aboutsummaryrefslogtreecommitdiff
path: root/helper-i386.c
diff options
context:
space:
mode:
Diffstat (limited to 'helper-i386.c')
-rw-r--r--helper-i386.c501
1 files changed, 418 insertions, 83 deletions
diff --git a/helper-i386.c b/helper-i386.c
index 66121ff966..9fc40181ae 100644
--- a/helper-i386.c
+++ b/helper-i386.c
@@ -126,17 +126,74 @@ void cpu_loop_exit(void)
longjmp(env->jmp_env, 1);
}
+static inline void get_ss_esp_from_tss(uint32_t *ss_ptr,
+ uint32_t *esp_ptr, int dpl)
+{
+ int type, index, shift;
+
#if 0
-/* full interrupt support (only useful for real CPU emulation, not
- finished) - I won't do it any time soon, finish it if you want ! */
-void raise_interrupt(int intno, int is_int, int error_code,
- unsigned int next_eip)
+ {
+ int i;
+ printf("TR: base=%p limit=%x\n", env->tr.base, env->tr.limit);
+ for(i=0;i<env->tr.limit;i++) {
+ printf("%02x ", env->tr.base[i]);
+ if ((i & 7) == 7) printf("\n");
+ }
+ printf("\n");
+ }
+#endif
+
+ if (!(env->tr.flags & DESC_P_MASK))
+ cpu_abort(env, "invalid tss");
+ type = (env->tr.flags >> DESC_TYPE_SHIFT) & 0xf;
+ if ((type & 7) != 1)
+ cpu_abort(env, "invalid tss type");
+ shift = type >> 3;
+ index = (dpl * 4 + 2) << shift;
+ if (index + (4 << shift) - 1 > env->tr.limit)
+ raise_exception_err(EXCP0A_TSS, env->tr.selector & 0xfffc);
+ if (shift == 0) {
+ *esp_ptr = lduw(env->tr.base + index);
+ *ss_ptr = lduw(env->tr.base + index + 2);
+ } else {
+ *esp_ptr = ldl(env->tr.base + index);
+ *ss_ptr = lduw(env->tr.base + index + 4);
+ }
+}
+
+/* return non zero if error */
+static inline int load_segment(uint32_t *e1_ptr, uint32_t *e2_ptr,
+ int selector)
{
- SegmentDescriptorTable *dt;
+ SegmentCache *dt;
+ int index;
uint8_t *ptr;
- int type, dpl, cpl;
- uint32_t e1, e2;
-
+
+ if (selector & 0x4)
+ dt = &env->ldt;
+ else
+ dt = &env->gdt;
+ index = selector & ~7;
+ if ((index + 7) > dt->limit)
+ return -1;
+ ptr = dt->base + index;
+ *e1_ptr = ldl(ptr);
+ *e2_ptr = ldl(ptr + 4);
+ return 0;
+}
+
+
+/* protected mode interrupt */
+static void do_interrupt_protected(int intno, int is_int, int error_code,
+ unsigned int next_eip)
+{
+ SegmentCache *dt;
+ uint8_t *ptr, *ssp;
+ int type, dpl, cpl, selector, ss_dpl;
+ int has_error_code, new_stack, shift;
+ uint32_t e1, e2, offset, ss, esp, ss_e1, ss_e2, push_size;
+ uint32_t old_cs, old_ss, old_esp, old_eip;
+
dt = &env->idt;
if (intno * 8 + 7 > dt->limit)
raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
@@ -147,6 +204,8 @@ void raise_interrupt(int intno, int is_int, int error_code,
type = (e2 >> DESC_TYPE_SHIFT) & 0x1f;
switch(type) {
case 5: /* task gate */
+ cpu_abort(env, "task gate not supported");
+ break;
case 6: /* 286 interrupt gate */
case 7: /* 286 trap gate */
case 14: /* 386 interrupt gate */
@@ -164,17 +223,184 @@ void raise_interrupt(int intno, int is_int, int error_code,
