst=%RGp/%#x GCPhysSecond=%RGp/%#x %Rrc (!!)\n",
4903 pIemCpu->fBypassHandlers ? "PGMPhysWrite" : "PGMPhysSimpleWriteGCPhys",
4904 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst, cbFirst,
4905 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond, cbSecond, rc));
4906 }
4907 }
4908 else
4909#endif
4910 rc = VINF_SUCCESS;
4911
4912#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
4913 /*
4914 * Record the write(s).
4915 */
4916 if (!pIemCpu->fNoRem)
4917 {
4918 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
4919 if (pEvtRec)
4920 {
4921 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_WRITE;
4922 pEvtRec->u.RamWrite.GCPhys = pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst;
4923 pEvtRec->u.RamWrite.cb = pIemCpu->aMemBbMappings[iMemMap].cbFirst;
4924 memcpy(pEvtRec->u.RamWrite.ab, &pIemCpu->aBounceBuffers[iMemMap].ab[0], pIemCpu->aMemBbMappings[iMemMap].cbFirst);
4925 AssertCompile(sizeof(pEvtRec->u.RamWrite.ab) == sizeof(pIemCpu->aBounceBuffers[0].ab));
4926 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
4927 *pIemCpu->ppIemEvtRecNext = pEvtRec;
4928 }
4929 if (pIemCpu->aMemBbMappings[iMemMap].cbSecond)
4930 {
4931 pEvtRec = iemVerifyAllocRecord(pIemCpu);
4932 if (pEvtRec)
4933 {
4934 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_WRITE;
4935 pEvtRec->u.RamWrite.GCPhys = pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond;
4936 pEvtRec->u.RamWrite.cb = pIemCpu->aMemBbMappings[iMemMap].cbSecond;
4937 memcpy(pEvtRec->u.RamWrite.ab,
4938 &pIemCpu->aBounceBuffers[iMemMap].ab[pIemCpu->aMemBbMappings[iMemMap].cbFirst],
4939 pIemCpu->aMemBbMappings[iMemMap].cbSecond);
4940 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
4941 *pIemCpu->ppIemEvtRecNext = pEvtRec;
4942 }
4943 }
4944 }
4945#endif
4946#if defined(IEM_VERIFICATION_MODE_MINIMAL) || defined(IEM_LOG_MEMORY_WRITES)
4947 if (rc == VINF_SUCCESS)
4948 {
4949 Log(("IEM Wrote %RGp: %.*Rhxs\n", pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst,
4950 RT_MAX(RT_MIN(pIemCpu->aMemBbMappings[iMemMap].cbFirst, 64), 1), &pIemCpu->aBounceBuffers[iMemMap].ab[0]));
4951 if (pIemCpu->aMemBbMappings[iMemMap].cbSecond)
4952 Log(("IEM Wrote %RGp: %.*Rhxs [2nd page]\n", pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond,
4953 RT_MIN(pIemCpu->aMemBbMappings[iMemMap].cbSecond, 64),
4954 &pIemCpu->aBounceBuffers[iMemMap].ab[pIemCpu->aMemBbMappings[iMemMap].cbFirst]));
4955
4956 size_t cbWrote = pIemCpu->aMemBbMappings[iMemMap].cbFirst + pIemCpu->aMemBbMappings[iMemMap].cbSecond;
4957 g_cbIemWrote = cbWrote;
4958 memcpy(g_abIemWrote, &pIemCpu->aBounceBuffers[iMemMap].ab[0], RT_MIN(cbWrote, sizeof(g_abIemWrote)));
4959 }
4960#endif
4961
4962 /*
4963 * Free the mapping entry.
4964 */
4965 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
4966 Assert(pIemCpu->cActiveMappings != 0);
4967 pIemCpu->cActiveMappings--;
4968 return rc;
4969}
4970
4971
4972/**
4973 * iemMemMap worker that deals with a request crossing pages.
4974 */
4975static VBOXSTRICTRC iemMemBounceBufferMapCrossPage(PIEMCPU pIemCpu, int iMemMap, void **ppvMem,
4976 size_t cbMem, RTGCPTR GCPtrFirst, uint32_t fAccess)
4977{
4978 /*
4979 * Do the address translations.
4980 */
4981 RTGCPHYS GCPhysFirst;
4982 VBOXSTRICTRC rcStrict = iemMemPageTranslateAndCheckAccess(pIemCpu, GCPtrFirst, fAccess, &GCPhysFirst);
4983 if (rcStrict != VINF_SUCCESS)
4984 return rcStrict;
4985
4986/** @todo Testcase & AMD-V/VT-x verification: Check if CR2 should really be the
4987 * last byte. */
4988 RTGCPHYS GCPhysSecond;
4989 rcStrict = iemMemPageTranslateAndCheckAccess(pIemCpu, GCPtrFirst + (cbMem - 1), fAccess, &GCPhysSecond);
4990 if (rcStrict != VINF_SUCCESS)
4991 return rcStrict;
4992 GCPhysSecond &= ~(RTGCPHYS)PAGE_OFFSET_MASK;
4993
4994 /*
4995 * Read in the current memory content if it's a read, execute or partial
4996 * write access.
4997 */
4998 uint8_t *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
4999 uint32_t const cbFirstPage = PAGE_SIZE - (GCPhysFirst & PAGE_OFFSET_MASK);
5000 uint32_t const cbSecondPage = (uint32_t)(cbMem - cbFirstPage);
5001
5002 if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
5003 {
5004 int rc;
5005 if (!pIemCpu->fBypassHandlers)
5006 {
5007 rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhysFirst, pbBuf, cbFirstPage);
5008 if (rc != VINF_SUCCESS)
5009 {
5010 /** @todo status code handling */
5011 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysFirst=%RGp rc=%Rrc (!!)\n", GCPhysFirst, rc));
5012 return rc;
5013 }
5014 rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhysSecond, pbBuf + cbFirstPage, cbSecondPage);
5015 if (rc != VINF_SUCCESS)
5016 {
5017 /** @todo status code handling */
5018 Log(("iemMemBounceBufferMapPhys: PGMPhysRead GCPhysSecond=%RGp rc=%Rrc (!!)\n", GCPhysSecond, rc));
5019 return rc;
5020 }
5021 }
5022 else
5023 {
5024 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), pbBuf, GCPhysFirst, cbFirstPage);
5025 if (rc != VINF_SUCCESS)
5026 {
5027 /** @todo status code handling */
5028 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysFirst=%RGp rc=%Rrc (!!)\n", GCPhysFirst, rc));
5029 return rc;
5030 }
5031 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), pbBuf + cbFirstPage, GCPhysSecond, cbSecondPage);
5032 if (rc != VINF_SUCCESS)
5033 {
5034 /** @todo status code handling */
5035 Log(("iemMemBounceBufferMapPhys: PGMPhysSimpleReadGCPhys GCPhysSecond=%RGp rc=%Rrc (!!)\n", GCPhysSecond, rc));
5036 return rc;
5037 }
5038 }
5039
5040#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
5041 if ( !pIemCpu->fNoRem
5042 && (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC)) )
5043 {
5044 /*
5045 * Record the reads.
5046 */
5047 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
5048 if (pEvtRec)
5049 {
5050 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
5051 pEvtRec->u.RamRead.GCPhys = GCPhysFirst;
5052 pEvtRec->u.RamRead.cb = cbFirstPage;
5053 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
5054 *pIemCpu->ppIemEvtRecNext = pEvtRec;
5055 }
5056 pEvtRec = iemVerifyAllocRecord(pIemCpu);
5057 if (pEvtRec)
5058 {
5059 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
5060 pEvtRec->u.RamRead.GCPhys = GCPhysSecond;
5061 pEvtRec->u.RamRead.cb = cbSecondPage;
5062 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
5063 *pIemCpu->ppIemEvtRecNext = pEvtRec;
5064 }
5065 }
5066#endif
5067 }
5068#ifdef VBOX_STRICT
5069 else
5070 memset(pbBuf, 0xcc, cbMem);
5071#endif
5072#ifdef VBOX_STRICT
5073 if (cbMem < sizeof(pIemCpu->aBounceBuffers[iMemMap].ab))
5074 memset(pbBuf + cbMem, 0xaa, sizeof(pIemCpu->aBounceBuffers[iMemMap].ab) - cbMem);
5075#endif
5076
5077 /*
5078 * Commit the bounce buffer entry.
5079 */
5080 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst = GCPhysFirst;
5081 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond = GCPhysSecond;
5082 pIemCpu->aMemBbMappings[iMemMap].cbFirst = (uint16_t)cbFirstPage;
5083 pIemCpu->aMemBbMappings[iMemMap].cbSecond = (uint16_t)cbSecondPage;
5084 pIemCpu->aMemBbMappings[iMemMap].fUnassigned = false;
5085 pIemCpu->aMemMappings[iMemMap].pv = pbBuf;
5086 pIemCpu->aMemMappings[iMemMap].fAccess = fAccess | IEM_ACCESS_BOUNCE_BUFFERED;
5087 pIemCpu->cActiveMappings++;
5088
5089 iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
5090 *ppvMem = pbBuf;
5091 return VINF_SUCCESS;
5092}
5093
5094
5095/**
5096 * iemMemMap woker that deals with iemMemPageMap failures.
5097 */
5098static VBOXSTRICTRC iemMemBounceBufferMapPhys(PIEMCPU pIemCpu, unsigned iMemMap, void **ppvMem, size_t cbMem,
5099 RTGCPHYS GCPhysFirst, uint32_t fAccess, VBOXSTRICTRC rcMap)
5100{
5101 /*
5102 * Filter out conditions we can handle and the ones which shouldn't happen.
5103 */
5104 if ( rcMap != VERR_PGM_PHYS_TLB_CATCH_WRITE
5105 && rcMap != VERR_PGM_PHYS_TLB_CATCH_ALL
5106 && rcMap != VERR_PGM_PHYS_TLB_UNASSIGNED)
5107 {
5108 AssertReturn(RT_FAILURE_NP(rcMap), VERR_INTERNAL_ERROR_3);
5109 return rcMap;
5110 }
5111 pIemCpu->cPotentialExits++;
5112
5113 /*
5114 * Read in the current memory content if it's a read, execute or partial
5115 * write access.
5116 */
5117 uint8_t *pbBuf = &pIemCpu->aBounceBuffers[iMemMap].ab[0];
5118 if (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC | IEM_ACCESS_PARTIAL_WRITE))
5119 {
5120 if (rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED)
5121 memset(pbBuf, 0xff, cbMem);
5122 else
5123 {
5124 int rc;
5125 if (!pIemCpu->fBypassHandlers)
5126 rc = PGMPhysRead(IEMCPU_TO_VM(pIemCpu), GCPhysFirst, pbBuf, cbMem);
5127 else
5128 rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), pbBuf, GCPhysFirst, cbMem);
5129 if (rc != VINF_SUCCESS)
5130 {
5131 /** @todo status code handling */
5132 Log(("iemMemBounceBufferMapPhys: %s GCPhysFirst=%RGp rc=%Rrc (!!)\n",
5133 pIemCpu->fBypassHandlers ? "PGMPhysRead" : "PGMPhysSimpleReadGCPhys", GCPhysFirst, rc));
5134 return rc;
5135 }
5136 }
5137
5138#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
5139 if ( !pIemCpu->fNoRem
5140 && (fAccess & (IEM_ACCESS_TYPE_READ | IEM_ACCESS_TYPE_EXEC)) )
5141 {
5142 /*
5143 * Record the read.
5144 */
5145 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
5146 if (pEvtRec)
5147 {
5148 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
5149 pEvtRec->u.RamRead.GCPhys = GCPhysFirst;
5150 pEvtRec->u.RamRead.cb = (uint32_t)cbMem;
5151 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
5152 *pIemCpu->ppIemEvtRecNext = pEvtRec;
5153 }
5154 }
5155#endif
5156 }
5157#ifdef VBOX_STRICT
5158 else
5159 memset(pbBuf, 0xcc, cbMem);
5160#endif
5161#ifdef VBOX_STRICT
5162 if (cbMem < sizeof(pIemCpu->aBounceBuffers[iMemMap].ab))
5163 memset(pbBuf + cbMem, 0xaa, sizeof(pIemCpu->aBounceBuffers[iMemMap].ab) - cbMem);
5164#endif
5165
5166 /*
5167 * Commit the bounce buffer entry.
5168 */
5169 pIemCpu->aMemBbMappings[iMemMap].GCPhysFirst = GCPhysFirst;
5170 pIemCpu->aMemBbMappings[iMemMap].GCPhysSecond = NIL_RTGCPHYS;
5171 pIemCpu->aMemBbMappings[iMemMap].cbFirst = (uint16_t)cbMem;
5172 pIemCpu->aMemBbMappings[iMemMap].cbSecond = 0;
5173 pIemCpu->aMemBbMappings[iMemMap].fUnassigned = rcMap == VERR_PGM_PHYS_TLB_UNASSIGNED;
5174 pIemCpu->aMemMappings[iMemMap].pv = pbBuf;
5175 pIemCpu->aMemMappings[iMemMap].fAccess = fAccess | IEM_ACCESS_BOUNCE_BUFFERED;
5176 pIemCpu->cActiveMappings++;
5177
5178 iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
5179 *ppvMem = pbBuf;
5180 return VINF_SUCCESS;
5181}
5182
5183
5184
5185/**
5186 * Maps the specified guest memory for the given kind of access.
5187 *
5188 * This may be using bounce buffering of the memory if it's crossing a page
5189 * boundary or if there is an access handler installed for any of it. Because
5190 * of lock prefix guarantees, we're in for some extra clutter when this
5191 * happens.
5192 *
5193 * This may raise a \#GP, \#SS, \#PF or \#AC.
5194 *
5195 * @returns VBox strict status code.
5196 *
5197 * @param pIemCpu The IEM per CPU data.
5198 * @param ppvMem Where to return the pointer to the mapped
5199 * memory.
5200 * @param cbMem The number of bytes to map. This is usually 1,
5201 * 2, 4, 6, 8, 12, 16, 32 or 512. When used by
5202 * string operations it can be up to a page.
5203 * @param iSegReg The index of the segment register to use for
5204 * this access. The base and limits are checked.
5205 * Use UINT8_MAX to indicate that no segmentation
5206 * is required (for IDT, GDT and LDT accesses).
5207 * @param GCPtrMem The address of the guest memory.
5208 * @param a_fAccess How the memory is being accessed. The
5209 * IEM_ACCESS_TYPE_XXX bit is used to figure out
5210 * how to map the memory, while the
5211 * IEM_ACCESS_WHAT_XXX bit is used when raising
5212 * exceptions.
5213 */
5214static VBOXSTRICTRC iemMemMap(PIEMCPU pIemCpu, void **ppvMem, size_t cbMem, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t fAccess)
5215{
5216 /*
5217 * Check the input and figure out which mapping entry to use.
5218 */
5219 Assert(cbMem <= 32 || cbMem == 512 || cbMem == 108 || cbMem == 94);
5220 Assert(~(fAccess & ~(IEM_ACCESS_TYPE_MASK | IEM_ACCESS_WHAT_MASK)));
5221
5222 unsigned iMemMap = pIemCpu->iNextMapping;
5223 if (iMemMap >= RT_ELEMENTS(pIemCpu->aMemMappings))
5224 {
5225 iMemMap = iemMemMapFindFree(pIemCpu);
5226 AssertReturn(iMemMap < RT_ELEMENTS(pIemCpu->aMemMappings), VERR_INTERNAL_ERROR_3);
5227 }
5228
5229 /*
5230 * Map the memory, checking that we can actually access it. If something
5231 * slightly complicated happens, fall back on bounce buffering.
5232 */
5233 VBOXSTRICTRC rcStrict = iemMemApplySegment(pIemCpu, fAccess, iSegReg, cbMem, &GCPtrMem);
5234 if (rcStrict != VINF_SUCCESS)
5235 return rcStrict;
5236
5237 if ((GCPtrMem & PAGE_OFFSET_MASK) + cbMem > PAGE_SIZE) /* Crossing a page boundary? */
5238 return iemMemBounceBufferMapCrossPage(pIemCpu, iMemMap, ppvMem, cbMem, GCPtrMem, fAccess);
5239
5240 RTGCPHYS GCPhysFirst;
5241 rcStrict = iemMemPageTranslateAndCheckAccess(pIemCpu, GCPtrMem, fAccess, &GCPhysFirst);
5242 if (rcStrict != VINF_SUCCESS)
5243 return rcStrict;
5244
5245 void *pvMem;
5246 rcStrict = iemMemPageMap(pIemCpu, GCPhysFirst, fAccess, &pvMem, &pIemCpu->aMemMappingLocks[iMemMap].Lock);
5247 if (rcStrict != VINF_SUCCESS)
5248 return iemMemBounceBufferMapPhys(pIemCpu, iMemMap, ppvMem, cbMem, GCPhysFirst, fAccess, rcStrict);
5249
5250 /*
5251 * Fill in the mapping table entry.
5252 */
5253 pIemCpu->aMemMappings[iMemMap].pv = pvMem;
5254 pIemCpu->aMemMappings[iMemMap].fAccess = fAccess;
5255 pIemCpu->iNextMapping = iMemMap + 1;
5256 pIemCpu->cActiveMappings++;
5257
5258 iemMemUpdateWrittenCounter(pIemCpu, fAccess, cbMem);
5259 *ppvMem = pvMem;
5260 return VINF_SUCCESS;
5261}
5262
5263
5264/**
5265 * Commits the guest memory if bounce buffered and unmaps it.
5266 *
5267 * @returns Strict VBox status code.
5268 * @param pIemCpu The IEM per CPU data.
5269 * @param pvMem The mapping.
5270 * @param fAccess The kind of access.
5271 */
5272static VBOXSTRICTRC iemMemCommitAndUnmap(PIEMCPU pIemCpu, void *pvMem, uint32_t fAccess)
5273{
5274 int iMemMap = iemMapLookup(pIemCpu, pvMem, fAccess);
5275 AssertReturn(iMemMap >= 0, iMemMap);
5276
5277 /* If it's bounce buffered, we may need to write back the buffer. */
5278 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_BOUNCE_BUFFERED)
5279 {
5280 if (pIemCpu->aMemMappings[iMemMap].fAccess & IEM_ACCESS_TYPE_WRITE)
5281 return iemMemBounceBufferCommitAndUnmap(pIemCpu, iMemMap);
5282 }
5283 /* Otherwise unlock it. */
5284 else
5285 PGMPhysReleasePageMappingLock(IEMCPU_TO_VM(pIemCpu), &pIemCpu->aMemMappingLocks[iMemMap].Lock);
5286
5287 /* Free the entry. */
5288 pIemCpu->aMemMappings[iMemMap].fAccess = IEM_ACCESS_INVALID;
5289 Assert(pIemCpu->cActiveMappings != 0);
5290 pIemCpu->cActiveMappings--;
5291 return VINF_SUCCESS;
5292}
5293
5294
5295/**
5296 * Fetches a data byte.
5297 *
5298 * @returns Strict VBox status code.
5299 * @param pIemCpu The IEM per CPU data.
5300 * @param pu8Dst Where to return the byte.
5301 * @param iSegReg The index of the segment register to use for
5302 * this access. The base and limits are checked.
5303 * @param GCPtrMem The address of the guest memory.
5304 */
5305static VBOXSTRICTRC iemMemFetchDataU8(PIEMCPU pIemCpu, uint8_t *pu8Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
5306{
5307 /* The lazy approach for now... */
5308 uint8_t const *pu8Src;
5309 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu8Src, sizeof(*pu8Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
5310 if (rc == VINF_SUCCESS)
5311 {
5312 *pu8Dst = *pu8Src;
5313 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu8Src, IEM_ACCESS_DATA_R);
5314 }
5315 return rc;
5316}
5317
5318
5319/**
5320 * Fetches a data word.
5321 *
5322 * @returns Strict VBox status code.
5323 * @param pIemCpu The IEM per CPU data.
5324 * @param pu16Dst Where to return the word.
5325 * @param iSegReg The index of the segment register to use for
5326 * this access. The base and limits are checked.
5327 * @param GCPtrMem The address of the guest memory.
5328 */
5329static VBOXSTRICTRC iemMemFetchDataU16(PIEMCPU pIemCpu, uint16_t *pu16Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
5330{
5331 /* The lazy approach for now... */
5332 uint16_t const *pu16Src;
5333 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
5334 if (rc == VINF_SUCCESS)
5335 {
5336 *pu16Dst = *pu16Src;
5337 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_DATA_R);
5338 }
5339 return rc;
5340}
5341
5342
5343/**
5344 * Fetches a data dword.
5345 *
5346 * @returns Strict VBox status code.
5347 * @param pIemCpu The IEM per CPU data.
5348 * @param pu32Dst Where to return the dword.
5349 * @param iSegReg The index of the segment register to use for
5350 * this access. The base and limits are checked.
5351 * @param GCPtrMem The address of the guest memory.
5352 */
5353static VBOXSTRICTRC iemMemFetchDataU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
5354{
5355 /* The lazy approach for now... */
5356 uint32_t const *pu32Src;
5357 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
5358 if (rc == VINF_SUCCESS)
5359 {
5360 *pu32Dst = *pu32Src;
5361 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_DATA_R);
5362 }
5363 return rc;
5364}
5365
5366
5367#ifdef SOME_UNUSED_FUNCTION
5368/**
5369 * Fetches a data dword and sign extends it to a qword.
5370 *
5371 * @returns Strict VBox status code.
5372 * @param pIemCpu The IEM per CPU data.
5373 * @param pu64Dst Where to return the sign extended value.
5374 * @param iSegReg The index of the segment register to use for
5375 * this access. The base and limits are checked.
5376 * @param GCPtrMem The address of the guest memory.
5377 */
5378static VBOXSTRICTRC iemMemFetchDataS32SxU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
5379{
5380 /* The lazy approach for now... */
5381 int32_t const *pi32Src;
5382 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pi32Src, sizeof(*pi32Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
5383 if (rc == VINF_SUCCESS)
5384 {
5385 *pu64Dst = *pi32Src;
5386 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pi32Src, IEM_ACCESS_DATA_R);
5387 }
5388#ifdef __GNUC__ /* warning: GCC may be a royal pain */
5389 else
5390 *pu64Dst = 0;
5391#endif
5392 return rc;
5393}
5394#endif
5395
5396
5397/**
5398 * Fetches a data qword.
5399 *
5400 * @returns Strict VBox status code.
5401 * @param pIemCpu The IEM per CPU data.
5402 * @param pu64Dst Where to return the qword.
5403 * @param iSegReg The index of the segment register to use for
5404 * this access. The base and limits are checked.
5405 * @param GCPtrMem The address of the guest memory.
5406 */
5407static VBOXSTRICTRC iemMemFetchDataU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
5408{
5409 /* The lazy approach for now... */
5410 uint64_t const *pu64Src;
5411 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
5412 if (rc == VINF_SUCCESS)
5413 {
5414 *pu64Dst = *pu64Src;
5415 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_DATA_R);
5416 }
5417 return rc;
5418}
5419
5420
5421/**
5422 * Fetches a data tword.
5423 *
5424 * @returns Strict VBox status code.
5425 * @param pIemCpu The IEM per CPU data.
5426 * @param pr80Dst Where to return the tword.
5427 * @param iSegReg The index of the segment register to use for
5428 * this access. The base and limits are checked.
5429 * @param GCPtrMem The address of the guest memory.
5430 */
5431static VBOXSTRICTRC iemMemFetchDataR80(PIEMCPU pIemCpu, PRTFLOAT80U pr80Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
5432{
5433 /* The lazy approach for now... */
5434 PCRTFLOAT80U pr80Src;
5435 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pr80Src, sizeof(*pr80Src), iSegReg, GCPtrMem, IEM_ACCESS_DATA_R);
5436 if (rc == VINF_SUCCESS)
5437 {
5438 *pr80Dst = *pr80Src;
5439 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pr80Src, IEM_ACCESS_DATA_R);
5440 }
5441 return rc;
5442}
5443
5444
5445/**
5446 * Fetches a descriptor register (lgdt, lidt).
