static void int_handler (int num) { // check whether the interrupt corresponds to an exception // in real-mode everything from 10 is not an ecxeption if (num < 10) { // exception raised // check whether this exception should be intercepted if (amd_vmcb_exceptions_rd_raw(&env->vmcb) & (1 << num)) { assert(!"Intercepted exception raised"); } else { assert(!"Realmode raised an exception which is not captured"); } } else { // software interrupt raised // check whether we are interessted in SW interrupts if (amd_vmcb_intercepts_rd(&env->vmcb).intn == 1) { set_vmcb_exit(&env->vmcb, SVM_VMEXIT_SWINT, 0, 0); valid_exit = true; } else { assert(!"SWINT occured but not intercepted by the VMM"); } } // move EIP back to the start of the instruction M.x86.R_EIP -= 2; HALT_SYS(); }
static void io_outb (uint16_t port, uint8_t val) { uint32_t info1; info1 = X86_IO_ACCESS_SZ8 | X86_IO_ACCESS_A16; info1 |= port << 16; set_vmcb_exit(&env->vmcb, SVM_VMEXIT_IOIO, info1, M.x86.R_EIP); valid_exit = true; // move EIP back to the start of the instruction M.x86.R_EIP -= 2; HALT_SYS(); }
/**************************************************************************** PARAMETERS: addr - Emulator memory address to read RETURNS: Byte value read from emulator memory. REMARKS: Reads a byte value from the emulator memory. We have three distinct memory regions that are handled differently, which this function handles. ****************************************************************************/ u8 X86API BE_rdb( u32 addr) { u8 val = 0; if (addr < M.mem_size) { READ8(M.mem_base + addr, val); } else if (addr >= 0xC0000 && addr <= _BE_env.biosmem_limit) { READ8(_BE_env.biosmem_base + addr - 0xC0000, val); } else if (addr >= 0xA0000 && addr < 0xC0000) { READ8(_BE_env.busmem_base + addr - 0xA0000, val); } else if (addr >= 0xf0000 && addr < SYS_SIZE) { READ8(_BE_env.sysmem_base + addr - 0xf0000, val); }else { printf("mem_read: address %#x out of range!\n", addr); HALT_SYS(); } DB( if (DEBUG_MEM()) printf("%#08x 1 -> %#x\n", addr, val);) return val;
// handle int10 (VGA BIOS Interrupt) static void handleInt10(void) { // the data for INT10 is stored in BDA (0000:0400h) offset 49h-66h // function number in AH //DEBUG_PRINTF_CS_IP("%s:\n", __func__); //x86emu_dump_xregs(); //if ((M.x86.R_IP == 0x32c2) && (M.x86.R_SI == 0x1ce2)){ //X86EMU_trace_on(); //M.x86.debug &= ~DEBUG_DECODE_NOPRINT_F; //} switch (M.x86.R_AH) { case 0x00: // set video mode // BDA offset 49h is current video mode my_wrb(0x449, M.x86.R_AL); if (M.x86.R_AL > 7) M.x86.R_AL = 0x20; else if (M.x86.R_AL == 6) M.x86.R_AL = 0x3f; else M.x86.R_AL = 0x30; break; case 0x01: // set cursor shape // ignore break; case 0x02: // set cursor position // BH: pagenumber, DX: cursor_pos (DH:row, DL:col) // BDA offset 50h-60h are 8 cursor position words for // eight possible video pages my_wrw(0x450 + (M.x86.R_BH * 2), M.x86.R_DX); break; case 0x03: //get cursor position // BH: pagenumber // BDA offset 50h-60h are 8 cursor position words for // eight possible video pages M.x86.R_AX = 0; M.x86.R_CH = 0; // start scan line ??? M.x86.R_CL = 0; // end scan line ??? M.x86.R_DX = my_rdw(0x450 + (M.x86.R_BH * 2)); break; case 0x05: // set active page // BDA offset 62h is current page number my_wrb(0x462, M.x86.R_AL); break; case 0x06: //scroll up windows break; case 0x07: //scroll down windows break; case 0x08: //read character and attribute at position M.x86.R_AH = 0x07; // white-on-black M.x86.R_AL = 0x20; // a space... break; case 0x09: // write character and attribute //AL: char, BH: page number, BL: attribute, CX: number of times to write //BDA offset 62h is current page number CHECK_DBG(DEBUG_PRINT_INT10) { u32 i = 0; if (M.x86.R_BH == my_rdb(0x462)) { for (i = 0; i < M.x86.R_CX; i++) printf("%c", M.x86.R_AL); } } break; case 0x0a: // write character //AL: char, BH: page number, BL: attribute, CX: number of times to write //BDA offset 62h is current page number CHECK_DBG(DEBUG_PRINT_INT10) { u32 i = 0; if (M.x86.R_BH == my_rdb(0x462)) { for (i = 0; i < M.x86.R_CX; i++) printf("%c", M.x86.R_AL); } } break; case 0x0e: // teletype output: write character and advance cursor... //AL: char, BH: page number, BL: attribute //BDA offset 62h is current page number CHECK_DBG(DEBUG_PRINT_INT10) { // we ignore the pagenumber on this call... //if (M.x86.R_BH == my_rdb(0x462)) { printf("%c", M.x86.R_AL); // for debugging, to read all lines //if (M.x86.R_AL == 0xd) // carriage return // printf("\n"); } } break; case 0x0f: // get video mode // BDA offset 49h is current video mode // BDA offset 62h is current page number // BDA offset 4ah is columns on screen M.x86.R_AH = 80; //number of character columns... we hardcode it to 80 M.x86.R_AL = my_rdb(0x449); M.x86.R_BH = my_rdb(0x462); break; default: printf("%s(): unknown function (%x) for int10 handler.\n", __func__, M.x86.R_AH); DEBUG_PRINTF_INTR("AX=%04x BX=%04x CX=%04x DX=%04x\n", M.x86.R_AX, M.x86.R_BX, M.x86.R_CX, M.x86.R_DX); HALT_SYS(); break; } }
// handle int1a (PCI BIOS Interrupt) static void handleInt1a(void) { // function number in AX u8 bus, devfn, offs; struct device* dev; switch (M.x86.R_AX) { case 0xb101: // Installation check CLEAR_FLAG(F_CF); // clear CF M.x86.R_EDX = 0x20494350; // " ICP" endian swapped "PCI " M.x86.R_AL = 0x1; // Config Space Mechanism 1 supported M.x86.R_BX = 0x0210; // PCI Interface Level Version 2.10 M.x86.R_CL = 0xff; // number of last PCI Bus in system TODO: check! break; case 0xb102: // Find PCI Device // device_id in CX, vendor_id in DX // device index in SI (i.e. if multiple devices with same vendor/device id // are connected). We currently only support device index 0 // DEBUG_PRINTF_INTR("%s(): function: %x: PCI Find Device\n", __func__, M.x86.R_AX); /* FixME: support SI != 0 */ #if CONFIG_YABEL_PCI_ACCESS_OTHER_DEVICES dev = dev_find_device(M.x86.R_DX, M.x86.R_CX, 0); if (dev != 0) { DEBUG_PRINTF_INTR ("%s(): function %x: PCI Find Device --> 0x%04x\n", __func__, M.x86.R_AX, M.x86.R_BX); M.x86.R_BH = dev->bus->secondary; M.x86.R_BL = dev->path.pci.devfn; M.x86.R_AH = 0x00; // return code: success CLEAR_FLAG(F_CF); #else // only allow the device to find itself... if ((M.x86.R_CX == bios_device.pci_device_id) && (M.x86.R_DX == bios_device.pci_vendor_id) // device index must be 0 && (M.x86.R_SI == 