/* check valid bit */
if (!(e2 & DESC_P_MASK))
raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);
+ selector = e1 >> 16;
+ offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff);
+ if ((selector & 0xfffc) == 0)
+ raise_exception_err(EXCP0D_GPF, 0);
+
+ if (load_segment(&e1, &e2, selector) != 0)
+ raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
+ if (!(e2 & DESC_S_MASK) || !(e2 & (DESC_CS_MASK)))
+ raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
+ dpl = (e2 >> DESC_DPL_SHIFT) & 3;
+ if (dpl > cpl)
+ raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
+ if (!(e2 & DESC_P_MASK))
+ raise_exception_err(EXCP0B_NOSEG, selector & 0xfffc);
+ if (!(e2 & DESC_C_MASK) && dpl < cpl) {
+ /* to inner priviledge */
+ get_ss_esp_from_tss(&ss, &esp, dpl);
+ if ((ss & 0xfffc) == 0)
+ raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
+ if ((ss & 3) != dpl)
+ raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
+ if (load_segment(&ss_e1, &ss_e2, ss) != 0)
+ raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
+ ss_dpl = (ss_e2 >> DESC_DPL_SHIFT) & 3;
+ if (ss_dpl != dpl)
+ raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
+ if (!(ss_e2 & DESC_S_MASK) ||
+ (ss_e2 & DESC_CS_MASK) ||
+ !(ss_e2 & DESC_W_MASK))
+ raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
+ if (!(ss_e2 & DESC_P_MASK))
+ raise_exception_err(EXCP0A_TSS, ss & 0xfffc);
+ new_stack = 1;
+ } else if ((e2 & DESC_C_MASK) || dpl == cpl) {
+ /* to same priviledge */
+ new_stack = 0;
+ } else {
+ raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
+ new_stack = 0; /* avoid warning */
+ }
+
+ shift = type >> 3;
+ has_error_code = 0;
+ if (!is_int) {
+ switch(intno) {
+ case 8:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 17:
+ has_error_code = 1;
+ break;
+ }
+ }
+ push_size = 6 + (new_stack << 2) + (has_error_code << 1);
+ if (env->eflags & VM_MASK)
+ push_size += 8;
+ push_size <<= shift;
+
+ /* XXX: check that enough room is available */
+ if (new_stack) {
+ old_esp = env->regs[R_ESP];
+ old_ss = env->segs[R_SS].selector;
+ load_seg(R_SS, ss, env->eip);
+ } else {
+ old_esp = 0;
+ old_ss = 0;
+ esp = env->regs[R_ESP];
+ }
+ if (is_int)
+ old_eip = next_eip;
+ else
+ old_eip = env->eip;
+ old_cs = env->segs[R_CS].selector;
+ load_seg(R_CS, selector, env->eip);
+ env->eip = offset;
+ env->regs[R_ESP] = esp - push_size;
+ ssp = env->segs[R_SS].base + esp;
+ if (shift == 1) {
+ int old_eflags;
+ if (env->eflags & VM_MASK) {
+ ssp -= 4;
+ stl(ssp, env->segs[R_GS].selector);
+ ssp -= 4;
+ stl(ssp, env->segs[R_FS].selector);
+ ssp -= 4;
+ stl(ssp, env->segs[R_DS].selector);
+ ssp -= 4;
+ stl(ssp, env->segs[R_ES].selector);
+ }
+ if (new_stack) {
+ ssp -= 4;
+ stl(ssp, old_ss);
+ ssp -= 4;
+ stl(ssp, old_esp);
+ }
+ ssp -= 4;
+ old_eflags = compute_eflags();
