4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "exec/cpu-all.h"
24 #if !defined(CONFIG_USER_ONLY)
25 #include "exec/softmmu_exec.h"
26 #endif /* !defined(CONFIG_USER_ONLY) */
28 /* Secure Virtual Machine helpers */
30 #if defined(CONFIG_USER_ONLY)
32 void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
36 void helper_vmmcall(CPUX86State *env)
40 void helper_vmload(CPUX86State *env, int aflag)
44 void helper_vmsave(CPUX86State *env, int aflag)
48 void helper_stgi(CPUX86State *env)
52 void helper_clgi(CPUX86State *env)
56 void helper_skinit(CPUX86State *env)
60 void helper_invlpga(CPUX86State *env, int aflag)
64 void helper_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1)
68 void cpu_vmexit(CPUX86State *nenv, uint32_t exit_code, uint64_t exit_info_1)
72 void helper_svm_check_intercept_param(CPUX86State *env, uint32_t type,
77 void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type,
82 void helper_svm_check_io(CPUX86State *env, uint32_t port, uint32_t param,
83 uint32_t next_eip_addend)
88 static inline void svm_save_seg(CPUX86State *env, hwaddr addr,
89 const SegmentCache *sc)
91 CPUState *cs = CPU(x86_env_get_cpu(env));
93 stw_phys(cs->as, addr + offsetof(struct vmcb_seg, selector),
95 stq_phys(cs->as, addr + offsetof(struct vmcb_seg, base),
97 stl_phys(cs->as, addr + offsetof(struct vmcb_seg, limit),
99 stw_phys(cs->as, addr + offsetof(struct vmcb_seg, attrib),
100 ((sc->flags >> 8) & 0xff) | ((sc->flags >> 12) & 0x0f00));
103 static inline void svm_load_seg(CPUX86State *env, hwaddr addr,
106 CPUState *cs = CPU(x86_env_get_cpu(env));
109 sc->selector = lduw_phys(cs->as,
110 addr + offsetof(struct vmcb_seg, selector));
111 sc->base = ldq_phys(cs->as, addr + offsetof(struct vmcb_seg, base));
112 sc->limit = ldl_phys(cs->as, addr + offsetof(struct vmcb_seg, limit));
113 flags = lduw_phys(cs->as, addr + offsetof(struct vmcb_seg, attrib));
114 sc->flags = ((flags & 0xff) << 8) | ((flags & 0x0f00) << 12);
117 static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr,
120 SegmentCache sc1, *sc = &sc1;
122 svm_load_seg(env, addr, sc);
123 cpu_x86_load_seg_cache(env, seg_reg, sc->selector,
124 sc->base, sc->limit, sc->flags);
127 void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
129 CPUState *cs = CPU(x86_env_get_cpu(env));
134 cpu_svm_check_intercept_param(env, SVM_EXIT_VMRUN, 0);
137 addr = env->regs[R_EAX];
139 addr = (uint32_t)env->regs[R_EAX];
142 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmrun! " TARGET_FMT_lx "\n", addr);
146 /* save the current CPU state in the hsave page */
147 stq_phys(cs->as, env->vm_hsave + offsetof(struct vmcb, save.gdtr.base),
149 stl_phys(cs->as, env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit),
152 stq_phys(cs->as, env->vm_hsave + offsetof(struct vmcb, save.idtr.base),
154 stl_phys(cs->as, env->vm_hsave + offsetof(struct vmcb, save.idtr.limit),
158 env->vm_hsave + offsetof(struct vmcb, save.cr0), env->cr[0]);
160 env->vm_hsave + offsetof(struct vmcb, save.cr2), env->cr[2]);
162 env->vm_hsave + offsetof(struct vmcb, save.cr3), env->cr[3]);
164 env->vm_hsave + offsetof(struct vmcb, save.cr4), env->cr[4]);
166 env->vm_hsave + offsetof(struct vmcb, save.dr6), env->dr[6]);
168 env->vm_hsave + offsetof(struct vmcb, save.dr7), env->dr[7]);
171 env->vm_hsave + offsetof(struct vmcb, save.efer), env->efer);
173 env->vm_hsave + offsetof(struct vmcb, save.rflags),
174 cpu_compute_eflags(env));
176 svm_save_seg(env, env->vm_hsave + offsetof(struct vmcb, save.es),
