4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #define CPU_NO_GLOBAL_REGS
22 #include "host-utils.h"
29 # define LOG_PCALL(...) qemu_log_mask(CPU_LOG_PCALL, ## __VA_ARGS__)
30 # define LOG_PCALL_STATE(env) \
31 log_cpu_state_mask(CPU_LOG_PCALL, (env), X86_DUMP_CCOP)
33 # define LOG_PCALL(...) do { } while (0)
34 # define LOG_PCALL_STATE(env) do { } while (0)
39 #define raise_exception_err(a, b)\
41 qemu_log("raise_exception line=%d\n", __LINE__);\
42 (raise_exception_err)(a, b);\
46 static const uint8_t parity_table[256] = {
47 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
48 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
49 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
50 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
51 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
52 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
53 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
54 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
55 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
56 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
57 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
58 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
59 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
60 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
61 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
62 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
63 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
64 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
65 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
66 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
67 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
68 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
69 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
70 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
71 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
72 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
73 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
74 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
75 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
76 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
77 CC_P, 0, 0, CC_P, 0, CC_P, CC_P, 0,
78 0, CC_P, CC_P, 0, CC_P, 0, 0, CC_P,
82 static const uint8_t rclw_table[32] = {
83 0, 1, 2, 3, 4, 5, 6, 7,
84 8, 9,10,11,12,13,14,15,
85 16, 0, 1, 2, 3, 4, 5, 6,
86 7, 8, 9,10,11,12,13,14,
90 static const uint8_t rclb_table[32] = {
91 0, 1, 2, 3, 4, 5, 6, 7,
92 8, 0, 1, 2, 3, 4, 5, 6,
93 7, 8, 0, 1, 2, 3, 4, 5,
94 6, 7, 8, 0, 1, 2, 3, 4,
97 static const CPU86_LDouble f15rk[7] =
99 0.00000000000000000000L,
100 1.00000000000000000000L,
101 3.14159265358979323851L, /*pi*/
102 0.30102999566398119523L, /*lg2*/
103 0.69314718055994530943L, /*ln2*/
104 1.44269504088896340739L, /*l2e*/
105 3.32192809488736234781L, /*l2t*/
108 /* broken thread support */
110 static spinlock_t global_cpu_lock = SPIN_LOCK_UNLOCKED;
112 void helper_lock(void)
114 spin_lock(&global_cpu_lock);
117 void helper_unlock(void)
119 spin_unlock(&global_cpu_lock);
122 void helper_write_eflags(target_ulong t0, uint32_t update_mask)
124 load_eflags(t0, update_mask);
127 target_ulong helper_read_eflags(void)
130 eflags = helper_cc_compute_all(CC_OP);
131 eflags |= (DF & DF_MASK);
132 eflags |= env->eflags & ~(VM_MASK | RF_MASK);
136 /* return non zero if error */
137 static inline int load_segment(uint32_t *e1_ptr, uint32_t *e2_ptr,
148 index = selector & ~7;
149 if ((index + 7) > dt->limit)
151 ptr = dt->base + index;
152 *e1_ptr = ldl_kernel(ptr);
153 *e2_ptr = ldl_kernel(ptr + 4);
157 static inline unsigned int get_seg_limit(uint32_t e1, uint32_t e2)
160 limit = (e1 & 0xffff) | (e2 & 0x000f0000);
161 if (e2 & DESC_G_MASK)
162 limit = (limit << 12) | 0xfff;
166 static inline uint32_t get_seg_base(uint32_t e1, uint32_t e2)
168 return ((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
171 static inline void load_seg_cache_raw_dt(SegmentCache *sc, uint32_t e1, uint32_t e2)
173 sc->base = get_seg_base(e1, e2);
174 sc->limit = get_seg_limit(e1, e2);
178 /* init the segment cache in vm86 mode. */
179 static inline void load_seg_vm(int seg, int selector)
182 cpu_x86_load_seg_cache(env, seg, selector,
183 (selector << 4), 0xffff, 0);
186 static inline void get_ss_esp_from_tss(uint32_t *ss_ptr,
187 uint32_t *esp_ptr, int dpl)
189 int type, index, shift;
194 printf("TR: base=%p limit=%x\n", env->tr.base, env->tr.limit);
195 for(i=0;i<env->tr.limit;i++) {
196 printf("%02x ", env->tr.base[i]);
197 if ((i & 7) == 7) printf("\n");
203 if (!(env->tr.flags & DESC_P_MASK))
204 cpu_abort(env, "invalid tss");
205 type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
207 cpu_abort(env, "invalid tss type");
209 index = (dpl * 4 + 2) << shift;
210 if (index + (4 << shift) - 1 > env->tr.limit)
211 raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
213 *esp_ptr = lduw_kernel(env->tr.base + index);
214 *ss_ptr = lduw_kernel(env->tr.base + index + 2);
216 *esp_ptr = ldl_kernel(env->tr.base + index);
217 *ss_ptr = lduw_kernel(env->tr.base + index + 4);
221 /* XXX: merge with load_seg() */
222 static void tss_load_seg(int seg_reg, int selector)
227 if ((selector & 0xfffc) != 0) {
228 if (load_segment(&e1, &e2, selector) != 0)
229 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
230 if (!(e2 & DESC_S_MASK))
231 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
233 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
234 cpl = env->hflags & HF_CPL_MASK;
235 if (seg_reg == R_CS) {
236 if (!(e2 & DESC_CS_MASK))
237 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
238 /* XXX: is it correct ? */
240 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
241 if ((e2 & DESC_C_MASK) && dpl > rpl)
242 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
243 } else if (seg_reg == R_SS) {
244 /* SS must be writable data */
245 if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK))
246 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
247 if (dpl != cpl || dpl != rpl)
248 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
250 /* not readable code */
251 if ((e2 & DESC_CS_MASK) && !(e2 & DESC_R_MASK))
252 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
253 /* if data or non conforming code, checks the rights */
254 if (((e2 >> DESC_TYPE_SHIFT) & 0xf) < 12) {
255 if (dpl < cpl || dpl < rpl)
256 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
259 if (!(e2 & DESC_P_MASK))
260 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
261 cpu_x86_load_seg_cache(env, seg_reg, selector,
262 get_seg_base(e1, e2),
263 get_seg_limit(e1, e2),
266 if (seg_reg == R_SS || seg_reg == R_CS)
267 raise_exception_err(EXCP0A_TSS, selector & 0xfffc);
271 #define SWITCH_TSS_JMP 0
272 #define SWITCH_TSS_IRET 1
273 #define SWITCH_TSS_CALL 2
275 /* XXX: restore CPU state in registers (PowerPC case) */
276 static void switch_tss(int tss_selector,
277 uint32_t e1, uint32_t e2, int source,
280 int tss_limit, tss_limit_max, type, old_tss_limit_max, old_type, v1, v2, i;
281 target_ulong tss_base;
282 uint32_t new_regs[8], new_segs[6];
283 uint32_t new_eflags, new_eip, new_cr3, new_ldt, new_trap;
284 uint32_t old_eflags, eflags_mask;
289 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
290 LOG_PCALL("switch_tss: sel=0x%04x type=%d src=%d\n", tss_selector, type, source);
292 /* if task gate, we read the TSS segment and we load it */
294 if (!(e2 & DESC_P_MASK))
295 raise_exception_err(EXCP0B_NOSEG, tss_selector & 0xfffc);
296 tss_selector = e1 >> 16;
297 if (tss_selector & 4)
298 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
299 if (load_segment(&e1, &e2, tss_selector) != 0)
300 raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
301 if (e2 & DESC_S_MASK)
302 raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
303 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
305 raise_exception_err(EXCP0D_GPF, tss_selector & 0xfffc);
308 if (!(e2 & DESC_P_MASK))
309 raise_exception_err(EXCP0B_NOSEG, tss_selector & 0xfffc);
315 tss_limit = get_seg_limit(e1, e2);
316 tss_base = get_seg_base(e1, e2);
317 if ((tss_selector & 4) != 0 ||
318 tss_limit < tss_limit_max)
319 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
320 old_type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
322 old_tss_limit_max = 103;
324 old_tss_limit_max = 43;
326 /* read all the registers from the new TSS */
329 new_cr3 = ldl_kernel(tss_base + 0x1c);
330 new_eip = ldl_kernel(tss_base + 0x20);
331 new_eflags = ldl_kernel(tss_base + 0x24);
332 for(i = 0; i < 8; i++)
333 new_regs[i] = ldl_kernel(tss_base + (0x28 + i * 4));
334 for(i = 0; i < 6; i++)
335 new_segs[i] = lduw_kernel(tss_base + (0x48 + i * 4));
336 new_ldt = lduw_kernel(tss_base + 0x60);
337 new_trap = ldl_kernel(tss_base + 0x64);
341 new_eip = lduw_kernel(tss_base + 0x0e);
342 new_eflags = lduw_kernel(tss_base + 0x10);
343 for(i = 0; i < 8; i++)
344 new_regs[i] = lduw_kernel(tss_base + (0x12 + i * 2)) | 0xffff0000;
345 for(i = 0; i < 4; i++)
346 new_segs[i] = lduw_kernel(tss_base + (0x22 + i * 4));
347 new_ldt = lduw_kernel(tss_base + 0x2a);
353 /* NOTE: we must avoid memory exceptions during the task switch,
354 so we make dummy accesses before */
355 /* XXX: it can still fail in some cases, so a bigger hack is
356 necessary to valid the TLB after having done the accesses */
358 v1 = ldub_kernel(env->tr.base);
359 v2 = ldub_kernel(env->tr.base + old_tss_limit_max);
360 stb_kernel(env->tr.base, v1);
361 stb_kernel(env->tr.base + old_tss_limit_max, v2);
363 /* clear busy bit (it is restartable) */
364 if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_IRET) {
367 ptr = env->gdt.base + (env->tr.selector & ~7);
368 e2 = ldl_kernel(ptr + 4);
369 e2 &= ~DESC_TSS_BUSY_MASK;
370 stl_kernel(ptr + 4, e2);
372 old_eflags = compute_eflags();
373 if (source == SWITCH_TSS_IRET)
374 old_eflags &= ~NT_MASK;
376 /* save the current state in the old TSS */
379 stl_kernel(env->tr.base + 0x20, next_eip);
380 stl_kernel(env->tr.base + 0x24, old_eflags);
381 stl_kernel(env->tr.base + (0x28 + 0 * 4), EAX);
382 stl_kernel(env->tr.base + (0x28 + 1 * 4), ECX);
383 stl_kernel(env->tr.base + (0x28 + 2 * 4), EDX);
384 stl_kernel(env->tr.base + (0x28 + 3 * 4), EBX);
385 stl_kernel(env->tr.base + (0x28 + 4 * 4), ESP);
386 stl_kernel(env->tr.base + (0x28 + 5 * 4), EBP);
387 stl_kernel(env->tr.base + (0x28 + 6 * 4), ESI);
388 stl_kernel(env->tr.base + (0x28 + 7 * 4), EDI);
389 for(i = 0; i < 6; i++)
390 stw_kernel(env->tr.base + (0x48 + i * 4), env->segs[i].selector);
393 stw_kernel(env->tr.base + 0x0e, next_eip);
394 stw_kernel(env->tr.base + 0x10, old_eflags);
395 stw_kernel(env->tr.base + (0x12 + 0 * 2), EAX);
396 stw_kernel(env->tr.base + (0x12 + 1 * 2), ECX);
397 stw_kernel(env->tr.base + (0x12 + 2 * 2), EDX);
398 stw_kernel(env->tr.base + (0x12 + 3 * 2), EBX);
399 stw_kernel(env->tr.base + (0x12 + 4 * 2), ESP);
400 stw_kernel(env->tr.base + (0x12 + 5 * 2), EBP);
401 stw_kernel(env->tr.base + (0x12 + 6 * 2), ESI);
402 stw_kernel(env->tr.base + (0x12 + 7 * 2), EDI);
403 for(i = 0; i < 4; i++)
404 stw_kernel(env->tr.base + (0x22 + i * 4), env->segs[i].selector);
407 /* now if an exception occurs, it will occurs in the next task
410 if (source == SWITCH_TSS_CALL) {
411 stw_kernel(tss_base, env->tr.selector);
412 new_eflags |= NT_MASK;
416 if (source == SWITCH_TSS_JMP || source == SWITCH_TSS_CALL) {
419 ptr = env->gdt.base + (tss_selector & ~7);
420 e2 = ldl_kernel(ptr + 4);
421 e2 |= DESC_TSS_BUSY_MASK;
422 stl_kernel(ptr + 4, e2);
425 /* set the new CPU state */
426 /* from this point, any exception which occurs can give problems */
427 env->cr[0] |= CR0_TS_MASK;
428 env->hflags |= HF_TS_MASK;
429 env->tr.selector = tss_selector;
430 env->tr.base = tss_base;
431 env->tr.limit = tss_limit;
432 env->tr.flags = e2 & ~DESC_TSS_BUSY_MASK;
434 if ((type & 8) && (env->cr[0] & CR0_PG_MASK)) {
435 cpu_x86_update_cr3(env, new_cr3);
438 /* load all registers without an exception, then reload them with
439 possible exception */
441 eflags_mask = TF_MASK | AC_MASK | ID_MASK |
442 IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK;
444 eflags_mask &= 0xffff;
445 load_eflags(new_eflags, eflags_mask);
446 /* XXX: what to do in 16 bit case ? */
455 if (new_eflags & VM_MASK) {
456 for(i = 0; i < 6; i++)
457 load_seg_vm(i, new_segs[i]);
458 /* in vm86, CPL is always 3 */
459 cpu_x86_set_cpl(env, 3);
461 /* CPL is set the RPL of CS */
462 cpu_x86_set_cpl(env, new_segs[R_CS] & 3);
463 /* first just selectors as the rest may trigger exceptions */
464 for(i = 0; i < 6; i++)
465 cpu_x86_load_seg_cache(env, i, new_segs[i], 0, 0, 0);
468 env->ldt.selector = new_ldt & ~4;
475 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
477 if ((new_ldt & 0xfffc) != 0) {
479 index = new_ldt & ~7;
480 if ((index + 7) > dt->limit)
481 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
482 ptr = dt->base + index;
483 e1 = ldl_kernel(ptr);
484 e2 = ldl_kernel(ptr + 4);
485 if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2)
486 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
487 if (!(e2 & DESC_P_MASK))
488 raise_exception_err(EXCP0A_TSS, new_ldt & 0xfffc);
489 load_seg_cache_raw_dt(&env->ldt, e1, e2);
492 /* load the segments */
493 if (!(new_eflags & VM_MASK)) {
494 tss_load_seg(R_CS, new_segs[R_CS]);
495 tss_load_seg(R_SS, new_segs[R_SS]);
496 tss_load_seg(R_ES, new_segs[R_ES]);
497 tss_load_seg(R_DS, new_segs[R_DS]);
498 tss_load_seg(R_FS, new_segs[R_FS]);
499 tss_load_seg(R_GS, new_segs[R_GS]);
502 /* check that EIP is in the CS segment limits */
503 if (new_eip > env->segs[R_CS].limit) {
504 /* XXX: different exception if CALL ? */
505 raise_exception_err(EXCP0D_GPF, 0);
508 #ifndef CONFIG_USER_ONLY
509 /* reset local breakpoints */
510 if (env->dr[7] & 0x55) {
511 for (i = 0; i < 4; i++) {
512 if (hw_breakpoint_enabled(env->dr[7], i) == 0x1)
513 hw_breakpoint_remove(env, i);
520 /* check if Port I/O is allowed in TSS */
521 static inline void check_io(int addr, int size)
523 int io_offset, val, mask;
525 /* TSS must be a valid 32 bit one */
526 if (!(env->tr.flags & DESC_P_MASK) ||
527 ((env->tr.flags >> DESC_TYPE_SHIFT) & 0xf) != 9 ||
530 io_offset = lduw_kernel(env->tr.base + 0x66);
531 io_offset += (addr >> 3);
532 /* Note: the check needs two bytes */
533 if ((io_offset + 1) > env->tr.limit)
535 val = lduw_kernel(env->tr.base + io_offset);
537 mask = (1 << size) - 1;
538 /* all bits must be zero to allow the I/O */
539 if ((val & mask) != 0) {
541 raise_exception_err(EXCP0D_GPF, 0);
545 void helper_check_iob(uint32_t t0)
550 void helper_check_iow(uint32_t t0)
555 void helper_check_iol(uint32_t t0)
560 void helper_outb(uint32_t port, uint32_t data)
562 cpu_outb(port, data & 0xff);
565 target_ulong helper_inb(uint32_t port)
567 return cpu_inb(port);
570 void helper_outw(uint32_t port, uint32_t data)
572 cpu_outw(port, data & 0xffff);
575 target_ulong helper_inw(uint32_t port)
577 return cpu_inw(port);
580 void helper_outl(uint32_t port, uint32_t data)
582 cpu_outl(port, data);
585 target_ulong helper_inl(uint32_t port)
587 return cpu_inl(port);
590 static inline unsigned int get_sp_mask(unsigned int e2)
592 if (e2 & DESC_B_MASK)
598 static int exeption_has_error_code(int intno)
614 #define SET_ESP(val, sp_mask)\
616 if ((sp_mask) == 0xffff)\
617 ESP = (ESP & ~0xffff) | ((val) & 0xffff);\
618 else if ((sp_mask) == 0xffffffffLL)\
619 ESP = (uint32_t)(val);\
624 #define SET_ESP(val, sp_mask) ESP = (ESP & ~(sp_mask)) | ((val) & (sp_mask))
627 /* in 64-bit machines, this can overflow. So this segment addition macro
628 * can be used to trim the value to 32-bit whenever needed */
629 #define SEG_ADDL(ssp, sp, sp_mask) ((uint32_t)((ssp) + (sp & (sp_mask))))
631 /* XXX: add a is_user flag to have proper security support */
632 #define PUSHW(ssp, sp, sp_mask, val)\
635 stw_kernel((ssp) + (sp & (sp_mask)), (val));\
638 #define PUSHL(ssp, sp, sp_mask, val)\
641 stl_kernel(SEG_ADDL(ssp, sp, sp_mask), (uint32_t)(val));\
644 #define POPW(ssp, sp, sp_mask, val)\
646 val = lduw_kernel((ssp) + (sp & (sp_mask)));\
650 #define POPL(ssp, sp, sp_mask, val)\
652 val = (uint32_t)ldl_kernel(SEG_ADDL(ssp, sp, sp_mask));\
656 /* protected mode interrupt */
657 static void do_interrupt_protected(int intno, int is_int, int error_code,
658 unsigned int next_eip, int is_hw)
661 target_ulong ptr, ssp;
662 int type, dpl, selector, ss_dpl, cpl;
663 int has_error_code, new_stack, shift;
664 uint32_t e1, e2, offset, ss = 0, esp, ss_e1 = 0, ss_e2 = 0;
665 uint32_t old_eip, sp_mask;
668 if (!is_int && !is_hw)
669 has_error_code = exeption_has_error_code(intno);
676 if (intno * 8 + 7 > dt->limit)
677 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
678 ptr = dt->base + intno * 8;
679 e1 = ldl_kernel(ptr);
680 e2 = ldl_kernel(ptr + 4);
