aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/kvm/x86_emulate.c
diff options
context:
space:
mode:
authorAvi Kivity <avi@qumranet.com>2006-12-10 05:21:36 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-10 12:57:22 -0500
commit6aa8b732ca01c3d7a54e93f4d701b8aabbe60fb7 (patch)
tree23fcbe6f4918cacdae26d513a2bd13e91d8b4c38 /drivers/kvm/x86_emulate.c
parentf5f1a24a2caa299bb7d294aee92d7dd3410d9ed7 (diff)
[PATCH] kvm: userspace interface
web site: http://kvm.sourceforge.net mailing list: kvm-devel@lists.sourceforge.net (http://lists.sourceforge.net/lists/listinfo/kvm-devel) The following patchset adds a driver for Intel's hardware virtualization extensions to the x86 architecture. The driver adds a character device (/dev/kvm) that exposes the virtualization capabilities to userspace. Using this driver, a process can run a virtual machine (a "guest") in a fully virtualized PC containing its own virtual hard disks, network adapters, and display. Using this driver, one can start multiple virtual machines on a host. Each virtual machine is a process on the host; a virtual cpu is a thread in that process. kill(1), nice(1), top(1) work as expected. In effect, the driver adds a third execution mode to the existing two: we now have kernel mode, user mode, and guest mode. Guest mode has its own address space mapping guest physical memory (which is accessible to user mode by mmap()ing /dev/kvm). Guest mode has no access to any I/O devices; any such access is intercepted and directed to user mode for emulation. The driver supports i386 and x86_64 hosts and guests. All combinations are allowed except x86_64 guest on i386 host. For i386 guests and hosts, both pae and non-pae paging modes are supported. SMP hosts and UP guests are supported. At the moment only Intel hardware is supported, but AMD virtualization support is being worked on. Performance currently is non-stellar due to the naive implementation of the mmu virtualization, which throws away most of the shadow page table entries every context switch. We plan to address this in two ways: - cache shadow page tables across tlb flushes - wait until AMD and Intel release processors with nested page tables Currently a virtual desktop is responsive but consumes a lot of CPU. Under Windows I tried playing pinball and watching a few flash movies; with a recent CPU one can hardly feel the virtualization. Linux/X is slower, probably due to X being in a separate process. In addition to the driver, you need a slightly modified qemu to provide I/O device emulation and the BIOS. Caveats (akpm: might no longer be true): - The Windows install currently bluescreens due to a problem with the virtual APIC. We are working on a fix. A temporary workaround is to use an existing image or install through qemu - Windows 64-bit does not work. That's also true for qemu, so it's probably a problem with the device model. [bero@arklinux.org: build fix] [simon.kagstrom@bth.se: build fix, other fixes] [uril@qumranet.com: KVM: Expose interrupt bitmap] [akpm@osdl.org: i386 build fix] [mingo@elte.hu: i386 fixes] [rdreier@cisco.com: add log levels to all printks] [randy.dunlap@oracle.com: Fix sparse NULL and C99 struct init warnings] [anthony@codemonkey.ws: KVM: AMD SVM: 32-bit host support] Signed-off-by: Yaniv Kamay <yaniv@qumranet.com> Signed-off-by: Avi Kivity <avi@qumranet.com> Cc: Simon Kagstrom <simon.kagstrom@bth.se> Cc: Bernhard Rosenkraenzer <bero@arklinux.org> Signed-off-by: Uri Lublin <uril@qumranet.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Roland Dreier <rolandd@cisco.com> Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'drivers/kvm/x86_emulate.c')
-rw-r--r--drivers/kvm/x86_emulate.c1409
1 files changed, 1409 insertions, 0 deletions
diff --git a/drivers/kvm/x86_emulate.c b/drivers/kvm/x86_emulate.c
new file mode 100644
index 000000000000..7e838bf0592d
--- /dev/null
+++ b/drivers/kvm/x86_emulate.c
@@ -0,0 +1,1409 @@
1/******************************************************************************
2 * x86_emulate.c
3 *
4 * Generic x86 (32-bit and 64-bit) instruction decoder and emulator.
5 *
6 * Copyright (c) 2005 Keir Fraser
7 *
8 * Linux coding style, mod r/m decoder, segment base fixes, real-mode
9 * privieged instructions:
10 *
11 * Copyright (C) 2006 Qumranet
12 *
13 * Avi Kivity <avi@qumranet.com>
14 * Yaniv Kamay <yaniv@qumranet.com>
15 *
16 * This work is licensed under the terms of the GNU GPL, version 2. See
17 * the COPYING file in the top-level directory.
18 *
19 * From: xen-unstable 10676:af9809f51f81a3c43f276f00c81a52ef558afda4
20 */
21
22#ifndef __KERNEL__
23#include <stdio.h>
24#include <stdint.h>
25#include <public/xen.h>
26#define DPRINTF(_f, _a ...) printf( _f , ## _a )
27#else
28#include "kvm.h"
29#define DPRINTF(x...) do {} while (0)
30#endif
31#include "x86_emulate.h"
32#include <linux/module.h>
33
34/*
35 * Opcode effective-address decode tables.
36 * Note that we only emulate instructions that have at least one memory
37 * operand (excluding implicit stack references). We assume that stack
38 * references and instruction fetches will never occur in special memory
39 * areas that require emulation. So, for example, 'mov <imm>,<reg>' need
40 * not be handled.