5447 *
5448 * @returns Strict VBox status code.
5449 * @param pIemCpu The IEM per CPU data.
5450 * @param pcbLimit Where to return the limit.
5451 * @param pGCPTrBase Where to return the base.
5452 * @param iSegReg The index of the segment register to use for
5453 * this access. The base and limits are checked.
5454 * @param GCPtrMem The address of the guest memory.
5455 * @param enmOpSize The effective operand size.
5456 */
5457static VBOXSTRICTRC iemMemFetchDataXdtr(PIEMCPU pIemCpu, uint16_t *pcbLimit, PRTGCPTR pGCPtrBase,
5458 uint8_t iSegReg, RTGCPTR GCPtrMem, IEMMODE enmOpSize)
5459{
5460 uint8_t const *pu8Src;
5461 VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu,
5462 (void **)&pu8Src,
5463 enmOpSize == IEMMODE_64BIT
5464 ? 2 + 8
5465 : enmOpSize == IEMMODE_32BIT
5466 ? 2 + 4
5467 : 2 + 3,
5468 iSegReg,
5469 GCPtrMem,
5470 IEM_ACCESS_DATA_R);
5471 if (rcStrict == VINF_SUCCESS)
5472 {
5473 *pcbLimit = RT_MAKE_U16(pu8Src[0], pu8Src[1]);
5474 switch (enmOpSize)
5475 {
5476 case IEMMODE_16BIT:
5477 *pGCPtrBase = RT_MAKE_U32_FROM_U8(pu8Src[2], pu8Src[3], pu8Src[4], 0);
5478 break;
5479 case IEMMODE_32BIT:
5480 *pGCPtrBase = RT_MAKE_U32_FROM_U8(pu8Src[2], pu8Src[3], pu8Src[4], pu8Src[5]);
5481 break;
5482 case IEMMODE_64BIT:
5483 *pGCPtrBase = RT_MAKE_U64_FROM_U8(pu8Src[2], pu8Src[3], pu8Src[4], pu8Src[5],
5484 pu8Src[6], pu8Src[7], pu8Src[8], pu8Src[9]);
5485 break;
5486
5487 IEM_NOT_REACHED_DEFAULT_CASE_RET();
5488 }
5489 rcStrict = iemMemCommitAndUnmap(pIemCpu, (void *)pu8Src, IEM_ACCESS_DATA_R);
5490 }
5491 return rcStrict;
5492}
5493
5494
5495
5496/**
5497 * Stores a data byte.
5498 *
5499 * @returns Strict VBox status code.
5500 * @param pIemCpu The IEM per CPU data.
5501 * @param iSegReg The index of the segment register to use for
5502 * this access. The base and limits are checked.
5503 * @param GCPtrMem The address of the guest memory.
5504 * @param u8Value The value to store.
5505 */
5506static VBOXSTRICTRC iemMemStoreDataU8(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint8_t u8Value)
5507{
5508 /* The lazy approach for now... */
5509 uint8_t *pu8Dst;
5510 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu8Dst, sizeof(*pu8Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
5511 if (rc == VINF_SUCCESS)
5512 {
5513 *pu8Dst = u8Value;
5514 rc = iemMemCommitAndUnmap(pIemCpu, pu8Dst, IEM_ACCESS_DATA_W);
5515 }
5516 return rc;
5517}
5518
5519
5520/**
5521 * Stores a data word.
5522 *
5523 * @returns Strict VBox status code.
5524 * @param pIemCpu The IEM per CPU data.
5525 * @param iSegReg The index of the segment register to use for
5526 * this access. The base and limits are checked.
5527 * @param GCPtrMem The address of the guest memory.
5528 * @param u16Value The value to store.
5529 */
5530static VBOXSTRICTRC iemMemStoreDataU16(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint16_t u16Value)
5531{
5532 /* The lazy approach for now... */
5533 uint16_t *pu16Dst;
5534 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(*pu16Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
5535 if (rc == VINF_SUCCESS)
5536 {
5537 *pu16Dst = u16Value;
5538 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_DATA_W);
5539 }
5540 return rc;
5541}
5542
5543
5544/**
5545 * Stores a data dword.
5546 *
5547 * @returns Strict VBox status code.
5548 * @param pIemCpu The IEM per CPU data.
5549 * @param iSegReg The index of the segment register to use for
5550 * this access. The base and limits are checked.
5551 * @param GCPtrMem The address of the guest memory.
5552 * @param u32Value The value to store.
5553 */
5554static VBOXSTRICTRC iemMemStoreDataU32(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint32_t u32Value)
5555{
5556 /* The lazy approach for now... */
5557 uint32_t *pu32Dst;
5558 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
5559 if (rc == VINF_SUCCESS)
5560 {
5561 *pu32Dst = u32Value;
5562 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_DATA_W);
5563 }
5564 return rc;
5565}
5566
5567
5568/**
5569 * Stores a data qword.
5570 *
5571 * @returns Strict VBox status code.
5572 * @param pIemCpu The IEM per CPU data.
5573 * @param iSegReg The index of the segment register to use for
5574 * this access. The base and limits are checked.
5575 * @param GCPtrMem The address of the guest memory.
5576 * @param u64Value The value to store.
5577 */
5578static VBOXSTRICTRC iemMemStoreDataU64(PIEMCPU pIemCpu, uint8_t iSegReg, RTGCPTR GCPtrMem, uint64_t u64Value)
5579{
5580 /* The lazy approach for now... */
5581 uint64_t *pu64Dst;
5582 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Dst, sizeof(*pu64Dst), iSegReg, GCPtrMem, IEM_ACCESS_DATA_W);
5583 if (rc == VINF_SUCCESS)
5584 {
5585 *pu64Dst = u64Value;
5586 rc = iemMemCommitAndUnmap(pIemCpu, pu64Dst, IEM_ACCESS_DATA_W);
5587 }
5588 return rc;
5589}
5590
5591
5592/**
5593 * Stores a descriptor register (sgdt, sidt).
5594 *
5595 * @returns Strict VBox status code.
5596 * @param pIemCpu The IEM per CPU data.
5597 * @param cbLimit The limit.
5598 * @param GCPTrBase The base address.
5599 * @param iSegReg The index of the segment register to use for
5600 * this access. The base and limits are checked.
5601 * @param GCPtrMem The address of the guest memory.
5602 * @param enmOpSize The effective operand size.
5603 */
5604static VBOXSTRICTRC iemMemStoreDataXdtr(PIEMCPU pIemCpu, uint16_t cbLimit, RTGCPTR GCPtrBase,
5605 uint8_t iSegReg, RTGCPTR GCPtrMem, IEMMODE enmOpSize)
5606{
5607 uint8_t *pu8Src;
5608 VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu,
5609 (void **)&pu8Src,
5610 enmOpSize == IEMMODE_64BIT
5611 ? 2 + 8
5612 : enmOpSize == IEMMODE_32BIT
5613 ? 2 + 4
5614 : 2 + 3,
5615 iSegReg,
5616 GCPtrMem,
5617 IEM_ACCESS_DATA_W);
5618 if (rcStrict == VINF_SUCCESS)
5619 {
5620 pu8Src[0] = RT_BYTE1(cbLimit);
5621 pu8Src[1] = RT_BYTE2(cbLimit);
5622 pu8Src[2] = RT_BYTE1(GCPtrBase);
5623 pu8Src[3] = RT_BYTE2(GCPtrBase);
5624 pu8Src[4] = RT_BYTE3(GCPtrBase);
5625 if (enmOpSize == IEMMODE_16BIT)
5626 pu8Src[5] = 0; /* Note! the 286 stored 0xff here. */
5627 else
5628 {
5629 pu8Src[5] = RT_BYTE4(GCPtrBase);
5630 if (enmOpSize == IEMMODE_64BIT)
5631 {
5632 pu8Src[6] = RT_BYTE5(GCPtrBase);
5633 pu8Src[7] = RT_BYTE6(GCPtrBase);
5634 pu8Src[8] = RT_BYTE7(GCPtrBase);
5635 pu8Src[9] = RT_BYTE8(GCPtrBase);
5636 }
5637 }
5638 rcStrict = iemMemCommitAndUnmap(pIemCpu, (void *)pu8Src, IEM_ACCESS_DATA_W);
5639 }
5640 return rcStrict;
5641}
5642
5643
5644/**
5645 * Pushes a word onto the stack.
5646 *
5647 * @returns Strict VBox status code.
5648 * @param pIemCpu The IEM per CPU data.
5649 * @param u16Value The value to push.
5650 */
5651static VBOXSTRICTRC iemMemStackPushU16(PIEMCPU pIemCpu, uint16_t u16Value)
5652{
5653 /* Increment the stack pointer. */
5654 uint64_t uNewRsp;
5655 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5656 RTGCPTR GCPtrTop = iemRegGetRspForPush(pCtx, 2, &uNewRsp);
5657
5658 /* Write the word the lazy way. */
5659 uint16_t *pu16Dst;
5660 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(*pu16Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
5661 if (rc == VINF_SUCCESS)
5662 {
5663 *pu16Dst = u16Value;
5664 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_STACK_W);
5665 }
5666
5667 /* Commit the new RSP value unless we an access handler made trouble. */
5668 if (rc == VINF_SUCCESS)
5669 pCtx->rsp = uNewRsp;
5670
5671 return rc;
5672}
5673
5674
5675/**
5676 * Pushes a dword onto the stack.
5677 *
5678 * @returns Strict VBox status code.
5679 * @param pIemCpu The IEM per CPU data.
5680 * @param u32Value The value to push.
5681 */
5682static VBOXSTRICTRC iemMemStackPushU32(PIEMCPU pIemCpu, uint32_t u32Value)
5683{
5684 /* Increment the stack pointer. */
5685 uint64_t uNewRsp;
5686 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5687 RTGCPTR GCPtrTop = iemRegGetRspForPush(pCtx, 4, &uNewRsp);
5688
5689 /* Write the word the lazy way. */
5690 uint32_t *pu32Dst;
5691 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
5692 if (rc == VINF_SUCCESS)
5693 {
5694 *pu32Dst = u32Value;
5695 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_STACK_W);
5696 }
5697
5698 /* Commit the new RSP value unless we an access handler made trouble. */
5699 if (rc == VINF_SUCCESS)
5700 pCtx->rsp = uNewRsp;
5701
5702 return rc;
5703}
5704
5705
5706/**
5707 * Pushes a qword onto the stack.
5708 *
5709 * @returns Strict VBox status code.
5710 * @param pIemCpu The IEM per CPU data.
5711 * @param u64Value The value to push.
5712 */
5713static VBOXSTRICTRC iemMemStackPushU64(PIEMCPU pIemCpu, uint64_t u64Value)
5714{
5715 /* Increment the stack pointer. */
5716 uint64_t uNewRsp;
5717 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5718 RTGCPTR GCPtrTop = iemRegGetRspForPush(pCtx, 8, &uNewRsp);
5719
5720 /* Write the word the lazy way. */
5721 uint64_t *pu64Dst;
5722 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Dst, sizeof(*pu64Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
5723 if (rc == VINF_SUCCESS)
5724 {
5725 *pu64Dst = u64Value;
5726 rc = iemMemCommitAndUnmap(pIemCpu, pu64Dst, IEM_ACCESS_STACK_W);
5727 }
5728
5729 /* Commit the new RSP value unless we an access handler made trouble. */
5730 if (rc == VINF_SUCCESS)
5731 pCtx->rsp = uNewRsp;
5732
5733 return rc;
5734}
5735
5736
5737/**
5738 * Pops a word from the stack.
5739 *
5740 * @returns Strict VBox status code.
5741 * @param pIemCpu The IEM per CPU data.
5742 * @param pu16Value Where to store the popped value.
5743 */
5744static VBOXSTRICTRC iemMemStackPopU16(PIEMCPU pIemCpu, uint16_t *pu16Value)
5745{
5746 /* Increment the stack pointer. */
5747 uint64_t uNewRsp;
5748 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5749 RTGCPTR GCPtrTop = iemRegGetRspForPop(pCtx, 2, &uNewRsp);
5750
5751 /* Write the word the lazy way. */
5752 uint16_t const *pu16Src;
5753 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
5754 if (rc == VINF_SUCCESS)
5755 {
5756 *pu16Value = *pu16Src;
5757 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_STACK_R);
5758
5759 /* Commit the new RSP value. */
5760 if (rc == VINF_SUCCESS)
5761 pCtx->rsp = uNewRsp;
5762 }
5763
5764 return rc;
5765}
5766
5767
5768/**
5769 * Pops a dword from the stack.
5770 *
5771 * @returns Strict VBox status code.
5772 * @param pIemCpu The IEM per CPU data.
5773 * @param pu32Value Where to store the popped value.
5774 */
5775static VBOXSTRICTRC iemMemStackPopU32(PIEMCPU pIemCpu, uint32_t *pu32Value)
5776{
5777 /* Increment the stack pointer. */
5778 uint64_t uNewRsp;
5779 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5780 RTGCPTR GCPtrTop = iemRegGetRspForPop(pCtx, 4, &uNewRsp);
5781
5782 /* Write the word the lazy way. */
5783 uint32_t const *pu32Src;
5784 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
5785 if (rc == VINF_SUCCESS)
5786 {
5787 *pu32Value = *pu32Src;
5788 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_STACK_R);
5789
5790 /* Commit the new RSP value. */
5791 if (rc == VINF_SUCCESS)
5792 pCtx->rsp = uNewRsp;
5793 }
5794
5795 return rc;
5796}
5797
5798
5799/**
5800 * Pops a qword from the stack.
5801 *
5802 * @returns Strict VBox status code.
5803 * @param pIemCpu The IEM per CPU data.
5804 * @param pu64Value Where to store the popped value.
5805 */
5806static VBOXSTRICTRC iemMemStackPopU64(PIEMCPU pIemCpu, uint64_t *pu64Value)
5807{
5808 /* Increment the stack pointer. */
5809 uint64_t uNewRsp;
5810 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5811 RTGCPTR GCPtrTop = iemRegGetRspForPop(pCtx, 8, &uNewRsp);
5812
5813 /* Write the word the lazy way. */
5814 uint64_t const *pu64Src;
5815 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
5816 if (rc == VINF_SUCCESS)
5817 {
5818 *pu64Value = *pu64Src;
5819 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_STACK_R);
5820
5821 /* Commit the new RSP value. */
5822 if (rc == VINF_SUCCESS)
5823 pCtx->rsp = uNewRsp;
5824 }
5825
5826 return rc;
5827}
5828
5829
5830/**
5831 * Pushes a word onto the stack, using a temporary stack pointer.
5832 *
5833 * @returns Strict VBox status code.
5834 * @param pIemCpu The IEM per CPU data.
5835 * @param u16Value The value to push.
5836 * @param pTmpRsp Pointer to the temporary stack pointer.
5837 */
5838static VBOXSTRICTRC iemMemStackPushU16Ex(PIEMCPU pIemCpu, uint16_t u16Value, PRTUINT64U pTmpRsp)
5839{
5840 /* Increment the stack pointer. */
5841 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5842 RTUINT64U NewRsp = *pTmpRsp;
5843 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(&NewRsp, 2, pCtx);
5844
5845 /* Write the word the lazy way. */
5846 uint16_t *pu16Dst;
5847 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Dst, sizeof(*pu16Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
5848 if (rc == VINF_SUCCESS)
5849 {
5850 *pu16Dst = u16Value;
5851 rc = iemMemCommitAndUnmap(pIemCpu, pu16Dst, IEM_ACCESS_STACK_W);
5852 }
5853
5854 /* Commit the new RSP value unless we an access handler made trouble. */
5855 if (rc == VINF_SUCCESS)
5856 *pTmpRsp = NewRsp;
5857
5858 return rc;
5859}
5860
5861
5862/**
5863 * Pushes a dword onto the stack, using a temporary stack pointer.
5864 *
5865 * @returns Strict VBox status code.
5866 * @param pIemCpu The IEM per CPU data.
5867 * @param u32Value The value to push.
5868 * @param pTmpRsp Pointer to the temporary stack pointer.
5869 */
5870static VBOXSTRICTRC iemMemStackPushU32Ex(PIEMCPU pIemCpu, uint32_t u32Value, PRTUINT64U pTmpRsp)
5871{
5872 /* Increment the stack pointer. */
5873 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5874 RTUINT64U NewRsp = *pTmpRsp;
5875 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(&NewRsp, 4, pCtx);
5876
5877 /* Write the word the lazy way. */
5878 uint32_t *pu32Dst;
5879 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Dst, sizeof(*pu32Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
5880 if (rc == VINF_SUCCESS)
5881 {
5882 *pu32Dst = u32Value;
5883 rc = iemMemCommitAndUnmap(pIemCpu, pu32Dst, IEM_ACCESS_STACK_W);
5884 }
5885
5886 /* Commit the new RSP value unless we an access handler made trouble. */
5887 if (rc == VINF_SUCCESS)
5888 *pTmpRsp = NewRsp;
5889
5890 return rc;
5891}
5892
5893
5894/**
5895 * Pushes a dword onto the stack, using a temporary stack pointer.
5896 *
5897 * @returns Strict VBox status code.
5898 * @param pIemCpu The IEM per CPU data.
5899 * @param u64Value The value to push.
5900 * @param pTmpRsp Pointer to the temporary stack pointer.
5901 */
5902static VBOXSTRICTRC iemMemStackPushU64Ex(PIEMCPU pIemCpu, uint64_t u64Value, PRTUINT64U pTmpRsp)
5903{
5904 /* Increment the stack pointer. */
5905 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5906 RTUINT64U NewRsp = *pTmpRsp;
5907 RTGCPTR GCPtrTop = iemRegGetRspForPushEx(&NewRsp, 8, pCtx);
5908
5909 /* Write the word the lazy way. */
5910 uint64_t *pu64Dst;
5911 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Dst, sizeof(*pu64Dst), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
5912 if (rc == VINF_SUCCESS)
5913 {
5914 *pu64Dst = u64Value;
5915 rc = iemMemCommitAndUnmap(pIemCpu, pu64Dst, IEM_ACCESS_STACK_W);
5916 }
5917
5918 /* Commit the new RSP value unless we an access handler made trouble. */
5919 if (rc == VINF_SUCCESS)
5920 *pTmpRsp = NewRsp;
5921
5922 return rc;
5923}
5924
5925
5926/**
5927 * Pops a word from the stack, using a temporary stack pointer.
5928 *
5929 * @returns Strict VBox status code.
5930 * @param pIemCpu The IEM per CPU data.
5931 * @param pu16Value Where to store the popped value.
5932 * @param pTmpRsp Pointer to the temporary stack pointer.
5933 */
5934static VBOXSTRICTRC iemMemStackPopU16Ex(PIEMCPU pIemCpu, uint16_t *pu16Value, PRTUINT64U pTmpRsp)
5935{
5936 /* Increment the stack pointer. */
5937 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5938 RTUINT64U NewRsp = *pTmpRsp;
5939 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(&NewRsp, 2, pCtx);
5940
5941 /* Write the word the lazy way. */
5942 uint16_t const *pu16Src;
5943 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu16Src, sizeof(*pu16Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
5944 if (rc == VINF_SUCCESS)
5945 {
5946 *pu16Value = *pu16Src;
5947 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu16Src, IEM_ACCESS_STACK_R);
5948
5949 /* Commit the new RSP value. */
5950 if (rc == VINF_SUCCESS)
5951 *pTmpRsp = NewRsp;
5952 }
5953
5954 return rc;
5955}
5956
5957
5958/**
5959 * Pops a dword from the stack, using a temporary stack pointer.
5960 *
5961 * @returns Strict VBox status code.
5962 * @param pIemCpu The IEM per CPU data.
5963 * @param pu32Value Where to store the popped value.
5964 * @param pTmpRsp Pointer to the temporary stack pointer.
5965 */
5966static VBOXSTRICTRC iemMemStackPopU32Ex(PIEMCPU pIemCpu, uint32_t *pu32Value, PRTUINT64U pTmpRsp)
5967{
5968 /* Increment the stack pointer. */
5969 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
5970 RTUINT64U NewRsp = *pTmpRsp;
5971 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(&NewRsp, 4, pCtx);
5972
5973 /* Write the word the lazy way. */
5974 uint32_t const *pu32Src;
5975 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
5976 if (rc == VINF_SUCCESS)
5977 {
5978 *pu32Value = *pu32Src;
5979 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_STACK_R);
5980
5981 /* Commit the new RSP value. */
5982 if (rc == VINF_SUCCESS)
5983 *pTmpRsp = NewRsp;
5984 }
5985
5986 return rc;
5987}
5988
5989
5990/**
5991 * Pops a qword from the stack, using a temporary stack pointer.
5992 *
5993 * @returns Strict VBox status code.
5994 * @param pIemCpu The IEM per CPU data.
5995 * @param pu64Value Where to store the popped value.
5996 * @param pTmpRsp Pointer to the temporary stack pointer.
5997 */
5998static VBOXSTRICTRC iemMemStackPopU64Ex(PIEMCPU pIemCpu, uint64_t *pu64Value, PRTUINT64U pTmpRsp)
5999{
6000 /* Increment the stack pointer. */
6001 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6002 RTUINT64U NewRsp = *pTmpRsp;
6003 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(&NewRsp, 8, pCtx);
6004
6005 /* Write the word the lazy way. */
6006 uint64_t const *pu64Src;
6007 VBOXSTRICTRC rcStrict = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
6008 if (rcStrict == VINF_SUCCESS)
6009 {
6010 *pu64Value = *pu64Src;
6011 rcStrict = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_STACK_R);
6012
6013 /* Commit the new RSP value. */
6014 if (rcStrict == VINF_SUCCESS)
6015 *pTmpRsp = NewRsp;
6016 }
6017
6018 return rcStrict;
6019}
6020
6021
6022/**
6023 * Begin a special stack push (used by interrupt, exceptions and such).
6024 *
6025 * This will raise #SS or #PF if appropriate.
6026 *
6027 * @returns Strict VBox status code.
6028 * @param pIemCpu The IEM per CPU data.
6029 * @param cbMem The number of bytes to push onto the stack.
6030 * @param ppvMem Where to return the pointer to the stack memory.
6031 * As with the other memory functions this could be
6032 * direct access or bounce buffered access, so
6033 * don't commit register until the commit call
6034 * succeeds.
6035 * @param puNewRsp Where to return the new RSP value. This must be
6036 * passed unchanged to
6037 * iemMemStackPushCommitSpecial().
6038 */
6039static VBOXSTRICTRC iemMemStackPushBeginSpecial(PIEMCPU pIemCpu, size_t cbMem, void **ppvMem, uint64_t *puNewRsp)
6040{
6041 Assert(cbMem < UINT8_MAX);
6042 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6043 RTGCPTR GCPtrTop = iemRegGetRspForPush(pCtx, (uint8_t)cbMem, puNewRsp);
6044 return iemMemMap(pIemCpu, ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_W);
6045}
6046
6047
6048/**
6049 * Commits a special stack push (started by iemMemStackPushBeginSpecial).
6050 *
6051 * This will update the rSP.
6052 *
6053 * @returns Strict VBox status code.
6054 * @param pIemCpu The IEM per CPU data.
6055 * @param pvMem The pointer returned by
6056 * iemMemStackPushBeginSpecial().
6057 * @param uNewRsp The new RSP value returned by
6058 * iemMemStackPushBeginSpecial().
6059 */
6060static VBOXSTRICTRC iemMemStackPushCommitSpecial(PIEMCPU pIemCpu, void *pvMem, uint64_t uNewRsp)
6061{
6062 VBOXSTRICTRC rcStrict = iemMemCommitAndUnmap(pIemCpu, pvMem, IEM_ACCESS_STACK_W);
6063 if (rcStrict == VINF_SUCCESS)
6064 pIemCpu->CTX_SUFF(pCtx)->rsp = uNewRsp;
6065 return rcStrict;
6066}
6067
6068
6069/**
6070 * Begin a special stack pop (used by iret, retf and such).