+ stl(ssp, old_eflags);
+ ssp -= 4;
+ stl(ssp, old_cs);
+ ssp -= 4;
+ stl(ssp, old_eip);
+ if (has_error_code) {
+ ssp -= 4;
+ stl(ssp, error_code);
+ }
+ } else {
+ if (new_stack) {
+ ssp -= 2;
+ stw(ssp, old_ss);
+ ssp -= 2;
+ stw(ssp, old_esp);
+ }
+ ssp -= 2;
+ stw(ssp, compute_eflags());
+ ssp -= 2;
+ stw(ssp, old_cs);
+ ssp -= 2;
+ stw(ssp, old_eip);
+ if (has_error_code) {
+ ssp -= 2;
+ stw(ssp, error_code);
+ }
+ }
+
+ /* interrupt gate clear IF mask */
+ if ((type & 1) == 0) {
+ env->eflags &= ~IF_MASK;
+ }
+ env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
}
-#else
+/* real mode interrupt */
+static void do_interrupt_real(int intno, int is_int, int error_code,
+ unsigned int next_eip)
+{
+ SegmentCache *dt;
+ uint8_t *ptr, *ssp;
+ int selector;
+ uint32_t offset, esp;
+ uint32_t old_cs, old_eip;
-/*
- * is_int is TRUE if coming from the int instruction. next_eip is the
- * EIP value AFTER the interrupt instruction. It is only relevant if
- * is_int is TRUE.
- */
-void raise_interrupt(int intno, int is_int, int error_code,
- unsigned int next_eip)
+ /* real mode (simpler !) */
+ dt = &env->idt;
+ if (intno * 4 + 3 > dt->limit)
+ raise_exception_err(EXCP0D_GPF, intno * 8 + 2);
+ ptr = dt->base + intno * 4;
+ offset = lduw(ptr);
+ selector = lduw(ptr + 2);
+ esp = env->regs[R_ESP] & 0xffff;
+ ssp = env->segs[R_SS].base + esp;
+ if (is_int)
+ old_eip = next_eip;
+ else
+ old_eip = env->eip;
+ old_cs = env->segs[R_CS].selector;
+ ssp -= 2;
+ stw(ssp, compute_eflags());
+ ssp -= 2;
+ stw(ssp, old_cs);
+ ssp -= 2;
+ stw(ssp, old_eip);
+ esp -= 6;
+
+ /* update processor state */
+ env->regs[R_ESP] = (env->regs[R_ESP] & ~0xffff) | (esp & 0xffff);
+ env->eip = offset;
+ env->segs[R_CS].selector = selector;
+ env->segs[R_CS].base = (uint8_t *)(selector << 4);
+ env->eflags &= ~(IF_MASK | TF_MASK | AC_MASK | RF_MASK);
+}
+
+/* fake user mode interrupt */
+void do_interrupt_user(int intno, int is_int, int error_code,
+ unsigned int next_eip)
{
SegmentCache *dt;
uint8_t *ptr;
@@ -196,14 +422,39 @@ void raise_interrupt(int intno, int is_int, int error_code,
code */
if (is_int)
EIP = next_eip;
+}
+
+/*
+ * Begin excution of an interruption. is_int is TRUE if coming from
+ * the int instruction. next_eip is the EIP value AFTER the interrupt
+ * instruction. It is only relevant if is_int is TRUE.
+ */
+void do_interrupt(int intno, int is_int, int error_code,
+ unsigned int next_eip)
+{
+ if (env->cr[0] & CR0_PE_MASK) {
+ do_interrupt_protected(intno, is_int, error_code, next_eip);
+ } else {
+ do_interrupt_real(intno, is_int, error_code, next_eip);
+ }
+}
+
+/*
+ * Signal an interruption. It is executed in the main CPU loop.
+ * is_int is TRUE if coming from the int instruction. next_eip is the
+ * EIP value AFTER the interrupt instruction. It is only relevant if
+ * is_int is TRUE.