41 */
42
43/* Operand sizes: 8-bit operands or specified/overridden size. */
44#define ByteOp (1<<0) /* 8-bit operands. */
45/* Destination operand type. */
46#define ImplicitOps (1<<1) /* Implicit in opcode. No generic decode. */
47#define DstReg (2<<1) /* Register operand. */
48#define DstMem (3<<1) /* Memory operand. */
49#define DstMask (3<<1)
50/* Source operand type. */
51#define SrcNone (0<<3) /* No source operand. */
52#define SrcImplicit (0<<3) /* Source operand is implicit in the opcode. */
53#define SrcReg (1<<3) /* Register operand. */
54#define SrcMem (2<<3) /* Memory operand. */
55#define SrcMem16 (3<<3) /* Memory operand (16-bit). */
56#define SrcMem32 (4<<3) /* Memory operand (32-bit). */
57#define SrcImm (5<<3) /* Immediate operand. */
58#define SrcImmByte (6<<3) /* 8-bit sign-extended immediate operand. */
59#define SrcMask (7<<3)
60/* Generic ModRM decode. */
61#define ModRM (1<<6)
62/* Destination is only written; never read. */
63#define Mov (1<<7)
64
65static u8 opcode_table[256] = {
66 /* 0x00 - 0x07 */
67 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
68 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
69 0, 0, 0, 0,
70 /* 0x08 - 0x0F */
71 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
72 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
73 0, 0, 0, 0,
74 /* 0x10 - 0x17 */
75 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
76 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
77 0, 0, 0, 0,
78 /* 0x18 - 0x1F */
79 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
80 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
81 0, 0, 0, 0,
82 /* 0x20 - 0x27 */
83 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
84 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
85 0, 0, 0, 0,
86 /* 0x28 - 0x2F */
87 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
88 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
89 0, 0, 0, 0,
90 /* 0x30 - 0x37 */
91 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
92 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
93 0, 0, 0, 0,
94 /* 0x38 - 0x3F */
95 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
96 ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
97 0, 0, 0, 0,
98 /* 0x40 - 0x4F */
99 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
100 /* 0x50 - 0x5F */
101 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
102 /* 0x60 - 0x6F */
103 0, 0, 0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 /* 0x70 - 0x7F */
106 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
107 /* 0x80 - 0x87 */
108 ByteOp | DstMem | SrcImm | ModRM, DstMem | SrcImm | ModRM,
109 ByteOp | DstMem | SrcImm | ModRM, DstMem | SrcImmByte | ModRM,
110 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
111 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
112 /* 0x88 - 0x8F */
113 ByteOp | DstMem | SrcReg | ModRM | Mov, DstMem | SrcReg | ModRM | Mov,
114 ByteOp | DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
115 0, 0, 0, DstMem | SrcNone | ModRM | Mov,
116 /* 0x90 - 0x9F */
117 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
118 /* 0xA0 - 0xA7 */
119 ByteOp | DstReg | SrcMem | Mov, DstReg | SrcMem | Mov,
120 ByteOp | DstMem | SrcReg | Mov, DstMem | SrcReg | Mov,
121 ByteOp | ImplicitOps | Mov, ImplicitOps | Mov,
122 ByteOp | ImplicitOps, ImplicitOps,
123 /* 0xA8 - 0xAF */
124 0, 0, ByteOp | ImplicitOps | Mov, ImplicitOps | Mov,
125 ByteOp | ImplicitOps | Mov, ImplicitOps | Mov,
126 ByteOp | ImplicitOps, ImplicitOps,
127 /* 0xB0 - 0xBF */
128 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
129 /* 0xC0 - 0xC7 */
130 ByteOp | DstMem | SrcImm | ModRM, DstMem | SrcImmByte | ModRM, 0, 0,
131 0, 0, ByteOp | DstMem | SrcImm | ModRM | Mov,
132 DstMem | SrcImm | ModRM | Mov,
133 /* 0xC8 - 0xCF */
134 0, 0, 0, 0, 0, 0, 0, 0,
135 /* 0xD0 - 0xD7 */
136 ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
137 ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
138 0, 0, 0, 0,
139 /* 0xD8 - 0xDF */
140 0, 0, 0, 0, 0, 0, 0, 0,
141 /* 0xE0 - 0xEF */
142 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
143 /* 0xF0 - 0xF7 */
144 0, 0, 0, 0,
145 0, 0, ByteOp | DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
146 /* 0xF8 - 0xFF */
147 0, 0, 0, 0,
148 0, 0, ByteOp | DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM
149};
150
151static u8 twobyte_table[256] = {
152 /* 0x00 - 0x0F */
153 0, SrcMem | ModRM | DstReg, 0, 0, 0, 0, ImplicitOps, 0,
154 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0,
155 /* 0x10 - 0x1F */
156 0, 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0,
157 /* 0x20 - 0x2F */
158 ModRM | ImplicitOps, ModRM, ModRM | ImplicitOps, ModRM, 0, 0, 0, 0,
159 0, 0, 0, 0, 0, 0, 0, 0,
160 /* 0x30 - 0x3F */
161 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
162 /* 0x40 - 0x47 */
163 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
164 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
165 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
166 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
167 /* 0x48 - 0x4F */
168 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
169 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
170 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
171 DstReg | SrcMem | ModRM | Mov, DstReg | SrcMem | ModRM | Mov,
172 /* 0x50 - 0x5F */
173 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
174 /* 0x60 - 0x6F */
175 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
176 /* 0x70 - 0x7F */
177 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
178 /* 0x80 - 0x8F */
179 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
180 /* 0x90 - 0x9F */
181 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
182 /* 0xA0 - 0xA7 */
183 0, 0, 0, DstMem | SrcReg | ModRM, 0, 0, 0, 0,
184 /* 0xA8 - 0xAF */
185 0, 0, 0, DstMem | SrcReg | ModRM, 0, 0, 0, 0,
186 /* 0xB0 - 0xB7 */
187 ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM, 0,
188 DstMem | SrcReg | ModRM,
189 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
190 DstReg | SrcMem16 | ModRM | Mov,
191 /* 0xB8 - 0xBF */
192 0, 0, DstMem | SrcImmByte | ModRM, DstMem | SrcReg | ModRM,
193 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
194 DstReg | SrcMem16 | ModRM | Mov,
195 /* 0xC0 - 0xCF */
196 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0, 0,
197 /* 0xD0 - 0xDF */
198 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
199 /* 0xE0 - 0xEF */
200 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
201 /* 0xF0 - 0xFF */
202 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
203};
204
205/*
206 * Tell the emulator that of the Group 7 instructions (sgdt, lidt, etc.) we
207 * are interested only in invlpg and not in any of the rest.
208 *
209 * invlpg is a special instruction in that the data it references may not
210 * be mapped.
211 */
212void kvm_emulator_want_group7_invlpg(void)
213{
214 twobyte_table[1] &= ~SrcMem;
215}
216EXPORT_SYMBOL_GPL(kvm_emulator_want_group7_invlpg);
217
218/* Type, address-of, and value of an instruction's operand. */
219struct operand {
220 enum { OP_REG, OP_MEM, OP_IMM } type;
221 unsigned int bytes;
222 unsigned long val, orig_val, *ptr;
223};
224
225/* EFLAGS bit definitions. */
226#define EFLG_OF (1<<11)
227#define EFLG_DF (1<<10)
228#define EFLG_SF (1<<7)
229#define EFLG_ZF (1<<6)
230#define EFLG_AF (1<<4)
231#define EFLG_PF (1<<2)
232#define EFLG_CF (1<<0)
233
234/*
235 * Instruction emulation:
236 * Most instructions are emulated directly via a fragment of inline assembly
237 * code. This allows us to save/restore EFLAGS and thus very easily pick up
238 * any modified flags.
239 */
240
241#if defined(__x86_64__)
242#define _LO32 "k" /* force 32-bit operand */
243#define _STK "%%rsp" /* stack pointer */
244#elif defined(__i386__)
245#define _LO32 "" /* force 32-bit operand */
246#define _STK "%%esp" /* stack pointer */
247#endif
248
249/*
250 * These EFLAGS bits are restored from saved value during emulation, and
251 * any changes are written back to the saved value after emulation.