6071 *
6072 * This will raise \#SS or \#PF if appropriate.
6073 *
6074 * @returns Strict VBox status code.
6075 * @param pIemCpu The IEM per CPU data.
6076 * @param cbMem The number of bytes to push onto the stack.
6077 * @param ppvMem Where to return the pointer to the stack memory.
6078 * @param puNewRsp Where to return the new RSP value. This must be
6079 * passed unchanged to
6080 * iemMemStackPopCommitSpecial() or applied
6081 * manually if iemMemStackPopDoneSpecial() is used.
6082 */
6083static VBOXSTRICTRC iemMemStackPopBeginSpecial(PIEMCPU pIemCpu, size_t cbMem, void const **ppvMem, uint64_t *puNewRsp)
6084{
6085 Assert(cbMem < UINT8_MAX);
6086 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6087 RTGCPTR GCPtrTop = iemRegGetRspForPop(pCtx, (uint8_t)cbMem, puNewRsp);
6088 return iemMemMap(pIemCpu, (void **)ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
6089}
6090
6091
6092/**
6093 * Continue a special stack pop (used by iret and retf).
6094 *
6095 * This will raise \#SS or \#PF if appropriate.
6096 *
6097 * @returns Strict VBox status code.
6098 * @param pIemCpu The IEM per CPU data.
6099 * @param cbMem The number of bytes to push onto the stack.
6100 * @param ppvMem Where to return the pointer to the stack memory.
6101 * @param puNewRsp Where to return the new RSP value. This must be
6102 * passed unchanged to
6103 * iemMemStackPopCommitSpecial() or applied
6104 * manually if iemMemStackPopDoneSpecial() is used.
6105 */
6106static VBOXSTRICTRC iemMemStackPopContinueSpecial(PIEMCPU pIemCpu, size_t cbMem, void const **ppvMem, uint64_t *puNewRsp)
6107{
6108 Assert(cbMem < UINT8_MAX);
6109 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6110 RTUINT64U NewRsp;
6111 NewRsp.u = *puNewRsp;
6112 RTGCPTR GCPtrTop = iemRegGetRspForPopEx(&NewRsp, 8, pCtx);
6113 *puNewRsp = NewRsp.u;
6114 return iemMemMap(pIemCpu, (void **)ppvMem, cbMem, X86_SREG_SS, GCPtrTop, IEM_ACCESS_STACK_R);
6115}
6116
6117
6118/**
6119 * Commits a special stack pop (started by iemMemStackPopBeginSpecial).
6120 *
6121 * This will update the rSP.
6122 *
6123 * @returns Strict VBox status code.
6124 * @param pIemCpu The IEM per CPU data.
6125 * @param pvMem The pointer returned by
6126 * iemMemStackPopBeginSpecial().
6127 * @param uNewRsp The new RSP value returned by
6128 * iemMemStackPopBeginSpecial().
6129 */
6130static VBOXSTRICTRC iemMemStackPopCommitSpecial(PIEMCPU pIemCpu, void const *pvMem, uint64_t uNewRsp)
6131{
6132 VBOXSTRICTRC rcStrict = iemMemCommitAndUnmap(pIemCpu, (void *)pvMem, IEM_ACCESS_STACK_R);
6133 if (rcStrict == VINF_SUCCESS)
6134 pIemCpu->CTX_SUFF(pCtx)->rsp = uNewRsp;
6135 return rcStrict;
6136}
6137
6138
6139/**
6140 * Done with a special stack pop (started by iemMemStackPopBeginSpecial or
6141 * iemMemStackPopContinueSpecial).
6142 *
6143 * The caller will manually commit the rSP.
6144 *
6145 * @returns Strict VBox status code.
6146 * @param pIemCpu The IEM per CPU data.
6147 * @param pvMem The pointer returned by
6148 * iemMemStackPopBeginSpecial() or
6149 * iemMemStackPopContinueSpecial().
6150 */
6151static VBOXSTRICTRC iemMemStackPopDoneSpecial(PIEMCPU pIemCpu, void const *pvMem)
6152{
6153 return iemMemCommitAndUnmap(pIemCpu, (void *)pvMem, IEM_ACCESS_STACK_R);
6154}
6155
6156
6157/**
6158 * Fetches a system table dword.
6159 *
6160 * @returns Strict VBox status code.
6161 * @param pIemCpu The IEM per CPU data.
6162 * @param pu32Dst Where to return the dword.
6163 * @param iSegReg The index of the segment register to use for
6164 * this access. The base and limits are checked.
6165 * @param GCPtrMem The address of the guest memory.
6166 */
6167static VBOXSTRICTRC iemMemFetchSysU32(PIEMCPU pIemCpu, uint32_t *pu32Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
6168{
6169 /* The lazy approach for now... */
6170 uint32_t const *pu32Src;
6171 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu32Src, sizeof(*pu32Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
6172 if (rc == VINF_SUCCESS)
6173 {
6174 *pu32Dst = *pu32Src;
6175 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu32Src, IEM_ACCESS_SYS_R);
6176 }
6177 return rc;
6178}
6179
6180
6181/**
6182 * Fetches a system table qword.
6183 *
6184 * @returns Strict VBox status code.
6185 * @param pIemCpu The IEM per CPU data.
6186 * @param pu64Dst Where to return the qword.
6187 * @param iSegReg The index of the segment register to use for
6188 * this access. The base and limits are checked.
6189 * @param GCPtrMem The address of the guest memory.
6190 */
6191static VBOXSTRICTRC iemMemFetchSysU64(PIEMCPU pIemCpu, uint64_t *pu64Dst, uint8_t iSegReg, RTGCPTR GCPtrMem)
6192{
6193 /* The lazy approach for now... */
6194 uint64_t const *pu64Src;
6195 VBOXSTRICTRC rc = iemMemMap(pIemCpu, (void **)&pu64Src, sizeof(*pu64Src), iSegReg, GCPtrMem, IEM_ACCESS_SYS_R);
6196 if (rc == VINF_SUCCESS)
6197 {
6198 *pu64Dst = *pu64Src;
6199 rc = iemMemCommitAndUnmap(pIemCpu, (void *)pu64Src, IEM_ACCESS_SYS_R);
6200 }
6201 return rc;
6202}
6203
6204
6205/**
6206 * Fetches a descriptor table entry.
6207 *
6208 * @returns Strict VBox status code.
6209 * @param pIemCpu The IEM per CPU.
6210 * @param pDesc Where to return the descriptor table entry.
6211 * @param uSel The selector which table entry to fetch.
6212 */
6213static VBOXSTRICTRC iemMemFetchSelDesc(PIEMCPU pIemCpu, PIEMSELDESC pDesc, uint16_t uSel)
6214{
6215 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6216
6217 /** @todo did the 286 require all 8 bytes to be accessible? */
6218 /*
6219 * Get the selector table base and check bounds.
6220 */
6221 RTGCPTR GCPtrBase;
6222 if (uSel & X86_SEL_LDT)
6223 {
6224 if ( !pCtx->ldtr.Attr.n.u1Present
6225 || (uSel | X86_SEL_RPL_LDT) > pCtx->ldtr.u32Limit )
6226 {
6227 Log(("iemMemFetchSelDesc: LDT selector %#x is out of bounds (%3x) or ldtr is NP (%#x)\n",
6228 uSel, pCtx->ldtr.u32Limit, pCtx->ldtr.Sel));
6229 /** @todo is this the right exception? */
6230 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, uSel);
6231 }
6232
6233 Assert(pCtx->ldtr.Attr.n.u1Present);
6234 GCPtrBase = pCtx->ldtr.u64Base;
6235 }
6236 else
6237 {
6238 if ((uSel | X86_SEL_RPL_LDT) > pCtx->gdtr.cbGdt)
6239 {
6240 Log(("iemMemFetchSelDesc: GDT selector %#x is out of bounds (%3x)\n", uSel, pCtx->gdtr.cbGdt));
6241 /** @todo is this the right exception? */
6242 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, uSel);
6243 }
6244 GCPtrBase = pCtx->gdtr.pGdt;
6245 }
6246
6247 /*
6248 * Read the legacy descriptor and maybe the long mode extensions if
6249 * required.
6250 */
6251 VBOXSTRICTRC rcStrict = iemMemFetchSysU64(pIemCpu, &pDesc->Legacy.u, UINT8_MAX, GCPtrBase + (uSel & X86_SEL_MASK));
6252 if (rcStrict == VINF_SUCCESS)
6253 {
6254 if ( !IEM_IS_LONG_MODE(pIemCpu)
6255 || pDesc->Legacy.Gen.u1DescType)
6256 pDesc->Long.au64[1] = 0;
6257 else if ((uint32_t)(uSel | X86_SEL_RPL_LDT) + 8 <= (uSel & X86_SEL_LDT ? pCtx->ldtr.u32Limit : pCtx->gdtr.cbGdt))
6258 rcStrict = iemMemFetchSysU64(pIemCpu, &pDesc->Long.au64[1], UINT8_MAX, GCPtrBase + (uSel | X86_SEL_RPL_LDT) + 1);
6259 else
6260 {
6261 Log(("iemMemFetchSelDesc: system selector %#x is out of bounds\n", uSel));
6262 /** @todo is this the right exception? */
6263 return iemRaiseGeneralProtectionFaultBySelector(pIemCpu, uSel);
6264 }
6265 }
6266 return rcStrict;
6267}
6268
6269
6270/**
6271 * Fakes a long mode stack selector for SS = 0.
6272 *
6273 * @param pDescSs Where to return the fake stack descriptor.
6274 * @param uDpl The DPL we want.
6275 */
6276static void iemMemFakeStackSelDesc(PIEMSELDESC pDescSs, uint32_t uDpl)
6277{
6278 pDescSs->Long.au64[0] = 0;
6279 pDescSs->Long.au64[1] = 0;
6280 pDescSs->Long.Gen.u4Type = X86_SEL_TYPE_RW_ACC;
6281 pDescSs->Long.Gen.u1DescType = 1; /* 1 = code / data, 0 = system. */
6282 pDescSs->Long.Gen.u2Dpl = uDpl;
6283 pDescSs->Long.Gen.u1Present = 1;
6284 pDescSs->Long.Gen.u1Long = 1;
6285}
6286
6287
6288/**
6289 * Marks the selector descriptor as accessed (only non-system descriptors).
6290 *
6291 * This function ASSUMES that iemMemFetchSelDesc has be called previously and
6292 * will therefore skip the limit checks.
6293 *
6294 * @returns Strict VBox status code.
6295 * @param pIemCpu The IEM per CPU.
6296 * @param uSel The selector.
6297 */
6298static VBOXSTRICTRC iemMemMarkSelDescAccessed(PIEMCPU pIemCpu, uint16_t uSel)
6299{
6300 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
6301
6302 /*
6303 * Get the selector table base and calculate the entry address.
6304 */
6305 RTGCPTR GCPtr = uSel & X86_SEL_LDT
6306 ? pCtx->ldtr.u64Base
6307 : pCtx->gdtr.pGdt;
6308 GCPtr += uSel & X86_SEL_MASK;
6309
6310 /*
6311 * ASMAtomicBitSet will assert if the address is misaligned, so do some
6312 * ugly stuff to avoid this. This will make sure it's an atomic access
6313 * as well more or less remove any question about 8-bit or 32-bit accesss.
6314 */
6315 VBOXSTRICTRC rcStrict;
6316 uint32_t volatile *pu32;
6317 if ((GCPtr & 3) == 0)
6318 {
6319 /* The normal case, map the 32-bit bits around the accessed bit (40). */
6320 GCPtr += 2 + 2;
6321 rcStrict = iemMemMap(pIemCpu, (void **)&pu32, 4, UINT8_MAX, GCPtr, IEM_ACCESS_SYS_RW);
6322 if (rcStrict != VINF_SUCCESS)
6323 return rcStrict;
6324 ASMAtomicBitSet(pu32, 8); /* X86_SEL_TYPE_ACCESSED is 1, but it is preceeded by u8BaseHigh1. */
6325 }
6326 else
6327 {
6328 /* The misaligned GDT/LDT case, map the whole thing. */
6329 rcStrict = iemMemMap(pIemCpu, (void **)&pu32, 8, UINT8_MAX, GCPtr, IEM_ACCESS_SYS_RW);
6330 if (rcStrict != VINF_SUCCESS)
6331 return rcStrict;
6332 switch ((uintptr_t)pu32 & 3)
6333 {
6334 case 0: ASMAtomicBitSet(pu32, 40 + 0 - 0); break;
6335 case 1: ASMAtomicBitSet((uint8_t volatile *)pu32 + 3, 40 + 0 - 24); break;
6336 case 2: ASMAtomicBitSet((uint8_t volatile *)pu32 + 2, 40 + 0 - 16); break;
6337 case 3: ASMAtomicBitSet((uint8_t volatile *)pu32 + 1, 40 + 0 - 8); break;
6338 }
6339 }
6340
6341 return iemMemCommitAndUnmap(pIemCpu, (void *)pu32, IEM_ACCESS_SYS_RW);
6342}
6343
6344/** @} */
6345
6346
6347/*
6348 * Include the C/C++ implementation of instruction.
6349 */
6350#include "IEMAllCImpl.cpp.h"
6351
6352
6353
6354/** @name "Microcode" macros.
6355 *
6356 * The idea is that we should be able to use the same code to interpret
6357 * instructions as well as recompiler instructions. Thus this obfuscation.
6358 *
6359 * @{
6360 */
6361#define IEM_MC_BEGIN(a_cArgs, a_cLocals) {
6362#define IEM_MC_END() }
6363#define IEM_MC_PAUSE() do {} while (0)
6364#define IEM_MC_CONTINUE() do {} while (0)
6365
6366/** Internal macro. */
6367#define IEM_MC_RETURN_ON_FAILURE(a_Expr) \
6368 do \
6369 { \
6370 VBOXSTRICTRC rcStrict2 = a_Expr; \
6371 if (rcStrict2 != VINF_SUCCESS) \
6372 return rcStrict2; \
6373 } while (0)
6374
6375#define IEM_MC_ADVANCE_RIP() iemRegUpdateRip(pIemCpu)
6376#define IEM_MC_REL_JMP_S8(a_i8) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS8(pIemCpu, a_i8))
6377#define IEM_MC_REL_JMP_S16(a_i16) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS16(pIemCpu, a_i16))
6378#define IEM_MC_REL_JMP_S32(a_i32) IEM_MC_RETURN_ON_FAILURE(iemRegRipRelativeJumpS32(pIemCpu, a_i32))
6379#define IEM_MC_SET_RIP_U16(a_u16NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pIemCpu), (a_u16NewIP)))
6380#define IEM_MC_SET_RIP_U32(a_u32NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pIemCpu), (a_u32NewIP)))
6381#define IEM_MC_SET_RIP_U64(a_u64NewIP) IEM_MC_RETURN_ON_FAILURE(iemRegRipJump((pIemCpu), (a_u64NewIP)))
6382
6383#define IEM_MC_RAISE_DIVIDE_ERROR() return iemRaiseDivideError(pIemCpu)
6384#define IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE() \
6385 do { \
6386 if ((pIemCpu)->CTX_SUFF(pCtx)->cr0 & (X86_CR0_EM | X86_CR0_TS)) \
6387 return iemRaiseDeviceNotAvailable(pIemCpu); \
6388 } while (0)
6389#define IEM_MC_MAYBE_RAISE_FPU_XCPT() \
6390 do { \
6391 if ((pIemCpu)->CTX_SUFF(pCtx)->fpu.FSW & X86_FSW_ES) \
6392 return iemRaiseMathFault(pIemCpu); \
6393 } while (0)
6394#define IEM_MC_RAISE_GP0_IF_CPL_NOT_ZERO() \
6395 do { \
6396 if (pIemCpu->uCpl != 0) \
6397 return iemRaiseGeneralProtectionFault0(pIemCpu); \
6398 } while (0)
6399
6400
6401#define IEM_MC_LOCAL(a_Type, a_Name) a_Type a_Name
6402#define IEM_MC_LOCAL_CONST(a_Type, a_Name, a_Value) a_Type const a_Name = (a_Value)
6403#define IEM_MC_REF_LOCAL(a_pRefArg, a_Local) (a_pRefArg) = &(a_Local)
6404#define IEM_MC_ARG(a_Type, a_Name, a_iArg) a_Type a_Name
6405#define IEM_MC_ARG_CONST(a_Type, a_Name, a_Value, a_iArg) a_Type const a_Name = (a_Value)
6406#define IEM_MC_ARG_LOCAL_REF(a_Type, a_Name, a_Local, a_iArg) a_Type const a_Name = &(a_Local)
6407#define IEM_MC_ARG_LOCAL_EFLAGS(a_pName, a_Name, a_iArg) \
6408 uint32_t a_Name; \
6409 uint32_t *a_pName = &a_Name
6410#define IEM_MC_COMMIT_EFLAGS(a_EFlags) \
6411 do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u = (a_EFlags); Assert((pIemCpu)->CTX_SUFF(pCtx)->eflags.u & X86_EFL_1); } while (0)
6412
6413#define IEM_MC_ASSIGN(a_VarOrArg, a_CVariableOrConst) (a_VarOrArg) = (a_CVariableOrConst)
6414#define IEM_MC_ASSIGN_TO_SMALLER IEM_MC_ASSIGN
6415
6416#define IEM_MC_FETCH_GREG_U8(a_u8Dst, a_iGReg) (a_u8Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
6417#define IEM_MC_FETCH_GREG_U8_ZX_U16(a_u16Dst, a_iGReg) (a_u16Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
6418#define IEM_MC_FETCH_GREG_U8_ZX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
6419#define IEM_MC_FETCH_GREG_U8_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU8(pIemCpu, (a_iGReg))
6420#define IEM_MC_FETCH_GREG_U8_SX_U16(a_u16Dst, a_iGReg) (a_u16Dst) = (int8_t)iemGRegFetchU8(pIemCpu, (a_iGReg))
6421#define IEM_MC_FETCH_GREG_U8_SX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = (int8_t)iemGRegFetchU8(pIemCpu, (a_iGReg))
6422#define IEM_MC_FETCH_GREG_U8_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int8_t)iemGRegFetchU8(pIemCpu, (a_iGReg))
6423#define IEM_MC_FETCH_GREG_U16(a_u16Dst, a_iGReg) (a_u16Dst) = iemGRegFetchU16(pIemCpu, (a_iGReg))
6424#define IEM_MC_FETCH_GREG_U16_ZX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU16(pIemCpu, (a_iGReg))
6425#define IEM_MC_FETCH_GREG_U16_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU16(pIemCpu, (a_iGReg))
6426#define IEM_MC_FETCH_GREG_U16_SX_U32(a_u32Dst, a_iGReg) (a_u32Dst) = (int16_t)iemGRegFetchU16(pIemCpu, (a_iGReg))
6427#define IEM_MC_FETCH_GREG_U16_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int16_t)iemGRegFetchU16(pIemCpu, (a_iGReg))
6428#define IEM_MC_FETCH_GREG_U32(a_u32Dst, a_iGReg) (a_u32Dst) = iemGRegFetchU32(pIemCpu, (a_iGReg))
6429#define IEM_MC_FETCH_GREG_U32_ZX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU32(pIemCpu, (a_iGReg))
6430#define IEM_MC_FETCH_GREG_U32_SX_U64(a_u64Dst, a_iGReg) (a_u64Dst) = (int32_t)iemGRegFetchU32(pIemCpu, (a_iGReg))
6431#define IEM_MC_FETCH_GREG_U64(a_u64Dst, a_iGReg) (a_u64Dst) = iemGRegFetchU64(pIemCpu, (a_iGReg))
6432#define IEM_MC_FETCH_GREG_U64_ZX_U64 IEM_MC_FETCH_GREG_U64
6433#define IEM_MC_FETCH_SREG_U16(a_u16Dst, a_iSReg) (a_u16Dst) = iemSRegFetchU16(pIemCpu, (a_iSReg))
6434#define IEM_MC_FETCH_SREG_ZX_U32(a_u32Dst, a_iSReg) (a_u32Dst) = iemSRegFetchU16(pIemCpu, (a_iSReg))
6435#define IEM_MC_FETCH_SREG_ZX_U64(a_u64Dst, a_iSReg) (a_u64Dst) = iemSRegFetchU16(pIemCpu, (a_iSReg))
6436#define IEM_MC_FETCH_CR0_U16(a_u16Dst) (a_u16Dst) = (uint16_t)(pIemCpu)->CTX_SUFF(pCtx)->cr0
6437#define IEM_MC_FETCH_CR0_U32(a_u32Dst) (a_u32Dst) = (uint32_t)(pIemCpu)->CTX_SUFF(pCtx)->cr0
6438#define IEM_MC_FETCH_CR0_U64(a_u64Dst) (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->cr0
6439#define IEM_MC_FETCH_LDTR_U16(a_u16Dst) (a_u16Dst) = (pIemCpu)->CTX_SUFF(pCtx)->ldtr.Sel
6440#define IEM_MC_FETCH_LDTR_U32(a_u32Dst) (a_u32Dst) = (pIemCpu)->CTX_SUFF(pCtx)->ldtr.Sel
6441#define IEM_MC_FETCH_LDTR_U64(a_u64Dst) (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->ldtr.Sel
6442#define IEM_MC_FETCH_TR_U16(a_u16Dst) (a_u16Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
6443#define IEM_MC_FETCH_TR_U32(a_u32Dst) (a_u32Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
6444#define IEM_MC_FETCH_TR_U64(a_u64Dst) (a_u64Dst) = (pIemCpu)->CTX_SUFF(pCtx)->tr.Sel
6445/** @note Not for IOPL or IF testing or modification. */
6446#define IEM_MC_FETCH_EFLAGS(a_EFlags) (a_EFlags) = (pIemCpu)->CTX_SUFF(pCtx)->eflags.u
6447#define IEM_MC_FETCH_EFLAGS_U8(a_EFlags) (a_EFlags) = (uint8_t)(pIemCpu)->CTX_SUFF(pCtx)->eflags.u
6448#define IEM_MC_FETCH_FSW(a_u16Fsw) (a_u16Fsw) = pIemCpu->CTX_SUFF(pCtx)->fpu.FSW
6449#define IEM_MC_FETCH_FCW(a_u16Fcw) (a_u16Fcw) = pIemCpu->CTX_SUFF(pCtx)->fpu.FCW
6450
6451#define IEM_MC_STORE_GREG_U8(a_iGReg, a_u8Value) *iemGRegRefU8(pIemCpu, (a_iGReg)) = (a_u8Value)
6452#define IEM_MC_STORE_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) = (a_u16Value)
6453#define IEM_MC_STORE_GREG_U32(a_iGReg, a_u32Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) = (uint32_t)(a_u32Value) /* clear high bits. */
6454#define IEM_MC_STORE_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) = (a_u64Value)
6455#define IEM_MC_STORE_GREG_U8_CONST IEM_MC_STORE_GREG_U8
6456#define IEM_MC_STORE_GREG_U16_CONST IEM_MC_STORE_GREG_U16
6457#define IEM_MC_STORE_GREG_U32_CONST IEM_MC_STORE_GREG_U32
6458#define IEM_MC_STORE_GREG_U64_CONST IEM_MC_STORE_GREG_U64
6459#define IEM_MC_CLEAR_HIGH_GREG_U64(a_iGReg) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= UINT32_MAX
6460#define IEM_MC_CLEAR_HIGH_GREG_U64_BY_REF(a_pu32Dst) do { (a_pu32Dst)[1] = 0; } while (0)
6461#define IEM_MC_STORE_FPUREG_R80_SRC_REF(a_iSt, a_pr80Src) \
6462 do { pIemCpu->CTX_SUFF(pCtx)->fpu.aRegs[a_iSt].r80 = *(a_pr80Src); } while (0)
6463
6464#define IEM_MC_REF_GREG_U8(a_pu8Dst, a_iGReg) (a_pu8Dst) = iemGRegRefU8(pIemCpu, (a_iGReg))
6465#define IEM_MC_REF_GREG_U16(a_pu16Dst, a_iGReg) (a_pu16Dst) = (uint16_t *)iemGRegRef(pIemCpu, (a_iGReg))
6466/** @todo User of IEM_MC_REF_GREG_U32 needs to clear the high bits on commit.