681 /* check gate type */
682 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
684 case 5: /* task gate */
685 /* must do that check here to return the correct error code */
686 if (!(e2 & DESC_P_MASK))
687 raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
688 switch_tss(intno * 8, e1, e2, SWITCH_TSS_CALL, old_eip);
689 if (has_error_code) {
692 /* push the error code */
693 type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
695 if (env->segs[R_SS].flags & DESC_B_MASK)
699 esp = (ESP - (2 << shift)) & mask;
700 ssp = env->segs[R_SS].base + esp;
702 stl_kernel(ssp, error_code);
704 stw_kernel(ssp, error_code);
708 case 6: /* 286 interrupt gate */
709 case 7: /* 286 trap gate */
710 case 14: /* 386 interrupt gate */
711 case 15: /* 386 trap gate */
714 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
717 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
718 cpl = env->hflags & HF_CPL_MASK;
719 /* check privilege if software int */
720 if (is_int && dpl < cpl)
721 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
722 /* check valid bit */
723 if (!(e2 & DESC_P_MASK))
724 raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
726 offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
727 if ((selector & 0xfffc) == 0)
728 raise_exception_err(EXCP0D_GPF, 0);
730 if (load_segment(&e1, &e2, selector) != 0)
731 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
732 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
733 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
734 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
736 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
737 if (!(e2 & DESC_P_MASK))
738 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
739 if (!(e2 & DESC_C_MASK) && dpl < cpl) {
740 /* to inner privilege */
741 get_ss_esp_from_tss(&ss, &esp, dpl);
742 if ((ss & 0xfffc) == 0)
743 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
745 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
746 if (load_segment(&ss_e1, &ss_e2, ss) != 0)
747 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
748 ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
750 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
751 if (!(ss_e2 & DESC_S_MASK) ||
752 (ss_e2 & DESC_CS_MASK) ||
753 !(ss_e2 & DESC_W_MASK))
754 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
755 if (!(ss_e2 & DESC_P_MASK))
756 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
758 sp_mask = get_sp_mask(ss_e2);
759 ssp = get_seg_base(ss_e1, ss_e2);
760 } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
761 /* to same privilege */
762 if (env->eflags & VM_MASK)
763 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
765 sp_mask = get_sp_mask(env->segs[R_SS].flags);
766 ssp = env->segs[R_SS].base;
770 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
771 new_stack = 0; /* avoid warning */
772 sp_mask = 0; /* avoid warning */
773 ssp = 0; /* avoid warning */
774 esp = 0; /* avoid warning */
780 /* XXX: check that enough room is available */
781 push_size = 6 + (new_stack << 2) + (has_error_code << 1);
782 if (env->eflags & VM_MASK)
788 if (env->eflags & VM_MASK) {
789 PUSHL(ssp, esp, sp_mask, env->segs[R_GS].selector);
790 PUSHL(ssp, esp, sp_mask, env->segs[R_FS].selector);
791 PUSHL(ssp, esp, sp_mask, env->segs[R_DS].selector);
792 PUSHL(ssp, esp, sp_mask, env->segs[R_ES].selector);
794 PUSHL(ssp, esp, sp_mask, env->segs[R_SS].selector);
795 PUSHL(ssp, esp, sp_mask, ESP);
797 PUSHL(ssp, esp, sp_mask, compute_eflags());
798 PUSHL(ssp, esp, sp_mask, env->segs[R_CS].selector);
799 PUSHL(ssp, esp, sp_mask, old_eip);
800 if (has_error_code) {
801 PUSHL(ssp, esp, sp_mask, error_code);
805 if (env->eflags & VM_MASK) {
806 PUSHW(ssp, esp, sp_mask, env->segs[R_GS].selector);
807 PUSHW(ssp, esp, sp_mask, env->segs[R_FS].selector);
808 PUSHW(ssp, esp, sp_mask, env->segs[R_DS].selector);
809 PUSHW(ssp, esp, sp_mask, env->segs[R_ES].selector);
811 PUSHW(ssp, esp, sp_mask, env->segs[R_SS].selector);
812 PUSHW(ssp, esp, sp_mask, ESP);
814 PUSHW(ssp, esp, sp_mask, compute_eflags());
815 PUSHW(ssp, esp, sp_mask, env->segs[R_CS].selector);
816 PUSHW(ssp, esp, sp_mask, old_eip);
817 if (has_error_code) {
818 PUSHW(ssp, esp, sp_mask, error_code);
823 if (env->eflags & VM_MASK) {
824 cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0, 0);
825 cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0, 0);
826 cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0, 0);
827 cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0, 0);
829 ss = (ss & ~3) | dpl;
830 cpu_x86_load_seg_cache(env, R_SS, ss,
831 ssp, get_seg_limit(ss_e1, ss_e2), ss_e2);
833 SET_ESP(esp, sp_mask);
835 selector = (selector & ~3) | dpl;
836 cpu_x86_load_seg_cache(env, R_CS, selector,
837 get_seg_base(e1, e2),
838 get_seg_limit(e1, e2),
840 cpu_x86_set_cpl(env, dpl);
843 /* interrupt gate clear IF mask */
844 if ((type & 1) == 0) {
845 env->eflags &= ~IF_MASK;
847 env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
852 #define PUSHQ(sp, val)\
855 stq_kernel(sp, (val));\
858 #define POPQ(sp, val)\
860 val = ldq_kernel(sp);\
864 static inline target_ulong get_rsp_from_tss(int level)
869 printf("TR: base=" TARGET_FMT_lx " limit=%x\n",
870 env->tr.base, env->tr.limit);
873 if (!(env->tr.flags & DESC_P_MASK))
874 cpu_abort(env, "invalid tss");
875 index = 8 * level + 4;
876 if ((index + 7) > env->tr.limit)
877 raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
878 return ldq_kernel(env->tr.base + index);
881 /* 64 bit interrupt */
882 static void do_interrupt64(int intno, int is_int, int error_code,
883 target_ulong next_eip, int is_hw)
887 int type, dpl, selector, cpl, ist;
888 int has_error_code, new_stack;
889 uint32_t e1, e2, e3, ss;
890 target_ulong old_eip, esp, offset;
893 if (!is_int && !is_hw)
894 has_error_code = exeption_has_error_code(intno);
901 if (intno * 16 + 15 > dt->limit)
902 raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
903 ptr = dt->base + intno * 16;
904 e1 = ldl_kernel(ptr);
905 e2 = ldl_kernel(ptr + 4);
906 e3 = ldl_kernel(ptr + 8);
907 /* check gate type */
908 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
910 case 14: /* 386 interrupt gate */
911 case 15: /* 386 trap gate */
914 raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
917 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
918 cpl = env->hflags & HF_CPL_MASK;
919 /* check privilege if software int */
920 if (is_int && dpl < cpl)
921 raise_exception_err(EXCP0D_GPF, intno * 16 + 2);
922 /* check valid bit */
923 if (!(e2 & DESC_P_MASK))
924 raise_exception_err(EXCP0B_NOSEG, intno * 16 + 2);
926 offset = ((target_ulong)e3 << 32) | (e2 & 0xffff0000) | (e1 & 0x0000ffff);
928 if ((selector & 0xfffc) == 0)
929 raise_exception_err(EXCP0D_GPF, 0);
931 if (load_segment(&e1, &e2, selector) != 0)
932 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
933 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
934 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
935 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
937 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
938 if (!(e2 & DESC_P_MASK))
939 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
940 if (!(e2 & DESC_L_MASK) || (e2 & DESC_B_MASK))
941 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
942 if ((!(e2 & DESC_C_MASK) && dpl < cpl) || ist != 0) {
943 /* to inner privilege */
945 esp = get_rsp_from_tss(ist + 3);
947 esp = get_rsp_from_tss(dpl);
948 esp &= ~0xfLL; /* align stack */
951 } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
952 /* to same privilege */
953 if (env->eflags & VM_MASK)
954 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
957 esp = get_rsp_from_tss(ist + 3);
960 esp &= ~0xfLL; /* align stack */
963 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
964 new_stack = 0; /* avoid warning */
965 esp = 0; /* avoid warning */
968 PUSHQ(esp, env->segs[R_SS].selector);
970 PUSHQ(esp, compute_eflags());
971 PUSHQ(esp, env->segs[R_CS].selector);
973 if (has_error_code) {
974 PUSHQ(esp, error_code);
979 cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, 0);
983 selector = (selector & ~3) | dpl;
984 cpu_x86_load_seg_cache(env, R_CS, selector,
985 get_seg_base(e1, e2),
986 get_seg_limit(e1, e2),
988 cpu_x86_set_cpl(env, dpl);
991 /* interrupt gate clear IF mask */
992 if ((type & 1) == 0) {
993 env->eflags &= ~IF_MASK;
995 env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
1000 #if defined(CONFIG_USER_ONLY)
1001 void helper_syscall(int next_eip_addend)
1003 env->exception_index = EXCP_SYSCALL;
1004 env->exception_next_eip = env->eip + next_eip_addend;
1008 void helper_syscall(int next_eip_addend)
1012 if (!(env->efer & MSR_EFER_SCE)) {
1013 raise_exception_err(EXCP06_ILLOP, 0);
1015 selector = (env->star >> 32) & 0xffff;
1016 if (env->hflags & HF_LMA_MASK) {
1019 ECX = env->eip + next_eip_addend;
1020 env->regs[11] = compute_eflags();
1022 code64 = env->hflags & HF_CS64_MASK;
1024 cpu_x86_set_cpl(env, 0);
1025 cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
1027 DESC_G_MASK | DESC_P_MASK |
1029 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
1030 cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
1032 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1034 DESC_W_MASK | DESC_A_MASK);
1035 env->eflags &= ~env->fmask;
1036 load_eflags(env->eflags, 0);
1038 env->eip = env->lstar;
1040 env->eip = env->cstar;
1042 ECX = (uint32_t)(env->eip + next_eip_addend);
1044 cpu_x86_set_cpl(env, 0);
1045 cpu_x86_load_seg_cache(env, R_CS, selector & 0xfffc,
1047 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1049 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1050 cpu_x86_load_seg_cache(env, R_SS, (selector + 8) & 0xfffc,
1052 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1054 DESC_W_MASK | DESC_A_MASK);
1055 env->eflags &= ~(IF_MASK | RF_MASK | VM_MASK);
1056 env->eip = (uint32_t)env->star;
1062 #ifdef TARGET_X86_64
1063 void helper_sysret(int dflag)
1067 if (!(env->efer & MSR_EFER_SCE)) {
1068 raise_exception_err(EXCP06_ILLOP, 0);
1070 cpl = env->hflags & HF_CPL_MASK;
1071 if (!(env->cr[0] & CR0_PE_MASK) || cpl != 0) {
1072 raise_exception_err(EXCP0D_GPF, 0);
1074 selector = (env->star >> 48) & 0xffff;
1075 if (env->hflags & HF_LMA_MASK) {
1077 cpu_x86_load_seg_cache(env, R_CS, (selector + 16) | 3,
1079 DESC_G_MASK | DESC_P_MASK |
1080 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1081 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK |
1085 cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1087 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1088 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1089 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1090 env->eip = (uint32_t)ECX;
1092 cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1094 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1095 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1096 DESC_W_MASK | DESC_A_MASK);
1097 load_eflags((uint32_t)(env->regs[11]), TF_MASK | AC_MASK | ID_MASK |
1098 IF_MASK | IOPL_MASK | VM_MASK | RF_MASK | NT_MASK);
1099 cpu_x86_set_cpl(env, 3);
1101 cpu_x86_load_seg_cache(env, R_CS, selector | 3,
1103 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1104 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1105 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
1106 env->eip = (uint32_t)ECX;
1107 cpu_x86_load_seg_cache(env, R_SS, selector + 8,
1109 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
1110 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
1111 DESC_W_MASK | DESC_A_MASK);
1112 env->eflags |= IF_MASK;
1113 cpu_x86_set_cpl(env, 3);
1118 /* real mode interrupt */
1119 static void do_interrupt_real(int intno, int is_int, int error_code,
1120 unsigned int next_eip)
1123 target_ulong ptr, ssp;
1125 uint32_t offset, esp;
1126 uint32_t old_cs, old_eip;
1128 /* real mode (simpler !) */
1130 if (intno * 4 + 3 > dt->limit)
1131 raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
1132 ptr = dt->base + intno * 4;
1133 offset = lduw_kernel(ptr);
1134 selector = lduw_kernel(ptr + 2);
1136 ssp = env->segs[R_SS].base;
1141 old_cs = env->segs[R_CS].selector;
1142 /* XXX: use SS segment size ? */
1143 PUSHW(ssp, esp, 0xffff, compute_eflags());
1144 PUSHW(ssp, esp, 0xffff, old_cs);
1145 PUSHW(ssp, esp, 0xffff, old_eip);
1147 /* update processor state */
1148 ESP = (ESP & ~0xffff) | (esp & 0xffff);
1150 env->segs[R_CS].selector = selector;
1151 env->segs[R_CS].base = (selector << 4);
1152 env->eflags &= ~(IF_MASK | TF_MASK | AC_MASK | RF_MASK);
1155 /* fake user mode interrupt */
1156 void do_interrupt_user(int intno, int is_int, int error_code,
1157 target_ulong next_eip)
1161 int dpl, cpl, shift;
1165 if (env->hflags & HF_LMA_MASK) {
1170 ptr = dt->base + (intno << shift);
1171 e2 = ldl_kernel(ptr + 4);
1173 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
1174 cpl = env->hflags & HF_CPL_MASK;
1175 /* check privilege if software int */
1176 if (is_int && dpl < cpl)
1177 raise_exception_err(EXCP0D_GPF, (intno << shift) + 2);
1179 /* Since we emulate only user space, we cannot do more than
1180 exiting the emulation with the suitable exception and error
1186 #if !defined(CONFIG_USER_ONLY)
1187 static void handle_even_inj(int intno, int is_int, int error_code,
1190 uint32_t event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
1191 if (!(event_inj & SVM_EVTINJ_VALID)) {
1194 type = SVM_EVTINJ_TYPE_SOFT;
1196 type = SVM_EVTINJ_TYPE_EXEPT;
1197 event_inj = intno | type | SVM_EVTINJ_VALID;
1198 if (!rm && exeption_has_error_code(intno)) {
1199 event_inj |= SVM_EVTINJ_VALID_ERR;
1200 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err), error_code);
1202 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), event_inj);
1208 * Begin execution of an interruption. is_int is TRUE if coming from
1209 * the int instruction. next_eip is the EIP value AFTER the interrupt
1210 * instruction. It is only relevant if is_int is TRUE.
1212 void do_interrupt(int intno, int is_int, int error_code,
1213 target_ulong next_eip, int is_hw)
1215 if (qemu_loglevel_mask(CPU_LOG_INT)) {
1216 if ((env->cr[0] & CR0_PE_MASK)) {
1218 qemu_log("%6d: v=%02x e=%04x i=%d cpl=%d IP=%04x:" TARGET_FMT_lx " pc=" TARGET_FMT_lx " SP=%04x:" TARGET_FMT_lx,
1219 count, intno, error_code, is_int,
1220 env->hflags & HF_CPL_MASK,
1221 env->segs[R_CS].selector, EIP,
1222 (int)env->segs[R_CS].base + EIP,
1223 env->segs[R_SS].selector, ESP);
1224 if (intno == 0x0e) {
1225 qemu_log(" CR2=" TARGET_FMT_lx, env->cr[2]);
1227 qemu_log(" EAX=" TARGET_FMT_lx, EAX);
1230 log_cpu_state(env, X86_DUMP_CCOP);
1236 ptr = env->segs[R_CS].base + env->eip;
1237 for(i = 0; i < 16; i++) {
1238 qemu_log(" %02x", ldub(ptr + i));
1246 if (env->cr[0] & CR0_PE_MASK) {
1247 #if !defined(CONFIG_USER_ONLY)
1248 if (env->hflags & HF_SVMI_MASK)
1249 handle_even_inj(intno, is_int, error_code, is_hw, 0);
1251 #ifdef TARGET_X86_64
1252 if (env->hflags & HF_LMA_MASK) {
1253 do_interrupt64(intno, is_int, error_code, next_eip, is_hw);
1257 do_interrupt_protected(intno, is_int, error_code, next_eip, is_hw);
1260 #if !defined(CONFIG_USER_ONLY)
1261 if (env->hflags & HF_SVMI_MASK)
1262 handle_even_inj(intno, is_int, error_code, is_hw, 1);
1264 do_interrupt_real(intno, is_int, error_code, next_eip);
1267 #if !defined(CONFIG_USER_ONLY)
1268 if (env->hflags & HF_SVMI_MASK) {
1269 uint32_t event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
1270 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj), event_inj & ~SVM_EVTINJ_VALID);
1275 /* This should come from sysemu.h - if we could include it here... */
1276 void qemu_system_reset_request(void);
1279 * Check nested exceptions and change to double or triple fault if
1280 * needed. It should only be called, if this is not an interrupt.
1281 * Returns the new exception number.
1283 static int check_exception(int intno, int *error_code)
1285 int first_contributory = env->old_exception == 0 ||
1286 (env->old_exception >= 10 &&
1287 env->old_exception <= 13);
1288 int second_contributory = intno == 0 ||
1289 (intno >= 10 && intno <= 13);
1291 qemu_log_mask(CPU_LOG_INT, "check_exception old: 0x%x new 0x%x\n",
1292 env->old_exception, intno);
1294 #if !defined(CONFIG_USER_ONLY)
1295 if (env->old_exception == EXCP08_DBLE) {
1296 if (env->hflags & HF_SVMI_MASK)
1297 helper_vmexit(SVM_EXIT_SHUTDOWN, 0); /* does not return */
1299 qemu_log_mask(CPU_LOG_RESET, "Triple fault\n");
1301 qemu_system_reset_request();
1306 if ((first_contributory && second_contributory)
1307 || (env->old_exception == EXCP0E_PAGE &&
1308 (second_contributory || (intno == EXCP0E_PAGE)))) {
1309 intno = EXCP08_DBLE;
1313 if (second_contributory || (intno == EXCP0E_PAGE) ||
1314 (intno == EXCP08_DBLE))
1315 env->old_exception = intno;
1321 * Signal an interruption. It is executed in the main CPU loop.