252 */
253#define EFLAGS_MASK (EFLG_OF|EFLG_SF|EFLG_ZF|EFLG_AF|EFLG_PF|EFLG_CF)
254
255/* Before executing instruction: restore necessary bits in EFLAGS. */
256#define _PRE_EFLAGS(_sav, _msk, _tmp) \
257 /* EFLAGS = (_sav & _msk) | (EFLAGS & ~_msk); */ \
258 "push %"_sav"; " \
259 "movl %"_msk",%"_LO32 _tmp"; " \
260 "andl %"_LO32 _tmp",("_STK"); " \
261 "pushf; " \
262 "notl %"_LO32 _tmp"; " \
263 "andl %"_LO32 _tmp",("_STK"); " \
264 "pop %"_tmp"; " \
265 "orl %"_LO32 _tmp",("_STK"); " \
266 "popf; " \
267 /* _sav &= ~msk; */ \
268 "movl %"_msk",%"_LO32 _tmp"; " \
269 "notl %"_LO32 _tmp"; " \
270 "andl %"_LO32 _tmp",%"_sav"; "
271
272/* After executing instruction: write-back necessary bits in EFLAGS. */
273#define _POST_EFLAGS(_sav, _msk, _tmp) \
274 /* _sav |= EFLAGS & _msk; */ \
275 "pushf; " \
276 "pop %"_tmp"; " \
277 "andl %"_msk",%"_LO32 _tmp"; " \
278 "orl %"_LO32 _tmp",%"_sav"; "
279
280/* Raw emulation: instruction has two explicit operands. */
281#define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
282 do { \
283 unsigned long _tmp; \
284 \
285 switch ((_dst).bytes) { \
286 case 2: \
287 __asm__ __volatile__ ( \
288 _PRE_EFLAGS("0","4","2") \
289 _op"w %"_wx"3,%1; " \
290 _POST_EFLAGS("0","4","2") \
291 : "=m" (_eflags), "=m" ((_dst).val), \
292 "=&r" (_tmp) \
293 : _wy ((_src).val), "i" (EFLAGS_MASK) ); \
294 break; \
295 case 4: \
296 __asm__ __volatile__ ( \
297 _PRE_EFLAGS("0","4","2") \
298 _op"l %"_lx"3,%1; " \
299 _POST_EFLAGS("0","4","2") \
300 : "=m" (_eflags), "=m" ((_dst).val), \
301 "=&r" (_tmp) \
302 : _ly ((_src).val), "i" (EFLAGS_MASK) ); \
303 break; \
304 case 8: \
305 __emulate_2op_8byte(_op, _src, _dst, \
306 _eflags, _qx, _qy); \
307 break; \
308 } \
309 } while (0)
310
311#define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
312 do { \
313 unsigned long _tmp; \
314 switch ( (_dst).bytes ) \
315 { \
316 case 1: \
317 __asm__ __volatile__ ( \
318 _PRE_EFLAGS("0","4","2") \
319 _op"b %"_bx"3,%1; " \
320 _POST_EFLAGS("0","4","2") \
321 : "=m" (_eflags), "=m" ((_dst).val), \
322 "=&r" (_tmp) \
323 : _by ((_src).val), "i" (EFLAGS_MASK) ); \
324 break; \
325 default: \
326 __emulate_2op_nobyte(_op, _src, _dst, _eflags, \
327 _wx, _wy, _lx, _ly, _qx, _qy); \
328 break; \
329 } \
330 } while (0)
331
332/* Source operand is byte-sized and may be restricted to just %cl. */
333#define emulate_2op_SrcB(_op, _src, _dst, _eflags) \
334 __emulate_2op(_op, _src, _dst, _eflags, \
335 "b", "c", "b", "c", "b", "c", "b", "c")
336
337/* Source operand is byte, word, long or quad sized. */
338#define emulate_2op_SrcV(_op, _src, _dst, _eflags) \
339 __emulate_2op(_op, _src, _dst, _eflags, \
340 "b", "q", "w", "r", _LO32, "r", "", "r")
341
342/* Source operand is word, long or quad sized. */
343#define emulate_2op_SrcV_nobyte(_op, _src, _dst, _eflags) \
344 __emulate_2op_nobyte(_op, _src, _dst, _eflags, \
345 "w", "r", _LO32, "r", "", "r")
346
347/* Instruction has only one explicit operand (no source operand). */
348#define emulate_1op(_op, _dst, _eflags) \
349 do { \
350 unsigned long _tmp; \
351 \
352 switch ( (_dst).bytes ) \
353 { \
354 case 1: \
355 __asm__ __volatile__ ( \
356 _PRE_EFLAGS("0","3","2") \
357 _op"b %1; " \
358 _POST_EFLAGS("0","3","2") \
359 : "=m" (_eflags), "=m" ((_dst).val), \
360 "=&r" (_tmp) \
361 : "i" (EFLAGS_MASK) ); \
362 break; \
363 case 2: \
364 __asm__ __volatile__ ( \
365 _PRE_EFLAGS("0","3","2") \
366 _op"w %1; " \
367 _POST_EFLAGS("0","3","2") \
368 : "=m" (_eflags), "=m" ((_dst).val), \
369 "=&r" (_tmp) \
370 : "i" (EFLAGS_MASK) ); \
371 break; \
372 case 4: \
373 __asm__ __volatile__ ( \
374 _PRE_EFLAGS("0","3","2") \
375 _op"l %1; " \
376 _POST_EFLAGS("0","3","2") \
377 : "=m" (_eflags), "=m" ((_dst).val), \
378 "=&r" (_tmp) \
379 : "i" (EFLAGS_MASK) ); \
380 break; \
381 case 8: \
382 __emulate_1op_8byte(_op, _dst, _eflags); \
383 break; \
384 } \
385 } while (0)
386
387/* Emulate an instruction with quadword operands (x86/64 only). */
388#if defined(__x86_64__)
389#define __emulate_2op_8byte(_op, _src, _dst, _eflags, _qx, _qy) \
390 do { \
391 __asm__ __volatile__ ( \
392 _PRE_EFLAGS("0","4","2") \
393 _op"q %"_qx"3,%1; " \
394 _POST_EFLAGS("0","4","2") \
395 : "=m" (_eflags), "=m" ((_dst).val), "=&r" (_tmp) \
396 : _qy ((_src).val), "i" (EFLAGS_MASK) ); \
397 } while (0)
398
399#define __emulate_1op_8byte(_op, _dst, _eflags) \
400 do { \
401 __asm__ __volatile__ ( \
402 _PRE_EFLAGS("0","3","2") \
403 _op"q %1; " \
404 _POST_EFLAGS("0","3","2") \
405 : "=m" (_eflags), "=m" ((_dst).val), "=&r" (_tmp) \
406 : "i" (EFLAGS_MASK) ); \
407 } while (0)
408
409#elif defined(__i386__)
410#define __emulate_2op_8byte(_op, _src, _dst, _eflags, _qx, _qy)
411#define __emulate_1op_8byte(_op, _dst, _eflags)
412#endif /* __i386__ */
413
414/* Fetch next part of the instruction being emulated. */
415#define insn_fetch(_type, _size, _eip) \
416({ unsigned long _x; \
417 rc = ops->read_std((unsigned long)(_eip) + ctxt->cs_base, &_x, \
418 (_size), ctxt); \
419 if ( rc != 0 ) \
420 goto done; \
421 (_eip) += (_size); \
422 (_type)_x; \
423})
424
425/* Access/update address held in a register, based on addressing mode. */
426#define register_address(base, reg) \
427 ((base) + ((ad_bytes == sizeof(unsigned long)) ? (reg) : \
428 ((reg) & ((1UL << (ad_bytes << 3)) - 1))))
429
430#define register_address_increment(reg, inc) \
431 do { \
432 /* signed type ensures sign extension to long */ \
433 int _inc = (inc); \
434 if ( ad_bytes == sizeof(unsigned long) ) \
435 (reg) += _inc; \
436 else \
437 (reg) = ((reg) & ~((1UL << (ad_bytes << 3)) - 1)) | \
438 (((reg) + _inc) & ((1UL << (ad_bytes << 3)) - 1)); \