6467 * Use IEM_MC_CLEAR_HIGH_GREG_U64_BY_REF! */
6468#define IEM_MC_REF_GREG_U32(a_pu32Dst, a_iGReg) (a_pu32Dst) = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg))
6469#define IEM_MC_REF_GREG_U64(a_pu64Dst, a_iGReg) (a_pu64Dst) = (uint64_t *)iemGRegRef(pIemCpu, (a_iGReg))
6470/** @note Not for IOPL or IF testing or modification. */
6471#define IEM_MC_REF_EFLAGS(a_pEFlags) (a_pEFlags) = &(pIemCpu)->CTX_SUFF(pCtx)->eflags.u
6472
6473#define IEM_MC_ADD_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) += (a_u8Value)
6474#define IEM_MC_ADD_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) += (a_u16Value)
6475#define IEM_MC_ADD_GREG_U32(a_iGReg, a_u32Value) \
6476 do { \
6477 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
6478 *pu32Reg += (a_u32Value); \
6479 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
6480 } while (0)
6481#define IEM_MC_ADD_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) += (a_u64Value)
6482
6483#define IEM_MC_SUB_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) -= (a_u8Value)
6484#define IEM_MC_SUB_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) -= (a_u16Value)
6485#define IEM_MC_SUB_GREG_U32(a_iGReg, a_u32Value) \
6486 do { \
6487 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
6488 *pu32Reg -= (a_u32Value); \
6489 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
6490 } while (0)
6491#define IEM_MC_SUB_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) -= (a_u64Value)
6492
6493#define IEM_MC_ADD_GREG_U8_TO_LOCAL(a_u8Value, a_iGReg) do { (a_u8Value) += iemGRegFetchU8( pIemCpu, (a_iGReg)); } while (0)
6494#define IEM_MC_ADD_GREG_U16_TO_LOCAL(a_u16Value, a_iGReg) do { (a_u16Value) += iemGRegFetchU16(pIemCpu, (a_iGReg)); } while (0)
6495#define IEM_MC_ADD_GREG_U32_TO_LOCAL(a_u32Value, a_iGReg) do { (a_u32Value) += iemGRegFetchU32(pIemCpu, (a_iGReg)); } while (0)
6496#define IEM_MC_ADD_GREG_U64_TO_LOCAL(a_u64Value, a_iGReg) do { (a_u64Value) += iemGRegFetchU64(pIemCpu, (a_iGReg)); } while (0)
6497#define IEM_MC_ADD_LOCAL_S16_TO_EFF_ADDR(a_EffAddr, a_i16) do { (a_EffAddr) += (a_i16); } while (0)
6498#define IEM_MC_ADD_LOCAL_S32_TO_EFF_ADDR(a_EffAddr, a_i32) do { (a_EffAddr) += (a_i32); } while (0)
6499#define IEM_MC_ADD_LOCAL_S64_TO_EFF_ADDR(a_EffAddr, a_i64) do { (a_EffAddr) += (a_i64); } while (0)
6500
6501#define IEM_MC_AND_LOCAL_U8(a_u8Local, a_u8Mask) do { (a_u8Local) &= (a_u8Mask); } while (0)
6502#define IEM_MC_AND_LOCAL_U16(a_u16Local, a_u16Mask) do { (a_u16Local) &= (a_u16Mask); } while (0)
6503#define IEM_MC_AND_LOCAL_U32(a_u32Local, a_u32Mask) do { (a_u32Local) &= (a_u32Mask); } while (0)
6504#define IEM_MC_AND_LOCAL_U64(a_u64Local, a_u64Mask) do { (a_u64Local) &= (a_u64Mask); } while (0)
6505
6506#define IEM_MC_AND_ARG_U16(a_u16Arg, a_u16Mask) do { (a_u16Arg) &= (a_u16Mask); } while (0)
6507#define IEM_MC_AND_ARG_U32(a_u32Arg, a_u32Mask) do { (a_u32Arg) &= (a_u32Mask); } while (0)
6508#define IEM_MC_AND_ARG_U64(a_u64Arg, a_u64Mask) do { (a_u64Arg) &= (a_u64Mask); } while (0)
6509
6510#define IEM_MC_OR_LOCAL_U8(a_u8Local, a_u8Mask) do { (a_u8Local) |= (a_u8Mask); } while (0)
6511#define IEM_MC_OR_LOCAL_U32(a_u32Local, a_u32Mask) do { (a_u32Local) |= (a_u32Mask); } while (0)
6512
6513#define IEM_MC_SAR_LOCAL_S16(a_i16Local, a_cShift) do { (a_i16Local) >>= (a_cShift); } while (0)
6514#define IEM_MC_SAR_LOCAL_S32(a_i32Local, a_cShift) do { (a_i32Local) >>= (a_cShift); } while (0)
6515#define IEM_MC_SAR_LOCAL_S64(a_i64Local, a_cShift) do { (a_i64Local) >>= (a_cShift); } while (0)
6516
6517#define IEM_MC_SHL_LOCAL_S16(a_i16Local, a_cShift) do { (a_i16Local) <<= (a_cShift); } while (0)
6518#define IEM_MC_SHL_LOCAL_S32(a_i32Local, a_cShift) do { (a_i32Local) <<= (a_cShift); } while (0)
6519#define IEM_MC_SHL_LOCAL_S64(a_i64Local, a_cShift) do { (a_i64Local) <<= (a_cShift); } while (0)
6520
6521#define IEM_MC_AND_2LOCS_U32(a_u32Local, a_u32Mask) do { (a_u32Local) &= (a_u32Mask); } while (0)
6522
6523#define IEM_MC_OR_2LOCS_U32(a_u32Local, a_u32Mask) do { (a_u32Local) |= (a_u32Mask); } while (0)
6524
6525#define IEM_MC_AND_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= (a_u8Value)
6526#define IEM_MC_AND_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= (a_u16Value)
6527#define IEM_MC_AND_GREG_U32(a_iGReg, a_u32Value) \
6528 do { \
6529 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
6530 *pu32Reg &= (a_u32Value); \
6531 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
6532 } while (0)
6533#define IEM_MC_AND_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) &= (a_u64Value)
6534
6535#define IEM_MC_OR_GREG_U8(a_iGReg, a_u8Value) *(uint8_t *)iemGRegRef(pIemCpu, (a_iGReg)) |= (a_u8Value)
6536#define IEM_MC_OR_GREG_U16(a_iGReg, a_u16Value) *(uint16_t *)iemGRegRef(pIemCpu, (a_iGReg)) |= (a_u16Value)
6537#define IEM_MC_OR_GREG_U32(a_iGReg, a_u32Value) \
6538 do { \
6539 uint32_t *pu32Reg = (uint32_t *)iemGRegRef(pIemCpu, (a_iGReg)); \
6540 *pu32Reg |= (a_u32Value); \
6541 pu32Reg[1] = 0; /* implicitly clear the high bit. */ \
6542 } while (0)
6543#define IEM_MC_OR_GREG_U64(a_iGReg, a_u64Value) *(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) |= (a_u64Value)
6544
6545
6546/** @note Not for IOPL or IF modification. */
6547#define IEM_MC_SET_EFL_BIT(a_fBit) do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u |= (a_fBit); } while (0)
6548/** @note Not for IOPL or IF modification. */
6549#define IEM_MC_CLEAR_EFL_BIT(a_fBit) do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u &= ~(a_fBit); } while (0)
6550/** @note Not for IOPL or IF modification. */
6551#define IEM_MC_FLIP_EFL_BIT(a_fBit) do { (pIemCpu)->CTX_SUFF(pCtx)->eflags.u ^= (a_fBit); } while (0)
6552
6553#define IEM_MC_CLEAR_FSW_EX() do { (pIemCpu)->CTX_SUFF(pCtx)->fpu.FSW &= X86_FSW_C_MASK | X86_FSW_TOP_MASK; } while (0)
6554
6555
6556#define IEM_MC_FETCH_MEM_U8(a_u8Dst, a_iSeg, a_GCPtrMem) \
6557 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem)))
6558#define IEM_MC_FETCH_MEM16_U8(a_u8Dst, a_iSeg, a_GCPtrMem16) \
6559 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem16)))
6560#define IEM_MC_FETCH_MEM32_U8(a_u8Dst, a_iSeg, a_GCPtrMem32) \
6561 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &(a_u8Dst), (a_iSeg), (a_GCPtrMem32)))
6562
6563#define IEM_MC_FETCH_MEM_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
6564 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &(a_u16Dst), (a_iSeg), (a_GCPtrMem)))
6565#define IEM_MC_FETCH_MEM_U16_DISP(a_u16Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
6566 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &(a_u16Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
6567#define IEM_MC_FETCH_MEM_I16(a_i16Dst, a_iSeg, a_GCPtrMem) \
6568 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, (uint16_t *)&(a_i16Dst), (a_iSeg), (a_GCPtrMem)))
6569
6570#define IEM_MC_FETCH_MEM_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
6571 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &(a_u32Dst), (a_iSeg), (a_GCPtrMem)))
6572#define IEM_MC_FETCH_MEM_U32_DISP(a_u32Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
6573 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &(a_u32Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
6574#define IEM_MC_FETCH_MEM_I32(a_i32Dst, a_iSeg, a_GCPtrMem) \
6575 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, (uint32_t *)&(a_i32Dst), (a_iSeg), (a_GCPtrMem)))
6576
6577#define IEM_MC_FETCH_MEM_S32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6578 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataS32SxU64(pIemCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
6579
6580#define IEM_MC_FETCH_MEM_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6581 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem)))
6582#define IEM_MC_FETCH_MEM_U64_DISP(a_u64Dst, a_iSeg, a_GCPtrMem, a_offDisp) \
6583 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, &(a_u64Dst), (a_iSeg), (a_GCPtrMem) + (a_offDisp)))
6584
6585#define IEM_MC_FETCH_MEM_R32(a_r32Dst, a_iSeg, a_GCPtrMem) \
6586 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &(a_r32Dst).u32, (a_iSeg), (a_GCPtrMem)))
6587#define IEM_MC_FETCH_MEM_R64(a_r64Dst, a_iSeg, a_GCPtrMem) \
6588 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU64(pIemCpu, &(a_r64Dst).au64[0], (a_iSeg), (a_GCPtrMem)))
6589#define IEM_MC_FETCH_MEM_R80(a_r80Dst, a_iSeg, a_GCPtrMem) \
6590 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataR80(pIemCpu, &(a_r80Dst), (a_iSeg), (a_GCPtrMem)))
6591
6592
6593#define IEM_MC_FETCH_MEM_U8_ZX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
6594 do { \
6595 uint8_t u8Tmp; \
6596 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
6597 (a_u16Dst) = u8Tmp; \
6598 } while (0)
6599#define IEM_MC_FETCH_MEM_U8_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
6600 do { \
6601 uint8_t u8Tmp; \
6602 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
6603 (a_u32Dst) = u8Tmp; \
6604 } while (0)
6605#define IEM_MC_FETCH_MEM_U8_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6606 do { \
6607 uint8_t u8Tmp; \
6608 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
6609 (a_u64Dst) = u8Tmp; \
6610 } while (0)
6611#define IEM_MC_FETCH_MEM_U16_ZX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
6612 do { \
6613 uint16_t u16Tmp; \
6614 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
6615 (a_u32Dst) = u16Tmp; \
6616 } while (0)
6617#define IEM_MC_FETCH_MEM_U16_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6618 do { \
6619 uint16_t u16Tmp; \
6620 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
6621 (a_u64Dst) = u16Tmp; \
6622 } while (0)
6623#define IEM_MC_FETCH_MEM_U32_ZX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6624 do { \
6625 uint32_t u32Tmp; \
6626 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &u32Tmp, (a_iSeg), (a_GCPtrMem))); \
6627 (a_u64Dst) = u32Tmp; \
6628 } while (0)
6629
6630#define IEM_MC_FETCH_MEM_U8_SX_U16(a_u16Dst, a_iSeg, a_GCPtrMem) \
6631 do { \
6632 uint8_t u8Tmp; \
6633 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
6634 (a_u16Dst) = (int8_t)u8Tmp; \
6635 } while (0)
6636#define IEM_MC_FETCH_MEM_U8_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
6637 do { \
6638 uint8_t u8Tmp; \
6639 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
6640 (a_u32Dst) = (int8_t)u8Tmp; \
6641 } while (0)
6642#define IEM_MC_FETCH_MEM_U8_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6643 do { \
6644 uint8_t u8Tmp; \
6645 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU8(pIemCpu, &u8Tmp, (a_iSeg), (a_GCPtrMem))); \
6646 (a_u64Dst) = (int8_t)u8Tmp; \
6647 } while (0)
6648#define IEM_MC_FETCH_MEM_U16_SX_U32(a_u32Dst, a_iSeg, a_GCPtrMem) \
6649 do { \
6650 uint16_t u16Tmp; \
6651 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
6652 (a_u32Dst) = (int16_t)u16Tmp; \
6653 } while (0)
6654#define IEM_MC_FETCH_MEM_U16_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6655 do { \
6656 uint16_t u16Tmp; \
6657 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU16(pIemCpu, &u16Tmp, (a_iSeg), (a_GCPtrMem))); \
6658 (a_u64Dst) = (int16_t)u16Tmp; \
6659 } while (0)
6660#define IEM_MC_FETCH_MEM_U32_SX_U64(a_u64Dst, a_iSeg, a_GCPtrMem) \
6661 do { \
6662 uint32_t u32Tmp; \
6663 IEM_MC_RETURN_ON_FAILURE(iemMemFetchDataU32(pIemCpu, &u32Tmp, (a_iSeg), (a_GCPtrMem))); \
6664 (a_u64Dst) = (int32_t)u32Tmp; \
6665 } while (0)
6666
6667#define IEM_MC_STORE_MEM_U8(a_iSeg, a_GCPtrMem, a_u8Value) \
6668 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU8(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u8Value)))
6669#define IEM_MC_STORE_MEM_U16(a_iSeg, a_GCPtrMem, a_u16Value) \
6670 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU16(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u16Value)))
6671#define IEM_MC_STORE_MEM_U32(a_iSeg, a_GCPtrMem, a_u32Value) \
6672 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU32(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u32Value)))
6673#define IEM_MC_STORE_MEM_U64(a_iSeg, a_GCPtrMem, a_u64Value) \
6674 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU64(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u64Value)))
6675
6676#define IEM_MC_STORE_MEM_U8_CONST(a_iSeg, a_GCPtrMem, a_u8C) \
6677 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU8(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u8C)))
6678#define IEM_MC_STORE_MEM_U16_CONST(a_iSeg, a_GCPtrMem, a_u16C) \
6679 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU16(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u16C)))
6680#define IEM_MC_STORE_MEM_U32_CONST(a_iSeg, a_GCPtrMem, a_u32C) \
6681 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU32(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u32C)))
6682#define IEM_MC_STORE_MEM_U64_CONST(a_iSeg, a_GCPtrMem, a_u64C) \
6683 IEM_MC_RETURN_ON_FAILURE(iemMemStoreDataU64(pIemCpu, (a_iSeg), (a_GCPtrMem), (a_u64C)))
6684
6685#define IEM_MC_STORE_MEM_I8_CONST_BY_REF( a_pi8Dst, a_i8C) *(a_pi8Dst) = (a_i8C)
6686#define IEM_MC_STORE_MEM_I16_CONST_BY_REF(a_pi16Dst, a_i16C) *(a_pi16Dst) = (a_i16C)
6687#define IEM_MC_STORE_MEM_I32_CONST_BY_REF(a_pi32Dst, a_i32C) *(a_pi32Dst) = (a_i32C)
6688#define IEM_MC_STORE_MEM_I64_CONST_BY_REF(a_pi64Dst, a_i64C) *(a_pi64Dst) = (a_i64C)
6689#define IEM_MC_STORE_MEM_NEG_QNAN_R32_BY_REF(a_pr32Dst) (a_pr32Dst)->u32 = UINT32_C(0xffc00000)
6690#define IEM_MC_STORE_MEM_NEG_QNAN_R64_BY_REF(a_pr64Dst) (a_pr64Dst)->au64[0] = UINT64_C(0xfff8000000000000)
6691#define IEM_MC_STORE_MEM_NEG_QNAN_R80_BY_REF(a_pr80Dst) \
6692 do { \
6693 (a_pr80Dst)->au64[0] = UINT64_C(0xc000000000000000); \
6694 (a_pr80Dst)->au16[4] = UINT16_C(0xffff); \
6695 } while (0)
6696
6697
6698#define IEM_MC_PUSH_U16(a_u16Value) \
6699 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU16(pIemCpu, (a_u16Value)))
6700#define IEM_MC_PUSH_U32(a_u32Value) \
6701 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU32(pIemCpu, (a_u32Value)))
6702#define IEM_MC_PUSH_U64(a_u64Value) \
6703 IEM_MC_RETURN_ON_FAILURE(iemMemStackPushU64(pIemCpu, (a_u64Value)))
6704
6705#define IEM_MC_POP_U16(a_pu16Value) \
6706 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU16(pIemCpu, (a_pu16Value)))
6707#define IEM_MC_POP_U32(a_pu32Value) \
6708 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU32(pIemCpu, (a_pu32Value)))
6709#define IEM_MC_POP_U64(a_pu64Value) \
6710 IEM_MC_RETURN_ON_FAILURE(iemMemStackPopU64(pIemCpu, (a_pu64Value)))
6711
6712/** Maps guest memory for direct or bounce buffered access.
6713 * The purpose is to pass it to an operand implementation, thus the a_iArg.
6714 * @remarks May return.
6715 */
6716#define IEM_MC_MEM_MAP(a_pMem, a_fAccess, a_iSeg, a_GCPtrMem, a_iArg) \
6717 IEM_MC_RETURN_ON_FAILURE(iemMemMap(pIemCpu, (void **)&(a_pMem), sizeof(*(a_pMem)), (a_iSeg), (a_GCPtrMem), (a_fAccess)))
6718
6719/** Maps guest memory for direct or bounce buffered access.
6720 * The purpose is to pass it to an operand implementation, thus the a_iArg.
6721 * @remarks May return.
6722 */
6723#define IEM_MC_MEM_MAP_EX(a_pvMem, a_fAccess, a_cbMem, a_iSeg, a_GCPtrMem, a_iArg) \
6724 IEM_MC_RETURN_ON_FAILURE(iemMemMap(pIemCpu, (void **)&(a_pvMem), (a_cbMem), (a_iSeg), (a_GCPtrMem), (a_fAccess)))
6725
6726/** Commits the memory and unmaps the guest memory.
6727 * @remarks May return.
6728 */
6729#define IEM_MC_MEM_COMMIT_AND_UNMAP(a_pvMem, a_fAccess) \
6730 IEM_MC_RETURN_ON_FAILURE(iemMemCommitAndUnmap(pIemCpu, (a_pvMem), (a_fAccess)))
6731
6732/** Commits the memory and unmaps the guest memory unless the FPU status word
6733 * indicates (@a a_u16FSW) and FPU control word indicates a pending exception
6734 * that would cause FLD not to store.
6735 *
6736 * The current understanding is that \#O, \#U, \#IA and \#IS will prevent a
6737 * store, while \#P will not.
6738 *
6739 * @remarks May in theory return - for now.
6740 */
6741#define IEM_MC_MEM_COMMIT_AND_UNMAP_FOR_FPU_STORE(a_pvMem, a_fAccess, a_u16FSW) \
6742 do { \
6743 if ( !(a_u16FSW & X86_FSW_ES) \
6744 || !( (a_u16FSW & (X86_FSW_UE | X86_FSW_OE | X86_FSW_IE)) \
6745 & ~(pIemCpu->CTX_SUFF(pCtx)->fpu.FCW & X86_FCW_MASK_ALL) ) ) \
6746 IEM_MC_RETURN_ON_FAILURE(iemMemCommitAndUnmap(pIemCpu, (a_pvMem), (a_fAccess))); \
6747 } while (0)
6748
6749/** Calculate efficient address from R/M. */
6750#define IEM_MC_CALC_RM_EFF_ADDR(a_GCPtrEff, bRm) \
6751 IEM_MC_RETURN_ON_FAILURE(iemOpHlpCalcRmEffAddr(pIemCpu, (bRm), &(a_GCPtrEff)))
6752
6753#define IEM_MC_CALL_VOID_AIMPL_1(a_pfn, a0) (a_pfn)((a0))
6754#define IEM_MC_CALL_VOID_AIMPL_2(a_pfn, a0, a1) (a_pfn)((a0), (a1))
6755#define IEM_MC_CALL_VOID_AIMPL_3(a_pfn, a0, a1, a2) (a_pfn)((a0), (a1), (a2))
6756#define IEM_MC_CALL_VOID_AIMPL_4(a_pfn, a0, a1, a2, a3) (a_pfn)((a0), (a1), (a2), (a3))
6757#define IEM_MC_CALL_AIMPL_4(a_rc, a_pfn, a0, a1, a2, a3) (a_rc) = (a_pfn)((a0), (a1), (a2), (a3))
6758
6759/**
6760 * Defers the rest of the instruction emulation to a C implementation routine
6761 * and returns, only taking the standard parameters.
6762 *
6763 * @param a_pfnCImpl The pointer to the C routine.
6764 * @sa IEM_DECL_IMPL_C_TYPE_0 and IEM_CIMPL_DEF_0.
6765 */
6766#define IEM_MC_CALL_CIMPL_0(a_pfnCImpl) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode)
6767
6768/**
6769 * Defers the rest of instruction emulation to a C implementation routine and
6770 * returns, taking one argument in addition to the standard ones.
6771 *
6772 * @param a_pfnCImpl The pointer to the C routine.
6773 * @param a0 The argument.
6774 */
6775#define IEM_MC_CALL_CIMPL_1(a_pfnCImpl, a0) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0)
6776
6777/**
6778 * Defers the rest of the instruction emulation to a C implementation routine
6779 * and returns, taking two arguments in addition to the standard ones.
6780 *
6781 * @param a_pfnCImpl The pointer to the C routine.
6782 * @param a0 The first extra argument.
6783 * @param a1 The second extra argument.
6784 */
6785#define IEM_MC_CALL_CIMPL_2(a_pfnCImpl, a0, a1) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1)
6786
6787/**
6788 * Defers the rest of the instruction emulation to a C implementation routine
6789 * and returns, taking two arguments in addition to the standard ones.
6790 *
6791 * @param a_pfnCImpl The pointer to the C routine.
6792 * @param a0 The first extra argument.
6793 * @param a1 The second extra argument.
6794 * @param a2 The third extra argument.
6795 */
6796#define IEM_MC_CALL_CIMPL_3(a_pfnCImpl, a0, a1, a2) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2)
6797
6798/**
6799 * Defers the rest of the instruction emulation to a C implementation routine
6800 * and returns, taking two arguments in addition to the standard ones.
6801 *
6802 * @param a_pfnCImpl The pointer to the C routine.
6803 * @param a0 The first extra argument.
6804 * @param a1 The second extra argument.
6805 * @param a2 The third extra argument.
6806 * @param a3 The fourth extra argument.
6807 * @param a4 The fifth extra argument.
6808 */
6809#define IEM_MC_CALL_CIMPL_5(a_pfnCImpl, a0, a1, a2, a3, a4) return (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2, a3, a4)
6810
6811/**
6812 * Defers the entire instruction emulation to a C implementation routine and
6813 * returns, only taking the standard parameters.