+ */
+void raise_interrupt(int intno, int is_int, int error_code,
+ unsigned int next_eip)
+{
env->exception_index = intno;
env->error_code = error_code;
-
+ env->exception_is_int = is_int;
+ env->exception_next_eip = next_eip;
cpu_loop_exit();
}
-#endif
-
/* shortcuts to generate exceptions */
void raise_exception_err(int exception_index, int error_code)
{
@@ -335,9 +586,9 @@ static inline void load_seg_cache(SegmentCache *sc, uint32_t e1, uint32_t e2)
{
sc->base = (void *)((e1 >> 16) | ((e2 & 0xff) << 16) | (e2 & 0xff000000));
sc->limit = (e1 & 0xffff) | (e2 & 0x000f0000);
- if (e2 & (1 << 23))
+ if (e2 & DESC_G_MASK)
sc->limit = (sc->limit << 12) | 0xfff;
- sc->seg_32bit = (e2 >> 22) & 1;
+ sc->flags = e2;
}
void helper_lldt_T0(void)
@@ -382,9 +633,10 @@ void helper_ltr_T0(void)
selector = T0 & 0xffff;
if ((selector & 0xfffc) == 0) {
- /* XXX: NULL selector case: invalid LDT */
+ /* NULL selector case: invalid LDT */
env->tr.base = NULL;
env->tr.limit = 0;
+ env->tr.flags = 0;
} else {
if (selector & 0x4)
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
@@ -412,10 +664,7 @@ void helper_ltr_T0(void)
void load_seg(int seg_reg, int selector, unsigned int cur_eip)
{
SegmentCache *sc;
- SegmentCache *dt;
- int index;
uint32_t e1, e2;
- uint8_t *ptr;
sc = &env->segs[seg_reg];
if ((selector & 0xfffc) == 0) {
@@ -427,21 +676,13 @@ void load_seg(int seg_reg, int selector, unsigned int cur_eip)
/* XXX: each access should trigger an exception */
sc->base = NULL;
sc->limit = 0;
- sc->seg_32bit = 1;
+ sc->flags = 0;
}
} else {
- if (selector & 0x4)
- dt = &env->ldt;
- else
- dt = &env->gdt;
- index = selector & ~7;
- if ((index + 7) > dt->limit) {
+ if (load_segment(&e1, &e2, selector) != 0) {
EIP = cur_eip;
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
}
- ptr = dt->base + index;
- e1 = ldl(ptr);
- e2 = ldl(ptr + 4);
if (!(e2 & DESC_S_MASK) ||
(e2 & (DESC_CS_MASK | DESC_R_MASK)) == DESC_CS_MASK) {
EIP = cur_eip;
@@ -469,8 +710,8 @@ void load_seg(int seg_reg, int selector, unsigned int cur_eip)
}
load_seg_cache(sc, e1, e2);
#if 0
- fprintf(logfile, "load_seg: sel=0x%04x base=0x%08lx limit=0x%08lx seg_32bit=%d\n",
- selector, (unsigned long)sc->base, sc->limit, sc->seg_32bit);
+ fprintf(logfile, "load_seg: sel=0x%04x base=0x%08lx limit=0x%08lx flags=%08x\n",
+ selector, (unsigned long)sc->base, sc->limit, sc->flags);
#endif
}
sc->selector = selector;
@@ -480,25 +721,14 @@ void load_seg(int seg_reg, int selector, unsigned int cur_eip)
void jmp_seg(int selector, unsigned int new_eip)
{
SegmentCache sc1;
- SegmentCache *dt;
- int index;
uint32_t e1, e2, cpl, dpl, rpl;
- uint8_t *ptr;
if ((selector & 0xfffc) == 0) {
raise_exception_err(EXCP0D_GPF, 0);
}
- if (selector & 0x4)
- dt = &env->ldt;