1322 * is_int is TRUE if coming from the int instruction. next_eip is the
1323 * EIP value AFTER the interrupt instruction. It is only relevant if
1326 static void QEMU_NORETURN raise_interrupt(int intno, int is_int, int error_code,
1327 int next_eip_addend)
1330 helper_svm_check_intercept_param(SVM_EXIT_EXCP_BASE + intno, error_code);
1331 intno = check_exception(intno, &error_code);
1333 helper_svm_check_intercept_param(SVM_EXIT_SWINT, 0);
1336 env->exception_index = intno;
1337 env->error_code = error_code;
1338 env->exception_is_int = is_int;
1339 env->exception_next_eip = env->eip + next_eip_addend;
1343 /* shortcuts to generate exceptions */
1345 void raise_exception_err(int exception_index, int error_code)
1347 raise_interrupt(exception_index, 0, error_code, 0);
1350 void raise_exception(int exception_index)
1352 raise_interrupt(exception_index, 0, 0, 0);
1355 void raise_exception_env(int exception_index, CPUState *nenv)
1358 raise_exception(exception_index);
1362 #if defined(CONFIG_USER_ONLY)
1364 void do_smm_enter(void)
1368 void helper_rsm(void)
1374 #ifdef TARGET_X86_64
1375 #define SMM_REVISION_ID 0x00020064
1377 #define SMM_REVISION_ID 0x00020000
1380 void do_smm_enter(void)
1382 target_ulong sm_state;
1386 qemu_log_mask(CPU_LOG_INT, "SMM: enter\n");
1387 log_cpu_state_mask(CPU_LOG_INT, env, X86_DUMP_CCOP);
1389 env->hflags |= HF_SMM_MASK;
1390 cpu_smm_update(env);
1392 sm_state = env->smbase + 0x8000;
1394 #ifdef TARGET_X86_64
1395 for(i = 0; i < 6; i++) {
1397 offset = 0x7e00 + i * 16;
1398 stw_phys(sm_state + offset, dt->selector);
1399 stw_phys(sm_state + offset + 2, (dt->flags >> 8) & 0xf0ff);
1400 stl_phys(sm_state + offset + 4, dt->limit);
1401 stq_phys(sm_state + offset + 8, dt->base);
1404 stq_phys(sm_state + 0x7e68, env->gdt.base);
1405 stl_phys(sm_state + 0x7e64, env->gdt.limit);
1407 stw_phys(sm_state + 0x7e70, env->ldt.selector);
1408 stq_phys(sm_state + 0x7e78, env->ldt.base);
1409 stl_phys(sm_state + 0x7e74, env->ldt.limit);
1410 stw_phys(sm_state + 0x7e72, (env->ldt.flags >> 8) & 0xf0ff);
1412 stq_phys(sm_state + 0x7e88, env->idt.base);
1413 stl_phys(sm_state + 0x7e84, env->idt.limit);
1415 stw_phys(sm_state + 0x7e90, env->tr.selector);
1416 stq_phys(sm_state + 0x7e98, env->tr.base);
1417 stl_phys(sm_state + 0x7e94, env->tr.limit);
1418 stw_phys(sm_state + 0x7e92, (env->tr.flags >> 8) & 0xf0ff);
1420 stq_phys(sm_state + 0x7ed0, env->efer);
1422 stq_phys(sm_state + 0x7ff8, EAX);
1423 stq_phys(sm_state + 0x7ff0, ECX);
1424 stq_phys(sm_state + 0x7fe8, EDX);
1425 stq_phys(sm_state + 0x7fe0, EBX);
1426 stq_phys(sm_state + 0x7fd8, ESP);
1427 stq_phys(sm_state + 0x7fd0, EBP);
1428 stq_phys(sm_state + 0x7fc8, ESI);
1429 stq_phys(sm_state + 0x7fc0, EDI);
1430 for(i = 8; i < 16; i++)
1431 stq_phys(sm_state + 0x7ff8 - i * 8, env->regs[i]);
1432 stq_phys(sm_state + 0x7f78, env->eip);
1433 stl_phys(sm_state + 0x7f70, compute_eflags());
1434 stl_phys(sm_state + 0x7f68, env->dr[6]);
1435 stl_phys(sm_state + 0x7f60, env->dr[7]);
1437 stl_phys(sm_state + 0x7f48, env->cr[4]);
1438 stl_phys(sm_state + 0x7f50, env->cr[3]);
1439 stl_phys(sm_state + 0x7f58, env->cr[0]);
1441 stl_phys(sm_state + 0x7efc, SMM_REVISION_ID);
1442 stl_phys(sm_state + 0x7f00, env->smbase);
1444 stl_phys(sm_state + 0x7ffc, env->cr[0]);
1445 stl_phys(sm_state + 0x7ff8, env->cr[3]);
1446 stl_phys(sm_state + 0x7ff4, compute_eflags());
1447 stl_phys(sm_state + 0x7ff0, env->eip);
1448 stl_phys(sm_state + 0x7fec, EDI);
1449 stl_phys(sm_state + 0x7fe8, ESI);
1450 stl_phys(sm_state + 0x7fe4, EBP);
1451 stl_phys(sm_state + 0x7fe0, ESP);
1452 stl_phys(sm_state + 0x7fdc, EBX);
1453 stl_phys(sm_state + 0x7fd8, EDX);
1454 stl_phys(sm_state + 0x7fd4, ECX);
1455 stl_phys(sm_state + 0x7fd0, EAX);
1456 stl_phys(sm_state + 0x7fcc, env->dr[6]);
1457 stl_phys(sm_state + 0x7fc8, env->dr[7]);
1459 stl_phys(sm_state + 0x7fc4, env->tr.selector);
1460 stl_phys(sm_state + 0x7f64, env->tr.base);
1461 stl_phys(sm_state + 0x7f60, env->tr.limit);
1462 stl_phys(sm_state + 0x7f5c, (env->tr.flags >> 8) & 0xf0ff);
1464 stl_phys(sm_state + 0x7fc0, env->ldt.selector);
1465 stl_phys(sm_state + 0x7f80, env->ldt.base);
1466 stl_phys(sm_state + 0x7f7c, env->ldt.limit);
1467 stl_phys(sm_state + 0x7f78, (env->ldt.flags >> 8) & 0xf0ff);
1469 stl_phys(sm_state + 0x7f74, env->gdt.base);
1470 stl_phys(sm_state + 0x7f70, env->gdt.limit);
1472 stl_phys(sm_state + 0x7f58, env->idt.base);
1473 stl_phys(sm_state + 0x7f54, env->idt.limit);
1475 for(i = 0; i < 6; i++) {
1478 offset = 0x7f84 + i * 12;
1480 offset = 0x7f2c + (i - 3) * 12;
1481 stl_phys(sm_state + 0x7fa8 + i * 4, dt->selector);
1482 stl_phys(sm_state + offset + 8, dt->base);
1483 stl_phys(sm_state + offset + 4, dt->limit);
1484 stl_phys(sm_state + offset, (dt->flags >> 8) & 0xf0ff);
1486 stl_phys(sm_state + 0x7f14, env->cr[4]);
1488 stl_phys(sm_state + 0x7efc, SMM_REVISION_ID);
1489 stl_phys(sm_state + 0x7ef8, env->smbase);
1491 /* init SMM cpu state */
1493 #ifdef TARGET_X86_64
1494 cpu_load_efer(env, 0);
1496 load_eflags(0, ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1497 env->eip = 0x00008000;
1498 cpu_x86_load_seg_cache(env, R_CS, (env->smbase >> 4) & 0xffff, env->smbase,
1500 cpu_x86_load_seg_cache(env, R_DS, 0, 0, 0xffffffff, 0);
1501 cpu_x86_load_seg_cache(env, R_ES, 0, 0, 0xffffffff, 0);
1502 cpu_x86_load_seg_cache(env, R_SS, 0, 0, 0xffffffff, 0);
1503 cpu_x86_load_seg_cache(env, R_FS, 0, 0, 0xffffffff, 0);
1504 cpu_x86_load_seg_cache(env, R_GS, 0, 0, 0xffffffff, 0);
1506 cpu_x86_update_cr0(env,
1507 env->cr[0] & ~(CR0_PE_MASK | CR0_EM_MASK | CR0_TS_MASK | CR0_PG_MASK));
1508 cpu_x86_update_cr4(env, 0);
1509 env->dr[7] = 0x00000400;
1510 CC_OP = CC_OP_EFLAGS;
1513 void helper_rsm(void)
1515 target_ulong sm_state;
1519 sm_state = env->smbase + 0x8000;
1520 #ifdef TARGET_X86_64
1521 cpu_load_efer(env, ldq_phys(sm_state + 0x7ed0));
1523 for(i = 0; i < 6; i++) {
1524 offset = 0x7e00 + i * 16;
1525 cpu_x86_load_seg_cache(env, i,
1526 lduw_phys(sm_state + offset),
1527 ldq_phys(sm_state + offset + 8),
1528 ldl_phys(sm_state + offset + 4),
1529 (lduw_phys(sm_state + offset + 2) & 0xf0ff) << 8);
1532 env->gdt.base = ldq_phys(sm_state + 0x7e68);
1533 env->gdt.limit = ldl_phys(sm_state + 0x7e64);
1535 env->ldt.selector = lduw_phys(sm_state + 0x7e70);
1536 env->ldt.base = ldq_phys(sm_state + 0x7e78);
1537 env->ldt.limit = ldl_phys(sm_state + 0x7e74);
1538 env->ldt.flags = (lduw_phys(sm_state + 0x7e72) & 0xf0ff) << 8;
1540 env->idt.base = ldq_phys(sm_state + 0x7e88);
1541 env->idt.limit = ldl_phys(sm_state + 0x7e84);
1543 env->tr.selector = lduw_phys(sm_state + 0x7e90);
1544 env->tr.base = ldq_phys(sm_state + 0x7e98);
1545 env->tr.limit = ldl_phys(sm_state + 0x7e94);
1546 env->tr.flags = (lduw_phys(sm_state + 0x7e92) & 0xf0ff) << 8;
1548 EAX = ldq_phys(sm_state + 0x7ff8);
1549 ECX = ldq_phys(sm_state + 0x7ff0);
1550 EDX = ldq_phys(sm_state + 0x7fe8);
1551 EBX = ldq_phys(sm_state + 0x7fe0);
1552 ESP = ldq_phys(sm_state + 0x7fd8);
1553 EBP = ldq_phys(sm_state + 0x7fd0);
1554 ESI = ldq_phys(sm_state + 0x7fc8);
1555 EDI = ldq_phys(sm_state + 0x7fc0);
1556 for(i = 8; i < 16; i++)
1557 env->regs[i] = ldq_phys(sm_state + 0x7ff8 - i * 8);
1558 env->eip = ldq_phys(sm_state + 0x7f78);
1559 load_eflags(ldl_phys(sm_state + 0x7f70),
1560 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1561 env->dr[6] = ldl_phys(sm_state + 0x7f68);
1562 env->dr[7] = ldl_phys(sm_state + 0x7f60);
1564 cpu_x86_update_cr4(env, ldl_phys(sm_state + 0x7f48));
1565 cpu_x86_update_cr3(env, ldl_phys(sm_state + 0x7f50));
1566 cpu_x86_update_cr0(env, ldl_phys(sm_state + 0x7f58));
1568 val = ldl_phys(sm_state + 0x7efc); /* revision ID */
1569 if (val & 0x20000) {
1570 env->smbase = ldl_phys(sm_state + 0x7f00) & ~0x7fff;
1573 cpu_x86_update_cr0(env, ldl_phys(sm_state + 0x7ffc));
1574 cpu_x86_update_cr3(env, ldl_phys(sm_state + 0x7ff8));
1575 load_eflags(ldl_phys(sm_state + 0x7ff4),
1576 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
1577 env->eip = ldl_phys(sm_state + 0x7ff0);
1578 EDI = ldl_phys(sm_state + 0x7fec);
1579 ESI = ldl_phys(sm_state + 0x7fe8);
1580 EBP = ldl_phys(sm_state + 0x7fe4);
1581 ESP = ldl_phys(sm_state + 0x7fe0);
1582 EBX = ldl_phys(sm_state + 0x7fdc);
1583 EDX = ldl_phys(sm_state + 0x7fd8);
1584 ECX = ldl_phys(sm_state + 0x7fd4);
1585 EAX = ldl_phys(sm_state + 0x7fd0);
1586 env->dr[6] = ldl_phys(sm_state + 0x7fcc);
1587 env->dr[7] = ldl_phys(sm_state + 0x7fc8);
1589 env->tr.selector = ldl_phys(sm_state + 0x7fc4) & 0xffff;
1590 env->tr.base = ldl_phys(sm_state + 0x7f64);
1591 env->tr.limit = ldl_phys(sm_state + 0x7f60);
1592 env->tr.flags = (ldl_phys(sm_state + 0x7f5c) & 0xf0ff) << 8;
1594 env->ldt.selector = ldl_phys(sm_state + 0x7fc0) & 0xffff;
1595 env->ldt.base = ldl_phys(sm_state + 0x7f80);
1596 env->ldt.limit = ldl_phys(sm_state + 0x7f7c);
1597 env->ldt.flags = (ldl_phys(sm_state + 0x7f78) & 0xf0ff) << 8;
1599 env->gdt.base = ldl_phys(sm_state + 0x7f74);
1600 env->gdt.limit = ldl_phys(sm_state + 0x7f70);
1602 env->idt.base = ldl_phys(sm_state + 0x7f58);
1603 env->idt.limit = ldl_phys(sm_state + 0x7f54);
1605 for(i = 0; i < 6; i++) {
1607 offset = 0x7f84 + i * 12;
1609 offset = 0x7f2c + (i - 3) * 12;
1610 cpu_x86_load_seg_cache(env, i,
1611 ldl_phys(sm_state + 0x7fa8 + i * 4) & 0xffff,
1612 ldl_phys(sm_state + offset + 8),
1613 ldl_phys(sm_state + offset + 4),
1614 (ldl_phys(sm_state + offset) & 0xf0ff) << 8);
1616 cpu_x86_update_cr4(env, ldl_phys(sm_state + 0x7f14));
1618 val = ldl_phys(sm_state + 0x7efc); /* revision ID */
1619 if (val & 0x20000) {
1620 env->smbase = ldl_phys(sm_state + 0x7ef8) & ~0x7fff;
1623 CC_OP = CC_OP_EFLAGS;
1624 env->hflags &= ~HF_SMM_MASK;
1625 cpu_smm_update(env);
1627 qemu_log_mask(CPU_LOG_INT, "SMM: after RSM\n");
1628 log_cpu_state_mask(CPU_LOG_INT, env, X86_DUMP_CCOP);
1631 #endif /* !CONFIG_USER_ONLY */
1634 /* division, flags are undefined */
1636 void helper_divb_AL(target_ulong t0)
1638 unsigned int num, den, q, r;
1640 num = (EAX & 0xffff);
1643 raise_exception(EXCP00_DIVZ);
1647 raise_exception(EXCP00_DIVZ);
1649 r = (num % den) & 0xff;
1650 EAX = (EAX & ~0xffff) | (r << 8) | q;
1653 void helper_idivb_AL(target_ulong t0)
1660 raise_exception(EXCP00_DIVZ);
1664 raise_exception(EXCP00_DIVZ);
1666 r = (num % den) & 0xff;
1667 EAX = (EAX & ~0xffff) | (r << 8) | q;
1670 void helper_divw_AX(target_ulong t0)
1672 unsigned int num, den, q, r;
1674 num = (EAX & 0xffff) | ((EDX & 0xffff) << 16);
1675 den = (t0 & 0xffff);
1677 raise_exception(EXCP00_DIVZ);
1681 raise_exception(EXCP00_DIVZ);
1683 r = (num % den) & 0xffff;
1684 EAX = (EAX & ~0xffff) | q;
1685 EDX = (EDX & ~0xffff) | r;
1688 void helper_idivw_AX(target_ulong t0)
1692 num = (EAX & 0xffff) | ((EDX & 0xffff) << 16);
1695 raise_exception(EXCP00_DIVZ);
1698 if (q != (int16_t)q)
1699 raise_exception(EXCP00_DIVZ);
1701 r = (num % den) & 0xffff;
1702 EAX = (EAX & ~0xffff) | q;
1703 EDX = (EDX & ~0xffff) | r;
1706 void helper_divl_EAX(target_ulong t0)
1708 unsigned int den, r;
1711 num = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
1714 raise_exception(EXCP00_DIVZ);
1719 raise_exception(EXCP00_DIVZ);
1724 void helper_idivl_EAX(target_ulong t0)
1729 num = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
1732 raise_exception(EXCP00_DIVZ);
1736 if (q != (int32_t)q)
1737 raise_exception(EXCP00_DIVZ);
1744 /* XXX: exception */
1745 void helper_aam(int base)
1751 EAX = (EAX & ~0xffff) | al | (ah << 8);
1755 void helper_aad(int base)
1759 ah = (EAX >> 8) & 0xff;
1760 al = ((ah * base) + al) & 0xff;
1761 EAX = (EAX & ~0xffff) | al;
1765 void helper_aaa(void)
1771 eflags = helper_cc_compute_all(CC_OP);
1774 ah = (EAX >> 8) & 0xff;
1776 icarry = (al > 0xf9);
1777 if (((al & 0x0f) > 9 ) || af) {
1778 al = (al + 6) & 0x0f;
1779 ah = (ah + 1 + icarry) & 0xff;
1780 eflags |= CC_C | CC_A;
1782 eflags &= ~(CC_C | CC_A);
1785 EAX = (EAX & ~0xffff) | al | (ah << 8);
1789 void helper_aas(void)
1795 eflags = helper_cc_compute_all(CC_OP);
1798 ah = (EAX >> 8) & 0xff;
1801 if (((al & 0x0f) > 9 ) || af) {
1802 al = (al - 6) & 0x0f;
1803 ah = (ah - 1 - icarry) & 0xff;
1804 eflags |= CC_C | CC_A;
1806 eflags &= ~(CC_C | CC_A);
1809 EAX = (EAX & ~0xffff) | al | (ah << 8);
1813 void helper_daa(void)
1818 eflags = helper_cc_compute_all(CC_OP);
1824 if (((al & 0x0f) > 9 ) || af) {
1825 al = (al + 6) & 0xff;
1828 if ((al > 0x9f) || cf) {
1829 al = (al + 0x60) & 0xff;
1832 EAX = (EAX & ~0xff) | al;
1833 /* well, speed is not an issue here, so we compute the flags by hand */
1834 eflags |= (al == 0) << 6; /* zf */
1835 eflags |= parity_table[al]; /* pf */
1836 eflags |= (al & 0x80); /* sf */
1840 void helper_das(void)
1842 int al, al1, af, cf;
1845 eflags = helper_cc_compute_all(CC_OP);
1852 if (((al & 0x0f) > 9 ) || af) {
1856 al = (al - 6) & 0xff;
1858 if ((al1 > 0x99) || cf) {
1859 al = (al - 0x60) & 0xff;
1862 EAX = (EAX & ~0xff) | al;
1863 /* well, speed is not an issue here, so we compute the flags by hand */
1864 eflags |= (al == 0) << 6; /* zf */
1865 eflags |= parity_table[al]; /* pf */
1866 eflags |= (al & 0x80); /* sf */
1870 void helper_into(int next_eip_addend)
1873 eflags = helper_cc_compute_all(CC_OP);
1874 if (eflags & CC_O) {
1875 raise_interrupt(EXCP04_INTO, 1, 0, next_eip_addend);
1879 void helper_cmpxchg8b(target_ulong a0)
1884 eflags = helper_cc_compute_all(CC_OP);
1886 if (d == (((uint64_t)EDX << 32) | (uint32_t)EAX)) {
1887 stq(a0, ((uint64_t)ECX << 32) | (uint32_t)EBX);
1890 /* always do the store */
1892 EDX = (uint32_t)(d >> 32);
1899 #ifdef TARGET_X86_64
1900 void helper_cmpxchg16b(target_ulong a0)
1905 if ((a0 & 0xf) != 0)
1906 raise_exception(EXCP0D_GPF);
1907 eflags = helper_cc_compute_all(CC_OP);
1910 if (d0 == EAX && d1 == EDX) {
1915 /* always do the store */
1926 void helper_single_step(void)
1928 #ifndef CONFIG_USER_ONLY
1929 check_hw_breakpoints(env, 1);
1930 env->dr[6] |= DR6_BS;
1932 raise_exception(EXCP01_DB);
1935 void helper_cpuid(void)
1937 uint32_t eax, ebx, ecx, edx;
1939 helper_svm_check_intercept_param(SVM_EXIT_CPUID, 0);
1941 cpu_x86_cpuid(env, (uint32_t)EAX, (uint32_t)ECX, &eax, &ebx, &ecx, &edx);
1948 void helper_enter_level(int level, int data32, target_ulong t1)
1951 uint32_t esp_mask, esp, ebp;
1953 esp_mask = get_sp_mask(env->segs[R_SS].flags);
1954 ssp = env->segs[R_SS].base;
1963 stl(ssp + (esp & esp_mask), ldl(ssp + (ebp & esp_mask)));