178 svm_save_seg(env, env->vm_hsave + offsetof(struct vmcb, save.cs),
180 svm_save_seg(env, env->vm_hsave + offsetof(struct vmcb, save.ss),
182 svm_save_seg(env, env->vm_hsave + offsetof(struct vmcb, save.ds),
185 stq_phys(cs->as, env->vm_hsave + offsetof(struct vmcb, save.rip),
186 env->eip + next_eip_addend);
188 env->vm_hsave + offsetof(struct vmcb, save.rsp), env->regs[R_ESP]);
190 env->vm_hsave + offsetof(struct vmcb, save.rax), env->regs[R_EAX]);
192 /* load the interception bitmaps so we do not need to access the
194 env->intercept = ldq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
196 env->intercept_cr_read = lduw_phys(cs->as, env->vm_vmcb +
197 offsetof(struct vmcb,
198 control.intercept_cr_read));
199 env->intercept_cr_write = lduw_phys(cs->as, env->vm_vmcb +
200 offsetof(struct vmcb,
201 control.intercept_cr_write));
202 env->intercept_dr_read = lduw_phys(cs->as, env->vm_vmcb +
203 offsetof(struct vmcb,
204 control.intercept_dr_read));
205 env->intercept_dr_write = lduw_phys(cs->as, env->vm_vmcb +
206 offsetof(struct vmcb,
207 control.intercept_dr_write));
208 env->intercept_exceptions = ldl_phys(cs->as, env->vm_vmcb +
209 offsetof(struct vmcb,
210 control.intercept_exceptions
213 /* enable intercepts */
214 env->hflags |= HF_SVMI_MASK;
216 env->tsc_offset = ldq_phys(cs->as, env->vm_vmcb +
217 offsetof(struct vmcb, control.tsc_offset));
219 env->gdt.base = ldq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
221 env->gdt.limit = ldl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
224 env->idt.base = ldq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
226 env->idt.limit = ldl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
229 /* clear exit_info_2 so we behave like the real hardware */
231 env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2), 0);
233 cpu_x86_update_cr0(env, ldq_phys(cs->as,
234 env->vm_vmcb + offsetof(struct vmcb,
236 cpu_x86_update_cr4(env, ldq_phys(cs->as,
237 env->vm_vmcb + offsetof(struct vmcb,
239 cpu_x86_update_cr3(env, ldq_phys(cs->as,
240 env->vm_vmcb + offsetof(struct vmcb,
242 env->cr[2] = ldq_phys(cs->as,
243 env->vm_vmcb + offsetof(struct vmcb, save.cr2));
244 int_ctl = ldl_phys(cs->as,
245 env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
246 env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
247 if (int_ctl & V_INTR_MASKING_MASK) {
248 env->v_tpr = int_ctl & V_TPR_MASK;
249 env->hflags2 |= HF2_VINTR_MASK;
250 if (env->eflags & IF_MASK) {
251 env->hflags2 |= HF2_HIF_MASK;
257 env->vm_vmcb + offsetof(struct vmcb, save.efer)));
259 cpu_load_eflags(env, ldq_phys(cs->as,
260 env->vm_vmcb + offsetof(struct vmcb,
262 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
263 CC_OP = CC_OP_EFLAGS;
265 svm_load_seg_cache(env, env->vm_vmcb + offsetof(struct vmcb, save.es),
267 svm_load_seg_cache(env, env->vm_vmcb + offsetof(struct vmcb, save.cs),
269 svm_load_seg_cache(env, env->vm_vmcb + offsetof(struct vmcb, save.ss),
271 svm_load_seg_cache(env, env->vm_vmcb + offsetof(struct vmcb, save.ds),
274 env->eip = ldq_phys(cs->as,
275 env->vm_vmcb + offsetof(struct vmcb, save.rip));
277 env->regs[R_ESP] = ldq_phys(cs->as,
278 env->vm_vmcb + offsetof(struct vmcb, save.rsp));
279 env->regs[R_EAX] = ldq_phys(cs->as,
280 env->vm_vmcb + offsetof(struct vmcb, save.rax));
281 env->dr[7] = ldq_phys(cs->as,
282 env->vm_vmcb + offsetof(struct vmcb, save.dr7));
283 env->dr[6] = ldq_phys(cs->as,
284 env->vm_vmcb + offsetof(struct vmcb, save.dr6));
285 cpu_x86_set_cpl(env, ldub_phys(cs->as,
286 env->vm_vmcb + offsetof(struct vmcb,