- else
- dt = &env->gdt;
- index = selector & ~7;
- if ((index + 7) > dt->limit)
+ if (load_segment(&e1, &e2, selector) != 0)
raise_exception_err(EXCP0D_GPF, selector & 0xfffc);
- ptr = dt->base + index;
- e1 = ldl(ptr);
- e2 = ldl(ptr + 4);
cpl = env->segs[R_CS].selector & 3;
if (e2 & DESC_S_MASK) {
if (!(e2 & DESC_CS_MASK))
@@ -530,22 +760,143 @@ void jmp_seg(int selector, unsigned int new_eip)
}
}
-/* XXX: do more */
+/* init the segment cache in vm86 mode */
+static inline void load_seg_vm(int seg, int selector)
+{
+ SegmentCache *sc = &env->segs[seg];
+ selector &= 0xffff;
+ sc->base = (uint8_t *)(selector << 4);
+ sc->selector = selector;
+ sc->flags = 0;
+ sc->limit = 0xffff;
+}
+
+/* protected mode iret */
+void helper_iret_protected(int shift)
+{
+ uint32_t sp, new_cs, new_eip, new_eflags, new_esp, new_ss;
+ uint32_t new_es, new_ds, new_fs, new_gs;
+ uint32_t e1, e2;
+ int cpl, dpl, rpl, eflags_mask;
+ uint8_t *ssp;
+
+ sp = env->regs[R_ESP];
+ if (!(env->segs[R_SS].flags & DESC_B_MASK))
+ sp &= 0xffff;
+ ssp = env->segs[R_SS].base + sp;
+ if (shift == 1) {
+ /* 32 bits */
+ new_eflags = ldl(ssp + 8);
+ new_cs = ldl(ssp + 4) & 0xffff;
+ new_eip = ldl(ssp);
+ if (new_eflags & VM_MASK)
+ goto return_to_vm86;
+ } else {
+ /* 16 bits */
+ new_eflags = lduw(ssp + 4);
+ new_cs = lduw(ssp + 2);
+ new_eip = lduw(ssp);
+ }
+ if ((new_cs & 0xfffc) == 0)
+ raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
+ if (load_segment(&e1, &e2, new_cs) != 0)
+ raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
+ if (!(e2 & DESC_S_MASK) ||
+ !(e2 & DESC_CS_MASK))
+ raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
+ cpl = env->segs[R_CS].selector & 3;
+ rpl = new_cs & 3;
+ if (rpl < cpl)
+ raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
+ dpl = (e2 >> DESC_DPL_SHIFT) & 3;
+ if (e2 & DESC_CS_MASK) {
+ if (dpl > rpl)
+ raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
+ } else {
+ if (dpl != rpl)
+ raise_exception_err(EXCP0D_GPF, new_cs & 0xfffc);
+ }
+ if (!(e2 & DESC_P_MASK))
+ raise_exception_err(EXCP0B_NOSEG, new_cs & 0xfffc);
+
+ if (rpl == cpl) {
+ /* return to same priledge level */
+ load_seg(R_CS, new_cs, env->eip);
+ new_esp = sp + (6 << shift);
+ } else {
+ /* return to differentr priviledge level */
+ if (shift == 1) {
+ /* 32 bits */
+ new_esp = ldl(ssp + 12);
+ new_ss = ldl(ssp + 16) & 0xffff;
+ } else {
+ /* 16 bits */
+ new_esp = lduw(ssp + 6);
+ new_ss = lduw(ssp + 8);
+ }
+
+ if ((new_ss & 3) != rpl)
+ raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
+ if (load_segment(&e1, &e2, new_ss) != 0)
+ raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
+ if (!(e2 & DESC_S_MASK) ||
+ (e2 & DESC_CS_MASK) ||
+ !(e2 & DESC_W_MASK))
+ raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