0)) { CLEAR_FLAG(F_CF); M.x86.R_AH = 0x00; // return code: success M.x86.R_BH = bios_device.bus; M.x86.R_BL = bios_device.devfn; #endif } else { DEBUG_PRINTF_INTR ("%s(): function %x: invalid device/vendor/device index! (%04x/%04x/%02x expected: %04x/%04x/00) \n", __func__, M.x86.R_AX, M.x86.R_CX, M.x86.R_DX, M.x86.R_SI, bios_device.pci_device_id, bios_device.pci_vendor_id); SET_FLAG(F_CF); M.x86.R_AH = 0x86; // return code: device not found } break; case 0xb108: //read configuration byte case 0xb109: //read configuration word case 0xb10a: //read configuration dword bus = M.x86.R_BH; devfn = M.x86.R_BL; offs = M.x86.R_DI; DEBUG_PRINTF_INTR("%s(): function: %x: PCI Config Read from device: bus: %02x, devfn: %02x, offset: %02x\n", __func__, M.x86.R_AX, bus, devfn, offs); #if CONFIG_YABEL_PCI_ACCESS_OTHER_DEVICES dev = dev_find_slot(bus, devfn); DEBUG_PRINTF_INTR("%s(): function: %x: dev_find_slot() returned: %s\n", __func__, M.x86.R_AX, dev_path(dev)); if (dev == 0) { // fail accesses to non-existent devices... #else dev = bios_device.dev; if ((bus != bios_device.bus) || (devfn != bios_device.devfn)) { // fail accesses to any device but ours... #endif printf ("%s(): Config read access invalid device! bus: %02x (%02x), devfn: %02x (%02x), offs: %02x\n", __func__, bus, bios_device.bus, devfn, bios_device.devfn, offs); SET_FLAG(F_CF); M.x86.R_AH = 0x87; //return code: bad pci register HALT_SYS(); return; } else { switch (M.x86.R_AX) { case 0xb108: M.x86.R_CL = #if CONFIG_PCI_OPTION_ROM_RUN_YABEL pci_read_config8(dev, offs); #else (u8) rtas_pci_config_read(bios_device. puid, 1, bus, devfn, offs); #endif DEBUG_PRINTF_INTR ("%s(): function %x: PCI Config Read @%02x --> 0x%02x\n", __func__, M.x86.R_AX, offs, M.x86.R_CL); break; case 0xb109: M.x86.R_CX = #if CONFIG_PCI_OPTION_ROM_RUN_YABEL pci_read_config16(dev, offs); #else (u16) rtas_pci_config_read(bios_device. puid, 2, bus, devfn, offs); #endif DEBUG_PRINTF_INTR ("%s(): function %x: PCI Config Read @%02x --> 0x%04x\n", __func__, M.x86.R_AX, offs, M.x86.R_CX); break; case 0xb10a: M.x86.R_ECX = #if CONFIG_PCI_OPTION_ROM_RUN_YABEL pci_read_config32(dev, offs); #else (u32) rtas_pci_config_read(bios_device. puid, 4, bus, devfn, offs); #endif DEBUG_PRINTF_INTR ("%s(): function %x: PCI Config Read @%02x --> 0x%08x\n", __func__, M.x86.R_AX, offs, M.x86.R_ECX); break; } CLEAR_FLAG(F_CF); M.x86.R_AH = 0x0; // return code: success } break; case 0xb10b: //write configuration byte case 0xb10c: //write configuration word case 0xb10d: //write configuration dword bus = M.x86.R_BH; devfn = M.x86.R_BL; offs = M.x86.R_DI; if ((bus != bios_device.bus) || (devfn != bios_device.devfn)) { // fail accesses to any device but ours... printf ("%s(): Config read access invalid! bus: %x (%x), devfn: %x (%x), offs: %x\n", __func__, bus, bios_device.bus, devfn, bios_device.devfn, offs); SET_FLAG(F_CF); M.x86.R_AH = 0x87; //return code: bad pci register HALT_SYS(); return; } else { switch (M.x86.R_AX) { case 0xb10b: #if CONFIG_PCI_OPTION_ROM_RUN_YABEL pci_write_config8(bios_device.dev, offs, M.x86.R_CL); #else rtas_pci_config_write(bios_device.puid, 1, bus, devfn, offs, M.x86.R_CL); #endif DEBUG_PRINTF_INTR ("%s(): function %x: PCI Config Write @%02x <-- 0x%02x\n", __func__, M.x86.R_AX, offs, M.x86.R_CL); break; case 0xb10c: #if CONFIG_PCI_OPTION_ROM_RUN_YABEL pci_write_config16(bios_device.dev, offs, M.x86.R_CX); #else rtas_pci_config_write(bios_device.puid, 2, bus, devfn, offs, M.x86.R_CX); #endif DEBUG_PRINTF_INTR ("%s(): function %x: PCI Config Write @%02x <-- 0x%04x\n", __func__, M.x86.R_AX, offs, M.x86.R_CX); break; case 0xb10d: #if CONFIG_PCI_OPTION_ROM_RUN_YABEL pci_write_config32(bios_device.dev, offs, M.x86.R_ECX); #else rtas_pci_config_write(bios_device.puid, 4, bus, devfn, offs, M.x86.R_ECX); #endif DEBUG_PRINTF_INTR ("%s(): function %x: PCI Config Write @%02x <-- 0x%08x\n", __func__, M.x86.R_AX, offs, M.x86.R_ECX); break; } CLEAR_FLAG(F_CF); M.x86.R_AH = 0x0; // return code: success } break; default: printf("%s(): unknown function (%x) for int1a handler.\n", __func__, M.x86.R_AX); DEBUG_PRINTF_INTR("AX=%04x BX=%04x CX=%04x DX=%04x\n", M.x86.R_AX, M.x86.R_BX, M.x86.R_CX, M.x86.R_DX); HALT_SYS(); break; } } // main Interrupt Handler routine, should be registered as x86emu interrupt handler void handleInterrupt(int intNum) { u8 int_handled = 0; #ifndef DEBUG_PRINT_INT10 // this printf makes output by int 10 unreadable... // so we only enable it, if int10 print is disabled DEBUG_PRINTF_INTR("%s(%x)\n", __func__, intNum); #endif /* check wether this interrupt has a function pointer set in yabel_intFuncArray and run that */ if (yabel_intFuncArray[intNum]) { DEBUG_PRINTF_INTR("%s(%x) intHandler overridden, calling it...\n", __func__, intNum); int_handled = (*yabel_intFuncArray[intNum])(); } else { switch (intNum) { case 0x10: //BIOS video interrupt case 0x42: // INT 10h relocated by EGA/VGA BIOS case 0x6d: // INT 10h relocated by VGA BIOS // get interrupt vector from IDT (4 bytes per Interrupt starting at address 0 if ((my_rdl(intNum * 4) == 0xF000F065) || //F000:F065 is default BIOS interrupt handler address (my_rdl(intNum * 4) == 0xF4F4F4F4)) //invalid { #if 0 // ignore interrupt... DEBUG_PRINTF_INTR ("%s(%x): invalid interrupt Vector (%08x) found, interrupt ignored...\n", __func__, intNum, my_rdl(intNum * 4)); DEBUG_PRINTF_INTR("AX=%04x BX=%04x CX=%04x DX=%04x\n", M.x86.R_AX, M.x86.R_BX, M.x86.R_CX, M.x86.R_DX); //HALT_SYS(); #endif handleInt10(); int_handled = 1; } break; case 0x16: // Keyboard BIOS Interrupt handleInt16(); int_handled = 1; break; case 0x1a: // PCI BIOS Interrupt handleInt1a(); int_handled = 1; break; case PMM_INT_NUM: /* The self-defined PMM INT number, this is called by * the code in PMM struct, and it is handled by * pmm_handleInt() */ pmm_handleInt(); int_handled = 1; break; default: printf("Interrupt %#x (Vector: %x) not implemented\n", intNum, my_rdl(intNum * 4)); DEBUG_PRINTF_INTR("AX=%04x BX=%04x CX=%04x DX=%04x\n", M.x86.R_AX, M.x86.R_BX, M.x86.R_CX, M.x86.R_DX); int_handled = 1; HALT_SYS(); break; } } // if we did not handle the interrupt, jump to the interrupt vector... if (!int_handled) { setupInt(intNum); } } // prepare and execute Interrupt 10 (VGA Interrupt) void runInt10(void) { // Initialize stack and data segment M.x86.R_SS = STACK_SEGMENT; M.x86.R_DS = DATA_SEGMENT; M.x86.R_SP = STACK_START_OFFSET; // push a HLT instruction and a pointer to it onto the stack // any return will pop the pointer and jump to the HLT, thus // exiting (more or less) cleanly push_word(0xf4f4); //F4=HLT //push_word(M.x86.R_SS); //push_word(M.x86.R_SP + 2); // setupInt will push the current CS and IP to the stack to return to it, // but we want to halt, so set CS:IP to the HLT instruction we just pushed // to the stack M.x86.R_CS = M.x86.R_SS; M.x86.R_IP = M.x86.R_SP; // + 4; CHECK_DBG(DEBUG_TRACE_X86EMU) { X86EMU_trace_on(); } CHECK_DBG(DEBUG_JMP) { M.x86.debug |= DEBUG_TRACEJMP_REGS_F; M.x86.debug |= DEBUG_TRACEJMP_REGS_F; M.x86.debug |= DEBUG_TRACECALL_F; M.x86.debug |= DEBUG_TRACECALL_REGS_F; } setupInt(0x10); DEBUG_PRINTF_INTR("%s(): starting execution of INT10...\n", __func__); X86EMU_exec(); DEBUG_PRINTF_INTR("%s(): execution finished\n", __func__); }
// handle int16 (Keyboard BIOS Interrupt) static void handleInt16(void) { // keyboard buffer is in BIOS Memory Area: // offset 0x1a (WORD) pointer to next char in keybuffer // offset 0x1c (WORD) pointer to next insert slot in keybuffer // offset 0x1e-0x3e: 16 WORD Ring Buffer // since we currently always read the char from the FW buffer, // we misuse the ring buffer, we use it as pointer to a u64 that stores // multi-byte keys (e.g. special keys in VT100 terminal) // and as long as a key is available (not 0) we dont read further keys u64 *keycode = (u64 *) (M.mem_base + 0x41e); s8 c; // function number in AH DEBUG_PRINTF_INTR("%s(): Keyboard Interrupt: function: %x.\n", __func__, M.x86.R_AH); DEBUG_PRINTF_INTR("AX=%04x BX=%04x CX=%04x DX=%04x\n", M.x86.R_AX, M.x86.R_BX, M.x86.R_CX, M.x86.R_DX); switch (M.x86.R_AH) { case 0x00: // get keystroke if (*keycode) { M.x86.R_AX = (u16) * keycode; // clear keycode *keycode = 0; } else { M.x86.R_AH = 0x61; // scancode for space key M.x86.R_AL = 0x20; // a space } break; case 0x01: // check keystroke // ZF set = no keystroke // read first byte of key code if (*keycode) { // already read, but not yet taken CLEAR_FLAG(F_ZF); M.x86.R_AX = (u16) * keycode; } else { /* TODO: we need getchar... */ c = -1; //getchar(); if (c == -1) { // no key available SET_FLAG(F_ZF); } else { *keycode = c; // since after an ESC it may take a while to receive the next char, // we send something that is not shown on the screen, and then try to get // the next char // TODO: only after ESC?? what about other multibyte keys printf("tt%c%c", 0x08, 0x08); // 0x08 == Backspace /* TODO: we need getchar... */ while ((c = -1 /*getchar()*/) != -1) { *keycode = (*keycode << 8) | c; DEBUG_PRINTF(" key read: %0llx\n", *keycode); } translate_keycode(keycode); DEBUG_PRINTF(" translated key: %0llx\n", *keycode); if (*keycode == 0) { //not found SET_FLAG(F_ZF); } else { CLEAR_FLAG(F_ZF); M.x86.R_AX = (u16) * keycode; //X86EMU_trace_on(); //M.x86.debug &= ~DEBUG_DECODE_NOPRINT_F; } } } break; default: printf("%s(): unknown function (%x) for int16 handler.\n", __func__, M.x86.R_AH); DEBUG_PRINTF_INTR("AX=%04x BX=%04x CX=%04x DX=%04x\n", M.x86.R_AX, M.x86.R_BX, M.x86.R_CX, M.x86.R_DX); HALT_SYS(); break; } }