6814 *
6815 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
6816 *
6817 * @param a_pfnCImpl The pointer to the C routine.
6818 * @sa IEM_DECL_IMPL_C_TYPE_0 and IEM_CIMPL_DEF_0.
6819 */
6820#define IEM_MC_DEFER_TO_CIMPL_0(a_pfnCImpl) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode)
6821
6822/**
6823 * Defers the entire instruction emulation to a C implementation routine and
6824 * returns, taking one argument in addition to the standard ones.
6825 *
6826 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
6827 *
6828 * @param a_pfnCImpl The pointer to the C routine.
6829 * @param a0 The argument.
6830 */
6831#define IEM_MC_DEFER_TO_CIMPL_1(a_pfnCImpl, a0) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0)
6832
6833/**
6834 * Defers the entire instruction emulation to a C implementation routine and
6835 * returns, taking two arguments in addition to the standard ones.
6836 *
6837 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
6838 *
6839 * @param a_pfnCImpl The pointer to the C routine.
6840 * @param a0 The first extra argument.
6841 * @param a1 The second extra argument.
6842 */
6843#define IEM_MC_DEFER_TO_CIMPL_2(a_pfnCImpl, a0, a1) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1)
6844
6845/**
6846 * Defers the entire instruction emulation to a C implementation routine and
6847 * returns, taking three arguments in addition to the standard ones.
6848 *
6849 * This shall be used without any IEM_MC_BEGIN or IEM_END macro surrounding it.
6850 *
6851 * @param a_pfnCImpl The pointer to the C routine.
6852 * @param a0 The first extra argument.
6853 * @param a1 The second extra argument.
6854 * @param a2 The third extra argument.
6855 */
6856#define IEM_MC_DEFER_TO_CIMPL_3(a_pfnCImpl, a0, a1, a2) (a_pfnCImpl)(pIemCpu, pIemCpu->offOpcode, a0, a1, a2)
6857
6858/**
6859 * Calls a FPU assembly implementation taking one visible argument.
6860 *
6861 * @param a_pfnAImpl Pointer to the assembly FPU routine.
6862 * @param a0 The first extra argument.
6863 */
6864#define IEM_MC_CALL_FPU_AIMPL_1(a_pfnAImpl, a0) \
6865 do { \
6866 iemFpuPrepareUsage(pIemCpu); \
6867 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->fpu, (a0)); \
6868 } while (0)
6869
6870/**
6871 * Calls a FPU assembly implementation taking two visible arguments.
6872 *
6873 * @param a_pfnAImpl Pointer to the assembly FPU routine.
6874 * @param a0 The first extra argument.
6875 * @param a1 The second extra argument.
6876 */
6877#define IEM_MC_CALL_FPU_AIMPL_2(a_pfnAImpl, a0, a1) \
6878 do { \
6879 iemFpuPrepareUsage(pIemCpu); \
6880 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->fpu, (a0), (a1)); \
6881 } while (0)
6882
6883/**
6884 * Calls a FPU assembly implementation taking three visible arguments.
6885 *
6886 * @param a_pfnAImpl Pointer to the assembly FPU routine.
6887 * @param a0 The first extra argument.
6888 * @param a1 The second extra argument.
6889 * @param a2 The third extra argument.
6890 */
6891#define IEM_MC_CALL_FPU_AIMPL_3(a_pfnAImpl, a0, a1, a2) \
6892 do { \
6893 iemFpuPrepareUsage(pIemCpu); \
6894 a_pfnAImpl(&pIemCpu->CTX_SUFF(pCtx)->fpu, (a0), (a1), (a2)); \
6895 } while (0)
6896
6897#define IEM_MC_SET_FPU_RESULT(a_FpuData, a_FSW, a_pr80Value) \
6898 do { \
6899 (a_FpuData).FSW = (a_FSW); \
6900 (a_FpuData).r80Result = *(a_pr80Value); \
6901 } while (0)
6902
6903/** Pushes FPU result onto the stack. */
6904#define IEM_MC_PUSH_FPU_RESULT(a_FpuData) \
6905 iemFpuPushResult(pIemCpu, &a_FpuData)
6906/** Pushes FPU result onto the stack and sets the FPUDP. */
6907#define IEM_MC_PUSH_FPU_RESULT_MEM_OP(a_FpuData, a_iEffSeg, a_GCPtrEff) \
6908 iemFpuPushResultWithMemOp(pIemCpu, &a_FpuData, a_iEffSeg, a_GCPtrEff)
6909
6910/** Replaces ST0 with value one and pushes value 2 onto the FPU stack. */
6911#define IEM_MC_PUSH_FPU_RESULT_TWO(a_FpuDataTwo) \
6912 iemFpuPushResultTwo(pIemCpu, &a_FpuDataTwo)
6913
6914/** Stores FPU result in a stack register. */
6915#define IEM_MC_STORE_FPU_RESULT(a_FpuData, a_iStReg) \
6916 iemFpuStoreResult(pIemCpu, &a_FpuData, a_iStReg)
6917/** Stores FPU result in a stack register and pops the stack. */
6918#define IEM_MC_STORE_FPU_RESULT_THEN_POP(a_FpuData, a_iStReg) \
6919 iemFpuStoreResultThenPop(pIemCpu, &a_FpuData, a_iStReg)
6920/** Stores FPU result in a stack register and sets the FPUDP. */
6921#define IEM_MC_STORE_FPU_RESULT_MEM_OP(a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff) \
6922 iemFpuStoreResultWithMemOp(pIemCpu, &a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff)
6923/** Stores FPU result in a stack register, sets the FPUDP, and pops the
6924 * stack. */
6925#define IEM_MC_STORE_FPU_RESULT_WITH_MEM_OP_THEN_POP(a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff) \
6926 iemFpuStoreResultWithMemOpThenPop(pIemCpu, &a_FpuData, a_iStReg, a_iEffSeg, a_GCPtrEff)
6927
6928/** Only update the FOP, FPUIP, and FPUCS. (For FNOP.) */
6929#define IEM_MC_UPDATE_FPU_OPCODE_IP() \
6930 iemFpuUpdateOpcodeAndIp(pIemCpu)
6931/** Free a stack register (for FFREE and FFREEP). */
6932#define IEM_MC_FPU_STACK_FREE(a_iStReg) \
6933 iemFpuStackFree(pIemCpu, a_iStReg)
6934/** Increment the FPU stack pointer. */
6935#define IEM_MC_FPU_STACK_INC_TOP() \
6936 iemFpuStackIncTop(pIemCpu)
6937/** Decrement the FPU stack pointer. */
6938#define IEM_MC_FPU_STACK_DEC_TOP() \
6939 iemFpuStackDecTop(pIemCpu)
6940
6941/** Updates the FSW, FOP, FPUIP, and FPUCS. */
6942#define IEM_MC_UPDATE_FSW(a_u16FSW) \
6943 iemFpuUpdateFSW(pIemCpu, a_u16FSW)
6944/** Updates the FSW with a constant value as well as FOP, FPUIP, and FPUCS. */
6945#define IEM_MC_UPDATE_FSW_CONST(a_u16FSW) \
6946 iemFpuUpdateFSW(pIemCpu, a_u16FSW)
6947/** Updates the FSW, FOP, FPUIP, FPUCS, FPUDP, and FPUDS. */
6948#define IEM_MC_UPDATE_FSW_WITH_MEM_OP(a_u16FSW, a_iEffSeg, a_GCPtrEff) \
6949 iemFpuUpdateFSWWithMemOp(pIemCpu, a_u16FSW, a_iEffSeg, a_GCPtrEff)
6950/** Updates the FSW, FOP, FPUIP, and FPUCS, and then pops the stack. */
6951#define IEM_MC_UPDATE_FSW_THEN_POP(a_u16FSW) \
6952 iemFpuUpdateFSWThenPop(pIemCpu, a_u16FSW)
6953/** Updates the FSW, FOP, FPUIP, FPUCS, FPUDP and FPUDS, and then pops the
6954 * stack. */
6955#define IEM_MC_UPDATE_FSW_WITH_MEM_OP_THEN_POP(a_u16FSW, a_iEffSeg, a_GCPtrEff) \
6956 iemFpuUpdateFSWWithMemOpThenPop(pIemCpu, a_u16FSW, a_iEffSeg, a_GCPtrEff)
6957/** Updates the FSW, FOP, FPUIP, and FPUCS, and then pops the stack twice. */
6958#define IEM_MC_UPDATE_FSW_THEN_POP_POP(a_u16FSW) \
6959 iemFpuUpdateFSWThenPop(pIemCpu, a_u16FSW)
6960
6961/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. */
6962#define IEM_MC_FPU_STACK_UNDERFLOW(a_iStDst) \
6963 iemFpuStackUnderflow(pIemCpu, a_iStDst)
6964/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. Pops
6965 * stack. */
6966#define IEM_MC_FPU_STACK_UNDERFLOW_THEN_POP(a_iStDst) \
6967 iemFpuStackUnderflowThenPop(pIemCpu, a_iStDst)
6968/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS, FOP, FPUDP and
6969 * FPUDS. */
6970#define IEM_MC_FPU_STACK_UNDERFLOW_MEM_OP(a_iStDst, a_iEffSeg, a_GCPtrEff) \
6971 iemFpuStackUnderflowWithMemOp(pIemCpu, a_iStDst, a_iEffSeg, a_GCPtrEff)
6972/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS, FOP, FPUDP and
6973 * FPUDS. Pops stack. */
6974#define IEM_MC_FPU_STACK_UNDERFLOW_MEM_OP_THEN_POP(a_iStDst, a_iEffSeg, a_GCPtrEff) \
6975 iemFpuStackUnderflowWithMemOpThenPop(pIemCpu, a_iStDst, a_iEffSeg, a_GCPtrEff)
6976/** Raises a FPU stack underflow exception. Sets FPUIP, FPUCS and FOP. Pops
6977 * stack twice. */
6978#define IEM_MC_FPU_STACK_UNDERFLOW_THEN_POP_POP() \
6979 iemFpuStackUnderflowThenPopPop(pIemCpu)
6980/** Raises a FPU stack underflow exception for an instruction pushing a result
6981 * value onto the stack. Sets FPUIP, FPUCS and FOP. */
6982#define IEM_MC_FPU_STACK_PUSH_UNDERFLOW() \
6983 iemFpuStackPushUnderflow(pIemCpu)
6984/** Raises a FPU stack underflow exception for an instruction pushing a result
6985 * value onto the stack and replacing ST0. Sets FPUIP, FPUCS and FOP. */
6986#define IEM_MC_FPU_STACK_PUSH_UNDERFLOW_TWO() \
6987 iemFpuStackPushUnderflowTwo(pIemCpu)
6988
6989/** Raises a FPU stack overflow exception as part of a push attempt. Sets
6990 * FPUIP, FPUCS and FOP. */
6991#define IEM_MC_FPU_STACK_PUSH_OVERFLOW() \
6992 iemFpuStackPushOverflow(pIemCpu)
6993/** Raises a FPU stack overflow exception as part of a push attempt. Sets
6994 * FPUIP, FPUCS, FOP, FPUDP and FPUDS. */
6995#define IEM_MC_FPU_STACK_PUSH_OVERFLOW_MEM_OP(a_iEffSeg, a_GCPtrEff) \
6996 iemFpuStackPushOverflowWithMemOp(pIemCpu, a_iEffSeg, a_GCPtrEff)
6997/** Indicates that we (might) have modified the FPU state. */
6998#define IEM_MC_USED_FPU() \
6999 CPUMSetChangedFlags(IEMCPU_TO_VMCPU(pIemCpu), CPUM_CHANGED_FPU_REM)
7000
7001/** @note Not for IOPL or IF testing. */
7002#define IEM_MC_IF_EFL_BIT_SET(a_fBit) if (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) {
7003/** @note Not for IOPL or IF testing. */
7004#define IEM_MC_IF_EFL_BIT_NOT_SET(a_fBit) if (!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit))) {
7005/** @note Not for IOPL or IF testing. */
7006#define IEM_MC_IF_EFL_ANY_BITS_SET(a_fBits) if (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBits)) {
7007/** @note Not for IOPL or IF testing. */
7008#define IEM_MC_IF_EFL_NO_BITS_SET(a_fBits) if (!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBits))) {
7009/** @note Not for IOPL or IF testing. */
7010#define IEM_MC_IF_EFL_BITS_NE(a_fBit1, a_fBit2) \
7011 if ( !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
7012 != !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
7013/** @note Not for IOPL or IF testing. */
7014#define IEM_MC_IF_EFL_BITS_EQ(a_fBit1, a_fBit2) \
7015 if ( !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
7016 == !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
7017/** @note Not for IOPL or IF testing. */
7018#define IEM_MC_IF_EFL_BIT_SET_OR_BITS_NE(a_fBit, a_fBit1, a_fBit2) \
7019 if ( (pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) \
7020 || !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
7021 != !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
7022/** @note Not for IOPL or IF testing. */
7023#define IEM_MC_IF_EFL_BIT_NOT_SET_AND_BITS_EQ(a_fBit, a_fBit1, a_fBit2) \
7024 if ( !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit)) \
7025 && !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit1)) \
7026 == !!(pIemCpu->CTX_SUFF(pCtx)->eflags.u & (a_fBit2)) ) {
7027#define IEM_MC_IF_CX_IS_NZ() if (pIemCpu->CTX_SUFF(pCtx)->cx != 0) {
7028#define IEM_MC_IF_ECX_IS_NZ() if (pIemCpu->CTX_SUFF(pCtx)->ecx != 0) {
7029#define IEM_MC_IF_RCX_IS_NZ() if (pIemCpu->CTX_SUFF(pCtx)->rcx != 0) {
7030/** @note Not for IOPL or IF testing. */
7031#define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
7032 if ( pIemCpu->CTX_SUFF(pCtx)->cx != 0 \
7033 && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
7034/** @note Not for IOPL or IF testing. */
7035#define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
7036 if ( pIemCpu->CTX_SUFF(pCtx)->ecx != 0 \
7037 && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
7038/** @note Not for IOPL or IF testing. */
7039#define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_SET(a_fBit) \
7040 if ( pIemCpu->CTX_SUFF(pCtx)->rcx != 0 \
7041 && (pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
7042/** @note Not for IOPL or IF testing. */
7043#define IEM_MC_IF_CX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
7044 if ( pIemCpu->CTX_SUFF(pCtx)->cx != 0 \
7045 && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
7046/** @note Not for IOPL or IF testing. */
7047#define IEM_MC_IF_ECX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
7048 if ( pIemCpu->CTX_SUFF(pCtx)->ecx != 0 \
7049 && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
7050/** @note Not for IOPL or IF testing. */
7051#define IEM_MC_IF_RCX_IS_NZ_AND_EFL_BIT_NOT_SET(a_fBit) \
7052 if ( pIemCpu->CTX_SUFF(pCtx)->rcx != 0 \
7053 && !(pIemCpu->CTX_SUFF(pCtx)->eflags.u & a_fBit)) {
7054#define IEM_MC_IF_LOCAL_IS_Z(a_Local) if ((a_Local) == 0) {
7055#define IEM_MC_IF_GREG_BIT_SET(a_iGReg, a_iBitNo) if (*(uint64_t *)iemGRegRef(pIemCpu, (a_iGReg)) & RT_BIT_64(a_iBitNo)) {
7056#define IEM_MC_IF_FPUREG_NOT_EMPTY(a_iSt) \
7057 if (iemFpuStRegNotEmpty(pIemCpu, (a_iSt)) == VINF_SUCCESS) {
7058#define IEM_MC_IF_FPUREG_IS_EMPTY(a_iSt) \
7059 if (iemFpuStRegNotEmpty(pIemCpu, (a_iSt)) != VINF_SUCCESS) {
7060#define IEM_MC_IF_FPUREG_NOT_EMPTY_REF_R80(a_pr80Dst, a_iSt) \
7061 if (iemFpuStRegNotEmptyRef(pIemCpu, (a_iSt), &(a_pr80Dst)) == VINF_SUCCESS) {
7062#define IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80(a_pr80Dst0, a_iSt0, a_pr80Dst1, a_iSt1) \
7063 if (iemFpu2StRegsNotEmptyRef(pIemCpu, (a_iSt0), &(a_pr80Dst0), (a_iSt1), &(a_pr80Dst1)) == VINF_SUCCESS) {
7064#define IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80_FIRST(a_pr80Dst0, a_iSt0, a_iSt1) \
7065 if (iemFpu2StRegsNotEmptyRefFirst(pIemCpu, (a_iSt0), &(a_pr80Dst0), (a_iSt1)) == VINF_SUCCESS) {
7066#define IEM_MC_IF_FCW_IM() \
7067 if (pIemCpu->CTX_SUFF(pCtx)->fpu.FCW & X86_FCW_IM) {
7068
7069#define IEM_MC_ELSE() } else {
7070#define IEM_MC_ENDIF() } do {} while (0)
7071
7072/** @} */
7073
7074
7075/** @name Opcode Debug Helpers.
7076 * @{
7077 */
7078#ifdef DEBUG
7079# define IEMOP_MNEMONIC(a_szMnemonic) \
7080 Log4(("decode - %04x:%RGv %s%s [#%u]\n", pIemCpu->CTX_SUFF(pCtx)->cs.Sel, pIemCpu->CTX_SUFF(pCtx)->rip, \
7081 pIemCpu->fPrefixes & IEM_OP_PRF_LOCK ? "lock " : "", a_szMnemonic, pIemCpu->cInstructions))
7082# define IEMOP_MNEMONIC2(a_szMnemonic, a_szOps) \
7083 Log4(("decode - %04x:%RGv %s%s %s [#%u]\n", pIemCpu->CTX_SUFF(pCtx)->cs.Sel, pIemCpu->CTX_SUFF(pCtx)->rip, \
7084 pIemCpu->fPrefixes & IEM_OP_PRF_LOCK ? "lock " : "", a_szMnemonic, a_szOps, pIemCpu->cInstructions))
7085#else
7086# define IEMOP_MNEMONIC(a_szMnemonic) do { } while (0)
7087# define IEMOP_MNEMONIC2(a_szMnemonic, a_szOps) do { } while (0)
7088#endif
7089
7090/** @} */
7091
7092
7093/** @name Opcode Helpers.
7094 * @{
7095 */
7096
7097/** The instruction raises an \#UD in real and V8086 mode. */
7098#define IEMOP_HLP_NO_REAL_OR_V86_MODE() \
7099 do \
7100 { \
7101 if (IEM_IS_REAL_OR_V86_MODE(pIemCpu)) \
7102 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
7103 } while (0)
7104
7105/** The instruction allows no lock prefixing (in this encoding), throw #UD if
7106 * lock prefixed.
7107 * @deprecated IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX */
7108#define IEMOP_HLP_NO_LOCK_PREFIX() \
7109 do \
7110 { \
7111 if (pIemCpu->fPrefixes & IEM_OP_PRF_LOCK) \
7112 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
7113 } while (0)
7114
7115/** The instruction is not available in 64-bit mode, throw #UD if we're in
7116 * 64-bit mode. */
7117#define IEMOP_HLP_NO_64BIT() \
7118 do \
7119 { \
7120 if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
7121 return IEMOP_RAISE_INVALID_OPCODE(); \
7122 } while (0)
7123
7124/** The instruction defaults to 64-bit operand size if 64-bit mode. */
7125#define IEMOP_HLP_DEFAULT_64BIT_OP_SIZE() \
7126 do \
7127 { \
7128 if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
7129 iemRecalEffOpSize64Default(pIemCpu); \
7130 } while (0)
7131
7132/** The instruction has 64-bit operand size if 64-bit mode. */
7133#define IEMOP_HLP_64BIT_OP_SIZE() \
7134 do \
7135 { \
7136 if (pIemCpu->enmCpuMode == IEMMODE_64BIT) \
7137 pIemCpu->enmEffOpSize = pIemCpu->enmDefOpSize = IEMMODE_64BIT; \
7138 } while (0)
7139
7140/**
7141 * Done decoding.
7142 */
7143#define IEMOP_HLP_DONE_DECODING() \
7144 do \
7145 { \
7146 /*nothing for now, maybe later... */ \
7147 } while (0)
7148
7149/**
7150 * Done decoding, raise \#UD exception if lock prefix present.
7151 */
7152#define IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX() \
7153 do \
7154 { \
7155 if (pIemCpu->fPrefixes & IEM_OP_PRF_LOCK) \
7156 return IEMOP_RAISE_INVALID_LOCK_PREFIX(); \
7157 } while (0)
7158
7159
7160/**
7161 * Calculates the effective address of a ModR/M memory operand.
7162 *
7163 * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR.
7164 *
7165 * @return Strict VBox status code.
7166 * @param pIemCpu The IEM per CPU data.
7167 * @param bRm The ModRM byte.
7168 * @param pGCPtrEff Where to return the effective address.