439 } while (0)
440
441void *decode_register(u8 modrm_reg, unsigned long *regs,
442 int highbyte_regs)
443{
444 void *p;
445
446 p = &regs[modrm_reg];
447 if (highbyte_regs && modrm_reg >= 4 && modrm_reg < 8)
448 p = (unsigned char *)&regs[modrm_reg & 3] + 1;
449 return p;
450}
451
452static int read_descriptor(struct x86_emulate_ctxt *ctxt,
453 struct x86_emulate_ops *ops,
454 void *ptr,
455 u16 *size, unsigned long *address, int op_bytes)
456{
457 int rc;
458
459 if (op_bytes == 2)
460 op_bytes = 3;
461 *address = 0;
462 rc = ops->read_std((unsigned long)ptr, (unsigned long *)size, 2, ctxt);
463 if (rc)
464 return rc;
465 rc = ops->read_std((unsigned long)ptr + 2, address, op_bytes, ctxt);
466 return rc;
467}
468
469int
470x86_emulate_memop(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
471{
472 u8 b, d, sib, twobyte = 0, rex_prefix = 0;
473 u8 modrm, modrm_mod = 0, modrm_reg = 0, modrm_rm = 0;
474 unsigned long *override_base = NULL;
475 unsigned int op_bytes, ad_bytes, lock_prefix = 0, rep_prefix = 0, i;
476 int rc = 0;
477 struct operand src, dst;
478 unsigned long cr2 = ctxt->cr2;
479 int mode = ctxt->mode;
480 unsigned long modrm_ea;
481 int use_modrm_ea, index_reg = 0, base_reg = 0, scale, rip_relative = 0;
482
483 /* Shadow copy of register state. Committed on successful emulation. */
484 unsigned long _regs[NR_VCPU_REGS];
485 unsigned long _eip = ctxt->vcpu->rip, _eflags = ctxt->eflags;
486 unsigned long modrm_val = 0;
487
488 memcpy(_regs, ctxt->vcpu->regs, sizeof _regs);
489
490 switch (mode) {
491 case X86EMUL_MODE_REAL:
492 case X86EMUL_MODE_PROT16:
493 op_bytes = ad_bytes = 2;
494 break;
495 case X86EMUL_MODE_PROT32:
496 op_bytes = ad_bytes = 4;
497 break;
498#ifdef __x86_64__
499 case X86EMUL_MODE_PROT64:
500 op_bytes = 4;
501 ad_bytes = 8;
502 break;
503#endif
504 default:
505 return -1;
506 }
507
508 /* Legacy prefixes. */
509 for (i = 0; i < 8; i++) {
510 switch (b = insn_fetch(u8, 1, _eip)) {
511 case 0x66: /* operand-size override */
512 op_bytes ^= 6; /* switch between 2/4 bytes */
513 break;
514 case 0x67: /* address-size override */
515 if (mode == X86EMUL_MODE_PROT64)
516 ad_bytes ^= 12; /* switch between 4/8 bytes */
517 else
518 ad_bytes ^= 6; /* switch between 2/4 bytes */
519 break;
520 case 0x2e: /* CS override */
521 override_base = &ctxt->cs_base;
522 break;
523 case 0x3e: /* DS override */
524 override_base = &ctxt->ds_base;
525 break;
526 case 0x26: /* ES override */
527 override_base = &ctxt->es_base;
528 break;
529 case 0x64: /* FS override */
530 override_base = &ctxt->fs_base;
531 break;
532 case 0x65: /* GS override */
533 override_base = &ctxt->gs_base;
534 break;
535 case 0x36: /* SS override */
536 override_base = &ctxt->ss_base;
537 break;
538 case 0xf0: /* LOCK */
539 lock_prefix = 1;
540 break;
541 case 0xf3: /* REP/REPE/REPZ */
542 rep_prefix = 1;
543 break;
544 case 0xf2: /* REPNE/REPNZ */
545 break;
546 default:
547 goto done_prefixes;
548 }
549 }
550
551done_prefixes:
552
553 /* REX prefix. */
554 if ((mode == X86EMUL_MODE_PROT64) && ((b & 0xf0) == 0x40)) {
555 rex_prefix = b;
556 if (b & 8)
557 op_bytes = 8; /* REX.W */
558 modrm_reg = (b & 4) << 1; /* REX.R */
559 index_reg = (b & 2) << 2; /* REX.X */
560 modrm_rm = base_reg = (b & 1) << 3; /* REG.B */
561 b = insn_fetch(u8, 1, _eip);
562 }
563
564 /* Opcode byte(s). */
565 d = opcode_table[b];
566 if (d == 0) {
567 /* Two-byte opcode? */
568 if (b == 0x0f) {
569 twobyte = 1;
570 b = insn_fetch(u8, 1, _eip);
571 d = twobyte_table[b];
572 }
573
574 /* Unrecognised? */
575 if (d == 0)
576 goto cannot_emulate;
577 }
578
579 /* ModRM and SIB bytes. */
580 if (d & ModRM) {
581 modrm = insn_fetch(u8, 1, _eip);
582 modrm_mod |= (modrm & 0xc0) >> 6;
583 modrm_reg |= (modrm & 0x38) >> 3;
584 modrm_rm |= (modrm & 0x07);
585 modrm_ea = 0;
586 use_modrm_ea = 1;
587
588 if (modrm_mod == 3) {
589 modrm_val = *(unsigned long *)
590 decode_register(modrm_rm, _regs, d & ByteOp);
591 goto modrm_done;
592 }
593
594 if (ad_bytes == 2) {
595 unsigned bx = _regs[VCPU_REGS_RBX];
596 unsigned bp = _regs[VCPU_REGS_RBP];
597 unsigned si = _regs[VCPU_REGS_RSI];
598 unsigned di = _regs[VCPU_REGS_RDI];
599
600 /* 16-bit ModR/M decode. */
601 switch (modrm_mod) {
602 case 0:
603 if (modrm_rm == 6)
604 modrm_ea += insn_fetch(u16, 2, _eip);
605 break;
606 case 1:
607 modrm_ea += insn_fetch(s8, 1, _eip);
608 break;
609 case 2:
610 modrm_ea += insn_fetch(u16, 2, _eip);
611 break;
612 }
613 switch (modrm_rm) {
614 case 0:
615 modrm_ea += bx + si;
616 break;
617 case 1:
618 modrm_ea += bx + di;
619 break;
620 case 2:
621 modrm_ea += bp + si;
622 break;
623 case 3:
624 modrm_ea += bp + di;
625 break;
626 case 4:
627 modrm_ea += si;
628 break;
629 case 5:
630 modrm_ea += di;
631 break;
632 case 6:
633 if (modrm_mod != 0)
634 modrm_ea += bp;
635 break;
636 case 7:
637 modrm_ea += bx;
638 break;
639 }
640 if (modrm_rm == 2 || modrm_rm == 3 ||
641 (modrm_rm == 6 && modrm_mod != 0))
642 if (!override_base)
643 override_base = &ctxt->ss_base;
644 modrm_ea = (u16)modrm_ea;
645 } else {
646 /* 32/64-bit ModR/M decode. */
647 switch (modrm_rm) {
648 case 4:
649 case 12:
650 sib = insn_fetch(u8, 1, _eip);
651 index_reg |= (sib >> 3) & 7;
652 base_reg |= sib & 7;
653 scale = sib >> 6;
654
655 switch (base_reg) {
656 case 5:
657 if (modrm_mod != 0)
658 modrm_ea += _regs[base_reg];
659 else
660 modrm_ea += insn_fetch(s32, 4, _eip);
661 break;
662 default:
663 modrm_ea += _regs[base_reg];
664 }
665 switch (index_reg) {
666 case 4:
667 break;
668 default:
669 modrm_ea += _regs[index_reg] << scale;
670
671 }
672 break;
673 case 5:
674 if (modrm_mod != 0)
675 modrm_ea += _regs[modrm_rm];