289 /* FIXME: guest state consistency checks */
291 switch (ldub_phys(cs->as,
292 env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) {
293 case TLB_CONTROL_DO_NOTHING:
295 case TLB_CONTROL_FLUSH_ALL_ASID:
296 /* FIXME: this is not 100% correct but should work for now */
301 env->hflags2 |= HF2_GIF_MASK;
303 if (int_ctl & V_IRQ_MASK) {
304 CPUState *cs = CPU(x86_env_get_cpu(env));
306 cs->interrupt_request |= CPU_INTERRUPT_VIRQ;
309 /* maybe we need to inject an event */
310 event_inj = ldl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
312 if (event_inj & SVM_EVTINJ_VALID) {
313 uint8_t vector = event_inj & SVM_EVTINJ_VEC_MASK;
314 uint16_t valid_err = event_inj & SVM_EVTINJ_VALID_ERR;
315 uint32_t event_inj_err = ldl_phys(cs->as, env->vm_vmcb +
316 offsetof(struct vmcb,
317 control.event_inj_err));
319 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Injecting(%#hx): ", valid_err);
320 /* FIXME: need to implement valid_err */
321 switch (event_inj & SVM_EVTINJ_TYPE_MASK) {
322 case SVM_EVTINJ_TYPE_INTR:
323 env->exception_index = vector;
324 env->error_code = event_inj_err;
325 env->exception_is_int = 0;
326 env->exception_next_eip = -1;
327 qemu_log_mask(CPU_LOG_TB_IN_ASM, "INTR");
328 /* XXX: is it always correct? */
329 do_interrupt_x86_hardirq(env, vector, 1);
331 case SVM_EVTINJ_TYPE_NMI:
332 env->exception_index = EXCP02_NMI;
333 env->error_code = event_inj_err;
334 env->exception_is_int = 0;
335 env->exception_next_eip = env->eip;
336 qemu_log_mask(CPU_LOG_TB_IN_ASM, "NMI");
339 case SVM_EVTINJ_TYPE_EXEPT:
340 env->exception_index = vector;
341 env->error_code = event_inj_err;
342 env->exception_is_int = 0;
343 env->exception_next_eip = -1;
344 qemu_log_mask(CPU_LOG_TB_IN_ASM, "EXEPT");
347 case SVM_EVTINJ_TYPE_SOFT:
348 env->exception_index = vector;
349 env->error_code = event_inj_err;
350 env->exception_is_int = 1;
351 env->exception_next_eip = env->eip;
352 qemu_log_mask(CPU_LOG_TB_IN_ASM, "SOFT");
356 qemu_log_mask(CPU_LOG_TB_IN_ASM, " %#x %#x\n", env->exception_index,
361 void helper_vmmcall(CPUX86State *env)
363 cpu_svm_check_intercept_param(env, SVM_EXIT_VMMCALL, 0);
364 raise_exception(env, EXCP06_ILLOP);
367 void helper_vmload(CPUX86State *env, int aflag)
369 CPUState *cs = CPU(x86_env_get_cpu(env));
372 cpu_svm_check_intercept_param(env, SVM_EXIT_VMLOAD, 0);
375 addr = env->regs[R_EAX];
377 addr = (uint32_t)env->regs[R_EAX];
380 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmload! " TARGET_FMT_lx
381 "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
382 addr, ldq_phys(cs->as, addr + offsetof(struct vmcb,
384 env->segs[R_FS].base);
386 svm_load_seg_cache(env, addr + offsetof(struct vmcb, save.fs), R_FS);
387 svm_load_seg_cache(env, addr + offsetof(struct vmcb, save.gs), R_GS);
388 svm_load_seg(env, addr + offsetof(struct vmcb, save.tr), &env->tr);
389 svm_load_seg(env, addr + offsetof(struct vmcb, save.ldtr), &env->ldt);
392 env->kernelgsbase = ldq_phys(cs->as, addr + offsetof(struct vmcb,
393 save.kernel_gs_base));
394 env->lstar = ldq_phys(cs->as, addr + offsetof(struct vmcb, save.lstar));
395 env->cstar = ldq_phys(cs->as, addr + offsetof(struct vmcb, save.cstar));
396 env->fmask = ldq_phys(cs->as, addr + offsetof(struct vmcb, save.sfmask));
398 env->star = ldq_phys(cs->as, addr + offsetof(struct vmcb, save.star));
399 env->sysenter_cs = ldq_phys(cs->as,
400 addr + offsetof(struct vmcb, save.sysenter_cs));
401 env->sysenter_esp = ldq_phys(cs->as, addr + offsetof(struct vmcb,
403 env->sysenter_eip = ldq_phys(cs->as, addr + offsetof(struct vmcb,