+ dpl = (e2 >> DESC_DPL_SHIFT) & 3;
+ if (dpl != rpl)
+ raise_exception_err(EXCP0D_GPF, new_ss & 0xfffc);
+ if (!(e2 & DESC_P_MASK))
+ raise_exception_err(EXCP0B_NOSEG, new_ss & 0xfffc);
+
+ load_seg(R_CS, new_cs, env->eip);
+ load_seg(R_SS, new_ss, env->eip);
+ }
+ if (env->segs[R_SS].flags & DESC_B_MASK)
+ env->regs[R_ESP] = new_esp;
+ else
+ env->regs[R_ESP] = (env->regs[R_ESP] & 0xffff0000) |
+ (new_esp & 0xffff);
+ env->eip = new_eip;
+ if (cpl == 0)
+ eflags_mask = FL_UPDATE_CPL0_MASK;
+ else
+ eflags_mask = FL_UPDATE_MASK32;
+ if (shift == 0)
+ eflags_mask &= 0xffff;
+ load_eflags(new_eflags, eflags_mask);
+ return;
+
+ return_to_vm86:
+ new_esp = ldl(ssp + 12);
+ new_ss = ldl(ssp + 16);
+ new_es = ldl(ssp + 20);
+ new_ds = ldl(ssp + 24);
+ new_fs = ldl(ssp + 28);
+ new_gs = ldl(ssp + 32);
+
+ /* modify processor state */
+ load_eflags(new_eflags, FL_UPDATE_CPL0_MASK | VM_MASK | VIF_MASK | VIP_MASK);
+ load_seg_vm(R_CS, new_cs);
+ load_seg_vm(R_SS, new_ss);
+ load_seg_vm(R_ES, new_es);
+ load_seg_vm(R_DS, new_ds);
+ load_seg_vm(R_FS, new_fs);
+ load_seg_vm(R_GS, new_gs);
+
+ env->eip = new_eip;
+ env->regs[R_ESP] = new_esp;
+}
+
void helper_movl_crN_T0(int reg)
{
+ env->cr[reg] = T0;
switch(reg) {
case 0:
- default:
- env->cr[0] = reg;
- break;
- case 2:
- env->cr[2] = reg;
+ cpu_x86_update_cr0(env);
break;
case 3:
- env->cr[3] = reg;
- break;
- case 4:
- env->cr[4] = reg;
+ cpu_x86_update_cr3(env);
break;
}
}
@@ -556,6 +907,11 @@ void helper_movl_drN_T0(int reg)
env->dr[reg] = T0;
}
+void helper_invlpg(unsigned int addr)
+{
+ cpu_x86_flush_tlb(env, addr);
+}
+
/* rdtsc */
#ifndef __i386__
uint64_t emu_time;
@@ -577,23 +933,12 @@ void helper_rdtsc(void)
void helper_lsl(void)
{
unsigned int selector, limit;
- SegmentCache *dt;
- int index;
uint32_t e1, e2;
- uint8_t *ptr;
CC_SRC = cc_table[CC_OP].compute_all() & ~CC_Z;
selector = T0 & 0xffff;
- if (selector & 0x4)
- dt = &env->ldt;
- else
- dt = &env->gdt;
- index = selector & ~7;
- if ((index + 7) > dt->limit)
+ if (load_segment(&e1, &e2, selector) != 0)
return;
- ptr = dt->base + index;
- e1 = ldl(ptr);
- e2 = ldl(ptr + 4);
limit = (e1 & 0xffff) | (e2 & 0x000f0000);
if (e2 & (1 << 23))
limit = (limit << 12) | 0xfff;
@@ -604,22 +949,12 @@ void helper_lsl(void)
void helper_lar(void)
{
unsigned int selector;
- SegmentCache *dt;
- int index;
- uint32_t e2;
- uint8_t *ptr;
+ uint32_t e1, e2;
CC_SRC = cc_table[CC_OP].compute_all() & ~CC_Z;
selector = T0 & 0xffff;
- if (selector & 0x4)
- dt = &env->ldt;
- else
- dt = &env->gdt;
- index = selector & ~7;
- if ((index + 7) > dt->limit)
+ if (load_segment(&e1, &e2, selector) != 0)
return;
- ptr = dt->base + index;
- e2 = ldl(ptr + 4);
T1 = e2 & 0x00f0ff00;
CC_SRC |= CC_Z;
}