676 else if (mode == X86EMUL_MODE_PROT64)
677 rip_relative = 1;
678 break;
679 default:
680 modrm_ea += _regs[modrm_rm];
681 break;
682 }
683 switch (modrm_mod) {
684 case 0:
685 if (modrm_rm == 5)
686 modrm_ea += insn_fetch(s32, 4, _eip);
687 break;
688 case 1:
689 modrm_ea += insn_fetch(s8, 1, _eip);
690 break;
691 case 2:
692 modrm_ea += insn_fetch(s32, 4, _eip);
693 break;
694 }
695 }
696 if (!override_base)
697 override_base = &ctxt->ds_base;
698 if (mode == X86EMUL_MODE_PROT64 &&
699 override_base != &ctxt->fs_base &&
700 override_base != &ctxt->gs_base)
701 override_base = NULL;
702
703 if (override_base)
704 modrm_ea += *override_base;
705
706 if (rip_relative) {
707 modrm_ea += _eip;
708 switch (d & SrcMask) {
709 case SrcImmByte:
710 modrm_ea += 1;
711 break;
712 case SrcImm:
713 if (d & ByteOp)
714 modrm_ea += 1;
715 else
716 if (op_bytes == 8)
717 modrm_ea += 4;
718 else
719 modrm_ea += op_bytes;
720 }
721 }
722 if (ad_bytes != 8)
723 modrm_ea = (u32)modrm_ea;
724 cr2 = modrm_ea;
725 modrm_done:
726 ;
727 }
728
729 /* Decode and fetch the destination operand: register or memory. */
730 switch (d & DstMask) {
731 case ImplicitOps:
732 /* Special instructions do their own operand decoding. */
733 goto special_insn;
734 case DstReg:
735 dst.type = OP_REG;
736 if ((d & ByteOp)
737 && !(twobyte_table && (b == 0xb6 || b == 0xb7))) {
738 dst.ptr = decode_register(modrm_reg, _regs,
739 (rex_prefix == 0));
740 dst.val = *(u8 *) dst.ptr;
741 dst.bytes = 1;
742 } else {
743 dst.ptr = decode_register(modrm_reg, _regs, 0);
744 switch ((dst.bytes = op_bytes)) {
745 case 2:
746 dst.val = *(u16 *)dst.ptr;
747 break;
748 case 4:
749 dst.val = *(u32 *)dst.ptr;
750 break;
751 case 8:
752 dst.val = *(u64 *)dst.ptr;
753 break;
754 }
755 }
756 break;
757 case DstMem:
758 dst.type = OP_MEM;
759 dst.ptr = (unsigned long *)cr2;
760 dst.bytes = (d & ByteOp) ? 1 : op_bytes;
761 if (!(d & Mov) && /* optimisation - avoid slow emulated read */
762 ((rc = ops->read_emulated((unsigned long)dst.ptr,
763 &dst.val, dst.bytes, ctxt)) != 0))
764 goto done;
765 break;
766 }
767 dst.orig_val = dst.val;
768
769 /*
770 * Decode and fetch the source operand: register, memory
771 * or immediate.
772 */
773 switch (d & SrcMask) {
774 case SrcNone:
775 break;
776 case SrcReg:
777 src.type = OP_REG;
778 if (d & ByteOp) {
779 src.ptr = decode_register(modrm_reg, _regs,
780 (rex_prefix == 0));
781 src.val = src.orig_val = *(u8 *) src.ptr;
782 src.bytes = 1;
783 } else {
784 src.ptr = decode_register(modrm_reg, _regs, 0);
785 switch ((src.bytes = op_bytes)) {
786 case 2:
787 src.val = src.orig_val = *(u16 *) src.ptr;
788 break;
789 case 4:
790 src.val = src.orig_val = *(u32 *) src.ptr;
791 break;
792 case 8:
793 src.val = src.orig_val = *(u64 *) src.ptr;
794 break;
795 }
796 }
797 break;
798 case SrcMem16:
799 src.bytes = 2;
800 goto srcmem_common;
801 case SrcMem32:
802 src.bytes = 4;
803 goto srcmem_common;
804 case SrcMem:
805 src.bytes = (d & ByteOp) ? 1 : op_bytes;
806 srcmem_common:
807 src.type = OP_MEM;
808 src.ptr = (unsigned long *)cr2;
809 if ((rc = ops->read_emulated((unsigned long)src.ptr,
810 &src.val, src.bytes, ctxt)) != 0)
811 goto done;
812 src.orig_val = src.val;
813 break;
814 case SrcImm:
815 src.type = OP_IMM;
816 src.ptr = (unsigned long *)_eip;
817 src.bytes = (d & ByteOp) ? 1 : op_bytes;
818 if (src.bytes == 8)
819 src.bytes = 4;
820 /* NB. Immediates are sign-extended as necessary. */
821 switch (src.bytes) {
822 case 1:
823 src.val = insn_fetch(s8, 1, _eip);
824 break;
825 case 2:
826 src.val = insn_fetch(s16, 2, _eip);
827 break;
828 case 4:
829 src.val = insn_fetch(s32, 4, _eip);
830 break;
831 }
832 break;
833 case SrcImmByte:
834 src.type = OP_IMM;
835 src.ptr = (unsigned long *)_eip;
836 src.bytes = 1;
837 src.val = insn_fetch(s8, 1, _eip);
838 break;
839 }
840
841 if (twobyte)
842 goto twobyte_insn;
843
844 switch (b) {
845 case 0x00 ... 0x05:
846 add: /* add */
847 emulate_2op_SrcV("add", src, dst, _eflags);
848 break;
849 case 0x08 ... 0x0d:
850 or: /* or */
851 emulate_2op_SrcV("or", src, dst, _eflags);
852 break;
853 case 0x10 ... 0x15:
854 adc: /* adc */
855 emulate_2op_SrcV("adc", src, dst, _eflags);
856 break;
857 case 0x18 ... 0x1d:
858 sbb: /* sbb */
859 emulate_2op_SrcV("sbb", src, dst, _eflags);
860 break;
861 case 0x20 ... 0x25:
862 and: /* and */
863 emulate_2op_SrcV("and", src, dst, _eflags);
864 break;
865 case 0x28 ... 0x2d:
866 sub: /* sub */
867 emulate_2op_SrcV("sub", src, dst, _eflags);
868 break;
869 case 0x30 ... 0x35:
870 xor: /* xor */
871 emulate_2op_SrcV("xor", src, dst, _eflags);
872 break;
873 case 0x38 ... 0x3d:
874 cmp: /* cmp */
875 emulate_2op_SrcV("cmp", src, dst, _eflags);
876 break;
877 case 0x63: /* movsxd */
878 if (mode != X86EMUL_MODE_PROT64)
879 goto cannot_emulate;
880 dst.val = (s32) src.val;
881 break;
882 case 0x80 ... 0x83: /* Grp1 */
883 switch (modrm_reg) {
884 case 0:
885 goto add;
886 case 1:
887 goto or;
888 case 2:
889 goto adc;
890 case 3:
891 goto sbb;
892 case 4:
893 goto and;
894 case 5:
895 goto sub;
896 case 6:
897 goto xor;
898 case 7:
899 goto cmp;
900 }
901 break;
902 case 0x84 ... 0x85:
903 test: /* test */
904 emulate_2op_SrcV("test", src, dst, _eflags);
905 break;
906 case 0x86 ... 0x87: /* xchg */
907 /* Write back the register source. */
908 switch (dst.bytes) {
909 case 1:
910 *(u8 *) src.ptr = (u8) dst.val;
911 break;
912 case 2:
913 *(u16 *) src.ptr = (u16) dst.val;
914 break;
915 case 4:
916 *src.ptr = (u32) dst.val;
917 break; /* 64b reg: zero-extend */
918 case 8:
919 *src.ptr = dst.val;
920 break;
921 }
922 /*
923 * Write back the memory destination with implicit LOCK
924 * prefix.