1966 stl(ssp + (esp & esp_mask), t1);
1973 stw(ssp + (esp & esp_mask), lduw(ssp + (ebp & esp_mask)));
1976 stw(ssp + (esp & esp_mask), t1);
1980 #ifdef TARGET_X86_64
1981 void helper_enter64_level(int level, int data64, target_ulong t1)
1983 target_ulong esp, ebp;
2003 stw(esp, lduw(ebp));
2011 void helper_lldt(int selector)
2015 int index, entry_limit;
2019 if ((selector & 0xfffc) == 0) {
2020 /* XXX: NULL selector case: invalid LDT */
2025 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2027 index = selector & ~7;
2028 #ifdef TARGET_X86_64
2029 if (env->hflags & HF_LMA_MASK)
2034 if ((index + entry_limit) > dt->limit)
2035 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2036 ptr = dt->base + index;
2037 e1 = ldl_kernel(ptr);
2038 e2 = ldl_kernel(ptr + 4);
2039 if ((e2 & DESC_S_MASK) || ((e2 >> DESC_TYPE_SHIFT) & 0xf) != 2)
2040 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2041 if (!(e2 & DESC_P_MASK))
2042 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2043 #ifdef TARGET_X86_64
2044 if (env->hflags & HF_LMA_MASK) {
2046 e3 = ldl_kernel(ptr + 8);
2047 load_seg_cache_raw_dt(&env->ldt, e1, e2);
2048 env->ldt.base |= (target_ulong)e3 << 32;
2052 load_seg_cache_raw_dt(&env->ldt, e1, e2);
2055 env->ldt.selector = selector;
2058 void helper_ltr(int selector)
2062 int index, type, entry_limit;
2066 if ((selector & 0xfffc) == 0) {
2067 /* NULL selector case: invalid TR */
2073 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2075 index = selector & ~7;
2076 #ifdef TARGET_X86_64
2077 if (env->hflags & HF_LMA_MASK)
2082 if ((index + entry_limit) > dt->limit)
2083 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2084 ptr = dt->base + index;
2085 e1 = ldl_kernel(ptr);
2086 e2 = ldl_kernel(ptr + 4);
2087 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2088 if ((e2 & DESC_S_MASK) ||
2089 (type != 1 && type != 9))
2090 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2091 if (!(e2 & DESC_P_MASK))
2092 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2093 #ifdef TARGET_X86_64
2094 if (env->hflags & HF_LMA_MASK) {
2096 e3 = ldl_kernel(ptr + 8);
2097 e4 = ldl_kernel(ptr + 12);
2098 if ((e4 >> DESC_TYPE_SHIFT) & 0xf)
2099 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2100 load_seg_cache_raw_dt(&env->tr, e1, e2);
2101 env->tr.base |= (target_ulong)e3 << 32;
2105 load_seg_cache_raw_dt(&env->tr, e1, e2);
2107 e2 |= DESC_TSS_BUSY_MASK;
2108 stl_kernel(ptr + 4, e2);
2110 env->tr.selector = selector;
2113 /* only works if protected mode and not VM86. seg_reg must be != R_CS */
2114 void helper_load_seg(int seg_reg, int selector)
2123 cpl = env->hflags & HF_CPL_MASK;
2124 if ((selector & 0xfffc) == 0) {
2125 /* null selector case */
2127 #ifdef TARGET_X86_64
2128 && (!(env->hflags & HF_CS64_MASK) || cpl == 3)
2131 raise_exception_err(EXCP0D_GPF, 0);
2132 cpu_x86_load_seg_cache(env, seg_reg, selector, 0, 0, 0);
2139 index = selector & ~7;
2140 if ((index + 7) > dt->limit)
2141 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2142 ptr = dt->base + index;
2143 e1 = ldl_kernel(ptr);
2144 e2 = ldl_kernel(ptr + 4);
2146 if (!(e2 & DESC_S_MASK))
2147 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2149 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2150 if (seg_reg == R_SS) {
2151 /* must be writable segment */
2152 if ((e2 & DESC_CS_MASK) || !(e2 & DESC_W_MASK))
2153 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2154 if (rpl != cpl || dpl != cpl)
2155 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2157 /* must be readable segment */
2158 if ((e2 & (DESC_CS_MASK | DESC_R_MASK)) == DESC_CS_MASK)
2159 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2161 if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
2162 /* if not conforming code, test rights */
2163 if (dpl < cpl || dpl < rpl)
2164 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2168 if (!(e2 & DESC_P_MASK)) {
2169 if (seg_reg == R_SS)
2170 raise_exception_err(EXCP0C_STACK, selector & 0xfffc);
2172 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2175 /* set the access bit if not already set */
2176 if (!(e2 & DESC_A_MASK)) {
2178 stl_kernel(ptr + 4, e2);
2181 cpu_x86_load_seg_cache(env, seg_reg, selector,
2182 get_seg_base(e1, e2),
2183 get_seg_limit(e1, e2),
2186 qemu_log("load_seg: sel=0x%04x base=0x%08lx limit=0x%08lx flags=%08x\n",
2187 selector, (unsigned long)sc->base, sc->limit, sc->flags);
2192 /* protected mode jump */
2193 void helper_ljmp_protected(int new_cs, target_ulong new_eip,
2194 int next_eip_addend)
2197 uint32_t e1, e2, cpl, dpl, rpl, limit;
2198 target_ulong next_eip;
2200 if ((new_cs & 0xfffc) == 0)
2201 raise_exception_err(EXCP0D_GPF, 0);
2202 if (load_segment(&e1, &e2, new_cs) != 0)
2203 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2204 cpl = env->hflags & HF_CPL_MASK;
2205 if (e2 & DESC_S_MASK) {
2206 if (!(e2 & DESC_CS_MASK))
2207 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2208 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2209 if (e2 & DESC_C_MASK) {
2210 /* conforming code segment */
2212 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2214 /* non conforming code segment */
2217 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2219 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2221 if (!(e2 & DESC_P_MASK))
2222 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2223 limit = get_seg_limit(e1, e2);
2224 if (new_eip > limit &&
2225 !(env->hflags & HF_LMA_MASK) && !(e2 & DESC_L_MASK))
2226 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2227 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2228 get_seg_base(e1, e2), limit, e2);
2231 /* jump to call or task gate */
2232 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2234 cpl = env->hflags & HF_CPL_MASK;
2235 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
2237 case 1: /* 286 TSS */
2238 case 9: /* 386 TSS */
2239 case 5: /* task gate */
2240 if (dpl < cpl || dpl < rpl)
2241 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2242 next_eip = env->eip + next_eip_addend;
2243 switch_tss(new_cs, e1, e2, SWITCH_TSS_JMP, next_eip);
2244 CC_OP = CC_OP_EFLAGS;
2246 case 4: /* 286 call gate */
2247 case 12: /* 386 call gate */
2248 if ((dpl < cpl) || (dpl < rpl))
2249 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2250 if (!(e2 & DESC_P_MASK))
2251 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2253 new_eip = (e1 & 0xffff);
2255 new_eip |= (e2 & 0xffff0000);
2256 if (load_segment(&e1, &e2, gate_cs) != 0)
2257 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2258 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2259 /* must be code segment */
2260 if (((e2 & (DESC_S_MASK | DESC_CS_MASK)) !=
2261 (DESC_S_MASK | DESC_CS_MASK)))
2262 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2263 if (((e2 & DESC_C_MASK) && (dpl > cpl)) ||
2264 (!(e2 & DESC_C_MASK) && (dpl != cpl)))
2265 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2266 if (!(e2 & DESC_P_MASK))
2267 raise_exception_err(EXCP0D_GPF, gate_cs & 0xfffc);
2268 limit = get_seg_limit(e1, e2);
2269 if (new_eip > limit)
2270 raise_exception_err(EXCP0D_GPF, 0);
2271 cpu_x86_load_seg_cache(env, R_CS, (gate_cs & 0xfffc) | cpl,
2272 get_seg_base(e1, e2), limit, e2);
2276 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2282 /* real mode call */
2283 void helper_lcall_real(int new_cs, target_ulong new_eip1,
2284 int shift, int next_eip)
2287 uint32_t esp, esp_mask;
2292 esp_mask = get_sp_mask(env->segs[R_SS].flags);
2293 ssp = env->segs[R_SS].base;
2295 PUSHL(ssp, esp, esp_mask, env->segs[R_CS].selector);
2296 PUSHL(ssp, esp, esp_mask, next_eip);
2298 PUSHW(ssp, esp, esp_mask, env->segs[R_CS].selector);
2299 PUSHW(ssp, esp, esp_mask, next_eip);
2302 SET_ESP(esp, esp_mask);
2304 env->segs[R_CS].selector = new_cs;
2305 env->segs[R_CS].base = (new_cs << 4);
2308 /* protected mode call */
2309 void helper_lcall_protected(int new_cs, target_ulong new_eip,
2310 int shift, int next_eip_addend)
2313 uint32_t e1, e2, cpl, dpl, rpl, selector, offset, param_count;
2314 uint32_t ss = 0, ss_e1 = 0, ss_e2 = 0, sp, type, ss_dpl, sp_mask;
2315 uint32_t val, limit, old_sp_mask;
2316 target_ulong ssp, old_ssp, next_eip;
2318 next_eip = env->eip + next_eip_addend;
2319 LOG_PCALL("lcall %04x:%08x s=%d\n", new_cs, (uint32_t)new_eip, shift);
2320 LOG_PCALL_STATE(env);
2321 if ((new_cs & 0xfffc) == 0)
2322 raise_exception_err(EXCP0D_GPF, 0);
2323 if (load_segment(&e1, &e2, new_cs) != 0)
2324 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2325 cpl = env->hflags & HF_CPL_MASK;
2326 LOG_PCALL("desc=%08x:%08x\n", e1, e2);
2327 if (e2 & DESC_S_MASK) {
2328 if (!(e2 & DESC_CS_MASK))
2329 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2330 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2331 if (e2 & DESC_C_MASK) {
2332 /* conforming code segment */
2334 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2336 /* non conforming code segment */
2339 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2341 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2343 if (!(e2 & DESC_P_MASK))
2344 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2346 #ifdef TARGET_X86_64
2347 /* XXX: check 16/32 bit cases in long mode */
2352 PUSHQ(rsp, env->segs[R_CS].selector);
2353 PUSHQ(rsp, next_eip);
2354 /* from this point, not restartable */
2356 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2357 get_seg_base(e1, e2),
2358 get_seg_limit(e1, e2), e2);
2364 sp_mask = get_sp_mask(env->segs[R_SS].flags);
2365 ssp = env->segs[R_SS].base;
2367 PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
2368 PUSHL(ssp, sp, sp_mask, next_eip);
2370 PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
2371 PUSHW(ssp, sp, sp_mask, next_eip);
2374 limit = get_seg_limit(e1, e2);
2375 if (new_eip > limit)
2376 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2377 /* from this point, not restartable */
2378 SET_ESP(sp, sp_mask);
2379 cpu_x86_load_seg_cache(env, R_CS, (new_cs & 0xfffc) | cpl,
2380 get_seg_base(e1, e2), limit, e2);
2384 /* check gate type */
2385 type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
2386 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2389 case 1: /* available 286 TSS */
2390 case 9: /* available 386 TSS */
2391 case 5: /* task gate */
2392 if (dpl < cpl || dpl < rpl)
2393 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2394 switch_tss(new_cs, e1, e2, SWITCH_TSS_CALL, next_eip);
2395 CC_OP = CC_OP_EFLAGS;
2397 case 4: /* 286 call gate */
2398 case 12: /* 386 call gate */
2401 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2406 if (dpl < cpl || dpl < rpl)
2407 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2408 /* check valid bit */
2409 if (!(e2 & DESC_P_MASK))
2410 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2411 selector = e1 >> 16;
2412 offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
2413 param_count = e2 & 0x1f;
2414 if ((selector & 0xfffc) == 0)
2415 raise_exception_err(EXCP0D_GPF, 0);
2417 if (load_segment(&e1, &e2, selector) != 0)
2418 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2419 if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
2420 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2421 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2423 raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
2424 if (!(e2 & DESC_P_MASK))
2425 raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
2427 if (!(e2 & DESC_C_MASK) && dpl < cpl) {
2428 /* to inner privilege */
2429 get_ss_esp_from_tss(&ss, &sp, dpl);
2430 LOG_PCALL("new ss:esp=%04x:%08x param_count=%d ESP=" TARGET_FMT_lx "\n",
2431 ss, sp, param_count, ESP);
2432 if ((ss & 0xfffc) == 0)
2433 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2434 if ((ss & 3) != dpl)
2435 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2436 if (load_segment(&ss_e1, &ss_e2, ss) != 0)
2437 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2438 ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2440 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2441 if (!(ss_e2 & DESC_S_MASK) ||
2442 (ss_e2 & DESC_CS_MASK) ||
2443 !(ss_e2 & DESC_W_MASK))
2444 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2445 if (!(ss_e2 & DESC_P_MASK))
2446 raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
2448 // push_size = ((param_count * 2) + 8) << shift;
2450 old_sp_mask = get_sp_mask(env->segs[R_SS].flags);
2451 old_ssp = env->segs[R_SS].base;
2453 sp_mask = get_sp_mask(ss_e2);
2454 ssp = get_seg_base(ss_e1, ss_e2);
2456 PUSHL(ssp, sp, sp_mask, env->segs[R_SS].selector);
2457 PUSHL(ssp, sp, sp_mask, ESP);
2458 for(i = param_count - 1; i >= 0; i--) {
2459 val = ldl_kernel(old_ssp + ((ESP + i * 4) & old_sp_mask));
2460 PUSHL(ssp, sp, sp_mask, val);
2463 PUSHW(ssp, sp, sp_mask, env->segs[R_SS].selector);
2464 PUSHW(ssp, sp, sp_mask, ESP);
2465 for(i = param_count - 1; i >= 0; i--) {
2466 val = lduw_kernel(old_ssp + ((ESP + i * 2) & old_sp_mask));
2467 PUSHW(ssp, sp, sp_mask, val);
2472 /* to same privilege */
2474 sp_mask = get_sp_mask(env->segs[R_SS].flags);
2475 ssp = env->segs[R_SS].base;
2476 // push_size = (4 << shift);
2481 PUSHL(ssp, sp, sp_mask, env->segs[R_CS].selector);
2482 PUSHL(ssp, sp, sp_mask, next_eip);
2484 PUSHW(ssp, sp, sp_mask, env->segs[R_CS].selector);
2485 PUSHW(ssp, sp, sp_mask, next_eip);
2488 /* from this point, not restartable */
2491 ss = (ss & ~3) | dpl;
2492 cpu_x86_load_seg_cache(env, R_SS, ss,
2494 get_seg_limit(ss_e1, ss_e2),
2498 selector = (selector & ~3) | dpl;
2499 cpu_x86_load_seg_cache(env, R_CS, selector,
2500 get_seg_base(e1, e2),
2501 get_seg_limit(e1, e2),
2503 cpu_x86_set_cpl(env, dpl);
2504 SET_ESP(sp, sp_mask);
2509 /* real and vm86 mode iret */
2510 void helper_iret_real(int shift)
2512 uint32_t sp, new_cs, new_eip, new_eflags, sp_mask;
2516 sp_mask = 0xffff; /* XXXX: use SS segment size ? */
2518 ssp = env->segs[R_SS].base;
2521 POPL(ssp, sp, sp_mask, new_eip);
2522 POPL(ssp, sp, sp_mask, new_cs);
2524 POPL(ssp, sp, sp_mask, new_eflags);
2527 POPW(ssp, sp, sp_mask, new_eip);
2528 POPW(ssp, sp, sp_mask, new_cs);
2529 POPW(ssp, sp, sp_mask, new_eflags);
2531 ESP = (ESP & ~sp_mask) | (sp & sp_mask);
2532 env->segs[R_CS].selector = new_cs;
2533 env->segs[R_CS].base = (new_cs << 4);
2535 if (env->eflags & VM_MASK)