7169 */
7170static VBOXSTRICTRC iemOpHlpCalcRmEffAddr(PIEMCPU pIemCpu, uint8_t bRm, PRTGCPTR pGCPtrEff)
7171{
7172 Log5(("iemOpHlpCalcRmEffAddr: bRm=%#x\n", bRm));
7173 PCCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7174#define SET_SS_DEF() \
7175 do \
7176 { \
7177 if (!(pIemCpu->fPrefixes & IEM_OP_PRF_SEG_MASK)) \
7178 pIemCpu->iEffSeg = X86_SREG_SS; \
7179 } while (0)
7180
7181/** @todo Check the effective address size crap! */
7182 switch (pIemCpu->enmEffAddrMode)
7183 {
7184 case IEMMODE_16BIT:
7185 {
7186 uint16_t u16EffAddr;
7187
7188 /* Handle the disp16 form with no registers first. */
7189 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 6)
7190 IEM_OPCODE_GET_NEXT_U16(&u16EffAddr);
7191 else
7192 {
7193 /* Get the displacment. */
7194 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
7195 {
7196 case 0: u16EffAddr = 0; break;
7197 case 1: IEM_OPCODE_GET_NEXT_S8_SX_U16(&u16EffAddr); break;
7198 case 2: IEM_OPCODE_GET_NEXT_U16(&u16EffAddr); break;
7199 default: AssertFailedReturn(VERR_INTERNAL_ERROR_2); /* (caller checked for these) */
7200 }
7201
7202 /* Add the base and index registers to the disp. */
7203 switch (bRm & X86_MODRM_RM_MASK)
7204 {
7205 case 0: u16EffAddr += pCtx->bx + pCtx->si; break;
7206 case 1: u16EffAddr += pCtx->bx + pCtx->di; break;
7207 case 2: u16EffAddr += pCtx->bp + pCtx->si; SET_SS_DEF(); break;
7208 case 3: u16EffAddr += pCtx->bp + pCtx->di; SET_SS_DEF(); break;
7209 case 4: u16EffAddr += pCtx->si; break;
7210 case 5: u16EffAddr += pCtx->di; break;
7211 case 6: u16EffAddr += pCtx->bp; SET_SS_DEF(); break;
7212 case 7: u16EffAddr += pCtx->bx; break;
7213 }
7214 }
7215
7216 *pGCPtrEff = u16EffAddr;
7217 Log5(("iemOpHlpCalcRmEffAddr: EffAddr=%#06RGv\n", *pGCPtrEff));
7218 return VINF_SUCCESS;
7219 }
7220
7221 case IEMMODE_32BIT:
7222 {
7223 uint32_t u32EffAddr;
7224
7225 /* Handle the disp32 form with no registers first. */
7226 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
7227 IEM_OPCODE_GET_NEXT_U32(&u32EffAddr);
7228 else
7229 {
7230 /* Get the register (or SIB) value. */
7231 switch ((bRm & X86_MODRM_RM_MASK))
7232 {
7233 case 0: u32EffAddr = pCtx->eax; break;
7234 case 1: u32EffAddr = pCtx->ecx; break;
7235 case 2: u32EffAddr = pCtx->edx; break;
7236 case 3: u32EffAddr = pCtx->ebx; break;
7237 case 4: /* SIB */
7238 {
7239 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
7240
7241 /* Get the index and scale it. */
7242 switch ((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
7243 {
7244 case 0: u32EffAddr = pCtx->eax; break;
7245 case 1: u32EffAddr = pCtx->ecx; break;
7246 case 2: u32EffAddr = pCtx->edx; break;
7247 case 3: u32EffAddr = pCtx->ebx; break;
7248 case 4: u32EffAddr = 0; /*none */ break;
7249 case 5: u32EffAddr = pCtx->ebp; break;
7250 case 6: u32EffAddr = pCtx->esi; break;
7251 case 7: u32EffAddr = pCtx->edi; break;
7252 IEM_NOT_REACHED_DEFAULT_CASE_RET();
7253 }
7254 u32EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
7255
7256 /* add base */
7257 switch (bSib & X86_SIB_BASE_MASK)
7258 {
7259 case 0: u32EffAddr += pCtx->eax; break;
7260 case 1: u32EffAddr += pCtx->ecx; break;
7261 case 2: u32EffAddr += pCtx->edx; break;
7262 case 3: u32EffAddr += pCtx->ebx; break;
7263 case 4: u32EffAddr += pCtx->esp; SET_SS_DEF(); break;
7264 case 5:
7265 if ((bRm & X86_MODRM_MOD_MASK) != 0)
7266 {
7267 u32EffAddr += pCtx->ebp;
7268 SET_SS_DEF();
7269 }
7270 else
7271 {
7272 uint32_t u32Disp;
7273 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
7274 u32EffAddr += u32Disp;
7275 }
7276 break;
7277 case 6: u32EffAddr += pCtx->esi; break;
7278 case 7: u32EffAddr += pCtx->edi; break;
7279 IEM_NOT_REACHED_DEFAULT_CASE_RET();
7280 }
7281 break;
7282 }
7283 case 5: u32EffAddr = pCtx->ebp; SET_SS_DEF(); break;
7284 case 6: u32EffAddr = pCtx->esi; break;
7285 case 7: u32EffAddr = pCtx->edi; break;
7286 IEM_NOT_REACHED_DEFAULT_CASE_RET();
7287 }
7288
7289 /* Get and add the displacement. */
7290 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
7291 {
7292 case 0:
7293 break;
7294 case 1:
7295 {
7296 int8_t i8Disp; IEM_OPCODE_GET_NEXT_S8(&i8Disp);
7297 u32EffAddr += i8Disp;
7298 break;
7299 }
7300 case 2:
7301 {
7302 uint32_t u32Disp; IEM_OPCODE_GET_NEXT_U32(&u32Disp);
7303 u32EffAddr += u32Disp;
7304 break;
7305 }
7306 default:
7307 AssertFailedReturn(VERR_INTERNAL_ERROR_2); /* (caller checked for these) */
7308 }
7309
7310 }
7311 if (pIemCpu->enmEffAddrMode == IEMMODE_32BIT)
7312 *pGCPtrEff = u32EffAddr;
7313 else
7314 {
7315 Assert(pIemCpu->enmEffAddrMode == IEMMODE_16BIT);
7316 *pGCPtrEff = u32EffAddr & UINT16_MAX;
7317 }
7318 Log5(("iemOpHlpCalcRmEffAddr: EffAddr=%#010RGv\n", *pGCPtrEff));
7319 return VINF_SUCCESS;
7320 }
7321
7322 case IEMMODE_64BIT:
7323 {
7324 uint64_t u64EffAddr;
7325
7326 /* Handle the rip+disp32 form with no registers first. */
7327 if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
7328 {
7329 IEM_OPCODE_GET_NEXT_S32_SX_U64(&u64EffAddr);
7330 u64EffAddr += pCtx->rip + pIemCpu->offOpcode;
7331 }
7332 else
7333 {
7334 /* Get the register (or SIB) value. */
7335 switch ((bRm & X86_MODRM_RM_MASK) | pIemCpu->uRexB)
7336 {
7337 case 0: u64EffAddr = pCtx->rax; break;
7338 case 1: u64EffAddr = pCtx->rcx; break;
7339 case 2: u64EffAddr = pCtx->rdx; break;
7340 case 3: u64EffAddr = pCtx->rbx; break;
7341 case 5: u64EffAddr = pCtx->rbp; SET_SS_DEF(); break;
7342 case 6: u64EffAddr = pCtx->rsi; break;
7343 case 7: u64EffAddr = pCtx->rdi; break;
7344 case 8: u64EffAddr = pCtx->r8; break;
7345 case 9: u64EffAddr = pCtx->r9; break;
7346 case 10: u64EffAddr = pCtx->r10; break;
7347 case 11: u64EffAddr = pCtx->r11; break;
7348 case 13: u64EffAddr = pCtx->r13; break;
7349 case 14: u64EffAddr = pCtx->r14; break;
7350 case 15: u64EffAddr = pCtx->r15; break;
7351 /* SIB */
7352 case 4:
7353 case 12:
7354 {
7355 uint8_t bSib; IEM_OPCODE_GET_NEXT_U8(&bSib);
7356
7357 /* Get the index and scale it. */
7358 switch (((bSib >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK) | pIemCpu->uRexIndex)
7359 {
7360 case 0: u64EffAddr = pCtx->rax; break;
7361 case 1: u64EffAddr = pCtx->rcx; break;
7362 case 2: u64EffAddr = pCtx->rdx; break;
7363 case 3: u64EffAddr = pCtx->rbx; break;
7364 case 4: u64EffAddr = 0; /*none */ break;
7365 case 5: u64EffAddr = pCtx->rbp; break;
7366 case 6: u64EffAddr = pCtx->rsi; break;
7367 case 7: u64EffAddr = pCtx->rdi; break;
7368 case 8: u64EffAddr = pCtx->r8; break;
7369 case 9: u64EffAddr = pCtx->r9; break;
7370 case 10: u64EffAddr = pCtx->r10; break;
7371 case 11: u64EffAddr = pCtx->r11; break;
7372 case 12: u64EffAddr = pCtx->r12; break;
7373 case 13: u64EffAddr = pCtx->r13; break;
7374 case 14: u64EffAddr = pCtx->r14; break;
7375 case 15: u64EffAddr = pCtx->r15; break;
7376 IEM_NOT_REACHED_DEFAULT_CASE_RET();
7377 }
7378 u64EffAddr <<= (bSib >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
7379
7380 /* add base */
7381 switch ((bSib & X86_SIB_BASE_MASK) | pIemCpu->uRexB)
7382 {
7383 case 0: u64EffAddr += pCtx->rax; break;
7384 case 1: u64EffAddr += pCtx->rcx; break;
7385 case 2: u64EffAddr += pCtx->rdx; break;
7386 case 3: u64EffAddr += pCtx->rbx; break;
7387 case 4: u64EffAddr += pCtx->rsp; SET_SS_DEF(); break;
7388 case 6: u64EffAddr += pCtx->rsi; break;
7389 case 7: u64EffAddr += pCtx->rdi; break;
7390 case 8: u64EffAddr += pCtx->r8; break;
7391 case 9: u64EffAddr += pCtx->r9; break;
7392 case 10: u64EffAddr += pCtx->r10; break;
7393 case 11: u64EffAddr += pCtx->r11; break;
7394 case 12: u64EffAddr += pCtx->r12; break;
7395 case 14: u64EffAddr += pCtx->r14; break;
7396 case 15: u64EffAddr += pCtx->r15; break;
7397 /* complicated encodings */
7398 case 5:
7399 case 13:
7400 if ((bRm & X86_MODRM_MOD_MASK) != 0)
7401 {
7402 if (!pIemCpu->uRexB)
7403 {
7404 u64EffAddr += pCtx->rbp;
7405 SET_SS_DEF();
7406 }
7407 else
7408 u64EffAddr += pCtx->r13;
7409 }
7410 else
7411 {
7412 uint32_t u32Disp;
7413 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
7414 u64EffAddr += (int32_t)u32Disp;
7415 }
7416 break;
7417 IEM_NOT_REACHED_DEFAULT_CASE_RET();
7418 }
7419 break;
7420 }
7421 IEM_NOT_REACHED_DEFAULT_CASE_RET();
7422 }
7423
7424 /* Get and add the displacement. */
7425 switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
7426 {
7427 case 0:
7428 break;
7429 case 1:
7430 {
7431 int8_t i8Disp;
7432 IEM_OPCODE_GET_NEXT_S8(&i8Disp);
7433 u64EffAddr += i8Disp;
7434 break;
7435 }
7436 case 2:
7437 {
7438 uint32_t u32Disp;
7439 IEM_OPCODE_GET_NEXT_U32(&u32Disp);
7440 u64EffAddr += (int32_t)u32Disp;
7441 break;
7442 }
7443 IEM_NOT_REACHED_DEFAULT_CASE_RET(); /* (caller checked for these) */
7444 }
7445
7446 }
7447 if (pIemCpu->enmEffAddrMode == IEMMODE_64BIT)
7448 *pGCPtrEff = u64EffAddr;
7449 else
7450 *pGCPtrEff = u64EffAddr & UINT16_MAX;
7451 Log5(("iemOpHlpCalcRmEffAddr: EffAddr=%#010RGv\n", *pGCPtrEff));
7452 return VINF_SUCCESS;
7453 }
7454 }
7455
7456 AssertFailedReturn(VERR_INTERNAL_ERROR_3);
7457}
7458
7459/** @} */
7460
7461
7462
7463/*
7464 * Include the instructions
7465 */
7466#include "IEMAllInstructions.cpp.h"
7467
7468
7469
7470
7471#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
7472
7473/**
7474 * Sets up execution verification mode.
7475 */
7476static void iemExecVerificationModeSetup(PIEMCPU pIemCpu)
7477{
7478 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
7479 PCPUMCTX pOrgCtx = pIemCpu->CTX_SUFF(pCtx);
7480
7481 /*
7482 * Always note down the address of the current instruction.
7483 */
7484 pIemCpu->uOldCs = pOrgCtx->cs.Sel;
7485 pIemCpu->uOldRip = pOrgCtx->rip;
7486
7487 /*
7488 * Enable verification and/or logging.
7489 */
7490 pIemCpu->fNoRem = !LogIs6Enabled(); /* logging triggers the no-rem/rem verification stuff */
7491 if ( pIemCpu->fNoRem
7492 && ( 0
7493#if 0 /* auto enable on first paged protected mode interrupt */
7494 || ( pOrgCtx->eflags.Bits.u1IF
7495 && (pOrgCtx->cr0 & (X86_CR0_PE | X86_CR0_PG)) == (X86_CR0_PE | X86_CR0_PG)
7496 && TRPMHasTrap(pVCpu)
7497 && EMGetInhibitInterruptsPC(pVCpu) != pOrgCtx->rip) )
7498#endif
7499#if 0
7500 || ( pOrgCtx->cs == 0x10
7501 && ( pOrgCtx->rip == 0x90119e3e
7502 || pOrgCtx->rip == 0x901d9810)
7503#endif
7504#if 0 /* Auto enable DSL - FPU stuff. */
7505 || ( pOrgCtx->cs == 0x10
7506 && (// pOrgCtx->rip == 0xc02ec07f
7507 //|| pOrgCtx->rip == 0xc02ec082
7508 //|| pOrgCtx->rip == 0xc02ec0c9
7509 0
7510 || pOrgCtx->rip == 0x0c010e7c4 /* fxsave */ ) )
7511#endif
7512#if 0 /* Auto enable DSL - fstp st0 stuff. */
7513 || (pOrgCtx->cs.Sel == 0x23 pOrgCtx->rip == 0x804aff7)
7514#endif
7515#if 0
7516 || pOrgCtx->rip == 0x9022bb3a
7517#endif
7518#if 0
7519 || (pOrgCtx->cs.Sel == 0x58 && pOrgCtx->rip == 0x3be) /* NT4SP1 sidt/sgdt in early loader code */
7520#endif
7521#if 0
7522 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013ec28) /* NT4SP1 first str (early boot) */
7523 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x80119e3f) /* NT4SP1 second str (early boot) */
7524#endif
7525#if 0 /* NT4SP1 - later on the blue screen, things goes wrong... */
7526 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8010a5df)
7527 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013a7c4)
7528 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013a7d2)
7529#endif
7530#if 0 /* NT4SP1 - xadd early boot. */
7531 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8019cf0f)
7532#endif
7533#if 0 /* NT4SP1 - wrmsr (intel MSR). */
7534 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8011a6d4)
7535#endif
7536#if 0 /* NT4SP1 - cmpxchg (AMD). */
7537 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x801684c1)
7538#endif
7539#if 0 /* NT4SP1 - fnstsw + 2 (AMD). */
7540 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x801c6b88+2)
7541#endif
7542#if 0 /* NT4SP1 - iret to v8086 -- too generic a place? (N/A with GAs installed) */
7543 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013bd5d)
7544
7545#endif
7546#if 0 /* NT4SP1 - iret to v8086 (executing edlin) */
7547 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013b609)
7548
7549#endif
7550#if 0 /* NT4SP1 - frstor [ecx] */
7551 || (pOrgCtx->cs.Sel == 8 && pOrgCtx->rip == 0x8013d11f)
7552#endif
7553#if 0 /* xxxxxx - All long mode code. */
7554 || (pOrgCtx->msrEFER & MSR_K6_EFER_LMA)
7555#endif
7556#if 0 /* rep movsq linux 3.7 64-bit boot. */
7557 || (pOrgCtx->rip == 0x0000000000100241)
7558#endif
7559#if 0 /* linux 3.7 64-bit boot - '000000000215e240'. */
7560 || (pOrgCtx->rip == 0x000000000215e240)
7561#endif
7562 )
7563 )
7564 {
7565 RTLogGroupSettings(NULL, "iem.eo.l6.l2");
7566 RTLogFlags(NULL, "enabled");
7567 pIemCpu->fNoRem = false;
7568 }
7569
7570 /*
7571 * Switch state.
7572 */
7573 if (IEM_VERIFICATION_ENABLED(pIemCpu))
7574 {
7575 static CPUMCTX s_DebugCtx; /* Ugly! */
7576
7577 s_DebugCtx = *pOrgCtx;
7578 pIemCpu->CTX_SUFF(pCtx) = &s_DebugCtx;
7579 }
7580
7581 /*
7582 * See if there is an interrupt pending in TRPM and inject it if we can.
7583 */
7584 pIemCpu->uInjectCpl = UINT8_MAX;
7585 if ( pOrgCtx->eflags.Bits.u1IF
7586 && TRPMHasTrap(pVCpu)
7587 && EMGetInhibitInterruptsPC(pVCpu) != pOrgCtx->rip)
7588 {
7589 uint8_t u8TrapNo;
7590 TRPMEVENT enmType;
7591 RTGCUINT uErrCode;
7592 RTGCPTR uCr2;
7593 int rc2 = TRPMQueryTrapAll(pVCpu, &u8TrapNo, &enmType, &uErrCode, &uCr2, NULL /* pu8InstLen */); AssertRC(rc2);
7594 IEMInjectTrap(pVCpu, u8TrapNo, enmType, (uint16_t)uErrCode, uCr2);
7595 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
7596 TRPMResetTrap(pVCpu);
7597 pIemCpu->uInjectCpl = pIemCpu->uCpl;
7598 }
7599
7600 /*
7601 * Reset the counters.
7602 */
7603 pIemCpu->cIOReads = 0;
7604 pIemCpu->cIOWrites = 0;
7605 pIemCpu->fIgnoreRaxRdx = false;
7606 pIemCpu->fOverlappingMovs = false;
7607 pIemCpu->fUndefinedEFlags = 0;
7608
7609 if (IEM_VERIFICATION_ENABLED(pIemCpu))
7610 {
7611 /*
7612 * Free all verification records.
7613 */
7614 PIEMVERIFYEVTREC pEvtRec = pIemCpu->pIemEvtRecHead;
7615 pIemCpu->pIemEvtRecHead = NULL;
7616 pIemCpu->ppIemEvtRecNext = &pIemCpu->pIemEvtRecHead;
7617 do
7618 {
7619 while (pEvtRec)
7620 {
7621 PIEMVERIFYEVTREC pNext = pEvtRec->pNext;
7622 pEvtRec->pNext = pIemCpu->pFreeEvtRec;
7623 pIemCpu->pFreeEvtRec = pEvtRec;
7624 pEvtRec = pNext;
7625 }
7626 pEvtRec = pIemCpu->pOtherEvtRecHead;
7627 pIemCpu->pOtherEvtRecHead = NULL;
7628 pIemCpu->ppOtherEvtRecNext = &pIemCpu->pOtherEvtRecHead;
7629 } while (pEvtRec);
7630 }
7631}
7632
7633
7634/**
7635 * Allocate an event record.
7636 * @returns Pointer to a record.
7637 */
7638static PIEMVERIFYEVTREC iemVerifyAllocRecord(PIEMCPU pIemCpu)
7639{
7640 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
7641 return NULL;
7642
7643 PIEMVERIFYEVTREC pEvtRec = pIemCpu->pFreeEvtRec;
7644 if (pEvtRec)
7645 pIemCpu->pFreeEvtRec = pEvtRec->pNext;
7646 else
7647 {
7648 if (!pIemCpu->ppIemEvtRecNext)
7649 return NULL; /* Too early (fake PCIBIOS), ignore notification. */
7650
7651 pEvtRec = (PIEMVERIFYEVTREC)MMR3HeapAlloc(IEMCPU_TO_VM(pIemCpu), MM_TAG_EM /* lazy bird*/, sizeof(*pEvtRec));
7652 if (!pEvtRec)
7653 return NULL;
7654 }
7655 pEvtRec->enmEvent = IEMVERIFYEVENT_INVALID;
7656 pEvtRec->pNext = NULL;
7657 return pEvtRec;
7658}
7659
7660
7661/**
7662 * IOMMMIORead notification.
7663 */
7664VMM_INT_DECL(void) IEMNotifyMMIORead(PVM pVM, RTGCPHYS GCPhys, size_t cbValue)
7665{
7666 PVMCPU pVCpu = VMMGetCpu(pVM);
7667 if (!pVCpu)
7668 return;
7669 PIEMCPU pIemCpu = &pVCpu->iem.s;
7670 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7671 if (!pEvtRec)
7672 return;
7673 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_READ;
7674 pEvtRec->u.RamRead.GCPhys = GCPhys;
7675 pEvtRec->u.RamRead.cb = (uint32_t)cbValue;
7676 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
7677 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
7678}
7679
7680
7681/**
7682 * IOMMMIOWrite notification.
7683 */
7684VMM_INT_DECL(void) IEMNotifyMMIOWrite(PVM pVM, RTGCPHYS GCPhys, uint32_t u32Value, size_t cbValue)
7685{
7686 PVMCPU pVCpu = VMMGetCpu(pVM);
7687 if (!pVCpu)
7688 return;
7689 PIEMCPU pIemCpu = &pVCpu->iem.s;
7690 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7691 if (!pEvtRec)
7692 return;
7693 pEvtRec->enmEvent = IEMVERIFYEVENT_RAM_WRITE;
7694 pEvtRec->u.RamWrite.GCPhys = GCPhys;
7695 pEvtRec->u.RamWrite.cb = (uint32_t)cbValue;
7696 pEvtRec->u.RamWrite.ab[0] = RT_BYTE1(u32Value);
7697 pEvtRec->u.RamWrite.ab[1] = RT_BYTE2(u32Value);
7698 pEvtRec->u.RamWrite.ab[2] = RT_BYTE3(u32Value);
7699 pEvtRec->u.RamWrite.ab[3] = RT_BYTE4(u32Value);
7700 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
7701 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
7702}
7703
7704
7705/**
7706 * IOMIOPortRead notification.
7707 */
7708VMM_INT_DECL(void) IEMNotifyIOPortRead(PVM pVM, RTIOPORT Port, size_t cbValue)
7709{
7710 PVMCPU pVCpu = VMMGetCpu(pVM);
7711 if (!pVCpu)
7712 return;
7713 PIEMCPU pIemCpu = &pVCpu->iem.s;
7714 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7715 if (!pEvtRec)
7716 return;
7717 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_READ;
7718 pEvtRec->u.IOPortRead.Port = Port;
7719 pEvtRec->u.IOPortRead.cbValue = (uint32_t)cbValue;
7720 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
7721 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
7722}
7723
7724/**
7725 * IOMIOPortWrite notification.
7726 */
7727VMM_INT_DECL(void) IEMNotifyIOPortWrite(PVM pVM, RTIOPORT Port, uint32_t u32Value, size_t cbValue)
7728{
7729 PVMCPU pVCpu = VMMGetCpu(pVM);
7730 if (!pVCpu)
7731 return;
7732 PIEMCPU pIemCpu = &pVCpu->iem.s;
7733 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7734 if (!pEvtRec)
7735 return;
7736 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_WRITE;
7737 pEvtRec->u.IOPortWrite.Port = Port;
7738 pEvtRec->u.IOPortWrite.cbValue = (uint32_t)cbValue;
7739 pEvtRec->u.IOPortWrite.u32Value = u32Value;
7740 pEvtRec->pNext = *pIemCpu->ppOtherEvtRecNext;
7741 *pIemCpu->ppOtherEvtRecNext = pEvtRec;
7742}
7743
7744
7745VMM_INT_DECL(void) IEMNotifyIOPortReadString(PVM pVM, RTIOPORT Port, RTGCPTR GCPtrDst, RTGCUINTREG cTransfers, size_t cbValue)
7746{
7747 AssertFailed();
7748}
7749
7750
7751VMM_INT_DECL(void) IEMNotifyIOPortWriteString(PVM pVM, RTIOPORT Port, RTGCPTR GCPtrSrc, RTGCUINTREG cTransfers, size_t cbValue)
7752{
7753 AssertFailed();
7754}
7755
7756
7757/**
7758 * Fakes and records an I/O port read.
7759 *
7760 * @returns VINF_SUCCESS.
7761 * @param pIemCpu The IEM per CPU data.
7762 * @param Port The I/O port.
7763 * @param pu32Value Where to store the fake value.
7764 * @param cbValue The size of the access.
7765 */
7766static VBOXSTRICTRC iemVerifyFakeIOPortRead(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t *pu32Value, size_t cbValue)
7767{
7768 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7769 if (pEvtRec)
7770 {
7771 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_READ;
7772 pEvtRec->u.IOPortRead.Port = Port;
7773 pEvtRec->u.IOPortRead.cbValue = (uint32_t)cbValue;
7774 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
7775 *pIemCpu->ppIemEvtRecNext = pEvtRec;
7776 }
7777 pIemCpu->cIOReads++;
7778 *pu32Value = 0xcccccccc;
7779 return VINF_SUCCESS;
7780}
7781
7782
7783/**
7784 * Fakes and records an I/O port write.
7785 *
7786 * @returns VINF_SUCCESS.
7787 * @param pIemCpu The IEM per CPU data.
7788 * @param Port The I/O port.
7789 * @param u32Value The value being written.
7790 * @param cbValue The size of the access.
7791 */
7792static VBOXSTRICTRC iemVerifyFakeIOPortWrite(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t u32Value, size_t cbValue)
7793{
7794 PIEMVERIFYEVTREC pEvtRec = iemVerifyAllocRecord(pIemCpu);
7795 if (pEvtRec)
7796 {
7797 pEvtRec->enmEvent = IEMVERIFYEVENT_IOPORT_WRITE;
7798 pEvtRec->u.IOPortWrite.Port = Port;
7799 pEvtRec->u.IOPortWrite.cbValue = (uint32_t)cbValue;
7800 pEvtRec->u.IOPortWrite.u32Value = u32Value;
7801 pEvtRec->pNext = *pIemCpu->ppIemEvtRecNext;
7802 *pIemCpu->ppIemEvtRecNext = pEvtRec;
7803 }
7804 pIemCpu->cIOWrites++;
7805 return VINF_SUCCESS;
7806}
7807
7808
7809/**
7810 * Used to add extra details about a stub case.