925 */
926 dst.val = src.val;
927 lock_prefix = 1;
928 break;
929 case 0xa0 ... 0xa1: /* mov */
930 dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
931 dst.val = src.val;
932 _eip += ad_bytes; /* skip src displacement */
933 break;
934 case 0xa2 ... 0xa3: /* mov */
935 dst.val = (unsigned long)_regs[VCPU_REGS_RAX];
936 _eip += ad_bytes; /* skip dst displacement */
937 break;
938 case 0x88 ... 0x8b: /* mov */
939 case 0xc6 ... 0xc7: /* mov (sole member of Grp11) */
940 dst.val = src.val;
941 break;
942 case 0x8f: /* pop (sole member of Grp1a) */
943 /* 64-bit mode: POP always pops a 64-bit operand. */
944 if (mode == X86EMUL_MODE_PROT64)
945 dst.bytes = 8;
946 if ((rc = ops->read_std(register_address(ctxt->ss_base,
947 _regs[VCPU_REGS_RSP]),
948 &dst.val, dst.bytes, ctxt)) != 0)
949 goto done;
950 register_address_increment(_regs[VCPU_REGS_RSP], dst.bytes);
951 break;
952 case 0xc0 ... 0xc1:
953 grp2: /* Grp2 */
954 switch (modrm_reg) {
955 case 0: /* rol */
956 emulate_2op_SrcB("rol", src, dst, _eflags);
957 break;
958 case 1: /* ror */
959 emulate_2op_SrcB("ror", src, dst, _eflags);
960 break;
961 case 2: /* rcl */
962 emulate_2op_SrcB("rcl", src, dst, _eflags);
963 break;
964 case 3: /* rcr */
965 emulate_2op_SrcB("rcr", src, dst, _eflags);
966 break;
967 case 4: /* sal/shl */
968 case 6: /* sal/shl */
969 emulate_2op_SrcB("sal", src, dst, _eflags);
970 break;
971 case 5: /* shr */
972 emulate_2op_SrcB("shr", src, dst, _eflags);
973 break;
974 case 7: /* sar */
975 emulate_2op_SrcB("sar", src, dst, _eflags);
976 break;
977 }
978 break;
979 case 0xd0 ... 0xd1: /* Grp2 */
980 src.val = 1;
981 goto grp2;
982 case 0xd2 ... 0xd3: /* Grp2 */
983 src.val = _regs[VCPU_REGS_RCX];
984 goto grp2;
985 case 0xf6 ... 0xf7: /* Grp3 */
986 switch (modrm_reg) {
987 case 0 ... 1: /* test */
988 /*
989 * Special case in Grp3: test has an immediate
990 * source operand.
991 */
992 src.type = OP_IMM;
993 src.ptr = (unsigned long *)_eip;
994 src.bytes = (d & ByteOp) ? 1 : op_bytes;
995 if (src.bytes == 8)
996 src.bytes = 4;
997 switch (src.bytes) {
998 case 1:
999 src.val = insn_fetch(s8, 1, _eip);
1000 break;
1001 case 2:
1002 src.val = insn_fetch(s16, 2, _eip);
1003 break;
1004 case 4:
1005 src.val = insn_fetch(s32, 4, _eip);
1006 break;
1007 }
1008 goto test;
1009 case 2: /* not */
1010 dst.val = ~dst.val;
1011 break;
1012 case 3: /* neg */
1013 emulate_1op("neg", dst, _eflags);
1014 break;
1015 default:
1016 goto cannot_emulate;
1017 }
1018 break;
1019 case 0xfe ... 0xff: /* Grp4/Grp5 */
1020 switch (modrm_reg) {
1021 case 0: /* inc */
1022 emulate_1op("inc", dst, _eflags);
1023 break;
1024 case 1: /* dec */
1025 emulate_1op("dec", dst, _eflags);
1026 break;
1027 case 6: /* push */
1028 /* 64-bit mode: PUSH always pushes a 64-bit operand. */
1029 if (mode == X86EMUL_MODE_PROT64) {
1030 dst.bytes = 8;
1031 if ((rc = ops->read_std((unsigned long)dst.ptr,
1032 &dst.val, 8,
1033 ctxt)) != 0)
1034 goto done;
1035 }
1036 register_address_increment(_regs[VCPU_REGS_RSP],
1037 -dst.bytes);
1038 if ((rc = ops->write_std(
1039 register_address(ctxt->ss_base,
1040 _regs[VCPU_REGS_RSP]),
1041 dst.val, dst.bytes, ctxt)) != 0)
1042 goto done;
1043 dst.val = dst.orig_val; /* skanky: disable writeback */
1044 break;
1045 default:
1046 goto cannot_emulate;
1047 }
1048 break;
1049 }
1050
1051writeback:
1052 if ((d & Mov) || (dst.orig_val != dst.val)) {
1053 switch (dst.type) {
1054 case OP_REG:
1055 /* The 4-byte case *is* correct: in 64-bit mode we zero-extend. */
1056 switch (dst.bytes) {
1057 case 1:
1058 *(u8 *)dst.ptr = (u8)dst.val;
1059 break;
1060 case 2:
1061 *(u16 *)dst.ptr = (u16)dst.val;
1062 break;
1063 case 4:
1064 *dst.ptr = (u32)dst.val;
1065 break; /* 64b: zero-ext */
1066 case 8:
1067 *dst.ptr = dst.val;
1068 break;
1069 }
1070 break;
1071 case OP_MEM:
1072 if (lock_prefix)
1073 rc = ops->cmpxchg_emulated((unsigned long)dst.