2536 eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | RF_MASK | NT_MASK;
2538 eflags_mask = TF_MASK | AC_MASK | ID_MASK | IF_MASK | IOPL_MASK | RF_MASK | NT_MASK;
2540 eflags_mask &= 0xffff;
2541 load_eflags(new_eflags, eflags_mask);
2542 env->hflags2 &= ~HF2_NMI_MASK;
2545 static inline void validate_seg(int seg_reg, int cpl)
2550 /* XXX: on x86_64, we do not want to nullify FS and GS because
2551 they may still contain a valid base. I would be interested to
2552 know how a real x86_64 CPU behaves */
2553 if ((seg_reg == R_FS || seg_reg == R_GS) &&
2554 (env->segs[seg_reg].selector & 0xfffc) == 0)
2557 e2 = env->segs[seg_reg].flags;
2558 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2559 if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
2560 /* data or non conforming code segment */
2562 cpu_x86_load_seg_cache(env, seg_reg, 0, 0, 0, 0);
2567 /* protected mode iret */
2568 static inline void helper_ret_protected(int shift, int is_iret, int addend)
2570 uint32_t new_cs, new_eflags, new_ss;
2571 uint32_t new_es, new_ds, new_fs, new_gs;
2572 uint32_t e1, e2, ss_e1, ss_e2;
2573 int cpl, dpl, rpl, eflags_mask, iopl;
2574 target_ulong ssp, sp, new_eip, new_esp, sp_mask;
2576 #ifdef TARGET_X86_64
2581 sp_mask = get_sp_mask(env->segs[R_SS].flags);
2583 ssp = env->segs[R_SS].base;
2584 new_eflags = 0; /* avoid warning */
2585 #ifdef TARGET_X86_64
2591 POPQ(sp, new_eflags);
2597 POPL(ssp, sp, sp_mask, new_eip);
2598 POPL(ssp, sp, sp_mask, new_cs);
2601 POPL(ssp, sp, sp_mask, new_eflags);
2602 if (new_eflags & VM_MASK)
2603 goto return_to_vm86;
2607 POPW(ssp, sp, sp_mask, new_eip);
2608 POPW(ssp, sp, sp_mask, new_cs);
2610 POPW(ssp, sp, sp_mask, new_eflags);
2612 LOG_PCALL("lret new %04x:" TARGET_FMT_lx " s=%d addend=0x%x\n",
2613 new_cs, new_eip, shift, addend);
2614 LOG_PCALL_STATE(env);
2615 if ((new_cs & 0xfffc) == 0)
2616 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2617 if (load_segment(&e1, &e2, new_cs) != 0)
2618 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2619 if (!(e2 & DESC_S_MASK) ||
2620 !(e2 & DESC_CS_MASK))
2621 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2622 cpl = env->hflags & HF_CPL_MASK;
2625 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2626 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
2627 if (e2 & DESC_C_MASK) {
2629 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2632 raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
2634 if (!(e2 & DESC_P_MASK))
2635 raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
2638 if (rpl == cpl && (!(env->hflags & HF_CS64_MASK) ||
2639 ((env->hflags & HF_CS64_MASK) && !is_iret))) {
2640 /* return to same privilege level */
2641 cpu_x86_load_seg_cache(env, R_CS, new_cs,
2642 get_seg_base(e1, e2),
2643 get_seg_limit(e1, e2),
2646 /* return to different privilege level */
2647 #ifdef TARGET_X86_64
2656 POPL(ssp, sp, sp_mask, new_esp);
2657 POPL(ssp, sp, sp_mask, new_ss);
2661 POPW(ssp, sp, sp_mask, new_esp);
2662 POPW(ssp, sp, sp_mask, new_ss);
2664 LOG_PCALL("new ss:esp=%04x:" TARGET_FMT_lx "\n",
2666 if ((new_ss & 0xfffc) == 0) {
2667 #ifdef TARGET_X86_64
2668 /* NULL ss is allowed in long mode if cpl != 3*/
2669 /* XXX: test CS64 ? */
2670 if ((env->hflags & HF_LMA_MASK) && rpl != 3) {
2671 cpu_x86_load_seg_cache(env, R_SS, new_ss,
2673 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2674 DESC_S_MASK | (rpl << DESC_DPL_SHIFT) |
2675 DESC_W_MASK | DESC_A_MASK);
2676 ss_e2 = DESC_B_MASK; /* XXX: should not be needed ? */
2680 raise_exception_err(EXCP0D_GPF, 0);
2683 if ((new_ss & 3) != rpl)
2684 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2685 if (load_segment(&ss_e1, &ss_e2, new_ss) != 0)
2686 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2687 if (!(ss_e2 & DESC_S_MASK) ||
2688 (ss_e2 & DESC_CS_MASK) ||
2689 !(ss_e2 & DESC_W_MASK))
2690 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2691 dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
2693 raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
2694 if (!(ss_e2 & DESC_P_MASK))
2695 raise_exception_err(EXCP0B_NOSEG, new_ss & 0xfffc);
2696 cpu_x86_load_seg_cache(env, R_SS, new_ss,
2697 get_seg_base(ss_e1, ss_e2),
2698 get_seg_limit(ss_e1, ss_e2),
2702 cpu_x86_load_seg_cache(env, R_CS, new_cs,
2703 get_seg_base(e1, e2),
2704 get_seg_limit(e1, e2),
2706 cpu_x86_set_cpl(env, rpl);
2708 #ifdef TARGET_X86_64
2709 if (env->hflags & HF_CS64_MASK)
2713 sp_mask = get_sp_mask(ss_e2);
2715 /* validate data segments */
2716 validate_seg(R_ES, rpl);
2717 validate_seg(R_DS, rpl);
2718 validate_seg(R_FS, rpl);
2719 validate_seg(R_GS, rpl);
2723 SET_ESP(sp, sp_mask);
2726 /* NOTE: 'cpl' is the _old_ CPL */
2727 eflags_mask = TF_MASK | AC_MASK | ID_MASK | RF_MASK | NT_MASK;
2729 eflags_mask |= IOPL_MASK;
2730 iopl = (env->eflags >> IOPL_SHIFT) & 3;
2732 eflags_mask |= IF_MASK;
2734 eflags_mask &= 0xffff;
2735 load_eflags(new_eflags, eflags_mask);
2740 POPL(ssp, sp, sp_mask, new_esp);
2741 POPL(ssp, sp, sp_mask, new_ss);
2742 POPL(ssp, sp, sp_mask, new_es);
2743 POPL(ssp, sp, sp_mask, new_ds);
2744 POPL(ssp, sp, sp_mask, new_fs);
2745 POPL(ssp, sp, sp_mask, new_gs);
2747 /* modify processor state */
2748 load_eflags(new_eflags, TF_MASK | AC_MASK | ID_MASK |
2749 IF_MASK | IOPL_MASK | VM_MASK | NT_MASK | VIF_MASK | VIP_MASK);
2750 load_seg_vm(R_CS, new_cs & 0xffff);
2751 cpu_x86_set_cpl(env, 3);
2752 load_seg_vm(R_SS, new_ss & 0xffff);
2753 load_seg_vm(R_ES, new_es & 0xffff);
2754 load_seg_vm(R_DS, new_ds & 0xffff);
2755 load_seg_vm(R_FS, new_fs & 0xffff);
2756 load_seg_vm(R_GS, new_gs & 0xffff);
2758 env->eip = new_eip & 0xffff;
2762 void helper_iret_protected(int shift, int next_eip)
2764 int tss_selector, type;
2767 /* specific case for TSS */
2768 if (env->eflags & NT_MASK) {
2769 #ifdef TARGET_X86_64
2770 if (env->hflags & HF_LMA_MASK)
2771 raise_exception_err(EXCP0D_GPF, 0);
2773 tss_selector = lduw_kernel(env->tr.base + 0);
2774 if (tss_selector & 4)
2775 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2776 if (load_segment(&e1, &e2, tss_selector) != 0)
2777 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2778 type = (e2 >> DESC_TYPE_SHIFT) & 0x17;
2779 /* NOTE: we check both segment and busy TSS */
2781 raise_exception_err(EXCP0A_TSS, tss_selector & 0xfffc);
2782 switch_tss(tss_selector, e1, e2, SWITCH_TSS_IRET, next_eip);
2784 helper_ret_protected(shift, 1, 0);
2786 env->hflags2 &= ~HF2_NMI_MASK;
2789 void helper_lret_protected(int shift, int addend)
2791 helper_ret_protected(shift, 0, addend);
2794 void helper_sysenter(void)
2796 if (env->sysenter_cs == 0) {
2797 raise_exception_err(EXCP0D_GPF, 0);
2799 env->eflags &= ~(VM_MASK | IF_MASK | RF_MASK);
2800 cpu_x86_set_cpl(env, 0);
2802 #ifdef TARGET_X86_64
2803 if (env->hflags & HF_LMA_MASK) {
2804 cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2806 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2808 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
2812 cpu_x86_load_seg_cache(env, R_CS, env->sysenter_cs & 0xfffc,
2814 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2816 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2818 cpu_x86_load_seg_cache(env, R_SS, (env->sysenter_cs + 8) & 0xfffc,
2820 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2822 DESC_W_MASK | DESC_A_MASK);
2823 ESP = env->sysenter_esp;
2824 EIP = env->sysenter_eip;
2827 void helper_sysexit(int dflag)
2831 cpl = env->hflags & HF_CPL_MASK;
2832 if (env->sysenter_cs == 0 || cpl != 0) {
2833 raise_exception_err(EXCP0D_GPF, 0);
2835 cpu_x86_set_cpl(env, 3);
2836 #ifdef TARGET_X86_64
2838 cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 32) & 0xfffc) | 3,
2840 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2841 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2842 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK | DESC_L_MASK);
2843 cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 40) & 0xfffc) | 3,
2845 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2846 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2847 DESC_W_MASK | DESC_A_MASK);
2851 cpu_x86_load_seg_cache(env, R_CS, ((env->sysenter_cs + 16) & 0xfffc) | 3,
2853 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2854 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2855 DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
2856 cpu_x86_load_seg_cache(env, R_SS, ((env->sysenter_cs + 24) & 0xfffc) | 3,
2858 DESC_G_MASK | DESC_B_MASK | DESC_P_MASK |
2859 DESC_S_MASK | (3 << DESC_DPL_SHIFT) |
2860 DESC_W_MASK | DESC_A_MASK);
2866 #if defined(CONFIG_USER_ONLY)
2867 target_ulong helper_read_crN(int reg)
2872 void helper_write_crN(int reg, target_ulong t0)
2876 void helper_movl_drN_T0(int reg, target_ulong t0)
2880 target_ulong helper_read_crN(int reg)
2884 helper_svm_check_intercept_param(SVM_EXIT_READ_CR0 + reg, 0);
2890 if (!(env->hflags2 & HF2_VINTR_MASK)) {
2891 val = cpu_get_apic_tpr(env);
2900 void helper_write_crN(int reg, target_ulong t0)
2902 helper_svm_check_intercept_param(SVM_EXIT_WRITE_CR0 + reg, 0);
2905 cpu_x86_update_cr0(env, t0);
2908 cpu_x86_update_cr3(env, t0);
2911 cpu_x86_update_cr4(env, t0);
2914 if (!(env->hflags2 & HF2_VINTR_MASK)) {
2915 cpu_set_apic_tpr(env, t0);
2917 env->v_tpr = t0 & 0x0f;
2925 void helper_movl_drN_T0(int reg, target_ulong t0)
2930 hw_breakpoint_remove(env, reg);
2932 hw_breakpoint_insert(env, reg);
2933 } else if (reg == 7) {
2934 for (i = 0; i < 4; i++)
2935 hw_breakpoint_remove(env, i);
2937 for (i = 0; i < 4; i++)
2938 hw_breakpoint_insert(env, i);
2944 void helper_lmsw(target_ulong t0)
2946 /* only 4 lower bits of CR0 are modified. PE cannot be set to zero
2947 if already set to one. */
2948 t0 = (env->cr[0] & ~0xe) | (t0 & 0xf);
2949 helper_write_crN(0, t0);
2952 void helper_clts(void)
2954 env->cr[0] &= ~CR0_TS_MASK;
2955 env->hflags &= ~HF_TS_MASK;
2958 void helper_invlpg(target_ulong addr)
2960 helper_svm_check_intercept_param(SVM_EXIT_INVLPG, 0);
2961 tlb_flush_page(env, addr);
2964 void helper_rdtsc(void)
2968 if ((env->cr[4] & CR4_TSD_MASK) && ((env->hflags & HF_CPL_MASK) != 0)) {
2969 raise_exception(EXCP0D_GPF);
2971 helper_svm_check_intercept_param(SVM_EXIT_RDTSC, 0);
2973 val = cpu_get_tsc(env) + env->tsc_offset;
2974 EAX = (uint32_t)(val);
2975 EDX = (uint32_t)(val >> 32);
2978 void helper_rdtscp(void)
2981 ECX = (uint32_t)(env->tsc_aux);
2984 void helper_rdpmc(void)
2986 if ((env->cr[4] & CR4_PCE_MASK) && ((env->hflags & HF_CPL_MASK) != 0)) {
2987 raise_exception(EXCP0D_GPF);
2989 helper_svm_check_intercept_param(SVM_EXIT_RDPMC, 0);
2991 /* currently unimplemented */
2992 raise_exception_err(EXCP06_ILLOP, 0);
2995 #if defined(CONFIG_USER_ONLY)
2996 void helper_wrmsr(void)
3000 void helper_rdmsr(void)
3004 void helper_wrmsr(void)
3008 helper_svm_check_intercept_param(SVM_EXIT_MSR, 1);
3010 val = ((uint32_t)EAX) | ((uint64_t)((uint32_t)EDX) << 32);
3012 switch((uint32_t)ECX) {
3013 case MSR_IA32_SYSENTER_CS:
3014 env->sysenter_cs = val & 0xffff;
3016 case MSR_IA32_SYSENTER_ESP:
3017 env->sysenter_esp = val;
3019 case MSR_IA32_SYSENTER_EIP:
3020 env->sysenter_eip = val;
3022 case MSR_IA32_APICBASE:
3023 cpu_set_apic_base(env, val);
3027 uint64_t update_mask;
3029 if (env->cpuid_ext2_features & CPUID_EXT2_SYSCALL)
3030 update_mask |= MSR_EFER_SCE;
3031 if (env->cpuid_ext2_features & CPUID_EXT2_LM)
3032 update_mask |= MSR_EFER_LME;
3033 if (env->cpuid_ext2_features & CPUID_EXT2_FFXSR)
3034 update_mask |= MSR_EFER_FFXSR;
3035 if (env->cpuid_ext2_features & CPUID_EXT2_NX)
3036 update_mask |= MSR_EFER_NXE;
3037 if (env->cpuid_ext3_features & CPUID_EXT3_SVM)
3038 update_mask |= MSR_EFER_SVME;
3039 if (env->cpuid_ext2_features & CPUID_EXT2_FFXSR)
3040 update_mask |= MSR_EFER_FFXSR;
3041 cpu_load_efer(env, (env->efer & ~update_mask) |
3042 (val & update_mask));
3051 case MSR_VM_HSAVE_PA:
3052 env->vm_hsave = val;
3054 #ifdef TARGET_X86_64
3065 env->segs[R_FS].base = val;
3068 env->segs[R_GS].base = val;
3070 case MSR_KERNELGSBASE:
3071 env->kernelgsbase = val;
3074 case MSR_MTRRphysBase(0):
3075 case MSR_MTRRphysBase(1):
3076 case MSR_MTRRphysBase(2):
3077 case MSR_MTRRphysBase(3):
3078 case MSR_MTRRphysBase(4):
3079 case MSR_MTRRphysBase(5):
3080 case MSR_MTRRphysBase(6):
3081 case MSR_MTRRphysBase(7):
3082 env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysBase(0)) / 2].base = val;
3084 case MSR_MTRRphysMask(0):
3085 case MSR_MTRRphysMask(1):
3086 case MSR_MTRRphysMask(2):
3087 case MSR_MTRRphysMask(3):
3088 case MSR_MTRRphysMask(4):
3089 case MSR_MTRRphysMask(5):
3090 case MSR_MTRRphysMask(6):
3091 case MSR_MTRRphysMask(7):
3092 env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysMask(0)) / 2].mask = val;
3094 case MSR_MTRRfix64K_00000:
3095 env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix64K_00000] = val;
3097 case MSR_MTRRfix16K_80000:
3098 case MSR_MTRRfix16K_A0000:
3099 env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix16K_80000 + 1] = val;
3101 case MSR_MTRRfix4K_C0000:
3102 case MSR_MTRRfix4K_C8000:
3103 case MSR_MTRRfix4K_D0000:
3104 case MSR_MTRRfix4K_D8000:
3105 case MSR_MTRRfix4K_E0000:
3106 case MSR_MTRRfix4K_E8000:
3107 case MSR_MTRRfix4K_F0000:
3108 case MSR_MTRRfix4K_F8000:
3109 env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix4K_C0000 + 3] = val;
3111 case MSR_MTRRdefType:
3112 env->mtrr_deftype = val;
3114 case MSR_MCG_STATUS:
3115 env->mcg_status = val;
3118 if ((env->mcg_cap & MCG_CTL_P)
3119 && (val == 0 || val == ~(uint64_t)0))
3126 if ((uint32_t)ECX >= MSR_MC0_CTL
3127 && (uint32_t)ECX < MSR_MC0_CTL + (4 * env->mcg_cap & 0xff)) {
3128 uint32_t offset = (uint32_t)ECX - MSR_MC0_CTL;
3129 if ((offset & 0x3) != 0
3130 || (val == 0 || val == ~(uint64_t)0))
3131 env->mce_banks[offset] = val;
3134 /* XXX: exception ? */
3139 void helper_rdmsr(void)
3143 helper_svm_check_intercept_param(SVM_EXIT_MSR, 0);
3145 switch((uint32_t)ECX) {
3146 case MSR_IA32_SYSENTER_CS:
3147 val = env->sysenter_cs;
3149 case MSR_IA32_SYSENTER_ESP:
3150 val = env->sysenter_esp;
3152 case MSR_IA32_SYSENTER_EIP:
3153 val = env->sysenter_eip;
3155 case MSR_IA32_APICBASE:
3156 val = cpu_get_apic_base(env);
3167 case MSR_VM_HSAVE_PA:
3168 val = env->vm_hsave;
3170 case MSR_IA32_PERF_STATUS:
3171 /* tsc_increment_by_tick */
3173 /* CPU multiplier */
3174 val |= (((uint64_t)4ULL) << 40);
3176 #ifdef TARGET_X86_64
3187 val = env->segs[R_FS].base;
3190 val = env->segs[R_GS].base;
3192 case MSR_KERNELGSBASE:
3193 val = env->kernelgsbase;
3199 case MSR_MTRRphysBase(0):
3200 case MSR_MTRRphysBase(1):
3201 case MSR_MTRRphysBase(2):
3202 case MSR_MTRRphysBase(3):
3203 case MSR_MTRRphysBase(4):
3204 case MSR_MTRRphysBase(5):
3205 case MSR_MTRRphysBase(6):
3206 case MSR_MTRRphysBase(7):
3207 val = env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysBase(0)) / 2].base;
3209 case MSR_MTRRphysMask(0):
3210 case MSR_MTRRphysMask(1):
3211 case MSR_MTRRphysMask(2):
3212 case MSR_MTRRphysMask(3):
3213 case MSR_MTRRphysMask(4):
3214 case MSR_MTRRphysMask(5):
3215 case MSR_MTRRphysMask(6):
3216 case MSR_MTRRphysMask(7):
3217 val = env->mtrr_var[((uint32_t)ECX - MSR_MTRRphysMask(0)) / 2].mask;
3219 case MSR_MTRRfix64K_00000:
3220 val = env->mtrr_fixed[0];
3222 case MSR_MTRRfix16K_80000:
3223 case MSR_MTRRfix16K_A0000:
3224 val = env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix16K_80000 + 1];
3226 case MSR_MTRRfix4K_C0000:
3227 case MSR_MTRRfix4K_C8000:
3228 case MSR_MTRRfix4K_D0000:
3229 case MSR_MTRRfix4K_D8000:
3230 case MSR_MTRRfix4K_E0000:
3231 case MSR_MTRRfix4K_E8000:
3232 case MSR_MTRRfix4K_F0000:
3233 case MSR_MTRRfix4K_F8000:
3234 val = env->mtrr_fixed[(uint32_t)ECX - MSR_MTRRfix4K_C0000 + 3];
3236 case MSR_MTRRdefType:
3237 val = env->mtrr_deftype;
3240 if (env->cpuid_features & CPUID_MTRR)
3241 val = MSR_MTRRcap_VCNT | MSR_MTRRcap_FIXRANGE_SUPPORT | MSR_MTRRcap_WC_SUPPORTED;
3243 /* XXX: exception ? */
3250 if (env->mcg_cap & MCG_CTL_P)
3255 case MSR_MCG_STATUS:
3256 val = env->mcg_status;
3259 if ((uint32_t)ECX >= MSR_MC0_CTL
3260 && (uint32_t)ECX < MSR_MC0_CTL + (4 * env->mcg_cap & 0xff)) {
3261 uint32_t offset = (uint32_t)ECX - MSR_MC0_CTL;
3262 val = env->mce_banks[offset];
3265 /* XXX: exception ? */
3269 EAX = (uint32_t)(val);
3270 EDX = (uint32_t)(val >> 32);
3274 target_ulong helper_lsl(target_ulong selector1)
3277 uint32_t e1, e2, eflags, selector;
3278 int rpl, dpl, cpl, type;
3280 selector = selector1 & 0xffff;
3281 eflags = helper_cc_compute_all(CC_OP);
3282 if ((selector & 0xfffc) == 0)
3284 if (load_segment(&e1, &e2, selector) != 0)
3287 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3288 cpl = env->hflags & HF_CPL_MASK;
3289 if (e2 & DESC_S_MASK) {
3290 if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
3293 if (dpl < cpl || dpl < rpl)
3297 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
3308 if (dpl < cpl || dpl < rpl) {
3310 CC_SRC = eflags & ~CC_Z;
3314 limit = get_seg_limit(e1, e2);
3315 CC_SRC = eflags | CC_Z;
3319 target_ulong helper_lar(target_ulong selector1)
3321 uint32_t e1, e2, eflags, selector;
3322 int rpl, dpl, cpl, type;
3324 selector = selector1 & 0xffff;
3325 eflags = helper_cc_compute_all(CC_OP);
3326 if ((selector & 0xfffc) == 0)
3328 if (load_segment(&e1, &e2, selector) != 0)
3331 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3332 cpl = env->hflags & HF_CPL_MASK;
3333 if (e2 & DESC_S_MASK) {
3334 if ((e2 & DESC_CS_MASK) && (e2 & DESC_C_MASK)) {
3337 if (dpl < cpl || dpl < rpl)
3341 type = (e2 >> DESC_TYPE_SHIFT) & 0xf;
3355 if (dpl < cpl || dpl < rpl) {
3357 CC_SRC = eflags & ~CC_Z;
3361 CC_SRC = eflags | CC_Z;
3362 return e2 & 0x00f0ff00;
3365 void helper_verr(target_ulong selector1)
3367 uint32_t e1, e2, eflags, selector;
3370 selector = selector1 & 0xffff;
3371 eflags = helper_cc_compute_all(CC_OP);
3372 if ((selector & 0xfffc) == 0)
3374 if (load_segment(&e1, &e2, selector) != 0)
3376 if (!(e2 & DESC_S_MASK))
3379 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3380 cpl = env->hflags & HF_CPL_MASK;
3381 if (e2 & DESC_CS_MASK) {
3382 if (!(e2 & DESC_R_MASK))
3384 if (!(e2 & DESC_C_MASK)) {
3385 if (dpl < cpl || dpl < rpl)
3389 if (dpl < cpl || dpl < rpl) {
3391 CC_SRC = eflags & ~CC_Z;
3395 CC_SRC = eflags | CC_Z;
3398 void helper_verw(target_ulong selector1)
3400 uint32_t e1, e2, eflags, selector;
3403 selector = selector1 & 0xffff;
3404 eflags = helper_cc_compute_all(CC_OP);
3405 if ((selector & 0xfffc) == 0)
3407 if (load_segment(&e1, &e2, selector) != 0)
3409 if (!(e2 & DESC_S_MASK))
3412 dpl = (e2 >> DESC_DPL_SHIFT) & 3;
3413 cpl = env->hflags & HF_CPL_MASK;
3414 if (e2 & DESC_CS_MASK) {
3417 if (dpl < cpl || dpl < rpl)
3419 if (!(e2 & DESC_W_MASK)) {
3421 CC_SRC = eflags & ~CC_Z;
3425 CC_SRC = eflags | CC_Z;
3428 /* x87 FPU helpers */
3430 static void fpu_set_exception(int mask)
3433 if (env->fpus & (~env->fpuc & FPUC_EM))
3434 env->fpus |= FPUS_SE | FPUS_B;
3437 static inline CPU86_LDouble helper_fdiv(CPU86_LDouble a, CPU86_LDouble b)
3440 fpu_set_exception(FPUS_ZE);
3444 static void fpu_raise_exception(void)
3446 if (env->cr[0] & CR0_NE_MASK) {
3447 raise_exception(EXCP10_COPR);
3449 #if !defined(CONFIG_USER_ONLY)
3456 void helper_flds_FT0(uint32_t val)
3463 FT0 = float32_to_floatx(u.f, &env->fp_status);
3466 void helper_fldl_FT0(uint64_t val)
3473 FT0 = float64_to_floatx(u.f, &env->fp_status);
3476 void helper_fildl_FT0(int32_t val)
3478 FT0 = int32_to_floatx(val, &env->fp_status);
3481 void helper_flds_ST0(uint32_t val)
3488 new_fpstt = (env->fpstt - 1) & 7;
3490 env->fpregs[new_fpstt].d = float32_to_floatx(u.f, &env->fp_status);
3491 env->fpstt = new_fpstt;
3492 env->fptags[new_fpstt] = 0; /* validate stack entry */
3495 void helper_fldl_ST0(uint64_t val)
3502 new_fpstt = (env->fpstt - 1) & 7;
3504 env->fpregs[new_fpstt].d = float64_to_floatx(u.f, &env->fp_status);
3505 env->fpstt = new_fpstt;
3506 env->fptags[new_fpstt] = 0; /* validate stack entry */
3509 void helper_fildl_ST0(int32_t val)
3512 new_fpstt = (env->fpstt - 1) & 7;
3513 env->fpregs[new_fpstt].d = int32_to_floatx(val, &env->fp_status);
3514 env->fpstt = new_fpstt;
3515 env->fptags[new_fpstt] = 0; /* validate stack entry */
3518 void helper_fildll_ST0(int64_t val)
3521 new_fpstt = (env->fpstt - 1) & 7;
3522 env->fpregs[new_fpstt].d = int64_to_floatx(val, &env->fp_status);
3523 env->fpstt = new_fpstt;
3524 env->fptags[new_fpstt] = 0; /* validate stack entry */
3527 uint32_t helper_fsts_ST0(void)
3533 u.f = floatx_to_float32(ST0, &env->fp_status);
3537 uint64_t helper_fstl_ST0(void)
3543 u.f = floatx_to_float64(ST0, &env->fp_status);
3547 int32_t helper_fist_ST0(void)
3550 val = floatx_to_int32(ST0, &env->fp_status);
3551 if (val != (int16_t)val)
3556 int32_t helper_fistl_ST0(void)
3559 val = floatx_to_int32(ST0, &env->fp_status);
3563 int64_t helper_fistll_ST0(void)
3566 val = floatx_to_int64(ST0, &env->fp_status);
3570 int32_t helper_fistt_ST0(void)
3573 val = floatx_to_int32_round_to_zero(ST0, &env->fp_status);
3574 if (val != (int16_t)val)
3579 int32_t helper_fisttl_ST0(void)
3582 val = floatx_to_int32_round_to_zero(ST0, &env->fp_status);
3586 int64_t helper_fisttll_ST0(void)
3589 val = floatx_to_int64_round_to_zero(ST0, &env->fp_status);
3593 void helper_fldt_ST0(target_ulong ptr)
3596 new_fpstt = (env->fpstt - 1) & 7;
3597 env->fpregs[new_fpstt].d = helper_fldt(ptr);
3598 env->fpstt = new_fpstt;
3599 env->fptags[new_fpstt] = 0; /* validate stack entry */
3602 void helper_fstt_ST0(target_ulong ptr)
3604 helper_fstt(ST0, ptr);
3607 void helper_fpush(void)
3612 void helper_fpop(void)
3617 void helper_fdecstp(void)
3619 env->fpstt = (env->fpstt - 1) & 7;
3620 env->fpus &= (~0x4700);
3623 void helper_fincstp(void)
3625 env->fpstt = (env->fpstt + 1) & 7;
3626 env->fpus &= (~0x4700);
3631 void helper_ffree_STN(int st_index)
3633 env->fptags[(env->fpstt + st_index) & 7] = 1;
3636 void helper_fmov_ST0_FT0(void)
3641 void helper_fmov_FT0_STN(int st_index)
3646 void helper_fmov_ST0_STN(int st_index)
3651 void helper_fmov_STN_ST0(int st_index)
3656 void helper_fxchg_ST0_STN(int st_index)
3664 /* FPU operations */
3666 static const int fcom_ccval[4] = {0x0100, 0x4000, 0x0000, 0x4500};
3668 void helper_fcom_ST0_FT0(void)
3672 ret = floatx_compare(ST0, FT0, &env->fp_status);
3673 env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret + 1];
3676 void helper_fucom_ST0_FT0(void)
3680 ret = floatx_compare_quiet(ST0, FT0, &env->fp_status);
3681 env->fpus = (env->fpus & ~0x4500) | fcom_ccval[ret+ 1];
3684 static const int fcomi_ccval[4] = {CC_C, CC_Z, 0, CC_Z | CC_P | CC_C};
3686 void helper_fcomi_ST0_FT0(void)
3691 ret = floatx_compare(ST0, FT0, &env->fp_status);
3692 eflags = helper_cc_compute_all(CC_OP);
3693 eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
3697 void helper_fucomi_ST0_FT0(void)
3702 ret = floatx_compare_quiet(ST0, FT0, &env->fp_status);
3703 eflags = helper_cc_compute_all(CC_OP);
3704 eflags = (eflags & ~(CC_Z | CC_P | CC_C)) | fcomi_ccval[ret + 1];
3708 void helper_fadd_ST0_FT0(void)
3713 void helper_fmul_ST0_FT0(void)
3718 void helper_fsub_ST0_FT0(void)
3723 void helper_fsubr_ST0_FT0(void)
3728 void helper_fdiv_ST0_FT0(void)
3730 ST0 = helper_fdiv(ST0, FT0);
3733 void helper_fdivr_ST0_FT0(void)
3735 ST0 = helper_fdiv(FT0, ST0);
3738 /* fp operations between STN and ST0 */
3740 void helper_fadd_STN_ST0(int st_index)
3742 ST(st_index) += ST0;
3745 void helper_fmul_STN_ST0(int st_index)
3747 ST(st_index) *= ST0;
3750 void helper_fsub_STN_ST0(int st_index)
3752 ST(st_index) -= ST0;
3755 void helper_fsubr_STN_ST0(int st_index)
3762 void helper_fdiv_STN_ST0(int st_index)
3766 *p = helper_fdiv(*p, ST0);
3769 void helper_fdivr_STN_ST0(int st_index)
3773 *p = helper_fdiv(ST0, *p);
3776 /* misc FPU operations */
3777 void helper_fchs_ST0(void)
3779 ST0 = floatx_chs(ST0);
3782 void helper_fabs_ST0(void)
3784 ST0 = floatx_abs(ST0);
3787 void helper_fld1_ST0(void)
3792 void helper_fldl2t_ST0(void)
3797 void helper_fldl2e_ST0(void)
3802 void helper_fldpi_ST0(void)
3807 void helper_fldlg2_ST0(void)
3812 void helper_fldln2_ST0(void)
3817 void helper_fldz_ST0(void)
3822 void helper_fldz_FT0(void)
3827 uint32_t helper_fnstsw(void)
3829 return (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
3832 uint32_t helper_fnstcw(void)
3837 static void update_fp_status(void)
3841 /* set rounding mode */
3842 switch(env->fpuc & RC_MASK) {
3845 rnd_type = float_round_nearest_even;
3848 rnd_type = float_round_down;
3851 rnd_type = float_round_up;
3854 rnd_type = float_round_to_zero;
3857 set_float_rounding_mode(rnd_type, &env->fp_status);
3859 switch((env->fpuc >> 8) & 3) {
3871 set_floatx80_rounding_precision(rnd_type, &env->fp_status);
3875 void helper_fldcw(uint32_t val)
3881 void helper_fclex(void)
3883 env->fpus &= 0x7f00;
3886 void helper_fwait(void)
3888 if (env->fpus & FPUS_SE)
3889 fpu_raise_exception();
3892 void helper_fninit(void)
3909 void helper_fbld_ST0(target_ulong ptr)
3917 for(i = 8; i >= 0; i--) {
3919 val = (val * 100) + ((v >> 4) * 10) + (v & 0xf);
3922 if (ldub(ptr + 9) & 0x80)
3928 void helper_fbst_ST0(target_ulong ptr)
3931 target_ulong mem_ref, mem_end;
3934 val = floatx_to_int64(ST0, &env->fp_status);
3936 mem_end = mem_ref + 9;
3943 while (mem_ref < mem_end) {
3948 v = ((v / 10) << 4) | (v % 10);
3951 while (mem_ref < mem_end) {
3956 void helper_f2xm1(void)
3958 ST0 = pow(2.0,ST0) - 1.0;
3961 void helper_fyl2x(void)
3963 CPU86_LDouble fptemp;
3967 fptemp = log(fptemp)/log(2.0); /* log2(ST) */
3971 env->fpus &= (~0x4700);
3976 void helper_fptan(void)
3978 CPU86_LDouble fptemp;
3981 if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
3987 env->fpus &= (~0x400); /* C2 <-- 0 */
3988 /* the above code is for |arg| < 2**52 only */
3992 void helper_fpatan(void)
3994 CPU86_LDouble fptemp, fpsrcop;
3998 ST1 = atan2(fpsrcop,fptemp);
4002 void helper_fxtract(void)
4004 CPU86_LDoubleU temp;
4005 unsigned int expdif;
4008 expdif = EXPD(temp) - EXPBIAS;
4009 /*DP exponent bias*/
4016 void helper_fprem1(void)
4018 CPU86_LDouble dblq, fpsrcop, fptemp;
4019 CPU86_LDoubleU fpsrcop1, fptemp1;
4021 signed long long int q;
4023 if (isinf(ST0) || isnan(ST0) || isnan(ST1) || (ST1 == 0.0)) {
4024 ST0 = 0.0 / 0.0; /* NaN */
4025 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4031 fpsrcop1.d = fpsrcop;
4033 expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
4036 /* optimisation? taken from the AMD docs */
4037 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4038 /* ST0 is unchanged */
4043 dblq = fpsrcop / fptemp;
4044 /* round dblq towards nearest integer */
4046 ST0 = fpsrcop - fptemp * dblq;
4048 /* convert dblq to q by truncating towards zero */
4050 q = (signed long long int)(-dblq);
4052 q = (signed long long int)dblq;
4054 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4055 /* (C0,C3,C1) <-- (q2,q1,q0) */
4056 env->fpus |= (q & 0x4) << (8 - 2); /* (C0) <-- q2 */
4057 env->fpus |= (q & 0x2) << (14 - 1); /* (C3) <-- q1 */
4058 env->fpus |= (q & 0x1) << (9 - 0); /* (C1) <-- q0 */
4060 env->fpus |= 0x400; /* C2 <-- 1 */
4061 fptemp = pow(2.0, expdif - 50);
4062 fpsrcop = (ST0 / ST1) / fptemp;
4063 /* fpsrcop = integer obtained by chopping */
4064 fpsrcop = (fpsrcop < 0.0) ?
4065 -(floor(fabs(fpsrcop))) : floor(fpsrcop);
4066 ST0 -= (ST1 * fpsrcop * fptemp);
4070 void helper_fprem(void)
4072 CPU86_LDouble dblq, fpsrcop, fptemp;
4073 CPU86_LDoubleU fpsrcop1, fptemp1;
4075 signed long long int q;
4077 if (isinf(ST0) || isnan(ST0) || isnan(ST1) || (ST1 == 0.0)) {
4078 ST0 = 0.0 / 0.0; /* NaN */
4079 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4083 fpsrcop = (CPU86_LDouble)ST0;
4084 fptemp = (CPU86_LDouble)ST1;
4085 fpsrcop1.d = fpsrcop;
4087 expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
4090 /* optimisation? taken from the AMD docs */
4091 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4092 /* ST0 is unchanged */
4096 if ( expdif < 53 ) {
4097 dblq = fpsrcop/*ST0*/ / fptemp/*ST1*/;
4098 /* round dblq towards zero */
4099 dblq = (dblq < 0.0) ? ceil(dblq) : floor(dblq);
4100 ST0 = fpsrcop/*ST0*/ - fptemp * dblq;
4102 /* convert dblq to q by truncating towards zero */
4104 q = (signed long long int)(-dblq);
4106 q = (signed long long int)dblq;
4108 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4109 /* (C0,C3,C1) <-- (q2,q1,q0) */
4110 env->fpus |= (q & 0x4) << (8 - 2); /* (C0) <-- q2 */
4111 env->fpus |= (q & 0x2) << (14 - 1); /* (C3) <-- q1 */
4112 env->fpus |= (q & 0x1) << (9 - 0); /* (C1) <-- q0 */
4114 int N = 32 + (expdif % 32); /* as per AMD docs */
4115 env->fpus |= 0x400; /* C2 <-- 1 */
4116 fptemp = pow(2.0, (double)(expdif - N));
4117 fpsrcop = (ST0 / ST1) / fptemp;
4118 /* fpsrcop = integer obtained by chopping */
4119 fpsrcop = (fpsrcop < 0.0) ?
4120 -(floor(fabs(fpsrcop))) : floor(fpsrcop);
4121 ST0 -= (ST1 * fpsrcop * fptemp);
4125 void helper_fyl2xp1(void)
4127 CPU86_LDouble fptemp;
4130 if ((fptemp+1.0)>0.0) {
4131 fptemp = log(fptemp+1.0) / log(2.0); /* log2(ST+1.0) */
4135 env->fpus &= (~0x4700);
4140 void helper_fsqrt(void)
4142 CPU86_LDouble fptemp;
4146 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4152 void helper_fsincos(void)
4154 CPU86_LDouble fptemp;
4157 if ((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4163 env->fpus &= (~0x400); /* C2 <-- 0 */
4164 /* the above code is for |arg| < 2**63 only */
4168 void helper_frndint(void)
4170 ST0 = floatx_round_to_int(ST0, &env->fp_status);
4173 void helper_fscale(void)
4175 ST0 = ldexp (ST0, (int)(ST1));
4178 void helper_fsin(void)
4180 CPU86_LDouble fptemp;
4183 if ((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4187 env->fpus &= (~0x400); /* C2 <-- 0 */
4188 /* the above code is for |arg| < 2**53 only */
4192 void helper_fcos(void)
4194 CPU86_LDouble fptemp;
4197 if((fptemp > MAXTAN)||(fptemp < -MAXTAN)) {
4201 env->fpus &= (~0x400); /* C2 <-- 0 */
4202 /* the above code is for |arg5 < 2**63 only */
4206 void helper_fxam_ST0(void)
4208 CPU86_LDoubleU temp;
4213 env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
4215 env->fpus |= 0x200; /* C1 <-- 1 */
4217 /* XXX: test fptags too */
4218 expdif = EXPD(temp);
4219 if (expdif == MAXEXPD) {
4220 #ifdef USE_X86LDOUBLE
4221 if (MANTD(temp) == 0x8000000000000000ULL)
4223 if (MANTD(temp) == 0)
4225 env->fpus |= 0x500 /*Infinity*/;
4227 env->fpus |= 0x100 /*NaN*/;
4228 } else if (expdif == 0) {
4229 if (MANTD(temp) == 0)
4230 env->fpus |= 0x4000 /*Zero*/;
4232 env->fpus |= 0x4400 /*Denormal*/;
4238 void helper_fstenv(target_ulong ptr, int data32)
4240 int fpus, fptag, exp, i;
4244 fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4246 for (i=7; i>=0; i--) {
4248 if (env->fptags[i]) {
4251 tmp.d = env->fpregs[i].d;
4254 if (exp == 0 && mant == 0) {
4257 } else if (exp == 0 || exp == MAXEXPD
4258 #ifdef USE_X86LDOUBLE
4259 || (mant & (1LL << 63)) == 0
4262 /* NaNs, infinity, denormal */
4269 stl(ptr, env->fpuc);
4271 stl(ptr + 8, fptag);
4272 stl(ptr + 12, 0); /* fpip */
4273 stl(ptr + 16, 0); /* fpcs */
4274 stl(ptr + 20, 0); /* fpoo */
4275 stl(ptr + 24, 0); /* fpos */
4278 stw(ptr, env->fpuc);
4280 stw(ptr + 4, fptag);
4288 void helper_fldenv(target_ulong ptr, int data32)
4293 env->fpuc = lduw(ptr);
4294 fpus = lduw(ptr + 4);
4295 fptag = lduw(ptr + 8);
4298 env->fpuc = lduw(ptr);
4299 fpus = lduw(ptr + 2);
4300 fptag = lduw(ptr + 4);
4302 env->fpstt = (fpus >> 11) & 7;
4303 env->fpus = fpus & ~0x3800;
4304 for(i = 0;i < 8; i++) {
4305 env->fptags[i] = ((fptag & 3) == 3);
4310 void helper_fsave(target_ulong ptr, int data32)
4315 helper_fstenv(ptr, data32);
4317 ptr += (14 << data32);
4318 for(i = 0;i < 8; i++) {
4320 helper_fstt(tmp, ptr);
4338 void helper_frstor(target_ulong ptr, int data32)
4343 helper_fldenv(ptr, data32);
4344 ptr += (14 << data32);
4346 for(i = 0;i < 8; i++) {
4347 tmp = helper_fldt(ptr);
4353 void helper_fxsave(target_ulong ptr, int data64)
4355 int fpus, fptag, i, nb_xmm_regs;
4359 /* The operand must be 16 byte aligned */
4361 raise_exception(EXCP0D_GPF);
4364 fpus = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
4366 for(i = 0; i < 8; i++) {
4367 fptag |= (env->fptags[i] << i);
4369 stw(ptr, env->fpuc);
4371 stw(ptr + 4, fptag ^ 0xff);
4372 #ifdef TARGET_X86_64
4374 stq(ptr + 0x08, 0); /* rip */
4375 stq(ptr + 0x10, 0); /* rdp */
4379 stl(ptr + 0x08, 0); /* eip */
4380 stl(ptr + 0x0c, 0); /* sel */
4381 stl(ptr + 0x10, 0); /* dp */
4382 stl(ptr + 0x14, 0); /* sel */
4386 for(i = 0;i < 8; i++) {
4388 helper_fstt(tmp, addr);
4392 if (env->cr[4] & CR4_OSFXSR_MASK) {
4393 /* XXX: finish it */
4394 stl(ptr + 0x18, env->mxcsr); /* mxcsr */
4395 stl(ptr + 0x1c, 0x0000ffff); /* mxcsr_mask */
4396 if (env->hflags & HF_CS64_MASK)
4401 /* Fast FXSAVE leaves out the XMM registers */
4402 if (!(env->efer & MSR_EFER_FFXSR)
4403 || (env->hflags & HF_CPL_MASK)
4404 || !(env->hflags & HF_LMA_MASK)) {
4405 for(i = 0; i < nb_xmm_regs; i++) {
4406 stq(addr, env->xmm_regs[i].XMM_Q(0));
4407 stq(addr + 8, env->xmm_regs[i].XMM_Q(1));
4414 void helper_fxrstor(target_ulong ptr, int data64)
4416 int i, fpus, fptag, nb_xmm_regs;
4420 /* The operand must be 16 byte aligned */
4422 raise_exception(EXCP0D_GPF);
4425 env->fpuc = lduw(ptr);
4426 fpus = lduw(ptr + 2);
4427 fptag = lduw(ptr + 4);
4428 env->fpstt = (fpus >> 11) & 7;
4429 env->fpus = fpus & ~0x3800;
4431 for(i = 0;i < 8; i++) {
4432 env->fptags[i] = ((fptag >> i) & 1);
4436 for(i = 0;i < 8; i++) {
4437 tmp = helper_fldt(addr);
4442 if (env->cr[4] & CR4_OSFXSR_MASK) {
4443 /* XXX: finish it */
4444 env->mxcsr = ldl(ptr + 0x18);
4446 if (env->hflags & HF_CS64_MASK)
4451 /* Fast FXRESTORE leaves out the XMM registers */
4452 if (!(env->efer & MSR_EFER_FFXSR)
4453 || (env->hflags & HF_CPL_MASK)
4454 || !(env->hflags & HF_LMA_MASK)) {
4455 for(i = 0; i < nb_xmm_regs; i++) {
4456 env->xmm_regs[i].XMM_Q(0) = ldq(addr);
4457 env->xmm_regs[i].XMM_Q(1) = ldq(addr + 8);
4464 #ifndef USE_X86LDOUBLE
4466 void cpu_get_fp80(uint64_t *pmant, uint16_t *pexp, CPU86_LDouble f)
4468 CPU86_LDoubleU temp;
4473 *pmant = (MANTD(temp) << 11) | (1LL << 63);
4474 /* exponent + sign */
4475 e = EXPD(temp) - EXPBIAS + 16383;
4476 e |= SIGND(temp) >> 16;
4480 CPU86_LDouble cpu_set_fp80(uint64_t mant, uint16_t upper)
4482 CPU86_LDoubleU temp;
4486 /* XXX: handle overflow ? */
4487 e = (upper & 0x7fff) - 16383 + EXPBIAS; /* exponent */
4488 e |= (upper >> 4) & 0x800; /* sign */
4489 ll = (mant >> 11) & ((1LL << 52) - 1);
4491 temp.l.upper = (e << 20) | (ll >> 32);
4494 temp.ll = ll | ((uint64_t)e << 52);
4501 void cpu_get_fp80(uint64_t *pmant, uint16_t *pexp, CPU86_LDouble f)
4503 CPU86_LDoubleU temp;
4506 *pmant = temp.l.lower;
4507 *pexp = temp.l.upper;
4510 CPU86_LDouble cpu_set_fp80(uint64_t mant, uint16_t upper)
4512 CPU86_LDoubleU temp;
4514 temp.l.upper = upper;
4515 temp.l.lower = mant;
4520 #ifdef TARGET_X86_64
4522 //#define DEBUG_MULDIV
4524 static void add128(uint64_t *plow, uint64_t *phigh, uint64_t a, uint64_t b)
4533 static void neg128(uint64_t *plow, uint64_t *phigh)
4537 add128(plow, phigh, 1, 0);
4540 /* return TRUE if overflow */
4541 static int div64(uint64_t *plow, uint64_t *phigh, uint64_t b)
4543 uint64_t q, r, a1, a0;
4556 /* XXX: use a better algorithm */
4557 for(i = 0; i < 64; i++) {
4559 a1 = (a1 << 1) | (a0 >> 63);
4560 if (ab || a1 >= b) {
4566 a0 = (a0 << 1) | qb;
4568 #if defined(DEBUG_MULDIV)
4569 printf("div: 0x%016" PRIx64 "%016" PRIx64 " / 0x%016" PRIx64 ": q=0x%016" PRIx64 " r=0x%016" PRIx64 "\n",
4570 *phigh, *plow, b, a0, a1);
4578 /* return TRUE if overflow */
4579 static int idiv64(uint64_t *plow, uint64_t *phigh, int64_t b)
4582 sa = ((int64_t)*phigh < 0);
4584 neg128(plow, phigh);
4588 if (div64(plow, phigh, b) != 0)
4591 if (*plow > (1ULL << 63))
4595 if (*plow >= (1ULL << 63))
4603 void helper_mulq_EAX_T0(target_ulong t0)
4607 mulu64(&r0, &r1, EAX, t0);
4614 void helper_imulq_EAX_T0(target_ulong t0)
4618 muls64(&r0, &r1, EAX, t0);
4622 CC_SRC = ((int64_t)r1 != ((int64_t)r0 >> 63));
4625 target_ulong helper_imulq_T0_T1(target_ulong t0, target_ulong t1)
4629 muls64(&r0, &r1, t0, t1);
4631 CC_SRC = ((int64_t)r1 != ((int64_t)r0 >> 63));
4635 void helper_divq_EAX(target_ulong t0)
4639 raise_exception(EXCP00_DIVZ);
4643 if (div64(&r0, &r1, t0))
4644 raise_exception(EXCP00_DIVZ);
4649 void helper_idivq_EAX(target_ulong t0)
4653 raise_exception(EXCP00_DIVZ);
4657 if (idiv64(&r0, &r1, t0))
4658 raise_exception(EXCP00_DIVZ);
4664 static void do_hlt(void)
4666 env->hflags &= ~HF_INHIBIT_IRQ_MASK; /* needed if sti is just before */
4668 env->exception_index = EXCP_HLT;
4672 void helper_hlt(int next_eip_addend)
4674 helper_svm_check_intercept_param(SVM_EXIT_HLT, 0);
4675 EIP += next_eip_addend;
4680 void helper_monitor(target_ulong ptr)
4682 if ((uint32_t)ECX != 0)
4683 raise_exception(EXCP0D_GPF);
4684 /* XXX: store address ? */
4685 helper_svm_check_intercept_param(SVM_EXIT_MONITOR, 0);
4688 void helper_mwait(int next_eip_addend)
4690 if ((uint32_t)ECX != 0)
4691 raise_exception(EXCP0D_GPF);
4692 helper_svm_check_intercept_param(SVM_EXIT_MWAIT, 0);
4693 EIP += next_eip_addend;
4695 /* XXX: not complete but not completely erroneous */
4696 if (env->cpu_index != 0 || env->next_cpu != NULL) {
4697 /* more than one CPU: do not sleep because another CPU may
4704 void helper_debug(void)
4706 env->exception_index = EXCP_DEBUG;
4710 void helper_reset_rf(void)
4712 env->eflags &= ~RF_MASK;
4715 void helper_raise_interrupt(int intno, int next_eip_addend)
4717 raise_interrupt(intno, 1, 0, next_eip_addend);
4720 void helper_raise_exception(int exception_index)
4722 raise_exception(exception_index);
4725 void helper_cli(void)
4727 env->eflags &= ~IF_MASK;
4730 void helper_sti(void)
4732 env->eflags |= IF_MASK;
4736 /* vm86plus instructions */
4737 void helper_cli_vm(void)
4739 env->eflags &= ~VIF_MASK;
4742 void helper_sti_vm(void)
4744 env->eflags |= VIF_MASK;
4745 if (env->eflags & VIP_MASK) {
4746 raise_exception(EXCP0D_GPF);
4751 void helper_set_inhibit_irq(void)
4753 env->hflags |= HF_INHIBIT_IRQ_MASK;
4756 void helper_reset_inhibit_irq(void)
4758 env->hflags &= ~HF_INHIBIT_IRQ_MASK;
4761 void helper_boundw(target_ulong a0, int v)
4765 high = ldsw(a0 + 2);
4767 if (v < low || v > high) {
4768 raise_exception(EXCP05_BOUND);
4772 void helper_boundl(target_ulong a0, int v)
4777 if (v < low || v > high) {
4778 raise_exception(EXCP05_BOUND);
4782 static float approx_rsqrt(float a)
4784 return 1.0 / sqrt(a);
4787 static float approx_rcp(float a)
4792 #if !defined(CONFIG_USER_ONLY)
4794 #define MMUSUFFIX _mmu
4797 #include "softmmu_template.h"
4800 #include "softmmu_template.h"
4803 #include "softmmu_template.h"
4806 #include "softmmu_template.h"
4810 #if !defined(CONFIG_USER_ONLY)
4811 /* try to fill the TLB and return an exception if error. If retaddr is
4812 NULL, it means that the function was called in C code (i.e. not
4813 from generated code or from helper.c) */
4814 /* XXX: fix it to restore all registers */
4815 void tlb_fill(target_ulong addr, int is_write, int mmu_idx, void *retaddr)
4817 TranslationBlock *tb;
4820 CPUX86State *saved_env;
4822 /* XXX: hack to restore env in all cases, even if not called from
4825 env = cpu_single_env;
4827 ret = cpu_x86_handle_mmu_fault(env, addr, is_write, mmu_idx, 1);
4830 /* now we have a real cpu fault */
4831 pc = (unsigned long)retaddr;
4832 tb = tb_find_pc(pc);
4834 /* the PC is inside the translated code. It means that we have
4835 a virtual CPU fault */
4836 cpu_restore_state(tb, env, pc, NULL);
4839 raise_exception_err(env->exception_index, env->error_code);
4845 /* Secure Virtual Machine helpers */
4847 #if defined(CONFIG_USER_ONLY)
4849 void helper_vmrun(int aflag, int next_eip_addend)
4852 void helper_vmmcall(void)
4855 void helper_vmload(int aflag)
4858 void helper_vmsave(int aflag)
4861 void helper_stgi(void)
4864 void helper_clgi(void)
4867 void helper_skinit(void)
4870 void helper_invlpga(int aflag)
4873 void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
4876 void helper_svm_check_intercept_param(uint32_t type, uint64_t param)
4880 void helper_svm_check_io(uint32_t port, uint32_t param,
4881 uint32_t next_eip_addend)
4886 static inline void svm_save_seg(target_phys_addr_t addr,
4887 const SegmentCache *sc)
4889 stw_phys(addr + offsetof(struct vmcb_seg, selector),
4891 stq_phys(addr + offsetof(struct vmcb_seg, base),
4893 stl_phys(addr + offsetof(struct vmcb_seg, limit),
4895 stw_phys(addr + offsetof(struct vmcb_seg, attrib),
4896 ((sc->flags >> 8) & 0xff) | ((sc->flags >> 12) & 0x0f00));
4899 static inline void svm_load_seg(target_phys_addr_t addr, SegmentCache *sc)
4903 sc->selector = lduw_phys(addr + offsetof(struct vmcb_seg, selector));
4904 sc->base = ldq_phys(addr + offsetof(struct vmcb_seg, base));
4905 sc->limit = ldl_phys(addr + offsetof(struct vmcb_seg, limit));
4906 flags = lduw_phys(addr + offsetof(struct vmcb_seg, attrib));
4907 sc->flags = ((flags & 0xff) << 8) | ((flags & 0x0f00) << 12);
4910 static inline void svm_load_seg_cache(target_phys_addr_t addr,
4911 CPUState *env, int seg_reg)
4913 SegmentCache sc1, *sc = &sc1;
4914 svm_load_seg(addr, sc);
4915 cpu_x86_load_seg_cache(env, seg_reg, sc->selector,
4916 sc->base, sc->limit, sc->flags);
4919 void helper_vmrun(int aflag, int next_eip_addend)
4925 helper_svm_check_intercept_param(SVM_EXIT_VMRUN, 0);
4930 addr = (uint32_t)EAX;
4932 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmrun! " TARGET_FMT_lx "\n", addr);
4934 env->vm_vmcb = addr;
4936 /* save the current CPU state in the hsave page */
4937 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.base), env->gdt.base);
4938 stl_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit), env->gdt.limit);
4940 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.base), env->idt.base);
4941 stl_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.limit), env->idt.limit);
4943 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr0), env->cr[0]);
4944 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr2), env->cr[2]);
4945 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr3), env->cr[3]);
4946 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr4), env->cr[4]);
4947 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr6), env->dr[6]);
4948 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr7), env->dr[7]);
4950 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.efer), env->efer);
4951 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rflags), compute_eflags());
4953 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.es),
4955 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.cs),
4957 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ss),
4959 svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ds),
4962 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip),
4963 EIP + next_eip_addend);
4964 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp), ESP);
4965 stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax), EAX);
4967 /* load the interception bitmaps so we do not need to access the
4969 env->intercept = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept));
4970 env->intercept_cr_read = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_cr_read));
4971 env->intercept_cr_write = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_cr_write));
4972 env->intercept_dr_read = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_dr_read));
4973 env->intercept_dr_write = lduw_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_dr_write));
4974 env->intercept_exceptions = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.intercept_exceptions));
4976 /* enable intercepts */
4977 env->hflags |= HF_SVMI_MASK;
4979 env->tsc_offset = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.tsc_offset));
4981 env->gdt.base = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base));
4982 env->gdt.limit = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit));
4984 env->idt.base = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.base));
4985 env->idt.limit = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit));
4987 /* clear exit_info_2 so we behave like the real hardware */
4988 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2), 0);
4990 cpu_x86_update_cr0(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr0)));
4991 cpu_x86_update_cr4(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr4)));
4992 cpu_x86_update_cr3(env, ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr3)));
4993 env->cr[2] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr2));
4994 int_ctl = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
4995 env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
4996 if (int_ctl & V_INTR_MASKING_MASK) {
4997 env->v_tpr = int_ctl & V_TPR_MASK;
4998 env->hflags2 |= HF2_VINTR_MASK;
4999 if (env->eflags & IF_MASK)
5000 env->hflags2 |= HF2_HIF_MASK;
5004 ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.efer)));
5006 load_eflags(ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rflags)),
5007 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
5008 CC_OP = CC_OP_EFLAGS;
5010 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.es),
5012 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.cs),
5014 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.ss),
5016 svm_load_seg_cache(env->vm_vmcb + offsetof(struct vmcb, save.ds),
5019 EIP = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rip));
5021 ESP = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rsp));
5022 EAX = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rax));
5023 env->dr[7] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr7));
5024 env->dr[6] = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr6));
5025 cpu_x86_set_cpl(env, ldub_phys(env->vm_vmcb + offsetof(struct vmcb, save.cpl)));
5027 /* FIXME: guest state consistency checks */
5029 switch(ldub_phys(env->vm_vmcb + offsetof(struct vmcb, control.tlb_ctl))) {
5030 case TLB_CONTROL_DO_NOTHING:
5032 case TLB_CONTROL_FLUSH_ALL_ASID:
5033 /* FIXME: this is not 100% correct but should work for now */
5038 env->hflags2 |= HF2_GIF_MASK;
5040 if (int_ctl & V_IRQ_MASK) {
5041 env->interrupt_request |= CPU_INTERRUPT_VIRQ;
5044 /* maybe we need to inject an event */
5045 event_inj = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj));
5046 if (event_inj & SVM_EVTINJ_VALID) {
5047 uint8_t vector = event_inj & SVM_EVTINJ_VEC_MASK;
5048 uint16_t valid_err = event_inj & SVM_EVTINJ_VALID_ERR;
5049 uint32_t event_inj_err = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err));
5051 qemu_log_mask(CPU_LOG_TB_IN_ASM, "Injecting(%#hx): ", valid_err);
5052 /* FIXME: need to implement valid_err */
5053 switch (event_inj & SVM_EVTINJ_TYPE_MASK) {
5054 case SVM_EVTINJ_TYPE_INTR:
5055 env->exception_index = vector;
5056 env->error_code = event_inj_err;
5057 env->exception_is_int = 0;
5058 env->exception_next_eip = -1;
5059 qemu_log_mask(CPU_LOG_TB_IN_ASM, "INTR");
5060 /* XXX: is it always correct ? */
5061 do_interrupt(vector, 0, 0, 0, 1);
5063 case SVM_EVTINJ_TYPE_NMI:
5064 env->exception_index = EXCP02_NMI;
5065 env->error_code = event_inj_err;
5066 env->exception_is_int = 0;
5067 env->exception_next_eip = EIP;
5068 qemu_log_mask(CPU_LOG_TB_IN_ASM, "NMI");
5071 case SVM_EVTINJ_TYPE_EXEPT:
5072 env->exception_index = vector;
5073 env->error_code = event_inj_err;
5074 env->exception_is_int = 0;
5075 env->exception_next_eip = -1;
5076 qemu_log_mask(CPU_LOG_TB_IN_ASM, "EXEPT");
5079 case SVM_EVTINJ_TYPE_SOFT:
5080 env->exception_index = vector;
5081 env->error_code = event_inj_err;
5082 env->exception_is_int = 1;
5083 env->exception_next_eip = EIP;
5084 qemu_log_mask(CPU_LOG_TB_IN_ASM, "SOFT");
5088 qemu_log_mask(CPU_LOG_TB_IN_ASM, " %#x %#x\n", env->exception_index, env->error_code);
5092 void helper_vmmcall(void)
5094 helper_svm_check_intercept_param(SVM_EXIT_VMMCALL, 0);
5095 raise_exception(EXCP06_ILLOP);
5098 void helper_vmload(int aflag)
5101 helper_svm_check_intercept_param(SVM_EXIT_VMLOAD, 0);
5106 addr = (uint32_t)EAX;
5108 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmload! " TARGET_FMT_lx "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
5109 addr, ldq_phys(addr + offsetof(struct vmcb, save.fs.base)),
5110 env->segs[R_FS].base);
5112 svm_load_seg_cache(addr + offsetof(struct vmcb, save.fs),
5114 svm_load_seg_cache(addr + offsetof(struct vmcb, save.gs),
5116 svm_load_seg(addr + offsetof(struct vmcb, save.tr),
5118 svm_load_seg(addr + offsetof(struct vmcb, save.ldtr),
5121 #ifdef TARGET_X86_64
5122 env->kernelgsbase = ldq_phys(addr + offsetof(struct vmcb, save.kernel_gs_base));
5123 env->lstar = ldq_phys(addr + offsetof(struct vmcb, save.lstar));
5124 env->cstar = ldq_phys(addr + offsetof(struct vmcb, save.cstar));
5125 env->fmask = ldq_phys(addr + offsetof(struct vmcb, save.sfmask));
5127 env->star = ldq_phys(addr + offsetof(struct vmcb, save.star));
5128 env->sysenter_cs = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_cs));
5129 env->sysenter_esp = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_esp));
5130 env->sysenter_eip = ldq_phys(addr + offsetof(struct vmcb, save.sysenter_eip));
5133 void helper_vmsave(int aflag)
5136 helper_svm_check_intercept_param(SVM_EXIT_VMSAVE, 0);
5141 addr = (uint32_t)EAX;
5143 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmsave! " TARGET_FMT_lx "\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
5144 addr, ldq_phys(addr + offsetof(struct vmcb, save.fs.base)),
5145 env->segs[R_FS].base);
5147 svm_save_seg(addr + offsetof(struct vmcb, save.fs),
5149 svm_save_seg(addr + offsetof(struct vmcb, save.gs),
5151 svm_save_seg(addr + offsetof(struct vmcb, save.tr),
5153 svm_save_seg(addr + offsetof(struct vmcb, save.ldtr),
5156 #ifdef TARGET_X86_64
5157 stq_phys(addr + offsetof(struct vmcb, save.kernel_gs_base), env->kernelgsbase);
5158 stq_phys(addr + offsetof(struct vmcb, save.lstar), env->lstar);
5159 stq_phys(addr + offsetof(struct vmcb, save.cstar), env->cstar);
5160 stq_phys(addr + offsetof(struct vmcb, save.sfmask), env->fmask);
5162 stq_phys(addr + offsetof(struct vmcb, save.star), env->star);
5163 stq_phys(addr + offsetof(struct vmcb, save.sysenter_cs), env->sysenter_cs);
5164 stq_phys(addr + offsetof(struct vmcb, save.sysenter_esp), env->sysenter_esp);
5165 stq_phys(addr + offsetof(struct vmcb, save.sysenter_eip), env->sysenter_eip);
5168 void helper_stgi(void)
5170 helper_svm_check_intercept_param(SVM_EXIT_STGI, 0);
5171 env->hflags2 |= HF2_GIF_MASK;
5174 void helper_clgi(void)
5176 helper_svm_check_intercept_param(SVM_EXIT_CLGI, 0);
5177 env->hflags2 &= ~HF2_GIF_MASK;
5180 void helper_skinit(void)
5182 helper_svm_check_intercept_param(SVM_EXIT_SKINIT, 0);
5183 /* XXX: not implemented */
5184 raise_exception(EXCP06_ILLOP);
5187 void helper_invlpga(int aflag)
5190 helper_svm_check_intercept_param(SVM_EXIT_INVLPGA, 0);
5195 addr = (uint32_t)EAX;
5197 /* XXX: could use the ASID to see if it is needed to do the
5199 tlb_flush_page(env, addr);
5202 void helper_svm_check_intercept_param(uint32_t type, uint64_t param)
5204 if (likely(!(env->hflags & HF_SVMI_MASK)))
5207 case SVM_EXIT_READ_CR0 ... SVM_EXIT_READ_CR0 + 8:
5208 if (env->intercept_cr_read & (1 << (type - SVM_EXIT_READ_CR0))) {
5209 helper_vmexit(type, param);
5212 case SVM_EXIT_WRITE_CR0 ... SVM_EXIT_WRITE_CR0 + 8:
5213 if (env->intercept_cr_write & (1 << (type - SVM_EXIT_WRITE_CR0))) {
5214 helper_vmexit(type, param);
5217 case SVM_EXIT_READ_DR0 ... SVM_EXIT_READ_DR0 + 7:
5218 if (env->intercept_dr_read & (1 << (type - SVM_EXIT_READ_DR0))) {
5219 helper_vmexit(type, param);
5222 case SVM_EXIT_WRITE_DR0 ... SVM_EXIT_WRITE_DR0 + 7:
5223 if (env->intercept_dr_write & (1 << (type - SVM_EXIT_WRITE_DR0))) {
5224 helper_vmexit(type, param);
5227 case SVM_EXIT_EXCP_BASE ... SVM_EXIT_EXCP_BASE + 31:
5228 if (env->intercept_exceptions & (1 << (type - SVM_EXIT_EXCP_BASE))) {
5229 helper_vmexit(type, param);
5233 if (env->intercept & (1ULL << (SVM_EXIT_MSR - SVM_EXIT_INTR))) {
5234 /* FIXME: this should be read in at vmrun (faster this way?) */
5235 uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.msrpm_base_pa));
5237 switch((uint32_t)ECX) {
5242 case 0xc0000000 ... 0xc0001fff:
5243 t0 = (8192 + ECX - 0xc0000000) * 2;
5247 case 0xc0010000 ... 0xc0011fff:
5248 t0 = (16384 + ECX - 0xc0010000) * 2;
5253 helper_vmexit(type, param);
5258 if (ldub_phys(addr + t1) & ((1 << param) << t0))
5259 helper_vmexit(type, param);
5263 if (env->intercept & (1ULL << (type - SVM_EXIT_INTR))) {
5264 helper_vmexit(type, param);
5270 void helper_svm_check_io(uint32_t port, uint32_t param,
5271 uint32_t next_eip_addend)
5273 if (env->intercept & (1ULL << (SVM_EXIT_IOIO - SVM_EXIT_INTR))) {
5274 /* FIXME: this should be read in at vmrun (faster this way?) */
5275 uint64_t addr = ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.iopm_base_pa));
5276 uint16_t mask = (1 << ((param >> 4) & 7)) - 1;
5277 if(lduw_phys(addr + port / 8) & (mask << (port & 7))) {
5279 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2),
5280 env->eip + next_eip_addend);
5281 helper_vmexit(SVM_EXIT_IOIO, param | (port << 16));
5286 /* Note: currently only 32 bits of exit_code are used */
5287 void helper_vmexit(uint32_t exit_code, uint64_t exit_info_1)
5291 qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmexit(%08x, %016" PRIx64 ", %016" PRIx64 ", " TARGET_FMT_lx ")!\n",
5292 exit_code, exit_info_1,
5293 ldq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_2)),
5296 if(env->hflags & HF_INHIBIT_IRQ_MASK) {
5297 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_state), SVM_INTERRUPT_SHADOW_MASK);
5298 env->hflags &= ~HF_INHIBIT_IRQ_MASK;
5300 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_state), 0);
5303 /* Save the VM state in the vmcb */
5304 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.es),
5306 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.cs),
5308 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.ss),
5310 svm_save_seg(env->vm_vmcb + offsetof(struct vmcb, save.ds),
5313 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.base), env->gdt.base);
5314 stl_phys(env->vm_vmcb + offsetof(struct vmcb, save.gdtr.limit), env->gdt.limit);
5316 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.base), env->idt.base);
5317 stl_phys(env->vm_vmcb + offsetof(struct vmcb, save.idtr.limit), env->idt.limit);
5319 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.efer), env->efer);
5320 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr0), env->cr[0]);
5321 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr2), env->cr[2]);
5322 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr3), env->cr[3]);
5323 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.cr4), env->cr[4]);
5325 int_ctl = ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
5326 int_ctl &= ~(V_TPR_MASK | V_IRQ_MASK);
5327 int_ctl |= env->v_tpr & V_TPR_MASK;
5328 if (env->interrupt_request & CPU_INTERRUPT_VIRQ)
5329 int_ctl |= V_IRQ_MASK;
5330 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.int_ctl), int_ctl);
5332 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rflags), compute_eflags());
5333 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rip), env->eip);
5334 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rsp), ESP);
5335 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.rax), EAX);
5336 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr7), env->dr[7]);
5337 stq_phys(env->vm_vmcb + offsetof(struct vmcb, save.dr6), env->dr[6]);
5338 stb_phys(env->vm_vmcb + offsetof(struct vmcb, save.cpl), env->hflags & HF_CPL_MASK);
5340 /* Reload the host state from vm_hsave */
5341 env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
5342 env->hflags &= ~HF_SVMI_MASK;
5344 env->intercept_exceptions = 0;
5345 env->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
5346 env->tsc_offset = 0;
5348 env->gdt.base = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.base));
5349 env->gdt.limit = ldl_phys(env->vm_hsave + offsetof(struct vmcb, save.gdtr.limit));
5351 env->idt.base = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.base));
5352 env->idt.limit = ldl_phys(env->vm_hsave + offsetof(struct vmcb, save.idtr.limit));
5354 cpu_x86_update_cr0(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr0)) | CR0_PE_MASK);
5355 cpu_x86_update_cr4(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr4)));
5356 cpu_x86_update_cr3(env, ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.cr3)));
5357 /* we need to set the efer after the crs so the hidden flags get
5360 ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.efer)));
5362 load_eflags(ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rflags)),
5363 ~(CC_O | CC_S | CC_Z | CC_A | CC_P | CC_C | DF_MASK));
5364 CC_OP = CC_OP_EFLAGS;
5366 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.es),
5368 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.cs),
5370 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.ss),
5372 svm_load_seg_cache(env->vm_hsave + offsetof(struct vmcb, save.ds),
5375 EIP = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip));
5376 ESP = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp));
5377 EAX = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax));
5379 env->dr[6] = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr6));
5380 env->dr[7] = ldq_phys(env->vm_hsave + offsetof(struct vmcb, save.dr7));
5383 cpu_x86_set_cpl(env, 0);
5384 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_code), exit_code);
5385 stq_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_info_1), exit_info_1);
5387 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info),
5388 ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj)));
5389 stl_phys(env->vm_vmcb + offsetof(struct vmcb, control.exit_int_info_err),
5390 ldl_phys(env->vm_vmcb + offsetof(struct vmcb, control.event_inj_err)));
5392 env->hflags2 &= ~HF2_GIF_MASK;
5393 /* FIXME: Resets the current ASID register to zero (host ASID). */
5395 /* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */
5397 /* Clears the TSC_OFFSET inside the processor. */
5399 /* If the host is in PAE mode, the processor reloads the host's PDPEs
5400 from the page table indicated the host's CR3. If the PDPEs contain
5401 illegal state, the processor causes a shutdown. */
5403 /* Forces CR0.PE = 1, RFLAGS.VM = 0. */
5404 env->cr[0] |= CR0_PE_MASK;
5405 env->eflags &= ~VM_MASK;
5407 /* Disables all breakpoints in the host DR7 register. */
5409 /* Checks the reloaded host state for consistency. */
5411 /* If the host's rIP reloaded by #VMEXIT is outside the limit of the
5412 host's code segment or non-canonical (in the case of long mode), a
5413 #GP fault is delivered inside the host.) */
5415 /* remove any pending exception */
5416 env->exception_index = -1;
5417 env->error_code = 0;
5418 env->old_exception = -1;
5426 /* XXX: optimize by storing fptt and fptags in the static cpu state */
5427 void helper_enter_mmx(void)
5430 *(uint32_t *)(env->fptags) = 0;
5431 *(uint32_t *)(env->fptags + 4) = 0;
5434 void helper_emms(void)
5436 /* set to empty state */
5437 *(uint32_t *)(env->fptags) = 0x01010101;
5438 *(uint32_t *)(env->fptags + 4) = 0x01010101;
5442 void helper_movq(void *d, void *s)
5444 *(uint64_t *)d = *(uint64_t *)s;
5448 #include "ops_sse.h"
5451 #include "ops_sse.h"
5454 #include "helper_template.h"
5458 #include "helper_template.h"
5462 #include "helper_template.h"
5465 #ifdef TARGET_X86_64
5468 #include "helper_template.h"
5473 /* bit operations */
5474 target_ulong helper_bsf(target_ulong t0)
5481 while ((res & 1) == 0) {
5488 target_ulong helper_lzcnt(target_ulong t0, int wordsize)
5491 target_ulong res, mask;
5493 if (wordsize > 0 && t0 == 0) {
5497 count = TARGET_LONG_BITS - 1;
5498 mask = (target_ulong)1 << (TARGET_LONG_BITS - 1);
5499 while ((res & mask) == 0) {
5504 return wordsize - 1 - count;
5509 target_ulong helper_bsr(target_ulong t0)
5511 return helper_lzcnt(t0, 0);
5514 static int compute_all_eflags(void)
5519 static int compute_c_eflags(void)
5521 return CC_SRC & CC_C;
5524 uint32_t helper_cc_compute_all(int op)
5527 default: /* should never happen */ return 0;
5529 case CC_OP_EFLAGS: return compute_all_eflags();
5531 case CC_OP_MULB: return compute_all_mulb();
5532 case CC_OP_MULW: return compute_all_mulw();
5533 case CC_OP_MULL: return compute_all_mull();
5535 case CC_OP_ADDB: return compute_all_addb();
5536 case CC_OP_ADDW: return compute_all_addw();
5537 case CC_OP_ADDL: return compute_all_addl();
5539 case CC_OP_ADCB: return compute_all_adcb();
5540 case CC_OP_ADCW: return compute_all_adcw();
5541 case CC_OP_ADCL: return compute_all_adcl();
5543 case CC_OP_SUBB: return compute_all_subb();
5544 case CC_OP_SUBW: return compute_all_subw();
5545 case CC_OP_SUBL: return compute_all_subl();
5547 case CC_OP_SBBB: return compute_all_sbbb();
5548 case CC_OP_SBBW: return compute_all_sbbw();
5549 case CC_OP_SBBL: return compute_all_sbbl();
5551 case CC_OP_LOGICB: return compute_all_logicb();
5552 case CC_OP_LOGICW: return compute_all_logicw();
5553 case CC_OP_LOGICL: return compute_all_logicl();
5555 case CC_OP_INCB: return compute_all_incb();
5556 case CC_OP_INCW: return compute_all_incw();
5557 case CC_OP_INCL: return compute_all_incl();
5559 case CC_OP_DECB: return compute_all_decb();
5560 case CC_OP_DECW: return compute_all_decw();
5561 case CC_OP_DECL: return compute_all_decl();
5563 case CC_OP_SHLB: return compute_all_shlb();
5564 case CC_OP_SHLW: return compute_all_shlw();
5565 case CC_OP_SHLL: return compute_all_shll();
5567 case CC_OP_SARB: return compute_all_sarb();
5568 case CC_OP_SARW: return compute_all_sarw();
5569 case CC_OP_SARL: return compute_all_sarl();
5571 #ifdef TARGET_X86_64
5572 case CC_OP_MULQ: return compute_all_mulq();
5574 case CC_OP_ADDQ: return compute_all_addq();
5576 case CC_OP_ADCQ: return compute_all_adcq();
5578 case CC_OP_SUBQ: return compute_all_subq();
5580 case CC_OP_SBBQ: return compute_all_sbbq();
5582 case CC_OP_LOGICQ: return compute_all_logicq();
5584 case CC_OP_INCQ: return compute_all_incq();
5586 case CC_OP_DECQ: return compute_all_decq();
5588 case CC_OP_SHLQ: return compute_all_shlq();
5590 case CC_OP_SARQ: return compute_all_sarq();
5595 uint32_t helper_cc_compute_c(int op)
5598 default: /* should never happen */ return 0;
5600 case CC_OP_EFLAGS: return compute_c_eflags();
5602 case CC_OP_MULB: return compute_c_mull();
5603 case CC_OP_MULW: return compute_c_mull();
5604 case CC_OP_MULL: return compute_c_mull();
5606 case CC_OP_ADDB: return compute_c_addb();
5607 case CC_OP_ADDW: return compute_c_addw();
5608 case CC_OP_ADDL: return compute_c_addl();
5610 case CC_OP_ADCB: return compute_c_adcb();
5611 case CC_OP_ADCW: return compute_c_adcw();
5612 case CC_OP_ADCL: return compute_c_adcl();
5614 case CC_OP_SUBB: return compute_c_subb();
5615 case CC_OP_SUBW: return compute_c_subw();
5616 case CC_OP_SUBL: return compute_c_subl();
5618 case CC_OP_SBBB: return compute_c_sbbb();
5619 case CC_OP_SBBW: return compute_c_sbbw();
5620 case CC_OP_SBBL: return compute_c_sbbl();
5622 case CC_OP_LOGICB: return compute_c_logicb();
5623 case CC_OP_LOGICW: return compute_c_logicw();
5624 case CC_OP_LOGICL: return compute_c_logicl();
5626 case CC_OP_INCB: return compute_c_incl();
5627 case CC_OP_INCW: return compute_c_incl();
5628 case CC_OP_INCL: return compute_c_incl();
5630 case CC_OP_DECB: return compute_c_incl();
5631 case CC_OP_DECW: return compute_c_incl();
5632 case CC_OP_DECL: return compute_c_incl();
5634 case CC_OP_SHLB: return compute_c_shlb();
5635 case CC_OP_SHLW: return compute_c_shlw();
5636 case CC_OP_SHLL: return compute_c_shll();
5638 case CC_OP_SARB: return compute_c_sarl();
5639 case CC_OP_SARW: return compute_c_sarl();
5640 case CC_OP_SARL: return compute_c_sarl();
5642 #ifdef TARGET_X86_64
5643 case CC_OP_MULQ: return compute_c_mull();
5645 case CC_OP_ADDQ: return compute_c_addq();
5647 case CC_OP_ADCQ: return compute_c_adcq();
5649 case CC_OP_SUBQ: return compute_c_subq();
5651 case CC_OP_SBBQ: return compute_c_sbbq();
5653 case CC_OP_LOGICQ: return compute_c_logicq();
5655 case CC_OP_INCQ: return compute_c_incl();
5657 case CC_OP_DECQ: return compute_c_incl();
5659 case CC_OP_SHLQ: return compute_c_shlq();
5661 case CC_OP_SARQ: return compute_c_sarl();
projects / qemu.git / blob