7811 * @param pIemCpu The IEM per CPU state.
7812 */
7813static void iemVerifyAssertMsg2(PIEMCPU pIemCpu)
7814{
7815 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
7816 PVM pVM = IEMCPU_TO_VM(pIemCpu);
7817 PVMCPU pVCpu = IEMCPU_TO_VMCPU(pIemCpu);
7818 char szRegs[4096];
7819 DBGFR3RegPrintf(pVM->pUVM, pVCpu->idCpu, &szRegs[0], sizeof(szRegs),
7820 "rax=%016VR{rax} rbx=%016VR{rbx} rcx=%016VR{rcx} rdx=%016VR{rdx}\n"
7821 "rsi=%016VR{rsi} rdi=%016VR{rdi} r8 =%016VR{r8} r9 =%016VR{r9}\n"
7822 "r10=%016VR{r10} r11=%016VR{r11} r12=%016VR{r12} r13=%016VR{r13}\n"
7823 "r14=%016VR{r14} r15=%016VR{r15} %VRF{rflags}\n"
7824 "rip=%016VR{rip} rsp=%016VR{rsp} rbp=%016VR{rbp}\n"
7825 "cs={%04VR{cs} base=%016VR{cs_base} limit=%08VR{cs_lim} flags=%04VR{cs_attr}} cr0=%016VR{cr0}\n"
7826 "ds={%04VR{ds} base=%016VR{ds_base} limit=%08VR{ds_lim} flags=%04VR{ds_attr}} cr2=%016VR{cr2}\n"
7827 "es={%04VR{es} base=%016VR{es_base} limit=%08VR{es_lim} flags=%04VR{es_attr}} cr3=%016VR{cr3}\n"
7828 "fs={%04VR{fs} base=%016VR{fs_base} limit=%08VR{fs_lim} flags=%04VR{fs_attr}} cr4=%016VR{cr4}\n"
7829 "gs={%04VR{gs} base=%016VR{gs_base} limit=%08VR{gs_lim} flags=%04VR{gs_attr}} cr8=%016VR{cr8}\n"
7830 "ss={%04VR{ss} base=%016VR{ss_base} limit=%08VR{ss_lim} flags=%04VR{ss_attr}}\n"
7831 "dr0=%016VR{dr0} dr1=%016VR{dr1} dr2=%016VR{dr2} dr3=%016VR{dr3}\n"
7832 "dr6=%016VR{dr6} dr7=%016VR{dr7}\n"
7833 "gdtr=%016VR{gdtr_base}:%04VR{gdtr_lim} idtr=%016VR{idtr_base}:%04VR{idtr_lim} rflags=%08VR{rflags}\n"
7834 "ldtr={%04VR{ldtr} base=%016VR{ldtr_base} limit=%08VR{ldtr_lim} flags=%08VR{ldtr_attr}}\n"
7835 "tr ={%04VR{tr} base=%016VR{tr_base} limit=%08VR{tr_lim} flags=%08VR{tr_attr}}\n"
7836 " sysenter={cs=%04VR{sysenter_cs} eip=%08VR{sysenter_eip} esp=%08VR{sysenter_esp}}\n"
7837 " efer=%016VR{efer}\n"
7838 " pat=%016VR{pat}\n"
7839 " sf_mask=%016VR{sf_mask}\n"
7840 "krnl_gs_base=%016VR{krnl_gs_base}\n"
7841 " lstar=%016VR{lstar}\n"
7842 " star=%016VR{star} cstar=%016VR{cstar}\n"
7843 "fcw=%04VR{fcw} fsw=%04VR{fsw} ftw=%04VR{ftw} mxcsr=%04VR{mxcsr} mxcsr_mask=%04VR{mxcsr_mask}\n"
7844 );
7845
7846 char szInstr1[256];
7847 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, pIemCpu->uOldCs, pIemCpu->uOldRip,
7848 DBGF_DISAS_FLAGS_DEFAULT_MODE,
7849 szInstr1, sizeof(szInstr1), NULL);
7850 char szInstr2[256];
7851 DBGFR3DisasInstrEx(pVM->pUVM, pVCpu->idCpu, 0, 0,
7852 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
7853 szInstr2, sizeof(szInstr2), NULL);
7854
7855 RTAssertMsg2Weak("%s%s\n%s\n", szRegs, szInstr1, szInstr2);
7856}
7857
7858
7859/**
7860 * Used by iemVerifyAssertRecord and iemVerifyAssertRecords to add a record
7861 * dump to the assertion info.
7862 *
7863 * @param pEvtRec The record to dump.
7864 */
7865static void iemVerifyAssertAddRecordDump(PIEMVERIFYEVTREC pEvtRec)
7866{
7867 switch (pEvtRec->enmEvent)
7868 {
7869 case IEMVERIFYEVENT_IOPORT_READ:
7870 RTAssertMsg2Add("I/O PORT READ from %#6x, %d bytes\n",
7871 pEvtRec->u.IOPortWrite.Port,
7872 pEvtRec->u.IOPortWrite.cbValue);
7873 break;
7874 case IEMVERIFYEVENT_IOPORT_WRITE:
7875 RTAssertMsg2Add("I/O PORT WRITE to %#6x, %d bytes, value %#x\n",
7876 pEvtRec->u.IOPortWrite.Port,
7877 pEvtRec->u.IOPortWrite.cbValue,
7878 pEvtRec->u.IOPortWrite.u32Value);
7879 break;
7880 case IEMVERIFYEVENT_RAM_READ:
7881 RTAssertMsg2Add("RAM READ at %RGp, %#4zx bytes\n",
7882 pEvtRec->u.RamRead.GCPhys,
7883 pEvtRec->u.RamRead.cb);
7884 break;
7885 case IEMVERIFYEVENT_RAM_WRITE:
7886 RTAssertMsg2Add("RAM WRITE at %RGp, %#4zx bytes: %.*Rhxs\n",
7887 pEvtRec->u.RamWrite.GCPhys,
7888 pEvtRec->u.RamWrite.cb,
7889 (int)pEvtRec->u.RamWrite.cb,
7890 pEvtRec->u.RamWrite.ab);
7891 break;
7892 default:
7893 AssertMsgFailed(("Invalid event type %d\n", pEvtRec->enmEvent));
7894 break;
7895 }
7896}
7897
7898
7899/**
7900 * Raises an assertion on the specified record, showing the given message with
7901 * a record dump attached.
7902 *
7903 * @param pIemCpu The IEM per CPU data.
7904 * @param pEvtRec1 The first record.
7905 * @param pEvtRec2 The second record.
7906 * @param pszMsg The message explaining why we're asserting.
7907 */
7908static void iemVerifyAssertRecords(PIEMCPU pIemCpu, PIEMVERIFYEVTREC pEvtRec1, PIEMVERIFYEVTREC pEvtRec2, const char *pszMsg)
7909{
7910 RTAssertMsg1(pszMsg, __LINE__, __FILE__, __PRETTY_FUNCTION__);
7911 iemVerifyAssertAddRecordDump(pEvtRec1);
7912 iemVerifyAssertAddRecordDump(pEvtRec2);
7913 iemVerifyAssertMsg2(pIemCpu);
7914 RTAssertPanic();
7915}
7916
7917
7918/**
7919 * Raises an assertion on the specified record, showing the given message with
7920 * a record dump attached.
7921 *
7922 * @param pIemCpu The IEM per CPU data.
7923 * @param pEvtRec1 The first record.
7924 * @param pszMsg The message explaining why we're asserting.
7925 */
7926static void iemVerifyAssertRecord(PIEMCPU pIemCpu, PIEMVERIFYEVTREC pEvtRec, const char *pszMsg)
7927{
7928 RTAssertMsg1(pszMsg, __LINE__, __FILE__, __PRETTY_FUNCTION__);
7929 iemVerifyAssertAddRecordDump(pEvtRec);
7930 iemVerifyAssertMsg2(pIemCpu);
7931 RTAssertPanic();
7932}
7933
7934
7935/**
7936 * Verifies a write record.
7937 *
7938 * @param pIemCpu The IEM per CPU data.
7939 * @param pEvtRec The write record.
7940 */
7941static void iemVerifyWriteRecord(PIEMCPU pIemCpu, PIEMVERIFYEVTREC pEvtRec)
7942{
7943 uint8_t abBuf[sizeof(pEvtRec->u.RamWrite.ab)]; RT_ZERO(abBuf);
7944 Assert(sizeof(abBuf) >= pEvtRec->u.RamWrite.cb);
7945 int rc = PGMPhysSimpleReadGCPhys(IEMCPU_TO_VM(pIemCpu), abBuf, pEvtRec->u.RamWrite.GCPhys, pEvtRec->u.RamWrite.cb);
7946 if ( RT_FAILURE(rc)
7947 || memcmp(abBuf, pEvtRec->u.RamWrite.ab, pEvtRec->u.RamWrite.cb) )
7948 {
7949 /* fend off ins */
7950 if ( !pIemCpu->cIOReads
7951 || pEvtRec->u.RamWrite.ab[0] != 0xcc
7952 || ( pEvtRec->u.RamWrite.cb != 1
7953 && pEvtRec->u.RamWrite.cb != 2
7954 && pEvtRec->u.RamWrite.cb != 4) )
7955 {
7956 /* fend off ROMs */
7957 if ( pEvtRec->u.RamWrite.GCPhys - UINT32_C(0x000c0000) > UINT32_C(0x8000)
7958 && pEvtRec->u.RamWrite.GCPhys - UINT32_C(0x000e0000) > UINT32_C(0x20000)
7959 && pEvtRec->u.RamWrite.GCPhys - UINT32_C(0xfffc0000) > UINT32_C(0x40000) )
7960 {
7961 /* fend off fxsave */
7962 if (pEvtRec->u.RamWrite.cb != 512)
7963 {
7964 RTAssertMsg1(NULL, __LINE__, __FILE__, __PRETTY_FUNCTION__);
7965 RTAssertMsg2Weak("Memory at %RGv differs\n", pEvtRec->u.RamWrite.GCPhys);
7966 RTAssertMsg2Add("REM: %.*Rhxs\n"
7967 "IEM: %.*Rhxs\n",
7968 pEvtRec->u.RamWrite.cb, abBuf,
7969 pEvtRec->u.RamWrite.cb, pEvtRec->u.RamWrite.ab);
7970 iemVerifyAssertAddRecordDump(pEvtRec);
7971 iemVerifyAssertMsg2(pIemCpu);
7972 RTAssertPanic();
7973 }
7974 }
7975 }
7976 }
7977
7978}
7979
7980/**
7981 * Performs the post-execution verfication checks.
7982 */
7983static void iemExecVerificationModeCheck(PIEMCPU pIemCpu)
7984{
7985 if (!IEM_VERIFICATION_ENABLED(pIemCpu))
7986 return;
7987
7988 /*
7989 * Switch back the state.
7990 */
7991 PCPUMCTX pOrgCtx = CPUMQueryGuestCtxPtr(IEMCPU_TO_VMCPU(pIemCpu));
7992 PCPUMCTX pDebugCtx = pIemCpu->CTX_SUFF(pCtx);
7993 Assert(pOrgCtx != pDebugCtx);
7994 pIemCpu->CTX_SUFF(pCtx) = pOrgCtx;
7995
7996 /*
7997 * Execute the instruction in REM.
7998 */
7999 PVM pVM = IEMCPU_TO_VM(pIemCpu);
8000 EMRemLock(pVM);
8001 int rc = REMR3EmulateInstruction(pVM, IEMCPU_TO_VMCPU(pIemCpu));
8002 AssertRC(rc);
8003 EMRemUnlock(pVM);
8004
8005 /*
8006 * Compare the register states.
8007 */
8008 unsigned cDiffs = 0;
8009 if (memcmp(pOrgCtx, pDebugCtx, sizeof(*pDebugCtx)))
8010 {
8011 //Log(("REM and IEM ends up with different registers!\n"));
8012
8013# define CHECK_FIELD(a_Field) \
8014 do \
8015 { \
8016 if (pOrgCtx->a_Field != pDebugCtx->a_Field) \
8017 { \
8018 switch (sizeof(pOrgCtx->a_Field)) \
8019 { \
8020 case 1: RTAssertMsg2Weak(" %8s differs - iem=%02x - rem=%02x\n", #a_Field, pDebugCtx->a_Field, pOrgCtx->a_Field); break; \
8021 case 2: RTAssertMsg2Weak(" %8s differs - iem=%04x - rem=%04x\n", #a_Field, pDebugCtx->a_Field, pOrgCtx->a_Field); break; \
8022 case 4: RTAssertMsg2Weak(" %8s differs - iem=%08x - rem=%08x\n", #a_Field, pDebugCtx->a_Field, pOrgCtx->a_Field); break; \
8023 case 8: RTAssertMsg2Weak(" %8s differs - iem=%016llx - rem=%016llx\n", #a_Field, pDebugCtx->a_Field, pOrgCtx->a_Field); break; \
8024 default: RTAssertMsg2Weak(" %8s differs\n", #a_Field); break; \
8025 } \
8026 cDiffs++; \
8027 } \
8028 } while (0)
8029
8030# define CHECK_BIT_FIELD(a_Field) \
8031 do \
8032 { \
8033 if (pOrgCtx->a_Field != pDebugCtx->a_Field) \
8034 { \
8035 RTAssertMsg2Weak(" %8s differs - iem=%02x - rem=%02x\n", #a_Field, pDebugCtx->a_Field, pOrgCtx->a_Field); \
8036 cDiffs++; \
8037 } \
8038 } while (0)
8039
8040# define CHECK_SEL(a_Sel) \
8041 do \
8042 { \
8043 CHECK_FIELD(a_Sel.Sel); \
8044 CHECK_FIELD(a_Sel.Attr.u); \
8045 CHECK_FIELD(a_Sel.u64Base); \
8046 CHECK_FIELD(a_Sel.u32Limit); \
8047 CHECK_FIELD(a_Sel.fFlags); \
8048 } while (0)
8049
8050#if 1 /* The recompiler doesn't update these the intel way. */
8051 pOrgCtx->fpu.FOP = pDebugCtx->fpu.FOP;
8052 pOrgCtx->fpu.FPUIP = pDebugCtx->fpu.FPUIP;
8053 pOrgCtx->fpu.CS = pDebugCtx->fpu.CS;
8054 pOrgCtx->fpu.Rsrvd1 = pDebugCtx->fpu.Rsrvd1;
8055 pOrgCtx->fpu.FPUDP = pDebugCtx->fpu.FPUDP;
8056 pOrgCtx->fpu.DS = pDebugCtx->fpu.DS;
8057 pOrgCtx->fpu.Rsrvd2 = pDebugCtx->fpu.Rsrvd2;
8058 pOrgCtx->fpu.MXCSR_MASK = pDebugCtx->fpu.MXCSR_MASK; /* only for the time being - old snapshots here. */
8059 if ((pOrgCtx->fpu.FSW & X86_FSW_TOP_MASK) == (pDebugCtx->fpu.FSW & X86_FSW_TOP_MASK))
8060 pOrgCtx->fpu.FSW = pDebugCtx->fpu.FSW;
8061#endif
8062 if (memcmp(&pOrgCtx->fpu, &pDebugCtx->fpu, sizeof(pDebugCtx->fpu)))
8063 {
8064 RTAssertMsg2Weak(" the FPU state differs\n");
8065 cDiffs++;
8066 CHECK_FIELD(fpu.FCW);
8067 CHECK_FIELD(fpu.FSW);
8068 CHECK_FIELD(fpu.FTW);
8069 CHECK_FIELD(fpu.FOP);
8070 CHECK_FIELD(fpu.FPUIP);
8071 CHECK_FIELD(fpu.CS);
8072 CHECK_FIELD(fpu.Rsrvd1);
8073 CHECK_FIELD(fpu.FPUDP);
8074 CHECK_FIELD(fpu.DS);
8075 CHECK_FIELD(fpu.Rsrvd2);
8076 CHECK_FIELD(fpu.MXCSR);
8077 CHECK_FIELD(fpu.MXCSR_MASK);
8078 CHECK_FIELD(fpu.aRegs[0].au64[0]); CHECK_FIELD(fpu.aRegs[0].au64[1]);
8079 CHECK_FIELD(fpu.aRegs[1].au64[0]); CHECK_FIELD(fpu.aRegs[1].au64[1]);
8080 CHECK_FIELD(fpu.aRegs[2].au64[0]); CHECK_FIELD(fpu.aRegs[2].au64[1]);
8081 CHECK_FIELD(fpu.aRegs[3].au64[0]); CHECK_FIELD(fpu.aRegs[3].au64[1]);
8082 CHECK_FIELD(fpu.aRegs[4].au64[0]); CHECK_FIELD(fpu.aRegs[4].au64[1]);
8083 CHECK_FIELD(fpu.aRegs[5].au64[0]); CHECK_FIELD(fpu.aRegs[5].au64[1]);
8084 CHECK_FIELD(fpu.aRegs[6].au64[0]); CHECK_FIELD(fpu.aRegs[6].au64[1]);
8085 CHECK_FIELD(fpu.aRegs[7].au64[0]); CHECK_FIELD(fpu.aRegs[7].au64[1]);
8086 CHECK_FIELD(fpu.aXMM[ 0].au64[0]); CHECK_FIELD(fpu.aXMM[ 0].au64[1]);
8087 CHECK_FIELD(fpu.aXMM[ 1].au64[0]); CHECK_FIELD(fpu.aXMM[ 1].au64[1]);
8088 CHECK_FIELD(fpu.aXMM[ 2].au64[0]); CHECK_FIELD(fpu.aXMM[ 2].au64[1]);
8089 CHECK_FIELD(fpu.aXMM[ 3].au64[0]); CHECK_FIELD(fpu.aXMM[ 3].au64[1]);
8090 CHECK_FIELD(fpu.aXMM[ 4].au64[0]); CHECK_FIELD(fpu.aXMM[ 4].au64[1]);
8091 CHECK_FIELD(fpu.aXMM[ 5].au64[0]); CHECK_FIELD(fpu.aXMM[ 5].au64[1]);
8092 CHECK_FIELD(fpu.aXMM[ 6].au64[0]); CHECK_FIELD(fpu.aXMM[ 6].au64[1]);
8093 CHECK_FIELD(fpu.aXMM[ 7].au64[0]); CHECK_FIELD(fpu.aXMM[ 7].au64[1]);
8094 CHECK_FIELD(fpu.aXMM[ 8].au64[0]); CHECK_FIELD(fpu.aXMM[ 8].au64[1]);
8095 CHECK_FIELD(fpu.aXMM[ 9].au64[0]); CHECK_FIELD(fpu.aXMM[ 9].au64[1]);
8096 CHECK_FIELD(fpu.aXMM[10].au64[0]); CHECK_FIELD(fpu.aXMM[10].au64[1]);
8097 CHECK_FIELD(fpu.aXMM[11].au64[0]); CHECK_FIELD(fpu.aXMM[11].au64[1]);
8098 CHECK_FIELD(fpu.aXMM[12].au64[0]); CHECK_FIELD(fpu.aXMM[12].au64[1]);
8099 CHECK_FIELD(fpu.aXMM[13].au64[0]); CHECK_FIELD(fpu.aXMM[13].au64[1]);
8100 CHECK_FIELD(fpu.aXMM[14].au64[0]); CHECK_FIELD(fpu.aXMM[14].au64[1]);
8101 CHECK_FIELD(fpu.aXMM[15].au64[0]); CHECK_FIELD(fpu.aXMM[15].au64[1]);
8102 for (unsigned i = 0; i < RT_ELEMENTS(pOrgCtx->fpu.au32RsrvdRest); i++)
8103 CHECK_FIELD(fpu.au32RsrvdRest[i]);
8104 }
8105 CHECK_FIELD(rip);
8106 uint32_t fFlagsMask = UINT32_MAX & ~pIemCpu->fUndefinedEFlags;
8107 if ((pOrgCtx->rflags.u & fFlagsMask) != (pDebugCtx->rflags.u & fFlagsMask))
8108 {
8109 RTAssertMsg2Weak(" rflags differs - iem=%08llx rem=%08llx\n", pDebugCtx->rflags.u, pOrgCtx->rflags.u);
8110 CHECK_BIT_FIELD(rflags.Bits.u1CF);
8111 CHECK_BIT_FIELD(rflags.Bits.u1Reserved0);
8112 CHECK_BIT_FIELD(rflags.Bits.u1PF);
8113 CHECK_BIT_FIELD(rflags.Bits.u1Reserved1);
8114 CHECK_BIT_FIELD(rflags.Bits.u1AF);
8115 CHECK_BIT_FIELD(rflags.Bits.u1Reserved2);
8116 CHECK_BIT_FIELD(rflags.Bits.u1ZF);
8117 CHECK_BIT_FIELD(rflags.Bits.u1SF);
8118 CHECK_BIT_FIELD(rflags.Bits.u1TF);
8119 CHECK_BIT_FIELD(rflags.Bits.u1IF);
8120 CHECK_BIT_FIELD(rflags.Bits.u1DF);
8121 CHECK_BIT_FIELD(rflags.Bits.u1OF);
8122 CHECK_BIT_FIELD(rflags.Bits.u2IOPL);
8123 CHECK_BIT_FIELD(rflags.Bits.u1NT);
8124 CHECK_BIT_FIELD(rflags.Bits.u1Reserved3);
8125 CHECK_BIT_FIELD(rflags.Bits.u1RF);
8126 CHECK_BIT_FIELD(rflags.Bits.u1VM);
8127 CHECK_BIT_FIELD(rflags.Bits.u1AC);
8128 CHECK_BIT_FIELD(rflags.Bits.u1VIF);
8129 CHECK_BIT_FIELD(rflags.Bits.u1VIP);
8130 CHECK_BIT_FIELD(rflags.Bits.u1ID);
8131 }
8132
8133 if (pIemCpu->cIOReads != 1 && !pIemCpu->fIgnoreRaxRdx)
8134 CHECK_FIELD(rax);
8135 CHECK_FIELD(rcx);
8136 if (!pIemCpu->fIgnoreRaxRdx)
8137 CHECK_FIELD(rdx);
8138 CHECK_FIELD(rbx);
8139 CHECK_FIELD(rsp);
8140 CHECK_FIELD(rbp);
8141 CHECK_FIELD(rsi);
8142 CHECK_FIELD(rdi);
8143 CHECK_FIELD(r8);
8144 CHECK_FIELD(r9);
8145 CHECK_FIELD(r10);
8146 CHECK_FIELD(r11);
8147 CHECK_FIELD(r12);
8148 CHECK_FIELD(r13);
8149 CHECK_SEL(cs);
8150 CHECK_SEL(ss);
8151 CHECK_SEL(ds);
8152 CHECK_SEL(es);
8153 CHECK_SEL(fs);
8154 CHECK_SEL(gs);
8155 CHECK_FIELD(cr0);
8156 /* Klugde #1: REM fetches code and accross the page boundrary and faults on the next page, while we execute
8157 the faulting instruction first: 001b:77f61ff3 66 8b 42 02 mov ax, word [edx+002h] (NT4SP1) */
8158 /* Kludge #2: CR2 differs slightly on cross page boundrary faults, we report the last address of the access
8159 while REM reports the address of the first byte on the page. Pending investigation as to which is correct. */
8160 if (pOrgCtx->cr2 != pDebugCtx->cr2)
8161 {
8162 if (pIemCpu->uOldCs == 0x1b && pIemCpu->uOldRip == 0x77f61ff3)
8163 { /* ignore */ }
8164 else if ( (pOrgCtx->cr2 & ~(uint64_t)3) == (pDebugCtx->cr2 & ~(uint64_t)3)
8165 && (pOrgCtx->cr2 & PAGE_OFFSET_MASK) == 0)
8166 { /* ignore */ }
8167 else
8168 CHECK_FIELD(cr2);
8169 }
8170 CHECK_FIELD(cr3);
8171 CHECK_FIELD(cr4);
8172 CHECK_FIELD(dr[0]);
8173 CHECK_FIELD(dr[1]);
8174 CHECK_FIELD(dr[2]);
8175 CHECK_FIELD(dr[3]);
8176 CHECK_FIELD(dr[6]);
8177 if ((pOrgCtx->dr[7] & ~X86_DR7_MB1_MASK) != (pDebugCtx->dr[7] & ~X86_DR7_MB1_MASK)) /* REM 'mov drX,greg' bug.*/
8178 CHECK_FIELD(dr[7]);
8179 CHECK_FIELD(gdtr.cbGdt);
8180 CHECK_FIELD(gdtr.pGdt);
8181 CHECK_FIELD(idtr.cbIdt);
8182 CHECK_FIELD(idtr.pIdt);
8183 CHECK_SEL(ldtr);
8184 CHECK_SEL(tr);
8185 CHECK_FIELD(SysEnter.cs);
8186 CHECK_FIELD(SysEnter.eip);
8187 CHECK_FIELD(SysEnter.esp);
8188 CHECK_FIELD(msrEFER);
8189 CHECK_FIELD(msrSTAR);
8190 CHECK_FIELD(msrPAT);
8191 CHECK_FIELD(msrLSTAR);
8192 CHECK_FIELD(msrCSTAR);
8193 CHECK_FIELD(msrSFMASK);
8194 CHECK_FIELD(msrKERNELGSBASE);
8195
8196 if (cDiffs != 0)
8197 {
8198 DBGFR3Info(pVM->pUVM, "cpumguest", "verbose", NULL);
8199 RTAssertMsg1(NULL, __LINE__, __FILE__, __FUNCTION__);
8200 iemVerifyAssertMsg2(pIemCpu);
8201 RTAssertPanic();
8202 }
8203# undef CHECK_FIELD
8204# undef CHECK_BIT_FIELD
8205 }
8206
8207 /*
8208 * If the register state compared fine, check the verification event
8209 * records.