1074 ptr, dst.orig_val,
1075 dst.val, dst.bytes,
1076 ctxt);
1077 else
1078 rc = ops->write_emulated((unsigned long)dst.ptr,
1079 dst.val, dst.bytes,
1080 ctxt);
1081 if (rc != 0)
1082 goto done;
1083 default:
1084 break;
1085 }
1086 }
1087
1088 /* Commit shadow register state. */
1089 memcpy(ctxt->vcpu->regs, _regs, sizeof _regs);
1090 ctxt->eflags = _eflags;
1091 ctxt->vcpu->rip = _eip;
1092
1093done:
1094 return (rc == X86EMUL_UNHANDLEABLE) ? -1 : 0;
1095
1096special_insn:
1097 if (twobyte)
1098 goto twobyte_special_insn;
1099 if (rep_prefix) {
1100 if (_regs[VCPU_REGS_RCX] == 0) {
1101 ctxt->vcpu->rip = _eip;
1102 goto done;
1103 }
1104 _regs[VCPU_REGS_RCX]--;
1105 _eip = ctxt->vcpu->rip;
1106 }
1107 switch (b) {
1108 case 0xa4 ... 0xa5: /* movs */
1109 dst.type = OP_MEM;
1110 dst.bytes = (d & ByteOp) ? 1 : op_bytes;
1111 dst.ptr = (unsigned long *)register_address(ctxt->es_base,
1112 _regs[VCPU_REGS_RDI]);
1113 if ((rc = ops->read_emulated(register_address(
1114 override_base ? *override_base : ctxt->ds_base,
1115 _regs[VCPU_REGS_RSI]), &dst.val, dst.bytes, ctxt)) != 0)
1116 goto done;
1117 register_address_increment(_regs[VCPU_REGS_RSI],
1118 (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
1119 register_address_increment(_regs[VCPU_REGS_RDI],
1120 (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
1121 break;
1122 case 0xa6 ... 0xa7: /* cmps */
1123 DPRINTF("Urk! I don't handle CMPS.\n");
1124 goto cannot_emulate;
1125 case 0xaa ... 0xab: /* stos */
1126 dst.type = OP_MEM;
1127 dst.bytes = (d & ByteOp) ? 1 : op_bytes;
1128 dst.ptr = (unsigned long *)cr2;
1129 dst.val = _regs[VCPU_REGS_RAX];
1130 register_address_increment(_regs[VCPU_REGS_RDI],
1131 (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
1132 break;
1133 case 0xac ... 0xad: /* lods */
1134 dst.type = OP_REG;
1135 dst.bytes = (d & ByteOp) ? 1 : op_bytes;
1136 dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
1137 if ((rc = ops->read_emulated(cr2, &dst.val, dst.bytes, ctxt)) != 0)
1138 goto done;
1139 register_address_increment(_regs[VCPU_REGS_RSI],
1140 (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
1141 break;
1142 case 0xae ... 0xaf: /* scas */
1143 DPRINTF("Urk! I don't handle SCAS.\n");
1144 goto cannot_emulate;
1145 }
1146 goto writeback;
1147
1148twobyte_insn:
1149 switch (b) {
1150 case 0x01: /* lgdt, lidt, lmsw */
1151 switch (modrm_reg) {
1152 u16 size;
1153 unsigned long address;
1154
1155 case 2: /* lgdt */
1156 rc = read_descriptor(ctxt, ops, src.ptr,
1157 &size, &address, op_bytes);
1158 if (rc)
1159 goto done;
1160 realmode_lgdt(ctxt->vcpu, size, address);
1161 break;
1162 case 3: /* lidt */
1163 rc = read_descriptor(ctxt, ops, src.ptr,
1164 &size, &address, op_bytes);
1165 if (rc)
1166 goto done;
1167 realmode_lidt(ctxt->vcpu, size, address);
1168 break;
1169 case 4: /* smsw */
1170 if (modrm_mod != 3)
1171 goto cannot_emulate;
1172 *(u16 *)&_regs[modrm_rm]
1173 = realmode_get_cr(ctxt->vcpu, 0);
1174 break;
1175 case 6: /* lmsw */
1176 if (modrm_mod != 3)
1177 goto cannot_emulate;
1178 realmode_lmsw(ctxt->vcpu, (u16)modrm_val, &_eflags);
1179 break;
1180 case 7: /* invlpg*/
1181 emulate_invlpg(ctxt->vcpu, cr2);
1182 break;
1183 default:
1184 goto cannot_emulate;
1185 }
1186 break;
1187 case 0x21: /* mov from dr to reg */
1188 if (modrm_mod != 3)
1189 goto cannot_emulate;
1190 rc = emulator_get_dr(ctxt, modrm_reg, &_regs[modrm_rm]);
1191 break;
1192 case 0x23: /* mov from reg to dr */
1193 if (modrm_mod != 3)
1194 goto cannot_emulate;
1195 rc = emulator_set_dr(ctxt, modrm_reg, _regs[modrm_rm]);
1196 break;
1197 case 0x40 ... 0x4f: /* cmov */
1198 dst.val = dst.orig_val = src.val;
1199 d &= ~Mov; /* default to no move */
1200 /*
1201 * First, assume we're decoding an even cmov opcode
1202 * (lsb == 0).
1203 */
1204 switch ((b & 15) >> 1) {
1205 case 0: /* cmovo */
1206 d |= (_eflags & EFLG_OF) ? Mov : 0;
1207 break;
1208 case 1: /* cmovb/cmovc/cmovnae */
1209 d |= (_eflags & EFLG_CF) ? Mov : 0;
1210 break;
1211 case 2: /* cmovz/cmove */
1212 d |= (_eflags & EFLG_ZF) ? Mov : 0;
1213 break;
1214 case 3: /* cmovbe/cmovna */
1215 d |= (_eflags & (EFLG_CF | EFLG_ZF)) ? Mov : 0;
1216 break;
1217 case 4: /* cmovs */
1218 d |= (_eflags & EFLG_SF) ? Mov : 0;
1219 break;
1220 case 5: /* cmovp/cmovpe */
1221 d |= (_eflags & EFLG_PF) ? Mov : 0;
1222 break;
1223 case 7: /* cmovle/cmovng */
1224 d |= (_eflags & EFLG_ZF) ? Mov : 0;
1225 /* fall through */
1226 case 6: /* cmovl/cmovnge */
1227 d |= (!(_eflags & EFLG_SF) !=
1228 !(_eflags & EFLG_OF)) ? Mov : 0;
1229 break;
1230 }
1231 /* Odd cmov opcodes (lsb == 1) have inverted sense. */
1232 d ^= (b & 1) ? Mov : 0;
1233 break;
1234 case 0xb0 ... 0xb1: /* cmpxchg */
1235 /*
1236 * Save real source value, then compare EAX against
1237 * destination.
1238 */
1239 src.orig_val = src.val;
1240 src.val = _regs[VCPU_REGS_RAX];
1241 emulate_2op_SrcV("cmp", src, dst, _eflags);
1242 /* Always write back. The question is: where to? */
1243 d |= Mov;
1244 if (_eflags & EFLG_ZF) {
1245 /* Success: write back to memory. */
1246 dst.val = src.orig_val;
1247 } else {
1248 /* Failure: write the value we saw to EAX. */
1249 dst.type = OP_REG;
1250 dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
1251 }
1252 break;
1253 case 0xa3:
1254 bt: /* bt */
1255 src.val &= (dst.bytes << 3) - 1; /* only subword offset */
1256 emulate_2op_SrcV_nobyte("bt", src, dst, _eflags);
1257 break;
1258 case 0xb3:
1259 btr: /* btr */
1260 src.val &= (dst.bytes << 3) - 1; /* only subword offset */
1261 emulate_2op_SrcV_nobyte("btr", src, dst, _eflags);
1262 break;
1263 case 0xab:
1264 bts: /* bts */
1265 src.val &= (dst.bytes << 3) - 1; /* only subword offset */
1266 emulate_2op_SrcV_nobyte("bts", src, dst, _eflags);
1267 break;
1268 case 0xb6 ... 0xb7: /* movzx */
1269 dst.bytes = op_bytes;
1270 dst.val = (d & ByteOp) ? (u8) src.val : (u16) src.val;
1271 break;
1272 case 0xbb:
1273 btc: /* btc */
1274 src.val &= (dst.bytes << 3) - 1; /* only subword offset */
1275 emulate_2op_SrcV_nobyte("btc", src, dst, _eflags);
1276 break;
1277 case 0xba: /* Grp8 */
1278 switch (modrm_reg & 3) {
1279 case 0:
1280 goto bt;
1281 case 1:
1282 goto bts;
1283 case 2:
1284 goto btr;
1285 case 3:
1286 goto btc;
1287 }
1288 break;
1289 case 0xbe ... 0xbf: /* movsx */
1290 dst.bytes = op_bytes;
1291 dst.val = (d & ByteOp) ? (s8) src.val : (s16) src.val;
1292 break;
1293 }
1294 goto writeback;
1295
1296twobyte_special_insn:
1297 /* Disable writeback. */
1298 dst.orig_val = dst.val;
1299 switch (b) {
1300 case 0x0d: /* GrpP (prefetch) */
1301 case 0x18: /* Grp16 (prefetch/nop) */
1302 break;
1303 case 0x06:
1304 emulate_clts(ctxt->vcpu);
1305 break;
1306 case 0x20: /* mov cr, reg */
1307 if (modrm_mod != 3)
1308 goto cannot_emulate;
1309 _regs[modrm_rm] = realmode_get_cr(ctxt->vcpu, modrm_reg);
1310 break;
1311 case 0x22: /* mov reg, cr */
1312 if (modrm_mod != 3)
1313 goto cannot_emulate;
1314 realmode_set_cr(ctxt->vcpu, modrm_reg, modrm_val, &_eflags);
1315 break;
1316 case 0xc7: /* Grp9 (cmpxchg8b) */
1317#if defined(__i386__)
1318 {
1319 unsigned long old_lo, old_hi;
1320 if (((rc = ops->read_emulated(cr2 + 0, &old_lo, 4,
1321 ctxt)) != 0)
1322 || ((rc = ops->read_emulated(cr2 + 4, &old_hi, 4,
1323 ctxt)) != 0))
1324 goto done;
1325 if ((old_lo != _regs[VCPU_REGS_RAX])
1326 || (old_hi != _regs[VCPU_REGS_RDI])) {
1327 _regs[VCPU_REGS_RAX] = old_lo;
1328 _regs[VCPU_REGS_RDX] = old_hi;
1329 _eflags &= ~EFLG_ZF;
1330 } else if (ops->cmpxchg8b_emulated == NULL) {
1331 rc = X86EMUL_UNHANDLEABLE;
1332 goto done;
1333 } else {
1334 if ((rc = ops->cmpxchg8b_emulated(cr2, old_lo,
1335 old_hi,
1336 _regs[VCPU_REGS_RBX],
1337 _regs[VCPU_REGS_RCX],
1338 ctxt)) != 0)
1339 goto done;
1340 _eflags |= EFLG_ZF;
1341 }
1342 break;
1343 }
1344#elif defined(__x86_64__)
1345 {
1346 unsigned long old, new;
1347 if ((rc = ops->read_emulated(cr2, &old, 8, ctxt)) != 0)
1348 goto done;
1349 if (((u32) (old >> 0) != (u32) _regs[VCPU_REGS_RAX]) ||
1350 ((u32) (old >> 32) != (u32) _regs[VCPU_REGS_RDX])) {
1351 _regs[VCPU_REGS_RAX] = (u32) (old >> 0);
1352 _regs[VCPU_REGS_RDX] = (u32) (old >> 32);
1353 _eflags &= ~EFLG_ZF;
1354 } else {
1355 new = (_regs[VCPU_REGS_RCX] << 32) | (u32) _regs[VCPU_REGS_RBX];
1356 if ((rc = ops->cmpxchg_emulated(cr2, old,
1357 new, 8, ctxt)) != 0)
1358 goto done;
1359 _eflags |= EFLG_ZF;
1360 }
1361 break;
1362 }
1363#endif
1364 }
1365 goto writeback;
1366
1367cannot_emulate:
1368 DPRINTF("Cannot emulate %02x\n", b);
1369 return -1;
1370}
1371
1372#ifdef __XEN__
1373
1374#include <asm/mm.h>
1375#include <asm/uaccess.h>
1376
1377int
1378x86_emulate_read_std(unsigned long addr,
1379 unsigned long *val,
1380 unsigned int bytes, struct x86_emulate_ctxt *ctxt)
1381{
1382 unsigned int rc;
1383
1384 *val = 0;
1385
1386 if ((rc = copy_from_user((void *)val, (void *)addr, bytes)) != 0) {
1387 propagate_page_fault(addr + bytes - rc, 0); /* read fault */
1388 return X86EMUL_PROPAGATE_FAULT;
1389 }
1390
1391 return X86EMUL_CONTINUE;
1392}
1393
1394int
1395x86_emulate_write_std(unsigned long addr,
1396 unsigned long val,
1397 unsigned int bytes, struct x86_emulate_ctxt *ctxt)
1398{
1399 unsigned int rc;
1400
1401 if ((rc = copy_to_user((void *)addr, (void *)&val, bytes)) != 0) {
1402 propagate_page_fault(addr + bytes - rc, PGERR_write_access);
1403 return X86EMUL_PROPAGATE_FAULT;
1404 }
1405
1406 return X86EMUL_CONTINUE;
1407}
1408
1409#endif
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-28 23:55:49 -0500