407 void helper_vmsave(CPUX86State *env, int aflag)
409 CPUState *cs = CPU(x86_env_get_cpu(env));
412 cpu_svm_check_intercept_param(env, SVM_EXIT_VMSAVE, 0);
415 addr = env->regs[R_EAX];
417 addr = (uint32_t)env->regs[R_EAX];
420 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmsave! " TARGET_FMT_lx
421 "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
422 addr, ldq_phys(cs->as,
423 addr + offsetof(struct vmcb, save.fs.base)),
424 env->segs[R_FS].base);
426 svm_save_seg(env, addr + offsetof(struct vmcb, save.fs),
428 svm_save_seg(env, addr + offsetof(struct vmcb, save.gs),
430 svm_save_seg(env, addr + offsetof(struct vmcb, save.tr),
432 svm_save_seg(env, addr + offsetof(struct vmcb, save.ldtr),
436 stq_phys(cs->as, addr + offsetof(struct vmcb, save.kernel_gs_base),
438 stq_phys(cs->as, addr + offsetof(struct vmcb, save.lstar), env->lstar);
439 stq_phys(cs->as, addr + offsetof(struct vmcb, save.cstar), env->cstar);
440 stq_phys(cs->as, addr + offsetof(struct vmcb, save.sfmask), env->fmask);
442 stq_phys(cs->as, addr + offsetof(struct vmcb, save.star), env->star);
444 addr + offsetof(struct vmcb, save.sysenter_cs), env->sysenter_cs);
445 stq_phys(cs->as, addr + offsetof(struct vmcb, save.sysenter_esp),
447 stq_phys(cs->as, addr + offsetof(struct vmcb, save.sysenter_eip),
451 void helper_stgi(CPUX86State *env)
453 cpu_svm_check_intercept_param(env, SVM_EXIT_STGI, 0);
454 env->hflags2 |= HF2_GIF_MASK;
457 void helper_clgi(CPUX86State *env)
459 cpu_svm_check_intercept_param(env, SVM_EXIT_CLGI, 0);
460 env->hflags2 &= ~HF2_GIF_MASK;
463 void helper_skinit(CPUX86State *env)
465 cpu_svm_check_intercept_param(env, SVM_EXIT_SKINIT, 0);
466 /* XXX: not implemented */
467 raise_exception(env, EXCP06_ILLOP);
470 void helper_invlpga(CPUX86State *env, int aflag)
474 cpu_svm_check_intercept_param(env, SVM_EXIT_INVLPGA, 0);
477 addr = env->regs[R_EAX];
479 addr = (uint32_t)env->regs[R_EAX];
482 /* XXX: could use the ASID to see if it is needed to do the
484 tlb_flush_page(env, addr);
487 void helper_svm_check_intercept_param(CPUX86State *env, uint32_t type,
490 CPUState *cs = CPU(x86_env_get_cpu(env));
492 if (likely(!(env->hflags & HF_SVMI_MASK))) {
496 case SVM_EXIT_READ_CR0 ... SVM_EXIT_READ_CR0 + 8:
497 if (env->intercept_cr_read & (1 << (type - SVM_EXIT_READ_CR0))) {
498 helper_vmexit(env, type, param);
501 case SVM_EXIT_WRITE_CR0 ... SVM_EXIT_WRITE_CR0 + 8:
502 if (env->intercept_cr_write & (1 << (type - SVM_EXIT_WRITE_CR0))) {
503 helper_vmexit(env, type, param);
506 case SVM_EXIT_READ_DR0 ... SVM_EXIT_READ_DR0 + 7:
507 if (env->intercept_dr_read & (1 << (type - SVM_EXIT_READ_DR0))) {
508 helper_vmexit(env, type, param);
511 case SVM_EXIT_WRITE_DR0 ... SVM_EXIT_WRITE_DR0 + 7:
512 if (env->intercept_dr_write & (1 << (type - SVM_EXIT_WRITE_DR0))) {
513 helper_vmexit(env, type, param);
516 case SVM_EXIT_EXCP_BASE ... SVM_EXIT_EXCP_BASE + 31:
517 if (env->intercept_exceptions & (1 << (type - SVM_EXIT_EXCP_BASE))) {
518 helper_vmexit(env, type, param);
522 if (env->intercept & (1ULL << (SVM_EXIT_MSR - SVM_EXIT_INTR))) {
523 /* FIXME: this should be read in at vmrun (faster this way?) */
524 uint64_t addr = ldq_phys(cs->as, env->vm_vmcb +
525 offsetof(struct vmcb,
526 control.msrpm_base_pa));
529 switch ((uint32_t)env->regs[R_ECX]) {
531 t0 = (env->regs[R_ECX] * 2) % 8;
532 t1 = (env->regs[R_ECX] * 2) / 8;
534 case 0xc0000000 ... 0xc0001fff:
535 t0 = (8192 + env->regs[R_ECX] - 0xc0000000) * 2;
539 case 0xc0010000 ... 0xc0011fff:
540 t0 = (16384 + env->regs[R_ECX] - 0xc0010000) * 2;
545 helper_vmexit(env, type, param);
550 if (ldub_phys(cs->as, addr + t1) & ((1 << param) << t0)) {
551 helper_vmexit(env, type, param);
556 if (env->intercept & (1ULL << (type - SVM_EXIT_INTR))) {
557 helper_vmexit(env, type, param);
563 void cpu_svm_check_intercept_param(CPUX86State *env, uint32_t type,
566 helper_svm_check_intercept_param(env, type, param);
569 void helper_svm_check_io(CPUX86State *env, uint32_t port, uint32_t param,
570 uint32_t next_eip_addend)
572 CPUState *cs = CPU(x86_env_get_cpu(env));
574 if (env->intercept & (1ULL << (SVM_EXIT_IOIO - SVM_EXIT_INTR))) {
575 /* FIXME: this should be read in at vmrun (faster this way?) */
576 uint64_t addr = ldq_phys(cs->as, env->vm_vmcb +
577 offsetof(struct vmcb, control.iopm_base_pa));
578 uint16_t mask = (1 << ((param >> 4) & 7)) - 1;
580 if (lduw_phys(cs->as, addr + port / 8) & (mask << (port & 7))) {
583 env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2),
584 env->eip + next_eip_addend);
585 helper_vmexit(env, SVM_EXIT_IOIO, param | (port << 16));
590 /* Note: currently only 32 bits of exit_code are used */
591 void helper_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1)
593 CPUState *cs = CPU(x86_env_get_cpu(env));
596 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmexit(%08x, %016" PRIx64 ", %016"
597 PRIx64 ", " TARGET_FMT_lx ")!\n",
598 exit_code, exit_info_1,
599 ldq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
600 control.exit_info_2)),
603 if (env->hflags & HF_INHIBIT_IRQ_MASK) {
605 env->vm_vmcb + offsetof(struct vmcb, control.int_state),
606 SVM_INTERRUPT_SHADOW_MASK);
607 env->hflags &= ~HF_INHIBIT_IRQ_MASK;
610 env->vm_vmcb + offsetof(struct vmcb, control.int_state), 0);
613 /* Save the VM state in the vmcb */
614 svm_save_seg(env, env->vm_vmcb + offsetof(struct vmcb, save.es),
616 svm_save_seg(env, env->vm_vmcb + offsetof(struct vmcb, save.cs),
618 svm_save_seg(env, env->vm_vmcb + offsetof(struct vmcb, save.ss),
620 svm_save_seg(env, env->vm_vmcb + offsetof(struct vmcb, save.ds),
623 stq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base),
625 stl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit),
628 stq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.idtr.base),
630 stl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit),
634 env->vm_vmcb + offsetof(struct vmcb, save.efer), env->efer);
636 env->vm_vmcb + offsetof(struct vmcb, save.cr0), env->cr[0]);
638 env->vm_vmcb + offsetof(struct vmcb, save.cr2), env->cr[2]);
640 env->vm_vmcb + offsetof(struct vmcb, save.cr3), env->cr[3]);
642 env->vm_vmcb + offsetof(struct vmcb, save.cr4), env->cr[4]);
644 int_ctl = ldl_phys(cs->as,
645 env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
646 int_ctl &= ~(V_TPR_MASK | V_IRQ_MASK);
647 int_ctl |= env->v_tpr & V_TPR_MASK;
648 if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
649 int_ctl |= V_IRQ_MASK;
652 env->vm_vmcb + offsetof(struct vmcb, control.int_ctl), int_ctl);
654 stq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.rflags),
655 cpu_compute_eflags(env));
656 stq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.rip),
659 env->vm_vmcb + offsetof(struct vmcb, save.rsp), env->regs[R_ESP]);
661 env->vm_vmcb + offsetof(struct vmcb, save.rax), env->regs[R_EAX]);
663 env->vm_vmcb + offsetof(struct vmcb, save.dr7), env->dr[7]);
665 env->vm_vmcb + offsetof(struct vmcb, save.dr6), env->dr[6]);
666 stb_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, save.cpl),
667 env->hflags & HF_CPL_MASK);
669 /* Reload the host state from vm_hsave */
670 env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
671 env->hflags &= ~HF_SVMI_MASK;
673 env->intercept_exceptions = 0;
674 cs->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
677 env->gdt.base = ldq_phys(cs->as, env->vm_hsave + offsetof(struct vmcb,
679 env->gdt.limit = ldl_phys(cs->as, env->vm_hsave + offsetof(struct vmcb,
682 env->idt.base = ldq_phys(cs->as, env->vm_hsave + offsetof(struct vmcb,
684 env->idt.limit = ldl_phys(cs->as, env->vm_hsave + offsetof(struct vmcb,
687 cpu_x86_update_cr0(env, ldq_phys(cs->as,
688 env->vm_hsave + offsetof(struct vmcb,
691 cpu_x86_update_cr4(env, ldq_phys(cs->as,
692 env->vm_hsave + offsetof(struct vmcb,
694 cpu_x86_update_cr3(env, ldq_phys(cs->as,
695 env->vm_hsave + offsetof(struct vmcb,
697 /* we need to set the efer after the crs so the hidden flags get
699 cpu_load_efer(env, ldq_phys(cs->as, env->vm_hsave + offsetof(struct vmcb,
702 cpu_load_eflags(env, ldq_phys(cs->as,
703 env->vm_hsave + offsetof(struct vmcb,
705 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
706 CC_OP = CC_OP_EFLAGS;
708 svm_load_seg_cache(env, env->vm_hsave + offsetof(struct vmcb, save.es),
710 svm_load_seg_cache(env, env->vm_hsave + offsetof(struct vmcb, save.cs),
712 svm_load_seg_cache(env, env->vm_hsave + offsetof(struct vmcb, save.ss),
714 svm_load_seg_cache(env, env->vm_hsave + offsetof(struct vmcb, save.ds),
717 env->eip = ldq_phys(cs->as,
718 env->vm_hsave + offsetof(struct vmcb, save.rip));
719 env->regs[R_ESP] = ldq_phys(cs->as, env->vm_hsave +
720 offsetof(struct vmcb, save.rsp));
721 env->regs[R_EAX] = ldq_phys(cs->as, env->vm_hsave +
722 offsetof(struct vmcb, save.rax));
724 env->dr[6] = ldq_phys(cs->as,
725 env->vm_hsave + offsetof(struct vmcb, save.dr6));
726 env->dr[7] = ldq_phys(cs->as,
727 env->vm_hsave + offsetof(struct vmcb, save.dr7));
730 cpu_x86_set_cpl(env, 0);
731 stq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, control.exit_code),
733 stq_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb, control.exit_info_1),
737 env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info),
738 ldl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
739 control.event_inj)));
741 env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info_err),
742 ldl_phys(cs->as, env->vm_vmcb + offsetof(struct vmcb,
743 control.event_inj_err)));
745 env->vm_vmcb + offsetof(struct vmcb, control.event_inj), 0);
747 env->hflags2 &= ~HF2_GIF_MASK;
748 /* FIXME: Resets the current ASID register to zero (host ASID). */
750 /* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */
752 /* Clears the TSC_OFFSET inside the processor. */
754 /* If the host is in PAE mode, the processor reloads the host's PDPEs
755 from the page table indicated the host's CR3. If the PDPEs contain
756 illegal state, the processor causes a shutdown. */
758 /* Forces CR0.PE = 1, RFLAGS.VM = 0. */
759 env->cr[0] |= CR0_PE_MASK;
760 env->eflags &= ~VM_MASK;
762 /* Disables all breakpoints in the host DR7 register. */
764 /* Checks the reloaded host state for consistency. */
766 /* If the host's rIP reloaded by #VMEXIT is outside the limit of the
767 host's code segment or non-canonical (in the case of long mode), a
768 #GP fault is delivered inside the host. */
770 /* remove any pending exception */
771 env->exception_index = -1;
773 env->old_exception = -1;
778 void cpu_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1)
780 helper_vmexit(env, exit_code, exit_info_1);
projects / qemu.git / blob