8210 */
8211 if (cDiffs == 0 && !pIemCpu->fOverlappingMovs)
8212 {
8213 /*
8214 * Compare verficiation event records.
8215 * - I/O port accesses should be a 1:1 match.
8216 */
8217 PIEMVERIFYEVTREC pIemRec = pIemCpu->pIemEvtRecHead;
8218 PIEMVERIFYEVTREC pOtherRec = pIemCpu->pOtherEvtRecHead;
8219 while (pIemRec && pOtherRec)
8220 {
8221 /* Since we might miss RAM writes and reads, ignore reads and check
8222 that any written memory is the same extra ones. */
8223 while ( IEMVERIFYEVENT_IS_RAM(pIemRec->enmEvent)
8224 && !IEMVERIFYEVENT_IS_RAM(pOtherRec->enmEvent)
8225 && pIemRec->pNext)
8226 {
8227 if (pIemRec->enmEvent == IEMVERIFYEVENT_RAM_WRITE)
8228 iemVerifyWriteRecord(pIemCpu, pIemRec);
8229 pIemRec = pIemRec->pNext;
8230 }
8231
8232 /* Do the compare. */
8233 if (pIemRec->enmEvent != pOtherRec->enmEvent)
8234 {
8235 iemVerifyAssertRecords(pIemCpu, pIemRec, pOtherRec, "Type mismatches");
8236 break;
8237 }
8238 bool fEquals;
8239 switch (pIemRec->enmEvent)
8240 {
8241 case IEMVERIFYEVENT_IOPORT_READ:
8242 fEquals = pIemRec->u.IOPortRead.Port == pOtherRec->u.IOPortRead.Port
8243 && pIemRec->u.IOPortRead.cbValue == pOtherRec->u.IOPortRead.cbValue;
8244 break;
8245 case IEMVERIFYEVENT_IOPORT_WRITE:
8246 fEquals = pIemRec->u.IOPortWrite.Port == pOtherRec->u.IOPortWrite.Port
8247 && pIemRec->u.IOPortWrite.cbValue == pOtherRec->u.IOPortWrite.cbValue
8248 && pIemRec->u.IOPortWrite.u32Value == pOtherRec->u.IOPortWrite.u32Value;
8249 break;
8250 case IEMVERIFYEVENT_RAM_READ:
8251 fEquals = pIemRec->u.RamRead.GCPhys == pOtherRec->u.RamRead.GCPhys
8252 && pIemRec->u.RamRead.cb == pOtherRec->u.RamRead.cb;
8253 break;
8254 case IEMVERIFYEVENT_RAM_WRITE:
8255 fEquals = pIemRec->u.RamWrite.GCPhys == pOtherRec->u.RamWrite.GCPhys
8256 && pIemRec->u.RamWrite.cb == pOtherRec->u.RamWrite.cb
8257 && !memcmp(pIemRec->u.RamWrite.ab, pOtherRec->u.RamWrite.ab, pIemRec->u.RamWrite.cb);
8258 break;
8259 default:
8260 fEquals = false;
8261 break;
8262 }
8263 if (!fEquals)
8264 {
8265 iemVerifyAssertRecords(pIemCpu, pIemRec, pOtherRec, "Mismatch");
8266 break;
8267 }
8268
8269 /* advance */
8270 pIemRec = pIemRec->pNext;
8271 pOtherRec = pOtherRec->pNext;
8272 }
8273
8274 /* Ignore extra writes and reads. */
8275 while (pIemRec && IEMVERIFYEVENT_IS_RAM(pIemRec->enmEvent))
8276 {
8277 if (pIemRec->enmEvent == IEMVERIFYEVENT_RAM_WRITE)
8278 iemVerifyWriteRecord(pIemCpu, pIemRec);
8279 pIemRec = pIemRec->pNext;
8280 }
8281 if (pIemRec != NULL)
8282 iemVerifyAssertRecord(pIemCpu, pIemRec, "Extra IEM record!");
8283 else if (pOtherRec != NULL)
8284 iemVerifyAssertRecord(pIemCpu, pIemRec, "Extra Other record!");
8285 }
8286 pIemCpu->CTX_SUFF(pCtx) = pOrgCtx;
8287}
8288
8289#else /* !IEM_VERIFICATION_MODE_FULL || !IN_RING3 */
8290
8291/* stubs */
8292static VBOXSTRICTRC iemVerifyFakeIOPortRead(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t *pu32Value, size_t cbValue)
8293{
8294 NOREF(pIemCpu); NOREF(Port); NOREF(pu32Value); NOREF(cbValue);
8295 return VERR_INTERNAL_ERROR;
8296}
8297
8298static VBOXSTRICTRC iemVerifyFakeIOPortWrite(PIEMCPU pIemCpu, RTIOPORT Port, uint32_t u32Value, size_t cbValue)
8299{
8300 NOREF(pIemCpu); NOREF(Port); NOREF(u32Value); NOREF(cbValue);
8301 return VERR_INTERNAL_ERROR;
8302}
8303
8304#endif /* !IEM_VERIFICATION_MODE_FULL || !IN_RING3 */
8305
8306
8307/**
8308 * The actual code execution bits of IEMExecOne, IEMExecOneEx, and
8309 * IEMExecOneWithPrefetchedByPC.
8310 *
8311 * @return Strict VBox status code.
8312 * @param pVCpu The current virtual CPU.
8313 * @param pIemCpu The IEM per CPU data.
8314 * @param fExecuteInhibit If set, execute the instruction following CLI,
8315 * POP SS and MOV SS,GR.
8316 */
8317DECL_FORCE_INLINE(VBOXSTRICTRC) iemExecOneInner(PVMCPU pVCpu, PIEMCPU pIemCpu, bool fExecuteInhibit)
8318{
8319 uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
8320 VBOXSTRICTRC rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
8321 if (rcStrict == VINF_SUCCESS)
8322 pIemCpu->cInstructions++;
8323//#ifdef DEBUG
8324// AssertMsg(pIemCpu->offOpcode == cbInstr || rcStrict != VINF_SUCCESS, ("%u %u\n", pIemCpu->offOpcode, cbInstr));
8325//#endif
8326
8327 /* Execute the next instruction as well if a cli, pop ss or
8328 mov ss, Gr has just completed successfully. */
8329 if ( fExecuteInhibit
8330 && rcStrict == VINF_SUCCESS
8331 && VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_INHIBIT_INTERRUPTS)
8332 && EMGetInhibitInterruptsPC(pVCpu) == pIemCpu->CTX_SUFF(pCtx)->rip )
8333 {
8334 rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, pIemCpu->fBypassHandlers);
8335 if (rcStrict == VINF_SUCCESS)
8336 {
8337 b; IEM_OPCODE_GET_NEXT_U8(&b);
8338 rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
8339 if (rcStrict == VINF_SUCCESS)
8340 pIemCpu->cInstructions++;
8341 }
8342 EMSetInhibitInterruptsPC(pVCpu, UINT64_C(0x7777555533331111));
8343 }
8344
8345 /*
8346 * Return value fiddling and statistics.
8347 */
8348 if (rcStrict != VINF_SUCCESS)
8349 {
8350 if (RT_SUCCESS(rcStrict))
8351 {
8352 AssertMsg(rcStrict >= VINF_EM_FIRST && rcStrict <= VINF_EM_LAST, ("rcStrict=%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
8353 int32_t const rcPassUp = pIemCpu->rcPassUp;
8354 if (rcPassUp == VINF_SUCCESS)
8355 pIemCpu->cRetInfStatuses++;
8356 else if ( rcPassUp < VINF_EM_FIRST
8357 || rcPassUp > VINF_EM_LAST
8358 || rcPassUp < VBOXSTRICTRC_VAL(rcStrict))
8359 {
8360 Log(("IEM: rcPassUp=%Rrc! rcStrict=%Rrc\n", rcPassUp, VBOXSTRICTRC_VAL(rcStrict)));
8361 pIemCpu->cRetPassUpStatus++;
8362 rcStrict = rcPassUp;
8363 }
8364 else
8365 {
8366 Log(("IEM: rcPassUp=%Rrc rcStrict=%Rrc!\n", rcPassUp, VBOXSTRICTRC_VAL(rcStrict)));
8367 pIemCpu->cRetInfStatuses++;
8368 }
8369 }
8370 else if (rcStrict == VERR_IEM_ASPECT_NOT_IMPLEMENTED)
8371 pIemCpu->cRetAspectNotImplemented++;
8372 else if (rcStrict == VERR_IEM_INSTR_NOT_IMPLEMENTED)
8373 pIemCpu->cRetInstrNotImplemented++;
8374#ifdef IEM_VERIFICATION_MODE_FULL
8375 else if (rcStrict == VERR_IEM_RESTART_INSTRUCTION)
8376 rcStrict = VINF_SUCCESS;
8377#endif
8378 else
8379 pIemCpu->cRetErrStatuses++;
8380 }
8381 else if (pIemCpu->rcPassUp != VINF_SUCCESS)
8382 {
8383 pIemCpu->cRetPassUpStatus++;
8384 rcStrict = pIemCpu->rcPassUp;
8385 }
8386
8387 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->cs));
8388 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->ss));
8389#if defined(IEM_VERIFICATION_MODE_FULL)
8390 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->es));
8391 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->ds));
8392 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->fs));
8393 Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pIemCpu->CTX_SUFF(pCtx)->gs));
8394#endif
8395 return rcStrict;
8396}
8397
8398
8399#ifdef IN_RC
8400/**
8401 * Re-enters raw-mode or ensure we return to ring-3.
8402 *
8403 * @returns rcStrict, maybe modified.
8404 * @param pIemCpu The IEM CPU structure.
8405 * @param pVCpu The cross context virtual CPU structure of the caller.
8406 * @param pCtx The current CPU context.
8407 * @param rcStrict The status code returne by the interpreter.
8408 */
8409DECLINLINE(VBOXSTRICTRC) iemRCRawMaybeReenter(PIEMCPU pIemCpu, PVMCPU pVCpu, PCPUMCTX pCtx, VBOXSTRICTRC rcStrict)
8410{
8411 if (!pIemCpu->fInPatchCode)
8412 CPUMRawEnter(pVCpu, CPUMCTX2CORE(pCtx));
8413 return rcStrict;
8414}
8415#endif
8416
8417
8418/**
8419 * Execute one instruction.
8420 *
8421 * @return Strict VBox status code.
8422 * @param pVCpu The current virtual CPU.
8423 */
8424VMMDECL(VBOXSTRICTRC) IEMExecOne(PVMCPU pVCpu)
8425{
8426 PIEMCPU pIemCpu = &pVCpu->iem.s;
8427
8428#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
8429 iemExecVerificationModeSetup(pIemCpu);
8430#endif
8431#ifdef LOG_ENABLED
8432 PCPUMCTX pCtx = pIemCpu->CTX_SUFF(pCtx);
8433# ifdef IN_RING3
8434 if (LogIs2Enabled())
8435 {
8436 char szInstr[256];
8437 uint32_t cbInstr = 0;
8438 DBGFR3DisasInstrEx(pVCpu->pVMR3->pUVM, pVCpu->idCpu, 0, 0,
8439 DBGF_DISAS_FLAGS_CURRENT_GUEST | DBGF_DISAS_FLAGS_DEFAULT_MODE,
8440 szInstr, sizeof(szInstr), &cbInstr);
8441
8442 Log3(("**** "
8443 " eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x\n"
8444 " eip=%08x esp=%08x ebp=%08x iopl=%d\n"
8445 " cs=%04x ss=%04x ds=%04x es=%04x fs=%04x gs=%04x efl=%08x\n"
8446 " fsw=%04x fcw=%04x ftw=%02x mxcsr=%04x/%04x\n"
8447 " %s\n"
8448 ,
8449 pCtx->eax, pCtx->ebx, pCtx->ecx, pCtx->edx, pCtx->esi, pCtx->edi,
8450 pCtx->eip, pCtx->esp, pCtx->ebp, pCtx->eflags.Bits.u2IOPL,
8451 pCtx->cs.Sel, pCtx->ss.Sel, pCtx->ds.Sel, pCtx->es.Sel,
8452 pCtx->fs.Sel, pCtx->gs.Sel, pCtx->eflags.u,
8453 pCtx->fpu.FSW, pCtx->fpu.FCW, pCtx->fpu.FTW, pCtx->fpu.MXCSR, pCtx->fpu.MXCSR_MASK,
8454 szInstr));
8455
8456 if (LogIs3Enabled())
8457 DBGFR3Info(pVCpu->pVMR3->pUVM, "cpumguest", "verbose", NULL);
8458 }
8459 else
8460# endif
8461 LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x\n",
8462 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp, pCtx->eflags.u));
8463#endif
8464
8465 /*
8466 * Do the decoding and emulation.
8467 */
8468 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
8469 if (rcStrict == VINF_SUCCESS)
8470 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
8471
8472#if defined(IEM_VERIFICATION_MODE_FULL) && defined(IN_RING3)
8473 /*
8474 * Assert some sanity.
8475 */
8476 iemExecVerificationModeCheck(pIemCpu);
8477#endif
8478#ifdef IN_RC
8479 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pIemCpu->CTX_SUFF(pCtx), rcStrict);
8480#endif
8481 if (rcStrict != VINF_SUCCESS)
8482 LogFlow(("IEMExecOne: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
8483 pCtx->cs.Sel, pCtx->rip, pCtx->ss.Sel, pCtx->rsp, pCtx->eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
8484 return rcStrict;
8485}
8486
8487
8488VMMDECL(VBOXSTRICTRC) IEMExecOneEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
8489{
8490 PIEMCPU pIemCpu = &pVCpu->iem.s;
8491 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
8492 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
8493
8494 uint32_t const cbOldWritten = pIemCpu->cbWritten;
8495 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
8496 if (rcStrict == VINF_SUCCESS)
8497 {
8498 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
8499 if (pcbWritten)
8500 *pcbWritten = pIemCpu->cbWritten - cbOldWritten;
8501 }
8502
8503#ifdef IN_RC
8504 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
8505#endif
8506 return rcStrict;
8507}
8508
8509
8510VMMDECL(VBOXSTRICTRC) IEMExecOneWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
8511 const void *pvOpcodeBytes, size_t cbOpcodeBytes)
8512{
8513 PIEMCPU pIemCpu = &pVCpu->iem.s;
8514 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
8515 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
8516
8517 VBOXSTRICTRC rcStrict;
8518 if ( cbOpcodeBytes
8519 && pCtx->rip == OpcodeBytesPC)
8520 {
8521 iemInitDecoder(pIemCpu, false);
8522 pIemCpu->cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pIemCpu->abOpcode));
8523 memcpy(pIemCpu->abOpcode, pvOpcodeBytes, pIemCpu->cbOpcode);
8524 rcStrict = VINF_SUCCESS;
8525 }
8526 else
8527 rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, false);
8528 if (rcStrict == VINF_SUCCESS)
8529 {
8530 rcStrict = iemExecOneInner(pVCpu, pIemCpu, true);
8531 }
8532
8533#ifdef IN_RC
8534 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
8535#endif
8536 return rcStrict;
8537}
8538
8539
8540VMMDECL(VBOXSTRICTRC) IEMExecOneBypassEx(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint32_t *pcbWritten)
8541{
8542 PIEMCPU pIemCpu = &pVCpu->iem.s;
8543 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
8544 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
8545
8546 uint32_t const cbOldWritten = pIemCpu->cbWritten;
8547 VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, true);
8548 if (rcStrict == VINF_SUCCESS)
8549 {
8550 rcStrict = iemExecOneInner(pVCpu, pIemCpu, false);
8551 if (pcbWritten)
8552 *pcbWritten = pIemCpu->cbWritten - cbOldWritten;
8553 }
8554
8555#ifdef IN_RC
8556 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
8557#endif
8558 return rcStrict;
8559}
8560
8561
8562VMMDECL(VBOXSTRICTRC) IEMExecOneBypassWithPrefetchedByPC(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, uint64_t OpcodeBytesPC,
8563 const void *pvOpcodeBytes, size_t cbOpcodeBytes)
8564{
8565 PIEMCPU pIemCpu = &pVCpu->iem.s;
8566 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
8567 AssertReturn(CPUMCTX2CORE(pCtx) == pCtxCore, VERR_IEM_IPE_3);
8568
8569 VBOXSTRICTRC rcStrict;
8570 if ( cbOpcodeBytes
8571 && pCtx->rip == OpcodeBytesPC)
8572 {
8573 iemInitDecoder(pIemCpu, true);
8574 pIemCpu->cbOpcode = (uint8_t)RT_MIN(cbOpcodeBytes, sizeof(pIemCpu->abOpcode));
8575 memcpy(pIemCpu->abOpcode, pvOpcodeBytes, pIemCpu->cbOpcode);
8576 rcStrict = VINF_SUCCESS;
8577 }
8578 else
8579 rcStrict = iemInitDecoderAndPrefetchOpcodes(pIemCpu, true);
8580 if (rcStrict == VINF_SUCCESS)
8581 rcStrict = iemExecOneInner(pVCpu, pIemCpu, false);
8582
8583#ifdef IN_RC
8584 rcStrict = iemRCRawMaybeReenter(pIemCpu, pVCpu, pCtx, rcStrict);
8585#endif
8586 return rcStrict;
8587}
8588
8589
8590VMMDECL(VBOXSTRICTRC) IEMExecLots(PVMCPU pVCpu)
8591{
8592 return IEMExecOne(pVCpu);
8593}
8594
8595
8596
8597/**
8598 * Injects a trap, fault, abort, software interrupt or external interrupt.
8599 *
8600 * The parameter list matches TRPMQueryTrapAll pretty closely.
8601 *
8602 * @returns Strict VBox status code.
8603 * @param pVCpu The current virtual CPU.
8604 * @param u8TrapNo The trap number.
8605 * @param enmType What type is it (trap/fault/abort), software
8606 * interrupt or hardware interrupt.
8607 * @param uErrCode The error code if applicable.
8608 * @param uCr2 The CR2 value if applicable.
8609 */
8610VMM_INT_DECL(VBOXSTRICTRC) IEMInjectTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType, uint16_t uErrCode, RTGCPTR uCr2)
8611{
8612 iemInitDecoder(&pVCpu->iem.s, false);
8613
8614 uint32_t fFlags;
8615 switch (enmType)
8616 {
8617 case TRPM_HARDWARE_INT:
8618 Log(("IEMInjectTrap: %#4x ext\n", u8TrapNo));
8619 fFlags = IEM_XCPT_FLAGS_T_EXT_INT;
8620 uErrCode = uCr2 = 0;
8621 break;
8622
8623 case TRPM_SOFTWARE_INT:
8624 Log(("IEMInjectTrap: %#4x soft\n", u8TrapNo));
8625 fFlags = IEM_XCPT_FLAGS_T_SOFT_INT;
8626 uErrCode = uCr2 = 0;
8627 break;
8628
8629 case TRPM_TRAP:
8630 Log(("IEMInjectTrap: %#4x trap err=%#x cr2=%#RGv\n", u8TrapNo, uErrCode, uCr2));
8631 fFlags = IEM_XCPT_FLAGS_T_CPU_XCPT;
8632 if (u8TrapNo == X86_XCPT_PF)
8633 fFlags |= IEM_XCPT_FLAGS_CR2;
8634 switch (u8TrapNo)
8635 {
8636 case X86_XCPT_DF:
8637 case X86_XCPT_TS:
8638 case X86_XCPT_NP:
8639 case X86_XCPT_SS:
8640 case X86_XCPT_PF:
8641 case X86_XCPT_AC:
8642 fFlags |= IEM_XCPT_FLAGS_ERR;
8643 break;
8644 }
8645 break;
8646
8647 IEM_NOT_REACHED_DEFAULT_CASE_RET();
8648 }
8649
8650 return iemRaiseXcptOrInt(&pVCpu->iem.s, 0, u8TrapNo, fFlags, uErrCode, uCr2);
8651}
8652
8653
8654VMM_INT_DECL(int) IEMBreakpointSet(PVM pVM, RTGCPTR GCPtrBp)
8655{
8656 return VERR_NOT_IMPLEMENTED;
8657}
8658
8659
8660VMM_INT_DECL(int) IEMBreakpointClear(PVM pVM, RTGCPTR GCPtrBp)
8661{
8662 return VERR_NOT_IMPLEMENTED;
8663}
8664
8665
8666#if 0 /* The IRET-to-v8086 mode in PATM is very optimistic, so I don't dare do this yet. */
8667/**
8668 * Executes a IRET instruction with default operand size.
8669 *
8670 * This is for PATM.
8671 *
8672 * @returns VBox status code.
8673 * @param pVCpu The current virtual CPU.
8674 * @param pCtxCore The register frame.
8675 */
8676VMM_INT_DECL(int) IEMExecInstr_iret(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore)
8677{
8678 PIEMCPU pIemCpu = &pVCpu->iem.s;
8679 PCPUMCTX pCtx = pVCpu->iem.s.CTX_SUFF(pCtx);
8680
8681 iemCtxCoreToCtx(pCtx, pCtxCore);
8682 iemInitDecoder(pIemCpu);
8683 VBOXSTRICTRC rcStrict = iemCImpl_iret(pIemCpu, 1, pIemCpu->enmDefOpSize);
8684 if (rcStrict == VINF_SUCCESS)
8685 iemCtxToCtxCore(pCtxCore, pCtx);
8686 else
8687 LogFlow(("IEMExecInstr_iret: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc\n",
8688 pCtx->cs, pCtx->rip, pCtx->ss, pCtx->rsp, pCtx->eflags.u, VBOXSTRICTRC_VAL(rcStrict)));
8689 return rcStrict;
8690}
8691#endif
8692
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette